Re: [Leaf-user] tinydns: UID: readonly variable

Robert Williams wrote: > > I just added another computer to my network and decide to install > tinydns instead of updating all of those host files. I am using DS CD > 1.2. However tinydns doesn't seem to work. I am using it straight out > of the box. the only changes I have made was to add entri

Re: [Leaf-user] Changes for new Dachstein release

Greg Morgan wrote: > > "Charles Steinkuehler" <[EMAIL PROTECTED]> wrote: [ snip ] > > - Alter weblet disk-checking script to ignore CD-ROM (always 100% full) > > I am not following the weblet CD-ROM issue. I am running weblet 1.2.0 > off of DCD 1.0.2. I've clicked all around on the weblet w

[Leaf-user] Convert 32bit date to date string ???

As you know, this: date +%s produces this: "%s seconds since 00:00:00, Jan 1, 1970" What is the simplest way to turn such 32bit date number back into a visually meaningful date string on LEAF/DCD? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before

[Leaf-user] Net-SNMP v4.2.4 packages released

The latest release can be found here: Descriptive text is in the directory above that. According to the Net-SNMP folks: ``Version 4.2.1 and below of the ucd-snmp package contain some critical security related bugs. You MUST upgrade

Re: [Leaf-user] Bering: How do I get my dns & dhcp servers to work together?

Mark Ivey wrote: > > I'm running a Bering firewall, and I want all my local computers added to my > dns server. This is so I don't have to try to figure out what address a > computer got before I can access it. How can I get my dhcp server to update > my dns server? Should I be running tinydn

[Leaf-user] ANN: ntpclient.lrp v3.45

Although there are already several other ntpclient.lrp's out there, this one is different: [1] It is the smallest that I've found: # ls -al ntpclient.lrp -rw-r--r--1 helices leaf 7651 Apr 26 09:32 ntpclient.lrp [2] It includes an init script starting, stopping and configuring the

[Leaf-user] Re: [Leaf-devel] ANN: ntpclient.lrp v3.45

Charles Steinkuehler wrote: > > > Although there are already several other ntpclient.lrp's out there, this > > one is different: > > > > > > > > > > > I'm f

[leaf-user] DCD, icmp & NAT ???

As you know, I sometimes run into seemingly inexplicable anomalies, for which I do not know what corroborative evidence is appropriate. This is another one of those ;> [1] My question is, *how* can an icmp packet get through DCD _and_ get to an internal, NAT'ed system ??? [2] Stock DCD, regard

Re: [leaf-user] DCD, icmp & NAT ???

only box, from which I have never accessed anything outside of my own internal network. > At 09:20 AM 5/1/02 -0500, Michael D. Schleif wrote: > [...] > >[1] My question is, *how* can an icmp packet get through DCD _and_ get > >to an internal, NAT'ed system ??? > > By bei

[leaf-user] DCD: Special Second External Interface ???

DCD: Special Second External Interface ??? [1] Summary diagram: +---+ | | | Remote Vendor| | Private Network | | | +---+ Florida ^ | Chicago v +---+ | | | ISDN Router

Re: [leaf-user] DCD: Special Second External Interface ???

Jeff Newmiller wrote: > > On Fri, 3 May 2002, Michael D. Schleif wrote: > [ snip ] > > [3] There is no problem exchanging data with their Florida vendor while > > the T-1 is working. > > ... through the T-1, so the florida network expects to route packets to &

Re: [leaf-user] DCD: Special Second External Interface ???

"Michael D. Schleif" wrote: > > DCD: Special Second External Interface ??? > > [1] Summary diagram: > > +---+ > | | > | Remote Vendor| > | Private Network | > | | > +

Re: [leaf-user] DCD: Special Second External Interface ???

