Re: [Vyatta-users] Custom DHCP options
You could modify the perl script that creates the dhcpd.conf file and add the custom commands for you. Doesn't exactly give you the flexability you want from the OFR, but it at least will keep you from having to keep everything in sync by hand. /opt/vyatta/sbin/dhcpd-config.pl If you dont know enough perl, let me know and I can probably help you out. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Mar 25, 2008, at 5:22 AM, Joe Pub wrote: Yea, I was considering editing dhcpd.conf directly, but was hoping the CLI would incorporate directly. Is there a way that I can edit the dhcpd.conf after the OFR has written it then restart dhcpd.conf automatically during boot? On 24/03/2008, Matt Watson [EMAIL PROTECTED] wrote: I don;t think you can do this... I tried doing it before but I didn;t have much luck... i wanted to set tftp-server-name so that i could specifcy the TFTP server for my SIP phones to download their config from. The problem isn;t the lack of functionality in the DHCP server, the problem is Vyatta's CLI's inability to configure the options. Vyatta is basically just creating a dhcpd.conf file based on your vyatta config... one hack I did to fix this probably temporarly is to not include any dhcp config in the vyatta config... then i configured dhcpd.conf myself with the options I wanted... unfortunatly this method means that OFR doesn't automatically start the dhcp server at bootup... hence why its only a temporary solution for me... One thing i;m considering doing is setting up dhcp relay to trying to centralize all of my dhcp servers... but it would be very nice if OFR allowed you to specify arbitrary options I was actually extremely surprised when i discovered i couldn';t set tftp-server-name through OFR... given how common TFTP is for IP phones... and considering that Vyatta is partnered with Digium - the author of Asterisk PBX - http://www.vyatta.com/partners/index.php -- Matt From: [EMAIL PROTECTED] [EMAIL PROTECTED] ] On Behalf Of Joe Pub [EMAIL PROTECTED] Sent: Thursday, March 20, 2008 11:59 AM To: vyatta-users@mailman.vyatta.com Subject: [Vyatta-users] Custom DHCP options Hi, Is there a way in the OFR to add custom DHCP options to the DHCP server? If not what will be the best way for me to accomplish this on vc3? Thanks. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Fractional T3 configuration?
I don't believe that it does but I can't find anything that says one way or the other. Aubrey Wells (iPhone) Senior Engineer Shelton | Johns www.sheltonjohns.com On Mar 9, 2008, at 11:58 AM, ken Felix [EMAIL PROTECTED] wrote: I'm curious, Does this card even support fractional line rates? It was my understanding that it didn't. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] vif 1 on wan0
Is your serial connection up? You won't be able to ping it until the connection comes up because that's when the vif gets created. if you do a ifconfig from the shell, you will probably see that wan0.1 is not created yet. Are you using ppp or c-hdlc? -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Mar 5, 2008, at 10:06 AM, Chad Hurley wrote: Sorry for all the questions but this is the first time I have used anything outside of Ethernet on a Vyatta router. I have configured a Sangoma A301 card and the system finds fine. I have configured it with vif 1 and assigned an address. However, when I try to ping the address from the router itself I get the error: connect: Network is unreachable Am I missing something? Thanks again in advance. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Problem sending prefixes to my upstream provider
Connected means defined directly on an interface on your router.
because 117.120.0.0/21 is defined directly on a router interface
(eth1) your static route will never work. A connected route takes
preference over a static one. because of this, the route is not
installed in the routing table so your attempt to advertise:
policy {
policy-statement BGP_EXPORT {
term 1 {
from {
protocol: static
network4: 117.120.0.0/21
}
then {
action: accept
WIll never work. What you should do is change it to look like this:
policy {
policy-statement BGP_EXPORT {
term 1 {
from {
protocol: connected
network4: 117.120.0.0/21
}
then {
action: accept
And it should work.
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Feb 29, 2008, at 3:31 PM, Poh Yong Hwang wrote:
Hi,
Thanks for your advise but could you elaborate more on what do you
mean by connected? Care to give me an example?
Thanks!
Yongsan
On Fri, Feb 29, 2008 at 9:42 PM, Aubrey Wells
[EMAIL PROTECTED] wrote:
For bgp to advertise a prefix you must have a valid route in your
local RIB. That static route isn't valid because you're pointing a
locally connected route to another local route. Since the /21 is a
directly connected route, get rid of the static route and change
your from protocol to connected and that should work.
Aubrey Wells (iPhone)
Senior Engineer
Shelton | Johns
www.sheltonjohns.com
On Feb 29, 2008, at 2:53 AM, Poh Yong Hwang [EMAIL PROTECTED]
wrote:
Hi,
I have problem sending prefixes to my upstream provider based on
the docs on Originating route to eBGP neighbours. My prefixes is as
follows 117.120.0.0/21 and here is my detail configuration:
protocols {
bgp {
bgp-id: 203.192.163.146
local-as: 7595
import:
export: BGP_EXPORT
peer 203.192.163.145 {
import:
export:
multihop: 1
peer-port: 179
local-port: 179
local-ip: 203.192.163.146
as: 10026
next-hop: 203.192.163.146
holdtime: 90
delay-open-time: 0
client: false
confederation-member: false
disable: false
ipv4-unicast: true
ipv4-multicast: false
ipv6-unicast: false
ipv6-multicast: false
md5-key:
}
}
static {
disable: false
route 117.120.0.0/21 {
next-hop: 203.192.163.146
metric: 1
}
}
}
policy {
policy-statement BGP_EXPORT {
term 1 {
from {
protocol: static
network4: 117.120.0.0/21
}
then {
action: accept
}
}
}
}
interfaces {
restore: false
loopback lo {
description:
}
ethernet eth0 {
disable: false
discard: false
description:
hw-id: 00:30:48:83:08:ae
duplex: auto
speed: auto
address 203.192.163.146 {
prefix-length: 30
disable: false
}
}
ethernet eth1 {
disable: false
discard: false
description:
hw-id: 00:30:48:83:08:af
duplex: auto
speed: auto
address 117.120.0.5 {
prefix-length: 21
disable: false
}
}
}
service {
ssh {
port: 22
protocol-version: v2
}
webgui {
http-port: 80
https-port: 443
}
}
firewall {
log-martians: enable
send-redirects: disable
receive-redirects: disable
ip-src-route: disable
broadcast-ping: disable
syn-cookies: enable
}
system {
host-name: vyatta
domain-name:
name-server 202.79.210.197
time-zone: GMT
ntp-server 69.59.150.135
login {
user root {
full-name:
authentication {
encrypted-password: $1$$Ht7gBYnxI1xCdO/JOnodh.
}
}
user vyatta {
full-name:
authentication {
encrypted-password: $1$$Ht7gBYnxI1xCdO/JOnodh.
}
}
}
package {
auto-sync: 1
[Vyatta-users] BGP default originate
In VC3, how do I originate default to a BGP peer? I've tried various permutations of policy-statements with no luck. I'm basically looking for the vyatta equivalent of cisco's neighbor X.X.X.X default-originate -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Graphing bandwidth: how do you do it?
Are you wanting just the toal bandwidth in/out of each interface, or are you wanting it broken down by which subnets/hosts are using how much bandwidth. For the former, MRTG (or maybe cacti, but I prefer MRTG) is your best bet. For the latter, I use bandwidthd reporting to a seperate postgres+httpd server. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Feb 20, 2008, at 12:41 PM, [EMAIL PROTECTED] wrote: All, I have been trying to get a bandwidth monitoring / graphing utility to work now and have hit a hard road. I have tried to install the 'real' webmin because they have a nice easy way to show traffic in / out, but to no avail. I have started the snmp way via MRTG, but it will take me a while to set up and configure. Can anyone recommend the easiest way to watch the traffic on my vyatta box interface(s)? I'm sure I'll eventually get MRTG to work-- but maybe there is a cleaner way? Thanks in advance, Aaron p.s. Out of curiosity, has anyone gotten 'Webmin' (the official package) to install on a vyatta machine? I resolved various dependencies, but still cannot connect to it. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Glendale source
Hmm... I'm not too familiar with git, so I may be doing something wrong, but I keep getting this: vyatta-build:~/glendale# git-clone http://git.vyatta.com/linux-vyatta.git error: Couldn't get http://git.vyatta.com/linux-vyatta.git/refs/heads/glendale for heads/glendale The requested URL returned error: 404 error: Could not interpret heads/glendale as something to pull vyatta-build:~/glendale# Oh, and sorry for cluttering up users, i meant to post this to hackers but address auto-complete tricked me. :-) -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Feb 9, 2008, at 12:25 PM, An-Cheng Huang wrote: Hi Aubrey, The glendale kernel source is available here: For browsing: http://git.vyatta.com/git/?p=linux-vyatta.git;a=summary For cloning: http://git.vyatta.com/linux-vyatta.git Note that you'll need to switch to the glendale branch after cloning it. An-Cheng Aubrey Wells wrote: I'm mainly interested in downloading the kernel sources if possible. * --* *Aubrey Wells* /Senior Engineer/ Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com http://www.sheltonjohns.com ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] Glendale source
Will the etch-dnld-and-build script check out the glendale source, or is there a different repo I should pull from? -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Rate Limiting
Try this: http://www.hackosis.com/index.php/2007/11/08/linux-router-bandwidth-management-example/ If you need help getting it working on a vif let me know, I have it working. --- Aubrey Wells (mobile) Senior Engineer Shelton | Johns Technology Group Support: [EMAIL PROTECTED] sheltonjohns.com -Original Message- From: Max [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: 2/6/08 4:10 PM Subject: [Vyatta-users] Rate Limiting This might have been covered before and I just don't remember the details.. But is there any way to rate limit a vlan with Vyatta? I recall reading something about Linux and tc.. anyone? Thanks in advance :) ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Vyatta box hacked?
As far as I could tell, you cant set up key-only auth in the CLI. If
you drop an authorized_keys file in to each user's ~/.ssh directory,
and set PasswordAuthentication=no in sshd.conf you will enable key-
only auth.
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
404.478.2790
Support: [EMAIL PROTECTED]
www.sheltonjohns.com
On Feb 4, 2008, at 2:00 PM, Jostein Martinsen-Jones wrote:
Yes, i did change the root password asap!
I would much like to see a configuration snippet on how to use rsa-
keys.
Can I use several rsa-keys so i can login as different users?
2008/2/4, Nathan McBride [EMAIL PROTECTED]:
Yup sure is. I have setup my vyatta router to only allow rsa keys.
Did you change your root password from 'vyatta'?
Nate
On Mon, 2008-02-04 at 18:13 +0100, Jostein Martinsen-Jones wrote:
Hi
I am only using ssh. Is it possible to have rsa-keys for all users,
including vyatta?
Maybe the attackers managed to brute force my password?
This is very anoying since I have to reinstall the machine tomorrow
and doesn't know what went wrong. Haven't had time to check the logs
either.
How does the user configuration look for you other guys and girls?
2008/2/4, Stig Thormodsrud [EMAIL PROTECTED]:
Hi Jostein,
Are you using telnet or ssh to access the box? Using telnet
in not secure from a public network as the username/password
is in clear text.
stig
__
From:[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of
Jostein Martinsen-Jones
Sent: Monday, February 04, 2008 2:43 AM
To: Dave Strydom
Cc: vyatta-users@mailman.vyatta.com
Subject: Re: [Vyatta-users] Vyatta box hacked?
Jupp, I think i have an intruder, the ip 202.172.171.217
isn't
known to me at all.
I am the only one knowing the root password, and I have not
logged in those times that last are showing.
root pts/0202.172.171.217 Mon Feb 4 05:21 -
07:38 (02:16)
root pts/0202.172.171.217 Sat Feb 2 14:54 -
16:05 (01:11)
root pts/0202.172.171.217 Fri Feb 1 23:51 -
23:57 (00:05)
root pts/0202.172.171.217 Fri Feb 1 13:49 -
17:18 (03:29)
How did this happen?
I changed all the passwords on install to 8 character long,
using numbers and letters.
This is from my old config, are plaintext-password
supposed to
be blank?
# show system login
user root {
authentication {
encrypted-password: $1$nZxxsgXC/
plaintext-password:
}
}
user vyatta {
authentication {
encrypted-password: $1$yyyt0/
plaintext-password:
}
}
2008/2/4, Dave Strydom [EMAIL PROTECTED]:
Login to your router as root and run:
# last | more
and see if there are any logins to your machine which you do
not recognize.
On Feb 4, 2008 12:05 PM, Jostein Martinsen-Jones
[EMAIL PROTECTED] wrote:
I got mail from another linux user today. He complained
about login attempts
to his boxes, from my vyatta router!
Am I haxored or what? This is from his log and the ip
12.34.56.78 are my
router.
Feb 2 18:11:39 88.191.40.120 sshd[30444]: (pam_unix)
authentication
failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=12.34.56.78 user=root
Feb 2 18:11:40 88.191.40.120 sshd[30444]: Failed password
for invalid user
root from 12.34.56.78 port 42492 ssh2
Feb 2 18:11:46 88.191.40.120 sshd[30450]: User root from
12.34.56.78 not
allowed because not listed in AllowUsers
Feb 2 18:11:46 88.191.40.120 sshd[30450]: (pam_unix)
authentication
failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=12.34.56.78 user=root
Feb 2 18:11:48 88.191.40.120 sshd[30450]: Failed
password
for invalid user
root from 12.34.56.78 port 42926 ssh2
Feb 2 18:11:54 88.191.40.120 sshd[30456]: User root from
12.34.56.78 not
allowed because not listed in AllowUsers
Feb 2 18:11:54 88.191.40.120 sshd[30456]: (pam_unix)
authentication
failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=12.34.56.78 user=root
Feb 2 18:11:56 88.191.40.120 sshd[30456]: Failed password
for invalid user
root from 12.34.56.78 port 43408 ssh2
Feb 2 18:11:56 88.191.40.120 sshd[30494]: refused
Re: [Vyatta-users] vyatta in a fully-virtualized (hvm) domU; console issues
I have an almost identical setup, and I have no such issue. Can you post your .cfg for the domU? -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Jan 30, 2008, at 12:23 AM, snowcrash+vyatta wrote: hi, i've installed vyatta community edition, from vyatta-livecd-vc3.iso, as a fully-virutalized (HVM) Xen DomU on a Fedora8 Dom0. install went without a noticeable hitch. on domain shutdown/restart, xm create -c vyatta_run.cfg @ console, i see, Using config file /etc/xen/vyatta_run.cfg. Started domain vyatta xenconsole: Could not read tty from store: No such file or directory searching, i find http://readlist.com/lists/lists.xensource.com/xen-users/3/16722.html which suggests adding to vyatta domain's /etc/inittab, co:2345:respawn:/sbin/mingetty console mounting the domain's LV from Dom0 with, kpartx -av /dev/VG00/vyatta mount -t ext2 /dev/mapper/vyatta1 /mnt i note in /sbin only 'getty' -- no 'minggetty'. so, instead, i add a similar co:2345:respawn:/sbin/getty console to /mnt/etc/inittab but on domain restart i see the same, Using config file /etc/xen/vyatta_run.cfg. Started domain vyatta xenconsole: Could not read tty from store: No such file or directory @ Dom0, the vyatta DomU's console displays, Press F10 to select boot device. Booting from Hard Disk ... GRUB Loading stage 2.. Press any key to continue. and there it sits. doing nothing. other DomU's, e.g. Fedora8, have no probs so far ... anyone here have any hints as to how to get past this? thanks! ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] glendale problems my 1st view
#3 - I agree, please bring back my beloved ?! Its an automatic reflex to hit ? whenever I'm in a router. I end up hitting it 3 or 4 times before I realize that its echoing the char to the screen rather than activating help. That and the new CLI being mildly confusing (i'm adjusting to it) are my only two complaints so far. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Jan 28, 2008, at 10:03 PM, Ken Felix (C) wrote: 1. Still todate, OSPF md authenication is not enable or even configurable 2. System uptime is now show via show version show system uptime 3. system help now requires a tab vrs the previous question mark on the CLI, I thought this was confusing at first 4. system configuration like for protocols ospf is slightly different vrs vc3 5. any help on the CLI regardless of level show bash options vrs th vyatta engine options. (confusing to say the least ) ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] glendale problems my 1st view
I guess its just so wildly different than any other router I've ever been on that it threw me for a loop with the bash integration. After reading the docs, it just talks about the new CLIs benefits, it bever actually says hey dummy, you just need to type your commands at the shell I had to look at an example section and realize that that was a bash prompt. There was also something in the docs about it being called the vshell so i was searching for a vshell command to dump me in to the cli. I guess its mostly the initial fumbling of how to get to the thing, and now its just adjusting to not having a distinct router CLI. Its probably just culture shock and I'll get over it. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Jan 29, 2008, at 12:11 PM, Dave Roberts wrote: Aubrey, when you say it's mildly confusing, what are you referring to? -- Dave From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] On Behalf Of Aubrey Wells Sent: Tuesday, January 29, 2008 7:48 AM To: Ken Felix (C) Cc: vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] glendale problems my 1st view #3 - I agree, please bring back my beloved ?! Its an automatic reflex to hit ? whenever I'm in a router. I end up hitting it 3 or 4 times before I realize that its echoing the char to the screen rather than activating help. That and the new CLI being mildly confusing (i'm adjusting to it) are my only two complaints so far. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Jan 28, 2008, at 10:03 PM, Ken Felix (C) wrote: 1. Still todate, OSPF md authenication is not enable or even configurable 2. System uptime is now show via show version show system uptime 3. system help now requires a tab vrs the previous question mark on the CLI, I thought this was confusing at first 4. system configuration like for protocols ospf is slightly different vrs vc3 5. any help on the CLI regardless of level show bash options vrs th vyatta engine options. (confusing to say the least ) ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] vlan trunking?
