[Leaf-user] tcp ports 445 & 524 ???

We are managing several remotely located DCD firewalls. Yesterday, on one of these firewalls, we began seeing several of these: Jan 8 17:12:31 trout kernel: Packet log: input DENY eth0 PROTO=6 a.b.c.157:63882 x.y.z.86:524 L=48 S=0x00 I=15350 F=0x4000 T=112 SYN (#45) Jan 8 17:12:55 trout kern

Re: [Leaf-user] DCD, ipsec & windows networking ???

a windows pc with shares) and get at least a dialogue box asking for a > username / pass? No. > >From: "Michael D. Schleif" <[EMAIL PROTECTED]> > >Reply-To: [EMAIL PROTECTED] > >To: LEAF <[EMAIL PROTECTED]> > >Subject: [Leaf-user] DCD, ipsec & wind

Re: [Leaf-user] DCD, ipsec & windows networking ???

> On Wed, 09 January 2002, "Michael D. Schleif" wrote: > > OK, we have setup two (2) ipsec gateways on two DCD firewalls across the > > internet. Standard tcp/ip stuff works as expected. > > > > Now, we want to get the m$oft windoze networks on each side to in

Re: [Leaf-user] DCD, ipsec & windows networking ???

o you mean, ``able to cut/paste at will''? What about shares? If we cannot browse to the other side with explorer, how do we map shares? Manually, by knowing the name/address and share name? > > Message: 14 > > Date: Wed, 09 Jan 2002 10:49:26 -0600 > > From: "Mich

[Leaf-user] host ignores redirects to itself ???

Back in November 2001 I experienced this chronic problem for several weeks, then it disappeared. I posted here; but, didn't get anything substantive. Now, the problem has re-occured on same system: Jan 9 00:35:18 redtrout kernel: host 0a01a8c0/if8 ignores redirects for 0a01a8c0 to 0a01a8c0. J

Re: [Leaf-user] host ignores redirects to itself ???

[EMAIL PROTECTED] wrote: > > On Wed, 09 January 2002, "Michael D. Schleif" wrote: > > Now, the problem has re-occured on same system: > > > > Jan 9 00:35:18 redtrout kernel: host 0a01a8c0/if8 ignores redirects for 0a01a8c0 >to 0a01a8c0. > > Wel

[Leaf-user] DCD, dhclient & /etc/resolv.conf ???

Is it possible that my ISP is diddling with my /etc/resolv.conf when my fixed-address, dhcp lease is re-negotiated? I am running DCD, dhclient, dnscache and tinydns-private on my local firewall. When the system boots -- as I just did 2 minutes ago -- resolv.conf shows this: search pri

Re: [Leaf-user] DCD, dhclient & /etc/resolv.conf ???

guitarlynn wrote: > > On Sunday 13 January 2002 19:29, Michael D. Schleif wrote: > > Is it possible that my ISP is diddling with my /etc/resolv.conf when > > my fixed-address, dhcp lease is re-negotiated? > > It is supposed to so your box can resolve ip host name

Re: [Leaf-user] DCD, dhclient & /etc/resolv.conf ???

guitarlynn wrote: > > On Sunday 13 January 2002 21:34, Michael D. Schleif wrote: > > > I believe that I am quite clear on what I'm asking. Unfortunately, I > > think that you missed my point entirely . . . > > > > Where is it documented that dhclient wil

Re: [Leaf-user] DCD, dhclient & /etc/resolv.conf ???

guitarlynn wrote: > > Never mind the patch, I'm way over thinking this..sorry! > > The simplest route will be to edit your 'network.conf' file as > suggested by Charles. > > Note this: > > # CONFIG_DNS=(YES/NO) Default: NO > # Create /etc/resolv.conf file using DOMAINS a

Re: [Leaf-user] DCD untar?

Sergio Morilla wrote: > > Wich would be the DCD equivalent to: > > gunzip < /xfer/files.tgz | untar > > Tried several times but get busybox errors LRP files untar like this: gunzip -c LRP | tar -x I hope that this helps . . . -- Best Regards, mds mds resource 888.250.3987 Dare

Re: [Leaf-user] DCD, dhclient & /etc/resolv.conf ???

