Menu
▾
▴
devil-linux-discuss — General Mailing List for all discussions
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(59) |
Sep
(57) |
Oct
(5) |
Nov
(45) |
Dec
(21) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(13) |
Feb
(22) |
Mar
(14) |
Apr
(7) |
May
(33) |
Jun
(57) |
Jul
(25) |
Aug
(40) |
Sep
(53) |
Oct
(58) |
Nov
(75) |
Dec
(22) |
| 2003 |
Jan
(101) |
Feb
(101) |
Mar
(103) |
Apr
(125) |
May
(85) |
Jun
(57) |
Jul
(62) |
Aug
(42) |
Sep
(76) |
Oct
(214) |
Nov
(290) |
Dec
(274) |
| 2004 |
Jan
(187) |
Feb
(172) |
Mar
(313) |
Apr
(209) |
May
(169) |
Jun
(147) |
Jul
(118) |
Aug
(193) |
Sep
(227) |
Oct
(125) |
Nov
(246) |
Dec
(191) |
| 2005 |
Jan
(244) |
Feb
(175) |
Mar
(165) |
Apr
(130) |
May
(217) |
Jun
(122) |
Jul
(188) |
Aug
(235) |
Sep
(165) |
Oct
(133) |
Nov
(209) |
Dec
(88) |
| 2006 |
Jan
(66) |
Feb
(89) |
Mar
(108) |
Apr
(91) |
May
(29) |
Jun
(45) |
Jul
(64) |
Aug
(42) |
Sep
(44) |
Oct
(81) |
Nov
(64) |
Dec
(9) |
| 2007 |
Jan
(24) |
Feb
(122) |
Mar
(55) |
Apr
(50) |
May
(84) |
Jun
(13) |
Jul
(80) |
Aug
(70) |
Sep
(78) |
Oct
(45) |
Nov
(56) |
Dec
(42) |
| 2008 |
Jan
(65) |
Feb
(3) |
Mar
(51) |
Apr
(151) |
May
(54) |
Jun
(72) |
Jul
(73) |
Aug
(47) |
Sep
(55) |
Oct
(123) |
Nov
(16) |
Dec
(4) |
| 2009 |
Jan
(23) |
Feb
(39) |
Mar
(27) |
Apr
(36) |
May
(35) |
Jun
(51) |
Jul
(11) |
Aug
(14) |
Sep
(40) |
Oct
(67) |
Nov
(38) |
Dec
(13) |
| 2010 |
Jan
(15) |
Feb
(35) |
Mar
(40) |
Apr
(11) |
May
(26) |
Jun
(10) |
Jul
(5) |
Aug
(50) |
Sep
(86) |
Oct
(67) |
Nov
(36) |
Dec
(11) |
| 2011 |
Jan
(50) |
Feb
(6) |
Mar
(13) |
Apr
(13) |
May
(29) |
Jun
(27) |
Jul
(26) |
Aug
(27) |
Sep
(21) |
Oct
(7) |
Nov
(27) |
Dec
(4) |
| 2012 |
Jan
(11) |
Feb
(20) |
Mar
(48) |
Apr
(18) |
May
(8) |
Jun
(19) |
Jul
|
Aug
(15) |
Sep
(3) |
Oct
(4) |
Nov
(5) |
Dec
(1) |
| 2013 |
Jan
(13) |
Feb
(7) |
Mar
(4) |
Apr
(25) |
May
(2) |
Jun
(8) |
Jul
(4) |
Aug
(8) |
Sep
(7) |
Oct
|
Nov
(5) |
Dec
(10) |
| 2014 |
Jan
|
Feb
|
Mar
(6) |
Apr
(20) |
May
(5) |
Jun
|
Jul
(2) |
Aug
|
Sep
(8) |
Oct
(21) |
Nov
(4) |
Dec
(7) |
| 2015 |
Jan
(10) |
Feb
(9) |
Mar
(4) |
Apr
|
May
|
Jun
|
Jul
|
Aug
(5) |
Sep
(11) |
Oct
|
Nov
(17) |
Dec
(32) |
| 2016 |
Jan
(10) |
Feb
(15) |
Mar
(4) |
Apr
(7) |
May
(10) |
Jun
(11) |
Jul
(15) |
Aug
(26) |
Sep
(13) |
Oct
(10) |
Nov
(16) |
Dec
(6) |
| 2017 |
Jan
(9) |
Feb
(3) |
Mar
|
Apr
(2) |
May
(2) |
Jun
|
Jul
|
Aug
(3) |
Sep
(3) |
Oct
(6) |
Nov
(8) |
Dec
|
| 2018 |
Jan
(12) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Heiko Z. <he...@zu...> - 2006-10-20 12:54:42
|
Hi Frank, and you don't have this issue with 1.2.10 ? Heiko On Fri, October 20, 2006 00:52, Frank Weis wrote: > Hi all, > > > I have foun that with > 1.2.11-2006-09-18-i586-SMP > > > the partition (on my CF Card) is busy when I try to mount it. The other > partition on the same CF Card mounts fine, as does the USB memory Stick. > Is there a way to circumvent this? > > > For the moment, its not too bad, but after the NEXT remote