Re: [Vyatta-users] Vyatta-users Digest, Vol 23, Issue 33
Thanks Aubrey Wells. I typed 'save' to save it on the default file [EMAIL PROTECTED] wrote: > >Send Vyatta-users mailing list submissions to > vyatta-users@mailman.vyatta.com > >To subscribe or unsubscribe via the World Wide Web, visit > http://mailman.vyatta.com/mailman/listinfo/vyatta-users >or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > >You can reach the person managing the list at > [EMAIL PROTECTED] > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of Vyatta-users digest..." > > >Today's Topics: > > 1. Re: can't find my running config (Aubrey Wells) > 2. Re: can't find my running config (Aubrey Wells) > 3. Re: can't find my running config (James A. Shigley) > 4. Re: Vyatta-users Digest, Vol 23, Issue 32 (Isiak Solih Sadik) > > >-- > >Message: 1 >Date: Thu, 15 Nov 2007 16:06:38 -0500 >From: Aubrey Wells <[EMAIL PROTECTED]> >Subject: Re: [Vyatta-users] can't find my running config >To: James A. Shigley <[EMAIL PROTECTED]> >Cc: vyatta-users@mailman.vyatta.com >Message-ID: <[EMAIL PROTECTED]> >Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed > >Are you actually typing "save" from configuration mode to save the >config, or are you assuming "commit" saves the config? You must type >"save" or "save /path/to/file" to save the config to survive a >reboot. All commit does is activate the changes made. > > > >-- >Aubrey Wells >Senior Engineer >Shelton | Johns Technology Group >A Vyatta Ready Partner >www.sheltonjohns.com > > > > >On Nov 15, 2007, at 2:17 PM, James A. Shigley wrote: > >> I have a similar problem twice now. And I do have it installed to a >> disk not running off the iso. >> >> James Shigley >> Monroe Telephone Answering Service >> 409-981-9213 >> Infinity 5.4,UC 4.02, Blink 3.0.104 >> Ecreator:5.03, eResponse 1.1.6 >> Webportal,WebApps, >> >> CONFIDENTIALITY NOTICE: This email, including any attachments, >> contains information which may be confidential or privileged. The >> information is intended to be for the use of the individual or >> entity named above. If you are not the intended recipient, be aware >> that any disclosure, copying, distribution or use of the contents >> of this information is prohibited. If you have received this email >> in error, please notify the sender immediately by "reply to sender >> only" message and destroy all electronic and hard copies of the >> communication, including attachments. >> >> "Common sense is the collection of prejudices acquired by age >> eighteen." -- Albert Einstein >> "Once you can accept the universe as matter expanding into nothing >> that is something,wearing stripes with plaid comes easy." -- Albert >> Einstein >> "I know a little of everything, but a lot of nothing" >> >> >> -Original Message- >> From: [EMAIL PROTECTED] [mailto:vyatta-users- >> [EMAIL PROTECTED] On Behalf Of Justin Fletcher >> Sent: Thursday, November 15, 2007 11:46 AM >> To: Isiak Solih Sadik >> Cc: . >> Subject: Re: [Vyatta-users] can't find my running config >> >> Are you running the live CD or installed to disk? If you're running >> the live CD, the file system is in memory, and you need to save to >> floppy for the configuration to be preserved across reboots. >> >> Justin >> >> On Nov 15, 2007 9:39 AM, Isiak Solih Sadik >> <[EMAIL PROTECTED]> wrote: >>> Pls Help! >>> I installed vyatta router 3 on my pc and it worked parfectly.I >>> actually saved the running config on the default file opt/vyatta/ >>> etc/config/config.boot.but when I reboot my vyatta can't route >>> anything.I found out that my saved running config is no longer in >>> opt/vyatta/etc/config/config.boot >>> What can I do. >>> >>> Sadiku Babatunde >>> >>> - >>> 'There is no deity worthy of worship except Allah and Muhammad >>> (peace be upon him) is his final Messenger.' >>> >>> http://www.Darussalam.net/ >>> Read, Learn, Implement! >>> ___ >>> Vyatta-users mailing list >>> Vyatta-user
Re: [Vyatta-users] Vyatta-users Digest, Vol 23, Issue 32
Thank you all. I actually installed the vyatta router on my PC.I did checked the linux shell and I confirmed that my router running config was there. I may be missing something out on vyatta 3 because I never encounter such problem with vyatta 1.0.3 version.I encountered silmilar problem with vyatta vc2. But no such problem with vyatta version 1.0.3 And that is the reason I keep on with vyatta 1.0.3. I think the vyatta technical team should work on this issue.Probably config directory should be left on route directory like in the vyatta version 1.0.3 [EMAIL PROTECTED] wrote: > >Send Vyatta-users mailing list submissions to > vyatta-users@mailman.vyatta.com > >To subscribe or unsubscribe via the World Wide Web, visit > http://mailman.vyatta.com/mailman/listinfo/vyatta-users >or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > >You can reach the person