list of allowed ports without
success.
Peter Brezny
purplecat.net
828-250-9446
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
tion terminates.
Thanks again.
Peter Brezny
Skyrunner.net
-Original Message-
From: Vincent Jardin [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 10, 2002 3:32 AM
To: Barney Wolff; Peter Brezny
Cc: Orville R. Weyrich_Jr; [EMAIL PROTECTED]
Subject: Re: passive mode ftp server, need sta
w all from any to any established
arn't you sort of setting yourself up. Couldn't someone establish a valid
connection to a valid port, then, have a field day?
TIA
Peter Brezny
Skyrunner.net
-Original Message-
From: Orville R. Weyrich_Jr [mailto:[EMAIL PROTECTED]]
Sent: Mond
o the
new random data port on the passive mode server, i've so far not been able
to come up with decent firewall rules to protect this type of system.
TIA,
Peter Brezny
Skyrunner.net
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
I'm having problems with the syntax (i think) of using "or" in ipfw rules.
Does this work only with ipfw2?
i'm attempting:
ipfw add 300 deny log all from \{ not 208.133.x.x/2x or 12.150.x.x/2x \} to
any out via oif
and i'm getting:
ipfw: hostname ``{'' unkno
e the best path out to the internet.
It would be nice to run picobsd for this system, or boot it off a flash card
so as not to have to worry about drives.
Any comments or suggestions are welcome.
TIA
Peter Brezny
purplecat.net
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
I did a quick search through the man page, but didn't come up with anything
right off that looked like it could help mitigate smurf attacks similar to
the cisco:
no ip directed-broadcast
feature.
Is there a way?
TIA
Peter Brezny
Skyrunner.net
To Unsubscribe: send mail to [EMAIL PROT
Discovered this is not a DOS attack, Thanks for your consideration.
Looks like my qmail install is sending things out faster than my network
card can handle?...
Thanks again,
Peter Brezny
Skyrunner.net
-Original Message-
From: Peter Brezny [mailto:[EMAIL PROTECTED]]
Sent: Wednesday
44.46
The error i'm getting in /var/log/messages:
Jun 5 10:05:51 rack /kernel: m_clalloc failed, consider increase
NMBCLUSTERS value
Jun 5 10:05:51 rack /kernel: xl0: no memory for rx list -- packet dropped!
Any help is much appreciated.
Peter Brezny
Skyrunner.net
09:56:44.778211 208
.
Peter Brezny
Skyrunner.net
-Original Message-
From: Luigi Rizzo [mailto:[EMAIL PROTECTED]]
Sent: Monday, April 01, 2002 4:29 AM
To: Joost Bekkers
Cc: Peter Brezny; [EMAIL PROTECTED]
Subject: Re: NATD theoretical max and tuning question
Actually, following other reports on natd
e cpu.
Is a system of this class adequate for what I am trying to do?
Would I be better off assinging a separate public IP for each of the private
networks routed behind it?
TIA
Peter Brezny
Skyrunner.net
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in
via xl0
Where the host has only the following icmp types allowed.
# Allow required ICMP
$fwcmd add allow icmp from any to any icmptypes 3,4,11,12 keep-state
Thanks,
Peter Brezny
purplecat.net
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
/NIS configured, uncomment the next line
# nis
Thanks for your consideration.
Peter Brezny
Skyrunner.net
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 02, 2001 12:41 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject
his message.
Thanks for your help!
Peter Brezny
Skyrunner.net
Internal instance:
// $FreeBSD: src/etc/namedb/named.conf,v 1.6.2.2 2001/03/05 13:34:52 asmodai
Exp $
//
options {
directory "/etc/namedb-int";
forwarders {
63.167.198
local address (192.168.0.4), but outgoing traffic from the
first two addresses will still be aliased to appear from
the
specified public_addr.
Thanks in advance.
Peter Brezny
Skyrunner.net
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "u
rt 1723 as being available. The system has no
firewall in place and is using the generic kernel configuration.
I've instaled mpd-netgraph and configured it for use as a PPTP VPN server on
the standard 'developer' install configuration of freebsd with complete
success.
