I've been one of many that have lately had a ton of logs with
dns floods and http scans. I figured that I would go and SILENT_DENY
them yesterday. I did and my logs stayed empty the rest of the day.
Today I checked the weblet and I had http SYN packets in my logs.
So, I go down and set up a
On Thursday 21 February 2002 08:22, Charles Steinkuehler wrote:
Did you maybe have the caps lock on when you logged in? If you log
in as ROOT instead of root, linux assumes you're logging in from an
ancient terminal that doesn't support lower-case, so it does
translation for you. Everything
There actually is no error - not in daemon.log or anything else for that
matter. There was a line in the exit-hooks to restart seawall, after the
reload all section, but that was removed thinking it may be the issue. He's
getting the same IP - so forwarding shouldn't need to restarted
original message
Hey all,
A friend of mine is running a LEAF box (Dachstein 1.02 ISC dhclient
2.0pl5, seawall 4.01, ipsec 1.91) and recently his ip changed. For some
strange reason his ISP (rogers in canada if it matters) is giving him a
lease that only lasts 1-2 hours (its always
On Thursday 21 February 2002 08:53, Simon Bolduc wrote:
There actually is no error - not in daemon.log or anything else for
that matter. There was a line in the exit-hooks to restart seawall,
after the reload all section, but that was removed thinking it may be
the issue. He's getting the
Lynn, just to let you know I started using the udhcp.lrp package at the
house, and have been very pleased with the results. Congrats on
contributing an awesome package to the cause.
I will be (hopefully) implementing the same udhcpd.lrp disk on two routers
at work with the IPSec work that we
1) All tested ports show up as Stealth, ie they don't respond when a
connection attempt is made from outside... Except Port 5000 (UPnP)
which shows up as closed. What is UPnP? Why does this port respond?
Not a big deal, but it does show outsiders that my address has a machine
behind it.
One
Hi Christopher
I tried the ShieldsUp Portscan.
It shows my Firewall's TCP Port 5000 as closed too. It seems that this is
a problem of the ShieldsUp Scan Engine/Homepage. I definitely DENY TCP Port
5000.
---
Sandro Minola | LEAF Developer (http://leaf.sourceforge.net)
mailto:[EMAIL
Hi Pasi
There are currently only CIPE packages for kernels 2.2.16 and 2.2.19. One
for Eigerstein2 and one for Dachstein.
Why are you using Kernel 2.2.18? I'd suggest to upgrade to 2.2.19 and then
use the dachstein CIPE package.
If you have any further questions which belongs to CIPE, don't
Hi Steve, we are very interested in using LaBrea when we have only one
external IP. But as Charles said, it must be done carefully so in case you
have success, could you please post the result and the steps to the list?
Thank you and good luck.
M Lu.
-Original Message-
Message: 4
Christopher Holmes wrote:
I'm running Dachstein haven't changed any of the ipchains rules. I
just ran Shields Up (https://grc.com/x/ne.dll?bh0bkyd2) to test out the
firewall. A few questions...
snip
2) My port 53 is getting whacked hard for 10-20 seconds once or twice a
day from the
Howdy,
I would like to know if the Dachstein LR acts not only as a router, but like
a router with an integrated switch? If this is possible, what additional
packages are needed? Is there a version of LR that acts like a router with
an integrated switch?
Thanks,
Shane
Hello-
I am running the Dachstein LRP and I want to open up port 500 so I can
connect to the vpn at work from home. I noticed that when i tried to connect
to the vpn that nothing happens, and i assume the port 500 is blocked.
In order to open the port on my router, I assume i must use ipchains.
Brian,
Charles Steinkuehler has already answered this. Take a look at:
http://www.mail-archive.com/leaf-user@lists.sourceforge.net/msg03844.html
-Stephen More
At 01:38 PM 2/21/02 -0600, Henning, Brian wrote:
Hello-
I am running the Dachstein LRP and I want to open up port 500 so I
I had the following rule:
-A synflood -m limit --limit 1/s --limit-burst 4 -j RETURN
-A synflood -j DROP
When a browser requested a page thru the router from the outside
and page had a lot of gifs, response was very slow.
i changed it to 8/s --limit-burst 16 and
Henning, Brian wrote:
Hello-
I am running the Dachstein LRP and I want to open up port 500 so I can
connect to the vpn at work from home. I noticed that when i tried to connect
to the vpn that nothing happens, and i assume the port 500 is blocked.