managing the list at > [EMAIL PROTECTED] > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of Vyatta-users digest..." > > >Today's Topics: > > 1. Re: Vyatta Stateful Firewall Issue (Komal Shah) > 2. can't find my running config (Isiak Solih Sadik) > 3. Re: can't find my running config (Justin Fletcher) > 4. Re: can't find my running config (James A. Shigley) > 5. Re: can't find my running config (Dave Roberts) > > >-- > >Message: 1 >Date: Thu, 15 Nov 2007 17:35:04 +0530 >From: Komal Shah <[EMAIL PROTECTED]> >Subject: Re: [Vyatta-users] Vyatta Stateful Firewall Issue >To: vyatta-users@mailman.vyatta.com >Message-ID: <[EMAIL PROTECTED]> >Content-Type: text/plain; charset=ISO-8859-1 > >Excellent! > >Please consider adding this information in documentation. > >Komal > >Robyn Orosz wrote: >> Hi Adrian, >> >> First off, I apologize for the long delay in getting back to you but, I >> think I have an answer for you. On the Vyatta router, try the following: >> >> echo 0 > /proc/sys/net/netfilter/nf_conntrack_tcp_loose >> >> Then try running the nmap ACK scan again. The RST packet, which is what >> nmap is expecting in return, should not even get sent by the host since >> the ACK packet should be blocked by the firewall this time. >> >> What was happening is that a state of "NEW" in iptables means exactly >> that--any new TCP packet. It does not mean a new TCP packet with the >> SYN flag set. The 'nf_conntrack_tcp_loose' option can be modified >> however, to enforce a more stringent set of checks on incoming TCP >> packets. With this option set to 0, the firewall will compare the >> packet against the existing conntrack entries and drop it because it is >> not a valid packet for establishing a new connection and it is not part >> of an existing established connection. >> >> The benefit of having this value set to 3 (the default) is that it will >> try and pick up any existing connections that were terminated as a >> result of a system reload or other unexpected failure. So, it assumes >> that the new ACK packet was part of a previous connection that got >> dropped and cleared from the conntrack table when the system went down. >> If this is not a concern of yours, then I'd say setting it to 0 would >> not cause any other problems. >> >> An enhancement request has actually already been open to allow the >> nf_conntrack_tcp_loose value to be modified via the CLI: >> >> https://bugzilla.vyatta.com/show_bug.cgi?id=2122 >> >> Another option is to add a rule directly in iptables that drops any NEW >> packets that don't have the SYN flag set. EX: >> >> iptables -I FORWARD 1 -p tcp ! --syn -m state --state NEW -j DROP >> >> This rule gets added to the beginning of the iptables FORWARD chain and >> drops any new packets that don't have the SYN flag set. The problem >> with this workaround is that you have to be careful when running >> firewall rules in the CLI and in iptables as their order of entry is >> very important and can cause problems or confusion if it gets out of >> sync. You'll also have to script any rules that you add directly into >> iptables and also the echo into the nf_conntrack_tcp_loose so that your >> changes will still exist after a reboot. >> >> I also opened an enhancement request to add TCP flag match criteria into >> the Vyatta firewall. So, in the future, the rule above should be >> configurable via the CLI:
[Vyatta-users] can't find my running config
Pls Help! I installed vyatta router 3 on my pc and it worked parfectly.I actually saved the running config on the default file opt/vyatta/etc/config/config.boot.but when I reboot my vyatta can't route anything.I found out that my saved running config is no longer in opt/vyatta/etc/config/config.boot What can I do. Sadiku Babatunde - 'There is no deity worthy of worship except Allah and Muhammad (peace be upon him) is his final Messenger.' http://www.Darussalam.net/ Read, Learn, Implement!___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] save to boot
I'm having problem with my vyatta .How can I save my vyatta router running configuration so that the machine will bot from it when reboot. I have follow the vyatta quick guide to use the default 'save' so that the file will be saved in /opt/vyatta/etc/config/config.boot. After i had saved the running configuration I checked the /opt/vyatta/etc/config/config.boot. and the running config. content was found.After I reboot the machine the router can't route any packet.I discovered that my running config content can't be found in /opt/vyatta/etc/config/config.boot Is it because the file is in opt/ main directory? Or what is the problem. Sadiku Babatunde - 'There is no deity worthy of worship except Allah and Muhammad (peace be upon him) is his final Messenger.' http://www.Darussalam.net/ Read, Learn, Implement!___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users