> -----Original Message----- > From: Charles Steinkuehler [mailto:[EMAIL PROTECTED]] > Sent: Saturday, November 03, 2001 11:33 PM > To: Keith Laidlaw; LEAF > Subject: Re: [Leaf-user] Stumped on silly things > > > > OK. I have D-CD rc3 running. Very little changed, but I added > > sshd-1,ipsec,mawk,ifconfig > > > > I have a windows network on the eth1 side and a cablemodem on the eth0 > side. > > > > Most works perfectly, including ssh but > > > > 1) When I try to access the LEAF weblet page I have to turn off my web > proxy > > or it failed. Is this because the default setup won't allow access to > that > > from eth1? How do I change that? > > A few more details are needed here...why are you using a web proxy? Where > is the proxy logically on your network, and can it see the weblet pages? > What proxy settings are you using in your browser?
I'm only using a proxy because of my cable modem connection --- rogers @home (default setup of IE5.0 with the cable companies instructions. I think the proxy is at Rogers and intended for supplying cached data instead of going direct (saves their bandwidth). I don't think it can see the web pages because, I suspect, the default f/w rules in D-CD don't allow port 80 to be accessed from eth0 (the Internet), just from eth1 (my soho network). > > > 2) IPSec doesn't seem to work (from a registered address elsewhere to my > lrp > > box). Seems to be a firewall issue as well. I see deny'd packets for > proto > > 17, port 500 (IKE perhaps?). Is this a simple fix in network.conf? > > Yes...you need to open UDP port 500 for authentication: > > EXTERN_UDP_PORTS="<remote IPSec system>_500" > > You'll also need to make sure protocol 50 and/or 51 packets are allowed > through the firewall, or the link will come up but no data will flow. What is the best way to open up these ports and protocols? Where do I change a setting? Also, this is a RW configuration, so I'll have to open it up for all addresses, so should I be using 0.0.0.0/0 as "<remote IPSec system>"? > > Charles Steinkuehler > http://lrp.steinkuehler.net > http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) > > > _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