Charles Steinkuehler wrote: > > > > Never mind the patch, I'm way over thinking this..sorry! > > > > > > The simplest route will be to edit your 'network.conf' file as > > > suggested by Charles. > > > > > > Note this: > > > > > > # CONFIG_DNS=(YES/NO) Default: NO > > > # C

Re: [Leaf-user] DCD, dhclient & /etc/resolv.conf ???

Charles Steinkuehler wrote: > > > I'm still confused ;< > > I'll try to part the mist, but Moses I'm not. Thank you. [ snip ] > > If my ISP is > > going to change my leased address ( [ x$old_ip_address != > > x$new_ip_address ] ), I would think that would be one time that I'd want > > my IS

Re: [Leaf-user] DCD, dhclient & /etc/resolv.conf ???

Charles Steinkuehler wrote: > > > > > If my ISP is > > > > going to change my leased address ( [ x$old_ip_address != > > > > x$new_ip_address ] ), I would think that would be one time that I'd > want > > > > my ISP to change resolv.conf ?!?! > > > > > > And it would...at least if you leave dhcl

[Leaf-user] DCD, ipsec and 50/51 protocols ???

If I add this to /etc/network.conf: EXTERN_PROTO0="50 0/0" EXTERN_PROTO1="51 0/0" then, do I still need these ??? leftfirewall=yes rightfirewall=yes What do you think? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . .

Re: [Leaf-user] blackholing at the ISP? how to diagnose?

Alex McLintock wrote: > > > On Wednesday 16 January 2002 12:30, Alex McLintock wrote: [ snip ] > --- guitarlynn <[EMAIL PROTECTED]> wrote: > > > My Internet provider is NTL:Home which is a UK based cable company. I > > > know that that is working to some extent because I can get it working >

[Leaf-user] caution for kernel 2.4x . . .

Perhaps, there are other reasons that kernel 2.4x is so slow coming to leaf: -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think

Re: [Leaf-user] D/DCD busybox gzip/gunzip problem???

Nicolas Riendeau wrote: > > I was wondering if anybody else is, like me, having some problem with the >gzip/gunzip commands > provided by the busybox currently used on Dachstein... > > I sometimes have problems decompressing (gunzip) files which where packed by gzip >(both being the > busybox

Re: [Leaf-user] D/DCD busybox gzip/gunzip problem???

Nicolas Riendeau wrote: > > Michael D. Schleif wrote: > > > I have had my share of g[un]zip and tar problems; but, have eliminated > > them entirely by using *only* the processes used by D[CD] itself: > > > > ctar LIST | gzip > LRP > > > >

Re: [Leaf-user] @home to Cox conversion problems

Jon Pike wrote: > > Very long time no talk to... I've been having a problem with my LRP box > and my cable service. > Use Cox/@home in the Orange County, Southern CA area, and it's been > working fine for 2 years. > > We are finally getting ours, in the Exicte@home demise, and they have > c

Re: [Leaf-user] OT: ipchains

Charles Steinkuehler wrote: > > > If you want to take the time to help me out that would be great, but if > not > > that's cool. > > thanks for any help, > > -Alex Fore > > > > We have two internal DNS servers one internal smtp server, many internal > > webservers. [ snip ] > IPChains debuggin

[Leaf-user] DCD, ipsec, gateways & road warriors ???

OK, we have successfully built a couple DCD-DCD tunnels. We are still learning how to get full windoze functionality across the tunnels. Is it possible for a w2k-pro box to join (first time) a domain on a w2k-adv-svr across this tunnel? Now, we are tasked to carry this further and we have seve

[Leaf-user] DCD, ipsec & leftrsasig only in /etc/ipsec.secrets ???

``On the left gateway, we can omit leftrsasig. That gateway uses the private key stored in ipsec.secrets(5) and has no need for its own public key.'' When I do that, I get this: # ipsec auto --add trout-bluetrout ipsec_au

Re: [Leaf-user] setting up tinydns.lrp

Martin Hejl wrote: > > today, I successfully set up a Dachstein box. On the router, I'm running > tinydns and dnscache to replace our (private) DNS server (which was Bind - I > guess I don't need to tell anybody why I wanted to switch). > > Thanks to Jacques' excellent documentation, setting ti

[Leaf-user] DCD, busybox & date -d ???

