Re: [Vyatta-users] Serial Port

2007-12-06 Thread Stig Thormodsrud 
Did you do a "apt-get update" after adding the debian repository?

 

stig

 

  _  

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Todd Worden
Sent: Thursday, December 06, 2007 7:04 PM
To: vyatta-users@mailman.vyatta.com
Subject: Re: [Vyatta-users] Serial Port

 

Hi thx!

 

I added that package, but got an error on apt-get install minicom.
complains that "minicom is not available, but is referred to by another
package.  This may mean that the package is missing, has been obsolete, or
is only available from another source E: Package minicom has no
installation candidate"

 

Would a different repository help?

 

Thanks!

 

Todd

 

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Aubrey Wells
Sent: Thursday, December 06, 2007 9:26 PM
To: Todd Worden
Cc: vyatta-users@mailman.vyatta.com
Subject: Re: [Vyatta-users] Serial Port

 

I just add the debian repository to my config and then apt-get install
minicom and use it.

 

package {

repository community {

component: "main"

url: "http://archive.vyatta.com/vyatta";

}

repository stable {

component: "main"

url: "http://mirrors.kernel.org/debian/";

}

}

 


--

Aubrey Wells

Senior Engineer

Shelton | Johns Technology Group

404.478.2790

Support: [EMAIL PROTECTED]

www.sheltonjohns.com

 





 

On Dec 6, 2007, at 8:32 PM, Todd Worden wrote:

 

Is there a serial port console application that comes with Vyatta like TIP
so that I can connect my null modem cable to the router and then to my
Netgear switch to configure the switch from my router appliance?

 

Todd Worden

Software Developer

 

Growing Technologies

P: 434-296-1500

E: [EMAIL PROTECTED]

 

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

 



__ NOD32 2708 (20071207) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

Re: [Vyatta-users] Serial Port

2007-12-06 Thread Todd Worden 
Hi thx!

 

I added that package, but got an error on apt-get install minicom. complains
that "minicom is not available, but is referred to by another package.  This
may mean that the package is missing, has been obsolete, or is only
available from another source E: Package minicom has no installation
candidate"

 

Would a different repository help?

 

Thanks!

 

Todd

 

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Aubrey Wells
Sent: Thursday, December 06, 2007 9:26 PM
To: Todd Worden
Cc: vyatta-users@mailman.vyatta.com
Subject: Re: [Vyatta-users] Serial Port

 

I just add the debian repository to my config and then apt-get install
minicom and use it.

 

package {

repository community {

component: "main"

url: "http://archive.vyatta.com/vyatta";

}

repository stable {

component: "main"

url: "http://mirrors.kernel.org/debian/";

}

}

 


--

Aubrey Wells

Senior Engineer

Shelton | Johns Technology Group

404.478.2790

Support: [EMAIL PROTECTED]

www.sheltonjohns.com

 






 

On Dec 6, 2007, at 8:32 PM, Todd Worden wrote:





Is there a serial port console application that comes with Vyatta like TIP
so that I can connect my null modem cable to the router and then to my
Netgear switch to configure the switch from my router appliance?

 

Todd Worden

Software Developer

 

Growing Technologies

P: 434-296-1500

E: [EMAIL PROTECTED]

 

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

 



__ NOD32 2708 (20071207) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

Re: [Vyatta-users] Serial Port

2007-12-06 Thread Aubrey Wells 
I just add the debian repository to my config and then apt-get install  
minicom and use it.


package {
repository community {
component: "main"
url: "http://archive.vyatta.com/vyatta";
}
repository stable {
component: "main"
url: "http://mirrors.kernel.org/debian/";
}
}


--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
404.478.2790
Support: [EMAIL PROTECTED]
www.sheltonjohns.com




On Dec 6, 2007, at 8:32 PM, Todd Worden wrote:

Is there a serial port console application that comes with Vyatta  
like TIP so that I can connect my null modem cable to the router and  
then to my Netgear switch to configure the switch from my router  
appliance?


Todd Worden
Software Developer

Growing Technologies
P: 434-296-1500
E: [EMAIL PROTECTED]

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

Re: [Vyatta-users] Restricting traffic between networks

2007-12-06 Thread Justin Fletcher 
You also need to apply the firewall rules to an interface, as in

firewall {
in {
name: "inbound"
}
local {
name: "inbound"
}
}

In the above case, it's for inbound traffic, and traffic destined for
the router itself.