What have I m
imilar to -unregistered_only where I could specify
that natd translate _only_ addresses coming into the internal interface
bound for specific addresses listed in natd.conf for static nat?
OR...
is there another way to do this without using a divert socket, something
just within ipfw.
Thanks a lot
I just found this explained in the latest sample conf file. Sorry for the
previous post. The original conf file I was looking at didn't have it as
completely explained.
Peter Brezny
SysAdmin Services Inc.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On B
i ng0 pptp pptp
...
pptp2:
new -i ng0 pptp pptp
OR, do I need to do something like this?
pptp1:
new -i ng0 pptp pptp1
...
pptp2:
new -i ng1 pptp pptp2
Thanks for your help.
Peter Brezny
SysAdmin Services Inc.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubsc
ter with a dynamically assigned
ip.
I've gotten dhclient working, but i'm stumped as to how to get the
dynamically assigned ip address into the ruleset.
TIA
Peter Brezny
SysAdmin Services Inc.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
ed by peer
Which peer is the log refering to?
ideas?
I've attached the complete log of the connection that failed below.
TIA.
Peter Brezny
SysAdmin Services Inc.
May 25 16:43:23 gkgw mpd: mpd: PPTP connection from 208.63.181.154:1123
May 25 16:43:23 gkgw mpd: pptp0: attached to connection with
What have I missed?
TIA
Peter Brezny
SysAdmin Services Inc.
my rc.conf looks like this.
ifconfig_xl0="inet 10.30.1.30 netmask 255.255.255.0"
ifconfig_xl1="inet 10.30.1.31 netmask 255.255.255.0"
ifconfig_xl2="inet 10.20.30.1 netmask 255.255.255.0"
xl1 is the iface
I have two separate instances of named running on a system. One for
internal and one for external.
The dns appears to work fine. With nslookup, you can choose which ever
server you desire, and it provides answers.
if i try to run an application that uses dns on this machine however, it
bombs.
I've managed to get two different instances of bind running on my primary
name server, but there's something weird.
Since I've gotten them running. I can't ftp to anything from the box, or
even ftp through that box if a client is using it as a gateway, yet
nslookup appears to work fine.
my res
What have I missed?
TIA
Peter Brezny
SysAdmin Services Inc.
my rc.conf looks like this.
ifconfig_xl0="inet 10.30.1.30 netmask 255.255.255.0"
ifconfig_xl1="inet 10.30.1.31 netmask 255.255.255.0"
ifconfig_xl2="inet 10.20.30.1 netmask 255.255.255.0"
xl1 is the iface
I'm attempting to get two instances of bind running on the same machine.
When I start the second instance, i get this error:
named[15794]: ctl_server: bind: /var/run/ndc: Address already in use
However it each instance of named can be found with a ps wax|grep named,
and it appears that each can
Is it possible to have a kern_securelevel="2" and still run mpd-netgraph
using the default 'dialin' configuration?
I've not had any luck but things appear to work ok when the
kern_securelevel="0"
One problem even then however, again using the default 'dialin'
configuration, once the connection i
I've recently run into an interesting problem. I've got an external
machine x.x.x.y running static nat on it's external interface to translate
x.x.x.x to 10.30.1.20 on the inside.
The 10.30.1.20 machine runs a mail server.
This external machine is also configured as a secondary mx for the
inte
I've got a problem with secondary DNS servers not being able to get
updates from my primary through it's firewall.
The firewall rules on the primary dns server (pertaining to dns) look like
this. I thought I had my bases covered...
# Allow DNS traffic from internet to query your DNS (for
I've managed to get things working, but I've still got a question or two.
Here's what i'm working with
> internet firewal/nat box client firewall client lan.
>pub pub/10.30.1.110.30.1.20/10.20.21.1 10.20.21.x
>From Right to Left, each machine's default GW is
|
10.30.x.x--fbsd-gw_ipfw--wireless ethernet--fbsd_gw_ipfw
customer networkcustomer network
Your suggestions and criticisms are appreciated.
