Hej Erich (sorry for PM),
thanks once more!
Am 09.07.2015 um 19:41 schrieb Erich Titl:
Hi Boris
Am 09.07.2015 um 19:24 schrieb Boris:
Hej Erich,
..
You could try to assemble a list of IP addresses for the service you
want to access. I would not recommend that.
Better you should use
Hej LEAF-user,
no troubles since years (thank you all!!) but now I found a new phenomen
and do not know how to handle - hope to find some help in here
I'm running an older leaf box as router and firewall (3.1) and use a
name-based rule in shorewall to filter some stuff, something like
Hej Erich,
thanks a lot for taking part!
Am 09.07.2015 um 18:45 schrieb Erich Titl:
Hi Boris
Am 09.07.2015 um 18:13 schrieb Boris:
Hej LEAF-user,
no troubles since years (thank you all!!) but now I found a new phenomen
and do not know how to handle - hope to find some help in here
Hi Boris
Am 09.07.2015 um 19:24 schrieb Boris:
Hej Erich,
..
You could try to assemble a list of IP addresses for the service you
want to access. I would not recommend that.
Better you should use rules for specific services, allow those services
unrestricted or to a group of addresses you
Hi Boris
Am 09.07.2015 um 18:13 schrieb Boris:
Hej LEAF-user,
no troubles since years (thank you all!!) but now I found a new phenomen
and do not know how to handle - hope to find some help in here
I'm running an older leaf box as router and firewall (3.1) and use a
name-based rule in
Hello. I have change providers from DSL to cable and I've updated my
Bering box to version 4.1.1. Should be the easiest setup all defaults
usually work. I get internet access but DNS doesn't work. Once I put
Google DNS servers on single boxes everything works. No DNS on Bering
box. Where
Am 05.01.2012 15:40, schrieb dummyc:
Hello. I have change providers from DSL to cable and I've updated my
Bering box to version 4.1.1. Should be the easiest setup all defaults
usually work. I get internet access but DNS doesn't work. Once I put
Google DNS servers on single boxes everything
Thank You so much - fixed. I'm just getting ezipupd connection
refused but I'll deal with that later. DNS works no problem. Thank You
again.
Andrey
On 05/01/2012 10:26 AM, KP Kirchdoerfer wrote:
Am 05.01.2012 15:40, schrieb dummyc:
Hello. I have change providers from DSL to cable and I've
As per the Question in the first referenced Wiki page, I think we should
include this configuration in the default disk images rather than making many
users change the configuration as per the documentation.
IMHO, most users will expect DNS to just work for something like a cable
modem
I bet your external interface is setup for DHCP. What is happening is that
your DHCP client is rewriting resolv.conf with the DHCP data it is getting
from your ISP (effectively ignoring your manually entered values). You need
to tell DHCPcD (or whichever client daemon you are using on the external
I did more hunting around, got a grep to search the whole /etc. I
found the old DNS IPA's in /etc/dnscache/[env/DNS1, root/servers/@].
In lrcfg/packages/dnscache FORWARD_ONLY is YES, so I changed the DNS
addresses there, i.e. DNS1, backed-up rebooted. Then I never got a
dial-out, so I edited
On 12/15/2007 16:10, Paul Rogers wrote:
I did more hunting around, got a grep to search the whole /etc. I
found the old DNS IPA's in /etc/dnscache/[env/DNS1, root/servers/@].
In lrcfg/packages/dnscache FORWARD_ONLY is YES, so I changed the DNS
addresses there, i.e. DNS1, backed-up rebooted.
I'm still happily running Bering-1.2, thanks to all. My ISP recently
changed their upstream wholesale provider. There are new DNS servers,
though the ISP's DNS records still reference the old nameservers, which
don't work properly anymore. I've gone into lrcfg and put the new
nameserver
Hello,
I trying to setup multi-isp configuration (using latest bering-uClibc
3.1-beta1), and began reading the corresponding doc:
http://www.shorewall.net/3.0/MultiISP.html
I am not clear on how the DNS resolution happens if a DNS request
from one provider goes to the other provider's
Hi Craig,
What is the output of daemon.log if you restart it? (svi dnsmasq restart)
Hi folks,
I made the changes that Eric suggested, and I still can't resolve names. I
see in this document: http://leaf.sourceforge.net/doc/bk02ch13s08.html
it references changing the /etc/shorwall/rules to
AM
To: Craig Caughlin
Cc: 'Leaf-User '
Subject: Re: [leaf-user] DNS problems?
