Hi!
I have the following network topology:
[ LAN ] <> [ OBSD f/w ] <- DSL -> [ Internet ]
|
\- > [ DMZ ]
In the DMZ I have a proxy (squid) configured and running properly on
port 3128. I want to make this pr
Hi,
>
> Try 'set optimization aggressive' which removes state entries quicker.
That does not resolve the problem. I investigated some more effort:
The SIP-Phone sends every 25s (default) a keep alive message to the SIP-Proxy
to remain the state on the NAT'ed Firewall. So I have to lower the
u
Hi there.
I tried all the ftp-proxy versions and all the possible options in
inetd.conf. ftp-proxy and PF Doesn't not work with "Restrict FTP
clients" in Active mode.
please if someone has a options to make "restricted FTP clients" behind
NAT with pf please let me know.
Thanks
Marcos Biscaysa
On Mon, 2005-02-07 at 09:48:38 -0800, [EMAIL PROTECTED] proclaimed...
> There's a Firewall/NAT router F, Local machines L and M, and a remote host R.
>
Block on the interface that is closer to Machine L; So how about:
machine_l="10.13.13.1"
machine_r="172.18.43.165"
block in quick on $internal
One other thing that might be helpful, my mtu is 1485.
-=Tucker
Damien Miller wrote:
Tucker Bradford wrote:
I'm experiencing a very annoying session timeout issue. Its most
often noticed when sshing to a host behind the firewall from off
site. It doesn't seem to happen when the connection is init
Hi, I have a question about filtering and how it relates to NAT.
Specifically, I'm wondering how to filter outbound traffic from a specific
NATed host to a specific remote host. From reading the faq and a few other
documents I've learned (among other things) that filtering is done after NAT.
I c
That doesn't work. The way I interpret the results of the previous
series of tests, we don't actually have a session timeout at all. There
is something else going on here, but I don't know what it is. It might
be a fragmentation timeout. I am stumped. Anyway, I tried the
ClientAliveInterval fo
Being I cannot get ftp-proxy to work for active connections.
I thought (hopefully for a short time to write rules to allow
just those clients to use ftp to just those servers where
I had problems. So I wrote up
rdr pass proto tcp from to $Server1 port ftp -> $Server1
port ftp
rdr pass proto
After reading the ftp rfc's (959 and 1123) I don't understand
how ftp-proxy can work without support of pf, and any
ftp client that works in active mode with the current ftp-proxy
is in violation of these rfc's.
In particular section 3.2 of rfc949 and 4.1.2.12 of rfc1123
together say that the dat
Tucker Bradford wrote:
I'm experiencing a very annoying session timeout issue. Its most often
noticed when sshing to a host behind the firewall from off site. It
doesn't seem to happen when the connection is initiated from another
internal network, but that could be due to some bi-directional pa
Cyrill Rüttimann wrote:
The state of the SIP-Connection remains active in the state table after
changing the IP, why?
The state is not expiring immediately.
If I then delete the state, the SIP-Phone registers immediately with the
SIP-Proxy.
Try 'set optimization aggressive' which removes state en
11 matches
Mail list logo