Re: [Vyatta-users] How to use gcc for VC3

2008-03-20 Thread Justin Fletcher
You'll need to edit /etc/apt/sources.list to point to a Debian repository, then
install using apt-get.

Best,
Justin

On Thu, Mar 20, 2008 at 2:19 AM, piyush sharma [EMAIL PROTECTED] wrote:

 Hi,
 I am using VC3. I need to compile a package on the Vyatta machine using
 gcc.
 I was not able to find it. Can you please help me out?

 Thanks,
 Piyush
 ___
  Vyatta-users mailing list
  Vyatta-users@mailman.vyatta.com
  http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Vyatta-Hackers inactive?

2008-03-04 Thread Justin Fletcher
It's still active - sometimes no one has a good answer (yet) :-)

The build system for VC4 is a bit complex, and some of the details are still
being worked out; it'll be posted when it's ready to go, which should be any
day now.  After all, you've got to be able to build a project to
contribute to it :-)

Best,
Justin

On Tue, Mar 4, 2008 at 10:47 AM, Venketesan [EMAIL PROTECTED] wrote:
 I am sorry if this is an inappropriate alias for the question.
  I was trying to ask some questions on the build of community edition
  of vyatta in the Vyatta hackers list as well as the forum. But i did
  not receive any response. Besides i also did not see any activity in
  there for the past week.
  Is the the list\forum inactive or is there some place else i should
  look.

  Thanks,
  Venkat
  ___
  Vyatta-users mailing list
  Vyatta-users@mailman.vyatta.com
  http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Cluster heartbeat / change to ucast?

2008-03-04 Thread Justin Fletcher
Not yet, but it is one of the enhancements requested in bug 2730
(https://bugzilla.vyatta.com/show_bug.cgi?id=2730).  To keep it a
permanent setting,
you can modify the perl script that generates it; it's
/opt/vyatta/sbin/vyatta-update-cluster.pl
in VC4.

Best,
Justin

On Tue, Mar 4, 2008 at 11:01 AM, Chad Hurley [EMAIL PROTECTED] wrote:
 Thanks for the reply. Do you know if it is possible to specify this in
  the Vyatta configuration so that you don't need to reconfigure it each
  time? -CH



  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED] On Behalf Of Justin
  Fletcher
  Sent: Tuesday, March 04, 2008 11:16 AM
  To: [EMAIL PROTECTED]
  Subject: Re: [Vyatta-users] Cluster heartbeat / change to ucast?

  Yes, you can edit the configuration directly; however, you'll need to
  modify
  it again on reboot as it's created from the Vyatta configuration.

  Best,
  Justin

  On Tue, Mar 4, 2008 at 4:43 AM, Chad Hurley [EMAIL PROTECTED] wrote:
  
  
  
  
   The heartbeat from my Vyatta cluster is creating errors on another
  cluster
   on my network.  I would like to change the default bcast heartbeat to
  ucast.
   Does anyone know if it is save to edit the following file directly
  without
   any adverse affects?
  
  
  
   File:
  
   /etc/ha.d/ha.cf
  
  
  
   Current config:
  
   keepalive 1
  
   deadtime 4
  
   warntime 2
  
   initdead 120
  
   logfacility daemon
  
   bcast eth0 eth1
  
   auto_failback off
  
   node riv1 riv2
  
   ping 192.168.5.3 192.168.0.221
  
   respawn hacluster /usr/lib/heartbeat/ipfail
  
  
  
   I would like to replace the bcast line with:
  
   ucast eth0 192.168.5.5
  
   ucast eth1 192.168.0.252
  
  
  
   Anyone had luck with this type of config?
  
  
  
   Thanks,
  
   Chad
  
  
  
  
   ___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
  
  
  ___
  Vyatta-users mailing list
  Vyatta-users@mailman.vyatta.com
  http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Problem sending prefixes to my upstream provider

2008-02-29 Thread Justin Fletcher
On Fri, Feb 29, 2008 at 1:15 PM, Poh Yong Hwang [EMAIL PROTECTED] wrote:
 So the docs talking about Originating a route to eBGP Neighbours where it
 uses static instead of connected is not really correct? Sorry, trying to
 understand the difference between using a static route compared to using a
 connected method.

Think of a connected route as one that's exists because you've defined an
interface, and you're connected to that network.  And interface of
192.168.2.3/24
with have a connected route of 192.168.2.0/24.

A static route is one you define that's for a network that's remote to
the router.

Justin
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Booting from Live-CD

2008-02-29 Thread Justin Fletcher
That's actually a harder problem - you can do it by changing where the system
looks for configuration on boot, install to disk and then modify the
files to change
what's mounted and where the system looks for the configuration, or build from
scratch and create your own LiveCD with the changes in it.

In VC4, look in /etc/init.d/vyatta-ofr, /etc/default/vyatta, and
/etc/default/vyatta-cfg.

If you make the changes that let the system find the configuration on
a flash drive,
be sure to submit them back to the hackers list (or should that be
forum??) for inclusion
for others as well :-)

Best,
Justin

On Tue, Feb 26, 2008 at 9:23 PM, Christopher Johnson [EMAIL PROTECTED] wrote:
 Is there anyway, other than floppy disk, to have the OFR get a configuration
 file on boot from CDROM?  I'd love for it to be able to read from a USB
 thumb drive, load it from a TFTP site (use the standard boot methods to do
 so) or in anyway to get a configuration file into the system with out me
 being at the console.

 This is glendale VC4, Alpha 1, soon to be Alpha 2.

 Best,
 -Chris
 P.S. I did try load of an URL, and it died.


 ___
  Vyatta-users mailing list
  Vyatta-users@mailman.vyatta.com
  http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Booting from Live-CD

2008-02-29 Thread Justin Fletcher
That's a nice idea.  You'll still have to have a default location from
which to start -
which is the challenge of diskless systems :-)

If

On Fri, Feb 29, 2008 at 4:07 PM, Christopher Johnson [EMAIL PROTECTED] wrote:
 Thanks for the pointer to /etc/init.d/vyatta-ofr and /etc/default/vyatta.

 What I would likely do is have a config file that has the equivalent of a
 #include which tries a sequence of locations.

 /mnt/usb/config/config.boot, /mnt/flash/config/config.boot,
 /mnt/floppy/config/config.boot,/opt/vyatta/etc/config/config.boot

 By adding a simple Done or just having the config files overwrite each
 other in reasonable ways, we end up with a live CDROM that can boot on any
 machine yet find a configuration file.

 I'm actually going to have to look into a diskless version of Vyatta at some
 point.

 Thanks again for the pointers.

 Best, -Chris



 On Fri, Feb 29, 2008 at 6:33 PM, Justin Fletcher [EMAIL PROTECTED] wrote:
  That's actually a harder problem - you can do it by changing where the
 system
  looks for configuration on boot, install to disk and then modify the
  files to change
  what's mounted and where the system looks for the configuration, or build
 from
  scratch and create your own LiveCD with the changes in it.
 
  In VC4, look in /etc/init.d/vyatta-ofr, /etc/default/vyatta, and
  /etc/default/vyatta-cfg.
 
  If you make the changes that let the system find the configuration on
  a flash drive,
  be sure to submit them back to the hackers list (or should that be
  forum??) for inclusion
  for others as well :-)
 
  Best,
  Justin
 
 
 
 
  On Tue, Feb 26, 2008 at 9:23 PM, Christopher Johnson [EMAIL PROTECTED]
 wrote:
   Is there anyway, other than floppy disk, to have the OFR get a
 configuration
   file on boot from CDROM?  I'd love for it to be able to read from a USB
   thumb drive, load it from a TFTP site (use the standard boot methods to
 do
   so) or in anyway to get a configuration file into the system with out me
   being at the console.
  
   This is glendale VC4, Alpha 1, soon to be Alpha 2.
  
   Best,
   -Chris
   P.S. I did try load of an URL, and it died.
  
  
   ___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
  
  
  ___
  Vyatta-users mailing list
  Vyatta-users@mailman.vyatta.com
  http://mailman.vyatta.com/mailman/listinfo/vyatta-users
 


 ___
  Vyatta-users mailing list
  Vyatta-users@mailman.vyatta.com
  http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Glendale Alpha 1 ERROR!!!

2008-02-28 Thread Justin Fletcher
However, make sure it's not already filed before you do - this was bug 2478 :-)

https://bugzilla.vyatta.com/show_bug.cgi?id=2478

Justin

On Thu, Feb 28, 2008 at 10:42 AM, Dave Roberts [EMAIL PROTECTED] wrote:


 File it for the bug bounty contest! ;-)


 You are absolutely correct.  Therefore the bug is:  telnet is not properly
 mapped.  *GRIN*

 Thanks for your help Stig.

 Best,
 -Chris

 ___
  Vyatta-users mailing list
  Vyatta-users@mailman.vyatta.com
  http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] vrrp issues on VC3

2008-02-25 Thread Justin Fletcher
Some systems have issues with the virtual MAC addresses - try the
option to disable it.

Best,
Justin

On Mon, Feb 25, 2008 at 8:35 AM, Tobias Orlamuende
[EMAIL PROTECTED] wrote:
 Ken,

  You might have seen the vrrp priority of 150 for eth2 on R2 which was
  just a test and replaced with 20 since a few days, but the problem still
  exists.

  Anyone else? ;-)

  Cheers
  Tobias

  Ken Rozinsky schrieb:


  Hello,
  
   I'm in no way an expert but it looks to me like the priority on both
   your eth2 interfaces are set at 150.
   setting the second to 20 might fix it for you.
  
   Regards,
   Ken
  
  
  
   Tobias Orlamuende wrote:
   Yes, all interfaces are GBit, but connected to a 100 MBit/s switch.
   Interfaces are Intel 82571EB and 82573E/82573L
   /var/log/messages prints only errors like these ones:
  
   Feb 25 13:34:24 localhost kernel: ll header:
   ff:ff:ff:ff:ff:ff:00:00:5e:00:01:04:08:06
   Feb 25 13:35:25 localhost kernel: printk: 7 messages suppressed.
   Feb 25 13:35:25 localhost kernel: martian source 78.138.64.54 from
   78.138.64.71, on dev eth0
   Feb 25 13:35:25 localhost kernel: ll header:
   ff:ff:ff:ff:ff:ff:00:00:5e:00:01:04:08:06
   Feb 25 13:35:25 localhost kernel: martian source 78.138.64.54 from
   78.138.64.71, on dev eth2
   Feb 25 13:35:25 localhost kernel: ll header:
   ff:ff:ff:ff:ff:ff:00:00:5e:00:01:04:08:06
   Feb 25 13:35:25 localhost kernel: martian source 78.138.64.74 from
   78.138.64.71, on dev eth0
   Feb 25 13:35:25 localhost kernel: ll header:
   ff:ff:ff:ff:ff:ff:00:00:5e:00:01:04:08:06
   Feb 25 13:35:25 localhost kernel: martian source 78.138.64.74 from
   78.138.64.71, on dev eth2
   Feb 25 13:35:25 localhost kernel: ll header:
   ff:ff:ff:ff:ff:ff:00:00:5e:00:01:04:08:06
  
   Cheers
  
   Tobias
  
   Dave Strydom schrieb:
  
   are all the interfaces 1000Mbit interfaces?
   and
   if you login to the routers as root, what do you have in 
 /var/log/messages ?
  
   - Dave
  
   On Mon, Feb 25, 2008 at 12:54 PM, Tobias Orlamuende
   [EMAIL PROTECTED] wrote:
  
   Hi all,
  
I set up 2 routers with VC3 and want them to do vrrp. Setup of vrrp was
done exactly as described in the documentation.
Unfortunately vrrp doesn't seem to work properly. On both routers vrrp
seems to act as a master. When connecting to one of the physical
addresses of one of the routers, I get packetloss of about 50%. The
other router is fine as well as their virtual IP.
  
My setup looks as follows:
  
Upstream via a small transfer-net 83.220.149.16/29 (eth0)
The following networks are received through this transfer-net:
194.8.86.0/24 (eth2)
78.138.64.0/25 (eth1)
Default-route points to our upstream-provider's router (83.220.149.17)
  
Router1:
  
[EMAIL PROTECTED] show interfaces
loopback lo {
}
ethernet eth0 {
description: upstream
hw-id: 00:15:17:39:b6:8a
address 83.220.149.19 {
prefix-length: 29
broadcast: 83.220.149.23
}
vrrp {
vrrp-group: 3
virtual-address: 83.220.149.18
authentication: 123456
priority: 150
}
}
ethernet eth1 {
description: old-PA
hw-id: 00:15:17:39:b6:8b
address 78.138.64.71 {
prefix-length: 25
broadcast: 78.138.64.127
}
vrrp {
vrrp-group: 4
virtual-address: 78.138.64.1
priority: 150
}
}
ethernet eth2 {
description: old-local
hw-id: 00:30:48:91:96:06
address 194.8.86.1 {
prefix-length: 24
broadcast: 194.8.86.255
}
vrrp {
vrrp-group: 2
virtual-address: 194.8.86.254
priority: 150
}
}
ethernet eth3 {
hw-id: 00:30:48:91:96:07
}
  
[edit]
  
[EMAIL PROTECTED] show vrrp
Physical interface: eth0, Address: 83.220.149.19
  Interface state: up, Group: 3, State: master
  Priority: 150, Advertisement interval: 1s, Authentication type: 
 simple
  Preempt: yes, VIP count: 1, VIP: 83.220.149.18
  Advertisement timer: 3310s, Master router: 83.220.149.19
  Virtual MAC: 00:00:5E:00:01:03
  
Physical interface: eth1, Address: 78.138.64.71
  Interface state: up, Group: 4, State: master
  Priority: 150, Advertisement interval: 1s, Authentication type: none
  Preempt: yes, VIP count: 1, VIP: 78.138.64.1
  Advertisement timer: 3310s, Master router: 78.138.64.71
  Virtual MAC: 00:00:5E:00:01:04
  
Physical interface: eth2, Address: 194.8.86.1
  Interface state: up, Group: 2, State: master
  Priority: 150, Advertisement interval: 1s, Authentication type: none
  Preempt: yes, VIP count: 1, VIP: 194.8.86.254
 

Re: [Vyatta-users] Clustering Causes Reboots

2008-02-24 Thread Justin Fletcher
No, that's not intentional ;-)  I haven't seen that before either - is
there any information
in the log files, or from show cluster status?

Do you end up in a split-brain situation where the two systems can't
exchange heartbeats?

The reboot-on-panic option takes effect on kernel panic, so it
shouldn't affect you here.

Justin

On Sun, Feb 24, 2008 at 2:55 PM, Ben Speckien [EMAIL PROTECTED] wrote:
 Hello I've been playing with clustering on VC3 (10/29/07) and I can't
  get it to work well.

  It seems that when one router moves from secondary to primary one or
  both router have to reboot.  Is this supposed to happen?  Furthermore,
  if I disconnect the secondary router the primary router or both routers
  reboot when I reconnect the secondary router.

  I have set system options reboot-on-panic to false.

  It doesn't seem like the auto-failback option does anything and
  sometimes the primary router reboots every time I try to set it to true.

  Does the hardware make a difference?

  Thanks,

  Ben
  ___
  Vyatta-users mailing list
  Vyatta-users@mailman.vyatta.com
  http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Adding Firewall rules remotely

2008-02-22 Thread Justin Fletcher
One way to do it would be with an expect script that logs in and
updates a firewall rule.
You'd need to track locally when the rule was added, so you could then
removed it,
perhaps with a simple text file and a cron job.

Best,
Justin

On Fri, Feb 22, 2008 at 1:08 PM, Christopher Johnson [EMAIL PROTECTED] wrote:
 I have my systems set up to monitor authentication failures.  I want one
 system to be able to automatically add a firewall rule to deny a particular
 IP address.  In the best of all worlds, that firewall rule would then expire
 at some time in the future.

 I.e. Failed password for root from 35.8.1.1 port 38876 ssh2 is the logged
 message.  (And no, nobody form MSU tried this,  just one of my test IPs from
 a very long time ago).

 What I'd like to do is an SSH to the OFR which would then add a firewall
 rule that would expire in two weeks.

 ssh vyatta.example.com /usr/local/bin/blockip 35.8.1.1 14

 Any suggestions on what blockip might look like would be very nice.

 Thanks,
 -Chris


 ___
  Vyatta-users mailing list
  Vyatta-users@mailman.vyatta.com
  http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] MIssing the sysServices.0 OID from the MIB

2008-02-22 Thread Justin Fletcher
Yes, it's not in the SNMP configuration file, but it's easy to fix.

As root, add to /etc/snmp/snmpd.conf:

sysServices 4

which shows that up to and including the internet layer is supported.

Then run

/opt/vyatta/sbin/snmpd.init restart

These are the commands for Glendale, but it'll either be the same or
very similar for previous releases.

I'll file a bug on it for you as well.

Justin

On Fri, Feb 22, 2008 at 3:11 PM, Philip McDonald
[EMAIL PROTECTED] wrote:
 My OSS app is trying to discover a Vyatta NE and is being tripped-up by the
 lack of a  sysServices OID (.1.3.6.1.2.1.1.7.0)  in the mib.
 Why does vyatta lack this OID while all other commercial NEs have this
 included in their system mib?

 As a work-around I've tried using snmpset to set the sysService OID but it
 tells me that the OID doesn't exist and it won't add the OID by default.

 Should I try snmpconfig?  If so, how would I solve this problem.

 Thanks,
 P


 ___
  Vyatta-users mailing list
  Vyatta-users@mailman.vyatta.com
  http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Vyatta Crashing -- Have to reboot

2008-02-14 Thread Justin Fletcher
Unfortunately, you need to restart the system to recover from these
errors in this version.  However, major changes have been made in
Glendale, so you won't see these issues in
the next release.  Alpha 1 is available, so you can give it a try now.

Justin

On Thu, Feb 14, 2008 at 7:27 AM,  [EMAIL PROTECTED] wrote:
 All,

  I have now been using vyatta at two of my locaitons (production) and it has 
 been very promising. However, I have run into the problem where I essentially 
 cannot do any more 'commits'. This can randomly happen on various things, but 
 adding / removing an interface is definitley one of them. The only thing I 
 can do to fix the issue is to reboot (init 6) the vyatta box and then add in 
 my new configuration once it comes back up.

  I would like some help just troubleshooting / debugging, so I don't have to 
 do a full restart to get back to a working condition. I am using VC 3.

  Below is an example log from /var/log/messages


  Feb 14 09:10:57 localhost xorp_fea: [ 2008/02/14 09:10:57  ERROR 
 xorp_fea:7163 FEA +99 
 /home/autobuild/builds/master/2007-10-24-0001/ofr/xorp/xorp/fea/ifconfig_set.cc
  push_config ] Interface error on eth0.398: interface not recognized

  Feb 14 09:10:57 localhost xorp_rtrmgr: [ 2008/02/14 09:10:57  ERROR 
 xorp_rtrmgr:3936 LIBXORP +741 
 /home/autobuild/builds/master/2007-10-24-0001/ofr/xorp/xorp/libxorp/run_command.cc
  done ] Command /opt/vyatta/sbin/commit_interface.sh: exited with exit 
 status 255.

  Feb 14 09:10:57 localhost xorp_rtrmgr: [ 2008/02/14 09:10:57  ERROR 
 xorp_rtrmgr:3936 RTRMGR +1647 
 /home/autobuild/builds/master/2007-10-24-0001/ofr/xorp/xorp/rtrmgr/task.cc 
 execute_done ] Error found on program stderr!
  Feb 14 09:10:57 localhost xorp_rtrmgr: [ 2008/02/14 09:10:57  ERROR 
 xorp_rtrmgr:3936 RTRMGR +701 
 /home/autobuild/builds/master/2007-10-24-0001/ofr/xorp/xorp/rtrmgr/master_conf_tree.cc
  commit_pass2_done ] Commit failed:


  Any suggestions would be appreciated.

  I believe what is 'fixing' my issue is restarting the CLI and possibly 
 router program-- perhaps I can do that on the command line without restarting 
 the entire machine?

  Thanks
  -Aaron
  ___
  Vyatta-users mailing list
  Vyatta-users@mailman.vyatta.com
  http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Going to shell on Vyatta

2008-02-11 Thread Justin Fletcher
However, changes made directly to /etc/passwd are not preserved
on reboot, so you'd need to re-create the user account each time.

Justin

On Feb 11, 2008 3:44 AM, Davide Bologna [EMAIL PROTECTED] wrote:
 Usually the vyatta user is meant for router
 administration, so it have direct access to xorpsh, as
 configured in /etc/passwd.

 You can run the application from the root shell or,
 better, create a new user to run it. Remember that
 Vyatta is a specialized Linux, but is still Linux
 inside, so just useradd.

