David Goodrich wrote:
i'm not having any luck getting proftpd to be accessible through my
dachstein 1.02 floppy firewall. i tried going in active mode and forwarding
tcp 20 21 to the server, but no luck. has anyone done this before? tia
-david
Difficult to say what is your problem,
just fine on
my internal net but no-one is allowed to connect from the real world.
thanks
- - Original Message -
From: Michael D. Schleif [EMAIL PROTECTED]
David Goodrich wrote:
i'm not having any luck getting proftpd to be accessible through my
dachstein 1.02 floppy
Is there some meaning to getting 27,000 of these in five (5) minutes
yesterday?
Packet log: input DENY wan1 PROTO=17 207.112.196.241:48785 x.y.z.157:7
L=1494 S=0x00 I=37458 F=0x T=126 (#48)
Obviously, it's probably not a good thing; but, I'm trying to figure out
what they may have been
Michael D. Schleif wrote:
DCD: Special Second External Interface ???
[1] Summary diagram:
+---+
| |
| Remote Vendor|
| Private Network |
| |
+---+
Florida ^
|
Chicago v
Charles Steinkuehler wrote:
DCD: Special Second External Interface ???
[1] Summary diagram:
+---+
| |
| Remote Vendor|
| Private Network |
| |
+---+
Florida ^
|
Chicago
wrote:
At 11:42 AM 5/6/02 -0500, Michael D. Schleif wrote:
[...]
OK, I have tried your suggestions -- without success.
Please, refer to http://www.helices.org/tmP/mcaI/mcai_isdn.txt for the
details that you have requested.
What do you think?
First, I think the Web link is a nice
Jeff Newmiller wrote:
On Fri, 3 May 2002, Michael D. Schleif wrote:
[ snip ]
[3] There is no problem exchanging data with their Florida vendor while
the T-1 is working.
... through the T-1, so the florida network expects to route packets to
chicago via the T-1, right
DCD: Special Second External Interface ???
[1] Summary diagram:
+---+
| |
| Remote Vendor|
| Private Network |
| |
+---+
Florida ^
|
Chicago v
+---+
| |
| ISDN Router
As you know, I sometimes run into seemingly inexplicable anomalies, for
which I do not know what corroborative evidence is appropriate.
This is another one of those ;
[1] My question is, *how* can an icmp packet get through DCD _and_ get
to an internal, NAT'ed system ???
[2] Stock DCD,
accessed anything outside
of my own internal network.
At 09:20 AM 5/1/02 -0500, Michael D. Schleif wrote:
[...]
[1] My question is, *how* can an icmp packet get through DCD _and_ get
to an internal, NAT'ed system ???
By being a reply to an outgoing icmp (or other) packet. If you enable icmp
Mark Ivey wrote:
I'm running a Bering firewall, and I want all my local computers added to my
dns server. This is so I don't have to try to figure out what address a
computer got before I can access it. How can I get my dhcp server to update
my dns server? Should I be running tinydns,
Although there are already several other ntpclient.lrp's out there, this
one is different:
[1] It is the smallest that I've found:
# ls -al ntpclient.lrp
-rw-r--r--1 helices leaf 7651 Apr 26 09:32 ntpclient.lrp
[2] It includes an init script starting, stopping and configuring the
Charles Steinkuehler wrote:
Although there are already several other ntpclient.lrp's out there, this
one is different:
snip
http://leaf.sourceforge.net/devel/helices/ntpclient/ntpclient.txt
http://leaf.sourceforge.net/devel/helices/ntpclient/ntpclient.lrp
I'm finally getting
As you know, this:
date +%s
produces this:
%s seconds since 00:00:00, Jan 1, 1970
What is the simplest way to turn such 32bit date number back into a
visually meaningful date string on LEAF/DCD?
