Re: Need help with IPFW rule

2004-10-16 Thread Norm Vilmer
Lowell Gilbert wrote: Norm Vilmer [EMAIL PROTECTED] writes: I get this message (below) on the console of my FreeBSD 4.10 firewall: Connection attempt to TCP my public ip:20388 from 61.151.248.42:80 flags 0x12 It appears that this is getting through the firewall and is logged to the console

Need help with IPFW rule

2004-10-08 Thread Norm Vilmer
I get this message (below) on the console of my FreeBSD 4.10 firewall: Connection attempt to TCP my public ip:20388 from 61.151.248.42:80 flags 0x12 It appears that this is getting through the firewall and is logged to the console because log_in_vain is 1. Question: What IPFW rule would block this

nmap'ing myself

2004-10-07 Thread Norm Vilmer
If there a better forum for discussing IPFW, please direct me there. I have a firewall machine running FreeBSD 4.10 connected between my DSL modem and my office switch. It does nat and has a basic set of IPFW rules. It is somewhat locked down (kern_securelevel = 1, other recommendations typical

Re: nmap'ing myself

2004-10-07 Thread Norm Vilmer
Chuck Swiger wrote: Norm Vilmer wrote: [ ... ] My question is: from a well configured firewall, Should I be able to nmap the public interface using a console session on the firewall itself? Sure. nmap should return close to zero open ports. Will allowing this compromising security

Re: ipfw console messages

2004-10-01 Thread Norm Vilmer
Subhro wrote: Could we have a look at the syslof configuration file? Regards S. On Thu, 30 Sep 2004 12:09:40 -0500, Norm Vilmer [EMAIL PROTECTED] wrote: Norm Vilmer wrote: I have been running a IPFW firewall on FreeBSD 4.10 for a few weeks now. For some reason a few connection attempts

ipfw console messages

2004-09-30 Thread Norm Vilmer
I have been running a IPFW firewall on FreeBSD 4.10 for a few weeks now. For some reason a few connection attempts are showing up on the console rather than going to the log file. I can't seem to figure out why. Any ideas? I have tried adding the 'log' key word to every deny statement in my IPFW

Re: ipfw console messages

2004-09-30 Thread Norm Vilmer
Norm Vilmer wrote: I have been running a IPFW firewall on FreeBSD 4.10 for a few weeks now. For some reason a few connection attempts are showing up on the console rather than going to the log file. I can't seem to figure out why. Any ideas? I have tried adding the 'log' key word to every deny

Re: please educate me on memory usage

2004-09-24 Thread Norm Vilmer
Gregor Mosheh wrote: I was looking at my top output and was surprised to see that the bulk of my 512 MB of memory was in use, since the server really has fairly little running. It's not a problem, but I was wanting some clarification on where this memory was being used, for my own education. The

I686_CPU only kernel build

2004-09-22 Thread Norm Vilmer
My current kernel is compiled with cpu I686_CPU only. Will this cause any problems if I try to build and run, for example, the JDK 1.4 port which is said to be a i586 release? ___ [EMAIL PROTECTED] mailing list

Re: Too many dynamic rules, sorry

2004-09-17 Thread Norm Vilmer
Micheal Patterson wrote: . - Original Message - From: Norm Vilmer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 16, 2004 11:57 PM Subject: Too many dynamic rules, sorry If I repeatedly nmap my FreeBSD 4.10 machine configured with ipfirewall, I get the message Too

Re: Too many dynamic rules, sorry

2004-09-17 Thread Norm Vilmer
Micheal Patterson wrote: . - Original Message - From: Norm Vilmer [EMAIL PROTECTED] To: Micheal Patterson [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, September 17, 2004 9:41 AM Subject: Re: Too many dynamic rules, sorry Micheal Patterson wrote: . - Original Message

Re: Too many dynamic rules, sorry

2004-09-17 Thread Norm Vilmer
Micheal Patterson wrote: - Original Message - From: Norm Vilmer [EMAIL PROTECTED] To: Micheal Patterson [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, September 17, 2004 10:30 AM Subject: Re: Too many dynamic rules, sorry snip I do have a check-state rule add 00200 check-state

