Just got back to work today after a long weekend and ready to try tackling
this prob again...
First off, was it okay for me to remove the $ from:
INTERN_SERVERS=tcp_$192.168.1.2_smtp_10.10.10.200_smtp or should I put it
back in?
MX records are the DNS entries that tell remote systems how to
Chris Low wrote:
Just got back to work today after a long weekend and ready to try tackling
this prob again...
First off, was it okay for me to remove the $ from:
INTERN_SERVERS=tcp_$192.168.1.2_smtp_10.10.10.200_smtp or should I put it
back in?
The $ should be left out...you want:
Here's the output of ip addr list:
1: lo: LOOPBACK,UP mtu 3924 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope global lo
2: ipsec0: NOARP mtu 0 qdisc noop qlen 10
link/ipip
3: ipsec1: NOARP mtu 0 qdisc noop qlen 10
Chris Low wrote:
EXTERN_TCP_PORTS=0/0_25
to allow anyone on the internet to send you e-mail, and you'll probably
have a lot better luck.
Did it and still not receiving. Also tried Mike's suggestion to remove the
$ from INTERN_SERVERS=tcp_$192.168.1.2_smtp_10.10.10.200_smtp. Backed up
the
Chris Low wrote:
Apologies for the typo in my previous messages. My two problems haven't
gone away--1) Exchange server is not receiving internet email and 2)
workstations cannot browse the web. I'm thinking my first problem is
related to Doug's problem under the recent headers: Dachstein Port
Chris,
Chris Low [EMAIL PROTECTED] wrote:
I made the following changes to network.conf:
# Uncomment following for port-forwarded internal services.
# The following is an example of what should be put here.
# Tuples are as follows:
# protocol_local-ip_local-port_remote-ip_remote-port
EXTERN_TCP_PORTS=0/0_25
to allow anyone on the internet to send you e-mail, and you'll probably
have a lot better luck.
Did it and still not receiving. Also tried Mike's suggestion to remove the
$ from INTERN_SERVERS=tcp_$192.168.1.2_smtp_10.10.10.200_smtp. Backed up
the firewall and
On Wednesday 12 February 2003 02:49 pm, Chris Low wrote:
EXTERN_TCP_PORTS=0/0_25
to allow anyone on the internet to send you e-mail, and you'll probably
have a lot better luck.
Did it and still not receiving. Also tried Mike's suggestion to remove the
$ from
Apologies for the typo in my previous messages. My two problems haven't
gone away--1) Exchange server is not receiving internet email and 2)
workstations cannot browse the web. I'm thinking my first problem is
related to Doug's problem under the recent headers: Dachstein Port
Forwarding, but
Chris Low wrote:
Okay, today I'm trying to get our Exchange 2000 mailserver online behind
the firewall.
Currently mail is set to go straight from our ISP's router to 192.168.1.2
(the ip address of our exchange server)
I'm trying to do a minimal amount of work to get the firewall in between
Chris Low wrote:
It needs to be 192.168.1.2 to match the address the mail is being
forwarded to.
I'll give it a try.
Didn't work. Still can only send, not receive.
Have you loaded the portfw module???
is it listed in the lsmod command?
Yep.
modulepages used by
Okay, today I'm trying to get our Exchange 2000 mailserver online behind
the firewall.
Currently mail is set to go straight from our ISP's router to 192.168.1.2
(the ip address of our exchange server)
I'm trying to do a minimal amount of work to get the firewall in between
the ISP's router
On Friday 07 February 2003 05:18 pm, Chris Low wrote:
# TCP services open to outside world
# Space seperated list: srcip/mask_dstport
#EXTERN_TCP_PORTS=216.171.153.128/25_ssh 0/0_www 0/0_1023
EXTERN_TCP_PORTS=192.168.1.1/24_25
It needs to be 192.168.1.2 to match the address the mail is being
It needs to be 192.168.1.2 to match the address the mail is being
forwarded to.
I'll give it a try.
Have you loaded the portfw module???
under the modules menu, ip_masq_portfw is uncommented. is there something
else that needs to be done to get it to load?