--
Best Regards,
mds
mds resource
888.250.3987
Dare to fix things before
Greg Morgan wrote:
Charles Steinkuehler [EMAIL PROTECTED] wrote:
[ snip ]
- Alter weblet disk-checking script to ignore CD-ROM (always 100% full)
I am not following the weblet CD-ROM issue. I am running weblet 1.2.0
off of DCD 1.0.2. I've clicked all around on the weblet web pages
Robert Williams wrote:
I just added another computer to my network and decide to install
tinydns instead of updating all of those host files. I am using DS CD
1.2. However tinydns doesn't seem to work. I am using it straight out
of the box. the only changes I have made was to add entries
http://www.linuxgram.com/article.pl?sid=02/04/05/1126237section=newsflash
--
Best Regards,
mds
mds resource
888.250.3987
Dare to fix things before they break . . .
Our capacity for understanding is inversely proportional to how much we
think we know. The more I know, the more I know I
Stephen Lee wrote:
On Wed, 2002-03-27 at 17:12, Matt Schalit wrote:
Stephen Lee wrote:
I noticed that rdate from Bering does not seem to accept the -u switch
for time requests using UDP. I suspect many of the RFC868 rdate servers
are only accepting UDP requests because under
Tom Eastep wrote:
- Original Message -
From: Michael D. Schleif [EMAIL PROTECTED]
Cc: Leaf-user [EMAIL PROTECTED]
Sent: Thursday, March 28, 2002 1:43 PM
Subject: Re: [Leaf-user] rdate, udp and Bering
causing this problem?
rdate works on my several DCD's without tcp/udp
dgilleece wrote:
Just for clarification, if my system boots from the CD, it will still give
precedence to the libz.lrp from the floppy?
Thanks again,
Dan
- Original Message -
From: Charles Steinkuehler [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; Scott C. Best [EMAIL PROTECTED]
Jeff wrote:
First this is not part of the previous postings concerning AOL dial-outs
on an internal network.
I have a small home network of 5 machines including the LEAF box and
have been running Eigerstein for about 6 -7 months with little if no
problems.
But, I am seeing the
and I will comply.
Thank you.
Michael D. Schleif wrote:
We are seeing martians on internal networks on a regular basis.
Usually, it is traceable to users logging into AOL over our high speed
internet connections:
172.128.0.0 - 172.191.255.255
Today, we saw one from United
Jeff Newmiller wrote:
On Fri, 8 Mar 2002, Michael D. Schleif wrote:
Jeff Newmiller wrote:
On Fri, 8 Mar 2002, Michael D. Schleif wrote:
We are seeing martians on internal networks on a regular basis.
Usually, it is traceable to users logging into AOL over our high
Thank you.
Although, I can be pretty daft on occasion, I am trying to ``do the
right thing.'' It is not always easy knowing what that maybe in a
variety of contexts.
For me, from my humble experience, when I do not know something, it
works best to try to summarize what it is that I know,
guitarlynn wrote:
I don't know if this will approach the problem being asked to
help much, but I did reverse engineer the AOL software
many years ago to connect with Linux.
You can only connect to AOL via a special proxy adapter
that is integrated with their software. The martian errors
Scott C. Best wrote:
Heyaz. So I'm using a fairly stock DS relase,
and I've a question about properly setting up dnscache
and my host entries in network.conf.
So, these host entries are visible from the DS system.
How can I keep my LAN machines from making PTR?
requests
Mike Noyes wrote:
At 2002-03-09 14:01 -0600, Michael D. Schleif wrote:
Also, since I do not know everything there is to know about networks
and quantifying everything quantifiable about same, regarding your
sniffer questions, can you describe a simple, open source process to
accomplish
We are seeing martians on internal networks on a regular basis.
Usually, it is traceable to users logging into AOL over our high speed
internet connections:
172.128.0.0 - 172.191.255.255
Today, we saw one from United Airlines:
205.174.16.0 - 205.174.23.255
[1] How does this
Jeff Newmiller wrote:
On Fri, 8 Mar 2002, Michael D. Schleif wrote:
We are seeing martians on internal networks on a regular basis.