upgrade, > bootcd.iso will be on hda1 again, and if that one's busy, I wont be able > to able to modify the grub config.... > > Thanks a lot, > > > Frank > > > > devil:~# mount /dev/hda2 /mnt > mount: /dev/hda2 already mounted or /mnt busy > devil:~# df > Filesystem 1K-blocks Used Available Use% Mounted on > rootfs 219418 219418 0 100% / shmfs > 127852 14500 113352 12% /shm > /dev/loop/0 219418 219418 0 100% / > devil:~# cat /etc/mtab > rootfs / rootfs rw 0 0 shmfs /shm shm rw 0 0 /dev/loop/0 / iso9660 ro 0 0 > devfs /dev devfs rw 0 0 proc /proc proc rw 0 0 none /proc/bus/usb usbdevfs > rw 0 0 > > -- > _______________________________________________ > Centre de Technologie de l'Education > 29 avenue John F. Kennedy > L-1855 Luxembourg-Kirchberg > email: Fra...@ct... > tél.: +352 478-5973 > fax: +352 333797 > _______________________________________________ > > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, > security? Get stuff done quickly with pre-integrated technology to make > your job easier Download IBM WebSphere Application Server v.1.0.1 based on > Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > > -- Regards Heiko Zuerker http://www.devil-linux.org |
|
From: Heiko Z. <he...@zu...> - 2006-10-20 12:53:18
|
Thank you for your feedback Victor.
I would appreciate if you could respond to your post on full-disclosure
and confirm that there was no problem with Devil-Linux. We need to limit
the damage this post has already caused.
I forwarded your email to our mailinglist, since non-subscriber emails get
deleted.
Thanks
Heiko
---------------------------- Original Message ----------------------------
Subject: Re: false accusations
From: "Victor Grishchenko" <gr...@pl...>
Date: Fri, October 20, 2006 04:57
To: "Heiko Zuerker" <he...@zu...>
Cc: dev...@li...
dev...@li...
dev...@li...
--------------------------------------------------------------------------
Hi Heiko.
On 19.10.2006, at 23:02, Heiko Zuerker wrote:
> I am the project leader of Devil-Linux.
> First of all our website is up and was not down at any time.
It was a coincidence; our proxy cached zero-sized reply for some
unknown reason.
> I don't know how this bot got on your system, but what you're
> writing does
> not make any sense.
> 1. There's no bot included in the DL sources
Yes, sorry. We had an intrusion.
> 2. I can never have been compiled on a running DL system, because
> there
> are no compilers included.
Indeed. The intruder downloaded a tar both with binaries and sources.
We mistakenly decided that he compiled it right on the site.
> 3. It can only have been introduced (compiled from source as you
> say) if
> the machine you compiled DL on, was compromised.
Unlikely. The intruder's bash_history from the DL host is attached.
> 4. The location you specify (/shm) is a ramdisk. So it must be
> copied onto
> the system after it boots up. This can only be the case if you have
> the
> system wide open and somebody can log in easily.