You are correct, a vif is a dot1q tagged vlan interface where the vif number is the vlan id. so to tag vlan 27 and 29 on interface eth0: set interfaces ethernet eth0 vif 27 set interfaces ethernet eth0 vif 29 set interfaces ethernet eth0 vif 27 address 10.1.1.1 prefix-length 24 set interfaces ethernet eth0 vif 29 address 10.2.2.1 prefix-length 24 commit make sense? -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Jan 29, 2008, at 5:28 PM, [EMAIL PROTECTED] wrote: Out of couristiy, does Vyatta (I'm currently using community edition 3) support vlan trunking? I have yet to see in any documenation or tutorials any sort of the word trunk. I have seen tutorials that have 2-3 vlan (vif interfaces) on a single physical interface-- so I guess its just implied trunking on dot1q protocol? Thanks in advance, Aaron ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] glendale problems my 1st view
I vote for #1. Maybe its just because I've been doing this for quite a while, but I would think that most people who would be annoyed about not being able to put a ? in a description or something know how to use the ctrl-v escape like with a cisco. maybe it can be a config option? set system online-help key-rebindings true -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Jan 29, 2008, at 5:27 PM, An-Cheng Huang wrote: Note also that if the '?' key is bound to auto-completion, the user can still input the '?' character using the readline escape sequence (i.e., in this case Ctrl-v ?). So basically it came down to a choice between these: (1) Keep '?' key as help. To input a '?' character, prefix it with Ctrl-v. (2) Use some other key sequence for help. A '?' character can be entered directly. At that time, (2) was deemed more acceptable than (1), so we currently have (2). An-Cheng An-Cheng Huang wrote: That was the first thing I tried when we started implementing the help system. The problem is when the user actually wants to input a '?' character, how do we rebind the '?' key back to the actual character? I also tried to rebind the key after seeing a quote (assuming '?' characters can only appear in quotes), etc., etc. In the end, this is a limitation in the readline library (which is used by bash for command line input). We _could_ change readline, I suppose, somewhere down the road. An-Cheng ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] [Fwd: Re: Starting to get really frustrated... GRRR :D]
*shrug* same here
Are you trying to hit the natted address from inside the LAN that is
being natted to? Hairpin NAT doesnt work in iptables...
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Jan 29, 2008, at 10:06 PM, John Mason Jr wrote:
I just connected and see the Apache 2 test page running on CentOS
John
Nathan McBride wrote:
First off I appreciate help from everyone, this is a nice change to
some
mailing lists I'm used to. Unfortunately, I am still having the same
problem. I'm giving out real information, probably shouldn't, but
that's how frustrated I am. I just get an unable to connect
error. The
firewalls are fine I promise. I can see the page on 192.168.0.105
from
inside the lan, and I can see and use the webgui of the router just
fine. Altho I did disable it of course since I want the port
forwarded.
In the ssh example sent to me which is below, I notice that the
address
are just numbers where mine have around them. Does this
matter? Can
anyone please give any suggestions?
Thanks alot,
Nate
My domain is:
www.nombyte.com
The IP is:
71.62.193.105
Full Nat is:
nat {
rule 1 {
type: destination
inbound-interface: eth0
protocols: tcp
source {
network: 0.0.0.0/0
}
destination {
address: 71.62.193.105
port-name http
}
inside-address {
address: 192.168.0.105
}
}
rule 2 {
type: masquerade
outbound-interface: eth0
protocols: all
source {
network: 192.168.0.0/24
}
destination {
network: 0.0.0.0/0
}
}
rule 3 {
type: masquerade
outbound-interface: eth0
protocols: all
source {
network: 192.168.1.0/24
}
destination {
network: 0.0.0.0/0
}
}
On Tue, 2008-01-29 at 08:08 -0800, Justin Fletcher wrote:
Here's what I use to port-forward ssh; just adjust for address
(where
destination address is the public IP) and change it to http.
rule 2 {
type: destination
inbound-interface: eth0
protocols: tcp
source {
network: 0.0.0.0/0
}
destination {
address: 1.2.3.4
port-name ssh
}
inside-address {
address: 10.0.0.30
}
}
Best,
Justin
On Jan 29, 2008 7:46 AM, Nathan McBride [EMAIL PROTECTED] wrote:
Can someone please help me get this worked out?
Nate
Ok these are my nat rules now, I didn't see a command to change
the rule
numbers so i just redid them all by hand. It still doesn't work.
rule 1 {
type: destination
inbound-interface: eth0
protocols: tcp
destination {
address: 71.62.193.105
port-name http
}
inside-address {
address: 192.168.0.105
}
}
rule 2 {
type: masquerade
outbound-interface: eth0
protocols: all
source {
network: 192.168.0.0/24
}
destination {
network: 0.0.0.0/0
}
}
rule 3 {
type: masquerade
outbound-interface: eth0
protocols: all
source {
network: 192.168.1.0/24
}
destination {
network: 0.0.0.0/0
}
}
Nate
On Mon, 2008-01-28 at 21:39 -0800, An-Cheng Huang wrote:
Hi Nate,
The inside-address is the internal (private) IP address of
your Web server, which in your case is 192.168.0.105. The
destination
address should actually be the public IP address that outside
clients
will use to access your server, so usually this is the public IP
address
of your router.
An-Cheng
Nathan McBride wrote:
I went and looked at the old docs. I thought I set them up
correctly
but aparently I didn't. I'll im trying to do is to get people
on the
internet to view the website on my comp (192.168.0.105). The
only
difference that i noticed when I tried to commit the example
in the old
docs was that vc3 requires an 'inside-address'. Could someone
please
help me correct this to get it working?
rule 3 {
type: destination
inbound-interface: eth0
protocols: tcp
destination {
address: 192.168.0.105
port-name http
}
inside-address {
address: 192.168.0.105 -- didn't know what to put
here
exactly
Re: [Vyatta-users] [Fwd: Re: Starting to get really frustrated... GRRR :D]
It sounds like you're a victim of hairpin natting. Very frustrating.
Iptables doesnt do it (that I know of.) I first encountered this on a
PIX firewall years ago and thought it was an absurd limitation (then I
found out my beloved linux couldn't do it either and was crushed).
Cisco fixed it in v7 of the PIX software IIRC but iptables still can't
do it.
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Jan 29, 2008, at 10:05 PM, Nathan McBride wrote:
John just told me he can get to the page too.
From inside the lan I am going to a browser and typing
www.nombyte.com. And it doesn't work?
Nate
On Tue, 2008-01-29 at 22:08 -0500, Aubrey Wells wrote:
*shrug* same here
Are you trying to hit the natted address from inside the LAN that is
being natted to? Hairpin NAT doesnt work in iptables...
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Jan 29, 2008, at 10:06 PM, John Mason Jr wrote:
I just connected and see the Apache 2 test page running on CentOS
John
Nathan McBride wrote:
First off I appreciate help from everyone, this is a nice change to
some
mailing lists I'm used to. Unfortunately, I am still having the
same
problem. I'm giving out real information, probably shouldn't, but
that's how frustrated I am. I just get an unable to connect
error. The
firewalls are fine I promise. I can see the page on 192.168.0.105
from
inside the lan, and I can see and use the webgui of the router just
fine. Altho I did disable it of course since I want the port
forwarded.
In the ssh example sent to me which is below, I notice that the
address
are just numbers where mine have around them. Does this
matter? Can
anyone please give any suggestions?
Thanks alot,
Nate
My domain is:
www.nombyte.com
The IP is:
71.62.193.105
Full Nat is:
nat {
rule 1 {
type: destination
inbound-interface: eth0
protocols: tcp
source {
network: 0.0.0.0/0
}
destination {
address: 71.62.193.105
port-name http
}
inside-address {
address: 192.168.0.105
}
}
rule 2 {
type: masquerade
outbound-interface: eth0
protocols: all
source {
network: 192.168.0.0/24
}
destination {
network: 0.0.0.0/0
}
}
rule 3 {
type: masquerade
outbound-interface: eth0
protocols: all
source {
network: 192.168.1.0/24
}
destination {
network: 0.0.0.0/0
}
}
On Tue, 2008-01-29 at 08:08 -0800, Justin Fletcher wrote:
Here's what I use to port-forward ssh; just adjust for address
(where
destination address is the public IP) and change it to http.
rule 2 {
type: destination
inbound-interface: eth0
protocols: tcp
source {
network: 0.0.0.0/0
}
destination {
address: 1.2.3.4
port-name ssh
}
inside-address {
address: 10.0.0.30
}
}
Best,
Justin
On Jan 29, 2008 7:46 AM, Nathan McBride [EMAIL PROTECTED]
wrote:
Can someone please help me get this worked out?
Nate
Ok these are my nat rules now, I didn't see a command to change
the rule
numbers so i just redid them all by hand. It still doesn't
work.
rule 1 {
type: destination
inbound-interface: eth0
protocols: tcp
destination {
address: 71.62.193.105
port-name http
}
inside-address {
address: 192.168.0.105
}
}
rule 2 {
type: masquerade
outbound-interface: eth0
protocols: all
source {
network: 192.168.0.0/24
}
destination {
network: 0.0.0.0/0
}
}
rule 3 {
type: masquerade
outbound-interface: eth0
protocols: all
source {
network: 192.168.1.0/24
}
destination {
network: 0.0.0.0/0
}
}
Nate
On Mon, 2008-01-28 at 21:39 -0800, An-Cheng Huang wrote:
Hi Nate,
The inside-address is the internal (private) IP address of
your Web server, which in your case is 192.168.0.105. The
destination
address should actually be the public IP address that outside
clients
will use to access your server, so usually this is the public IP
address
of your router.
An-Cheng
Nathan McBride wrote:
I went and looked at the old docs. I
Re: [Vyatta-users] [Fwd: Re: Starting to get really frustrated... GRRR :D]
Its been a while since I researched it, but I think there was
something about the way netfilter_conntrac tracks the NAT sessions
that prevents the hairpin nat from working. I never figured out a way
around it and no one on google was helpful either.
The usual solution is to put a dns entry in your internal dns server
to point the domain name to the internal ip of the web site.
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Jan 29, 2008, at 10:21 PM, Nathan McBride wrote:
Can't I do another nat rule?
On Tue, 2008-01-29 at 22:25 -0500, Aubrey Wells wrote:
It sounds like you're a victim of hairpin natting. Very frustrating.
Iptables doesnt do it (that I know of.) I first encountered this on a
PIX firewall years ago and thought it was an absurd limitation
(then I
found out my beloved linux couldn't do it either and was crushed).
Cisco fixed it in v7 of the PIX software IIRC but iptables still
can't
do it.
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Jan 29, 2008, at 10:05 PM, Nathan McBride wrote:
John just told me he can get to the page too.
From inside the lan I am going to a browser and typing
www.nombyte.com. And it doesn't work?
Nate
On Tue, 2008-01-29 at 22:08 -0500, Aubrey Wells wrote:
*shrug* same here
Are you trying to hit the natted address from inside the LAN that
is
being natted to? Hairpin NAT doesnt work in iptables...
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Jan 29, 2008, at 10:06 PM, John Mason Jr wrote:
I just connected and see the Apache 2 test page running on CentOS
John
Nathan McBride wrote:
First off I appreciate help from everyone, this is a nice
change to
some
mailing lists I'm used to. Unfortunately, I am still having the
same
problem. I'm giving out real information, probably shouldn't,
but
that's how frustrated I am. I just get an unable to connect
error. The
firewalls are fine I promise. I can see the page on
192.168.0.105
from
inside the lan, and I can see and use the webgui of the router
just
fine. Altho I did disable it of course since I want the port
forwarded.
In the ssh example sent to me which is below, I notice that the
address
are just numbers where mine have around them. Does this
matter? Can
anyone please give any suggestions?
Thanks alot,
Nate
My domain is:
www.nombyte.com
The IP is:
71.62.193.105
Full Nat is:
nat {
rule 1 {
type: destination
inbound-interface: eth0
protocols: tcp
source {
network: 0.0.0.0/0
}
destination {
address: 71.62.193.105
port-name http
}
inside-address {
address: 192.168.0.105
}
}
rule 2 {
type: masquerade
outbound-interface: eth0
protocols: all
source {
network: 192.168.0.0/24
}
destination {
network: 0.0.0.0/0
}
}
rule 3 {
type: masquerade
outbound-interface: eth0
protocols: all
source {
network: 192.168.1.0/24
}
destination {
network: 0.0.0.0/0
}
}
On Tue, 2008-01-29 at 08:08 -0800, Justin Fletcher wrote:
Here's what I use to port-forward ssh; just adjust for address
(where
destination address is the public IP) and change it to http.
rule 2 {
type: destination
inbound-interface: eth0
protocols: tcp
source {
network: 0.0.0.0/0
}
destination {
address: 1.2.3.4
port-name ssh
}
inside-address {
address: 10.0.0.30
}
}
Best,
Justin
On Jan 29, 2008 7:46 AM, Nathan McBride [EMAIL PROTECTED]
wrote:
Can someone please help me get this worked out?
