Previously Alan Shutko wrote:
> An AFS-based setup is used at many places to great effect, especially
> on untrusted nets, but I don't know how bad setup is. I suspect it's
> evil.
There is also SFS which works very nicely indeed.
Wichert.
--
On Tue, Apr 09, 2002 at 12:37:27PM +0200, Wichert Akkerman wrote:
> Previously Alan Shutko wrote:
> > An AFS-based setup is used at many places to great effect, especially
> > on untrusted nets, but I don't know how bad setup is. I suspect it's
> > evil.
>
> There is also SFS which works very ni
On Tue, Apr 09, 2002 at 08:01:14AM +0200, Lupe Christoph wrote:
> Here is an example:
>
> conn %default
> authby=rsasig
> leftrsasigkey=%cert
> rightrsasigkey=%cert
> left=%defaultroute
> leftsubnet=192.168.2.0/24
> leftid="C=DE, ST=Bavaria, O=Octog
We use Debian (sid, 2.4.18 custom, libc6 2.2.5) box with
iptables (1.2.6a) and Obsid's rc.firewall.iptables.dual (1.2b2)
http://www.sentry.net/~obsid/IPTables/rc.scripts.dir/current
as a firewall between private net and Internet.
Every day we get a lot of DENIED PORT messages:
[...]
Apr 9 17:
On Tue, Apr 09, 2002 at 07:20:18PM +0600, Mikhail Romanenko wrote:
> These ports is denied by script, but I do not understand what
> does it mean. If some private net user browser try to connect
> to some Internet www server (DPT=80) it has to use one of the
> dynamic and/or private ports (4
On Tue, Apr 09, 2002 at 06:51:38AM -0500, Rob VanFleet wrote:
> After doing some reading about it, the only thing that turns me off to
> SFS is that you still have to run the usual NFS services for it to work.
> A large part of the reason I am seeking alternatives is that those
> services are so o
On Tuesday, 2002-04-09 at 08:50:18 -0400, Andrew Pimlott wrote:
> On Tue, Apr 09, 2002 at 08:01:14AM +0200, Lupe Christoph wrote:
> > Here is an example:
> >
> > conn %default
> > authby=rsasig
> > leftrsasigkey=%cert
> > rightrsasigkey=%cert
> > left=%defaultroute
On Tue, Apr 09, 2002 at 06:57:18PM +0200, Lupe Christoph wrote:
> On Tuesday, 2002-04-09 at 08:50:18 -0400, Andrew Pimlott wrote:
> > You can save yourself this step: use a leftcert pointing to your
> > certificate, and you don't need the leftid. Reduces redundancy, and
> > avoids having that hug
qpopper LAG...
==
Hallo Debian security folks,
Here's my problem: qpopper daemon (2.53-7) seems to
get some LAGs when there's much/medium internet traffic.
It's a rather strange problem cause it seems like qpopper
or either the user's MUA (mail client) goes in timeout.
The pop3-fe
On Tue, Apr 09, 2002 at 07:23:28AM -0700, Luca Filipozzi wrote:
> On Tue, Apr 09, 2002 at 06:51:38AM -0500, Rob VanFleet wrote:
> > After doing some reading about it, the only thing that turns me off to
> > SFS is that you still have to run the usual NFS services for it to work.
> > A large part o
unsubscribe
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Tue, Apr 09, 2002 at 04:02:34PM -0500, Rob VanFleet wrote:
> On Tue, Apr 09, 2002 at 07:23:28AM -0700, Luca Filipozzi wrote:
> >
> > You run those service locally on each machine only. You don't make them
> > available to other hosts.
>
> Sorry if I'm being completely dense here, but aren't
dear,
i have webserver (running on localnet rfc1918) stay behind a
firewall (using rinetd for redirecting), the apache's log
read all access from the internal interface's firewall
instead of the original source address.
any idea how can i log the original source ipaddress's
anyone who access my
i'm not familiar with rinetd, but if you use netfilter to do dnat the source
address will be maintained. just make sure internal boxes hit the
webserver directly, on the internal ip, rather than through the external
one so they don't get confused by packets coming back directly from the
web serve
On Tuesday, 2002-04-09 at 00:03:20 -0400, Noah L. Meyerhans wrote:
> On Fri, Apr 05, 2002 at 12:13:41PM +0200, Victor Vuillard wrote:
> > the "fswcert" tool, which is used to extract private key from
> > certificate was before in freeswan package. I was not able to find it in
> > 1.95 version of fr
Previously Alan Shutko wrote:
> An AFS-based setup is used at many places to great effect, especially
> on untrusted nets, but I don't know how bad setup is. I suspect it's
> evil.
