Alex,
The last 'traceroute blocking' thread went on for a few weeks, so I
think you should look into that. In addition to that, I think blocking
ICMP packets, especially type 3 and 11 would allow you to traceroute.
traceroute(8) works by sending UDP datagrams to destination,
incrementing TTLs a
Hello.
I was wondering if anyone knows how can I set ipfw rules to allow myself
to traceroute anywhere but noone to be able to ping or traceroute me.
I saw few examples in the ipfw tutorial on www.defcon1.org for filtering
external pings but these examples don't allow me to traceroute somewhere.
If memory serves me right, JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=
?= wrote:
> > On Mon, 16 Jul 2001 10:16:23 -0700,
> > [EMAIL PROTECTED] (Bruce A. Mah) said:
> > (kgdb) print rt
> > $1 = (struct rtentry *) 0x3
> > (kgdb) print ln
> > $2 = (struct llinfo_nd6 *) 0x62
>
Is there any magic to get an active FTP client (M$ in this case) behind the
inside interface to talk to an outside FTP server? (Without opening a huge
hole.)
This is on 4.3-STABLE.
Alternatively, does anyone know if an OpenBSD/IPF bridge could/would handle it
any better?
Thanks,
Jerry
To
> On Mon, 16 Jul 2001 10:16:23 -0700,
> [EMAIL PROTECTED] (Bruce A. Mah) said:
>> Hmm, could you show us the contents of "rt" and "ln" at this point?
> (kgdb) print rt
> $1 = (struct rtentry *) 0x3
> (kgdb) print ln
> $2 = (struct llinfo_nd6 *) 0x62
Then rt and ln are surely broken
On Mon, Jul 16, 2001 at 03:44:40PM -0600, Peter Warrick wrote:
> I hope I am not sending to the wrong address but here goes. :)
you are. this should have been sent to freebsd-questions, but:
from ifconfig(8):
alias Establish an additional network address for this interface. This
On Mon, 16 Jul 2001, Niels Provos wrote:
> In message <[EMAIL PROTECTED]>, Kris Kennaway writes:
> >Sorry I've been ignoring this; I'm still getting caught up from my
> >vacation. Niels, how has OpenBSD handled this?
> Not. We have the same problem. I argue that the test is bogus.
>
> First o
This very much sounds like you need to learn IP subnetting. I highly
recommend the Cisco Press CCNA book. I can dig up ISBN number if you want.
There are very few cases that call for a subnet mask of 255.255.255.255.
You probably want 255.255.255.0
You can specify the subnetmask on the comman
I hope I am not sending to the wrong address but here goes. :)
I need to be able to alias an IP and route to another IP. For example..
I have a computer behind my BSD server with an IP of 1.2.3.4 and it
requires a gateway IP of 1.2.3.1. So I simply issue an ifconfig en1
1.2.3.1 alias. But this
Rob Braun <[EMAIL PROTECTED]> writes:
> Several companies, one of which is LanMedia Corporation (LMC), sell
> PCI cards that handle T1s and include an integrated CSU/DSU. So,
> yes, you can terminate a T1 on your PC. Find one of these cards and
> you're all set. I believe FreeBSD already has a dr
for accounting, you can use dynamic dummynet pipes as the
final accept rule, e.g. replace all rules of the form
accept ip from X to Y
with
pipe ip from X to Y
and something like this for accounting on source ip
ipfw pipe config mask src-ip 0x
For man
Hi!
We have to account the traffic of >450 IPs and also have to deny
traffic to/from a few IPs.
We are currently using a half-baken solution with ipfw and a
config with 6 rules for each IP, which makes the stuff quite
uncomfortable.
(on high network load, "ipfw list" takes minutes, we have to ch
RFC1812 Requirements for IP Version 4 Routers
4.3.3.3 Source Quench
A router SHOULD NOT originate ICMP Source Quench
messages. As
specified in Section [4.3.2], a router that does
originate Source
Quench messages MUST be able to limit the rate at
which they are
generated.
DISCUSS
Could anyone check this fix for PR bin/29026 (traceroute -s option)?
It just reenables the bind(2) call checking for the source address
correctness, and moves the IP_HDRINCL after that (once IP_HDRINCL
is enabled on the socket, bind doesn't check this anymore).
It seems to work on my (very outda
Hello all!
Okay, I'm still having a bit of problems setting up
a FreeBSD router. I'm not sure if FreeBSD forwards
the packets automatically or if I need to add routes
to the routing table or what.
Here's what I'm trying to do. I have 3 networks:
192.168.0.0/24, 192.168.10.0/24, and 192.168.20
In message <[EMAIL PROTECTED]>, Kris Kennaway writes:
>Sorry I've been ignoring this; I'm still getting caught up from my
>vacation. Niels, how has OpenBSD handled this?
Not. We have the same problem. I argue that the test is bogus.
