On Thu, Jan 23, 2003 at 10:56:15AM -0800, Bryan Irvine wrote:
> Is there a converter out there for ipchains -> pf?
it's called brain ;-)
--
Henning Brauer, BS Web Services, http://bsws.de
[EMAIL PROTECTED] - [EMAIL PROTECTED]
Unix is very simple, but it takes a genius to understand the simplicit
Greetz,
I want to figure out why pfctl isn't showing me statistics such as
passed/blocked packets, packets per seconds, etc. In previous
installations it has, but I must be missing something now.
OpenBSD phantasm.sancho2k.net 3.2 GENE
On Fri, Jan 24, 2003 at 02:33:22AM -0700, Sancho2k.net Lists wrote:
> Greetz,
>
> I want to figure out why pfctl isn't showing me statistics such as
> passed/blocked packets, packets per seconds, etc. In previous
> installations it has, but I must be missing something now.
>
> =
On Fri, Jan 24, 2003 at 09:33:30AM +0100, Henning Brauer wrote:
> On Thu, Jan 23, 2003 at 10:56:15AM -0800, Bryan Irvine wrote:
> > Is there a converter out there for ipchains -> pf?
>
> it's called brain ;-)
8)
Personally I always found ipchains/iptables invokes a certain crazyness
to get a goo
On Thu, Jan 23, 2003 at 09:59:43PM -0500, Mike LaPane wrote:
> I was just curious if anyone has tried to redirect like so:
> rdr on $LAN_IF from $LAN_NET to any port 80 -> 127.0.0.1 port 3128
> while bridging? If so, does the bridge interface need to be IP'd?
The redirection itself will work even
Actually, the redirection itself will only work if the internal
interface has an IP address.
A 'stealth' (IP-less) bridge functionally isolates its own userland from
any networks. No userland process can establish connections, as there is
no routing table. That's basically the point of such a setu
Daniel,
I don't have the hardware available to test this right now, but its on
topic.
Back when IPF was default for OBSD I did some experimenting with
bridging and NAT with some limited success.
The configuration I was using was thus...
(Internet Cloud)---
|
On Fri, Jan 24, 2003 at 10:37:57PM +1100, Benjamin M.A. Robson wrote:
> (Internet Cloud)---
> |
> |
> [ fxp0 - No IP ]
> (Bridging Firewall)[ fxp2 - 10.0.0.1/24 ]---(Internal LAN)
> [ fxp1 - 2.2.2.2/24 ]
>
Daniel,
Hmmm.. Thanks for the reply.
I will definitely try it out and report back my findings.
I would suggest then that with the strategic placing of a single IP
address in the thread originator's bridge firewall the transparent squid
proxy could possibly be made to work too.
Hmmm, all cool th
thanks to everyone for the replies!
Well, the preference of bridge over routing/IP forwarding was just for
simplification of deployment. And, keeping the squid process locally means
cost savings for smaller office deployments.
I've been building a similar (routing) solution using linux/netfilter/
Henning Brauer wrote:
On Fri, Jan 24, 2003 at 02:33:22AM -0700, Sancho2k.net Lists wrote:
Greetz,
I want to figure out why pfctl isn't showing me statistics such as
passed/blocked packets, packets per seconds, etc. In previous
installations it has, but I must be missing something now.
==
Hi,
I am trying to set up authpf users to use Public Key authentication in ssh.
I am trying it on a windows client at the present time, using ssh.com's
windows client. I create the key's and try to upload the pub key to the bsd
box and it just hangs. The users shell is /usr/sbin/aut
On Fri, Jan 24, 2003 at 11:11:27AM -0500, Aaron Wade wrote:
> I am trying to set up authpf users to use Public Key authentication in ssh.
> I am trying it on a windows client at the present time, using ssh.com's
> windows client. I create the key's and try to upload the pub key to the bs
On Fri, Jan 24, 2003 at 08:45:06AM -0700, Sancho2k.net Lists wrote:
> >>First entry in /etc/pf.conf:
> >>set loginterface fxp2
>
> 3.2-RELEASE. I haven't had a real chance to update yet.
Try
$ echo "set loginterface fxp2" | pfctl -f -
then
$ pfctl -si
If that works, reload your ruleset w
Ok, I need some help.
Here is my pf conf, stripped down so the nat works, and ifconfig out put
also, can anyone figure out why it won't do nat on rl1, but will do it one
rl0
Pf.conf:
nat on rl0 inet from 192.168.0.7/32 to any -> rl0
nat on rl1 inet from 192.168.0.15/32 to any -> rl1
nat on rl1 inet
Daniel Hartmeier wrote:
If that works, reload your ruleset with
$ pfctl -f /etc/pf.conf
and verify
$ pfctl -si
If any of the above commands produces an error message, quote it.
Maybe you added the "set loginterface" line and forgot to reload the
ruleset?
Daniel
I'm so embarrased. I'v
16 matches
Mail list logo
