Hello everyone,
...and here are snips from my barf, wherein the last 2 lines of my auth.log
suggests a known problem with WIN2K being able to operate using 3DES,
then secretly revert to 1DES as discussed in this link:
http://www.sandelman.ottawa.on.ca/linux-ipsec/html/2000/07/msg00151.html.
But I
I finally got the wireless to work, all I did was switch the two network cards.
Before, my integrated tlan was connected to the Linksys while the PCI tulip was
to PPPoE. I just switched to two connections and voila, wireless. Thanks for all
your help, it was greatly appreciated.
CK
Sean wrote:
Son of a ...
It worked first try. 2 changes from last time. I went from Shorewall
1.3.12a to 1.3.4. I connected to a MSN user, not an AOL user. Don't
know if either made a difference. I'll send you the shorewall status
file anyway. I didn't bother with the Dachstein ('cause
Hello everyone,
I've upgraded my DS 2.2.19 to 2.2.20 and built the current FSwan1.99
with x509 to my kernel. Everything works fine if I were to use FSwan to
FSwan Sub2Sub VPN (either by PSK or RSA/Certs).
My problem is that, when I InterOp my LRP machine to a WIN2K, a
tunnel gets formed, but it s
On Wednesday 12 February 2003 02:49 pm, Chris Low wrote:
> >EXTERN_TCP_PORTS="0/0_25"
> >to allow anyone on the internet to send you e-mail, and you'll probably
> >have a lot better luck.
>
> Did it and still not receiving. Also tried Mike's suggestion to remove the
> $ from INTERN_SERVERS="tcp_$19
EXTERN_TCP_PORTS="0/0_25"
to allow anyone on the internet to send you e-mail, and you'll probably
have a lot better luck.
Did it and still not receiving. Also tried Mike's suggestion to remove the
$ from INTERN_SERVERS="tcp_$192.168.1.2_smtp_10.10.10.200_smtp". Backed up
the firewall and rebo
Lynn, maybe you mean me, not 'Dan'??
Anyway, I was/am using a Bering stable 1.0 with ezipupdt.lrp and
BPALogin.lrp. I deleted some packages I didn't need like bridge.lrp,
keyboard.lrp, ppp.lrp and pppoe.lrp. I also had pump and dhcpd out when
I was playing with uDHCP.
Thanks.
David Pitts
IT Se
Ray Olszewski wrote:
At 02:45 PM 2/12/03 -0800, Tom Eastep wrote:
For a first shot on Bering, I think that the procedure that I outlined
before is still appropriate.
I agree, with one possible addition (I'm not sure quite how much
"shorewall status > /tmp/status" reports). I'd like to see
At 02:45 PM 2/12/03 -0800, Tom Eastep wrote:
Sean wrote:
So, after much discussion, is there anything specific you would like me
to do Shorewall before I gather statistics? I can shut off all my other
machines and turn on/off everything/nothing, logg everything...whatever.
Just let me know what.
Brad Fritz wrote:
Add a "-w file.dump"
if you want to capture the output to a file rather
than stdout. "-r file.dump" is used to read the file
offline.
Using -w is preferred because the capture file can be analyzed with
ethereal.
-Tom
--
Tom Eastep\ Shorewall - iptables made easy
Shoreli
Sean,
On Wed, 12 Feb 2003 14:45:26 PST Tom wrote:
> If you have tcpdump on the Dachstein box, I'd love to capture everything
> that happens on your remote interface during a successful connection.
The kwarchive package of tcpdump at
http://leaf.sf.net/pub/packages-list.html
includes libpca
Todd Pearsall wrote:
I'll try the tcpdump, thanks for the recommendations.
I was on the phone with Netopia (the current router I put in bridging
mode is a Cayman/Netopia) to see if there were any VPN add-ons I could
buy for the Cayman so it could support the roadwarrior and gateway VPNs
I need.
Sean wrote:
So, after much discussion, is there anything specific you would like me
to do Shorewall before I gather statistics? I can shut off all my other
machines and turn on/off everything/nothing, logg everything...whatever.
Just let me know what. How about Dachstein?
