Re: [Vyatta-users] Unable to login, solved by reboot

2008-02-02 Thread Dave Roberts 
Sounds like the right call.

Cheers,

-- Dave Roberts


-Original Message-
From: Jostein Martinsen-Jones [EMAIL PROTECTED]
To: Dave Roberts [EMAIL PROTECTED]
Cc: Justin Fletcher [EMAIL PROTECTED]; vyatta-users [EMAIL PROTECTED]
Sent: 2/2/2008 5:53 AM
Subject: Re: [Vyatta-users] Unable to login, solved by reboot

Gisch, sounds like i'll stick to the stable release until Glendale is
stable.
We are going to have customer systems behind the router, and the customers
doesn't appreciate downtime at all.



2008/1/31, Dave Roberts [EMAIL PROTECTED]:

  Glendale probably hasn't had enough widespread alpha testing to know for
 sure, but having said that, I think the general consensus from people at
 Vyatta as well as some other comments we have gotten from outside is that it
 feels a lot more stable. By stable, I specifically mean a lot less random
 behavior. Generally, with Glendale things either work or they don't. Now,
 having said that, there is a *lot* of stuff that doesn't work (a lot of
 loose ends, rough edges, etc.), but if you don't need those features, then
 the stuff that does work seems to work well. Put another way, if you can
 configure it and you test it and it works, it will probably keep working
 well. Vyatta currently uses Glendale everyday in our production network, for
 instance, and we don't see crashes.

 So...

 If servers that soon will go live means an intranet, internal company
 web site that can afford to be down for a few hours to upgrade to Glendale
 Alpha 2 and Beta in a month or two and your company won't go out of business
 if there is a problem, then I'd probably install Glendale Alpha 1 and I
 think you would probably be happy with it.

 If servers that soon will go live refer to multi-million dollar,
 revenue-generating, business-critical systems that have limited maintenance
 windows, etc., where you would be fired outright if things suddenly stopped
 working, then I definitely wouldn't do it. It's simply too risky at this
 point and at a minimum you'll want to upgrade to Alpha 2 and/or Beta when
 those become available, which would require possibly large amounts of
 downtime. But if you decide to go for it, we'd be very interested in any
 feedback you have. ;-)

 -- Dave

  --
 *From:* [EMAIL PROTECTED] [mailto:
 [EMAIL PROTECTED] *On Behalf Of *Jostein
 Martinsen-Jones
 *Sent:* Wednesday, January 30, 2008 3:06 PM
 *To:* Justin Fletcher
 *Cc:* vyatta-users
 *Subject:* Re: [Vyatta-users] Unable to login, solved by reboot

 How production ready are Glendale. I'm using vyatta as router/firewall in
 front of a couple of servers that soon will go live...
 Since it's alpha, do you think I should do it? Just printed the whole
 manual...

 2008/1/30, Justin Fletcher [EMAIL PROTECTED]:
 
  Maybe . . .
 
  However, much of this has been resolved with associated changes in
  Glendale.
  Give Alpha 1 a try - I doubt you'll see it there :-)
 
  Best,
  Justin
 
  On Jan 30, 2008 12:43 PM, Jostein Martinsen-Jones [EMAIL PROTECTED]
  wrote:
   But i feel that the only reason I didn't have to reboot is luck :(
   Maybe next time i'm unable to login with any account?
  
   2008/1/30, Justin Fletcher [EMAIL PROTECTED]:
  
As you can see, nothing jumps out in the log.  A detailed search may
turn up more information; otherwise, at least you've got a
  work-around
:-)
   
Justin
   
On Jan 29, 2008 2:48 PM, Jostein Martinsen-Jones [EMAIL PROTECTED]
  
   wrote:
 Log result attached.
 I managed to login if I changed the passwords for my troubled
  users.
 Somethimes the encrypted-password didn't get encrypted.


 2008/1/29, Justin Fletcher [EMAIL PROTECTED]:

  Give show log | match ERROR a try.
 
