On Tue, Apr 09, 2002 at 12:37:27PM +0200, Wichert Akkerman wrote:
Previously Alan Shutko wrote:
An AFS-based setup is used at many places to great effect, especially
on untrusted nets, but I don't know how bad setup is. I suspect it's
evil.
There is also SFS which works very nicely
On Tue, Apr 09, 2002 at 08:01:14AM +0200, Lupe Christoph wrote:
Here is an example:
conn %default
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
left=%defaultroute
leftsubnet=192.168.2.0/24
leftid=C=DE, ST=Bavaria, O=Octogon
We use Debian (sid, 2.4.18 custom, libc6 2.2.5) box with
iptables (1.2.6a) and Obsid's rc.firewall.iptables.dual (1.2b2)
http://www.sentry.net/~obsid/IPTables/rc.scripts.dir/current
as a firewall between private net and Internet.
Every day we get a lot of DENIED PORT messages:
[...]
Apr 9
On Tue, Apr 09, 2002 at 07:20:18PM +0600, Mikhail Romanenko wrote:
snip
These ports is denied by script, but I do not understand what
does it mean. If some private net user browser try to connect
to some Internet www server (DPT=80) it has to use one of the
dynamic and/or private ports
On Tue, Apr 09, 2002 at 06:51:38AM -0500, Rob VanFleet wrote:
After doing some reading about it, the only thing that turns me off to
SFS is that you still have to run the usual NFS services for it to work.
A large part of the reason I am seeking alternatives is that those
services are so
On Tuesday, 2002-04-09 at 08:50:18 -0400, Andrew Pimlott wrote:
On Tue, Apr 09, 2002 at 08:01:14AM +0200, Lupe Christoph wrote:
Here is an example:
conn %default
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
left=%defaultroute
On Tue, Apr 09, 2002 at 06:57:18PM +0200, Lupe Christoph wrote:
On Tuesday, 2002-04-09 at 08:50:18 -0400, Andrew Pimlott wrote:
You can save yourself this step: use a leftcert pointing to your
certificate, and you don't need the leftid. Reduces redundancy, and
avoids having that huge long
qpopper LAG...
==
Hallo Debian security folks,
Here's my problem: qpopper daemon (2.53-7) seems to
get some LAGs when there's much/medium internet traffic.
It's a rather strange problem cause it seems like qpopper
or either the user's MUA (mail client) goes in timeout.
The
On Tue, Apr 09, 2002 at 07:23:28AM -0700, Luca Filipozzi wrote:
On Tue, Apr 09, 2002 at 06:51:38AM -0500, Rob VanFleet wrote:
After doing some reading about it, the only thing that turns me off to
SFS is that you still have to run the usual NFS services for it to work.
A large part of the
unsubscribe
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Tue, Apr 09, 2002 at 04:02:34PM -0500, Rob VanFleet wrote:
On Tue, Apr 09, 2002 at 07:23:28AM -0700, Luca Filipozzi wrote:
You run those service locally on each machine only. You don't make them
available to other hosts.
Sorry if I'm being completely dense here, but aren't the
dear,
i have webserver (running on localnet rfc1918) stay behind a
firewall (using rinetd for redirecting), the apache's log
read all access from the internal interface's firewall
instead of the original source address.
any idea how can i log the original source ipaddress's
anyone who access
i'm not familiar with rinetd, but if you use netfilter to do dnat the source
address will be maintained. just make sure internal boxes hit the
webserver directly, on the internal ip, rather than through the external
one so they don't get confused by packets coming back directly from the
web
On Fri, Apr 05, 2002 at 12:13:41PM +0200, Victor Vuillard wrote:
the fswcert tool, which is used to extract private key from
certificate was before in freeswan package. I was not able to find it in
1.95 version of freeswan. Anyone knows why it has been removed ???
Because it's no longer
On Tuesday, 2002-04-09 at 00:03:20 -0400, Noah L. Meyerhans wrote:
On Fri, Apr 05, 2002 at 12:13:41PM +0200, Victor Vuillard wrote:
the fswcert tool, which is used to extract private key from
certificate was before in freeswan package. I was not able to find it in
1.95 version of freeswan.
Previously Alan Shutko wrote:
An AFS-based setup is used at many places to great effect, especially
on untrusted nets, but I don't know how bad setup is. I suspect it's
evil.
There is also SFS which works very nicely indeed.
Wichert.
--
On Tue, Apr 09, 2002 at 12:37:27PM +0200, Wichert Akkerman wrote:
Previously Alan Shutko wrote:
An AFS-based setup is used at many places to great effect, especially
on untrusted nets, but I don't know how bad setup is. I suspect it's
evil.
There is also SFS which works very nicely
On Tue, Apr 09, 2002 at 08:01:14AM +0200, Lupe Christoph wrote:
Here is an example:
conn %default
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
left=%defaultroute
leftsubnet=192.168.2.0/24
leftid=C=DE, ST=Bavaria, O=Octogon
We use Debian (sid, 2.4.18 custom, libc6 2.2.5) box with
iptables (1.2.6a) and Obsid's rc.firewall.iptables.dual (1.2b2)
http://www.sentry.net/~obsid/IPTables/rc.scripts.dir/current
as a firewall between private net and Internet.
Every day we get a lot of DENIED PORT messages:
[...]
Apr 9
On Tue, Apr 09, 2002 at 07:20:18PM +0600, Mikhail Romanenko wrote:
snip
These ports is denied by script, but I do not understand what
does it mean. If some private net user browser try to connect
to some Internet www server (DPT=80) it has to use one of the
dynamic and/or private ports
On Tue, Apr 09, 2002 at 06:51:38AM -0500, Rob VanFleet wrote:
After doing some reading about it, the only thing that turns me off to
SFS is that you still have to run the usual NFS services for it to work.
A large part of the reason I am seeking alternatives is that those
services are so often
On Tuesday, 2002-04-09 at 08:50:18 -0400, Andrew Pimlott wrote:
On Tue, Apr 09, 2002 at 08:01:14AM +0200, Lupe Christoph wrote:
Here is an example:
conn %default
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
left=%defaultroute
On Tue, Apr 09, 2002 at 06:57:18PM +0200, Lupe Christoph wrote:
On Tuesday, 2002-04-09 at 08:50:18 -0400, Andrew Pimlott wrote:
You can save yourself this step: use a leftcert pointing to your
certificate, and you don't need the leftid. Reduces redundancy, and
avoids having that huge long
qpopper LAG...
==
Hallo Debian security folks,
Here's my problem: qpopper daemon (2.53-7) seems to
get some LAGs when there's much/medium internet traffic.
It's a rather strange problem cause it seems like qpopper
or either the user's MUA (mail client) goes in timeout.
The
On Tue, Apr 09, 2002 at 07:23:28AM -0700, Luca Filipozzi wrote:
On Tue, Apr 09, 2002 at 06:51:38AM -0500, Rob VanFleet wrote:
After doing some reading about it, the only thing that turns me off to
SFS is that you still have to run the usual NFS services for it to work.
A large part of the
unsubscribe
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Tue, Apr 09, 2002 at 04:02:34PM -0500, Rob VanFleet wrote:
On Tue, Apr 09, 2002 at 07:23:28AM -0700, Luca Filipozzi wrote:
You run those service locally on each machine only. You don't make them
available to other hosts.
Sorry if I'm being completely dense here, but aren't the ports
27 matches
Mail list logo