Re: [Vyatta-users] Allowing FTP Connections
I am using VC2. Is that "too old"? I can't find the ip_conntrack_ftp and the ip_nat in the system... is there any way I can add it in without upgrading it? Because we have deploy this machine router into a pre-production environment already... I did a tshark as advice, and the response is as follows. Basically my ftp client manage to do all the authentication etc... but just time out at the end. I have replace the ip address with text for security sake :) 0.00 -> TCP 62695 > 21 [SYN] Seq=0 Len=0 MSS=1 460 0.000821 -> TCP 21 > 62695 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 0.003708 -> TCP 62695 > 21 [ACK] Seq=1 Ack=1 Win=6 5535 Len=0 0.004924 -> FTP Response: 220 (vsFTPd 2.0.1) 0.008623 -> FTP Request: USER st701import 0.008749 -> TCP 21 > 62695 [ACK] Seq=21 Ack=19 Win =5840 Len=0 0.008780 -> FTP Response: 331 Please specify the p assword. 0.011728 -> FTP Request: PASS st701import 0.015016 -> FTP Response: 230 Login successful. 0.019243 -> FTP Request: SYST 0.019385 -> FTP Response: 215 UNIX Type: L8 0.022724 -> FTP Request: FEAT 0.022865 -> FTP Response: 211-Features: 0.022869 -> FTP Response: EPRT 0.024277 -> TCP 62695 > 21 [ACK] Seq=49 Ack=119 Wi n=65417 Len=0 0.024407 -> FTP Response: EPSV 0.044471 -> FTP Request: PWD 0.044602 -> FTP Response: 257 "/" 0.048225 -> FTP Request: TYPE A 0.048362 -> FTP Response: 200 Switching to ASCII m ode. 0.053214 -> FTP Request: PORT 202,79,222,24,238,93 0.053370 -> FTP Response: 200 PORT command success ful. Consider using PASV. 0.056698 -> FTP Request: LIST 0.096912 -> TCP 21 > 62695 [ACK] Seq=267 Ack=95 Wi n=5840 Len=0 29.923389 -> TCP 62695 > 21 [FIN, ACK] Seq=95 Ack=267 Win=65269 Len=0 29.963325 -> TCP 21 > 62695 [ACK] Seq=267 Ack=96 Win=5840 Len=0 35.095862 -> 202.79.220.67 FTP Request: REST 0 35.097736 202.79.220.67 -> FTP Response: 350 Restart position accepted (0). 35.258781 -> 202.79.220.67 TCP 60629 > 21 [ACK] Seq=8 Ack=36 Win=65437 Len=0 60.059182 -> FTP Response: 425 Failed to establish connection. 60.059188 -> FTP Response: 500 OOPS: 60.059191 -> FTP Response: vsf_sysutil_recv_peek: no data 60.059195 -> FTP Response: 60.060807 -> TCP 62695 > 21 [RST, ACK] Seq=96 Ack=304 Win=0 Len=0 60.060963 -> TCP 62695 > 21 [RST] Seq=96 Len=0 60.061221 -> TCP 62695 > 21 [RST] Seq=96 Len=0 60.061580 -> TCP 62695 > 21 [RST] Seq=96 Len=0 89.135183 -> 202.79.220.67 FTP Request: TYPE I 89.136835 202.79.220.67 -> FTP Response: 200 Switching to Binary mode. 89.273732 -> 202.79.220.67 TCP 60629 > 21 [ACK] Seq=16 Ack=67 Win=65406 Len=0 -Original Message- From: Robyn Orosz [mailto:[EMAIL PROTECTED] Sent: Tuesday, 28 August 2007 21:41 To: Daren Tay Cc: Wink; vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] Allowing FTP Connections Hi Daren, If you are running an earlier version of Vyatta, the FTP conntrack NAT module may not be loaded. See the following Bugzilla issue: https://bugzilla.vyatta.com/show_bug.cgi?id=1498 This issue has been resolved in the latest versions of Vyatta. You can tell which version you're running by running the 'show version' command in the CLI operational mode. You can tell whether or not the appropriate modules are loaded by running 'lsmod' from the bash shell while logged in as root. lsmod |grep ftp If they aren't loaded, you can try doing a modprobe fore the NAT/ conntrack FTP modules: ip_conntrack_ftp and ip_nat_ftp Or, upgrade your system. If these modules or the same modules preceded by nf rather than ip are loaded, you should be OK. If that's the case then go with Wink's suggestion of running a packet capture on the Vyatta router: Example: tshark -n -i eth1 port ftp Where -i ethx = the interface on the router that your desktop is connected to and you can also run it on eth0 which looks to be your outside facing interface. Hope this helps. Thanks, Robyn Daren Tay wrote: > woah... on the desktop that i am trying to connect from? > > -Original Message- > From: Wink [mailto:[EMAIL PROTECTED] > Sent: Tuesday, 28 August 2007 19:14 > To: Daren Tay; vyatta-users@mailman.vyatta.com > Subject: Re: [Vyatta-users] Allowing FTP Connections > > > Packet captures? Perhaps the forwarding function is working. > > I'd run wireshark and see if the FTP packets are being forwarded out of the > router... > > > - Original Message - > From: "Daren Tay" <[EMAIL PROTECTED]> > To: > Sent: Tuesday, August 28, 2007 6:09 AM > Subject: [Vyatta-users] Allowing FTP Connections > > > >> Hi guys, >> >> I realise after setting
Re: [Vyatta-users] DHCP-Server configuraion issues
