headers
jcenteno | 2 Apr 2009 02:04

Working with a 2wire adsl modem

I am having some problems to configure a 2wire adsl modem with an Endian box.

I've installed Endian on a server for testing purposes. My local network
is a Windows Domain controlled one, I have 5 clients, one MS Windows 2003
Std Server acting as Domain Server, I have DHCp for my 5 clients, the
router that the provider is installing is a 2wire modem, 27x series (I
know about the security stuff about this modems, but the ISP (Prodigy)
only supplies this kind of hardware). So, local network, one Endian Box
with two network cards, GREEN + RED, GREEN interface is static ip, RED
interface is static ip. So basically I have:

 LOCAL                     ENDIAN                2WIRE
NETWORK       <---> GREEN    BOX   RED <--->     MODEM   <---> INTERNET
(192.168.10.0)                                (192.168.1.0)

I've enabled the Proxy service to server for my 5 clients with local
authentication option, the problem arises when I see that one of the
clients is accesing the internet without authenticating against the proxy,
so I said, Damn! Transparent Proxy.

After some researching I found that the 2wire modem is a router, so it is
doing its job routing traffic to internet from my local network :D. Well,
I did some research and found that I could use my adls modem as just a
bridge and also found that I could configure Endian to do the
authentication job with PPPoE, so I made the configuration, but the modem
just won't work with Endian, so I ended up going back to normal network
connection with the modem working as a router, but I really need to
authenticate all my traffic. So, after all this sad history :D, my
question is, Is there a way to avoid my users from accessing the internet
without authenticating against my proxy and leave the 2wire modem acting
(Continue reading)

Permalink | Reply | 4 comments |
headers
compdoc | 2 Apr 2009 03:31
Favicon

Re: Working with a 2wire adsl modem

I have a customer that uses a 2Wire modem as a bridge, but
they also have a static IP which gets assigned to the efw.
You can probably google how to do this.

But there is also nothing wrong with using the 2Wire as a
router, with the efw behind it. 

Neither way matters to proxy authentication...

------------------------------------------------------------------------------
Permalink | Reply | 0 comments |
headers
Shaun Skillin (home | 2 Apr 2009 06:50

Re: Working with a 2wire adsl modem

In transparent mode, users will not authenticate.  If you need
authentication, then I think the best way would be to deny direct
outbound access from Green via outbound rules.  If users want to surf,
they must use (and authenticate to, if configured) the proxy.

Shaun

-----Original Message-----
From: jcenteno@...
[mailto:jcenteno@...] 
Sent: Wednesday, April 01, 2009 6:05 PM
To: efw-user@...
Subject: [Efw-user] Working with a 2wire adsl modem

I am having some problems to configure a 2wire adsl modem with an Endian
box.

I've installed Endian on a server for testing purposes. My local network
is a Windows Domain controlled one, I have 5 clients, one MS Windows
2003
Std Server acting as Domain Server, I have DHCp for my 5 clients, the
router that the provider is installing is a 2wire modem, 27x series (I
know about the security stuff about this modems, but the ISP (Prodigy)
only supplies this kind of hardware). So, local network, one Endian Box
with two network cards, GREEN + RED, GREEN interface is static ip, RED
interface is static ip. So basically I have:

 LOCAL                     ENDIAN                2WIRE
NETWORK       <---> GREEN    BOX   RED <--->     MODEM   <---> INTERNET
(192.168.10.0)                                (192.168.1.0)
(Continue reading)

Permalink | Reply | 2 comments |
headers
Christian Weiske | 2 Apr 2009 08:54
Picon
Favicon
Gravatar

Monitoring an endian firewall with munin

Hello,

We are using Munin [1] to monitor servers in our LAN and remote ones. Now we're using endian firewall and need
to integrate that into our monitoring system.
As far as I see, munin-node is not available for endian - is that right?

Did anyone already try to get the firewall monitored with munin? Are there other ways to do that, without
needing munin-node? Is munin somewhere available for efw?

