Re: [Vyatta-users] Digest versus Non-Digest Mail
> For the sake of those of us who subscribe to the Vyatta-users > mail in digest form (the once a day compilation), please try > only to quote the pertinent part of your reply to a poster. > Leaving the whole of the original post, when only a small > portion is needed to clarify your reply makes the messages > needlessly long. > And for the sake of whatever deity you hold sacred, don't > send confidentiality notices or 10-line pithy sayings in your > signature. This litters the ether with needless bits of crap > we just don't need when discussing open-source routing. > Thanks, ROFL! Amen! Yes! Seriously, good advice. The world is becoming more electronically connected. Mailing list hygiene is just as important as personal hygiene in this day and age. Trim where you can. ;-) -- Dave <> <> ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] DHCP relay in vif interfaces (vc3)
Thanks Marat, I will try it asap. Marat Nepomnyashy wrote: > Hi Sergio, > > There is a limitation in the VC3 release in that only 'ethX' values > can be specified for DHCP relay interfaces. This is due to overly > stringent validation checks. I just opened a new bug on this: > > https://bugzilla.vyatta.com/show_bug.cgi?id=2473 > > > A temporary work-around can be implemented using the attachments just > added to Bug 2473. > > There is the attachment id 238 that should be copied over the runtime > file '/opt/vyatta/share/xorp/templates/rl_dhcp.tp' on your router. > You will also need to apply the patch in attachment id 239 to the > runtime script file '/opt/vyatta/sbin/dhcrelay-starter.pl' to disable > another validation check. You will have to reboot the router for the > validation checks removals to take effect, so make sure you're running > off a disk rather than CDROM, or the changes will be lost. > > Hope this works for now, > > -- Marat > > - Original Message - From: "Sergio Garcia" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, November 14, 2007 4:34 AM > Subject: [Vyatta-users] DHCP relay in vif interfaces (vc3) > > >> Hi all. >> I hope you can help me with this doubt :) >> I want to relay dhcp requests incoming from tree eth1 vif's to a dhcp >> server but Vyatta VC3 only allows me to select "ethX" interfaces (X goes >> from 0 to 23). >> >> Is it possible to do this? Launching dhcrelay manually is not a good >> solution, but if it is the only way I will accept. >> >> Thanks in advance >> >> ___ >> Vyatta-users mailing list >> Vyatta-users@mailman.vyatta.com >> http://mailman.vyatta.com/mailman/listinfo/vyatta-users >> > -- This mail has been sent through DS2 mail server ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Problem with gateway, and vyatta internet update
Two things.
1) Your DHCP config should be handing out the inside ip of the vyatta
box for the default-gateway to clients, in this case 10.0.0.1, not
the default gateway of the vyatta box itself.
2) You need to give the vyatta box a name server so it can resolve
addresses to get to the apt repository for updates. Do this:
set system name-server 192.168.0.2
commit
save
And that will allow the vyatta router to look up host names to get on
the internet.