 Davide


 --- piyush sharma [EMAIL PROTECTED] ha scritto:


  Sorry Stig, my question was meant for Vyatta in
  general.
  I didn't edit the subject line earlier.
  I have to run an application on the linux on the
  Vyatta machine.
  For that I require to go to the shell prompt.
  I wanted to know how can I do that.
  I have logged in as user vyatta on the router.
  Please help me.
 
  Thanks,
  Piyush
   ___
  Vyatta-users mailing list
  Vyatta-users@mailman.vyatta.com
 
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users
 



   ___
 L'email della prossima generazione? Puoi averla con la nuova Yahoo! Mail:
 http://it.docs.yahoo.com/nowyoucan.html

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Going to shell on Vyatta

2008-02-10 Thread Justin Fletcher
Log in as root; that'll give you the Linux shell.

Best,
Justin

On Feb 10, 2008 9:09 PM, piyush sharma [EMAIL PROTECTED] wrote:


 Sorry Stig, my question was meant for Vyatta in general.
 I didn't edit the subject line earlier.
 I have to run an application on the linux on the Vyatta machine.
 For that I require to go to the shell prompt.
 I wanted to know how can I do that.
 I have logged in as user vyatta on the router.
 Please help me.

 Thanks,
 Piyush

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] interface names move

2008-02-08 Thread Justin Fletcher
It's just the order they were initially discovered by the system, and
it can vary.
It's also one of the reasons there's the hw-id parameter in the
interfaces section -
that way the interface your prefer is locked to an interface name.  If
you want to
change the order, change the hw-id entry, either through the
configuration commands,
or edit config.boot directly (I prefer the latter to cut and paste) and reboot.

Justin

On Feb 8, 2008 5:05 AM, Dave Strydom [EMAIL PROTECTED] wrote:
 I'm got two identical HP DL140 machines, both with additional Intel
 Dual Port 1000/PT cards.

 On the one machine (router 1)
 Onboard NIC 1 = eth0
 Onboard NIC 2 = eth1
 Intel NIC 1 = eth2
 Intel NIC 2 - eth3

 On the 2nd machine (router 2)
 Onboard NIC 1 = eth2
 Onboard NIC 2 = eth3
 Intel NIC 1 = eth0
 Intel NIC 2 = eth1


 How can two identical machines have the interface names switched around?

 - Dave
 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Vyatta running on appliance...

2008-02-07 Thread Justin Fletcher
What's the last message before it hangs?

Justin

On Feb 7, 2008 2:12 PM, ken Felix [EMAIL PROTECTED] wrote:
 I'm doing the same but with a 2gb and 4gb fast Compact Flash. It runs
 great but I just notice a problem the last 2 days in my test lab and it
 ( host ) hangs at boot time. Could be y hardware or CF card or adpater.


 fwiw, Logic supply has shipped their servers to me but so far I've
 haven't received all of my new pieces for my project.

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Possible OSPF problems

2008-02-06 Thread Justin Fletcher
If you're pinging public - public, it's the same subnet, which means the
devices are communicating directly, and not even going through the router,
so OSPF shouldn't be an issue.

Trace a traceroute from one of the devices in question, or see if you can
get a packet capture.  COULD be a switch, spanning tree issue, interface
configuration mismatch or . . .

Best,
Justin

On Feb 6, 2008 5:05 AM, Joe Pub [EMAIL PROTECTED] wrote:
 I think I have a problem with some OSPF routing.  I have a small
 network setup (see attached image) which uses 2 OSPF areas, with 3
 subnets.  I have a LAN subnet (192.168.10.0/23, Area 0.0.0.1) and a
 DMZ subnet (172.20.0.0/23, Area 0.0.0.0) and a public subnet which is
 not configured using OSPF.

 I can connect and ping nodes from LAN -- DMZ no problem and can
 also ping from DMZ - Public no problem.  But when I try to ping
 and connect to machines within my own public range LAN  - Public
 I have some connectivity issues.  Pings will take a while and time
 out, then eventually (2 - 10 seconds) it's like OSPF has figured how
 to get there and they works.  If them hosts then have not been
 contacted in a while since it started working, I have the ping and
 connectivity problems again.

 Does anyone have any idea where I might be going wrong here?

 protocol config for the both internal routers below with respective
 OSPF and routing tables.  If you need further information please let
 me know.

 Thank for the help.

 ---

 protocols {
 ospf4 {
 router-id: 10.1.1.1
 rfc1583-compatibility: false
 ip-router-alert: false
 area 0.0.0.0 {
 area-type: normal
 interface eth1 {
 link-type: broadcast
 address 172.20.1.251 {
 priority: 128
 hello-interval: 10
 router-dead-interval: 40
 interface-cost: 1
 retransmit-interval: 5
 transit-delay: 1
 passive: false
 disable: false
 }
 }
 }
 area 0.0.0.1 {
 area-type: normal
 interface eth0 {
 link-type: broadcast
 address 192.168.11.253 {
 priority: 128
 hello-interval: 10
 router-dead-interval: 40
 interface-cost: 1
 retransmit-interval: 5
 transit-delay: 1
 passive: false
 disable: false
 }
 }
 }
 }
 static {
 disable: false
 }
 }

 Routes: 8/8, Paths: 8/8
 0.0.0.0/0[ospf(1)] to 172.20.1.253via eth1
 10.1.1.1/32[connected(0)] to 10.1.1.1
via lo
 10.1.1.3/32[ospf(2)] to 172.20.1.253via eth1
 10.1.1.4/32[ospf(2)] to 172.20.1.252via eth1
 127.0.0.0/8[connected(0)] to 127.0.0.1
 via lo
 172.20.0.0/23[connected(0)] to 172.20.1.251
  via eth1
 192.168.10.0/23[connected(0)] to
 192.168.11.253via eth0
 192.168.11.254/32[connected(0)] to 192.168.11.254
via eth0

 

 protocols {
 ospf4 {
 router-id: 10.1.1.2
 rfc1583-compatibility: false
 ip-router-alert: false
 area 0.0.0.0 {
 area-type: normal
 interface eth1 {
 link-type: broadcast
 address 172.20.1.250 {
 priority: 128
 hello-interval: 10
 router-dead-interval: 40
 interface-cost: 1
 retransmit-interval: 5
 transit-delay: 1
 passive: false
 disable: false
 }
 }
 }
 area 0.0.0.1 {
 area-type: normal
 interface eth0 {
 link-type: broadcast
 address 192.168.11.252 {
 priority: 128
 hello-interval: 10
 router-dead-interval: 40
 interface-cost: 1
 retransmit-interval: 5
 transit-delay: 1
 passive: false
 disable: false
 }
 }
 }

Re: [Vyatta-users] Possible OSPF problems

2008-02-06 Thread Justin Fletcher
Ah - my mistake in terminology translation :-)

Since is IS running through the router, turn on tshark on one of the
router interfaces,  see what's on the (virtual) wire when you start a ping.
Does the router even see it inbound through the virtual switch?

Justin

On Feb 6, 2008 5:05 AM, Joe Pub [EMAIL PROTECTED] wrote:
 I think I have a problem with some OSPF routing.  I have a small
 network setup (see attached image) which uses 2 OSPF areas, with 3
 subnets.  I have a LAN subnet (192.168.10.0/23, Area 0.0.0.1) and a
 DMZ subnet (172.20.0.0/23, Area 0.0.0.0) and a public subnet which is
 not configured using OSPF.

 I can connect and ping nodes from LAN -- DMZ no problem and can
 also ping from DMZ - Public no problem.  But when I try to ping
 and connect to machines within my own public range LAN  - Public
 I have some connectivity issues.  Pings will take a while and time
 out, then eventually (2 - 10 seconds) it's like OSPF has figured how
 to get there and they works.  If them hosts then have not been
 contacted in a while since it started working, I have the ping and
 connectivity problems again.

 Does anyone have any idea where I might be going wrong here?

 protocol config for the both internal routers below with respective
 OSPF and routing tables.  If you need further information please let
 me know.

 Thank for the help.

 ---

 protocols {
 ospf4 {
 router-id: 10.1.1.1
 rfc1583-compatibility: false
 ip-router-alert: false
 area 0.0.0.0 {
 area-type: normal
 interface eth1 {
 link-type: broadcast
 address 172.20.1.251 {
 priority: 128
 hello-interval: 10
 router-dead-interval: 40
 interface-cost: 1
 retransmit-interval: 5
 transit-delay: 1
 passive: false
 disable: false
 }
 }
 }
 area 0.0.0.1 {
 area-type: normal
 interface eth0 {
 link-type: broadcast
 address 192.168.11.253 {
 priority: 128
 hello-interval: 10
 router-dead-interval: 40
 interface-cost: 1
 retransmit-interval: 5
 transit-delay: 1
 passive: false
 disable: false
 }
 }
 }
 }
 static {
 disable: false
 }
 }

 Routes: 8/8, Paths: 8/8
 0.0.0.0/0[ospf(1)] to 172.20.1.253via eth1
 10.1.1.1/32[connected(0)] to 10.1.1.1
via lo
 10.1.1.3/32[ospf(2)] to 172.20.1.253via eth1
 10.1.1.4/32[ospf(2)] to 172.20.1.252via eth1
 127.0.0.0/8[connected(0)] to 127.0.0.1
 via lo
 172.20.0.0/23[connected(0)] to 172.20.1.251
  via eth1
 192.168.10.0/23[connected(0)] to
 192.168.11.253via eth0
 192.168.11.254/32[connected(0)] to 192.168.11.254
via eth0

 

 protocols {
 ospf4 {
 router-id: 10.1.1.2
 rfc1583-compatibility: false
 ip-router-alert: false
 area 0.0.0.0 {
 area-type: normal
 interface eth1 {
 link-type: broadcast
 address 172.20.1.250 {
 priority: 128
 hello-interval: 10
 router-dead-interval: 40
 interface-cost: 1
 retransmit-interval: 5
 transit-delay: 1
 passive: false
 disable: false
 }
 }
 }
 area 0.0.0.1 {
 area-type: normal
 interface eth0 {
 link-type: broadcast
 address 192.168.11.252 {
 priority: 128
 hello-interval: 10
 router-dead-interval: 40
 interface-cost: 1
 retransmit-interval: 5
 transit-delay: 1
 passive: false
 disable: false
 }
 }
 }
 }
 static {
 disable: true
 }
 }


 Routes: 7/7, Paths: 7/7
 

Re: [Vyatta-users] Transparent IP Mapping

2008-02-06 Thread Justin Fletcher
Yes, the Vyatta will do this - with a LOT more control.  Your Netopia
is doing NAT
for you; if you want it, you'll be able to configure it.  By default,
of course, NAT
isn't configured on the Vyatta, so you'll have to set it up to get the
results you want.

Best,
Justin

On Feb 6, 2008 7:42 AM, Rob Menzies [EMAIL PROTECTED] wrote:




 I currently have a Netopia R910 supporting my network.  My ISP has provided
 me with a /29 subnet.  The Netopia permits these additional IP Addressed to
 be behind my R910 through what they call Transparent IP Mapping.  These IP
 addressed live on the same switch as my 10.x.x.x/24 network.  Does the
 Vyatta permit this?  From what I've read, the VLAN looks like it will work,
 but some clarification would be appreciated.  Here is the text from
 Netopia's site on the Transparent IP Mapping:

 If your ISP has assigned you multiple static IP addresses you may want to
 have one or more of these IP's assigned directly to hosts or servers behind
 the Netopia with NAT enabled. If you want to place a public IP onto the
 local workstation, (i.e. not a 192.168.1.x address), then this Quick Guide
 will take you through this process step-by-step. How this is done will be
 determined by the type of routing (or bridging) handled from the ISP. The
 IP's can be routed to the Ethernet interface of the router, or be bridged to
 you on the WAN interface.

 This configuration will transparently map your public IP addresses in a way
 that will allow you to configure workstations behind the router to hold
 these public IP addresses and make them publicly accessible, bypassing the
 NAT process on this secondary subnet.


 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] vLAN Switch

2008-02-04 Thread Justin Fletcher
Definitely.  It's part of the VLAN tag.

Best,
Justin

On Feb 4, 2008 9:26 PM, Go Wow [EMAIL PROTECTED] wrote:
 Hey

  I Have configured vlan in vyatta and bought a vlan enabled switch its
 D-link DES-1226. I want to know when configuring the switch whether I
 need to give the VID in switch the same as the vLAN ID is created in
 vyatta?
 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Bandwidth limitation

2008-02-04 Thread Justin Fletcher
Coming soon in a Glendale build near to you :-)

Justin

On Feb 4, 2008 9:26 PM, Dams [EMAIL PROTECTED] wrote:
 Hi,

 I would like to know if there is an option in vyatta to limit the bandwidth
 on specific ip or all ip ?

 Thanks

 --
 Cordialement / Sincerely
 Dams


 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] ps3

2008-02-04 Thread Justin Fletcher
Port forwarding should be straight-forward with the Vyatta CLI; look for recent
ssh examples on this list.

Personally, I'd create a rule for each protocol and port/port range.

Best,
Justin

On Feb 4, 2008 8:31 PM, Nathan McBride [EMAIL PROTECTED] wrote:
 Hey guys, I finally got my old comp which is running vyatta to now be a
 wireless vyatta router.  So I can connect my Playstation 3 to the router
 and it goes on the network and most things work.  However it only has
 what playstation calls nat3.  This is because it isn't getting all the
 ports it needs.  The playstation 3 needs:

 • TCP Ports: 80, 443, 5223, and 10070 - 10080
 • UDP Ports: 3478, 3479, 3658, and 10070

 I don't care about 80 and 443.  However I really want to get nat2
 working because I'm having issues with Unreal III.  What would be the
 best way to do this?  Can / should I create an iptables rule to make a
 DMZ zone?  I had to make the firewall with iptables not vyatta cause I
 couldn't figure it out... :'(  Should I just create a nat rule for each
 port and forward it to my playstation's ip after setting it as static?

 Thanks,
 Nate

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Firewall Logs

2008-02-01 Thread Justin Fletcher
Yes, I've had it enabled and working before.  The traffic needs to hit a
firewall rule before it'll be logged; you may also need to adjust the global
log level down from it's current default of warning to informational or lower.

Justin


On Feb 1, 2008 2:12 PM, Go Wow [EMAIL PROTECTED] wrote:
 But it doesn't show me the required information, did you try it? I
 want to make sure that somebody did try it and its working fro them
 cuz currently it isn't working for me :( .

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Managing different subnet with different gateway

2008-02-01 Thread Justin Fletcher
To summarize, traffic does know anything about where it's been.  There's no
guarantee that traffic will go back the same route it came in;
asymmetric routing
is very common.

All a router knows is the IP address of the destination packet it
needs to forward;
it'll then use its routing information to select the next hop router,
when then makes
it's own independent decision.  It's a little simplified :-) but
pretty much the case.

So yes - think both directions - how the request packet comes in, and how the
response packet is routed back.

Best,
Justin

On Jan 31, 2008 11:13 AM, Daren Tay [EMAIL PROTECTED] wrote:
 Hi all,

 I've been toying with this mini project and have some quite interesting
 findings... problem persist somehow... help would be appreciated.
 btw.. these are for a web infrastructure setup purpose.

 Setup
 

 01 x main router  --- this is the router that is to manage 2 different
 subnet, and ensure that their outgoing traffic go by a fixed gateway, and
 not just the default gateway.
 02 x laptop -- they simulate the 2 internal subnet
 02 x small routers (one linksys, one vyatta) --- they simulate the
 different subnet of the outgoing connection, the gateways

 For the main router:
 ---
 eth0: 192.168.2.1 /24 -- to small router (vyatta)
 eth1: 192.168.3.1 /24 -- to small router (linksys)
 eth2: 192.168.20.1 /24 -- laptop1 (192.168.20.2)
 eth3: 192.168.30.1 /24 -- laptop2 (192.168.30.2)

 For the small routers
 
 :: vyatta ::
 LAN -- 192.168.2.2
 WAN -- 192.168.1.232
 Gateway -- 192.168.1.1

 :: linksys ::
 LAN -- 192.168.3.2
 WAN -- 192.168.1.233
 Gateway -- 192.168.1.2

 *Note: both gateways are separate ADSL modems

 So I go ahead and set them up normally, with default routing pointed to
 either one. Everything works fine.
 Both laptops can ping each other and can ping the gateway and beyond
 (internet). No problem. So I attempt to test the ip tool.


 IP Tool
 =
 Base on what was advice, I look through, tried and read...

 i create 2 ip route table (other than the default).
 I added the following ip route:
 ip route add default via 192.168.2.2 dev eth0 tab 1
 ip route add default via 192.168.3.2 dev eth1 tab 2

 As you can see, table 1 is for routing out through the vyatta small router,
 table 2 through the link sys small router.

 I then add the following:
 ip rule add from 192.168.20.0/24 tab 1 priority 500
 ip rule add from 192.168.30.0/24 tab 2 priority 600

 At this point, nothing works anymore. My 2 subnet cannot ping out anymore.
 I then copied the entries from ip route show and put them into table1 and
 table2.
 This way, the routes for ip route show, ip route show table 1, ip route
 show table 2 are the same, except the default path.
 Btw, there is no default path in ip route show.


 Problem
 -
 After doing the above... the default path via the linksys router works
 fine...
 but the vyatta (small router) totally cannot work. I can still ping both its
 port (LAN and WAN), but nothing beyond. not even the 1.0 network with the
 modems... I'm not sure why.. and I am hoping some kind folks may shed some
 light on this. would appreciate this. The main vyatta router can ping
 through all of them though.

 so far, Am I doing it correctly?


 Another question though:
 without going through this testing... incoming traffic to the 2 different
 subnet will naturally go through their respective gateways. the question is
 whether the outgoing traffic will go through the correct gateway, or just
 the default gateway.. hence after getting advice from the good folks.. i
 began testing..

 but something just struck me... say i don't do any of these tests. i just
 leave it be. so when people serve either websites (from the different
 subnets), the DNS resolution will naturally bring them through the different
 gateway and on to the appropriate subnet right? If that's the case, when the
 request returns to the user, will it go back by the way it came from, or via
 the default gateway...?

 My worry is that it will go through the default gateway, hence I asked about
 this whole test. But thinking about it.. it can go back the way it come from
 isn't it?

 Sorry about the lengthy question, networking amateur here :)

 Many thanks for the patience and interest!
 Daren
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Dual-screened subnet

2008-01-31 Thread Justin Fletcher
You apply a firewall on an interface-basis, and whether it's inbound, outbound,
or local to the router, so I think that'll do what you want (if I'm
interpreting correctly).

Best,
Justin

On Jan 22, 2008 8:58 AM, Elías Manchón López [EMAIL PROTECTED] wrote:



 Hi Folks!.

 I need set up a dual-screened subnet and I'm thinking to use vyatta on the
 two pc with two NIC's every one. The front firewall and the back firewall, I
 don`t know if this is possible with vyatta and if I will have some
 limitation. I think that the front router will does natting and the back
 router will does routing.

 Wha do you think about this issue?.

 Thanks in advance.



 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Unable to login, solved by reboot

2008-01-30 Thread Justin Fletcher
As you can see, nothing jumps out in the log.  A detailed search may
turn up more information; otherwise, at least you've got a work-around
:-)

Justin

On Jan 29, 2008 2:48 PM, Jostein Martinsen-Jones [EMAIL PROTECTED] wrote:
 Log result attached.
 I managed to login if I changed the passwords for my troubled users.
 Somethimes the encrypted-password didn't get encrypted.


 2008/1/29, Justin Fletcher [EMAIL PROTECTED]:

  Give show log | match ERROR a try.
 
  Justin
 
  On Jan 29, 2008 2:00 PM, Jostein Martinsen-Jones [EMAIL PROTECTED]
 wrote:
   I have this problem again. Now i was able to login to a user account I
   created, but unable to view logfiles since im in xorpsh.
  
   2008/1/28, Justin Fletcher [EMAIL PROTECTED]:
  
Anything untoward in the log files?
   
Justin
   
On Jan 28, 2008 7:29 AM, Jostein Martinsen-Jones [EMAIL PROTECTED]
   wrote:
 Today I had a wierd experience with Vyatta.
 I was unable to login on any account. Did a reboot, then everything
 was
 normal.
 What is going on?

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


   
  
  
 


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Managing different subnet with different gateway

2008-01-30 Thread Justin Fletcher
Yes, eth0 and eth1 should be on different subnets; if not, the router doesn't
know which interface should be used to send traffic to another device on that
subnet.

Best,
Justin

On Jan 30, 2008 7:47 AM, Daren Tay [EMAIL PROTECTED] wrote:
 Hi guys,

 I revisited the issue after getting a box to test

 I have set up a vyatta router with 4 ports

 eth0: 192.168.1.232 (WAN) - simulate gateway#1
 eth1: 192.168.1.233 (WAN) - simulate gateway#2
 eth2: 192.168.20.1 (LAN) - simulate LAN #1, represented by a laptop
 192.168.20.2 :: to route through eth0 for gateway 192.168.1.1
 eth3: 192.168.30.1 (LAN) - simulate LAN #2, represented by a laptop
 192.168.30.2 :: to route through eth1 for gateway 192.168.1.2

 I can't get eth3 to work somehow.. I think the laptop needs to be connected
 using a cross cable (using different laptops)
 but .20.x side is working fine. As attached is the config.