Peter Brezny
purplecat.net
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
Let's say I had two internal subnets that i'd like to nat with different
external ip's, while also doing static nat on one of each of the internal
ip's. Could i do that by doing something like thils:
rc.conf
natd_flags="-f /etc/natd.conf1"
natd_flags="-f /etc/natd.conf2"
rc.firewall
$fwcmd add
I want to be able to forward all traffic coming to an external ip to an
internal ip.
I currently have nat configured and working so that all private internal
addresses are translated to a public ip as they leave the firewall machine
on their way out, but after reading the man page a couple of tim
--> 209.16.228.150
Could someone please bump that system and have it update the cache.?...
TIA
Peter Brezny
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
After reading through the natd man page, I think I understand what I need
to do to redirect requests to one specified ip to another, however, I
don't understand where I put this config info.
i currently start natd with rc.conf with the following lines:
natd_enable="YES"
#natd_config="/etc/rc.nat
Hello,
I've just added a second external interface to a machine. I'd like to not
have to duplicate all the rules that involve outside interfaces.
I've got rules like
$fwcmd add deny all from 0.0.0.0/8 to any in via $oif
is it possible to specify multiple interfaces for one rule by l
iable stoped working?
Feb 21 09:48:22 bsd1 /kernel: arp: 209.16.228.140 is on fxp0 but got reply
from 00:10:4b:99:7f:
6e on rl0
TIA
Peter Brezny
SysAdmin Services Inc.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
nslookup's fail from outside the firewall on another machine in nslookup
with server set to my firewall machine.
What have i missed?
Peter Brezny
SysAdmin Services Inc.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
27;s perform an nslookup using my
box as the server to do the queries on.
TIA
Peter Brezny
SysAdmin Services Inc.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
I thought I rememberd someone mentioning a sysctl control for turning off
the kernel arp messages when you have two nics on the same (misconfigured)
network, but I couldn't find it in the archives.
Anyone know?
Thanks.
Peter Brezny
SysAdmin Services Inc.
To Unsubscribe: send mail to [
first.domain.that.got.looked.up
mailin a ip.of.mail.com
Is there a way to get around this?
my primary server is running bind 8.2.3-T6b and the slave server is running
bind 8.1.2
Thanks in advance for your help.
Peter Brezny
SysAdmin Services Inc.
To Unsubscribe: send
zone transfers require more than just port
53?
TIA
Peter Brezny
SysAdmin Services Inc.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
do i tell internic?...ns1 -->network range 1, ns2 -->network range 2
and have the name server hold an IP from each isp's network range?
Thanks for your comments/suggestions.
Peter Brezny
SysAdmin Services Inc.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
ndary files.
TIA
Peter Brezny
SysAdmin Services Inc.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
I've read through all of ch4 in dns & bind, and haven't
come across anything that says you couldn't do it this way...
Will named accept this?
Is it just a really bad idea?
TIA
Peter Brezny
SysAdmin Services Inc.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubsc
ave a
look at
http://www.bsdtoday.com/2000/December/Features359.html
for yet another
nat/ipfw how to.
Peter Brezny SysAdmin Services Inc.
-Original Message-From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of SeanSent: Friday,
January 05, 2001 4:31 AMTo:
[EMAIL PROT
I find it useful, and not that big of a deal to shut off in syslog.conf.
However, option c seems like a good idea.
Peter Brezny
SysAdmin Services Inc.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Bosko Milekic
Sent: Wednesday, January 03, 2001 11
and in order to keep things functioning until it's done, I'm gong to
have to keep both the inside and outside nic's plugged into the same switch
(which gives a lot of errors like this).
/kernel: arp: 10.10.1.70 is on rl0 but got reply from (mac) on fpx0
TIA
Peter Brezny
SysAdmin Service
riviliged user. But when i
posed a related question on -questions, someone told me that sandbox =
chrooted environment.
I also want to know, if you are running named under an unpriviliged user, is
it worth the extra trouble to run it chrooted?
Thanks for your help.
Peter Brezny
SysAdmin
49 matches
Mail list logo