It's asking for one more piece of information - the interface to listen on, as in name CorpLAN { start 10.0.0.100 { stop: 10.0.0.200 } interface: "eth2" Best, Justin On 8/28/07, Emmanuel Perez <[EMAIL PROTECTED]> wrote: > I have been at this for several hours and am not sure what it is that im > doing wrong. Here is my settings (im working from another pc so i had to > retype it all in this email): > > ethernet eth0{ > hw-id:** > address 192.168.5.1{ > prefix: 24 > } > } > ethernet eth1{ > hw-id:** > address 123.0.0.1{ > prefix: 24 > } > } > ethernet eth2{ > hw-id** > address 145.0.0.1{ > prefix:24 > } > } > firewall{ > { > service{ > dhcp-server{ > name "ETH0_LOOP"{ > start 192.168.5.100{ > stop: 192.168.5.200 > } > network-mask:24 > dns-server 172.16.0.32 > } > } > } > > > and the rest has been untouched by my settings. > > After i enter the commit command this is the error i keep getting: > > Missing mandatory configuraion node "$(@.interface)" required by node > "Service dhcp-server name ETH0_POOL" > The configuraion has been changed. > Fix this error, and run "Commit" again. > [edit service/dhcp-server/name/ETH0_POOL/dns-server/172.16.0.32 > > > thanks in advance, > > Manny Perez > Meditab Software Inc. > 333 Hegenberger Rd. St. 800 > Oakland CA, 94621 > Phone: 510.686.8469 Fax: 510.686.8469 > > ___ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] trying to setup DHCP-Server services.
Hi Emmanuel, With the Vyatta OFR version you are using, when configuring the DHCP server, you need to specify the ethernet interface on your router connected to the subnets on which your DHCP server configuration is going to lease IPs. You have not specified this ethernet interface in your config. In your case, you are leasing out IPs from 192.168.5.100 to 192.168.5.200, so your DHCP lease subnet is going to be 192.168.5.0 Since on your OFR, the ethernet interface eth0 is connected to the 192.168.5.0 subnet, you would specify 'eth0'. So in your configuration, specify 'set service dhcp-server interface eth0' and commit, and that should fix it for you. Note: The above instructions apply only to releases Bakersfield and prior. In the latest releases Camarillo & Dublin, instead of the associated interface, the DHCP lease subnet is directly specified in the DHCP server config hierarchy. -- Marat - Original Message - From: "Emmanuel Perez" <[EMAIL PROTECTED]> To: Sent: Tuesday, August 28, 2007 5:18 PM Subject: [Vyatta-users] trying to setup DHCP-Server services. >I have been at this for several hours and am not sure what it is that im >doing wrong. Here is my settings (im working from another pc so i had to >retype it all in this email): > > ethernet eth0{ > hw-id:** > address 192.168.5.1{ > prefix: 24 > } > } > ethernet eth1{ > hw-id:** > address 123.0.0.1{ > prefix: 24 > } > } > ethernet eth2{ > hw-id** > address 145.0.0.1{ > prefix:24 > } > } > firewall{ > { > service{ > dhcp-server{ > name "ETH0_LOOP"{ > start 192.168.5.100{ > stop: 192.168.5.200 > } > network-mask:24 > dns-server 172.16.0.32 > } >} > } > > > and the rest has been untouched by my settings. > > After i enter the commit command this is the error i keep getting: > > Missing mandatory configuraion node "$(@.interface)" required by node > "Service dhcp-server name ETH0_POOL" > The configuraion has been changed. > Fix this error, and run "Commit" again. > [edit service/dhcp-server/name/ETH0_POOL/dns-server/172.16.0.32 > > > thanks in advance, > > > Manny Perez > Meditab Software Inc. > 333 Hegenberger Rd. St. 800 > Oakland CA, 94621 > Phone: 510.686.8469 Fax: 510.686.8469 > > ___ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] DHCP-Server configuraion issues
I have been at this for several hours and am not sure what it is that im doing wrong. Here is my settings (im working from another pc so i had to retype it all in this email): ethernet eth0{ hw-id:** address 192.168.5.1{ prefix: 24 } } ethernet eth1{ hw-id:** address 123.0.0.1{ prefix: 24 } } ethernet eth2{ hw-id** address 145.0.0.1{ prefix:24 } } firewall{ { service{ dhcp-server{ name "ETH0_LOOP"{ start 192.168.5.100{ stop: 192.168.5.200 } network-mask:24 dns-server 172.16.0.32 } } } and the rest has been untouched by my settings. After i enter the commit command this is the error i keep getting: Missing mandatory configuraion node "$(@.interface)" required by node "Service dhcp-server name ETH0_POOL" The configuraion has been changed. Fix this error, and run "Commit" again. [edit service/dhcp-server/name/ETH0_POOL/dns-server/172.16.0.32 thanks in advance, Manny Perez Meditab Software Inc. 333 Hegenberger Rd. St. 800 Oakland CA, 94621 Phone: 510.686.8469 Fax: 510.686.8469 ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] trying to setup DHCP-Server services.