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
404.478.2790
www.sheltonjohns.com
On Nov 16, 2007, at 9:40 AM, GVerris wrote:
Hi my name is Giannis and I am a new user of vyatta and I have some
problems
I use the vc3
This is my network
PC1 (IP A)
PC2 (IP B)
PC3 (IP C)
SERVER (IP D)
ROUTER (NOT VYATTA) (IP E)
(DNS & DHCP is disabled I want to used it as gateway only)
And the role of firewall, dhcp, dns, router etc I want to be the
vyatta
Here is my config.boot
/*XORP Configuration File, v1.0*/
protocols {
static {
disable: false
route 0.0.0.0/0 {
next-hop: 192.168.0.1
metric: 1
}
}
}
policy {
}
interfaces {
restore: false
loopback lo {
description: ""
}
ethernet eth0 {
disable: false
discard: false
description: "Office Lan"
hw-id: 00:50:bf:6b:0d:ce
duplex: "auto"
speed: "auto"
address 10.0.0.1 {
prefix-length: 24
disable: false
}
}
ethernet eth1 {
disable: false
discard: false
description: "Internet Wan"
hw-id: 00:50:22:82:ef:63
duplex: "auto"
speed: "auto"
address 192.168.0.2 {
prefix-length: 24
disable: false
}
firewall {
local {
name: "FWTELNET"
}
}
}
}
service {
dhcp-server {
shared-network-name OfficeLAN {
subnet 10.0.0.0/24 {
start 10.0.0.50 {
stop: 10.0.0.150
}
dns-server 192.168.0.20
default-router: 192.168.0.2
lease: 86400
domain-name: "test.router"
authoritative: "disable"
}
}
}
nat {
rule 1 {
type: "masquerade"
outbound-interface: "eth1"
protocols: "all"
source {
network: "10.0.0.0/24"
}
destination {
network: "0.0.0.0/0"
}
}
rule 2 {
type: "destination"
inbound-interface: "eth1"
protocols: "tcp"
source {
network: "0.0.0.0/0"
}
destination {
address: "192.168.0.1"
port-name http
}
inside-address {
address: 10.0.0.30
}
}
}
telnet {
port: 23
}
webgui {
http-port: 80
https-port: 443
}
}
firewall {
log-martians: "enable"
send-redirects: "disable"
receive-redirects: "disable"
ip-src-route: "disable"
broadcast-ping: "disable"
syn-cookies: "enable"
name FWTELNET {
rule 1 {
protocol: "tcp"
action: "reject"
log: "disable"
source {
network: "0.0.0.0/0"
}
destination {
port-name telnet
}
}
rule 2 {
protocol: "all"
action: "accept"
log: "disable"
source {
network: "0.0.0.0/0"
}
destination {
network: "0.0.0.0/0"
}
}
}
}
system {
host-name: "vyatta"
domain-name: ""
time-zone: "GMT"
ntp-server "69.59.150.135"
login {
user root {
full-name: ""
authentication {
encrypted-password: "x"
}
}
user vyatta {
full-name: ""
authentication {
encrypted-password: "x"
}
}
}
package {
auto-sync: 1
repository community {
component: "main"
url: "http://archive.vyatta.com/vyatta";
}
}
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "[EMAIL PROTECTED]:[EMAIL PROTECTED]:dhcp-
[EMAIL PROTECTED]:[EMAIL PROTECTED]:[EMAIL PROTECTED]:[EMAIL PROTECTED]:[EMAIL PROTECTED]" === */
Here is the problems
1.I can’t see the internet the dhcp works fine and the
firewall,dns I suppose.
2. The vyatta
Re: [Vyatta-users] Vyatta-users Digest, Vol 23, Issue 33
Thanks Aubrey Wells. I typed 'save' to save it on the default file [EMAIL PROTECTED] wrote: > >Send Vyatta-users mailing list submissions to > vyatta-users@mailman.vyatta.com > >To subscribe or unsubscribe via the World Wide Web, visit > http://mailman.vyatta.com/mailman/listinfo/vyatta-users >or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > >You can reach the person managing the list at > [EMAIL PROTECTED] > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of Vyatta-users digest..." > > >Today's Topics: > > 1. Re: can't find my running config (Aubrey Wells) > 2. Re: can't find my running config (Aubrey Wells) > 3. Re: can't find my running config (James A. Shigley) > 4. Re: Vyatta-users Digest, Vol 23, Issue 32 (Isiak Solih