Charles Steinkuehler wrote: > > > > DCD: Special Second External Interface ??? > > > > > > [1] Summary diagram: > > > > > > +---+ > > > | | > > > | Remote Vendor| > > > | Private Network | > > > | | > > > +---+ > > > Fl

Re: [leaf-user] DCD: Special Second External Interface ???

y Olszewski wrote: > > At 11:42 AM 5/6/02 -0500, Michael D. Schleif wrote: > [...] > >OK, I have tried your suggestions -- without success. > > > >Please, refer to <http://www.helices.org/tmP/mcaI/mcai_isdn.txt> for the > >details that you have requested. >

Re: [leaf-user] {SOLVED] DCD: Special Second External Interface ???

suppose that, when I'm all done, I should author a FAQ. I did search the archives for this list, found several questions regarding multiple external interfaces and found *no* solutions. What do you think? "Michael D. Schleif" wrote: > > +---+ > |

Re: [leaf-user] ftp server through dachstein

David Goodrich wrote: > > i'm not having any luck getting proftpd to be accessible through my > dachstein 1.02 floppy firewall. i tried going in active mode and forwarding > tcp 20 & 21 to the server, but no luck. has anyone done this before? tia > -david Difficult to say what is your probl

Re: [leaf-user] ftp server through dachstein

roftpd.conf .. the server works just fine on > my internal net but no-one is allowed to connect from the "real" world. > thanks > > - ----- Original Message - > From: "Michael D. Schleif" <[EMAIL PROTECTED]> > > > > David Goodrich wrote: &

[leaf-user] udp 7 (echo) flood ???

Is there some meaning to getting 27,000 of these in five (5) minutes yesterday? Packet log: input DENY wan1 PROTO=17 207.112.196.241:48785 x.y.z.157:7 L=1494 S=0x00 I=37458 F=0x T=126 (#48) Obviously, it's probably not a good thing; but, I'm trying to figure out what they may have been tryi

Re: [leaf-user] A NET question

"Omar D. Samuels" wrote: > > Now that I'm over that hurdle and I am getting more the hang of this mialing > list, I would like to dare to ask for help with another issue... please. > > I a using Eigerstein2... does anyone know if there is any way to suppress > the NET messages? They look like

Re: [leaf-user] A NET question

"Omar D. Samuels" wrote: > > - Original Message - > From: "Michael D. Schleif" <[EMAIL PROTECTED]> > > > > "Omar D. Samuels" wrote: > > > > > > Now that I'm over that hurdle and I am getting more the hang

Re: [leaf-user] A NET question

"Omar D. Samuels" wrote: > [ snip ] > I think you are THE MAN! I really appreciate this man. I'm gonna give it a > try. I don't want to really shut off syslog. The thing is I gotta get rid > of those messages. The box needs to, when it is installed, just sit there, > running maybe somethi

Re: [leaf-user] A NET question

"Omar D. Samuels" wrote: > > Hey I stopped the sysklogd as well as commented out the *.emerg * line and > I still get those NET messages. > Any suggestions? ps aux | grep sys Do you have any running process like syslog? If yes, then you can kill it. If not, as I mentioned, these mes

Re: [leaf-user] DHCP REQUESTS FORWARDED BETWEEN SUBNETS

Troy Aden wrote: > > Hi I am working with Dachstein in a basic router setup. I would like > to know how to set up DHCP request forwarding between subnets so that we can > administer all of our subnets with one DHCP server. I will do my best to > draw this out. > > -ROUTER-

Re: [leaf-user] QMAIL - anyone help please?

Adam Drake wrote: > > Ok guys, I'm begging now! > > I've installed QMAIL on my LEAF BERING system, with DAEMONTL and VMAILMGR. > > Having read whatever documentation there is (not a lot) I've attempted to > configure qmail as best I can, but I'm clutching at straws. For some reason, > I can no

Re: [leaf-user] QMAIL - anyone help please?

Adam Drake wrote: > [ snip ] > Shorewall/rules [ snip ] > # Added A.Drake to allow pop3 access to qmail on firewall > ACCEPTloc fw tcp 110 > ACCEPTloc fw tcp 25 > ACCEPTfw net tcp 110 > ACCEPT

Re: [leaf-user] Need Help Debugging Firewall Rules - Dachstein

Vintage wrote: > > I have searched the FAQs and mail archives but could not find the solution. > I am currently running Dachstein (CD version) on the Road Runner cable > network. As might be expected on a cable network, my logs quickly overfill > with the following noise: > > Every few second

Re: [leaf-user] Need Help Debugging Firewall Rules - Dachstein

Vintage wrote: > > Michael - many thanks for the help - that did the trick. Just one question, > is there any danger to having these two rules at the top of my firewall > rules list? (See bottom of my note for output of "ipchains -nvL" Actually, this is desirable. Look at it this way, ipchai

Re: [leaf-user] svi documentation?