Also remember that traffic will flow in both directions, unless you
just want to block the inbound traffic from the development network.

Your current rule 4 prevents new connections - as well as everything else ;-)

Looks like your rules 1-3 should have the matching source and
destination networks as rule 4; otherwise, that inbound traffic will
only match rule 4, and not match one of the earlier rules for
permitted traffic.

Best,
Justin

You can do a "show firewall" to see the rules on the system, as well
as enable logging for a rule to see where the traffic is being
dropped.

Justin

On Dec 6, 2007 3:42 PM, Lance Franklin <[EMAIL PROTECTED]> wrote:
> After reading through the Quick Guide to Configuration Statements, I see:
>  state {
> established: [enable|disable]
> new: [enable|disable]
> related: [enable|disable]
> invalid: [enable|disable]
> }
>
> How can I add this to my rule 4 to prevent new connections to the work
> network from the development network?
>
> Would it be:
>
>rule 4 {
>description: "10.10.0.0/24"
>protocol: "all"
>state {
> new: enable
>}
>action: "drop"
>log: "disable"
>source {
>network: "10.20.0.0/24"
>}
>destination {
>network: "10.10.0.0/24"
>}
>}
>
>
>
>
>
>
> ___
> Vyatta-users mailing list
> Vyatta-users@mailman.vyatta.com
> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

[Vyatta-users] Serial Port

2007-12-06 Thread Todd Worden 
Is there a serial port console application that comes with Vyatta like TIP
so that I can connect my null modem cable to the router and then to my
Netgear switch to configure the switch from my router appliance?

 

Todd Worden

Software Developer

 

Growing Technologies

P: 434-296-1500

E: [EMAIL PROTECTED]

 

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

Re: [Vyatta-users] Restricting traffic between networks

2007-12-06 Thread Lance Franklin 
After reading through the Quick Guide to Configuration Statements, I see:
 state {
established: [enable|disable]
new: [enable|disable]
related: [enable|disable]
invalid: [enable|disable]
}

How can I add this to my rule 4 to prevent new connections to the work  
network from the development network?

Would it be:

   rule 4 {
   description: "10.10.0.0/24"
   protocol: "all"
   state {
new: enable
   }
   action: "drop"
   log: "disable"
   source {
   network: "10.20.0.0/24"
   }
   destination {
   network: "10.10.0.0/24"
   }
   }





___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

[Vyatta-users] Restricting traffic between networks

2007-12-06 Thread Lance Franklin 
Hello,

I'm trying to restrict traffic between two networks.

I have work computers on the 10.10.0.0/24 network. I have development  
computers on the 10.20.0.0/24 network. I want to prevent the  
development computers from accessing anything on the 10.10.0.0/24  
network, but allowing ssh, ftp, and rdp (Remote Desktop Protocol)  
connections from the work computers to the development computers.

I've been playing with firewall rules and any time I try to use rule  
4, all traffic from the development network stops. Currently, I have  
unrestricted routing working both directions.


Here is my running configuration:

/*XORP Configuration File, v1.0*/
protocols {
 }
}
policy {
}
interfaces {
 ethernet eth0 {
 disable: false
 discard: false
 hw-id: 00:0e:0c:b8:4d:12
 duplex: "auto"
 speed: "auto"
 address 10.10.0.199 {
 prefix-length: 24
 disable: false
 }
 }
 ethernet eth1 {
 disable: false
 discard: false
 hw-id: 00:0e:0c:b8:4c:65
 duplex: "auto"
 speed: "auto"
 address 10.20.0.1 {
 prefix-length: 24
 disable: false
 }
 }
}
service {
 ssh {
 port: 22
 protocol-version: "v2"
 }
 webgui {
 http-port: 80
 https-port: 443
 }
}
firewall {
 log-martians: "enable"
 send-redirects: "disable"
 receive-redirects: "disable"
 ip-src-route: "disable"
 broadcast-ping: "disable"
 syn-cookies: "enable"
 name "FW-1" {
 rule 1 {
 protocol: "tcp"
 action: "accept"
 log: "disable"
 source {
 network: "10.10.0.0/24"
 }
 destination {
 network: "10.20.0.0/24"
 port-name ssh
 }
 }
 rule 2 {
 protocol: "tcp"
 action: "accept"
 log: "disable"
 source {
 network: "10.10.0.0/24"
 }
 destination {
 network: "10.20.0.0/24"
 port-number 3389
 }
 }
 rule 3 {
 protocol: "tcp"
 action: "accept"
 log: "disable"
 source {
 network: "10.10.0.0/24"
 }
 destination {
 port-name ftp
 }
 }
 rule 4 {
 description: "10.10.0.0/24"
 protocol: "all"
 action: "drop"
 log: "disable"
 source {
 network: "10.20.0.0/24"
 }
 destination {
 network: "10.10.0.0/24"
 }
 }
 }
}
system {
 host-name: "router"
 domain-name: "foo.com"
 time-zone: "GMT"
 ntp-server "69.59.150.135"
 login {
 user root {
 full-name: ""
 authentication {
 encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh."
 }
 }
 user vyatta {
 full-name: ""
 authentication {
 encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh."
 }
 }
 }
 package {
 auto-sync: 1
 repository community {
 component: "main"
 url: "http://archive.vyatta.com/vyatta";
 }
 }
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version:  
"[EMAIL PROTECTED]:[EMAIL PROTECTED]:[EMAIL PROTECTED]:[EMAIL PROTECTED]:[EMAIL 
PROTECTED]:[EMAIL PROTECTED]:[EMAIL PROTECTED]" ===  
*/
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