Yes. Most probably he logged in using public key login from another
intranet host. We found a DMZ host which is the most probable initial
point of the intrusion. Also, we've "seized" a ton of haxor tools.
The intrusion chain was non-obvious, so we mistakenly suspected DL.
The mail was sent to full-disclosure mostly because the DL site
appeared "down".
There are no problems with DevilLinux distro.
My excuses!
Victor
--
Regards
Heiko Zuerker
http://www.devil-linux.org
|
|
From: Frank W. <Fra...@ct...> - 2006-10-20 05:52:21
|
Hi all, I have foun that with=20 1.2.11-2006-09-18-i586-SMP the partition (on my CF Card) is busy when I try to mount it.=20 The other partition on the same CF Card mounts fine, as does the USB memory= =20 Stick. Is there a way to circumvent this? =46or the moment, its not too bad, but after the NEXT remote upgrade, bootc= d.iso=20 will be on hda1 again, and if that one's busy, I wont be able to able to=20 modify the grub config.... Thanks a lot, =46rank =20 devil:~# mount /dev/hda2 /mnt mount: /dev/hda2 already mounted or /mnt busy devil:~# df =46ilesystem 1K-blocks Used Available Use% Mounted on rootfs 219418 219418 0 100% / shmfs 127852 14500 113352 12% /shm /dev/loop/0 219418 219418 0 100% / devil:~# cat /etc/mtab rootfs / rootfs rw 0 0 shmfs /shm shm rw 0 0 /dev/loop/0 / iso9660 ro 0 0 devfs /dev devfs rw 0 0 proc /proc proc rw 0 0 none /proc/bus/usb usbdevfs rw 0 0 =2D-=20 _______________________________________________ Centre de Technologie de l'Education 29 avenue John F. Kennedy L-1855 Luxembourg-Kirchberg email: Fra...@ct... t=E9l.: +352 478-5973 fax: +352 333797 _______________________________________________ |
|
From: Bruce S. <br...@ar...> - 2006-10-19 19:42:49
|
> INITRD_MODULES="parport generic_serial megaraid" megaraid should be available in the initrd, but the others aren't. Try adding modprobes lines in: /etc/init.d/boot.local (see examples in the file) - BS |
|
From: LoRoDo <lo...@gm...> - 2006-10-19 19:30:51
|
this is all : > What does your INITRD_MODULES line in /etc/sysconfig/config look like? > (copy/paste it in an email please) #INITRD_MODULES="BusLogic aic7xxx 3w-xxxx" INITRD_MODULES="parport generic_serial megaraid" > What version of Devil-Linux are you running? Stable Releases 1.2.10 |
|
From: Bruce S. <bw...@ar...> - 2006-10-19 18:19:13
|
> thank you. i did it yesterday too. the problem persist. Really when initrd > goes i read : > Loading module <module name> > modprobe: module <module name> not found. > > where can i declare the complete path ? You don't need the complete path, just the name of the module. What does your INITRD_MODULES line in /etc/sysconfig/config look like? (copy/paste it in an email please) What version of Devil-Linux are you running? > > Add the module to: INITRD_MODULES in /etc/sysconfig/config - BS |
|
From: LoRoDo <lo...@gm...> - 2006-10-19 18:15:36
|
thank you. i did it yesterday too. the problem persist. Really when initrd goes i read : Loading module <module name> modprobe: module <module name> not found. where can i declare the complete path ? bye DV > Add the module to: INITRD_MODULES in /etc/sysconfig/config > > - BS > > |
|
From: Niklas S. <ni...@ni...> - 2006-10-19 17:59:06
|
Thank you both for clarifying this. I couldn't find this directory and files on my 1.2.10 systems, too. And I couldn't find anything suspicious in the build environments. nick.. Bruce Smith wrote: > I can confirm that it's not on any of my 1.2.10 systems. > > There is no /shm/ssh* directory or file on my systems. > > There is no executable file named "TODO" or "todo" on my CD or in RAM. > > There is no executable file in my compiled source code tree named "TODO" > or "todo" on my build system. (the only files named "todo/TODO" are > text-only documentation for some packages, and NOT executable) > > There is no running process named "todo/TODO" on my 1.2.10 boxes. > There are no processes running that I can't account for either. > > The EnergyMech IRC bot (www.energymech.net) is not included in any > version of Devil-Linux. > > The guy either got cracked somehow, or perhaps this is just FUD, since > the full-disclosure mailing list is unmoderated. > > - BS > > |
|
From: Bruce S. <bw...@ar...> - 2006-10-19 17:46:03
|
