I need to make regular ssh connections to a host behind a Bering-uclibc
firewall/router. Normally, this is _not_ a problem. In one case,
described herein, special circumstances obtain; and I need advice on how
to best deal with the situation.
Basic Specifications
Tom =
* Tom Eastep [EMAIL PROTECTED] [2005:10:22:10:57:37-0700] scribed:
On Saturday 22 October 2005 10:28, Tom Eastep wrote:
On Saturday 22 October 2005 06:39, Michael D Schleif wrote:
Tested Scenarios
I. When I do this:
DNAT net loc:$A:22 tcp 60022
Forgive me my denseness. It is late, and I am grown old.
I have configured several openvpn v1.x shared key VPN's. Thank you.
I have a need to configure VPN's between offices using BU firewalls and
several employees' homes.
This appears to be a good application for openvpn server on BU, and
I, Michael D Schleif [EMAIL PROTECTED], scribed:
Is this a drop-in replacement for existing implementations?
If not, howto find what requires change?
Thank you.
* K.-P. Kirchdörfer [EMAIL PROTECTED] [2005:04:27:18:54:31+0200] scribed:
Am Dienstag, 26. April 2005 12:41 schrieb Pascal
Ongoing conversion of several Dachstein-CD installations have resulted
in several challenges. Please, ask if I have left out pertinent
information.
What am I missing? How can we setup the following scenarios with
Bering-uClibc/Shorewall?
Shorewall zones:
fw
loc
dmz (proxyarp)
This is the problem:
[1] As desired, tcp 3389 is forwarded (DNAT) from the
Bering-uClibc/shorewall box to a server on the local LAN, when using
the the firewall's external interface.
[2] When using a DMZ address, tcp 3389 is also forwarded to that server
on the local LAN, and NOT the
I have the following network on a T-1:
network: 67.63.3.80 /28
gateway: 67.63.3.81
bering:67.63.3.82
broadcast: 67.63.3.95
How can I setup Bering-uClibc/Shorewall to utilize all of the following
addresses as DMZ:
67.63.3.83 - 67.63.3.94
I have never setup a network
I am stymied by my inability to establish the simplest connection with
my test Bering-uClibc system:
/var/log/shorewall.log:
Mar 22 00:38:35 PlatinumWALL Shorewall:net2all:DROP: IN=eth0 OUT=
MAC=00:50:04:20:ec:d1:00:01:02:6c:6b:4b:08:00 SRC=192.168.123.150
DST=192.168.123.30 LEN=60
I am stymied by my inability to establish the simplest connection with
my test Bering-uClibc system:
/var/log/shorewall.log:
Mar 22 00:38:35 PlatinumWALL Shorewall:net2all:DROP: IN=eth0 OUT=
MAC=00:50:04:20:ec:d1:00:01:02:6c:6b:4b:08:00 SRC=192.168.123.150
DST=192.168.123.30 LEN=60
Followup, resolution, and further questions ;
* On 2005:03:22:12:32:39-0600 I, Michael D Schleif [EMAIL PROTECTED], scribed:
I am stymied by my inability to establish the simplest connection with
my test Bering-uClibc system:
/var/log/shorewall.log:
Mar 22 00:38:35 PlatinumWALL
We have a client with two (2) facilities, each of which has a T-1 to the
Internet. Currently, their network is a mess; and we are redesigning
it.
One complication is their interoffice telephone system. Facility #1 has
a conventional connection via copper to the outside world. Between the
two
As you will know, I am new to Bering-uClibc. There are two (2) programs
that I want to build, and I am not confident in my understanding of the
documentation that I have found and read.
Please, will somebody give me a clue as to how to make the following?
qmail.lrp
vim.lrp
TIA
--
As you will know, I am new to Bering-uClibc, and I am also new to
Shorewall.
I notice that Bering-uClibc uses Shorewall v2.0.15, and according to
http://shorewall.net the current stable release is v2.2.2.
I am curious about three (3) things:
[1] How often is Shorewall updated in Bering-uClibc,
kp =
Again, please understand, I am new to Bering-uClibc, and to Shorewall.
