>>> Greetings,
>>>
>>> I tried setting up the following into pf.conf on both 4.9 and latest
snapshot:
>>>
>>> altq on $ext_if priq queue {q1, q2}
>>> queue q1 priority 1 priq(default)
>>> queue q2 priority 2
>>> pass all queue q1
>>> match all queue q2
>>>
>>> And I see nothing going into q2.
>>> I
> Greetings,
>
> I tried setting up the following into pf.conf on both 4.9 and latest snapshot:
>
> altq on $ext_if priq queue {q1, q2}
> queue q1 priority 1 priq(default)
> queue q2 priority 2
> pass all queue q1
> match all queue q2
>
> And I see nothing going into q2.
> Is this the expected beha
Greetings,
I tried setting up the following into pf.conf on both 4.9 and latest snapshot:
altq on $ext_if priq queue {q1, q2}
queue q1 priority 1 priq(default)
queue q2 priority 2
pass all queue q1
match all queue q2
And I see nothing going into q2.
Is this the expected behavior?
Thanks for you
> pass out log(matches) quick inet proto tcp from any to 89.176.141.250 port =
> www rdr-to 127.0.0.1 port 8080
I think rdr-to is meant to be use on inbound rules.
On Tue, Feb 1, 2011 at 6:43 AM, Josh Smith wrote:
> misc@,
>
> I recently acquired a playstation 3 and have been running into some
> difficulties playing it online behing my openbsd gateway. After doing
> some research and testing I have been able to overcome most of these
> problems by appending
> When you use 'match' to set options (e.g. nat-to) it does that for
> for *subsequent* rules, it doesn't retrospectively loop back and
> change addresses on a rule which has *already* been processed.
Yes I know that much. And as my pass rules care about the not-yet
translated source addresses, th
> ah, yes, I see what you mean, but this depends on the values chosen for
> A, B, somewhere, something.
Yeah sorry for the vagueness :)
Anyway I tested it just in case and as expected it didn't work.
> it might be simpler to combine the rules e.g.
>
> pass out on $ext_if proto tcp from {A, B} to
quot;match
... nat-to" rules to have to be after the related pass rules.
Thanks again for your help.
William
On Tue, Jun 15, 2010 at 12:28 AM, Stuart Henderson wrote:
> On 2010-06-14, william dunand wrote:
>> Well this rule-set's purpose is just to illustrate the "probl
purpose this
> match rule can serve, so it's not entirely surprising this hasn't
> been noticed before... What are you trying to do with this?
>
>
> On 2010-06-14, william dunand wrote:
>> Dear list,
>>
>> I just noticed something strange with pf (4.7) an
Dear list,
I just noticed something strange with pf (4.7) and I wondered if
someone could help me to understand it.
Let's consider the following simple rule-set:
set skip on lo0
pass all
block out log on bge0 inet proto tcp from any to x.x.x.x port 80
match out on bge0 inet proto tcp from any t
Hi misc,
I was playing around with ifstated, trying to understand exactly how
it behaves, and came up with a few assumptions for which I could not
find any contradiction or confirmation in the docs. So I'd appreciate
if someone familiar with ifstated internals could shed some light.
-
Tue, Apr 13, 2010 at 04:32:12PM +0900, william dunand wrote:
>> Dear list,
>>
>> I am currently setting up two 4.6 boxed to act as carp'ed firewalls.
>
> [...]
>
>> Even though I got to quite satisfying results, I am confused about the
>> net.inet.carp.p
Dear list,
I am currently setting up two 4.6 boxed to act as carp'ed firewalls.
-
On the active node:
% cat /etc/hostname.bge1
inet 10.100.0.1 255.255.255.0 NONE -inet6
% cat hostname.pfsync0
up
syncdev bge1
% cat /etc/hostname.bge0
inet xxx.xxx.xxx.48 255.25
What about the following process :
- Install release
- Download the release's src.tar.gz and sys.tar.gz from one of the official FTP
- Extract those in /usr/src
- wget all the patches listed on http://openbsd.org/errata44.html
- Read http://openbsd.org/faq/faq10.html#Patches
- Read instructi
ested in knowing the clean and mighty way to
hide your local subnet topography.
Maybe using an intermediate local interface may help, as it was
suggested by Marc-Andre.
Regards,
William
2008/8/15 Toby Burress <[EMAIL PROTECTED]>:
> On Fri, Aug 15, 2008 at 05:09:08PM +0900, william d
you paste and show us the output of netstat -rnf encap and also
if possible your pf.conf ?
Regards,
William
2008/8/15 Toby Burress <[EMAIL PROTECTED]>:
> On Fri, Aug 15, 2008 at 01:24:59PM +0900, william dunand wrote:
>> Hi,
>>
>> I tried to reproduce what you want in my
Hi,
I tried to reproduce what you want in my testing environment and
managed to make it work.
What you have to do is :
- In your ipsec.conf, add an rule from your local network to the
distant 172.25.0.1 (this rule is needed in order to route the traffic
to enc0)
- Add a nat rule on enc0 in your
2008/8/7 Jordi Beltran Creix <[EMAIL PROTECTED]>:
> I tried to run a recent i386 4.4 beta on a KVM/QEMU virtual machine
> under Ubuntu and there are some problems with the emulated network.
> The driver constantly reports timeouts.
>> re0: watchdog timeout
> As a side effect the connection is very
Hi,
I recently purchased a marvell based CF wifi card for my zaurus, which is
running 4.4-beta snapshot (2008-07-03). After installing the package
malo-firmware-1.4.tgz I was encountering the following messages when
plugging the card :
malo0: main FW not loaded!
So I took a quick look at th
19 matches
Mail list logo