I'll be making my atte
So, after much discussion, is there anything specific you would like me
to do Shorewall before I gather statistics? I can shut off all my other
machines and turn on/off everything/nothing, logg everything...whatever.
Just let me know what. How about Dachstein?
I'll be making my attempt in about
--- Mike Noyes <[EMAIL PROTECTED]> wrote:
> I haven't included it, because I hate long email footers (see Netiquette
> Guidelines (RFC1855)).
pn] I agree, but they are always too long (especially in replies from free email
services). :)
> ML footer changes/suggestions are welcome.
pn] Maybe re
On Wed, 2003-02-12 at 13:40, Peter Nosko wrote:
> pn] I don't understand why this first link isn't in the list email footer.
>
> http://leaf.sourceforge.net/index.php?menu=1 is the LEAF home page.
Peter,
I haven't included it, because I hate long email footers (see Netiquette
Guidelines (RFC1855)
I'll try the tcpdump, thanks for the recommendations.
I was on the phone with Netopia (the current router I put in bridging
mode is a Cayman/Netopia) to see if there were any VPN add-ons I could
buy for the Cayman so it could support the roadwarrior and gateway VPNs
I need. Unfortunately there
--- "Thomas V. Fischer" <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I have been looking around at the different options available to run a
> 'secure router' with a linux box. I discovered the LEAF project.
>
> I was curious to know what the main differences are between Bering &
> Dachstein and what
RetryErr is a normal thing when signal level is on an
edge. However, card reset should happen, or at least should
happen very rarely.
Can you tell me what are the first messages of the driver when
it loads?
What is the make of the card? What is the firmware?
Samuel Abreu wrote about "[leaf-us
Tom Eastep wrote:
Ah -- yes, now I see what you are getting at. Yet, it's apparently not
working
I'm trying to keep up with this thread while at the same time following
a distributed training exercise on another monitor. During the lunch
break, I got a chance to look at what Ray wrote
Ray Olszewski wrote:
At 11:34 AM 2/12/03 -0800, Tom Eastep wrote:
8. (Tricky part.) Peer B now switches to sending UDP packets out the
*same* UDP socket to the NAT'd port at Peer A.
9. (Tricky part, part 2.) Peer A now switches to sending UDP packets
out the *same* UDP socket to the NAT'd port
Is anyone working on porting Cipe to Bering? I've tried compiling cipe using the uml
development systems. Though the application and modules compile, they do not work.
Cipe is particular about compiler versions being the same for the kernel, the module
(cipcb.o) and the application (ciped-cb).
Hi all,
I have been looking around at the different options available to run a
'secure router' with a linux box. I discovered the LEAF project.
I was curious to know what the main differences are between Bering &
Dachstein and what some of the personal thoughts on these two are?
Thnks 4ur time
Chris,
Chris Low <[EMAIL PROTECTED]> wrote:
>I made the following changes to network.conf:
>
> # Uncomment following for port-forwarded internal services.
> # The following is an example of what should be put here.
> # Tuples are as follows:
> #
> #INTERN_SERVERS="tcp_${EXTERN_IP}_ft
Tom wrote:
> I just read their Magic Bullet paper and I think that it works with
> Dachstein because on Dachstein (as with Seawall), the "Masquerade Port
> Range" is left open by the firewall. This allows incoming SYN packets
> to sail right through the firewall AND will even route it to the corre
Im getting the following lines in /var/log/messages:
Feb 12 15:32:39 DDW_HMC kernel: netcs0: TXEXC - fid=0x03d2 - status=0x0001
([RetryErr]) tx_control=000c
Feb 12 15:32:39 DDW_HMC kernel:retry_count=0 tx_rate=110 fc=0x0a08
(Data::0)
Feb 12 15:32:39 DDW_HMC kernel:addr1=00:60:b3÷¦ø¦4
ad
At 11:34 AM 2/12/03 -0800, Tom Eastep wrote:
8. (Tricky part.) Peer B now switches to sending UDP packets out the
*same* UDP socket to the NAT'd port at Peer A.
