rnally to IPFW?
Thanks!
-Original Message-
From: Michael Sierchio [mailto:ku...@tenebras.com]
Sent: Monday, April 01, 2013 7:23 AM
To: Don O'Neil
Cc: freebsd-questions@freebsd.org
Subject: Re: Problems with IPFW causing failed DNS and FTP sessions
Okay, what's your DNS setup? Are you
Okay, what's your DNS setup? Are you running a recursive cache that
contacts the root servers directly? Using your ISP's servers? Etc.
As a mitigation step, I tried pointing my caches to 8.8.8.8 and
8.8.4.4. - but it turns out that Google is intentionally blocking
(returning NX responses to) ma
-
From: owner-freebsd-questi...@freebsd.org
[mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Michael Sierchio
Sent: Sunday, March 31, 2013 10:04 PM
To: Don O'Neil
Cc: freebsd-questions@freebsd.org
Subject: Re: Problems with IPFW causing failed DNS and FTP sessions
net.inet.ip.fw.dyn
net.inet.ip.fw.dyn_short_lifetime ?
net.inet.ip.fw.dyn_udp_lifetime ?
You might want to increase these, given the current state of things...
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To uns
On Sun, Mar 31, 2013 at 9:39 PM, Michael Powell wrote:
> I'm probably not smart enough to be able to help directly with your problem
> but I'd like to add that there is a snowballing DNS Amplification ddos
> attack against SpamHaus going on which is spilling over
Yes, this is very much true. Th
l just recently. I've checked my interface stats to make sure
> there aren't a bunch of fragmented packets or errors, and there aren't. I'm
> not running NAT, it's a publically accessible IP address.
>
> -Original Message-
> From: Michael Sierchio [mailto:ku...@tene
Don O'Neil wrote:
> Hi everyone. recently my server started having issues with DNS and FTP
> sessions either not resolving or timing out. I've tracked the issue down
> to IPFW. if I issue a 'sysctl net.inet.ip.fw.enable=0' then my issues go
> away.
>
[snip]
I'm probably not smart enough to be ab
gmented packets or errors, and there aren't. I'm
not running NAT, it's a publically accessible IP address.
-Original Message-
From: Michael Sierchio [mailto:ku...@tenebras.com]
Sent: Sunday, March 31, 2013 8:58 PM
To: Don O'Neil
Cc: freebsd-questions@freebsd.org
Subject:
It would be really helpful if you'd post the ruleset.
At first glance, your stateful rules seem rather wrong, unless there's
a check-state above. Also, in and out aren't discriminating enough -
every packet is seen by the ruleset more than once. You should think
in terms of interfaces, direction
Hi everyone. recently my server started having issues with DNS and FTP
sessions either not resolving or timing out. I've tracked the issue down to
IPFW. if I issue a 'sysctl net.inet.ip.fw.enable=0' then my issues go away.
I have the basic rules like this for dns;
01160 allow udp from any t
Hi everyone. recently my server started having issues with DNS and FTP
sessions either not resolving or timing out. I've tracked the issue down to
IPFW. if I issue a 'sysctl net.inet.ip.fw.enable=0' then my issues go away.
I have the basic rules like this for dns;
01160 allow udp from any t
Thanks,
On 12/10/06, Chris <[EMAIL PROTECTED]> wrote:
The thing is... I generally have the kernel setup to allow by default.
Then I
create rules denying traffic as I either know up front, or can deduct from
logging a last rule denying traffic.
IE: the rule you have set to allow any, my same
Hi again,
On 12/10/06, Garrett Cooper <[EMAIL PROTECTED]> wrote:
Based on all the docs I've read about using ipfw, you should put
"ipfw allow all any from any via lo0" somewhere at the top of your
script so all traffic can and will be sent via lo0.
