RE: [Leaf-user] RE: Gunzip/gzip problems?

hi nicolas there is a working portsentry 1.1 Version at: http://leaf.sf.net/devel/sminola/files/packages/psentry.lrp All the other portsentry packages I found were version 1.0. This version has a bug: It doesn't ignore hosts/networks listed in the ignore file (you usually enter your internal net

Re: [Leaf-user] DMZ Setup Questions (was "adding a subnet")

> I am still hammering around on getting this DMZ setup. I have read and > re-read Charles network.txt file and learned a lot but I still am > unsuccessful at getting it to work. My latest error when restarting the > network is: > > # /etc/init.d/network reload > /etc/network.conf: tcp_192.168.10.

Re: [Leaf-user] Help with a webserver on a DMZ network.

> I am trying to setup DMZ for my webserver. > > I have 3 NICs 1 External PUBLIC_IP > 1 Internal LAN 192.X.X.x > 1 DMZ 10.0.1.1 > > > I am using leaf 2.2.19 Dachstein. I wondering does anyone have any DMZ > config files to share to setup the webserver on DMZ so that i

Re: [Leaf-user] Q: How to open high ports for a DMZ?

I would appreciate some help to get mail sending out of my routed DMZ to work. CS> Comments inline... What currently happens in my setup is that a DMZ machine can contact the mail server on the external internet via port 25. But the mail server's reply to the DMZ machine on high ports 4436 and

Re: [Leaf-user] ipsec gateways & same private networks ???

> Suppose that there are two (2) Dachstein-CD firewalls masquerading two > (2) distinct internal networks that happen to use the same private > subnets (e.g., 192.168.1.0/24). > > is > pretty emphatic: > > ``Note, however, that the

Re: [Leaf-user] ipsec gateways & same private networks ???

On the topic of re-numbering networks: I have recently installed DachCD, and noticed the comments in network.conf for eth1 specify "DO NOT CHANGE." I assume this is due to some hard-coded instances of this explicit IP, rather than a variable. I noticed in the weblet config, 192.168.1.254 is

Re: [Leaf-user] ipsec gateways & same private networks ???

> On the topic of re-numbering networks: > > I have recently installed DachCD, and noticed the comments in network.conf for > eth1 specify "DO NOT CHANGE." I assume this is due to some hard-coded > instances of this explicit IP, rather than a variable. I noticed in the weblet > config, 192.168.1

Re: [Leaf-user] ipsec gateways & same private networks ???

Charles, I will poke around in the places you mentioned, and document what I find. I also caught part of a November thread in which there was talk of formalizing some beginner-level doc for the CD distro --- did that ever come about? If not, I could be talked into it --- I'm an infinitely qua

Re: [Leaf-user] ipsec gateways & same private networks ???

> I will poke around in the places you mentioned, and document what I find. I > also caught part of a November thread in which there was talk of formalizing > some beginner-level doc for the CD distro --- did that ever come about? If not, > I could be talked into it --- I'm an infinitely qualified

[Leaf-user] Network Card Problem

Hello All, I briefly mentioned a few weeks ago a problem I'm having with a specific network card, however, no one had any solid advice and I wasn't sure what the exact problem was so I'm reposting with a bit more information I hope. NIC: 3Com 3C920 Integrated network Card (lists as a 3

Re: [Leaf-user] Network Card Problem

Well, it seems like you could *try* copying the working 3c5x9.o file to the LEAF disk --- but with kernel differences it may not work. Another thing you might try is the preconfigured modules.lrp for the 3c5x9 from www.pigtail.net/LRP. In my experience, Nicholas does a great job of testing t

Re: [Leaf-user] Where can I find smb.lrp for Dachstein?

Pete Dubler wrote: > > Wow, my wireless Dachstein is running great. What's a wireless Dachstein? Matt ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Network Card Problem

Patrick Nixon wrote: > > Hello All, > I briefly mentioned a few weeks ago a problem I'm having with a > specific network card, however, no one had any solid advice and I wasn't > sure what the exact problem was so I'm reposting with a bit more > information I hope. > > NIC: 3Com 3C920 In

Re: [Leaf-user] DMZ Setup Questions (was "adding a subnet")

Charles, Thanks for the info. I started with a fresh boot disk over the weekend and carefully tried to follow the network.txt help file sections on setting up a DMZ. This took care of the script errors. Charles Steinkuehler wrote: ... > > > > INTERN_IF="eth1"# Internal Interfa

Re: [Leaf-user] DMZ Setup Questions (was "adding a subnet")

> OK here is what I have been using for eth2: > > eth2_IPADDR=192.168.10.254 > eth2_MASKLEN=24 > eth2_BROADCAST=+ > #eth2_ROUTES= > eth2_IP_SPOOF=YES > eth2_IP_KRNL_LOGMARTIANS=YES > eth2_IP_SHARED_MEDIA=NO > eth2_BRIDGE=NO > eth2_PROXY_ARP= > eth2_FAIRQ=NO This looks OK > I still can't web brow

Re: [Leaf-user] DMZ Setup Questions (was "adding a subnet")

Charles Steinkuehler wrote: > > You *DO* need to have your DMZ system setup correctly, however. It needs an > IP in the 291.268.10.0/24 subnet, and it needs to use the DMZ interface of > the firewall (192.168.10.254) as it's default gateway. I assume that you meant 192.168.1.0/24. Here is th

[Leaf-user] Changing Internal Address References for IPSec

Quoting Charles Steinkuehler <[EMAIL PROTECTED]>: > There's no complete list...perhaps you could take notes and start one? > Off > the top of my head, you will need to edit/re-configure the following > files/services if you change the internal network settings: > > - /etc/network.conf > - /etc

[Leaf-user] Re: Changing Internal Address References for IPSec

> OK, sanity check this: > I did an rsync of the entire running config, so I could play with the directory > structure on a full distro. I ran 'rgrep -rnB 192.168.1 ./* >ref.txt' against > the directory, and got back: Looks about like I'd expect... > No mention in my output of anything in dnsc

Re: [Leaf-user] DMZ Setup Questions (was "adding a subnet")

> > You *DO* need to have your DMZ system setup correctly, however. It needs an > > IP in the 291.268.10.0/24 subnet, and it needs to use the DMZ interface of > > the firewall (192.168.10.254) as it's default gateway. > > I assume that you meant 192.168.1.0/24. Acutally, I meant 192.168.10.0/24.