On Friday 07 February 2003 06:00 pm, Chris Low wrote:
It needs to be 192.168.1.2 to match the address the mail is being
forwarded to.
I'll give it a try.
Have you loaded the portfw module???
under the modules menu, ip_masq_portfw is uncommented. is there something
else that needs to be
It needs to be 192.168.1.2 to match the address the mail is being
forwarded to.
I'll give it a try.
Didn't work. Still can only send, not receive.
Have you loaded the portfw module???
is it listed in the lsmod command?
Yep.
modulepages used by
ip_masq_portfw
Several specifics below. But first a general one: looking at changes to
config files helps us understand what you are trying to do, and sometimes
we can spot an error that way. But it also helps to know what you are
actually doing ... that is, how the router's underlying configuration
really
Thanks to Steve the weblet is now running. I had 10.10.10.0/255.255.255.0
added in the hosts.allow files, but didn't realize I also had to add
10.10.10./255.255.255.0 as well.
(a) port forward traffic to port 25 on the LEAF router to the
10.10.10.x mail server
(b) have the ISP
At 01:44 PM 2/4/03 -0800, Chris Low wrote:
Thanks to Steve the weblet is now running. I had 10.10.10.0/255.255.255.0
added in the hosts.allow files, but didn't realize I also had to add
10.10.10./255.255.255.0 as well.
(a) port forward traffic to port 25 on the LEAF router to the
If your overall LAN setup is simple enough, this will work. Since this
approach double NATs all the traffic (first by the LEAF router; second
by the ISP someplace), there is always some risk that something you
implement will run into a rare problem. Worry most about things that you
are port
I'm back at work for the week now so I'll try the suggestions you guys gave
since Thursday. In the meantime, I moved the firewall to a more accessible
location and reconnected it with new cables. Now I get the following msg
popping up every few seconds:
eth0: rtl8139 Interrupt line blocked,
Okay, my dhcpd file now reads as follows:
subnet 10.10.10.0 netmask 255.255.255.0 {
option routers 10.10.10.254;
option domain-name esimail.org;
option domain-name-servers 127.0.0.1;
range 10.10.10.1 10.10.10.199;
}
I made the newbie mistake of thinking option meant optional so I hadn't
At 03:17 PM 2/3/03 -0800, Chris Low wrote:
[...]
and checked the things Ray asked about:
the masq rule reads:
0 0 MASQ all -- 0xFF 0x00 eth0 10.10.10.0/24 0.0.0.0/0 n/a
[...]
Three more question before I go though:
1) Since the ISP's router is set to route incoming mail to
Chris,
Ray covered everything but Weblet.
For Weblet you seem to have everything except the /etc/hosts.allow file
changed. Check and make sure that it has 10.10.10. in there too.
Best,
Steve
On Mon, 2003-02-03 at 16:17, Chris Low wrote:
Okay, my dhcpd file now reads as
Now that I check it, the ip for eth0 changed overnight--unless someone
rebooted the firewall when I wasn't here. it's new ip is 192.168.1.38 which
I can successfully ping from both the firewall and NT.
But I still can't ping past it to 208.57.96.252 (on the NT is says Request
timed out on the
At 12:31 PM 1/30/03 -0800, Chris Low wrote:
Ray, thanks for working with me on this.
Chris -- Your routing table is sufficiently a mess that your problems are
probably a by-product of that.
I'm not even sure how to edit the routing table.
*You* don't edit the routing table. You edit the
Chris Low wrote:
Ray, thanks for working with me on this.
Chris -- Your routing table is sufficiently a mess that your problems are
probably a by-product of that.
I'm not even sure how to edit the routing table. The only thing I did was
th initial configuration (load the rtl8139 modules for
After rebooting sometimes I can't ping the firewall or log in via ssh, even
if I didn't change any settings. Is this normal?
A. The external ISP's router is on network 192.168.1.0/24 and
provides DHCP leases for at least a portion of that network.
B. The Dachstein router is
That'll teach me to send replies before checking email...
