Re: [Vyatta-users] Digest versus Non-Digest Mail
> For the sake of those of us who subscribe to the Vyatta-users > mail in digest form (the once a day compilation), please try > only to quote the pertinent part of your reply to a poster. > Leaving the whole of the original post, when only a small > portion is needed to clarify your reply makes the messages > needlessly long. > And for the sake of whatever deity you hold sacred, don't > send confidentiality notices or 10-line pithy sayings in your > signature. This litters the ether with needless bits of crap > we just don't need when discussing open-source routing. > Thanks, ROFL! Amen! Yes! Seriously, good advice. The world is becoming more electronically connected. Mailing list hygiene is just as important as personal hygiene in this day and age. Trim where you can. ;-) -- Dave <> <> ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] DHCP relay in vif interfaces (vc3)
Thanks Marat, I will try it asap. Marat Nepomnyashy wrote: > Hi Sergio, > > There is a limitation in the VC3 release in that only 'ethX' values > can be specified for DHCP relay interfaces. This is due to overly > stringent validation checks. I just opened a new bug on this: > > https://bugzilla.vyatta.com/show_bug.cgi?id=2473 > > > A temporary work-around can be implemented using the attachments just > added to Bug 2473. > > There is the attachment id 238 that should be copied over the runtime > file '/opt/vyatta/share/xorp/templates/rl_dhcp.tp' on your router. > You will also need to apply the patch in attachment id 239 to the > runtime script file '/opt/vyatta/sbin/dhcrelay-starter.pl' to disable > another validation check. You will have to reboot the router for the > validation checks removals to take effect, so make sure you're running > off a disk rather than CDROM, or the changes will be lost. > > Hope this works for now, > > -- Marat > > - Original Message - From: "Sergio Garcia" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, November 14, 2007 4:34 AM > Subject: [Vyatta-users] DHCP relay in vif interfaces (vc3) > > >> Hi all. >> I hope you can help me with this doubt :) >> I want to relay dhcp requests incoming from tree eth1 vif's to a dhcp >> server but Vyatta VC3 only allows me to select "ethX" interfaces (X goes >> from 0 to 23). >> >> Is it possible to do this? Launching dhcrelay manually is not a good >> solution, but if it is the only way I will accept. >> >> Thanks in advance >> >> ___ >> Vyatta-users mailing list >> Vyatta-users@mailman.vyatta.com >> http://mailman.vyatta.com/mailman/listinfo/vyatta-users >> > -- This mail has been sent through DS2 mail server ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Problem with gateway, and vyatta internet update
Two things. 1) Your DHCP config should be handing out the inside ip of the vyatta box for the default-gateway to clients, in this case 10.0.0.1, not the default gateway of the vyatta box itself. 2) You need to give the vyatta box a name server so it can resolve addresses to get to the apt repository for updates. Do this: set system name-server 192.168.0.2 commit save And that will allow the vyatta router to look up host names to get on the internet. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group 404.478.2790 www.sheltonjohns.com On Nov 16, 2007, at 9:40 AM, GVerris wrote: Hi my name is Giannis and I am a new user of vyatta and I have some problems I use the vc3 This is my network PC1 (IP A) PC2 (IP B) PC3 (IP C) SERVER (IP D) ROUTER (NOT VYATTA) (IP E) (DNS & DHCP is disabled I want to used it as gateway only) And the role of firewall, dhcp, dns, router etc I want to be the vyatta Here is my config.boot /*XORP Configuration File, v1.0*/ protocols { static { disable: false route 0.0.0.0/0 { next-hop: 192.168.0.1 metric: 1 } } } policy { } interfaces { restore: false loopback lo { description: "" } ethernet eth0 { disable: false discard: false description: "Office Lan" hw-id: 00:50:bf:6b:0d:ce duplex: "auto" speed: "auto" address 10.0.0.1 { prefix-length: 24 disable: false } } ethernet eth1 { disable: false discard: false description: "Internet Wan" hw-id: 00:50:22:82:ef:63 duplex: "auto" speed: "auto" address 192.168.0.2 { prefix-length: 24 disable: false } firewall { local { name: "FWTELNET" } } } } service { dhcp-server { shared-network-name OfficeLAN { subnet 10.0.0.0/24 { start 10.0.0.50 { stop: 10.0.0.150 } dns-server 192.168.0.20 default-router: 192.168.0.2 lease: 86400 domain-name: "test.router" authoritative: "disable" } } } nat { rule 1 { type: "masquerade" outbound-interface: "eth1" protocols: "all" source { network: "10.0.0.0/24" } destination { network: "0.0.0.0/0" } } rule 2 { type: "destination" inbound-interface: "eth1" protocols: "tcp" source { network: "0.0.0.0/0" } destination { address: "192.168.0.1" port-name http } inside-address { address: 10.0.0.30 } } } telnet { port: 23 } webgui { http-port: 80 https-port: 443 } } firewall { log-martians: "enable" send-redirects: "disable" receive-redirects: "disable" ip-src-route: "disable" broadcast-ping: "disable" syn-cookies: "enable" name FWTELNET { rule 1 { protocol: "tcp" action: "reject" log: "disable" source { network: "0.0.0.0/0" } destination { port-name telnet } } rule 2 { protocol: "all" action: "accept" log: "disable" source { network: "0.0.0.0/0" } destination { network: "0.0.0.0/0" } } } } system { host-name: "vyatta" domain-name: "" time-zone: "GMT" ntp-server "69.59.150.135" login { user root { full-name: "" authentication { encrypted-password: "x" } } user vyatta { full-name: "" authentication { encrypted-password: "x" } } } package { auto-sync: 1 repository community { component: "main" url: "http://archive.vyatta.com/vyatta"; } } } /* Warning: Do not remove the following line. */ /* === vyatta-config-version: "[EMAIL PROTECTED]:[EMAIL PROTECTED]:dhcp- [EMAIL PROTECTED]:[EMAIL PROTECTED]:[EMAIL PROTECTED]:[EMAIL PROTECTED]:[EMAIL PROTECTED]" === */ Here is the problems 1.I can’t see the internet the dhcp works fine and the firewall,dns I suppose. 2. The vyatta
Re: [Vyatta-users] Vyatta-users Digest, Vol 23, Issue 33
Thanks Aubrey Wells. I typed 'save' to save it on the default file [EMAIL PROTECTED] wrote: > >Send Vyatta-users mailing list submissions to > vyatta-users@mailman.vyatta.com > >To subscribe or unsubscribe via the World Wide Web, visit > http://mailman.vyatta.com/mailman/listinfo/vyatta-users >or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > >You can reach the person managing the list at > [EMAIL PROTECTED] > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of Vyatta-users digest..." > > >Today's Topics: > > 1. Re: can't find my running config (Aubrey Wells) > 2. Re: can't find my running config (Aubrey Wells) > 3. Re: can't find my running config (James A. Shigley) > 4. Re: Vyatta-users Digest, Vol 23, Issue 32 (Isiak Solih Sadik) > > >-- > >Message: 1 >Date: Thu, 15 Nov 2007 16:06:38 -0500 >From: Aubrey Wells <[EMAIL PROTECTED]> >Subject: Re: [Vyatta-users] can't find my running config >To: James A. Shigley <[EMAIL PROTECTED]> >Cc: vyatta-users@mailman.vyatta.com >Message-ID: <[EMAIL PROTECTED]> >Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed > >Are you actually typing "save" from configuration mode to save the >config, or are you assuming "commit" saves the config? You must type >"save" or "save /path/to/file" to save the config to survive a >reboot. All commit does is activate the changes made. > > > >-- >Aubrey Wells >Senior Engineer >Shelton | Johns Technology Group >A Vyatta Ready Partner >www.sheltonjohns.com > > > > >On Nov 15, 2007, at 2:17 PM, James A. Shigley