[Leaf-user] DCD, ipsec & route filtering ???

# svi ipsec --restart ipsec_setup: Stopping FreeS/WAN IPsec... ipsec_setup: stop ordered, but IPsec does not appear to be running! ipsec_setup: doing cleanup anyway... ipsec_setup: Starting FreeS/WAN IPsec 1.91... ipsec_setup: WARNING: ipsec0 has route filtering turned on, KLIPS may not work ipse

Re: [Leaf-user] DCD, ipsec & route filtering ???

> # svi ipsec --restart > ipsec_setup: Stopping FreeS/WAN IPsec... > ipsec_setup: stop ordered, but IPsec does not appear to be running! > ipsec_setup: doing cleanup anyway... > ipsec_setup: Starting FreeS/WAN IPsec 1.91... > ipsec_setup: WARNING: ipsec0 has route filtering turned on, KLIPS may >

Re: [Leaf-user] DCD, ipsec & route filtering ???

On Monday 31 December 2001 03:38 pm, Charles Steinkuehler wrote: > I have never had a problem with subnet-subnet tunnels > functioning with rp_filter enabled, so I just leave it on and ignore the > warnings. FWIW, my experience is the same as Charles's and I similarly ignore the warnings. -Tom

Re: [Leaf-user] Help with a webserver on a DMZ network.

I have tried these settings before, I can connect to the webbserver from the private LAN with the 192.X.X.X address, but I can not use my public address to connect. Thanks for the help. This is my setup ### # Interfac

RE: [Leaf-user] Help with a webserver on a DMZ network.

I am just starting to setup a DMZ, but I have a few questions on your setup, the are noted below > > > # Set EXTERN_IP to "DYNAMIC" if you need the rules to read the IP from the > # interface, but you arn't using DHCP (ie PPPoE and dialup users) > EXTERN_IP=PUBLIC IP > ^^ What'

RE: [Leaf-user] Help with a webserver on a DMZ network.

I really dont have any use for UDP I just left it open just playing around with it. I worked on it ALL day yesterday and got nothing. STUPID ME never thought to change the DMZ system gateway to the IP of eth2!! Saw this in one of the other threads, change to the right default gateway and the

[Leaf-user] Draft CIPE on LRP how-to

This should be my last act of arrogance in 2001 ;-) I've drafted this how-to on how to get Sandro Minola's ciped-1 package working on LRP (Dachstein). It's arrogant because I haven't been able to get cipe working myself work yet! But I think I'm pretty close and the How-to includes some troubl

Re: [Leaf-user] Network Card Problem

Patrick -- there are two possibilities. 1. There is a problem with the LEAF version of the 3c59x.o module. 2. Your two systems aren't as "identical" as you think. >From my own experience, I know that Dell Optiplex systems do run with stock Linux 2.2.x versions of the 3c59x.o mo

RE: [Leaf-user] Network Card Problem

Patrick, For the last two LRP "upgrades" I have had to resort to using an older, but workable 3c59x.o module. Originally I started out with EigerStein, then went on to EigersteinBETA, and now I am using Dachstein CD V1.0.2 (forgive me on not stating what version I was using on the previous Eiger'

RE: [Leaf-user] Help with a webserver on a DMZ network.

It seems I got things working now I can connect to the webserver using my puplic IP I cant use the public IP from the LAN. I have to use the private IP of the box on the DMZ. I can live with that. >From: "Tony" <[EMAIL PROTECTED]> >To: "djoutlaw outlaw" <[EMAIL PROTECTED]>, ><[EMAIL PROTECTE

Re: [Leaf-user] Help with a webserver on a DMZ network.

I am sorry for the EXTERN_IP=PUBLIC IP, I was just hiding my own IP please everyone disregard. I thought settting up LEAF would be hard but it seems to be very easy. Thanks to Charles Steinkuehler and this board I have gotten plenty of help! >From: guitarlynn <[EMAIL PROTECTED]> >Reply-To: [E

Re: [Leaf-user] Network Card Problem

On 12/31/01 at 1:46 PM, Patrick Nixon <[EMAIL PROTECTED]> wrote: > I briefly mentioned a few weeks ago a problem I'm having > with a specific network card, however, no one had any > solid advice and I wasn't sure what the exact problem was > so I'm reposting with a bit more information I hope. >

Re: [Leaf-user] Help with a webserver on a DMZ network.

On 1/1/02 at 3:58 AM, djoutlaw outlaw <[EMAIL PROTECTED]> wrote: > I thought settting up LEAF would be hard but it seems to > be very easy. > > Thanks to Charles Steinkuehler and this board I have > gotten plenty of help! Just a nit: LEAF is a superproject of LRP variants, not a specific LRP ty

[Leaf-user] DCD & ipsec & _updown ???

[1] Am I correct that _updown script is *modified* by somebody leaf/lrp to accommodate ipchains, as opposed to the default ipfwadm? Perhaps, that script should include some brief attribution of this non-standard modification? Is there some reason to modify this, as opposed to using a custom scr