Lowell Gilbert wrote:
Norm Vilmer [EMAIL PROTECTED] writes:
I get this message (below) on the console of my FreeBSD 4.10 firewall:
Connection attempt to TCP my public ip:20388 from 61.151.248.42:80
flags 0x12
It appears that this is getting through the firewall and is logged to
the console
I get this message (below) on the console of my FreeBSD 4.10 firewall:
Connection attempt to TCP my public ip:20388 from 61.151.248.42:80
flags 0x12
It appears that this is getting through the firewall and is logged to
the console because log_in_vain is 1.
Question: What IPFW rule would block this
If there a better forum for discussing IPFW, please direct me
there.
I have a firewall machine running FreeBSD 4.10 connected
between my DSL modem and my office switch. It does nat and
has a basic set of IPFW rules. It is somewhat locked down
(kern_securelevel = 1, other recommendations typical
Chuck Swiger wrote:
Norm Vilmer wrote:
[ ... ]
My question is: from a well configured firewall, Should I be able
to nmap the public interface using a console session on the firewall
itself?
Sure. nmap should return close to zero open ports.
Will allowing this compromising security
Subhro wrote:
Could we have a look at the syslof configuration file?
Regards
S.
On Thu, 30 Sep 2004 12:09:40 -0500, Norm Vilmer
[EMAIL PROTECTED] wrote:
Norm Vilmer wrote:
I have been running a IPFW firewall on FreeBSD 4.10 for a few weeks
now. For some reason a few connection attempts
I have been running a IPFW firewall on FreeBSD 4.10 for a few weeks
now. For some reason a few connection attempts are showing up on the
console rather than going to the log file. I can't seem to figure out
why. Any ideas?
I have tried adding the 'log' key word to every deny statement in my
IPFW
Norm Vilmer wrote:
I have been running a IPFW firewall on FreeBSD 4.10 for a few weeks
now. For some reason a few connection attempts are showing up on the
console rather than going to the log file. I can't seem to figure out
why. Any ideas?
I have tried adding the 'log' key word to every deny
Gregor Mosheh wrote:
I was looking at my top output and was surprised to
see that the bulk of my 512 MB of memory was in use,
since the server really has fairly little running.
It's not a problem, but I was wanting some
clarification on where this memory was being used, for
my own education.
The
My current kernel is compiled with cpu I686_CPU only.
Will this cause any problems if I try to build and run,
for example, the JDK 1.4 port which is said to be a
i586 release?
___
[EMAIL PROTECTED] mailing list
Micheal Patterson wrote:
.
- Original Message - From: Norm Vilmer
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, September 16, 2004 11:57 PM
Subject: Too many dynamic rules, sorry
If I repeatedly nmap my FreeBSD 4.10 machine configured with ipfirewall,
I get the message Too
Micheal Patterson wrote:
.
- Original Message -
From: Norm Vilmer [EMAIL PROTECTED]
To: Micheal Patterson [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, September 17, 2004 9:41 AM
Subject: Re: Too many dynamic rules, sorry
Micheal Patterson wrote:
.
- Original Message
Micheal Patterson wrote:
- Original Message -
From: Norm Vilmer [EMAIL PROTECTED]
To: Micheal Patterson [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, September 17, 2004 10:30 AM
Subject: Re: Too many dynamic rules, sorry
snip
I do have a check-state rule
add 00200 check-state
Bill Moran wrote:
Rob [EMAIL PROTECTED] wrote:
Norm Vilmer wrote:
Here are the rules that I have that keep-state on the outside interface:
#For DNS
add 01300 pass udp from ${oip} to any 53 keep-state
# For NTP
add 01400 pass udp from ${oip} to any 123 keep-state
# For VPN
add 01500 pass gre from
Dave McCammon wrote:
--- Bill Moran [EMAIL PROTECTED] wrote:
Rob [EMAIL PROTECTED] wrote:
Norm Vilmer wrote:
Here are the rules that I have that keep-state
on the outside interface:
#For DNS
add 01300 pass udp from ${oip} to any 53
keep-state
# For NTP
add 01400 pass udp from ${oip} to any 123
Micheal Patterson wrote:
- Original Message -
From: Norm Vilmer [EMAIL PROTECTED]
To: Micheal Patterson [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, September 17, 2004 11:47 AM
Subject: Re: Too many dynamic rules, sorry
Micheal Patterson wrote:
- Original Message
If I repeatedly nmap my FreeBSD 4.10 machine configured with ipfirewall,
I get the message Too many dynamic rules, sorry. Doing a sysctl -a
|grep ip.fw I can see the the net.inet.ip.fw.dyn_count has reached the
max value of 8192 that I set. The net.inet.ip.fw.dyn_ack_lifetime is set
to 300, so the
Steve Bertrand wrote:
Please bear with me...
I've got a Windows 2000 web server that is spewing out over 2Mbps of
data which is going out round robin over my 3 T-1 connections.
Although there is still more throughput available, this is seemingly
rediculous.
I've got a fortigate box in front of the
Steve Bertrand wrote:
Steve Bertrand wrote:
Please bear with me...
I've got a Windows 2000 web server that is spewing out over 2Mbps of
data which is going out round robin over my 3 T-1 connections.
Although there is still more throughput available, this is seemingly
rediculous.
I've got a
Norm Vilmer wrote:
Richard Lynch wrote:
cdrecord -scanbus
Cdrecord 2.00.3 (I386 .
cdrecord: Operation not permitted. Error opening /dev/pass0 Cam error
'camreal_
opendevice: coundn't open passthr. Cannot open SCSI driver.
I dunno about all this other stuff, but to me, *THIS* looks like you
Original Message
Subject: Unable to write to CD-R
Date: Fri, 03 Sep 2004 15:56:45 -0500
From: Norm Vilmer [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
I am having trouble burning an iso image to a CD-R using FreeBSD 4.10.
I have tried using burncd , cdrecord, and growifofs, all
Andrew L. Gould wrote:
On Friday 03 September 2004 03:56 pm, Norm Vilmer wrote:
I am having trouble burning an iso image to a CD-R using FreeBSD
4.10. I have tried using
burncd , cdrecord, and growifofs, all appear to have basically the
same problem (see details below)
Operation not permitted
Has anyone successfully burned a CD or DVD
using a Toshiba SD-R6112 DVD-RW drive with
FreeBSD version 4.10?
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Richard Lynch wrote:
cdrecord -scanbus
Cdrecord 2.00.3 (I386 .
cdrecord: Operation not permitted. Error opening /dev/pass0 Cam error
'camreal_
opendevice: coundn't open passthr. Cannot open SCSI driver.
I dunno about all this other stuff, but to me, *THIS* looks like you don't
have the
23 matches
Mail list logo