Re: Too many dynamic rules, sorry

2004-09-17 Thread Norm Vilmer
Bill Moran wrote: Rob [EMAIL PROTECTED] wrote: Norm Vilmer wrote: Here are the rules that I have that keep-state on the outside interface: #For DNS add 01300 pass udp from ${oip} to any 53 keep-state # For NTP add 01400 pass udp from ${oip} to any 123 keep-state # For VPN add 01500 pass gre from

Re: Too many dynamic rules, sorry

2004-09-17 Thread Norm Vilmer
Dave McCammon wrote: --- Bill Moran [EMAIL PROTECTED] wrote: Rob [EMAIL PROTECTED] wrote: Norm Vilmer wrote: Here are the rules that I have that keep-state on the outside interface: #For DNS add 01300 pass udp from ${oip} to any 53 keep-state # For NTP add 01400 pass udp from ${oip} to any 123

Re: Too many dynamic rules, sorry

2004-09-17 Thread Norm Vilmer
Micheal Patterson wrote: - Original Message - From: Norm Vilmer [EMAIL PROTECTED] To: Micheal Patterson [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, September 17, 2004 11:47 AM Subject: Re: Too many dynamic rules, sorry Micheal Patterson wrote: - Original Message

Too many dynamic rules, sorry

2004-09-16 Thread Norm Vilmer
If I repeatedly nmap my FreeBSD 4.10 machine configured with ipfirewall, I get the message Too many dynamic rules, sorry. Doing a sysctl -a |grep ip.fw I can see the the net.inet.ip.fw.dyn_count has reached the max value of 8192 that I set. The net.inet.ip.fw.dyn_ack_lifetime is set to 300, so the

Re: Packet filter statistics

2004-09-09 Thread Norm Vilmer
Steve Bertrand wrote: Please bear with me... I've got a Windows 2000 web server that is spewing out over 2Mbps of data which is going out round robin over my 3 T-1 connections. Although there is still more throughput available, this is seemingly rediculous. I've got a fortigate box in front of the

Re: Packet filter statistics

2004-09-09 Thread Norm Vilmer
Steve Bertrand wrote: Steve Bertrand wrote: Please bear with me... I've got a Windows 2000 web server that is spewing out over 2Mbps of data which is going out round robin over my 3 T-1 connections. Although there is still more throughput available, this is seemingly rediculous. I've got a

Re: [Re: Unable to write to CD-R]

2004-09-05 Thread Norm Vilmer
Norm Vilmer wrote: Richard Lynch wrote: cdrecord -scanbus Cdrecord 2.00.3 (I386 . cdrecord: Operation not permitted. Error opening /dev/pass0 Cam error 'camreal_ opendevice: coundn't open passthr. Cannot open SCSI driver. I dunno about all this other stuff, but to me, *THIS* looks like you

[Re: Unable to write to CD-R]

2004-09-04 Thread Norm Vilmer
Original Message Subject: Unable to write to CD-R Date: Fri, 03 Sep 2004 15:56:45 -0500 From: Norm Vilmer [EMAIL PROTECTED] To: [EMAIL PROTECTED] I am having trouble burning an iso image to a CD-R using FreeBSD 4.10. I have tried using burncd , cdrecord, and growifofs, all

Re: Unable to write to CD-R

2004-09-04 Thread Norm Vilmer
Andrew L. Gould wrote: On Friday 03 September 2004 03:56 pm, Norm Vilmer wrote: I am having trouble burning an iso image to a CD-R using FreeBSD 4.10. I have tried using burncd , cdrecord, and growifofs, all appear to have basically the same problem (see details below) Operation not permitted

Toshiba SD-R6112 DVD-RW

2004-09-04 Thread Norm Vilmer
Has anyone successfully burned a CD or DVD using a Toshiba SD-R6112 DVD-RW drive with FreeBSD version 4.10? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: [Re: Unable to write to CD-R]

2004-09-04 Thread Norm Vilmer
Richard Lynch wrote: cdrecord -scanbus Cdrecord 2.00.3 (I386 . cdrecord: Operation not permitted. Error opening /dev/pass0 Cam error 'camreal_ opendevice: coundn't open passthr. Cannot open SCSI driver. I dunno about all this other stuff, but to me, *THIS* looks like you don't have the