Sadik) > > >-- > >Message: 1 >Date: Thu, 15 Nov 2007 16:06:38 -0500 >From: Aubrey Wells <[EMAIL PROTECTED]> >Subject: Re: [Vyatta-users] can't find my running config >To: James A. Shigley <[EMAIL PROTECTED]> >Cc: vyatta-users@mailman.vyatta.com >Message-ID: <[EMAIL PROTECTED]> >Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed > >Are you actually typing "save" from configuration mode to save the >config, or are you assuming "commit" saves the config? You must type >"save" or "save /path/to/file" to save the config to survive a >reboot. All commit does is activate the changes made. > > > >-- >Aubrey Wells >Senior Engineer >Shelton | Johns Technology Group >A Vyatta Ready Partner >www.sheltonjohns.com > > > > >On Nov 15, 2007, at 2:17 PM, James A. Shigley wrote: > >> I have a similar problem twice now. And I do have it installed to a >> disk not running off the iso. >> >> James Shigley >> Monroe Telephone Answering Service >> 409-981-9213 >> Infinity 5.4,UC 4.02, Blink 3.0.104 >> Ecreator:5.03, eResponse 1.1.6 >> Webportal,WebApps, >> >> CONFIDENTIALITY NOTICE: This email, including any attachments, >> contains information which may be confidential or privileged. The >> information is intended to be for the use of the individual or >> entity named above. If you are not the intended recipient, be aware >> that any disclosure, copying, distribution or use of the contents >> of this information is prohibited. If you have received this email >> in error, please notify the sender immediately by "reply to sender >> only" message and destroy all electronic and hard copies of the >> communication, including attachments. >> >> "Common sense is the collection of prejudices acquired by age >> eighteen." -- Albert Einstein >> "Once you can accept the universe as matter expanding into nothing >> that is something,wearing stripes with plaid comes easy." -- Albert >> Einstein >> "I know a little of everything, but a lot of nothing" >> >> >> -Original Message- >> From: [EMAIL PROTECTED] [mailto:vyatta-users- >> [EMAIL PROTECTED] On Behalf Of Justin Fletcher >> Sent: Thursday, November 15, 2007 11:46 AM >> To: Isiak Solih Sadik >> Cc: . >> Subject: Re: [Vyatta-users] can't find my running config >> >> Are you running the live CD or installed to disk? If you're running >> the live CD, the file system is in memory, and you need to save to >> floppy for the configuration to be preserved across reboots. >> >> Justin >> >> On Nov 15, 2007 9:39 AM, Isiak Solih Sadik >> <[EMAIL PROTECTED]> wrote: >>> Pls Help! >>> I installed vyatta router 3 on my pc and it worked parfectly.I >>> actually saved the running config on the default file opt/vyatta/ >>> etc/config/config.boot.but when I reboot my vyatta can't route >>> anything.I found out that my saved running config is no longer in >>> opt/vyatta/etc/config/config.boot >>> What can I do. >>> >>> Sadiku Babatunde >>> >>> - >>> 'There is no deity worthy of worship except Allah and Muhammad >>> (peace be upon him) is his final Messenger.' >>> >>> http://www.Darussalam.net/ >>> Read, Learn, Implement! >>> ___ >>> Vyatta-users mailing list >>> Vyatta-users@mailman.vyatta.com >>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users >>> >>> >> ___ >> Vyatta-users mailing list >> Vyatta-users@mailman.vyatta.com >> http://mailman.vyatta.com/mailman/listinfo/vyatta-users >> ___ >> Vyatta-users mailing list >> Vyatta-users@mailman.vyatta.com >> http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > > >-- > >Message: 2 >Date: Thu, 15 Nov 2007 16:55:36 -0500 >From: Aubrey Wells <[EMAIL PROTECTED]> >Subject: Re: [Vyatta-users] can't find my running config >To: James A. Shigley <[EMAIL PROTECTED]> >Cc: vyatta-users@mailman.vyatta.com >Message-ID: <[EMAIL PROTECTED]> >Content-Type: text/plain; charset=US-ASCII;
