[Vyatta-users] firewall problem
So what's the rest of your question ? What do you have behind your
router/firewall that need access ?
You have one rule inserted and I'm assuming you have or need more rules.
Only suggest would be to research what rules you need and
protocols/src to allow.
i.e ( for example )
[EMAIL PROTECTED] show firewall
name securityguard {
rule 3 {
action: accept
source {
network: 192.168.255.0/24
}
destination {
network: 192.168.254.0/24
}
}
rule 4 {
protocol: icmp
action: accept
source {
network: 192.168.20.0/24
}
}
rule 5 {
description: data-base network thru vpn
action: accept
source {
network: 198.206.212.0/25
}
destination {
network: 198.206.211.0/25
}
}
rule 6 {
protocol: udp
action: accept
source {
network: 11.1.1.0/24
port-number 123
}
}
rule 7 {
description: inbound_dns53
protocol: udp
action: accept
source {
network: xxx.xxx.52.0/24
port-number 53
}
}
rule 8 {
protocol: tcp
action: accept
source {
network: xxx.xxx.18.0/20
}
destination {
port-number 22
}
}
rule 9 {
description: my access inbound ssh from bellsouth
protocol: tcp
action: accept
source {
address: 66.253.xxx.xxx
}
destination {
port-number 22
}
}
rule 10 {
description: _vpn concentrators network
protocol: 50
action: accept
source {
network: 123.222.222.0/29
}
}
rule 14 {
description: ike-keys ipsec-related
protocol: udp
action: accept
source {
network: 123.222.222.0/29
}
destination {
port-number 500
}
}
rule 16 {
protocol: udp
action: accept
source {
network: 123.2.2.0/24
port-number 53
}
}
rule 18 {
protocol: 89
action: accept
source {
network: aaa.bbb.ccc.0/24
}
}
rule 199 {
protocol: tcp
state {
established: enable
}
action: accept
}
rule 200 {
protocol: tcp
state {
related: enable
}
action: accept
}
}
[edit]
NOTE: Make sure you allow for icmp. Routing protocols,vpn,ssh from the
proper networks fromn trusted and untrusted networks.
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] ANN: Glendale Alpha 1 Released
As many of you know, the Vyatta development team has been working hard on the next major Vyatta release, code named Glendale. Glendale represents a *HUGE* step forward on a number of fronts. Because of this, Vyatta has committed to making early previews available to the Vyatta Community so that you can get comfortable with the new features and provide feedback on the functionality and stability of the system. TODAY'S ANNOUNCEMENT: = Today, I'm pleased to announce that Glendale Alpha 1 has been made available for download from the Vyatta web site: http://www.vyatta.com/download/ Release notes and documentation for Alpha 1 are available on the Vyatta Community Wiki: http://www.vyatta.com/twiki/bin/view/Community/GlendaleAlpha1 Currently, the documentation is going through rapid development and has been released as separate chapters. As new chapters are written or previously released chapters are updated, they will be uploaded to the Community Wiki. If you find issues with the documentation, please report them to the vyatta-users mailing list. THINGS TO NOTE: === This is ***ALPHA*** software. It is not yet feature complete or fully stable. Because of this, it is not suitable for production networks. If you use it in your production network, it will lose your packets, corrupt your data, and make your hair fall out. Be warned. Anybody even contemplating testing Alpha 1 should be sure to read the rest of this announcement and the release notes very carefully. There are a number of changes to the system. All that said, we want you to test it like crazy, so don't be shy. ALPHA 1 FEATURES: = The release notes have some more information, but here is a description of some of the major changes in the system: * Glendale has touched just about every subsystem in some way. In some cases, the changes are relatively minor. In others, they represent a radical departure. Because of the global changes, Glendale does not attempt to keep backward compatibility with previous configuration files. If you want to upgrade a system to Glendale, save off the configuration first and then translate the configuration by hand to the new syntax. * Glendale Alpha 1 is distributed in ISO format only. There are currently no package repositories for the system and future preview releases (Alpha 2 and Beta) will be distributed in a similar fashion. * Glendale has a completely new command line interface infrastructure, called FusionCLI. FusionCLI is based on an extended version of bash with access to Vyatta-specific commands and syntax, effectively fusing together management functionality at the CLI level and eliminating the separate Vyatta shell. FusionCLI has a role-based user account system. Depending on the user role, the user may be able to execute standard Linux commands from the FusionCLI prompt. Further, the system is scriptable with a combination of bash scripting and Vyatta-specific commands. Once you play with this for a while, you'll begin to realize the power this affords administrators. The release notes have more information about this functionality. In particular, there are changes to the online '?'