[1] http://munin.projects.linpro.no/
--

-- 
Mit freundlichen Grüßen
Christian Weiske

------------------------------------------------------------------------------
Permalink | Reply | 0 comments |
headers
Johann Scheiber | 2 Apr 2009 11:30
Picon

Total Crash

Hi everybody,

 

I am working with an ordinary standard installation of EFW 2.2 RC3 and hove following problem for witch I would ask

you to tell me your opinion or better a resolution for it.

 

It now happend for the second time that a young (about 1 week or so) EFW installation began to first repeated produce

a HAVP - Virus scanner error (Clamd: Scanner crashed) , having a protocol full of this message "clamd[18023]: /var/spool/havp/havp-Xyx0vE: Broken.Executable FOUND"

As far as I know this is a possibly Bug in ClamAV, however, restarting the service resolves the problem for 24h then

I have those entries again in the log (during those about 24 hours everything is fine, database selfcheck and so on)

the next thing that happens is that /dev/hda4 /var runs to 100% full (about 5GB) and afterwards nearly every service refuse fine working due to

missing space!

 

This now happened the second time on DIFFERENT hardware at different locations with not totally same environment.

Till now, the only resolution I got was a new system installation. 

 

Somehow it seems to me that each singe problem has something to do with the other. Could anybody PLEAASE give me a hint?

 

Thanx so far

------------------------------------------------------------------------------

_______________________________________________
Efw-user mailing list
Efw-user@...
https://lists.sourceforge.net/lists/listinfo/efw-user
Permalink | Reply | 1 comment |
headers
compdoc | 2 Apr 2009 16:20
Favicon

Re: Total Crash

I'm sure you'll get a better answer from someone else on this mailing list, but I found this:

 

"For some reason you have DetectBrokenExecutables enabled. It is not on by default. If it's enabled and downloaded file is bigger than MAXSCANSIZE, there's a good chance it will think it's broken."

 

Do your users download many large files? And just curious, how large is the drive that you have efw installed on?

 

 

 

From: Johann Scheiber [mailto:jo.scheiber-QNUHGYoVNKg@public.gmane.org]
Sent: Thursday, April 02, 2009 3:31 AM
To: Efw-user-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
Subject: [Efw-user] Total Crash

 

Hi everybody,

 

I am working with an ordinary standard installation of EFW 2.2 RC3 and hove following problem for witch I would ask

you to tell me your opinion or better a resolution for it.

 

It now happend for the second time that a young (about 1 week or so) EFW installation began to first repeated produce

a HAVP - Virus scanner error (Clamd: Scanner crashed) , having a protocol full of this message "clamd[18023]: /var/spool/havp/havp-Xyx0vE: Broken.Executable FOUND"

As far as I know this is a possibly Bug in ClamAV, however, restarting the service resolves the problem for 24h then

I have those entries again in the log (during those about 24 hours everything is fine, database selfcheck and so on)

the next thing that happens is that /dev/hda4 /var runs to 100% full (about 5GB) and afterwards nearly every service refuse fine working due to

missing space!

 

This now happened the second time on DIFFERENT hardware at different locations with not totally same environment.

Till now, the only resolution I got was a new system installation. 

 

Somehow it seems to me that each singe problem has something to do with the other. Could anybody PLEAASE give me a hint?

 

Thanx so far

------------------------------------------------------------------------------

_______________________________________________
Efw-user mailing list
Efw-user@...
https://lists.sourceforge.net/lists/listinfo/efw-user
Permalink | Reply | 0 comments |
headers
Johann Scheiber | 2 Apr 2009 18:48
Picon

Total Crash

Thank you for your reply, but I believe that the broken executable detection is definitely turned ON by default in EFW cause those entries can be found in the log on every installation from the beginning on “clamd[3821]: Detection of broken executables enabled” I have never changed anything except turning the ClamAV service on. The size of the hard drive is 20GB witch really should be enough. On another EFW I installed a 10GB large one and this EFW works fine since 6 month without causing any troubles. The usage of /dev/hda4 is 4% in this case, but the same services are running there with identical log configuration ! 