I have reviewed ; but, I cannot get date -d to work: date date [OPTION]... [+FORMAT] Displays the current time in the given FORMAT, or sets the system date. Options: -R Outpu

Re: [Leaf-user] DCD, ipsec & leftrsasig only in /etc/ipsec.secrets ???

"Michael D. Schleif" wrote: > > <http://freeswan.org/freeswan_trees/freeswan-1.91/doc/config.html#handy> > > ``On the left gateway, we can omit leftrsasig. That gateway uses the > private key stored in ipsec.secrets(5) and has no need for its own > public key.

Re: [Leaf-user] DCD, ipsec & leftrsasig only in /etc/ipsec.secrets ???

Charles Steinkuehler wrote: > > > > ``On the left gateway, we can omit leftrsasig. That gateway uses the > > > private key stored in ipsec.secrets(5) and has no need for its own > > > public key.'' > > > > > > When I do that, I get this: > > > > > > # ipsec auto --add trout-bluetrout > > > ipsec

Re: [Leaf-user] Leaf 2.4.16 view firewall rules

Eric Wolzak wrote: > > Hello Larry, Jacques ,list > > Larry Jacques allready answered your question, but just to explain > why this is done. > > > Is it just my copy view firewall rules that only has zero for packacts > > and > > > bytes fields? > > > > Ok. So it's because you are viewing your

[Leaf-user] [OT] graphics processing progs ???

We have a customer that generates hundreds of images everyday, each of which is a single image, rather than moving pictures. They have several different systems that each use their own proprietary methods. We are proposing an image server and disk array on which all images are centrally stored

Re: [Leaf-user] DCD, ipsec, gateways & road warriors ???

"Michael D. Schleif" wrote: > > OK, we have successfully built a couple DCD-DCD tunnels. We are still > learning how to get full windoze functionality across the tunnels. Is > it possible for a w2k-pro box to join (first time) a domain on a > w2k-adv-svr across this

[Leaf-user] How to search for LRP packages ???

What am I missing? Let's say, I want to find zebra.lrp -- how do I do that? The search facility returns: `No matches found to your query' for both announcements and pages. If I goto Main Menu | Packages -- it is *not* there, that I can see. If I goto Developer

[Leaf-user] DCD & zebra ???

We have a customer who currently has four (4) incoming internet T1's. He thought that his netopia router had a firewall; but, within fifteen minutes of the T1's coming up, he had six (6) cracked XP workstations ;> Anyway, we want to use DCD at this site. We also need to properly load and route

[Leaf-user] DCD & nmb-207.lrp ???

OK, we have two (2) DCD's setup across the internet. Both are running nmb-207.lrp to investigate samba vs. wins functionality. Both happen to be ipsec gateways. Both /etc/smb.conf files are setup identically, except for these: trout = hosts allow = 192.168.123. 192

Re: [Leaf-user] How to search for LRP packages ???

"Michael D. Schleif" wrote: > > What am I missing? > > <http://leaf.sourceforge.net/> > > Let's say, I want to find zebra.lrp -- how do I do that? > > The search facility returns: `No matches found to your query' for both > announcements

Re: [Leaf-user] DCD, ipsec, gateways & road warriors ???

Charles Steinkuehler wrote: > > > So, we blew away that wins server and put samba (nmb-207.lrp) on each > > gateway. It's taken some tweaking and reading man smb.conf > > . > > > > Still, windoze functionality is severely lacking across the w

Re: [Leaf-user] Weblet Bandwidth Monitor

[EMAIL PROTECTED] wrote: > > That is what I tried first. When it didn't work I thought that the > interfaces must be hardcoded into the Java script. I guess ipsec0 just > doesn't look like an interface to the Java script. > > Oh well, it would have been nice. I guess I'll have to live with MRTG

Re: [Leaf-user] Fwd: Where do I find CD image boot documentation

Scott Sandeman-Allen wrote: > > In reviewing the Dachstein version of LRP and making changes etc. I > have come across the need to crack open the bootdisk.bin binary file > and re-create a new one. Can anyone direct me to the documentation > for manipulating this file/disk image. > > Thanks in

