hi all,
i am relative new to openbsd (comming from linux) - and i am trying to
set up a openbsd firewall with carp/pfsync as described by this:
http://www.countersiege.com/doc/pfsync-carp/ very fine article.
I am also using the soekris 4801 hardware - so there should be any
hardware problems. I'v
On Thu, 15 Apr 2004 15:08:52 +0200
Wolfgang Pichler <[EMAIL PROTECTED]> wrote:
[snip]
>
>my pf.conf on both machines is:
>--pf.conf-
>ext_if="sis0"
>int_if="sis1"
>cross_if="sis2"
>
>pass quick on { $cross_if } proto pfsync
>pass on { $ext_if $int_if } proto carp ke
Is there a way to express the following in a PF rule or a set of PF rules?
"NAT from 10.64.14.0/24 to any unless I have a route in my routing table
to the destination"
The reason I want to do this is because I have OSPF running on my
firewall box. And it exchanges routing information and learn
I don't want to have to install SQUID on my firewall box. I don't
necessarily need or want a full-blown proxy.
I wonder how dificult it would be to patch ftp-proxy to support
specifying an IP address VIA the command line..
Guess I'll have to investigate
Daniel Corbe wrote:
Hey,
I'm having
> Does it work this way?
> src sends SYN => tcp.first
> dst sends SYN+ACK => tcp.opening
> src send ACK+data => tcp.established
> which seems logical to me.
> If so then it is not clear from the manpage.
Yes. The description is generic because we also allow you to infer
states from pre-existing c
On Thu, Apr 15, 2004 at 02:49:56PM -0400, Daniel Corbe wrote:
> Is there a way to express the following in a PF rule or a set of PF rules?
>
> "NAT from 10.64.14.0/24 to any unless I have a route in my routing table
> to the destination"
Try
nat on $if from 10.64.14.0/24 to no-route -> 1.2.3
