ipsec.conf -- i was reading over the docs, and I know that it says to keep
left and right the same throughout the ipsec.conf file but, it started
occuring to me (as I read more) that this only applies to each side.. ie
# office network
conn office
left=192.168.1.254
I'm using Bering as a platform to help me route between buildings
connected
to my network. In some cases, routing has to hop more than once (up to 3
times). Using standard routing commands, I don't seem to be able to fix
this. Here is what my network looks like. Site 1 is the main segment.
I tried adding a second static IP to my dachstein floppy 1.0.2 ... so i
go into /etc/network.conf and uncommented the line
eth0_IP_EXTRA_ADDRS=w.x.y.z (where w.x.y.z is my new static ip)
and reloaded (svi network reload)... no luck. so i went to the
instructions for configuring
On the how do you test, I know mine is working because of all the
Teergrubing messages I receive in syslog. It is running on all low
ports 1024 so it catches alot of activity. I have not done it myself,
but maybe a different port scanning service could provide better results
for you.
GRC
i mean when i tried to connect to that ip with an outside-the-firewall
connection none of the port forwards worked...
# ip addr list
...
2: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100
link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet 64.113.72.222/24 brd
Lonnie, Boyd:
Ah, serendipity. :) One email, two answers...
To get a PPTP-based VPN client working from behind a
LEAF/LRP disk, you need to do four things (none of which is
to search the email archives, though that works too ;):
1. Be sure to be using a VPN enabled kernel.
I see the point about the white space indention, the formatting must not
have kept in my original email. I believe that this is everything I need
now to get this working. I'll be working on it this evening. Thanks for
the help everyone...
Joey
-Original Message-
From: [EMAIL
Thank you guys for the feedbacks. LaBrea works the way you all described. Normal
port-scan will be done quickly, but a more meaningfull scaning (as browser IE or lynx
on http://24.x.x.x:27 will run and wait forever. The log shows that LaBrea is
tarpiting too. So I think it is time for me now
Thanks Scott,
I think that I will now proceed to upgrade my old EigerStein LRP to
the newer Dachstein one.
Could you please tell me about this EchoWall?
Thandk again for being a REAL help.
cheers,
Lonnie
Lonnie, Boyd:
Ah, serendipity. :) One email, two answers...
To get a
Lonnie:
You can best find echoWall on freshmeat.net. The blurb
there is fairly accurate. :)
http://freshmeat.net/projects/echowall/
cheers,
Scott
On Mon, 4 Mar 2002, Lonnie Cumberland wrote:
Thanks Scott,
I think that I will now proceed to upgrade my old EigerStein LRP to
the
Sorry for the dumb question Scott, but is Echowall an LRP package
that is either added to, or already on, the Dachstein CDROM?
Or, is a a complete seperate LRP Firewall distro?
I guess that I have not been keeping up much since I have been using
the Eigerstein LRP version which was very easy t
Oops!!!
Sorry for the last email.
I just found out that Echowall is an LRP package that is added to
Dachstein. I guess that I will have to add it to the boot floppy when
I use the CDROM version.
Actuall, I am wondering if it would be easy to put the Dachstein
CDROM LRP onto a small hard disk
Assuming you are using Rogers (canada) you should have a theoretical
downstream pipe of 300K /s (but you'll probably get more like 120K/s -
230K/s) 80K/s is the max threshold I use - and I've never even come near it
- but you can change it accordingly...
S
From: MLU [EMAIL PROTECTED]
Charles Steinkuehler wrote:
[snip]
To see your port-forwards, run net ipfilter list
I guess 'net' is a DF command. Would you post it's usage?
Thanks,
Matt
___
Leaf-user mailing list
[EMAIL PROTECTED]
On Monday 04 March 2002 15:27, Matt Schalit wrote:
Charles Steinkuehler wrote:
[snip]
To see your port-forwards, run net ipfilter list
I guess 'net' is a DF command. Would you post it's usage?
It's shorthand for network ... the init script.
Like:
svi net ipfilter list
I've
Try the instructions here.
http://sourceforge.net/docman/display_doc.php?docid=8793group_id=13751
Lonnie Cumberland wrote
Oops!!!
Sorry for the last email.
I just found out that Echowall is an LRP package that
is added to
Dachstein. I guess that I will have to add it to the
boot
Scott C. Best wrote:
Lonnie:
You can best find echoWall on freshmeat.net. The blurb
there is fairly accurate. :)
http://freshmeat.net/projects/echowall/
cheers,
Scott
Scott!
Let me first say that I like echowall and what you've done with.
I've said that before and
I'm not that familiar with Echowall, but I can help with the ssh bit:
In addition, I don't see the wisdom in this:
# -- For SSH'ing out from firewall, allow responses from SSH servers.
# -- Configure firewall's SSH client to use 823 to 1023 port range.
$IPCHAINS -A input -s 0/0 22 -d
Matt:
Heya. Thanks for the candid feedback. Some replies
to you inline, with gratuitous clipping:
Let me first say that I like echowall and what you've done with.
I've said that before and recommended it to others even though I've
authored my own pfw. Yours is better, more
guitarlynn wrote:
On Monday 04 March 2002 15:27, Matt Schalit wrote:
Charles Steinkuehler wrote:
[snip]
To see your port-forwards, run net ipfilter list
I guess 'net' is a DF command. Would you post it's usage?
It's shorthand for network ... the init script.
Like:
svi net
Charles Steinkuehler wrote:
[snip]
When you run ssh on a *nix box, it will default to using a low port to
make the connection unless you specify a command line switch
Aha. I didn't realize that as I never run ssh from the
firewall to anywhere. I always use an internal machine
whose
Scott C. Best wrote:
Matt:
Heya. Thanks for the candid feedback. Some replies
to you inline, with gratuitous clipping:
Let me first say that I like echowall and what you've done with.
I've said that before and recommended it to others even though I've
authored my own pfw. Yours
i'd like to compile support for a null-modem console into my kernel so i
see boot messages and can dispense with the monitor currently attached
to my lrp box... running dachstein floppy 1.0.2... is there a howto i
missed? thanks in advance
-david
___
On Monday 04 March 2002 22:02, David Goodrich wrote:
i'd like to compile support for a null-modem console into my kernel
so i see boot messages and can dispense with the monitor currently
attached to my lrp box... running dachstein floppy 1.0.2... is there
a howto i missed? thanks in advance
Bob Pocius wrote:
Thanks for the replies guys. On my way home (after I had some time to think
about what I wrote), I realized that I didn't describe my problem properly.
As well as being lazy about transcribing my routing tables, I didn't include
some of the connection info. Sites 1, 2 and 3
Dear all
I just want to ftp from my office to my web server through IPSEC
My_W2KLRP-I-N-T-E-R-N-E-T---LRP-WebServer
My machine and Webserver keep preshared-key How can I config
LRP to enable my machine to talk in IPSEC with webserver (I don't
want tunneling mode
26 matches
Mail list logo