WebShield e250 初始密码是什么？

dragoncn

QUOTE (小生怕怕 @ Feb 26 2005, 01:33 AM)


QUOTE (wy76519 @ Feb 25 2005, 08:50 PM)
看来我们是搞错了APPLIANCE这里应该是填设备名！
半夜回家，看看贴子，你试验成功了吗？呵呵，我个人认为可能性不大。如果成功,望告之.在此谢了.  
  APPLIANCE看来也应该是填设备名，不过这里不填ＩＰ地址，那客户端又怎么知道设备的ＩＰ呢？难道还要ＤＮＳ？

小生怕怕

QUOTE (dragoncn @ Feb 26 2005, 10:25 AM)


QUOTE (小生怕怕 @ Feb 26 2005, 01:33 AM)


QUOTE (wy76519 @ Feb 25 2005, 08:50 PM)
看来我们是搞错了APPLIANCE这里应该是填设备名！
半夜回家，看看贴子，你试验成功了吗？呵呵，我个人认为可能性不大。如果成功,望告之.在此谢了.
APPLIANCE看来也应该是填设备名，不过这里不填ＩＰ地址，那客户端又怎么知道设备的ＩＰ呢？难道还要ＤＮＳ？  
    不关DNS的事吧，你所说的只是主机名转成ＩＰ地址．netbios.hostname之类的东东了，最简单的方法是在客户端ＰＩＮＧ服务器的主机名看通不通了，如果不知服务器的主机名是什么？可用ping -a IP 查，或用别的工具软件查。

dragoncn

QUOTE (huagai @ Feb 25 2005, 05:18 PM)


QUOTE (dragoncn @ Feb 25 2005, 05:00 PM)
wy76519，请问你们安装好重启时有没有提示FAILED的啊？
我没有错误提示你不是试了好几台机器吗？都是出错？不然你再下载一个我的试一下呢？http://www.haiqing.cn/down人多了就是力量大呀，开始只我一个人在这里乱叫时才真孤单............   
  从你的网站上下了一个，安装好后启动时也是有错误，用了82557或82559网卡都是如此．

dragoncn

QUOTE (wy76519 @ Feb 25 2005, 05:56 PM)
我用的是两个82559装的!还有dragoncn说的错误我这里也有!官方新的E250配置是P42G 256M  20GIDE还有一个问题是在看官方的2.7的文档时候发现官方的图是用IE直接登陆的而且用的是第2个IP而不是第一个!难道...........还有一个问题是大家确认我们装出来的就是3.0或2.7不会是更老的版本!如果是老版本的话密码就应该不对!  
  可以确认我们装的是3.0的，从光盘启动后检测平台后提示是否继续的哪儿就可看到．我用两个82557和两个82559装过均不行．

瘦雨雨

看了官方的说明！客户端应该是通过HTTPS：//IP下载并安装的！APP那里是填设备名官方给的是WEBSHIELDE250、E500、E1000并且官方说到用户名是不可变更的！只有密码可以改！如果忘记了用户名和密码可以用CD的第6个选项还原！估计还是小生说的对！现在看来！应该是系统有一个项目没有启动！因为机器启动太快了看不到是那一个模块没有对！大家看看到底是哪一个模块报错了！还有想办法找找ROOT的密码！！！文档里面没有说到ROOT的密码！问题是xgalpha说到他是完全打造成功了的啊！最低端的E250报价18万哦,E1000报价80万左右基本配置是按官方的配置一样来做的到目前,E250,E500,E1000均打照成功功！看来要找xgalpha问问才知道了！！！

小生怕怕

在客户机上PING WEBSHIELDE250 可以通吗?应有人试过,请发贴告之,团结就是力量嘛..

瘦雨雨

What are its default settings?The user name is webshield, and it cannot be changed.The default password is webshieldchangeme.The default IP address for LAN1 port is 10.1.1.108, and for LAN2 it is 10.1.2.108.The default system name depends on your appliance and is either webshielde250, webshielde500, or webshielde1000. NOTETo improve security and deter hackers, you should always change the password, default system name, and IP addresses of the appliance.All other defaults can be found by clicking on the relevant link in the Resource Information page. The Resource Information page can be accessed by clicking on the Resources link in the links bar at the top of the appliance application or web page.How secure is the appliance?The appliance is a secure device that can only be accessed through a secure HTTPs link.If you are using a web browser, when entering the URL for the appliance, you must use HTTPS rather than HTTP.The appliance’s operating system prevents unauthorized access to its internal filing system.The appliance is password protected.NOTETo make sure that only you can configure the appliance, you should change the default password for the appliance.看看这两段！！特别是红色的那里！我英文水平太烂！！！

