| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
Comments:
<0> emacs is the answer to *anything* lispy
<1> smsie, I dont pr definition have a network I can trust which makes it all the more difficult
<0> fredk: aye
<2> smsie: Why? I know of EmacsLisp, but that's about it.
<3> siglite: I'll try to write something up of what I did. Maybe that'll be of some help, even though it might not do or be what you want
<0> kkaisare: I was being facetious. Just try a few, use the one you prefer
<3> siglite: I did find that dealing with plaintext packets coming out of, and going into ipsec0 is far easier than dealing with ipsec packets
<4> PolarWolf: it's time to watch traffic with tcpdump and see what's happening
<5> siglite: good luck :)
<3> siglite: So I made sure that those packets go to where I want them to, and only deal with ipsec as early or late in the process as possible
<3> siglite: That's what I did too, to figure out which ebtables tricks I needed to do :
<6> Trip pics are now all ULed and organized http://that.damnserver.com/?page_id=102&lzkfile=Boston+Vacation%2F
<7> Moo!
<8> Mu
<4> eh, that didn't work out
<9> shifty_28: lose the #hack channel or leave please
<4> bazillions of these: kernel: Dead loop on netdevice ipsec0, fix it urgently!
<3> siglite: Never seen those before :)
<3> siglite: Mind, it took me the better part of a week to figure things out :)
<3> siglite: It gets messy really quick
<3> siglite: Note that everything coming out of a bridge including ipsec0 will have the tunnel endpoint's _public_ IP address attached to it
<3> siglite: You'll have to deal with that somehow
<4> PolarWolf: the fun part, is that every IP in this enterprise is public
<4> this is like, "how to make a transparent ipsec gateway"
<4> it's an oxymoron.
<4> I'm trying to shove an ipsec gateway smack in the middle of a transparent bridging firewall.
<3> siglite: Yeah, I get the idea, and I have the feeling it can be done using my method as basis
<3> siglite: Actually, IMO I already did it entirely, except that I never NAY
<3> err, NAT'ed the public IP address to something else
<4> I'm not nating anything
<4> the "trusted" network is all public space.
<4> this would be so much easier if I *were* natting.
<3> siglite: You'll have to unless you're willing to accept the same address on the network twice. Once for the IPsec tunnel endpoint, and once for the receiving end of the plaintext traffic
<4> all things firewall/vpn these days are designed around nat
<3> ****, I need a diagram
<3> I wish I could draw
<4> PolarWolf: are you suggesting I masquerade all the inbound ipsec connections as the br0 IP/
<4> ?
<3> siglite: No, no
<4> PolarWolf: yeah, that's kinda the issue
<3> siglite: Like I said, everything that comes out of the bridge will have the tunnel endpoint's IP address as DST
<4> taht I'm recieving the endpoint twice.
<3> siglite: Except that address is already is use...by your firewall
<3> siglite: So you'll have to fix that, ebtables can do that, or hell, plain old iptables will too
<3> Since it's plain packets you're working on by now
<3> siglite: You can have copies of all my scripts and stuff if you want to :)
<4> I gotta figure out HTF to make this **** work.
<8> http://www.local6.com/news/9637801/detail.html <= holy ****
<4> basically, I want it to come in ipsec0, go out physdev1, and match as stateful coming back from physdev1 to go out ipsec0
<3> I need to document this **** to make it understandeable
<3> siglite: Everything between ipsec0 and physdev1 is plaintext straight as it went in...including packet flags
<4> so I need to match something on physdev1 on the return, and make sure it gets shot back out ipsec0?
<3> siglite: Yep
<3> siglite: That's an evil trick too, though I might have done it more complicted (mac address NAT) than needbe
<4> any suggestion how to do that match and drop it in the right route?
<3> siglite: Depends on how it's setup. IP wise it should pretty much go automatically
<4> PolarWolf: yeah. Hmm.
<3> siglite: I get a headache trying to come up with a way to explain :)
<3> siglite: When you get this working, document and publish :)
<3> siglite: Do you have the openswan book, btw?
<10> hi all
<10> anyone point me to a good resource on setting up an ssh connection between two machines using GPG keys, and always using compression, X forwarding et al, as default?
<10> I've googled, but there's so much junk out there .. shudder
<11> man ssh
<11> or is that "man sshd". cant remember :P
<12> Jostein: "rtfm" :)
<0> gpg keys?
<0> well, I guess they're rsa keys at least
<13> guys a quick question. which one's a better OS for desktop/home use Ubuntu or Suse Linux?
<0> vIkSiT: look at the docs for ssh-keygen
<12> M27UK: try them both and pick the one you like best.
<10> Jostein, heh.
<10> smsie, looking
<13> Lion-O that's what I'm going to do. I'm working on Suse linux these days after trying Mandrake 10 but would like other's views
<12> M27UK: stfw then.
<10> ok so here's a generic question - lately, i find that when swtiching between applications, or rendering complex javascripts on firefox, i experience a lot of lag in my applications
<12> M27UK: you're not asking opinions, you're asking "which one is better". Reality check: there is no "better" since it heavily depends on personal taste.
