On Fri, May 5, 2017 at 8:34 PM, Karl Denninger wrote:
> Can you point me to the ruleset you posted? Thanks in advance.
>
I can't remember all your network details, and don't have the e-mails
saved, so fill in the blanks below. :) And change the ports as needed.
IIF=
EIF=
PUB_IP="me"
SRV_I
On 6/5/17 8:14 am, Karl Denninger wrote:
On 5/5/2017 19:08, Dr. Rolf Jansen wrote:
Am 05.05.2017 um 20:53 schrieb Karl Denninger :
On 5/5/2017 14:33, Julian Elischer wrote:
On 5/5/17 1:48 am, Dr. Rolf Jansen wrote:
Resolving this with ipfw/NAT may easily become quite complicated, if
not impos
On 6/5/17 7:53 am, Karl Denninger wrote:
On 5/5/2017 14:33, Julian Elischer wrote:
On 5/5/17 1:48 am, Dr. Rolf Jansen wrote:
Resolving this with ipfw/NAT may easily become quite complicated, if
not impossible if you want to run a stateful nat'ting firewall, which
is usually the better choice.
On 5/5/2017 21:56, Dr. Rolf Jansen wrote:
> Am 05.05.2017 um 21:14 schrieb Karl Denninger :
>> On 5/5/2017 19:08, Dr. Rolf Jansen wrote:
>>> Am 05.05.2017 um 20:53 schrieb Karl Denninger :
On 5/5/2017 14:33, Julian Elischer wrote:
> On 5/5/17 1:48 am, Dr. Rolf Jansen wrote:
>> Resolvin
Am 05.05.2017 um 21:14 schrieb Karl Denninger :
> On 5/5/2017 19:08, Dr. Rolf Jansen wrote:
>> Am 05.05.2017 um 20:53 schrieb Karl Denninger :
>>> On 5/5/2017 14:33, Julian Elischer wrote:
On 5/5/17 1:48 am, Dr. Rolf Jansen wrote:
> Resolving this with ipfw/NAT may easily become quite comp
On 5/5/2017 19:08, Dr. Rolf Jansen wrote:
> Am 05.05.2017 um 20:53 schrieb Karl Denninger :
>> On 5/5/2017 14:33, Julian Elischer wrote:
>>> On 5/5/17 1:48 am, Dr. Rolf Jansen wrote:
Resolving this with ipfw/NAT may easily become quite complicated, if
not impossible if you want to run a s
Am 05.05.2017 um 20:53 schrieb Karl Denninger :
> On 5/5/2017 14:33, Julian Elischer wrote:
>> On 5/5/17 1:48 am, Dr. Rolf Jansen wrote:
>>> Resolving this with ipfw/NAT may easily become quite complicated, if
>>> not impossible if you want to run a stateful nat'ting firewall, which
>>> is usually
On 5/5/2017 18:53, Karl Denninger wrote:
> A "telnet 70.169.168.7 2552" from outside works perfectly well. But the
> second NAT should cause a "telnet 70.169.168.7 2552" from an
> internet-network host to work also. It doesn't.
s/internet-network/inside-network/
:-)
--
Karl Denninger
k...@denn
On 5/5/2017 14:33, Julian Elischer wrote:
> On 5/5/17 1:48 am, Dr. Rolf Jansen wrote:
>> Resolving this with ipfw/NAT may easily become quite complicated, if
>> not impossible if you want to run a stateful nat'ting firewall, which
>> is usually the better choice.
>>
>> IMHO a DNS based solution is
On 5/5/17 1:48 am, Dr. Rolf Jansen wrote:
Resolving this with ipfw/NAT may easily become quite complicated, if not
impossible if you want to run a stateful nat'ting firewall, which is usually
the better choice.
IMHO a DNS based solution is much more effective.
On my gateway I have running the
On 5/5/17 2:06 am, Karl Denninger wrote:
On 5/4/2017 12:12, Rodney W. Grimes wrote:
Consider the following network configuration.