瘦雨雨

User interface problemsThis section contains solutions to problems that you can encounter when trying to configure the appliance through its user interface. (If you are not sure where to look on your appliance for components listed here, refer to the diagrams in the Installation guide.)Why does using the Back button on my browser take me to the Logon Screen?This is a known issue with the use of the Web Browser version of the WebShield appliance software. We strongly recommend that you install and use the WebShield appliance application rather than the Web Browser version.I cannot access the “Log on” pageCheck the following:The appliance is turned on and its software is running, indicated by the power LED being lit and the hard disk drive LEDs being off.You have used https (not http) in the URL field of your web browser. Ensure that your browser supports Secure Sockets Layer (SSL) v3.0 encryption and that it is enabled.The management computer, that is, the computer you are using to manage the appliance, does not have the appliance configured as its proxy. If you have a proxy between the management computer and the appliance, the proxy must be configured with the appliance as its handoff host.If you are remotely connected to the appliance (across the network) through the LAN1 port, ensure that:The computer that you are using has a working connection to your network, and that it can reach the same subnet to which the appliance is connected.You have used the new IP address that you have configured for the LAN1 port, in the URL field of your web browser. If you have not disabled or deleted the default IP address 10.1.1.108, try using that IP address (https://10.1.1.108).The appliance’s IP address must be suitable for the subnet to which the appliance is connected. If it is not, use the default IP address and, if that fails, try a direct management connection.NOTEYou can only obtain a direct management connection through the LAN2 port if you are using the appliance in Explicit Proxy mode and you have not disabled the LAN2 port.The appliance has a working connection to your existing network, indicated by the NIC 1 network activity LED flashing on the control panel.If the LEDs are not flashing, ensure that the cable you are using is undamaged and connected properly to the appliance’s LAN1 port and your existing network equipment. If you have not used the blue cable ?upplied with the appliance, ensure that the cable is a Cat 5 (WebShield ?ppliance e250 and e500 appliances) or Cat 5E (WebShield appliance e1000 Appliance) UTP straight-through (uncrossed) network cable.If the appliance is operating in Explicit Proxy mode and you have a direct local management connection through its LAN2 port, ensure that:You have not disabled the LAN2 port. You must connect remotely to check this.You have used the new IP address that you configured for the LAN2 port (the default IP address is 10.1.2.108), in the URL field of your web browser.The appliance has a working connection to your computer, indicated by the NIC 2 network activity LED flashing on the control panel.If the LED is not flashing, ensure that the cable you are using is undamaged and connected properly to the appliance’s LAN2 port and your computer’s network port. If you have not used the orange cable supplied with the ?ppliance, ensure that the cable is a Cat 5 (WebShield appliance e250 and ?500 appliances) or Cat 5E (WebShield appliance e1000 Appliance) UTP crossed network cable.My password does not workIf you recently restored the appliance’s software without maintaining the previous settings, the password reverts to the default password webshieldchangeme.I have forgotten my password?ou must use the WebShield appliance Appliance recovery CD to return the appliance’s password to its default password webshieldchangeme. Use option 6: Reset passwords to factory default during the restoration process.Some of the user interface does not display properlyThe appliance’s user interface is optimized for Internet Explorer v5.0, v5.5 or v6.0 on Windows, and supports Mozilla on Linux. Check the accompanying release notes for known issues when using some web browsers on particular operating systems.My clients (software) cannot communicate through the applianceCheck the following:The required protocols are enabled for the appliance (all supported protocols are enabled by default).The clients and other equipment are configured to route traffic to and from the appliance.There are no network problems, and your equipment is connected correctly.Web browsing does not workThe appliance must have access to a DNS server to verify web browsing (HTTP) requests and determine which URLs to block, if URL blocking is configured. Therefore, you must configure a DNS server as described in Setting up routing information on page299.URL blocking is not enforcedThe appliance must have access to a DNS server to verify web browsing (HTTP) requests and determine which URLs to block, if URL blocking is configured. Therefore, you must configure a DNS server as described in Setting up routing information on page299.以上是文档中关于使用界面登陆的！！人多力量大！！！！！