I have been at this for several hours and am not sure what it is that im doing wrong. Here is my settings (im working from another pc so i had to retype it all in this email): ethernet eth0{ hw-id:** address 192.168.5.1{ prefix: 24 } } ethernet eth1{ hw-id:** address 123.0.0.1{ prefix: 24 } } ethernet eth2{ hw-id** address 145.0.0.1{ prefix:24 } } firewall{ { service{ dhcp-server{ name "ETH0_LOOP"{ start 192.168.5.100{ stop: 192.168.5.200 } network-mask:24 dns-server 172.16.0.32 } } } and the rest has been untouched by my settings. After i enter the commit command this is the error i keep getting: Missing mandatory configuraion node "$(@.interface)" required by node "Service dhcp-server name ETH0_POOL" The configuraion has been changed. Fix this error, and run "Commit" again. [edit service/dhcp-server/name/ETH0_POOL/dns-server/172.16.0.32 thanks in advance, Manny Perez Meditab Software Inc. 333 Hegenberger Rd. St. 800 Oakland CA, 94621 Phone: 510.686.8469 Fax: 510.686.8469 ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Web interface gone...
Hi Egbert, It sounds like after the package update, lighttpd got restarted with the default settings in '/etc/lighttpd/lighttpd.conf', and the default 'document-root' settings are pointed to '/var/www' instead of '/var/www/pages'. The reason why you saw the general login page layout but not the content when you browsed to http://my-server/pages/ is because loading that content depends on 'document-root' to be set to '/var/www/pages' To fix this problem, it is necessary to get lighttpd restarted with the Vyatta config file '/opt/vyatta/etc/lighttpd.conf' rather than the default config file '/etc/lighttpd/lighttpd.conf'. Do you have the Vyatta config file '/opt/vyatta/etc/lighttpd.conf' on your system? To restart lighttpd with proper config file, try the following sequence of commands from the root bash shell: /etc/init.d/lighttpd stop /opt/vyatta/sbin/lighttpd.init start The above should shut down lighttpd with default settings, and start it up again with Vyatta-specific settings. Then try browsing to the server and using the GUI again. Hit F5 in your browser just to make sure that you load a fresh page. Let me know how it goes, Thanks, Marat - Original Message - From: "Egbert Jan" <[EMAIL PROTECTED]> To: Sent: Tuesday, August 28, 2007 1:15 PM Subject: [Vyatta-users] Web interface gone... > Hi, > > In an attempt to update my router (was already on 2.2 community testing > branch), I used the update commands from the webinterface. So far so good. > But at a certain point lighttpd got updated (from the etch repositry) and > now I get a lighttpd welcome page on port 80 and an error on 443 (https). > I > suspect that /etc/lighttpd.conf was modified/replaced and (at least > DocumentRoot) is wrong. It is now /var/www. Shouldn't it be > /var/www/pages? > I have not rebooted yet (more users here at home...). When I point Firefox > to http://my-server/pages/ I get an empty login page. The general layout > is > there but no login/password box. What wold be the simplest way to repair > the > web interface? I have still ssh access. > > TNX > Egbert Jan (NL) > > ___ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] Web interface gone...
Hi, In an attempt to update my router (was already on 2.2 community testing branch), I used the update commands from the webinterface. So far so good. But at a certain point lighttpd got updated (from the etch repositry) and now I get a lighttpd welcome page on port 80 and an error on 443 (https). I suspect that /etc/lighttpd.conf was modified/replaced and (at least DocumentRoot) is wrong. It is now /var/www. Shouldn't it be /var/www/pages? I have not rebooted yet (more users here at home...). When I point Firefox to http://my-server/pages/ I get an empty login page. The general layout is there but no login/password box. What wold be the simplest way to repair the web interface? I have still ssh access. TNX Egbert Jan (NL) ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] cannot access tty
At what point in the boot process is it failing? Cheers, Robert. silvertip257 wrote: > Hello all, I'm trying to build my own router to secure my home network > and be able to practice for classes without buying expensive equipment. > > I'm trying to boot to vyatta livecd (VC2), but I keep getting this > message "/bin/sh: can't access tty" > So far I can't even boot off the cd correctly to run "install-system" > and put it on the hdd. > > Hardware specs: > Celeron 466MHz > 192MB RAM > onboard video > pci nic > hdd > CD/DVD > floppy > > Not the best machine, but it should be quite snappy for just routing > packets. > At one point I did have vyatta working (many months ago), but now that I > plan on using it I get the above error. > > This is not the first place I've asked this question; I have asked in > numerous linux IRC channels, but have not found a solution. > And through using search engines I have not arrived at a fix either. > > Please help and thank you very much. > Mike > > > > > ___ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Running Vyatta in RAID 1 setup? Performancemonitoring?