Re: [Leaf-user] DCD, ipsec, gateways & road warriors ???

gt; Try it. It'll only take a couple minutes to find out if it works for you. Excellent! I am going to lose sleep this weekend re-reading the advanced routing howto's . . . "Michael D. Schleif" wrote: > > OK, we have two (2) DCD's setup across the internet. Both ar

[Leaf-user] DCD, ipsec & corrupting eroutes ??? [LONG]

OK, we've had our test DCD-DCD, gw-gw vpn up continuously for several weeks. In fact, I used it earlier this evening to transfer files. Of a sudden, the tunnel no longer functioned! This is what we saw: root@bluetrout:/var/log # ipsec eroute 192.168.1.0/24 -> 192.168.123.0/24 => %hold (

[Leaf-user] DCD & java ???

I cannot find a java.lrp -- is there one? We have an java application that we want to run on DCD. This is not like lrpStat.jar, which actually runs via remote browsers; but, an actual application that must run on the firewall. What do you think? -- Best Regards, mds mds resource 888.250.39

Re: [Leaf-user] QOS in Dachstein??

Christopher Holmes wrote: > > Is there any kind of QOS built into Dachstein? I noticed a fairq chain in > the packet fileter rules. # grep -i 'qos\|fairq' /etc/network.conf # Simple QoS/fair queueing support eth0_FAIRQ=NO # Complex QoS - Enable all of these + above to turn it on eth1_FAIRQ=NO

Re: [Leaf-user] changing internal subnet addrs on Dachstein

Christopher Holmes wrote: > > I just changed the internal network address on my Dachstein box. > > I changed the 192.168.1.xx to 192.168.5.xx in... > > /etc/dhcpd.conf > /etc/network.conf > /etc/sh-httpd.conf > > /etc/ipfilter.conf looked OK as-is. > > I backed up packages etc, dhcpd, & webl

Re: [Leaf-user] DCD & java ???

Jack Coates wrote: > > On Sun, 3 Feb 2002, Matt Schalit wrote: > > > Jack Coates wrote: > > > > > > > Is there interest in massive applications in general? > > > > Massive but not rediculous. Perl and java are useful but > > large. A LEAF box with them gets closer and closer to > > being a fu

Re: [Leaf-user] crontab vs /etc/cron.d/multicron

Matt Schalit wrote: > > Jack Coates wrote: > > > > On Mon, 4 Feb 2002, David Douthitt wrote: > > > > > Another note: rdate uses an old obsolete form of network time > > > synchronization; I suspect more and more time servers may stop > > > providing the service rdate uses (wuarchive.wustl.edu se

Re: [Leaf-user] Problem booting Dachstein CD

Gareth Howell wrote: > > I had a strange problem installing Dachstein today. The hardware was a Dell > Dimension XPS. The machine would boot from a Windows CD, but for some reason > it would not boot from the Dachstein CD I had created, and tested, on > another Dell. > I created a boot floppy, b

[Leaf-user] DCD, ipmasqadm portfw & dynamic/private ports ???

Is there some _maximum_ port that can be port forwarded? This fails: INTERN_SERVERS="tcp_${EXTERN_IP}_65456_${LOKI}_www" This succeeds: INTERN_SERVERS="tcp_${EXTERN_IP}_6543_${LOKI}_www" I have scoured /etc/ipfilter.conf, /etc/network.conf and man ipmasqadm; but, I cannot find

Re: [Leaf-user] dachstein dchp with samba?

> Vic Berdin wrote: > > is it possible to make dhcp clients under a dachstein dhcp server > access samba service installed on the same dachstien dhcp server? > if so, how? > ... or do i really have to set up another box with the samba service > and make it work as another dhcp client? Goto

Re: [Leaf-user] Dachstein logs filling up with DHCP denied packets

Dave Hubble wrote: > > I have a Dachstein 1.0.2 firewall that was running just fine until > Comcast@Home switched me from a static IP to a dynamic one. I now have > DHClient running successfully, but am getting thousands of denied packets in > my logs. > > Since yesterday, I have over 9,500 de

Re: [Leaf-user] Dachstein logs filling up with DHCP denied packets

guitarlynn wrote: > > On Wednesday 06 February 2002 21:03, Michael D. Schleif wrote: > > [ snip ] > > > > This is a faq and should be listed somewhere. However, here are a > > couple previous threads and their solutions: > > > I have a LEAF command help F

Re: [Leaf-user] DCD, ipmasqadm portfw & dynamic/private ports ???

