matheus,
It is the order. The fist queue is for bulk packets and the second is for
ack packets.
Daniel Hartmeier has a detailed page with examples that may make this
clearer.
Prioritizing empty TCP ACKs with pf and ALTQ
http://www.benzedrine.cx/ackpri.html
--
Calomel @ http://calomel.org
On
On 10/5/07, Calomel <[EMAIL PROTECTED]> wrote:
> padilla,
>
> Perhaps if you take a step back and look at an example of pf everything
> might make more sense. It might help if you had a working pf.conf to learn
> from and a basic explanation of what each part of pf does.
>
>OpenBSD Pf Firewall
Sorry if this is nosy and sounds stupid, but I'm intrigued:
Why would you need your .bat to become a .exe file?
Hiding your code is obviously not a valid reason, or you wouldn't be
asking this on the OpenBSD mailing list.
On 05/10/2007, Frank Bax <[EMAIL PROTECTED]> wrote:
> Does know of a BAT2EXE
2007/10/6, Cyrus <[EMAIL PROTECTED]>:
> I'm looking for a ready to install & roll package for configureing and
> administering a OpenBSD firewall from the web. something along the lines of
> pfSense, but with OpenBSD base.
> Thanks,
http://www.undeadly.org/cgi?action=article&sid=20071003090749
I'm looking for a ready to install & roll package for configureing and
administering a OpenBSD firewall from the web. something along the lines of
pfSense, but with OpenBSD base.
Thanks,
--
Adam
On Friday, October 5, 2007, 15:14:41, Jeff Simmons wrote:
> On Friday 05 October 2007 01:17, Claer wrote:
>> The Cisco client license forbids explicitely to connect to anything but
>> Cisco Hardware.
>
> If that's so, then legal forgot to tell marketing. ;-)
>
> "The Cisco VPN 3002 Hardware Client
On Fri, Oct 05, 2007 at 06:49:31PM -0400, Chris Smith wrote:
> On Friday 05 October 2007, andrew fresh wrote:
> OK, I'm still tagging, but it does seem that doing the route-to on ingress is
> a working scenario.
Oh good. I am glad that worked.
> > You may also want some of the rules like are s
On 10/5/07, Chad M Stewart <[EMAIL PROTECTED]> wrote:
> On Oct 5, 2007, at 2:53 PM, Karsten McMinn wrote:
>
> > On 10/5/07, Chad M Stewart <[EMAIL PROTECTED]> wrote:
> >> My 4.2 CDs and t-shirt arrived in the mail today (near Buffalo, NY)
> >
> > drat, I was hoping for first the first post. you for
Does know of a BAT2EXE program that produces an EXE which works under
wine? First hit on google "bat2exe wine" indicates there is one that
works on Linux (written in delphi), but the link is broken.
I've tried several. Some actually create COM (not EXE) files which wine
won't run. Others cr
On Friday 05 October 2007, andrew fresh wrote:
> It takes a while for the packets to figure out how to get through the
> router, once they do, the states are set up and everything works as it
> should. I can see that.
Seems that way.
> > Basic scenario is 2 internal interfaces (2 separate subnet
On Fri, Oct 05, 2007 at 03:20:27PM -0600, Bob Beck wrote:
> > Okay, well fresh from an install on my Sun X2100M2 my daughter wanted
> > to check it out
> >
> > http://balius.com/openbsd.4.2.jpg
>
> Ok, that's a cool picture. Thanks daniel :)
>
> -Bob
I second that, definitely a cool
padilla,
Perhaps if you take a step back and look at an example of pf everything
might make more sense. It might help if you had a working pf.conf to learn
from and a basic explanation of what each part of pf does.