It's possible, but untested. You would need to apt-get mdadm from the repository and create the raid device before you run install-system. Cheers, Robert. Daren Tay wrote: > Anyone knows if it is possible? > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Daren Tay > Sent: Monday, 27 August 2007 10:50 > To: vyatta-users@mailman.vyatta.com > Subject: [Vyatta-users] Running Vyatta in RAID 1 setup? > Performancemonitoring? > > > Hi guys, > > how do I install Vyatta in a Linux Software RAID environment? > So far, I think it doesn't... because I wasn't prompt during installation. > > The installation was too easy (hahaha!) > > Also, what softwares/methods can I use to monitor Vyatta raid performance? > > Thanks! > Daren > > ___ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > ___ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Allowing FTP Connections
> Dave probably meant tshark instead of wireshark. Of course. ;-) -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] cannot access tty
Hardware isn't my area, but Just one thought - is the serial port enabled in the bios? Justin On 8/28/07, silvertip257 <[EMAIL PROTECTED]> wrote: > I'm not trying to be impatient, but I'm wondering what is wrong with my > hardware or whatever. > Vyatta is the only use for this box, so I'd like to set it up before too > much more time passes. > > If anyone has any ideas, drop me an email. > > Thanks, > Mike > > > On 8/27/07, silvertip257 <[EMAIL PROTECTED]> wrote: > > Hello all, I'm trying to build my own router to secure my home network and > be able to practice for classes without buying expensive equipment. > > > > I'm trying to boot to vyatta livecd (VC2), but I keep getting this message > "/bin/sh: can't access tty" > > So far I can't even boot off the cd correctly to run "install-system" and > put it on the hdd. > > > > Hardware specs: > > Celeron 466MHz > > 192MB RAM > > onboard video > > pci nic > > hdd > > CD/DVD > > floppy > > > > Not the best machine, but it should be quite snappy for just routing > packets. > > At one point I did have vyatta working (many months ago), but now that I > plan on using it I get the above error. > > > > This is not the first place I've asked this question; I have asked in > numerous linux IRC channels, but have not found a solution. > > And through using search engines I have not arrived at a fix either. > > > > Please help and thank you very much. > > Mike > > > > > > -- > // Silvertip257 // > == > Xubuntu 7.04 (Feisty Fawn) > --- Linux for human beings. > (http://www.xubuntu.org/ ) > ~~ > Helix --- Don't leave /home without it. > (http://www.efense.com/helix/) > ___ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] cannot access tty
I'm not trying to be impatient, but I'm wondering what is wrong with my hardware or whatever. Vyatta is the only use for this box, so I'd like to set it up before too much more time passes. If anyone has any ideas, drop me an email. Thanks, Mike On 8/27/07, silvertip257 <[EMAIL PROTECTED]> wrote: > > Hello all, I'm trying to build my own router to secure my home network and > be able to practice for classes without buying expensive equipment. > > I'm trying to boot to vyatta livecd (VC2), but I keep getting this message > "/bin/sh: can't access tty" > So far I can't even boot off the cd correctly to run "install-system" and > put it on the hdd. > > Hardware specs: > Celeron 466MHz > 192MB RAM > onboard video > pci nic > hdd > CD/DVD > floppy > > Not the best machine, but it should be quite snappy for just routing > packets. > At one point I did have vyatta working (many months ago), but now that I > plan on using it I get the above error. > > This is not the first place I've asked this question; I have asked in > numerous linux IRC channels, but have not found a solution. > And through using search engines I have not arrived at a fix either. > > Please help and thank you very much. > Mike > -- // Silvertip257 // == Xubuntu 7.04 (Feisty Fawn) --- Linux for human beings. (http://www.xubuntu.org/) ~~ Helix --- Don't leave /home without it. (http://www.efense.com/helix/) ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Allowing FTP Connections
Dave probably meant tshark instead of wireshark. stig > -Original Message- > From: [EMAIL PROTECTED] [mailto:vyatta-users- > [EMAIL PROTECTED] On Behalf Of Dave Roberts > Sent: Tuesday, August 28, 2007 9:34 AM > To: 'Daren Tay'; 'Wink'; vyatta-users@mailman.vyatta.com > Subject: Re: [Vyatta-users] Allowing FTP Connections > > No, on the router. Login in as root and fireup Wireshark. > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Daren Tay > > Sent: Tuesday, August 28, 2007 4:32 AM > > To: Wink; vyatta-users@mailman.vyatta.com > > Subject: Re: [Vyatta-users] Allowing FTP Connections > > > > woah... on the desktop that i am trying to connect from? > > > > -Original Message- > > From: Wink [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, 28 August 2007 19:14 > > To: Daren Tay; vyatta-users@mailman.vyatta.com > > Subject: Re: [Vyatta-users] Allowing FTP Connections > > > > > > Packet captures? Perhaps the forwarding function is working. > > > > I'd