> > A few more details are needed here...why are you using a web proxy? Where > > is the proxy logically on your network, and can it see the weblet pages? > > What proxy settings are you using in your browser? > > I'm only using a proxy because of my cable modem connection --- rogers @home > (default setup of IE5.0 with the cable companies instructions. I think the > proxy is at Rogers and intended for supplying cached data instead of going > direct (saves their bandwidth). > > I don't think it can see the web pages because, I suspect, the default f/w > rules in D-CD don't allow port 80 to be accessed from eth0 (the Internet), > just from eth1 (my soho network).
Yes, you will need to access the weblet page directly...IIRC, most browsers will let you bypass the proxy for specific pages, or at least for the local network. Internet Exploder has a 'bypass proxy for local addresses' setting that will probably let weblet work while still using the proxy for general internet browsing. > > > 2) IPSec doesn't seem to work (from a registered address elsewhere to my > > lrp > > > box). Seems to be a firewall issue as well. I see deny'd packets for > > proto > > > 17, port 500 (IKE perhaps?). Is this a simple fix in network.conf? > > > > Yes...you need to open UDP port 500 for authentication: > > > > EXTERN_UDP_PORTS="<remote IPSec system>_500" > > > > You'll also need to make sure protocol 50 and/or 51 packets are allowed > > through the firewall, or the link will come up but no data will flow. > > What is the best way to open up these ports and protocols? Where do I > change a setting? Also, this is a RW configuration, so I'll have to open it > up for all addresses, so should I be using 0.0.0.0/0 as "<remote IPSec > system>"? These settings are controlled in /etc/network.conf. See the inline comments in this file, and my documentation on the settings (not yet updated to Dachstein, but still quite useful...most settings haven't changed): http://lrp.steinkuehler.net/files/packages/network.txt You should also read through all the notes on my ipsec.lrp page, and the FreeS/WAN documentation on firewall settings. You will need to use 0/0 instead of a specific IP if you're supporting road-warriors with dynamic IP's. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
