I have been having trouble using Hotmail since I got DSL and installed my
Bering firewall, and today I realized I was having the same trouble using
some of the yahoo groups pages. Many of the links will time out when
loading, but if I then hit reload they will load up right away.
Unfortunatly, su
Aanhalen Dave Anderson <[EMAIL PROTECTED]>:
I am by no means an expert on the matter but since noone responded I'll share
my views. I have compiled my own "bering kernel" so I should be able to tell
you a thing or two.
When I compiled my own kernel I had some problems so I asked the list if it
Can anyone running Bering tell me what they be when executing the command:
cat /proc/interrupts
Thanks.
--
Sincerely,
David Smead
http://www.amplepower.com.
___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/l
I think you are probably right. I do have forward rules to allow traffic
between both my private 192.168.9 and 192.168.3. And those rules are
added by myself in /etc/ipfilter.conf (based on what you did for DMZ,
your DMZ is one-way, mine is 2-way). I will try to disable it asap, but
my question is
On Thu, 25 Apr 2002 23:09:38 -0400
"Morgan Reed" <[EMAIL PROTECTED]> wrote:
> Scott,
>
> A quick follow-up question regarding allowing protocol 47 packets
> though, I attempted to manually set the IPCHAINS rules just to do a
> quick test, and this is what I got:
>
> firewall: -root-
> # ipchain
Scott,
A quick follow-up question regarding allowing protocol 47 packets though, I
attempted to manually set the IPCHAINS rules just to do a quick test, and
this is what I got:
firewall: -root-
# ipchains -A input -s 0/0 -d 0/0 1723 -p tcp -l -j ACCEPT
firewall: -root-
# ipchains -A input -s 0/
I'm working on a LEAF Bering machine. It appears that it loads the 3c509
module properly, and assigns it io port addresses, but not an interrupt.
cat /proc/ioports and cat /proc/interrupts.
On the same machine using tomsrtbt, the nic comes up with an interrupt.
PNP has been disabled and the car
Hi Charles,
Thanks, leftfirewall=yes lets me ping a machine on the other subnet
now. I think I added a few too many extra ipchains rules, but now that
it is working I can back off on them.
- Jon
Charles Steinkuehler wrote:
>
> > > Look at your local routing setup (ip route or n
> > Look at your local routing setup (ip route or netstat -nr). Make sure
there
> > is a route directing packets destined for the far end of the VPN to the
> > ipsec device.
>
> Ok, so what you are saying is that on the ipsec router, I should
> associate the external private subnet with device ip
We got serial support in the kernel!!! All right!
Thanks Guys,
Eric
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Jacques Nilo
Sent: Thursday, April 25, 2002 9:06 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: shorewall-users
Subject: [Leaf-devel] B
> First of all I'd like to send you my admiration for creating such a wonderful
project. I have been running the Bering router for over a month and it is
awesome. Especially, since I did not have to go out and buy a $150 router.
>
> I was able to creat a 1.722MB diskette instead in order to add ss
> Hi,
> I need a module for proxim wireless card. I try to
compile
> my own on a RedHat 7.2 system with 2.4.18 kernel, but
when
> loading on a "Berring" I got a nuber of "insmod:
> unresolved symbol..". How I can do this modul. I
using
> a driver from Comacke. On a RedHat system all is ok.
>
>You can have only one catch-all (and therefore one preshared secret) if
you are using preshared secrets. The >identifier to use is %any in the
ipsec.secrets file. Like so:
>
>%any 192.168.3.1: PSK "unsecure"
>
>HTH
>Chad
Yes, but that would be the ipsec.secrets entry on the static side. What
On Thu, 25 Apr 2002 08:54:02 -0700
"Brock Nanson" <[EMAIL PROTECTED]> wrote:
> If I recall correctly, ipsec.secrets will NOT allow a catch-all entry if
> you are using preshared secrets. That's the reason you want to go to
> RSA keys if you have a dynamic end to the tunnel - they will allow this
> 1) Am I correct in understanding that the private key for each Gateway
> goes in ipsec.secrets. While the public key goes in ipsec.conf left &
> right respectivly?
You need at least one private key in ipsec.secrets (the RSA key for the
local machine). You need two public RSA keys in ipsec.conf
Hello.
I have been convinced to try RSA for my VPN setup rather than PSK. I just
had a question or two before I begin.