I can confirm that it's not on any of my 1.2.10 systems. There is no /shm/ssh* directory or file on my systems. There is no executable file named "TODO" or "todo" on my CD or in RAM. There is no executable file in my compiled source code tree named "TODO" or "todo" on my build system. (the only files named "todo/TODO" are text-only documentation for some packages, and NOT executable) There is no running process named "todo/TODO" on my 1.2.10 boxes. There are no processes running that I can't account for either. The EnergyMech IRC bot (www.energymech.net) is not included in any version of Devil-Linux. The guy either got cracked somehow, or perhaps this is just FUD, since the full-disclosure mailing list is unmoderated. - BS > Victor Grishchenko <gritzko <at> plotinka.ru> writes: > > While building and testing a customized version of DevilLinux router > > distro I found an IRC bot onboard. As far as I understood, it was > > EnergyMech compiled from source right there plus some executable named > > "TODO" (for camouflage purposes). The stuff unfolds at /shm/sshd/ and > > runs somehow. Sadly, I had no time for detailed investigation. It leaves > > an overall impression of script kiddie's work. > > Last days DevilLinux website seems to be dead. > > I am the project leader of Devil-Linux. > First of all our website is up and was not down at any time. > > I don't know how this bot got on your system, but what you're writing does > not make any sense. > 1. There's no bot included in the DL sources > 2. I can never have been compiled on a running DL system, because there > are no compilers included. > 3. It can only have been introduced (compiled from source as you say) if > the machine you compiled DL on, was compromised. > 4. The location you specify (/shm) is a ramdisk. So it must be copied onto > the system after it boots up. This can only be the case if you have the > system wide open and somebody can log in easily. > 5. I verified the official 1.2.10 release and there's no bot to be seen. > > So it seems the problem does not like with Devil-Linux, but rather with > your own system. > Please stop spreading accusations like this, especially without properly > analyzing the issue first. > > Regards > Heiko Zuerker > http://www.devil-linux.org |
|
From: Heiko Z. <he...@zu...> - 2006-10-19 17:02:44
|
Hi Victor, Victor Grishchenko <gritzko <at> plotinka.ru> writes: > While building and testing a customized version of DevilLinux router > distro I found an IRC bot onboard. As far as I understood, it was > EnergyMech compiled from source right there plus some executable named > "TODO" (for camouflage purposes). The stuff unfolds at /shm/sshd/ and > runs somehow. Sadly, I had no time for detailed investigation. It leaves > an overall impression of script kiddie's work. > Last days DevilLinux website seems to be dead. I am the project leader of Devil-Linux. First of all our website is up and was not down at any time. I don't know how this bot got on your system, but what you're writing does not make any sense. 1. There's no bot included in the DL sources 2. I can never have been compiled on a running DL system, because there are no compilers included. 3. It can only have been introduced (compiled from source as you say) if the machine you compiled DL on, was compromised. 4. The location you specify (/shm) is a ramdisk. So it must be copied onto the system after it boots up. This can only be the case if you have the system wide open and somebody can log in easily. 5. I verified the official 1.2.10 release and there's no bot to be seen. So it seems the problem does not like with Devil-Linux, but rather with your own system. Please stop spreading accusations like this, especially without properly analyzing the issue first. Regards Heiko Zuerker http://www.devil-linux.org |
|
From: Niklas S. <ni...@ni...> - 2006-10-19 16:49:55
|
Hi, this was posted to the full-disclosure list today. Can anybody confirm this? nick.. |
|
From: Bruce S. <bw...@ar...> - 2006-10-19 12:19:44
|
> Hi to all, i'm new Devil Linux's user and I have a question. :) > > i want to load megaraid module in the init process (no ramdisk) to > support my RAID hardware system and operate on my raid disk. > if i load the module after login it works. > > i try to write in /etc/module the string "megaraid" but it don't work. > i try to configure modules.conf and /etc/hotplug/scsi.agent but > nothing to do! > > is there someone that know the right configuration ? Add the module to: INITRD_MODULES in /etc/sysconfig/config - BS |
|
From: LoRoDo l. <lo...@gm...> - 2006-10-19 11:47:09
|