 I then run the ip tool on 192.168.30.0..

 but i still can't route out.

 when i set the gateway, it routes out, but via that gateway...

 both 192.168.1.1 abd 1.2 and adsl modems... or should I be ensuring both
 eth0 and eth1 are of different subnet?
 below is the config i did...
 
 vyatta:~# ip route add default via 192.168.1.2 dev eth1 tab 2
 vyatta:~# ip rule add from 192.168.30.0/24 tab 2 priority 600
 vyatta:~# ip route list
 192.168.20.0/24 dev eth2  proto kernel  scope link  src 192.168.20.1
 192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.232
 192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.233
 192.168.30.0/24 dev eth3  proto kernel  scope link  src 192.168.30.1
 vyatta:~# ip rule list
 0:  from all lookup 255
 600:from 192.168.30.0/24 lookup 2
 32766:  from all lookup main
 32767:  from all lookup default
 =


 Food for thought? More testing to be done tomorrow!

 Thanks folks!
 Daren

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of Daren Tay
 Sent: Tuesday, January 08, 2008 11:50 AM
 To: Robert Bays

 Cc: vyatta-users@mailman.vyatta.com
 Subject: Re: [Vyatta-users] Managing different subnet with different
 gateway


 Ok roberts, will take note of that.

 My concern is just to ensure the 2 subnet have their traffic routed through
 their respective gateways as different bandwidth is purchased for them :)

 Thanks man!
 Daren

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of Robert Bays
 Sent: Tuesday, January 08, 2008 2:59 AM
 To: vyatta-users@mailman.vyatta.com
 Subject: Re: [Vyatta-users] Managing different subnet with different
 gateway


 Daren,

 I would still setup a global default route in the router to handle
 traffic not explicitly source routed.

 Cheers,
 Robert.

 Daren Tay wrote:
  Hi guys,
 
  one more question:
  say I do the below mentioned way to have multi-gateway setup, but there'll
  still be a default gateway set in xorpsh yeah?
  Will this affect how traffic is routed out?
 
  Or should I just do away with the default gateway setup?
 
  Thanks!
  Daren
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED] Behalf Of Daren Tay
  Sent: Saturday, January 05, 2008 12:32 PM
  To: vyatta-users@mailman.vyatta.com
  Subject: Re: [Vyatta-users] Managing different subnet with different
  gateway
 
 
  Ah silly me, the obvious
 
  Thanks!
  Daren
 
  -Original Message-
  From: Robert Bays [mailto:[EMAIL PROTECTED]
  Sent: Saturday, January 05, 2008 7:00 AM
  To: Daren Tay
  Cc: vyatta-users@mailman.vyatta.com
  Subject: Re: [Vyatta-users] Managing different subnet with different
  gateway
 
 
  Running traceroute from a system on each subnet should show you
  different paths.
 
  cheers.
 
  Daren Tay wrote:
  Cool guys :)
 
  I'm gonna give the ip rule a test when I head back to office on monday,
  but
  how do I determine that it is working?
 
  Once that is done, I'll look into the bandwidth throttling.
 
  Daren
 
  -Original Message-
  From: Robert Bays [mailto:[EMAIL PROTECTED]
  Sent: Saturday, January 05, 2008 5:17 AM
  To: Daren Tay
  Cc: vyatta-users@mailman.vyatta.com
  Subject: Re: [Vyatta-users] Managing different subnet with different
  gateway
 
 
  Daren,
 
  Yep.  The tool is the standard linux ip command.  The ip rule from
  part tells the system that anything from this address should go to table
  n.  Each table has a separate default route.
 
  XORP *shouldn't* kill these routes since they aren't in the master
  table.  YMMV.  As Aubrey correctly pointed out, you will want to add
  these commands to your startup files so they are added at each boot.
 
  As for tracking bandwidth, you could also poll interface stats using
  SNMP and rrdtool/mrtg.  (ifOutOctets)
 
  Good Luck!
 
  Cheers,
  Robert.
 
 
 
  Daren Tay wrote:
  Hi guys,
 
  yeah I want to route them out different gateway.
 
  what is this ip tool you are refering to? you mean the 

Re: [Vyatta-users] Unable to login, solved by reboot

2008-01-30 Thread Justin Fletcher
Maybe . . .

However, much of this has been resolved with associated changes in Glendale.
Give Alpha 1 a try - I doubt you'll see it there :-)

Best,
Justin

On Jan 30, 2008 12:43 PM, Jostein Martinsen-Jones [EMAIL PROTECTED] wrote:
 But i feel that the only reason I didn't have to reboot is luck :(
 Maybe next time i'm unable to login with any account?

 2008/1/30, Justin Fletcher [EMAIL PROTECTED]:

  As you can see, nothing jumps out in the log.  A detailed search may
  turn up more information; otherwise, at least you've got a work-around
  :-)
 
  Justin
 
  On Jan 29, 2008 2:48 PM, Jostein Martinsen-Jones [EMAIL PROTECTED]
 wrote:
   Log result attached.
   I managed to login if I changed the passwords for my troubled users.
   Somethimes the encrypted-password didn't get encrypted.
  
  
   2008/1/29, Justin Fletcher [EMAIL PROTECTED]:
  
Give show log | match ERROR a try.
   
Justin
   
On Jan 29, 2008 2:00 PM, Jostein Martinsen-Jones [EMAIL PROTECTED]
   wrote:
 I have this problem again. Now i was able to login to a user account
 I
 created, but unable to view logfiles since im in xorpsh.

 2008/1/28, Justin Fletcher [EMAIL PROTECTED]:

  Anything untoward in the log files?
 
  Justin
 
  On Jan 28, 2008 7:29 AM, Jostein Martinsen-Jones
 [EMAIL PROTECTED]
 wrote:
   Today I had a wierd experience with Vyatta.
   I was unable to login on any account. Did a reboot, then
 everything
   was
   normal.
   What is going on?
  
   ___
   Vyatta-users mailing list
   Vyatta-users@mailman.vyatta.com
   http://mailman.vyatta.com/mailman/listinfo/vyatta-users
  
  
 


   
  
  
 


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Unable to login, solved by reboot

2008-01-30 Thread Justin Fletcher
Personally, I'd use it to take advantage of major changes and fixes,
and I'm running it to access all 40 lab systems - but that's me :-)

It still needs more polish, and there's a good chance you'll find
things that aren't perfect (or maybe even a bug or two), and you'll
have to re-enter and/or substantially modify your existing
configuration.

If you want to be cautious and prudent, review the bugs in the bug
list, and try it on a backup system.

Best,
Justin

On Jan 30, 2008 3:06 PM, Jostein Martinsen-Jones [EMAIL PROTECTED] wrote:
 How production ready are Glendale. I'm using vyatta as router/firewall in
 front of a couple of servers that soon will go live...
 Since it's alpha, do you think I should do it? Just printed the whole
 manual...



 2008/1/30, Justin Fletcher [EMAIL PROTECTED]:
  Maybe . . .
 
  However, much of this has been resolved with associated changes in
 Glendale.
  Give Alpha 1 a try - I doubt you'll see it there :-)
 
  Best,
  Justin
 
  On Jan 30, 2008 12:43 PM, Jostein Martinsen-Jones [EMAIL PROTECTED]
 wrote:
   But i feel that the only reason I didn't have to reboot is luck :(
   Maybe next time i'm unable to login with any account?
  
   2008/1/30, Justin Fletcher [EMAIL PROTECTED]:
  
As you can see, nothing jumps out in the log.  A detailed search may
turn up more information; otherwise, at least you've got a work-around
:-)
   
Justin
   
On Jan 29, 2008 2:48 PM, Jostein Martinsen-Jones [EMAIL PROTECTED]
   wrote:
 Log result attached.
 I managed to login if I changed the passwords for my troubled
 users.
 Somethimes the encrypted-password didn't get encrypted.


 2008/1/29, Justin Fletcher [EMAIL PROTECTED]:

  Give show log | match ERROR a try.
 
  Justin
 
  On Jan 29, 2008 2:00 PM, Jostein Martinsen-Jones
 [EMAIL PROTECTED]
 wrote:
   I have this problem again. Now i was able to login to a user
 account
   I
   created, but unable to view logfiles since im in xorpsh.
  
   2008/1/28, Justin Fletcher [EMAIL PROTECTED]:
  
Anything untoward in the log files?
   
Justin
   
On Jan 28, 2008 7:29 AM, Jostein Martinsen-Jones
   [EMAIL PROTECTED]
   wrote:
 Today I had a wierd experience with Vyatta.
 I was unable to login on any account. Did a reboot, then
   everything
 was
 normal.
 What is going on?

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


   
  
  
 


   
  
  
 


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] glendale problems my 1st view

2008-01-29 Thread Justin Fletcher
  5. any help on the CLI regardless of level show  bash options vrs th vyatta
 engine options.
  (confusing to say the least )

If you're logged in as root, you'll get Unix commands listed as well
as Vyatta commands
during tab completion/help.  However, if you're an admin level user, you'll just
see the Vyatta command set.  You can still issue Unix commands; you'll just need
to enter them directly.

Justin
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] just two more questions for today... :D

2008-01-29 Thread Justin Fletcher
I think we covered port forwarding :-)

The Vyatta sides of the VPN will be the same; configuring the other
end of the VPN client will be up to you for a site-to-site tunnel.

Undocumented now, but actually in Glendale Alpha 1 is remote client
VPN which works with Windows l2tp.  It's under VPN configuration as well.
Give it a go if you're connecting with Windows.

For a list, see http://www.vyatta.com/twiki/bin/view/Community/TopEnhancements.
Find something you'd like to have yourself, make sure it's not already in
Glendale :-) and work from the Glendale source base.

Glendale is a VERY different CLI than previous releases; it makes adding new
features much simpler once you're used to the new CLI template structure.

Best,
Justin

On Jan 28, 2008 2:32 PM, Nathan McBride [EMAIL PROTECTED] wrote:
 I just made a script to load a firewall with iptables.
 I know iptables so until the bug gets fixed I'll just
 do it that way.  I do have two more questions though.

 1). How do I setup 'port-forwarding'.  So when you go
 through port 80 from the wan it sends it to some ip on
 the internal network at port 80?  Do I do this with NAT?

 2). Is there any easy guides on setting up a vpn?  Not a vpn
 like a cisco router to the vyatta router because I found those
 guides, but just a vpn that I can access from work or on any
 computer providing the have an ipsec client?

 Is there a list of things you guys want made for Vyatta or a
 project site somewhere?  I'm always looking for things to do in
 my off time.

 Nate

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Starting to get really frustrated... GRRR :D

2008-01-29 Thread Justin Fletcher
Here's what I use to port-forward ssh; just adjust for address (where
destination address is the public IP) and change it to http.

rule 2 {
type: destination
inbound-interface: eth0
protocols: tcp
source {
network: 0.0.0.0/0
}
destination {
address: 1.2.3.4
port-name ssh
}
inside-address {
address: 10.0.0.30
}
}

Best,
Justin


On Jan 29, 2008 7:46 AM, Nathan McBride [EMAIL PROTECTED] wrote:
 Can someone please help me get this worked out?
 Nate


  Ok these are my nat rules now, I didn't see a command to change the rule
  numbers so i just redid them all by hand.  It still doesn't work.
 
   rule 1 {
  type: destination
  inbound-interface: eth0
  protocols: tcp
  destination {
  address: 71.62.193.105
  port-name http
  }
  inside-address {
  address: 192.168.0.105
  }
  }
  rule 2 {
  type: masquerade
  outbound-interface: eth0
  protocols: all
  source {
  network: 192.168.0.0/24
  }
  destination {
  network: 0.0.0.0/0
  }
  }
  rule 3 {
  type: masquerade
  outbound-interface: eth0
  protocols: all
  source {
  network: 192.168.1.0/24
  }
  destination {
  network: 0.0.0.0/0
  }
  }
 
  Nate
 
  On Mon, 2008-01-28 at 21:39 -0800, An-Cheng Huang wrote:
   Hi Nate,
  
   The inside-address is the internal (private) IP address of your Web 
   server, which in your case is 192.168.0.105. The destination address 
   should actually be the public IP address that outside clients will use to 
   access your server, so usually this is the public IP address of your 
   router.
  
   An-Cheng
  
   Nathan McBride wrote:
I went and looked at the old docs.  I thought I set them up correctly
but aparently I didn't.  I'll im trying to do is to get people on the
internet to view the website on my comp (192.168.0.105).  The only
difference that i noticed when I tried to commit the example in the old
docs was that vc3 requires an 'inside-address'.  Could someone please
help me correct this to get it working?
   
rule 3 {
type: destination
inbound-interface: eth0
protocols: tcp
destination {
address: 192.168.0.105
port-name http
}
inside-address {
address: 192.168.0.105 -- didn't know what to put here
exactly...
}
}
   
 
  ___
  Vyatta-users mailing list
  Vyatta-users@mailman.vyatta.com
  http://mailman.vyatta.com/mailman/listinfo/vyatta-users

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Weird Routing problem on VC2

2008-01-29 Thread Justin Fletcher
Personally, I'd try Alpha 1.  It'll need more polishing and features
to add (which
is why it's an alpha) but there are major improvements with the
routing protocols.
Check the Glendale bug list, and see if you'd be affected by any of these first
(like no GUI yet).

Also note that you're existing configuration won't be preserved on ISO
install which
means you'll have to re-enter it, and there have been major changes to
CLI syntax -
even to how you configure an interface (from address prefix-length CML to
address/CML).  However, VPN, firewall, NAT, clustering, and serial
commands should
be the same, so you CAN copy an old configuration back and edit it -
it's just that
there will be a lot of iterations of loading the configuration to
identify and adjust
configuration changes.

Justin

On Jan 28, 2008 7:08 PM, Daren Tay [EMAIL PROTECTED] wrote:
 Hi Justin,

 embarassingly so man... haha.

 So there are issues with routing after link failures huh.. yep.. we are
 looking to upgrade to VC3 once the new box is in... but to use Alpha 1? Is
 it advisable? It will be for production use.

 I need to use the router to handle 2 different WAN connection for 2 separate
 NAT networks.

 Daren

 -Original Message-
 From: Justin Fletcher [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, January 29, 2008 12:18 AM
 To: Daren Tay

 Cc: Robert Bays; Vyatta-users@mailman.vyatta.com
 Subject: Re: [Vyatta-users] Weird Routing problem on VC2


 Glad you got that figured out - many pieces in play!

 Yes, there have been issues with the routing protocols with link failure; a
 search in the bug database will turn up a number of issues.  I'd strongly
 suggest that you look into upgrading to VC3 and check out Glendale Alpha 1.

 Best,
 Justin

 On Jan 27, 2008 7:03 PM, Daren Tay [EMAIL PROTECTED] wrote:
  Hi all,
 
  finally resolved the 1st problem (cannot detect newly inserted web
 machine):
  end up it was a changed in config in the firewall that caused the
  situation... my guys changed it without informing me but still, many
  apologies for the false alarm. My bad.
 
  secondly though, the problem still stands. when i plug out the network
  cables from the router, and insert back in, everything fails.. the router
  will fail to route. I will need to reset the server for it to work again.
  For now, we are waiting for a new box to arrive before using VC2.2 and
  hopefully that resolves the issues, but wonder if it is a bug.. or a badly
  configure option somewhere?
 
  is this the arp cache you are talking about?
  router:~# arp
  Address  HWtype  HWaddress   Flags Mask
  Iface
  gateway ip   ether   00:0C:DB:2B:AB:68   C
  eth0
  192.168.3.1  ether   00:1B:0C:30:B4:80   C
  eth1
 
  Thanks for your patience guys :)
  Daren
 
  -Original Message-
  From: Robert Bays [mailto:[EMAIL PROTECTED]
  Sent: Monday, January 28, 2008 9:32 AM
  To: Daren Tay
 
  Cc: Justin Fletcher; Vyatta-users@mailman.vyatta.com
  Subject: Re: [Vyatta-users] Weird Routing problem on VC2
 
 
  Daren,
 
  Sounds like the router still can't find the new host.  What does you arp
  cache say for 192.168.1.13 after you try to ping it?  What does your
  routing table look like?
 
  cheers,
  robert.
 
  Daren Tay wrote:
   Nope, it was 'pingable' before.
   I can still ping the other web servers connected to it... but the newly
   added one I can't.
   Yet I am able to route out to the public network from the new box...
  
   -Original Message-
   From: Justin Fletcher [mailto:[EMAIL PROTECTED]
   Sent: Friday, January 25, 2008 3:16 PM
   To: Daren Tay
   Cc: Vyatta-users@mailman.vyatta.com
   Subject: Re: [Vyatta-users] Weird Routing problem on VC2
  
  
   Does the load balancer have ICMP disabled?  That'd certainly explain
   that, unless
   you were able to ping it before --
  
   Since you have the load balancer between the router, I suspect it's a
   load balancer issue.
  
   You can see what's going on by running tshark/tcpdump on the interface,
  and
   see
   what's on the wire.  If you can examine the traffic between the load
   balancer and the
   servers, you'll learn more :-)
  
   Justin
  
   On Jan 24, 2008 10:40 PM, Daren Tay [EMAIL PROTECTED] wrote:
   Hi guys,
  
   anyone?
  
   Thanks,
   Daren
  
  
   -Original Message-
   From: [EMAIL PROTECTED]
   [mailto:[EMAIL PROTECTED] Behalf Of Daren Tay
   Sent: Wednesday, January 23, 2008 6:29 PM
   To: Vyatta-users@mailman.vyatta.com
   Subject: [Vyatta-users] Weird Routing problem on VC2
  
  
   Hi guys
  
   I have this queer problem.
  
   My setup with Vyatta is like this
  
  
   Internet --- Firewall --- Vyatta Router --- Load Balancer  03 x Web
   Servers
   |
   |
staging server
  
  
   As you can see, the router seats in front of the load balancer.
   First... generally whenever

Re: [Vyatta-users] Firewall: block internal telnet

2008-01-29 Thread Justin Fletcher
See the Vyatta docs at http://www.vyatta.com/documentation/index.php; there
are examples in the firewall chapters.

Best,
Justin

On Jan 29, 2008 12:17 PM, Go Wow [EMAIL PROTECTED] wrote:
 okay thanks for replies.

 People help with this please, how can I block ssh on router i.e.
 192.168.10.45 using firewall, I want to give access of ssh to say only ip
 xxx.xxx.xxx.xxx

 On 30/01/2008, Beau Walker [EMAIL PROTECTED] wrote:
 
 
  You'll want to ask the List that. I could only answer your last question
 because the answer wasn't specific to Vyatta.
 
 
  Beau Walker - CCNA, Linux+
 
 
 
  
  From: Go Wow [mailto:[EMAIL PROTECTED]
  Sent: Tuesday, January 29, 2008 3:10 PM
  To: Beau Walker
  Subject: Re: [Vyatta-users] Firewall: block internal telnet
 
 
  Okay how can I block ssh on router i.e. 192.168.10.45 using firewall, I
 want to give access of ssh to say only ip xxx.xxx.xxx.xxx



 --
 Those that make the rule don't play the game!!
 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Unable to login, solved by reboot

2008-01-29 Thread Justin Fletcher
Give show log | match ERROR a try.

Justin

On Jan 29, 2008 2:00 PM, Jostein Martinsen-Jones [EMAIL PROTECTED] wrote:
 I have this problem again. Now i was able to login to a user account I
 created, but unable to view logfiles since im in xorpsh.

 2008/1/28, Justin Fletcher [EMAIL PROTECTED]:

  Anything untoward in the log files?
 
  Justin
 
  On Jan 28, 2008 7:29 AM, Jostein Martinsen-Jones [EMAIL PROTECTED]
 wrote:
   Today I had a wierd experience with Vyatta.
   I was unable to login on any account. Did a reboot, then everything was
   normal.
   What is going on?
  
   ___
   Vyatta-users mailing list
   Vyatta-users@mailman.vyatta.com
   http://mailman.vyatta.com/mailman/listinfo/vyatta-users
  
  
 


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] E-mail only

2008-01-28 Thread Justin Fletcher
You'll find good firewall documentation and examples at
http://www.vyatta.com/documentation/index.php.

Best,
Justin

On Jan 27, 2008 10:38 PM, Erwin kobe Tolentino [EMAIL PROTECTED] wrote:
 i want to to setup my vyatta as a router and firewall
 i configured already the vyatta router but i want to control the internet in
 my LAN.
 i want to configure as email only!!! like OUTLOOK EXPRESS

 anyone can help me!!

 my configuration is this

 interfaces
 ethernet eth0
   address 192.168.100.11
  prefix-length 24
 ethernet eth1
   address 10.10.10.1
  prefix-length 24
 firewall name fwall

 nat
   rule 1
type masquerade
   outbound-interface eth0
   protocol all

 firewall
 name fwall
action accept
distination network 10.10.10.0/24


  
 Looking for last minute shopping deals? Find them fast with Yahoo! Search.