wrote: > >> I have a similar problem twice now. And I do have it installed to a >> disk not running off the iso. >> >> James Shigley >> Monroe Telephone Answering Service >> 409-981-9213 >> Infinity 5.4,UC 4.02, Blink 3.0.104 >> Ecreator:5.03, eResponse 1.1.6 >> Webportal,WebApps, >> >> CONFIDENTIALITY NOTICE: This email, including any attachments, >> contains information which may be confidential or privileged. The >> information is intended to be for the use of the individual or >> entity named above. If you are not the intended recipient, be aware >> that any disclosure, copying, distribution or use of the contents >> of this information is prohibited. If you have received this email >> in error, please notify the sender immediately by "reply to sender >> only" message and destroy all electronic and hard copies of the >> communication, including attachments. >> >> "Common sense is the collection of prejudices acquired by age >> eighteen." -- Albert Einstein >> "Once you can accept the universe as matter expanding into nothing >> that is something,wearing stripes with plaid comes easy." -- Albert >> Einstein >> "I know a little of everything, but a lot of nothing" >> >> >> -Original Message- >> From: [EMAIL PROTECTED] [mailto:vyatta-users- >> [EMAIL PROTECTED] On Behalf Of Justin Fletcher >> Sent: Thursday, November 15, 2007 11:46 AM >> To: Isiak Solih Sadik >> Cc: . >> Subject: Re: [Vyatta-users] can't find my running config >> >> Are you running the live CD or installed to disk? If you're running >> the live CD, the file system is in memory, and you need to save to >> floppy for the configuration to be preserved across reboots. >> >> Justin >> >> On Nov 15, 2007 9:39 AM, Isiak Solih Sadik >> <[EMAIL PROTECTED]> wrote: >>> Pls Help! >>> I installed vyatta router 3 on my pc and it worked parfectly.I >>> actually saved the running config on the default file opt/vyatta/ >>> etc/config/config.boot.but when I reboot my vyatta can't route >>> anything.I found out that my saved running config is no longer in >>> opt/vyatta/etc/config/config.boot >>> What can I do. >>> >>> Sadiku Babatunde >>> >>> - >>> 'There is no deity worthy of worship except Allah and Muhammad >>> (peace be upon him) is his final Messenger.' >>> >>> http://www.Darussalam.net/ >>> Read, Learn, Implement! >>> ___ >>> Vyatta-users mailing list >>> Vyatta-users@mailman.vyatta.com >>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users >>> >>> >> ___ >> Vyatta-users mailing list >> Vyatta-users@mailman.vyatta.com >> http://mailman.vyatta.com/mailman/listinfo/vyatta-users >> ___ >> Vyatta-users mailing list >> Vyatta-users@mailman.vyatta.com >> http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > > >-- > >Message: 2 >Date: Thu, 15 Nov 2007 16:55:36 -0500 >From: Aubrey Wells <[EMAIL PROTECTED]> >Subject: Re: [Vyatta-users] can't find my running config >To: James A. Shigley <[EMAIL PROTECTED]> >Cc: vyatta-users@mailman.vyatta.com >Message-ID: <[EMAIL PROTECTED]> >Content-Type: text/plain; charset=US-ASCII;
[Vyatta-users] Digest versus Non-Digest Mail
For the sake of those of us who subscribe to the Vyatta-users mail in digest form (the once a day compilation), please try only to quote the pertinent part of your reply to a poster. Leaving the whole of the original post, when only a small portion is needed to clarify your reply makes the messages needlessly long. And for the sake of whatever deity you hold sacred, don't send confidentiality notices or 10-line pithy sayings in your signature. This litters the ether with needless bits of crap we just don't need when discussing open-source routing. Thanks, Gibson Prichard NewsChannel5 WTVF Nashville [EMAIL PROTECTED] ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] Problem with gateway, and vyatta internet update