Hi to all, i'm new Devil Linux's user and I have a question. :) i want to load megaraid module in the init process (no ramdisk) to support my RAID hardware system and operate on my raid disk. if i load the module after login it works. i try to write in /etc/module the string "megaraid" but it don't work. i try to configure modules.conf and /etc/hotplug/scsi.agent but nothing to do! is there someone that know the right configuration ? thankssss bye mimmo |
|
From: Heiko Z. <he...@zu...> - 2006-10-17 13:09:45
|
You can use the Nexcom NSA appliances. http://www.nexcom.com/ I have one of these (NSA 1041) running and they work quite nice. -- Regards Heiko Zuerker http://www.devil-linux.org |
|
From: Bruce S. <bw...@ar...> - 2006-10-17 13:01:03
|
We have one of the Mini-ITX solutions here: http://www.logicsupply.com/ You can get them with compact-flash, two onboard NIC's, USB, CD drive. They are available in very small cases, and rack mounts too. Some are even fanless!!! :-) - BS > Hi all, > > do any of you have any experience to share about either dedicated appliances > (like routerboard.com) or no-name assembled-to-your-desire hardware running > DL? > > We are currently managing 35 firewalls, and the oldest are now in service for > about 4 years, so we will have to face replacement sooner or later. > > We started out with the relatively cheap Fujitsu-Siemens L100, that were small > rackmountable machines, 1U, a little bit deeper than for example Cisco 2500 > series routers. Unfortunately they have been discontinued and we had to move > on to the bigger RX 100 series, that is a lot bigger and really overkill for > our needs. > > What we would need is: > 1 USB, > 1 IDE port OR a flash-card interface > at least for NICs, preferably Gigabit, but not necessarily all of them > 1 PCI-port would be nice (for additional nic) > > rackmountable and low energy consumption would be a plus. > > A salespoint in Europe is also preferable, as we are a public institution, and > buying overseas is generally a real hassle. > > > Thanks a lot for any hints/experiences > > > Frank > |
|
From: Martin H. <ma...@ho...> - 2006-10-17 12:55:23
|
At 14:49 Uhr +0200 17.10.2006, Frank Weis wrote: >Hi all, > >do any of you have any experience to share about either dedicated appliances >(like routerboard.com) or no-name assembled-to-your-desire hardware running >DL? > using a routerboard gives you already all the needed software, IMHO. (...) >What we would need is: >1 USB, >1 IDE port OR a flash-card interface >at least for NICs, preferably Gigabit, but not necessarily all of them >1 PCI-port would be nice (for additional nic) > >rackmountable and low energy consumption would be a plus. check http://www.lex.com.tw/ ... the site is a PITA. Check out their 19" solutions. >A salespoint in Europe is also preferable, as we are a public institution, and >buying overseas is generally a real hassle. well .. :-) hth, martin |
|
From: Frank W. <Fra...@ct...> - 2006-10-17 12:49:30
|
Hi all, do any of you have any experience to share about either dedicated appliance= s=20 (like routerboard.com) or no-name assembled-to-your-desire hardware running= =20 DL? We are currently managing 35 firewalls, and the oldest are now in service f= or=20 about 4 years, so we will have to face replacement sooner or later. We started out with the relatively cheap Fujitsu-Siemens L100, that were sm= all=20 rackmountable machines, 1U, a little bit deeper than for example Cisco 2500= =20 series routers. Unfortunately they have been discontinued and we had to mov= e=20 on to the bigger RX 100 series, that is a lot bigger and really overkill fo= r=20 our needs. What we would need is:=20 1 USB,=20 1 IDE port OR a flash-card interface at least for NICs, preferably Gigabit, but not necessarily all of them 1 PCI-port would be nice (for additional nic) rackmountable and low energy consumption would be a plus. A salespoint in Europe is also preferable, as we are a public institution, = and=20 buying overseas is generally a real hassle. Thanks a lot for any hints/experiences =46rank =2D-=20 _______________________________________________ Centre de Technologie de l'Education 29 avenue John F. Kennedy L-1855 Luxembourg-Kirchberg email: Fra...@ct... t=E9l.: +352 478-5973 fax: +352 333797 _______________________________________________ |
|
From: <ee...@fr...> - 2006-10-11 06:17:35
|
LoSpippolo a =E9crit :
> Sorry for my english.