 

By the way, is there any possibility to clear the log manually?                                                         

------------------------------------------------------------------------------

_______________________________________________
Efw-user mailing list
Efw-user@...
https://lists.sourceforge.net/lists/listinfo/efw-user
Permalink | Reply | 1 comment |
headers
compdoc | 2 Apr 2009 19:56
Favicon

Re: Total Crash

Edit the template file at /etc/clamav/clamd.conf.tmpl to disable DetectBrokenExecutables. Change it to no, I think, or comment out the line with a # since it is disabled by default.

 

I don’t remember the command to expand the template, but I think rebooting will cause it to expand to replace /etc/clamav/clamd.conf

 

Don’t edit /etc/clamav/clamd.conf directly because the next time the template is loaded, it will replace clamd.conf, but do look at /etc/clamav/clamd.conf to see if your changes show up...

 

Hope this helps...

 

 

 

 

From: Johann Scheiber [mailto:jo.scheiber-QNUHGYoVNKg@public.gmane.org]
Sent: Thursday, April 02, 2009 10:48 AM
To: efw-user-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
Subject: [Efw-user] Total Crash

 

Thank you for your reply, but I believe that the broken executable detection is definitely turned ON by default in EFW cause those entries can be found in the log on every installation from the beginning on “clamd[3821]: Detection of broken executables enabled” I have never changed anything except turning the ClamAV service on. The size of the hard drive is 20GB witch really should be enough. On another EFW I installed a 10GB large one and this EFW works fine since 6 month without causing any troubles. The usage of /dev/hda4 is 4% in this case, but the same services are running there with identical log configuration ! 

 

By the way, is there any possibility to clear the log manually?                                                         



__________ Information from ESET NOD32 Antivirus, version of virus signature database 3984 (20090402) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

------------------------------------------------------------------------------

_______________________________________________
Efw-user mailing list
Efw-user@...
https://lists.sourceforge.net/lists/listinfo/efw-user
Permalink | Reply | 0 comments |
headers
jcenteno | 2 Apr 2009 19:38

Re: Working with a 2wire adsl modem

Just to say thanks to all the people that helped. Shaun's advice was the
solution for me.

Thanks again.

> In transparent mode, users will not authenticate.  If you need
> authentication, then I think the best way would be to deny direct
> outbound access from Green via outbound rules.  If users want to surf,
> they must use (and authenticate to, if configured) the proxy.
>
> Shaun
>
>
> -----Original Message-----
> From: jcenteno@... [mailto:jcenteno@...]
> Sent: Wednesday, April 01, 2009 6:05 PM
> To: efw-user@...
> Subject: [Efw-user] Working with a 2wire adsl modem
>
> I am having some problems to configure a 2wire adsl modem with an Endian
> box.
>
> I've installed Endian on a server for testing purposes. My local network
> is a Windows Domain controlled one, I have 5 clients, one MS Windows
> 2003
> Std Server acting as Domain Server, I have DHCp for my 5 clients, the
> router that the provider is installing is a 2wire modem, 27x series (I
> know about the security stuff about this modems, but the ISP (Prodigy)
> only supplies this kind of hardware). So, local network, one Endian Box
> with two network cards, GREEN + RED, GREEN interface is static ip, RED
> interface is static ip. So basically I have:
>
>  LOCAL                     ENDIAN                2WIRE
> NETWORK       <---> GREEN    BOX   RED <--->     MODEM   <---> INTERNET
> (192.168.10.0)                                (192.168.1.0)
>
> I've enabled the Proxy service to server for my 5 clients with local
> authentication option, the problem arises when I see that one of the
> clients is accesing the internet without authenticating against the
> proxy,
> so I said, Damn! Transparent Proxy.
>
> After some researching I found that the 2wire modem is a router, so it
> is
> doing its job routing traffic to internet from my local network :D.
> Well,
> I did some research and found that I could use my adls modem as just a
> bridge and also found that I could configure Endian to do the
> authentication job with PPPoE, so I made the configuration, but the
> modem
> just won't work with Endian, so I ended up going back to normal network
> connection with the modem working as a router, but I really need to
> authenticate all my traffic. So, after all this sad history :D, my
> question is, Is there a way to avoid my users from accessing the
> internet
> without authenticating against my proxy and leave the 2wire modem acting
> as router ?
>
> Thanks in advance.
>
>
> ------------------------------------------------------------------------
> ------
> _______________________________________________
> Efw-user mailing list
> Efw-user@...
> https://lists.sourceforge.net/lists/listinfo/efw-user
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Efw-user mailing list
> Efw-user@...
> https://lists.sourceforge.net/lists/listinfo/efw-user
>

