Wednesday, January 27, 2010

DHCP forwarding with Cisco and Fortigate

When configuring a network with a central Fortigate firewall and a Cisco 871 router placed on the site I had a problem getting the DHCP relay feature to work.

On the Cisco router I configured the interface as shown below:

interface Vlan1
 ip address 10.10.10.10 255.255.255.0
 ip helper-address 1.1.1.1

The Cisco router forwarded the DHCP packet but I did not get any IP address. When using a packet sniffer I found that the Cisco router sent out the packet with source address=0.0.0.0. The Fortigate firewall did not approve this.

To solve this I removed the helper-address and typed in these lines instead:

service dhcp
ip dhcp relay information policy keep
ip dhcp pool LAN
 relay source 10.10.10.0 255.255.255.0
 relay destination 1.1.1.1

This changed the source address and solved my DHCP forwarding issue.

Labels:

posted by Helge Olav Helgsen @ 12:37   3 comments links to this post

How to Upgrade Cisco IOS in a Cisco Router or a Switch | ItsyourIP.com

How to Upgrade Cisco IOS in a Cisco Router or a Switch | ItsyourIP.com: "How to Upgrade Cisco IOS in a Cisco Router or a Switch"

Labels:

posted by Helge Olav Helgsen @ 12:22   0 comments links to this post

Wednesday, January 13, 2010

Hide the computer from the network browse list

Read from Microsoft how to hide your computer from the network browse list.

med henvisning til: How to Hide the Server's Computer Name from Other Computers in the Domain (vis på Googles sidewiki)

posted by Helge Olav Helgsen @ 13:28   0 comments links to this post

Friday, January 08, 2010

Wireless tools for Windows 7

Read about several tools to discover the wireless networks when running Windows 7.

med henvisning til: NetStumbler for Windows Vista at WLAN Book.com (vis på Googles sidewiki)

posted by Helge Olav Helgsen @ 14:37   0 comments links to this post

Wednesday, January 06, 2010

Permissions on SELinux and Apache modules

During an install of the OpenSSO agent for Apache 2.2 on RedHat Enterprise Linux 5.4 I came across this error message on the /var/log/messages file:

Jan 6 12:04:26 <servername> setroubleshoot: SELinux is preventing the httpd from using potentially mislabeled files /usr/local/apache22_agent/lib/libamapc22.so (usr_t). For complete SELinux messages. run sealert -l 9e764ff8-32b1-441f-bfd1-bc4939f8c73f

To solve this problem you will have to relabel the .so files that you try to load. In my case this was done using this command:

 chcon -u system_u -t httpd_exec_t /usr/local/apache22_agent/lib/*

Labels:

posted by Helge Olav Helgsen @ 13:00   0 comments links to this post

Monday, January 04, 2010

Import a certificate to the java key store

This article shows how to import a certificate (with the private key) into the Java keystore.

med henvisning til:

"Import private key and certificate into Java Key Store"
- Import private key and certificate into Java Key Store (JKS) (vis på Googles sidewiki)

posted by Helge Olav Helgsen @ 13:54   0 comments links to this post