Re: [Vyatta-users] Installed to HD now I can't log in
Ok I just tried using the other enter key with no luck. I swapped out keyboards and that didn't help. Then I threw the live boot back in it and ran from that. Now it works fine again. If I go to the installed version it still doesn't work. I'm thinking it may be related to the media I had used for the CD (It was the only disk I had and it was a bit rough). I think I'm going to try reinstalling with a clean CD to see if that works. Thanks for your assistance Jesse On 12/31/07, Aubrey Wells [EMAIL PROTECTED] wrote: Sounds like a sticky [Enter] key, or a problem with the keyboard or motherboard. Try using the other enter key? * --* *Aubrey Wells* *Senior Engineer* Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Dec 31, 2007, at 4:53 PM, Jesse Robertson wrote: I just installed vyatta to the hard drive. I accepted the default configurations in all cases and when it finished I rebooted. Everything seems to load then I am presented with Welcome to Vyatta - vyatta tty1 and the login prompt. I have tried root and vyatta and in both cases as soon as I hit enter instead of asking for a password it says LOGIN INCORRECT on 4 lines then says MAXIMUM NUMBER OF TRIES EXCEEDED (5) Then it goes back to the login prompt. What is going on? Thanks Jesse ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] IGMP v3 support?
Would someone have an idea when can we expect to see IGMPv3 support in Vyatta? I suppose PIM-SM SSM is already supported, but is there a way to use this feature without IGMPv3? PIM-SM is currently experimental. We do absolutely no testing of it whatsoever at this time. We'd be pleased to hear about any bugs, but we haven't yet started to work in earnest on the multicast subsystem. If you find something, please file it in Bugzilla (bugzilla.vyatta.com). We're expecting to do some multicast work in 2008. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Installed to HD now I can't log in
That's very odd. Sometimes, router manager can fail to start, typically when there is a problem of some sort with the config file. In that case, you can't log in as vyatta, but you should always be able to login as root, assuming you know the right password. If you have made no changes to the configuration, I can't for the life of me figure out why it would lock you out in that way. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jesse Robertson Sent: Wednesday, January 02, 2008 8:10 AM To: vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] Installed to HD now I can't log in Ok I just tried using the other enter key with no luck. I swapped out keyboards and that didn't help. Then I threw the live boot back in it and ran from that. Now it works fine again. If I go to the installed version it still doesn't work. I'm thinking it may be related to the media I had used for the CD (It was the only disk I had and it was a bit rough). I think I'm going to try reinstalling with a clean CD to see if that works. Thanks for your assistance Jesse On 12/31/07, Aubrey Wells [EMAIL PROTECTED] wrote: Sounds like a sticky [Enter] key, or a problem with the keyboard or motherboard. Try using the other enter key? -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com http://www.sheltonjohns.com/ On Dec 31, 2007, at 4:53 PM, Jesse Robertson wrote: I just installed vyatta to the hard drive. I accepted the default configurations in all cases and when it finished I rebooted. Everything seems to load then I am presented with Welcome to Vyatta - vyatta tty1 and the login prompt. I have tried root and vyatta and in both cases as soon as I hit enter instead of asking for a password it says LOGIN INCORRECT on 4 lines then says MAXIMUM NUMBER OF TRIES EXCEEDED (5) Then it goes back to the login prompt. What is going on? Thanks Jesse ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] router on the stick
On Jan 2, 2008 12:18 AM, Vects [EMAIL PROTECTED] wrote: Hello there, Does vyatta support router on the stick configuration? I want to deploy it in web hosting environment when every customer has the own vlan. Is there any known problem with firewall in such a configuration? Thanks, Alexc No issues that I know of; should be just fine for what you need :-) Best, Justin ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] happy with NAT. should I firewall also?
Thanks, Justin. I guess what I'm looking for is just to be reasonably secure. I
understand that, strictly speaking, reasonably secure will mean different
things to different people, so I'm just talking in broad terms.