* K.-P. Kirchdörfer [EMAIL PROTECTED] [2005:03:22:08:26:22+0100] scribed:
Michael;
you can always download shorewall-[version].lrp from shorewall mirrors
to use and test the latest and greatest.
O, so Shorewall is
In DCD, I often used these commands for firewall troubleshooting:
ipchains -nvL
ipchains -nvL --line-numbers
ipmasqadm portfw -ln
I want to know how to do this in Bering?
Yes, it is certainly somewhere in the documentation; but, there is a lot
to learn, and a lot to read, and a lot
Please, point me in the right direction. I have searched, and cannot
find what I am looking for.
I believe that I can use the Bering-uClibc ISO for my purposes; but, I
really need a real vi[m].
What do you think?
--
Best Regards,
mds
mds resource
877.596.8237
-
Dare to fix things before they
I am very surprised that I cannot find qmail for Bering-uClibc.
What am I missing?
Can somebody, please, make a Bering-uClibc qmail.lrp ???
TIA
--
Best Regards,
mds
mds resource
877.596.8237
-
Dare to fix things before they break . . .
-
Our capacity for understanding is inversely
* Charles Steinkuehler [EMAIL PROTECTED] [2005:03:16:06:15:09-0600] scribed:
Michael D Schleif wrote:
snip /
| Thank you, all of you, for your continued efforts with LEAF.
|
| P.S., Please, Charles, keep me in the loop on all updates you make to
| Bering-CD. It looks like, for now, I can do
* Charles Steinkuehler [EMAIL PROTECTED] [2005:03:16:06:15:09-0600] scribed:
Michael D Schleif wrote:
snip /
| [1] What is initrd.lrp?
|
| When I dissect bootdisk.bin, I get this:
|
| # ls -al
| total 1052
| drwxr-sr-x 2 mds mds4096 Mar 15 17:03
* Charles Steinkuehler [EMAIL PROTECTED] [2005:03:16:06:15:09-0600] scribed:
Michael D Schleif wrote:
snip /
| [5] When I need to compile a package, I will need a development
| environment. Can I assume that the docs contain necessary
| instructions for doing this chroot on Debian
* Charles Steinkuehler [EMAIL PROTECTED] [2005:03:14:05:59:33-0600] scribed:
snip /
If you're familiar with Dachstein-CD, customizing my Bering-CD ISO is
probably the easiest way to go. You'll need to come up to speed on:
- Shorewall
Are *all* shorewall.lrp's interchangeable?
That in
* Charles Steinkuehler [EMAIL PROTECTED] [2005:03:14:05:59:33-0600] scribed:
snip /
If you're familiar with Dachstein-CD, customizing my Bering-CD ISO is
probably the easiest way to go. You'll need to come up to speed on:
- Shorewall
- The new init scripts, which now use a leaf.cfg file
What is the status of Bering-CD?
I have been away from this list for many months, and I have a need to
use a CD-based version of LEAF for several clients.
I have scoured the archives, and find my own query nearly one year ago
is the most recent. Plus, I find Charles' ISO here:
* John Wittenberg [EMAIL PROTECTED] [2004:02:28:14:46:17-0800] scribed:
A few weeks back, our ISP decided that they were going to upgrade the mail
servers. On the day they were upgraded we could no longer access the mail
servers. My wife, who was and still may be extremely pissed, spent two
* Sak [EMAIL PROTECTED] [2004:02:24:23:48:22-0800] scribed:
Hey everyone,
I'm having a little trouble with accessing virtual hosts in my DMZ.
I've setup tinydns and it handles the primary DNS stuff (requests for
102010.org) just fine. But when I try to access the other domain
either
* Lee Kimber [EMAIL PROTECTED] [2004:02:25:09:21:18-0800] scribed:
Has anyone tried using tinydns to block HTTP requests to ad-tracking
sites, adware, and spyware?