George Luft wrote: > > Is the svi shell script documented anywhere? > > It seems rather elegantly and concisely written, but not being expert in > ash, I am having a hard time following it. I tried searching the web and > newsgroups with no luck. > > Can anybody point me in the right directio

Re: [leaf-user] Is there a way to auto email log files question --> was Need Help Debugging Firewall Rules

Vintage wrote: > > Michael - I am reading through ipfilter.conf and just realized that this is > my own IP address... > > It makes sense, but yeah, I feel pretty silly... I never noticed that rule; but, yes, it makes sense for an interface to DENY input packets the source of which is itself,

Re: [leaf-user] bering (shorewall) traffic shaping

Todd Pearsall wrote: > > I just gave it a try on my Dachstein 1.02 box (after switching from the > small-ipsec to the normal-ipsec kernel file) and I get errors because > the tc command is not there. Anyone know where I can get it from? bwidth22.lrp -- Best Regards, mds mds resource 888.25

Re: [leaf-user] Using HOSTS file

John Mullan wrote: > > Thanks for you help so far Brad.. > > I'm sure I'm missing something, but no luck. I had tried to set it up > so that dnscache watches 192.168.1.254 and looks to tinydns. Not sure > if that is what is supposed to happen or if I even got it that way in > any of my at

Re: [leaf-user] Bandwidth Throttling

Jonathan Berglund wrote: > > I'm running Dachstein, and I was wondering if there were an packages to > throttle bandwidth. The reason I ask is that at my work we rent out > space to some other people, and they share our T1. Problem is they are > hogging bandwidth and even if institute some rule

Re: [leaf-user] Blocking established connections external port 53's

Steve Jeppesen wrote: > [ snip ] > Active Internet connections (w/o servers) > Proto Recv-Q Send-Q Local Address Foreign Address State > tcp0 0 192.168.1.254:80192.168.1.2:33449 ESTABLISHED > tcp0 0 192.168.1.254:80192.168.1.2:3

Re: [leaf-user] Update for modules.lrp

Speaking of modules, please, incorporate the Sangoma wanpipe modules located here: Please, *remove* the existing modules of the same name; but, which may reside in another directory. Late last year, I worked intensely with

[leaf-user] OT: correlation engine ???

I am looking for open source correlation engines, especially those designed for event correlation. Anybody know of open source projects trying to duplicate the work of Tivoli's Enterprise Console, IT Masters' MasterCell, &c.? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things

[leaf-user] stop connection to remote port ???

how do we stop masqueraded connections to a given remote port? this does not work in /etc/ipchains.forward: $IPCH -I forward -j DENY -p udp -s 192.168.0.0/16 -d 0.0.0.0 1214 $IPCH -I forward -j DENY -p tcp -s 192.168.0.0/16 -d 0.0.0.0 1214 what do you think? -- Best Regards, mds mds resour

Re: [leaf-user] Dachstein-CD update

Sean => A bit pressed for time this weekend; and, this may take more time than you anticipated. Sean wrote: > > diskfree.sh > > Ok, I'll bite. I think I must have missed this thread. Where is this > supposed to go? What was this supposed to fix? I'm trying to add it to the > new CD. Look

Re: [leaf-user] stop connection to remote port ???

"Michael D. Schleif" wrote: > > how do we stop masqueraded connections to a given remote port? > > this does not work in /etc/ipchains.forward: > > $IPCH -I forward -j DENY -p udp -s 192.168.0.0/16 -d 0.0.0.0 1214 > $IPCH -I forward -j DENY -p tcp -s 192.168.0

Re: [leaf-user] stop connection to remote port ???

rward, input and output chains -- yet, internal systems continue to connect to remote tcp 1214 !?!? What do you think? > At 10:30 AM 6/15/02 -0500, Michael D. Schleif wrote: > > >"Michael D. Schleif" wrote: > > > > > > how do we stop masqueraded connections

Re: [leaf-user] stop connection to remote port ???