run wireshark and see if the FTP packets are being > > forwarded out of the router... > > > > > > - Original Message - > > From: "Daren Tay" <[EMAIL PROTECTED]> > > To: > > Sent: Tuesday, August 28, 2007 6:09 AM > > Subject: [Vyatta-users] Allowing FTP Connections > > > > > > > Hi guys, > > > > > > I realise after setting all the static routes, and what > > not, I can SSH > > > but I can't FTP. weird... > > > > > > basically the public ip is at my router which directs to my private > > > server > > > (192.168.40.x) via routing. > > > The 2 key NAT rules are: > > > > > >rule 1 { > > >type: "source" > > >translation-type: "masquerade" > > >outbound-interface: "eth0" > > >protocols: "all" > > >source { > > >network: 192.168.40.0/24 > > >} > > >destination { > > >network: 0.0.0.0/0 > > >} > > >} > > > > > > > > >rule 12 { > > >type: "destination" > > >translation-type: "static" > > >inbound-interface: "eth0" > > >protocols: "all" > > >source { > > >network: 0.0.0.0/0 > > >} > > >destination { > > >address: > > >} > > >inside-address { > > >address: 192.168.40.73 > > >} > > >} > > > > > > > > > > > > Can SSH, HTTP etc, but I can't do FTP weirdly do I need > > to do more > > > NAT? > > > > > > Thanks! > > > Daren > > > > > > ___ > > > Vyatta-users mailing list > > > Vyatta-users@mailman.vyatta.com > > > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > > > > > > > > -- > > > No virus found in this incoming message. > > > Checked by AVG Free Edition. > > > Version: 7.5.484 / Virus Database: 269.12.10/976 - Release Date: > > > 8/27/2007 6:20 PM > > > > > > > > > > ___ > > Vyatta-users mailing list > > Vyatta-users@mailman.vyatta.com > > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > > > ___ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] DHCP ip address on ethernet interface
> Hello Vyatta, > > I found vyatta for a few days and i installed it successfully > on my box. > It runs all fine and i updated it to the latest state. > > But i have a simple question, it ist possible to recive a > dynamic ip from an dhcp server on an vyatta ethernet > interface ? i didnt find a solution in the past ? ...like on > linux "dhclient eth0" > > best regards > > Michael Michael, DHCP client addressing on interfaces is a highly requested feature but it isn't yet in the software. We're working on some changes to the system that will get it there in a couple of releases. The actual feature itself it relatively trivial to implement using the standard DHCP client packages but it has to wait until we make some other changes to the way that interfaces are handled in the system such that we don't interfere with the DHCP operation. Unfortunately, this other work is taking longer that we'd like. Look for this change in a few months. In the mean time, feel free to add your vote to the list of top-requested enhancements on the wiki: http://www.vyatta.com/twiki/bin/view/Community/TopEnhancements -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Allowing FTP Connections
No, on the router. Login in as root and fireup Wireshark. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Daren Tay > Sent: Tuesday, August 28, 2007 4:32 AM > To: Wink; vyatta-users@mailman.vyatta.com > Subject: Re: [Vyatta-users] Allowing FTP Connections > > woah... on the desktop that i am trying to connect from? > > -Original Message- > From: Wink [mailto:[EMAIL PROTECTED] > Sent: Tuesday, 28 August 2007 19:14 > To: Daren Tay; vyatta-users@mailman.vyatta.com > Subject: Re: [Vyatta-users] Allowing FTP Connections > > > Packet captures? Perhaps the forwarding function is working. > > I'd run wireshark and see if the FTP packets are being > forwarded out of the router... > > > - Original Message - > From: "Daren Tay" <[EMAIL PROTECTED]> > To: > Sent: Tuesday, August 28, 2007 6:09 AM > Subject: [Vyatta-users] Allowing FTP Connections > > > > Hi guys, > > > > I realise after setting all the static routes, and what > not, I can SSH > > but I can't FTP. weird... > > > > basically the public ip is at my router which directs to my private > > server > > (192.168.40.x) via routing. > > The 2 key NAT rules are: > > > >rule 1 { > >type: "source" > >translation-type: "masquerade" > >outbound-interface: "eth0" > >protocols: "all" > >source { > >network: 192.168.40.0/24 > >} > >destination { > >network: 0.0.0.0/0 > >} > >} > > > > > >rule 12 { > >type: "destination" > >translation-type: "static" > >inbound-interface: "eth0" > >protocols: "all" > >source { > >network: 0.0.0.0/0 > >} > >destination { > >address: > >} > >inside-address { > >address: 192.168.40.73 > >} > >} > > > > > > > > Can SSH, HTTP etc, but I can't do FTP weirdly do I need > to do more > > NAT? > > > > Thanks! > > Daren > > > > ___ > > Vyatta-users mailing list > > Vyatta-users@mailman.vyatta.com > > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > > > > > -- > > No virus found in this incoming message. > > Checked by AVG Free Edition. > > Version: 7.5.484 / Virus Database: 269.12.10/976 - Release Date: > > 8/27/2007 6:20 PM > > > > > > ___ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Possible to use Vyatta in Virtualize environment?
