Re: watchdog question.
> On Tuesday 01 August 2006 20:39, Efren Bravo wrote: >> Hi, >> >> I've a freeBSD box and I've been seeing this >> message for several months: sis0 watchdog >> timeout. >> >> The box has two ethernet cards, sis0 (100mb) and >> vr0 (10mb). >> >> The messages isn't frequent but yesterday it got >> my attention. What does this mean? > > from sis(4) > sis%d: watchdog timeout The device has stopped responding to the > net- > work, or there is a problem with the network connection (e.g. a cable > fault). The motherboard is http://www.eprom.com/home/Microstar/ms7005.htm The PC has been up for 119 days and nobody have reported me a network interruption. I've just changed the cable, so I'll wait to see if the system raises more watchdog messages. In the console I see only two messages: april 20 | july 4. Thanks to all for your time ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: firewalls' behavior help
Sorry, this mail was for the ipfilter's list... > Box:freeBSD 6.0, ipf: IP Filter: v4.1.8 (416), Kernel: IP Filter: v4.1.8 > > Network layout: > --- > other building [ PCs - 192.168.80.0/24 ] > | > g1 (ipf - vr0:192.168.80.2 <-> sis0:10.10.10.13) > | > My Lan ( 10.10.10.0/24 ) > > [ PCs (DefaultGw = g2) ] > > [ MailSrv (10.10.10.12) (pop3/smtp/ssh) (DefaultGw = g2) ] > > [ WebSrv (10.10.10.11) (http) (DefaultGw = g1) ] > | > g2 > | > Internet > > > ipnat.rules > --- > map vr0 10.10.10.0/24 -> 192.168.80.2/32 proxy port 21 ftp/tcp > map vr0 10.10.10.0/24 -> 192.168.80.2/32 > > rdr vr0 192.168.80.2/32 port 80 -> 10.10.10.11 port 80 tcp > rdr vr0 192.168.80.2/32 port 22 -> 10.10.10.12 port 22 tcp > rdr vr0 192.168.80.2/32 port 25 -> 10.10.10.12 port 25 tcp > rdr vr0 192.168.80.2/32 port 110 -> 10.10.10.12 port 110 tcp > > > ipf.rules > - > ### No restrictions inside LAN Interface ### > pass out quick on sis0 all > pass in quick on sis0 all > > ### No restrictions on Loopback Interface ### > pass out quick on lo0 all > pass in quick on lo0 all > > ### Allow out DNS queries ### > pass out quick on vr0 proto tcp from any to 192.168.10.5 port = 53 flags S > keep state > pass out quick on vr0 proto udp from any to 192.168.10.5 port = 53 keep > state > > > ### Allow IE out ### > pass out quick on vr0 proto tcp from any to any port = 80 flags S keep > state > > ### Allow Squid Access out ### > pass out quick on vr0 proto tcp from any to any port = 3128 flags S keep > state > pass out quick on vr0 proto tcp from any to any port = 3130 flags S keep > state > > ### Allow FTP out ### > pass out quick on vr0 proto tcp from any to any port = 21 flags S keep > state > > ### Allow Remote Desktop to WinXP external PCs ### > pass out quick on vr0 proto tcp from any to any port = 3389 flags S keep > state > > ### Allow MailServer to Deliver mails ### > pass out quick on vr0 proto tcp from any to any port = 25 flags S keep > state > > > ### Block and Log only first occurrence of everything ### > block out log first quick on vr0 all > > > ### Block all inbound traffic from non-routable or reserved address spaces > ... > > > > ### Allow in ssh session from other building ### > pass in quick on vr0 proto tcp from any to any port = 22 flags S keep > state > > ### Allow in HTTP session from public to Internat MailServer ### > pass in quick on vr0 proto tcp from any to any port = 80 flags S keep > state > > ### Allow in SMTP access to Internal Mail Server ### > pass in quick on vr0 proto tcp from any to any port = 25 flags S keep > state > > ### Allow in POP3 access to Internal Mail Server ### > pass in quick on vr0 proto tcp from any to any port = 110 flags S keep > state > > > ### Block and log anly first occurence of all remaining traffic ### > block in log first quick on vr0 all > > > The situation: > -- > ...if the server(MailSrv) is redirected to G1, the users are able to > connect themselves to the services. To be sure about it I redirected the > server(WebSrv) with apache that before was pointing to G1 to G2(internet) > and the access was broken for the other building... > > Why happen this? > > > > > >> If I understand your description, it could be mapped like this: >> >> net1 is the other building's network >> net1pc1 .. net1pcN >> >> net2 is your network >> net2pc1 .. net2pcN >> net2server1 .. net2server3 >> >> g1 == net1,net2 >> g2 == net2,Internet >> >> Assumptions: >> net1 and net2 are private >> the default gateway for g1 is g2 >> g1 is using a map rule