-help system that you should be aware of. * Glendale has completely revamped the routing subsystem. If you were struggling with routing protocol issues previously, there is a very good chance that your issues are gone. In particular, scalability and stability are greatly improved and the feature set has been expanded tremendously. * Along with the routing subsystem, the policy subsystem is completely different. It should now handle more complex policy configurations and operate closer to the way you would expect. * The VRRP subsystem has been revamped. We now support multiple VRRP groups on a single interface, eliminating a common issue with the previous VRRP implementation. * DHCP client is now supported. This will make it easier for people connecting to broadband networks that do not provide static addressing (commonly DSL and cable networks). * Many other existing subsystems have been touched to fix bugs or provide minor enhancements. Implemented but not documented: --- There are several new features that have been implemented, but do not yet have documentation. If you're adventurous you can use the CLI help to try them out. Look for documentation to arrive over the coming weeks. * GRE and IP-in-IP tunnels are supported. These features are located under the interfaces/tunnel hierarchy. * L2TP+IPsec and PPTP client VPNs. These features are located under the vpn hierarchy. These protocols are compatible with the standard Microsoft and Mac OS X clients. Instructions for configuring the client side of things can be found on the Microsoft and Apple web sites. Linux clients are also available for these protocols from various Internet download sites. Coming features that are not yet
Re: [Vyatta-users] ANN: Glendale Alpha 1 Released
Sweet. Downloading it now to put it through its paces. Should we post questions/comments/bugs here or on hackers? -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Jan 24, 2008, at 7:33 PM, Dave Roberts wrote: As many of you know, the Vyatta development team has been working hard on the next major Vyatta release, code named Glendale. Glendale represents a *HUGE* step forward on a number of fronts. Because of this, Vyatta has committed to making early previews available to the Vyatta Community so that you can get comfortable with the new features and provide feedback on the functionality and stability of the system. TODAY'S ANNOUNCEMENT: = Today, I'm pleased to announce that Glendale Alpha 1 has been made available for download from the Vyatta web site: http://www.vyatta.com/download/ Release notes and documentation for Alpha 1 are available on the Vyatta Community Wiki: http://www.vyatta.com/twiki/bin/view/Community/GlendaleAlpha1 Currently, the documentation is going through rapid development and has been released as separate chapters. As new chapters are written or previously released chapters are updated, they will be uploaded to the Community Wiki. If you find issues with the documentation, please report them to the vyatta-users mailing list. THINGS TO NOTE: === This is ***ALPHA*** software. It is not yet feature complete or fully stable. Because of this, it is not suitable for production networks. If you use it in your production network, it will lose your packets, corrupt your data, and make your hair fall out. Be warned. Anybody even contemplating testing Alpha 1 should be sure to read the rest of this announcement and the release notes very carefully. There are a number of changes to the system. All that said, we want you to test it like crazy, so don't be shy. ALPHA 1 FEATURES: = The release notes have some more information, but here is a description of some of the major changes in the system: * Glendale has touched just about every subsystem in some way. In some cases, the changes are relatively minor. In others, they represent a radical departure. Because of the global changes, Glendale does not attempt to keep backward compatibility with previous configuration files. If you want to upgrade a system to Glendale, save off the configuration first and then translate the configuration by hand to the new syntax. * Glendale Alpha 1 is distributed in ISO format only. There are currently no package repositories for the system and future preview releases (Alpha 2 and Beta) will be distributed in a similar fashion. * Glendale has a completely new command line interface infrastructure, called FusionCLI. FusionCLI is based on an extended version of bash with access to Vyatta-specific commands and syntax, effectively fusing together management functionality at the CLI level and eliminating the separate Vyatta shell. FusionCLI has a role-based user account system. Depending on the user role, the user may be able to execute standard Linux commands from the FusionCLI prompt. Further, the system is scriptable with a combination of bash scripting and Vyatta-specific commands. Once you play with this for a while, you'll begin to realize the power this affords administrators. The release notes have more information about this functionality. In particular, there are changes to the online '?'-help system that you should be aware of. * Glendale has completely revamped the routing subsystem. If you were struggling with routing protocol issues previously, there is a very good chance that your issues are gone. In particular, scalability and stability are greatly improved and the feature set has been expanded tremendously. * Along with the routing subsystem, the policy subsystem is completely different. It should now handle more complex policy configurations and operate closer to the way you would expect. * The VRRP subsystem has been revamped. We now support multiple VRRP groups on a single interface, eliminating a common issue with the previous VRRP implementation. * DHCP client is now supported. This will make it easier for people connecting to broadband networks that do not provide static addressing (commonly DSL and cable networks). * Many other existing subsystems have been touched to fix bugs or provide minor enhancements. Implemented but not documented: --- There are several new features that have been implemented, but do not yet have documentation. If you're adventurous you can use the CLI help to try them out. Look for documentation to arrive over the coming weeks. * GRE and IP-in-IP tunnels are supported. These features are located under the
