Hi all.
@ the end of this email is my complete pf.conf file.
I'm running -CURRENT from Fri Nov 21
I know I'm behind,.. cvs up is running
I have a major problem with my pf setup and I cannot find my answer
anywhere.
1. Hosts out on the internet cannot passive ftp to my server. And a lot
that conn
Hi,
Anyone have experience with filtering at close to 1Gbit using pf? What
would end up being the limiting factor in such a system? CPU, bus
bandwidth or maybe something else?
I'm looking to take some filtering load off of our routers for a
particularly DDoS-prone service.
Thanks,
ben.
Hi,
Something weird is happening to one of my firewall running OPENBSD_3_4
This box is loaded with 23 interfaces (3 quad intel, 1 dual fiber
intel, and 2 quad dlink plus one em onboard).
The problem is that we use on the internal network rsh to connect for
different reasons. and with a (keep|mod
On Tue, 2003-12-16 at 18:21, Michiel van Baak wrote:
> Hi all.
>
> @ the end of this email is my complete pf.conf file.
> I'm running -CURRENT from Fri Nov 21
> I know I'm behind,.. cvs up is running
>
> I have a major problem with my pf setup and I cannot find my answer
> anywhere.
>
> 1. Hosts
On Dec 16, 2003, at 1:41 PM, Ćukasz Bromirski wrote:
There are some google references that point to installations, where
pf is doing 600-700Mbit/s. You will need good motherboard, decent
CPU (two or four CPUs won't help much if machine will do only
firewalling) and of course fastest NICs on fastes
On Tue, Dec 16, 2003 at 06:41:55PM +0100, [EMAIL PROTECTED] wrote:
> from my debugging, the first connection (which works) goes from one
> interface to pf then to the ountbound interface (keep state make the
> return).
>
> and then with tcpdump on the $int_client I see the other connection
> (the
Other people filter at close, or better than a gig with multiple NICs.
With GigE NICs you are generally talking quality, and with quality
NICs you get lots of freebie stuff - checksum generation, decent
buffer sizes, efficient bus use etc. They know that their customers
don't want cheap, they want
On Tue, Dec 16, 2003 at 07:56:35PM -, Dom De Vitto wrote:
> With GigE NICs you are generally talking quality
that is no longer true.
Realtek now makes gigE chips...
> , and with quality
> NICs you get lots of freebie stuff - checksum generation, decent
> buffer sizes, efficient bus use etc. T
Henning Brauer wrote:
On Tue, Dec 16, 2003 at 07:56:35PM -, Dom De Vitto wrote:
With GigE NICs you are generally talking quality
that is no longer true.
Realtek now makes gigE chips...
hmm from what I have read and heard (mostly Linux users) this one
(rtl8169) should actually perform extre
Henning Brauer wrote:
it boils down to intel, intel or intel at the moment. it is
particularily the drivers' faults that all others are worse at the
moment, but that's how it is.
you don't need polling wit reasonable NICs. where reasonable
(unfortunately) translates to em(4), em(4) or em(4).
ye
On Tue, Dec 16, 2003 at 11:09:09PM +0100, Stefan Kaltenbrunner wrote:
> Henning Brauer wrote:
> >On Tue, Dec 16, 2003 at 07:56:35PM -, Dom De Vitto wrote:
> >>With GigE NICs you are generally talking quality
> >that is no longer true.
> >Realtek now makes gigE chips...
> hmm from what I have re
On Tue, 16 Dec 2003 18:21:17 +0100, Michiel van Baak <[EMAIL PROTECTED]> wrote:
> 1. Hosts out on the internet cannot passive ftp to my server.
You don't have a rule to accept passive ftp connections. Configure your daemon
to use a fixed port range (49151-65535 for example) and add a "pas
12 matches
Mail list logo