Jon => 65456 < 65535 Your point? Jon Clausen wrote: > > On Thursday 07 February 2002 00:26, Michael D. Schleif wrote: > > Is there some _maximum_ port that can be port forwarded? > > > > This fails: > > INTERN_SERVERS="tcp_${EXTERN_IP}

[Leaf-user] DCD firewall, except 1 unprotected interface ???

What is the best way to setup this scenario: eth0 -- internet eth1 -- LAN, firewall protected eth2 -- DMZ, typical eth3 -- LAN, public IP, *NO* firewall What do you think? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break .

[Leaf-user] DCD vs. netsnmpd ???

netsnmpd.lrp (4.2.1-1-CS) from DCD v1.0.2 appears to be broken. [1] Changes to /etc/snmp/snmpd.conf do *not* affect snmpd. Specifically, modifying syscontact and syslocation are *not* accessible via snmpget nor snmpwalk, &c. [2] Such (example) changes can be effected if snmpd is started with a

[Leaf-user] open source snmp manager ???

Is there an open source snmp manager -- something like netview or openview? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I do

Re: [Leaf-user] DCD vs. netsnmpd ???

OK, I'm rolling my own. Yes, I know about strip for executables and this: # ./configure --prefix=/usr --enable-shared Wow! The libraries are 300% larger! What is the secret to minimizing space of shared libraries? What do you think? "Michael D. Schleif" wrote: &g

Re: [Leaf-user] DCD vs. netsnmpd ???

Charles Steinkuehler wrote: > > > OK, I'm rolling my own. > > > > Yes, I know about strip for executables and this: > > > > # ./configure --prefix=/usr --enable-shared > > > > Wow! The libraries are 300% larger! > > > > What is the secret to minimizing space of shared libraries? > > You can st

Re: [Leaf-user] DCD vs. netsnmpd ???

Charles Steinkuehler wrote: > > > I never did test that package, sorry. I put it together on the assumption > > that I would eventually use it, but that never happened. I apologize for > the > > problems, I can build a better package if you would like, and verify that > > this one works first. >

Re: [Leaf-user] DCD vs. netsnmpd ???

Charles Steinkuehler wrote: > > > I never did test that package, sorry. I put it together on the assumption > > that I would eventually use it, but that never happened. I apologize for > the > > problems, I can build a better package if you would like, and verify that > > this one works first. >

Re: [Leaf-user] DCD vs. netsnmpd ???

Charles Steinkuehler wrote: > > > I suggest: > > > > netsnmp.lrp > > netsnmpd.lrp > > netsnmptrapd.lrp > > How about netsnmptrapd -> netsnmpt (still an 8 character limit on ms-dos > fomatted floppies :< OK > > [3] I also have a working snmpd.conf, including working View-Based > > Access Contr

Re: [Leaf-user] DCD vs. netsnmpd ???

Is there a difference between these, especially regarding libraries? ld -s strip -s Matt Schalit wrote: > > "Michael D. Schleif" wrote: > > > > Charles Steinkuehler wrote: > > > > > >"Michael D. Schleif" wrote: > >

Re: [Leaf-user] DCD, ipmasqadm portfw & dynamic/private ports???

> around 61000; do you recall the exact starting value?) that is the problem. > > Only a guess, though. > > >> On Thursday 07 February 2002 00:26, Michael D. Schleif wrote: > >> > Is there some _maximum_ port that can be port forwarded? > >> >

Re: [Leaf-user] ipsec on a floppy? managing packages in Windows?

[EMAIL PROTECTED] wrote: > > If your hardware isn't too old, changing media is really the way to go. If > your system's BIOS can support a bootable CD, that is unquestionably the way to > go. I switched from a single-floppy Eiger box to a Dachstein-CD setup (with > IPSec), and the flexibility

Re: [Leaf-user] Net-SNMP vulnerability??