> but for a virtualized environment.. the idea is to install > the Virtualizer (VMware, XEN) first, then the Linux/Vyatta OS itself? > It seats below the kernel? > > Or do I need to install a distro first, then the Virtualize > software, then the vyatta (and whatever I want to virtualize) It depends on the virtualization software. Some hypervisors like Xen and VMware ESX, work on bare metal. Thus hypervisor, then guest OS (e.g. Vyatta). Others, like VMware Server work using a host OS. Thus you'd install something like Linux or Windows, then VMware Server, then guest OS (Vyatta). There are almost as many ways to virtualize things as there are hypervisors, so you'll need to familiarize yourself with those options. Some hypervisors require newer processors with hardware virtualization features to support unmodified guest operating systems. Xen and Virtual Iron fall into this camp. You won't be able to use those systems to virtualize anything on your older P4 system without the new virtualization features. Others, such as VMware (and maybe VirtualBox, but I'm not positive of that), can run unmodified guest OS on older hardware, but will take a performance hit when doing so. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Possible to use Vyatta in Virtualize environment?
Daren, In the case of VMWare ESX, it is the foundation (host) operating system as well as the hypervisor. It's installed before any client operating systems and applications, such as Vyatta. In the case of VMWare Server (the free version), a host operating system is installed first, such as Linux or MS Windows. The VMWare Server is installed as a hypervisor application. After that, you build the virtual machines using the VMWare Server application and load Vyatta or other applications above it. In both instances, Vyatta and other virtual machines sit above the kernel. Regards, John Gong, Systems Engineer Vyatta Daren Tay wrote: > Hi guys, > > pardon me for these continuous stew of questions... > > but for a virtualized environment.. the idea is to install the Virtualizer > (VMware, XEN) first, then the Linux/Vyatta OS itself? > It seats below the kernel? > > Or do I need to install a distro first, then the Virtualize software, then > the vyatta (and whatever I want to virtualize) > > Thanks > Daren > > -Original Message- > From: Dave Roberts [mailto:[EMAIL PROTECTED] > Sent: Tuesday, 28 August 2007 02:41 > To: 'Daren Tay'; 'Allan Leinwand' > Cc: vyatta-users@mailman.vyatta.com > Subject: RE: [Vyatta-users] Possible to use Vyatta in Virtualize > environment? > > > >> so in a nutshell, I will need application like VMWare to do >> virtualization? >> > > Yes, but I would point out that there are free versions of VMware Server > which work quite well with Vyatta. See the VMware website for details > (http://www.vmware.com/products/server/). XenSource also makes XenExpress, > which is free and support up to 4 VMs per machine > (http://www.xensource.com/products/Pages/XenExpress.aspx). > > We use VMware Server here at Vyatta for some of our QA testing. We do > things like connect virtual adapters from multiple VMs together to form > virtual topologies to test routing protocols, etc. It works quite well, > though it can be memory intensive if your routing tables are large. > > -- Dave > > ___ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Allowing FTP Connections
Hi Daren, If you are running an earlier version of Vyatta, the FTP conntrack NAT module may not be loaded. See the following Bugzilla issue: https://bugzilla.vyatta.com/show_bug.cgi?id=1498 This issue has been resolved in the latest versions of Vyatta. You can tell which version you're running by running the 'show version' command in the CLI operational mode. You can tell whether or not the appropriate modules are loaded by running 'lsmod' from the bash shell while logged in as root. lsmod |grep ftp If they aren't loaded, you can try doing a modprobe fore the NAT/ conntrack FTP modules: ip_conntrack_ftp and ip_nat_ftp Or, upgrade your system. If these modules or the same modules preceded by nf rather than ip are loaded, you should be OK. If that's the case then go with Wink's suggestion of running a packet capture on the Vyatta router: Example: tshark -n -i eth1 port ftp Where -i ethx = the interface on the router that your desktop is connected to and you can also run it on eth0 which looks to be your outside facing interface. Hope this helps. Thanks, Robyn Daren Tay wrote: > woah... on the desktop that i am trying to connect from? > > -Original Message- > From: Wink [mailto:[EMAIL PROTECTED] > Sent: Tuesday, 28 August 2007 19:14 > To: Daren