9. (Tricky part, part 2.) Peer A now switches to sending UDP packets out
the *same* UDP socket to the NAT'd port at Peer B.
[...]
The k
Managed to get hold of an original USB speedtouch (will worry about the
330 later :) and got to the point the line is up and happy, but pppd
unfortunately is not. log as follows:
Feb 12 18:50:41 firewall modem_run[28105]: ADSL synchronization has been
obtained
Feb 12 18:50:41 firewall modem_run[28
8. (Tricky part.) Peer B now switches to sending UDP packets out the
*same* UDP socket to the NAT'd port at Peer A.
9. (Tricky part, part 2.) Peer A now switches to sending UDP packets out
the *same* UDP socket to the NAT'd port at Peer B.
Those "tricky" parts are standard when using UDP.
N
I'm making available a bunch of M-Systems DiskOnChip cards on ebay. Each
card has 3 sockets, and each socket supports a 2MB to 288MB flash chip.
I'm including with each card a 2MB DoC, more than enough for a floppy
based firewall.
here is an example auction:
http://cgi.ebay.com/ws/eBayISAPI.dll?
Let me first apologize to everyone here except (I hope) Lynn and Tom. This
is a somewhat tedious thread for leaf-user (it might be better suited to
leaf-devel). But I think it is important to sort out why the EyeBall
service works with Dachstein (ipchains) but not Bering/Shorewall
(iptables), s
Todd Pearsall wrote:
Have you tried changing the MTU on your internal machines, and/or
sniffing the traffic to see what it looks like?
I haven't tired changing the MTU of the internal machines. The office
is one of our consulting offices so our folks from other offices are
frequently roaming thr
On Wednesday 12 February 2003 11:05 am, Ray Olszewski wrote:
> Yeah, this was my reasoning too (though my thinking about TCP is a bit more
> involved). And in reading between the lines a bit, I pretty much inferred
> that EyeBall uses UDP for the p2p part, and TCP only for the connection to
> the
> Tom -- Can you expand on this just a little bit more? (Or Lynn, can
you?)
> This conclusion is kind of where I got to last night, but only for
TCP.
> What is the equivalent of "SYN packet" detection for UDP? Or, to put
it
> another way, how does iptables (or Shorewall) determine the state
> assoc
Ray Olszewski wrote:
But it still leaves unanswered one question that I really would
appreciate your (or somebody's -- Lynn?) help with:
iptables lets me specify state rules for ACCEPTing all packet types, not
just TCP. For UDP, what test does ipchains apply to a packet to classify
it as NEW
On Wednesday 12 February 2003 10:13 am, Francois BERGERET wrote:
> But, if I can remember, a "standard" record for one NIC is like this :
> auto eth3:0
> iface eth3:0 inet static
> address 192.168.73.254
> netmask 255.255.255.0
> broadcast 192.168.73.255
--
~Lynn Avants
Linux Em
At 08:41 AM 2/12/03 -0800, Tom Eastep wrote:
Ray Olszewski wrote:
At 07:13 AM 2/12/03 -0800, Tom Eastep wrote:
Sean E. Covel wrote:
BTW,
I did send Eyeball Chat a help request
[...]
I just read their Magic Bullet paper and I think that it works with
Dachstein because on Dachstein (as with
> Have you tried changing the MTU on your internal machines, and/or
> sniffing the traffic to see what it looks like?
I haven't tired changing the MTU of the internal machines. The office
is one of our consulting offices so our folks from other offices are
frequently roaming through with laptops.
Ray Olszewski wrote:
At 07:13 AM 2/12/03 -0800, Tom Eastep wrote:
Sean E. Covel wrote:
BTW,
I did send Eyeball Chat a help request
[...]
I just read their Magic Bullet paper and I think that it works with
Dachstein because on Dachstein (as with Seawall), the "Masquerade Port
Range" is l
Dear Charles,
Thank you very much for this very prompt reply.
Sorry to have forgotten to mention what distro I am using...
So, I am playing (sure) with the 1.0 Stable Bering from our
friend Jacques and all his project's collaborators.
