filtering aliasIP from the primaryIP with IPF

2004-09-30 Thread Roisin Murphy 
hi

my freebsd machine is 192.168.1.34 with one jail running on
192.168.1.35 (dc0_alias), and i have one more separate win2k box:
192.168.1.33, i want to filter that jail with ipf, so that it cannot
access anything running on that win2k machine and anything bind to the
primary fbsd IP, but i want to be still able to ssh into that .35 jail
filtering the win2k box worked as expected:
pass in quick on dc0 proto tcp from 192.168.1.33 to 192.168.1.35 port
= 22 flags S keep state
block out quick on dc0 proto tcp/udp from 192.168.1.35 to 192.168.1.33
keep state keep frags
but that primary fbsd IP, since its the same dc0 interface, i dont
know how to write that rule... anyone?

thanks
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

filtering aliasIP from the primaryIP with IPF

2004-09-30 Thread Roisin Murphy 
allright, nevermind, this solved it:

pass in quick on lo0 proto tcp from 192.168.1.34 to 192.168.1.35 port
= 22 flags S keep state
block out quick on lo0 proto tcp/udp from 192.168.1.35 to 192.168.1.34
keep state keep frags
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

raid5 setup

2004-09-19 Thread Roisin Murphy 
hi

I'm thinking about buying three 160GB ata or sata drives and setting
up RAID5. The first question is, is it true that the ata command set
has nothing to tell the state of the write cache and is this the same
with sata drives? Since i'm not concerned with the performance of that
array, all that matters to me is the storage and reliability, would it
help if i get one of those manufacturer utilities and turn the cache
off? I was told (by a incident response guy) that he has seen far too
many messed up ata raid5 setups.
I would also like to be able add new 160GB drives without having to
copy the data from the setup and recreating it from scratch.
Hopefully, the raid5 setup could recalculate the parity onto the new
drive and reconfigure itself for bigger storage.
Well as i mentioned, the performance doesn't matter at all, and i'm
even thinking of encrypting that whole setup with gbde, what would be
the best way to do this? with a raid5 hardware card, or software
setup? Is the new gvinum worth a try? as i only heard horror vinum
stories so far.
Also what ata/sata drives are the most recommended by bsd guys? :), i
can get 160GB hitachi, westerndigital and maxtor drives, all for the
same price of around $100. And if you would recommend hardware raid
card, what kind?

thanks
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]