Re: [Vyatta-users] DHCP relay

2007-12-06 Thread Robyn Orosz 
Hi Damien,

Thanks for the extra info.  I think the problem may be due to your 
masquerade rules.  Rule 1 is masquerading all traffic that leaves eth2.  
So, anything with a source address of 192.168.10.x will be changed to a 
source address of 192.168.2.10. 

Rule 2 looks like it's basically doing the reverse.  Why do you have 
these masquerade rules configured?  You shouldn't need any NAT for the 2 
connected networks and this will confuse things as I think it may be 
doing now.

Thanks,

Robyn

Dams wrote:
> Thanks Robyn,
>
>
> My config
> Internet - Untangle -- Switch and plug on the switch Vyatta Router, 
> the network 192.168.2.0 , and the DHCP Server
>
> Schema:
>X -   
> Vyatta -- Network 192.168.10.0 
> Internet --- Untangle Gateway --- Switch 
>   X--   
> Network 192.168.2.0  + DHCP Server
>
> My config on vyatta
> protocols {
> snmp {
> community public {
> client 192.168.2.5 
> client 192.168.2.99 
> }
> trap-target 192.168.1.1 
> trap-target 192.168.10.1 
> contact: "Network Administrator"
> location: "X"
> }
> static {
> }
> }
> policy {
> }
> interfaces {
> loopback lo {
> address 10.0.0.65  {
> prefix-length: 32
> }
> }
> ethernet eth0 {
> description: "My Sub Net 10"
> hw-id: 00:03:47:06:39:9e
> address 192.168.10.1  {
> prefix-length: 24
> }
> }
> ethernet eth1 {
> disable: true
> description: "Not Working"
> hw-id: 00:06:5b:a5:29:10
> }
> ethernet eth2 {
> description: "Interface Out"
> hw-id: 00:0e:2e:98:18:80
> address 192.168.2.10  {
> prefix-length: 24
> }
> }
> }
> service {
> dhcp-relay {
> interface eth0
> interface eth2
> server 192.168.2.2 
> relay-options {
> }
> }
>nat {
> rule 1 {
> type: "masquerade"
> outbound-interface: "eth2"
> }
> rule 2 {
> type: "masquerade"
> inbound-interface: "eth2"
> outbound-interface: "eth0"
> protocols: "all"
> source {
> network: " 192.168.2.0/24 "
> }
> destination {
> network: "192.168.10.0/24 "
> }
> }
> }
> ssh {
> }
> webgui {
> }
> }
> firewall {
>  }
> }
> system {
> host-name: "X"
> domain-name: " .ac.id "
> domain-search {
> domain "X.ac.id "
> }
> name-server 192.168.2.2 
> time-zone: "GMT+7"
> ntp-server "69.59.150.135 "
> gateway-address: 192.168.2.1 
> login {
> user root {
> authentication {
> encrypted-password: ""
> }
> }
> user vyatta {
> authentication {
> encrypted-password: ""
> }
> }
> user networkadmin {
> full-name: "Network Administrator"
> authentication {
> encrypted-password: ""
> plaintext-password: ""
> }
> }
> }
> package {
> repository community {
> component: "main"
> url: "http://archive.vyatta.com/vyatta";
> }
> }
> options {
> }
> }
>
> The capture from a PC in the network 192.168.2.0 
> tshark -i eth2 port 67 and port 68 -Vn
>
> Frame 5 (342 bytes on wire, 342 bytes captured)
> Arrival Time: Dec  6, 2007 09:00: 22.590416000
> [Time delta from previous packet: 0.018551000 seconds]
> [Time since reference or first frame: 0.019484000 seconds]
> Frame Number: 5
> Packet Length: 342 bytes
> Capture Length: 342 bytes
> [Frame is marked: False]
> [Protocols in frame: eth:ip:udp:bootp]
> Ethernet II, Src: MacRouterEth2 (MacRouterEth2), Dst:  
>(XXX)
> Destination: X