Usually, it is traceable to users logging into AOL over our high speed
internet connections:
172.128.0.0 - 172.191.255.255
Today, we saw
This variable:
MAIL_SERVER
is set in two (2) different files:
/etc/lrp.conf
/etc/POSIXness.conf
However, it appears that the default mail program:
/lib/POSIXness/POSIXness.mail
_only_ uses the variable as set in:
/etc/POSIXness.conf
Is that
Matt Schalit wrote:
Charles Steinkuehler wrote:
When you run ssh on a *nix box, it will default to using a low port to
make the connection unless you specify a command line switch (which is
different for ssh, scp, and varies from one ssh implementation to anoteher).
I tried this on
William Brinkman wrote:
I have networked two DCD firewalls with IPSec using
X.509 certificates. I have added a road warrior
M$98 machine using SSH Sentinel package.
The interesting part is that the KLIPS warning that
usually shows up during boot now really matters!
WARNING: ipsec0
Charles Steinkuehler wrote:
[ snip ]
If you want to open UDP services to the outside world, an ALLOW rule for the
response packets needs to be generated, so the packets don't hit the catch
all UDP masqerade rule at the end of the DMZ rules in the forward chain
(which allows DMZ systems
What is the difference between these syslog messages?
martian source b18c85ac for , dev eth1
martian destination efea from 4901a8c0, dev eth1
Other than the obvious difference in word choices, why would the kernel
express this one way or the other? Which martian
We have a DCD setup, including a proxy dmz.
SNMP queries work everywhere, excepting systems residing on that dmz.
Let me clarify that: snmp queries respond properly from clients inside
the private network; but, *not* from the DCD firewall nor internet
hosts.
Running iptraf on the firewall, we
Charles Steinkuehler wrote:
I was not certain what it is that you want to see -- see below.
tcpdump output, run on the local DCD :
OK, this helps, but I'm still not sure what I'm looking at. Which interface
did you run the tcpdump on? I'm guessing from the packet traffic we're
Eric House wrote:
I'm trying to build a package (.lrp file) that has a script in
/etc/init.d. The packages I'm copying also have scripts in init.d,
but they don't seem to include the symlinks in the /etc/rc?.d
directories that cause those scripts to get called. Yet once
installed the
Craig Caughlin wrote:
Since I have few modifications to make to Dachstein ( I just want to
uncomment the right NIC driver), can I download the CD contents to a
directory, edit the correct files and then burn my CD? Which files would I
need to edit? Thank you, have a great day!
YES!
That
David Goodrich wrote:
well, i am hoping to do some static leases, which worked fine under the
isc dhcpd... i'll do some looking and try to figure it out. thanks
-david
On Mon, 2002-02-18 at 13:49, guitarlynn wrote:
On Monday 18 February 2002 11:27, David Goodrich wrote:
thanks for
[EMAIL PROTECTED] wrote:
On Eigerstein, ipsec 1.5
ipsec rsasigkey 1024
takes FOREVER, sometimes 20 minutes
I've used python to calculate millions of floating point no's
and cat ted /dev/random and urandom to /dev/null
trying to generate entropy.nothing helps.
Simon Bolduc wrote:
I found a couple of bits and pieces of information on the 'net regarding
to the BSD release of Net-snmp and certain SNMP vulnerabilities. I'm not
sure whether this impacts the LEAF version but I figured I'd post it anyways
just in case - sorry for wasting your time
Doug Sampson wrote:
Awhile ago was a post to this newsgroup about repeat entries in the message
logs by a DHCP server as follows:
Feb 12 16:18:00 CX269409-C kernel: Packet log: input DENY eth0 PROTO=17
10.8.238.1:67 255.255.255.255:68 L=328 S=0x00 I=30881 F=0x T=255 (#10)
I'm on a
Doug Sampson wrote:
I maintain that this is the cleanest solution:
http://sourceforge.net/mailarchive/message.php?msg_id=686657
I've copied your proposed solution here for reference.
# cat /etc/ipchains.input
$IPCH -I input -j DENY -p all -s 0/0 -d 255.255.255.255 -i
value?) that is the problem.
Only a guess, though.
On Thursday 07 February 2002 00:26, Michael D. Schleif wrote:
Is there some _maximum_ port that can be port forwarded?
