Evening everyone.
Well, I wont beat around the bush. I'll get right to the point. I'm pretty
new to OpenBSD and PF but i'm having a blast learning it all. It's a lot of fun,
but I have much to learn. I've read as much documentation as I can find on both
PF and IPF. I've gone through the How-
take a look here, it may help
http://www.xscanners.org/cgi-bin/index.cgi?action=viewnews&id=9
David Jobes - CISSP
[EMAIL PROTECTED]
> Jason Williams wrote:
>
> Evening everyone. Well, I wont beat around the bush. I'll get right to
> the point.
> I'm pretty new to OpenBSD and PF but i'm having
Forgive me if this is already known, but apparently pf drops certain outgoing
IP packets built using the raw socket interface. I've traced it to ip_output.c
where two pf_test() calls are made -- I'm not sure which one results in the
drop, but both of them return EHOSTUNREACH (No route to host).
On Sun, Jul 28, 2002 at 10:49:44PM -0700, mike schiffman wrote:
> pass out proto tcp from any to any flags S/SA keep state
Try
pass out from any to any allow-opts
instead. pf, by default, blocks packets with IP options. If you want to
pass them, use the 'allow-opts' rule parameter.
On 29/07/2002, mike schiffman <[EMAIL PROTECTED]> wrote To [EMAIL PROTECTED]:
> # allow any internal connections to go outward
> pass out proto tcp from any to any flags S/SA keep state
> pass out proto icmp from any to any flags S/SA keep state
> pass out proto udp from any to any
On Sun, Jul 28, 2002 at 04:58:25PM -0700, Jason Williams wrote:
> OpenBSD 3.1 Firewall/Gateway, running PF and NAT.
You probably want a nat.conf like this
ExtIf = "dc0"
nat on $ExtIf inet from 192.168.0.0/16 to any -> $ExtIf
> pass outquick on $ExtIf proto tcp/udp from 192.168.1.0/16
Hi,
I've read inside USENIX PF paper that various application proxies are
planned: what type of use is planned ?
Would they permit traffic like ftp-proxy do with active FTP across NAT or
will be application level filters ?
Also I would like to know if ftp-proxy could be used to protect/filter a F
Ah, this must be the case. Thanks.
On Mon, Jul 29, 2002 at 08:45:13AM +0200, Daniel Hartmeier wrote:
> On Sun, Jul 28, 2002 at 10:49:44PM -0700, mike schiffman wrote:
>
> > pass out proto tcp from any to any flags S/SA keep state
>
> Try
>
> pass out from any to any allow-opts
>
>
> > Would they permit traffic like ftp-proxy do with active FTP
> across NAT or
> > will be application level filters ?
>
> Eh? I think you misunderstood the concept and working of ftp-proxy.
>
> Actually active FTP can be used via NAT rules, without ftp-proxy.
Please tell me how.
> ftp-proxy
On Mon, Jul 29, 2002 at 04:48:45PM +0200, Philipp Buehler - sysfive.com GmbH wrote:
> > Also I would like to know if ftp-proxy could be used to protect/filter a FTP
> > server even if it's secure, like OpenBSD ftpd.
>
> Yes, while IIRC rev-proxy-support is only in -current. Daniel?
It's not com
On 29/07/2002, Ed White <[EMAIL PROTECTED]> wrote To [EMAIL PROTECTED]:
> > Actually active FTP can be used via NAT rules, without ftp-proxy.
>
> Please tell me how.
pass out proto tcp from $lan to any keep state
or whatever. try to understand how active/passive ftp works
> > Yes, while IIRC r
On 29/07/2002, Ed White <[EMAIL PROTECTED]> wrote To [EMAIL PROTECTED]:
> I've read inside USENIX PF paper that various application proxies are
> planned: what type of use is planned ?
Whatever some people are sending in code/diffs for :)
> Would they permit traffic like ftp-proxy do with active
12 matches
Mail list logo