Simon Bolduc wrote: > > I found a couple of bits and pieces of information on the 'net regarding > to the BSD release of Net-snmp and certain SNMP vulnerabilities. I'm not > sure whether this impacts the LEAF version but I figured I'd post it anyways > just in case - sorry for wasting your ti

Re: [Leaf-user] silent_deny not working

Doug Sampson wrote: > > Awhile ago was a post to this newsgroup about repeat entries in the message > logs by a DHCP server as follows: > > Feb 12 16:18:00 CX269409-C kernel: Packet log: input DENY eth0 PROTO=17 > 10.8.238.1:67 255.255.255.255:68 L=328 S=0x00 I=30881 F=0x T=255 (#10) > > I

Re: [Leaf-user] silent_deny not working

Doug Sampson wrote: > > > > > I maintain that this is the cleanest solution: > > > > > > > > I've copied your proposed solution here for reference. > > # cat /etc/ipchains.input > $IPCH -I input -j DENY -p all -s 0/0 -d 255.

Re: [Leaf-user] silent_deny not working

Doug Sampson wrote: > > > > # cat /etc/ipchains.input ^^^ You create this file, put that line in it and make sure that this line is *NOT* commented in /etc/network.conf: IPCH_IN=/etc/ipchains.input These rather innocuous files can be very powerful tools in D

Re: [Leaf-user] Can DCD files be modified BEFORE burning your CD?

Craig Caughlin wrote: > > Since I have few modifications to make to Dachstein ( I just want to > uncomment the right NIC driver), can I download the CD contents to a > directory, edit the correct files and then burn my CD? Which files would I > need to edit? Thank you, have a great day! YES! T

Re: [Leaf-user] udhcp package

David Goodrich wrote: > > well, i am hoping to do some static leases, which worked fine under the > isc dhcpd... i'll do some looking and try to figure it out. thanks > -david > > On Mon, 2002-02-18 at 13:49, guitarlynn wrote: > > On Monday 18 February 2002 11:27, David Goodrich wrote: > > >

Re: [Leaf-user] Which DCD "config" files CAN you modify???

Craig Caughlin wrote: > > Can someone tell me 1.) Which files CAN be modified to customize your > DachsteinCD, and 2.) The best way to access them TO modify them? Thank you, > have a great day! As a general rule, configuration files residing under /etc exist to manage configuration of your sys

Re: [Leaf-user] rsasigkey too slow

[EMAIL PROTECTED] wrote: > > On Eigerstein, ipsec 1.5 > >ipsec rsasigkey 1024 > > takes FOREVER, sometimes 20 minutes > > I've used python to calculate millions of floating point no's > and cat ted /dev/random and urandom to /dev/null > trying to generate entropy.nothin

Re: [Leaf-user] How do packages install symlinks in /etc/rc?.d/ ?

Eric House wrote: > > I'm trying to build a package (.lrp file) that has a script in > /etc/init.d. The packages I'm copying also have scripts in init.d, > but they don't seem to include the symlinks in the /etc/rc?.d > directories that cause those scripts to get called. Yet once > installed t

[Leaf-user] DCD, proxy dmz, snmp & icmp ???

We have a DCD setup, including a proxy dmz. SNMP queries work everywhere, excepting systems residing on that dmz. Let me clarify that: snmp queries respond properly from clients inside the private network; but, *not* from the DCD firewall nor internet hosts. Running iptraf on the firewall, we

Re: [Leaf-user] DCD, proxy dmz, snmp & icmp ???

Charles Steinkuehler wrote: > > > We have a DCD setup, including a proxy dmz. > > > > SNMP queries work everywhere, excepting systems residing on that dmz. > > Let me clarify that: snmp queries respond properly from clients inside > > the private network; but, *not* from the DCD firewall nor int

Re: [Leaf-user] DCD, proxy dmz, snmp & icmp ???

Charles Steinkuehler wrote: > > > I was not certain what it is that you want to see -- see below. > > > > tcpdump output, run on the local DCD : > > OK, this helps, but I'm still not sure what I'm looking at. Which interface > did you run the tcpdump on? I'm guessing from the packet traffic w

Re: [Leaf-user] DCD, proxy dmz, snmp & icmp ???