I had a play at using tinydns's private zone file to block domain
names from a list of known trackers I have (I currently keep
* Sak [EMAIL PROTECTED] [2004:02:25:10:50:47-0800] scribed:
On Wed, Feb 25, 2004 at 12:21:01PM -0600, Michael D Schleif wrote:
What does dnscache tell you?
tail -f /var/log/dnscache/current | tai64nlocal
Here's the output...
gw: -root-
# tail -f /var/log/dnscache/current
Kory Krofft [EMAIL PROTECTED] [2003:12:26:21:47:40-0500] scribed:
snip /
using the host command, I can get the dmz host to resolve other names
and reverse lookup other ips but not it's own. I altered the
/etc/tinydns-private/root/data file to read:
=localhost:127.0.0.1
Kory Krofft [EMAIL PROTECTED] [2003:12:27:19:01:19-0500] scribed:
Michael, Ray, Lynn,
What you are all saying makes sense. I have tried reversing the
interfaces that dnscache and tinydns bind to with no improvement. I
believe Michael is correct that I need 2 instances of tinydns but I
have
Kory Krofft [EMAIL PROTECTED] [2003:12:22:20:24:44-0500] scribed:
snip /
I believe as Ray has mentioned that the major issue may be a reverse
lookup that qmail is doing which causes the timeout error on the mail
client. I am still looking into what dns settings I need to change to
fix that
Kory Krofft [EMAIL PROTECTED] [2003:12:22:20:24:44-0500] scribed:
snip /
What is in these files:
/var/qmail/control/defaultdomain
kroffts.com
/var/qmail/control/locals
kroffts.com
/var/qmail/control/rcpthosts
kroffts.com
Try watching output from the following while you attempt to
Ray Olszewski [EMAIL PROTECTED] [2003:12:22:20:08:14-0800] scribed:
At 09:47 PM 12/22/2003 -0600, Michael D Schleif wrote:
[...]
Currently, you are *NOT* authoritative and *CANNOT* assume authority for
the kroffts.com domain:
Actually, he can ... in a limited sense. In a way that matters
Kory Krofft [EMAIL PROTECTED] [2003:12:22:23:30:12-0500] scribed:
I understand much better now. I will try your suggestions tomorrow and
report back.
So the DMZ domain should NOT match the internet domain since the name
itself ti registered at dnsexit.
I take it then that the domain on the
Kory Krofft [EMAIL PROTECTED] [2003:12:21:12:53:56-0500] scribed:
I have successfully set up my DMZ, registered a domain, compiled a
custom version of ez-ipupdate to handle a non standard service,
reconfigured weblet to act as a basic web content server.
I now need to get Qmail up and
- Forwarded message from Rajkumar S [EMAIL PROTECTED] -
From: Rajkumar S [EMAIL PROTECTED]
Organization: Linuxense Information Systems
To: Debian User List [EMAIL PROTECTED]
Date: Sat, 06 Sep 2003 00:01:35 +0530
X-Mailing-List: [EMAIL PROTECTED] archive/latest/298559
Subject: [OT,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
We thought that we had a successful tunnel between our side, with DCD
gateway and freeswan v1.91, and a client with a cisco router. Both
sides successfully ping each other; but, the application on our side
cannot establish a tcp connection to the
Also sprach Matt Schalit (Sat 01 Mar 02003 at 11:36:51AM -0800):
snip /
Dennis hasn't told us how he has Shorewall setup.
snip /
Probably, because he's running Dachstein without Shorewall?
--
Best Regards,
mds
mds resource
888.250.3987
-
Dare to fix things before they break . . .
-
Our
Charles Steinkuehler wrote:
snip /
You should have a host-subnet VPN, linking pinktrout's public IP with
the 192.168.1.0/24 behind bluetrout. With no advanced routing rules and
no masquerade rules in place, you will *NOT* be able to communicate
either between host-host (pinktrout -
Charles Steinkuehler wrote:
Michael D. Schleif wrote:
For futher information, please, let me know and I will be as verbose as
necessary on a separate webpage. Let's hope that I remember to publish
the final solution exhaustively to the list ;
It would be nice to see the complete
Charles Steinkuehler wrote:
Michael D. Schleif wrote:
Charles Steinkuehler wrote:
Regardless, the firewall rules on pinktrout are a
Must see, especially given the log errors.
Simply ipchains -nvL ???
Yes, that will work fine. I usually like the output of net ipfilter
list
Charles Steinkuehler wrote:
Michael D. Schleif wrote:
Charles Steinkuehler wrote:
Michael D. Schleif wrote:
Charles Steinkuehler wrote:
Regardless, the firewall rules on pinktrout are a
Must see, especially given the log errors.