OpenBSD Pf Firewall "how to" ( pf.conf )
http://calomel.org/pf_config.html
> Okay, well fresh from an install on my Sun X2100M2 my daughter wanted
> to check it out
>
> http://balius.com/openbsd.4.2.jpg
Ok, that's a cool picture. Thanks daniel :)
-Bob
On 10/5/07, Chad M Stewart <[EMAIL PROTECTED]> wrote:
> Okay, well fresh from an install on my Sun X2100M2 my daughter wanted
> to check it out
>
> http://balius.com/openbsd.4.2.jpg
Why does the packaging of an "ultra secure" UNIX-like operating system
seem so apropos next to a child ;) ? If the
On 2007/10/05 14:48, a.padilla wrote:
> dc0: flags=8843 mtu 1500
> inet 10.0.0.0 netmask 0xff00 broadcast 255.255.255.0
10.0.0.0 is not valid with a 255.0.0.0 netmask, it's reserved as the
network address and shouldn't be used by a host. You could use 10.0.0.1.
255.255.255.0 is not a se
Can you also send your routing table on both the firewall and the client on
your internal network?
netstat -r -f inet
specifically, is the client's default route 10.0.0.0?
If you can, it would be best to experiment with statically defined IPs at
first.
On 10/5/07, a.padilla <[EMAIL PROTECTED]> w
On Fri, 2007-10-05 at 12:14 -0700, Jeff Simmons wrote:
> On Friday 05 October 2007 01:17, Claer wrote:
> > The Cisco client license forbids explicitely to connect to anything but
> > Cisco Hardware.
>
> If that's so, then legal forgot to tell marketing. ;-)
>
> "The Cisco VPN 3002 Hardware Client
Heinrich Rebehn schrieb:
> Patrick Hemmen wrote:
>> Ok.
>>
>> Before using carp/sasyncd the IPSEC tunnel had worked.
>> The isakmpd daemon listen on all interfaces/ip addresses.
>>
>> I am illustrating my set up
>>
>> vpngw01: 10.10.10.101
>> carp: 10.10.10.1 <-- INTERNET --> remote gate
On Oct 5, 2007, at 2:53 PM, Karsten McMinn wrote:
On 10/5/07, Chad M Stewart <[EMAIL PROTECTED]> wrote:
My 4.2 CDs and t-shirt arrived in the mail today (near Buffalo, NY)
drat, I was hoping for first the first post. you forgot the pic.
Okay, well fresh from an install on my Sun X2100M2 my
On 05/10/2007, a.padilla <[EMAIL PROTECTED]> wrote:
> ifconfig:
>
> (...)
> rl0: flags=8843 mtu 1500
> lladdr 00:18:4d:ea:33:0a
> groups: egress
> media: Ethernet autoselect (100baseTX full-duplex)
> status: active
> inet6 fe80::218:4dff:feea:330a%rl0 prefixl
On Friday 05 October 2007 01:17, Claer wrote:
> The Cisco client license forbids explicitely to connect to anything but
> Cisco Hardware.
If that's so, then legal forgot to tell marketing. ;-)
"The Cisco VPN 3002 Hardware Client works with all operating systems ... "
http://newsroom.cisco.com/dll
> inet 10.0.0.0 netmask 0xff00 broadcast 255.255.255.0
John
Without looking at anything else, that line jumps out at me. Are you
certain that you want your broadcast set to '255.255.255.0'? Sounds
like a netmask to me.
On Fri, Oct 05, 2007 at 02:48:00PM -0400, a.padilla wrote:
> ifco
On Fri, Oct 05, 2007 at 11:40:07AM -0400, Chris Smith wrote:
> The performance issue is that normal web access is horrifically slow, yet
> when
> doing a download test the results show the proper bandwidth.
It takes a while for the packets to figure out how to get through the
router, once they
On 10/5/07, Daniel Barowy <[EMAIL PROTECTED]> wrote:
>
>
>Any suggestions? Apparently I don't know what I don't know.
Well, this is a suggestion, not an answer, but I've saved myself a lot of
pain by building ports of PHP related stuff on relatively clean systems (by
"relatively clean" I mea
On 10/5/07, Chad M Stewart <[EMAIL PROTECTED]> wrote:
> My 4.2 CDs and t-shirt arrived in the mail today (near Buffalo, NY)
drat, I was hoping for first the first post. you forgot the pic.