[Vyatta-users] Digest versus Non-Digest Mail
For the sake of those of us who subscribe to the Vyatta-users mail in digest form (the once a day compilation), please try only to quote the pertinent part of your reply to a poster. Leaving the whole of the original post, when only a small portion is needed to clarify your reply makes the messages needlessly long. And for the sake of whatever deity you hold sacred, don't send confidentiality notices or 10-line pithy sayings in your signature. This litters the ether with needless bits of crap we just don't need when discussing open-source routing. Thanks, Gibson Prichard NewsChannel5 WTVF Nashville [EMAIL PROTECTED] ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] Problem with gateway, and vyatta internet update
Hi my name is Giannis and I am a new user of vyatta and I have some problems
I use the vc3
This is my network
PC1 (IP A)
PC2 (IP B)
PC3 (IP C)
SERVER (IP D)
ROUTER (NOT VYATTA) (IP E)
(DNS & DHCP is disabled I want to used it as gateway only)
And the role of firewall, dhcp, dns, router etc I want to be the vyatta
Here is my config.boot
/*XORP Configuration File, v1.0*/
protocols {
static {
disable: false
route 0.0.0.0/0 {
next-hop: 192.168.0.1
metric: 1
}
}
}
policy {
}
interfaces {
restore: false
loopback lo {
description: ""
}
ethernet eth0 {
disable: false
discard: false
description: "Office Lan"
hw-id: 00:50:bf:6b:0d:ce
duplex: "auto"
speed: "auto"
address 10.0.0.1 {
prefix-length: 24
disable: false
}
}
ethernet eth1 {
disable: false
discard: false
description: "Internet Wan"
hw-id: 00:50:22:82:ef:63
duplex: "auto"
speed: "auto"
address 192.168.0.2 {
prefix-length: 24
disable: false
}
firewall {
local {
name: "FWTELNET"
}
}
}
}
service {
dhcp-server {
shared-network-name OfficeLAN {
subnet 10.0.0.0/24 {
start 10.0.0.50 {
stop: 10.0.0.150
}
dns-server 192.168.0.20
default-router: 192.168.0.2
lease: 86400
domain-name: "test.router"
authoritative: "disable"
}
}
}
nat {
rule 1 {
type: "masquerade"
outbound-interface: "eth1"
protocols: "all"
source {
network: "10.0.0.0/24"
}
destination {
network: "0.0.0.0/0"
}
}
rule 2 {
type: "destination"
inbound-interface: "eth1"
protocols: "tcp"
source {
network: "0.0.0.0/0"
}
destination {
address: "192.168.0.1"
port-name http
}
inside-address {
address: 10.0.0.30
}
}
}
telnet {
port: 23
}
webgui {
http-port: 80
https-port: 443
}
}
firewall {
log-martians: "enable"
send-redirects: "disable"
receive-redirects: "disable"
ip-src-route: "disable"
broadcast-ping: "disable"
syn-cookies: "enable"
name FWTELNET {
rule 1 {
protocol: "tcp"
action: "reject"
log: "disable"
source {
network: "0.0.0.0/0"
}
destination {
port-name telnet
}
}
rule 2 {
protocol: "all"
action: "accept"
log: "disable"
source {
network: "0.0.0.0/0"
}
destination {
network: "0.0.0.0/0"
}
}
}
}
system {
host-name: "vyatta"
domain-name: ""
time-zone: "GMT"
ntp-server "69.59.150.135"
login {
user root {
full-name: ""
authentication {
encrypted-password: "x"
}
}
user vyatta {
full-name: ""
authentication {
encrypted-password: "x"
}
}
}
package {
auto-sync: 1
repository community {
component: "main"
url: "http://archive.vyatta.com/vyatta";
}
}
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version:
"[EMAIL PROTECTED]:[EMAIL PROTECTED]:[EMAIL PROTECTED]:[EMAIL PROTECTED]:[EMAIL PROTECTED]:[EMAIL PROTECTED]:[EMAIL PROTECTED]"
=== */
Here is the problems
1.I can't see the internet the dhcp works fine and the
firewall,dns I suppose.
