I recently had a bad time with my CEO's laptop(Its on M$ XP.As of now I can't even dream about having it on linux.But at least I am happy he admires Mozilla Thunderbird after using it).
It was showing a strange behaviour. The wireless network gets connected for a few seconds and then it immediately gets off from the network. When I try reconnecting it, it again repeats this same behaviour.I start a ping and the first few packets , say 12 or 15 of them give a response even if I try www.google.com if its done immediately after a reconnect to the wireless network , but then after a few seconds it even stops pinging to the gateway ( the wireless AP). I couldn't think of any firewall that would block any pattern of traffic only after a few seconds .
Well, finally it turned out to be an issue with the anti virus software installed , or rather a virus in the machine. The explanation I can think of is like this.
There's a virus in the system which the anti-virus seems to detect only after the network comes up and there's some regular interval when the anti virus software polls something to detect it and the moment it identifies the virus , it's inbuilt firewall cuts off the machine from the network.
If anyone has any better ideas , please suggest.
Friday, June 23, 2006
Wednesday, June 21, 2006
Working on command line tools with proxy settings
In situations where you have a proxy and you need to use command line tools like wget going through the proxy , add the following commands
export http_proxy="http://192.168.1.10:3128"
export ftp_proxy="http://192.168.1.10:3128"
If you need authentication on it in wget,add
wget --proxy-user "Domain\username" --proxy-passwd "pass123" http://mirror.kernel.org/linux.iso
Altenatively, you may encode the username/password in the http_proxy variable:
export http_proxy="http://username:password@192.168.1.10:3128"
export ftp_proxy="http://username:password@192.168.1.10:3128"
export http_proxy="http://192.168.1.10:3128"
export ftp_proxy="http://192.168.1.10:3128"
If you need authentication on it in wget,add
wget --proxy-user "Domain\username" --proxy-passwd "pass123" http://mirror.kernel.org/linux.iso
Altenatively, you may encode the username/password in the http_proxy variable:
export http_proxy="http://username:password@192.168.1.10:3128"
export ftp_proxy="http://username:password@192.168.1.10:3128"
Monday, June 12, 2006
Linux Netfilter is better than PIX
Well, in some aspects.........
The other day I was trying to migrate a Linux Netfilter based firewall onto a Cisco PIX device.
I really felt pity for PIX. The GUI was very ill designed , many things were just so bad in the GUI that I decided to switch over to its CLI. I tried adding a new NAT rule , it went wrong and then when I tried to delete it it started giving errors.When I did the same with the CLI , it worked well.When I tried to change the interface IP of the mgmt interface , it said the dhcp server is in a different range so you cant change it.Vice versa it the dhcp said the interface ip was on a diff subnet. Finally the CLI worked.
Then to the rules .I don't know why Cisco doesn't feel that two external IPs should not be mapped to an internal IP. Iptables just flawlessly allows it.I've really lost the big impression I had about PIX.Though its better than the Checkpoint Firewall-1 that I have used on Nortel Contivity boxes it still doesn't have many feature that Netfilter has. Well it does have a few that Netfilter doesn't have too...But then PIX is supposed to be best in the market ....
Well , it didn't convince me.............
The other day I was trying to migrate a Linux Netfilter based firewall onto a Cisco PIX device.
I really felt pity for PIX. The GUI was very ill designed , many things were just so bad in the GUI that I decided to switch over to its CLI. I tried adding a new NAT rule , it went wrong and then when I tried to delete it it started giving errors.When I did the same with the CLI , it worked well.When I tried to change the interface IP of the mgmt interface , it said the dhcp server is in a different range so you cant change it.Vice versa it the dhcp said the interface ip was on a diff subnet. Finally the CLI worked.
Then to the rules .I don't know why Cisco doesn't feel that two external IPs should not be mapped to an internal IP. Iptables just flawlessly allows it.I've really lost the big impression I had about PIX.Though its better than the Checkpoint Firewall-1 that I have used on Nortel Contivity boxes it still doesn't have many feature that Netfilter has. Well it does have a few that Netfilter doesn't have too...But then PIX is supposed to be best in the market ....
Well , it didn't convince me.............
Subscribe to:
Posts (Atom)