Re: What hardware to use for Debian Firewall/Gateway or server?
Douglas A. Tutty on 30/05/09 14:19, wrote: On Fri, May 29, 2009 at 10:18:56PM +0200, Csanyi Pal wrote: Jan Willem Stumpel jstum...@planet.nl writes: Csanyi Pal wrote: So: can one install on it say a Debian GNU/Linux Lenny? Mind that it is a headless device. Everything has to be done through ssh (or local telnet). It has no cd-rom drive, keyboard, or monitor. But it is just a Debian system (for powerpc, not for i386). Everything behaves just like your desktop Debian system. Say I'll upgrade Debian Etch on it to Debian Lenny and make a mess of the operating system somehow through ssh connection. Then what can I do? And if one can setup the first boot media to USB stick how can install the system without to seeing anything? How can they install the Debian system in the Factory of the BUBBA?? Many headless embedded-type devices have a serial port as a bios/system console. Just use that to log in. Or they burn the debian image onto the hard drive before installing it. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: What hardware to use for Debian Firewall/Gateway or server?
On Fri, May 29, 2009 at 10:18:56PM +0200, Csanyi Pal wrote: Jan Willem Stumpel jstum...@planet.nl writes: Csanyi Pal wrote: So: can one install on it say a Debian GNU/Linux Lenny? Mind that it is a headless device. Everything has to be done through ssh (or local telnet). It has no cd-rom drive, keyboard, or monitor. But it is just a Debian system (for powerpc, not for i386). Everything behaves just like your desktop Debian system. Say I'll upgrade Debian Etch on it to Debian Lenny and make a mess of the operating system somehow through ssh connection. Then what can I do? And if one can setup the first boot media to USB stick how can install the system without to seeing anything? How can they install the Debian system in the Factory of the BUBBA?? Many headless embedded-type devices have a serial port as a bios/system console. Just use that to log in. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: What hardware to use for Debian Firewall/Gateway or server?
On Thu,28.May.09, 21:50:26, Jan Willem Stumpel wrote: I also do not quite understand why you should want to use Lenny, rather than Etch, on a server. Sure, you can still use etch, but next February the security support will end and you have to upgrade to lenny anyway. Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein) signature.asc Description: Digital signature
Re: What hardware to use for Debian Firewall/Gateway or server?
Jan Willem Stumpel jstum...@planet.nl writes: Csanyi Pal wrote: So: can one install on it say a Debian GNU/Linux Lenny? Mind that it is a headless device. Everything has to be done through ssh (or local telnet). It has no cd-rom drive, keyboard, or monitor. But it is just a Debian system (for powerpc, not for i386). Everything behaves just like your desktop Debian system. Say I'll upgrade Debian Etch on it to Debian Lenny and make a mess of the operating system somehow through ssh connection. Then what can I do? I think one can boot from an USB stick with an installation iso file? But how can one setup the BIOS of the BUBBA mini server/gateway for booting from the USB stick?? And if one can setup the first boot media to USB stick how can install the system without to seeing anything? How can they install the Debian system in the Factory of the BUBBA?? :) -- Regards, Paul Csanyi http://www.freewebs.com/csanyi-pal/index.htm -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: What hardware to use for Debian Firewall/Gateway or server?
On Fri, May 29, 2009 at 10:18:56PM +0200, Csanyi Pal wrote: Jan Willem Stumpel jstum...@planet.nl writes: Csanyi Pal wrote: So: can one install on it say a Debian GNU/Linux Lenny? Mind that it is a headless device. Everything has to be done through ssh (or local telnet). It has no cd-rom drive, keyboard, or monitor. But it is just a Debian system (for powerpc, not for i386). Everything behaves just like your desktop Debian system. Say I'll upgrade Debian Etch on it to Debian Lenny and make a mess of the operating system somehow through ssh connection. Then what can I do? I think one can boot from an USB stick with an installation iso file? But how can one setup the BIOS of the BUBBA mini server/gateway for booting from the USB stick?? And if one can setup the first boot media to USB stick how can install the system without to seeing anything? How can they install the Debian system in the Factory of the BUBBA?? :) at a guess, bot having played with one of these, but having dealt with headless machine before, I would have the bios set to pxe usb ide/cf pxe first and if that fails fall back to usb and if that fails back to ide. I have seen systems where the usb has to a flag on it to boot. as for the ide/cf - why not just take out the cf card and test it on another machine - fsck/ logs etc -- If the terriers and bariffs are torn down, this economy will grow. - George W. Bush 01/01/2000 signature.asc Description: Digital signature
Re: What hardware to use for Debian Firewall/Gateway or server?
Jan Willem Stumpel jstum...@planet.nl writes: Csanyi Pal wrote: What is the recommended new hardware for firewall/gateway or for a web, mail, file printer server at a small home network? Any advices will be appreciated! I am now using a Bubba 2, made by a Swedish company: http://excito.com/bubba/products/about-bubba.html It runs Debian. More expensive, of course, than using an old desktop or laptop computer (but the price is going down all the time, now 212 euros for a unit with 500 GB hard disk), but it uses almost no electricity, and it is silent (fanless). Very suitable for 24/7 operation. I am very happy with it. Regards, Jan It's very nice but can one install on it say a Debian GNU/Linux Lenny? -- Regards, Paul Csanyi http://www.freewebs.com/csanyi-pal/index.htm -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: What hardware to use for Debian Firewall/Gateway or server?
On Thu, May 28, 2009 at 08:35:02AM +0200, Csanyi Pal wrote: Jan Willem Stumpel jstum...@planet.nl writes: Csanyi Pal wrote: What is the recommended new hardware for firewall/gateway or for a web, mail, file printer server at a small home network? Any advices will be appreciated! I am now using a Bubba 2, made by a Swedish company: http://excito.com/bubba/products/about-bubba.html It runs Debian. More expensive, of course, than using an old desktop or laptop computer (but the price is going down all the time, now 212 euros for a unit with 500 GB hard disk), but it uses almost no electricity, and it is silent (fanless). Very suitable for 24/7 operation. I am very happy with it. Regards, Jan It's very nice but can one install on it say a Debian GNU/Linux Lenny? the specs seem to suggest you can get it pre installed with debian -- I'm not really the type to wander off and sit down and go through deep wrestling with my soul. - George W. Bush as quoted in Vanity Fair, October 2000 signature.asc Description: Digital signature
Re: What hardware to use for Debian Firewall/Gateway or server?
Alex Samad a...@samad.com.au writes: On Thu, May 28, 2009 at 08:35:02AM +0200, Csanyi Pal wrote: Jan Willem Stumpel jstum...@planet.nl writes: Csanyi Pal wrote: What is the recommended new hardware for firewall/gateway or for a web, mail, file printer server at a small home network? Any advices will be appreciated! I am now using a Bubba 2, made by a Swedish company: http://excito.com/bubba/products/about-bubba.html It runs Debian. More expensive, of course, than using an old desktop or laptop computer (but the price is going down all the time, now 212 euros for a unit with 500 GB hard disk), but it uses almost no electricity, and it is silent (fanless). Very suitable for 24/7 operation. I am very happy with it. Regards, Jan It's very nice but can one install on it say a Debian GNU/Linux Lenny? the specs seem to suggest you can get it pre installed with debian Yes, with Debian Etch, but not with Debian Lenny! So: can one install on it say a Debian GNU/Linux Lenny? -- Regards, Paul Csanyi http://www.freewebs.com/csanyi-pal/index.htm -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: What hardware to use for Debian Firewall/Gateway or server?
Csanyi Pal wrote: Alex Samad a...@samad.com.au writes: On Thu, May 28, 2009 at 08:35:02AM +0200, Csanyi Pal wrote: Jan Willem Stumpel jstum...@planet.nl writes: Csanyi Pal wrote: What is the recommended new hardware for firewall/gateway or for a web, mail, file printer server at a small home network? Any advices will be appreciated! I am now using a Bubba 2, made by a Swedish company: http://excito.com/bubba/products/about-bubba.html It runs Debian. More expensive, of course, than using an old desktop or laptop computer (but the price is going down all the time, now 212 euros for a unit with 500 GB hard disk), but it uses almost no electricity, and it is silent (fanless). Very suitable for 24/7 operation. I am very happy with it. Regards, Jan It's very nice but can one install on it say a Debian GNU/Linux Lenny? the specs seem to suggest you can get it pre installed with debian Yes, with Debian Etch, but not with Debian Lenny! So: can one install on it say a Debian GNU/Linux Lenny? I don't see why not. -- -BEGIN GEEK CODE BLOCK- Version: 3.1 GCS/CM/IT d++ s+:- a C+++ UL+++ P L E--- W+++ N o? K? w--- O+ M-- V- PS PE? Y-- PGP- t+ 5? X- R-- tv+ b++ DI D G++ e- h! !r y --END GEEK CODE BLOCK-- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: What hardware to use for Debian Firewall/Gateway or server?
Csanyi Pal wrote: Yes, with Debian Etch, but not with Debian Lenny! So: can one install on it say a Debian GNU/Linux Lenny? I suppose you can, although I didn't try it. I think you can install anything you want; I heavily customised mine (in fact I am no longer using any of the Bubba-specific software provided by Excito). Apt-get works; upgrading to Lenny is just a matter of pointing your sources.list towards it, I think. The kernel is 2.6.26.5, so it should not be a problem (don't quote me on that, though; I also do not quite understand why you should want to use Lenny, rather than Etch, on a server. First prepare a rescue stick before starting any experiments!). Mind that it is a headless device. Everything has to be done through ssh (or local telnet). It has no cd-rom drive, keyboard, or monitor. But it is just a Debian system (for powerpc, not for i386). Everything behaves just like your desktop Debian system. Don't expect gigantic calculating power from this machine. It is good for shifting bits around (what a home server/gateway should do) but not for anything calculation-intensive. I mean, the low power consumption and silent operation had to come from somewhere. Absolutely fine though, as a server/firewall/gateway. Regards, Jan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: What hardware to use for Debian Firewall/Gateway or server?
Csanyi Pal wrote: What is the recommended new hardware for firewall/gateway or for a web, mail, file printer server at a small home network? Any advices will be appreciated! I am now using a Bubba 2, made by a Swedish company: http://excito.com/bubba/products/about-bubba.html It runs Debian. More expensive, of course, than using an old desktop or laptop computer (but the price is going down all the time, now 212 euros for a unit with 500 GB hard disk), but it uses almost no electricity, and it is silent (fanless). Very suitable for 24/7 operation. I am very happy with it. Regards, Jan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: What hardware to use for Debian Firewall/Gateway or server?
Kelly Clowers on 22/05/09 20:56, wrote: On Fri, May 22, 2009 at 07:24, Victor Padro vpa...@gmail.com wrote: You can get a Pentium 4 for less than $200 on ebay. I use a Pentium 4 HT, 512MB RAM, 40GB HDD with Pfsense(FreeBSD) as my home firewall/router, and it's very reliable. I would much rather use an Athlon XP or a PIII than a P4 energy hog. Don't suppose you can put numbers to that statement, like number of Watts for a PIII? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: What hardware to use for Debian Firewall/Gateway or server?
On Thu, May 21, 2009 at 09:31:14PM +0200, Csanyi Pal wrote: I have at my home a small network: firewall/gateway: Pentium II Class PC box with 64 MB RAM, 5,1 GB HDD server : Pentium IV Class PC box with 2 GB RAM, 60 GB HDD desktop : Pentium IV Class PC box with 2 GB RAM, 2 * 320 GB HDD On all these PC boxes run Debian GNU/Linux: firewall/gateway: Etch Server : Etch desktop : Lenny The firewall has a buggy hardware and can't to install on it Lenny so I decide to buy a new hardware for firewall/gateway. Put the drive in another computer, install to that drive, then move the drive back? I think about that that I could to use the server box as a firewall/gateway and the new PC box for the server.. What is the recommended new hardware for firewall/gateway or for a web, mail, file printer server at a small home network? Well, since the PII worked just fine, I think you'll find that any computer on which you can install Lenny will work for you. I used to use a 486 with 32 MB ram but Etch couldn't install on it. It runs OpenBSD very well. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: What hardware to use for Debian Firewall/Gateway or server?
