: owner-freebsd-questi...@freebsd.org
[mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Michael Sierchio
Sent: Sunday, March 31, 2013 10:04 PM
To: Don O'Neil
Cc: freebsd-questions@freebsd.org
Subject: Re: Problems with IPFW causing failed DNS and FTP sessions
net.inet.ip.fw.dyn_short_lifetime
Okay, what's your DNS setup? Are you running a recursive cache that
contacts the root servers directly? Using your ISP's servers? Etc.
As a mitigation step, I tried pointing my caches to 8.8.8.8 and
8.8.4.4. - but it turns out that Google is intentionally blocking
(returning NX responses to)
...@tenebras.com]
Sent: Monday, April 01, 2013 7:23 AM
To: Don O'Neil
Cc: freebsd-questions@freebsd.org
Subject: Re: Problems with IPFW causing failed DNS and FTP sessions
Okay, what's your DNS setup? Are you running a recursive cache that
contacts the root servers directly? Using your ISP's servers? Etc
Hi everyone. recently my server started having issues with DNS and FTP
sessions either not resolving or timing out. I've tracked the issue down to
IPFW. if I issue a 'sysctl net.inet.ip.fw.enable=0' then my issues go away.
I have the basic rules like this for dns;
01160 allow udp from any
Hi everyone. recently my server started having issues with DNS and FTP
sessions either not resolving or timing out. I've tracked the issue down to
IPFW. if I issue a 'sysctl net.inet.ip.fw.enable=0' then my issues go away.
I have the basic rules like this for dns;
01160 allow udp from any
It would be really helpful if you'd post the ruleset.
At first glance, your stateful rules seem rather wrong, unless there's
a check-state above. Also, in and out aren't discriminating enough -
every packet is seen by the ruleset more than once. You should think
in terms of interfaces,
, and there aren't. I'm
not running NAT, it's a publically accessible IP address.
-Original Message-
From: Michael Sierchio [mailto:ku...@tenebras.com]
Sent: Sunday, March 31, 2013 8:58 PM
To: Don O'Neil
Cc: freebsd-questions@freebsd.org
Subject: Re: Problems with IPFW causing failed DNS
Don O'Neil wrote:
Hi everyone. recently my server started having issues with DNS and FTP
sessions either not resolving or timing out. I've tracked the issue down
to IPFW. if I issue a 'sysctl net.inet.ip.fw.enable=0' then my issues go
away.
[snip]
I'm probably not smart enough to be able
: freebsd-questions@freebsd.org
Subject: Re: Problems with IPFW causing failed DNS and FTP sessions
It would be really helpful if you'd post the ruleset.
At first glance, your stateful rules seem rather wrong, unless there's a
check-state above. Also, in and out aren't discriminating enough
On Sun, Mar 31, 2013 at 9:39 PM, Michael Powell nightre...@hotmail.com wrote:
I'm probably not smart enough to be able to help directly with your problem
but I'd like to add that there is a snowballing DNS Amplification ddos
attack against SpamHaus going on which is spilling over
Yes, this is
net.inet.ip.fw.dyn_short_lifetime ?
net.inet.ip.fw.dyn_udp_lifetime ?
You might want to increase these, given the current state of things...
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To
Subject: RE: Problems with ipfw and ssh
Hi,
Just a suggestion/query: Do you have you localhost/127.0.0.1 rules defined
to allow all traffic?
Cheers
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Spiros Papadopoulos
Sent: Thursday, 12 October 2006 7
to a normal user account properly though
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
]
On Behalf Of Mark Jose
Sent: Wednesday, October 11, 2006 8:41 PM
To: 'Spiros Papadopoulos'; freebsd-questions@freebsd.org;
freebsd-ipfw@freebsd.org
Subject: RE: Problems with ipfw and ssh
Hi again,
On 12/10/06, Garrett Cooper [EMAIL PROTECTED] wrote:
Based on all the docs I've read about using ipfw, you should put
ipfw allow all any from any via lo0 somewhere at the top of your
script so all traffic can and will be sent via lo0.
I think you are talking about the line below, is
Thanks,
On 12/10/06, Chris [EMAIL PROTECTED] wrote:
The thing is... I generally have the kernel setup to allow by default.
Then I
create rules denying traffic as I either know up front, or can deduct from
logging a last rule denying traffic.
IE: the rule you have set to allow any, my same
Hi,
I am trying to configure a firewall using ipfw for a machine running FreeBSD
5.4.
Without NAT.
I am nearly a newbie on this (since i never had time until now..) but still
i believe i understand exactly the
concepts and what needs to be done.
Except the manual page and chapter 26.1 in the
I removed freebsd-ipfw from the recipient list. Please keep `general'
questions in freebsd-questions. The freebsd-ipfw list is, as far as I
know, used for *development* of IPFW; not questions.
On 2006-10-11 22:53, Spiros Papadopoulos [EMAIL PROTECTED] wrote:
Hi,
I am trying to configure a
Giorgo thanks for the immediate reply,
I started yesterday playing with it / testing it, but since i want to
do most of the work remotely, i stuck on this rule and feel like keep
looking until i find the solution. I paste the whole script here just
in case something else is wrong...
Here is my
On 2006-10-12 00:53, Spiros Papadopoulos [EMAIL PROTECTED] wrote:
I started yesterday playing with it / testing it, but since i
want to do most of the work remotely, i stuck on this rule and
feel like keep looking until i find the solution. I paste the
whole script here just in case something
On 12/10/06, Giorgos Keramidas [EMAIL PROTECTED] wrote:
On 2006-10-12 00:53, Spiros Papadopoulos [EMAIL PROTECTED] wrote:
I started yesterday playing with it / testing it, but since i
want to do most of the work remotely, i stuck on this rule and
feel like keep looking until i find the
On 2006-10-12 01:31, Spiros Papadopoulos [EMAIL PROTECTED] wrote:
On 12/10/06, Giorgos Keramidas [EMAIL PROTECTED] wrote:
,
| [EMAIL PROTECTED]:/home/giorgos$ su -
| Password:
| [EMAIL PROTECTED]:/root# ipfw -d show
|
; freebsd-ipfw@freebsd.org
Subject: Problems with ipfw and ssh
Hi,
I am trying to configure a firewall using ipfw for a machine running FreeBSD
5.4.
Without NAT.
I am nearly a newbie on this (since i never had time until now..) but still
i believe i understand exactly the
concepts and what needs
Aaron Siegel [EMAIL PROTECTED] writes:
Hello
I am having problems with my FreeBSD 5.4 gateway/firewall. When I enable a
custom firewall (ipfw) or the Simple firewall through rc.firewall my
clients are unable to resolve DNS when DNS does work with the Open ruleset
that is provide by
Hello
I am having problems with my FreeBSD 5.4 gateway/firewall. When I enable a
custom firewall (ipfw) or the Simple firewall through rc.firewall my
clients are unable to resolve DNS when DNS does work with the Open ruleset
that is provide by rc.firewall. I create the custom firewall
Hello,
i have a problem with ipfw + natd. The problem is that my FreeBSD server
isn't routing internet. First I have used FreeBSD4.9-STABLE, then i tried to
upgrade to FreeBSD4.9-RELEASE-p4. Result is the same - no internet for lan
users. Take a look at my configuration files:
rc.conf:
On Wed, 2004-03-31 at 20:27, Prodigy wrote:
${fwcmd} add 400 pass tcp from any 22,80,110,119,143,443,3306,5190,6667-7000
to any via rl1
${fwcmd} add 500 pass tcp from any to any
22,80,110,119,143,443,3306,5190,6667-7000 via rl1
When I comment out 400 and 500 rules and add allow all from any
I tried to allow only 80 port, but the result is the same. I have also tried
ipf + ipnat, but i need to block internet connection to some users by MAC
address, and ipf doesn't know, what MAC address is. Maybe i can block MAC
addresses with ipf + ipnat somehow? Btw FreeBSD version is 4.9.
On Wed,
Hello,
I installed FBSD 4.7 a couple days ago on an old P100 to replace my
linksys cable router. I've rebuilt the kernel and have done everything
else to enable the machine to act as router/firewall. The only problems
I am having is setting up the ipfw rules. I've spent the last 2 days
trying
Hi ppl!
I need to use direct access to ipfw rules via raw sockets instead of
some scripts using ipfw utility.
I looked into ipfw sources and made a simple program to test if I could
add a simple rule this way.
Just rewrote pieces of original code into my program w/out any serious
change.
29 matches
Mail list logo