Re: [Vyatta-users] DHCP relay

2007-12-06 Thread Dams 
Thanks Robyn,


My config
Internet - Untangle -- Switch and plug on the switch Vyatta Router, the
network 192.168.2.0, and the DHCP Server

Schema:
   X -   Vyatta --
Network 192.168.10.0
Internet --- Untangle Gateway --- Switch
  X--   Network
192.168.2.0 + DHCP Server

My config on vyatta
protocols {
snmp {
community public {
client 192.168.2.5
client 192.168.2.99
}
trap-target 192.168.1.1
trap-target 192.168.10.1
contact: "Network Administrator"
location: "X"
}
static {
}
}
policy {
}
interfaces {
loopback lo {
address 10.0.0.65 {
prefix-length: 32
}
}
ethernet eth0 {
description: "My Sub Net 10"
hw-id: 00:03:47:06:39:9e
address 192.168.10.1 {
prefix-length: 24
}
}
ethernet eth1 {
disable: true
description: "Not Working"
hw-id: 00:06:5b:a5:29:10
}
ethernet eth2 {
description: "Interface Out"
hw-id: 00:0e:2e:98:18:80
address 192.168.2.10 {
prefix-length: 24
}
}
}
service {
dhcp-relay {
interface eth0
interface eth2
server 192.168.2.2
relay-options {
}
}
   nat {
rule 1 {
type: "masquerade"
outbound-interface: "eth2"
}
rule 2 {
type: "masquerade"
inbound-interface: "eth2"
outbound-interface: "eth0"
protocols: "all"
source {
network: "192.168.2.0/24"
}
destination {
network: "192.168.10.0/24"
}
}
}
ssh {
}
webgui {
}
}
firewall {
 }
}
system {
host-name: "X"
domain-name: ".ac.id"
domain-search {
domain "X.ac.id"
}
name-server 192.168.2.2
time-zone: "GMT+7"
ntp-server "69.59.150.135"
gateway-address: 192.168.2.1
login {
user root {
authentication {
encrypted-password: ""
}
}
user vyatta {
authentication {
encrypted-password: ""
}
}
user networkadmin {
full-name: "Network Administrator"
authentication {
encrypted-password: ""
plaintext-password: ""
}
}
}
package {
repository community {
component: "main"
url: "http://archive.vyatta.com/vyatta";
}
}
options {
}
}

The capture from a PC in the network 192.168.2.0
tshark -i eth2 port 67 and port 68 -Vn

Frame 5 (342 bytes on wire, 342 bytes captured)
Arrival Time: Dec  6, 2007 09:00:22.590416000
[Time delta from previous packet: 0.018551000 seconds]
[Time since reference or first frame: 0.019484000 seconds]
Frame Number: 5
Packet Length: 342 bytes
Capture Length: 342 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:bootp]
Ethernet II, Src: MacRouterEth2 (MacRouterEth2), Dst: 
   (XXX)
Destination:  (X)
Address:  (X)
 ...0     = IG bit: Individual address (unicast)
 ..0.     = LG bit: Globally unique address
(factorydefault)
Source: MAC (MacRouterEth2)
Address: MacRouterEth2 (0MacRouterEth2)
 ...0     = IG bit: Individual address (unicast)
 ..0.     = LG bit: Globally unique address
(factorydefault)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.2.10 (192.168.2.10), Dst: 192.168.2.196 (
192.168   .2.196)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00)
0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
 ..0. = ECN-Capable Transport (ECT): 0
 ...0 = ECN-CE: 0
Total Length: 328
Identification: 0x (0)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 16
Protocol: UDP (0x1

Re: [Vyatta-users] DHCP relay

2007-12-06 Thread Robyn Orosz 
Hi Damien,

This should work as long as requests are coming in from hosts that are 
connected to eth0.  Is there more than one network assigned to eth0?  It 
would help if you could post your configuration (you can block out any 
public IPs). 