Hi Craig,
What is the output of daemon.log if you restart it? (svi dnsmasq restart)
Hi folks,
I made the changes that Eric suggested, and I still can't resolve names. I
see in this document: http
,
Craig
-Original Message-
From: Eric Spakman [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 31, 2006 12:07 AM
To: Craig Caughlin
Cc: 'Leaf-User '
Subject: Re: [leaf-user] DNS problems?
Hi Craig,
What is the output of daemon.log if you restart it? (svi dnsmasq restart)
Hi
,
Craig
-Original Message-
From: Eric Spakman [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 31, 2006 12:07 AM
To: Craig Caughlin
Cc: 'Leaf-User '
Subject: Re: [leaf-user] DNS problems?
Hi Craig,
What is the output of daemon.log if you restart it? (svi
Spakman [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 31, 2006 12:07 AM
To: Craig Caughlin
Cc: 'Leaf-User '
Subject: Re: [leaf-user] DNS problems?
Hi Craig,
What is the output of daemon.log if you restart it? (svi dnsmasq restart)
Hi folks,
I made the changes that Eric suggested
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of KP
Kirchdoerfer
Sent: Tuesday, October 31, 2006 5:55 AM
To: leaf-user@lists.sourceforge.net
Cc: Eric Spakman; Craig Caughlin
Subject: Re: [leaf-user] DNS problems?
Hi
the name of the option and the file has been
Hi folks,
I'm guessing I don't have DNS (dnqmasq) set up correctly on the new Bering.
I can reach the internet (like Google for example) just fine by using its IP
address (66.102.7.99), but I can't otherwise.
I set up the new Bering (Bering-uClibc_3.0-beta2) dnsmasq just like my old
Bering
Hi!
-Original Message-
From: Craig Caughlin [mailto:[EMAIL PROTECTED]
Sent: segunda-feira, 30 de Outubro de 2006 14:16
To: 'Leaf-User (E-mail)'
Subject: [leaf-user] DNS problems?
Hi folks,
I'm guessing I don't have DNS (dnqmasq) set up correctly on
the new Bering.
I can reach
-
From: Craig Caughlin [mailto:[EMAIL PROTECTED]
Sent: segunda-feira, 30 de Outubro de 2006 14:16
To: 'Leaf-User (E-mail)'
Subject: [leaf-user] DNS problems?
Hi folks,
I'm guessing I don't have DNS (dnqmasq) set up correctly on
the new Bering.
I can reach the internet (like Google
: Luis.F.Correia [EMAIL PROTECTED]
Hi!
-Original Message-
From: Craig Caughlin [mailto:[EMAIL PROTECTED]
Sent: segunda-feira, 30 de Outubro de 2006 14:16
To: 'Leaf-User (E-mail)'
Subject: [leaf-user] DNS problems?
Hi folks,
I'm guessing I don't have DNS (dnqmasq) set up correctly
Hi!
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: segunda-feira, 30 de Outubro de 2006 15:44
To: 'Leaf-User (E-mail)'
Subject: Re: [leaf-user] DNS problems?
Thanks, Luis.
The only reason I made these changes is because my old Bering
worked just
: [leaf-user] DNS problems?
Hi folks,
I'm guessing I don't have DNS (dnqmasq) set up correctly on
the new Bering. I can reach the internet (like Google for example) just
fine by using its IP address (66.102.7.99), but I can't otherwise.
I set up the new Bering (Bering
-
From: Eric Spakman [mailto:[EMAIL PROTECTED]
Sent: Monday, October 30, 2006 8:05 AM
To: [EMAIL PROTECTED]
Cc: 'Leaf-User '
Subject: Re: [leaf-user] DNS problems?
Hello Craig,
The only modification necessary, if you use dhcpc and want the integrated
dhcp daemon, is:
resolve-file=/etc/dhcpc
Hello Andrew , you wrote
I´m running Bering u-Clibc 2.1.3
I have 5 static IP´s coming in from my ISP. (eth 0)
4 of them are proxyARPed to the DMZ. (eth 2)
The last IP is serving my local network. (eth 1)
My dmz is basically web servers with port 80 open.
Outside my network, people can see
I’m running Bering u-Clibc 2.1.3
I have 5 static IP’s coming in from my ISP. (eth 0)
4 of them are proxyARPed to the DMZ. (eth 2)
The last IP is serving my local network. (eth 1)
My dmz is basically web servers with port 80 open.
Outside my network, people can see my servers just fine, but from my
Hi folks,
I'm not sure if this is related to my other hiccups, but I don't think so.
My problem is that I don't seem to be able to resolve DNS names. I can
connect to web sites if I know their IP address, but I can't ping anyone via
FQDN either from my LAN or from the firewall. Suggestions?
Thank
Craig Caughlin wrote, On 02/13/2005 05:22 PM:
Hi folks,
I'm not sure if this is related to my other hiccups, but I don't think so.
My problem is that I don't seem to be able to resolve DNS names. I can
connect to web sites if I know their IP address, but I can't ping anyone via
FQDN either from my
: Re: [leaf-user] DNS problems?
Craig Caughlin wrote, On 02/13/2005 05:22 PM:
Hi folks,
I'm not sure if this is related to my other hiccups, but I don't think
so. My problem is that I don't seem to be able to resolve DNS names. I
can connect to web sites if I know their IP address, but I can't
Hi all,
I'm having trouble getting a Mailman server (using Exim 3.35) to resolve
names properly. It is situated in the DMZ (192.168.2.x) of a network using
Dachstein CD102. I have an Exchange mail server in the internal network
(192.168.1.x).
I have tinyDNS running on the firewall. The internal
Doug Sampson wrote:
Hi all,
I'm having trouble getting a Mailman server (using Exim 3.35) to resolve
names properly. It is situated in the DMZ (192.168.2.x) of a network using
Dachstein CD102. I have an Exchange mail server in the internal network
(192.168.1.x).
I have tinyDNS running on the
I could not get timydns to answer for two internal networks. My
solution is:
.private.network::localhost
.1.168.192.in-addr.arpa::localhost
=tworoute.private.network:192.168.1.254
=localhost.private.network:192.168.1.1
.dmz.network::localhost
.2.168.192.in-addr.arpa::localhost
In shorewall, it is simple to use mac addresses for firewalling.
In /etc/shorewall/rules, to accept say ftp from the net to a server in
the dmz:
ACCEPT net dmz tcp 21
But, say you want only a specific host to have ftp access, say your
buddy, who has some mac like 02:00:08:E3:FA:58 (for
It's possible to take an interface's MAC layer address and change it
arbitrarily. One would also need to worry about ARP attacks.
Unfortunately, I think you'd have the same amount of security with MAC
layer filtering as you would with IP filtering.
Ryan
(for instance)
I am setting up a wireless card under Bering and I wanted to provide limited
access to it. But because I know that eventually the WEP will be cracked
and someone will get an IP address from the DHCPd server, I want to know if
I can redirect all traffic from (example) 192.168.2.0 except
What might work even better would be to match on MAC layer address.
This doesn't protect you from somone spoofing one of your friends MAC
addresses ... if you're concerned about that, I'd recommend making all
connections go through a VPN, where you can authenticate the user prior
to them being
Sorry ... to expand on the last email I sent, the kind of ipsec
connection you'd want to make is host to subnet or the famous 'Road
Warrior' configuration.