Ray => Thank you, again . . . Ray Olszewski wrote: > > Thanks for the additional information. I see you have the rules you were > describing at the top of the input chain and before the only ACCEPT rule in > the output chains, so you should not be having order problems with them. > And all the

Re: [leaf-user] Bourne SHell prompt problems

Rob Fegley wrote: > > I've tried about fifteen ways to get the prompt to look like this: > > [root@firewall /usr/sbin]# <--- where "/usr/sbin" is a current working directory I use bash; so, I cannot vouch for ash: # PS1=`echo -n -e "[$USER@$HOSTNAME $HOME]# "` [root@trout /r

Re: [leaf-user] Bourne SHell prompt problems

"Michael D. Schleif" wrote: > > Rob Fegley wrote: > > > > I've tried about fifteen ways to get the prompt to look like this: > > > > [root@firewall /usr/sbin]# <--- where "/usr/sbin" is a current working directory > > I use

Re: [leaf-user] RE: How to update root.lrp on DCD

Binh Do wrote: > > At first I tried the following: > > - Unzip-untar root.lrp into a temp dir. > - Change the scripts > - tar and zip > - Mount the bootdisk.bin as you suggested and then created the ISO > > But I got so many errors when booting the CD because of the changes to > scripts (root.

Re: [leaf-user] Anybody know what happened to:

Michael McClure wrote: > > In the meantime, I have *a bunch* of this: > > Jul 7 03:04:00 mikerouter kernel: Packet log: input DENY eth0 PROTO=1 > 0.0.0.0:3 80.135.217.223:3 L=56 S=0x00 I=42918 F=0x T=150 (#17) > Jul 7 03:04:00 mikerouter kernel: Packet log: input DENY eth0 PROTO=1 > 0.0.0

Re: [leaf-user] Dachstein/Linux equivalent to ipconfig /all ???

Chad Carr wrote: > > On Mon, 8 Jul 2002 06:25:55 -0700 > "Craig" <[EMAIL PROTECTED]> wrote: > > > Is there a Dachstein/Linux equivalent to Microsoft's ipconfig /all so I > > can see my complete info??? Do I have to be logged in as Root to execute > > it? Thank you. > > ifconfig by itself on a

[leaf-user] daemon vs. savelog ???

I have a compiled application that runs find under dcd. This app spews data on STDOUT while running. I want to run this app as a daemon (continuously running in background) and I want to save the stdout data to a logfile. In fact, I am doing this now and everything is OK: $DAEMON >>$L

Re: [leaf-user] daemon vs. savelog ???

Jeff Newmiller wrote: > > On Tue, 9 Jul 2002, Charles Steinkuehler wrote: [ snip ] > > > After savelog rotates the logfile, $DAEMON is writing to logfile.0, > > > instead of logfile. Obviously, this is not acceptable ;< > > > > > > I assume that this has something to do with the original redi

Re: [leaf-user] hwclock error?

George Georgalis wrote: > > On Fri, Jul 12, 2002 at 09:30:30AM +0100, [EMAIL PROTECTED] wrote: > >The command is just > > > >date hhnn[mmdd][] > > > >where n = minutes > > > >can't remember whether it's ddmm or mmdd I'm guessing mmdd > > > > # date 09450007122002 > date: invalid date `0945

Re: [leaf-user] Latest Bering sshd.lrp?

Look here: Stephen Lee wrote: > > Is the sshd.lrp listed at > http://leaf.sourceforge.net/devel/jnilo/index.html actually version > 3.2.3p1 or could it be a typo? I installed the package on my bering rc2 > system and

Re: [leaf-user] Motorola Surfboard/Charter Cable continued...

This _is_ your problem. "Dr. Richard W. Tibbs" wrote: > > /etc/resolv.conf contains: > > search cablenet-va.com /* correct, this is the DNS suffix that > shows up when I connect windoze directly to cable modem*/ > IP filters:firewall[IP Forwarding: ENABLED] > meserver 208.197.246.194

Re: [leaf-user] Motorola Surfboard/Charter Cable continued...