Simply ipchains -nvL ???
Yes
Charles Steinkuehler wrote:
Michael D. Schleif wrote:
I am confused ;
In order to address the original vpn problem, we have setup a pilot vpn
between two (2) of our DCD's.
How does this scenario qualify as ``martian'' ???
root@bluetrout:/root
# tail -f /var/log/kern.log
Nov
Michael D. Schleif wrote:
Charles Steinkuehler wrote:
Michael D. Schleif wrote:
snip /
Every time that I think that I understand what constitutes martian-ness,
I am tossed a new wrinkle ;
What do you think?
You don't give enough information to correctly diagnose martian
Charles Steinkuehler wrote:
Michael D. Schleif wrote:
Charles Steinkuehler wrote:
You don't give enough information to correctly diagnose martian errors,
which are based pretty much entirely on the status of the route tables.
Also, while I have not done a lot of host-host or host
I am confused ;
In order to address the original vpn problem, we have setup a pilot vpn
between two (2) of our DCD's.
How does this scenario qualify as ``martian'' ???
root@bluetrout:/root
# tail -f /var/log/kern.log
Nov 11 22:08:09 bluetrout kernel: martian source d233e490 for 9dde0440,
dev
ipsec before nat ???
need to know: ipsec v1.91
[A] private networks
^
|
v
dcd
nat/masq
ipsec
===
t-1
|
v
internet
in auth.log nor kern.log.
What we cannot do is get any answer -- *NOTHING* comes back !?!?
Andre insists that we need to nat/masq *AFTER* the ipsec transform --
hence my questions regarding:
nat between gateways
ipsec before nat
Michael D. Schleif wrote:
snip /
[A] private
Michael D. Schleif wrote:
snip /
conn %default
authby=rsasig
auto=start
# keyexchange=ike
keyingtries=0
# keylife=8h
left=%defaultroute
leftfirewall=yes
[EMAIL PROTECTED]
leftrsasigkey=_secret_key_for_other_vpns_
Received following set of requirements for one of our DCD's to connect
to a remote non-DCD site:
ISAKMP Policy:
Encryption: 3DES
Hash: MD5
Authentication: pre shared keys
Diffie Helman group 1 or 2
Use the following key:
IPSec
Thank you, Charles, et al. for your continued participation . . .
Charles Steinkuehler wrote:
root@bluetrout:/root
# ip addr
. . .
7: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:a0:c9:9e:57:70 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.254/24 brd
OK, it gets more interesting ;
[1] As you know, here is a summary of the dcd:
root@bluetrout:/etc
# ip addr
. . .
7: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:a0:c9:9e:57:70 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.254/24 brd
Thank you, for your participation . . .
Ray Olszewski wrote:
Sorry to jump into this late.
You say:
[4] I need help understanding what is going on in lines like this:
64.4.197.69 64.4.197.65: icmp: 64.4.197.69 udp port 32868
unreachable [tos 0xc0]
I am confused
Charles Steinkuehler wrote:
Comments inline.
Yes, I, too, have been confused by some of this. We have several
successful proxy-arp dmz's; so, when we built this one, we started by
cloning those other config's and changing addresses, c. and it
appeared
to be working as expected.
Charles Steinkuehler wrote:
snip /
So...it looks like either dnscache is mis-configured (bad send-from IP),
or more likely, that your masquerade rule connecting the internal
network with the DMZ is mangling (masquerading) the return traffic.
Why am I thinking about correcting the error and
Charles Steinkuehler wrote:
17: wan1: POINTOPOINT,NOARP,UP mtu 1500 qdisc pfifo_fast qlen
100
link/ppp
inet 64.4.222.157 peer 64.4.222.158/32 scope global wan1
inet 64.4.197.99/32 scope global wan1
inet 64.4.197.100/32 scope global wan1
inet
Charles Steinkuehler wrote:
I think Charles hit the nail on the head when he said:
cs You have to point the DMZ systems at the IP of dnscache, *NOT*
tinydns,
cs as tinydns does not do recursive queries. I think that's the
root of
cs your problem. Switch the IP in your
Matthew Schalit wrote:
Michael D. Schleif wrote:
thank you, for your continued interest . . .