I was searching how to complete this aliasing problem in the
Todd Pearsall wrote:
The saga continues...
I tried a couple things based on help from Charles S. (some day I want
my 1st name and last initial to be all I need to be recognized ;)) and
some of the folks on the FreeSWAN list.
Here's what I tried individually with reboots in between to be sure:
In
At 07:13 AM 2/12/03 -0800, Tom Eastep wrote:
Sean E. Covel wrote:
BTW,
I did send Eyeball Chat a help request
[...]
I just read their Magic Bullet paper and I think that it works with
Dachstein because on Dachstein (as with Seawall), the "Masquerade Port
Range" is left open by the firewall. T
Sean,
Sean E. Covel wrote:
Tom,
I'm a complete iptables noob, and you are obviously an expert at this
point. Eyeball Chat does claim that it works with iptables. Is the
connection tracking table a recent addition? Can you think of what
might have to be done for it to work with iptables?
C
The saga continues...
I tried a couple things based on help from Charles S. (some day I want
my 1st name and last initial to be all I need to be recognized ;)) and
some of the folks on the FreeSWAN list.
Here's what I tried individually with reboots in between to be sure:
In Shorewall Config trie
Tom,
I'm a complete iptables noob, and you are obviously an expert at this
point. Eyeball Chat does claim that it works with iptables. Is the
connection tracking table a recent addition? Can you think of what
might have to be done for it to work with iptables?
If they ever get back to me ab
Steve,
On Wed, 12 Feb 2003 08:16:38 EST Steve Bihari wrote:
> Chad, even with the natsemi support compiled directly into the 2.4.20
> kernel it was crashing. The only modules that were loaded were
> ip_conntrack_ftp, ip_conntrack_irc, ip_nat_ftp, and ip_nat_irc. These
> are the only modules th
Sean E. Covel wrote:
BTW,
I did send Eyeball Chat a help request, but since it is free software,
I'm not holding my breath.
I'm willing to pursue this just to see if this magic silver bullet they
have going actually works. Strange that they have instructions on how
to blow holes in your firewal
Chris Low wrote:
Apologies for the typo in my previous messages. My two problems haven't
gone away--1) Exchange server is not receiving internet email and 2)
workstations cannot browse the web. I'm thinking my first problem is
related to Doug's problem under the recent headers: Dachstein Port
BTW,
I did send Eyeball Chat a help request, but since it is free software,
I'm not holding my breath.
I'm willing to pursue this just to see if this magic silver bullet they
have going actually works. Strange that they have instructions on how
to blow holes in your firewall (static patch) if th
Sean E. Covel wrote:
I'd be more than willing to help debug this. I have both the Dachstein
and Bering firewalls setup, I just switch the cables and I'm set to go.
If you want specifics of the setups, tell me what you need and I'll send
it to you.
Under Bering:
a) "shorewall reset"
b) Try to c
On Wednesday 12 February 2003 01:27 am, Jeff Newmiller wrote:
> On Tue, 11 Feb 2003, Lynn Avants wrote:
> > On Tuesday 11 February 2003 09:28 pm, David Pitts wrote:
> > > That was the odd thing. No error messages that I could see, it just
> > > didn't work on boot, although it was fine from the co
I'd be more than willing to help debug this. I have both the Dachstein
and Bering firewalls setup, I just switch the cables and I'm set to go.
If you want specifics of the setups, tell me what you need and I'll send
it to you.
Eyeball Chat says it does NOT use H323 (is that the correct number?)
Your station might be experiencing noise (not the AP).
Did you try changing channels?
Samuel Abreu wrote:
From: "Vladimir I." <[EMAIL PROTECTED]>
Samuel,
Try pinging with large packets and tell me if you experience any
packet loss.
Ok, putting large packets i experience a huge number of pac
Chad, even with the natsemi support compiled directly into the 2.4.20
kernel it was crashing. The only modules that were loaded were
ip_conntrack_ftp, ip_conntrack_irc, ip_nat_ftp, and ip_nat_irc. These
are the only modules that I was loading.
-Original Message-
From: [EMAIL PROTECTED]
54 matches
Mail list logo
