Thank you all.
I actually installed the vyatta router on my PC.I did checked the linux shell
and I confirmed that my router running config was there.
I may be missing something out on vyatta 3 because I never encounter such
problem with vyatta 1.0.3 version.I encountered silmilar problem with vyatta
vc2. But no such problem with vyatta version 1.0.3 And that is the reason I
keep on with vyatta 1.0.3.
I think the vyatta technical team should work on this issue.Probably config
directory should be left on route directory like in the vyatta version 1.0.3
[EMAIL PROTECTED] wrote:
> >Send Vyatta-users mailing list submissions to
> vyatta-users@mailman.vyatta.com
>
>To subscribe or unsubscribe via the World Wide Web, visit
> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>or, via email, send a message with subject or body 'help' to
> [EMAIL PROTECTED]
>
>You can reach the person managing the list at
> [EMAIL PROTECTED]
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of Vyatta-users digest..."
>
>
>Today's Topics:
>
> 1. Re: Vyatta Stateful Firewall Issue (Komal Shah)
> 2. can't find my running config (Isiak Solih Sadik)
> 3. Re: can't find my running config (Justin Fletcher)
> 4. Re: can't find my running config (James A. Shigley)
> 5. Re: can't find my running config (Dave Roberts)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Thu, 15 Nov 2007 17:35:04 +0530
>From: Komal Shah <[EMAIL PROTECTED]>
>Subject: Re: [Vyatta-users] Vyatta Stateful Firewall Issue
>To: vyatta-users@mailman.vyatta.com
>Message-ID: <[EMAIL PROTECTED]>
>Content-Type: text/plain; charset=ISO-8859-1
>
>Excellent!
>
>Please consider adding this information in documentation.
>
>Komal
>
>Robyn Orosz wrote:
>> Hi Adrian,
>>
>> First off, I apologize for the long delay in getting back to you but, I
>> think I have an answer for you. On the Vyatta router, try the following:
>>
>> echo 0 > /proc/sys/net/netfilter/nf_conntrack_tcp_loose
>>
>> Then try running the nmap ACK scan again. The RST packet, which is what
>> nmap is expecting in return, should not even get sent by the host since
>> the ACK packet should be blocked by the firewall this time.
>>
>> What was happening is that a state of "NEW" in iptables means exactly
>> that--any new TCP packet. It does not mean a new TCP packet with the
>> SYN flag set. The 'nf_conntrack_tcp_loose' option can be modified
>> however, to enforce a more stringent set of checks on incoming TCP
>> packets. With this option set to 0, the firewall will compare the
>> packet against the existing conntrack entries and drop it because it is
>> not a valid packet for establishing a new connection and it is not part
>> of an existing established connection.
>>
>> The benefit of having this value set to 3 (the default) is that it will
>> try and pick up any existing connections that were terminated as a
>> result of a system reload or other unexpected failure. So, it assumes
>> that the new ACK packet was part of a previous connection that got
>> dropped and cleared from the conntrack table when the system went down.
>> If this is not a concern of yours, then I'd say setting it to 0 would
>> not cause any other problems.
>>
>> An enhancement request has actually already been open to allow the
>> nf_conntrack_tcp_loose value to be modified via the CLI:
>>
>> https://bugzilla.vyatta.com/show_bug.cgi?id=2122
>>
>> Another option is to add a rule directly in iptables that drops any NEW
>> packets that don't have the SYN flag set. EX:
>>
>> iptables -I FORWARD 1 -p tcp ! --syn -m state --state NEW -j DROP
>>
>> This rule gets added to the beginning of the iptables FORWARD chain and
>> drops any new packets that don't have the SYN flag set. The problem
>> with this workaround is that you have to be careful when running
>> firewall rules in the CLI and in iptables as their order of entry is
>> very important and can cause problems or confusion if it gets out of
>> sync. You'll also have to script any rules that you add directly into
>> iptables and also the echo into the nf_conntrack_tcp_loose so that your
>> changes will still exist after a reboot.
>>
>> I also opened an enhancement request to add TCP flag match criteria into
>> the Vyatta firewall. So, in the future, the rule above should be
>> configurable via the CLI:
>>
>> https://bugzilla.vyatta.com/show_bug.cgi?id=2474
>>
>> Thank you and let me know if this works for you.
>>
>> -Robyn
>>
>
>
>------------------------------
>
>Message: 2
>Date: Thu, 15 Nov 2007 23:09:57 +0530
>From: Isiak Solih Sadik <[EMAIL PROTECTED]>
>Subject: [Vyatta-users] can't find my running config
>To: vyatta-users@mailman.vyatta.com
>Message-ID: <[EMAIL PROTECTED]>
>Content-Type: text/plain; charset="us-ascii"
>
>Pls Help!
>I installed vyatta router 3 on my pc and it worked parfectly.I actually saved
the running config on the default file opt/vyatta/etc/config/config.boot.but
when I reboot my vyatta can't route anything.I found out that my saved running
config is no longer in opt/vyatta/etc/config/config.boot
>What can I do.
>
>Sadiku Babatunde
>
>-------------------------------------------------
>'There is no deity worthy of worship except Allah and Muhammad (peace be upon
him) is his final Messenger.'
>
>http://www.Darussalam.net/
>Read, Learn, Implement!