On Fri, 5 Oct 2007, Daniel Barowy wrote:
Hello,
Does anyone have any pointers for getting the HTML Tidy extensions
working in PHP on OpenBSD? I am running a 4.0 system.
In case anyone is looking to fix this particular problem, this is how I
fixed it:
http://secure.lv/~nikns/stuff/ports/
ifconfig:
lo0: flags=8049 mtu 33224
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet 127.0.0.1 netmask 0xff00
rl0: flags=8843 mtu 1500
lladdr 00:18:4d:ea:33:0a
groups: egress
media: Ethernet autoselect (
I commented out "pass out keep state" and added, after the nat rule,
pass quick all. Still nothing.
I cant even ping from the server the private IP which the client has
I know the client is connected to the server, it shows up on
dhcpd.leases. Do you think its my dhcpd server that's wro
> rl0 is connected to the internet.
> On Oct 5, 2007, at 12:52 PM, ropers wrote:
>
> > On 05/10/2007, a.padilla <[EMAIL PROTECTED]> wrote:
> >> I commented everything out except the nat rule and
> >> "pass out keep state"
> >>
> >> still nothing.
> >
>
delete "pass out keep state" This will not wo
with pf enabled and using a pass out keep state
from the BSD box, make sure it can hit the internet. this will remove it as
being an interface issue to start.
The NAT setup and the rules, based on the testing rules, should allow this
to work at this point, if it is not, go back to square 1 a
On 05/10/2007, a.padilla <[EMAIL PROTECTED]> wrote:
> I commented everything out except the nat rule and
> "pass out keep state"
>
> still nothing.
Sorry to be basic, but do your NICs have IP addresses?
What do their /etc/hostname.if(5) files say?
What does ifconfig(8) say?
Hello,
Does anyone have any pointers for getting the HTML Tidy extensions
working in PHP on OpenBSD? I am running a 4.0 system.
According to PHP's website, I do not need to download the version of
Tidy from PECL, because Tidy is supposed to be built-in in PHP 5 (I have
the PHP 5.1.4 package
both do have IP's. dc0 has a private IP.
rl0 is connected to the internet.
On Oct 5, 2007, at 12:52 PM, ropers wrote:
On 05/10/2007, a.padilla <[EMAIL PROTECTED]> wrote:
I commented everything out except the nat rule and
"pass out keep state"
still nothing.
Sorry to be basic, but do your N
the bsd box is definitely online. quick ping to google gives 0 packet
loss.
On Oct 5, 2007, at 12:47 PM, James Mackinnon wrote:
with pf enabled and using a pass out keep state
from the BSD box, make sure it can hit the internet. this will
remove it as being an interface issue to start.
T
I'd like to say Thank you to all of the developers around the world
who make OpenBSD what it is! If I had the skills to write code I
would help, for now my contributions will have to be in other ways.
My 4.2 CDs and t-shirt arrived in the mail today (near Buffalo, NY)
and this has to be t
While running spamassassin (the one in OpenBSD 4.0) my Perl (also OBSD 4.0)
happened to segfault when learning what is spam. There is no suspicion on bad
hardware, and this situation already happened in the past several times
ocassionally.
There were 9153 spam messages in the folder. I'll try if I
I commented everything out except the nat rule and
"pass out keep state"
still nothing.
On Oct 5, 2007, at 11:04 AM, Joe Gibbens wrote:
I commented out "block in" for testing purposes. still, no success.
If you know what's wrong, please don' t just answer. I want to
understand the solution.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The whole timestamping process was the idea of the procurer. I'll be
concerned with the network security and similar stuff, so thats why i'm
"researching" the available timestamping methods. I've learned a lot
from all of your comments and i'm really t
On Thu, Oct 04, 2007 at 05:03:41PM +0200, G?bri M?t? wrote:
>
> There'll be two main servers, a web server and a sql server. We have to
> insert a timestamp and a signature in the specified rows of tables.
> Periodically the sql server will make pdf documents from the data and we
> have to sign an
Previously posted to [EMAIL PROTECTED] Received no replies so trying here.