Charles Steinkuehler wrote: > [ snip ] > > If you want to open UDP services to the outside world, an ALLOW rule for the > response packets needs to be generated, so the packets don't hit the "catch > all" UDP masqerade rule at the end of the DMZ rules in the forward chain > (which allows DMZ

[Leaf-user] which martian is which ???

What is the difference between these syslog messages? martian source b18c85ac for , dev eth1 martian destination efea from 4901a8c0, dev eth1 Other than the obvious difference in word choices, why would the kernel express this one way or the other? Which martian co

Re: [Leaf-user] DCD, proxy dmz, snmp & icmp ???

Charles Steinkuehler wrote: > > > Did you see this, yesterday? > > Yeah...got distracted while analizing & it got dropped... OK, sorry for my impatience . . . > > > The final problem is the fact that you can't do an snmpwalk from the > > > firewall to the DMZ. Apparently, the SNMP query pack

Re: [Leaf-user] DCD, proxy dmz, snmp & icmp ???

"Michael D. Schleif" wrote: > > Charles Steinkuehler wrote: > > > [ snip ] > > > I'm confused. I don't think the firewall rules on the .65 machine can be > > your problem, since you're seeing the request packets go out, and even if > &

Re: [Leaf-user] Dachstein CD, IPSEC, KLIPS & rp_filter

William Brinkman wrote: > > I have networked two DCD firewalls with IPSec using > X.509 certificates. I have added a "road warrior" > M$98 machine using SSH Sentinel package. > > The interesting part is that the KLIPS warning that > usually shows up during boot now really matters! > > WARNING

Re: [Leaf-user] sharper question re net-snmp exec not working on dachstein

Pete Dubler wrote: > > I have made progress...7 hours later... > > I have opened up my snmp config so all things can be polled (still > behind the firewall). > > I have also run everything in parallel on a Redhat 7.1 system. I have > identical /etc/snmp/snmpd.conf files on both systems. > >

[Leaf-user] DCD & MAIL_SERVER variable ???

This variable: MAIL_SERVER is set in two (2) different files: /etc/lrp.conf /etc/POSIXness.conf However, it appears that the default mail program: /lib/POSIXness/POSIXness.mail _only_ uses the variable as set in: /etc/POSIXness.conf Is that instance

Re: [Leaf-user] forwarding Protocal 47(gre) on Eigerstein LRP

Matt Schalit wrote: > > Charles Steinkuehler wrote: > > > When you run ssh on a *nix box, it will default to using a "low" port to > > make the connection unless you specify a command line switch (which is > > different for ssh, scp, and varies from one ssh implementation to anoteher). > > I t

[Leaf-user] martians on internal network ???

We are seeing martians on internal networks on a regular basis. Usually, it is traceable to users logging into AOL over our high speed internet connections: 172.128.0.0 - 172.191.255.255 Today, we saw one from United Airlines: 205.174.16.0 - 205.174.23.255 [1] How does this h

Re: [Leaf-user] martians on internal network ??? [LONG!]

Jeff Newmiller wrote: > > On Fri, 8 Mar 2002, Michael D. Schleif wrote: > > > We are seeing martians on internal networks on a regular basis. > > > > Usually, it is traceable to users logging into AOL over our high speed > > internet connections: > >

Re: [Leaf-user] martians on internal network ???

nformation required and I will comply. Thank you. "Michael D. Schleif" wrote: > > We are seeing martians on internal networks on a regular basis. > > Usually, it is traceable to users logging into AOL over our high speed > internet connections: > > 172.128

Re: [Leaf-user] martians on internal network ??? [LONG!]

Jeff Newmiller wrote: > > On Fri, 8 Mar 2002, Michael D. Schleif wrote: > > > Jeff Newmiller wrote: > > > > > > On Fri, 8 Mar 2002, Michael D. Schleif wrote: > > > > > > > We are seeing martians on internal networks on a regular basis. >

Re: [Leaf-user] martians on internal network ???