>
>------------------------------
>
>Message: 3
>Date: Thu, 15 Nov 2007 09:46:24 -0800
>From: "Justin Fletcher" <[EMAIL PROTECTED]>
>Subject: Re: [Vyatta-users] can't find my running config
>To: "Isiak Solih Sadik" <[EMAIL PROTECTED]>
>Cc: "." <[EMAIL PROTECTED]>
>Message-ID:
> <[EMAIL PROTECTED]>
>Content-Type: text/plain; charset=ISO-8859-1
>
>Are you running the live CD or installed to disk? If you're running
>the live CD, the file system is in memory, and you need to save to
>floppy for the configuration to be preserved across reboots.
>
>Justin
>
>On Nov 15, 2007 9:39 AM, Isiak Solih Sadik <[EMAIL PROTECTED]> wrote:
>> Pls Help!
>> I installed vyatta router 3 on my pc and it worked parfectly.I actually
>> saved
the running config on the default file opt/vyatta/etc/config/config.boot.but
when I reboot my vyatta can't route anything.I found out that my saved running
config is no longer in opt/vyatta/etc/config/config.boot
>> What can I do.
>>
>> Sadiku Babatunde
>>
>> -------------------------------------------------
>> 'There is no deity worthy of worship except Allah and Muhammad (peace be
>> upon
him) is his final Messenger.'
>>
>> http://www.Darussalam.net/
>> Read, Learn, Implement!
>> _______________________________________________
>> Vyatta-users mailing list
>> Vyatta-users@mailman.vyatta.com
>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>>
>>
>
>
>------------------------------
>
>Message: 4
>Date: Thu, 15 Nov 2007 13:17:49 -0600
>From: "James A. Shigley" <[EMAIL PROTECTED]>
>Subject: Re: [Vyatta-users] can't find my running config
>To: <vyatta-users@mailman.vyatta.com>
>Message-ID:
> <[EMAIL PROTECTED]>
>Content-Type: text/plain; charset="iso-8859-1"
>
>I have a similar problem twice now. And I do have it installed to a disk not
running off the iso.
>
>James Shigley
>Monroe Telephone Answering Service
>409-981-9213
>Infinity 5.4,UC 4.02, Blink 3.0.104
>Ecreator:5.03, eResponse 1.1.6
>Webportal,WebApps,
>?
>CONFIDENTIALITY NOTICE: This email, including any attachments, contains
information which may be confidential or privileged. The information is
intended to be for the use of the individual or entity named above. If you are
not the intended recipient, be aware that any disclosure, copying, distribution
or use of the contents of this information is prohibited. If you have received
this email in error, please notify the sender immediately by "reply to sender
only" message and destroy all electronic and hard copies of the communication,
including attachments.
>
>"Common sense is the collection of prejudices acquired by age eighteen." --
Albert Einstein
>"Once you can accept the universe as matter expanding into nothing that is
something,wearing stripes with plaid comes easy." -- Albert Einstein
>"I know a little of everything, but a lot of nothing"
>
>
>-----Original Message-----
>From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Justin Fletcher
>Sent: Thursday, November 15, 2007 11:46 AM
>To: Isiak Solih Sadik
>Cc: .
>Subject: Re: [Vyatta-users] can't find my running config
>
>Are you running the live CD or installed to disk? If you're running
>the live CD, the file system is in memory, and you need to save to
>floppy for the configuration to be preserved across reboots.
>
>Justin
>
>On Nov 15, 2007 9:39 AM, Isiak Solih Sadik <[EMAIL PROTECTED]> wrote:
>> Pls Help!
>> I installed vyatta router 3 on my pc and it worked parfectly.I actually
>> saved
the running config on the default file opt/vyatta/etc/config/config.boot.but
when I reboot my vyatta can't route anything.I found out that my saved running
config is no longer in opt/vyatta/etc/config/config.boot
>> What can I do.
>>
>> Sadiku Babatunde
>>
>> -------------------------------------------------
>> 'There is no deity worthy of worship except Allah and Muhammad (peace be
>> upon
him) is his final Messenger.'
>>
>> http://www.Darussalam.net/
>> Read, Learn, Implement!
>> _______________________________________________
>> Vyatta-users mailing list
>> Vyatta-users@mailman.vyatta.com
>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>>
>>
>_______________________________________________
>Vyatta-users mailing list
>Vyatta-users@mailman.vyatta.com
>http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>
>
>------------------------------
>
>Message: 5
>Date: Thu, 15 Nov 2007 11:45:29 -0800 (PST)
>From: "Dave Roberts" <[EMAIL PROTECTED]>
>Subject: Re: [Vyatta-users] can't find my running config
>To: "'James A. Shigley'" <[EMAIL PROTECTED]>,
> <vyatta-users@mailman.vyatta.com>
>Message-ID: <[EMAIL PROTECTED]>
>Content-Type: text/plain; charset="iso-8859-1"
>
>> I have a similar problem twice now. And I do have it
>> installed to a disk not running off the iso.
>
>Hmmm... That's a problem.
>
>Do you know what you typed to save it? Are you sure you didn't save it to
>another file name? The system allows you to save different files under
>different names, but those won't get picked up on a reboot. It only gets
>saved to the boot config if you don't specify a different name. If you did
>this, you can try to load the file, then save it out again with no name.
>
>You should also be able to exit the shell, possibly all the way to the
>login prompt, then login as root and look at the config file to see what's
>there.
>
>-- Dave
>
>
>
>------------------------------
>
>_______________________________________________
>Vyatta-users mailing list
>Vyatta-users@mailman.vyatta.com
>http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>
>
>End of Vyatta-users Digest, Vol 23, Issue 32
>********************************************
-------------------------------------------------
'There is no deity worthy of worship except Allah and Muhammad (peace be upon
him) is his final Messenger.'
http://www.Darussalam.net/
Read, Learn, Implement!
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