This fails:
INTERN_SERVERS=tcp_${EXTERN_IP}_65456_${LOKI}_www
This succeeds:
INTERN_SERVERS
Is there an open source snmp manager -- something like netview or
openview?
--
Best Regards,
mds
mds resource
888.250.3987
Dare to fix things before they break . . .
Our capacity for understanding is inversely proportional to how much we
think we know. The more I know, the more I know I
OK, I'm rolling my own.
Yes, I know about strip for executables and this:
# ./configure --prefix=/usr --enable-shared
Wow! The libraries are 300% larger!
What is the secret to minimizing space of shared libraries?
What do you think?
Michael D. Schleif wrote:
netsnmpd.lrp (4.2.1
Charles Steinkuehler wrote:
OK, I'm rolling my own.
Yes, I know about strip for executables and this:
# ./configure --prefix=/usr --enable-shared
Wow! The libraries are 300% larger!
What is the secret to minimizing space of shared libraries?
You can strip libraries too...
Charles Steinkuehler wrote:
I never did test that package, sorry. I put it together on the assumption
that I would eventually use it, but that never happened. I apologize for
the
problems, I can build a better package if you would like, and verify that
this one works first.
If you
Charles Steinkuehler wrote:
I never did test that package, sorry. I put it together on the assumption
that I would eventually use it, but that never happened. I apologize for
the
problems, I can build a better package if you would like, and verify that
this one works first.
If you
Charles Steinkuehler wrote:
I suggest:
netsnmp.lrp
netsnmpd.lrp
netsnmptrapd.lrp
How about netsnmptrapd - netsnmpt (still an 8 character limit on ms-dos
fomatted floppies :
OK
[3] I also have a working snmpd.conf, including working View-Based
Access Control Model (vacm)
Is there a difference between these, especially regarding libraries?
ld -s
strip -s
Matt Schalit wrote:
Michael D. Schleif wrote:
Charles Steinkuehler wrote:
Michael D. Schleif wrote:
What is the secret to minimizing space of shared libraries?
You can
What is the best way to setup this scenario:
eth0 -- internet
eth1 -- LAN, firewall protected
eth2 -- DMZ, typical
eth3 -- LAN, public IP, *NO* firewall
What do you think?
--
Best Regards,
mds
mds resource
888.250.3987
Dare to fix things before they break .
netsnmpd.lrp (4.2.1-1-CS) from DCD v1.0.2 appears to be broken.
[1] Changes to /etc/snmp/snmpd.conf do *not* affect snmpd.
Specifically, modifying syscontact and syslocation are *not* accessible
via snmpget nor snmpwalk, c.
[2] Such (example) changes can be effected if snmpd is started with
Gareth Howell wrote:
I had a strange problem installing Dachstein today. The hardware was a Dell
Dimension XPS. The machine would boot from a Windows CD, but for some reason
it would not boot from the Dachstein CD I had created, and tested, on
another Dell.
I created a boot floppy, but
Vic Berdin wrote:
is it possible to make dhcp clients under a dachstein dhcp server
access samba service installed on the same dachstien dhcp server?
if so, how?
... or do i really have to set up another box with the samba service
and make it work as another dhcp client?
Goto
Dave Hubble wrote:
I have a Dachstein 1.0.2 firewall that was running just fine until
Comcast@Home switched me from a static IP to a dynamic one. I now have
DHClient running successfully, but am getting thousands of denied packets in
my logs.
Since yesterday, I have over 9,500 denied
guitarlynn wrote:
On Wednesday 06 February 2002 21:03, Michael D. Schleif wrote:
[ snip ]
This is a faq and should be listed somewhere. However, here are a
couple previous threads and their solutions:
I have a LEAF command help FAQ at:
http://sourceforge.net/docman
Jon =
65456 65535
Your point?
Jon Clausen wrote:
On Thursday 07 February 2002 00:26, Michael D. Schleif wrote:
Is there some _maximum_ port that can be port forwarded?