  
 Never miss a thing. Make Yahoo your homepage.
 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Firewall question.

2008-01-28 Thread Justin Fletcher
You shouldn't need the out rule; until a firewall is applied,
everything is accepted.
However, the simple rule is protocol any action accept.  That should
do it if you
want to be thorough :-)

Justin

On Jan 28, 2008 7:28 AM, Nathan McBride [EMAIL PROTECTED] wrote:
 Hey guys,

 I just installed Vyatta and have it working. (big step for me)
 But I'm having some trouble.  I first wanted to know if I should
 make the firewall using Vyatta's commands or just iptables?
 I tried iptables and it didn't seem to work. I added a rule to allow ssh
 but ssh couldn'g go through.  So then I made one in Vyatta.  Denied
 ping, enabled ssh, then applied it to the wan interface.  Well that
 killed all network traffic so looking through the manual I saw that when
 I applied the IN rule for the interface I guess the out rule
 automatically got a deny everything since I didn't apply a rule to it.
 So, I needed to add a related and established rule to the in for the wan
 interface.  I did (this is from memory):

 set firewall name eth0-in rule 1 action accept
 set firewall name eth0-in rule 1 state established enable
 set firewall name eth0-in rule 1 state related enable

 Then I was going to commit this but commit gave an error saying that
 protocol needed to be icmp.  Once I had set that it errored saying
 protocol needed to be tcp...  I'm really confused but I need to get a
 firewall up.

 Once this is done I was going make a rule for out on the wan interface
 to allow everything to go out.  Is there a simple rule for this?

 Thanks,
 Nate


 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Does vyatta read all iptables rules ?

2008-01-28 Thread Justin Fletcher
It'll just work the other way to translate the Vyatta CLI into
iptables.  It's not the other direction (but if you'd like to write a
translator, I'm sure it'd be appreciated!)

Justin

On Jan 28, 2008 1:44 PM, Go Wow [EMAIL PROTECTED] wrote:
 hey

  I want to create a rule with iptables, I want to know if I create a rule in
 root shell not vyatta shell using iptables command (offcourse lol) so does
 vyatta reads it and adds it to its servicenat rules ?
 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] VPN: clients to router configuration

2008-01-27 Thread Justin Fletcher
Set up another site-to-site tunnel with the peer as 0.0.0.0; that'll
allow anyone to connect that's authenticated.

You'll then need to set up your clients to connect using IPsec.

Justin

On Jan 27, 2008 9:42 AM, Jostein Martinsen-Jones [EMAIL PROTECTED] wrote:

 Ok, I have a site-to-site up and runing between my Vyatta and a Netgear
 FVS338 VPN/Firewall box.

 I also have several road warriors that need access to a LAN behind the
 Netgear box, so I want them to connect to the Vyatta router (because it's to
 hard make a client connect to the netgear box). I think this is like a hub
 and spoke setup.

 I am not using Glendale.



 2008/1/27, Justin Fletcher [EMAIL PROTECTED]:

  A few questions - are you terminating the VPN on the Vyatta router?
  Is it site-to-site,
  or are you running Glendale alpha and trying out the remote access
  VPN?  Or is the VPN a separate system?
 
  If it's site-to-site, just set up an Openswan connection.
  If it's remote access, see http://stuff.pulkes.org/l2tp/ as an option.
  Otherwise, the Vyatta router should just forward traffic --
 
  Best,
  Justin
 
  On Jan 27, 2008 7:56 AM, Jostein Martinsen-Jones [EMAIL PROTECTED]
 wrote:
   Hi all
  
   I am looking for information on how to setup my Vyatta router so clients
   using Linux can get access to our VPN.
  
   Any help is appreciated!
  
  
  
   ___
   Vyatta-users mailing list
   Vyatta-users@mailman.vyatta.com
   http://mailman.vyatta.com/mailman/listinfo/vyatta-users
  
  
 


 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] DHCP

2008-01-22 Thread Justin Fletcher
What are the destination addresses that are being forwarded?

Broadcasts shouldn't be forwarded, but the router needs to know that they're
broadcast addresses.  It'll only recognize 10.1.255.255 and 10.2.255.255 as
broadcast addresses.  If a system is sending requests to, say, 10.1.12.255
where a system is set up as a /24, that address is recognized as a perfectly
valid address and will be forwarded.

Justin

On Jan 22, 2008 1:01 PM,  [EMAIL PROTECTED] wrote:

 I've set up a very basic router with only two interfaces: eth0 is my
 10.1.0.0 subnet and eth1 is my 10.2.0.0 subnet. The router's default gateway
 is my Internet router.  The subnets are in different buildings on our campus
 connected via a wireless link.  I use them mainly in conjunction with
 Windows Server 2003 sites to control replication of the of the Active
 Directory and the Distributed File System set up for user home folders.
 Internet access, internal routing between my two subnets, and replication of
 the AD and DFS work fine.

 My problem is that dhcp request broadcasts are being forwarded to the
 10.2.0.0 subnet from the 10.1.0.0 subnet.  Each subnet has its own dhcp
 server (implemented on 2003 machines not the router).  Hosts that should
 receive 10.1.x.x addresses are receiving 10.2.x.x addresses.  dhcp
 forwarding is not configured on the router.  My understanding from the
 documentation is that the router should automatically block broadcasts.  I
 would appreciate any help in discovering what I'm missing.   Below is my
 configuration.

 Thanks,
 Robert

 protocols {
 }
 policy {
 }
 interfaces {
 restore: false
 loopback lo {
 description: 
 }
 ethernet eth0 {
 disable: false
 discard: false
 description: 
 hw-id: 00:d0:b7:92:50:b7
 duplex: auto
 speed: auto
 address 10.1.0.253 {
 prefix-length: 16
 disable: false
 }
 }
 ethernet eth1 {
 disable: false
 discard: false
 description: 
 hw-id: 00:d0:b7:92:9a:ab
 duplex: auto
 speed: auto
 address 10.2.0.1 {
 prefix-length: 16
 disable: false
 }
 }
 }
 service {
 webgui {
 http-port: 80
 https-port: 443
 }
 }
 firewall {
 log-martians: enable
 send-redirects: disable
 receive-redirects: disable
 ip-src-route: disable
 broadcast-ping: disable
 syn-cookies: enable
 }
 system {
 host-name: HSRouter
 domain-name: 
 name-server 206.54.112.1
 time-zone: Denver
 ntp-server 69.59.150.135
 gateway-address: 10.1.0.254
 login {
 user root {
 full-name: 
 authentication {
 encrypted-password: $1$$Ht7gBYnxI1xCdO/JOnodh.
 }
 }
 user vyatta {
 full-name: 
 authentication {
 encrypted-password: $1$$Ht7gBYnxI1xCdO/JOnodh.
 }
 }
 }
 package {
 auto-sync: 1
 repository community {
 component: main
 url: http://archive.vyatta.com/vyatta;
 }
 }
 }

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Emergency Config paste? How do you prepare?

2008-01-18 Thread Justin Fletcher
There are a couple of choices.  You can copy your configuration using
scp (it's /opt/vyatta/etc/config/config.boot) to another server.  From
a blank slate/system,
all you need to do is to configure an interface and a default gateway,
scp the configuration
back, and load the restored configuration.

You can also use ZipTie for configuration management; see http://www.ziptie.org.

Justin

On Jan 18, 2008 10:07 AM,  [EMAIL PROTECTED] wrote:
 All,

 Coming from a Cisco world, I could copy the config file to a tftp server and 
 once I have 1 interface open-- I could essentially paste in everything on a 
 blank router(or com port). This is helpful when I had to replace a failing 
 router with a backup one mid-day. How would I do the same with Vyatta? I was 
 thinking if I could SCP the config file and make it the config.boot file, I 
 could just do a reboot and it would all come back?

 Perhaps I'm a little confused on essentially doing a big 'paste' of all the 
 configs, particularly the firewall rules.

 If anyone else has some good backup strategies on vyatta router configs, 
 please share-- I'm a little new at this one.

 Thanks in advance,

 Aaron
 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] RFC 1918 Private IP addresses

2008-01-17 Thread Justin Fletcher
You'll want to create a firewall rule.  By default, a router just
forwards the traffic
it's sent (assuming it can find a route to use for forwarding . . .)

Best,
Justin

On Jan 17, 2008 11:39 AM, Ben Speckien [EMAIL PROTECTED] wrote:
 I am using Vyatta as a gateway to the internet and have noticed that it
 passes un-NATed private addresses out the public interface.  Is there a
 way to turn this feature off or should I make a firewall rule?

 Thanks,

 Ben
 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Waiting for xorp_rtrmgr...

2008-01-17 Thread Justin Fletcher
You'll also want to edit /etc/syslog.conf and change *.warning to *.*
to record all
log messages; otherwise, lower-level messages will be discared

You can check startup by hand by running /etc/init.d/vyatta-rtrmgr
start which will
save you the physical reboot --

Justin

On Jan 17, 2008 12:54 PM, Marat Nepomnyashy [EMAIL PROTECTED] wrote:
 Hi Shane,

 Most likely the rtrmgr did not start.  The best log file to check when that
 happens is '/var/log/messages'.

 Which Vyatta version are you using?

 Thanks,
 Marat


 - Original Message -
 From: Shane McKinley [EMAIL PROTECTED]
 To: vyatta-users@mailman.vyatta.com
 Sent: Thursday, January 17, 2008 12:51 PM
 Subject: [Vyatta-users] Waiting for xorp_rtrmgr...


  After entering some static routes and changing some subnetting around I
  rebooted. Now the rtrmgr won't start -- the commit took fine before I
  rebooted.
 
  Is there a way I can pull the proper error messages to troubleshoot this
  problem? What log files would be best to look at?
 
  Any more ideas on why this would happen? I really am dedicated to
  getting this router into production, but the odds seem against me this
  round.
 
  Thanks,
 
  Shane McKinley
  Habersham EMC
  Tel: 706-839-4130
  Cel: 706-968-3186
  ___
  Vyatta-users mailing list
  Vyatta-users@mailman.vyatta.com
  http://mailman.vyatta.com/mailman/listinfo/vyatta-users
 

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Waiting for xorp_rtrmgr...

2008-01-17 Thread Justin Fletcher
Are they all assigned to a system that's on a network that's directly
connected to the router?

On Jan 17, 2008 3:59 PM, Shane McKinley [EMAIL PROTECTED] wrote:



 None of these next-hop addresses are assigned to an interface on the router.

  Shane


  -Original Message-
  From: Justin Fletcher [mailto:[EMAIL PROTECTED]
  Sent: Thu 1/17/2008 6:46 PM
  To: Shane McKinley

  Cc: vyatta-users@mailman.vyatta.com
  Subject: Re: [Vyatta-users] Waiting for xorp_rtrmgr...

  Are the next hops directly connected?  There was an issue with
  recursive route lookup --

  On Jan 17, 2008 2:56 PM, Shane McKinley [EMAIL PROTECTED] wrote:
   I have found the static routes causing the issue:
  
   route XZ.85.142.64/26 {
   next-hop: XX.128.129.18
   metric: 1
   }
   route XX.128.136.216/29 {
   next-hop: XZ.85.140.254
   metric: 1
   }
   route XX.128.140.16/29 {
   next-hop: XX.128.140.26
   metric: 1
   }
  
   Now, the question is why? How can I dig further to find out why these
   are causing the rtrmgr to crash?
  
   Shane McKinley
   Habersham EMC
  
   -Original Message-
   From: Dave Roberts [mailto:[EMAIL PROTECTED]
   Sent: Thursday, January 17, 2008 5:16 PM
  
   To: Shane McKinley; vyatta-users@mailman.vyatta.com
   Subject: RE: [Vyatta-users] Waiting for xorp_rtrmgr...
  
(SIDE NOTE: (No offense meant) Why should changing interface notations
  
and static routes cause anything to crash?)
  
   It shouldn't. That's one of the big things we're fixing in Glendale. The
   Routermanager process did not handle errors well at all. It has been
   eliminated entirely in Glendale.
  
   -- Dave
  
   ___
   Vyatta-users mailing list
   Vyatta-users@mailman.vyatta.com
   http://mailman.vyatta.com/mailman/listinfo/vyatta-users
  


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Waiting for xorp_rtrmgr...

2008-01-17 Thread Justin Fletcher
Are the next hops directly connected?  There was an issue with
recursive route lookup --

On Jan 17, 2008 2:56 PM, Shane McKinley [EMAIL PROTECTED] wrote:
 I have found the static routes causing the issue:

 route XZ.85.142.64/26 {
 next-hop: XX.128.129.18
 metric: 1
 }
 route XX.128.136.216/29 {
 next-hop: XZ.85.140.254
 metric: 1
 }
 route XX.128.140.16/29 {
 next-hop: XX.128.140.26
 metric: 1
 }

 Now, the question is why? How can I dig further to find out why these
 are causing the rtrmgr to crash?

 Shane McKinley
 Habersham EMC

 -Original Message-
 From: Dave Roberts [mailto:[EMAIL PROTECTED]
 Sent: Thursday, January 17, 2008 5:16 PM

 To: Shane McKinley; vyatta-users@mailman.vyatta.com
 Subject: RE: [Vyatta-users] Waiting for xorp_rtrmgr...

  (SIDE NOTE: (No offense meant) Why should changing interface notations

  and static routes cause anything to crash?)

 It shouldn't. That's one of the big things we're fixing in Glendale. The
 Routermanager process did not handle errors well at all. It has been
 eliminated entirely in Glendale.

 -- Dave

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] vmware server and live CD

2008-01-17 Thread Justin Fletcher
Can you provide just a bit more information?

Justin

On Jan 17, 2008 4:41 PM, Rick Mitchell [EMAIL PROTECTED] wrote:
 I cannot get the live cd to successfully boot up it tries to but
 fails any suggestions

 --
 Rick Mitchell
 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Waiting for xorp_rtrmgr...

2008-01-17 Thread Justin Fletcher
I think you've hit bug 2390: RIB: xorp_rib crashed after a static
route with a nextop through an unxisted interface or a route being
configured and committed

See https://bugzilla.vyatta.com/show_bug.cgi?id=2390 ; it's fixed in
the supported version.

Best,
Justin

On Jan 17, 2008 5:19 PM, Shane McKinley [EMAIL PROTECTED] wrote:



 #1 - No, but I do have a static interface-route with XX.128.128.0/20 - the
 actual interface is XX.128.128.0/24 -- the reason I have this is for proper
 BGP exporting
  #2 - Invalid, my mistake
  #3 - Dido to #1

  My interface-routes are last on my static routes list in the config --
 could this be the issue?

  -Shane




  Are they all assigned to a system that's on a network that's directly
  connected to the router?

  On Jan 17, 2008 3:59 PM, Shane McKinley [EMAIL PROTECTED] wrote:
  
  
  
   None of these next-hop addresses are assigned to an interface on the
 router.
  
Shane
  
  
-Original Message-
From: Justin Fletcher [mailto:[EMAIL PROTECTED]
Sent: Thu 1/17/2008 6:46 PM
To: Shane McKinley
  
Cc: vyatta-users@mailman.vyatta.com
Subject: Re: [Vyatta-users] Waiting for xorp_rtrmgr...
  
Are the next hops directly connected?  There was an issue with
recursive route lookup --
  
On Jan 17, 2008 2:56 PM, Shane McKinley [EMAIL PROTECTED] wrote:
 I have found the static routes causing the issue:

 route XZ.85.142.64/26 {
 next-hop: XX.128.129.18
 metric: 1
 }
 route XX.128.136.216/29 {
 next-hop: XZ.85.140.254
 metric: 1
 }
 route XX.128.140.16/29 {
 next-hop: XX.128.140.26
 metric: 1
 }

 Now, the question is why? How can I dig further to find out why these
 are causing the rtrmgr to crash?

 Shane McKinley
 Habersham EMC

 -Original Message-
 From: Dave Roberts [mailto:[EMAIL PROTECTED]
 Sent: Thursday, January 17, 2008 5:16 PM

 To: Shane McKinley; vyatta-users@mailman.vyatta.com
 Subject: RE: [Vyatta-users] Waiting for xorp_rtrmgr...

  (SIDE NOTE: (No offense meant) Why should changing interface
 notations

  and static routes cause anything to crash?)

 It shouldn't. That's one of the big things we're fixing in Glendale.
 The
 Routermanager process did not handle errors well at all. It has been
 eliminated entirely in Glendale.

 -- Dave

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

  
  


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Network ports Compatibility issue for Vyatta? to install in production box for router use

2008-01-10 Thread Justin Fletcher
No, no known issues the the cards, and six ports should be fine.  I've got
that
many ports in production :-)

Justin

On Jan 10, 2008 2:22 AM, Daren Tay [EMAIL PROTECTED] wrote:

 Hi guys,

 just wanna check if there's any known issues for the following network
 cards
 with Vyatta:

 Intel PRO/1000 PT dual-port gigabit ethernet PCIe x4 card.

 I am planning to install 2 of that in the server (Dell PowerEdge) to get a
 6
 port setup.

 Also, is it ok I install so many?
 I am planning to use Vyatta as a production router for our new
 infrastructure... all the way man.
 Planning to get a simple Dell PowerEdge and pump it with adequate network
 ports to handle 2 different subnets and firewall.

 What do you guys think?
 Thanks!
 Daren

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Disable forwarding of broadcast directed packets

2008-01-10 Thread Justin Fletcher
It's disabled, and the current best practices have had it set this way for
quite a while.

See ftp://ftp.rfc-editor.org/in-notes/rfc2644.txt if you really want the
details :-)

Best,
Justin

On Jan 10, 2008 1:27 PM, Shane McKinley [EMAIL PROTECTED] wrote:

 Is broadcast forwarding disabled by default on Vyatta? If not, is there
 a way I can disable forwarding of broadcast packets on my Vyatta v3
 router?

 Thanks,

 Shane McKinley
 Habersham EMC
 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Fwd: A question on exporting connected routes intoOSPF

2008-01-08 Thread Justin Fletcher
And, of course, routes you add outside of the CLI aren't known to XORP.  If
you add the route using protocol static you can then redistribute via
OSPF.

Justin

On Jan 8, 2008 11:57 AM, Jonathon Exley [EMAIL PROTECTED] wrote:

 I have also had problems exporting connected routes into OSPF.

 Try adding static routes into the export policy:

 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]  show configuration policy
 policy-statement ExportCon
term 10 {
from {
protocol: connected
}
then {
action: accept
}
}
term 20 {
from {
protocol: static
}
then {
action: accept
}
}

 This seemed to allow the connected interfaces into the OSPF database,
 although they were tagged with ASExt-2:

 [EMAIL PROTECTED] show ospf4 database
   OSPF link state database, Area 0.0.0.0
  Type   ID   Adv Rtr   Seq  Age  Opt  Cksum
 Len
 ASExt-2 *192.168.2.0  192.168.101.10x8001   790  0x2  0x4354
 36



 Jonathon



 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Commit Error

2008-01-04 Thread Justin Fletcher
When all else fails, reboot the router when you can  try again.

Best,
Justin

On Jan 4, 2008 7:51 PM, Clint Chapman [EMAIL PROTECTED] wrote:
 [EMAIL PROTECTED] configure
 Entering configuration mode.
 User vyatta is also in configuration mode.
 [EMAIL PROTECTED] set protocols bgp
 [edit]
 [EMAIL PROTECTED] set protocols bgp bgp-id 216.6.235.1
 [edit]
 [EMAIL PROTECTED] set protocols bgp local-as 15003
 [edit]
 [EMAIL PROTECTED] set protocols bgp peer 72.37.132.237
 [edit]
 [EMAIL PROTECTED] set protocols bgp peer 72.37.132.237 local-ip
 72.37.132.238
 [edit]
 [EMAIL PROTECTED] set protocols bgp peer 72.37.132.237 as 25973
 [edit]
 [EMAIL PROTECTED] set protocols bgp peer 72.37.132.237 next-hop
 72.37.132.238
 [edit]
 [EMAIL PROTECTED] set protocols bgp peer 72.37.132.237 disable-
 readvertisements true
 [edit]
 [EMAIL PROTECTED] commit
 [edit]
 Commit Failed
 102 Command failed
 [EMAIL PROTECTED]

 Jan  5 11:59:45 localhost xorp_bgp: [ 2008/01/05 11:59:45  WARNING
 xorp_bgp:6490 BGP +1054 /home/autobuild/builds/OFR/2007-11-17-0001/ofr/
 xorp/xorp/bgp/bgp.cc create_peer ] This peer already exists:
 {72.37.132.238(179) 72.37.132.237(179)} AS/25973
 Jan  5 11:59:45 localhost xorp_bgp: [ 2008/01/05 11:59:45  WARNING
 xorp_bgp:6490 XrlBgpTarget +552 xrl/targets/bgp_base.cc
 handle_bgp_0_2_add_peer ] Handling method for bgp/0.2/add_peer failed:
 XrlCmdError 102 Command failed
 Jan  5 11:59:45 localhost xorp_rtrmgr: [ 2008/01/05 11:59:45  ERROR
 xorp_rtrmgr:4658 RTRMGR +701 /home/autobuild/builds/OFR/
 2007-11-17-0001/ofr/xorp/xorp/rtrmgr/master_conf_tree.cc
 commit_pass2_done ] Commit failed: 102 Command failed

 Not sure how it's already there.