Nate
Ok these are my nat rules now, I didn't see a command to
change
the rule
numbers so i just redid them all by hand. It still doesn't
work.
rule 1 {
type: destination
inbound-interface: eth0
protocols: tcp
destination {
address: 71.62.193.105
port-name http
}
inside-address {
address: 192.168.0.105
}
}
rule 2 {
type: masquerade
outbound-interface: eth0
protocols: all
source {
network: 192.168.0.0/24
}
destination {
network: 0.0.0.0/0
}
}
rule 3 {
type: masquerade
outbound-interface
Re: [Vyatta-users] ANN: Glendale Alpha 1 Released
Sweet. Downloading it now to put it through its paces. Should we post questions/comments/bugs here or on hackers? -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Jan 24, 2008, at 7:33 PM, Dave Roberts wrote: As many of you know, the Vyatta development team has been working hard on the next major Vyatta release, code named Glendale. Glendale represents a *HUGE* step forward on a number of fronts. Because of this, Vyatta has committed to making early previews available to the Vyatta Community so that you can get comfortable with the new features and provide feedback on the functionality and stability of the system. TODAY'S ANNOUNCEMENT: = Today, I'm pleased to announce that Glendale Alpha 1 has been made available for download from the Vyatta web site: http://www.vyatta.com/download/ Release notes and documentation for Alpha 1 are available on the Vyatta Community Wiki: http://www.vyatta.com/twiki/bin/view/Community/GlendaleAlpha1 Currently, the documentation is going through rapid development and has been released as separate chapters. As new chapters are written or previously released chapters are updated, they will be uploaded to the Community Wiki. If you find issues with the documentation, please report them to the vyatta-users mailing list. THINGS TO NOTE: === This is ***ALPHA*** software. It is not yet feature complete or fully stable. Because of this, it is not suitable for production networks. If you use it in your production network, it will lose your packets, corrupt your data, and make your hair fall out. Be warned. Anybody even contemplating testing Alpha 1 should be sure to read the rest of this announcement and the release notes very carefully. There are a number of changes to the system. All that said, we want you to test it like crazy, so don't be shy. ALPHA 1 FEATURES: = The release notes have some more information, but here is a description of some of the major changes in the system: * Glendale has touched just about every subsystem in some way. In some cases, the changes are relatively minor. In others, they represent a radical departure. Because of the global changes, Glendale does not attempt to keep backward compatibility with previous configuration files. If you want to upgrade a system to Glendale, save off the configuration first and then translate the configuration by hand to the new syntax. * Glendale Alpha 1 is distributed in ISO format only. There are currently no package repositories for the system and future preview releases (Alpha 2 and Beta) will be distributed in a similar fashion. * Glendale has a completely new command line interface infrastructure, called FusionCLI. FusionCLI is based on an extended version of bash with access to Vyatta-specific commands and syntax, effectively fusing together management functionality at the CLI level and eliminating the separate Vyatta shell. FusionCLI has a role-based user account system. Depending on the user role, the user may be able to execute standard Linux commands from the FusionCLI prompt. Further, the system is scriptable with a combination of bash scripting and Vyatta-specific commands. Once you play with this for a while, you'll begin to realize the power this affords administrators. The release notes have more information about this functionality. In particular, there are changes to the online '?'-help system that you should be aware of. * Glendale has completely revamped the routing subsystem. If you were struggling with routing protocol issues previously, there is a very good chance that your issues are gone. In particular, scalability and stability are greatly improved and the feature set has been expanded tremendously. * Along with the routing subsystem, the policy subsystem is completely different. It should now handle more complex policy configurations and operate closer to the way you would expect. * The VRRP subsystem has been revamped. We now support multiple VRRP groups on a single interface, eliminating a common issue with the previous VRRP implementation. * DHCP client is now supported. This will make it easier for people connecting to broadband networks that do not provide static addressing (commonly DSL and cable networks). * Many other existing subsystems have been touched to fix bugs or provide minor enhancements. Implemented but not documented: --- There are several new features that have been implemented, but do not yet have documentation. If you're adventurous you can use the CLI help to try them out. Look for documentation to arrive over the coming weeks. * GRE and IP-in-IP tunnels are supported. These features are located under
Re: [Vyatta-users] Q:uptime from the cli
show version doesnt seem to work in 3 for me either. [EMAIL PROTECTED] show version Baseline Version: vc3 Booted From: disk [EMAIL PROTECTED] -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Jan 16, 2008, at 12:46 PM, Allan Leinwand wrote: Hi Ken, I'm running 2.0 and show version works for me. Maybe the output changed in a later release? [EMAIL PROTECTED] show version Version: 2.0 Built by: [EMAIL PROTECTED] Built on: 200702232259 -- Fri Feb 23 22:59:37 UTC 2007 Source:git://suva.vyatta.com/ofr.git#--06439041 System booted: Thu Jul 26 01:23:41 PDT 2007 Uptime: 00:46:34 up 174 days, 23 min, 1 user, load average: 0.50, 0.20, 0.07 [EMAIL PROTECTED] Thanks, allan From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] On Behalf Of Ken Felix (C) Sent: Wednesday, January 16, 2008 9:37 AM To: vyatta-users@mailman.vyatta.com Subject: [Vyatta-users] Q:uptime from the cli In our setup, we typically will not have a user logining into a unix shell, so how can we get “router uptime” Via the cli ? Show version doesn’t do it, nor does a show tech from what I can tell. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] GLBP
All I really know about it is when I set up a trio of Cisco 7301 routers a couple years ago, one of the options I researched was VRRP and the other was GLBP. I ended up going with GLBP because Cisco's implementation of it was more stable than its implementation of VRRP. I know that it *will* do it on any semi-recent IOS version. No idea if the opensource impementations of VRRP will do it. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Jan 10, 2008, at 3:30 PM, Max wrote: Can canyone comment more on load balaning vrrp? Active/active style configuration? Perhaps even noting bgp? I was not aware with vrrp one could have two routers handling packets :/ -Original Message- From: Troopy . [EMAIL PROTECTED] Sent: Thursday, January 10, 2008 2:04 AM To: vyatta-users@mailman.vyatta.com; [EMAIL PROTECTED]; Stig Thormodsrud [EMAIL PROTECTED] Cc: 'vyatta-users' [EMAIL PROTECTED] Subject: Re: [Vyatta-users] GLBP Thanks for the feedbacks, i am particulary interested by the load sharing functionnality. TRoopy -- Original Message -- From: Stig Thormodsrud [EMAIL PROTECTED] Date: Wed, 9 Jan 2008 11:42:34 -0800 (PST) What features specifically from GLBP are you looking for? Depending on the implementation, VRRP is capable of load sharing. I know Extreme and Cisco equipment will do it. From RFC3786 (http://tools.ietf.org/html/rfc3768): 2.1. IP Address Backup Backup of IP addresses is the primary function of the Virtual Router Redundancy Protocol.While providing election of a Virtual Router Master and the additional functionality described below, the protocol should strive to: - Minimize the duration of black holes. - Minimize the steady state bandwidth overhead and processing complexity. - Function over a wide variety of multiaccess LAN technologies capable [The entire original message is not included] ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Managing different subnet with different gateway
Not sure about the vyatta overriding part, I'm always unsure of what will get overridden myself. I do know that you will need to put your commands in to /etc/rc.d/rc.local so it will survive a reboot. For the bandwidth tracking, I'm using a utility called bandwidthd and it works very well. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Jan 3, 2008, at 10:18 PM, Daren Tay wrote: Hi guys, yeah I want to route them out different gateway. what is this ip tool you are refering to? you mean the standard 'ip' command over the linux kernel? And if I issue these command, won't xorp override it everytime i do a commit within it? I thought Vyatta overrides any routing/settings the kernel has.. so base on what you are advicing me, #ip route add default via 10.0.0.1 dev eth0 tab 1 #ip route add default via 10.1.0.1 dev eth1 tab 2 #ip rule add from 192.168.16.0/24 tab 1 priority 500 #ip rule add from 192.168.17.024 tab 2 priority 600 say my subnet 1 is 192.168.16.0/24 subnet 2 is 192.168.17.0/24 by add the above, i can define the default gateway out? And as my original question mention, will it interfere with Vyatta's settings (static routing etc), or vice versa? On a side note, am I able to track bandwidth usage on each of this interface? Thanks! Daren -Original Message- From: Aubrey Wells [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 6:19 AM To: Robert Bays Cc: Daren Tay; vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] Managing different subnet with different gateway hmmm I did not know you could do that with ip in linux. very interesting. you just solved a problem for me as well, thanks. :-) -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Jan 3, 2008, at 1:14 PM, Robert Bays wrote: Daren, If I am understanding you correctly you want to route the first local interface out one gateway and the second local interface out the second gateway. You would need to use source based routing to do what you are looking for. That's not currently supported in the cli, but you can do it from the linux command prompt using the ip tool. Something like this should work for you. #ip route add default via 10.0.0.1 dev eth0 tab 1 #ip route add default via 10.1.0.1 dev eth1 tab 2 #ip rule add from 192.168.16.0/24 tab 1 priority 500 #ip rule add from 192.168.17.024 tab 2 priority 600 Cheers, Robert. Daren Tay wrote: Hi there, my intention is just to use one router to handle 2 subnet. But each subnet has their own gateway, so how do I specify the different gateway on the router? Thanks! Daren -Original Message- *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of *Nick Davey *Sent:* Thursday, January 03, 2008 11:25 PM *To:* Daren Tay *Cc:* vyatta-users@mailman.vyatta.com *Subject:* Re: [Vyatta-users] Managing different subnet with different gateway I don't know if I'm understanding this right. You want to add a second subnet on a second interface of the Vyatta router? In that case, yes it will work fine, without much extra configuration (you may need to modify your NAT/firewall rules). That's a pretty straight forward setup though. If you are looking to add a second router to your network, with a second network behind that router you would need to add static routes for the network behind the second router, and a default route on the second router. Alternatively you could use a simple routing protocol like RIP. Make sense? On Jan 3, 2008 3:13 AM, Daren Tay [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi guys, happy 2008 wherever you guys are! I have a question: Currently my vyatta router is handling one subnet with one gateway, using NAT for the servers. SO basically its just static routing. I now need to add another subnet (different project) into the picture, which has its own gateway. Can the vyatta router handle 2 different subnet, each with its own gateway? Do advice ;) Thanks! Daren ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com mailto:Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] router on the stick
I'm using it in this manner with many (30+) vlans with no issues. I'm not doing any firewalling, but iptables can handle vlan interfaces, so that shouldn't be an issue. I'm using tc to do bandwidth rate-limiting and that works well on the vifs. In short, you should be good. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Jan 2, 2008, at 1:21 PM, Justin Fletcher wrote: On Jan 2, 2008 12:18 AM, Vects [EMAIL PROTECTED] wrote: Hello there, Does vyatta support router on the stick configuration? I want to deploy it in web hosting environment when every customer has the own vlan. Is there any known problem with firewall in such a configuration? Thanks, Alexc No issues that I know of; should be just fine for what you need :-) Best, Justin ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Installed to HD now I can't log in
Sounds like a sticky [Enter] key, or a problem with the keyboard or motherboard. Try using the other enter key? -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Dec 31, 2007, at 4:53 PM, Jesse Robertson wrote: I just installed vyatta to the hard drive. I accepted the default configurations in all cases and when it finished I rebooted. Everything seems to load then I am presented with Welcome to Vyatta - vyatta tty1 and the login prompt. I have tried root and vyatta and in both cases as soon as I hit enter instead of asking for a password it says LOGIN INCORRECT on 4 lines then says MAXIMUM NUMBER OF TRIES EXCEEDED (5) Then it goes back to the login prompt. What is going on? Thanks Jesse ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Ethernet card responding to multiple addresses
you've got the same subnet on multiple interfaces so the system doesnt know which interface to respond out of to reach you with return traffic. I'd remove the IPs from all but the interface you have plugged in and try it then. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Dec 28, 2007, at 4:52 PM, Jesse Robertson wrote: I'm just beginning to learn about this and am in the process of setting up a test router. I have installed 3 ethernet cards in the test pc of various brands and ages ( I used what I had laying around and this is only replacing a linksys BEFSX41 (Hopefully)). The software recognizes the 3 separate cards and has called them eth 0 - 2 and reads there MAC addresses nicely. I set each card to its own IP 192.168.1.30/24 -192.168.1.32/24 and when I go to Configure and Show it displays correctly. The issue is that I have only connected one card to a switch and that is showing up as all three ip addresses. It responds intermittently to pings and though I activated the WebGUI I cannot access it. If someone has an idea of what I'm doing wrong I'd appreciate the help. Thanks Jesse ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Can't install in hard drive - it's working...
I just want to add that the line Starting wan interface: FATAL: Error inserting wanpipe (/lib/modules/ 2.6.20/kernel/drivers/net/wan/wanpipe.ko): no such device. Is safe to ignore. It just means no Sangoma WAN cards were detected. I was a bit alarmed the first time I saw that too. Its perfectly normal (unless you actually *do* have a Sangoma card installed...) -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Dec 16, 2007, at 8:16 PM, Maximo Barawid wrote: It's been stated a couple of times on this list in the last two weeks that vyatta has difficulty installing on an already partitioned disk. Have you tried deleting all partitions using fdisk and then installing? Yes, I used fdisk to delete all partitions and formatted it too. But it didn't work. Thanks anyway. The hard drive had a previous OS on it. If you don't have anything you want on the drive then after logging in to the system type: dd /dev/zero /dev/hda count=1 This will clear the partition table. Then: install-system Thanks, it worked. Thanks to all your replies. Never miss a thing. Make Yahoo your homepage. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Vyatta null route
Meaning Glendale? -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Dec 12, 2007, at 2:48 PM, Dave Roberts wrote: the bug is fixed in the next version ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Serial Port
I just add the debian repository to my config and then apt-get install
minicom and use it.
package {
repository community {
component: main
url: http://archive.vyatta.com/vyatta;
}
repository stable {
component: main
url: http://mirrors.kernel.org/debian/;
}
}
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
404.478.2790
Support: [EMAIL PROTECTED]
www.sheltonjohns.com
On Dec 6, 2007, at 8:32 PM, Todd Worden wrote:
Is there a serial port console application that comes with Vyatta
like TIP so that I can connect my null modem cable to the router and
then to my Netgear switch to configure the switch from my router
appliance?
Todd Worden
Software Developer
Growing Technologies
P: 434-296-1500
E: [EMAIL PROTECTED]
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] I'm stuck... can ping lan but to wan
set system gateway-address and set protocols static route 0.0.0.0/0
does the same thing. The problem with your default gateway is its not
on any connected subnets. Are you doing ip-passthru on the cable
modem, so you can acutally use the public IPs behind it? If that is
the case, your default gateway needs to be 75.145.xxx.190. I suspect
this is the case, and the 10.1.10.1 is a management ip on the cable
modem. If that is the case you'll want to add a secondary ip on the
eth1 interface that is in that same subnet (say 10.1.10.2) so you can
get to it from inside.
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Dec 2, 2007, at 11:33 AM, [EMAIL PROTECTED] [EMAIL PROTECTED]
wrote:
Hi!
I am working with Vyatta for the first time and I am currently stuck
on what
to do. I've googled a few howtos and also watched the videos and
read the
quick start. Here is my hardware/routing info:
Comcast SMC IP Gateway
1U dual m-itx VIA EK 1 with 2 Compact Flash, 2 80G SATA, 2 512MB
ram, 2
RJ45 10/100 per mobo (planning for VRRP down the road).
eth0 = lan
eth1 = wan
Server 1 - Fedora 7
Server 2 - Fedora 7
IP info:
Static IP block: 75.145.xxx.185 - 75.145.xxx.189
Gateway: 75.145.xxx.190
Subnet: 255.255.255.248
DNS 1: 68.87.73.242
DNS 2: 68.87.71.226
SMC IP: 10.1.10.1
Server 1: 192.168.xxx.189
Server 2: 192.168.xxx.188
Current Vyatta Config:
protocols {
static {
disable: false
route 0.0.0.0/0 {
next-hop: 10.1.10.1
metric: 1
}
}
}
policy {
}
interfaces {
restore: false
loopback lo {
description:
}
ethernet eth0 {
disable: false
discard: false
description: lan
hw-id: 00:40:63:ef:c3:1c
duplex: auto
speed: auto
address 192.168.xxx.1 {
prefix-length: 24
disable: false
}
}
ethernet eth1 {
disable: false
discard: false
description: wan
hw-id: 00:40:63:ef:c3:19
duplex: auto
speed: auto
address 75.145.xxx.189 {
prefix-length: 29
disable: false
}
}
}
service {
webgui {
http-port: 80
https-port: 443
}
}
firewall {
log-martians: enable
send-redirects: disable
receive-redirects: disable
ip-src-route: disable
broadcast-ping: disable
syn-cookies: enable
}
system {
host-name: rt1
domain-name:
name-server 68.87.73.242
name-server 68.87.71.226
time-zone: GMT
ntp-server 69.59.150.135
gateway-address: 10.1.10.1
login {
user root {
full-name:
authentication {
encrypted-password: $1$$Ht7gBYnxI1xCdO/JOnodh.