Yes, I came in late; and, yes, Erich is right that I missed the mark on my previous comments. Nevertheless, now that I study this posting's history, I am very confused! Which package are you using? JNilo's doesn't contain any /etc/dnscache.conf; rather, it looks like Erich's table (below). I

Re: [leaf-user] Motorola Surfboard/Charter Cable continued...

Brad Fritz wrote: > > On Wed, 24 Jul 2002 22:19:26 +0200 Eric Titl wrote: > > > Brad Fritz wrote the following at 17:56 24.07.2002: > > > > >On Wed, 24 Jul 2002 11:42:17 EDT Dr. Richard W. Tibbs wrote: > > > > > >...> dmesg outputs a lot of identical lines like: > > > > Packet log: input DE

Re: [leaf-user] Linux firewalling rules, Dachstein

[EMAIL PROTECTED] wrote: > > I tried to post a request for help including all of the stuff the FAQ said > I should include, and it was rejected for being too big (>64k). You can include all of that information in the body of your next post. > Here is > my problem in a nutshell: > I am a studen

Re: [leaf-user] Linux firewalling rules, Dachstein

Eric => Please, let's keep this dialog on the list. [EMAIL PROTECTED] wrote: > > My answers to your first questions: > > External interface (eth0):##This info came from the ISP > IP: 192.168.50.10 > Subnet mask: 255.255.255.0 > Mask #/length: 24 > Broadcast: 192.168.50.255

Re: [leaf-user] Linux firewalling rules, Dachstein

[EMAIL PROTECTED] wrote: > > > [2] Modify the Dachstein firewall rules accept this private network > > from the router. To do this, you will need to create a file: > > /etc/ipchains.input in which you need add this line: > > > > $IPCH -I input -j ACCEPT -p all -s 0/0 -d 192.168.50.0/24 -i

Re: [leaf-user] FORW: CERT Advisory CA-2002-23 Multiple Vulnerabilities In OpenSSL

Dan Harkless wrote: > > Argh. I tried to forward the below CERT advisory to the list yesterday but > it was rejected because I used a MIME-based forward. The list rejects such > posts without bouncing them back to you, which is quite broken behavior, > thus I need to re-compose this intoductor

Re: [leaf-user] FORW: CERT Advisory CA-2002-23 Multiple Vulnerabilities In OpenSSL

"K.-P. Kirchdörfer" wrote: > > Am Donnerstag 01 August 2002 06:23 schrieb Michael D. Schleif: > > Dan Harkless wrote: > > > Argh. I tried to forward the below CERT advisory to the list yesterday > > > but it was rejected because I used a MIME-based for

Re: [leaf-user] FORW: CERT Advisory CA-2002-23 Multiple Vulnerabilities In OpenSSL

"K.-P. Kirchdörfer" wrote: > > Am Donnerstag 01 August 2002 06:23 schrieb Michael D. Schleif: > > <http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/devel/helices/openssh/ > >> > > > > Message-ID: <[EMAIL PROTECTED]> > >

[leaf-user] DCD: swap_free: Trying to free nonexistent swap-page ???

One of our DCD installations has been exhibiting strange behaviour lately. This message comes through syslogd irregularly, often twice an hour or every couple hours: Aug 3 11:45:01 redtrout kernel: swap_duplicate: entry 1000, nonexistent swap file Aug 3 11:45:01 redtrout kernel: swap_free

Re: [leaf-user] /var/log/wtmp data log on LEAF

Vic Berdin wrote: > > I need to manage /var/log/wtmp data log on a regular basis (preferably > using a cron triggered binary/script). > As other mail archive trails suggests, A C program that will truncate it > must be created. It can be done but, > what do you guys have to say about it? How do

Re: [leaf-user] sshd fatal error mmap invalid argument

Which package of sshd? matt wrote: > > hello again everyone. i'm having a problem with sshd. everything > loads well, and looks like it's running (according to netstat and ps > ax). every time i connect with the client software, the connection is > imediately dropped (before any key is passe

Re: [leaf-user] Can't ssh from local network

Whence did you get ssh[d].lrp? This is an issue that I've encountered with mmap enabled on some, but not all, dachstein boxen; which is supposedly attributable to 2.2x kernels . . . Warren Post wrote: > > ssh is running on our Dachstein box, but I can't access it. When I try > to ssh into the

