Hi folks
Charles commented the following
At 11:43 07.03.2002 -0800, you wrote:
Make sure you've added all your internal networks to the INTERN_NET variable
in /etc/network.conf. If that's not the problem, we'll need more
information about your firewall setup, including network.conf settings,
Hello Ant -
I just knew I should have written up my experiences on this See comments inline
below.
--- Ant Ken [EMAIL PROTECTED] wrote: hello,
if you use the NTL broadband in the UK you will have problems setting you
router up, heres what you have to do:
when a new network card (
Lynn,
This is exactly what I needed. Works perfectly now! Thank you kindly.
-Kevin
Well, this is more like what you are looking to do with ProxyArp.
You should get a good start off of this link anyway:
http://www.casano.com/lrp/proxy_arp.html
Just kill the private network using NAT if
Good Morning,
I am resending a message that got no response the last time, I would
appreciate any input anyone might have.
I am going to try and impliment this on Sunday.
Thanks in advance
Tony
Good Evening,
I would like to build on this DMZ
Hello All,
I have been noticing some errors in my logs that look like:
Mar 8 00:33:44 a904j637 kernel: Packet log: input DENY eth0 PROTO=17
192.168.159.129:137 192.168.159.255:137 L=96 S=0x00 I=13824 F=0x
T=128 (#12)
but I have no machine 192.168.159.129 on my subnet and am only using
On Friday 08 March 2002 07:35, Lonnie Cumberland wrote:
Hello All,
I have been noticing some errors in my logs that look like:
Mar 8 00:33:44 a904j637 kernel: Packet log: input DENY eth0 PROTO=17
192.168.159.129:137 192.168.159.255:137 L=96 S=0x00 I=13824 F=0x
T=128 (#12)
but I have
On Friday 08 March 2002 06:18, kevin mudrick wrote:
Lynn,
This is exactly what I needed. Works perfectly now! Thank you
kindly.
Great!
Thanks for letting us know!
--
~Lynn Avants
aka Guitarlynn
guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net
If linux isn't the answer,
One guy behind my leaf firewall needs a securemote (Checkpoint)
connection to company b. He has a Win2k workstation. As I understand
from searching the newsgroups, this isn't possible with Linux, although
I would love to be corrected on that one.
Sounds a lot like the securemote client is
Probably, although you don't mention what you're trying to specify
source
ports for. If you need to make custom rules, that's what the
ipchains.input, ipchains.output, and ipchains.forward files are for in
/etc.
I want local users to be able to ssh into external machines, and (being
We are seeing martians on internal networks on a regular basis.
Usually, it is traceable to users logging into AOL over our high speed
internet connections:
172.128.0.0 - 172.191.255.255
Today, we saw one from United Airlines:
205.174.16.0 - 205.174.23.255
[1] How does this
Hi Charles
At 02:21 08.03.2002 -0800, you wrote:
Finally, as a constructive suggestion, does anyone think it would be
useful
if all ipchains rules where built up in one place in the config, and it
was
all done in a more 'tabular' fashion, so that rules could be added easily,
and options
I'm not sure exactly what you're after here, but the ipchains and ipmasqadm
commands used to build the firewall rules are done using the environment
variables $IPCH and $IPMASQADM, so it would be easy to re-define these and
echo all the comands to a file, instead of actually running them...
All,
Can I use the pkgpath.cfg and lrpkg.cfg files on Dachstein LRP that is
booting of an IDE hard drive? It is booting in a DOS partition and runs in
RAM
Thanks in advance for any help
Peter
___
Leaf-user mailing list
[EMAIL PROTECTED]
Can I use the pkgpath.cfg and lrpkg.cfg files on Dachstein LRP that is
booting of an IDE hard drive? It is booting in a DOS partition and runs in
RAM
Yes. The /linuxrc script will look for the pkgpath.cfg and lrpkg.cfg files
on your boot= device (probably your HDD).
Charles Steinkuehler
Thanks Charles, I tried it but it failed. What if anything remains in the
syslinux.cfg file? Do you include the LRP= and PKGPATH= in the new file?
Do you leave them blank in the old one?
Thanks.
P.S.
Congratulations on a job very well done on the LRP box
Peter
- Original Message -
Thanks Charles, I tried it but it failed. What if anything remains in the
syslinux.cfg file? Do you include the LRP= and PKGPATH= in the new
file?
Do you leave them blank in the old one?
You might want to see the CD-ROM readme file...it goes over the use of these
settings in a bit more
On Fri, 8 Mar 2002, Alex McLintock wrote:
Hello Ant -
I just knew I should have written up my experiences on this See comments inline
below.
--- Ant Ken [EMAIL PROTECTED] wrote: hello,
if you use the NTL broadband in the UK you will have problems setting you
router up,
OK, but how does the network setup look on the webserver? I envisioned
something like:
IP=192.168.1.100
Mask=255.255.255.0
GW=192.168.1.2 (eth2 on LEAF box)
How would SMTP know to forward to the ISA server?
I guess I could point the SMTP server on the protected box to point to the
can someone point out the obvious mistake that I have made..
How about starting with:
Mar 8 13:25:08 firewall ipsec__plutorun: ipsec_auto: fatal error in
office: (/etc/ipsec.conf, line 25) duplicated parameter auto
Mar 8 13:25:08 firewall ipsec__plutorun: ipsec_auto: fatal error in
shop:
I setup one entire LRP router with ospf , ftp ,ssh , iptable ,etc and 3
NICs.
Now i need multicast routing and not find mrouted.lrp.
Can someone tell me where i would find mrouted.lrp or some other lrp that
support multicasting routing protocolos.
thanks
We see martians from users on our private network that are using
dial up internet accounts on W2k computers, external of the
normal way of getting to the internet (through our LEAF router).