Hi my name is Giannis and I am a new user of vyatta and I have some problems I use the vc3 This is my network PC1 (IP A) PC2 (IP B) PC3 (IP C) SERVER (IP D) ROUTER (NOT VYATTA) (IP E) (DNS & DHCP is disabled I want to used it as gateway only) And the role of firewall, dhcp, dns, router etc I want to be the vyatta Here is my config.boot /*XORP Configuration File, v1.0*/ protocols { static { disable: false route 0.0.0.0/0 { next-hop: 192.168.0.1 metric: 1 } } } policy { } interfaces { restore: false loopback lo { description: "" } ethernet eth0 { disable: false discard: false description: "Office Lan" hw-id: 00:50:bf:6b:0d:ce duplex: "auto" speed: "auto" address 10.0.0.1 { prefix-length: 24 disable: false } } ethernet eth1 { disable: false discard: false description: "Internet Wan" hw-id: 00:50:22:82:ef:63 duplex: "auto" speed: "auto" address 192.168.0.2 { prefix-length: 24 disable: false } firewall { local { name: "FWTELNET" } } } } service { dhcp-server { shared-network-name OfficeLAN { subnet 10.0.0.0/24 { start 10.0.0.50 { stop: 10.0.0.150 } dns-server 192.168.0.20 default-router: 192.168.0.2 lease: 86400 domain-name: "test.router" authoritative: "disable" } } } nat { rule 1 { type: "masquerade" outbound-interface: "eth1" protocols: "all" source { network: "10.0.0.0/24" } destination { network: "0.0.0.0/0" } } rule 2 { type: "destination" inbound-interface: "eth1" protocols: "tcp" source { network: "0.0.0.0/0" } destination { address: "192.168.0.1" port-name http } inside-address { address: 10.0.0.30 } } } telnet { port: 23 } webgui { http-port: 80 https-port: 443 } } firewall { log-martians: "enable" send-redirects: "disable" receive-redirects: "disable" ip-src-route: "disable" broadcast-ping: "disable" syn-cookies: "enable" name FWTELNET { rule 1 { protocol: "tcp" action: "reject" log: "disable" source { network: "0.0.0.0/0" } destination { port-name telnet } } rule 2 { protocol: "all" action: "accept" log: "disable" source { network: "0.0.0.0/0" } destination { network: "0.0.0.0/0" } } } } system { host-name: "vyatta" domain-name: "" time-zone: "GMT" ntp-server "69.59.150.135" login { user root { full-name: "" authentication { encrypted-password: "x" } } user vyatta { full-name: "" authentication { encrypted-password: "x" } } } package { auto-sync: 1 repository community { component: "main" url: "http://archive.vyatta.com/vyatta"; } } } /* Warning: Do not remove the following line. */ /* === vyatta-config-version: "[EMAIL PROTECTED]:[EMAIL PROTECTED]:[EMAIL PROTECTED]:[EMAIL PROTECTED]:[EMAIL PROTECTED]:[EMAIL PROTECTED]:[EMAIL PROTECTED]" === */ Here is the problems 1.I can't see the internet the dhcp works fine and the firewall,dns I suppose. 2. The vyatta does not connect to the internet to make updates Please help I don't know what is wrong thanks ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Vyatta-users Digest, Vol 23, Issue 32
Thank you all. I actually installed the vyatta router on my PC.I did checked the linux shell and I confirmed that my router running config was there. I may be missing something out on vyatta 3 because I never encounter such problem with vyatta 1.0.3 version.I encountered silmilar problem with vyatta vc2. But no such problem with vyatta version 1.0.3 And that is the reason I keep on with vyatta 1.0.3. I think the vyatta technical team should work on this issue.Probably config directory should be left on route directory like in the vyatta version 1.0.3 [EMAIL PROTECTED] wrote: > >Send Vyatta-users mailing list submissions to > vyatta-users@mailman.vyatta.com > >To subscribe or unsubscribe via the World Wide Web, visit > http://mailman.vyatta.com/mailman/listinfo/vyatta-users >or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > >You can reach the person managing the list at > [EMAIL