If you run a verbose packet capture, you should be able to see what the 
relay agent IP is in the request packet.  If it's something other than 
192.168.10.x or 192.168.2.x (your 2 scopes), the Windows server is not 
going to serve an address to it.

Try running:

tshark -i eth2 port 67 and port 68 -Vn

Thanks,

Robyn

Dams wrote:
> Thanks for your reply.
>
> Sorry, my mistake : not eth1 but eth0. (192.168.10.X)
>
> Eth2 -> network with the DHCP Server on network 192.168.2.XXx
>
> The DHCP serve the scope (192.168.2.0 ) as well : 
> here no problem the pc got their IP (see the log, after)
>
> and I would like that the DHCP server serve the scope 192.168.10.XX as 
> well on the interfaces eth0
>
> So on my windows server, I have a superScope with 2 scope ( 
> 192.168.2.0  and 192.168.10.0 )
>
>
> styohanes:~# tcpdump -n port 67 -i eth2
> tcpdump: verbose output suppressed, use -v or -vv for full protocol 
> decode
> listening on eth2, link-type EN10MB (Ethernet), capture size 96 bytes
>
> 07:45:14.790263 IP 192.168.2.10.67 > 192.168.2.2.67: BOOTP/DHCP, 
> Request from XXX, length 300
> 07:45:31.788526 IP 192.168.2.10.67 > 192.168.2.2.67: BOOTP/DHCP, 
> Request from XXX, length 300
> 07:46:32.337900 IP 192.168.2.154.68 > 255.255.255.255.67: BOOTP/DHCP, 
> Request from XXX333, length 300
> 07:47:15.884938 IP 0.0.0.0.68 > 255.255.255.255.67 : BOOTP/DHCP, 
> Request from XXX222, length 300
> 07:47:15.885338 IP 192.168.2.2.67 > 255.255.255.255.68: BOOTP/DHCP, 
> Reply, length 300
> 07:47:28.896045 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, 
> Request from XXX222, length 300
> 07:47:28.896468 IP 192.168.2.2.67 > 255.255.255.255.68: BOOTP/DHCP, 
> Reply, length 300
> 07:50:50.781445 IP 192.168.2.10.67 > 192.168.2.2.67: BOOTP/DHCP, 
> Request from XXX, length 300
> 07:50:53.777544 IP 192.168.2.10.67 > 192.168.2.2.67: BOOTP/DHCP, 
> Request from XXX, length 300
>
> So, the request is going to the DHCP server, but no reply from him.
> But it work fine for the mac XXX222 which is in the network 
> 192.168.2.0 
>
> I think the problem is from my DCHP Server,
> How can you define a scope to reply to a router
> - link the Scope 192.168.10.0  to the router 
> 192.168.10.1  ?
>
>
> Thanks for your help.
>
> only 6 hours on a DHCP problem, :-/
>
>
>
> merci
> Damien
>
>
> On Dec 6, 2007 9:40 PM, Robyn Orosz < [EMAIL PROTECTED] 
> > wrote:
>
> Hi Damien,
>
> What interface is the network connected to that you wish to serve
> DHCP
> addresses?  You mention eth1 in your post, but I only see eth0 and
> eth2
> configured for dhcp-relay.  If you want to serve hosts behind
> eth1, you
> need to add eth1 to the dhcp-relay configuration.
>
> To make this more clear, if your win 2k3 server is configured with a
> DHCP scope for network 192.168.10.x, it will only serve requests made
> from the interface configured with 192.168.10.x.  The dhcp-relay adds
> the IP address of the interface that requests are seen on into the
> BOOTP
> request packets so the DHCP server knows which scope to serve
> addresses
> to.
>
> Thank you,
>
> Robyn
>
> Troopy . wrote:
> > Hello,
> >
> > Did you check the routing? i mean the DHCP server must be able to
> >  reach the client at the IP layer.
> >
> > I remember i forgot this when i wrote the DHCP openmaniak tutorial.
> > (See the case study, i forgot "set protocols static route
> 0.0.0.0/0  next-hop 10.0.2.2 ")
> >
> >
> > Bonne chance
> > Troopy
> >
> > -- Original Message --
> > From: Dams < [EMAIL PROTECTED] >
> > Date:  Thu, 6 Dec 2007 18:01:08 +0700
> >
> >
> >> Hello,
> >>
> >>
> >> I have a problem with the DHCP-relay
> >>
> >> Config:
> >>dhcp-relay {
> >>interface eth0
> >>interface eth2
> >>server 192.168.2.2 
> >>relay-options {
> >>}
> >>
> >>
> >> Eth0 conect to my DHCP server (win 2k3 Server) : 192.168.2.2
> 
> >> and Eth1 to a subnet : 192.168.10.X
> >>
> >> But the dhcp relay doesn't work
> >> X:~# tcpdump -n port 67
> >> tcpdump: verbose output suppressed, use -v or -vv for full
> protocol decode
> >> listening on eth0, link-type EN10MB (Ethernet), capture size 96
> bytes
> >> 17:50:29.636059 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP,