to nat net1 hosts to net2 >> the default gateway for g2 is on the Internet >> g2 is using a map rule to nat net2 hosts to the Internet >> >> If a net1 PC connects through g1, it would be mapped as coming from g1. >> Since g1 is on net2, and g2 can route to net2, the servers using g2 as >> the default route should have no problem. My assumptions may be false. >> Would you post the g1 and g2 ipf.conf and ipnat.conf, and specify what >> the net1 and net2 CIDR? >> >> Thank you, >> >> Ben >> > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" > -- Efren Bravo Sistemas DHL-Cuba Telf-Pizarra: (537)-2041578 Ext 123 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: firewalls' behavior help
Box:freeBSD 6.0, ipf: IP Filter: v4.1.8 (416), Kernel: IP Filter: v4.1.8 Network layout: --- other building [ PCs - 192.168.80.0/24 ] | g1 (ipf - vr0:192.168.80.2 <-> sis0:10.10.10.13) | My Lan ( 10.10.10.0/24 ) [ PCs (DefaultGw = g2) ] [ MailSrv (10.10.10.12) (pop3/smtp/ssh) (DefaultGw = g2) ] [ WebSrv (10.10.10.11) (http) (DefaultGw = g1) ] | g2 | Internet ipnat.rules --- map vr0 10.10.10.0/24 -> 192.168.80.2/32 proxy port 21 ftp/tcp map vr0 10.10.10.0/24 -> 192.168.80.2/32 rdr vr0 192.168.80.2/32 port 80 -> 10.10.10.11 port 80 tcp rdr vr0 192.168.80.2/32 port 22 -> 10.10.10.12 port 22 tcp rdr vr0 192.168.80.2/32 port 25 -> 10.10.10.12 port 25 tcp rdr vr0 192.168.80.2/32 port 110 -> 10.10.10.12 port 110 tcp ipf.rules - ### No restrictions inside LAN Interface ### pass out quick on sis0 all pass in quick on sis0 all ### No restrictions on Loopback Interface ### pass out quick on lo0 all pass in quick on lo0 all ### Allow out DNS queries ### pass out quick on vr0 proto tcp from any to 192.168.10.5 port = 53 flags S keep state pass out quick on vr0 proto udp from any to 192.168.10.5 port = 53 keep state ### Allow IE out ### pass out quick on vr0 proto tcp from any to any port = 80 flags S keep state ### Allow Squid Access out ### pass out quick on vr0 proto tcp from any to any port = 3128 flags S keep state pass out quick on vr0 proto tcp from any to any port = 3130 flags S keep state ### Allow FTP out ### pass out quick on vr0 proto tcp from any to any port = 21 flags S keep state ### Allow Remote Desktop to WinXP external PCs ### pass out quick on vr0 proto tcp from any to any port = 3389 flags S keep state ### Allow MailServer to Deliver mails ### pass out quick on vr0 proto tcp from any to any port = 25 flags S keep state ### Block and Log only first occurrence of everything ### block out log first quick on vr0 all ### Block all inbound traffic from non-routable or reserved address spaces ... ### Allow in ssh session from other building ### pass in quick on vr0 proto tcp from any to any port = 22 flags S keep state ### Allow in HTTP session from public to Internat MailServer ### pass in quick on vr0 proto tcp from any to any port = 80 flags S keep state ### Allow in SMTP access to Internal Mail Server ### pass in quick on vr0 proto tcp from any to any port = 25 flags S keep state ### Allow in POP3 access to Internal Mail Server ### pass in quick on vr0 proto tcp from any to any port = 110 flags S keep state ### Block and log anly first occurence of all remaining traffic ### block in log first quick on vr0 all The situation: -- ...if the server(MailSrv) is redirected to G1, the users are able to connect themselves to the services. To be sure about it I redirected the server(WebSrv) with apache that before was pointing to G1 to G2(internet) and the access was broken for the other building... Why happen this? > If I understand your description, it could be mapped like this: > > net1 is the other building's network > net1pc1 .. net1pcN > > net2 is your network > net2pc1 .. net2pcN > net2server1 .. net2server3 > > g1 == net1,net2 > g2 == net2,Internet > > Assumptions: > net1 and net2 are private > the default gateway for g1 is g2 > g1 is using a map rule to nat net1 hosts to net2 > the default gateway for g2 is on the Internet > g2 is using a map rule to nat net2 hosts to the Internet > > If a net1 PC connects through g1, it would be mapped as coming from g1. > Since g1 is on net2, and g2 can route to net2, the servers using g2 as > the default route should have no problem. My assumptions may be false. > Would you post the g1 and g2 ipf.conf and ipnat.conf, and specify what > the net1 and net2 CIDR? > > Thank you, > > Ben > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