Internet --- Gateway/Firewall -- Inside network (including a
web host)
70.16.10.1/28 192.168.0.0/24
The address of the outside is FICT
On 5/4/2017 14:44, Rodney W. Grimes wrote:
>> On 5/4/2017 13:47, Rodney W. Grimes wrote:
On 5/4/2017 12:12, Rodney W. Grimes wrote:
>> Consider the following network configuration.
>>
>>
>> Internet --- Gateway/Firewall -- Inside network (including a
>> web ho
> On 5/4/2017 13:47, Rodney W. Grimes wrote:
> >> On 5/4/2017 12:12, Rodney W. Grimes wrote:
> Consider the following network configuration.
>
>
> Internet --- Gateway/Firewall -- Inside network (including a
> web host)
> 70.16.10.1/28 192.1
On 5/4/2017 13:47, Rodney W. Grimes wrote:
>> On 5/4/2017 12:12, Rodney W. Grimes wrote:
Consider the following network configuration.
Internet --- Gateway/Firewall -- Inside network (including a
web host)
70.16.10.1/28 192.168.0.0/24
>
> On 5/4/2017 12:12, Rodney W. Grimes wrote:
> >> Consider the following network configuration.
> >>
> >>
> >> Internet --- Gateway/Firewall -- Inside network (including a
> >> web host)
> >> 70.16.10.1/28 192.168.0.0/24
> >>
> >> The address of the outside is FICTI
On 5/4/2017 12:48, Dr. Rolf Jansen wrote:
> Resolving this with ipfw/NAT may easily become quite complicated, if not
> impossible if you want to run a stateful nat'ting firewall, which is usually
> the better choice.
>
> IMHO a DNS based solution is much more effective.
>
> On my gateway I have r
On 5/4/2017 12:12, Rodney W. Grimes wrote:
>> Consider the following network configuration.
>>
>>
>> Internet --- Gateway/Firewall -- Inside network (including a
>> web host)
>> 70.16.10.1/28 192.168.0.0/24
>>
>> The address of the outside is FICTIONAL, by the way.
>>
Resolving this with ipfw/NAT may easily become quite complicated, if not
impossible if you want to run a stateful nat'ting firewall, which is usually
the better choice.
IMHO a DNS based solution is much more effective.
On my gateway I have running the caching DNS resolver Unbound. Now let's
as
[ Charset UTF-8 unsupported, converting... ]
> On Thu, May 4, 2017 at 9:22 AM, Karl Denninger wrote:
>
> > Consider the following network configuration.
> >
> >
> > Internet --- Gateway/Firewall -- Inside network (including a
> > web host)
> > 70.16.10.1/28 192.168.0.0
> Consider the following network configuration.
>
>
> Internet --- Gateway/Firewall -- Inside network (including a
> web host)
> 70.16.10.1/28 192.168.0.0/24
>
> The address of the outside is FICTIONAL, by the way.
>
> For policy reasons I do NOT want the gateway m
On Thu, May 4, 2017 at 9:22 AM, Karl Denninger wrote:
> Consider the following network configuration.
>
>
> Internet --- Gateway/Firewall -- Inside network (including a
> web host)
> 70.16.10.1/28 192.168.0.0/24
>
> The address of the outside is FICTIONAL, by the way.
On Thu, May 4, 2017 at 9:22 AM, Karl Denninger wrote:
> Consider the following network configuration.
>
>
> Internet --- Gateway/Firewall -- Inside network (including a
> web host)
> 70.16.10.1/28 192.168.0.0/24
>
> The address of the outside is FICTIONAL, by the way.
Consider the following network configuration.
Internet --- Gateway/Firewall -- Inside network (including a
web host)
70.16.10.1/28 192.168.0.0/24
The address of the outside is FICTIONAL, by the way.
For policy reasons I do NOT want the gateway machine to actually h
23 matches
Mail list logo