Re: [Vyatta-users] DHCP relay

2007-12-06 Thread Dams 
Thanks for your reply.

Sorry, my mistake : not eth1 but eth0. (192.168.10.X)

Eth2 -> network with the DHCP Server on network 192.168.2.XXx

The DHCP serve the scope (192.168.2.0) as well : here no problem the pc got
their IP (see the log, after)

and I would like that the DHCP server serve the scope 192.168.10.XX as well
on the interfaces eth0

So on my windows server, I have a superScope with 2 scope (192.168.2.0 and
192.168.10.0)


styohanes:~# tcpdump -n port 67 -i eth2
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2, link-type EN10MB (Ethernet), capture size 96 bytes

07:45:14.790263 IP 192.168.2.10.67 > 192.168.2.2.67: BOOTP/DHCP, Request
from XXX, length 300
07:45:31.788526 IP 192.168.2.10.67 > 192.168.2.2.67: BOOTP/DHCP, Request
from XXX, length 300
07:46:32.337900 IP 192.168.2.154.68 > 255.255.255.255.67: BOOTP/DHCP,
Request from XXX333, length 300
07:47:15.884938 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
XXX222, length 300
07:47:15.885338 IP 192.168.2.2.67 > 255.255.255.255.68: BOOTP/DHCP, Reply,
length 300
07:47:28.896045 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
XXX222, length 300
07:47:28.896468 IP 192.168.2.2.67 > 255.255.255.255.68: BOOTP/DHCP, Reply,
length 300
07:50:50.781445 IP 192.168.2.10.67 > 192.168.2.2.67: BOOTP/DHCP, Request
from XXX, length 300
07:50:53.777544 IP 192.168.2.10.67 > 192.168.2.2.67: BOOTP/DHCP, Request
from XXX, length 300

So, the request is going to the DHCP server, but no reply from him.
But it work fine for the mac XXX222 which is in the network 192.168.2.0

I think the problem is from my DCHP Server,
How can you define a scope to reply to a router
- link the Scope 192.168.10.0 to the router 192.168.10.1 ?


Thanks for your help.

only 6 hours on a DHCP problem, :-/



merci
Damien


On Dec 6, 2007 9:40 PM, Robyn Orosz <[EMAIL PROTECTED]> wrote:

