On Fri, 8 Mar 2002, Michael D. Schleif wrote:
Jeff Newmiller wrote:
On Fri, 8 Mar 2002, Michael D. Schleif wrote:
We are seeing martians on internal networks on a regular basis.
Usually, it is traceable to users logging into AOL over our high speed
internet connections:
Michael D. Schleif wrote:
Jeff Newmiller wrote:
Jeff I'm sorry you ended up with that reply. Please don't
take it home with you, so to speak. We highly value your
contributions to LEAF, and we appreciate your willingness
to help Michael.
On Fri, 8 Mar 2002, Michael D. Schleif wrote:
We
Does anyone have any experience of using OSPF on leaf (e.g. with gated or
zebra) that they would care to share? I am trying to establish a multihomed
service at my colo facility and the provider is offering OSPF to manage my
connections to his two routers. He then manages outbound with BGP4.
I
Hi everybody,
Please Please help me! I'm trying to do it since last One month but could not then
only I have sent a mail to this mailing list.
I 'm running the Dachstein LEAF firewall. I'm not able to forwarding the
external traffice which is coming to my valid IPaddr (eth0) to my
Greeting Sudhir:
A thought might be that you have not enabled the
10.0.0.0 subnet on the internal network. The
Dachstein CD has as its default the 192.168.1.0 subnet
so to get the 10.0.0.0 working you must edit the
configuration.
1) In /etc/network.conf
lines 164, 349, 350
2) in
i did not find that specific line in the net ipfilter list command, however
I did change the setting in the networ.conf file. however I still did not
find that line in the above command. I got to thinking about the specific
problem i'm having and thought I might try to give a little more
yes u gota problem Sir:
now u do this:
echo 1 /proc/sys/net/ipv4/conf/eth0/rp_filter
echo 0 /proc/sys/net/ipv4/conf/ipsec0/rp_filter
then:
ipsec setup --restart
I don't know how u setup your /etc/ipsec.conf... if u have it auto=add line
to your conn.. then ready to go.. u almost there...
I am sorry for offending everyone. I will proffer no excuses. I was in
one of my bullheaded moods and acted inappropriately. Again, I am
sorry.
Is it possible to ask a generic question?
In general, is it possible to answer my original questions? Since I
don't see this as a setup question
OK before u jum into NASA Tech...do this
ping your internal machine from LRP yes or no ? no = fix it (cables, config
etc..)
ping internet from your lrp/internal machine yes or no ? no fix it
ping LRP from anywhere out side of your network yes or no ? no = fix it..
(allow www trafic with
Jeff Newmiller wrote:
On Fri, 8 Mar 2002, Michael D. Schleif wrote:
Jeff Newmiller wrote:
On Fri, 8 Mar 2002, Michael D. Schleif wrote:
We are seeing martians on internal networks on a regular basis.
Usually, it is traceable to users logging into AOL over our high
need more info about your network...and What is your Client PC xp or w2k, 98
...
I notice on XP if you have Firewall protection enable...you can't send
files...
I know ManyNetwork use Hardware Router/Firewalls, users having problems with
UP/down Loads files...
however Hackers got no problem
Michael -- It is unlikely that there is a lot of AOL expertise here on this
list (others, please correct me if I am wrong), so the most valuable
information to provide here would be a better description of what users
logging into AOL over our high speed internet connections means ...
particularly
Charles Steinkuehler's LEAF/LRP mixed Dachstein and EigerStein2BETA
Router
Firewall
dhcpd
dhclient
dnscache
weblet
sshd
ipsec VPN
Pentium 125 with 128MB mem... 32MB IDE Flash Card from Lexmark Printer...heh
2 NICs attached to Internet using network bonding module... this is cool my
Quake3
Bob Pocius wrote:
Sometimes LEAF distros are configured to block traffic destined for
the private address space from going out eth0. It's designed that
way because private addresses are in general for internal use only.
Rarely, an ISP uses these, and adjustments are made to ipfilter.conf
or
2 NICs attached to Internet using network bonding module.
Can u please gimme some INFO on above mention qoute.
thnks
-Original Message-
From: Upali Weerasinghe [mailto:[EMAIL PROTECTED]]
Sent: Saturday, March 09, 2002 19:36
To: [EMAIL PROTECTED]
Subject: [Leaf-user] I am Happy to
i did the below, and restarted ipsec, and got an error about eth0, so i
changed it back, then I started scanning the /var/log/syslog and noticed
that port 500 was being denied :
Mar 9 14:46:43 firewall kernel: Packet log: input DENY eth0 PROTO=17
66.25.18.71:500 66.25.44.147:500 L=204 S=0x00
Thank you.
Although, I can be pretty daft on occasion, I am trying to ``do the
right thing.'' It is not always easy knowing what that maybe in a
variety of contexts.
For me, from my humble experience, when I do not know something, it
works best to try to summarize what it is that I know,
Ray Olszewski wrote:
This would probably be a good topic to explore further, either here or on
the -devel list, and that is why I am bothering to reply at all. It is (or
may be) a concrete, and potentially widespread, instance of a general
problem with firewalling ... what is the difference
A selective reply ...
