Interrogation regarding pf + ALTQ

Hello list, I'm performing some tests with pf ALTQ here but before going further on, they are some obscure points I would like to clear up in my mind, that's why I hope some gurus available on this list will give me some more information. Here is how I understand the assignation to queues when

Re: DNS resolution (Was: Re: http redirection problem)

eric írta: On Wed, 2005-03-16 at 16:46:39 +0100, Vas Péter proclaimed... I have a problem with redirection, and I can't find any solution. I'm a newbie just now for using OpenBSD and pf. You know... pass out on $ext_if inet proto udp from $ext_if to any keep state You should let

Re: rdr on firewall initiated connections

Jon Hart wrote: Greetings, In trying to diagnose a problem with ftp-proxy, I stumbled upon something with pf's rdr that I cannot explain. Assume a simple firewall ruleset. I had the following rdr line: rdr pass on $ext_if proto tcp from any to any \ port 21 - 127.0.0.1 port 2121 That line,

Re: reverse ftp proxy using binat fails

[EMAIL PROTECTED] wrote: I have now placed my proftp server (normal ftp port) on my private DMZ, I do a binat on pf..conf and edited my inetd.conf file again to add this line. http://www.openbsd.org/faq/pf/ftp.html#natserver Not exactly what you're doing, but very close. You can skip the rdr

Ping response going out the wrong interface

Using pf on OpenBSD 3.6 (GENERIC) ... I previously posted about a firewall system based on pf, with two wan interfaces and a routing problem that led to tcp responses going out the wrong port. I thought that I had a temporary workaround by not creating a specific static route but still do not

Re: NAT using a CARP interface

On Tue, 2005-03-15 at 14:58:04 -0600, eric proclaimed... nat on xl0 inet from 172.19.81.183 to any - 10.100.81.183 I fixed this to be a binat rule binat on xl0 from 172.19.81.183 to any - 10.100.81.183 I then removed the following rdr rule... rdr on xl0 inet proto tcp from any to

Re: Interrogation regarding pf + ALTQ

Benjamin Constant wrote: Hello list, Hi Benjamin, ...int_if(in) ext_if(ou)--- [station_a] [bsd_box] [station_b] ---int_if(ou)ext_if(in) Dotted

Re: pf vs ASIC firewalls

On 17 Mar 2005 03:58:26 -0800, [EMAIL PROTECTED] (Henning Brauer) wrote: All of that said, I wonder if there isn't some way to implement something vaguely PF-ish in an FPGA that would allow more control over the rulesets than an off-the-shelf ASIC. there likely is... I mean, state table

Re: pf vs ASIC firewalls

* Greg Hennessy [EMAIL PROTECTED] [2005-03-17 19:31]: On 17 Mar 2005 03:58:26 -0800, [EMAIL PROTECTED] (Henning Brauer) wrote: All of that said, I wonder if there isn't some way to implement something vaguely PF-ish in an FPGA that would allow more control over the rulesets than an

Re: Ping response going out the wrong interface

[EMAIL PROTECTED] wrote: This morning I decided to investigate the source of traffic on one of those interfaces, and found that my ISP is sending quite a few pings. There is a block of 8 addresses and all are getting pinged at a slow rate, but repeatedly. The reason ? The system is sending ping