Re: [Vyatta-users] ANN: Glendale Alpha 1 Released
Discuss Glendale on this list unless the comments are specifically about how to build or hack the system. Cheers, -- Dave Roberts -Original Message- From: Aubrey Wells [EMAIL PROTECTED] To: Dave Roberts [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: 1/24/2008 5:39 PM Subject: Re: [Vyatta-users] ANN: Glendale Alpha 1 Released Sweet. Downloading it now to put it through its paces. Should we post questions/comments/bugs here or on hackers? -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Jan 24, 2008, at 7:33 PM, Dave Roberts wrote: As many of you know, the Vyatta development team has been working hard on the next major Vyatta release, code named Glendale. Glendale represents a *HUGE* step forward on a number of fronts. Because of this, Vyatta has committed to making early previews available to the Vyatta Community so that you can get comfortable with the new features and provide feedback on the functionality and stability of the system. TODAY'S ANNOUNCEMENT: = Today, I'm pleased to announce that Glendale Alpha 1 has been made available for download from the Vyatta web site: http://www.vyatta.com/download/ Release notes and documentation for Alpha 1 are available on the Vyatta Community Wiki: http://www.vyatta.com/twiki/bin/view/Community/GlendaleAlpha1 Currently, the documentation is going through rapid development and has been released as separate chapters. As new chapters are written or previously released chapters are updated, they will be uploaded to the Community Wiki. If you find issues with the documentation, please report them to the vyatta-users mailing list. THINGS TO NOTE: === This is ***ALPHA*** software. It is not yet feature complete or fully stable. Because of this, it is not suitable for production networks. If you use it in your production network, it will lose your packets, corrupt your data, and make your hair fall out. Be warned. Anybody even contemplating testing Alpha 1 should be sure to read the rest of this announcement and the release notes very carefully. There are a number of changes to the system. All that said, we want you to test it like crazy, so don't be shy. ALPHA 1 FEATURES: = The release notes have some more information, but here is a description of some of the major changes in the system: * Glendale has touched just about every subsystem in some way. In some cases, the changes are relatively minor. In others, they represent a radical departure. Because of the global changes, Glendale does not attempt to keep backward compatibility with previous configuration files. If you want to upgrade a system to Glendale, save off the configuration first and then translate the configuration by hand to the new syntax. * Glendale Alpha 1 is distributed in ISO format only. There are currently no package repositories for the system and future preview releases (Alpha 2 and Beta) will be distributed in a similar fashion. * Glendale has a completely new command line interface infrastructure, called FusionCLI. FusionCLI is based on an extended version of bash with access to Vyatta-specific commands and syntax, effectively fusing together management functionality at the CLI level and eliminating the separate Vyatta shell. FusionCLI has a role-based user account system. Depending on the user role, the user may be able to execute standard Linux commands from the FusionCLI prompt. Further, the system is scriptable with a combination of bash scripting and Vyatta-specific commands. Once you play with this for a while, you'll begin to realize the power this affords administrators. The release notes have more information about this functionality. In particular, there are changes to the online '?'-help system that you should be aware of. * Glendale has completely revamped the routing subsystem. If you were struggling with routing protocol issues previously, there is a very good chance that your issues are gone. In particular, scalability and stability are greatly improved and the feature set has been expanded tremendously. * Along with the routing subsystem, the policy subsystem is completely different. It should now handle more complex policy configurations and operate closer to the way you would expect. * The VRRP subsystem has been revamped. We now support multiple VRRP groups on a single interface, eliminating a common issue with the previous VRRP implementation. * DHCP client is now supported. This will make it easier for people connecting to broadband networks that do not provide static addressing (commonly DSL and cable networks). * Many other existing subsystems have been touched to fix bugs or provide minor enhancements. Implemented but not documented:
