You'll need to edit /etc/apt/sources.list to point to a Debian repository, then
install using apt-get.
Best,
Justin
On Thu, Mar 20, 2008 at 2:19 AM, piyush sharma [EMAIL PROTECTED] wrote:
Hi,
I am using VC3. I need to compile a package on the Vyatta machine using
gcc.
I was not able
It's still active - sometimes no one has a good answer (yet) :-)
The build system for VC4 is a bit complex, and some of the details are still
being worked out; it'll be posted when it's ready to go, which should be any
day now. After all, you've got to be able to build a project to
contribute to
Of Justin
Fletcher
Sent: Tuesday, March 04, 2008 11:16 AM
To: [EMAIL PROTECTED]
Subject: Re: [Vyatta-users] Cluster heartbeat / change to ucast?
Yes, you can edit the configuration directly; however, you'll need to
modify
it again on reboot as it's created from the Vyatta configuration
On Fri, Feb 29, 2008 at 1:15 PM, Poh Yong Hwang [EMAIL PROTECTED] wrote:
So the docs talking about Originating a route to eBGP Neighbours where it
uses static instead of connected is not really correct? Sorry, trying to
understand the difference between using a static route compared to using a
That's actually a harder problem - you can do it by changing where the system
looks for configuration on boot, install to disk and then modify the
files to change
what's mounted and where the system looks for the configuration, or build from
scratch and create your own LiveCD with the changes in
:33 PM, Justin Fletcher [EMAIL PROTECTED] wrote:
That's actually a harder problem - you can do it by changing where the
system
looks for configuration on boot, install to disk and then modify the
files to change
what's mounted and where the system looks for the configuration, or build
from
However, make sure it's not already filed before you do - this was bug 2478 :-)
https://bugzilla.vyatta.com/show_bug.cgi?id=2478
Justin
On Thu, Feb 28, 2008 at 10:42 AM, Dave Roberts [EMAIL PROTECTED] wrote:
File it for the bug bounty contest! ;-)
You are absolutely correct. Therefore
Some systems have issues with the virtual MAC addresses - try the
option to disable it.
Best,
Justin
On Mon, Feb 25, 2008 at 8:35 AM, Tobias Orlamuende
[EMAIL PROTECTED] wrote:
Ken,
You might have seen the vrrp priority of 150 for eth2 on R2 which was
just a test and replaced with 20 since
No, that's not intentional ;-) I haven't seen that before either - is
there any information
in the log files, or from show cluster status?
Do you end up in a split-brain situation where the two systems can't
exchange heartbeats?
The reboot-on-panic option takes effect on kernel panic, so it
Yes, it's not in the SNMP configuration file, but it's easy to fix.
As root, add to /etc/snmp/snmpd.conf:
sysServices 4
which shows that up to and including the internet layer is supported.
Then run
/opt/vyatta/sbin/snmpd.init restart
These are the commands for Glendale, but it'll either be
Unfortunately, you need to restart the system to recover from these
errors in this version. However, major changes have been made in
Glendale, so you won't see these issues in
the next release. Alpha 1 is available, so you can give it a try now.
Justin
On Thu, Feb 14, 2008 at 7:27 AM, [EMAIL
However, changes made directly to /etc/passwd are not preserved
on reboot, so you'd need to re-create the user account each time.
Justin
On Feb 11, 2008 3:44 AM, Davide Bologna [EMAIL PROTECTED] wrote:
Usually the vyatta user is meant for router
administration, so it have direct access to
Log in as root; that'll give you the Linux shell.
Best,
Justin
On Feb 10, 2008 9:09 PM, piyush sharma [EMAIL PROTECTED] wrote:
Sorry Stig, my question was meant for Vyatta in general.
I didn't edit the subject line earlier.
I have to run an application on the linux on the Vyatta machine.
It's just the order they were initially discovered by the system, and
it can vary.
It's also one of the reasons there's the hw-id parameter in the
interfaces section -
that way the interface your prefer is locked to an interface name. If
you want to
change the order, change the hw-id entry,
What's the last message before it hangs?
Justin
On Feb 7, 2008 2:12 PM, ken Felix [EMAIL PROTECTED] wrote:
I'm doing the same but with a 2gb and 4gb fast Compact Flash. It runs
great but I just notice a problem the last 2 days in my test lab and it
( host ) hangs at boot time. Could be y
If you're pinging public - public, it's the same subnet, which means the
devices are communicating directly, and not even going through the router,
so OSPF shouldn't be an issue.
Trace a traceroute from one of the devices in question, or see if you can
get a packet capture. COULD be a switch,
Ah - my mistake in terminology translation :-)
Since is IS running through the router, turn on tshark on one of the
router interfaces, see what's on the (virtual) wire when you start a ping.
Does the router even see it inbound through the virtual switch?
Justin
On Feb 6, 2008 5:05 AM, Joe Pub
Yes, the Vyatta will do this - with a LOT more control. Your Netopia
is doing NAT
for you; if you want it, you'll be able to configure it. By default,
of course, NAT
isn't configured on the Vyatta, so you'll have to set it up to get the
results you want.
Best,
Justin
On Feb 6, 2008 7:42 AM,
Definitely. It's part of the VLAN tag.
Best,
Justin
On Feb 4, 2008 9:26 PM, Go Wow [EMAIL PROTECTED] wrote:
Hey
I Have configured vlan in vyatta and bought a vlan enabled switch its
D-link DES-1226. I want to know when configuring the switch whether I
need to give the VID in switch the
Coming soon in a Glendale build near to you :-)
Justin
On Feb 4, 2008 9:26 PM, Dams [EMAIL PROTECTED] wrote:
Hi,
I would like to know if there is an option in vyatta to limit the bandwidth
on specific ip or all ip ?
Thanks
--
Cordialement / Sincerely
Dams
Port forwarding should be straight-forward with the Vyatta CLI; look for recent
ssh examples on this list.
Personally, I'd create a rule for each protocol and port/port range.
Best,
Justin
On Feb 4, 2008 8:31 PM, Nathan McBride [EMAIL PROTECTED] wrote:
Hey guys, I finally got my old comp which
Yes, I've had it enabled and working before. The traffic needs to hit a
firewall rule before it'll be logged; you may also need to adjust the global
log level down from it's current default of warning to informational or lower.
Justin
On Feb 1, 2008 2:12 PM, Go Wow [EMAIL PROTECTED] wrote:
To summarize, traffic does know anything about where it's been. There's no
guarantee that traffic will go back the same route it came in;
asymmetric routing
is very common.
All a router knows is the IP address of the destination packet it
needs to forward;
it'll then use its routing information
You apply a firewall on an interface-basis, and whether it's inbound, outbound,
or local to the router, so I think that'll do what you want (if I'm
interpreting correctly).
Best,
Justin
On Jan 22, 2008 8:58 AM, Elías Manchón López [EMAIL PROTECTED] wrote:
Hi Folks!.
I need set up a
for my troubled users.
Somethimes the encrypted-password didn't get encrypted.
2008/1/29, Justin Fletcher [EMAIL PROTECTED]:
Give show log | match ERROR a try.
Justin
On Jan 29, 2008 2:00 PM, Jostein Martinsen-Jones [EMAIL PROTECTED]
wrote:
I have this problem again. Now i was able
Yes, eth0 and eth1 should be on different subnets; if not, the router doesn't
know which interface should be used to send traffic to another device on that
subnet.
Best,
Justin
On Jan 30, 2008 7:47 AM, Daren Tay [EMAIL PROTECTED] wrote:
Hi guys,
I revisited the issue after getting a box to
:(
Maybe next time i'm unable to login with any account?
2008/1/30, Justin Fletcher [EMAIL PROTECTED]:
As you can see, nothing jumps out in the log. A detailed search may
turn up more information; otherwise, at least you've got a work-around
:-)
Justin
On Jan 29, 2008 2:48 PM
as router/firewall in
front of a couple of servers that soon will go live...
Since it's alpha, do you think I should do it? Just printed the whole
manual...
2008/1/30, Justin Fletcher [EMAIL PROTECTED]:
Maybe . . .
However, much of this has been resolved with associated changes in
Glendale
5. any help on the CLI regardless of level show bash options vrs th vyatta
engine options.