  Justin
 
  On Jan 29, 2008 2:00 PM, Jostein Martinsen-Jones 
  [EMAIL PROTECTED]
 wrote:
   I have this problem again. Now i was able to login to a user
  account
   I
   created, but unable to view logfiles since im in xorpsh.
  
   2008/1/28, Justin Fletcher [EMAIL PROTECTED]:
  
Anything untoward in the log files?
   
Justin
   
On Jan 28, 2008 7:29 AM, Jostein Martinsen-Jones
   [EMAIL PROTECTED]
   wrote:
 Today I had a wierd experience with Vyatta.
 I was unable to login on any account. Did a reboot, then
   everything
 was
 normal.
 What is going on?

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


   
  
  
 


   
  
  
 



___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

Re: [Vyatta-users] Restricting access to default route

2008-02-02 Thread Robert Bays 
comments inline...

Michel van Horssen wrote:
 Thing is, those messages talk about the IP command on the shell prompt,
 there are also policies possible in the cli. Are those the same?
No.  Policy routing is not included in the CLI right now.  You must use
the ip command in the linux shell.

 Our situation is as follows:
 
 eth0: 192.168.1.0/24 interface adres is 192.168.1.1
 eth1: 192.168.10.0/24 interface adres is 192.168.10.1
 eth2: 192.168.254.0/24 interface adres is 192.168.254.2 (router on the
 other end with 192.168.254.1)
 
 The default next hop to the firewall would be 192.168.1.2 this should be
 restricted to a few computers in the 192.168.10.0/24 segment.
 
 What I've read so far is that the cli can't handle it and I would have
 to do it on the root shell with the IP command.
 
 The first rule would be:
 ip route add default via 192.168.1.2 dev eth0 tab 1
 
 But then I'm stuck because the servers and a few clients who would be allowed 
 access to that default route aren't all in a nice string of addresses.

 What I would like is to tell that the range from 192.168.10.10:192.168.10.50 
 and 192.168.10.155 etc etc wuld be allowed to go to that next hop.
You will have to break that range into smaller ranges for your ip rule
statements.  For example, the first range of 10.10 to 10.50 would be
something like this...

ip rule add from 192.168.10.10/31 tab 1
ip rule add from 192.168.10.12/30 tab 1
ip rule add from 192.168.10.16/28 tab 1
ip rule add from 192.168.10.32/28 tab 1
ip rule add from 192.168.10.48/31 tab 1
ip rule add from 192.168.10.50/32 tab 1

Cheers,
Robert.
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

[Vyatta-users] glendale problems my 1st view

2008-02-02 Thread ken Felix 
Got around to doing some  more testing and all is looking much better. 
The md5 auth is now working following  the advice given earlier.


00:11:22.589724 IP (tos 0xc0, ttl   1, id 6646, offset 0, flags [none], 
length: 80) 172.16.10.111  224.0.0.5: OSPFv2, Hello (1), length: 44
 Router-ID: 172.16.10.111, Backbone Area, Authentication Type: 
MD5 (2)
 Key-ID: 1, Auth-Length: 16, Crypto Sequence Number: 0x47a51bca
 Options: [External]
   Hello Timer: 10s, Dead Timer 40s, Mask: 255.255.255.0, 
Priority: 1
   Designated Router 172.16.10.111
00:11:32.593896 IP (tos 0xc0, ttl   1, id 6647, offset 0, flags [none], 
length: 80) 172.16.10.111  224.0.0.5: OSPFv2, Hello (1), length: 44
 Router-ID: 172.16.10.111, Backbone Area, Authentication Type: 
MD5 (2)
 Key-ID: 1, Auth-Length: 16, Crypto Sequence Number: 0x47a51bd4
 Options: [External]
   Hello Timer: 10s, Dead Timer 40s, Mask: 255.255.255.0, 
Priority: 1
   Designated Router 172.16.10.111

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users