Tay; vyatta-users@mailman.vyatta.com > Subject: Re: [Vyatta-users] Allowing FTP Connections > > > Packet captures? Perhaps the forwarding function is working. > > I'd run wireshark and see if the FTP packets are being forwarded out of the > router... > > > - Original Message - > From: "Daren Tay" <[EMAIL PROTECTED]> > To: > Sent: Tuesday, August 28, 2007 6:09 AM > Subject: [Vyatta-users] Allowing FTP Connections > > > >> Hi guys, >> >> I realise after setting all the static routes, and what not, I can SSH but >> I >> can't FTP. weird... >> >> basically the public ip is at my router which directs to my private server >> (192.168.40.x) via routing. >> The 2 key NAT rules are: >> >>rule 1 { >>type: "source" >>translation-type: "masquerade" >>outbound-interface: "eth0" >>protocols: "all" >>source { >>network: 192.168.40.0/24 >>} >>destination { >>network: 0.0.0.0/0 >>} >>} >> >> >>rule 12 { >>type: "destination" >>translation-type: "static" >>inbound-interface: "eth0" >>protocols: "all" >>source { >>network: 0.0.0.0/0 >>} >>destination { >>address: >>} >>inside-address { >>address: 192.168.40.73 >>} >>} >> >> >> >> Can SSH, HTTP etc, but I can't do FTP weirdly do I need to do more >> NAT? >> >> Thanks! >> Daren >> >> ___ >> Vyatta-users mailing list >> Vyatta-users@mailman.vyatta.com >> http://mailman.vyatta.com/mailman/listinfo/vyatta-users >> >> >> -- >> No virus found in this incoming message. >> Checked by AVG Free Edition. >> Version: 7.5.484 / Virus Database: 269.12.10/976 - Release Date: 8/27/2007 >> 6:20 PM >> >> >> > > ___ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] DHCP ip address on ethernet interface
Hello Vyatta, I found vyatta for a few days and i installed it successfully on my box. It runs all fine and i updated it to the latest state. But i have a simple question, it ist possible to recive a dynamic ip from an dhcp server on an vyatta ethernet interface ? i didnt find a solution in the past ? ...like on linux "dhclient eth0" best regards Michael -- [] this Email is made of 100% Recyclable electrons [] visit : www.smog.at ; www.theurl.at ; www.lugv.at [] private: members.smog.at/michael [] mailto : [EMAIL PROTECTED] [] key: www.smog.at/key signature.asc Description: This is a digitally signed message part ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Allowing FTP Connections
woah... on the desktop that i am trying to connect from? -Original Message- From: Wink [mailto:[EMAIL PROTECTED] Sent: Tuesday, 28 August 2007 19:14 To: Daren Tay; vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] Allowing FTP Connections Packet captures? Perhaps the forwarding function is working. I'd run wireshark and see if the FTP packets are being forwarded out of the router... - Original Message - From: "Daren Tay" <[EMAIL PROTECTED]> To: Sent: Tuesday, August 28, 2007 6:09 AM Subject: [Vyatta-users] Allowing FTP Connections > Hi guys, > > I realise after setting all the static routes, and what not, I can SSH but > I > can't FTP. weird... > > basically the public ip is at my router which directs to my private server > (192.168.40.x) via routing. > The 2 key NAT rules are: > >rule 1 { >type: "source" >translation-type: "masquerade" >outbound-interface: "eth0" >protocols: "all" >source { >network: 192.168.40.0/24 >} >destination { >network: 0.0.0.0/0 >} >} > > >rule 12 { >type: "destination" >translation-type: "static" >inbound-interface: "eth0" >protocols: "all" >source { >network: 0.0.0.0/0 >} >destination { >address: >} >inside-address { >address: 192.168.40.73 >} >} > > > > Can SSH, HTTP etc, but I can't do FTP weirdly do I need to do more > NAT? > > Thanks! > Daren > > ___ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.5.484 / Virus Database: 269.12.10/976 - Release Date: 8/27/2007 > 6:20 PM > > ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] User and Password Management
So as of now.. if i create users... all of them have full access be it via http or CLi yah... thats what I noticed... any idea when will this be improved on? Thanks people! Daren -Original Message- From: Dave Roberts [mailto:[EMAIL PROTECTED] Sent: Tuesday, 28 August 2007 02:45 To: 'Daren Tay'; 'An-Cheng Huang' Cc: vyatta-users@mailman.vyatta.com Subject: RE: [Vyatta-users] User and Password Management > I just downloaded the ISO, so I suppose its the latest stable version? Actually, this isn't the latest stable version. It's the latest stable ISO, but you'll want to do a package update. The details for how to do this can be found in the latest release notes here: http://www.vyatta.com/documentation/ -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Possible to use Vyatta in Virtualize environment?
