similar to: Still Confused about Firewalling

Hi All, So before when I used PIX's for my employer, our traffic was statically routed to one IP and then the firewall decided if allowed/ denied and passed it on or dropped it. I have a Comcast business circuit with 13 IP's. The gateway device they provide is a 'pass through' device. They sent traffic for all 13 IP's my way. It just allows traffic through. So if I put

Hi All, I have a home business circuit and I am gearing up to host my business affairs in my place. I have Comcast and 13 static IP's. I have an extra PIII 1U, 2 9gb SCSI, 1gb RAMm dual NICS. So I am wanting to build a firewall to front end my traffic. Assign one of my statics to it and have Comcast statically route my traffic to this IP. Then when traffic comes have it decide if it

Hi All, I want to build a dedicated firewall/router as I am launching a NPO and I can host this in my garage. (Comcast offered me a 100 x 20 circuit for $99/mo with 5 statics) I used to run Untangle, but as of version 9, you are forced to use their build in protocol policies versus the firewalling I am used to (Deny All and then opening holes for specific IP's, etc). There are so many

I have 4 guest VMs installed on 1 host. One of them is Vyatta (VC5). Currently we are using default Xen-bridge for communication between VMs(inter-domain or intra-domain). I want to assign Vyatta(a guest VM) exclusively to replace Xen-bridging for VM to VM communication. Means the traffic sent from guest-1 to guest-2 bypass briging and route through vyatta(VM), instead of going to Dom0. As

Hi all I have installed vyatta system, (vyatta-livecd-vc4-alpha2.iso ) on top of Centos5. Our system requirement is, * Centos 5.1 (2.6.18-92.1.10.el5xen ) * 2 Gb RAM, * x86_64 And cpu information is as follow, [root at turtle4 ~]# cat /proc/cpuinfo processor : 0 vendor_id : AuthenticAMD cpu family : 15 model : 107 model name : AMD Athlon(tm) 64 X2 Dual Core

HI All, How fast does a a small DNS Server need to be? I will have about 10 servers and a few workstations. I have a few older Compaq PIII boxes with 1gb RAM each or I have faster P4 boxes. Same question as above, just a Vyatta type device, Firewalling....? -ML

Hello all, The question is not necessarily CentOS-specific - but there are lots of bright people on here, and - quite possibly - the final implementation will be on CentOS hence I figured I'd ask it here. Here is the situation. I need to configure a Linux-based network load balancer (NLB) solution. The idea is this. Let us say I have a public facing load balancer machine with an public IP

I see the output. root@X10SDV-8C-TLN4F:/mnt/config# cat /var/lib/libvirt/dnsmasq/mgmt-1br1.status [ { "ip-address": "192.168.27.8", "mac-address": "52:54:00:42:21:14", "hostname": "vyatta", "expiry-time": 1589500228 } ] Can you please explain what does the expiry-time mean ? What are its units ? Please let

A friend of mine recommended checking out the Vyatta project. I was reviewing their website and saw endorsements of their product running on both Vmware and Xen. In fact, they have a Vmware virtual image and a beta XenServer image. However, I am running a typical Debian Lenny 64 DomU installed through the repositories. According to their installation documents, it states that the ISO can be

Hi, My customer has a outdated firewall that is also presenting a NAT nightmare for getting the Asterisk server reachable from the internet. What firewalls work good with VOIP? I really want to steer away from any ALG supported firewall. I just want a good firewall that works well with Asterisk. Thanks, David Wathen -------------- next part -------------- An HTML attachment was scrubbed...

Hello in one of the emails I sent earlier ; mark (m.roth at 5-cent.us) mentioned: > install linux on a computer with two ethernet cards. connect eth0 to > your internet connection, and eth1 to your local network. configure > iptables firewall rules in the linux system. or install pfsense on that > same computer. Please if any one can help with more details and

Instead of issuing (0) statements when !CONFIG_SYSFS which will cause 'warning: ', we'll use inline statements instead. This will effectively do the same thing, but suppress any unnecessary warnings. Cc: Stephen Hemminger <shemminger at vyatta.com> Cc: bridge at lists.linux-foundation.org Cc: netdev at vger.kernel.org Signed-off-by: Lee Jones <lee.jones at linaro.org> ---

This patch adds a flag to mdb entries so that we can distinguish permanent entries with temporary ones. Cc: Stephen Hemminger <shemminger at vyatta.com> Signed-off-by: Cong Wang <amwang at redhat.com> --- bridge/mdb.c | 24 +++++++++++++++--------- include/linux/if_bridge.h | 3 +++ 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/bridge/mdb.c

Hi Rahul, If you're certain that your problem isn't as Stephen suggested, you might want to have a look at this: --- (From http://ebtables.sourceforge.net/brnf-faq.html <http://ebtables.sourceforge.net/brnf-faq.html> ) How do I let vlan-tagged traffic go through a vlan bridge port and the other traffic through a non-vlan bridge port? Suppose eth0 and eth0.15 are ports of br0.

By adding the a module alias, programs (or users) won't have to explicitly call modprobe. Vhost-net will always be available if built into the kernel. It does require assigning a permanent minor number for depmod to work. Choose one next to TUN since this driver is related to it. Also, use C99 style initialization. Signed-off-by: Stephen Hemminger <shemminger at vyatta.com> ---

By adding the a module alias, programs (or users) won't have to explicitly call modprobe. Vhost-net will always be available if built into the kernel. It does require assigning a permanent minor number for depmod to work. Choose one next to TUN since this driver is related to it. Also, use C99 style initialization. Signed-off-by: Stephen Hemminger <shemminger at vyatta.com> ---

http://bugzilla.netfilter.org/show_bug.cgi?id=733 Summary: ipset restore won't restore from output of ipset save Product: ipset Version: unspecified Platform: All OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: default AssignedTo: netfilter-buglog at

I am setting up 2 Vyatta routers that will serve as redundant failover core routers out to the backbone of our ISP. They will be serving for routing between other branches and the ISP and bandwidth management. I am trying to differentiate between the plethora of information about having redundant, automatic failover routers and pretty much decided on VRRP for the IP address failover mechanism. I

Hello, I am working on a project where I would like to run Vyatta with Xen (v 3.0.1 from redhat). I have had only mitigated sucess so far. Actually the real Vyatta kernel doesn''t boot inside of Xen. I am planning to get the source and apply the Xen patch to it so then I could boot right off this new Vyatta kernel/initrd being Xen compliant. Here are the steps I took after I downloaded

Hi, I just listed lenny repository and installed tinc from there. I configured tinc interface the usual way but nothing more. It would be interesting to configure the interface from vyatta itself but I don't know how to do it. ------Messaggio originale------ Da: Rob Townley Mittente:tinc-bounces at tinc-vpn.org A:tinc at tinc-vpn.org Rispondi a:tinc at tinc-vpn.org Oggetto: tinc on Vyatta?