Does anyone have a fix either on the W2k side or on the router
to stop the console logging of these ?
Thanks Richard Charles for comments and links.
I should provide a bit of insight here. Dealing with technical and political issues.
(really too bad!) Office secretary doesn't get along with IT dept of company b, and
there seems to have been a real lack of cooperation although according
Hi,
Can someone tell me where i would find mrouted.lrp or some other lrp that
support multicasting routing protocolos.
I made an .lrp package of pimd, which is a PIM Sparse Mode multicast
daemon. I had to patch and compile my own kernel as well in order to get
multicast support. Do: echo 1
hello all,
are there any how-to's that help you to get leaf from a floppy to a hard disk?
if so what are the urls?
thanks you for your time
antken
___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
Has anybody a compiled fealnx.o network card driver for my
new LRP machine. The version i'm looking for should be ready for LRP Kernel
2.2.19-3-LEAF.
Thx in advance...
___
Leaf-user mailing list
[EMAIL PROTECTED]
At 2002-03-08 20:29 +, Ant Ken wrote:
hello all,
are there any how-to's that help you to get leaf from a floppy to a hard disk?
if so what are the urls?
LEAF: Documentation: HOWTOs
http://leaf.sourceforge.net/mod.php?mod=userpagemenu=1302page_id=11
I hope this helps.
--
Mike Noyes [EMAIL
Ugh. Console messages about martians almost always tell you there is
something seriously wrong with your network. Turning them off is like
disconnecting a burglar alarm. In your case, these messages indicate
that an unguarded (?) backdoor to your network is currently open.
This will disable
It seems that I've seen this problem here before:
There are two dsl connections to the internet
behind one is an NT Proxy server.
behind the other is an Eiger router running LRP/IPSec.
Both masquerade
Behind both of those is a lan 123.x.x.x
AS400 123.x.x.1
Exchange Server 123.x.x.2
So
It seems that I've seen this problem here before:
There are two dsl connections to the internet
behind one is an NT Proxy server.
behind the other is an Eiger router running LRP/IPSec.
Both masquerade
Behind both of those is a lan 123.x.x.x
AS400 123.x.x.1
Exchange Server 123.x.x.2
Sometimes LEAF distros are configured to block traffic destined for
the private address space from going out eth0. It's designed that
way because private addresses are in general for internal use only.
Rarely, an ISP uses these, and adjustments are made to ipfilter.conf
or wherever your
Boyd:
As Charles says, the docs on www.phoneboy.com/faq/0372.html
suggest this is a lot like an IPSec connection. You may want to have
a look at echoWall again, though: it supports both FW1 and IPSEC.
You can enable or disable either of them, see what works.
-Scott
One guy behind my
A vulnerability has been recently found in openssh up to version 3.0.2.
See the CERT annoucement at:
http://www.kb.cert.org/vuls/id/408419
The LEAF openssh packages (ssh/sshd/sftp/sshkey) have been updated accordingly
and are now available
for download from my website.
Ok, I've modified the config and am no longer getting any errors, however I
cannot get to the other machine. I've tried to ping, and also tried to do a
traceroute -i eth0 -f 20 192.168.1.1
and have gotten only the * * * as output from the traceroute. At anyrate..
I'm not seeing any erros, and
On Fri, 8 Mar 2002, Michael D. Schleif wrote:
We are seeing martians on internal networks on a regular basis.
Usually, it is traceable to users logging into AOL over our high speed
internet connections:
172.128.0.0 - 172.191.255.255
Today, we saw one from United Airlines:
Ok, I've modified the config and am no longer getting any errors, however
I
cannot get to the other machine. I've tried to ping, and also tried to do
a
traceroute -i eth0 -f 20 192.168.1.1
and have gotten only the * * * as output from the traceroute. At
anyrate..
I'm not seeing any
Hey, Charles,
I had a weird idea ihave no way to test right now.
What if I had the Eiger masquerade both directions.
The packet is unencapsulated.
It goes thru the forward chain.
Its source address is masqed to the internal address.
The Exchange server responds to
Where do I check to see if protocol 50 packets are being allowed through?
I'll be working more on it this weekend.. I'd really like to get this
working so I'll try just about anything.. even possibly step/by/step support
via phone (I'd beg someone to call my 800 number for a little assistance...
Yes i had compiled the kernel for multicast support from the fist time
becouse i plan to use multicast. But when i try to find some multicasting
software were the problem.
I try to find mrouted becouse this support other protocols than PIM.
I have others cisco router. The problem is: if this
I had a weird idea ihave no way to test right now.
What if I had the Eiger masquerade both directions.
The packet is unencapsulated.
It goes thru the forward chain.
Its source address is masqed to the internal address.
The Exchange server responds to that
All,
If I remember correctly, and please correct me if I am
wrong, the documentation with the ipsec lrp with the
Dachstein CD says that using the leftfirewall=yes or
rightfirewall=yes will automatically append the
scripts to allow protocol 50 through. If I remember
from the first post, the
Jeff Newmiller wrote:
On Fri, 8 Mar 2002, Michael D. Schleif wrote:
We are seeing martians on internal networks on a regular basis.
Usually, it is traceable to users logging into AOL over our high speed
internet connections:
172.128.0.0 - 172.191.255.255
Today, we saw
I know this is a non leaf question but you guys might be my only hope.
Im using MikroTik RouterOS which is usin input , forward, and output
chains with src-nat and dest-nat. I have it set up usint masq and nat
for internal services . Heres my question: I have tried everything to
get file transfer
42 matches
Mail list logo