}
}
user vyatta {
full-name:
authentication {
encrypted-password: $1$$Ht7gBYnxI1xCdO/JOnodh.
}
}
}
package {
auto-sync: 1
repository community {
component: main
url: http://archive.vyatta.com/vyatta;
}
}
}
I can currently ping my lan, which is further confirmed by being
able to
access Vyatta through Server1 via the WebGUI, but I cannot seem to
configure
the router correctly to ping the internet from the router. My
thought is
that my static route might not be correctly set, or possibly my
default
gateway. Seems one of them should point to 10.1.10.1 and the other to
75.145.xxx.190.
Also, once I have set a static route under protocols I am noticing
that I
get an error whenever I attempt to edit it...
Error - 102 Command failed cannot replace route for 0.0.0.0/0: no such
route.
Thanks!
Todd Worden
Software Developer
Growing Technologies
P: 434-296-1500
E: [EMAIL PROTECTED]
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] I'm stuck... can ping lan but to wan
Your masquerade rules should look something like this:
service {
nat {
rule 10 {
type: masquerade
outbound-interface: eth1
source {
network: 192.168.xxx.0/24
}
destination {
network: 0.0.0.0/0
}
}
you can use the outside-address keyword to make it use a specific
address, otherwise it will use the address of the interface traffic
goes out (75.145.xxx.189 in this case).
Hope this helps.
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Dec 2, 2007, at 3:50 PM, Todd Worden wrote:
Ya... that is right... ip-passthru and the 10.1.10.1 is for managing
the SMC
IP Gateway. So that is a good idea, I'll add the extra subnet to eth0
(which is the lan).
So I have gotten a bit further, and am now able to ping
www.google.com and
also Server 1. I can't yet access the internet from Server 1
though. This
may be the vyatta router config or perhaps my server configuration,
but I
would think it not the server since I can see vyatta from there. Is
this
where I need to configure a NAT rule?
I was looking at this person's post on configuring
http://hostseries.com/wp-content/uploads/2007/10/
installing_vyatta.txt but
there doesn't seem to be a translation type property anymore. If I
select
type = source then I am prompted by the webgui to define an outside
address,
which I am not sure what is. Otherwise, I have tried masquerade,
which I
think is the right choice, but still no luck.
Here is my latest configuration:
protocols {
static {
disable: false
route 0.0.0.0/0 {
next-hop: 75.145.xxx.190
metric: 1
}
}
}
policy {
}
interfaces {
restore: false
loopback lo {
description:
}
ethernet eth0 {
disable: false
discard: false
description: lan
hw-id: 00:40:63:ee:30:b0
duplex: auto
speed: auto
address 192.168.xxx.1 {
prefix-length: 24
disable: false
}
}
ethernet eth1 {
disable: false
discard: false
description: wan
hw-id: 00:40:63:ee:30:af
duplex: auto
speed: auto
address 75.145.xxx.189 {
prefix-length: 24
disable: false
}
}
}
service {
nat {
rule 10 {
type: source
outbound-interface: eth0
protocols: all
source {
network: 192.168.xxx.0/24
}
destination {
network: 0.0.0.0/0
}
outside-address {
address: 0.0.0.0
}
}
}
webgui {
http-port: 80
https-port: 443
}
}
firewall {
log-martians: enable
send-redirects: disable
receive-redirects: disable
ip-src-route: disable
broadcast-ping: disable
syn-cookies: enable
}
system {
host-name: vyatta
domain-name: web-wired.com
name-server 68.87.73.242
time-zone: GMT+4
ntp-server 69.59.150.135
gateway-address: 75.145.xxx.190
login {
user root {
full-name:
authentication {
encrypted-password: $1$$Ht7gBYnxI1xCdO/JOnodh.
}
}
user vyatta {
full-name:
authentication {
encrypted-password: $1$$Ht7gBYnxI1xCdO/JOnodh.
}
}
}
package {
auto-sync: 1
repository community {
component: main
url: http://archive.vyatta.com/vyatta;
}
}
}
Thanks for the responses!
Todd
-Original Message-
From: Aubrey Wells [mailto:[EMAIL PROTECTED]
Sent: Sunday, December 02, 2007 2:35 PM
To: [EMAIL PROTECTED]@web-wired.biz
Cc: vyatta-users@mailman.vyatta.com
Subject: Re: [Vyatta-users] I'm stuck... can ping lan but to wan
set system gateway-address and set protocols static route 0.0.0.0/0
does the same thing. The problem with your default gateway is its not
on any connected subnets. Are you doing ip-passthru on the cable
modem, so you can acutally use the public IPs behind it? If that is
the case, your default gateway needs to be 75.145.xxx.190. I suspect
this is the case, and the 10.1.10.1 is a management ip on the cable
modem. If that is the case you'll want to add a secondary ip on the
eth1
Re: [Vyatta-users] Static NAT problem, please help.
Actually, if you use .18 you'll lose access to your vyatta box since
you're doing an any/any match on the inbound nat. I'm not sure if
vyatta will allow you to use a non-defined ip (such as .19 in your
case) for the nat, as I've never tried it. You can on other firewalls
though, so it might work.
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Dec 1, 2007, at 1:12 PM, Aubrey Wells wrote:
You can't use an ip that is attached to a different device as the
outside-address, otherwise all the inbound connections will
terminate on the other device and it won't know what to do with
them. You need to use .18 for the outside-address of the NAT.
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Dec 1, 2007, at 12:47 PM, Régis wrote:
Hi all,
This is my config for acces to web server in A.B.C.64 (it’s a
public ip):
protocols {
static {
disable: false
route 0.0.0.0/0 {
next-hop: E.F.G.17
metric: 1
}
}
}
policy {
}
interfaces {
restore: false
loopback lo {
description:
address 10.0.0.65 {
prefix-length: 32
disable: false
}
}
ethernet eth0 {
disable: false
discard: false
description:
hw-id: 00:30:f1:42:04:c3
duplex: auto
speed: auto
address E.F.G.18 {
prefix-length: 24
disable: false
}
}
ethernet eth1 {
disable: false
discard: false
description:
hw-id: 00:30:f1:42:05:e8
duplex: auto
speed: auto
address A.B.C.95 {
prefix-length: 24
disable: false
}
}
}
service {
nat {
rule 10 {
type: source
outbound-interface: eth0
protocols: all
source {
address: A.B.C.64
}
destination {
network: 0.0.0.0/0
}
outside-address {
address: E.F.G.17
}
}
rule 20 {
type: destination
inbound-interface: eth0
protocols: all
source {
network: 0.0.0.0/0
}
destination {
address: E.F.G.17
}
inside-address {
address: A.B.C.64
}
}
}
ssh {
port: 22
protocol-version: v2
}
telnet {
port: 23
}
webgui {
http-port: 80
https-port: 443
}
}
firewall {
log-martians: enable
send-redirects: disable
receive-redirects: disable
ip-src-route: disable
broadcast-ping: disable
syn-cookies: enable
}
system {
host-name: rt01-estephe
domain-name: x.net
name-server 80.118.192.100
name-server 80.118.196.36
time-zone: GMT+1
ntp-server 0.fr.pool.ntp.org
ntp-server 1.fr.pool.ntp.org
gateway-address: E.F.G.17
login {
user root {
full-name:
authentication {
encrypted-password: ---
plaintext-password:
}
}
user --- {
full-name: Regis
authentication {
encrypted-password: ---
plaintext-password:
}
}
}
package {
auto-sync: 1
repository community {
component: main
url: http://archive.vyatta.com/vyatta;
}
}
options {
reboot-on-panic: true
}
}
Routes: 5/5, Paths: 5/5
0.0.0.0/0[static(1)] to E.F.G.17
via eth0
10.0.0.65/32[connected(0)] to
10.0.0.65via lo
A.B.C.0/24[connected(0)] to A.B.C.
95via eth1
127.0.0.0/8[connected(0)] to
127.0.0.1via lo
E.F.G.0/24[connected(0)] to E.F.G.
18via eth0
My web server don’t show http service but i can ping the A.B.C.64
Thanks!
Régis BOULINEAU
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] bgp not using advertised next-hop
That worked perfectly. All my routes point to the correct place and BGP doesn't hate me now. :-) Let me know if you figure out a more permanent solution, but this will work for now. I'm assuming I need to remove all the serial config from vyatta to keep my changes to the configs from being overwritten? Or will I need to script out some sed commands and restart wanrouter from rc.local on boot regardless of what's in the vyatta config? -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Nov 30, 2007, at 5:05 PM, Robyn Orosz wrote: Hi Aubrey, Thanks for trying that and I'm sorry it still didn't resolve the issue. This problem does not exist in pre-VC3 versions. With your configuration as it is, everything should work fine in 2.2. If you need to use VC3, you can kill the pppd process and reconfigure the Sangoma driver to run PPP. I'm still looking into another way to manipulate pppd so that it will accept a netmask value but if you'd like to try the Sangoma workaround you'll need to: 1. Edit the /etc/wanpipe/wanpipe1.conf file: change: wan0.1 = wanpipe1, 0, TTY, tty, wan0.tty to wan0.1 = wanpipe1, 1, WANPIPE, ppp, wan0.ppp then change: [wan1.tty] to [wan0.ppp] PAP = NO CHAP = NO 2. Edit the /etc/wanpipe/interfaces/wan0.1 file: It should be empty so you'll need to add: DEVICE=wan0.1 IPADDR=64.211.X.34 NETMASK=255.255.255.252 POINTOPOINT=64.211.X.33 ONBOOT=yes 3. Then run a 'wanrouter restart' I tested this here and it worked for me by bringing the wan0.1 /30 route into the xorp routing table. If you do decide to use VC3 and run ppp via the Sangoma driver, all of the above will need to be scripted so it will be re-added on boot. I know this is not the best workaround but give it a try if you're up to it and I'll still see if I can come up with anything better in the mean time. Thanks, Robyn Aubrey Wells wrote: Adding it from the shell gets the /30 into the system routing table, but not into vyatta's routing table, so my bgp routes still don't work, and creating any static routes doesnt work from within vyatta. I'm going to try recreating the bgp routes from the command line and see if I can at least get the traffic flowing. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Nov 30, 2007, at 2:20 PM, Robyn Orosz wrote: Hi Aubrey, I cannot get any of the pppd 'netmask' parameters to take effect. We'll definitely look into that. In the mean time, can you try adding a route instead of changing the netmask via ifconfig: route add -net 64.211.X.32 netmask 255.255.255.252 wan0.1 We have recursive routing enabled in VC3 and that's why the next- hops for your routes are being translated to the default route next- hop. The eBGP next-hop is considered recursive because it's a host route (not directly connected). Without the recursive routing enabled, I'm pretty sure your BGP session would not even come up which is what is indicated in comment #2 in bug 2332. Also, since recursive routing is enabled, if I add a similar route (above) via the CLI, it adds it in as a static recursive route so instead translates the next-hop to the default route value. Anyway, let me know if just adding the route via the bash shell does any good. Thanks again, Robyn Robyn Orosz wrote: This worked for me here but I have control over the other side (it's just another Vyatta with another Sangoma card in it). I am assuming the other side of your connection is a provider of some sort? I'll see if there is another way to do this without disrupting your connection. Aubrey Wells wrote: I have to partially take that back. When I did the manual ip change, it took the wan0.1 vif down and it didn't come back up. That's why I lost the other side. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Nov 30, 2007, at 11:20 AM, Aubrey Wells wrote: I'm using VC3. I tried the workaround and it didnt work. The network is in the routing table now, but its defined as going out eth5 instead of wan0.1 and my routes are still hosed. Also, now I can't see the other side of the DS3 since the system is trying to source 64.211.X. 32/30 out of eth5. :-( vyatta:~# ifconfig wan0.1 64.211.X.34 netmask 255.255.255.252 vyatta:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 206.132.X.48 8.17.X.1 255.255.255.255 UGH 0 00 eth5 64.211.X.196 8.17.X.1 255.255.255.255 UGH 0 00 eth5 64.211.X.32 8.17.X.1 255.255.255.252 UG0 00 eth5 8.17.X.0
Re: [Vyatta-users] Installing to a persistent device - need help
log in to the system from the livecd as root and use fdisk to delete all the partitions on the disk. This is from memory, but the command/output should be something like: # fdisk /dev/sda Command (m for help): d partition number : 1 Command (m for help): d partition number: 2 Command (m for help): d Command (m for help): w Command (m for help) q Keep using the d command and then picking numbers until it stops asking for partition numbers and you should have a clean disk that Vyatta can install to. Then try again. Be aware that this will destroy all data on the disk, so if you need anything off that disk first, take a backup now... -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Nov 29, 2007, at 3:03 PM, Philippe Marcais wrote: Hello, I'm trying to install it from liveCD to hard drive but I got the following error (see below). I'm not a linux expect, so if someone can help here that would be great. Thanks, Philippe Welcome to the Vyatta install program. This script will walk you through the process of installing the Vyatta image to a local hard drive. Would you like to continue? (Yes/No) [Yes]: Probing drives: OK The Vyatta image will require a minimum 450MB root partition and a minimum 10MB configuration partition. Would you like me to try to partition a drive automatically or would you rather partition it manually with parted? If you have already setup your partitions, you may skip this step. Partition (Auto/Parted/Skip) [Auto]: I found the following drives on your system: sda61000MB sdb129MB Install the image on? [sda]: This will destroy all data on /dev/sda. Continue? (Yes/No) [No]: Yes Cannot mount /dev/sda2. Please see install.log for more details. Exiting.. Branch-vyatta-1:~# more install.log turning off swaps... Removing partition 1 on /dev/sda Cannot mount /dev/sda2. mount /dev/sda2 /mnt/tmp Exiting... /dev/sda2 looks like swapspace - not mounted mount: you must specify the filesystem type Branch-vyatta-1:~# ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Fwd: Activate intervlan routing
Ok, let me make sure I have this right. So if you have a virtual
machine with ip 10.30.104.X, with its adapter in the appropriate
vsiwtch in ESX to be on vlan 104, you can ping the 10.30.104.1 ip, but
the 10.30.104.1 ip can not ping the same host that just pinged it?
That sounds like a firewall issue at the host level. If you can ping
one from the other, then there is obviously two-way traffic
established, so something has to be blocking the packets originating
from the vyatta box. Either that or the vyatta box is not using the
appropriate source address and the return traffic is not being routed
properly. Try this from the unix shell on your vyatta:
ping -I 10.30.104.1 10.30.104.X
where X is the ip of a box that can ping the vyatta box. Let me know
what happens there...
I don't know how much you know about swithing, but the native vlan
just means that all untagged traffic into the interface is marked as
belonging to the native vlan, in this case 101. Since you have the
vlan101 ip space untagged on eth0 on your vyatta box, that is why you
can ping it from the switch when you add 101 as the native vlan to the
trunk.
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Nov 26, 2007, at 2:09 PM, youssef salameddine wrote:
Hello,
I attached the config of the two switches in the message.
Note tha the switches can't ping the vyatta, and vyatta can't ping
the switches ( vyatta and switches are in the same vlan 101). But
when i change the native vlan of the interface gi0/43 (Trunk between
sw1 and vyatta ) to 101 using the command switchport trunk native
vlan 101, i can ping sw1 and sw2 from vyatta , and switches can
ping vyatta.
Note also that each vms can ping all the interfaces of vyatta ( eth0
and all vif); but Vyatta can't ping vms .