dragoncn

QUOTE (wy76519 @ Feb 26 2005, 07:24 PM)
看了官方的说明！客户端应该是通过HTTPS：//IP下载并安装的！APP那里是填设备名官方给的是WEBSHIELDE250、E500、E1000并且官方说到用户名是不可变更的！只有密码可以改！如果忘记了用户名和密码可以用CD的第6个选项还原！估计还是小生说的对！现在看来！应该是系统有一个项目没有启动！因为机器启动太快了看不到是那一个模块没有对！大家看看到底是哪一个模块报错了！还有想办法找找ROOT的密码！！！文档里面没有说到ROOT的密码！问题是xgalpha说到他是完全打造成功了的啊！最低端的E250报价18万哦,E1000报价80万左右基本配置是按官方的配置一样来做的到目前,E250,E500,E1000均打照成功功！看来要找xgalpha问问才知道了！！！  
  启动时太快了，我用摄像机把这个过程拍了下来，其中有二个地方出错，信息如下：Starting sendmail: 554 5.0.0 /etc/mail/sendmail.cf: line 403: readcf: option TrustedUser: unknown user smmsp [FAILED]Starting sm-client: chown: 'smmsp:smmsp': invalid user/etc/mail/submit.cf: line 421: readcf: option RunAsUser: unknown user smmsp/etc/mail/submit.cf: line 440: readcf: option TrustedUser: unknown user smmspMail submission program must have RunAsUser set to non root user[FAILED]会不会与这二个错误有关？ 请问你打造成功的e250、e500、e1000的配置均和正式产品的配置一样吗？包括主板、ＣＰＵ、内存、网卡等等的型号等参数？稍后整理一下启动的全过程。

