Can someone please help me get this worked out?
Nate
Ok these are my nat rules now, I didn't see a command to change the rule
numbers so i just redid them all by hand. It still doesn't work.
rule 1 {
type: destination
inbound-interface: eth0
protocols: tcp
5. any help on the CLI regardless of level show bash options vrs th vyatta
engine options.
(confusing to say the least )
If you're logged in as root, you'll get Unix commands listed as well
as Vyatta commands
during tab completion/help. However, if you're an admin level user, you'll just
Here's what I use to port-forward ssh; just adjust for address (where
destination address is the public IP) and change it to http.
rule 2 {
type: destination
inbound-interface: eth0
protocols: tcp
source {
network: 0.0.0.0/0
#3 - I agree, please bring back my beloved ?! Its an automatic reflex
to hit ? whenever I'm in a router. I end up hitting it 3 or 4 times
before I realize that its echoing the char to the screen rather than
activating help.
That and the new CLI being mildly confusing (i'm adjusting to it)
Frankly I miss the ? and space auto-completion too, but am slowly
getting use to the tabtab. Given that the new cli is integrated with
bash and ? has special meaning to bash, then it probably limits our
usage of ? for help.
stig
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Aubrey, when you say it's mildly confusing, what are you referring to?
-- Dave
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Aubrey Wells
Sent: Tuesday, January 29, 2008 7:48 AM
To: Ken Felix (C)
Cc: vyatta-users@mailman.vyatta.com
Subject: Re: [Vyatta-users]
Do you recall if grub was installed and setup during the install?
Sound like it wasn't. Since this was a fresh install, you could go
back in and re-install or use the grub-update/install tools and that
might get you going.
e.g
unix command update-grub or grub-install
So boot the
Hi
I have just install vyatta from livecd using the command install-system
and everything went fine I got the message Done. But now when I removed my
livecd and boot from HDD it doesnt read the partition table, its a brand new
computer with Intel Dual Core, 1gb, RAM 80 GB SATA and Intel
I guess its just so wildly different than any other router I've ever
been on that it threw me for a loop with the bash integration. After
reading the docs, it just talks about the new CLIs benefits, it bever
actually says hey dummy, you just need to type your commands at the
shell I had to
I'm going to retry the md5 auth this afternoon when I get some more
vyatta console time ;) Other then these immediate issues, it's been
holding stable. I have to recheck, BGP4 and ipsec, and then know for
sure are is good.
I'm assuming at some later date , a new vyatta user guide will be
Personally, I'd try Alpha 1. It'll need more polishing and features
to add (which
is why it's an alpha) but there are major improvements with the
routing protocols.
Check the Glendale bug list, and see if you'd be affected by any of these first
(like no GUI yet).
Also note that you're existing
okay thanks for replies.
People help with this please, how can I block ssh on router i.e.
192.168.10.45 using firewall, I want to give access of ssh to say only ip
xxx.xxx.xxx.xxx
On 30/01/2008, Beau Walker [EMAIL PROTECTED] wrote:
You'll want to ask the List that. I could only answer your
Yeah I can view my inside internal webserver through my router using NAT,
what I cant do is to view the same webserver from internal lan. If I want to
view it I have to issue its internal ip and I cant go through the router.
My eth0 192.168.10.45 (acting as WAN)
My eth1 192.168.1.1 (My Internal
GW,
If you're trying to access the web server from the 192.168.1.x network,
your client's browser should simply point to http://192.168.1.244. It
should not point to the 192.168.10.45:81 location because the traffic
never reaches the router.
John
Go Wow wrote:
Yeah I can view my inside
Hi
I want to configure my firewall so that it blocks the internal systems from
telnet'ing each other.
My config is
eth0 192.168.10.45 (acting as WAN)
eth1 192.168.1.1 (Internal Lan)
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
I believe you'd have to set up a firewall on each PC to block telnet
access from the local subnet, or start using VLANs.
The telnet traffic will connect to your internal systems just by going
through your switches with the current configuration. The router will
never even see the traffic.
See the Vyatta docs at http://www.vyatta.com/documentation/index.php; there
are examples in the firewall chapters.
Best,
Justin
On Jan 29, 2008 12:17 PM, Go Wow [EMAIL PROTECTED] wrote:
okay thanks for replies.
People help with this please, how can I block ssh on router i.e.
192.168.10.45
Frankly I miss the ? and space auto-completion too, but am slowly
getting use to the tabtab. Given that the new cli is integrated
with
bash and ? has special meaning to bash, then it probably limits our
usage of ? for help.
stig
_
From: [EMAIL PROTECTED]
Out of couristiy, does Vyatta (I'm currently using community edition 3) support
vlan trunking? I have yet to see in any documenation or tutorials any sort of
the word trunk. I have seen tutorials that have 2-3 vlan (vif interfaces) on a
single physical interface-- so I guess its just implied
Note also that if the '?' key is bound to auto-completion, the user can still
input the '?' character using the readline escape sequence (i.e., in this case
Ctrl-v ?). So basically it came down to a choice between these:
(1) Keep '?' key as help. To input a '?' character, prefix it with Ctrl-v.
You are correct, a vif is a dot1q tagged vlan interface where the vif
number is the vlan id. so to tag vlan 27 and 29 on interface eth0:
set interfaces ethernet eth0 vif 27
set interfaces ethernet eth0 vif 29
set interfaces ethernet eth0 vif 27 address 10.1.1.1 prefix-length 24
set interfaces
In case people don't know about this: instead of '?', a user can get the help
text using either of the following two key sequences: Alt = or Alt ?.
(These are the default key bindings for possible-completions in
readline/bash.)