VMs on the same vlan can communicate
The config of vyatta is very simple, because my goal is to route two
vlans : route vlan 104 and 106 in first time:
ethernet eth0{
description To_switch1
hw-id: ...
address 10.30.101.254 {prefix-length:24}
vif 104{
description:Vlan 104
address 10.30.104.1 {prefix-length:24}
}
vif 106{
description:Vlan 106
address 10.30.106.1 {prefix-length:24}
}
}
ps: Virtual switches of ESX tag Virtual machines packets with the
appropiate vlan ID.
Thanks a lot for your help.
sw1_ciscosw2_cisco___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Fwd: Activate intervlan routing
That is a capital I (eye) in the ping command by the way...
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Nov 28, 2007, at 3:30 PM, Aubrey Wells wrote:
Ok, let me make sure I have this right. So if you have a virtual
machine with ip 10.30.104.X, with its adapter in the appropriate
vsiwtch in ESX to be on vlan 104, you can ping the 10.30.104.1 ip,
but the 10.30.104.1 ip can not ping the same host that just pinged
it? That sounds like a firewall issue at the host level. If you can
ping one from the other, then there is obviously two-way traffic
established, so something has to be blocking the packets originating
from the vyatta box. Either that or the vyatta box is not using the
appropriate source address and the return traffic is not being
routed properly. Try this from the unix shell on your vyatta:
ping -I 10.30.104.1 10.30.104.X
where X is the ip of a box that can ping the vyatta box. Let me know
what happens there...
I don't know how much you know about swithing, but the native vlan
just means that all untagged traffic into the interface is marked as
belonging to the native vlan, in this case 101. Since you have the
vlan101 ip space untagged on eth0 on your vyatta box, that is why
you can ping it from the switch when you add 101 as the native vlan
to the trunk.
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Nov 26, 2007, at 2:09 PM, youssef salameddine wrote:
Hello,
I attached the config of the two switches in the message.
Note tha the switches can't ping the vyatta, and vyatta can't ping
the switches ( vyatta and switches are in the same vlan 101). But
when i change the native vlan of the interface gi0/43 (Trunk
between sw1 and vyatta ) to 101 using the command switchport trunk
native vlan 101, i can ping sw1 and sw2 from vyatta , and switches
can ping vyatta.
Note also that each vms can ping all the interfaces of vyatta
( eth0 and all vif); but Vyatta can't ping vms .
VMs on the same vlan can communicate
The config of vyatta is very simple, because my goal is to route
two vlans : route vlan 104 and 106 in first time:
ethernet eth0{
description To_switch1
hw-id: ...
address 10.30.101.254 {prefix-length:24}
vif 104{
description:Vlan 104
address 10.30.104.1 {prefix-length:24}
}
vif 106{
description:Vlan 106
address 10.30.106.1 {prefix-length:24}
}
}
ps: Virtual switches of ESX tag Virtual machines packets with the
appropiate vlan ID.
Thanks a lot for your help.
sw1_ciscosw2_cisco___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Compaq DL360 G1 - cpqarray
As far as I am aware, XORP does nothing but routing. Vyatta adds in the firewall, nat, vpn, and other features. They've also made changes to XORP itself. One of the Vyatta guys will probably chime in with more detail than I can provide here soon. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Nov 26, 2007, at 6:20 PM, Max wrote: I am curious as to what makes Vyatta different from XORP other than the commercial support? Are there features in Vyatta that XORP does not have? On Nov 22, 2007 10:39 AM, silvertip257 [EMAIL PROTECTED] wrote: All righty ;) ... if you say so ... at this point I'm trying to learn all I can before I get a full time job as a net admin or something like that (I'm still in college at this point). The pinch time brings in weird proprietary crap called mainly Micr0$0ft, but I've been seeing lately Ci$c0 hasn't been much better ;). Maybe it's the outrageous prices for IOS compact flash cards we use in the networking labs. Hell the profs got smart and copied the IOS to a hard drive and then re-imaged them on $8 128MB compact flash cards. But just having such a price difference is a lotta crap. I'm seeing that when companies work with me and let me work with them, I understand their products more and actually want to roll their products out in a workplace. Good luck to you ... the above was nothing personal ... until I learn everything about Vyatta and customization, I will most likely not use it or suggest it in the workplace. No job is worth being fired b/c I suggested something I don't know (almost) everything about. That's an extreme example, but I hate screwing up or getting loads of criticism (unless it's truly constructive). Tell me how it goes. Vyatta is not out of the picture ... they're fixing features everyday. They also don't have all the hardware, nor have they had all of it tested with their OS. Have a good holiday, Mike On Nov 21, 2007 1:52 AM, Max [EMAIL PROTECTED] wrote: I've been a Linux guy for years but have never messed around with any of the boot CD stuff. This is going to be a learning thing for me for sure, so wish me luck ;) If I am unsucessful on my own (+misc support), I am afraid I am just going to lean twards buying a few cisco 7900's. It is the proven reliability and support that Cisco brings to the table. *note* I am a CCNP so I am a little biast, also down 8 pints of Guinness ;p From: silvertip257 [EMAIL PROTECTED] Sent: Tuesday, November 20, 2007 11:38 PM To: Max [EMAIL PROTECTED] Subject: Re: [Vyatta-users] Compaq DL360 G1 - cpqarray I'm reading it, but as I have not customized Vyatta myself yet, I really can't help you much. If you feel like it and learn something neat on how to build one a certain way, please do share the information! Mike On Nov 20, 2007 6:12 PM, Max [EMAIL PROTECTED] wrote: I have been unable to blacklist the sym53c8xx module from the boot loader so I am going to try to create another live CD with out the sym53c8xx in the initramfs. Unless anyone has any comments? On Nov 19, 2007 9:32 PM, Max [EMAIL PROTECTED] wrote: Hey'a fellas! I have a bit of a head scratcher here.. it seems the Vyatta 3.0 live CD does not work out of the box on G1 Compaq DL360's. From what I can tell the sym53c8xx module is loaded before the needed cpqarray module and thats what is causing the failure. I have tried unloading the modules and reloading cpqarray but don't seem to have any luck. My guess is the SCSI controller needs to be reset or what have you. Is there a way to prevent the sym53c8xx module from loading from the boot loader? Or should I look into recreating the live CD from scratch with my own kernel? Thanks in advance! ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users -- // SilverTip257 // == Ubuntu 7.04 (Feisty Fawn) --- Linux for human beings. (http://www.ubuntu.com/) ~~ Helix --- Don't leave /home without it. (http://www.efense.com/helix/) -- // SilverTip257 // == Ubuntu 7.04 (Feisty Fawn) --- Linux for human beings. (http://www.ubuntu.com/) ~~ Helix --- Don't leave /home without it. (http://www.efense.com/helix/) ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Vyata deployment across different servers
Did you remove the HW-ID entries from the config file before moving it to the new machine(s)? -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Nov 26, 2007, at 1:47 PM, Thomas wrote: Greetings, I'm sorry if this has been addressed in the Config Guide just in case I missed it. We have built out a Vyatta router that we are finally satisfied with. We would like the generic portions of this configuration to become the base configuration for other routers that we will deploy. I know that when Vyatta boots it has some approximate functionality to migrate configurations (tell me if I'm on the wrong track here...) but is there a way for me to deploy the same config.boot to other Vyatta routers so that they come more or less pre-installed with only some minor changes that need to be made to the interfaces and some configured IP addresses? I tried this by just copying the config.boot, but when I did so the router appeared to lock up in the following bootup. No good. I figured there must be a procedure in place to accomplish the same task... -Thomas Get easy, one-click access to your favorites. Make Yahoo! your homepage. http://www.yahoo.com/r/hs ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Activate intervlan routing
I think you'll find the problem is with the vmware server not passing
through the vlan tags (especially since its windows, ive never had
much luck with 801q and microsoft). i dont think that is supported.
everything looks correct except that part. do you have a desktop
machine you can run the livecd on with an identical config and see if
it works? that will at least isolate it down to vmware or vyatta. I'm
pretty sure you'll find its the former.
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Nov 21, 2007, at 7:43 AM, youssef salameddine wrote:
Hi,
Thank you for you answer
--
These is the config of my switch1, the second switch is a copy of
the first and i used it for redundancy:
interface GigabitEthernet0/1
description To_ESX1_ServiceConsole_VMKNIC # I use this interface
for service console of My ESX1 The vlan 101 is used for service
console and the vlan 102 is used for VMotion#
switchport access vlan 101
switchport trunk allowed vlan 101,102
switchport mode trunk
switchport nonegotiate
speed 1000
!
interface GigabitEthernet0/2
description To VM_of_esx1_103_104 # I use this interface for my VMs
i have some virtual machine in the vlan 103 and others on the Vlan
104#
switchport access vlan 103
switchport trunk allowed vlan 101,103-115
switchport mode trunk
switchport nonegotiate
speed 1000
interface GigabitEthernet0/21
description VM_VLAN103 #Allow Access to VMs on the Vlan 103#
switchport access vlan 103
switchport mode access
switchport nonegotiate
!
interface GigabitEthernet0/24
description VM_VLAN104 #Allow Access to VMs on the Vlan 104#
switchport access vlan 104
switchport mode access
switchport nonegotiate
speed 1000
!
interface GigabitEthernet0/43
description To_vyatta
switchport access vlan 101
switchport trunk allowed vlan 101-200
switchport mode trunk
no cdp enable
!
interface GigabitEthernet0/44
description admin_switch101 #I use this interface for remote access
to Switch 1#
switchport access vlan 101
switchport trunk allowed vlan 101,103-115
switchport mode access
switchport nonegotiate
!
interface GigabitEthernet0/48
description To_SW2 # The uplink used to link the two cisco 2950#
switchport access vlan 101
switchport trunk allowed vlan 101,103-115
switchport mode trunk
media-type rj45
!
interface Vlan1
no ip address
no ip route-cache
!
interface Vlan101
# This is the interface that i use for administration of my Switch1#
ip address 10.30.101.1 255.255.255.0
no ip route-cache
!
ip default-gateway 10.30.101.254 # This is the ip address of eth0 of
my vyatta #
ip http server
!
control-plane
--
My vyatta is a VM running within VMware Server installed in a
separtae machine with W2K3. The address of the physical interface is
10.30.101.253(I use this interface to remotely access this machine
using RDP).
Eth0 of my vyatta is bridged to this interface and its address is:
10.30.101.254
the configuration of my vyatta is:
ethernet eth0{
description vers switch1
hw-id: :73
address 10.30.101.254 {prefix-length:24}
vif 103{
description:Vlan 103
address 10.30.103.254 {prefix-length:24}
}
vif 104{
description:Vlan 104
address 10.30.104.254 {prefix-length:24}
}
}
--
Note that Virtual machines within Vlan 103 can communicate.and
Virtual machines whtin Vlan 104 can communicate.
But VMs of vlan 103 can't communicate with vms of vlan 104, and VMs
of vlan 104 can't communicate with vms of vlan 103.
VMs can't communicate withe the default gateway which is the vif of
vyatta: for example my VM 10.30.103.10 can't communicate with
10.30.103.254 which is its Default Gateway.
--
I hope that it was clear
Thank you For your Help
2007/11/21, Aubrey Wells [EMAIL PROTECTED]:
Can you post your (sanitized) config?
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Nov 20, 2007, at 7:23 PM, youssef salameddine wrote:
Thanks a lot for your answer,
Yes, I did so, But my hosts can't ping the default gateway.
IE: in vlan 103: the host 192.168.103.3 can't ping the vif
192.168.103.1. note that my hosts are virtual
Re: [Vyatta-users] Cannot remove/change default route
Is the next-hop ip still reachable (network still configured on the
vyatta)? If that network has gone away on the system, that route may
have been removed from the system-level routing table hence the route
doesnt exist message. I've had a similar thing happen.
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Nov 21, 2007, at 8:46 PM, Philippe Marcais wrote:
I need some help here. I have hard time to change the default route.
I tried delete and commit, set (new value) and commitnothing
sucessfull. Check below. Does anyone can point out my mistake?
[EMAIL PROTECTED] show version
Baseline Version: vc3
Booted From: livecd
[EMAIL PROTECTED] configure
Entering configuration mode.
There are no other users in configuration mode.
[EMAIL PROTECTED] # show protocols
static {
route 0.0.0.0/0 {
next-hop: 10.60.40.2
}
}
[edit]
[EMAIL PROTECTED]
[EMAIL PROTECTED] delete protocols static route 0.0.0.0/0
Deleting:
0.0.0.0/0 {
next-hop: 10.60.40.2
}
OK
[edit]
[EMAIL PROTECTED] show protocols
static {
- route 0.0.0.0/0 {
- next-hop: 10.60.40.2
- }
}
[edit]
[EMAIL PROTECTED]
[EMAIL PROTECTED] commit
[edit]
Commit Failed
[EMAIL PROTECTED] t delete unicast route for 0.0.0.0/0: no
such [EMAIL PROTECTED]
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] VLANs, NAT and DHCP scenario with multiple ISP
to specify a vif ethernet interface, its physical interface.vlan id ie: for vlan 201 on interfce eth2, you'd say eth2.201 You're going to have a problem with dhcp on a vif, as I found out. see bug 2447 for two possible workarounds.. https://bugzilla.vyatta.com/show_bug.cgi?id=2447 do one of those workarounds, and it will work fine. it wont ask for an interface, you just define the subnet to hand out. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group 404.478.2790 www.sheltonjohns.com On Nov 20, 2007, at 4:04 PM, Rodrigo Romero III wrote: This scenario is very uncommon. I have a Fedora box with 3 NICs, and for security reasons I'll name all the Public Addresses with 172.16.x.x IPs, and Private IPs will be 192.168.0.x: eth0: ISP1-172.16.10.2/30 eth0.1: ISP2-172.16.20.2/30 eth1: Users-192.168.0.62/26 eth2: Servers-172.16.30.1/28 Eth0 goes to a hub that has both ISPs connected to it. Eth1 (Users Network) uses DHCP and it is currently doing NAT and the default gateway for this NIC is 172.16.10.1 (wich is one of the ISP1s end), the other NIC, Eth2, has a pool of servers with Public IP Addresses that use the other ISP connection to go out by having this NIC with the gateway pointing to 172.16.20.1 (the ISP2 has a static routing for this to work on their side). Also I just got an Extra ISP uplink (not currently used) wich i just want as a backup for the servers in case the other one fails. What I'd like, is to have this same box running Vyatta Community 3. And also to use VLANS Instead of whole NICs/Ports. I managed to configure the VLANS on the two VLAN capable NICs (wich also are GIGABIT NICs) like this: eth1 ID16- ISP1 ID17- ISP2 ID18- ISP3 eth2 ID 10-Servers ID 20-Users All the Vif had the corresponding IPs. The vyatta server sees all the machines (users, servers, and all the ISPs end) and the VLAN configuration was working fine with my cisco 2950 switch. However, NAT did not work fine and the routing i think wasnt working either. Could you help me to figure out a configuration for this type of scenario? The problem is For NAT it asks for an Interface and this is Eth1 for the ISPs, but i need it to use a specific ISP, so how do i define it to use a vif instead of a physical address like eth1? Also i'm not sure if I have to tell the system something so it can route all the traffic on the different networks. I'm very new with vyatta, i managed to use it a couple of months ago and it worked fine using several NICs. But now i need it to work with VLANS. Also, i'll need help with the DHCP server because i think it will also ask me for an interface and i need it to use a vif instead, i dont know if this would work but if it does, this will save me a cisco1811 buy. I can only try this on Saturdays because it's the only day the network doesn't have high usage. regards, rodrigo ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Activate intervlan routing
you'll need to assign an ip to each vif that is in the same subnet as your hosts in each vlan, and then set that ip (the one on the vif) as the default gateway of the clients. ie: vlan 101 subnet 192.168.101.0 /24 vyatta ip on eth0.101 192.168.101.1 /24 host ips 192.168.101.2-254 /24 gw 192.168.101.1 vlan 102 subnet 192.168.102.0 /24 vyatta ip on eth0.102 192.168.102.1 /24 host ip 192.168.102.2-254 /24 gw 192.168.102.1 vlan 103 subnet 192.168.103.0 /24 vyatta ip on eth0.103 192.168.103.1 /24 host ip 192.168.103.2-254 /24 gw 192.168.103.1 make sense? -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Nov 20, 2007, at 6:15 PM, youssef salameddine wrote: Hi, I have Two cisco Switchs 2950 sw1 sw2 with a vtp link (802.1q trunk). sw1 is the vtp server and sw2 is the vtp client. The two switchs have 3 vlans: Vlan101, Vlan 102 and vlan 103 and the vlans can't communicate because there is no routing between them. I decide to use vyatta to implement routing inter-vlans. So I have a Vyatta VM that i linked to a port of sw1 and i configured this port as trunk in the sw1 side (switchport mode trunk). I also create 3 vif (sub interface of my vyatta interface eth0), so now i have eth0.vif101, eth0.vif102 and eth0.vif103. with this configuration machines on a vlan can't communicate with machines on an other vlan: what do i have to do on my vyatta to activate intervlan routing. Thanks for your help -- ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Problem with gateway, and vyatta internet update
Two things.