1) Am I correct in understanding that the private key for each Gateway
goes in ipsec.secrets. While the public key goes in ipsec.conf left &
right respectivly?
2) How does I
> I have to save certain configuration files separate from
> the .lrp files for various reasons.
>
> When I change a password: passwd
>I copy /etc/passwd and /etc/shadow- to a hard disk.
>After booting I copy those files back to ramdisk
> and my old passwd is back.
I have to save certain configuration files separate from
the .lrp files for various reasons.
When I change a password: passwd
I copy /etc/passwd and /etc/shadow- to a hard disk.
After booting I copy those files back to ramdisk
and my old passwd is back.
Am I savi
Hi Charles & MLu
> Look at your local routing setup (ip route or netstat -nr). Make sure there
> is a route directing packets destined for the far end of the VPN to the
> ipsec device.
Ok, so what you are saying is that on the ipsec router, I should
associate the external private subnet with d
If I recall correctly, ipsec.secrets will NOT allow a catch-all entry if
you are using preshared secrets. That's the reason you want to go to
RSA keys if you have a dynamic end to the tunnel - they will allow this,
if you set a name as Charles suggested.
If you want to stay with the preshared se
> Below are my routes on both left and right sides. Charles, if you can
> confirm them correct, I think there must be some rule on my left-side
> denying packets destined for 192.168.1 even reach left-side eth0.
>
> I accidentally found this in one old log:
>
> Apr 23 19:14:06 router kernel: Packe
Below are my routes on both left and right sides. Charles, if you can
confirm them correct, I think there must be some rule on my left-side
denying packets destined for 192.168.1 even reach left-side eth0.
I accidentally found this in one old log:
Apr 23 19:14:06 router kernel: Packet log: inp
From: "MLU " <[EMAIL PROTECTED]>
> I strongly hope that's my mistake somewhere and not the ISP's. If the ISP
blocks the IPSEC, could I connect to my office's VPN server? I still can do
that before this experiment (removing ipsec module...).
>
> The bad (and probably good -:)) news is that I do not
Phillip
Version 1.91 I think I may scrap using the PSK and go to RSA. As Charles
pointed out, RSA does not use IPs as identifiers but rather uses the keys.
Jason Massey
___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists
Charles,
One other thing. The /var/log/auth.log is from the dynamic gateway as this
is the one starting the tunnel. I must not be specifing for IPsec to use
the local IP the right way in ipsec.secrets. In ipsec.conf you use
%defaultroute. What about in ipsec.secrets?
Jason Massey
__
I have had similar problems.
Love to know what ipsec version you are using.
It seems that using 0.0.0.0 as an identifier in ipsec.secrets
is key but I haven't got dynamic to work yet.
[EMAIL PROTECTED] on 04/25/2002 08:28:33 AM
To: [EMAIL PROTECTED]
cc:(bcc: Phillip Watts/austin/N
Charles,
>It sounds like IPSec isn't finding the proper secret to use unless the
>secret is tagged with the remote IP. Are you assigning connection ID's
in
>ipsec.conf? IPSec will use the IP as a default ID if you don't assign
one
>manually. I typically use unresolved names as a connection I
> I have two Dachstein IPsec gateways in place. One is a static IP, the
> other is Dynamic. I can not get the VPN up. When I change the ipsecrets
> file to reflect the IP assigned to the Dynamic connection it works! but as
> soon as I specify it as Dynamic it doesn't. When this happens
> /var/log/
Hello,
I have two Dachstein IPsec gateways in place. One is a static IP, the
other is Dynamic. I can not get the VPN up. When I change the ipsecrets
file to reflect the IP assigned to the Dynamic connection it works! but as
soon as I specify it as Dynamic it doesn't. When this happens
/var/lo
This new release includes, among other things, ipsec and pptp support.
Also updated with latest 1.2.12 Shorewall and iptables 1.2.6a
The documentation has been considerably extended
Thanks to all the folks who helped us on this release !
The details are here:
http://leaf.sourceforge.net/article.ph
Hi all,
I have a Bewan ADSL PCI card arriving in the next few days, and in
preparation, I want to get its driver compiled for Bering (I'm pretty sure
it doesn't already exist in the modules list).
Is someone happy to do that, or could someone point me in the right
direction for compiling it - is
31 matches
Mail list logo