An-Cheng Huang wrote:
That was the first thing I tried when we
Stig Thormodsrud wrote:
#3 - I agree, please bring back my beloved ?! Its an automatic reflex
to
hit ? whenever I'm in a router. I end up hitting it 3 or 4 times
before
I
realize that its echoing the char to the screen rather than activating
help.
Has anyone explored using ~/.inputrc to
Give show log | match ERROR a try.
Justin
On Jan 29, 2008 2:00 PM, Jostein Martinsen-Jones [EMAIL PROTECTED] wrote:
I have this problem again. Now i was able to login to a user account I
created, but unable to view logfiles since im in xorpsh.
2008/1/28, Justin Fletcher [EMAIL PROTECTED]:
I vote for #1. Maybe its just because I've been doing this for quite a
while, but I would think that most people who would be annoyed about
not being able to put a ? in a description or something know how to
use the ctrl-v escape like with a cisco. maybe it can be a config
option?
set
Log result attached.
I managed to login if I changed the passwords for my troubled users.
Somethimes the encrypted-password didn't get encrypted.
2008/1/29, Justin Fletcher [EMAIL PROTECTED]:
Give show log | match ERROR a try.
Justin
On Jan 29, 2008 2:00 PM, Jostein Martinsen-Jones [EMAIL
I'd vote for #1 also (but my thinking may be warped by over a decade of
IOS development using the ? key ;-).
The other thing to consider is the principle of least astonishment for the
over 100,000 downloads of vyatta before glendale.
stig
I vote for #1. Maybe its just because I've been
This is my firewall config, look in rule 2 192.168.10.2 is my gateway, I
added thinking that my internal LAN users would still have access to
internet but there arent having can someone tell me why? or give me some
pointers please.
firewall {
log-martians: enable
send-redirects:
And I have added it to eth0 for in and local traffic only.
On 30/01/2008, Go Wow [EMAIL PROTECTED] wrote:
This is my firewall config, look in rule 2 192.168.10.2 is my gateway, I
added thinking that my internal LAN users would still have access to
internet but there arent having can someone
I was searching the internet and found this script which can be used to get
a complete url log using squid.
http://www.benking.me.uk/2007/10/24/vyatta-forwarding-traffic-to-squid/
#!/bin/sh -e
#
# rc.local
#
# Modified to forward to squid cache
#
# This script is executed at the end of each
Hmm, gotcha. I guess that makes sense actually.
I'll see if I can't figure it out.
Nate
On Wed, 2008-01-30 at 08:49 +0530, Go Wow wrote:
Nathan i can even view it, from inside LAN you cannot view it, if i
remember correctly someone said when you try to enter on NAT'ted ip
from inside network
Nathan i can even view it, from inside LAN you cannot view it, if i remember
correctly someone said when you try to enter on NAT'ted ip from inside
network the router doesnt know the address where it needs to forward your
request. Now look im not a networking guru and not even iptables guru so
*shrug* same here
Are you trying to hit the natted address from inside the LAN that is
being natted to? Hairpin NAT doesnt work in iptables...
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Jan 29, 2008, at
I just connected and see the Apache 2 test page running on CentOS
John
Nathan McBride wrote:
First off I appreciate help from everyone, this is a nice change to some
mailing lists I'm used to. Unfortunately, I am still having the same
problem. I'm giving out real information, probably
First off I appreciate help from everyone, this is a nice change to some
mailing lists I'm used to. Unfortunately, I am still having the same
problem. I'm giving out real information, probably shouldn't, but
that's how frustrated I am. I just get an unable to connect error. The
firewalls are
Yeah I was about to say the same thing as Aubrey said, I had the same issue
when i was trying to access the NATt'ed ip from inside the LAN, try to
access it from outside any ip.
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
John just told me he can get to the page too.
From inside the lan I am going to a browser and typing
www.nombyte.com. And it doesn't work?
Nate
On Tue, 2008-01-29 at 22:08 -0500, Aubrey Wells wrote:
*shrug* same here
Are you trying to hit the natted address from inside the LAN that is
It sounds like you're a victim of hairpin natting. Very frustrating.
Iptables doesnt do it (that I know of.) I first encountered this on a
PIX firewall years ago and thought it was an absurd limitation (then I
found out my beloved linux couldn't do it either and was crushed).
Cisco fixed
Its been a while since I researched it, but I think there was
something about the way netfilter_conntrac tracks the NAT sessions
that prevents the hairpin nat from working. I never figured out a way
around it and no one on google was helpful either.
The usual solution is to put a dns entry
Another way would be to have these kind of servers (which needs to be
access from LAN ) on another subnet. Looks feasible to me.
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Can't I do another nat rule?
On Tue, 2008-01-29 at 22:25 -0500, Aubrey Wells wrote:
It sounds like you're a victim of hairpin natting. Very frustrating.
Iptables doesnt do it (that I know of.) I first encountered this on a
PIX firewall years ago and thought it was an absurd limitation
This is my complete configuration, I want to add firewall such that all the
internal LAN should be able to access internet as there are having access
now without firewall, I want only port 80 443 to be open to all (yes it
should be accessible from anywhere) and lastly I have a webserver nat'ted on
hi,
i've installed vyatta community edition, from vyatta-livecd-vc3.iso,
as a fully-virutalized (HVM) Xen DomU on a Fedora8 Dom0.
install went without a noticeable hitch.
on domain shutdown/restart,
xm create -c vyatta_run.cfg
@ console, i see,
Using config file
Hi Nate,
If the problem you're seeing is caused by external vs. internal DNS problem
(external access is fine, but internal hosts resolve the server to the external
address and therefore cannot access it), you might be able to work around it
using NAT. See the following message from the list
44 matches
Mail list logo