Hello,
I'm using route-to to allow specific systems to use different external
interfaces and seeing a performance issue.
The performance issue is that normal web access is horrifically slow, yet when
doing a download te
> I commented out "block in" for testing purposes. still, no success.
> If you know what's wrong, please don' t just answer. I want to
> understand the solution.
Start with nat routing, and then move to filtering.
Keep your nat rule, get rid of the filter fules you have now, and put in a
defaul
Hello,
Does anyone have any pointers for getting the HTML Tidy extensions
working in PHP on OpenBSD? I am running a 4.0 system.
According to PHP's website, I do not need to download the version of
Tidy from PECL, because Tidy is supposed to be built-in in PHP 5 (I have
the PHP 5.1.4 pac
On 10/5/07, Gerald Thornberry <[EMAIL PROTECTED]> wrote:
> On 10/4/07, Jacob Yocom-Piatt <[EMAIL PROTECTED]> wrote:
> > Gerald Thornberry wrote:
> > > I've never used QEMU so I may be talking out my hat. Looking at the
> > > docs for it yesterday I remember seeing something about the QEMU
> > > ac
On 10/5/07, Gerald Thornberry <[EMAIL PROTECTED]> wrote:
> I've been informed that I was talking out of my hat, as I suspected.
> KQEMU (QEMU accelerator) is a Linux kernel module and, therefore, not
> an option for the OpenBSD. I'll put my hat back on my head now.
For whatever it's worth, I had
I've been informed that I was talking out of my hat, as I suspected.
KQEMU (QEMU accelerator) is a Linux kernel module and, therefore, not
an option for the OpenBSD. I'll put my hat back on my head now.
On 10/4/07, Jacob Yocom-Piatt <[EMAIL PROTECTED]> wrote:
> Gerald Thornberry wrote:
> > I've n
ext_if ="rl0" #macro for external interface
int_if ="dc0" #macro for internal interface
localnet= $int_if:network
nat on $ext_if from $localnet to any -> ($ext_if)
#block in
pass out keep state
pass out on $ext_if proto tcp all
pass inet proto tcp from {lo0, $localnet} to any keep state
I
Patrick Hemmen wrote:
Ok.
Before using carp/sasyncd the IPSEC tunnel had worked.
The isakmpd daemon listen on all interfaces/ip addresses.
I am illustrating my set up
vpngw01: 10.10.10.101
carp: 10.10.10.1 <-- INTERNET --> remote gateway: 192.168.1.1
vpngw02: 10.10.10.102
Rem
On Fri, Oct 05, 2007 at 10:54:17AM +0200, Michael wrote:
> Hi,
>
> I've tried setting up multiple qemu hosts on OpenBSD 4.1 but having
> problems setting up the networking. The first qemu instance works just
> fine with -net nic -net tap but I never were able to get the network
> working with a se
Hi,
I've tried setting up multiple qemu hosts on OpenBSD 4.1 but having
problems setting up the networking. The first qemu instance works just
fine with -net nic -net tap but I never were able to get the network
working with a second or third qemu instance.
The server got a main IP and a small su
On 2007/10/04 17:48, Florin Andrei wrote:
> All firewall rules are written as stateless as possible - I don't need
> stateful filtering, the setup is very simple (allow HTTP inbound, allow a
> few ICMP types, and that's it).
You might want to re-think this, stateless rulesets are usually
slower.
On Wed, Oct 03 2007 at 32:20, Jeff Simmons wrote:
> Anyone have any experience with this?
>
> A company a client of mine wishes to work with insists this will work, but I
> have my doubts. The documentation for the 3002 seems to indicate that it is
> specifically for connections to a Cisco 3000
Hi list,
In order to get familiar with CARP, i have set up a playground with 3
machines under vmware. I noticed that the CARP devices do not see any IP
broadcasts, so this would make CARP unusable for a DHCP server or
anything else that needs to respond to IP broadcasts.
Is this expected behav
52 matches
Mail list logo