Re: [leaf-user] A big snmp question

[EMAIL PROTECTED] wrote: > > I'm not using the snmp.lrp package, > I downloaded net-snmp 5.03 and built my own > on a Debian system. > > net-snmp daemon seems to be working great > with several managers as far as inquiry. > > When a manage

[leaf-user] dnscache vs. dmz ???

does anybody have a proxy-arp dmz and also running tinydns & dnscache? thought that I'd resolved this sometime ago; but, tonight, for life of me, I cannot get dmz hosts to resolve addresses for remote internet sites solely via tinydns-public and dnscache ;< tinydns tries to resolve the name and

Re: [leaf-user] dnscache vs. dmz ???

Erich Titl wrote: > > At 07:57 09.10.2002, you wrote: > > >does anybody have a proxy-arp dmz and also running tinydns & dnscache? > > > >thought that I'd resolved this sometime ago; but, tonight, for life of > >me, I cannot get dmz hosts to resolve addresses for remote internet > >sites solely

Re: [leaf-user] dnscache vs. dmz ???

Charles Steinkuehler wrote: > > > > >does anybody have a proxy-arp dmz and also running tinydns & > dnscache? > > > > > > > >thought that I'd resolved this sometime ago; but, tonight, for life > of > > > >me, I cannot get dmz hosts to resolve addresses for remote internet > > > >sites solely via

Re: [leaf-user] dnscache vs. dmz ???

"Michael D. Schleif" wrote: > > does anybody have a proxy-arp dmz and also running tinydns & dnscache? Anybody have such setup that works? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inver

Re: [leaf-user] dnscache vs. dmz ???

thank you, for your continued interest . . . Matthew Schalit wrote: > > Michael D. Schleif wrote: > > "Michael D. Schleif" wrote: > > > >>does anybody have a proxy-arp dmz and also running tinydns & dnscache? > > > > Anybody have such s

Re: [leaf-user] dnscache vs. dmz ???

Matthew Schalit wrote: > > Michael D. Schleif wrote: > > thank you, for your continued interest . . . > > > > Matthew Schalit wrote: > > > >>Michael D. Schleif wrote: > >> > >>>"Michael D. Schleif" wrote: > >>>

Re: [leaf-user] dnscache vs. dmz ???

"Michael D. Schleif" wrote: > > Matthew Schalit wrote: > > Do you forward and masq from the dmz to internal or just forward? > > Have you posted all the rules you're using for that? > > this could be it: > > <http://www.helices.org/tm

Re: [leaf-user] dnscache vs. dmz ???

Matthew Schalit wrote: > Please tell me you've added ipchains -l logging to every packet > 1) inbound on dmz nic > 2) outbound from dmz nic > 3) inbound on internal nic > 4) outbound on internal nic > 5) forwarded by any forward rule > > and r

Re: [leaf-user] dnscache vs. dmz ???

"Michael D. Schleif" wrote: > > Matthew Schalit wrote: > > > > > Please tell me you've added ipchains -l logging to every packet > > 1) inbound on dmz nic > > 2) outbound from dmz nic > > 3) inbound on

Re: [leaf-user] dnscache vs. dmz ???

Brad Fritz wrote: > > On or before Wed, 09 Oct 2002 11:06:30 EST mds and Charles S wrote: > > mds> I cannot get dmz hosts to resolve addresses for remote internet > mds> sites solely via tinydns-public and dnscache ;< tinydns tries to > mds> resolve the name and gives up, without so much as as

Re: [leaf-user] dnscache vs. dmz ???

Charles Steinkuehler wrote: > > > > I think Charles hit the nail on the head when he said: > > > > > > cs> You have to point the DMZ systems at the IP of dnscache, *NOT* > tinydns, > > > cs> as tinydns does not do recursive queries. I think that's the > root of > > > cs> your problem. Switch t

Re: [leaf-user] dnscache vs. dmz ???