Matthew Schalit wrote:
Michael D. Schleif wrote:
Michael D. Schleif wrote:
does anybody have a proxy-arp dmz and also running tinydns dnscache?
Anybody have such setup that works
Michael D. Schleif wrote:
Matthew Schalit wrote:
snip /
Do you forward and masq from the dmz to internal or just forward?
Have you posted all the rules you're using for that?
this could be it:
http://www.helices.org/tmP/ipchains.bluetrout.txt
this page will update as i
Matthew Schalit wrote:
snip /
Please tell me you've added ipchains -l logging to every packet
1) inbound on dmz nic
2) outbound from dmz nic
3) inbound on internal nic
4) outbound on internal nic
5) forwarded by any forward rule
and
Michael D. Schleif wrote:
Matthew Schalit wrote:
snip /
Please tell me you've added ipchains -l logging to every packet
1) inbound on dmz nic
2) outbound from dmz nic
3) inbound on internal nic
4) outbound on internal nic
5
Brad Fritz wrote:
On or before Wed, 09 Oct 2002 11:06:30 EST mds and Charles S wrote:
mds I cannot get dmz hosts to resolve addresses for remote internet
mds sites solely via tinydns-public and dnscache ; tinydns tries to
mds resolve the name and gives up, without so much as asking
Erich Titl wrote:
At 07:57 09.10.2002, you wrote:
does anybody have a proxy-arp dmz and also running tinydns dnscache?
thought that I'd resolved this sometime ago; but, tonight, for life of
me, I cannot get dmz hosts to resolve addresses for remote internet
sites solely via
Michael D. Schleif wrote:
does anybody have a proxy-arp dmz and also running tinydns dnscache?
Anybody have such setup that works?
--
Best Regards,
mds
mds resource
888.250.3987
Dare to fix things before they break . . .
Our capacity for understanding is inversely proportional to how
does anybody have a proxy-arp dmz and also running tinydns dnscache?
thought that I'd resolved this sometime ago; but, tonight, for life of
me, I cannot get dmz hosts to resolve addresses for remote internet
sites solely via tinydns-public and dnscache ; tinydns tries to
resolve the name and
http://sourceforge.net/mail/?group_id=12694
[EMAIL PROTECTED] wrote:
I'm not using the snmp.lrp package,
I downloaded net-snmp 5.03 and built my own
on a Debian system.
net-snmp daemon seems to be working great
with several managers as far as inquiry.
When a manager makes a
Whence did you get ssh[d].lrp?
This is an issue that I've encountered with mmap enabled on some, but
not all, dachstein boxen; which is supposedly attributable to 2.2x
kernels . . .
Warren Post wrote:
ssh is running on our Dachstein box, but I can't access it. When I try
to ssh into the
Which package of sshd?
matt wrote:
hello again everyone. i'm having a problem with sshd. everything
loads well, and looks like it's running (according to netstat and ps
ax). every time i connect with the client software, the connection is
imediately dropped (before any key is passed).
Vic Berdin wrote:
I need to manage /var/log/wtmp data log on a regular basis (preferably
using a cron triggered binary/script).
As other mail archive trails suggests, A C program that will truncate it
must be created. It can be done but,
what do you guys have to say about it? How do LEAF
One of our DCD installations has been exhibiting strange behaviour
lately.
This message comes through syslogd irregularly, often twice an hour or
every couple hours:
Aug 3 11:45:01 redtrout kernel: swap_duplicate: entry 1000,
nonexistent swap file
Aug 3 11:45:01 redtrout kernel:
K.-P. Kirchdörfer wrote:
Am Donnerstag 01 August 2002 06:23 schrieb Michael D. Schleif:
snip /
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/devel/helices/openssh/
Message-ID: [EMAIL PROTECTED]
With all respect Michael
Regarding to the news today
http://lwn.net
Dan Harkless wrote:
Argh. I tried to forward the below CERT advisory to the list yesterday but
it was rejected because I used a MIME-based forward. The list rejects such
posts without bouncing them back to you, which is quite broken behavior,
thus I need to re-compose this intoductory
[EMAIL PROTECTED] wrote:
I tried to post a request for help including all of the stuff the FAQ said
I should include, and it was rejected for being too big (64k).
