Could NAT be an option?
Jean-Christophe Varaillon
------------
ALTEC Telecoms - NOC
14, Patmou, 151 23 Maroussi, Greece
Tel: +30 210 6872932
Fax: +30 210 6872904
E-mail: vajc(a)altectelecoms.gr
ICQ: 264-755-242
-----Original Message-----
From: swinog-bounces(a)lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] On Behalf Of Steven.Glogger(a)swisscom.com
Sent: Thursday, March 22, 2007 12:12 AM
To: swinog(a)swinog.ch
Subject: [swinog] MPLS VRF source routing (inter-vrf routing)
hi all
i've got some nice cisco bugs / features / whatever.
some prerequisites:
- 2 VRFs: vrf blue and vrf red
- both vrfs have a different default route.
- a PPP session / user terminating in vrf blue
a specific route (10.0.1.0/29) is routed over static route (e.g. radius
avpair) over the ppp session (vrf blue).
this route is imported to vrf red by importing rd values and route-map filtering.
so the connectivity from the red vrf to the vrf blue is working (one way).
so, the goal (and this is the problem) is traffic souring that specific route should go back to vrf red.
how i thought would be the simplest way to do it: policy routing.
interface virtual-access123
ip policy route-map set-vrf-red
...
!
access-list 110 permit 10.0.1.0 0.0.0.7 any
route-map set-vrf-red permit 10
match ip address 110
set vrf red
!
would be the nicest way of doing this.
now the but: if you put the policy on the virtual-template / radius profile the session starts flapping (connect/disconnect/connect/disconnect....). so: not usable.
my other approach was:
interconnect vrf blue with vrf red by a vlan / interface.
assume on vrf blue: fastethernet0/0 with 11.0.0.1/30 connnected to vrf red with fastethernet0/1 with 11.0.0.2/30.
modifying the route map to:
route-map set-vrf-red permit 10
match ip address 110
set interface fastethernet0/0
set ip next-hop 11.0.0.2
!
this will stop the flapping (disconnect/connect/disconnect...) of the ppp session and the whole routing works as expected.... BUT: somewhen it stops working because of one thousand possible CEF bugs ;-(
i have to put "no ip route-cache cef" on the interconnection interface, then it works. some hours later (as already said) it stops working. when i do again "no ip route-cache cef" on the interface it works some other hours.
i've tried several IOS for the C7200series and the only half-way working version is the 12.4T (or even 12.3T).
so, now the big question to the community:
1) do you see any other working way doing source-routing from one vrf to another vrf?
(there's a vrf source routing command, but i think this will really not
scale)
2) do you have encountered the same CEF bugs? (i have seen them on 7206,
1841 and 2851 series routers)
how cisco tells me to do it:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/products_feature_
guide09186a0080296409.html
i would be glad to get some input from you guys.
greetings
-steven
_______________________________________________
swinog mailing list
swinog(a)lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Disclaimer
The information in this e-mail and any attachments is confidential. It is intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, or person responsible for delivering this information to the intended recipient, please notify the sender immediately. Unless you are the intended recipient or his/her representative you are not authorized to, and must not, read, copy, distribute, use or retain this message or any part of it. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.
---------- Forwarded message ----------
From: Hank Nussbacher <hank(a)efes.iucc.ac.il>
Date: 24.04.2007 01:00
Subject: [c-nsp] Cisco recall on 3560 and 3750 switches and PWR-2300RPS
To: cisco-nsp(a)puck.nether.net
Cc: cisco-l(a)listserv.ac.il
"Although there has not been a reported safety incident, Cisco is aware of
a potential safety issue that can be caused by a welded nut breaking free
inside the switch and Redundant Power Supply (RPS).
Tightening the mounting screws used to secure the power supply or blower
module to the switch or the RPS can lead to a welded nut on the interior to
the switch or RPS breaking free from the chassis sheet metal. A risk of
electric shock may exist if the chassis is not properly grounded and the
loose nut comes in contact with the power supply line-in and chassis."