On Fri, May 22, 2009 at 9:18 AM, Douglas A. Tutty dtu...@vianet.ca wrote: On Thu, May 21, 2009 at 09:31:14PM +0200, Csanyi Pal wrote: I have at my home a small network: firewall/gateway: Pentium II Class PC box with 64 MB RAM, 5,1 GB HDD server : Pentium IV Class PC box with 2 GB RAM, 60 GB HDD desktop : Pentium IV Class PC box with 2 GB RAM, 2 * 320 GB HDD On all these PC boxes run Debian GNU/Linux: firewall/gateway: Etch Server : Etch desktop : Lenny The firewall has a buggy hardware and can't to install on it Lenny so I decide to buy a new hardware for firewall/gateway. Put the drive in another computer, install to that drive, then move the drive back? I think about that that I could to use the server box as a firewall/gateway and the new PC box for the server.. What is the recommended new hardware for firewall/gateway or for a web, mail, file printer server at a small home network? Well, since the PII worked just fine, I think you'll find that any computer on which you can install Lenny will work for you. I used to use a 486 with 32 MB ram but Etch couldn't install on it. It runs OpenBSD very well. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org You can get a Pentium 4 for less than $200 on ebay. I use a Pentium 4 HT, 512MB RAM, 40GB HDD with Pfsense(FreeBSD) as my home firewall/router, and it's very reliable. -- It is human nature to think wisely and act in an absurd fashion. Todo el desorden del mundo proviene de las profesiones mal o mediocremente servidas
Re: What hardware to use for Debian Firewall/Gateway or server?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, May 21, 2009 at 09:31:14PM +0200, Csanyi Pal wrote: Hi, I have at my home a small network: firewall/gateway: Pentium II Class PC box with 64 MB RAM, 5,1 GB HDD server : Pentium IV Class PC box with 2 GB RAM, 60 GB HDD desktop : Pentium IV Class PC box with 2 GB RAM, 2 * 320 GB HDD On all these PC boxes run Debian GNU/Linux: firewall/gateway: Etch Server : Etch desktop : Lenny The firewall has a buggy hardware and can't to install on it Lenny so I decide to buy a new hardware for firewall/gateway. I think about that that I could to use the server box as a firewall/gateway and the new PC box for the server.. What is the recommended new hardware for firewall/gateway or for a web, mail, file printer server at a small home network? Any advices will be appreciated! The OpenRD Client looks pretty cool.. Runs the Sheeva 1.2 GHz 512 MB DDR2-800 SDRAM http://globalscaletechnologies.com/t-openrdcdetails.aspx - -- Daryl Styrk Naples, FL USA -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkoWuoMACgkQ6baBhW8CzrgWSACeOsT/vY2cXT5JyYe+3tBn5yC3 OakAnRVJ9YIR/KjC5uL4Wz0kLUtQecAW =eGog -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: What hardware to use for Debian Firewall/Gateway or server?
On Fri, May 22, 2009 at 07:24, Victor Padro vpa...@gmail.com wrote: You can get a Pentium 4 for less than $200 on ebay. I use a Pentium 4 HT, 512MB RAM, 40GB HDD with Pfsense(FreeBSD) as my home firewall/router, and it's very reliable. I would much rather use an Athlon XP or a PIII than a P4 energy hog. Cheers, Kelly Clowers -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
What hardware to use for Debian Firewall/Gateway or server?
Hi, I have at my home a small network: firewall/gateway: Pentium II Class PC box with 64 MB RAM, 5,1 GB HDD server : Pentium IV Class PC box with 2 GB RAM, 60 GB HDD desktop : Pentium IV Class PC box with 2 GB RAM, 2 * 320 GB HDD On all these PC boxes run Debian GNU/Linux: firewall/gateway: Etch Server : Etch desktop : Lenny The firewall has a buggy hardware and can't to install on it Lenny so I decide to buy a new hardware for firewall/gateway. I think about that that I could to use the server box as a firewall/gateway and the new PC box for the server.. What is the recommended new hardware for firewall/gateway or for a web, mail, file printer server at a small home network? Any advices will be appreciated! -- Regards, Paul Csanyi http://www.freewebs.com/csanyi-pal/index.htm -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: What hardware to use for Debian Firewall/Gateway or server?
On Thu, May 21, 2009 at 09:31:14PM +0200, Csanyi Pal wrote: I have at my home a small network: firewall/gateway: Pentium II Class PC box with 64 MB RAM, 5,1 GB HDD server : Pentium IV Class PC box with 2 GB RAM, 60 GB HDD desktop : Pentium IV Class PC box with 2 GB RAM, 2 * 320 GB HDD On all these PC boxes run Debian GNU/Linux: firewall/gateway: Etch Server : Etch desktop : Lenny The firewall has a buggy hardware and can't to install on it Lenny so I decide to buy a new hardware for firewall/gateway. I think about that that I could to use the server box as a firewall/gateway and the new PC box for the server.. What is the recommended new hardware for firewall/gateway or for a web, mail, file printer server at a small home network? Any advices will be appreciated! As for replacing the gateway itself: mine runs OpenBSD rather than Linux, but my home router is a PC Engines Alix 2d3: http://pcengines.ch/alix2d3.htm The downside to this kind of embedded system, versus standard PCs like you're currently using, is that you can't simply stick in a CD and boot up the Debian installer... I installed OpenBSD on mine by running VMware Workstation on my laptop with the board's CF card plugged in and configured as a physical volume, then transplanting the card to the Alix board once everything was up and running. Installing using the serial console and PXE boot is another option, but this route entails setting up a boot server first. Either way, there's a bit more work involved than with a repurposed PC. Also, the Alix board doesn't ship with a CMOS clock battery holder installed, so you'll need to solder one in yourself if you want the board to keep time while unplugged. But the solder points are clearly marked on the board, and battery holders are cheap. That said: what all this extra effort gets you is an inexpensive, small, silent and cool-running box with three Ethernet adapters plenty of horsepower for running a firewall and VPN. And there are no moving parts (although I imagine my CF card will die eventually, since I have it mounted read-write). Also, the while thing only consumes about 5W of power. Soekris Engineering is another popular manufacturer of similar general-purpose embedded PCs suitable as small gateways, and there are other companies too. And you'd be hard-pressed to find one that *doesn't* work with Linux :) -- Mark Shroyer http://markshroyer.com/contact/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: debian firewall und anti-spam/virusbox in nem W$ Netz
Hallo Paul, Paul Puschmann, 19.09.2006 (d.m.y): ich habe hier mal ein paar Auszuege aus meiner Konfig ins Netz gestellt: http://www.uzulabs.net/Postfix-Spamassassin-Co.106.0.html?L=1 Der Haken: nich nicht fertig. Fuer einen Postfix-Neueinsteiger wird das erst einmal nur durcheinander sein, aber dafuer gibts ja die ML. Mein favorisierter MTA ist exim - der auch Standard bei Debian ist. Bei den Dateien, die per hash: in der main.cf eingebunden werden musst du noch jede Datei (nach einer Aenderung) mit dem Befehl 'postmap' kompilieren. z. B. 'postmap recipient_checks' Das ist z.B. etwas, wo exim IMO etwas einfacher zu haendeln ist - gerade fuer jemanden, der in der Materie noch nicht so drin ist: In der Standard-Konfiguration verwendet exim auch fuer Aliases etc. PlainText-Dateien. Gruss/Regards, Christian Schmidt -- Aus Murphy's Gesetze: Bei einem senkrechten Balkendiagramm werden die Bezeichnungen immer zu lang sein, um sie komplett unter die Balken zu bekommen. signature.asc Description: Digital signature
Re: debian firewall und anti-spam/virusbox in nem W$ Netz
Guten Morgen Paul, *, Paul Puschmann schrieb: [snip] Okay, die Mails sollen dann an den SBS geleitet werden? Wie willst du generell deine Mails verwalten? Evtl. auf einem IMAP-Server auf der Linux-Box? Genau die Mails sollen an den SBS weitergeleitet werden. hmmm...mal hoffentlich nicht allzu doof gefragt: Wie hast Du es denn gemacht? Ich habe hier Postfix mit amavis-new im Einsatz. amavis-new bindet dabei spamassassin und clamav/clamd ein. Eingehende Mails werden dabei an einen Exchange-Server weitergeleitet. Funktioniert sehr gut. - Was willst du mit IPCop machen? IPCop soll als reine Firewall fungieren und steht stand-alone Okay, gut dass die Firewall getrennt ist. - Was soll clamav ueberpruefen? Clamav soll die mails auf Viren etc überprüfen. [snip] Mit dem Proxy koenntest du deinen HTTP-Traffic noch einmal filtern und auf Viren scannen. Das Thema Bandbreite mag evtl. auch noch eine Rolle spielen. Da nicht allzuviele mails eingehen, hört sich die Idee mit dem Proxy ganz gut an. Das heisst also, dass ich die Box auf der ich Clamav und Spamassasin laufen lassen möchte gleichzeitig als Proxy aufsetze. Habe ich das richtig verstanden? DHCP ist wahrscheinlich nicht notwendig, da du wahrscheinlich mehr Zeit in die Konfiguration des Servers steckst als deine 5 IPs von Hand zu verwalten. - Hast du ein Active Directory? Nein das habe ich nicht. - Soll der Debian-Rechner per Samba eine Windows-Domaene darstellen? Eigentlich nicht, es sei denn, dass es besser ist. soweit habe ich mich allerdings noch nicht belesen. vielleicht ist es doch einfacher den Samba normal zu nutzen, da du deine Benutzer ja sicher auch als lokale User anlegen kannst. Was meinst Du mit normal? Paul Gruß Niels - der noch ganz viel zu lernen hat... -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: debian firewall und anti-spam/virusbox in nem W$ Netz
Moin Albert, Albert Dengg schrieb: naja dass stimmt so ned ganz... mit dnsmasq zB is des ka arbeit (dauert ungef?hr 30 sec zum installieren und um die 5 einzeilligen eintr?ge einzutragen wenn du fixe ips haben willst dauert vielleicht eine minute)... und selbst ein dhcpd is ned wirklich arbeit zu konfigurieren... ich find es schon angenehm wenns zentral verwaltet wird. Du hast nicht rein zufällig ein Howto zu Deinem gemachten Vorschlag? mfg albert Gruß Niels -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: debian firewall und anti-spam/virusbox in nem W$ Netz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Sep 19, 2006 at 10:08:10AM +0200, niels jende wrote: Moin Albert, Albert Dengg schrieb: naja dass stimmt so ned ganz... mit dnsmasq zB is des ka arbeit (dauert ungef?hr 30 sec zum installieren und um die 5 einzeilligen eintr?ge einzutragen wenn du fixe ips haben willst dauert vielleicht eine minute)... und selbst ein dhcpd is ned wirklich arbeit zu konfigurieren... ich find es schon angenehm wenns zentral verwaltet wird. Du hast nicht rein zuf??llig ein Howto zu Deinem gemachten Vorschlag? ned wirklich aber kurz zusammengefasst: aptitude install dnsmasq die fragen beantworten... dann $EDITOR /etc/dnsmasq.conf dort findest du einen haufen beispiele...unter anderem: # Always give the host with client identifier 01:02:02:04 # the IP address 192.168.0.60 #dhcp-host=id:01:02:02:04,192.168.0.60 # Always give the host with client identifier marjorie # the IP address 192.168.0.60 #dhcp-host=id:marjorie,192.168.0.60 das kann man ja kopieren und anpassen.. net wirklich a arbeit optional kannst du dort noch domain= setzten f?r a lokale domain und mit interface= kannst du noch gezielt nw interfaces angeben auf denen er arbeiten soll... ich bin mir jetzt nicht 100%tig sicher ob er auch eine dhcp-range= braucht, oder ob nur statische ips reichen... alles in allem ned viel arbeit (und wenn du zumindest zus?tzlich eine range definiert hast auch noch mit dem vorteil dass du einfach rechner reinh?ngen kannst wenn zB tempor?r notebooks eingebunden werden sollen). aja wie der name schon sagt is dnsmasq nebenbei noch ein dns proxy/server. bei dhcpd wirds a bisserl komplizierter isofern als es doch noch einmal mehr m?glichkeiten gibt feinere konfigurationen durchzuf?hren..sollte aber bei ein paar rechnern nicht notwendig sein ich hoffe das hilft ein bischen? mfg Albert PS: ok, in meiner zeitrechnung war nicht eingerechnet dass mann die MAC addressen kennen muss wenn man zuverl?ssig fixe addressen haben will, es geht aber auch ohne das - -- Albert Dengg [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFD7yjhrtSwvbWj0kRAjP6AJ9sYR5m/8+04mNfUqrz4WD5qwKT5wCfTdvt kz9aPf6b35pP8cKjnx+Umnw= =yg+y -END PGP SIGNATURE- -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: debian firewall und anti-spam/virusbox in nem W$ Netz