You can include all of that information in the body of your next post.
Here is
my problem in a nutshell:
I am a student,
Eric =
Please, let's keep this dialog on the list.
[EMAIL PROTECTED] wrote:
My answers to your first questions:
External interface (eth0):##This info came from the ISP
IP: 192.168.50.10
Subnet mask: 255.255.255.0
Mask #/length: 24
Broadcast: 192.168.50.255
Network
Brad Fritz wrote:
On Wed, 24 Jul 2002 22:19:26 +0200 Eric Titl wrote:
Brad Fritz wrote the following at 17:56 24.07.2002:
On Wed, 24 Jul 2002 11:42:17 EDT Dr. Richard W. Tibbs wrote:
... dmesg outputs a lot of identical lines like:
Packet log: input DENY eth0 PROTO=17
George Georgalis wrote:
On Fri, Jul 12, 2002 at 09:30:30AM +0100, [EMAIL PROTECTED] wrote:
The command is just
date hhnn[mmdd][]
where n = minutes
can't remember whether it's ddmm or mmdd I'm guessing mmdd
# date 09450007122002
date: invalid date `09450007122002'
# date
Jeff Newmiller wrote:
On Tue, 9 Jul 2002, Charles Steinkuehler wrote:
[ snip ]
After savelog rotates the logfile, $DAEMON is writing to logfile.0,
instead of logfile. Obviously, this is not acceptable ;
I assume that this has something to do with the original redirected
I have a compiled application that runs find under dcd.
This app spews data on STDOUT while running. I want to run this app as
a daemon (continuously running in background) and I want to save the
stdout data to a logfile. In fact, I am doing this now and everything
is OK:
$DAEMON
Chad Carr wrote:
On Mon, 8 Jul 2002 06:25:55 -0700
Craig [EMAIL PROTECTED] wrote:
Is there a Dachstein/Linux equivalent to Microsoft's ipconfig /all so I
can see my complete info??? Do I have to be logged in as Root to execute
it? Thank you.
ifconfig by itself on a command line
Michael McClure wrote:
In the meantime, I have *a bunch* of this:
Jul 7 03:04:00 mikerouter kernel: Packet log: input DENY eth0 PROTO=1
0.0.0.0:3 80.135.217.223:3 L=56 S=0x00 I=42918 F=0x T=150 (#17)
Jul 7 03:04:00 mikerouter kernel: Packet log: input DENY eth0 PROTO=1
0.0.0.0:3
Rob Fegley wrote:
I've tried about fifteen ways to get the prompt to look like this:
[root@firewall /usr/sbin]# --- where /usr/sbin is a current working directory
I use bash; so, I cannot vouch for ash:
# PS1=`echo -n -e [$USER@$HOSTNAME $HOME]# `
[root@trout /root]#
Michael D. Schleif wrote:
Rob Fegley wrote:
I've tried about fifteen ways to get the prompt to look like this:
[root@firewall /usr/sbin]# --- where /usr/sbin is a current working directory
I use bash; so, I cannot vouch for ash:
# PS1=`echo -n -e [$USER@$HOSTNAME $HOME
Binh Do wrote:
At first I tried the following:
- Unzip-untar root.lrp into a temp dir.
- Change the scripts
- tar and zip
- Mount the bootdisk.bin as you suggested and then created the ISO
But I got so many errors when booting the CD because of the changes to
scripts (root.dev.mk
Sean =
A bit pressed for time this weekend; and, this may take more time than
you anticipated.
Sean wrote:
diskfree.sh
Ok, I'll bite. I think I must have missed this thread. Where is this
supposed to go? What was this supposed to fix? I'm trying to add it to the
new CD.
Look here:
Michael D. Schleif wrote:
how do we stop masqueraded connections to a given remote port?
this does not work in /etc/ipchains.forward:
$IPCH -I forward -j DENY -p udp -s 192.168.0.0/16 -d 0.0.0.0 1214
$IPCH -I forward -j DENY -p tcp -s 192.168.0.0/16 -d 0.0.0.0 1214
what do you think
and block these
only at eth0 and only for specific subnets attached thereto.