There is no workaround. To check whether your switch needs to be replaced
and to submit your details for the RMA go to the following page:
http://www.cisco.com/en/US/customer/products/ps7077/products_field_notice09…
[available to registered users]
This alert is not only for 3560 and 3750 switches but also for owners of
RPS - PWR-2300RPS. This RPS can affect the following equipment:
• Cisco Catalyst 3750-E Series Switches
• Cisco Catalyst 3750 Series Switches
• Cisco Catalyst 3560-E Series Switches
• Cisco Catalyst 3560 Series Switches
• Cisco Catalyst 3550 Series Switches
• Cisco Catalyst 2960 Series Switches
• Cisco Catalyst 2950 Series Switches
• Cisco Catalyst Express 500 Series Switches (select PoE models only)
• Cisco 3825 Integrated Services Routers
• Cisco 2851 Integrated Services Routers
• Cisco 2821 Integrated Services Routers
• Cisco 2811 Integrated Services Routers
Regards,
Hank Nussbacher
http://www.interall.co.il
_______________________________________________
cisco-nsp mailing list cisco-nsp(a)puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Dear all
I have a question regarding the "Meldestelle" that need to be active since 01.04.2007 for SPAM issues.
Can someone explain me, where i can send SMS Spam requests regarding Art. 45 Abs. 2 from the FMG
for a SMS Spam that was sent from a Swisscom SMSC ?
abuse(a)bluewin.ch seems to handle only Internet Spams. Where can i send a FAX, Email and a Letter ?
Can someone from Swisscom help me ? :-)
Thank you
Daniele Ladu
Senior Technical Support Operator
sunrise
TDC Switzerland AG
Customer Care
Postfach
Hagenholzstrasse 20/22
CH-8050 Zürich
Phone: +41 58 777 53 61
Fax: +41 58 777 97 07
daniele.ladu(a)sunrise.net
www.sunrise.ch <http://www.sunrise.ch/>
Privileged/confidential information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to any such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply e-mail. Please advise immediately if you or your employer does not consent to the receipt of Internet e-mail for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of the company shall be understood as neither given nor endorsed by it.
Just wondering if anyone knows I need to do anything special to use the
Swisscom SMSC at 0622100000? I'm trying to send an SMS via Asterisk,
and although the connection is established, the SMSC just seems to hang
up on me.
/Per
--
/Per Jessen, Zürich
Hi there!
We currently operate our own ShortID 20037 with seperate large accounts from
Swisscom, Sunrise and Orange. Since Orange is no longer able to deliver
large accounts _without_ the payment options (CHF 2500.-/Month), we're
looking for a company that is able to "host" our 20037 for incoming SMS
traffic from Orange mobile subscribers. We don't need outgoing traffic, only
a handfull of incoming SMS. (Mobile -> LargeAccount).
If you can operate that or know someone who can, contact me off-list please.
Thanks and best wishes,
Matthias
_________________________________________
mhs @ internet AG
Zürcherstrasse 204, CH - 9014 St. Gallen
Phone +41 71 274 93 93, Fax +41 71 274 93 94
http://www.mhs.ch
_________________________________________
: but still voting to block mail from dialup and adsl ranges
On DHCP DSL ranges. I see some businesses that have a legitimate email server on statically assigned DSL ranges...
scott
--- roger(a)mgz.ch wrote:
From: "Schmid" <roger(a)mgz.ch>
To: <swinog(a)swinog.ch>, <surfer(a)mauigateway.com>
Subject: Re: [swinog] Re: blocking ports?
Date: Fri, 13 Apr 2007 10:32:28 +0200
isn't the most spam comming via compromized Computers ?
adsl Dynamic or dialup user you should never trust them if the say the dont spam.
they have to send mail the way smtp is thought for, that means send email to the smtp relay next to you. prevent him to send email via any other relay.
if this would be consequent done by all ISP most of the spam would dissapear, and we could concentrate to prevent abusing other system for doing their harmfull work.