dragoncn

我把启动过程的提示信息整理了一下，供大家参考：GRUB Loading stage1.5.GRUB loading, please wait...Booting 'Webshield Appliance(2.4.22)'GRUB version 0.93 (640K lower / 261056K upper memory)-----------------------------------------------------| Webshield Appliance(2.4.22)                       ||                                                   ||                                                   ||                                                   |-----------------------------------------------------Use the↑and↓keys to select which entry is highlighted.Press enter to boot the selected OS, 'e' to edit thecommands before booting, 'a' to modify the kernel argumentsbefore booting, or 'c' for a command-line.root (hd0,0)_Filesystem type is ext2fs, partition type 0x03kernel /vmlinuz-2.4.22 ro root=LABEL=/ apm=power-off   [Linux-bzImage, setup=0xc00, size=0x10431c]initrd /initrd-2.4.22.img   [Linux-initrd @ 0xffcb000, 0x14d4f bytes]Uncompressing Linux... Ok, booting the kernel.Linux version 2.4.22 (root@humboldt) (gcc version 3.2.2 20030222 (Red Hat Linux3.2.2-5)) #3 SMP Thu Mar 4 17:04:22 GMT 2004BIOS-provided physical RAM map: BIOS-e820: 0000000000000000 - 00000000000a0000 (usable) BIOS-e820: 00000000000f0000 - 0000000000100000 (reserved) BIOS-e820: 0000000000100000 - 000000000fff0000 (usable) BIOS-e820: 000000000fff0000 - 000000000fff3000 (ACPI NVS) BIOS-e820: 000000000fff3000 - 0000000010000000 (ACPI data) BIOS-e820: 00000000ffff0000 - 00000001000a0000 (reserved)0MB HIGHMEM available.255MB LOWMEM available.On node 0 totalpages: 65520zone(0): 4096 pages.zone(1): 61424 pages.zone(2): 0 pages.Kernel command line: ro root=LABEL=/ apm=power-offLocal APIC disabled bye BIOS -- reenabling.Found and enabled local APIC!Initializing CPU#0Detected 1303.004 MHz processor.Console: colour VGA+ 80x25Calibrating delay loop... 2601.77 BogoMIPSMemory: 255788k/262000k available (1587k kernel code, 5908k reserved, 579k data 184k init, 0k highmem)Dentry cache hash table entrues: 32768 (order: 6, 262144 bytes)Inode cache hash table entrues: 16384 (order: 5, 131072 bytes)Mount cache hash table entrues: 512 (order: 0, 4096 bytes)Buffer cache hash table entrues: 16384 (order: 4, 65536 bytes)Page cache hash table entrues: 65536 (order: 6, 262144 bytes)CPU: L1 I cache: 16k, L1 D cache: 16kCPU: L2 cache: 256kIntel machine check architecture supported.Intel machine check reporting enabled on CPU#0.Enabling fast FPU save and restore... done.Enabling unmasked SIMD FPU exception support... done.Checking 'hit' instruction... OK.POSIX conformance testing by UNIFIXCPU: L1 I cache: 16k, L1 D cache: 16kCPU: L2 cache: 256kIntel machine check reporting enabled on CPU#0.CPU#0: Intel?Celeron CPU               1300MHz stepping 04per-CPU timeslice cutoff: 731.16 usecs.SMP motherboard not detected.enabled ExtINT on CPU#0ESR value before enabling vector: 00000000ESR value after enabling vector: 00000000Using local APIC timer interrupts.calibrating APIC timer ........ CPU clock speed is 1302.9755 MHz...... host bus clock speed if 100.2288 MHz.PCI: PCI BIOS revision 2.10 entry at 0xfb1e0, last bus=1PCI: Using configuration type 1PCI: Probing PCI hardwarePCI: Probing PCI hardware (bus 00)PCI: Using IRQ router VIA [1106/0686] at 00:07.0PCI: Disabling Via external APIC routingLinux NET4.0 for Linux 2.4Based upon Swansea University Computer Society NET3.039Initializing RT netlink socketapm: BIOS version 1.2 Flags 0x07 (Driver version 1.16)Starting kswapdJournalled Block Device driver loadedDetected PS/2 Mouse Port.pty: 256 Unix98 ptys configuredSerial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ SERIAL_PCI enabledttyS00 at 0x03f8 (irq = 4) is a 16550AttyS01 at 0x02f8 (irq = 3) is a 16550AFloppy drive(s): fd0 is 1.44MFDC 0 is a post-1991 82077RAMDISK driver initialized: 16 RAM disks of 4096k size 1024 blocksizeloop: loaded (max 8 devices)Uniform Multi-Platform E-IDE driver Revision: 7.00beta4-2.4ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xxhda: ST320014A, ATA DISK drivehdc: SAMSUNG CD-ROM SC-148C, ATAPI CD/DVD-ROM driveide0 at 0x1f0-0x1f7,0x3f6 on irq 14ide1 at 0x170-0x177,0x376 on irq 15hda: attached ide-disk driver.hda: host protected area => 1hda: 39102336 sectors (20020 MB) w/2048KiB Cache, CHS=2434/255/63hdc: attached ide-cdrom driver.hdc: ATAPI 48X CD-ROM drive, 128kB CacheUniform CD-ROM driver Revision: 3.12Partition check: hda: hda1 hda2 < hda5 hda6 hda7 hda8 hda9 hda10 hda11 hda12 hda13 >SCSI subsystem driver Revision: 1.00kmod: failed to exec /sbin/modprobe -s -k scsi_hostadapter, errno = 2kmod: failed to exec /sbin/modprobe -s -k scsi_hostadapter, errno = 2Linux Kernel Card Services 3.1.22  options:  [pci] [cardbus] [pm]LVM version 1.0.5+(22/07/2002)NET4: Linux TCP/IP 1.0 for NET4.0IP Protocols: ICMP, UDP, TCP, IGMPIP: routing cache hash table of 2048 buckets, 16KbytesTCP: Hash tables configured (established 16384 bind 16384)ip_tables: ?2000-2002 Netfilter core teamNET4: Unix domain sockets 1.0/SMP for Linux NET4.0.ds: no socket drivers loaded!RAMDISK: Compressed image found at block 0Freeing initrd memory: 83k freedVFS: Mounted root (ext2 filesystem).Red Hat nash version 3.4.42 startingMounting /proc filesystemCreating block devicesCreating root deviceMounting root filesystemFreeing unused kernel memory: 104k freedINIT: version 2.84 bootingSetting default font (latarcyrheb-sun16):                  [  OK  ]                Welcome to Red Hat LinuxMounting proc filesystem:                                  [  OK  ]Unmounting initrd:                                         [  OK  ]Configuring kernel parameters:                             [  OK  ]Setting clock  (utc): Thu Feb 24 09:15:27 UTC 2005         [  OK  ]Loading default keymap (us):                               [  OK  ]Setting hostname webshield:                                [  OK  ]Mounting local filesystems:                                [  OK  ]Enabling local filesystem quotas:                          [  OK  ]Enabling swap space:                                       [  OK  ]/sbin/mkkerneldoth: line 23: /boot/kernel.h: Read-only file systemINIT: Entering runlevel: 3Entering non-interactive startupSetting network parameters:                                [  OK  ]Bringing up loopback interface:                            [  OK  ]Bringing up interface eth0:                                [  OK  ]Bringing up interface eth1:                                [  OK  ]Starting system logger:                                    [  OK  ]Starting kernel logger:                                    [  OK  ]Starting keytable:                                         [  OK  ]Initializing random number generator:                      [  OK  ]Starting sendmail: 554 5.0.0 /etc/mail/sendmail.cf: line 403: readcf: option TrustedUser: unknown user smmsp                                                           [FAILED]Starting sm-client: chown: 'smmsp:smmsp': invalid user/etc/mail/submit.cf: line 421: readcf: option RunAsUser: unknown user smmsp/etc/mail/submit.cf: line 440: readcf: option TrustedUser: unknown user smmspMail submission program must have RunAsUser set to non root user                                                           [FAILED]Starting crond:                                            [  OK  ]Starting anacron:                                          [  OK  ]Starting atd:                                              [  OK  ]This computer system is the private property of its owner, whetherindividual, corporate or government.  It is for authorized use only.Users (authorized or unauthorized) have no explicit or implicitexpectation of privacy.Any or all uses of this system and all files on this system may beintercepted, monitored, recorded, copied, audited, inspected, anddisclosed to your employer, to authorized site, government, and lawenforcement personnel, as well as authorized officials of governmentagencies, both domestic and foreign.By using this system, the user consents to such interception, monitoring,recording, copying, auditing, inspection, and disclosure at thediscretion of such personnel or officials.  Unauthorized or improper useof this system may result in civil and criminal penalties andadministrative or disciplinary action, as appropriate. By continuing touse this system you indicate your awareness of and consent to these termsand conditions of use. LOG OFF IMMEDIATELY if you do not agree to theconditions stated in this warning.**************************************************************************webshield login:

心想事成

把安装好的系统放到另一台linux中，仔细的研究下可能要好办点儿吧？提示的意思可能是没有“smmsp”用户，在另外的一台linux中给它建立一个用户不知道可行不。

bhb624

我没有安装,我看了下光盘上的文件,应该说这个光盘并不是采用的镜像恢复模式,而是采用的自动安装方式,所以完全可以自己用这个光盘做出e250.e500.e1000来.关于光盘是如何判断做出来的机器类型的，我已经发了贴子做了说明。我研究了一下，在光盘的\lib\modules\2.4.22\kernel\drivers\net下面全部是网卡的驱动文件，基本上含盖了目前市场上的所有芯片类型的网卡，（当然你自己也可以通过向这个目录添加驱动文件的方式，来使这个光盘适合你自己的使用。）相对应的是在P:\lib\modules\2.4.22\kernel\drivers\scsi目录下就是scsi卡的驱动文件。在\install\appliance\config\e250\base下的drivers文件中：有如下代码：SCSI_DRIVER=-NET_DRIVER0=e100NET_DRIVER1=e100能否修改成兄弟们自己的设备号（比如）：SCSI_DRIVER=-NET_DRIVER0=8139tooNET_DRIVER1=8139too用winiso更新下iso文档，安装，还会有问题吗？期待大家试验，（我马上睡觉，明天要早起！！！！）

dragoncn

看了楼上的文章，到光盘的\lib\modules\2.4.22\kernel\drivers\char下看到有一个softdog.o的驱动文件，这个是不是软件狗一类的东东？

huagai

纠正一下，我把机器调慢后再启动，发现我的也有这两个错误，希望不会影响大家的判断，因为经常关电源，启动时会有修复文件系统的过程，它闪过的时候我还以为是修复文件系统的PASSED........很有可能MCAFEE的机器里还有一个狗存在..............

bhb624

估计这个就是一个软狗（softdog.o），回去把这个文件反汇编下看看是什么，顺便说下，我在上班。具体的问题，希望安装成功的xgalpha兄弟来说明下，是否需要插狗，如果需要的话，能把狗做个bin文件传来，我研究下下，看能不能做个破解！（成功的话，估计NAI要告我了！！）哈哈！！！！！！！！（摆个姿势：你没有我酷！！！！！！！！！！）