The above link demonstrates my usage of forward, input and output chains
-- yet, internal systems continue to connect to remote tcp 1214 !?!?
What do you think?
At 10:30 AM 6/15/02 -0500, Michael D. Schleif wrote
Ray =
Thank you, again . . .
Ray Olszewski wrote:
Thanks for the additional information. I see you have the rules you were
describing at the top of the input chain and before the only ACCEPT rule in
the output chains, so you should not be having order problems with them.
And all the
Speaking of modules, please, incorporate the Sangoma wanpipe modules
located here:
http://leaf.sourceforge.net/devel/helices/modules/sangoma.modules.tgz
Please, *remove* the existing modules of the same name; but, which may
reside in another directory.
Late last year, I worked intensely with
I am looking for open source correlation engines, especially those
designed for event correlation.
Anybody know of open source projects trying to duplicate the work of
Tivoli's Enterprise Console, IT Masters' MasterCell, c.?
--
Best Regards,
mds
mds resource
888.250.3987
Dare to fix things
Steve Jeppesen wrote:
[ snip ]
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp0 0 192.168.1.254:80192.168.1.2:33449 ESTABLISHED
tcp0 0 192.168.1.254:80192.168.1.2:33447
Jonathan Berglund wrote:
I'm running Dachstein, and I was wondering if there were an packages to
throttle bandwidth. The reason I ask is that at my work we rent out
space to some other people, and they share our T1. Problem is they are
hogging bandwidth and even if institute some rule or
John Mullan wrote:
Thanks for you help so far Brad..
I'm sure I'm missing something, but no luck. I had tried to set it up
so that dnscache watches 192.168.1.254 and looks to tinydns. Not sure
if that is what is supposed to happen or if I even got it that way in
any of my
Todd Pearsall wrote:
I just gave it a try on my Dachstein 1.02 box (after switching from the
small-ipsec to the normal-ipsec kernel file) and I get errors because
the tc command is not there. Anyone know where I can get it from?
bwidth22.lrp
--
Best Regards,
mds
mds resource
Vintage wrote:
I have searched the FAQs and mail archives but could not find the solution.
I am currently running Dachstein (CD version) on the Road Runner cable
network. As might be expected on a cable network, my logs quickly overfill
with the following noise:
Every few seconds -
George Luft wrote:
Is the svi shell script documented anywhere?
It seems rather elegantly and concisely written, but not being expert in
ash, I am having a hard time following it. I tried searching the web and
newsgroups with no luck.
Can anybody point me in the right direction?
Adam Drake wrote:
Ok guys, I'm begging now!
I've installed QMAIL on my LEAF BERING system, with DAEMONTL and VMAILMGR.
Having read whatever documentation there is (not a lot) I've attempted to
configure qmail as best I can, but I'm clutching at straws. For some reason,
I can now send
Troy Aden wrote:
Hi I am working with Dachstein in a basic router setup. I would like
to know how to set up DHCP request forwarding between subnets so that we can
administer all of our subnets with one DHCP server. I will do my best to
draw this out.
-ROUTER-
Omar D. Samuels wrote:
Now that I'm over that hurdle and I am getting more the hang of this mialing
list, I would like to dare to ask for help with another issue... please.
I a using Eigerstein2... does anyone know if there is any way to suppress
the NET messages? They look like this:
Omar D. Samuels wrote:
- Original Message -
From: Michael D. Schleif [EMAIL PROTECTED]
Omar D. Samuels wrote:
Now that I'm over that hurdle and I am getting more the hang of this
mialing
list, I would like to dare to ask for help with another issue... please.
I
Omar D. Samuels wrote:
[ snip ]
I think you are THE MAN! I really appreciate this man. I'm gonna give it a
try. I don't want to really shut off syslog. The thing is I gotta get rid
of those messages. The box needs to, when it is installed, just sit there,
running maybe something
Omar D. Samuels wrote:
Hey I stopped the sysklogd as well as commented out the *.emerg * line and
I still get those NET messages.
Any suggestions?
ps aux | grep sys
Do you have any running process like syslog? If yes, then you can kill
it.
If not, as I mentioned, these messages
1 - 100 of 314 matches
Mail list logo
