PPTP and Firewalls
I'm having some trouble setting up a PPTP VPN server behind a firewall. Internet - Firewall LAN (Including PPTP server) At the moment I'm forwarding port 1723 back to the PPTP server. I can see the logs of the client connecting to the server, but when the server sends it's first LCP ConfReq there is never any reply. I'm guessing there is some sort of routing issue involved, but can't seem to get it set up. The firewall and PPTP server are both running 2.4.18 kernels with iptables and GRE tunnels set up as modules and mppe patches for the kernel and for pppd, both are Debian stable. I know the VPN configs are fine as I can get it working if the VPN runs on the firewall, but I'd really rather not have the VPN running on the firewall if I can get around it. Thanks for any suggestions/help.
Re: PPTP and Firewalls
On Fri, 9 May 2003 03:16 pm, Simon Bland wrote: > I'm having some trouble setting up a PPTP VPN server behind a firewall. > > Internet - Firewall LAN (Including PPTP server) > > At the moment I'm forwarding port 1723 back to the PPTP server. I can > see the logs of the client connecting to the server, but when the server > sends it's first LCP ConfReq there is never any reply. I'm guessing > there is some sort of routing issue involved, but can't seem to get it > set up. > > The firewall and PPTP server are both running 2.4.18 kernels with iptables > and GRE tunnels set up as modules and mppe patches for the kernel and for > pppd, both are Debian stable. > > I know the VPN configs are fine as I can get it working if the VPN runs > on the firewall, but I'd really rather not have the VPN running on the > firewall if I can get around it. > > Thanks for any suggestions/help. Does the PPTP server have a real IP address, or is there some sort of NAT/DNAT/SNAT being done by the firewall? What do you see with a tcpdump on the firewall, and does the server's ConfReq actually make it to the client at all? Can the PPTP server ping the client? Have you explicitly allowed GRE traffic through the firewall? t -- GPG : http://n12turbo.com/tarragon/public.key
SMTP Auth - Ldap server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi I'm trying to SMTP Auth, but the incoming mail server and the outgoing mail server are two different machines, that is, if I want the pop pass and the smtp pass to be the same, I need to sync the two passwd files. Mantaining the two different passwd files on the machines could lead to inconsistency, so I've thought the only way is installing a Ldap server. Do you know any other way to share passwd? Do you know a howto to auth pop3 and smtp with ldap? And a howto transfer the passwd file to a ldap server? Thanks :) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE+u3heGOU6HQZ81TcRAsIaAJ9n8GXb+2uYXYVEQxi0Fbej1/5v5gCeIpik 2M+fN21fqsrkLOLSkfPwIpU= =xl6x -END PGP SIGNATURE-
Re: Network monitor
On Fri, May 02, 2003 at 09:37:12AM -0700, brian moore <[EMAIL PROTECTED]> wrote a message of 22 lines which said: > I use 'mon' (in the package of the same name). Trivial to add new > monitors if you know a bit of Perl I use and like mon as well and you do not need Perl to write custom monitors or alerts. They are ordinary programs, not Perl modules, and can be written in Bourne shell or in C if you like.
Re: Open File Limit
On Fri, 9 May 2003 10:22, Donovan Baarda wrote: > > cat /proc/sys/fs/inode-nr > > 10:19:33 [EMAIL PROTECTED]:~ > $ cat /proc/sys/fs/inode-nr > 32189 20527 > > I'm guessing this means my system has 20527 files open out of a maximum > allowed 32189. > > That's quite a bit more than I expected, given that it's a server with > only 2 clients currently using it. However, it is running squid, samba, > slapd, inn2, etc. That doesn't sound right. Maybe some process is doing something wrong and using too many file handles. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
testing, please ignore
Sorry, please ignore. -- MuMlutlitithtrhreeaadededd s siigngnatatuurere D.A.Bishop
Re: testing, please ignore
It'd be wise NOT do this kind of things on a high-volume mailinglist. David Bishop <[EMAIL PROTECTED]> wrote on Fri, 9 May 2003 08:42:31 -0600: > Sorry, please ignore. > -- > MuMlutlitithtrhreeaadededd s siigngnatatuurere > D.A.Bishop Mit freundlichen Gruessen / Best regards Dominik Schulz
Re: Open File Limit
I am latching on the tail end of this thread. I ran the command on my IMAP server with 200 users logged in. [EMAIL PROTECTED]:~$ cat /proc/sys/fs/inode-nr 210202 35354 a few secs later [EMAIL PROTECTED]:~$ cat /proc/sys/fs/inode-nr 210229 35354 I guess I l have a ulimit set to low here ? [EMAIL PROTECTED]:~$ ulimit -a core file size(blocks, -c) 0 data seg size (kbytes, -d) unlimited file size (blocks, -f) unlimited max locked memory (kbytes, -l) unlimited max memory size (kbytes, -m) unlimited open files(-n) 1024 pipe size (512 bytes, -p) 8 stack size(kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes(-u) 7168 virtual memory(kbytes, -v) unlimited -- -\ - /- --([0]-[0])-- +oOOo-(_)-oOOo--+ | Theodore Knab | | Annapolis Linux LUG when not a sysadmin | +---+ |You are my wife, so you are under contractually| |obligated to like me. ---Homer Simpson | |oOOo | | ()oOOo | +\ (( )--+ \_) ) / (-/
Re: Network monitor
On Fri, May 09, 2003 at 03:53:14PM +0200, Stephane Bortzmeyer wrote: > On Fri, May 02, 2003 at 09:37:12AM -0700, > brian moore <[EMAIL PROTECTED]> wrote > a message of 22 lines which said: > > > I use 'mon' (in the package of the same name). Trivial to add new > > monitors if you know a bit of Perl > > I use and like mon as well and you do not need Perl to write custom > monitors or alerts. They are ordinary programs, not Perl modules, and > can be written in Bourne shell or in C if you like. Agreed, but I find perl ideal for it, especially since it's so easy to steal the 'framework' from one of the provided or 'contrib' monitors and drop it into place. You can monitor piles of things, and with the dependency code, the pager doesn't explode when a system barfs. (ie, if you ping 'mailserver', and it fails, you don't get paged about "hey, smtp is broke!" and "hey, pop3 is broke!" and "hey, imap is broke!" (not to mention "hey, I couldn't find out if the disk space is low!" "I couldn't find out if ssh is responding). Even cooler some m4, to make for a much prettier config (m4 doesn't magically make everything look like sendmail.cf... it is really nice!). So you can have things like: watch mrskull service ping MONITOR(2m, fpingv.monitor --dumpstat) ANNOY_BRIAN(10m) SSH_MONITOR_IF(mrskull:ping) service disk description available disk space MONITOR_IF(mrskull:ping, 5m, snmp_freespace.monitor -c community) ANNOY_BRIAN(10m) etc... Only bad thing about 'mon' is that the name, while descriptive, makes it hard to find in search engines. :) -- | Old Yeller ate my cat today brian moore <[EMAIL PROTECTED]> | and whoopy snorped and Whoopy Snorped away. | -- the residents
postfix calling spamassassin/razor and Ravantivirus under Debian
I really struggled with the lack of good documentation and the massive changes with version updates of these superb tools so I've documented my eventual success at: http://www.psyctc.org/Linux-Debian/spam.html for anyone wanting to set up server wide (i.e. not user controllable) antispam in a similar way. Chris PSYCTC: Psychotherapy, Psychology, Psychiatry, Counselling and Therapeutic Communities; practice, research, teaching and consultancy. Chris Evans & Jo-anne Carlyle http://psyctc.org/ Email: [EMAIL PROTECTED]
