Hi everybody
Using ipsec on a couple of firewalls with dynamic IPs (PPPoE or DHCP), we
have noticed that the running ipsec sometime prevents the interface from
getting a new address, and ipsec will never be configured correctly for the
new IP address.
Our solution: stop and start ipsec when the
I am running into a strange VPN problem between our offices here and in a
second location.
Here is the configuration.
(Site1) VPN client -- Firewall -- Internet -- Firewall --
VPN client
(Site 2) -will not allow a second VPN connection to site 1! Why?
Do you use NAT/Masquerading on your
Hello,
after an uptime of 43 Days ;-)) I go crazy, I must shutdown die
Internet connection every time by hand, because the IDLE 300 does
not work.
I have deconected the Ether-Cabel from my internal Network, but my
Bering-PPP-Box does not deconnect from the internet...
Ther is UDP-Traffic
Hello,
Is there a someone which has configured the Thomson
SpeedTouch 880 with LEAF ? Need urgently solution !!!
I use an 486dx4/100 ans if I must, I will install a 15 ¤
USB-Card to get it running...
Thanks
Michelle
--
Registered Linux-User #280138 with the Linux Counter,
after an uptime of 43 Days ;-)) I go crazy, I must shutdown die
Internet connection every time by hand, because the IDLE 300 does
not work.
I have deconected the Ether-Cabel from my internal Network, but my
Bering-PPP-Box does not deconnect from the internet...
Ther is UDP-Traffic on port
Alex
At 11:37 16.09.2003 +0200, Alex Rhomberg wrote:
after an uptime of 43 Days ;-)) I go crazy, I must shutdown die
Internet connection every time by hand, because the IDLE 300 does
not work.
I have deconected the Ether-Cabel from my internal Network, but my
Bering-PPP-Box does not
Looking at Jacques current config file, I would say it is enabled
CONFIG_NETFILTER=y
...
CONFIG_FILTER=y
...
CONFIG_PPP_FILTER=y
Is it also in the pppd? I did a grep on the binary (strings /sbin/pppd|grep
filter) and it didn't show up. So maybe Michelle just needs a new pppd
Of
On 2003-09-16 11:37:27, Alex Rhomberg wrote:
You need to insert an active-filter line in your /etc/ppp/options.
I know, but only on Kernel 2.4.xx :-/
Look for active-filter in the pppd manpage
http://www.routerlinux.com/docs/manual/man8/pppd.8.html
Packets filtered out with active-filter don't
MIchelle
At 15:46 16.09.2003 +0200, Michelle Konzack wrote:
On 2003-09-16 11:37:27, Alex Rhomberg wrote:
You need to insert an active-filter line in your /etc/ppp/options.
I know, but only on Kernel 2.4.xx :-/
Bering is based on 2.4.xx, hard to get around that.
HTH
Erich
THINK
Püntenstrasse 39
I had to subscribe to leaf-user for this one, which maybe I don't
understand because shorewall doesn't log every piece of information?
I don't know, but here's the log entry and the details:
Sep 16 09:12:31 hub kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT=eth1
SRC=82.82.76.144 DST=10.2.3.4 LEN=48
On Tue, 2003-09-16 at 09:36, Matt Schalit wrote:
I had to subscribe to leaf-user for this one, which maybe I don't
understand because shorewall doesn't log every piece of information?
I don't know, but here's the log entry and the details:
Sep 16 09:12:31 hub kernel:
Salute
I have setup Bering in accordance with Ch. 8 of the User guide and have
followed Jacques's advice and comment'd out ppp0 entries from the
interfaces file. Manually executingstartadsl then brings up eth2
and mounts usbdevfs successfully as none.
Now, because provider is not a valid shell
At 09:36 AM 9/16/2003 -0700, Matt Schalit wrote:
I had to subscribe to leaf-user for this one,
A fate worse that death? Surely not. Welcome back, Matt.
As to your problem (described below) ... remember that in iptables (unlike
the older ipchains), prerouting happens first, so the forward rule
Le Mardi 16 Septembre 2003 14:30, Alex Rhomberg a écrit :
Looking at Jacques current config file, I would say it is enabled
CONFIG_NETFILTER=y
...
CONFIG_FILTER=y
...
CONFIG_PPP_FILTER=y
Is it also in the pppd? I did a grep on the binary (strings /sbin/pppd|grep
filter) and
Le Lundi 15 Septembre 2003 22:39, Kim Oppalfens a écrit :
First of all thanks for taking time out of a probably busy schedule.
I am indeed using Bering uclibc and I am running from cdrom by now.
The speedtouch package is the one I downloaded from your website, so I
should bounce that question
Greetings !
It looks like the same behaviour (link never goes down due to sporadic
incoming traffic that resets the haptimeout value) happens to the ISDN
interface that uses ipppd and not pppd.
There is a patch available from http://trash.net/~kaber/ippp-filter/ that
adds active_filter support
Ray Olszewski wrote:
At 09:36 AM 9/16/2003 -0700, Matt Schalit wrote:
I had to subscribe to leaf-user for this one,
A fate worse that death? Surely not. Welcome back, Matt.
More like scary. Every day I know less. Darn that fight against
ignorance. You guys win ;-)
As to your problem
Matt (and Tom) --
I'm perhaps a bit hazy on my RFC1918 rules, but the Shorewall list I see
Matt reporting includes a lot of Class A blocks that I did not know were
part of the RFC1918 exclusions. One of them is what is catching the example
packet Matt posts.
The example packet is:
Sep 16
On Tue, 16 Sep 2003, Ray Olszewski wrote:
Matt (and Tom) --
I'm perhaps a bit hazy on my RFC1918 rules, but the Shorewall list I see
Matt reporting includes a lot of Class A blocks that I did not know were
part of the RFC1918 exclusions. One of them is what is catching the example
packet
On Tue, 16 Sep 2003, Tom Eastep wrote:
The 'norfc1918' option also requests from unallocated address blocks. If
Make that ...also blocks request...
-Tom
--
Tom Eastep\ Shorewall - iptables made easy
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
Tom Eastep wrote:
On Tue, 16 Sep 2003, Matt Schalit wrote:
Thanks for the reply, Tom. I probably shouldn't have called
this Bizzare Shorewall Drops, because I don't think Shorewall
is acting odd. It's more like I don't understand how I was
getting DST=10.2.3.4, which violates my intuition
On Tue, 16 Sep 2003, Matt Schalit wrote:
Hmmm - you are running Shorewall 1.3.
Sorry. I'm was out huntin' wabbit and forgot to update
this thing.
That's the problem though -- the rfc1918 file is out of date. If you
remove the entries for 82.0.0.0/8 from that file, this problem will go
22 matches
Mail list logo