(confusing to say the least )
If you're logged in as root, you'll get Unix commands listed as well
as Vyatta commands
during tab completion/help. However, if you're an admin level user, you'll just
Here's what I use to port-forward ssh; just adjust for address (where
destination address is the public IP) and change it to http.
rule 2 {
type: destination
inbound-interface: eth0
protocols: tcp
source {
network: 0.0.0.0/0
-Original Message-
From: Justin Fletcher [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 29, 2008 12:18 AM
To: Daren Tay
Cc: Robert Bays; Vyatta-users@mailman.vyatta.com
Subject: Re: [Vyatta-users] Weird Routing problem on VC2
Glad you got that figured out - many pieces in play
See the Vyatta docs at http://www.vyatta.com/documentation/index.php; there
are examples in the firewall chapters.
Best,
Justin
On Jan 29, 2008 12:17 PM, Go Wow [EMAIL PROTECTED] wrote:
okay thanks for replies.
People help with this please, how can I block ssh on router i.e.
192.168.10.45
Give show log | match ERROR a try.
Justin
On Jan 29, 2008 2:00 PM, Jostein Martinsen-Jones [EMAIL PROTECTED] wrote:
I have this problem again. Now i was able to login to a user account I
created, but unable to view logfiles since im in xorpsh.
2008/1/28, Justin Fletcher [EMAIL PROTECTED
You'll find good firewall documentation and examples at
http://www.vyatta.com/documentation/index.php.
Best,
Justin
On Jan 27, 2008 10:38 PM, Erwin kobe Tolentino [EMAIL PROTECTED] wrote:
i want to to setup my vyatta as a router and firewall
i configured already the vyatta router but i want to
You shouldn't need the out rule; until a firewall is applied,
everything is accepted.
However, the simple rule is protocol any action accept. That should
do it if you
want to be thorough :-)
Justin
On Jan 28, 2008 7:28 AM, Nathan McBride [EMAIL PROTECTED] wrote:
Hey guys,
I just installed
It'll just work the other way to translate the Vyatta CLI into
iptables. It's not the other direction (but if you'd like to write a
translator, I'm sure it'd be appreciated!)
Justin
On Jan 28, 2008 1:44 PM, Go Wow [EMAIL PROTECTED] wrote:
hey
I want to create a rule with iptables, I want to
and spoke setup.
I am not using Glendale.
2008/1/27, Justin Fletcher [EMAIL PROTECTED]:
A few questions - are you terminating the VPN on the Vyatta router?
Is it site-to-site,
or are you running Glendale alpha and trying out the remote access
VPN? Or is the VPN a separate system
What are the destination addresses that are being forwarded?
Broadcasts shouldn't be forwarded, but the router needs to know that they're
broadcast addresses. It'll only recognize 10.1.255.255 and 10.2.255.255 as
broadcast addresses. If a system is sending requests to, say, 10.1.12.255
where a
There are a couple of choices. You can copy your configuration using
scp (it's /opt/vyatta/etc/config/config.boot) to another server. From
a blank slate/system,
all you need to do is to configure an interface and a default gateway,
scp the configuration
back, and load the restored configuration.
You'll want to create a firewall rule. By default, a router just
forwards the traffic
it's sent (assuming it can find a route to use for forwarding . . .)
Best,
Justin
On Jan 17, 2008 11:39 AM, Ben Speckien [EMAIL PROTECTED] wrote:
I am using Vyatta as a gateway to the internet and have
You'll also want to edit /etc/syslog.conf and change *.warning to *.*
to record all
log messages; otherwise, lower-level messages will be discared
You can check startup by hand by running /etc/init.d/vyatta-rtrmgr
start which will
save you the physical reboot --
Justin
On Jan 17, 2008 12:54 PM,
Are they all assigned to a system that's on a network that's directly
connected to the router?
On Jan 17, 2008 3:59 PM, Shane McKinley [EMAIL PROTECTED] wrote:
None of these next-hop addresses are assigned to an interface on the router.
Shane
-Original Message-
From: Justin
Are the next hops directly connected? There was an issue with
recursive route lookup --
On Jan 17, 2008 2:56 PM, Shane McKinley [EMAIL PROTECTED] wrote:
I have found the static routes causing the issue:
route XZ.85.142.64/26 {
next-hop: XX.128.129.18
metric:
Can you provide just a bit more information?