Hi guys, pardon me for these continuous stew of questions... but for a virtualized environment.. the idea is to install the Virtualizer (VMware, XEN) first, then the Linux/Vyatta OS itself? It seats below the kernel? Or do I need to install a distro first, then the Virtualize software, then the vyatta (and whatever I want to virtualize) Thanks Daren -Original Message- From: Dave Roberts [mailto:[EMAIL PROTECTED] Sent: Tuesday, 28 August 2007 02:41 To: 'Daren Tay'; 'Allan Leinwand' Cc: vyatta-users@mailman.vyatta.com Subject: RE: [Vyatta-users] Possible to use Vyatta in Virtualize environment? > so in a nutshell, I will need application like VMWare to do > virtualization? Yes, but I would point out that there are free versions of VMware Server which work quite well with Vyatta. See the VMware website for details (http://www.vmware.com/products/server/). XenSource also makes XenExpress, which is free and support up to 4 VMs per machine (http://www.xensource.com/products/Pages/XenExpress.aspx). We use VMware Server here at Vyatta for some of our QA testing. We do things like connect virtual adapters from multiple VMs together to form virtual topologies to test routing protocols, etc. It works quite well, though it can be memory intensive if your routing tables are large. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Allowing FTP Connections
Packet captures? Perhaps the forwarding function is working. I'd run wireshark and see if the FTP packets are being forwarded out of the router... - Original Message - From: "Daren Tay" <[EMAIL PROTECTED]> To: Sent: Tuesday, August 28, 2007 6:09 AM Subject: [Vyatta-users] Allowing FTP Connections > Hi guys, > > I realise after setting all the static routes, and what not, I can SSH but > I > can't FTP. weird... > > basically the public ip is at my router which directs to my private server > (192.168.40.x) via routing. > The 2 key NAT rules are: > >rule 1 { >type: "source" >translation-type: "masquerade" >outbound-interface: "eth0" >protocols: "all" >source { >network: 192.168.40.0/24 >} >destination { >network: 0.0.0.0/0 >} >} > > >rule 12 { >type: "destination" >translation-type: "static" >inbound-interface: "eth0" >protocols: "all" >source { >network: 0.0.0.0/0 >} >destination { >address: >} >inside-address { >address: 192.168.40.73 >} >} > > > > Can SSH, HTTP etc, but I can't do FTP weirdly do I need to do more > NAT? > > Thanks! > Daren > > ___ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.5.484 / Virus Database: 269.12.10/976 - Release Date: 8/27/2007 > 6:20 PM > > ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] Allowing FTP Connections
Hi guys, I realise after setting all the static routes, and what not, I can SSH but I can't FTP. weird... basically the public ip is at my router which directs to my private server (192.168.40.x) via routing. The 2 key NAT rules are: rule 1 { type: "source" translation-type: "masquerade" outbound-interface: "eth0" protocols: "all" source { network: 192.168.40.0/24 } destination { network: 0.0.0.0/0 } } rule 12 { type: "destination" translation-type: "static" inbound-interface: "eth0" protocols: "all" source { network: 0.0.0.0/0 } destination { address: } inside-address { address: 192.168.40.73 } } Can SSH, HTTP etc, but I can't do FTP weirdly do I need to do more NAT? Thanks! Daren ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Running Vyatta in RAID 1 setup? Performancemonitoring?
Anyone knows if it is possible? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Daren Tay Sent: Monday, 27 August 2007 10:50 To: vyatta-users@mailman.vyatta.com Subject: [Vyatta-users] Running Vyatta in RAID 1 setup? Performancemonitoring? Hi guys, how do I install Vyatta in a Linux Software RAID environment? So far, I think it doesn't... because I wasn't prompt during installation. The installation was too easy (hahaha!) Also, what softwares/methods can I use to monitor Vyatta raid performance? Thanks! Daren ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] next Vyatta Community edition
Hi there, 1) How do I see what version of Vyatta I am running? 2) What are the usual key packages that I should take note in updating? 3) If I want to set my connections to the servers behind the router, using VPN, what should I do? Thanks people! Daren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dave Roberts Sent: Tuesday, 28 August 2007 02:37 To: [EMAIL PROTECTED]; vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] next Vyatta Community edition > Do you know when will be released the next Vyatta community > edition version? Just to refresh everybody's memory, there are three stages that every community release goes through, with three different repositories that allow you to catch the release at the point you're most comfortable playing with it. The stages/repositories are: * Experimental - this is roughly alpha quality. Changes may occur daily or even multiple times per day. Go here if you're wanting to get a feel for things in the early stages. Vyatta QA is working with the code at this point. * Testing - this is roughly beta quality. Changes are much slower (weeks). Vyatta QA is mostly complete by this point and we're looking for community feedback to squash any big bugs that we may have missed. * Main - this is released code. For more information on this overall process, see: http://www.vyatta.com/twiki/bin/view/Community/UnderstandingPackageArchive s http://www.vyatta.com/twiki/bin/view/Community/HowToUpdate This week, there are two transitions happening: 1. Look for VC2.2 (Camarillo) to move from Testing to Main (announcement here shortly) 2. VC3 (Dublin) to move into Experimental. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users