>
> Can anyone explain me if it'spossible and how to connect devil linux ma=
chine
to a cisco router with ipsec connection ?
>
>
>
Hi,
Had a little experience with it as I was to establish a vpn between a Dev=
il Box
and a cisco hosted somewhere by a network manager for a big medical imagi=
ng
company to allow them to do some remote operations on their systems;
So I clearly had to adapt ipsec config to their settings ... and can't he=
lp at
all for the ios part of the config.
here's some tips :
Encryption level ESP : 3 DES
Hash Algorithm : AH,MD5
Security association lifetime (seconds) : 3600
Encryption Mode : Tunnel
Default Parameter setting : Compression Off , Vendor ID Off
Authentication Method : Shared key
Shared Key name : YouRShaRedSeCReTWithCompl1CaTEDStrin6!
and so FreeSWan config looks like :
--
# /etc/ipsec.conf - Openswan IPsec configuration file
# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces=3D%defaultroute
# Debug-logging controls: "none" for (almost) none, "all" for lo=
ts.
klipsdebug=3Dall
plutodebug=3Dnone
# Use auto=3D parameters in conn descriptions to control startup =
actions.
plutoload=3D%search
plutostart=3D%search
# Don't wait for pluto to complete every plutostart before contin=
uing
plutowait=3Dno
# Close down old connection when new one using same ID shows up.
uniqueids=3Dyes
# Defaults for all connection descriptions
conn %default
keyingtries=3D0
# Tunnel definition
conn MySite2RemoteAdmin
# My Fixed Public IP on the Devil Box (from pppoe to my ISP)
left=3D123.456.123.456
leftnexthop=3D%defaultroute
# My internel lan address space
leftsubnet=3D192.168.0.0/16
# The fixed Public IP of the first Routing device to remote netwo=
rk
right=3D456.789.456.789
rightnexthop=3D%defaultroute
# Remote network address space
rightsubnet=3D10.1.1.0/24
# To initiate this connection automatically at startup,
# We had to use shared secret authentication, see /etc/ipsec.secr=
ets
authby=3Dsecret
type=3Dtunnel
keyexchange=3Dike
keyingtries=3D0
# We use ESP, not AH so let IP protocol tcp port 500 pass the FW=
rules,
as well as IP protocol 50
auth=3Desp
# seems The good cyphers to let freeswan talk with Cisco ios
esp=3D3des-md5-96
ike=3D3des-md5-96
pfs=3Dno
keylife=3D8h
ikelifetime=3D86400
auto=3Dadd
--
# /etc/ipsec.secrets - Openswan IPsec secrets configuration file
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication. See ipsec_pluto(8) manpage, and HTML documentation.
# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf, DNS=
,
# or configuration of other implementations, can be extracted convenientl=
y
# with "ipsec showhostkey".
#: RSA {
# # -- not filled in because ipsec.secrets existed at build time --
# }
# do not change the indenting of that "}"
123.456.123.456 456.789.456.789 : PSK "YouRShaRedSeCReTWithCompl1CaTEDStr=
in6!"