Thank you, Charles, et al. for your continued participation . . . Charles Steinkuehler wrote: > > > root@bluetrout:/root > > # ip addr > > . . . > > 7: eth0: mtu 1500 qdisc pfifo_fast qlen 100 > > link/ether 00:a0:c9:9e:57:70 brd ff:ff:ff:ff:ff:ff > > inet 192.168.1.254/24 brd 192.168.1

Re: [leaf-user] dnscache vs. dmz ???

OK, it gets more interesting ;> [1] As you know, here is a summary of the dcd: root@bluetrout:/etc # ip addr . . . 7: eth0: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:a0:c9:9e:57:70 brd ff:ff:ff:ff:ff:ff inet 192.168.1.254/24 brd 192.168.1.255 scope global

Re: [leaf-user] dnscache vs. dmz ???

Thank you, for your participation . . . Ray Olszewski wrote: > > Sorry to jump into this late. > > You say: > > >[4] I need help understanding what is going on in lines like this: > > > >64.4.197.69 > 64.4.197.65: icmp: 64.4.197.69 udp port 32868 > > unreachable [tos 0xc0] > > > >

Re: [leaf-user] dnscache vs. dmz ???

Charles Steinkuehler wrote: > > Comments inline. > > > Yes, I, too, have been confused by some of this. We have several > > successful proxy-arp dmz's; so, when we built this one, we started by > > cloning those other config's and changing addresses, &c. and it > appeared > > to be working as e

Re: [leaf-user] dnscache vs. dmz ???

Charles Steinkuehler wrote: > So...it looks like either dnscache is mis-configured (bad send-from IP), > or more likely, that your masquerade rule connecting the internal > network with the DMZ is mangling (masquerading) the return traffic. Why am I thinking about correcting the error and dnsc

Re: [leaf-user] dnscache vs. dmz ???

Charles Steinkuehler wrote: > > > > > 17: wan1: mtu 1500 qdisc pfifo_fast qlen > 100 > > > > link/ppp > > > > inet 64.4.222.157 peer 64.4.222.158/32 scope global wan1 > > > > inet 64.4.197.99/32 scope global wan1 > > > > inet 64.4.197.100/32 scope global wan1 > > > > inet 64.

[leaf-user] ipsec connect to this?

Received following set of requirements for one of our DCD's to connect to a remote non-DCD site: ISAKMP Policy: Encryption: 3DES Hash: MD5 Authentication: pre shared keys Diffie Helman group 1 or 2 Use the following key: IPSec

[leaf-user] DCD vs. ipsec ???

Not sure what changed. This was working (many months) between these two (2) dcd gateways until I was testing for dcd--cisco vpn last night ;< Details are here -- shout if you want to see more: trout -- bluetrout : Basically, both sides' ip

Re: [leaf-user] DCD vs. ipsec ???

OK, clever is not always good ;> I had tried to hardcode the udp port 500 and protocols 50/51 stuff in network.conf and ipchains.input, which apparently is not adequate? When I turned on leftfirewall=yes, then it all works, again . . . "Michael D. Schleif" wrote: > > No

Re: [leaf-user] ipsec connect to this?

comes back. Unfortunately, the other side is not cooperative, because he insists that we must use a cisco like he is, and he's determined to prove that to us all ;< When I select type=transport, auth.log process never completes and no ``IPSec SA is established ...'' appears. Wh

[leaf-user] nat between gateways ???

ipsec before nat ??? need to know: ipsec v1.91 [A] private networks ^ | v dcd nat/masq ipsec === t-1 | v internet

Re: [leaf-user] nat between gateways ???

tunnel without any errors in auth.log nor kern.log. What we cannot do is get any answer -- *NOTHING* comes back !?!? Andre insists that we need to nat/masq *AFTER* the ipsec transform -- hence my questions regarding: nat between gateways ipsec before nat Michael D. Schleif wrote:

Re: [leaf-user] nat between gateways ???

"Michael D. Schleif" wrote: > conn %default > authby=rsasig > auto=start > # keyexchange=ike > keyingtries=0 > # keylife=8h > left=%defaultroute > leftfirewall=yes > [EMA

Re: [leaf-user] nat between gateways ???