<10> what might be the cause of this? I use KDE 3.5 on FC5 on a 1.6g p4m laptop with 7xx MB of ram
<13> that's where the opinion comes from isn't it? I bet you guys out there who've tried couple of them must have a favourite one, like so far i like suse linux
<10> things run fine most of the time - like right now i have xchat, firefox, gaim, wireless networking stuff, expose, firefox, 5 terminals, xmms et al running
<10> but when swtiching - ther's a lag.
<12> M27UK: Many people have many favorites. So whats that to you? Suddenly because I like product X is making product X the best?
<14> vIkSiT 5 terminals is a lot
<10> Comet-, well, its my default :) its a series of konsoles
<12> M27UK: Its all Linux in the end. The same OS with the same components with a different approach. Try it, judge it, pick the best for you. End of story.
<10> all in one window.. tabbed
<10> Lion-O, actually, it depends on one thing here - Suse is good if you want more control over stuff, and Ubuntu just *works*
<0> Comet-: 5 terminals isn't a lot
<15> vIkSiT: and why would you not have that control with ubuntu ?
<0> Comet-: I routinely have 10 per window
<0> not unusual for me to have multiple windows
<12> vIkSiT: Why would SuSE not simply work on the same hardware?
<0> s/window/instance of putty/ I suppose
<14> not sure why his thing is lagging then
<0> since when do you have lots of control with SuSE?
<14> seems like a lot of multitasking for a little machine
<0> it must have changed a lot
<0> Comet-: so? A terminal costs virtually nothing to run.
<14> xchat, firefox, gaim, wireless networking stuff, expose, firefox, 5 terminals, xmms et al running
<14> that is what i was referring to
<0> Comet-: and a 1.6G laptop with 768M RAM is *not* "a little machine" by any means
<13> Lion-0 I'm not an expert of Linux but I work as an admin on Windows domain, I think its somewhat misleading that all linux OS are the same because some of them are really unstable or don't have good hardware detection or something similar
<12> M27UK: And how would that be when they all use the same kernel ?
<0> M27UK: fud
<3> M27UK: Still they're basically the same. By your own admission you're not an expert, so please listen to people who are. Thank you.
<0> M27UK: windows != linux...at all.
<14> vIkSiT well apparently since your machine can run all these things, then i guess its borked
<12> M27UK: Now I'm /really/ getting the feeling that your initial question wasn't to get information but a mere troll to start a pointless discussion.
<0> you can't claim expertise on windows qualifies you to say anything about linux...because it doesn't
<11> smsie: and vica verce :P
<10> whitecap, Lion-O - well, ubuntu has the best hardware compat i've seen in a long time, more so than SusE.. having installed both in a dozen installfests over the past few months
<10> as for control, i guess SuSE has better control in the sense that it is more vocal and graphic about how to control stuff
<0> Jostein: indeed
<10> Comet-, hehe borked?!
<12> Jostein: wrong! I will let you know that using Linux (well, X really) has given me a lot of experience with clicking on buttons!
<14> control is subjective really..
<14> i feel i have better control in ubuntu than most distros
<10> Comet-, and i feel that for FC5 ;)
<11> Lion-O: heh. and using java jas given you lots of experience in virtualization? :P
<10> Jostein, lol
<3> vIkSiT: Just because you depend on automated hardware detection doesn't mean one is of better quality over the other because of it
<12> Jostein: naah, vmware & "that other OS" have done that :)
<14> vIkSiT not borked.. have you checked your proceses while this lag is happening? is the cpu spiking? keep an eye on things ya know
<14> check your cpu load
<7> I think it's pretty funny that someone at Microsoft suddenly realised, "Oh crap, Apple killed Virtual PC."
<11> Lion-O: that "where the sun dont shine OS"?
<10> PolarWolf, no, *I* don't depend on it, but from the kind of questions he's been asking, I guess he needs something which runs out of the box on the first go as opposed to go to yast and find drivers for things and intsll them
<12> vIkSiT: considering both use the 2.6.x kernel branch and none of them use specific distribution additions to the kernel I really fail to see that point.
<10> Comet-, load average: 0.38, 0.47, 0.62 | Cpu(s): 14.5% us, 4.6% sy, 0.0% ni, 78.2% id, 2.3% wa, 0.3% hi, 0.0% si
<10> i wouldn't call that high?
<10> or would i?
<14> nope
<10> Lion-O, hehe nvm
<12> Jostein: *fwap* :P
<12> I still need to add a mysql jdbc connector to this box. hmm
<16> sitting here, getting paid, to irc at a clients
<16> gotta love it
<11> heh
<17> out of traffic?
<18> Any software that can interact with exim where mail senders have to verify their addresses before the mail gets through to me?
<19> hmph!
<19> week now, still haven't updated www.exim.org to reflect 4.63
<0> ceckits: CR systems are a BAD IDEA. Don't Do It!
<16> got paid to sit in a traffic jam and irc too...that was fun
<19> hey Stephen
<19> Teakk: sweet
<18> Why smsie? I get 300+ spams a day
<12> ceckits: verify in what way? Authentication? Exim can handle that on its own.
<0> ceckits: and so you'll add 300 more to that?
Return to
#linux
or
Go to some related
logs:
���12WHAT RECORD LABEL FIRST CAPTURED THE BEATLES?�
#chatzone
#teens
seksy and funy
#chatzone
#AllNiteCafe
90mm turbos
#AllNiteCafe
#MissKitten
#c++
|
|