> Hi Damien,
>
> What interface is the network connected to that you wish to serve DHCP
> addresses?  You mention eth1 in your post, but I only see eth0 and eth2
> configured for dhcp-relay.  If you want to serve hosts behind eth1, you
> need to add eth1 to the dhcp-relay configuration.
>
> To make this more clear, if your win 2k3 server is configured with a
> DHCP scope for network 192.168.10.x, it will only serve requests made
> from the interface configured with 192.168.10.x.  The dhcp-relay adds
> the IP address of the interface that requests are seen on into the BOOTP
> request packets so the DHCP server knows which scope to serve addresses
> to.
>
> Thank you,
>
> Robyn
>
> Troopy . wrote:
> > Hello,
> >
> > Did you check the routing? i mean the DHCP server must be able to
> >  reach the client at the IP layer.
> >
> > I remember i forgot this when i wrote the DHCP openmaniak tutorial.
> > (See the case study, i forgot "set protocols static route 0.0.0.0/0next-hop
> 10.0.2.2")
> >
> >
> > Bonne chance
> > Troopy
> >
> > -- Original Message --
> > From: Dams <[EMAIL PROTECTED]>
> > Date:  Thu, 6 Dec 2007 18:01:08 +0700
> >
> >
> >> Hello,
> >>
> >>
> >> I have a problem with the DHCP-relay
> >>
> >> Config:
> >>dhcp-relay {
> >>interface eth0
> >>interface eth2
> >>server 192.168.2.2
> >>relay-options {
> >>}
> >>
> >>
> >> Eth0 conect to my DHCP server (win 2k3 Server) : 192.168.2.2
> >> and Eth1 to a subnet : 192.168.10.X
> >>
> >> But the dhcp relay doesn't work
> >> X:~# tcpdump -n port 67
> >> tcpdump: verbose output suppressed, use -v or -vv for full protocol
> decode
> >> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
> >> 17:50:29.636059 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request
> from
> >> X, length 300
> >> 17:50:33.376048 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request
> from
> >> X, length 300
> >> 17:50:38.370026 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request
> from
> >> X, length 300
> >> 17:50:47.370767 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request
> from
> >> X, length 300
> >> 17:51:03.369141 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request
> from
> >> X, length 300
> >>
> >>
> >> But If I add the MAC on static in my DHCP Server, it work fine.
> >>
> >> XXX:~# tcpdump -n port 67
> >> tcpdump: verbose output suppressed, use -v or -vv for full protocol
> decode
> >> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
> >> 17:11:28.052775 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request
> from
> >> X, length 300
> >> 17:11:28.053871 IP 192.168.10.1.67 > 255.255.255.255.68: BOOTP/DHCP,
> Reply,
> >> length 318
> >> 17:11:28.055461 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request
> from
> >> X, length 302
> >> 17:11:28.056391 IP 192.168.10.1.67 > 255.255.255.255.68: BOOTP/DHCP,
> Reply,
> >> length 318
> >>
> >>
> >> What did I miss ?
> >>
> >>
> >> I follow the HowTo
> >> http://

Re: [Vyatta-users] DHCP relay

2007-12-06 Thread Robyn Orosz 
Hi Damien,

What interface is the network connected to that you wish to serve DHCP 
addresses?  You mention eth1 in your post, but I only see eth0 and eth2 
configured for dhcp-relay.  If you want to serve hosts behind eth1, you 
need to add eth1 to the dhcp-relay configuration.

To make this more clear, if your win 2k3 server is configured with a 
DHCP scope for network 192.168.10.x, it will only serve requests made 
from the interface configured with 192.168.10.x.  The dhcp-relay adds 
the IP address of the interface that requests are seen on into the BOOTP 
request packets so the DHCP server knows which scope to serve addresses 
to. 

Thank you,

Robyn

Troopy . wrote:
> Hello,
>
> Did you check the routing? i mean the DHCP server must be able to
>  reach the client at the IP layer.
>
> I remember i forgot this when i wrote the DHCP openmaniak tutorial.
> (See the case study, i forgot "set protocols static route 0.0.0.0/0 next-hop 
> 10.0.2.2")
>   
>
> Bonne chance
> Troopy
>
> -- Original Message --
> From: Dams <[EMAIL PROTECTED]>
> Date:  Thu, 6 Dec 2007 18:01:08 +0700
>
>   
>> Hello,
>>
>>
>> I have a problem with the DHCP-relay
>>
>> Config:
>>dhcp-relay {
>>interface eth0
>>interface eth2
>>server 192.168.2.2
>>relay-options {
>>}
>>
>>
>> Eth0 conect to my DHCP server (win 2k3 Server) : 192.168.2.2
>> and Eth1 to a subnet : 192.168.10.X
>>
>> But the dhcp relay doesn't work
>> X:~# tcpdump -n port 67
>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
>> 17:50:29.636059 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
>> X, length 300
>> 17:50:33.376048 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
>> X, length 300
>> 17:50:38.370026 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
>> X, length 300
>> 17:50:47.370767 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
>> X, length 300
>> 17:51:03.369141 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
>> X, length 300
>>
>>
>> But If I add the MAC on static in my DHCP Server, it work fine.
>>
>> XXX:~# tcpdump -n port 67
>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
>> 17:11:28.052775 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
>> X, length 300
>> 17:11:28.053871 IP 192.168.10.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply,
>> length 318
>> 17:11:28.055461 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
>> X, length 302
>> 17:11:28.056391 IP 192.168.10.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply,
>> length 318
>>
>>
>> What did I miss ?
>>
>>
>> I follow the HowTo
>> http://www.openmaniak.com/vyatta_case_dhcp.php#dhcp-process which is
>> brilliant, thanks.
>> The only differents is that my DHCP is not on the router, but on another PC.
>>
>> Do I need to add a route to define the DHCP Server?
>> Do i need to add a data on the server to ask him to take the request form
>> the Vyatta Router ?
>>
>>
>> Thanks for your help
>> -- 
>> Cordialement / Sincerely
>> Damien
>> MEP Volunteer Indonesia / Volontaire MEP Indonesia
>> http://www.mepasie.org
>>
>>
>>
>> 
>  
>
>  
> __
> Désirez vous une adresse éléctronique @suisse.com?
> Visitez la Suisse virtuelle sur http://www.suisse.com
>
> ___
> Vyatta-users mailing list
> Vyatta-users@mailman.vyatta.com
> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>   
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

Re: [Vyatta-users] DHCP relay

2007-12-06 Thread Troopy . 