More info here (among other places):
http://leaf.sourceforge.net/devel/mohansundaram/Bering%20VPN%20Howto.htm
Ryan
Joey Officer wrote:
PROTECTED]
To: Leaf-User [EMAIL PROTECTED]
Sent: Thursday, December 04, 2003 7:45 AM
Subject: [leaf-user] DNS Redirection
I am setting up a wireless card under Bering and I wanted to provide limited
access to it. But because I know that eventually the WEP will be cracked
and someone will get an IP
Joey
Joey Officer wrote the following at 15:45 04.12.2003:
I am setting up a wireless card under Bering and I wanted to provide limited
access to it. But because I know that eventually the WEP will be cracked
and someone will get an IP address from the DHCPd server, I want to know if
I can
Hey everyone,
I'm using Bering-uClibc 2.0 and setup tinydns and dnscache on it.
However I'm having a problem where after about 5-10 minutes dns
lookups fail. If I restart dnscache from init.d things go back to
normal. I was wondering if anyone here might be able to help me
out with this
I'm sure this is way too much junk, but I'm including it to be
safe. Earlier when I mentioned that I was having problems with
ntpdate and ez-ipupdate those problems always persist, with or
without dns resolution working for machines behind the firewall.
Which makes me think perhaps I need to
Raymond,
Some other things that might be helpful...(meant to include in the
last email but hit send too soon sorry)
The ntpdate and ez-ipupdate stuff were related to shorewall not
being configured properly by me, as Jacques Nilo pointed out.
firewall# df -h ; free
Filesystem
Hello !
The question here is that I can´t ping the external IP
address of the cisco router or do a traceroute and
when I try to open my web broser in any of my local
PCs it doesn´t work. It says that it can open the
website, and the same for the mailing tool Outlook
From the above i
At 10:27 PM 10/9/2003 +0200, Jose Luis Abuelo Sebio wrote:
Hey how is everybody doing?
Let see if you can spot me here with my problem.
Did you receive the response I sent to the prior version of this message?
If not, please check the list archive for it. If yes, please provide the
information
Hey how is everybody doing?
Let see if you can spot me here with my problem. I
use to work with Bering 1.2 for VLAN issues but now I
want to configure an old machine as a firewall using
the software shorewall which is include in Berig 1.2.
I have downloaded the quick start guide for a simple
Raymond Page [EMAIL PROTECTED] writes:
ability to dns lookups from my Bering box. It can ping nameservers, however
the lookup seems to have died. Any ideas why?
The first bet is always that the generated logs are not taken by the
responsible processes. If that occurs, dnscache will stop
On Tuesday 01 July 2003 04:26 pm, Raymond Page wrote:
not really sure what the problem is, and could use debugging pointers, ie.
look for processes, how to enable and then check relevant logs, so i can be
more elaborate with what is wrong.
My problem is that after an hour or so of no active
not really sure what the problem is, and could use debugging pointers, ie.
look for processes, how to enable and then check relevant logs, so i can be
more elaborate with what is wrong.
My problem is that after an hour or so of no active internet use, I lose the
ability to dns lookups from my
Hi,
I open holes in the firewall from specific IP addresses to allow access
to my pptp server.
ACCEPT net:X.X.X.X fw tcp 1723
ACCRPT net:X.X.X.X fw 47
and for my friends with dynamic IPs, they have dynamic DNS entries.
ACCEPT net:MyIP.No-IP.Org fw tcp 1723
ACCEPT
On Sun, 2003-06-29 at 02:45, James Neave wrote:
Hi,
I open holes in the firewall from specific IP addresses to allow access
to my pptp server.
ACCEPT net:X.X.X.X fw tcp 1723
ACCRPT net:X.X.X.X fw 47
and for my friends with dynamic IPs, they have dynamic DNS entries.
On Sun, 2003-06-29 at 07:48, Tom Eastep wrote:
The shorewall guides don't say anything about putting DNS entries in the
rules file, appart from that you can.
See http://www.shorewall.net/configuration_file_basics.#dnsnames
Er -- make that
On Sun, 2003-06-29 at 08:17, James Neave wrote:
Aha,
didn't see that bit...
OK.
Anything I can do about it? This is way beyond my meager problem solving
skills...