1) Your DHCP config should be handing out the inside ip of the vyatta
box for the default-gateway to clients, in this case 10.0.0.1, not
the default gateway of the vyatta box itself.
2) You need to give the vyatta box a name server so it can resolve
addresses to get to the apt repository for updates. Do this:
set system name-server 192.168.0.2
commit
save
And that will allow the vyatta router to look up host names to get on
the internet.
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
404.478.2790
www.sheltonjohns.com
On Nov 16, 2007, at 9:40 AM, GVerris wrote:
Hi my name is Giannis and I am a new user of vyatta and I have some
problems
I use the vc3
This is my network
PC1 (IP A)
PC2 (IP B)
PC3 (IP C)
SERVER (IP D)
ROUTER (NOT VYATTA) (IP E)
(DNS DHCP is disabled I want to used it as gateway only)
And the role of firewall, dhcp, dns, router etc I want to be the
vyatta
Here is my config.boot
/*XORP Configuration File, v1.0*/
protocols {
static {
disable: false
route 0.0.0.0/0 {
next-hop: 192.168.0.1
metric: 1
}
}
}
policy {
}
interfaces {
restore: false
loopback lo {
description:
}
ethernet eth0 {
disable: false
discard: false
description: Office Lan
hw-id: 00:50:bf:6b:0d:ce
duplex: auto
speed: auto
address 10.0.0.1 {
prefix-length: 24
disable: false
}
}
ethernet eth1 {
disable: false
discard: false
description: Internet Wan
hw-id: 00:50:22:82:ef:63
duplex: auto
speed: auto
address 192.168.0.2 {
prefix-length: 24
disable: false
}
firewall {
local {
name: FWTELNET
}
}
}
}
service {
dhcp-server {
shared-network-name OfficeLAN {
subnet 10.0.0.0/24 {
start 10.0.0.50 {
stop: 10.0.0.150
}
dns-server 192.168.0.20
default-router: 192.168.0.2
lease: 86400
domain-name: test.router
authoritative: disable
}
}
}
nat {
rule 1 {
type: masquerade
outbound-interface: eth1
protocols: all
source {
network: 10.0.0.0/24
}
destination {
network: 0.0.0.0/0
}
}
rule 2 {
type: destination
inbound-interface: eth1
protocols: tcp
source {
network: 0.0.0.0/0
}
destination {
address: 192.168.0.1
port-name http
}
inside-address {
address: 10.0.0.30
}
}
}
telnet {
port: 23
}
webgui {
http-port: 80
https-port: 443
}
}
firewall {
log-martians: enable
send-redirects: disable
receive-redirects: disable
ip-src-route: disable
broadcast-ping: disable
syn-cookies: enable
name FWTELNET {
rule 1 {
protocol: tcp
action: reject
log: disable
source {
network: 0.0.0.0/0
}
destination {
port-name telnet
}
}
rule 2 {
protocol: all
action: accept
log: disable
source {
network: 0.0.0.0/0
}
destination {
network: 0.0.0.0/0
}
}
}
}
system {
host-name: vyatta
domain-name:
time-zone: GMT
ntp-server 69.59.150.135
login {
user root {
full-name:
authentication {
encrypted-password: x
}
}
user vyatta {
full-name:
authentication {
encrypted-password: x
}
}
}
package {
auto-sync: 1
repository community {
component: main
url: http://archive.vyatta.com/vyatta;
}
}
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: [EMAIL PROTECTED]:[EMAIL PROTECTED]:dhcp-
[EMAIL PROTECTED]:[EMAIL PROTECTED]:[EMAIL PROTECTED]:[EMAIL PROTECTED]:[EMAIL PROTECTED] === */
Here is the problems
1.I can’t see the internet the dhcp works fine and the
firewall,dns I suppose.
2. The vyatta does not connect to the internet to make updates
Please help I don’t know what is wrong
Re: [Vyatta-users] can't find my running config
Are you actually typing save from configuration mode to save the config, or are you assuming commit saves the config? You must type save or save /path/to/file to save the config to survive a reboot. All commit does is activate the changes made. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Nov 15, 2007, at 2:17 PM, James A. Shigley wrote: I have a similar problem twice now. And I do have it installed to a disk not running off the iso. James Shigley Monroe Telephone Answering Service 409-981-9213 Infinity 5.4,UC 4.02, Blink 3.0.104 Ecreator:5.03, eResponse 1.1.6 Webportal,WebApps, CONFIDENTIALITY NOTICE: This email, including any attachments, contains information which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this email in error, please notify the sender immediately by reply to sender only message and destroy all electronic and hard copies of the communication, including attachments. Common sense is the collection of prejudices acquired by age eighteen. -- Albert Einstein Once you can accept the universe as matter expanding into nothing that is something,wearing stripes with plaid comes easy. -- Albert Einstein I know a little of everything, but a lot of nothing -Original Message- From: [EMAIL PROTECTED] [mailto:vyatta-users- [EMAIL PROTECTED] On Behalf Of Justin Fletcher Sent: Thursday, November 15, 2007 11:46 AM To: Isiak Solih Sadik Cc: . Subject: Re: [Vyatta-users] can't find my running config Are you running the live CD or installed to disk? If you're running the live CD, the file system is in memory, and you need to save to floppy for the configuration to be preserved across reboots. Justin On Nov 15, 2007 9:39 AM, Isiak Solih Sadik [EMAIL PROTECTED] wrote: Pls Help! I installed vyatta router 3 on my pc and it worked parfectly.I actually saved the running config on the default file opt/vyatta/ etc/config/config.boot.but when I reboot my vyatta can't route anything.I found out that my saved running config is no longer in opt/vyatta/etc/config/config.boot What can I do. Sadiku Babatunde - 'There is no deity worthy of worship except Allah and Muhammad (peace be upon him) is his final Messenger.' http://www.Darussalam.net/ Read, Learn, Implement! ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] can't find my running config
After you save can you cat /opt/vyatta/etc/config/config.boot and see if your changes are there? If not, cat /var/log/messages and look for an error about saving the file. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Nov 15, 2007, at 4:52 PM, James A. Shigley wrote: The first time I forgot to save the second 2 I was running thru the gui and saved both. James Shigley Monroe Telephone Answering Service 409-981-9213 Infinity 5.4,UC 4.02, Blink 3.0.104 Ecreator:5.03, eResponse 1.1.6 Webportal,WebApps, CONFIDENTIALITY NOTICE: This email, including any attachments, contains information which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this email in error, please notify the sender immediately by reply to sender only message and destroy all electronic and hard copies of the communication, including attachments. Common sense is the collection of prejudices acquired by age eighteen. -- Albert Einstein Once you can accept the universe as matter expanding into nothing that is something,wearing stripes with plaid comes easy. -- Albert Einstein I know a little of everything, but a lot of nothing -Original Message- From: Aubrey Wells [mailto:[EMAIL PROTECTED] Sent: Thursday, November 15, 2007 3:07 PM To: James A. Shigley Cc: vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] can't find my running config Are you actually typing save from configuration mode to save the config, or are you assuming commit saves the config? You must type save or save /path/to/file to save the config to survive a reboot. All commit does is activate the changes made. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Nov 15, 2007, at 2:17 PM, James A. Shigley wrote: I have a similar problem twice now. And I do have it installed to a disk not running off the iso. James Shigley Monroe Telephone Answering Service 409-981-9213 Infinity 5.4,UC 4.02, Blink 3.0.104 Ecreator:5.03, eResponse 1.1.6 Webportal,WebApps, CONFIDENTIALITY NOTICE: This email, including any attachments, contains information which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this email in error, please notify the sender immediately by reply to sender only message and destroy all electronic and hard copies of the communication, including attachments. Common sense is the collection of prejudices acquired by age eighteen. -- Albert Einstein Once you can accept the universe as matter expanding into nothing that is something,wearing stripes with plaid comes easy. -- Albert Einstein I know a little of everything, but a lot of nothing -Original Message- From: [EMAIL PROTECTED] [mailto:vyatta-users- [EMAIL PROTECTED] On Behalf Of Justin Fletcher Sent: Thursday, November 15, 2007 11:46 AM To: Isiak Solih Sadik Cc: . Subject: Re: [Vyatta-users] can't find my running config Are you running the live CD or installed to disk? If you're running the live CD, the file system is in memory, and you need to save to floppy for the configuration to be preserved across reboots. Justin On Nov 15, 2007 9:39 AM, Isiak Solih Sadik [EMAIL PROTECTED] wrote: Pls Help! I installed vyatta router 3 on my pc and it worked parfectly.I actually saved the running config on the default file opt/vyatta/ etc/config/config.boot.but when I reboot my vyatta can't route anything.I found out that my saved running config is no longer in opt/vyatta/etc/config/config.boot What can I do. Sadiku Babatunde - 'There is no deity worthy of worship except Allah and Muhammad (peace be upon him) is his final Messenger.' http://www.Darussalam.net/ Read, Learn, Implement! ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http
Re: [Vyatta-users] save to boot
are you running from a livecd or installed on a hard disk? -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Nov 12, 2007, at 8:28 AM, Isiak Solih Sadik wrote: I'm having problem with my vyatta .How can I save my vyatta router running configuration so that the machine will bot from it when reboot. I have follow the vyatta quick guide to use the default 'save' so that the file will be saved in /opt/vyatta/etc/config/config.boot. After i had saved the running configuration I checked the /opt/ vyatta/etc/config/config.boot. and the running config. content was found.After I reboot the machine the router can't route any packet.I discovered that my running config content can't be found in /opt/vyatta/etc/config/config.boot Is it because the file is in opt/ main directory? Or what is the problem. Sadiku Babatunde - 'There is no deity worthy of worship except Allah and Muhammad (peace be upon him) is his final Messenger.' http://www.Darussalam.net/ Read, Learn, Implement!___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Want to use Vyatta for our main BGP router - butwhat about traffic tracking?
This sounds very interesting. Have you noticed any performance impact to running it? -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Nov 7, 2007, at 10:15 PM, Alain Kelder wrote: Hello Dominic, Out of the various tools I've tried, netacct-mysql is currently my favorite. It collects bandwidth data through libpcap and stores in a MySQL DB. It comes with a PHP front end, but to me the real power is that it stores the stats in MySQL. Through SQL SELECT statements, I'm able to get all the stats I need. For instance: mysql SELECT SUM((input+output)/1073741824) FROM traffic WHERE IP='10.10.2.122' AND time LIKE '2007-09%'; gives me total (in+out) GBs of bandwith used by 10.10.2.122 during Sept 07. I run it on the Xen host to keep track of the guest domain bandwidth usage, but it should run on the Vyatta box just as well (haven't tried yet, sorry). The other thing I started playing with today is grabbing the data from the DB using PHP and feeding it to the chart PHP script from www.maani.us to get pretty graphs. I would love to know what you end up using! Cheers, -Alain. http://sourceforge.net/projects/netacct-mysql/ Dominic Williams wrote: Many thanks for your response. What we need to generate is a traffic graph for each IP that we serve i.e. At 4.20.00pm some IP was using 7Mbps, at 4.20.15pm it was using 5.2Mbps, at 4.20.30 it was using 6.3Mbps and so on. We need this data is used to understand how sites (which run on IPs) behave and also to provision overall bandwidth and pass bandwidth costs to clients. Is this possible and for example, is anyone doing 95th percentile billing using a Vyatta router? Best, Dominic -Original Message- From: Holtz,Robert [EMAIL PROTECTED] To: Dominic Williams [EMAIL PROTECTED]; vyatta- [EMAIL PROTECTED] [EMAIL PROTECTED] Sent: 07/11/07 16:27 Subject: RE: [Vyatta-users] Want to use Vyatta for our main BGP router - butwhat about traffic tracking? You can collect SNMP interface performance data anywhere along the path to the outside world, not just the router. There's quite a bit of flexibility. Examples: The Web Server itself Load Balancer, if you have a bunch of web servers Ethernet Switch(s) Router Etc. If you are not the intended recipient of this message (including attachments), or if you have received this message in error, immediately notify us and delete it and any attachments. If you no longer wish to receive e-mail from Edward Jones, please send this request to [EMAIL PROTECTED] You must include the e- mail address that you wish not to receive e-mail communications. For important additional information related to this e-mail, visit www.edwardjones.com/US_email_disclosure -Original Message- From: [EMAIL PROTECTED] [mailto:vyatta-users- [EMAIL PROTECTED] On Behalf Of Dominic Williams Sent: Wednesday, November 07, 2007 10:07 AM To: [EMAIL PROTECTED] Subject: [Vyatta-users] Want to use Vyatta for our main BGP router - butwhat about traffic tracking? Hello all, My company is very keen to try a Vyatta solution, as we are about to move our hosting rack to a BGP solution and a 7204VXR with 1GB seems inordinately expensive!! But... we need to be able to monitor and track bandwidth to each individual IP address that we serve. This is a crucial requirement, as it is for many people involved in Web hosting. At the moment we just use Netflow exports from our Cisco router in conjunction with some tracking software... I know that Vyatta doesn't support Neflow, but somebody indicated on this list that you can get at these stats using SNMP. Is this really the case? Can you get at traffic flows for individual IPs that are being served through the router? -- I was under the impression SNMP was just of use for monitoring the status of a particular device / interface etc?? Many thanks for any advice you can give. Best, Dominic Dominic Williams www.System7.com www.Wyki.com Better Digital Publishing Email [EMAIL PROTECTED] Direct +44 (0) 203 0519110 ext. 8010 Mobile +44 (0) 7710 469456 Fax +44 (0) 8700 607555 Terms: This e-mail contains proprietary information some or all of which may be legally privileged. It is intended for the recipient only. If an addressing error or transmission error has misdirected this e-mail, please notify the sender immediately or contact [EMAIL PROTECTED] If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http
Re: [Vyatta-users] subnet move/add/change misbehavior [grrrrr!]