Justin
On Jan 17, 2008 4:41 PM, Rick Mitchell [EMAIL PROTECTED] wrote:
I cannot get the live cd to successfully boot up it tries to but
fails any suggestions
--
Rick Mitchell
___
Vyatta-users
to an interface on the
router.
Shane
-Original Message-
From: Justin Fletcher [mailto:[EMAIL PROTECTED]
Sent: Thu 1/17/2008 6:46 PM
To: Shane McKinley
Cc: vyatta-users@mailman.vyatta.com
Subject: Re: [Vyatta-users] Waiting for xorp_rtrmgr...
Are the next
No, no known issues the the cards, and six ports should be fine. I've got
that
many ports in production :-)
Justin
On Jan 10, 2008 2:22 AM, Daren Tay [EMAIL PROTECTED] wrote:
Hi guys,
just wanna check if there's any known issues for the following network
cards
with Vyatta:
Intel
It's disabled, and the current best practices have had it set this way for
quite a while.
See ftp://ftp.rfc-editor.org/in-notes/rfc2644.txt if you really want the
details :-)
Best,
Justin
On Jan 10, 2008 1:27 PM, Shane McKinley [EMAIL PROTECTED] wrote:
Is broadcast forwarding disabled by
And, of course, routes you add outside of the CLI aren't known to XORP. If
you add the route using protocol static you can then redistribute via
OSPF.
Justin
On Jan 8, 2008 11:57 AM, Jonathon Exley [EMAIL PROTECTED] wrote:
I have also had problems exporting connected routes into OSPF.
Try
When all else fails, reboot the router when you can try again.
Best,
Justin
On Jan 4, 2008 7:51 PM, Clint Chapman [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] configure
Entering configuration mode.
User vyatta is also in configuration mode.
[EMAIL PROTECTED] set protocols bgp
[edit]
[EMAIL
On Jan 2, 2008 12:18 AM, Vects [EMAIL PROTECTED] wrote:
Hello there,
Does vyatta support router on the stick configuration?
I want to deploy it in web hosting environment when every customer has
the own vlan.
Is there any known problem with firewall in such a configuration?
Thanks, Alexc
Not sure what like this means, but there's full documentation
available at vyatta.com, and on-line CLI help; just use the '?' key.
Best,
Justin
On Jan 2, 2008 2:55 PM, Ken Felix (C) [EMAIL PROTECTED] wrote:
Do we have any future support for something similar in vyatta? Cli online
help.
Depends on what you're looking for (of course :-) )
Since you're under NAT, nothing can find your system that you don't
have set up for forwarding. You could set up firewall rules for the public
address of your router, as it's wide-open otherwise, of course.
A happy 2008 to you,
Justin
On Jan
Do you have any specific questions after reviewing the documentation
at www.vyatta.com ?
Best,
Justin
On Dec 23, 2007 10:10 PM, Amit Srivastava [EMAIL PROTECTED] wrote:
Hi,
I want to configure 2 ISPs on my Vyatta server, How can i configure it ?
Someone can help me?
--
Regards
If you haven't, you'll need to:
Set up the internal address of the Vyatta router as the default
gateway provided by DHCP
Set up NAT so the private internal addresses are translated to your
static IP from your provider
Best,
Justin
On Dec 22, 2007 4:09 AM, Abhishek Jain [EMAIL PROTECTED] wrote:
Try lowering your syslog level to debug; the messages from OSPF are
likely filtered.
Best,
Justin Fletcher
On Dec 21, 2007 6:56 AM, Adair, Nick [EMAIL PROTECTED] wrote:
Hi All,
This is my configuration for syslog logging, right now we have
everything turned on and going to our syslog host
Yes, it's based on heartbeat, and it should allow you to specify any init.d
process as a service. However, not all are fully integrated with the
router manager,
so you may run into issues.
Best,
Justin
On Dec 18, 2007 2:01 PM, Ken Price [EMAIL PROTECTED] wrote:
Sanjoy,
Thank you for your
If they are both in private address space, the issue is whether the two know
how to communicate with each other, as private address space isn't routeable --
Best,
Justin
On Dec 18, 2007 5:36 PM, Marco De Sortis [EMAIL PROTECTED] wrote:
How to configure a VPN IPsec between 2 vyatta router both
would like
to peer with so I have plug it into my eth0. So what IP address should I set
on my eth0? Where can I set the IP range XX.XX.XX.XX/21 that I want to
announce?