niels jende [EMAIL PROTECTED] schrieb am Tue, Sep 19, 2006 at 10:03:53AM +0200: Guten Morgen Paul, *, Paul Puschmann schrieb: [snip] Okay, die Mails sollen dann an den SBS geleitet werden? Wie willst du generell deine Mails verwalten? Evtl. auf einem IMAP-Server auf der Linux-Box? Genau die Mails sollen an den SBS weitergeleitet werden. hmmm...mal hoffentlich nicht allzu doof gefragt: Wie hast Du es denn gemacht? Ich habe bei Postfix in der datei 'transport' zum Beispiel den folgenden Eintrag: meine-domain.de :[10.10.10.1]:25 Damit werden die Mails, die als die Ziel '[EMAIL PROTECTED]' haben an den Server mit der angegebenen IP per SMTP weitergeleitet. Ich werde mal schauen, dass ich dir mal meine main.cf und die anderen wichtigen Dateien einmal anbieten kann, vielleicht schaffe ich es heute nachmittag. Amavis habe ich uebrigens per master.cf eingebunden: smtp inet n - y - 10 smtpd -o content_filter=smtp:[127.0.0.1]:10024 Alle Mails, die rein und raus gehen, werden durch amavis-new (und damit spamassassin und clamav) gejagt. Wie wolltest du deine Mails eigentlich abholen bzw. wie werden die an dich zugestellt? Wenn du den MX-Eintrag fuer deine Domain auf deinen Server umleitest, dann passt meine Config 1:1. Wenn du deine E-Mails per fetchmail (oder aehnlich) per POP3 abholen moechtest, ist das auch kein Beinbruch. Mit dem Proxy koenntest du deinen HTTP-Traffic noch einmal filtern und auf Viren scannen. Das Thema Bandbreite mag evtl. auch noch eine Rolle spielen. Da nicht allzuviele mails eingehen, hört sich die Idee mit dem Proxy ganz gut an. Das heisst also, dass ich die Box auf der ich Clamav und Spamassasin laufen lassen möchte gleichzeitig als Proxy aufsetze. Habe ich das richtig verstanden? Sollte (!) kein Problem sein. vielleicht ist es doch einfacher den Samba normal zu nutzen, da du deine Benutzer ja sicher auch als lokale User anlegen kannst. Was meinst Du mit normal? Normal: Damit meinte ich eine einfache Samba-Freigabe. Die Standard-Einstellung halt. (Security = user (oder so)). Funktioniert. Paul signature.asc Description: Digital signature
Re: debian firewall und anti-spam/virusbox in nem W$ Netz
Paul Puschmann [EMAIL PROTECTED] schrieb am Tue, Sep 19, 2006 at 12:39:26PM +0200: niels jende [EMAIL PROTECTED] schrieb am Tue, Sep 19, 2006 at 10:03:53AM +0200: Guten Morgen Paul, *, Paul Puschmann schrieb: [snip] Okay, die Mails sollen dann an den SBS geleitet werden? Wie willst du generell deine Mails verwalten? Evtl. auf einem IMAP-Server auf der Linux-Box? Genau die Mails sollen an den SBS weitergeleitet werden. hmmm...mal hoffentlich nicht allzu doof gefragt: Wie hast Du es denn gemacht? Ich habe bei Postfix in der datei 'transport' zum Beispiel den folgenden Eintrag: meine-domain.de :[10.10.10.1]:25 Damit werden die Mails, die als die Ziel '[EMAIL PROTECTED]' haben an den Server mit der angegebenen IP per SMTP weitergeleitet. Ich werde mal schauen, dass ich dir mal meine main.cf und die anderen wichtigen Dateien einmal anbieten kann, vielleicht schaffe ich es heute nachmittag. Hi, ich habe hier mal ein paar Auszuege aus meiner Konfig ins Netz gestellt: http://www.uzulabs.net/Postfix-Spamassassin-Co.106.0.html?L=1 Der Haken: nich nicht fertig. Fuer einen Postfix-Neueinsteiger wird das erst einmal nur durcheinander sein, aber dafuer gibts ja die ML. Bei den Dateien, die per hash: in der main.cf eingebunden werden musst du noch jede Datei (nach einer Aenderung) mit dem Befehl 'postmap' kompilieren. z. B. 'postmap recipient_checks' Ich werde in den naechsten Tagen versuchen die Seite noch etwas freundlicher zu gestalten und vielleicht schaffst du es ja auch bis dahin mal zu sagen wie deine Mails so laufen sollen. Wenn dein SBS den Exchange aktiv hat und du eine Standleitung hast, ist schon fast alles klar. Auf meiner Seite gibt es (ganz unten) noch Links zu den Seiten von Ralf Hildebrand (Postfix-Guru). Paul signature.asc Description: Digital signature
Re: debian firewall und anti-spam/virusbox in nem W$ Netz
niels jende [EMAIL PROTECTED] schrieb am Fri, Sep 15, 2006 at 08:24:27PM +0200: Hallöle! Was muss beachtet werden, wenn ich eine Debian Box als: Firewall (IPCop, Smoothwall, o.ä.) AntiViren (Clamav) und AntiSpam (Spamassasin) in einem W$ Netz betreiben möchte? Folgende Situation ist gegeben: 2 W$ Clients und 1 W$ Server und in dieses Netz soll nun diese Box rein. *grübel* Was soll den W$ sein? Windows? Dann schreib das doch bitte. Du kannst generell einen PC mit Debian installieren und in das Netzwerk haengen, da brauchst du nicht viel zu beachten, hoechstens dass du eine eindeutige IP brauchst. Sag doch einfach mal was du wirklich vorhast und dann koennen wir dir auch bessere Tipps geben. - Spam filtern: funktioniert. Sollen die Mails auf der Debian-Maschine abgelegt werden oder soll es anders gehen? - Was willst du mit IPCop machen? - Was soll clamav ueberpruefen? - Willst du einen HTTP-Proxy? Einen DHCP-Server? - Hast du ein Active Directory? - Soll der Debian-Rechner per Samba eine Windows-Domaene darstellen? Paul signature.asc Description: Digital signature
Re: debian firewall und anti-spam/virusbox in nem W$ Netz
Moin Paul, *, Paul Puschmann schrieb: niels jende [EMAIL PROTECTED] schrieb am Fri, Sep 15, 2006 at 08:24:27PM +0200: 2 W$ Clients und 1 W$ Server Was soll den W$ sein? Windows? Dann schreib das doch bitte. jau, es sind Windows Rechner (XP-Pro und der SmallBusinessServer 2000) Du kannst generell einen PC mit Debian installieren und in das Netzwerk haengen, da brauchst du nicht viel zu beachten, hoechstens dass du eine eindeutige IP brauchst. Sag doch einfach mal was du wirklich vorhast und dann koennen wir dir auch bessere Tipps geben. - Spam filtern: funktioniert. Sollen die Mails auf der Debian-Maschine abgelegt werden oder soll es anders gehen? die mails sollen, nachdem sie den mailserver passiert haben, über den Windows Server an die jeweiligen empfänger geleitet werden - Was willst du mit IPCop machen? IPCop soll als reine Firewall fungieren und steht stand-alone - Was soll clamav ueberpruefen? Clamav soll die mails auf Viren etc überprüfen. - Willst du einen HTTP-Proxy? Einen DHCP-Server? Beides ist denkbar, ABER was wäre denn klügste aus Eurer Sicht, Eurer Erfahrung? - Hast du ein Active Directory? Nein das habe ich nicht. - Soll der Debian-Rechner per Samba eine Windows-Domaene darstellen? Eigentlich nicht, es sei denn, dass es besser ist. soweit habe ich mich allerdings noch nicht belesen. Paul Ich möchte, um es mal so zu sagen, lernen und üben. ich habe somit nicht *1* Box mit Debian stehen, sondern *2*; 1 für IPCop und 1 für Clamav und Spamassasin. -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: debian firewall und anti-spam/virusbox in nem W$ Netz
Hallo niels, niels jende, 18.09.2006 (d.m.y): Paul Puschmann schrieb: niels jende [EMAIL PROTECTED] schrieb am Fri, Sep 15, 2006 at 08:24:27PM +0200: jau, es sind Windows Rechner (XP-Pro und der SmallBusinessServer 2000) Du kannst generell einen PC mit Debian installieren und in das Netzwerk haengen, da brauchst du nicht viel zu beachten, hoechstens dass du eine eindeutige IP brauchst. Sag doch einfach mal was du wirklich vorhast und dann koennen wir dir auch bessere Tipps geben. - Spam filtern: funktioniert. Sollen die Mails auf der Debian-Maschine abgelegt werden oder soll es anders gehen? die mails sollen, nachdem sie den mailserver passiert haben, über den Windows Server an die jeweiligen empfänger geleitet werden Das ist kein Problem und laesst sich bspw. mit exim recht gut und halbwegs einfach loesen. - Was willst du mit IPCop machen? IPCop soll als reine Firewall fungieren und steht stand-alone ...was auch sinnvoll ist. - Was soll clamav ueberpruefen? Clamav soll die mails auf Viren etc überprüfen. ...und laesst sich dazu direkt mit exim verheiraten. - Willst du einen HTTP-Proxy? Einen DHCP-Server? Beides ist denkbar, ABER was wäre denn klügste aus Eurer Sicht, Eurer Erfahrung? Kommt drauf an, was Du haben willst. Ein DHCP-Server ist eine recht bequeme Sache, weil man so die IP- u.a. Einstellungen von zentraler Stelle vorgeben kann. Ein HTTP-Proxy muss IMO nicht unbedingt sein, ist aber evtl. interessant, wenn man seinen Leuten WWW-Zugang nur nach Authentifizierung gestatten will etc. Gruss, Christian Schmidt -- Netzwerk/Kryplo -- Messe Stuttgart signature.asc Description: Digital signature
Re: debian firewall und anti-spam/virusbox in nem W$ Netz
niels jende [EMAIL PROTECTED] schrieb am Mon, Sep 18, 2006 at 10:24:47AM +0200: Moin Paul, *, Paul Puschmann schrieb: niels jende [EMAIL PROTECTED] schrieb am Fri, Sep 15, 2006 at 08:24:27PM +0200: 2 W$ Clients und 1 W$ Server Was soll den W$ sein? Windows? Dann schreib das doch bitte. jau, es sind Windows Rechner (XP-Pro und der SmallBusinessServer 2000) - Spam filtern: funktioniert. Sollen die Mails auf der Debian-Maschine abgelegt werden oder soll es anders gehen? die mails sollen, nachdem sie den mailserver passiert haben, über den Windows Server an die jeweiligen empfänger geleitet werden Okay, die Mails sollen dann an den SBS geleitet werden? Wie willst du generell deine Mails verwalten? Evtl. auf einem IMAP-Server auf der Linux-Box? Ich habe hier Postfix mit amavis-new im Einsatz. amavis-new bindet dabei spamassassin und clamav/clamd ein. Eingehende Mails werden dabei an einen Exchange-Server weitergeleitet. Funktioniert sehr gut. - Was willst du mit IPCop machen? IPCop soll als reine Firewall fungieren und steht stand-alone Okay, gut dass die Firewall getrennt ist. - Was soll clamav ueberpruefen? Clamav soll die mails auf Viren etc überprüfen. - Willst du einen HTTP-Proxy? Einen DHCP-Server? Beides ist denkbar, ABER was wäre denn klügste aus Eurer Sicht, Eurer Erfahrung? Mit dem Proxy koenntest du deinen HTTP-Traffic noch einmal filtern und auf Viren scannen. Das Thema Bandbreite mag evtl. auch noch eine Rolle spielen. DHCP ist wahrscheinlich nicht notwendig, da du wahrscheinlich mehr Zeit in die Konfiguration des Servers steckst als deine 5 IPs von Hand zu verwalten. - Hast du ein Active Directory? Nein das habe ich nicht. - Soll der Debian-Rechner per Samba eine Windows-Domaene darstellen? Eigentlich nicht, es sei denn, dass es besser ist. soweit habe ich mich allerdings noch nicht belesen. vielleicht ist es doch einfacher den Samba normal zu nutzen, da du deine Benutzer ja sicher auch als lokale User anlegen kannst. Paul signature.asc Description: Digital signature
Re: debian firewall und anti-spam/virusbox in nem W$ Netz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Sep 18, 2006 at 11:23:29AM +0200, Paul Puschmann wrote: ... Beides ist denkbar, ABER was w?re denn kl?gste aus Eurer Sicht, Eurer Erfahrung? Mit dem Proxy koenntest du deinen HTTP-Traffic noch einmal filtern und auf Viren scannen. Das Thema Bandbreite mag evtl. auch noch eine Rolle spielen. DHCP ist wahrscheinlich nicht notwendig, da du wahrscheinlich mehr Zeit in die Konfiguration des Servers steckst als deine 5 IPs von Hand zu verwalten. naja dass stimmt so ned ganz... mit dnsmasq zB is des ka arbeit (dauert ungef?hr 30 sec zum installieren und um die 5 einzeilligen eintr?ge einzutragen wenn du fixe ips haben willst dauert vielleicht eine minute)... und selbst ein dhcpd is ned wirklich arbeit zu konfigurieren... ich find es schon angenehm wenns zentral verwaltet wird. mfg albert - -- Albert Dengg [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFDow2hrtSwvbWj0kRAqsXAJ9wrjz4rgV74fT7SdX04nHa4bPI1wCggxKI HPBo1SZTnMxTvYDttUS5pdQ= =F+fG -END PGP SIGNATURE- -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