I suspect that Shorewall is starting before dnscache so you will need to
reverse their startup order. The means for
Hello,
I accidentally saw the following in /var/log/messages:
May 29 07:41:23 router kernel: Shorewall:all2all:REJECT:IN= OUT=eth2
SRC=192.168.2.254 DST=192.168.2.201 LEN=61 TOS=0x0
0 PREC=0x00 TTL=64 ID=61994 DF PROTO=UDP SPT=53 DPT=1028 LEN=41
My DMZ subnet is 192.168.2.x, 192.168.2.201 is
On Fri, 30 May 2003 08:37:56 -0700, M Lu [EMAIL PROTECTED] wrote:
Hello,
I accidentally saw the following in /var/log/messages:
May 29 07:41:23 router kernel: Shorewall:all2all:REJECT:IN= OUT=eth2
SRC=192.168.2.254 DST=192.168.2.201 LEN=61 TOS=0x0
0 PREC=0x00 TTL=64 ID=61994 DF PROTO=UDP
Henning, Brian wrote:
i am running udhcp on my leaf box and i was wondering where i
could find the
dns lease info.
The DNS server's IP address is written to /etc/resolv.conf, which should be
updated automatically by the dhcp client
what i want to know is what my dhcp server's ip address is
greetings,
i am running udhcp on my leaf box and i was wondering where i could find the
dns lease info.
what i want to know is what my dhcp server's ip address is and i want to
know how many hops i have to make to get to it.
thanks for any help,
brian
Craig
At 01:10 10.07.2002, you wrote:
Hi folks,
For those who have replied, I'm running the vanilla, Dachstein CD. The
only thing I have changed from the default configuration is to uncomment
the correct NIC drivers, and changed the root password. That's it. I've
left everything else alone...if
Hi folks,
As I indicated from an earlier port, I'm trying to learn about nslookup.
It doesn't work at all from my Dachstein firewall, so I decided to try
nslookup, and its various command line options, from a computer on my
LAN thinking that would work. Unfortunately, I don't think it really
does
Hi folks,
I notice in the network configuration file, the default entry for DNS0
is the loopback address of 127.0.0.0. Right below that is another (but
commented out) DNS0 and DNS1. I see it says that those are where you'd
put your primary and secondary DNS settings. My questions is: Should I
At 06:22 AM 7/8/02 -0700, Craig wrote:
Hi folks,
I notice in the network configuration file, the default entry for DNS0
is the loopback address of 127.0.0.0. Right below that is another (but
commented out) DNS0 and DNS1. I see it says that those are where you'd
put your primary and secondary DNS
Hi folks,
I use the default, Dachstein CD firewall...so I don't know the answer to
this reply. Should I only have the 127.0.0.1 entry (doesn't Dachstein
use tinydns?)...or should I use my LAN computers and my Dachstein
firewall as resolvers and include the addresses of my appropriate DNS
servers
I sent the prior reply you quote below. The reasons I said it depends is
because it does. There is no single *right* answer to the follow-up
question you ask. What is best for you depends on a detailed view of the
network that the Dachstein router is routing. Either you have to tell us a
lot
On Mon, 2002-07-08 at 11:39, Ray Olszewski wrote:
I sent the prior reply you quote below. The reasons I said it depends is
because it does. There is no single *right* answer to the follow-up
question you ask. What is best for you depends on a detailed view of the
network that the Dachstein
this is shorewall status output:
tcp 6 431899 ESTABLISHED src=192.168.20.5 dst=64.4.12.45 sport=2185 dport=1863
src=64.4.12.45 dst=63.25.123.58 sport=1863 dport=2185 [ASSURED] use=1
udp 17 30 src=192.168.20.5 dst=192.168.20.254 sport=2359 dport=53 [UNREPLIED]
src=192.168.20.254
On Fri, 2002-07-05 at 08:51, Brock Nanson wrote:
Hi Alan,
I'm on the Shaw network as well. I don't have tinydns going on my box,
so there may be (likely is) a more elegant way to fix this with tinydns.