 On Jan 4, 2008, at 9:33 PM, John Jolet wrote:


  how about the line that says this peer already existsdelete
  the peer then re-add it.
 
  Clint Chapman wrote:
  Jan  5 10:18:38 localhost xorp_bgp: [ 2008/01/05 10:18:38  WARNING
  xorp_bgp:6490 BGP +1054 /home/autobuild/builds/OFR/2007-11-17-0001/
  ofr/ xorp/xorp/bgp/bgp.cc create_peer ] This peer already exists:
  {72.37.132.238(179) 72.37.132.237(179)} AS/25973
  Jan  5 10:18:38 localhost xorp_bgp: [ 2008/01/05 10:18:38  WARNING
  xorp_bgp:6490 XrlBgpTarget +552 xrl/targets/bgp_base.cc
  handle_bgp_0_2_add_peer ] Handling method for bgp/0.2/add_peer
  failed:  XrlCmdError 102 Command failed
  Jan  5 10:18:38 localhost xorp_rtrmgr: [ 2008/01/05 10:18:38
  ERROR  xorp_rtrmgr:4658 RTRMGR +701 /home/autobuild/builds/OFR/
  2007-11-17-0001/ofr/xorp/xorp/rtrmgr/master_conf_tree.cc
  commit_pass2_done ] Commit failed: 102 Command failed
  Jan  5 10:25:58 localhost xorp_bgp: [ 2008/01/05 10:25:58  WARNING
  xorp_bgp:6490 BGP +1054 /home/autobuild/builds/OFR/2007-11-17-0001/
  ofr/ xorp/xorp/bgp/bgp.cc create_peer ] This peer already exists:
  {72.37.132.238(179) 72.37.132.237(179)} AS/25973
  Jan  5 10:25:58 localhost xorp_bgp: [ 2008/01/05 10:25:58  WARNING
  xorp_bgp:6490 XrlBgpTarget +552 xrl/targets/bgp_base.cc
  handle_bgp_0_2_add_peer ] Handling method for bgp/0.2/add_peer
  failed:  XrlCmdError 102 Command failed
  Jan  5 10:25:58 localhost xorp_rtrmgr: [ 2008/01/05 10:25:58
  ERROR  xorp_rtrmgr:4658 RTRMGR +701 /home/autobuild/builds/OFR/
  2007-11-17-0001/ofr/xorp/xorp/rtrmgr/master_conf_tree.cc
  commit_pass2_done ] Commit failed: 102 Command failed
 
 
  See anything there?
 
 
  On Jan 4, 2008, at 8:47 PM, Stig Thormodsrud wrote:
 
 
  Check /var/log/messages (or show log) for further error messages.
 
  stig
 
 
  -Original Message-
  From: [EMAIL PROTECTED] [mailto:vyatta-users-
  [EMAIL PROTECTED] On Behalf Of Clint Chapman
  Sent: Friday, January 04, 2008 6:38 PM
  To: [EMAIL PROTECTED]
  Subject: [Vyatta-users] Commit Error
 
  [EMAIL PROTECTED] show protocols
 
  bgp {
  bgp-id: removeIP
  local-as: my as number
  peer 72.*.*.* { (ISP side of the /30)
  local-ip: 72.37.132.238  (My side of the /30)
  as: 25973
  next-hop: 72.37.132.238 (My side of the /30)
  disable-readvertisements: true
  }
  }
 
 static {
 route 0.0.0.0/0 {
 next-hop: 72.*.*.*
 }
 }
 
  [edit]
  [EMAIL PROTECTED] commit
  [edit]
  Commit Failed
  102 Command failed
  [EMAIL PROTECTED]
 
 
  Why am I getting that error, I don't think I have anything to
  complex
  in there.
 
 
 
 
  Thanks!
  CLint
  ___
  Vyatta-users mailing list
  Vyatta-users@mailman.vyatta.com
  http://mailman.vyatta.com/mailman/listinfo/vyatta-users
 
 
  ___
  Vyatta-users mailing list
  Vyatta-users@mailman.vyatta.com
  http://mailman.vyatta.com/mailman/listinfo/vyatta-users
 

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com

Re: [Vyatta-users] Commit Error

2008-01-04 Thread Justin Fletcher
Yes, sometimes any computerized system gets a bit confused, and needs
a good kick in the pants :-)

Justin

On Jan 4, 2008 9:04 PM, Clint Chapman [EMAIL PROTECTED] wrote:
 well, I hate doing that, but I rebooted, and did all the config, and
 it worked.


 oh well.



 On Jan 4, 2008, at 10:32 PM, Justin Fletcher wrote:

  When all else fails, reboot the router when you can  try again.
 
  Best,
  Justin
 
  On Jan 4, 2008 7:51 PM, Clint Chapman [EMAIL PROTECTED] wrote:
  [EMAIL PROTECTED] configure
  Entering configuration mode.
  User vyatta is also in configuration mode.
  [EMAIL PROTECTED] set protocols bgp
  [edit]
  [EMAIL PROTECTED] set protocols bgp bgp-id 216.6.235.1
  [edit]
  [EMAIL PROTECTED] set protocols bgp local-as 15003
  [edit]
  [EMAIL PROTECTED] set protocols bgp peer 72.37.132.237
  [edit]
  [EMAIL PROTECTED] set protocols bgp peer 72.37.132.237 local-ip
  72.37.132.238
  [edit]
  [EMAIL PROTECTED] set protocols bgp peer 72.37.132.237 as 25973
  [edit]
  [EMAIL PROTECTED] set protocols bgp peer 72.37.132.237 next-hop
  72.37.132.238
  [edit]
  [EMAIL PROTECTED] set protocols bgp peer 72.37.132.237 disable-
  readvertisements true
  [edit]
  [EMAIL PROTECTED] commit
  [edit]
  Commit Failed
  102 Command failed
  [EMAIL PROTECTED]
 
  Jan  5 11:59:45 localhost xorp_bgp: [ 2008/01/05 11:59:45  WARNING
  xorp_bgp:6490 BGP +1054 /home/autobuild/builds/OFR/2007-11-17-0001/
  ofr/
  xorp/xorp/bgp/bgp.cc create_peer ] This peer already exists:
  {72.37.132.238(179) 72.37.132.237(179)} AS/25973
  Jan  5 11:59:45 localhost xorp_bgp: [ 2008/01/05 11:59:45  WARNING
  xorp_bgp:6490 XrlBgpTarget +552 xrl/targets/bgp_base.cc
  handle_bgp_0_2_add_peer ] Handling method for bgp/0.2/add_peer
  failed:
  XrlCmdError 102 Command failed
  Jan  5 11:59:45 localhost xorp_rtrmgr: [ 2008/01/05 11:59:45  ERROR
  xorp_rtrmgr:4658 RTRMGR +701 /home/autobuild/builds/OFR/
  2007-11-17-0001/ofr/xorp/xorp/rtrmgr/master_conf_tree.cc
  commit_pass2_done ] Commit failed: 102 Command failed
 
  Not sure how it's already there.
 
 
 
 
  On Jan 4, 2008, at 9:33 PM, John Jolet wrote:
 
 
  how about the line that says this peer already existsdelete
  the peer then re-add it.
 
  Clint Chapman wrote:
  Jan  5 10:18:38 localhost xorp_bgp: [ 2008/01/05 10:18:38  WARNING
  xorp_bgp:6490 BGP +1054 /home/autobuild/builds/OFR/2007-11-17-0001/
  ofr/ xorp/xorp/bgp/bgp.cc create_peer ] This peer already exists:
  {72.37.132.238(179) 72.37.132.237(179)} AS/25973
  Jan  5 10:18:38 localhost xorp_bgp: [ 2008/01/05 10:18:38  WARNING
  xorp_bgp:6490 XrlBgpTarget +552 xrl/targets/bgp_base.cc
  handle_bgp_0_2_add_peer ] Handling method for bgp/0.2/add_peer
  failed:  XrlCmdError 102 Command failed
  Jan  5 10:18:38 localhost xorp_rtrmgr: [ 2008/01/05 10:18:38
  ERROR  xorp_rtrmgr:4658 RTRMGR +701 /home/autobuild/builds/OFR/
  2007-11-17-0001/ofr/xorp/xorp/rtrmgr/master_conf_tree.cc
  commit_pass2_done ] Commit failed: 102 Command failed
  Jan  5 10:25:58 localhost xorp_bgp: [ 2008/01/05 10:25:58  WARNING
  xorp_bgp:6490 BGP +1054 /home/autobuild/builds/OFR/2007-11-17-0001/
  ofr/ xorp/xorp/bgp/bgp.cc create_peer ] This peer already exists:
  {72.37.132.238(179) 72.37.132.237(179)} AS/25973
  Jan  5 10:25:58 localhost xorp_bgp: [ 2008/01/05 10:25:58  WARNING
  xorp_bgp:6490 XrlBgpTarget +552 xrl/targets/bgp_base.cc
  handle_bgp_0_2_add_peer ] Handling method for bgp/0.2/add_peer
  failed:  XrlCmdError 102 Command failed
  Jan  5 10:25:58 localhost xorp_rtrmgr: [ 2008/01/05 10:25:58
  ERROR  xorp_rtrmgr:4658 RTRMGR +701 /home/autobuild/builds/OFR/
  2007-11-17-0001/ofr/xorp/xorp/rtrmgr/master_conf_tree.cc
  commit_pass2_done ] Commit failed: 102 Command failed
 
 
  See anything there?
 
 
  On Jan 4, 2008, at 8:47 PM, Stig Thormodsrud wrote:
 
 
  Check /var/log/messages (or show log) for further error
  messages.
 
  stig
 
 
  -Original Message-
  From: [EMAIL PROTECTED] [mailto:vyatta-users-
  [EMAIL PROTECTED] On Behalf Of Clint Chapman
  Sent: Friday, January 04, 2008 6:38 PM
  To: [EMAIL PROTECTED]
  Subject: [Vyatta-users] Commit Error
 
  [EMAIL PROTECTED] show protocols
 
  bgp {
 bgp-id: removeIP
 local-as: my as number
 peer 72.*.*.* { (ISP side of the /30)
 local-ip: 72.37.132.238  (My side of the /30)
 as: 25973
 next-hop: 72.37.132.238 (My side of the /30)
 disable-readvertisements: true
 }
  }
 
static {
route 0.0.0.0/0 {
next-hop: 72.*.*.*
}
}
 
  [edit]
  [EMAIL PROTECTED] commit
  [edit]
  Commit Failed
  102 Command failed
  [EMAIL PROTECTED]
 
 
  Why am I getting that error, I don't think I have anything to
  complex
  in there.
 
 
 
 
  Thanks!
  CLint
  ___
  Vyatta-users mailing list
  Vyatta-users@mailman.vyatta.com
  http://mailman.vyatta.com/mailman/listinfo/vyatta-users
 
 
  ___
  Vyatta-users mailing list
  Vyatta

Re: [Vyatta-users] router on the stick

2008-01-02 Thread Justin Fletcher
On Jan 2, 2008 12:18 AM, Vects [EMAIL PROTECTED] wrote:
 Hello there,

 Does vyatta support router on the stick configuration?
 I want to deploy it in web hosting environment when every customer has
 the own vlan.
 Is there any known problem with firewall in such a configuration?

 Thanks, Alexc

No issues that I know of; should be just fine for what you need :-)

Best,
Justin
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] jdocs anything like this for vyatta

2008-01-02 Thread Justin Fletcher
Not sure what like this means, but there's full documentation
available at vyatta.com, and on-line CLI help; just use the '?' key.

Best,
Justin

On Jan 2, 2008 2:55 PM, Ken Felix (C) [EMAIL PROTECTED] wrote:




 Do we have any future  support  for something similar  in vyatta? Cli online
 help.


 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] happy with NAT. should I firewall also?

2008-01-01 Thread Justin Fletcher
Depends on what you're looking for (of course :-) )

Since you're under NAT, nothing can find your system that you don't
have set up for forwarding.  You could set up firewall rules for the public
address of your router, as it's wide-open otherwise, of course.

A happy 2008 to you,
Justin

On Jan 1, 2008 6:40 PM, Alain Kelder [EMAIL PROTECTED] wrote:
 Hello,

 At my home office, I have 1 public IP and I'm forwarding certain outside
 port requests to the various machines inside using NAT. I'm allowing all
 inside-out traffic. Given that I'm happy with this setup from the
 functionality perspective, should I still add firewall rules to define
 my current setup (e.g. to allow all inside-out traffic and to allow
 http, smtp, etc to the various machines for outside-in traffic)? Am I
 missing out on important security features the firewall would offer
 which NAT doesn't?

 Currently I just have the following firewall statements:

 firewall {
 log-martians: enable
 send-redirects: disable
 receive-redirects: disable
 ip-src-route: disable
 broadcast-ping: disable
 syn-cookies: enable
 }

 [EMAIL PROTECTED] show version
 Baseline Version: vc3
 Booted From: disk

 Happy New Year to all! Cheers, -Alain.
 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] I want to configure 2 ISPs on Vyatta Server

2007-12-23 Thread Justin Fletcher
Do you have any specific questions after reviewing the documentation
at www.vyatta.com ?

Best,
Justin

On Dec 23, 2007 10:10 PM, Amit Srivastava [EMAIL PROTECTED] wrote:
 Hi,


  I want to configure 2 ISPs on my Vyatta server, How can i configure it ?
  Someone can help me?


 --
  Regards
 --
 Amit Shrivastava
 Linux Engineer
 Tetra Information Services Pvt. Ltd.
 136 Ground Floor, Sant Nagar, East of Kailash,
 New Delhi - 110065, India.
 Email : [EMAIL PROTECTED]
 Website : www.tetrain.com, www.linux4e.com
 Phone : 91-11-66604033, 91-11-66604034, 91-11-66604035
 Mobile : 91-060913
 Fax : 91-11-26225293

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] setting up at home

2007-12-22 Thread Justin Fletcher
If you haven't, you'll need to:

Set up the internal address of the Vyatta router as the default
gateway provided by DHCP
Set up NAT so the private internal addresses are translated to your
static IP from your provider

Best,
Justin

On Dec 22, 2007 4:09 AM, Abhishek Jain [EMAIL PROTECTED] wrote:
 Hi All

 I am trying to install the community edition at home. I have a static ip
 from my dsl provider. On one of the interfaces I have configured and
 internal ip address and have setup the dhcp server which is working fine and
 my other machines are able to get the ip from dhcp. On another interface I
 have configured the static ip from my provider. I am able to ping
 www.google.com from the vyatta web gui but not from one of the machines in
 the internal network. Please any help!!!
 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Question about OSPF syslog events

2007-12-21 Thread Justin Fletcher
Try lowering your syslog level to debug; the messages from OSPF are
likely filtered.

Best,
Justin Fletcher

On Dec 21, 2007 6:56 AM, Adair, Nick [EMAIL PROTECTED] wrote:
 Hi All,
 This is my configuration for syslog logging, right now we have
 everything turned on and going to our syslog host.  The problem is we
 are not seeing OSPF notifications, I'm not sure what we are missing.  We
 looked in the manuals (what a concept) and found the section Sending
 OSPF messages to Syslog and did what it indicated but it does not seem
 to send OSPF info, we do see syslog messages when logrotated runs, ssh
 logins, etc.  We want to know when a neighbor changes.  Any help would
 be greatly appreciated.

 1 protocols {
 2 ospf4 {
 3 router-id: 192.168.4.2
 4 rfc1583-compatibility: false
 5 ip-router-alert: false
 6 traceoptions {
 7 flag {
 8 all {
 9 disable: false
 10 }
 11 }
 12 }
 13 area 0.0.0.0 {
 14 area-type: normal
 15 interface eth0 {
 16 link-type: broadcast
 17 address 192.168.3.4 {
 18 priority: 128
 19 hello-interval: 10
 20 router-dead-interval: 40
 21 interface-cost: 1
 22 retransmit-interval: 5
 23 transit-delay: 1
 24 passive: false
 25 disable: false
 26 }
 27 }
 28 interface eth1 {
 29 link-type: broadcast
 30 address 192.168.4.253 {
 31 priority: 128
 32 hello-interval: 10
 33 router-dead-interval: 40
 34 interface-cost: 1
 35 retransmit-interval: 5
 36 transit-delay: 1
 37 passive: false
 38 disable: false
 39 }
 40 }
 41 }
 42 }
 43 snmp {
 44 community pilot {
 45 client 192.168.100.104
 46 client 192.168.100.105
 47 authorization: rw
 48 }
 49 contact: 
 50 description: 
 51 location: 
 52 }
 53 }
 54 policy {
 55 }
 56 interfaces {
 57 restore: false
 58 loopback lo {
 59 description: 
 60 address 192.168.4.2 {
 61 prefix-length: 32
 62 disable: false
 63 }
 64 }
 65 ethernet eth0 {
 66 disable: false
 67 discard: false
 68 description: Uplink to RTR Cloud
 69 hw-id: 00:50:56:85:72:6f
 70 duplex: auto
 71 speed: auto
 72 address 192.168.3.4 {
 73 prefix-length: 24
 74 disable: false
 75 }
 76 }
 77 ethernet eth1 {
 78 disable: false
 79 discard: false
 80 description: Connectivity to Access Switch
 81 hw-id: 00:50:56:85:1e:3c
 82 duplex: auto
 83 speed: auto
 84 address 192.168.4.253 {
 85 prefix-length: 24
 86 disable: false
 87 }
 88 }
 89 }
 ... snip
 122 system {
 123 host-name: vy-rtr-access
 124 domain-name: pilot-bmc.com
 125 domain-search {
 126 domain calbro.ase
 127 }
 128 name-server 192.168.100.100
 129 time-zone: GMT
 130 ntp-server 69.59.150.135
 131 static-host-mapping {
 132 host-name vy-rtr-access {
 133 inet: 192.168.4.2
 134 }
 135 }
 ... snip
 150 syslog {
 151 host 192.168.3.110 {
 152 facility * {
 153 level: info
 154 }
 155 }
 156 }
 ...
 164 }


 Nick

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] VRRP Release Timeframe?

2007-12-18 Thread Justin Fletcher
Yes, it's based on heartbeat, and it should allow you to specify any init.d
process as a service.  However, not all are fully integrated with the
router manager,
so you may run into issues.

Best,
Justin

On Dec 18, 2007 2:01 PM, Ken Price [EMAIL PROTECTED] wrote:
 Sanjoy,

 Thank you for your response.  It looks like the Clustering feature may
 just be the ticket.  I'll do some testing and give it a shot.  Is
 clustering based on Heartbeat?  Can I specify any /etc/init.d
 processes as a service?  That would allow me to potentially
 integrate QoS scripts, or IDS components (Snort/OSSEC) as well.

 -Ken


  You may also want to take a look at the Clustering feature on VC3, though it
  currently supports one backup node. I'll defer to expert users who may
  comment on potential conflicts on getting keepalived working outside the
  scope of the Vyatta CLI. Share with us any tips or tricks if you have
  success doing so.




 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] VPN under NAT

2007-12-18 Thread Justin Fletcher
If they are both in private address space, the issue is whether the two know
how to communicate with each other, as private address space isn't routeable --

Best,
Justin

On Dec 18, 2007 5:36 PM, Marco De Sortis [EMAIL PROTECTED] wrote:


 How to configure a VPN IPsec between 2 vyatta router both under NAT?
 A test a lot but seem to function only when al least one vyatta in over
 Internet (not under NAT)... no luck whith both under NAT.

 This function:

 vyattaVPN1 internet -NAT - vyattaVNP2

 This NOT function:

 vyattaVPN1 - NAT internet -NAT - vyattaVNP2

 Someone can help me please?


 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Advises on configuring BGP

2007-12-17 Thread Justin Fletcher
It's hard to tell without the full configuration, but remember that you need
both a route out, as well as the rest of the internet needs to be able to
find their way back to you.  You can check to see if you're reachable
using an external traceroute; see www.traceroute.org to check and see
if you're reachable.