In order to open the port on my router,
I downloaded Ducling 1.0, and I am wondering about the best way to support
Netgear cards. I have downloaded the driver source from the Netgear site,
so its seems to be a matter of compiling for the Ducling distribution.
1) Is there a module that already supports this card (such as tulip.o)?
2)
Brian:
Heya. not sure if you knew, but there are 2 or 3 other
steps to getting an IPSec VPN client working from behind a
Dachstein firewall/router. Just holler if you'd like the gory
details.
As for the firewall rules...what you write is close,
but a bit off. Have a look in the
I am still struggling getting M$ machines to road
warrior across a Dachstein CD firewall. I can get
two DCD firewalls to use the ipsec and create a VPN
between them. I have tried unsuccessfully to use
PGPnet so now its SSH Sentinel's turn.
An excellent article is from Nadeem Hasan
I downloaded Ducling 1.0, and I am wondering about the best way to support
Netgear cards. I have downloaded the driver source from the Netgear site,
so its seems to be a matter of compiling for the Ducling distribution.
1) Is there a module that already supports this card (such as tulip.o)?
My problem is that I can't seem keep the directory
when I backup the /etc/ directory. After a reboot,
the directory has gone away.
Does anyone know how to add a /etc/ipsec.d/cacerts/
directory and how (or what) to backup to keep this
part of the setup?
Add etc/ipsec.d/cacerts to
Mark:
The Netgear FA311 uses the National Semiconductor chip set not the
Intel/ Digital tulip chip set that the FA310 uses.
You will need the natsemi driver for the FA311/ FA 312 cards. Also if
you use the natsemi driver you will also need pci-scan which can be
found at Donald Becker's site
You might give my testing IPSec-Dachstein floppy image out.
It's a smaller format than Duckling is, with the same idea.
You can find it at:
http://leaf.sourceforge.net/devel/guitarlynn/images/dachstein-v1.0.2-ipsec-1680.bin
Only the tulip and 3c509 modules are on the image, so if you
need
Changelog for beta4:
1/ Shorewall updated to latest 1.2.6 version
2/ ifupdown program adapted to only use ip addr and ip route commands.
ifconfig removed
3/ arp program added to /sbin to have proxy-arp working with Shorewall
4/ beta2 /usr/sbin/lrcfg.back.initrd script restored. Automatic
Hello All,
I have been having some trouble to be able to use Samba across my
LRP. Has anyone had luck with this?
I have port-forwarded netbios-ns, netbios-dgm, netbios-ssn ports on
tcp/udp 137,138,139 but still I cannot connect to my Samba server
which is on a Linux Redhat 7.2 box from outside
Does anyone have any experience routing/filtering/firewalling any of
these protocoals?
Any suggestions where a guy might find some documentation? Notes?
I did a search on Leaf and didn't find much.
Thanks,
Scott
___
Leaf-user mailing list
[EMAIL
Hello All,
I have been having some trouble to be able to use Samba across my
LRP. Has anyone had luck with this?
I have port-forwarded netbios-ns, netbios-dgm, netbios-ssn ports on
tcp/udp 137,138,139 but still I cannot connect to my Samba server
which is on a Linux Redhat 7.2 box from outside
Hi Jonathan,
I think that it can be made into a WINS server by modifying a few of
the settings in the smb.conf file, but will I need to change my LRP
more?
I am runnning the Eigerstein LRP and have had VERY good luck in the
past with these masquerading firewalls that Charles has put together.
Lonnie:
Heya. Here's what I put into the SMB section of the
echowall ruleset:
#SMB#$IPCHAINS -A input -s 0/0 -d $IP_EXT/32 135 -p tcp -j ACCEPT
#SMB#$IPCHAINS -A input -s 0/0 -d $IP_EXT/32 137:139 -p udp -j ACCEPT
#SMB#$IPCHAINS -A input -s 0/0 -d $IP_EXT/32 139 -p tcp -j ACCEPT
Hi Scott,
So you can now have Windows client connections from outside the LRP
to your Samba server inside the Firewall?
Is it working for you?
Also, what is on port 445? I do not know that one.
Cheers,
Lonnie
Lonnie:
Heya. Here's what I put into the SMB section of the
echowall
Hi folks,
I have two Linksys NIC's which I know use the tulip driver. I have
uncommented the appropriate reference to tulip in my Dachstein CD. Will this
work O.K.? Can (will) Dachstein use the same driver for both NIC's O.K.?
Thank you, have a great day!