--
You also had to define rules in the FW script to allow or not traffic bet=
ween
the two remote internal lan spaces (192.168.0.0/16 and 10.1.1.0/24 in my
exemple)
As I use Shorewall, had to create an interface vpn0, a zone , policy and =
rules
associated with that network as if it was physicaly plugged in an etherne=
t
device on my DL Box.
the only specific thing is (with shorewall) to add a line like this in th=
e
/etc/shorewall/tunnels :
--
# TYPE ZONE GATEWAY GATEWAY
# ZONE
ipsec net0 456.789.456.789
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--
net0 is the zone I defined for the external DL Box interface ppp0 : the
internet.
In the policy and rules files, I use ipsec0 as interface and 10.1.1.0/24 =
as
interface / Lan addresses to qualify traffic allowed or not.
For the ios part of the config, google is your Friend ;-)
Hope You'll manage to do something with all this ...
MaNU
--
|
|
From: Moray M. <mmc...@ox...> - 2006-10-10 17:26:37
|
I have done this once, a long time ago. No documentation though, and I couldn't talk you through it any more. But you can see an example config at=20 http://www.diverdown.cc/vpn/freeswanpix.html , and if you understand IOS and FreeSwan you will easily get this Warning: the learning curve to ipsec and freeswan is high. A somewhat easier approach - because of there being a fair few good docs around - in terms of learning is to have another DL box running freeswan on the inside of the Cisco PIX, and open the PIX to let traffic through to the relevant ports on the 2nd DL box (esp protocol and UDP 50 if memory serves) An even easier - though a little less secure and a little less flexible - approach using DL is to have two DL boxes running OpenVPN and have the PIX permit interaction between the two DL boxes.=20 I hope this is helpful, sorry I can't be of more direct use. Yours, Moray -------------------------------------=20 Moray McConnachie IS Manager +44 1865 261 600 Oxford Analytica http://www.oxan.com -----Original Message----- From: dev...@li... [mailto:dev...@li...] On Behalf Of LoSpippolo Sent: 10 October 2006 13:35 To: dev...@li... Subject: [Devil-Linux-discuss] ipsec Sorry for my english. Can anyone explain me if it'spossible and how to connect devil linux machine to a cisco router with ipsec connection ? -- LoSpippolo <los...@gm...> ------------------------------------------------------------------------ - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=3Djoin.php&p=3Dsourceforge&CID=3D= DEVDE V _______________________________________________ Devil-linux-discuss mailing list Dev...@li... https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss =20 |
|
From: LoSpippolo <los...@gm...> - 2006-10-10 12:34:44
|
Sorry for my english. Can anyone explain me if it'spossible and how to connect devil linux machine to a cisco router with ipsec connection ? -- LoSpippolo <los...@gm...> |
|
From: Bruce S. <br...@ar...> - 2006-10-09 15:14:28
|
> > >> Unless I'm missing something, it doesn't appear that you can > > >> create new directories under /mnt since the filesystem is read only. > > >> Perhaps /mnt should be made a link to /shm/mnt, Done (committed in CVS for next release). - BS |
|
From: Dick M. <di...@li...> - 2006-10-07 08:09:02
|
ala...@vi... wrote: > I'm stuck. Installed devil-linux got to devil login: can't find what the > login word(s) are. No clue in the docs either. If I remember it's 'root' with no password. Dick |
|
From: <ala...@vi...> - 2006-10-07 07:59:58
|
I'm stuck. Installed devil-linux got to devil login: can't find what the login word(s) are. No clue in the docs either. |
|
From: Bruce S. <bw...@ar...> - 2006-10-06 18:25:44
|
> >>> Are there any other scripts that should "require" the nfs script first? > >> As long as the init script is started in the right order, nothing. ;-) > > > > I guess we'll find out what's in the wrong order after we release it! :) > > > Can you think of anything else? > > networking? Yes, I make sure networking and portmap start before the nfs mounts. I was wondering about other services that might use a NFS drive. - BS |
|
From: Dick M. <di...@li...> - 2006-10-06 18:24:12
|
Bruce Smith wrote: >>> Are there any other scripts that should "require" the nfs script first? >> As long as the init script is started in the right order, nothing. ;-) > > I guess we'll find out what's in the wrong order after we release it! :) > Can you think of anything else? networking? Dick |
50 messages has been excluded from this view by a project administrator.