debian firewall und anti-spam/virusbox in nem W$ Netz
Hallöle! Was muss beachtet werden, wenn ich eine Debian Box als: Firewall (IPCop, Smoothwall, o.ä.) AntiViren (Clamav) und AntiSpam (Spamassasin) in einem W$ Netz betreiben möchte? Folgende Situation ist gegeben: 2 W$ Clients und 1 W$ Server und in dieses Netz soll nun diese Box rein. *grübel* Ich bin Euch schon jetzt für Kritik und Anregungen dankbar! Beste Grüße Niels -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: 3 interface debian firewall
Merhabalar, Nacizane serisine devam : ) http://www.cankavaklioglu.name.tr/dibyak.html Eğer bu belgeyi yararlı bulursanız, birkaç ekleme/çıkarma ile güzel bir belge olur diye düşünüyorum. Kolay gelsin. Can Kavaklıoğlu Vasfi UYSAL şöyle yazmıştı: Merhabalar elimde uc interface i olan bi makine var uzerine debian kurup ilk interface e bridge modda calisan bir adsl yi baglamayi , 2. ethernete ise internet çıkışı olan bir aga baglamayı üçüncü kartı ise kendi networkume giden switche baglamayı düşünüyorum simdi bu internet cıkısı olan ag ile benim kendi networkum aynı subnette yani ikinci ve ucuncu ethernet kartlarına aynı subnetteki ip leri vermem gerekecek ilk interface ise ttnetten alacak ip adresini simdi bu yapıda internette yaklası 20 kadar musterime erismek icin adsl uzerinden geri kalan internet trafigi icin ise 2. ethernet uzerinden yonlendirmek istiyorum simdi sorun ne peki derseniz tam olarak kafamda oturmadı , 2 ve 3 nolu ethernetleri bridge yapıp adsl i kullandigim interface ile natlasam (garip bi kelime oldu ama ) yada baska bi sekilde bu yonlendirmeleri nasıl yapabilirim cevaplar icin simdiden tesekkurler - Vasfi UYSAL
3 interface debian firewall
Merhabalar elimde uc interface i olan bi makine var uzerine debian kurup ilk interface e bridge modda calisan bir adsl yi baglamayi , 2. ethernete ise internet çıkışı olan bir aga baglamayı üçüncü kartı ise kendi networkume giden switche baglamayı düşünüyorum simdi bu internet cıkısı olan ag ile benim kendi networkum aynı subnette yani ikinci ve ucuncu ethernet kartlarına aynı subnetteki ip leri vermem gerekecek ilk interface ise ttnetten alacak ip adresini simdi bu yapıda internette yaklası 20 kadar musterime erismek icin adsl uzerinden geri kalan internet trafigi icin ise 2. ethernet uzerinden yonlendirmek istiyorum simdi sorun ne peki derseniz tam olarak kafamda oturmadı , 2 ve 3 nolu ethernetleri bridge yapıp adsl i kullandigim interface ile natlasam (garip bi kelime oldu ama ) yada baska bi sekilde bu yonlendirmeleri nasıl yapabilirim cevaplar icin simdiden tesekkurler - Vasfi UYSAL
RE: 3 interface debian firewall
Kendim sordum kendim cevapladım olucak ama sanırım google da arama yaparken bastan dogru kelimeleri bulamadım http://www.shorewall.net/Shorewall_and_Routing.html adresinde bu konu ile ilgili işime yarayabilecek şeyler var bu mail trafigi ile vaktinizi aldı isem kusuruma bakmazsınız umarım iyi çalışmalar From: Vasfi UYSAL [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 26, 2005 3:44 PMTo: debian-user-turkish@lists.debian.orgSubject: 3 interface debian firewall Merhabalar elimde uc interface i olan bi makine var uzerine debian kurup ilk interface e bridge modda calisan bir adsl yi baglamayi , 2. ethernete ise internet çıkışı olan bir aga baglamayı üçüncü kartı ise kendi networkume giden switche baglamayı düşünüyorum simdi bu internet cıkısı olan ag ile benim kendi networkum aynı subnette yani ikinci ve ucuncu ethernet kartlarına aynı subnetteki ip leri vermem gerekecek ilk interface ise ttnetten alacak ip adresini simdi bu yapıda internette yaklası 20 kadar musterime erismek icin adsl uzerinden geri kalan internet trafigi icin ise 2. ethernet uzerinden yonlendirmek istiyorum simdi sorun ne peki derseniz tam olarak kafamda oturmadı , 2 ve 3 nolu ethernetleri bridge yapıp adsl i kullandigim interface ile natlasam (garip bi kelime oldu ama ) yada baska bi sekilde bu yonlendirmeleri nasıl yapabilirim cevaplar icin simdiden tesekkurler - Vasfi UYSAL
Re: Chosing Debian firewall packages
On 17 Aug 2004, Ralph Katz wrote: On 08/17/04 16:50, Tong wrote: Hi, I used to use iptables + wondershaper in RH. I notice there are many ready-made firewall packages available in Debian (e.g., Firestarter, FireHOL, etc). I'm wondering which one do you recommend? Thanks Going on a recommendation, I installed Firestarter when I installed Debian sid last November. After 5 mins of configuration, mostly to learn the interface and change some trivial rules, it was all set. I haven't needed to touch it since. For me, there was no need to look at alternatives since it works so well. YMMV, of course. My use is a desktop, and I'm not a programmer. I agree firestarter is good, but I'm using shorewall which is also easy to set up and works out of the box for me (desktop). The author, Tom Eastep, has a very active mailing list and answers questions promptly. There is a lot of information available on Wikipedia. Anthony -- [EMAIL PROTECTED]|| http://www.acampbell.org.uk using Linux GNU/Debian || for book reviews, electronic Windows-free zone || books and skeptical articles -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Chosing Debian firewall packages
Anthony Campbell wrote: ... I agree firestarter is good, but I'm using shorewall which is also easy to set up and works out of the box for me (desktop). The author, Tom Eastep, has a very active mailing list and answers questions promptly. There is a lot of information available on Wikipedia. Shorewall is very flexible, and is policy-driven. Great for making large changes easily. You can also administer it through webmin. -- Paul http://paulgear.webhop.net -- Did you know? If you receive a virus warning from a friend and not through a virus software vendor, it's likely to be a hoax. See http://paulgear.webhop.net/virus_hoaxes.html for more info. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Chosing Debian firewall packages
Hi, I used to use iptables + wondershaper in RH. I notice there are many ready-made firewall packages available in Debian (e.g., Firestarter, FireHOL, etc). I'm wondering which one do you recommend? Thanks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Chosing Debian firewall packages
On Tue, Aug 17, 2004 at 03:25:52PM -0400, Tong wrote: Hi, I used to use iptables + wondershaper in RH. I notice there are many ready-made firewall packages available in Debian (e.g., Firestarter, FireHOL, etc). I'm wondering which one do you recommend? Thanks A highly biased question IMHO, but my biased opinion goes with Firewall Builder (fwbuilder) which I maintain; hence the bias opinion. I think it really comes down to which provide the features you feel you need for your situation. I do a lot of firewall work on my own and client networks so I like the multiple policy compiler option of fwbuilder. I also like the relative ease it is for me to make changes, be they interface names or complete firewall plaform. Regards, Jeremy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Chosing Debian firewall packages
On 08/17/04 16:50, Tong wrote: Hi, I used to use iptables + wondershaper in RH. I notice there are many ready-made firewall packages available in Debian (e.g., Firestarter, FireHOL, etc). I'm wondering which one do you recommend? Thanks Going on a recommendation, I installed Firestarter when I installed Debian sid last November. After 5 mins of configuration, mostly to learn the interface and change some trivial rules, it was all set. I haven't needed to touch it since. For me, there was no need to look at alternatives since it works so well. YMMV, of course. My use is a desktop, and I'm not a programmer. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
[Fwd: VLANs on a Debian firewall]
1 belle grosse question technique.. en anglais, sur les FW :)! Quite too hard for me ! Mi ---BeginMessage--- Hello, I am researching some solutions for a Debian based firewall and looking for comments, thoughts, etc. I will be setting up a redundant VPN firewall (i.e. two system running debian 3.0, with latest kernel/openswan and possibly grsecurity, with HA managing the monitoring/failover). The two systems will have several external IP addresses assigned to them, for the various services the systems they are protecting. I need initially, to keep 4 networks behind the firewall separated. I have a Layer 2 switch all the (internal) systems will be connected that supports VLANS. I was looking at setting up VLANs for each network on the switch and configuring vlans on the firewalls internal interface. I've not done this on Linux before and am wondering how complex this would be to accomplish with the fact that there would be the two firewalls. I think it would be simpler to purchase additional nics for the firewalls (one per network), but this would limit how many separated networks could be protected by the firewalls. below is my attempt at a ascii diagram of what I need to accomplish. Thanks in advance. Inet | || fw0 fw1 | | LAN0-Switch0-LAN3 || LAN1 LAN2 Sean McAvoy Network Analyst Megawheels Technologies Inc. Phone: 416.360-8211 x242 Fax:416.360.1403 Cell: 416.616.6599 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] ---End Message---
Re: MSN Messenger et Debian Firewall
Le 12474ième jour après Epoch, Xavier Maillard écrivait: On 26 Feb 2004, LudO outgrape: snip rah question au passage, comment fait-on pour ajouter no-spam aux champs reply quand on utilise evolution ? Merci :) Je ne vois pas l'intérêt d'un champ 'Reply-to' dans une liste de diffusion m'enfin bon... Ça sert (beaucoup) pour éviter de recevoir des messages envoyés par le bouton Répondre à tous ou Répondre à de certains outils de mail qui ne savent pas ce qu'est une liste, ou de certains utilisateurs qui ne savent pas paramétrer leur soft. /F - Qui mets un Reply-To dans ses messages -- Alcohol is the anesthesia by which we endure the operation of life. -- George Bernard Shaw
Re: MSN Messenger et Debian Firewall
Tu changes ton adresse electronique dans l'onglet identité du paramétrage de ton compte. Le jeu 26/02/2004 à 00:10, LudO a écrit : Le mer 25/02/2004 à 08:10, Xavier Maillard a écrit : On 24 Feb 2004, François TOURDE uttered the following: Salut la liste, Salut Ma femme tente d'utiliser MSN Messenger (Eh oui, elle est pas encore sous GNU/Linux), avec les fonctions Webcam et son. Mais ça marche pas! Rhaa ben alors qu'est ce que tu fais François ? :) Si vous avez des idées, je suis preneur. Je n'ai pas d'idée mais j'aurais une question: je compte m'équiper d'une webcam pour dialoguer avec ma soeur (sourde et muette) pour pouvoir communiquer dans la langue des signes. Je n'utilise que du GNU et je me demandais quelle(s) webcam(s) étaient reconnues comme fonctionnelles sous GNU/Linux. Voilà et désolé de tenter une incursion dans ce fil :) zeDek Coucou ici, j'ai une philips toucam 740K, une webcam d'excellente qualitée, et reconnu merveilleusement bien sous GNU/Linux, (modules sans compression disponible avec les sources du noyau à partir de 2.4.21 je crois), grâce à cette personne qui code des drivers : http://www.smcc.demon.nl/webcam/ (pas seulement pour philips) et unes autres personnes ayant fait un petit script et des explications pour l'installation de ces mêmes drivers : http://frlinux.net/?section=systemearticle=52 . Je crois avoir compris que le module de décompression n'est pas libre, mais disponible malgré tous pour pouvoir l'utiliser :/ ++ rah question au passage, comment fait-on pour ajouter no-spam aux champs reply quand on utilise evolution ? Merci :) -- Pour répondre, enlever nospam à l'adresse.
