tag problem with brconfig - OpenBSD 3.3

2003-09-12 Thread yanko
I use OpenBSD 3.3 and I can not add tag to rule.   bash# brconfig bridge0 rule pass in on rl0 src 1:2:3:4:5:6 tag helloinvalid rule: pass in on rl0 src 1:2:3:4:5:6 tag hello   What can be the problem?

Re: PF -> tags <- bridge

2003-09-12 Thread Jolan Luff
On Sat, Sep 13, 2003 at 09:26:37AM +0300, yanko wrote: > I use OpenBSD 3.3 and I can not activate tags > > bash# brconfig bridge0 rule pass in on rl0 src 1:2:3:4:5:6 tag hello > invalid rule: pass in on rl0 src 1:2:3:4:5:6 tag hello tags are in 3.4.

Re: PF -> tags <- bridge

2003-09-12 Thread yanko
I use OpenBSD 3.3 and I can not activate tags   bash# brconfig bridge0 rule pass in on rl0 src 1:2:3:4:5:6 tag helloinvalid rule: pass in on rl0 src 1:2:3:4:5:6 tag hello

Re: pf with ethernet bridge and one ip

2003-09-12 Thread Trevor Talbot
On Thursday, Sep 11, 2003, at 16:40 US/Pacific, Torsten wrote: i have problems with pf on a openbsd 3.3-stable ethernet bridge. my setup: (lan_A)-( if_A: noIP )-|bridge|-( if_B: ip_B )(lan_B) IP datagram from (lan_A) to ip_B First appearance of the ip datagram within pf is: IN if_B (!) IP

Re: NAT - PF order

2003-09-12 Thread Trevor Talbot
On Thursday, Sep 11, 2003, at 15:52 US/Pacific, Shadi Abou-Zahra wrote: hopefully this is not a millionth repetition of a subject but after reading the PF FAQ and some of the mail archives i am still confused about how bridging, NATing and PFing all work together. the exact path of the packets

RE: NAT - PF order

2003-09-12 Thread Shadi Abou-Zahra
hi, just a reminder: NIC_A: IP 123.123.0.1, connected to the big bad internet NIC_B: IP 192.168.0.1, internal network (desktops etc) NIC_C: IP 10.0.0.1, internal servers (development and staging area) NIC_D: NO IP, DMZ 1 (a collection of operational www and mail servers) NIC_E: NO IP, DMZ 2 (a col

Re: NAT - PF order

2003-09-12 Thread Stefan Zill
Shadi Abou-Zahra wrote: > hello, Hi, > here are my questions: > 1. NATing always happens before PF rules are applied. correct? This is correct. > 2. if all the NATing happens on NIC_A, why do i get such entries in my > state table when an internal desktop tries to reach a server in DMZ 1: > 192

Re: syn-proxy & application-level-proxy

2003-09-12 Thread Ed White
On Thursday 11 September 2003 20:44, Claudio Jeker wrote: > > The fact is that syn-proxy manages already two tcp connections. > > I think you missunderstood something. syn-proxy is not a real proxy as in > ftp-proxy. The syn-proxy is nothing more than some state table magic so > the synproxy state