This fails:
INTERN_SERVERS=tcp_${EXTERN_IP}_65456_${LOKI}_www
This succeeds
Matt Schalit wrote:
Jack Coates wrote:
On Mon, 4 Feb 2002, David Douthitt wrote:
Another note: rdate uses an old obsolete form of network time
synchronization; I suspect more and more time servers may stop
providing the service rdate uses (wuarchive.wustl.edu seems to have
I cannot find a java.lrp -- is there one?
We have an java application that we want to run on DCD. This is not
like lrpStat.jar, which actually runs via remote browsers; but, an
actual application that must run on the firewall.
What do you think?
--
Best Regards,
mds
mds resource
Christopher Holmes wrote:
I just changed the internal network address on my Dachstein box.
I changed the 192.168.1.xx to 192.168.5.xx in...
/etc/dhcpd.conf
/etc/network.conf
/etc/sh-httpd.conf
/etc/ipfilter.conf looked OK as-is.
I backed up packages etc, dhcpd, weblet.
Jack Coates wrote:
On Sun, 3 Feb 2002, Matt Schalit wrote:
Jack Coates wrote:
Is there interest in massive applications in general?
Massive but not rediculous. Perl and java are useful but
large. A LEAF box with them gets closer and closer to
being a full distro, minus
[EMAIL PROTECTED] wrote:
That is what I tried first. When it didn't work I thought that the
interfaces must be hardcoded into the Java script. I guess ipsec0 just
doesn't look like an interface to the Java script.
Oh well, it would have been nice. I guess I'll have to live with MRTG.
Scott Sandeman-Allen wrote:
In reviewing the Dachstein version of LRP and making changes etc. I
have come across the need to crack open the bootdisk.bin binary file
and re-create a new one. Can anyone direct me to the documentation
for manipulating this file/disk image.
Thanks in
out if it works for you.
Excellent!
I am going to lose sleep this weekend re-reading the advanced routing
howto's . . .
Michael D. Schleif wrote:
OK, we have two (2) DCD's setup across the internet. Both are running
nmb-207.lrp to investigate samba vs. wins functionality. Both happen
Charles Steinkuehler wrote:
So, we blew away that wins server and put samba (nmb-207.lrp) on each
gateway. It's taken some tweaking and reading man smb.conf
http://us6.samba.org/samba/docs/man/smb.conf.5.html.
Still, windoze functionality is severely lacking across the wan!
Do
We have a customer who currently has four (4) incoming internet T1's.
He thought that his netopia router had a firewall; but, within fifteen
minutes of the T1's coming up, he had six (6) cracked XP workstations ;
Anyway, we want to use DCD at this site. We also need to properly load
and route
OK, we have two (2) DCD's setup across the internet. Both are running
nmb-207.lrp to investigate samba vs. wins functionality. Both happen to
be ipsec gateways.
Both /etc/smb.conf files are setup identically, except for these:
trout
=
hosts allow = 192.168.123.
We have a customer that generates hundreds of images everyday, each of
which is a single image, rather than moving pictures. They have several
different systems that each use their own proprietary methods.
We are proposing an image server and disk array on which all images are
centrally stored
Michael D. Schleif wrote:
OK, we have successfully built a couple DCD-DCD tunnels. We are still
learning how to get full windoze functionality across the tunnels. Is
it possible for a w2k-pro box to join (first time) a domain on a
w2k-adv-svr across this tunnel?
Now, we are tasked
Eric Wolzak wrote:
Hello Larry, Jacques ,list
Larry Jacques allready answered your question, but just to explain
why this is done.
Is it just my copy view firewall rules that only has zero for packacts
and
bytes fields?
Ok. So it's because you are viewing your firewall rules
Martin Hejl wrote:
today, I successfully set up a Dachstein box. On the router, I'm running
tinydns and dnscache to replace our (private) DNS server (which was Bind - I
guess I don't need to tell anybody why I wanted to switch).
Thanks to Jacques' excellent documentation, setting tinydns
I have reviewed
http://www.busybox.net/downloads/BusyBox.html#item_date; but, I cannot
get date -d to work:
date
date [OPTION]... [+FORMAT]
Displays the current time in the given FORMAT, or sets the system date.