Re: MSN Messenger et Debian Firewall
Le jeu 26/02/2004 à 19:32, pascal heisel a écrit : Tu changes ton adresse electronique dans l'onglet identité du paramétrage de ton compte. Le jeu 26/02/2004 à 00:10, LudO a écrit : Le mer 25/02/2004 à 08:10, Xavier Maillard a écrit : On 24 Feb 2004, François TOURDE uttered the following: Salut la liste, Salut Ma femme tente d'utiliser MSN Messenger (Eh oui, elle est pas encore sous GNU/Linux), avec les fonctions Webcam et son. Mais ça marche pas! Rhaa ben alors qu'est ce que tu fais François ? :) Si vous avez des idées, je suis preneur. Je n'ai pas d'idée mais j'aurais une question: je compte m'équiper d'une webcam pour dialoguer avec ma soeur (sourde et muette) pour pouvoir communiquer dans la langue des signes. Je n'utilise que du GNU et je me demandais quelle(s) webcam(s) étaient reconnues comme fonctionnelles sous GNU/Linux. Voilà et désolé de tenter une incursion dans ce fil :) zeDek Coucou ici, j'ai une philips toucam 740K, une webcam d'excellente qualitée, et reconnu merveilleusement bien sous GNU/Linux, (modules sans compression disponible avec les sources du noyau à partir de 2.4.21 je crois), grâce à cette personne qui code des drivers : http://www.smcc.demon.nl/webcam/ (pas seulement pour philips) et unes autres personnes ayant fait un petit script et des explications pour l'installation de ces mêmes drivers : http://frlinux.net/?section=systemearticle=52 . Je crois avoir compris que le module de décompression n'est pas libre, mais disponible malgré tous pour pouvoir l'utiliser :/ ++ rah question au passage, comment fait-on pour ajouter no-spam aux champs reply quand on utilise evolution ? Merci :) -- Pour répondre, enlever nospam à l'adresse. Merci, je ne pensais pas que c'était aussi simple :)
Re: MSN Messenger et Debian Firewall
On 26 Feb 2004, LudO outgrape: snip rah question au passage, comment fait-on pour ajouter no-spam aux champs reply quand on utilise evolution ? Merci :) Je ne vois pas l'intérêt d'un champ 'Reply-to' dans une liste de diffusion m'enfin bon... zeDek -- GnusFR (http://www.gnusfr.org) EmacsFR (http://www.emacsfr.org) .emacs: Because customisation is fun! pgpCRPOZtUSxq.pgp Description: PGP signature
Re: MSN Messenger et Debian Firewall
François TOURDE a écrit : Le 12472ième jour après Epoch, daniel huhardeaux écrivait: François TOURDE a écrit : Salut la liste, Ma femme tente d'utiliser MSN Messenger (Eh oui, elle est pas encore sous GNU/Linux), avec les fonctions Webcam et son. Mais ça marche pas! La config est la suivante: PC W98 -Debian FW/Iptables --- Net La vidéo est bien retransmise vers l'extérieur, mais le son ne marche pas, qui que ce soit qui initie le dialogue vocal. La vidéo marche quelques secondes en réception, mais coupe après. Si vous avez des idées, je suis preneur. Bein chez moi ca marche. Meme schema. Pas de modifs specifiques dans iptables. Bon, ça me rassure... Mais je me doutais quand même que chez certains ça marchait ;) Ceci dit, sur SF il y a un client linux pour messenger. Et gaim possede un plugin compatible pour le chat. Ouais, mais sans la vidéo ni le son. Perso j'utilise Gaim pour causer avec mes potes, mais en texte seulement. Oui mais linux-messenger (amsn) fait l'audio (video?) ou me trompe je?. J'ai aussi note un client web pour messenger. D'autre part, GnomeMeeting ne marche pas chez moi :( ... Le test du son échoue lors de la restitution. Carte son? Une autre application marche t'elle avec le micro? Si tu es sous KDE il faut tuer ARTS avant d'utiliser GM. Avec ALSA c'est plus simple. C'est en tous cas la solution que j'ai adopte avec openphone ou myphone en equivalent windows, Netmeeting etant bugge en H323. -- : __ __ __ __ __ __ [EMAIL PROTECTED] : /_// __ // __ //_// __ // / phone.: +48 32 285 5276 : / / / /_/ // /_/ / / / / /_/ // / fax: +48 32 285 5276 : /_/ /_//_/ /_/ /_/ /_//_/ mobile..: +48 602 284 546
RE : MSN Messenger et Debian Firewall
J'ai eu ce problème la aussi. En direct sur le net j'arrivais a avoir des communication vidéo, vocales sans problème. Des que je mettais mon FW sous debian au milieu je perdais les communications vocales. J'ai donc mis mon modem en fonction routeur et là miracle ca marche. En fait il faut que le FW/Routeur aie comme fonction le support upnp (MSN utilise visiblement la decouverte de passerelle de windows). Regarde par la : http://linux-igd.sourceforge.net/ ABOUT THE LINUX UPNP INTERNET GATEWAY DEVICE This project is a deamon that emulates Microsoft's Internet Connection Service (ICS). It implements the UPnP Internet Gateway Device specification (IGD) and allows UPnP aware clients, such as MSN Messenger to work properly from behind a NAT firewall. Bon courage +++ Lionel -Message d'origine- De : François TOURDE [mailto:[EMAIL PROTECTED] Envoyé : mardi 24 février 2004 22:27 À : debian-user-french@lists.debian.org Objet : MSN Messenger et Debian Firewall Salut la liste, Ma femme tente d'utiliser MSN Messenger (Eh oui, elle est pas encore sous GNU/Linux), avec les fonctions Webcam et son. Mais ça marche pas! La config est la suivante: PC W98 -Debian FW/Iptables --- Net La vidéo est bien retransmise vers l'extérieur, mais le son ne marche pas, qui que ce soit qui initie le dialogue vocal. La vidéo marche quelques secondes en réception, mais coupe après. Si vous avez des idées, je suis preneur. -- I did this 'cause Linux gives me a woody. It doesn't generate revenue. -- Dave '-ddt-` Taylor, announcing DOOM for Linux -- Pensez à lire la FAQ de la liste avant de poser une question : http://wiki.debian.net/?DebianFrench Pensez à rajouter le mot ``spam'' dans vos champs From et Reply-To: To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: MSN Messenger et Debian Firewall
On Wed, Feb 25, 2004 at 12:12:01AM +0100, François TOURDE wrote: Le 12472ième jour après Epoch, [EMAIL PROTECTED] écrivait: Tester sans passerelle (W98 en acces direct au net) si ca fonctionne correctement. En fait, j'ai testé en réseau local, en bootant le PC de mon fils en Windows, et ça ne marche pas non plus ... Ceci dit, il me semble que la vidéo pour msn9 passe par un serveur tiers. Donc local ou pas, il peut y avoir un problème de routage suite à un passage sur internet. -- Charles
Re: MSN Messenger et Debian Firewall
François TOURDE a écrit : Le 12472ième jour après Epoch, daniel huhardeaux écrivait: François TOURDE a écrit : Salut la liste, Ma femme tente d'utiliser MSN Messenger (Eh oui, elle est pas encore sous GNU/Linux), avec les fonctions Webcam et son. Mais ça marche pas! La config est la suivante: PC W98 -Debian FW/Iptables --- Net La vidéo est bien retransmise vers l'extérieur, mais le son ne marche pas, qui que ce soit qui initie le dialogue vocal. La vidéo marche quelques secondes en réception, mais coupe après. Si vous avez des idées, je suis preneur. Peut-être changer de client et tester eyeballchat sous windows A+ jo
Re : MSN Messenger et Debian Firewall
Le 25.02.2004 10:38, joel fernandez a écrit : François TOURDE a écrit : Le 12472ième jour après Epoch, daniel huhardeaux écrivait: François TOURDE a écrit : Salut la liste, Ma femme tente d'utiliser MSN Messenger (Eh oui, elle est pas encore sous GNU/Linux), avec les fonctions Webcam et son. Mais ça marche pas! La config est la suivante: PC W98 -Debian FW/Iptables --- Net La vidéo est bien retransmise vers l'extérieur, mais le son ne marche pas, qui que ce soit qui initie le dialogue vocal. La vidéo marche quelques secondes en réception, mais coupe après. Si vous avez des idées, je suis preneur. Peut-être changer de client et tester eyeballchat sous windows A+ jo Je profite de ce fil pour soumettre un problème que j'ai, non pas avec le firewall mais le proxy avec amsn ou gaim pour le protocole msn, avec aim, je n'ai pas de problème. Ma configuration : Une machine linux Debian sid connectée à internet par un modem ethernet adsl. Sur cette machine tourne squid (port 3128) et dansguardian (contrôle parental, port 8080). squid n'écoute que sur 127.0.0.1 pour éviter le contournement du contrôle parental. 2 machines en dual boot linux/windows sur le lan. Le proxy a été paramétré sur http, port 8080 dans amsn et gaim. Lors de la connxion, celle-ci est refusée avec un message disant que le proxy n'écoute pas sur le port 80... Le fonctionnement du navigateur internet est sans problème avec la même configuration et le protocole aim ne proteste pas. Y a-t-il quelque chose de particulier qui fait que msn ne veut travailler *que* sur le port 80 ? -- - Jean-Luc pgpJIYdY2WDlY.pgp Description: PGP signature
Re: MSN Messenger et Debian Firewall
Le 12473ième jour après Epoch, Charles Plessy écrivait: On Wed, Feb 25, 2004 at 12:12:01AM +0100, François TOURDE wrote: Le 12472ième jour après Epoch, [EMAIL PROTECTED] écrivait: Tester sans passerelle (W98 en acces direct au net) si ca fonctionne correctement. En fait, j'ai testé en réseau local, en bootant le PC de mon fils en Windows, et ça ne marche pas non plus ... Ceci dit, il me semble que la vidéo pour msn9 passe par un serveur tiers. Donc local ou pas, il peut y avoir un problème de routage suite à un passage sur internet. Si c'est le cas, effectivement. Mais je serais surpris que la vidéo ou l'audio passe par un serveur tiers Tu te rends compte de la bande passante qui serait nécessaire dans ce cas? En P2P, ça va, mais en centralisé, ça doit être la misère !!! -- He that is giddy thinks the world turns round. -- William Shakespeare, The Taming of the Shrew
Re: MSN Messenger et Debian Firewall
Le 12473ième jour après Epoch, joel fernandez écrivait: François TOURDE a écrit : Le 12472ième jour après Epoch, daniel huhardeaux écrivait: François TOURDE a écrit : Salut la liste, Ma femme tente d'utiliser MSN Messenger (Eh oui, elle est pas encore sous GNU/Linux), avec les fonctions Webcam et son. Mais ça marche pas! La config est la suivante: PC W98 -Debian FW/Iptables --- Net La vidéo est bien retransmise vers l'extérieur, mais le son ne marche pas, qui que ce soit qui initie le dialogue vocal. La vidéo marche quelques secondes en réception, mais coupe après. Si vous avez des idées, je suis preneur. Peut-être changer de client et tester eyeballchat sous windows En fait, mon souci n'est pas d'avoir tel ou tel client sous Windows, mais plutôt de savoir si le problème viens de ma passerelle ou non. Perso j'utilise Gaim, et j'en suis très content. Mais merci quand même pour cette solution windows, surtout dans une ML Debian ;) -- Superior ability breeds superior ambition. -- Spock, Space Seed, stardate 3141.9
Re: MSN Messenger et Debian Firewall
Ceci dit, il me semble que la vidéo pour msn9 passe par un serveur tiers. Donc local ou pas, il peut y avoir un problème de routage suite à un passage sur internet. Si c'est le cas, effectivement. Mais je serais surpris que la vidéo ou l'audio passe par un serveur tiers Tu te rends compte de la bande passante qui serait nécessaire dans ce cas? apt-get install iptraf J'ai bien eu l'impression que mes vidéos US - Europe passaient par un redirecteur. A+, -- Charles
Re: MSN Messenger et Debian Firewall
Le 12473ième jour après Epoch, daniel huhardeaux écrivait: François TOURDE a écrit : D'autre part, GnomeMeeting ne marche pas chez moi :( ... Le test du son échoue lors de la restitution. Carte son? Une autre application marche t'elle avec le micro? Si tu es sous KDE il faut tuer ARTS avant d'utiliser GM. Avec ALSA c'est plus simple. C'est en tous cas la solution que j'ai adopte avec openphone ou myphone en equivalent windows, Netmeeting etant bugge en H323. Ben j'avoue que le son c'est pas mon fort sous Debian. Je sais que xmms et mplayer marchent bien chez moi, mais c'est tout. Je ne sais même pas si j'ai ARTS, ALSA ou autre machin pour le gérer. Je sais aussi que certaines applis ayant besoin (?) du son lancent un demon esd qu'il faut que je kille pour retrouver le son correctement. Voilà. Merci en tout cas à tout le monde pour les réponses. -- If you are going to run a rinky-dink distro made by a couple of volunteers, why not run a rinky-dink distro made by a lot of volunteers? -- Jaldhar H. Vyas on debian-devel
Re: MSN Messenger et Debian Firewall
On 24 Feb 2004, François TOURDE uttered the following: Salut la liste, Salut Ma femme tente d'utiliser MSN Messenger (Eh oui, elle est pas encore sous GNU/Linux), avec les fonctions Webcam et son. Mais ça marche pas! Rhaa ben alors qu'est ce que tu fais François ? :) Si vous avez des idées, je suis preneur. Je n'ai pas d'idée mais j'aurais une question: je compte m'équiper d'une webcam pour dialoguer avec ma soeur (sourde et muette) pour pouvoir communiquer dans la langue des signes. Je n'utilise que du GNU et je me demandais quelle(s) webcam(s) étaient reconnues comme fonctionnelles sous GNU/Linux. Voilà et désolé de tenter une incursion dans ce fil :) zeDek -- Hacker Wonderland Xavier Maillard| Stand Back! I'm a programmer! .0. [EMAIL PROTECTED]| ..0 (+33) 326 770 221 |Webmaster, emacsfr.org 000 PGP : 0x1E028EA5 | Membre de l' APRIL pgpFtqOVvsP9Y.pgp Description: PGP signature
Quel camera (was Re: MSN Messenger et Debian Firewall)