PROTECTED] > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of Vyatta-users digest..." > > >Today's Topics: > > 1. Re: Vyatta Stateful Firewall Issue (Komal Shah) > 2. can't find my running config (Isiak Solih Sadik) > 3. Re: can't find my running config (Justin Fletcher) > 4. Re: can't find my running config (James A. Shigley) > 5. Re: can't find my running config (Dave Roberts) > > >-- > >Message: 1 >Date: Thu, 15 Nov 2007 17:35:04 +0530 >From: Komal Shah <[EMAIL PROTECTED]> >Subject: Re: [Vyatta-users] Vyatta Stateful Firewall Issue >To: vyatta-users@mailman.vyatta.com >Message-ID: <[EMAIL PROTECTED]> >Content-Type: text/plain; charset=ISO-8859-1 > >Excellent! > >Please consider adding this information in documentation. > >Komal > >Robyn Orosz wrote: >> Hi Adrian, >> >> First off, I apologize for the long delay in getting back to you but, I >> think I have an answer for you. On the Vyatta router, try the following: >> >> echo 0 > /proc/sys/net/netfilter/nf_conntrack_tcp_loose >> >> Then try running the nmap ACK scan again. The RST packet, which is what >> nmap is expecting in return, should not even get sent by the host since >> the ACK packet should be blocked by the firewall this time. >> >> What was happening is that a state of "NEW" in iptables means exactly >> that--any new TCP packet. It does not mean a new TCP packet with the >> SYN flag set. The 'nf_conntrack_tcp_loose' option can be modified >> however, to enforce a more stringent set of checks on incoming TCP >> packets. With this option set to 0, the firewall will compare the >> packet against the existing conntrack entries and drop it because it is >> not a valid packet for establishing a new connection and it is not part >> of an existing established connection. >> >> The benefit of having this value set to 3 (the default) is that it will >> try and pick up any existing connections that were terminated as a >> result of a system reload or other unexpected failure. So, it assumes >> that the new ACK packet was part of a previous connection that got >> dropped and cleared from the conntrack table when the system went down. >> If this is not a concern of yours, then I'd say setting it to 0 would >> not cause any other problems. >> >> An enhancement request has actually already been open to allow the >> nf_conntrack_tcp_loose value to be modified via the CLI: >> >> https://bugzilla.vyatta.com/show_bug.cgi?id=2122 >> >> Another option is to add a rule directly in iptables that drops any NEW >> packets that don't have the SYN flag set. EX: >> >> iptables -I FORWARD 1 -p tcp ! --syn -m state --state NEW -j DROP >> >> This rule gets added to the beginning of the iptables FORWARD chain and >> drops any new packets that don't have the SYN flag set. The problem >> with this workaround is that you have to be careful when running >> firewall rules in the CLI and in iptables as their order of entry is >> very important and can cause problems or confusion if it gets out of >> sync. You'll also have to script any rules that you add directly into >> iptables and also the echo into the nf_conntrack_tcp_loose so that your >> changes will still exist after a reboot. >> >> I also opened an enhancement request to add TCP flag match criteria into >> the Vyatta firewall. So, in the future, the rule above should be >> configurable via the CLI: >> >> https://bugzilla.vyatta.com/show_bug.cgi?id=2474 >> >> Thank you and let me know if this works for you. >> >> -Robyn >> > > >-- > >Message: 2 >Date: Thu, 15 Nov 2007 23:09:57 +0530 >From: Isiak Solih Sadik <[EMAIL PROTECTED]> >Subject: [Vyatta-users] can't find my running config >To: vyatta-users@mailman.vyatta.com >Message-ID: <[EMAIL PROTECTED]> >Content-Type: text/plain; charset="us-ascii" > >Pls Help! >I installed vyatta router 3 on my pc and it worked parfectly.I actually saved