Funny thing is one ISP is switching off his SMTP relay telling the client to use other smtp relay in the wild and call that a first action according to the "stop spam" campaign.
another one is blocking port25 und force the user to use the ISP?s SMTP Relay and even explain this is done due to the "stop spam" campaign
how to believe anything ?
confused .... but still voting to block mail from dialup and adsl ranges ;-)
---------- Original Message ----------------------------------
From: "Scott Weeks" <surfer(a)mauigateway.com>
Reply-To: swinog(a)swinog.ch, surfer(a)mauigateway.com
Date: Thu, 12 Apr 2007 11:19:56 -0700
>
>
>Hello,
>
>: So if a customer proofs that he is able from a technical
>: Point of view to operate an mail server in a secure manner
>: and assures not to abuse email for spam then it's not
>: acceptable that an ISP block anything to him.
>
>This is what I was saying to the guys here at my work. We just need a small proof that the customer isn't a spammer and we open it up. However, most of our customers are less-technical savy home folks. Did you have to prove to your ISP that you weren't spamming? If so, how did they have you do that?
>
>Thanks,
>scott
>
>
>--- Peter.Bickel(a)idv.ch wrote:
>
>From: Peter Bickel <Peter.Bickel(a)idv.ch>
>To: swinog(a)swinog.ch, surfer(a)mauigateway.com
>Subject: Re: [swinog] Re: blocking ports?
>Date: Thu, 12 Apr 2007 12:03:28 +0200
>
>Scott Weeks schrieb:
>>
>>
>> : You'd be amazed how many companies operate their own
>> : mail servers, even behind dynamic addresses
>>
>> I'm speaking with guys in my company on an issue and part of the discussion has to do with me saying no one runs a mail server from behind a dynamic IP addresses. Other than just your experiences, does anyone have pointers to data on folks that do this?
>>
>> scott
>
>Hi Scott
>
>we do exactly this for IDV & Network Consulting. We operate our own
>Mailserver
>(Solaris with sendmail and iamp) in our internal Network which is
>connected to
>Cablecom (DHCP ;-)) In addition we have some Maschines in a hosting
>environment
>which have of corse fixed IP addresses which we use to relay to the outside.
>All hosts use Solaris and sendmail and are protected with IPFilter with very
>restrictive Rules. Incomming email is going through the external hosts and
>an IPIP Tunnel directly to the internal mail server.
>
>We really don't want to be dependend on an ISPs email SETUP. DNS is the
>same which helped me in the past a lot where several customers weren't able
>to use the net everything worked for us. So if a customer proofs that he
>is able from a technical Point of view to operate an mail server in a
>secure manner and assures not to abuse email for spam then it's not
>acceptable
>that an ISP block anything to him.
>>
>>
>>
>>
>> --- swinog-list(a)dudes.ch wrote:
>>
>> From: Markus Wild <swinog-list(a)dudes.ch>
>> To: swinog(a)swinog.ch
>> Subject: Re: [swinog] Re: blocking ports?
>> Date: Wed, 11 Apr 2007 19:26:39 +0200
>>
>> Jonathan,
>>
>>> Sorry but I disagree with Per. ISPs have a duty to prevent email
>>> Spam which is a terrible curse for us all. If they decide that
>>> blocking port 25 outbound will help then they should do it.
>>>
>>> If you are a user, why can't you use the ISPs relay server? If you
>>> are a provider you ought to have your own mail server on a fixed IP
>>> address.
>>
>> You'd be amazed how many companies operate their own mail servers, even
>> behind dynamic addresses (in which case they usually use some mailbox
>> polling mechanism to feed their server from mail from the outside), but
>> send outgoing mail directly with SMTP.
>>
>>> Of course, one day we need a better protocol than SMTP (*Simple* Mail
>>> Transfer Protocol) which was never meant as a global email solution.
>>> But until then we have to do something to stop people abusing it.
>>
>> But by killing the payload, not the messenger, please...