There is also SFS which works very nicely indeed.
Wichert.
--
_
On Tue, Apr 09, 2002 at 12:37:27PM +0200, Wichert Akkerman wrote:
> Previously Alan Shutko wrote:
> > An AFS-based setup is used at many places to great effect, especially
> > on untrusted nets, but I don't know how bad setup is. I suspect it's
> > evil.
>
> There is also SFS which works very nic
On Tue, Apr 09, 2002 at 08:01:14AM +0200, Lupe Christoph wrote:
> Here is an example:
>
> conn %default
> authby=rsasig
> leftrsasigkey=%cert
> rightrsasigkey=%cert
> left=%defaultroute
> leftsubnet=192.168.2.0/24
> leftid="C=DE, ST=Bavaria, O=Octogo
We use Debian (sid, 2.4.18 custom, libc6 2.2.5) box with
iptables (1.2.6a) and Obsid's rc.firewall.iptables.dual (1.2b2)
http://www.sentry.net/~obsid/IPTables/rc.scripts.dir/current
as a firewall between private net and Internet.
Every day we get a lot of DENIED PORT messages:
[...]
Apr 9 17:0
On Tue, Apr 09, 2002 at 07:20:18PM +0600, Mikhail Romanenko wrote:
> These ports is denied by script, but I do not understand what
> does it mean. If some private net user browser try to connect
> to some Internet www server (DPT=80) it has to use one of the
> dynamic and/or private ports (49
On Tue, Apr 09, 2002 at 06:51:38AM -0500, Rob VanFleet wrote:
> After doing some reading about it, the only thing that turns me off to
> SFS is that you still have to run the usual NFS services for it to work.
> A large part of the reason I am seeking alternatives is that those
> services are so of
On Tuesday, 2002-04-09 at 08:50:18 -0400, Andrew Pimlott wrote:
> On Tue, Apr 09, 2002 at 08:01:14AM +0200, Lupe Christoph wrote:
> > Here is an example:
> >
> > conn %default
> > authby=rsasig
> > leftrsasigkey=%cert
> > rightrsasigkey=%cert
> > left=%defaultroute
On Tue, Apr 09, 2002 at 06:57:18PM +0200, Lupe Christoph wrote:
> On Tuesday, 2002-04-09 at 08:50:18 -0400, Andrew Pimlott wrote:
> > You can save yourself this step: use a leftcert pointing to your
> > certificate, and you don't need the leftid. Reduces redundancy, and
> > avoids having that huge
qpopper LAG...
==
Hallo Debian security folks,
Here's my problem: qpopper daemon (2.53-7) seems to
get some LAGs when there's much/medium internet traffic.
It's a rather strange problem cause it seems like qpopper
or either the user's MUA (mail client) goes in timeout.
The pop3-fet
On Tue, Apr 09, 2002 at 07:23:28AM -0700, Luca Filipozzi wrote:
> On Tue, Apr 09, 2002 at 06:51:38AM -0500, Rob VanFleet wrote:
> > After doing some reading about it, the only thing that turns me off to
> > SFS is that you still have to run the usual NFS services for it to work.
> > A large part of
unsubscribe
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Tue, Apr 09, 2002 at 04:02:34PM -0500, Rob VanFleet wrote:
> On Tue, Apr 09, 2002 at 07:23:28AM -0700, Luca Filipozzi wrote:
> >
> > You run those service locally on each machine only. You don't make them
> > available to other hosts.
>
> Sorry if I'm being completely dense here, but aren't t
dear,
i have webserver (running on localnet rfc1918) stay behind a
firewall (using rinetd for redirecting), the apache's log
read all access from the internal interface's firewall
instead of the original source address.
any idea how can i log the original source ipaddress's
anyone who access my
28 matches
Mail list logo