Best,
Justin

On Dec 17, 2007 2:05 AM, Poh Yong Hwang [EMAIL PROTECTED] wrote:
 Hi,

 I have managed to setup the BGP session with my peer and also based on the
 topic on Originating a Route to eBGP neighbors to announce my IP ranges.  I
 have set my eth1 ip to be XX.XX.XX.1/21 and connect one server directly to
 eth1 for testing. Setting XX.XX.XX.2 with subnet of 255.255.248.0 and
 XX.XX.XX.1 for default gateway on the server itself, I cannot go out of the
 internet (Cannot surf net using that server). Eth0 is link with the UTP
 cable provided by upstream for peering

 Is this the correct way to set it up?

 Please advise

 Thanks

 Regards
 Yongsan



 On Dec 14, 2007 12:24 PM, Poh Yong Hwang  [EMAIL PROTECTED] wrote:
  Hi,
 
  I have read the docs that was available but still have a few questions in
 mind. I have a UTP cable that was provided by the provider that I would like
 to peer with so I have plug it into my eth0. So what IP address should I set
 on my eth0? Where can I set the IP range XX.XX.XX.XX/21 that I want to
 announce?
 
  Please advise.
 
  Thanks!
 
  Yongsan
 
 
 
 
 
  On Dec 12, 2007 12:03 AM, Justin Fletcher  [EMAIL PROTECTED]  wrote:
 
   Certainly; there's documentation with examples from
   http://www.vyatta.com/documentation/index.php or
   http://www.vyatta.com/twiki/bin/view/Community/DocumentationSet.
  
   Best,
   Justin
  
  
  
  
   On Dec 10, 2007 8:18 PM, Poh Yong Hwang [EMAIL PROTECTED] wrote:
Hi,
   
Thanks! I am a noob in setting up BGP and we have the following info
 from
our upstream provider
   
Upstream Router Server IP Address
Customer Primary Interface Address
Upstream Secondary Router Server IP Address
Customer Secondary Interface Address
   
Plus my ASN number as well as my IP range XX.XX.XX.XX/21
   
So is all these information be enough to configure it? Is there any
 examples
I can follow?
   
Thanks!
   
Yongsan
   
   
   
   
   
On Dec 11, 2007 11:33 AM, Justin Fletcher [EMAIL PROTECTED] wrote:
 Well, yes - Vyatta has full BGP support, so you'll be able to peer
 with your provider.

 Best,
 Justin




 On Dec 10, 2007 7:26 PM, Poh Yong Hwang  [EMAIL PROTECTED] wrote:
  Hi,
 
  New here and to Vynatta and hope to get advises on getting this
 up. I
wish
  to setup a BGP router for our current setup (We have got our ASN
 number,
IP
  range) and we will peer with our upstream provider for MLPA.
 
  Just some simple BGP routes for testing purposes. So just
 wondering if
  Vynatta is able to do that?
 
  Thanks!
 
  Yongsan
 
  ___
  Vyatta-users mailing list
  Vyatta-users@mailman.vyatta.com
  http://mailman.vyatta.com/mailman/listinfo/vyatta-users
 
 

   
   
  
 
 


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] I broke all logging-- need help to restore it

2007-12-17 Thread Justin Fletcher
The default is minimal:

charon:~# cat /etc/syslog.conf
*.warning   /var/log/messages

And by default, there's no syslog configuration in the Vyatta
configuration file.

Best,
Justin

On Dec 17, 2007 3:33 PM,  [EMAIL PROTECTED] wrote:
 All,

 In my attempts to log firewall traffic (what I block and log) to another file 
 or syslog server, I have apparently failed and stopped all firewall logging 
 attempts. The router/firewall is still working properly, but now instead of 
 having to dig through the messages file for just firewall entries (grepping), 
 I get nothing. In fact, my /var/log/messages doesn't contain any entries at 
 all now.

 Could someone post the default the syslog.conf file and whatever I need to 
 specify on the acutal vyatta configuration for the defaults?

 I'd like to get back to where I was in logging.

 Thanks a lot,

 Aaron
 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] VRRP Confusion

2007-12-13 Thread Justin Fletcher
Ah, yes - you can't actually change the MAC on some hardware, so you end
up in this confused state and only see packets destined for the interface in
promiscuous mode (hence the suggestion to disable the virtual MAC . . .)

Justin

On Dec 13, 2007 12:29 PM, Allan Leinwand [EMAIL PROTECTED] wrote:
 A thought here that may help cut through some of the confusion.  I think
 that when you run tcpdump on the interface it places that interface into
 promiscuous mode. When in this mode, it can respond to pings to both the
 real IP address on the Ethernet and the virtual IP address (all packets are
 being received by the interface so when it sees one for it's own IP
 addresses, it responds). However, when the interface is running VRRP and in
 non-promiscuous mode I am unsure if the real IP and the virtual IP both
 respond to pings.

 Final caveat: I have not tried any of this recently, so with my advice YMMV.

 Thanks,

 allan

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]  On Behalf Of Stig
 Thormodsrud
 Sent: Thursday, December 13, 2007 12:23 PM
 To: 'Daniel Stickney'; vyatta-users@mailman.vyatta.com; 'Daniel Stickney';
 vyatta-users@mailman.vyatta.com

 Subject: Re: [Vyatta-users] VRRP Confusion

 I wonder if this might be solved with the disable-vmac setting?

 stig

  -Original Message-
  From: [EMAIL PROTECTED] [mailto:vyatta-users-
  [EMAIL PROTECTED] On Behalf Of Daniel Stickney
  Sent: Wednesday, December 12, 2007 2:47 PM
  To: vyatta-users@mailman.vyatta.com
  Subject: [Vyatta-users] VRRP Confusion
 
  Hello everyone,
 
  I used google to search the mail list archive, but didn't get any
  results for my issue. This is my second day working on the problem and
  my colleagues don't have any suggestions. This post is a little long,
  but I hope thorough enough to give all relevant information.
  Here is my setup:
   vyatta01 - eth0:192.168.2.50, eth1:192.168.10.3
   vyatta02 - eth0:192.168.2.51, eth1:192.168.10.2
   laptop01 - eth0:192.168.10.11
 
  Laptop01 is connected to a switch, which also has cables from eth1 on
  both vyatta01 and vyatta02 connected. Eth0 on both vyatta01 and
  vyatta02 are connected into the main 192.168.2.0/24 network which has
  internet connectivity. With a base configuration of a default route to
  192.168.2.21 on both vyatta01 and vyatta02, and the above IPs assigned
  to their respective network cards, I can ping 192.168.10.2 and
  192.168.10.3 from laptop01; and I can ping 192.168.10.2 from vyatta01,
  and I can ping 192.168.10.3 from vyatta02. Basically, everything can
  ping everything.
 
  I then proceed to setup VRRP between vyatta01 and vyatta02 with the
  following config:
  --Vyatta02--
  set interfaces ethernet eth1 vrrp vrrp-group 10 set interfaces
  ethernet eth1 vrrp virtual-address 192.168.10.1 set interfaces
  ethernet eth1 vrrp preempt true set interfaces ethernet eth1 vrrp
  priority 150 commit
  --Vyatta01--
  set interfaces ethernet eth1 vrrp vrrp-group 10 set interfaces
  ethernet eth1 vrrp virtual-address 192.168.10.1 set interfaces
  ethernet eth1 vrrp preempt true set interfaces ethernet eth1 vrrp
  priority 20 commit
 
  So vyatta02 is the master, VIP is 192.168.10.1. Immediately, and as
  expected, I see in the output of show vrrp that vyatta02 considers
  itself the master, and vyatta01 sees itself as the backup. In a
  tcpdump from laptop01 I can see the VRRPv2 advertisements from
  vyatta02 every second. At this time from laptop01 I am unable to ping
  192.168.10.1 or 192.168.10.2, but I can ping 192.168.10.3. The arp
  table on laptop01 shows the following:
  # arp -n
  Address  HWtype  HWaddress   Flags
  MaskIface
  192.168.10.3 ether   00:1A:A0:2A:04:0A
  C eth0
  192.168.10.1 ether   00:00:5E:00:01:0A
  C eth0
  192.168.10.2 ether   00:00:5E:00:01:0A
  C eth0
 
   From vyatta01, I am also unable to ping 192.168.10.1 and 192.168.10.2.
  What is causing me great confusion is if on vyatta02 I login as root
  and execute a tcpdump -i eth1, instantly my pings from laptop01 and
  vyatta01 to both 192.168.10.1 and 192.168.10.2 start getting responses.
  As soon as I ctrl-c the tcpdump on vyatta02, the ping responses stop
  again.
 
  If I reconfigure the VRRP priority of vyatta02 to be lower than
  vyatta01, they change over to vyatta01 being the master, and vyatta02
  as the backup. At this time from laptop01 I am able to ping
  192.168.10.1,
  192.168.10.2 and 192.168.10.3. In a tcpdump on laptop01 I see the VRRP
  advertisements coming from 192.168.10.3 as expected. The arp table on
  laptop01 now looks like this:
  # arp -n
  Address  HWtype  HWaddress   Flags
  MaskIface
  192.168.10.3 ether   00:00:5E:00:01:0A
  C eth0
  192.168.10.1 ether   00:00:5E:00:01:0A
  C eth0
  

Re: [Vyatta-users] IPsec and VRRP problem

2007-12-12 Thread Justin Fletcher
Ah, piffle - looks like that bug was fixed after VC3 was released.  You need
to correct /opt/vyatta/sbin/vpn-config.pl .You can get the corrected
version from
http://suva.vyatta.com/git/?p=ofr.git;a=blob_plain;f=cli/scripts/vpn/vpn-config.pl;hb=HEAD
or you can just comment out the check, if you're
comfortable with perl.

Best,
Justin

On 12/12/07, Senad Uka [EMAIL PROTECTED] wrote:
 Now we have found the right one and again we have the same problem.

 I configured the router EXACTLY as it is written in the manual,
 clustering chapter :)
 But still, even if the cluster is up and running and I can ping the
 cluster ip adresses
 it doesn't let me set local ip on the ipsec peer configuration to the
 cluster ip address complaining that ip address is not address of the
 interface or cluster address ... I have attached the configuration of
 the first router
 Currently i set the local-ip to the pysical interface's ip so i can
 commit and save the config ...
 also i didn't setup the second monitor node but as I understand, that
 should not be the problem.
 Configuration of second router is identical with respective interface
 ip addresses changed (and has the same problem with local-ip) ...

 On Dec 11, 2007 5:25 PM, Justin Fletcher [EMAIL PROTECTED] wrote:
  Certainly.  Let me know if you need more information (though there's a new
  clustering chapter in the documentation for this :-) )
 
  Best,
  Justin
 
 
  On Dec 11, 2007 8:22 AM, Senad Uka [EMAIL PROTECTED] wrote:
   Thank you for the quick answer.
  
  
   On Dec 11, 2007 5:11 PM, Justin Fletcher [EMAIL PROTECTED] wrote:
It is; clustering support was added recently exactly for scenarios such 
as this.
You'll need to set up WEST and WEST backup as cluster members, define
the IP addresses, and set up IPSec as the failover service.  This will 
actually
be using clustering instead of VRRP for your virtual address failover.
   
Best,
Justin
   
   
On Dec 11, 2007 6:28 AM, Senad Uka [EMAIL PROTECTED] wrote:
 Hello.

 I am trying to setup a network similar to the one in the configuration
 manual under pre-shared key IPSEC VPN settings section, but adding a
 VRRP backup router to the router named WEST in the manual (page 231).

| SERVER |
  192.168.40.7/24
|
|
*  (virtual IP: 192.168.40.20)
 /  \
   /  \
 /  \
 192.168.40.6/24  192.168.40.5/24
  | WEST |  | WEST backup |
   192.0.2.2/26 192.168.0.2.3/26
\/
  \ /
\ /
  \ /
 *  (virtual IP: 192.0.2.1)
 |
 |
 |
192.0.2.33/26
   | EAST |
192.168.60.8/24
|
|
  192.168.60.7/24
 | CLIENT |

 Client communicates with server through IPSEC tunnel between EAST and
 WEST routers. IF the WEST router goes down WEST backup should take
 over.
 I have setup the routers according to manual and it worked. When I
 setup VRRP on the WEST, and set the ipsec peer on the EAST  to the
 virtual IP - the tunnel cannot be established.
 From the debug data for the ipsec I can see that the EAST is 
 expecting
 a tunnel 192.68.60/24===192.0.2.33...192.0.2.1===192.168.40.0/24 ,
 while the WEST doesn't use it's virtual address and expects
 192.168.40.0/24 ===192.0.2.2...192.0.2.33===192.68.60/24 so it cannot
 finish the phase 2 negotiation ...
 In order to solve it, I tried to setup the local-ip in ipsec
 configuration on the WEST side to virtual IP address (192.0.2.1) but i
 cannot commit the changes since vyatta does not recognize it as
 address of an interface
 (Message: Local IP specified for peer 192.0.2.33 has not been
 configured in any of the ipsec interfaces or clustering.)

 Is my requested behaviour even possible to achieve?  Am I missing 
 something ?
 --
 LA ILAHE ILLA ENTE, SUBHANEKE INNI KUNTU MINE-ZZALIMIN
 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

   
  
  
  
   --
  
   LA ILAHE ILLA ENTE, SUBHANEKE INNI KUNTU MINE-ZZALIMIN
  
 



 --
 LA ILAHE ILLA ENTE, SUBHANEKE INNI KUNTU MINE-ZZALIMIN


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Restricting traffic between networks

2007-12-10 Thread Justin Fletcher
While obvious, make certain that the computers on the 10.20.0.0/24
have the Vyatta
router as their default gateway --

Justin

On Dec 10, 2007 12:39 PM, Lance Franklin [EMAIL PROTECTED] wrote:
 After reading some of the recent posts and configuring only one
 interface, I have gotten this to work.

 With the below configuration, I can remote desktop from the
 10.10.0.0/24 network to computers on the 10.20.0.0/24 network. The
 computers on the 10.20.0.0/24 network cannot get to any other network.
   I may go back and add a firewall rule to the 10.20.0.0/24 interface
 and only allow established comunication into the router.

  ethernet eth0 {
  disable: false
  discard: false
  description: Production Network
  hw-id: 00:0e:0c:b8:4d:12
  duplex: auto
  speed: auto
  address 10.10.0.199 {
  prefix-length: 24
  disable: false
  }
  firewall {
  in {
  name: Prod2Dev
  }
  }
  }



 firewall {
  log-martians: enable
  send-redirects: disable
  receive-redirects: disable
  ip-src-route: disable
  broadcast-ping: disable
  syn-cookies: enable
  name Prod2Dev {
  description: Production to Development
  rule 1 {
  description: Remote Desktop
  protocol: tcp
  action: accept
  log: enable
  source {
  network: 10.10.0.0/24
  }
  destination {
  network: 10.20.0.0/24
  port-number 3389

  }
  }
  }






 Quoting Justin Fletcher [EMAIL PROTECTED]:

  You also need to apply the firewall rules to an interface, as in
 
  firewall {
  in {
  name: inbound
  }
  local {
  name: inbound
  }
  }
 
  In the above case, it's for inbound traffic, and traffic destined for
  the router itself.
 
  Also remember that traffic will flow in both directions, unless you
  just want to block the inbound traffic from the development network.
 
  Your current rule 4 prevents new connections - as well as everything else 
  ;-)
 
  Looks like your rules 1-3 should have the matching source and
  destination networks as rule 4; otherwise, that inbound traffic will
  only match rule 4, and not match one of the earlier rules for
  permitted traffic.
 
  Best,
  Justin
 
  You can do a show firewall to see the rules on the system, as well
  as enable logging for a rule to see where the traffic is being
  dropped.
 
  Justin
 
  On Dec 6, 2007 3:42 PM, Lance Franklin [EMAIL PROTECTED] wrote:
  After reading through the Quick Guide to Configuration Statements, I see:
   state {
  established: [enable|disable]
  new: [enable|disable]
  related: [enable|disable]
  invalid: [enable|disable]
  }
 
  How can I add this to my rule 4 to prevent new connections to the work
  network from the development network?
 
  Would it be:
 
 rule 4 {
 description: 10.10.0.0/24
 protocol: all
 state {
  new: enable
 }
 action: drop
 log: disable
 source {
 network: 10.20.0.0/24
 }
 destination {
 network: 10.10.0.0/24
 }
 }
 
 
 
 
 
 
  ___
  Vyatta-users mailing list
  Vyatta-users@mailman.vyatta.com
  http://mailman.vyatta.com/mailman/listinfo/vyatta-users
 
 



___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Advises on configuring BGP

2007-12-10 Thread Justin Fletcher
Well, yes - Vyatta has full BGP support, so you'll be able to peer
with your provider.

Best,
Justin

On Dec 10, 2007 7:26 PM, Poh Yong Hwang [EMAIL PROTECTED] wrote:
 Hi,

 New here and to Vynatta and hope to get advises on getting this up. I wish
 to setup a BGP router for our current setup (We have got our ASN number, IP
 range) and we will peer with our upstream provider for MLPA.

 Just some simple BGP routes for testing purposes. So just wondering if
 Vynatta is able to do that?

 Thanks!

 Yongsan

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Restricting traffic between networks

2007-12-06 Thread Justin Fletcher
You also need to apply the firewall rules to an interface, as in

firewall {
in {
name: inbound
}
local {
name: inbound
}
}

In the above case, it's for inbound traffic, and traffic destined for
the router itself.

Also remember that traffic will flow in both directions, unless you
just want to block the inbound traffic from the development network.

Your current rule 4 prevents new connections - as well as everything else ;-)

Looks like your rules 1-3 should have the matching source and
destination networks as rule 4; otherwise, that inbound traffic will
only match rule 4, and not match one of the earlier rules for
permitted traffic.

Best,
Justin

You can do a show firewall to see the rules on the system, as well
as enable logging for a rule to see where the traffic is being
dropped.

Justin

On Dec 6, 2007 3:42 PM, Lance Franklin [EMAIL PROTECTED] wrote:
 After reading through the Quick Guide to Configuration Statements, I see:
  state {
 established: [enable|disable]
 new: [enable|disable]
 related: [enable|disable]
 invalid: [enable|disable]
 }

 How can I add this to my rule 4 to prevent new connections to the work
 network from the development network?

 Would it be:

rule 4 {
description: 10.10.0.0/24
protocol: all
state {
 new: enable
}
action: drop
log: disable
source {
network: 10.20.0.0/24
}
destination {
network: 10.10.0.0/24
}
}






 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] documentation suggestion

2007-12-03 Thread Justin Fletcher
There's an easier way - just edit /opt/vyatta/sbin/vrrpd.init to pass
in the -n flag
to vrrpd; that disables the virtual MAC handling.

Best,
Justin

On Dec 3, 2007 4:02 PM, Jeff Stockett [EMAIL PROTECTED] wrote:
 FWIW, to verify if the r8169 driver problem was fixed, I built a
 2.6.23.9 stock kernel and booted the router using it.  When I
 built it, I used the original config as a starting point:

 # cd /usr/src/linux
 # cp /boot/config.gz .
 # gunzip config.gz
 # make menuconfig  (and then load .config, check everything, and save)

 It boots up fine, but when it goes to start the router-mgr I get:

 Module ipt_rlsnmpstats not found.

 Is this a custom vyatta module maybe that isn't in the stock kernel?
 Should I just give up and buy some different NICs or is using a
 newer kernel potentially an option once this module issue is solved?

 Thanks,  Jeff

 P.S.  I apologize if I should have posted this to vyatta-hackers instead.


 - Jeff Stockett [EMAIL PROTECTED] wrote:
  My vyatta test setup includes two identically equipped older athlon xp
  systems where eth0=onboard nforce, eth[1-3]=r8169 based cards.
  Everything is working fine on both systems, but this weekend I spent
  about an hour trying to get VRRP to work for fail-over.  It works fine
  on eth0 (onboard nforce) but I couldn't get it to work on eth1-3.  In
  exploring the issue, it appears that not all drivers support the
  ability to set the MAC address (which it appears VRRP needs).  I found
  the following post:
 
  http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.22-git1.log
 
  It appears to indicate the r8169 driver didn't get the ability to set
  its MAC address until sometime in kernel 2.6.22 which obviously does
  me no good at the moment.
 
  This isn't a big deal financially, as the only reason I bought the
  cards was that Fry's had them on sale for $4.99 each and they had a
  low profile bracket which fit the cases I was using.  However, it
  might be useful to put a blurb in the VRRP section of the
  documentation stating that the card's driver must support setting the
  MAC address for VRRP to work (and maybe even list which drivers
  support and don't support it although I can see how this list might be
  difficult to compile).
 
  FWIW, I also notice in:
 
  https://bugzilla.vyatta.com/show_bug.cgi?id=2370
 
  that the latest greatest build has support for a disable-vmac option -
  but when I tried it in VC3 I just got syntax errors.  I'm assuming
  this would fix the problem also as the card then wouldn't have to set
  its MAC address but just use it as is?  How hard is it to upgrade to a
  nightly build (we're still a few months away from production so I
  wouldn't be too concerned with stability)?  Any suggestions other than
  use a different card?  Thanks,  Jeff
  ___
  Vyatta-users mailing list
  Vyatta-users@mailman.vyatta.com
  http://mailman.vyatta.com/mailman/listinfo/vyatta-users

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] regarding source code

2007-11-30 Thread Justin Fletcher
The application is independent of the Vyatta router functions, but
you'll need the Vyatta build environment defined by other packages.