What I did was simply put the long 'shawmail.cg.shawcable.net' name in
my email client
Date: Thu, 04 Jul 2002 20:45:32 -0700
From: Alan Silvester [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [leaf-user] DNS problem
Hi
I've got my Bering firewall working, but there's a small
problem with DNS lookups. My ISP's mail and news servers are
shawmail and shawnews. When
On Fri, 5 Jul 2002, Brock Nanson wrote:
Date: Thu, 04 Jul 2002 20:45:32 -0700
From: Alan Silvester [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [leaf-user] DNS problem
Hi
I've got my Bering firewall working, but there's a small
problem with DNS lookups. My ISP's mail
On Thu, Jul 04, 2002 at 08:45:32PM -0700, Alan Silvester wrote:
Hi
I've got my Bering firewall working, but there's a small problem with
DNS lookups. My ISP's mail and news servers are shawmail and
shawnews. When I ping these from the firewall, they are resolved to
shawmail.cg.shawcable.net
On Fri, Jul 05, 2002 at 12:41:57AM -0400, George Georgalis wrote:
On Thu, Jul 04, 2002 at 08:45:32PM -0700, Alan Silvester wrote:
Hi
I've got my Bering firewall working, but there's a small problem with
DNS lookups. My ISP's mail and news servers are shawmail and
shawnews. When I ping these
On Fri, 5 Jul 2002, George Georgalis wrote:
On Fri, Jul 05, 2002 at 12:41:57AM -0400, George Georgalis wrote:
On Thu, Jul 04, 2002 at 08:45:32PM -0700, Alan Silvester wrote:
Hi
I've got my Bering firewall working, but there's a small problem with
DNS lookups. My ISP's mail and news
Since no good deed ever goes unpunished, I have another question.
:) And you caught me just before I'm headed home...
I have a
Dachstein VPN/Firewall (A) with IPSEC tunnels to a Dachstein VPN/Firewall
(B) and a Cisco router running IPSEC VPN (C). I am using dnscache to
provide DNS
hi,
I am having a bit of trouble with DNS cache and seawall.
I have a DNS in the DMZ to deal with several domains we host. If I
put an entry in 'dnsservers' in seawall.conf I can perform DNS query on
this server, but all incoming DNS request are denied at the REMOTE chain.
If I remove the
I
am running Dachstein rc2 with seawall version41 and dnscache. I noticed that
while browsing I was having slow load times. I turned on logging and I saw
this:
Nov 29 12:37:14 firewall kernel:
Packet log: remote DENY eth0 PROTO=17 192.36.148.17:53 192.139.75.156:48655
L=312 S=0x00
PROTECTED], Linux-Router
([EMAIL PROTECTED]) [EMAIL PROTECTED],
'Seawall-User ([EMAIL PROTECTED])
[EMAIL PROTECTED]
Subject: [Leaf-user] DNS being blocked?
Date: Thu, 29 Nov 2001 14:12:31 -0600
I am running Dachstein rc2 with seawall version41 and
dnscache.
I noticed that while browsing
Yep. That was the problem. Thanks!
-Original Message-
From: Simon Bolduc [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 29, 2001 3:00 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [Leaf-user] DNS being blocked?
Seawall
I've checked, double checked, and triple checked this a number of times -
the culprit is ads.x10.com. Every time I see this ad, I check my lrp.
Consistently, this is the onlysite for me that causes this DNS flood in my
logs. Unfortunately, this ad site is attaching to more and more web
On Fri, 26 Oct 2001 14:44:02 -0300 you wrote:
Brad, when you go to Weather.com, do you happen to notice one of those
stupid pop-under ads from x10.com?
It's been a long time since I've been to weather.com (because of
the irritating popups, and overuse of graphics and applets), but
I do seem
On Thu, 25 Oct 2001 17:49:35 PDT Robert wrote:
This afternoon I received 292 log items in 6 seconds.
There was a lot of discussion of these floods on the linux-router
list in late April and May of this year. IIRC, they are response
time measurement probes that are part of a global
81 matches
Mail list logo