Please advise.
Thanks!
Yongsan
On Dec 12, 2007 12:03 AM, Justin Fletcher [EMAIL PROTECTED] wrote
The default is minimal:
charon:~# cat /etc/syslog.conf
*.warning /var/log/messages
And by default, there's no syslog configuration in the Vyatta
configuration file.
Best,
Justin
On Dec 17, 2007 3:33 PM, [EMAIL PROTECTED] wrote:
All,
In my attempts to log firewall traffic (what I
Ah, yes - you can't actually change the MAC on some hardware, so you end
up in this confused state and only see packets destined for the interface in
promiscuous mode (hence the suggestion to disable the virtual MAC . . .)
Justin
On Dec 13, 2007 12:29 PM, Allan Leinwand [EMAIL PROTECTED] wrote:
) ...
On Dec 11, 2007 5:25 PM, Justin Fletcher [EMAIL PROTECTED] wrote:
Certainly. Let me know if you need more information (though there's a new
clustering chapter in the documentation for this :-) )
Best,
Justin
On Dec 11, 2007 8:22 AM, Senad Uka [EMAIL PROTECTED] wrote:
Thank
: 10.10.0.0/24
}
destination {
network: 10.20.0.0/24
port-number 3389
}
}
}
Quoting Justin Fletcher [EMAIL PROTECTED]:
You also need to apply the firewall rules to an interface
Well, yes - Vyatta has full BGP support, so you'll be able to peer
with your provider.
Best,
Justin
On Dec 10, 2007 7:26 PM, Poh Yong Hwang [EMAIL PROTECTED] wrote:
Hi,
New here and to Vynatta and hope to get advises on getting this up. I wish
to setup a BGP router for our current setup (We
You also need to apply the firewall rules to an interface, as in
firewall {
in {
name: inbound
}
local {
name: inbound
}
}
In the above case, it's for inbound traffic, and traffic destined for
the
The application is independent of the Vyatta router functions, but
you'll need the Vyatta build environment defined by other packages.
If all you're looking for is iputils, you can get the Debian source
package, or iproute functions from
http://www.linux-foundation.org/en/Net:Iproute2 .
Best,
Try VC3; there were a number of firewall issues addressed in that release.
Best,
Justin
On Nov 29, 2007 10:48 AM, Alain Kelder [EMAIL PROTECTED] wrote:
Hello,
I'm trying to set protocols to all for a destination NAT rule. But Vyatta
complains that it wants either TCP or UDP. However, in
It's also an integrated system; you configure the entire router
through the Vyatta
interface, rather than running multiple programs and editing numerous
and varied configuration files, all with different formats in
entertaining locations.
Justin
On Nov 26, 2007 3:20 PM, Max [EMAIL PROTECTED]
Try running parted before install-system and deleting any existing
partitions - I've had
that work on stubborn systems before ;-)
Best,
Justin
On Nov 24, 2007 1:43 PM, Rodrigo Romero III [EMAIL PROTECTED] wrote:
I'm trying to install VC3 on a server but it's giving me this error:
vyatta:/#
Just routing - you're identifying which traffic sources and
destinations that are tunneled.
Best,
Justin
On Nov 21, 2007 5:57 PM, Philippe Marcais [EMAIL PROTECTED] wrote:
What is the purpose of the following configuration line;
tunnel 1 {
local-subnet:
There's nothing special about routing VPN packets from the view of the
Vyatta router.
You can see the traffic that the Vyatta is seeing using the integrated
packet sniffer.
While logged in as the root user, run
tshark -n -i interface
to see the packets. For full packet detail, add -V.
Best,
There really shouldn't be any difference when you NAT with a public address;
it'll just be that your inside address is in public address space
instead of private.
Best,
Justin
On Nov 7, 2007 3:17 PM, David Marrow Jr [EMAIL PROTECTED] wrote:
Does any one have any suggestions?