>>
>> Cheers,
>> Markus
>> _______________________________________________
>> swinog mailing list
>> swinog(a)lists.swinog.ch
>> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
>>
>>
>> _______________________________________________
>> swinog mailing list
>> swinog(a)lists.swinog.ch
>> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
>
>
>--
>
>
>Gruss
> Pitsch
>
>__________________________________________________________________________
>
>Peter Bickel e-mail: bickel(a)idv.ch
>IDV & Network Consulting Telefon: +41 1 853 24 16
>Gumpenwiesenstrasse 38 Fax: +41 1 853 27 04
>CH-8157 Dielsdorf Mobile: +41 79 666 15 50
>
>__________________________________________________________________________
>
>
>
>
>_______________________________________________
>swinog mailing list
>swinog(a)lists.swinog.ch
>http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
>
________________________________________________________________
Sent via the WebMail system at mgz.ch
isn't the most spam comming via compromized Computers ?
adsl Dynamic or dialup user you should never trust them if the say the dont spam.
they have to send mail the way smtp is thought for, that means send email to the smtp relay next to you. prevent him to send email via any other relay.
if this would be consequent done by all ISP most of the spam would dissapear, and we could concentrate to prevent abusing other system for doing their harmfull work.
Funny thing is one ISP is switching off his SMTP relay telling the client to use other smtp relay in the wild and call that a first action according to the "stop spam" campaign.
another one is blocking port25 und force the user to use the ISP?s SMTP Relay and even explain this is done due to the "stop spam" campaign
how to believe anything ?
confused .... but still voting to block mail from dialup and adsl ranges ;-)
---------- Original Message ----------------------------------
From: "Scott Weeks" <surfer(a)mauigateway.com>
Reply-To: swinog(a)swinog.ch, surfer(a)mauigateway.com
Date: Thu, 12 Apr 2007 11:19:56 -0700
>
>
>Hello,
>
>: So if a customer proofs that he is able from a technical
>: Point of view to operate an mail server in a secure manner
>: and assures not to abuse email for spam then it's not
>: acceptable that an ISP block anything to him.
>
>This is what I was saying to the guys here at my work. We just need a small proof that the customer isn't a spammer and we open it up. However, most of our customers are less-technical savy home folks. Did you have to prove to your ISP that you weren't spamming? If so, how did they have you do that?
>
>Thanks,
>scott
>
>
>--- Peter.Bickel(a)idv.ch wrote:
>
>From: Peter Bickel <Peter.Bickel(a)idv.ch>
>To: swinog(a)swinog.ch, surfer(a)mauigateway.com
>Subject: Re: [swinog] Re: blocking ports?
>Date: Thu, 12 Apr 2007 12:03:28 +0200
>
>Scott Weeks schrieb:
>>
>>
>> : You'd be amazed how many companies operate their own
>> : mail servers, even behind dynamic addresses
>>
>> I'm speaking with guys in my company on an issue and part of the discussion has to do with me saying no one runs a mail server from behind a dynamic IP addresses. Other than just your experiences, does anyone have pointers to data on folks that do this?
>>
>> scott
>
>Hi Scott
>
>we do exactly this for IDV & Network Consulting. We operate our own
>Mailserver
>(Solaris with sendmail and iamp) in our internal Network which is
>connected to
>Cablecom (DHCP ;-)) In addition we have some Maschines in a hosting
>environment
>which have of corse fixed IP addresses which we use to relay to the outside.
>All hosts use Solaris and sendmail and are protected with IPFilter with very
>restrictive Rules. Incomming email is going through the external hosts and
>an IPIP Tunnel directly to the internal mail server.
>
>We really don't want to be dependend on an ISPs email SETUP. DNS is the
>same which helped me in the past a lot where several customers weren't able
>to use the net everything worked for us. So if a customer proofs that he
>is able from a technical Point of view to operate an mail server in a
>secure manner and assures not to abuse email for spam then it's not
>acceptable
>that an ISP block anything to him.
>>
>>
>>
>>
>> --- swinog-list(a)dudes.ch wrote:
>>
>> From: Markus Wild <swinog-list(a)dudes.ch>
>> To: swinog(a)swinog.ch
>> Subject: Re: [swinog] Re: blocking ports?