Craig
Hu Scott,
Where in the ipfilters.conf did you put these?
I cold not locate a specific area that had already been set up for
SMB.
cheers,
Lonnie
Lonnie:
Heya. Here's what I put into the SMB section of the
echowall ruleset:
#SMB#$IPCHAINS -A input -s 0/0 -d $IP_EXT/32 135 -p tcp -j
Well, no luck so far.
I added the rules to the bottom of my /etc/ipfilters.conf and
rebooted the LRP.
while trying to connect from an outside Linux machine I get:
smbclient -L www.outstep.com
but then get a connection timed out on 141.217.140.65:139
I have also added these in my port-forward
At 05:22 PM 2/21/02 -0800, Craig Caughlin wrote:
Hi folks,
I have two Linksys NIC's which I know use the tulip driver. I have
uncommented the appropriate reference to tulip in my Dachstein CD. Will this
work O.K.? Can (will) Dachstein use the same driver for both NIC's O.K.?
Thank you, have a
Hi all,
I have been using DS cd 1.02 since it came out and I have had no problems. Today I
endeavored to put in a webserver on a private DMZ. It is obvious that I am now
exceeding my knowledge of this subject. My private net still works but I can't get the
dmz to go. I think that the new
Yes Lyn,
I have also encountered this phenomena many times before (with the old
LRP of Dave Cinege), and once in my current DS box. It's so common with
the old LRP that I got used to it. And I do think it's a shell problem
because even if I'm not connected to anything, it just suddenly
happens!
Encountered it earlier this week on an Eiger box (has happened previously)
logged off waited a half an hour and it was gone - possibly it was gone when
I logged off - but who knows?
S
From: Vic Berdin [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [Leaf-user] Strange shell
Date: Fri,
On Fri, 22 Feb 2002, Vic Berdin wrote:
Yes Lyn,
I have also encountered this phenomena many times before (with the old
LRP of Dave Cinege), and once in my current DS box. It's so common with
the old LRP that I got used to it. And I do think it's a shell problem
because even if I'm not
On Thu, 21 Feb 2002, guitarlynn wrote:
[...]
To ensure compatiblity with
Windows9x/ME OS's via telnet, ssh, and virtual terminal the system
is going to have to adapt to ALL_CAPS.
This is a lot older than those OS's... it dates back to the times when
you were lucky to find a terminal at all,
It doesn't really matter to me that much. Like I've said, I got used to
it. But come to think of it, YEAH it's possible that it's a KB-related
issue. It just occurred to me coz since I've started playing with LRP,
I'm also using a mechanical switch box to handle ALL of my multi-machine
I/O
OK, you do know that by default you can't access a DMZ server
from the internal network or vice versa. This is the reasoning used
for a proper DMZ in any case. The ip spoofing rules prevent this. One
way of doing this would be to build a route to and from the DMZ
and internal networks, but this
On 2/21/02 at 12:09 AM, guitarlynn [EMAIL PROTECTED] wrote:
I've been one of many that have lately had a ton of logs
with dns floods and http scans. I figured that I would go
and SILENT_DENY them yesterday. I did and my logs stayed
empty the rest of the day.
Today I checked the weblet and
On Friday 22 February 2002 00:17, Jeff Newmiller wrote:
This is a lot older than those OS's... it dates back to the times
when you were lucky to find a terminal at all, and if it had no
lower/uppercase capability, you had to make do.
Yep, I was thinking about more commonly used OS's today.
I
On Thursday 21 February 2002 09:04, Simon Bolduc wrote:
It looks like it has something to do with time zones or something to
that effect - This file was generated after the initial DHCP lease
ran out. If you look at the new lease it doesn't renew until 4:46
AM, even though it was obtained
On Friday 22 February 2002 00:59, David Douthitt wrote:
Next time this happens see if you can put a system on there and run a
port sniffer on the traffic coming into your box.
I'll have to look into that... it's not like I don't have plenty of
machines to set one up to sniff.
It's
Thank you for clarifying that there is no direct link between the
two nets. However I am assuming that the web server and the firewall
have to be able to 'talk' and I am not able to ping from the server
to the firewall and vice versa. Also when I point my web browser to
the external ip
On Friday 22 February 2002 01:47, Robert Williams wrote:
Thank you for clarifying that there is no direct link between the
two nets. However I am assuming that the web server and the firewall
have to be able to 'talk' and I am not able to ping from the server
to the firewall and vice versa.
47 matches
Mail list logo