First of all, if we are getting a SYN for this 4-tuple, it is
Matt-
You'll need to get a DSU/CSU for the FreeBSD box. Not sure what exists
out there, if anything. I'd start with the FreeBSD supported hardware list
and see if there's anything there.
As far as routing goes, you'll have no problem there.
Joseph Gleason said:
> It needs to goto something th
With a Cisco or a FreeBSD box can do routing.
- Original Message -
From: "Aaron Namba" <[EMAIL PROTECTED]>
To: "matt" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Cc: "FreeBSD-ISP" <[EMAIL PROTECTED]>
Sent: Monday, July 16, 2001 13:49
Subject: RE: router question
> Depe
It needs to goto something that can handle it like a Cisco router with
approiate WAN options or a FreeBSD box with an appropriate card (search the
mailing lists for info on those cards).
- Original Message -
From: "matt" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
C
If memory serves me right, JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=
?= wrote:
> Hmm, could you show us the contents of "rt" and "ln" at this point?
(kgdb) print rt
$1 = (struct rtentry *) 0x3
(kgdb) print ln
$2 = (struct llinfo_nd6 *) 0x62
> If possible, it would be helpful to s
Hello !
I have a few problems, because I'd like to merge two maschines because
of small room and heating problems there.
One maschine has its own link and other too. Now i'd like to merge them
into one maschine with four ethernet cards.
How can I do, that packets from one subnet/host will go thr
< said:
> Is there any reason for ICMP source quench to be deprecated?
There are a few problems with ICMP source quench:
1) If a sender-TCP actually pays attention to them, an attacker can
substantially reduce TCP performance by forging them (a low-grade DoS
attack).
2) Few if any routers legi
I know; those were my reasons for lifting an eyebrow at the 'deprecated'
comment in the Linux kernel source..
G'luck,
Peter
--
"yields falsehood, when appended to its quotation." yields falsehood, when appended to
its quotation.
On Mon, Jul 16, 2001 at 11:45:02AM -0400, Joseph Gleason wrote:
Unless I am mistaken, ICMP source quench applies to any IP traffic, not just
TCP.
Also, ICMP source quench can be sent by intermediate routers.
- Original Message -
From: "Peter Pentchev" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 16, 2001 08:26
Subject: ICMP source
>>I'd very much like to see PF_LOCAL support added to our getaddrinfo()
>>and getnameinfo(). I know that PF_LOCAL sockets have semantics that
>Here is quick and simple implementation - any comments welcome. It
>probably needs a few changes to match the conventions of other
>implementations, and a
In message <[EMAIL PROTECTED]>, Ian Dowse writes:
>
>I'd very much like to see PF_LOCAL support added to our getaddrinfo()
>and getnameinfo(). I know that PF_LOCAL sockets have semantics that
Here is quick and simple implementation - any comments welcome. It
probably needs a few changes to match
> On Sun, 15 Jul 2001 01:27:59 -0700,
> "Bruce A. Mah" <[EMAIL PROTECTED]> said:
> OK, I got another crash, with symbols and all. This is a 4-STABLE
> machine from 7 July.
Thanks for the info.
(kgdb) list
438 /* XXX: used for the DELAY case only: */
439
Hi,
I just had a friend ask me a weird question about ICMP source quench
and its handling in various OS's. He proceeded to show me a part
of some version of the Linux kernel source, which processed a source
quench request properly, yet had a 'This is deprecated' comment
at the top.
I had a quic
> On Mon, 16 Jul 2001 12:53:47 +0200,
> Sheldon Hearn <[EMAIL PROTECTED]> said:
> Where do I send changes to the KAME manual pages?
Thanks for the offer. The best place would be [EMAIL PROTECTED], which is
the list for core developers of the KAME project.
This list is closed to discus
Hi:
I need to know in what version of FreeBSD you can use the 6to4 tunnels for
IPv6.
How long have 6to4 tunnels been implemented ?
Also, if someone knows in which versions of FreeBSD appeared the automatic
and configured tunnels for IPv6, or where I can search these
information...
Thanks!
Hi folks,
Where do I send changes to the KAME manual pages?
Ciao,
Sheldon.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
On Mon, Jul 16, 2001 at 11:00:04AM +0300, Ruslan Ermilov wrote:
> Recall my question on IRC about monotonicity right after you committed
> this?
Yes; recall my answer? :)
Kris
PGP signature
On Sun, Jul 15, 2001 at 01:11:48PM -0700, Kris Kennaway wrote:
> On Mon, Jun 11, 2001 at 02:37:10PM -0500, Jonathan Lemon wrote:
> > In article
>[EMAIL PROTECTED]> you write:
> > >First off, I hope this is the right list.
> > >
> > >Could someone take a look at PR misc/27880?
> >
> > This was br
33 matches
Mail list logo