>> Date: Wed, 11 Apr 2007 19:26:39 +0200
>>
>> Jonathan,
>>
>>> Sorry but I disagree with Per. ISPs have a duty to prevent email
>>> Spam which is a terrible curse for us all. If they decide that
>>> blocking port 25 outbound will help then they should do it.
>>>
>>> If you are a user, why can't you use the ISPs relay server? If you
>>> are a provider you ought to have your own mail server on a fixed IP
>>> address.
>>
>> You'd be amazed how many companies operate their own mail servers, even
>> behind dynamic addresses (in which case they usually use some mailbox
>> polling mechanism to feed their server from mail from the outside), but
>> send outgoing mail directly with SMTP.
>>
>>> Of course, one day we need a better protocol than SMTP (*Simple* Mail
>>> Transfer Protocol) which was never meant as a global email solution.
>>> But until then we have to do something to stop people abusing it.
>>
>> But by killing the payload, not the messenger, please...
>>
>> Cheers,
>> Markus
>> _______________________________________________
>> swinog mailing list
>> swinog(a)lists.swinog.ch
>> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
>>
>>
>> _______________________________________________
>> swinog mailing list
>> swinog(a)lists.swinog.ch
>> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
>
>
>--
>
>
>Gruss
> Pitsch
>
>__________________________________________________________________________
>
>Peter Bickel e-mail: bickel(a)idv.ch
>IDV & Network Consulting Telefon: +41 1 853 24 16
>Gumpenwiesenstrasse 38 Fax: +41 1 853 27 04
>CH-8157 Dielsdorf Mobile: +41 79 666 15 50
>
>__________________________________________________________________________
>
>
>
>
>_______________________________________________
>swinog mailing list
>swinog(a)lists.swinog.ch
>http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
>
________________________________________________________________
Sent via the WebMail system at mgz.ch
Well only sending would be blocked.. RX could be open ;-)
---------- Original Message ----------------------------------
From: "Daniele Guazzoni" <daniele.guazzoni(a)gcomm.ch>
Reply-To: swinog(a)swinog.ch, daniele.guazzoni(a)gcomm.ch
Date: Fri, 13 Apr 2007 17:13:18 +0200 (CEST)
>Ladu, Daniele wrote:
>> Why not sell some fixed IPs, to customers who want use their own
>> mailserver ?
>> If i receive a request from such a user, that has a dyn IP, i tell him
>> to buy
>> a static one, because of full control and exclusion of DUHL. Furthermore
>> the customer is self responsable, if a IP Adress in his range will be
>> listed.
>> Complaint Mails are also directly sent to the owner of the IP, so the
>> Abuse Team
>> don't need to work on such cases.
>
>That's the setup I have.
>ADSL with static IP, own MTA, registered abuse e-mail, ...
>Having a smarthost in front would not be a big problem too but I'll prefer
>to be directly exposed to the internet as I'm developing a spam-filter and
>the "raw scum" feeds my filter :-)
>
>Daniele
>
>
>--
>This message has been scanned for viruses and
>dangerous content by MailGate, and is
>believed to be clean.
>
>_______________________________________________
>swinog mailing list
>swinog(a)lists.swinog.ch
>http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
>
________________________________________________________________
Sent via the WebMail system at mgz.ch
hi all
let me announce the next beer event ,-)
i'm sorry, i had to shift the date because of 'sächsilüüüte'.
the facts for the next event:
-----------------------------
Date: 23th of April 2007
Time: starting around 18.30 o'clock
Location: @ "Back&Brau" near TIX (Steinfels-Areal).
It's just behind the Cinemax.
See map/address/pictures on registration homepage.
Registration deadline: 20.04.2007 17:00:00 (friday)
Registration:
-------------
Please register here: http://swinog.mrmouse.ch/ Since we have to make reservations, i need to know who's coming and who not. If you cannot attend and you're registered please inform me asap.
greetings
-steven