------------------------------------------------------------------------------
Permalink | Reply | 1 comment |
headers
Shaun Skillin (home | 2 Apr 2009 21:18

Re: Working with a 2wire adsl modem

Glad to hear it worked.  Now it's your turn to help someone else :).

Shaun 

-----Original Message-----
From: jcenteno@...
[mailto:jcenteno@...] 
Sent: Thursday, April 02, 2009 11:38 AM
To: efw-user@...
Subject: Re: [Efw-user] Working with a 2wire adsl modem

Just to say thanks to all the people that helped. Shaun's advice was the
solution for me.

Thanks again.

> In transparent mode, users will not authenticate.  If you need
> authentication, then I think the best way would be to deny direct
> outbound access from Green via outbound rules.  If users want to surf,
> they must use (and authenticate to, if configured) the proxy.
>
> Shaun
>
>
> -----Original Message-----
> From: jcenteno@... [mailto:jcenteno@...]
> Sent: Wednesday, April 01, 2009 6:05 PM
> To: efw-user@...
> Subject: [Efw-user] Working with a 2wire adsl modem
>
> I am having some problems to configure a 2wire adsl modem with an
Endian
> box.
>
> I've installed Endian on a server for testing purposes. My local
network
> is a Windows Domain controlled one, I have 5 clients, one MS Windows
> 2003
> Std Server acting as Domain Server, I have DHCp for my 5 clients, the
> router that the provider is installing is a 2wire modem, 27x series (I
> know about the security stuff about this modems, but the ISP (Prodigy)
> only supplies this kind of hardware). So, local network, one Endian
Box
> with two network cards, GREEN + RED, GREEN interface is static ip, RED
> interface is static ip. So basically I have:
>
>  LOCAL                     ENDIAN                2WIRE
> NETWORK       <---> GREEN    BOX   RED <--->     MODEM   <--->
INTERNET
> (192.168.10.0)                                (192.168.1.0)
>
> I've enabled the Proxy service to server for my 5 clients with local
> authentication option, the problem arises when I see that one of the
> clients is accesing the internet without authenticating against the
> proxy,
> so I said, Damn! Transparent Proxy.
>
> After some researching I found that the 2wire modem is a router, so it
> is
> doing its job routing traffic to internet from my local network :D.
> Well,
> I did some research and found that I could use my adls modem as just a
> bridge and also found that I could configure Endian to do the
> authentication job with PPPoE, so I made the configuration, but the
> modem
> just won't work with Endian, so I ended up going back to normal
network
> connection with the modem working as a router, but I really need to
> authenticate all my traffic. So, after all this sad history :D, my
> question is, Is there a way to avoid my users from accessing the
> internet
> without authenticating against my proxy and leave the 2wire modem
acting
> as router ?
>
> Thanks in advance.
>
>
>
------------------------------------------------------------------------
> ------
> _______________________________________________
> Efw-user mailing list
> Efw-user@...
> https://lists.sourceforge.net/lists/listinfo/efw-user
>
>
------------------------------------------------------------------------
------
> _______________________________________________
> Efw-user mailing list
> Efw-user@...
> https://lists.sourceforge.net/lists/listinfo/efw-user
>

------------------------------------------------------------------------
------
_______________________________________________
Efw-user mailing list
Efw-user@...
https://lists.sourceforge.net/lists/listinfo/efw-user

------------------------------------------------------------------------------
Permalink | Reply | 0 comments |

Gmane