Sounds like we have the same issue then. Do your routes show up correctly in the system routing table? What kind of hardware are you using? I'm running a dell 1950 with dual dual-core 3.0 Xeons and 8 gig of ram. No PCI cards, all onboard broadcom NICs. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group 404.478.2790 www.sheltonjohns.com On Nov 6, 2007, at 5:58 AM, David Pearce wrote: I have found that VC3 is very fussy about adding routes. Changing an interface and deleting the node followed by recreating it with new settings leads to no routing table entries for me. I have found that the only way to get a correct table is to start from a clean format David Aubrey Wells wrote: It is the next hop. To give you one of the scenarios: Added 8.17.X.253 /30 to eth0 vif 1180 subnet doesnt show up in vyatta's routing table (show route) but does show up in the system table (route -n) and I can ping the other side (8.17.X.254) both from within xorp and from the unix shell. So then I add a static route for 3 subnets pointing to the (directly connected) route of the other side of that /30 (8.17.X.254). show route from xorp says its next hop is my default route. show configuration shows that I didnt screw up i did in fact do what i meant to. the system routing table (route -n) says the same thing as the xorp table (that i configured it to be the same as the default route). So the route doesnt work, and what's worse, is if I try to delete it from the config (delete protocols static 216.32.X.0/20 next- hop 8.17.X.254) it tells me I cant delete a non-existant route. If I try to put what it thinks the route is, it says the node doesnt exist. I have to delete the offending line from the config file with vi and reboot (or load config.boot now that I know that) to get it back to a state where I can work with it. And this pesky line shows up in the log. I dont see anything interesting in any other logs that I know about: Nov 4 01:49:47 vyatta xorp_fea: [ 2007/11/04 01:49:47 WARNING xorp_fea FEA ] Got update for address no in lib feaclient tree: eth0.1180/eth0.1180/8.17.X.253 THe other scenario: IP 8.17.X.113 /28 exists on eth1 vif 1192. I remove it and commit. Its gone out of both the system and xorp routing tables. i read it as 8.17.X.113 /29 and commit. It doesnt show up in the xorp table, but it is in the system table. I get the same log message as above and my system hates me for it. The route works (i can ping the other side) but I can't configure any services to use it. :-( *sigh* Any ideas? I searched bugzilla, and only came up with bug 1602, which appears to be the exact opposite of my issue. I'm going to try to reproduce on a dev box and use my subscription support to see if one of you guys can log in to it and poke around. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Nov 6, 2007, at 12:08 AM, Justin Fletcher wrote: No problem - I know exactly how you feel some days! And I'd missed the point that it didn't make into the system route table, so the first question I'd ask is whether the next hop you're specifying is directly connected? If it isn't, try using the IP address of the directly connected next hop router. If it is, well, there's a bit more to figure out, as I've never seen that behavior. To try a rephrase on the load config command, it'll make your running configuration match the configuration in the file (usually :-) ) Justin On Nov 5, 2007 8:52 PM, Aubrey Wells [EMAIL PROTECTED] wrote: Thanks for the response - sorry for my impatience. :-) I dont mind the viewing discrepancy, its the fact that vyatta doesn't recognize the existance of the routes - so I can't do anything with them. So you're saying load config.boot should fix the problem? Will that cause any downtime while it rereads the config, or should it be seamless? Also... maybe its just because its been a really long day, but this sentence doesn't make any sense: it'll remove everything that's not in the current configuration that's in the config file, and add the new commands from the config file. Could you possibly rephrase for me? :-) -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group www.sheltonjohns.com On Nov 5, 2007, at 11:31 PM, Justin Fletcher wrote: Good questions - I think you're just seeing a synchronization issue. If you see it in the system route table (route -n from the Linux shell or show route system forward from the CLI) it's really in the system RIB as the forwarding information base is updated from the RIB. However, show route looks at a different table, and can be somewhat out of sync. So - if you see the route from show route system forward it made it into the route tables correctly - you're just seeing a viewing
Re: [Vyatta-users] subnet move/add/change misbehavior [grrrrr!]
Thanks for the response - sorry for my impatience. :-) I dont mind the viewing discrepancy, its the fact that vyatta doesn't recognize the existance of the routes - so I can't do anything with them. So you're saying load config.boot should fix the problem? Will that cause any downtime while it rereads the config, or should it be seamless? Also... maybe its just because its been a really long day, but this sentence doesn't make any sense: it'll remove everything that's not in the current configuration that's in the config file, and add the new commands from the config file. Could you possibly rephrase for me? :-) -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group 404.478.2790 www.sheltonjohns.com On Nov 5, 2007, at 11:31 PM, Justin Fletcher wrote: Good questions - I think you're just seeing a synchronization issue. If you see it in the system route table (route -n from the Linux shell or show route system forward from the CLI) it's really in the system RIB as the forwarding information base is updated from the RIB. However, show route looks at a different table, and can be somewhat out of sync. So - if you see the route from show route system forward it made it into the route tables correctly - you're just seeing a viewing discrepancy issue. Also, you can load the configuration using load config.boot in config mode; it'll remove everything that's not in the current configuration that's in the config file, and add the new commands from the config file. Best, Justin On Nov 5, 2007 8:08 PM, Aubrey Wells [EMAIL PROTECTED] wrote: Anyone? :-( -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group 404.478.2790 www.sheltonjohns.com On Nov 3, 2007, at 10:16 PM, Aubrey Wells wrote: Hi, I'm having this really frustrating problem where occasionally I will add an ip/network to vyatta, or delete an ip and readd it to the same interface with a different prefix-length or move it to a different interface (with a commit in between) and vyatta will not recognize that the ip/ network has been added. For instance, this evening, I was attempting to add 8.17.X.253 /30 to interface eth1 on vif 1180. If i look at the system routing table, it is added on the correct interface and traffic passes to the host on the other side. But if I do a show route in vyatta the subnet is not there and as such, if I try to point a static route at it, the route instead gets added to whatever my default route is. for example: set protocols static route 1.2.3.0/8 next-hop 8.17.X.254 that gets added to the config file fine, but a show route shows it having a next hop of my default route. The system routing table does the same. Also, I cannot delete this route from the config without doing it by hand with VI and rebooting (says the route doesnt exist). Also, I tried to remove 8.17.X.113 /28 and readd it as 8.17.X.113 / 27. I removed the ip, commited, and readded it. The subnet didnt show up in the vyatta routing table after a commit but it was in the system routing table (route -n). Traffic passed just fine. When I commit those changes, I see this in the messages log: Nov 4 01:49:47 vyatta xorp_fea: [ 2007/11/04 01:49:47 WARNING xorp_fea FEA ] Got update for address no in lib feaclient tree: eth0.1180/eth0.1180/8.17.X.253 Nov 4 01:49:47 vyatta xorp_fea: [ 2007/11/04 01:49:47 WARNING xorp_fea FEA ] Got update for address no in lib feaclient tree: eth1.54/eth1.54/8.17.X.113 If I save the config, and reboot the box, the configuration loads up just fine and all my subnets/routes are correct. This is not a solution, as this is my core router in a fast-growing network and I cant go around rebooting it every time I add a subnet. I'm running the last VC3 beta. (I havent upgraded to VC3 release because I didnt want to reboot the box without scheduling a window heh) This also happened in VC2.2. I'm not 100% sure about weather or not it happens on a PHY, but I think it did, although most of my stuff is on VIFs. Please help! Oh, and is there a way to get it to dump and reload the config from scratch without rebooting? These DELL's have a horrendous POST time because of the RAID, DRAC, and BMC BIOSes that all have to load (plus the overhead of checking 8G of memory)! -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Universal gateway with VYATTA
a and b are simple, almost any router including vyatta can do this. for c, are you saying you want any user with any random ip configuration on their machine to be able to plug in and get online with that random ip, subnet, and gateway? That's a heck of a request and I'm not sure how it would be possible for vyatta (or any other router) to know what the user is using, assign itself the correct ip address that the user is trying to use as a gateway and create an outbound NAT. I suppose you might could cobble something together with tshark by looking at arp requests and some intelligent guessing maybe... but seriously... how hard is it to click obtain settings from DHCP? I've used mikrotik pretty extensively, and I don't recall ever seeing an option like this. I must be misunderstanding your request, perhaps you could explain a little better? If you know what the settings are on the computers that come in without dhcp enabled, you could set up a secondary ip on the eth2 interface and create a matchinf outbound nat rule, that would be easy. but if its completely random and you dont know what it is ahead of time -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group 404.478.2790 www.sheltonjohns.com On Oct 23, 2007, at 8:11 AM, mson77 wrote: Hello List, My goal is: 1) a box with 3 ethernet cards (interfaces): eth0, eth1, eth2; 2) eth0 attached to internet access provider ISP0; eth1 attached to internet access provider ISP1; eth2 attached to local dynamic LAN users; What I need or wish: a) the router be able to use these 2 WAN links, load balancing and in case of failure of one link... switch all the requests to the second available link; and when the failure link comes back on... do the load balancing again; b) have dhcp server binded to eth2 as above for users with dhcp client enabled; c) now for those who use static IP configurations, I mean: with static IP, static gateway and DNS servers: == and these static configurations does not belong to our eth2 lan subnet. TODAY I have to go to this user laptop and change manually its IP configuration... changing them to dynamic IP setup to receive our dhcp IP configuration. This is what I do not want anymore. == I wish that VYATTA be able to route... to allow this user with any static IP configuration to access internet... i.e. to be routed to internet and browse the internet as other regular dhcp users. Is ir possible with VYATTA? I saw a solution that provides this amazing and nice feature called MIKROTIK/MAXINA... Thanks in advance, mson77 ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Universal gateway with VYATTA
oops, i got so distracted by part c to your email, that I read right over your load-balancing requirements. unless it got included in dublin, ECMP (Equal-cost multi-path) routing is not available in vyatta at this time. you can do the failover though, you just add a second default route with a higher metric, ie: core1# set protocols static route 0.0.0.0/0 qualified-next-hop 1.2.3.4 metric 10 -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group 404.478.2790 www.sheltonjohns.com On Oct 23, 2007, at 9:21 AM, Aubrey Wells wrote: a and b are simple, almost any router including vyatta can do this. for c, are you saying you want any user with any random ip configuration on their machine to be able to plug in and get online with that random ip, subnet, and gateway? That's a heck of a request and I'm not sure how it would be possible for vyatta (or any other router) to know what the user is using, assign itself the correct ip address that the user is trying to use as a gateway and create an outbound NAT. I suppose you might could cobble something together with tshark by looking at arp requests and some intelligent guessing maybe... but seriously... how hard is it to click obtain settings from DHCP? I've used mikrotik pretty extensively, and I don't recall ever seeing an option like this. I must be misunderstanding your request, perhaps you could explain a little better? If you know what the settings are on the computers that come in without dhcp enabled, you could set up a secondary ip on the eth2 interface and create a matchinf outbound nat rule, that would be easy. but if its completely random and you dont know what it is ahead of time -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group 404.478.2790 www.sheltonjohns.com On Oct 23, 2007, at 8:11 AM, mson77 wrote: Hello List, My goal is: 1) a box with 3 ethernet cards (interfaces): eth0, eth1, eth2; 2) eth0 attached to internet access provider ISP0; eth1 attached to internet access provider ISP1; eth2 attached to local dynamic LAN users; What I need or wish: a) the router be able to use these 2 WAN links, load balancing and in case of failure of one link... switch all the requests to the second available link; and when the failure link comes back on... do the load balancing again; b) have dhcp server binded to eth2 as above for users with dhcp client enabled; c) now for those who use static IP configurations, I mean: with static IP, static gateway and DNS servers: == and these static configurations does not belong to our eth2 lan subnet. TODAY I have to go to this user laptop and change manually its IP configuration... changing them to dynamic IP setup to receive our dhcp IP configuration. This is what I do not want anymore. == I wish that VYATTA be able to route... to allow this user with any static IP configuration to access internet... i.e. to be routed to internet and browse the internet as other regular dhcp users. Is ir possible with VYATTA? I saw a solution that provides this amazing and nice feature called MIKROTIK/MAXINA... Thanks in advance, mson77 ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] how do i do a performance analysis of the vyatta router ?
If you just want to see how much data you can get it to route through how fast, iperf is a good quick and dirty test method. put a box behind eth1 and one behind eth2, run iperf in server mode on one, and run a client on the other and see what kind of throughput you can get. Dont forget to adjust the concurrent threads, you'll be disappointed by the results from a single thread... http://dast.nlanr.net/Projects/Iperf/ If you want more comprehensive performance testing, do as Stig suggested and check out ixia or spirent. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group 404.478.2790 www.sheltonjohns.com On Oct 21, 2007, at 2:34 PM, saptarshi moitra wrote: Hi Everyone Thanks to this forum, I have been able to set up a network with a vyatta router at its center ( having eth0 eth1 and eth2 ) connected to the internet via eth0 and to two separate LANs through eth1 and eth2 respectively. the LANs are able to communicate with each other and with the WAN as well via the vyatta router . Now I want to do a performance analysis of this router . Can i get a detailed step by step documentation of how i can go about this ? How do i view the packets that are flowing through the router ? is there a thing like Wireshark in vyatta ? It would be great if someone can help me out with this issue. Thanks and regards Saptarshi ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Static Routing Issue
What are the gateways on the two end systems? I dont see anything
glaringly wrong with your config at first glance. What is the output
of show route from vyatta CLI and route -n from the unix shell?
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
404.478.2790
www.sheltonjohns.com
On Oct 19, 2007, at 12:23 AM, saptarshi moitra wrote:
Hi Everyone
I have Vyatta running on a system with the following interfaces
eth0 : 129.107.97.22
eth1 : 192.168.172.1
eth2 : 10.0.0.1
eth0 is connected to the internet through the gateway 129.107.97.250
eth1 is connected to one end system of IP 192.168.172.2
eth2 is connected to ane end system of IP 10.0.0.2
I am able to ping all these IP s from my vyatta router .
however i am unable to ping 192.168.172.1 or 192.168.172.2 or
129.107.97.22 from end system 10.0.0.2
i am also unble to ping 10.0.0.1 or 10.0.0.2 or 129.107.97.22 from
end system 192.168.172.2
here is the entire configuration of my vyatta router
Can anyone figure out what i need to do to make these two systems
communicate with each other as well as to the internet through the
vyatta router?
Thanks
Saptarshi
protocols {
static {
disable: false
route 0.0.0.0/0 {
next-hop: 129.107.97.250
metric: 1
}
}
}
policy {
}
interfaces {
restore: false
loopback lo {
description:
}
ethernet eth0 {
disable: false
discard: false
description:
hw-id: 00:07:E9:0F:D4:F8
duplex: auto
speed: auto
address 129.107.97.22 {
prefix-length: 24
disable: false
}
}
ethernet eth1 {
disable: false
discard: false
description:
hw-id: 00:07:E9:0F:D4:F9
duplex: auto
speed: auto
address 192.168.172.1 {
prefix-length: 24
disable: false
}
}
ethernet eth2 {
disable: false
discard: false
description:
hw-id: 00:13:72:8D:46:39
duplex: auto
speed: auto
address 10.0.0.1 {
prefix-length: 24
disable: false
}
}
}
service {
nat {
rule 1 {
type: source
outbound-interface: eth0
protocols: all
source {
network: 192.168.172.0/24
}
destination {
network: 0.0.0.0/0
}
outside-address {
address: 129.107.97.22
}
}
rule 10 {
type: destination
inbound-interface: eth0
protocols: all
destination {
address: 129.107.97.22
}
inside-address {
address: 192.168.172.2
range {
start: 192.168.172.1
stop: 192.168.172.10
}
}
}
}
http {
port: 80
}
ssh {
port: 22
protocol-version: v2
}
telnet {
port: 23
}
}
firewall {
log-martians: enable
send-redirects: disable
receive-redirects: disable
ip-src-route: disable
broadcast-ping: disable
syn-cookies: enable
}
system {
host-name: vyatta
domain-name:
name-server 129.107.1.9
time-zone: GMT
ntp-server 69.59.150.135
login {
user root {
full-name:
authentication {
encrypted-password: $1$$Ht7gBYnxI1xCdO/JOnodh.
}
}
user vyatta {
full-name:
authentication {
encrypted-password: $1$$Ht7gBYnxI1xCdO/JOnodh.
