Re: DNAT in freebsd

Hi, Any hope? Thanks in advance, Sami בתאריך 3 ביול 2013 14:06, מאת Sami Halabi sodyn...@gmail.com: Hi Julian, I appreciate your willing to help me. My Situation in short is: --- [a] - [b] - internet B |---BGP---|84.xx.yy.1 192.168.0.1

Re: DNAT in freebsd

:06 AM, Julian Elischer jul...@freebsd.org wrote: On 7/3/13 11:59 AM, Julian Elischer wrote: On 7/3/13 10:47 AM, Julian Elischer wrote: On 7/2/13 10:21 PM, Sami Halabi wrote: Hi again, So far no solution Is there really no alternative in FreeBSD? oh I'm sure there are several

Re: DNAT in freebsd

Hi again, So far no solution Is there really no alternative in FreeBSD? Sami בתאריך 1 ביול 2013 14:16, מאת Sami Halabi sodyn...@gmail.com: Hi, I did ping 10.0.1.1 from 10.0.1.2, so packet is 10.0.1.2 -10.0.1.1 ipfw add 1000 nat 1 all from 10.0.1.2 to 10.0.1.1 if I have 10.0.1.1 in em1

Re: DNAT in freebsd

Hi, forgot to mention that but this sysctl is already set to 0. i see in the logs packets pass 1000 rule. Sami On Mon, Jul 1, 2013 at 12:17 PM, Eugene Grosbein eu...@grosbein.net wrote: On 01.07.2013 14:30, Sami Halabi wrote: Hi, I've tried the following: em1 - ip 10.0.1.1/24 http

Re: DNAT in freebsd

ureg_only ip 11.0.4.2 On Mon, Jul 1, 2013 at 1:42 PM, Eugene Grosbein eu...@grosbein.net wrote: On 01.07.2013 17:05, Sami Halabi wrote: Hi, forgot to mention that but this sysctl is already set to 0. i see in the logs packets pass 1000 rule. Use rules like 'ipfw add 1500 count log ip

Re: DNAT in freebsd

:50:15AM +0300, Sami Halabi wrote: I think I was misunderstood... Here is the situation i want to handle: My box is a router that handles several /24 behind. One of my links (em0) is connected to a private network 192.168.0.1 is me, my neighbour is 192.168.0.2. I want to make that any

Re: DNAT in freebsd

Hi, I don't understand how reverse mode works exactly, and didn't find a good example. can you try and help on the configuration? Thanks in advance, Sami On Sun, Jun 30, 2013 at 1:22 PM, Eugene Grosbein eu...@grosbein.net wrote: On 29.06.2013 13:50, Sami Halabi wrote: I think I

Re: DNAT in freebsd

Hi Eugene, It simply doesn't work for me, the reverse option doesn't work properly for me it keeps translating the source instead of the destination... On Sun, Jun 30, 2013 at 6:32 PM, Eugene Grosbein eu...@grosbein.net wrote: On 30.06.2013 18:48, Sami Halabi wrote: Hi, I don't

Re: DNAT in freebsd

I think I was misunderstood... Here is the situation i want to handle: My box is a router that handles several /24 behind. One of my links (em0) is connected to a private network 192.168.0.1 is me, my neighbour is 192.168.0.2. I want to make that any connection comes to 192.168.0.1 to go to ip

firewall rules for core router

Anh one? בתאריך 7 בינו 2013 18:09, מאת Sami Halabi sodyn...@gmail.com: Hi, i have a core router that i want to enable firewall on it. is these enough for a start: ipfw add 100 allow all from any to any via lo0 ipfw add 25000 allow all from me to any ipfw add 25100 allow ip from table(7

Re: firewall rules for core router

Thank you for your response. about fwd: w.x.y.z is a router.. do i still need something? will it forward the packet correctly? בתאריך 8 בינו 2013 19:02, מאת Julian Elischer jul...@freebsd.org: On 1/8/13 6:44 AM, Sami Halabi wrote: Anh one? בתאריך 7 בינו 2013 18:09, מאת Sami Halabi sodyn

rules fore core router

in advance, -- Sami Halabi Information Systems Engineer NMS Projects Expert FreeBSD SysAdmin Expert ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to freebsd-ipfw-unsubscr

Re: Limit Session Bandwidth

be as ipfw sched 789 config mask all pipe 456 On Thu, Jan 3, 2013 at 10:29 AM, Luigi Rizzo ri...@iet.unipi.it wrote: ipfw sched 789 config mask all pipe 123 -- Sami Halabi Information Systems Engineer NMS Projects Expert FreeBSD SysAdmin Expert

Limit Session Bandwidth

there can be 20 sessions of 0.5MB. I didn't see option like that in the man pages, any ideas? Thanks in advance, -- Sami Halabi Information Systems Engineer NMS Projects Expert FreeBSD SysAdmin Expert ___ freebsd-ipfw@freebsd.org mailing list http

Re: VNET

wrote: On 19.06.2012 12:56, Sami Halabi wrote: Hi, I want to ask aout VNET jails, i read somehwre that I'm able to run IPFW, but not PF firewall in a cnet jail. is that correct? i want a vnet jail basicly for nat, so natd with ipfw + ipdivert is my 1) You can do nat without vnet. 2) ipfw

Re: ipfw rules consuming CPU

Hi, all rules togther less than 80 rules how tablearg helps this? each ip pipe (up down) are unique... any other advices? Sami On Sat, Jun 9, 2012 at 1:15 PM, Alexander V. Chernikov melif...@freebsd.org wrote: On 09.06.2012 01:56, Sami Halabi wrote: Hi, I Manage a FreeBSD server

Re: ipfw rules consuming CPU

for about 1000-1200 hosts. Alexander V. Chernikov wrote: On 09.06.2012 01:56, Sami Halabi wrote: Hi, I Manage a FreeBSD server as an edge router firewall. the setup has 10G interfaces (ixgbe-82599EB) and 1G interfaces(em-82571EB bce-BCM5709) connected to 10G/1G switches

ipfw rules consuming CPU

ix0 Any advice why this happens? or should it be there in the first place? I use FreeBSD 8.1-R-p10-amd64. Thanks in advance, -- Sami Halabi Information Systems Engineer NMS Projects Expert FreeBSD SysAdmin Expert ___ freebsd-ipfw@freebsd.org mailing