If all you're looking for is iputils, you can get the Debian source
package, or iproute functions from
http://www.linux-foundation.org/en/Net:Iproute2 .

Best,
Justin

On Nov 30, 2007 12:02 AM, sridhar chom [EMAIL PROTECTED] wrote:
 can we compile iputils alone by just downloading
 iputils .does it need ofr also ?


   
 
 Be a better pen pal.
 Text or chat with friends inside Yahoo! Mail. See how.  
 http://overview.mail.yahoo.com/
 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Error: 102 Command failed TCP/UDP Protocol must be specified

2007-11-29 Thread Justin Fletcher
Try VC3; there were a number of firewall issues addressed in that release.

Best,
Justin

On Nov 29, 2007 10:48 AM, Alain Kelder [EMAIL PROTECTED] wrote:
 Hello,

 I'm trying to set protocols to all for a destination NAT rule. But Vyatta 
 complains that it wants either TCP or UDP. However, in this awesome how-to, 
 they did just that: 
 http://www.openmaniak.com/vyatta_case6.php#ancre-configurations

 Here's what I tried:

 [EMAIL PROTECTED] edit service nat rule 35
 [edit service/nat/rule/35]
 [EMAIL PROTECTED] set protocols all
 [edit service/nat/rule/35]
 [EMAIL PROTECTED] commit
 [edit service/nat/rule/35]
 Commit Failed
 102 Command failed TCP/UDP Protocol must be specified

 What's weird is that 'tab' (auto complete) shows all as an option:

 [EMAIL PROTECTED] set protocols
 `protocols' is ambiguous.
 Possible completions:
   [Enter]Execute this command
   all  Perform NAT on all protocol traffic
   icmp Perform NAT on ICMP traffic only
   tcp  Perform NAT on TCP traffic only
   udp  Perform NAT on UDP traffic only


 I'm able to set protocols to udp or tcp, but not all. What I'd like is 
 this:

 rule 35 {
 type: destination
 translation-type: static
 inbound-interface: eth0
protocols: all
 source {
 network: 0.0.0.0/0
 }
 destination {
 address: 65.xx.xx.xx
 port-number 53
 }
 inside-address {
 address: 10.10.3.20
 }
 }

 Interestingly, Vyatta accepts all for a source NAT rule:

 rule 39 {
 type: source
 translation-type: static
 outbound-interface: eth0
protocols: all
 source {
 address: 10.10.3.20
 }
 destination {
 network: 0.0.0.0/0
 }
 outside-address {
 address: 65.xx.xx.xx
 }
 }

 Any ideas?  Thanks a bunch in advance..  I'm at a loss!

 [EMAIL PROTECTED] show version
 Version:VC2
 Built by:   [EMAIL PROTECTED]
 Built on:   200702080056 -- Thu Feb  8 00:56:19 UTC 2007


 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Compaq DL360 G1 - cpqarray

2007-11-26 Thread Justin Fletcher
It's also an integrated system; you configure the entire router
through the Vyatta
interface, rather than running multiple programs and editing numerous
and varied configuration files, all with different formats in
entertaining locations.

Justin

On Nov 26, 2007 3:20 PM, Max [EMAIL PROTECTED] wrote:
 I am curious as to what makes Vyatta different from XORP other than
 the commercial support? Are there features in Vyatta that XORP does
 not have?

 On Nov 22, 2007 10:39 AM, silvertip257 [EMAIL PROTECTED] wrote:
  All righty ;) ... if you say so ... at this point I'm trying to learn all I
  can before I get a full time job as a net admin or something like that (I'm
  still in college at this point).  The pinch time brings in weird proprietary
  crap called mainly Micr0$0ft, but I've been seeing lately Ci$c0 hasn't been
  much better ;).  Maybe it's the outrageous prices for IOS compact flash
  cards we use in the networking labs.  Hell the profs got smart and copied
  the IOS to a hard drive and then re-imaged them on $8 128MB compact flash
  cards.  But just having such a price difference is a lotta crap.
 
  I'm seeing that when companies work with me and let me work with them, I
  understand their products more and actually want to roll their products out
  in a workplace.
 
  Good luck to you ... the above was nothing personal ... until I learn
  everything about Vyatta  and customization, I will most likely not use it or
  suggest it in the workplace.  No job is worth being fired b/c I suggested
  something I don't know (almost) everything about.  That's an extreme
  example, but I hate screwing up or getting loads of criticism (unless it's
  truly constructive).
 
  Tell me how it goes.  Vyatta is not out of the picture ... they're fixing
  features everyday.
  They also don't have all the hardware, nor have they had all of it tested
  with their OS.
 
  Have a good holiday,
  Mike
 
 
 
  On Nov 21, 2007 1:52 AM, Max [EMAIL PROTECTED] wrote:
  
   I've been a Linux guy for years but have never messed around with any of
  the boot CD stuff. This is going to be a learning thing for me for sure, so
  wish me luck ;)
   If I am unsucessful on my own (+misc support), I am afraid I am just going
  to lean twards buying a few cisco 7900's. It is the proven reliability and
  support that Cisco brings to the table.
  
   *note* I am a CCNP so I am a little biast, also down 8 pints of Guinness
  ;p
  
   
  From: silvertip257  [EMAIL PROTECTED]
   Sent: Tuesday, November 20, 2007 11:38 PM
   To: Max  [EMAIL PROTECTED]
   Subject: Re: [Vyatta-users] Compaq DL360 G1 - cpqarray
  
  
  
  
   I'm reading it, but as I have not customized Vyatta myself yet, I really
  can't help you much.
   If you feel like it and learn something neat on how to build one a certain
  way, please do share the information!
  
   Mike

  
  
   On Nov 20, 2007 6:12 PM, Max [EMAIL PROTECTED] wrote:
  
I have been unable to blacklist the sym53c8xx module from the boot
loader so I am going to try to create another live CD with out the
sym53c8xx in the initramfs. Unless anyone has any comments?
   
   
   
   
On Nov 19, 2007 9:32 PM, Max [EMAIL PROTECTED] wrote:
 Hey'a fellas! I have a bit of a head scratcher here.. it seems the
 Vyatta 3.0 live CD does not work out of the box on G1 Compaq DL360's.
 From what I can tell the sym53c8xx module is loaded before the needed
 cpqarray module and thats what is causing the failure. I have tried
 unloading the modules and reloading cpqarray but don't seem to have
 any luck. My guess is the SCSI controller needs to be reset or what
 have you.
 Is there a way to prevent the sym53c8xx module from loading from the
 boot loader? Or should I look into recreating the live CD from scratch
 with my own kernel? Thanks in advance!

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
   
  
  
  
   --
   //  SilverTip257  //
   ==
   Ubuntu 7.04 (Feisty Fawn)
   --- Linux for human beings.
   (http://www.ubuntu.com/)
   ~~
   Helix --- Don't leave /home without it.
   (http://www.efense.com/helix/)
 
 
 
  --
  //  SilverTip257  //
  ==
  Ubuntu 7.04 (Feisty Fawn)
  --- Linux for human beings.
  (http://www.ubuntu.com/)
  ~~
  Helix --- Don't leave /home without it.
  (http://www.efense.com/helix/)

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] install-system not working

2007-11-24 Thread Justin Fletcher
Try running parted before install-system and deleting any existing
partitions - I've had
that work on stubborn systems before ;-)

Best,
Justin

On Nov 24, 2007 1:43 PM, Rodrigo Romero III [EMAIL PROTECTED] wrote:
 I'm trying to install VC3 on a server but it's giving me this error:

 vyatta:/# install-system
 Welcome to the Vyatta install program.  This script
 will walk you through the process of installing the
 Vyatta image to a local hard drive.

 Would you like to continue? (Yes/No) [Yes]:
 Probing drives: OK
 The Vyatta image will require a minimum 450MB root
 partition and a minimum 10MB configuration partition.
 Would you like me to try to partition a drive automatically
 or would you rather partition it manually with parted?  If
 you have already setup your partitions, you may skip this step.

 Partition (Auto/Parted/Skip) [Auto]:

 I found the following drives on your system:
  sda8MB


 Install the image on? [sda]:

 This will destroy all data on /dev/sda.
 Continue? (Yes/No) [No]: Yes

 Cannot mount /dev/sda1.
 Please see install.log for more details.
 Exiting..
 vyatta:/# vi install.log
 turning off swaps...
 Cannot mount /dev/sda1.
 mount /dev/sda1 /mnt/tmp
 Exiting...
 mount: you must specify the filesystem type

 --
 Rodrigo Romero III
 General Manager
 Avetti Global Services Corp.
 An Avetti.com Company
 __

 NOTE: This e-mail is confidential and is intended only for the recipient(s) 
 listed. Unauthorized use, disclosure, total or partial retention, 
 dissemination, distribution or copying of this message or the information 
 contained in it is strictly prohibited and sanctioned by law. If you receive 
 this message in error, or you are not a listed recipient or someone 
 authorized to receive e-mail on behalf of a listed recipient, please reply to 
 the sender that the e-mail was misdirected and delete the e-mail. Thank you.

 NOTA: Este correo electronico es confidencial y esta dirigido unicamente a 
 los destinatarios listados. El uso no  autorizado, divulgación, la total o 
 parcial retención, diseminacion, distribucion o copia de este mensaje o la 
 informacion contenida en el es estrictamente prohibida y es sancionada por la 
 ley. Si usted recibe este mensaje por error, o usted no es uno de los 
 destinatarios listados o una persona autorizada a recibir correo electronico 
 en beneficio de uno de los destinatarios listados, favor responder al autor e 
 informar que el correo electronico fue erroneamente dirigido a usted y 
 elimine (borre) el correo . Gracias.

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] IPsec configuration

2007-11-21 Thread Justin Fletcher
Just routing - you're identifying which traffic sources and
destinations that are tunneled.

Best,
Justin

On Nov 21, 2007 5:57 PM, Philippe Marcais [EMAIL PROTECTED] wrote:
 What is the purpose of the following configuration line;

 tunnel 1 {
 local-subnet: 192.168.0.0/24
 remote-subnet: 10.40.1.0/24

 Why does the tunnel has to be link to a local subnet? In fact, I may have
 multiple local subnet from multiple interface or sub-interface using this
 IPsec tunnel.
 Same question regarding for the remote subnet. I do have multiple remote
 subnets that I'd like to reach out on the remote side.

 Thanks,
 Philippe


 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] pbm vpn with vyatta router

2007-11-13 Thread Justin Fletcher
There's nothing special about routing VPN packets from the view of the
Vyatta router.
You can see the traffic that the Vyatta is seeing using the integrated
packet sniffer.
While logged in as the root user, run
tshark -n -i interface
to see the packets.  For full packet detail, add -V.

Best,
Justin

On Nov 13, 2007 6:28 AM,  [EMAIL PROTECTED] wrote:

 Hi,

 I'm using vyatta vc3 (virtual appliance). I have two firewall connecte to
 the router. I create a VPN between my two firewall but it seems that ISAKMP
 frame are not routing.

 Use case:

 - I create my policy for vpn
 - I launch a ping (since net 192.168.1.0)
 - I launch a tcpdump on fire cluster (blue one)
   - I can see ISAKMP frame
 - I launch a tcpdump on fire cluster (red one)
   - I don't see ISAKMP frame
 And it is the same when I do the contrary.


 Config that I have on my router:

 eth0 net 129.40.1.1
 eth1 net 212.20.1.1
 eth2.129 129.40.2.1
 eth2.212 212.40.2.1

 route are automted generate follwing interface that I have defined. This is
 all configuration that I do on vyatta router.
 It is possible to have a debug mode for see vpn frame on vyatta router, or
 another solution for see how frame are manage ??
 Or other solution maybe router don't accepte VPN frame ...
 I don't know.

 Thanks for your help.


 (Embedded image moved to file: pic18467.jpg)



 --
 Best Regards,
 Gregory Grimaux

 Tel:   +33 4 97 23 43 36
 http://www.stonesoft.com
 ---
 Subscribe to a Webletter on Trends in Network Security at:
 http://www.stonesoft.com/network_security/
 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Public to Public NAT

2007-11-07 Thread Justin Fletcher
There really shouldn't be any difference when you NAT with a public address;
it'll just be that your inside address is in public address space
instead of private.

Best,
Justin

On Nov 7, 2007 3:17 PM, David Marrow Jr [EMAIL PROTECTED] wrote:
  Does any one have any suggestions?



 How would I go about configuring a Public IP
 to Public IP NAT configuration? I'm in the ne
 st phase of my setup and one of my servers can not
 function in a DMZ Zone or a NAT Zone, the ip address
  due to software licensing has to be a Public IP.
 Please advise, thank you.

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] subnet move/add/change misbehavior [grrrrr!]

2007-11-05 Thread Justin Fletcher
No problem - I know exactly how you feel some days!

And I'd missed the point that it didn't make into the system route table, so the
first question I'd ask is whether the next hop you're specifying is
directly connected?
If it isn't, try using the IP address of the directly connected next hop router.

If it is, well, there's a bit more to figure out, as I've never seen
that behavior.

To try a rephrase on the load config command, it'll make your running
configuration
match the configuration in the file (usually :-) )

Justin

On Nov 5, 2007 8:52 PM, Aubrey Wells [EMAIL PROTECTED] wrote:

 Thanks for the response - sorry for my impatience. :-)

 I dont mind the viewing discrepancy, its the fact that vyatta doesn't
 recognize the existance of the routes - so I can't do anything with them. So
 you're saying load config.boot should fix the problem? Will that cause any
 downtime while it rereads the config, or should it be seamless?

 Also... maybe its just because its been a really long day, but this sentence
 doesn't make any sense:

 it'll remove everything that's not in the current configuration that's in
 the config file, and add the new commands from the config file.

 Could you possibly rephrase for me? :-)



 --
 Aubrey Wells
 Senior Engineer
 Shelton | Johns Technology Group
 404.478.2790
 www.sheltonjohns.com





 On Nov 5, 2007, at 11:31 PM, Justin Fletcher wrote:

 Good questions - I think you're just seeing a synchronization issue.

 If you see it in the system route table (route -n from the Linux
 shell or show route system forward from the CLI) it's really in the
 system RIB as the forwarding information base is updated from the RIB.
 However, show route looks at a different table, and can be somewhat
 out of sync.

 So - if you see the route from show route system forward it made it
 into the route tables correctly - you're just seeing a viewing
 discrepancy issue.

 Also, you can load the configuration using load config.boot in
 config mode; it'll remove everything that's not in the current
 configuration that's in the config file, and add the new commands from
 the config file.

 Best,
 Justin

 On Nov 5, 2007 8:08 PM, Aubrey Wells [EMAIL PROTECTED] wrote:
 Anyone? :-(



 --
 Aubrey Wells
 Senior Engineer
 Shelton | Johns Technology Group
 404.478.2790
 www.sheltonjohns.com





 On Nov 3, 2007, at 10:16 PM, Aubrey Wells wrote:


 Hi,
 I'm having this really frustrating problem where occasionally I will add an
 ip/network to vyatta, or delete an ip and readd it to the same interface
 with a different prefix-length or move it to a different interface (with a
 commit in between) and vyatta will not recognize that the ip/network has
 been added.

 For instance, this evening, I was attempting to add 8.17.X.253 /30 to
 interface eth1 on vif 1180. If i look at the system routing table, it is
 added on the correct interface and traffic passes to the host on the other
 side. But if I do a show route in vyatta the subnet is not there and as
 such, if I try to point a static route at it, the route instead gets added
 to whatever my default route is. for example:

 set protocols static route 1.2.3.0/8 next-hop 8.17.X.254

 that gets added to the config file fine, but a show route shows it having
 a next hop of my default route. The system routing table does the same.
 Also, I cannot delete this route from the config without doing it by hand
 with VI and rebooting (says the route doesnt exist).

 Also, I tried to remove 8.17.X.113 /28 and readd it as 8.17.X.113 /27. I
 removed the ip, commited, and readded it. The subnet didnt show up in the
 vyatta routing table after a commit but it was in the system routing table
 (route -n). Traffic passed just fine.

 When I commit those changes, I see this in the messages log:

 Nov  4 01:49:47 vyatta xorp_fea: [ 2007/11/04 01:49:47 WARNING xorp_fea FEA
 ] Got update for address no in lib
 feaclient tree: eth0.1180/eth0.1180/8.17.X.253

 Nov  4 01:49:47 vyatta xorp_fea: [ 2007/11/04 01:49:47 WARNING xorp_fea FEA
 ] Got update for address no in lib
 feaclient tree: eth1.54/eth1.54/8.17.X.113

 If I save the config, and reboot the box, the configuration loads up just
 fine and all my subnets/routes are correct. This is not a solution, as this
 is my core router in a fast-growing network and I cant go around rebooting
 it every time I add a subnet.

 I'm running the last VC3 beta. (I havent upgraded to VC3 release because I
 didnt want to reboot the box without scheduling a window heh)

 This also happened in VC2.2. I'm not 100% sure about weather or not it
 happens on a PHY, but I think it did, although most of my stuff is on VIFs.

 Please help!

 Oh, and is there a way to get it to dump and reload the config from scratch
 without rebooting? These DELL's have a horrendous POST time because of the
 RAID, DRAC, and BMC BIOSes that all have to load (plus the overhead of
 checking 8G of memory)!


 --
 Aubrey Wells

Re: [Vyatta-users] OSPF over high latency links

2007-10-23 Thread Justin Fletcher
Obvious question, but is this set the same on the routers on both
sides of the link?

Justin

On 10/23/07, Jon [EMAIL PROTECTED] wrote:


 Hi all,

 I have a problem with ospf loosing connection over high latency links. The
 link in question will induce a delay from minimum 1 sec to a maximum of more
 than 20 sec. (Yes, such links do exist:-/ )

 I have tried to set the hello and router-dead intervals to 60 and 240
 respectivly, but I still loose the connection.

 I have also tried to manipulate transmit-delay and retransmit in order to
 handle the latency (20 and 90secs) but no luck so far.

 Can anybody tell me why this happens, or at least what I can do to make ospf
 a bit more forgiving about delayed packages (If that is the problem...)?


 Thanks in advance,

 Jon


 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] VRRP Possible with Vyatta router? Or is there in-built rollover functions

2007-10-19 Thread Justin Fletcher
This is available in the VC3 beta with the new clustering support.

Best,
Justin

On 10/19/07, Daren Tay [EMAIL PROTECTED] wrote:


 Hi guys,

 I am looking to implement a redundant router setup (based on vyatta). Is it
 possible to use applications like Heartbeat to do this?
 Or can I do it with VRRP?

 Thanks!
 Daren
 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Problems with Vyatta yum repo?

2007-10-15 Thread Justin Fletcher
Yes, we ran into an issue with the repositories on Friday, and
disabled the repository while we resolve the issue,  Hope to have it
back shortly -

Justin

On 10/15/07, Roar Bjørgum Rotvik [EMAIL PROTECTED] wrote:
 Hi,

 I see that the Vyatta yum repo under http://archive.vyatta.com/vyatta seems 
 to be
 disabled, as the directory is renamed to vyatta-disabled.

 See http://archive.vyatta.com/:
 Index of /
 Icon  NameLast modified  Size  Description
 [DIR] build-root/ 16-Aug-2007 12:44-
 [DIR] vyatta-disabled/13-Oct-2007 10:59-
 Apache/2.0.55 (Ubuntu) mod_ssl/2.0.55 OpenSSL/0.9.8a Server at 
 archive.vyatta.com Port 80

 This makes my local Vyatta ofr tree to fail during building as it tries to 
 update packages
 from http://archive.vyatta.com/vyatta/.

 Any reason why this directory is renamed to vyatta-disabled and how and 
 when this is
 going to be fixed. I took a quick search in the mailing lists, but did not 
 see any mail
 related to this..

 --
 Roar Bjørgum Rotvik
 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Nagios plugin

2007-10-10 Thread Justin Fletcher
You certainly can; I monitor Vyatta routers with MRTG and Nagios.
And, of course,
there's Net-SNMP (see http://net-snmp.sourceforge.net/) if you're just
looking for other
open source SNMP tools.

Looks like I'll have to check out JFFNMS :-)

Justin

On 10/10/07, SDamron [EMAIL PROTECTED] wrote:
 I am sure you can setup SNMP on it and monitor it with Nagios.

 On 10/10/07, Nicolas Kassis [EMAIL PROTECTED] wrote:
  Does anyone know if there is some Nagios plugin for vyatta in particular
  or has anyone written some check code? I'm curious to see if someone has
  something already written to monitor Vyatta with Nagios.
 