Xavier Maillard a écrit : [...] Je n'ai pas d'idée mais j'aurais une question: je compte m'équiper d'une webcam pour dialoguer avec ma soeur (sourde et muette) pour pouvoir communiquer dans la langue des signes. Je n'utilise que du GNU et je me demandais quelle(s) webcam(s) étaient reconnues comme fonctionnelles sous GNU/Linux. Voilà et désolé de tenter une incursion dans ce fil :) J'utilise logitech quickcam. Les Philips sont semble t'il de tres bonne qualite et tres bien supportee. -- : __ __ __ __ __ __ [EMAIL PROTECTED] : /_// __ // __ //_// __ // / phone.: +48 32 285 5276 : / / / /_/ // /_/ / / / / /_/ // / fax: +48 32 285 5276 : /_/ /_//_/ /_/ /_/ /_//_/ mobile..: +48 602 284 546
Re: MSN Messenger et Debian Firewall
Le mer 25/02/2004 à 08:10, Xavier Maillard a écrit : On 24 Feb 2004, François TOURDE uttered the following: Salut la liste, Salut Ma femme tente d'utiliser MSN Messenger (Eh oui, elle est pas encore sous GNU/Linux), avec les fonctions Webcam et son. Mais ça marche pas! Rhaa ben alors qu'est ce que tu fais François ? :) Si vous avez des idées, je suis preneur. Je n'ai pas d'idée mais j'aurais une question: je compte m'équiper d'une webcam pour dialoguer avec ma soeur (sourde et muette) pour pouvoir communiquer dans la langue des signes. Je n'utilise que du GNU et je me demandais quelle(s) webcam(s) étaient reconnues comme fonctionnelles sous GNU/Linux. Voilà et désolé de tenter une incursion dans ce fil :) zeDek Coucou ici, j'ai une philips toucam 740K, une webcam d'excellente qualitée, et reconnu merveilleusement bien sous GNU/Linux, (modules sans compression disponible avec les sources du noyau à partir de 2.4.21 je crois), grâce à cette personne qui code des drivers : http://www.smcc.demon.nl/webcam/ (pas seulement pour philips) et unes autres personnes ayant fait un petit script et des explications pour l'installation de ces mêmes drivers : http://frlinux.net/?section=systemearticle=52 . Je crois avoir compris que le module de décompression n'est pas libre, mais disponible malgré tous pour pouvoir l'utiliser :/ ++ rah question au passage, comment fait-on pour ajouter no-spam aux champs reply quand on utilise evolution ? Merci :)
MSN Messenger et Debian Firewall
Salut la liste, Ma femme tente d'utiliser MSN Messenger (Eh oui, elle est pas encore sous GNU/Linux), avec les fonctions Webcam et son. Mais ça marche pas! La config est la suivante: PC W98 -Debian FW/Iptables --- Net La vidéo est bien retransmise vers l'extérieur, mais le son ne marche pas, qui que ce soit qui initie le dialogue vocal. La vidéo marche quelques secondes en réception, mais coupe après. Si vous avez des idées, je suis preneur. -- I did this 'cause Linux gives me a woody. It doesn't generate revenue. -- Dave '-ddt-` Taylor, announcing DOOM for Linux
Re: MSN Messenger et Debian Firewall
Le Tue, 24 Feb 2004 22:26:44 +0100 [EMAIL PROTECTED] (François TOURDE) a écrit: Salut la liste, Ma femme tente d'utiliser MSN Messenger (Eh oui, elle est pas encore sous GNU/Linux), avec les fonctions Webcam et son. Mais ça marche pas! La config est la suivante: PC W98 -Debian FW/Iptables --- Net La vidéo est bien retransmise vers l'extérieur, mais le son ne marche pas, qui que ce soit qui initie le dialogue vocal. La vidéo marche quelques secondes en réception, mais coupe après. Si vous avez des idées, je suis preneur. Ce n'est pas un problème avec ton Linux ne t'inquiète pas! :-) J'ai plusieurs copains qui ont le même genre de problème (pas de son mais l'image ou l'inverse) et qui sont complétement en Windows...
Re: MSN Messenger et Debian Firewall
Tester sans passerelle (W98 en acces direct au net) si ca fonctionne correctement. revoir la config de iptables en s'inspirant de ce document http://www.microsoft.com/france/technet/themes/km/info/info.aspmar=/fran ce/technet/themes/km/info/worki01.html @+
Re: MSN Messenger et Debian Firewall
François TOURDE a écrit : Salut la liste, Ma femme tente d'utiliser MSN Messenger (Eh oui, elle est pas encore sous GNU/Linux), avec les fonctions Webcam et son. Mais ça marche pas! La config est la suivante: PC W98 -Debian FW/Iptables --- Net La vidéo est bien retransmise vers l'extérieur, mais le son ne marche pas, qui que ce soit qui initie le dialogue vocal. La vidéo marche quelques secondes en réception, mais coupe après. Si vous avez des idées, je suis preneur. Bein chez moi ca marche. Meme schema. Pas de modifs specifiques dans iptables. Ceci dit, sur SF il y a un client linux pour messenger. Et gaim possede un plugin compatible pour le chat. -- : __ __ __ __ __ __ [EMAIL PROTECTED] : /_// __ // __ //_// __ // / phone.: +48 32 285 5276 : / / / /_/ // /_/ / / / / /_/ // / fax: +48 32 285 5276 : /_/ /_//_/ /_/ /_/ /_//_/ mobile..: +48 602 284 546
Re: MSN Messenger et Debian Firewall
Le 12472ième jour après Epoch, Gaëtan PERRIER écrivait: Le Tue, 24 Feb 2004 22:26:44 +0100 [EMAIL PROTECTED] (François TOURDE) a écrit: Salut la liste, Ma femme tente d'utiliser MSN Messenger (Eh oui, elle est pas encore sous GNU/Linux), avec les fonctions Webcam et son. Mais ça marche pas! La config est la suivante: PC W98 -Debian FW/Iptables --- Net La vidéo est bien retransmise vers l'extérieur, mais le son ne marche pas, qui que ce soit qui initie le dialogue vocal. La vidéo marche quelques secondes en réception, mais coupe après. Si vous avez des idées, je suis preneur. Ce n'est pas un problème avec ton Linux ne t'inquiète pas! :-) Je le savais :) ... J'ai plusieurs copains qui ont le même genre de problème (pas de son mais l'image ou l'inverse) et qui sont complétement en Windows... Bon, je vais la convaincre de passer complètement en Linux alors ;) -- If you wish to succeed, consult three old people.
Re: MSN Messenger et Debian Firewall
Le 12472ième jour après Epoch, [EMAIL PROTECTED] écrivait: Tester sans passerelle (W98 en acces direct au net) si ca fonctionne correctement. En fait, j'ai testé en réseau local, en bootant le PC de mon fils en Windows, et ça ne marche pas non plus ... -- Linux: the choice of a GNU generation -- [EMAIL PROTECTED] put this on Tshirts in '93
Re: MSN Messenger et Debian Firewall
Le 12472ième jour après Epoch, daniel huhardeaux écrivait: François TOURDE a écrit : Salut la liste, Ma femme tente d'utiliser MSN Messenger (Eh oui, elle est pas encore sous GNU/Linux), avec les fonctions Webcam et son. Mais ça marche pas! La config est la suivante: PC W98 -Debian FW/Iptables --- Net La vidéo est bien retransmise vers l'extérieur, mais le son ne marche pas, qui que ce soit qui initie le dialogue vocal. La vidéo marche quelques secondes en réception, mais coupe après. Si vous avez des idées, je suis preneur. Bein chez moi ca marche. Meme schema. Pas de modifs specifiques dans iptables. Bon, ça me rassure... Mais je me doutais quand même que chez certains ça marchait ;) Ceci dit, sur SF il y a un client linux pour messenger. Et gaim possede un plugin compatible pour le chat. Ouais, mais sans la vidéo ni le son. Perso j'utilise Gaim pour causer avec mes potes, mais en texte seulement. D'autre part, GnomeMeeting ne marche pas chez moi :( ... Le test du son échoue lors de la restitution. -- Hegel was right when he said that we learn from history that man can never learn anything from history. -George Bernard Shaw
Problems w/ Debian firewall and Windows VPN
I've recently set up a firewall in our house, running Debian. It's using iptables to do packet filtering. When I installed it, my mother started having problems connecting through VPN to her company (MAPICS). The connection starts fine, but after 5-10 minutes, it disconnects. I do not have this problem connecting to other VPN servers (such as to my employer) using her computer, so I know this is specific to their system. Previously, we were using a Linksys router, and it worked fine. Now, my first idea was that the firewall was blocking a certain type of packet, thus causing the connection to be terminated. However, running tcpdump on the internal and external interfaces show that everything is passing through nicely. Of note is that every time, right before the disconnect, their VPN server sends a PPTP Echo-Request to her client. The response from her client is a TCP RST, and the connection is terminated. I have verified this repeatedly, and this is the case every time. However, there are dozens of other times during the connection where a PPTP Echo-Request is sent from their server, and her client responds with the correct PPTP Echo-Reply, and they respond with a TCP ACK on that reply. In other words, the echo handshake goes back and forth several times throughout the connection, correctly, and at one of them her client decides not to reply, and simply RST the connection. I've examined the packets containing the Request from both a completed handshake and from the terminated one, and they both appear to be identical, excluding sequence numbers and acknowledgment numbers. I'm attaching packet captures from ethereal in the libpcap format--one from the perspective of the internal interface, and one from the external. These are pre-filtered, so they contain *all* network traffic at the time, so I'm positive that nothing that could identify the problem is left out. The VPN server is 208.217.85.63, and her client is 192.168.1.102. It's over a PPTP connection, with a Windows-based VPN server--I'm guessing Windows 2000 Server. If anyone could help me discover what the problem is, or point me in the direction of someone who could, I would be *extremely* grateful. -- Stephen Touset [EMAIL PROTECTED] What do you mean, 'Veritas is acting screwy'? Veritas is the shit! signature.asc Description: This is a digitally signed message part
Re: Problems w/ Debian firewall and Windows VPN
Stephen Touset wrote: I've recently set up a firewall in our house, running Debian. It's using iptables to do packet filtering. When I installed it, my mother started [snip] If anyone could help me discover what the problem is, or point me in the direction of someone who could, I would be *extremely* grateful. Stephen, I don't see the attachment... was it stripped by the list server or did you forget ;) If the former, can you stick on a website and post the URL...? Oh, and be aware that the captures may contain passwords if you captured some SMTP or similar. You may want to change some passwords if this is the case before posting the URL. Adam. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems w/ Debian firewall and Windows VPN
On Thu, 2004-01-01 at 20:36, Adam Barton wrote: I don't see the attachment... was it stripped by the list server or did you forget ;) *slaps self* Edit: I attached the files to this email, but it seems the email was filtered by the list. I've uploaded them to https://touset.org/packets.ext and https://touset.org/packets.int. Oh, and be aware that the captures may contain passwords if you captured some SMTP or similar. You may want to change some passwords if this is the case before posting the URL. Point taken. I've filtered out all miscellaneous traffic which might contain passwords. -- Stephen Touset [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Re: Problems w/ Debian firewall and Windows VPN
Probing around more, the last packet being sent is a TCP Zero Window packet. However, the few prior packets show its window being 65535. How can its window go from 65535 to zero that quickly? On Thu, 2004-01-01 at 19:53, Stephen Touset wrote: I've recently set up a firewall in our house, running Debian. It's using iptables to do packet filtering. When I installed it, my mother started having problems connecting through VPN to her company (MAPICS). The connection starts fine, but after 5-10 minutes, it disconnects. I do not have this problem connecting to other VPN servers (such as to my employer) using her computer, so I know this is specific to their system. Previously, we were using a Linksys router, and it worked fine. Now, my first idea was that the firewall was blocking a certain type of packet, thus causing the connection to be terminated. However, running tcpdump on the internal and external interfaces show that everything is passing through nicely. Of note is that every time, right before the disconnect, their VPN server sends a PPTP Echo-Request to her client. The response from her client is a TCP RST, and the connection is terminated. I have verified this repeatedly, and this is the case every time. However, there are dozens of other times during the connection where a PPTP Echo-Request is sent from their server, and her client responds with the correct PPTP Echo-Reply, and they respond with a TCP ACK on that reply. In other words, the echo handshake goes back and forth several times throughout the connection, correctly, and at one of them her client decides not to reply, and simply RST the connection. I've examined the packets containing the Request from both a completed handshake and from the terminated one, and they both appear to be identical, excluding sequence numbers and acknowledgment numbers. I'm attaching packet captures from ethereal in the libpcap format--one from the perspective of the internal interface, and one from the external. These are pre-filtered, so they contain *all* network traffic at the time, so I'm positive that nothing that could identify the problem is left out. The VPN server is 208.217.85.63, and her client is 192.168.1.102. It's over a PPTP connection, with a Windows-based VPN server--I'm guessing Windows 2000 Server. If anyone could help me discover what the problem is, or point me in the direction of someone who could, I would be *extremely* grateful. -- Stephen Touset [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Re: Debian Firewall Konfigurator?