Options:
-R
Michael D. Schleif wrote:
http://freeswan.org/freeswan_trees/freeswan-1.91/doc/config.html#handy
``On the left gateway, we can omit leftrsasig. That gateway uses the
private key stored in ipsec.secrets(5) and has no need for its own
public key.''
When I do that, I get this:
# ipsec
Charles Steinkuehler wrote:
``On the left gateway, we can omit leftrsasig. That gateway uses the
private key stored in ipsec.secrets(5) and has no need for its own
public key.''
When I do that, I get this:
# ipsec auto --add trout-bluetrout
ipsec_auto: fatal error in
http://freeswan.org/freeswan_trees/freeswan-1.91/doc/config.html#handy
``On the left gateway, we can omit leftrsasig. That gateway uses the
private key stored in ipsec.secrets(5) and has no need for its own
public key.''
When I do that, I get this:
# ipsec auto --add trout-bluetrout
Jon Pike wrote:
Very long time no talk to... I've been having a problem with my LRP box
and my cable service.
Use Cox/@home in the Orange County, Southern CA area, and it's been
working fine for 2 years.
We are finally getting ours, in the Exicte@home demise, and they have
changed
Charles Steinkuehler wrote:
Never mind the patch, I'm way over thinking this..sorry!
The simplest route will be to edit your 'network.conf' file as
suggested by Charles.
Note this:
# CONFIG_DNS=(YES/NO) Default: NO
# Create /etc/resolv.conf file
Charles Steinkuehler wrote:
I'm still confused ;
I'll try to part the mist, but Moses I'm not.
Thank you.
[ snip ]
If my ISP is
going to change my leased address ( [ x$old_ip_address !=
x$new_ip_address ] ), I would think that would be one time that I'd want
my ISP to change
Is it possible that my ISP is diddling with my /etc/resolv.conf when my
fixed-address, dhcp lease is re-negotiated?
I am running DCD, dhclient, dnscache and tinydns-private on my local
firewall. When the system boots -- as I just did 2 minutes ago --
resolv.conf shows this:
search
guitarlynn wrote:
On Sunday 13 January 2002 19:29, Michael D. Schleif wrote:
Is it possible that my ISP is diddling with my /etc/resolv.conf when
my fixed-address, dhcp lease is re-negotiated?
It is supposed to so your box can resolve ip host names. This
information is sync'ed for use
guitarlynn wrote:
On Sunday 13 January 2002 21:34, Michael D. Schleif wrote:
I believe that I am quite clear on what I'm asking. Unfortunately, I
think that you missed my point entirely . . .
Where is it documented that dhclient will re-write resolv.conf?
Thank-you for being
guitarlynn wrote:
Never mind the patch, I'm way over thinking this..sorry!
The simplest route will be to edit your 'network.conf' file as
suggested by Charles.
Note this:
# CONFIG_DNS=(YES/NO) Default: NO
# Create /etc/resolv.conf file using DOMAINS and DNSx
We are managing several remotely located DCD firewalls.
Yesterday, on one of these firewalls, we began seeing several of these:
Jan 8 17:12:31 trout kernel: Packet log: input DENY eth0 PROTO=6
a.b.c.157:63882 x.y.z.86:524 L=48 S=0x00 I=15350 F=0x4000 T=112 SYN
(#45)
Jan 8 17:12:55 trout
at least a dialogue box asking for a
username / pass?
No.
From: Michael D. Schleif [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: LEAF [EMAIL PROTECTED]
Subject: [Leaf-user] DCD, ipsec windows networking ???
Date: Wed, 09 Jan 2002 10:49:26 -0600
OK, we have setup two (2) ipsec gateways
January 2002, Michael D. Schleif wrote:
OK, we have setup two (2) ipsec gateways on two DCD firewalls across the
internet. Standard tcp/ip stuff works as expected.
Now, we want to get the m$oft windoze networks on each side to interact
with each other, as if they are on the same network.
We
,
how do we map shares? Manually, by knowing the name/address and share
name?