Now I updated some settings per Charles' email as follows:
dhcpd daemon config:
subnet 10.10.10.0 netmask 255.255.255.0
dnscache:
LRP internal IP--10.10.10.254
querying hosts IP's--added 10.10
hosts.allow
added--ALL:
Chris Low wrote:
That'll teach me to send replies before checking email...
Now I updated some settings per Charles' email as follows:
dhcpd daemon config:
subnet 10.10.10.0 netmask 255.255.255.0
dnscache:
LRP internal IP--10.10.10.254
querying hosts IP's--added 10.10
hosts.allow
added--ALL:
At 04:10 PM 1/30/03 -0800, Chris Low wrote:
[...]
now I can ping everything from the firewall, and get a 10.10.10 ip address
for the NT box
but still only eth1 from the NT box behind the firewall. everything else
gets a Request timed out error.
What info would be helpful for you to get me to
On Thursday 30 January 2003 06:27 pm, you wrote:
Chris Low wrote:
dnscache:
LRP internal IP--10.10.10.254
querying hosts IP's--added 10.10
Under sh-hpptd.conf: Server_Name=10.10.10.254 and
Server_Addr=10.10.10.254
Interfaces:
eth1_IPADDR=10.10.10.1 try 10.10.10.254
I've searched the archives, but the only thing that looked helpful to me
was the following:
Dachstein and its predecessors block private ips by default. In Dachstein
you can just comment out the line that denies these It is in
/etc/ipfilter.conf - under stopmartians procedure # RFC
Chris -- Your routing table is sufficiently a mess that your problems are
probably a by-product of that.
You have both interfaces (eth0 and eth1) on the same /24 network
(192.168.1.0/24):
ip addr show
[...]
7: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100
link/ether
Thanks for the help so far, and for helping me along as I limp through
this. Here is how the physical setup goes:
T1 to Adtrans (provided by our ISP which handles DHCP)
This goes to a 3Com Superstack II hub
From there we currently lease out 4 lines and connect our own LAN.
Some of the leased
On Monday 27 January 2003 06:46 pm, Chris Low wrote:
So I've connected a line from the hub to eth0 and connected eth1 to the
switch along with the rest of the LAN.
Shouldn't this work, or do I need to do something else special to Dachstein
to bring it up running?
As long as the NIC's and
Okay, these two messages are the requested output files. This first one is
the output when I followed only the initial setup and added ssh. The next
message will be the output when I set it up to use a static external IP
address.
Thanks for the help,
Chris
Leaf Distribution:
This message is the output when I set it up to use a static external IP
address.
Thanks for the help,
Chris
Leaf Distribution:
dachstein-cd-v1.0.2
uname -a:
Linux Nimrod 2.2.19-3-LEAF-RAID #4 Sat Dec 1 17:27:59 CST 2001 i386 unknown
ip addr show:
1: lo: LOOPBACK,UP mtu 3924 qdisc
On Wednesday 22 January 2003 03:02 pm, Chris Low wrote:
Okay, these two messages are the requested output files. This first one is
the output when I followed only the initial setup and added ssh. The next
message will be the output when I set it up to use a static external IP
address.
Jan 21
Chris wrote:
Two things:
1) Is this bad or normal:
Jan 16 15:23:05 Nimrod kernel: The PCI BIOS has not enabled the device at
0/48! Updating PCI command 0003-0007.
Jan 16 15:23:05 Nimrod kernel: eth0: RealTek RTL8139 Fast Ethernet at
0xfe00, IRQ 9, 00:90:47:01:98:80.
Jan 16 15:23:05 Nimrod
Two things:
1) Is this bad or normal:
Jan 16 15:23:05 Nimrod kernel: The PCI BIOS has not enabled the device at
0/48! Updating PCI command 0003-0007.
Jan 16 15:23:05 Nimrod kernel: eth0: RealTek RTL8139 Fast Ethernet at
0xfe00, IRQ 9, 00:90:47:01:98:80.
Jan 16 15:23:05 Nimrod kernel: The PCI
41 matches
Mail list logo