Am Sonntag, 9. November 2003 02:50 schrieb Markus Meitner: Hallo Jan, habe hier ganz gute Erfahrungen mit Shorewall gemacht. Allerdings auf stable, ist mit apt-get verfügbar. Habe einen Woody-Router der ganau die gleiche Aufgabe erfüllt (Cisco-VPN). Ja, sieht gut aus, hab' ich gerade installiert. Ich habe das Problem, dass ich ein Netzwerk masqueraden will, dass nicht immer existiert (usb0 zum ipaq). Hast du da 'ne Idee? der mackert rum, dass esdas nciht gibt, was ja auch stimmt. BTW: Bitte kein ToFu hier in der Liste. Grüsse, Jan Torben -- http://www.jtheuer.de mailto:mail(-)jtheuer.de gpg-fingerprint: C707 EE9A 5BC1 CA68 95E0 F665 A72F 4885 650A 7F6E -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: Debian Firewall Konfigurator?
Hallo Jan Torben, in meinen Fall hängt der Zaurus wie Wireless Lan dran, und das existiert. Auf www.shorewall.net habe ich auch nichts gefunden was nicht vorhandene Netze betrifft. Vielleicht hast du in der Doku mehr Glück. MfG Markus On Sun, 2003-11-09 at 12:06, Jan Torben Heuer wrote: (usb0 zum ipaq). Hast du da 'ne Idee? der mackert rum, dass esdas nciht gibt, was ja auch stimmt. -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: Debian Firewall Konfigurator?
am Sun, dem 09.11.2003, um 12:06:09 +0100 mailte Jan Torben Heuer folgendes: Am Sonntag, 9. November 2003 02:50 schrieb Markus Meitner: Hallo Jan, habe hier ganz gute Erfahrungen mit Shorewall gemacht. Allerdings auf stable, ist mit apt-get verfügbar. Habe einen Woody-Router der ganau die gleiche Aufgabe erfüllt (Cisco-VPN). Ja, sieht gut aus, hab' ich gerade installiert. Ich habe das Problem, dass ich ein Netzwerk masqueraden will, dass nicht immer existiert (usb0 zum ipaq). Hast du da 'ne Idee? der mackert rum, dass esdas nciht Was spricht dagegen, direkt mit iptables zu arbeiten? Das kommt out-of-the-box auch mit (noch) nicht existierenden Devices klar. Andreas -- Diese Message wurde erstellt mit freundlicher Unterstützung eines freilau- fenden Pinguins aus artgerechter Freilandhaltung. Er ist garantiert frei von Micro$oft'schen Viren. (#97922 http://counter.li.org) GPG 7F4584DA Was, Sie wissen nicht, wo Kaufbach ist? Hier: N 51.05082°, E 13.56889° ;-) pgp0.pgp Description: PGP signature
Re: Debian Firewall Konfigurator?
Am Samstag November 8 2003 14:43 schrieb Jan Torben Heuer: Hi, hab hier Debian testing am laufen (iptables). Es gibt ja ein paar Hilfsskripe um schnell eine Firewall aufzubauen. Ich hänge hier an einem ADSL Netz über das ich eine VPN Verbindung in Internet aufbaue. Ich brauche also eine FW, die es mir erlaubt, zwei oder mehr devices zu Konfigurieren, sowie ein lokal Netz (und das ggf. routen). Schau dir mal http://www.ipcop.org an. Läuft auf einem externen Rechner. Kann mehrere Interfaces und auch VPN. Ich habe sie seit über 1,5 Jahren im einsatz. Hat sich bestens bewährt. cu -- Roland Kruggel mailto: [EMAIL PROTECTED] System: AMD 1200Mhz, Debian woody, 2.4.20, KDE 3.1.4 -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: Debian Firewall Konfigurator?
Am Samstag, 8. November 2003 14:43 schrieb Jan Torben Heuer: Hi, hab hier Debian testing am laufen (iptables). Es gibt ja ein paar Hilfsskripe um schnell eine Firewall aufzubauen. Ich hänge hier an einem ADSL Netz über das ich eine VPN Verbindung in Internet aufbaue. Ich brauche also eine FW, die es mir erlaubt, zwei oder mehr devices zu Konfigurieren, sowie ein lokal Netz (und das ggf. routen). Hat jemand einen Tip? bastille ? ciao gerhard -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: Debian Firewall Konfigurator?
Jan Torben Heuer wrote: Ja, sieht gut aus, hab' ich gerade installiert. Ich habe das Problem, dass ich ein Netzwerk masqueraden will, dass nicht immer existiert (usb0 zum ipaq). Hast du da 'ne Idee? der mackert rum, dass esdas nciht gibt, was ja auch stimmt. Was hast Du denn wo eingestellt bis jetzt? Ralph -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: Debian Firewall Konfigurator?
Am Sonntag, 9. November 2003 15:07 schrieb Ralph Bergmann: Ja, sieht gut aus, hab' ich gerade installiert. Ich habe das Problem, dass ich ein Netzwerk masqueraden will, dass nicht immer existiert (usb0 zum ipaq). Hast du da 'ne Idee? der mackert rum, dass esdas nciht gibt, was ja auch stimmt. Was hast Du denn wo eingestellt bis jetzt? usb0 ist in /etc/network/interfaces definiert (nicht als auto) und dann wollte ich das bei shorewall in die masquerading und interfaces eintragen als loc usb0 JT -- http://www.jtheuer.de mailto:mail(-)jtheuer.de gpg-fingerprint: C707 EE9A 5BC1 CA68 95E0 F665 A72F 4885 650A 7F6E -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Debian Firewall Konfigurator?
Hi, hab hier Debian testing am laufen (iptables). Es gibt ja ein paar Hilfsskripe um schnell eine Firewall aufzubauen. Ich hänge hier an einem ADSL Netz über das ich eine VPN Verbindung in Internet aufbaue. Ich brauche also eine FW, die es mir erlaubt, zwei oder mehr devices zu Konfigurieren, sowie ein lokal Netz (und das ggf. routen). Hat jemand einen Tip? firewall-easy scheint nur ein externes Interface zu erlauben. Gruss, JT -- http://www.jtheuer.de mailto:mail(-)jtheuer.de gpg-fingerprint: C707 EE9A 5BC1 CA68 95E0 F665 A72F 4885 650A 7F6E -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: Debian Firewall Konfigurator?
am 08.11.2003, um 14:43:20 +0100 mailte Jan Torben Heuer folgendes: Ich brauche also eine FW, die es mir erlaubt, zwei oder mehr devices zu Konfigurieren, sowie ein lokal Netz (und das ggf. routen). Hat jemand einen Tip? $EDITOR und http://netfilter.org Andreas -- Andreas Kretschmer(Kontakt: siehe Header) Tel. NL Heynitz: 035242/47212 GnuPG-ID 0x3FFF606C http://wwwkeys.de.pgp.net ===Schollglas Unternehmensgruppe=== -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: Debian Firewall Konfigurator?
Am Sat, 08 Nov 2003 14:40:11 +0100 schrieb Jan Torben Heuer: Hi, hab hier Debian testing am laufen (iptables). Es gibt ja ein paar Hilfsskripe um schnell eine Firewall aufzubauen. Ich hänge hier an einem ADSL Netz über das ich eine VPN Verbindung in Internet aufbaue. Ich brauche also eine FW, die es mir erlaubt, zwei oder mehr devices zu Konfigurieren, sowie ein lokal Netz (und das ggf. routen). Hat jemand einen Tip? Hi! Jetzt, wo ich mein kleines Problem [siehe Firehol (firewall) client für apt-get?] gelöst habe, kann ich Firehol (http://firehol.sf.net) auch erstmal guten Gewissens weiter empfehlen. Dieses Skript macht es Leuten, die sich (vorerst) nicht genauer mit Firewalls auseinandersetzten wollen sehr einfach diese mit Hilfe einer kleinen Conf-Datei aufzusetzten. Ich selber habe zwar momentan nur ein Interface im Rechner, aber soweit ich es gesehen habe ist es auch nicht sonderlich komplizierter die Firewall mit 2 Interfaces und Routing zu konfigurieren. Firehol ist übrigens in testing enthalten. Axel. -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: Debian Firewall Konfigurator?
Hallo Jan, habe hier ganz gute Erfahrungen mit Shorewall gemacht. Allerdings auf stable, ist mit apt-get verfügbar. Habe einen Woody-Router der ganau die gleiche Aufgabe erfüllt (Cisco-VPN). MfG Markus On Sat, 2003-11-08 at 14:43, Jan Torben Heuer wrote: Es gibt ja ein paar Hilfsskripe um schnell eine Firewall aufzubauen. Ich hänge hier an einem ADSL Netz über das ich eine VPN Verbindung in Internet aufbaue. Ich brauche also eine FW, die es mir erlaubt, zwei oder mehr devices zu Konfigurieren, sowie ein lokal Netz (und das ggf. routen). -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: Debian Firewall
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Please do not hit reply to start a new thread, as many mailers read the References header to thread messages. Reply preserves References. On Sat, Aug 30, 2003 at 09:35:31AM -0300, Hector Scaramelli wrote: I'm trying to build a firewall. Already loaded drivers and base system. I can ping to another pc but not to the router, IP 192.168.1.1. what are the command to reinstall the network without having to install all again? Just go nuts with a text editor in /etc/network. If you need help, type man 5 filename for the config file that's giving you trouble. - -- .''`. Paul Johnson [EMAIL PROTECTED] : :' : `. `'` proud Debian admin and user `- Debian - when you have better things to do than fix a system -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/UYsKUzgNqloQMwcRAuXTAKCdY75u2goDXWNpS2f4edNRxq46GQCePYB5 s00jtAjHpxED38sOeLW/eNU= =Dr5a -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Debian Firewall
I'm trying to build a firewall. Already loaded drivers and base system. I can ping to another pc but not to the router, IP 192.168.1.1. what are the command to reinstall the network without having to install all again? Thanks In Advance Hector -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian Firewall
On Sat, Aug 30, 2003 at 09:35:31AM -0300, Hector Scaramelli wrote: I'm trying to build a firewall. Already loaded drivers and base system. I can ping to another pc but not to the router, IP 192.168.1.1. what are the command to reinstall the network without having to install all again? Thanks In Advance Hector Maybe, that you search is # dpkg-reconfigure etherconf else, I don't know. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Debian firewall e servidor..
Pessoal, Tenho um firewall que roda iptables e da acesso a internet (adsl) para a minhas outras maquinas da rede, a politica de input do iptables é drop, a de output é accept e a de forward é accept, nao tenho nenhum redirecionamento de portas (NAT) configurado. Minha pergunta é: Posso ficar tranquilo quanto aos outros computadores da minha rede?? Tenho um servidor de arquivos Debian com samba, dns e postfix só para a rede interna. Outros computadores (da internet) conseguem acessar este servidor que nao tem nenhum firewall configurado?? Ou nao pois ele nao esta diretamente plugado na internet. E as estações win98 podem ser acessadas, obrigado pela ajuda... Cyro __ AcessoBOL, só R$ 9,90! O menor preço do mercado! Assine já! http://www.bol.com.br/acessobol
RE: Debian firewall e servidor..