}
}
}
package {
auto-sync: 1
repository community {
component: main
url: http://archive.vyatta.com/vyatta;
}
}
}
rtrmgr {
config-directory: /opt/vyatta/etc/config
}
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] New Vyatta User with a VLAN Problem
I'm sure most of us have been bitten by the terrible Cisco GUIs No worries. :-) -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group 404.478.2790 www.sheltonjohns.com On Oct 13, 2007, at 7:47 PM, Jeffery Tillotson wrote: Vects wrote: port 22 Multi-VLAN is trunk? Could you post cisco switch configuration? Thanks, Alexc. I'll save everyone the bandwidth and not post the switch configuration. It is working as I expected it would now. It will teach me to not be lazy and use the gui tools. Port 22 was not configured properly regardless of what the gui interface was telling me. As soon as hooked up via the console I saw my mistake. I feel just a little silly now. Thanks everyone for your time and responses. I am going to go bury my head in the sand. Jeff ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Logging --- Moving on...
You really should be running MRTG on a different machine, not your router. It requires quite a bit of overhead, especially if you dont run it in rrdtool mode. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group 404.478.2790 www.sheltonjohns.com On Oct 11, 2007, at 7:18 AM, Daren Tay wrote: Hi guys me again.. ok I've managed to point the apt repository to debian's own one.. and downloaded their build-essential with all the compiler and such. .so i can compile then i downloaded all the required libraries for MRTG to work.. and installed mrtg successfully.. i then move in to want to setup for vyatta.. when i realise.. where do i point it to? I need to point to a web-visible directory... there's lighthttpd in vyatta.. but it is not running even though i activated the http controls for vyatta... so do i put it in lighthttp /var/www webroot, or do i need to find where the http page for vyatta is? thanks folks! Daren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Daren Tay Sent: Thursday, 11 October 2007 17:31 To: Justin Fletcher Cc: vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] Logging --- (Regarding apt-get) Hi guys.. i realise vyatta don't have a compiler.. libpng and gd etc... which I need for the mrtg so i tried to use apt-get to get compiler by running apt-get install build-essential and apt-get install gcc both of which didn't work... I need them to start on the mrtg yah... how you guys do it.. download the source and compile it? Daren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Daren Tay Sent: Wednesday, 10 October 2007 11:23 To: Justin Fletcher Cc: vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] Logging Ok I will give it a try and update again... I thought there should be at least some form of logging enabled by default, mine doesn't. Daren -Original Message- From: Justin Fletcher [mailto:[EMAIL PROTECTED] Sent: Tuesday, 09 October 2007 22:31 To: Daren Tay Cc: vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] Logging By default, all major issues are logged at warning level or above, If you want to log everything, you can enable it in config mode: set system syslog global facility * level debug I'll sometimes track this using the root shell when I'm debugging a problem: tail -f /var/log/messages Justin On 10/9/07, Daren Tay [EMAIL PROTECTED] wrote: Hi there, thanks for the kind pointers. So if i want to use the default log (which I can view using show log) what options should I use? Daren -Original Message- From: Justin Fletcher [mailto:[EMAIL PROTECTED] Sent: Tuesday, 09 October 2007 11:45 To: Daren Tay Cc: vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] Logging show log is also run outside of config mode -- You can run any command in config mode by putting run in front of it, as in run show log or run show interfaces. If you want to watch traffic, tshark is available from the root shell. Once you've run logged in as root, try tshark -i eth0 -n port 80 (assuming you want to monitor interface eth0). This will let you see all your web traffic. A lot of TCP retransmissions would be a sign of dropped packets somewhere along the path. Personally, I monitor the router with MRTG from http://oss.oetiker.ch/mrtg/ . Others prefer other monitoring tools, such as Cacti (http://www.cacti.net/). Justin On 10/8/07, Daren Tay [EMAIL PROTECTED] wrote: Ahh.. I Have to do show interfaces outside of config mode to see it... but is there any way to monitor http traffic only? Also, show log gives me this: ERROR: cannot show log because it doesn't exist. [edit] I missed something? Daren -Original Message- From: Justin Fletcher [mailto:[EMAIL PROTECTED] Sent: Tuesday, 09 October 2007 10:49 To: Daren Tay Cc: vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] Logging Easiest way is with a show interfaces - it'll give you packet statistics. By default, the system logs at warning level, so any major issues will be visible using show log. Justin On 10/8/07, Daren Tay [EMAIL PROTECTED] wrote: Hi guys, I have been having problems with my web servers behind a vyatta router. I am thinking of trying to check if vyatta is dropping packets.. what should I do to find out? Also.. I realise under System, there's no logging. What's the minimal logging should I use to get useful information without overloading the system? Thanks! Daren ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http
Re: [Vyatta-users] dynamic NAT redirection for HTTP based on host header rather than IP
I can't think of a way to do this. The HTTP protocol establishes a TCP session on port 80 before any payload data is sent (including the HOST: header) so the NATing would occur before the HOST header is ever sent. What you need is a non-caching (or caching if you want) HTTP proxy server. Look in to Apache's mod_proxy_http module. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Oct 4, 2007, at 5:28 PM, Joel Krauska wrote: This sounds like server load balancing based on URL NAT does not generally get applied by URL. You might look at the Linux Virtual Server project. http://www.linuxvirtualserver.org/ On 10/4/07, Jeff Stockett [EMAIL PROTECTED] wrote: I was wondering how hard it might be to make vyatta handle something like this? The scenario is a hosting environment, and rather than running all the virtual hosts on one server, my customer wants each hoster to have their own VM running on one of multiple VM servers NATed behind a single public IP. I can envision some new rule keywords being required - something like: set service nat rule 10 destination port-name http set service nat rule 10 inside-address-by-host-header www.hoster1.com address 10.0.0.4 set service nat rule 10 inside-address-by-host-header www.hoster2.com address 10.0.0.4 set service nat rule 10 inside-address-by-host-header www.hoster3.com address 10.0.0.5 set service nat rule 10 inside-address-by-host-header www.hoster4.com address 10.0.0.5 ... This would be very useful given the popularity/versatility of virtualization these days. Thoughts? Where would one go about looking in the code to implement a feature like this and how hard might it be? ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] dynamic NAT redirection for HTTP based on host header rather than IP
Its been a while since I've done it, but I think this should get you started... You can contact me off-list if you need any more assistance. ProxyRequests Off ProxyPreserveHost On VirtualHost www.foo.com ServerName www.foo.com Location / ProxyPass http://192.168.1.50/ ProxyPassReverse http://192.168.1.50/ /Location /VirtualHost VirtualHost www.bar.com ServerName www.bar.com Location / ProxyPass http://192.168.1.51/ ProxyPassReverse http://192.168.1.51/ /Location /VirtualHost The ProxyRequests Off line is important, if you don't turn it off then you're an open proxy and spammers will love you and bring your server to its knees. Note that turning this off will not stop your proxy from working. The ProxyPreserveHost line will preserve the Host header field in the request and pass it through to the destination proxy host (192.168.1.50/51 in my example above). The idea is that you create a virtual host for every domain you want to proxy and point it to the internal ip of the server hosting the site. The original host header is passed through, so you don't have to use one ip per domain. The ProxyPass directive sends requests through, and ProxyPassReverse modifies server responses to prevent breakage from redirects (ie: the internal server might send a 302 with Location: 192.168.1.51 in it which wont work... the Reverse directive will rewrite that back to www.bar.com in the header sent to the browser). This can be modified to work with ssl hosts and cacheing with other modules. Note that this can break cookies but there are other modules to fix that. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Oct 4, 2007, at 7:02 PM, Jeff Stockett wrote: - Aubrey Wells [EMAIL PROTECTED] wrote: I can't think of a way to do this. The HTTP protocol establishes a TCP session on port 80 before any payload data is sent (including the HOST: header) so the NATing would occur before the HOST header is ever sent. What you need is a non-caching (or caching if you want) HTTP proxy server. Look in to Apache's mod_proxy_http module. That makes sense - I will explore options along those lines. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Errors On Outgoing Ethernet Interface
This is true, but in a half-duplex environment, collisions dont' cause much of a performance drop, as when one side detects a collision, it will send a jamming signal to the other side so it will shut up and traffic can continue. If one side is half and the other is full, the jamming signal is ignored and the two will continue to try to talk over each other and traffic creaps to a halt. A device that is HD will clear the collision counter it generated every time a frame is successfully transmitted after a jam signal is sent, so you generally don't see collision counters on a HD device, if it is working in accordance to the ethernet specs. That's CSMA/CDs nifty little trick to keep you from panicking when you see your error counters in a network that is supposed to have collisions (well, not supposed to I guess, but *will* :-)) -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group 404.478.2790 www.sheltonjohns.com On Sep 21, 2007, at 12:43 AM, Peter Wohlers wrote: I guess thinking about it more, and in the spirit of not propagating misinformation, collisions are normal in any half-duplex environment. Whether there's actually a mismatch or not is just how we're conditioned to view it because 100-half really doesn't buy you much but faster collisions ;) Full duplex environments should by definition, not have any collisions. --Peter Aubrey Wells wrote: I would have TWTC force their side to 100 Full, and you do the same on yours. Collisions, 99% of the time, only occur as a result of a duplex mismatch. * * *--* *Aubrey Wells* /Senior Engineer/ Shelton | Johns Technology Group 404.478.2790 www.sheltonjohns.com On Sep 20, 2007, at 7:10 PM, Jeff wrote: On the 7206 the interfaces are FastEthernet interfaces I did try each one from auto to force, etc and did not seem to make any difference But I was not trying to much. Till I asked some pointers Maybe its something I will have to have Timewarner match the switch to my ethernet card, no idea for sure Jeff *From:* Allan Leinwand [mailto:[EMAIL PROTECTED] *To:* 'Jeff' [mailto:[EMAIL PROTECTED], vyatta-users@mailman.vyatta.com mailto:vyatta-users@mailman.vyatta.com, vyatta-users@mailman.vyatta.com mailto:vyatta-users@mailman.vyatta.com *Sent:* Thu, 20 Sep 2007 17:36:42 -0400 *Subject:* RE: [Vyatta-users] Errors On Outgoing Ethernet Interface Hi Jeff, I'd guess that you're having an issue with the auto negotiation of speed and/or duplex on that interface. You can set these commands as follows: vyatta mailto:[EMAIL PROTECTED]# set interfaces ethernet eth0 duplex ? Possible completions: autoSet duplex auto-negotiation mode full Set full duplex mode half Set half duplex mode I'd make sure you're set for auto on both speed and duplex and if that does not work I'd try to force the interface into a setting that you know will work. show interfaces on your 7206 can show you the current settings. Take care, allan *From:* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]] *On Behalf Of *Jeff *Sent:* Thursday, September 20, 2007 2:23 PM *To:* vyatta-users@mailman.vyatta.com mailto:vyatta-users@mailman.vyatta.com; vyatta-users@mailman.vyatta.com mailto:vyatta-users@mailman.vyatta.com *Subject:* [Vyatta-users] Errors On Outgoing Ethernet Interface I finally got to do a test run on vyatta today for the 1st run. I have two ethernet interfaces setup one for lan the other for the wan connected to TimeWarner I unplugged my 7206vxr cisco And plugged in the two ethernet interfaces from it into my vyatta box At any rate all seemed fine I could ping in and out, my ipaddresses asgned were visable. All looked great, but then I logged into the vyatta web interface, and seen that the ethernet interface going to the wan to tme warner switch was poplulting errors in the amount of 5 errors at a time every so many seconds At anyrate I viewed the interface and seen it was showing colisions. The ethernet interface to the local lan had no errors at all. So after a little more runtime I plugged back into the cisco, (No errors) and all was totally fine again. Any ideas what may be causing these errors? I have built the vyatta on a Vision 1GHz Pent 3 with 1 gig ram and 80 gig harddrive (basically overkill) Anyway the two ethernet cards are built into the motherboard.. Jeff
Re: [Vyatta-users] Installation Question
You're going to have an interesting time running BGP on a wrap board. IIRC, the last time I used a WRAP platform they maxed out at 266Mhz CPU and 128MB of RAM. A full BGP feed won't fit into 128M of ram, and a 266Mhz proc is going to have a hard time keeping up with the BGP Scanner process every time there's a table update. If it were me, I wouldn't try to run BGP on that device. All that being said, Vyatta will *probably* run on the WRAP platform, but I haven't tried it. I have successfully run other Linux variants on WRAP boards, so the support is there if its enabled in the Vyatta kernel. You'll have to install it by hand though, as I don't think you can boot a wrap board over a usb cdrom drive. I'm sure someone from Vyatta will chime in here soon with a more definitive answer. Good luck! -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Sep 20, 2007, at 5:27 PM, Ryan MacDonald wrote: Hello, I’m a complete newbie to Vyatta so I have a few questions. I’m currently running a similar firewall based on OpenBSD. My reason for switching is that our current system doesn’t support BGP. Aside from that, I was wondering if there are any instructions or if it is even possible to install Vyatta on a WRAP platform. We would like to make the change without new hardware if possible. I appreciate any advice. Thanks in advance, Ryan MacDonald [EMAIL PROTECTED] Ambient Technical Group, LLC 8101 Oak Dr Palmetto, FL 34221 Phone: (941)-782-6217 Fax: (941)-782-6218 ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] OFR under Xen?
On the Vmware front, has your testing occured under ESX or VMWare server? I don't want to go ESX because the licensing costs blow the cost model of going the virtualized routers route, but at the same time I'm concerned about performance loss under VMWare server. Any thoughts on that? I'm going to keep hammering on Xen, but it sure is a PITA. If anyone has a working xen diskimage and config file handy... it would be appreciated. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group 404.478.2790 www.sheltonjohns.com On Sep 14, 2007, at 10:03 AM, Dave Roberts wrote: There has been at least one report of success: http://mailman.vyatta.com/pipermail/vyatta-users/2007-June/001627.html I have also been told that it works on Virtual Iron. Vyatta has not tested with either of these, however, so everything I'm saying is second-hand. I'd love to get more reports of success. If people have Vyatta running under Xen, Virtual Iron, Virtual Box, or some other VPS scheme, I'd love to know about it. We have tested formally with VMware and I can confirm that works great. -- Dave From: [EMAIL PROTECTED] [mailto:vyatta-users- [EMAIL PROTECTED] On Behalf Of Aubrey Wells Sent: Thursday, September 13, 2007 9:57 PM To: vyatta-users@mailman.vyatta.com Subject: [Vyatta-users] OFR under Xen? Has anyone gotten Vyatta to run under Xen? -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] Community vs Subscription Edition
Is there a software difference between the Community and Subscription Editions of Vyatta? There's a size difference in the ISOs so there's *some* difference there, but in just using it I don't see anything different. Am I missing anything, or is it just the support that makes the difference? I apologize if this is documented somewhere, I couldn't find anything that mentioned any differences besides the support options. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] OFR under Xen?
Well, I got it working under Xen as a fully-virtualized domU, and it was fairly easy because you can boot the domU from an ISO and install to your virtual disk as if it were native. I really want to do it para-virtualized though, for performance reasons. I had minimal success booting the vmware image converted to a raw disk image with pygrub as a paravirtualized guest, but I'm probably going to have to roll my own ISO to make some kernel changes to get it to work. Maybe fully-virtualized isnt so bad after all... :) -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group 404.478.2790 www.sheltonjohns.com On Sep 14, 2007, at 10:03 AM, Dave Roberts wrote: There has been at least one report of success: http://mailman.vyatta.com/pipermail/vyatta-users/2007-June/001627.html I have also been told that it works on Virtual Iron. Vyatta has not tested with either of these, however, so everything I'm saying is second-hand. I'd love to get more reports of success. If people have Vyatta running under Xen, Virtual Iron, Virtual Box, or some other VPS scheme, I'd love to know about it. We have tested formally with VMware and I can confirm that works great. -- Dave From: [EMAIL PROTECTED] [mailto:vyatta-users- [EMAIL PROTECTED] On Behalf Of Aubrey Wells Sent: Thursday, September 13, 2007 9:57 PM To: vyatta-users@mailman.vyatta.com Subject: [Vyatta-users] OFR under Xen? Has anyone gotten Vyatta to run under Xen? -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