  Nic
 
  ___
  Vyatta-users mailing list
  Vyatta-users@mailman.vyatta.com
  http://mailman.vyatta.com/mailman/listinfo/vyatta-users
 


 --

 No one can build his security upon the nobleness of another person.
 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Dropped packets from users at their end

2007-10-09 Thread Justin Fletcher
Yes, it's outside of the router, and something to debug on the web
server.  From http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.3:

10.3.3 302 Found

The requested resource resides temporarily under a different URI.
Since the redirection might be altered on occasion, the client SHOULD
continue to use the Request-URI for future requests. This response is
only cacheable if indicated by a Cache-Control or Expires header
field.

The temporary URI SHOULD be given by the Location field in the
response. Unless the request method was HEAD, the entity of the
response SHOULD contain a short hypertext note with a hyperlink to the
new URI(s).

I'd see if the log file on the web server gives you more information.

Justin

On 10/9/07, Daren Tay [EMAIL PROTECTED] wrote:

 Hi guys,

 I am using Vyatta router for my web servers and recently, some users are
 complaining their connection to the web servers are getting cut off. I don't
 think its the routers fault, but i need to verify. Apparently they did a
 check on their proxy end and it seems to spew the following:

 HTTP/1.1 302 Object moved
 Location: http://domain.com/
 Connection: closed

 Also, they did a packet capture on their proxy and they noticed that the
 connection was reseted by the web server with the above message at times.

 How should I go about resolving this?
 What does the 302 mean?

 Thanks!

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Logging

2007-10-09 Thread Justin Fletcher
By default, all major issues are logged at warning level or above,  If you want
to log everything, you can enable it in config mode:

set system syslog global facility * level debug

I'll sometimes track this using the root shell when I'm debugging a problem:

tail -f /var/log/messages

Justin

On 10/9/07, Daren Tay [EMAIL PROTECTED] wrote:
 Hi there,

 thanks for the kind pointers.

 So if i want to use the default log (which I can view using show log) what
 options should I use?

 Daren

 -Original Message-
 From: Justin Fletcher [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, 09 October 2007 11:45
 To: Daren Tay
 Cc: vyatta-users@mailman.vyatta.com
 Subject: Re: [Vyatta-users] Logging


 show log is also run outside of config mode --
 You can run any command in config mode by putting run in front of it,
 as in run show log or run show interfaces.

 If you want to watch traffic, tshark is available from the root shell.
 Once you've run logged in as root, try

 tshark -i eth0 -n port 80

 (assuming you want to monitor interface eth0).  This will let you see
 all your web traffic.  A lot of TCP retransmissions would be a sign of
 dropped packets somewhere along the path.

 Personally, I monitor the router with MRTG from http://oss.oetiker.ch/mrtg/
 .
 Others prefer other monitoring tools, such as Cacti (http://www.cacti.net/).

 Justin

 On 10/8/07, Daren Tay [EMAIL PROTECTED] wrote:
  Ahh.. I Have to do show interfaces outside of config mode to see it...
  but is there any way to monitor http traffic only?
 
  Also, show log gives me this:
 
  ERROR: cannot show log because it doesn't exist.
  [edit]
 
  I missed something?
 
  Daren
 
  -Original Message-
  From: Justin Fletcher [mailto:[EMAIL PROTECTED]
  Sent: Tuesday, 09 October 2007 10:49
  To: Daren Tay
  Cc: vyatta-users@mailman.vyatta.com
  Subject: Re: [Vyatta-users] Logging
 
 
  Easiest way is with a show interfaces - it'll give you packet
 statistics.
  By default, the system logs at warning level, so any major issues will be
  visible using show log.
 
  Justin
 
  On 10/8/07, Daren Tay [EMAIL PROTECTED] wrote:
  
  
   Hi guys,
  
   I have been having problems with my web servers behind a vyatta router.
 I
  am
   thinking of trying to check if vyatta is dropping packets.. what should
 I
  do
   to find out?
  
   Also.. I realise under System, there's no logging.
   What's the minimal logging should I use to get useful information
 without
   overloading the system?
  
   Thanks!
   Daren
   ___
   Vyatta-users mailing list
   Vyatta-users@mailman.vyatta.com
   http://mailman.vyatta.com/mailman/listinfo/vyatta-users
  
  
 
 


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Main Vyatta web Page mysteriously gone and no login prompt

2007-10-08 Thread Justin Fletcher
It's a recent discovery tracked in the Bugzilla database.  In the next release,
the installation script checks for it, and ensures that you can't do that.

Justin

On 10/8/07, Scott Pickles [EMAIL PROTECTED] wrote:
 I agree with Jeff.  I too installed Vyatta using the default prompts.  If
 you are aware of the fact that installing root and config on the same
 partitions is an issue, why not either put a disclaimer in the
 documentation, the setup, or both?

 Regards,
 Scott


 On 10/8/07, Jeff [EMAIL PROTECTED] wrote:
 
 
 
  Mysteriously sometime between Thursday afternoon and Monday morning
 
  the vyatta main webpage is gone and I see the lighthttpd placeholder page
 
  nor is it prompting to allow the connection as it did before
 
  and i do not know why..??? Things were all there Thursday afternoon..
 
  I have not rebotted vyatta, and vyatta seems to be running ok
 
  Anyone with any ideas?
 
  Jeff
 
  ___
  Vyatta-users mailing list
  Vyatta-users@mailman.vyatta.com
  http://mailman.vyatta.com/mailman/listinfo/vyatta-users
 
 


 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Logging

2007-10-08 Thread Justin Fletcher
Easiest way is with a show interfaces - it'll give you packet statistics.
By default, the system logs at warning level, so any major issues will be
visible using show log.

Justin

On 10/8/07, Daren Tay [EMAIL PROTECTED] wrote:


 Hi guys,

 I have been having problems with my web servers behind a vyatta router. I am
 thinking of trying to check if vyatta is dropping packets.. what should I do
 to find out?

 Also.. I realise under System, there's no logging.
 What's the minimal logging should I use to get useful information without
 overloading the system?

 Thanks!
 Daren
 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Logging

2007-10-08 Thread Justin Fletcher
show log is also run outside of config mode --
You can run any command in config mode by putting run in front of it,
as in run show log or run show interfaces.

If you want to watch traffic, tshark is available from the root shell.
Once you've run logged in as root, try

tshark -i eth0 -n port 80

(assuming you want to monitor interface eth0).  This will let you see
all your web traffic.  A lot of TCP retransmissions would be a sign of
dropped packets somewhere along the path.

Personally, I monitor the router with MRTG from http://oss.oetiker.ch/mrtg/ .
Others prefer other monitoring tools, such as Cacti (http://www.cacti.net/).

Justin

On 10/8/07, Daren Tay [EMAIL PROTECTED] wrote:
 Ahh.. I Have to do show interfaces outside of config mode to see it...
 but is there any way to monitor http traffic only?

 Also, show log gives me this:

 ERROR: cannot show log because it doesn't exist.
 [edit]

 I missed something?

 Daren

 -Original Message-
 From: Justin Fletcher [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, 09 October 2007 10:49
 To: Daren Tay
 Cc: vyatta-users@mailman.vyatta.com
 Subject: Re: [Vyatta-users] Logging


 Easiest way is with a show interfaces - it'll give you packet statistics.
 By default, the system logs at warning level, so any major issues will be
 visible using show log.

 Justin

 On 10/8/07, Daren Tay [EMAIL PROTECTED] wrote:
 
 
  Hi guys,
 
  I have been having problems with my web servers behind a vyatta router. I
 am
  thinking of trying to check if vyatta is dropping packets.. what should I
 do
  to find out?
 
  Also.. I realise under System, there's no logging.
  What's the minimal logging should I use to get useful information without
  overloading the system?
 
  Thanks!
  Daren
  ___
  Vyatta-users mailing list
  Vyatta-users@mailman.vyatta.com
  http://mailman.vyatta.com/mailman/listinfo/vyatta-users
 
 


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Hard drive errors?

2007-10-06 Thread Justin Fletcher
Yes, sounds like HD errors - I've installed this on systems without DMA,
and there's just a DMA error on bootup error or two.

Before you give up on your disk, run fsck (file system check) from the root
shell - it might be able to find and fix a few errors for you.

Best,
Justin

On 10/6/07, Scott Pickles [EMAIL PROTECTED] wrote:
 All,

 I recently installed Vyatta on an old laptop.  Installation went fine, but
 when I run the router I get the following errors:

 1.  When I 'commit' changes, I receive the error no DRQ received after
 MULTIWRITE
 2.  I am seeing what appear to be hard drive errors such as EXT3-fs error
 on hda1

 Sounds like just a bad HDD, right?  Or is it perhaps something to do with
 DMA?

 Regards,
 Scott
 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Simple bridge configuration keeps rtrmgr from starting

2007-09-27 Thread Justin Fletcher
Any errors in /var/log/messages?  If the router manager is running,
show log will
give you this information.

Justin

On 9/27/07, Art Perkins [EMAIL PROTECTED] wrote:
 I have setup a basic bridge.
 Built on:   Wed Aug 22 00:18:00 UTC 2007
 Build ID:
 87b62b7-1a45b2b-518c9cc-a9aa9f8-4c29b36-2ce9322-200708220018

 set interfaces bridge br0
 commit
 set interfaces ethernet eth0 bridge-group bridge br0
 set interfaces ethernet eth1 bridge-group bridge br0
 commit
 save config.boot

 The bridge comes up no problem, however when I reboot, and attempt to get
 back into the CLI;

 I get the following;

  vyatta:~# xorpsh
 Waiting for xorp_rtrmgr...
 after a minute, it goes back to shell prompt.

 If I stop/start vyatta-rtrmgr, it starts ok but I have the same issue.
 To correct it I have to cp the config.boot.default and then restart rtrmgr.

 TIA
 Art Perkins

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] vyatta login

2007-09-24 Thread Justin Fletcher
Do you have other hardware you could try the CD on?  It's likely to be
something specific with that particular system, or it's possible there's a
problem that occurred when the CD itself was created.

Thanks,
Justin

On 9/21/07, silvertip257 [EMAIL PROTECTED] wrote:
 Marat,

 Here are the results.
 I have not been able to configure anything yet, so there isn't anything in
 the /opt/vyatta/config/ directory.

 Upon executing this cmd:  'ps - ef | grep rtrmgr', I received this output,
 verifying that an instance of rtrmgr is running - root  4871  4827  0
 15:47 tty1 00:00:00 grep rtrmgr

 Attached is the /var/log/messages log file and another updated one, from
 after I tried to run xorpsh as outlined in ebele okwuosa and Michael
 Larson's conversation about login difficulties with v2.2.

 Hope this is of some help and a solution can be arrived at.

 Thanks,
 Mike


 On 9/21/07, Marat Nepomnyashy [EMAIL PROTECTED] wrote:
 
 
  Hi Mike,
 
  The vyatta user login credentials are initialized by rtrmgr based on the
 information in the configuration file.  The rtrmgr may have crashed before
 it would have initialized the login credentials.  To test this hypothesis,
 login as root/vyatta, and do 'ps - ef | grep rtrmgr'.
 
  If the rtrmgr did crash, take a look in '/var/log/messages' for its error
 message.  Most likely it did not like something in the configuration file.
 If you can, please send your configuration file as an attachment, also send
 '/var/log/messages'.
 
  -- Marat
 
 
  - Original Message -
  From: silvertip257
  To: vyatta-users@mailman.vyatta.com
  Sent: Friday, September 21, 2007 12:15 PM
  Subject: [Vyatta-users] vyatta login
 
  I know this will seem to be a rather stupid post, but I cannot seem to get
 into my vyatta after booting Live from CD.
 
  I've got both the VC2 and 2.2 versions on livecd and have not changed a
 thing - I'm booting Live.  My main goal is to use Camarillo ( 2.2) so I'm as
 up-to-date as possible.
 
  I type vyatta and vyatta for username and password, respectively.  I
 get Login Incorrect.
  Despite that user, root and vyatta for username and password work
 fine.
  I've watched the screencast on the vyatta site, so I'm not missing
 anything that I need to know.  I also have all the user/help manuals for
 vyatta, so I have resources and did my homework.
 
  Please help me out, as I've finally eliminated the hardware issues I had
 before.
 
  Thanks,
  Mike
 
 
  

 
  ___
  Vyatta-users mailing list
  Vyatta-users@mailman.vyatta.com
  http://mailman.vyatta.com/mailman/listinfo/vyatta-users
 
 
 



 --
 //  Silvertip257  //

 ==
 Xubuntu 7.04 (Feisty Fawn)
 --- Linux for human beings.
 ( http://www.xubuntu.org/ )
 ~~
 Helix --- Don't leave /home without it.
 (http://www.efense.com/helix/ )
 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users



___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] vyatta login

2007-09-22 Thread Justin Fletcher
Thanks!  The logs help, and show that the router manager failed to start
up, apparently due to an issue with your ethernet card.

Since the router manager didn't start, you'll be unable to log in as user
vyatta, as it expects to communicate with the router manager.

Unfortunately, it's not clear what the issue was; commands dmesg
and lspci may provide diagnostics information.

I'm not a kernel or hardware expert, but if you attach the output of the
commands, I know that there are experts on the list :-)

Best,
Justin

On 9/22/07, silvertip257 [EMAIL PROTECTED] wrote:
 Justin,

 sure -- didn't I attach my /var/log/messages to the email I sent to the
 list?  ah well, here they are anyhow.
 Also like I told Marat, I was just trying to boot from my livecd, so I had
 no configuration any different than would be customary for the live
 environment.

 These are the whole thing/files:
 var_log_mesg.txt is the /var/log/messages file right after the livecd
 booted.
 v_l_msg_updt.txt is the /var/log/messages file after I tried to run xorpsh
 as root user.

 For just the last entry or so of v_l_msg_updt.txt (AFTER trying to use
 'xorpsh'), here it is:
 /home/autobuild/builds/master/2007-08-23-1113/ofr/xorp/xorp/rtrmgr/xorpsh_main.cc
 wait_for_xrl_router_ready ] XrlRouter failed.  No Finder?
 Sep 21 15:52:07 vyatta xorpsh: [ 2007/09/21 15:52:07  ERROR xorpsh:4891
 RTRMGR +890
 /home/autobuild/builds/master/2007-08-23-1113/ofr/xorp/xorp/rtrmgr/xorpsh_main.cc
 main ] xorpsh exiting due to an init error: Failed to connect to the router
 manager
 Sep 21 15:52:30 vyatta login[4894]: (pam_unix) check pass; user unknown

 Here's part of the file var_log_mesg.txt (BEFORE I started do various things
 to get the xorp shell running):
 Failed 10 times to connect to finder.sock: No such file or directory
  Sep 21 15:00:36 vyatta login[4764]: (pam_unix) check pass; user unknown
 Sep 21 15:00:55 vyatta login[4764]: (pam_unix) check pass; user unknown
 Sep 21 15:03:49 vyatta login[4788]: (pam_unix) check pass; user unknown
  Sep 21 15:04:04 vyatta login[4788]: (pam_unix) check pass; user unknown
 Sep 21 15:05:45 vyatta login[4802]: (pam_unix) check pass; user unknown
 Sep 21 15:05:51 vyatta login[4802]: (pam_unix) check pass; user unknown 


 Hopefully this helps.
 Thanks for your interest,

 Mike


 On 9/21/07, Justin Fletcher  [EMAIL PROTECTED] wrote:
  Well, piffle.  If xorpsh didn't start the CLI, tends to indicate that
 there
  are other problems.  Can you cut and paste the last log entries when
  you get a chance, and post it to the list as well?
 
  Best,
  Justin
 
  On 9/21/07, silvertip257  [EMAIL PROTECTED] wrote:
   Justin,
  
   I tried xorpsh and it didn't seem to get me anywhere.
   When I took a look at /var/log/messages again after running that cmd, I
   think there was another error message logged to the file.
  
I'll have to check on that later.
   But vyatta/vyatta isn't getting me into the LiveCD system.
  
   Time to go to work, but I'll update this as I find something new.
  
   Thanks,
   Mike
  
  
On 9/21/07, Justin Fletcher [EMAIL PROTECTED] wrote:
vyatta/vyatta should certainly be correct.  Since you can log in as
   root/vyatta,
just run xorpsh as root; it'll put you in the Vyatta CLI.  As Marat
pointed out,
there may be useful information in /var/log/messages, or show log
 from
   the CLI
to help solve the issues logging as vyatta.
   
Best,
Justin
   
On 9/21/07, silvertip257  [EMAIL PROTECTED] wrote:
 I know this will seem to be a rather stupid post, but I cannot seem
 to
   get
 into my vyatta after booting Live from CD.

 I've got both the VC2 and 2.2 versions on livecd and have not
 changed a
 thing - I'm booting Live.  My main goal is to use Camarillo ( 2.2 )
 so
   I'm as
 up-to-date as possible.

 I type vyatta and vyatta for username and password,
 respectively.  I
   get
 Login Incorrect.
 Despite that user, root and vyatta for username and password
 work
   fine.
 I've watched the screencast on the vyatta site, so I'm not missing
   anything
 that I need to know.  I also have all the user/help manuals for
 vyatta,
   so I
 have resources and did my homework.

 Please help me out, as I've finally eliminated the hardware issues I
 had
 before.

 Thanks,
 Mike

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com

 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


   
  
  
  
   --
   //  Silvertip257  //
   ==
   Xubuntu 7.04 (Feisty Fawn)
   --- Linux for human beings.
   ( http://www.xubuntu.org/)
   ~~
   Helix --- Don't leave /home without it.
   (http://www.efense.com/helix/)
 



 --
 //  Silvertip257  //

 ==
 Xubuntu 7.04 (Feisty Fawn)
 --- Linux for human beings.
 (http://www.xubuntu.org

Re: [Vyatta-users] DHCP-Server configuraion issues

2007-08-28 Thread Justin Fletcher
It's asking for one more piece of information - the interface to
listen on, as in

name CorpLAN {
start 10.0.0.100 {
stop: 10.0.0.200
}
interface: eth2

Best,
Justin

On 8/28/07, Emmanuel Perez [EMAIL PROTECTED] wrote:
 I have been at this for several hours and am not sure what it is that im 
 doing wrong. Here is my  settings (im working from another pc so i had to 
 retype it all in this email):

 ethernet eth0{
   hw-id:**
   address 192.168.5.1{
   prefix: 24
   }
  }
 ethernet eth1{
   hw-id:**
   address 123.0.0.1{
   prefix: 24
   }
  }
 ethernet eth2{
   hw-id**
   address 145.0.0.1{
   prefix:24
   }
  }
 firewall{
 {
   service{
   dhcp-server{
   name ETH0_LOOP{
   start 192.168.5.100{
   stop: 192.168.5.200
   }
   network-mask:24
   dns-server 172.16.0.32
  }
 }
  }


 and the rest has been untouched by my settings.

 After i enter the commit command this is the error i keep getting:

 Missing mandatory configuraion node $(@.interface) required by node 
 Service dhcp-server name ETH0_POOL
 The configuraion has been changed.
 Fix this error, and run Commit again.
 [edit service/dhcp-server/name/ETH0_POOL/dns-server/172.16.0.32


 thanks in advance,

 Manny Perez
 Meditab Software Inc.
 333 Hegenberger Rd. St. 800
 Oakland CA, 94621
 Phone: 510.686.8469 Fax: 510.686.8469

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


Re: [Vyatta-users] Question about VPN's

2007-08-23 Thread Justin Fletcher
There should be no required configuration on the Vyatta; from the
point of view of the router, it's just packets.

The VPN will need to be configured to support NAT traversal, of
course, as it looks like you're using NAT.

Dropped VPN connections are not likely to be an issue with the Vyatta
router, unless there are packet loss issues.  In both cases, things
can be fine in the morning, until enough other users log on and either
the traffic or the license limits are reached :-)

Best,
Justin

On 8/23/07, Dan Darden [EMAIL PROTECTED] wrote:
 Dear List:

 I am a new Vyatta user.  We have it working fairly well and it ROCKS...
 However just one question..

 I have a user that is trying to connect to his company's VPN through our
 network.  We do not want to set up a VPN of any kind, rather just be able to
 allow pass-through traffic.

 What is the fastest, easiest way to handle this?  We are thinking it is the

 Sep VPN Nat Traversal command.  Is this correct?

 Also, to complicate matters, (or to ask another question), our router is
 currently configured to use NAT to pass all packets from inside to outside
 and vice versa.  We have no firewall and no ports are being blocked.  Yet
 this same user is saying that his VPN connection works sometimes.  Like an
 hour in the morning and then not at all after that.  If our configuration
 has stayed the same, and he can connect to his VPN at any point, then would
 the Vyatta config even be causing the problem or would we need to look
 somewhere else?  His company tells him that it is not on their end, and you
 know the drill.  We are hoping to be able to say it is not on ours as well,
 but those games are never very fun for the users.

 Any thoughts?

 Thanks,
 Dan Darden.

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users