Hi all,
I have a client with an interesting situation, regarding VPN needs. They are a
small database consulting group, who need secure remote access across a variety
of scenarios:
1. Sitting in their US office, accessing multi-vendor VPN systems at major
corporations.
2. Sitting at the c
On the topic of re-numbering networks:
I have recently installed DachCD, and noticed the comments in network.conf for
eth1 specify "DO NOT CHANGE." I assume this is due to some hard-coded
instances of this explicit IP, rather than a variable. I noticed in the weblet
config, 192.168.1.254 is
Charles,
I will poke around in the places you mentioned, and document what I find. I
also caught part of a November thread in which there was talk of formalizing
some beginner-level doc for the CD distro --- did that ever come about? If not,
I could be talked into it --- I'm an infinitely qua
Well, it seems like you could *try* copying the working 3c5x9.o file to the
LEAF disk --- but with kernel differences it may not work. Another thing you
might try is the preconfigured modules.lrp for the 3c5x9 from
www.pigtail.net/LRP. In my experience, Nicholas does a great job of testing
t
Quoting Charles Steinkuehler <[EMAIL PROTECTED]>:
> There's no complete list...perhaps you could take notes and start one?
> Off
> the top of my head, you will need to edit/re-configure the following
> files/services if you change the internal network settings:
>
> - /etc/network.conf
> - /etc
This is an excellent How-to --- one I plan to base my upcoming docs off of ---
IF it ever comes back on line. I have tried accessing it for the last few
days, and it comes up dead
Dan
Quoting Greg Morgan <[EMAIL PROTECTED]>:
> One more idea is to use some of the other documentation. Tak
Do you have the corresponding ports *open* in the EXTERN_TCP_PORTS section? If
not, the forwarding rules are inside waiting for a bride that's locked out of
the church ;)
Also, since it looks like you have re-numbered your network from the default
(changed 192.168.1 to 192.168.0) you should h
Quoting Peter Jay Salzman <[EMAIL PROTECTED]>:
> once the lock was opened, she came screaming down the isle, rushed the
> altar and now the deed is done. i'm running a fully operational
> dachstein cd firewall.
>
Aye! She's a randy lass, that one ;)
___
I have two DachCD systems setup to begin testing IPSec. Both are assigned
external IPs in my 209.98.58.0/29 range, plugged into a hub that allows them to
share the outbound router. The first system, .244, can ping .246 with no
problem, and it can ping the router at .241. The system at .246 c
Ray & Charles,
Thanks for the direction. I will take a gander back thru the configs, and
probably start over with a clean floppy if it doesn't jump out at me. Likely I
nicked the code somewhere when I was changing the 192.168.1 references.
It'll be another learning experience :)
Dan
Quotin
Hi all,
I am not sure really how to describe what I am after, but I'll try to sketch
it.
In a situation in which a network needs to have broad compatibility with multi-
vendor VPN solutions (from clients sites to home office, and vice versa), it
appears that fully routable, legal IP addresse
OK, I give up. What is the magic combination for getting the ipsec.conf and
ipsec.secrets files to backup with DCD? I am thick, dense, and very
frustrated
Thanks,
Dan
___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/
After yanking several handfulls of hair from my head, I finally got my VPN lab
fully functional and tested. Thanks to all those here who helped.
I am in the process of documenting the process I used --- skipping all the
false starts, dead-ends, and hand-wringing ;-) I'll be interested in the
Building off of Charles' comment: If you *are* looking to enable subnet-to-
subnet browsing of Windows shares, Samba does the trick without much heartache
at all. I have an SME/e-smith box on one end of my VPN lab setup, and a remote
machine on the other end. The remote-end clients simply hav
eth0 on Dachstein will not route private IP addresses without the folloing
change, quoted from a recent reply from Charles on a related question:
[this behavior is controlled by]The stopMartians () procedure
of /etc/ipfilter.conf. You can comment out
the private IP blocks in this procedure if
> > That's neat, but I don't know of any micro sized 10/100 switches
> > that people can put into a pc. Do you?
> http://www.trust.com/products/frame-product.htm?artnr=12034
> unfortunatly, only 10MBits...
> Regards,
> Etienne
10/100 PCI card switch: http://www.trendware.com/products/TE100-S4PC
As taken from the man page of dhcp-options, DHCP2 supports:
'option www-server [address-list]'
As I understand it, this lists the Web servers available to the client, and is
primarily useful for defining proxy Web servers that a client must use.
...and:
'option smtp-server [address-list]'
What distribution are you using?
What IP addresses are you using for your external interface?
Quoting [EMAIL PROTECTED]:
> While sifting through docs I found this error which I have been
> receiving, while trying to
> ping any internet IP from the LRP box:
> sendto(): operation not permitted
>
A couple of things are happening. First, it seems that your Dach box is not
obtaining a proper address from your ISP. If your address used to be
24.116.x.x, you should be seeing something similar now. Since it is getting
assigned a 10.x.x.x address, the ipfilter code is generating the "opera
On another board to which I subscribe, they are tossing around this link
http://www.synapticserver.com/bpalogin_2howto.html
Supposedly, it has the low-down on your system. It is not specific to LEAF,
but should at least tell you how Linux in general needs to talk to that ISP's
system.
Good l
I dont' know if you have received any reply to this yet --- I had a bit of
mailbox problem yesterday, and this post doesn't seem to appear in the
archives...
Anyway, it appears this is a simple typo:
HERE===> tcp_${EXTERN_IP}_smtp_192.168.1.1_smtp is where you port forward
If your hardware isn't too old, changing media is really the way to go. If
your system's BIOS can support a bootable CD, that is unquestionably the way to
go. I switched from a single-floppy Eiger box to a Dachstein-CD setup (with
IPSec), and the flexibility is incredible. It's definitely wo
Perhaps I should have been clearer :) My intent was to say that if it boots
from the CD, you are a lot better off when loading packages, as the load time
is significantly faster than a floppy. That's what makes it "unquestionably
the way to go." Non-bootable CDs work, and give you the additi
Hi All,
Am I correct in assuming that Dachstein-CD will use the libz.lrp from the
floppy if I copy it there, rather than the one burned onto the CD? I am
also assuming J. Nilo's updated libz is suitable for this use -- is that
the case?
Thanks,
Dan
--
Optimum Networks, Inc.
Small Business
Just for clarification, if my system boots from the CD, it will still give
precedence to the libz.lrp from the floppy?
Thanks again,
Dan
- Original Message -
From: "Charles Steinkuehler" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; "Scott C. Best" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTE
I had to do something similar recently, and I'm still amazed at how uncommon
it seems to be -- there are not many examples around.
I can't speak to Bering-specific configurations, as I have only used
Shorewall on Red Hat and SuSE "minimal" installations, but I assume it is
Shorewall that will tak
Oopsreplyreply to allsame difference :P
- Original Message -
From: "dgilleece" <[EMAIL PROTECTED]>
To: "Scott C. Best" <[EMAIL PROTECTED]>
Sent: Sunday, March 31, 2002 11:05 AM
Subject: Re: [Leaf-user] Celeron/Pentium vs Duron/Athlon
> I
27 matches
Mail list logo