At 02:01 PM 3/9/02 -0600, Michael D. Schleif wrote:
[...]
The difference is that holes caused by dialout workstations are old news,
and there is really no way to address this problem at the firewall (except
by blocking traffic routed through it with the martians rules,
Yes i had compiled the kernel for multicast support from the fist time
becouse i plan to use multicast. But when i try to find some multicasting
software were the problem.
I try to find mrouted becouse this support other protocols than PIM.
I have others cisco router. The problem is: if this PIM
Ok u know howto complie your kernel and u must have a flash or hard_drive
installed on your LRP system...
then follow this..
Linux Bonding Driver mini-howto
Initial release : Thomas Davis tadavis at lbl.gov
Corrections, HA extensions : 2000/10/03-15 :
- Willy Tarreau
I don't know if this will approach the problem being asked to
help much, but I did reverse engineer the AOL software
many years ago to connect with Linux.
You can only connect to AOL via a special proxy adapter
that is integrated with their software. The martian errors are
due to the built in
guitarlynn wrote:
I don't know if this will approach the problem being asked to
help much, but I did reverse engineer the AOL software
many years ago to connect with Linux.
You can only connect to AOL via a special proxy adapter
that is integrated with their software. The martian errors
At 2002-03-09 14:01 -0600, Michael D. Schleif wrote:
Also, since I do not know everything there is to know about networks
and quantifying everything quantifiable about same, regarding your
sniffer questions, can you describe a simple, open source process to
accomplish these tasks?
Michael,
The
Scott C. Best wrote:
Heyaz. So I'm using a fairly stock DS relase,
and I've a question about properly setting up dnscache
and my host entries in network.conf.
So, these host entries are visible from the DS system.
How can I keep my LAN machines from making PTR?
requests
Mike Noyes wrote:
At 2002-03-09 14:01 -0600, Michael D. Schleif wrote:
Also, since I do not know everything there is to know about networks
and quantifying everything quantifiable about same, regarding your
sniffer questions, can you describe a simple, open source process to
accomplish
It maybe interesting to know that aol installs a special ``adapter''
that is purported to behave similarly to an hardware nic. In fact, on
win9x, at least, it is next to the nic in network neighborhood
properties and is near identically configured.
As mentioned in other replies, and
Michael:
Heya. Each of the LAN machines gets a DHCP lease
from the DS box, with the DS box indicated as the DNS
server. Only the DS box has the /etc/hosts entries.
For example, in the /etc/hosts file it reads:
192.168.123.1 pc.private.network pc1
192.168.123.2
Hi all,
I'm still having a problem with port forwarding packets to the internal web
server... I am on a Cox network that supposedly blocks packets coming inward
via port 80. I've set up an account with DynDNS that forwards packets
directed at http://www.cybersampson.com to
Charles,
I did find a way to test it and the reverse masquerading WORKED!
( which I think is cute as hell and solves a major problem of multiple
routes to the internet. )
With one problem.
When the ipsec connection is made, ipsec INSERTS rules into the
I did find a way to test it and the reverse masquerading WORKED!
( which I think is cute as hell and solves a major problem of
multiple
routes to the internet. )
With one problem.
When the ipsec connection is made, ipsec INSERTS rules into the
forward
Scott C. Best wrote:
Heyaz. So I'm using a fairly stock DS relase,
and I've a question about properly setting up dnscache
and my host entries in network.conf.
Scott!
I hope all is well in the South Bay. Are you going to make it
up to SF for the Linux Embedded conference this week:
At 10:37 PM 3/9/02 +, Scott C. Best wrote:
Michael:
Heya. Each of the LAN machines gets a DHCP lease
from the DS box, with the DS box indicated as the DNS
server. Only the DS box has the /etc/hosts entries.
For example, in the /etc/hosts file it reads:
192.168.123.1
snip of various authors
I'm not that familiar with the MS networking stack, and how
windows systems handle routing, forwarding, etc.
With the Win9x/ME family, the stack is all proxy...ISC or some other
proxy.
As mentioned elsewhere, apparently the AOL traffic is creating a
tunnel through
On Saturday 09 March 2002 10:21, joey officer wrote:
i did not find that specific line in the net ipfilter list command,
however I did change the setting in the networ.conf file. however I
still did not find that line in the above command. I got to thinking
about the specific problem i'm
I modified the eth0_IP_SPOOF=NO now, but that does not fix the error of
being denied.. which I posted a little while ago...
any other thoughts
joey
- Original Message -
From: guitarlynn [EMAIL PROTECTED]
To: joey officer [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Saturday, March 09,
At 02:44 PM 3/9/02 -0800, Doug Sampson wrote:
Hi all,
I'm still having a problem with port forwarding packets to the internal web
server... I am on a Cox network that supposedly blocks packets coming inward
via port 80. I've set up an account with DynDNS that forwards packets
directed at
37 matches
Mail list logo