Bem Cyro, como a política do INPUT é drop tu pode ficar tranquilo em relação a este servidor, entretanto todas as demais máquinas não estão protegidas de possíveis tentativas de conexão a partir de fora, forward é utilizado para pacotes que estão passando pela rede, através da tua máquina, não se destinam a ela nem partem dela, só passam. Como esta política é accept isto permite qualquer conexão vinda de fora da tua rede passe sem problemas para dentro. Qual o range de ip´s que tu usa na tua rede interna ? E na interface do adsl ? Dependendo destas respostas a tua rede esta + ou - segura, mas a princípio se alguém conhecer os ips da tua rede interna pode tentar se conectar nela. -Original Message- From: cyrowcrf [mailto:[EMAIL PROTECTED] Sent: quarta-feira, 11 de setembro de 2002 18:23 To: debian Subject: Debian firewall e servidor.. Pessoal, Tenho um firewall que roda iptables e da acesso a internet (adsl) para a minhas outras maquinas da rede, a politica de input do iptables é drop, a de output é accept e a de forward é accept, nao tenho nenhum redirecionamento de portas (NAT) configurado. Minha pergunta é: Posso ficar tranquilo quanto aos outros computadores da minha rede?? Tenho um servidor de arquivos Debian com samba, dns e postfix só para a rede interna. Outros computadores (da internet) conseguem acessar este servidor que nao tem nenhum firewall configurado?? Ou nao pois ele nao esta diretamente plugado na internet. E as estações win98 podem ser acessadas, obrigado pela ajuda... Cyro __ AcessoBOL, só R$ 9,90! O menor preço do mercado! Assine já! http://www.bol.com.br/acessobol -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
debian firewall and screen noise
I run debian as my firewall. After @HOME - @ATTBI.COM transition of my ISP, I started to get some weired packets. More annoyingly, any funny packets log shows up on screen. ICMP comming with wrong address to route seems to be one I can not get it quiet. Somehow my old IP (used at @HOME) get packet from performance-71.sfo.pnap.net and other server from this domain. These pnap.com servers are pain. Does anyone have way to stop overwriting console screen? -- ~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ + Osamu Aoki [EMAIL PROTECTED], GnuPG-key: 1024D/D5DE453D + + My debian quick-reference, http://qref.sourceforge.net/quick/ +
Re: debian firewall and screen noise
quote who=Osamu Aoki Does anyone have way to stop overwriting console screen? i very rarely see the console of my firewalls..but you may want to look at /etc/syslog.conf daemon.*;mail.*;\ news.crit;news.err;news.notice;\ *.=debug;*.=info;\ *.=notice;*.=warn |/dev/xconsole that may be the source of the messages on the console. also you can turn off logging on the firewall rules (i only have logging on for debugging then i turn it off). nate
Re: debian firewall and screen noise
On Wed, Dec 12, 2001 at 12:31:16AM -0800, nate wrote: quote who=Osamu Aoki Does anyone have way to stop overwriting console screen? ... you may want to look at /etc/syslog.conf ... # NOTE: adjust the list below, or you'll go crazy if you have a reasonably # busy site.. # daemon.*;mail.*;\ news.crit;news.err;news.notice;\ *.=debug;*.=info;\ *.=notice;*.=warn |/dev/xconsole Yep! I did not see ths on Potato. Yack. Why maintainer allow this. -- ~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ + Osamu Aoki [EMAIL PROTECTED], GnuPG-key: 1024D/D5DE453D + + My debian quick-reference, http://qref.sourceforge.net/quick/ +
Re: debian firewall and screen noise
Thus spake Osamu Aoki ([EMAIL PROTECTED]): Does anyone have way to stop overwriting console screen? I've heard/seen that 'dmesg -n1' works for this. -- Justin R. Miller [EMAIL PROTECTED] View my website at http://codesorcery.net Please encrypt email using key 0xC9C40C31 pgp348htiUPo9.pgp Description: PGP signature
Re: Debian Firewall
I want to setup a firewall for my home LAN. I will have 5 - 10 PC's behind it. It will be running on a PPro 233 w/ 80mb RAM, and 2 Intel 100mb NIC's. I want a lot of features. I want a lot of features: Security - you can't be 100 per cent. Do the best you can and keep current with advisories. I've done most of what you mentioned but only used a 486DX with a 408 Mb hard drive and 40 meg of RAM. My sincere advice - avoid the snazzy GUI frontends. Keep it to a mean CLI set-up and you'll be grateful to yourself later on. has anyone used gibraltar (www.gibraltar.at), the debian firewall, i'm having a go, and wondered what other people thought. Hereward
Debian Firewall
I want to setup a firewall for my home LAN. I will have 5 - 10 PC's behind it. It will be running on a PPro 233 w/ 80mb RAM, and 2 Intel 100mb NIC's. I want a lot of features. I want a lot of features: Security, Security, Security SSH Daemon NAT (Masq) Port Forwarding Graphical (web based ?) Network Analysis PPPoE support VPN support Convenient Method of Configuration (Web based, GUI based ?) I would also like it to be fairly upgradable. I love APT-GET, and would love to have the core of this firewall be Debian so that I can do my updates with this method. I also would like to experiment with the CISH (Cisco simulated) shell provided by the Linux Router Project. What is the best apporach to creating this Firewall. Should I start with my own basic install of Debian and build from there ? Is there a floppy or CD based image worth trying that is based on Debian ? ben
Re: Debian Firewall
I have a potato r3 doing that job some of the tasks you mention, it's a poor 586 with 32MB ram, only 500MB of HD What I did was install base system I did't check any grout in simple mode (tasksel) and then, I installed what I needed (apache, ssh, so on) Just my experience At 10:11 a.m. 24/07/01 -0400, Case, Benjamin wrote: I want to setup a firewall for my home LAN. I will have 5 - 10 PC's behind it. It will be running on a PPro 233 w/ 80mb RAM, and 2 Intel 100mb NIC's. I want a lot of features. I want a lot of features: Security, Security, Security SSH Daemon NAT (Masq) Port Forwarding Graphical (web based ?) Network Analysis PPPoE support VPN support Convenient Method of Configuration (Web based, GUI based ?) I would also like it to be fairly upgradable. I love APT-GET, and would love to have the core of this firewall be Debian so that I can do my updates with this method. I also would like to experiment with the CISH (Cisco simulated) shell provided by the Linux Router Project. What is the best apporach to creating this Firewall. Should I start with my own basic install of Debian and build from there ? Is there a floppy or CD based image worth trying that is based on Debian ? ben -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian Firewall
On Tue, Jul 24, 2001 at 10:11:19AM -0400, Case, Benjamin wrote: Security, Security, Security SSH Daemon NAT (Masq) Port Forwarding Graphical (web based ?) Network Analysis PPPoE support VPN support Convenient Method of Configuration (Web based, GUI based ?) [snip] What is the best apporach to creating this Firewall. Should I start with my own basic install of Debian and build from there ? Is there a floppy or CD based image worth trying that is based on Debian ? Install a debian base system. In the dselect package listing, remove all packages that are not needed on a firewall, like gcc, tetex and any bad stuff like telnetd or rwhod. Then select the packages you do want: ssh, ipmasq, pppoe, mrtg, perhaps a tiny httpd for the stats. Install the packages from the dselect menu. Repeat for any other packages you later find you need or don't need. I'm not very experienced with gui administration and I personally don't find it convenient at all. On a security sensitive system, you don't want to run anything more than strictly necessary, fancy configuration layers included. Just consider the various webinterfaces in embedded systems, like routers and network printers, and how these are accidentally hurt by iis sploit requests. Remember to netstat -at and to mercilessly remove any service that you did not put there yourself with the express intent to respond to arbitrary people on the internet. There exists a debian-firewall list, iirc. Try searching the archives of that list and posting there, it likely has a better yield. Cheers, Joost
Re: Debian Firewall
On Tue, Jul 24, 2001 at 10:11:19AM -0400, Case, Benjamin wrote: I want to setup a firewall for my home LAN. I will have 5 - 10 PC's behind it. It will be running on a PPro 233 w/ 80mb RAM, and 2 Intel 100mb NIC's. I want a lot of features. I want a lot of features: Security - you can't be 100 per cent. Do the best you can and keep current with advisories. I've done most of what you mentioned but only used a 486DX with a 408 Mb hard drive and 40 meg of RAM. My sincere advice - avoid the snazzy GUI frontends. Keep it to a mean CLI set-up and you'll be grateful to yourself later on. Sam -- (Sam Varghese) http://www.gnubies.com
debian firewall and packet monitoring
I'm setting up a debian machine as a firewall for a friend who has a cable modem that he wants to share with his family. But he wants to be able to monitor the email and yahoo chatting that his kids do. Is there an easy way to do this on a debian box? Thx.
Re: debian firewall and packet monitoring
Hi, yes, I found a good iptables firewall script. It is simple to configure to set y or n to a list of options. It also blocks trojans and ports you should not use. You can download it from: http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/adsl4linux/ADSL4Linux/ADS L4Linux/templates/firewall.iptables.devel?rev=HEADcontent-type=text/vnd .viewcvs-markup Greetz, Sebastiaan -- NT is the OS of the future. The main engine is the 16-bit Subsystem (also called MS-DOS Subsystem). Above that, there is the windoze 95/98 16-bit Subsystem. Anyone can see that 16+16=32, so windoze NT is a *real* 32-bit system. On Sun, 8 Jul 2001, Jason Majors wrote: I'm setting up a debian machine as a firewall for a friend who has a cable modem that he wants to share with his family. But he wants to be able to monitor the email and yahoo chatting that his kids do. Is there an easy way to do this on a debian box? Thx. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ICQ with debian firewall
I have licq and micq running nicely here. On Sunday 10 December 2000 19:31, Nate Amsden wrote: Kyle Peterson wrote: I looked into that module and from what I gather its doesn't work with ICQ 200, just ICQ99. The only way I can see is to use port forwarding. possible...i only use licq ..dont know if it works with other clients. nate -- Jaye Inabnit, ARS ke6sls e-mail: [EMAIL PROTECTED] 707-442-6579 h/m 707-441-7096 p http://www.qsl.net/ke6slsICQ# 12741145 This mail composed with kmail on kde on X on linux warped by debian If it's stupid, but works, it ain't stupid.
Re: ICQ with debian firewall
Hi, try the icq module first. It did not work for me, so I had to do a ipmasqadm portfw -a -P tcp -L 10.161.67.65 4000 -R 192.168.1.1 4000 With this option, there is no need to reconfigure the icq clients. Even without this option, most parts of icq work, except filetransfer and some sort of chat (as far as I know). When this also does not work, read the Ip-Masq. HOWTO. You have to forward ports 2000-2020 for every client and reconfigure it. Greetz, Sebastiaan On Sun, 10 Dec 2000, Kyle Peterson wrote: Hello everyone. I'm planning on changing my network router from Sygate 4.0 on a Win NT 4.0 server to a debian ip masq machine. Right now, ICQ is working excellent with sygate. How does it work with IP masq? When I set the firewall rules, to I have to open ports on the firewall, or just have them forwarded to the right machines using ipmasqadm? --- ICQ #:14518882 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ICQ with debian firewall
I think port 4000 is used for ICQ99, ICQ2000 uses 5190 (i think). But thank you, I'll try that out. --- ICQ #:14518882 - Original Message - From: Sebastiaan [EMAIL PROTECTED] To: Kyle Peterson [EMAIL PROTECTED] Cc: Debian Mailing List debian-user@lists.debian.org Sent: Monday, December 11, 2000 12:29 AM Subject: Re: ICQ with debian firewall Hi, try the icq module first. It did not work for me, so I had to do a ipmasqadm portfw -a -P tcp -L 10.161.67.65 4000 -R 192.168.1.1 4000 With this option, there is no need to reconfigure the icq clients. Even without this option, most parts of icq work, except filetransfer and some sort of chat (as far as I know). When this also does not work, read the Ip-Masq. HOWTO. You have to forward ports 2000-2020 for every client and reconfigure it. Greetz, Sebastiaan On Sun, 10 Dec 2000, Kyle Peterson wrote: Hello everyone. I'm planning on changing my network router from Sygate 4.0 on a Win NT 4.0 server to a debian ip masq machine. Right now, ICQ is working excellent with sygate. How does it work with IP masq? When I set the firewall rules, to I have to open ports on the firewall, or just have them forwarded to the right machines using ipmasqadm? --- ICQ #:14518882 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ICQ with debian firewall
it works ...provided you configure ipmasq, i suggest using the ipmasq module. http://www.tsmservices.com/masq/detailform.php3?124 it's not perfect but works.. No, it does not work for me. When I do a depmod -a I get an error regarding unresolved symbols, and I get a lot of them when insmodding it. Did I forget something? Thanks, Sebastiaan
Re: ICQ with debian firewall
Kyle Peterson [EMAIL PROTECTED] writes: Hello everyone. I'm planning on changing my network router from Sygate 4.0 on a Win NT 4.0 server to a debian ip masq machine. Right now, ICQ is working excellent with sygate. How does it work with IP masq? When I set the firewall rules, to I have to open ports on the firewall, or just have them forwarded to the right machines using ipmasqadm? I'd suggest using a socks server on the router. Works flawlessly with ICQ, including incoming and outgoing file transfers, chat and everything else.
ICQ with debian firewall
Hello everyone. I'm planning on changing my network router from Sygate 4.0 on a Win NT 4.0 server to a debian ip masq machine. Right now, ICQ is working excellent with sygate. How does it work with IP masq? When I set the firewall rules, to I have to open ports on the firewall, or just have them forwarded to the right machines using ipmasqadm? --- ICQ #:14518882
Re: ICQ with debian firewall
Kyle Peterson wrote: Hello everyone. I'm planning on changing my network router from Sygate 4.0 on a Win NT 4.0 server to a debian ip masq machine. Right now, ICQ is working excellent with sygate. How does it work with IP masq? When I set the firewall rules, to I have to open ports on the firewall, or just have them forwarded to the right machines using ipmasqadm? it works ...provided you configure ipmasq, i suggest using the ipmasq module. http://www.tsmservices.com/masq/detailform.php3?124 it's not perfect but works.. nate -- ::: ICQ: 75132336 http://www.aphroland.org/ http://www.linuxpowered.net/ [EMAIL PROTECTED]