2. The vyatta does not connect to the internet to make updates
Please help I don't know what is wrong
thanks
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Vyatta-users Digest, Vol 23, Issue 32
Thank you all. I actually installed the vyatta router on my PC.I did checked the linux shell and I confirmed that my router running config was there. I may be missing something out on vyatta 3 because I never encounter such problem with vyatta 1.0.3 version.I encountered silmilar problem with vyatta vc2. But no such problem with vyatta version 1.0.3 And that is the reason I keep on with vyatta 1.0.3. I think the vyatta technical team should work on this issue.Probably config directory should be left on route directory like in the vyatta version 1.0.3 [EMAIL PROTECTED] wrote: > >Send Vyatta-users mailing list submissions to > vyatta-users@mailman.vyatta.com > >To subscribe or unsubscribe via the World Wide Web, visit > http://mailman.vyatta.com/mailman/listinfo/vyatta-users >or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > >You can reach the person managing the list at > [EMAIL PROTECTED] > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of Vyatta-users digest..." > > >Today's Topics: > > 1. Re: Vyatta Stateful Firewall Issue (Komal Shah) > 2. can't find my running config (Isiak Solih Sadik) > 3. Re: can't find my running config (Justin Fletcher) > 4. Re: can't find my running config (James A. Shigley) > 5. Re: can't find my running config (Dave Roberts) > > >-- > >Message: 1 >Date: Thu, 15 Nov 2007 17:35:04 +0530 >From: Komal Shah <[EMAIL PROTECTED]> >Subject: Re: [Vyatta-users] Vyatta Stateful Firewall Issue >To: vyatta-users@mailman.vyatta.com >Message-ID: <[EMAIL PROTECTED]> >Content-Type: text/plain; charset=ISO-8859-1 > >Excellent! > >Please consider adding this information in documentation. > >Komal > >Robyn Orosz wrote: >> Hi Adrian, >> >> First off, I apologize for the long delay in getting back to you but, I >> think I have an answer for you. On the Vyatta router, try the following: >> >> echo 0 > /proc/sys/net/netfilter/nf_conntrack_tcp_loose >> >> Then try running the nmap ACK scan again. The RST packet, which is what >> nmap is expecting in return, should not even get sent by the host since >> the ACK packet should be blocked by the firewall this time. >> >> What was happening is that a state of "NEW" in iptables means exactly >> that--any new TCP packet. It does not mean a new TCP packet with the >> SYN flag set. The 'nf_conntrack_tcp_loose' option can be modified >> however, to enforce a more stringent set of checks on incoming TCP >> packets. With this option set to 0, the firewall will compare the >> packet against the existing conntrack entries and drop it because it is >> not a valid packet for establishing a new connection and it is not part >> of an existing established connection. >> >> The benefit of having this value set to 3 (the default) is that it will >> try and pick up any existing connections that were terminated as a >> result of a system reload or other unexpected failure. So, it assumes >> that the new ACK packet was part of a previous connection that got >> dropped and cleared from the conntrack table when the system went down. >> If this is not a concern of yours, then I'd say setting it to 0 would >> not cause any other problems. >> >> An enhancement request has actually already been open to allow the >> nf_conntrack_tcp_loose value to be modified via the CLI: >> >> https://bugzilla.vyatta.com/show_bug.cgi?id=2122 >> >> Another option is to add a rule directly in iptables that drops any NEW >> packets that don't have the SYN flag set. EX: >> >> iptables -I FORWARD 1 -p tcp ! --syn -m state --state NEW -j DROP >> >> This rule gets added to the beginning of the iptables FORWARD chain and >> drops any new packets that don't have the SYN flag set. The problem >> with this workaround is that you have to be careful when running >> firewall rules in the CLI and in iptables as their order of entry is >> very important and can cause problems or confusion if it gets out of >> sync. You'll also have to script any rules that you add directly into >> iptables and also the echo into the nf_conntrack_tcp_loose so that your >> changes will still exist after a reboot. >> >> I also opened an enhancement request to add TCP flag match criteria into >> the Vyatta firewall. So, in the future, the rule above should be >> configurable via the CLI: >> >> https://bugzilla.vyatta.com/show_bug.cgi?id=2474 >> >> Thank you and let me know if this works for you. >> >> -Robyn >> > > >-- > >Message: 2 >Date: Thu, 15 Nov 2007 23:09:57 +0530 >From: Isiak Solih Sadik <[EMAIL PROTECTED]> >Subject: [Vyatta-users] can't find my running config >To: vyatta-users@mailman.vyatta.com >Message-ID: <[EMAIL PROTECTED]> >Content-Type: text/plain; charset="us-ascii" > >Pls Help! >I installed vyatta router 3 on my pc and it worked parfectly.I actually saved