Hello,

Did you check the routing? i mean the DHCP server must be able to
 reach the client at the IP layer.

I remember i forgot this when i wrote the DHCP openmaniak tutorial.
(See the case study, i forgot "set protocols static route 0.0.0.0/0 next-hop 
10.0.2.2")
  

Bonne chance
Troopy

-- Original Message --
From: Dams <[EMAIL PROTECTED]>
Date:  Thu, 6 Dec 2007 18:01:08 +0700

>Hello,
>
>
>I have a problem with the DHCP-relay
>
>Config:
>dhcp-relay {
>interface eth0
>interface eth2
>server 192.168.2.2
>relay-options {
>}
>
>
>Eth0 conect to my DHCP server (win 2k3 Server) : 192.168.2.2
>and Eth1 to a subnet : 192.168.10.X
>
>But the dhcp relay doesn't work
>X:~# tcpdump -n port 67
>tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
>17:50:29.636059 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
>X, length 300
>17:50:33.376048 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
>X, length 300
>17:50:38.370026 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
>X, length 300
>17:50:47.370767 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
>X, length 300
>17:51:03.369141 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
>X, length 300
>
>
>But If I add the MAC on static in my DHCP Server, it work fine.
>
>XXX:~# tcpdump -n port 67
>tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
>17:11:28.052775 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
>X, length 300
>17:11:28.053871 IP 192.168.10.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply,
>length 318
>17:11:28.055461 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
>X, length 302
>17:11:28.056391 IP 192.168.10.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply,
>length 318
>
>
>What did I miss ?
>
>
>I follow the HowTo
>http://www.openmaniak.com/vyatta_case_dhcp.php#dhcp-process which is
>brilliant, thanks.
>The only differents is that my DHCP is not on the router, but on another PC.
>
>Do I need to add a route to define the DHCP Server?
>Do i need to add a data on the server to ask him to take the request form
>the Vyatta Router ?
>
>
>Thanks for your help
>-- 
>Cordialement / Sincerely
>Damien
>MEP Volunteer Indonesia / Volontaire MEP Indonesia
>http://www.mepasie.org
>
>
>
 

 
__
Désirez vous une adresse éléctronique @suisse.com?
Visitez la Suisse virtuelle sur http://www.suisse.com

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

[Vyatta-users] DHCP relay

2007-12-06 Thread Dams 
Hello,


I have a problem with the DHCP-relay

Config:
dhcp-relay {
interface eth0
interface eth2
server 192.168.2.2
relay-options {
}


Eth0 conect to my DHCP server (win 2k3 Server) : 192.168.2.2
and Eth1 to a subnet : 192.168.10.X

But the dhcp relay doesn't work
X:~# tcpdump -n port 67
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
17:50:29.636059 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
X, length 300
17:50:33.376048 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
X, length 300
17:50:38.370026 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
X, length 300
17:50:47.370767 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
X, length 300
17:51:03.369141 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
X, length 300


But If I add the MAC on static in my DHCP Server, it work fine.

XXX:~# tcpdump -n port 67
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
17:11:28.052775 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
X, length 300
17:11:28.053871 IP 192.168.10.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply,
length 318
17:11:28.055461 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
X, length 302
17:11:28.056391 IP 192.168.10.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply,
length 318


What did I miss ?


I follow the HowTo
http://www.openmaniak.com/vyatta_case_dhcp.php#dhcp-process which is
brilliant, thanks.
The only differents is that my DHCP is not on the router, but on another PC.

Do I need to add a route to define the DHCP Server?
Do i need to add a data on the server to ask him to take the request form
the Vyatta Router ?


Thanks for your help
-- 
Cordialement / Sincerely
Damien
MEP Volunteer Indonesia / Volontaire MEP Indonesia
http://www.mepasie.org
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users