How would I go
you possibly rephrase for me? :-)
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
404.478.2790
www.sheltonjohns.com
On Nov 5, 2007, at 11:31 PM, Justin Fletcher wrote:
Good questions - I think you're just seeing a synchronization issue.
If you see
Obvious question, but is this set the same on the routers on both
sides of the link?
Justin
On 10/23/07, Jon [EMAIL PROTECTED] wrote:
Hi all,
I have a problem with ospf loosing connection over high latency links. The
link in question will induce a delay from minimum 1 sec to a maximum of
This is available in the VC3 beta with the new clustering support.
Best,
Justin
On 10/19/07, Daren Tay [EMAIL PROTECTED] wrote:
Hi guys,
I am looking to implement a redundant router setup (based on vyatta). Is it
possible to use applications like Heartbeat to do this?
Or can I do it with
Yes, we ran into an issue with the repositories on Friday, and
disabled the repository while we resolve the issue, Hope to have it
back shortly -
Justin
On 10/15/07, Roar Bjørgum Rotvik [EMAIL PROTECTED] wrote:
Hi,
I see that the Vyatta yum repo under http://archive.vyatta.com/vyatta seems
You certainly can; I monitor Vyatta routers with MRTG and Nagios.
And, of course,
there's Net-SNMP (see http://net-snmp.sourceforge.net/) if you're just
looking for other
open source SNMP tools.
Looks like I'll have to check out JFFNMS :-)
Justin
On 10/10/07, SDamron [EMAIL PROTECTED] wrote:
I
Yes, it's outside of the router, and something to debug on the web
server. From http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.3:
10.3.3 302 Found
The requested resource resides temporarily under a different URI.
Since the redirection might be altered on occasion, the client
On 10/9/07, Daren Tay [EMAIL PROTECTED] wrote:
Hi there,
thanks for the kind pointers.
So if i want to use the default log (which I can view using show log) what
options should I use?
Daren
-Original Message-
From: Justin Fletcher [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 09 October
It's a recent discovery tracked in the Bugzilla database. In the next release,
the installation script checks for it, and ensures that you can't do that.
Justin
On 10/8/07, Scott Pickles [EMAIL PROTECTED] wrote:
I agree with Jeff. I too installed Vyatta using the default prompts. If
you are
Easiest way is with a show interfaces - it'll give you packet statistics.
By default, the system logs at warning level, so any major issues will be
visible using show log.
Justin
On 10/8/07, Daren Tay [EMAIL PROTECTED] wrote:
Hi guys,
I have been having problems with my web servers behind a
exist.
[edit]
I missed something?
Daren
-Original Message-
From: Justin Fletcher [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 09 October 2007 10:49
To: Daren Tay
Cc: vyatta-users@mailman.vyatta.com
Subject: Re: [Vyatta-users] Logging
Easiest way is with a show interfaces - it'll give
Yes, sounds like HD errors - I've installed this on systems without DMA,
and there's just a DMA error on bootup error or two.
Before you give up on your disk, run fsck (file system check) from the root
shell - it might be able to find and fix a few errors for you.
Best,
Justin
On 10/6/07, Scott
Any errors in /var/log/messages? If the router manager is running,
show log will
give you this information.
Justin
On 9/27/07, Art Perkins [EMAIL PROTECTED] wrote:
I have setup a basic bridge.
Built on: Wed Aug 22 00:18:00 UTC 2007
Build ID:
Do you have other hardware you could try the CD on? It's likely to be
something specific with that particular system, or it's possible there's a
problem that occurred when the CD itself was created.
Thanks,
Justin
On 9/21/07, silvertip257 [EMAIL PROTECTED] wrote:
Marat,
Here are the results.
unknown
Sep 21 15:05:45 vyatta login[4802]: (pam_unix) check pass; user unknown
Sep 21 15:05:51 vyatta login[4802]: (pam_unix) check pass; user unknown
Hopefully this helps.
Thanks for your interest,
Mike
On 9/21/07, Justin Fletcher [EMAIL PROTECTED] wrote:
Well, piffle. If xorpsh
There should be no required configuration on the Vyatta; from the
point of view of the router, it's just packets.
The VPN will need to be configured to support NAT traversal, of
course, as it looks like you're using NAT.
Dropped VPN connections are not likely to be an issue with the Vyatta
86 matches
Mail list logo