Thank you. Although, I can be pretty daft on occasion, I am trying to ``do the right thing.'' It is not always easy knowing what that maybe in a variety of contexts. For me, from my humble experience, when I do not know something, it works best to try to summarize what it is that I know, espec

Re: [Leaf-user] martians on internal network ???

guitarlynn wrote: > > I don't know if this will approach the problem being asked to > help much, but I did reverse engineer the AOL software > many years ago to connect with Linux. > > You can only connect to AOL via a special proxy adapter > that is integrated with their software. The martian

Re: [Leaf-user] DNScache and hosts config question

"Scott C. Best" wrote: > > Heyaz. So I'm using a fairly stock DS relase, > and I've a question about properly setting up dnscache > and my "host" entries in network.conf. So, these host entries are visible from the DS system. > How can I keep my LAN machines from making PTR? >

Re: [Leaf-user] martians on internal network ???

Mike Noyes wrote: > > At 2002-03-09 14:01 -0600, Michael D. Schleif wrote: > >Also, since I do not know everything there is to know about networks > >and quantifying everything quantifiable about same, regarding your > >sniffer questions, can you describe a simple

Re: [Leaf-user] Strange Martian messages on inteneral network.

Jeff wrote: > > First this is not part of the previous postings concerning AOL dial-outs > on an internal network. > > I have a small home network of 5 machines including the LEAF box and > have been running Eigerstein for about 6 -7 months with little if no > problems. > > But, I am seeing th

Re: [Leaf-user] libz on Dach-CD

dgilleece wrote: > > Just for clarification, if my system boots from the CD, it will still give > precedence to the libz.lrp from the floppy? > > Thanks again, > > Dan > - Original Message - > From: "Charles Steinkuehler" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]>; "Scott C. Best" <

Re: [Leaf-user] rdate, udp and Bering

Stephen Lee wrote: > > On Wed, 2002-03-27 at 17:12, Matt Schalit wrote: > > Stephen Lee wrote: > > > > > > I noticed that rdate from Bering does not seem to accept the "-u" switch > > > for time requests using UDP. I suspect many of the RFC868 rdate servers > > > are only accepting UDP requests

Re: [Leaf-user] rdate, udp and Bering

Stephen Lee wrote: > > On Thu, 2002-03-28 at 12:56, Michael D. Schleif wrote: > > > > > > > Thanks. I installed xntpd.lrp and pointed it to one of the public ntp > > > servers. The problem is that my hardware clock is so far off that it's > > >

Re: [Leaf-user] rdate, udp and Bering

; > Sent: Thursday, March 28, 2002 1:05 PM > Subject: [Leaf-user] rdate, udp and Bering > > > On Thu, 2002-03-28 at 12:56, Michael D. Schleif wrote: > > > > > > > > > Thanks. I installed xntpd.lrp and pointed it to one of the public ntp > > >

Re: [Leaf-user] rdate, udp and Bering

Tom Eastep wrote: > > - Original Message - > From: "Michael D. Schleif" <[EMAIL PROTECTED]> > Cc: "Leaf-user" <[EMAIL PROTECTED]> > Sent: Thursday, March 28, 2002 1:43 PM > Subject: Re: [Leaf-user] rdate, udp and Bering > > >

Re: [Leaf-user] can I run simple Samba server on a LEAF machine? or something similar,

Consider this: Of course, depending on what you need to do . . . HTH Gary Dodge wrote: > > can I run simple Samba server on a LEAF ma

[Leaf-user] DCD pass-through interface ???

What other information do you want to see to help me decide the best solution to this situation? As often happens to me, I do not know a better way to briefly present this to the List; so, if you want more information, please, ask and I will provide it to you. Thank you. OK, let's assume that

Re: [Leaf-user] Changes for new Dachstein release

Charles, et al. => I know that I have addressed several of these items over these past months. In fact, I spent some time addressing that space check multicron item; but, I didn't get any feedback from you: Please, comment and I will attem

[Leaf-user] Lineo Narrowly Averts Death

-- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don'

Re: [Leaf-user] Changes for new Dachstein release

Charles Steinkuehler wrote: > > It looks like it's getting to be time for a new Dachstein release. There > are a number of minor bugs to fix in the system scripts, and (more > importantly) security updates to some of the packages on the CD (SNMP and > libz). [ snip ] Please, allow me to reque

<    1   2   3   4   5   >