Message: 14
Date: Wed, 09 Jan 2002 10:49:26 -0600
From: Michael D. Schleif [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Organization: mds resource
To: LEAF [EMAIL PROTECTED]
Subject: [Leaf-user] DCD, ipsec
Back in November 2001 I experienced this chronic problem for several
weeks, then it disappeared. I posted here; but, didn't get anything
substantive.
Now, the problem has re-occured on same system:
Jan 9 00:35:18 redtrout kernel: host 0a01a8c0/if8 ignores redirects for
0a01a8c0 to 0a01a8c0.
[EMAIL PROTECTED] wrote:
On Wed, 09 January 2002, Michael D. Schleif wrote:
Now, the problem has re-occured on same system:
Jan 9 00:35:18 redtrout kernel: host 0a01a8c0/if8 ignores redirects for 0a01a8c0
to 0a01a8c0.
Well, this won't be much help but I'm going to shoot
Paul Rimmer wrote:
[ snip ]
It's funny that $HOME shows as /root but whoami doesn't return root.
Also, all of the lrp.conf environment variables appear to be visible but not
the ones from network.conf (where $HOSTNAME is defined).
[ snip ]
As I indicated previously, /etc/profile is
Paul Rimmer wrote:
Add this to /etc/multicron-p:
environment () {
{
echo
echo $(set)
} | mailadmin Environment List
}
Then, make sure that periodic contains the new function:
periodic () {
environment
Paul Rimmer wrote:
Clearly, $HOSTNAME is *not* in the environment for whatever user is
executing your cron job.
cron is a root process (I assume this means multicron-p will be executed as
root?) and I am logged in as root when I successfully use the $HOSTNAME
global from the command
Sean E. Covel wrote:
Is there a Bash shell for LEAF? Could there be?
It is included in Dachstein-CD, or individually from:
http://lrp1.steinkuehler.net/files/diskimages/dachstein-CD/CD-Contents/
--
Best Regards,
mds
mds resource
888.250.3987
Dare to fix things before they break . . .
Charles Steinkuehler wrote:
Anyway, I have a tunnel between two (2) Dachstein-CD firewall/gateways,
seperated by the big, bad internet ;
I remain confused, however, *how* to test the encryption. Yes, I
understand how, if both boxes were local and I could place a 3rd in
between;
Charles Steinkuehler wrote:
Anyway, I have a tunnel between two (2) Dachstein-CD firewall/gateways,
seperated by the big, bad internet ;
I remain confused, however, *how* to test the encryption. Yes, I
understand how, if both boxes were local and I could place a 3rd in
between;
Charles Steinkuehler wrote:
Recent versions of tcpdump are smart enough to be able to dump
the encrypted traffic going over the physical interface without being
confused. You basically want to dump the raw traffic going over your
external 'net, and verify protocol 50 packets are
OK, I'm getting the hang of this -- happy new year!
Anyway, I have a tunnel between two (2) Dachstein-CD firewall/gateways,
seperated by the big, bad internet ;
I remain confused, however, *how* to test the encryption. Yes, I
understand how, if both boxes were local and I could place a 3rd in
# svi ipsec --restart
ipsec_setup: Stopping FreeS/WAN IPsec...
ipsec_setup: stop ordered, but IPsec does not appear to be running!
ipsec_setup: doing cleanup anyway...
ipsec_setup: Starting FreeS/WAN IPsec 1.91...
ipsec_setup: WARNING: ipsec0 has route filtering turned on, KLIPS may
not work
Steve Jeppesen wrote:
Hello all,
I am trying to use the send email alerts option, and have researched thru
both the LRP and LEAF user mail lists.
I have edited both POSIXness.conf and lrp.conf to reflect my mail settings.
When I try the
# mail -s test [EMAIL PROTECTED]
This must be a common problem ;
Suppose that there are two (2) Dachstein-CD firewalls masquerading two
(2) distinct internal networks that happen to use the same private
subnets (e.g., 192.168.1.0/24).
http://freeswan.org/freeswan_trees/freeswan-1.91/doc/config.html is
pretty emphatic:
101 - 200 of 314 matches
Mail list logo