Charles Steinkuehler wrote: > > Michael D. Schleif wrote: > > "Michael D. Schleif" wrote: > > > > > > > >> conn %default > >> authby=rsasig > >> auto=start > >> # keyexchange=ike > >

Re: [leaf-user] nat between gateways ???

I am confused ;< In order to address the original vpn problem, we have setup a pilot vpn between two (2) of our DCD's. How does this scenario qualify as ``martian'' ??? root@bluetrout:/root # tail -f /var/log/kern.log Nov 11 22:08:09 bluetrout kernel: martian source d233e490 for 9dde0440, dev w

Re: [leaf-user] nat between gateways ???

Charles Steinkuehler wrote: > > Michael D. Schleif wrote: > > I am confused ;< > > > > In order to address the original vpn problem, we have setup a pilot vpn > > between two (2) of our DCD's. > > > > How does this scenario qualify as ``martia

Re: [leaf-user] nat between gateways ???

"Michael D. Schleif" wrote: > > Charles Steinkuehler wrote: > > > > Michael D. Schleif wrote: > > > Every time that I think that I understand what constitutes martian-ness, > > > I am tossed a new wrinkle ;> > > > > > > What d

Re: [leaf-user] nat between gateways ???

Charles Steinkuehler wrote: > > Michael D. Schleif wrote: > > Charles Steinkuehler wrote: > >> You don't give enough information to correctly diagnose martian errors, > >> which are based pretty much entirely on the status of the route tables. > >>

Re: [leaf-user] nat between gateways ???

Charles Steinkuehler wrote: > > Michael D. Schleif wrote: > > For futher information, please, let me know and I will be as verbose as > > necessary on a separate webpage. Let's hope that I remember to publish > > the final solution exhaustively to the list ;>

Re: [leaf-user] nat between gateways ???

Charles Steinkuehler wrote: > > Michael D. Schleif wrote: > > Charles Steinkuehler wrote: > >> Regardless, the firewall rules on pinktrout are a > >> "Must see", especially given the log errors. > > > > Simply ipchains -nvL ??? > > Ye

Re: [leaf-user] nat between gateways ???

Charles Steinkuehler wrote: > > Michael D. Schleif wrote: > > > > Charles Steinkuehler wrote: > >> > >> Michael D. Schleif wrote: > >> > > >> > Charles Steinkuehler wrote: > >> >> Regardless, the firewall r

Re: [leaf-user] nat between gateways ???

Charles Steinkuehler wrote: > > Michael D. Schleif wrote: > > > > Charles Steinkuehler wrote: > >> > >> Michael D. Schleif wrote: > >> > > >> > Charles Steinkuehler wrote: > A couple problems here. First, you're trying to pi

Re: [leaf-user] nat between gateways ???

Charles Steinkuehler wrote: > You should have a host-subnet VPN, linking pinktrout's public IP with > the 192.168.1.0/24 behind bluetrout. With no advanced routing rules and > no masquerade rules in place, you will *NOT* be able to communicate > either between host-host (pinktrout - bluetrout)

Re: [leaf-user] Question running Dachstein Router/FW/DHCP/DSN and Unix...

Also sprach Matt Schalit (Sat 01 Mar 02003 at 11:36:51AM -0800): > Dennis hasn't told us how he has Shorewall setup. Probably, because he's running Dachstein without Shorewall? -- Best Regards, mds mds resource 888.250.3987 - Dare to fix things before they break . . . - Our capacity for unde

[leaf-user] ipsec tunnel pings OK; but *NO* app traffic ?!?!

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We thought that we had a successful tunnel between our side, with DCD gateway and freeswan v1.91, and a client with a cisco router. Both sides successfully ping each other; but, the application on our side cannot establish a tcp connection to the othe

[leaf-user] Fw: [OT, announcement] emKnoppix

- Forwarded message from Rajkumar S <[EMAIL PROTECTED]> - From: Rajkumar S <[EMAIL PROTECTED]> Organization: Linuxense Information Systems To: Debian User List <[EMAIL PROTECTED]> Date: Sat, 06 Sep 2003 00:01:35 +0530 X-Mailing-List: <[EMAIL PROTECTED]> archive/latest/298559 Subject: [OT,

<    1   2   3   4   5   >