I think you are talking about the line below,
could login to a normal user account properly though
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
]
On Behalf Of Mark Jose
Sent: Wednesday, October 11, 2006 8:41 PM
To: 'Spiros Papadopoulos'; freebsd-questions@freebsd.org;
freebsd-ipfw@freebsd.org
Subject:
bsd-ipfw@freebsd.org
Subject: RE: Problems with ipfw and ssh
Hi,
Just a suggestion/query: Do you have you localhost/127.0.0.1 rules defined
to allow all traffic?
Cheers
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Spiros Papadopoulos
Sent: Thursda
; freebsd-ipfw@freebsd.org
Subject: Problems with ipfw and ssh
Hi,
I am trying to configure a firewall using ipfw for a machine running FreeBSD
5.4.
Without NAT.
I am nearly a newbie on this (since i never had time until now..) but still
i believe i understand exactly the
concepts and what needs
On 2006-10-12 01:31, Spiros Papadopoulos <[EMAIL PROTECTED]> wrote:
>On 12/10/06, Giorgos Keramidas <[EMAIL PROTECTED]> wrote:
>> ,
>> | [EMAIL PROTECTED]:/home/giorgos$ su -
>> | Password:
>> | [EMAIL PROTECTED]:/root# ipfw -
On 12/10/06, Giorgos Keramidas <[EMAIL PROTECTED]> wrote:
On 2006-10-12 00:53, Spiros Papadopoulos <[EMAIL PROTECTED]> wrote:
> I started yesterday playing with it / testing it, but since i
> want to do most of the work remotely, i stuck on this rule and
> feel like keep looking until i find the
On 2006-10-12 00:53, Spiros Papadopoulos <[EMAIL PROTECTED]> wrote:
> I started yesterday playing with it / testing it, but since i
> want to do most of the work remotely, i stuck on this rule and
> feel like keep looking until i find the solution. I paste the
> whole script here just in case somet
Giorgo thanks for the immediate reply,
I started yesterday playing with it / testing it, but since i want to
do most of the work remotely, i stuck on this rule and feel like keep
looking until i find the solution. I paste the whole script here just
in case something else is wrong...
Here is my ip
I removed freebsd-ipfw from the recipient list. Please keep `general'
questions in freebsd-questions. The freebsd-ipfw list is, as far as I
know, used for *development* of IPFW; not questions.
On 2006-10-11 22:53, Spiros Papadopoulos <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I am trying to configure
Hi,
I am trying to configure a firewall using ipfw for a machine running FreeBSD
5.4.
Without NAT.
I am nearly a newbie on this (since i never had time until now..) but still
i believe i understand exactly the
concepts and what needs to be done.
Except the manual page and chapter 26.1 in the han
I tried to allow only 80 port, but the result is the same. I have also tried
ipf + ipnat, but i need to block internet connection to some users by MAC
address, and ipf doesn't know, what MAC address is. Maybe i can block MAC
addresses with ipf + ipnat somehow? Btw FreeBSD version is 4.9.
> On Wed,
On Wed, 2004-03-31 at 20:27, Prodigy wrote:
> ${fwcmd} add 400 pass tcp from any 22,80,110,119,143,443,3306,5190,6667-7000
> to any via rl1
> ${fwcmd} add 500 pass tcp from any to any
> 22,80,110,119,143,443,3306,5190,6667-7000 via rl1
>
> When I comment out 400 and 500 rules and add "allow all fro
Hello,
i have a problem with ipfw + natd. The problem is that my FreeBSD server
isn't routing internet. First I have used FreeBSD4.9-STABLE, then i tried to
upgrade to FreeBSD4.9-RELEASE-p4. Result is the same - no internet for lan
users. Take a look at my configuration files:
rc.conf:
defaultro
Hello,
I installed FBSD 4.7 a couple days ago on an old P100 to replace my
linksys cable router. I've rebuilt the kernel and have done everything
else to enable the machine to act as router/firewall. The only problems
I am having is setting up the ipfw rules. I've spent the last 2 days
trying t
26 matches
Mail list logo