For instance, I understand that my SMTP server shouldn't be an open relay and
so it's set to only send mail for authenticated clients and SMTP logins are
sent over TLS instead of clear text, I understand that TELNET communication is
unencrypted and SSH is strongly recommended instead and SSHv2 is recommended
over SSHv1.
So I'm just looking for similar best practice recommendations for Vyatta as
an edge router.
So, NAT rules will cause all traffic for defined ports to be forwarded and then
I make sure that services listening on those ports on my internal machines are
patched against application level vulnerabilities. Is NAT for incoming traffic
good enough or should one use some firewall rules in addition? If so, what
rules? Rules to limit traffic to protocols appropriate for services listening
on those ports (e.g. only allow SSH traffic on port 22) and rules to allow/deny
based on the state of the packet.
Traffic that doesn't get forwarded via NAT rules is considered local to the
router, right? So if I only want SSH from outside to the router, I define a
firewall rule to allow SSH and an implicit deny all else takes place?
thanks again, -Alain.
On Tue, 1 Jan 2008 20:18:20 -0800, Justin Fletcher [EMAIL PROTECTED] wrote:
Depends on what you're looking for (of course :-) )
Since you're under NAT, nothing can find your system that you don't
have set up for forwarding. You could set up firewall rules for the
public
address of your router, as it's wide-open otherwise, of course.
A happy 2008 to you,
Justin
On Jan 1, 2008 6:40 PM, Alain Kelder [EMAIL PROTECTED] wrote:
Hello,
At my home office, I have 1 public IP and I'm forwarding certain outside
port requests to the various machines inside using NAT. I'm allowing all
inside-out traffic. Given that I'm happy with this setup from the
functionality perspective, should I still add firewall rules to define
my current setup (e.g. to allow all inside-out traffic and to allow
http, smtp, etc to the various machines for outside-in traffic)? Am I
missing out on important security features the firewall would offer
which NAT doesn't?
Currently I just have the following firewall statements:
firewall {
log-martians: enable
send-redirects: disable
receive-redirects: disable
ip-src-route: disable
broadcast-ping: disable
syn-cookies: enable
}
[EMAIL PROTECTED] show version
Baseline Version: vc3
Booted From: disk
Happy New Year to all! Cheers, -Alain.
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] router on the stick
I'm using it in this manner with many (30+) vlans with no issues. I'm not doing any firewalling, but iptables can handle vlan interfaces, so that shouldn't be an issue. I'm using tc to do bandwidth rate-limiting and that works well on the vifs. In short, you should be good. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Jan 2, 2008, at 1:21 PM, Justin Fletcher wrote: On Jan 2, 2008 12:18 AM, Vects [EMAIL PROTECTED] wrote: Hello there, Does vyatta support router on the stick configuration? I want to deploy it in web hosting environment when every customer has the own vlan. Is there any known problem with firewall in such a configuration? Thanks, Alexc No issues that I know of; should be just fine for what you need :-) Best, Justin ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] jdocs anything like this for vyatta
Do we have any future support for something similar in vyatta? Cli online help. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] jdocs anything like this for vyatta
Not sure what like this means, but there's full documentation available at vyatta.com, and on-line CLI help; just use the '?' key. Best, Justin On Jan 2, 2008 2:55 PM, Ken Felix (C) [EMAIL PROTECTED] wrote: Do we have any future support for something similar in vyatta? Cli online help. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] jdocs anything like this for vyatta
JDocs are man-pages for commands. There are also general technical tutorials available. Its like having a book about JunOS available on the router. Justin Fletcher wrote: Not sure what like this means, but there's full documentation available at vyatta.com, and on-line CLI help; just use the '?' key. Best, Justin On Jan 2, 2008 2:55 PM, Ken Felix (C) [EMAIL PROTECTED] wrote: Do we have any future support for something similar in vyatta? Cli online help. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
