OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archives: Re: Altavista Firewall98 SP3 broken on DU

Re: Altavista Firewall98 SP3 broken on DU40D

Subject: Re: Altavista Firewall98 SP3 broken on DU40D
From: Bruce B. Platt (bbpcomport.com)
Date: Thu Dec 16 1999 - 07:19:15 CST

At 12:07 PM 12/15/1999 +0100, Van Bemmel, Berend wrote:

Are you running with hw supported by Digital/Tru64 Unix? Not all network
cards are
supported by the OS?

I run this here and it works fine. My setup was done as follows:

1. Clean install of OS (V4.0d)
2. OS patchkit 3 install. No need for any patchkit greater than this on an
FW system
3. FW SW install, then without rebooting, install of FW SP3, then a reboot.

As far as what's wrong with your system:

What do your logs say?. I would particularly look at:

1. /var/adm/messages -- is the system seeing both your ethernet cards on
the way up? Can you ping hosts on both the red and blue nets?

2. Were you careful in installing only the recommended sw subsets during
the initial OS install? One should only install the subsets for additional
networking services, document preparation tools, and so forth as described
in the FW install guide. The only exception is if you want full man pages
then install those, as the FW install will install man pages for the FW sw.

Having worked with this sw a lot on our systems and those of customers,
it's pretty simple to set up and get working, just don't get too fancy the
first time. Make sure you have hardware that's supported by the OS and be
sparing the in choice of OS software subsets.

Regards

->Hello,
->
->I have made a test install of Altavista Firewall 98 on a DU40D box (with and
->without digital patch kit 5). After I install the firewall SP3 the screen
->function on the ethernet devices is broken. The following message is shown
->during boot:
->
-> ioctl (SIOCSREENON): Operation not supported on socket
-> Cannot set Screen Mode ON
->
->This means that after aplying this service pack the machine no longer does
->screening (packet filtering) and might even be acting as a router now since
->the forwarding on the firewall is (and should be?) on. This is fatal for
->security afcourse!
->
->Regular support through compaq and axent gave no help at all on this issue
->so far (altough is looks pretty serious to me). Has anybody else seen this
->and/or solved it?
->
->btw. I need SP3 because in SP2 the generic proxies are broken in a very bad
->way (among some other stuff).
->
->Cheers,
->
->Berend W. van Bemmel
->
->
->**********************************************************************
->This email and any files transmitted with it are confidential and
->intended solely for the use of the individual or entity to whom they
->are addressed. If you have received this email in error please notify
->the system manager.
->
->This footnote also confirms that this email message has been swept by
->MIMEsweeper for the presence of computer viruses.
->
->www.mimesweeper.com
->**********************************************************************
->

+--------------------------------------+
Bruce B. Platt, Ph.D.
Comport Consulting Corporation
78 Orchard Street, Ramsey, NJ 07446
Phone: 201-236-0505 Fax: 201-236-1335
bbpcomport.com, bruce bruce.platt
OR, brucebbplatt.com

This archive was generated by hypermail 2b27 : Fri Dec 17 1999 - 19:50:44 CST