similar to: Config question.

Hi Tinc Mailing-Group, I am a bit stuck with firewalling rules at the moment. Maybe someone could please advise me a good rc.firewall script to use on my setup. If anyone runs an ipchains firewall script on their linux box which is ALSO running tinc, could they please mail it to me, for my perusal. I have tinc pre3 set up and working on my systems, however I can only get it to work if I set the

Dear tincerers- Please help, I need to get this working *today* (ack!). I've installed tinc 1.0p3 on two machines fully updated rh7, "stockton" and "lodi", where "lodi" is trying to "ConnectTo" "stockton". When I start the tinc daemens on each side, this is what i get in my logs: Stockton: Feb 23 19:07:57 srouter tinc.pacheart[2794]: tincd

Dear tincerers- Please help, I need to get this working *today* (ack!). I've installed tinc 1.0p3 on two machines fully updated rh7, "stockton" and "lodi", where "lodi" is trying to "ConnectTo" "stockton". When I start the tinc daemens on each side, this is what i get in my logs: Stockton: Feb 23 19:07:57 srouter tinc.pacheart[2794]: tincd

I'm probably thinking way too hard on this... but I've already got a headache. I've setting up a VPN for a client between two sites. Someone had recommended vtun, so I gave it a try. I was VERY put off by the lack of decent documentation. I _think_ I got a VPN set up between the two sites, but it wasn't working right and I gave up because the documentation sucked. So, then I

I have tried to replace these lines from ipchains to work with shorewall. # /NFS requires 111/tcp (sunrpc/portmapper) and *all* UDP ports./ # ipchains -A input -p tcp -s $SUBNET -i eth0 -d 0/0 111 -j ACCEPT ipchains -A input -p udp -s $SUBNET -i eth0 -d 0/0 -j ACCEPT # /These ports are required by bootp, tftpd, and PXE./ # /There are also a handful of udp ports that need to/ # /be open,

Hi all! I try to make port based routing, because a have two connections to the internet. My router is a "one disk floppy router for linux". It is a big router project www.fli4l.de. I try also to make a opt, it is like a plugin for this router. This project uses Kernel 2.2.19 compiled with libc5 (because it is small and you can use one floppy disk). At the moment, iproute2 is not

I have a couple questions that I will submit separately. When I have IPchains running I can't get my samba box to show up in network neighborhood, but when I turn ipchains off the box shows up. What rules do I need to add for things to work properly? -- Raymond Norton Little Crow Telemedia Network 320-234-0270

Hi ; +--------+ +-----------+ +--------+ | server |---------- | linux box |---------------------| Client | +--------+ +-----------+ +--------+ MY script: tc-htb3 qdisc del dev eth1 root ipchains -F tc-htb3 qdisc add dev eth1 root handle 10: htb default 20 r2q 40 tc-htb3 class add dev eth1 parent 10: classid 10:1 htb

Hi ; MY script: tc-htb3 qdisc del dev eth2 root ipchains -F tc-htb3 qdisc add dev eth2 root handle 10: htb default 20 r2q 40 tc-htb3 class add dev eth2 parent 10: classid 10:1 htb rate 50Mbit burst 2000 tc-htb3 class add dev eth2 parent 10:1 classid 10:100 htb rate 12mbit ceil 50mbit prio 1 tc-htb3 class add dev eth2 parent 10:1 classid 10:20 htb rate 38mbit ceil 50Mbit prio 8 ipchains

I figured this out -- looks like 2.5.1p1 is now using ports < 1024 on the client side (wasn't before?). I had a ipchains rule to allow ACK packets to 1024:65535, which was good enough for <= 2.3.0p1 : #allow only ACK tcp packed ipchains -A input -j ACCEPT -i eth0 -s any/0 --dport 1024:65535 -p tcp ! -y So I added the following : #allow return from ssh connections ipchains -A input -j

Just a quick word - I spent two days trying to get Samba to work. The whole problem was a lack of knowledge about ipchains (firewall). It was part of the RH7.1 install package, and the medium security setting stops all tcp and udp traffic for a lot of ports, including those needed for NetBIOS (137-139) It is pretty easy to fix, the IPCHAINS-HOWTO is a good and humorous read, and by the end of

I'm just about to give up in despair of getting Samba working on my network. I've browsed through several books, HOWTOs and websites and still can't figure out what I'm doing wrong. Before I quit, could someone double check this and maybe spot what I've missed? First, let me describe my network. Names and IP addresses have been changed to protect the innocent. :-)

Hi there, first of all I want to thank everybody who gave me good advise so far ;-). Now it's the first time I can give advise, and I'm quite glad that I can start giving insted of only taking now :-) ! Hi Petr, Yes, I have solved my general problems as follows: First of all you have to check your firewall settings, because that was the major problem on my system. On RH 7.2 the

I have found this problem while trying to see the active rules on IPTABLES: [root@worf root]# iptables --list /lib/modules/2.4.7-10/kernel/net/ipv4/netfilter/ip_tables.o: init_module: Device or resource busy Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters /lib/modules/2.4.7-10/kernel/net/ipv4/netfilter/ip_tables.o: insmod

Suppose: ipchains -A forward -s inside_net -d 0/0 -j MASQ -m 100 (similar setup with iptables: iptables -A PREROUTING -t nat -s inside_net -d 0/0 -j SNAT iptables -A PREROUTING -t nat -s inside_net -d 0/0 -j MARK --set_mark 100) eth0 = outside iface eth1 = inside iface now: tc filter add dev eth0 ... handle 100 fw should catch packets marked by the above rule in ipchains (iptables). Ok. When

Hi Who concern, I setup TINC VPN follow these. 192.168.1.x / 24 (Client groups) | 192.168.1.1 (eth1) (GW1) 202.44.34.206 (eth0) || Internet || 202.44.45.14 (eth0) (GW2) 192.168.2.1 (eth1)

Howdy, I tried tackling this on irc with Ivo, but I suspect that irc may really not be the best medium for technical discussions, so I'll reprise it here. I am trying to duplicate the "tinc from behind a masquerading firewall" example from the tinc web site: (home) <--> (masquerading firewall) <--> (office) 192.168.1.21 192.168.1.1/1.2.3.4

Hi- I heard about a bug in ipchains, could you please tell me what to do? Thanks

Hi stef; imq patch of 2.2.17 form http://luxik.cdi.cz/~devik/qos/imq.htm diff against 2.2.17 Can you tell me how imq work with ipchains? thanks for your help regards, haipe _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hello, I got trouble installing tinc daemon. Every time when a connection comes in, the daemon crashes: Mar 6 18:32:56 localhost tinc.vpn[20703]: tincd 1.0pre3 (Feb 21 2001 02:32:50) starting, debug level 5 Mar 6 18:32:56 localhost tinc.vpn[20703]: Ready: listening on port 655 Mar 6 18:33:00 localhost tinc.vpn[20703]: Connection from 192.168.0.4 port 1135 Mar 6 18:33:00 localhost