On Wed, 2005-03-23 at 15:21, Xavier wrote:
Hi,
Just one question... Maybe stupid, pardon me!
Can I define sort of route maps such as
in Cisco devices with pf?
Ex: if source address = x.x.x.x - send to next hop y.y.y.y
yes--route-to can be used for this:
pass in on $int_if route-to
On Wed, 23 Mar 2005 21:21:58 +0100 (CET), Xavier [EMAIL PROTECTED] wrote:
Hi,
Just one question... Maybe stupid, pardon me!
Can I define sort of route maps such as
in Cisco devices with pf?
Ex: if source address = x.x.x.x - send to next hop y.y.y.y
YUP !!!
You can use the route-to
Hi all,
I'm in the process of setting up a group of load balanced servers, and
I've come across something (I think) is a bit unusal with macros and
tables and load balancing.
I use tables fairly extensively in our two 3.6-stable OBSD pf/CARP
firewalls, and I'd like to use them in configuring our
On Wed, Mar 23, 2005 at 03:19:13AM -0800, Ian wrote:
Hi,
I beleive you can acheive this with the use of properly labeled rules,
and then gather information with them and produce output, here is an
article where some perl is used to create graphs, I imagine it would
be simple to output the
On Tue, Mar 22, 2005 at 04:49:37PM -0500, David Chubb wrote:
pfstat can do that pretty well.
http://www.benzedrine.cx/pfstat.html
You can also view my companies pfstat implementation:
http://black.dev.virpack.com/pfstat/
Enjoy.
Thank you David.
I was trying this port. I see it use
On Thu, Mar 24, 2005 at 02:58:51PM +0300, Eugene M. Minkovskii wrote:
Yes, it can help me and I do this in one of networks, were I'm
system administrator. But I has other network where gateway has 3
network interface (I wrote this some time ago to David in this
tread). I can't set
On Wed, Mar 23, 2005 at 11:17:28PM +0100, fabien.misto wrote:
the bridge filtering continues to work, but not the nat.
I don't know if it's possible.
No, translation (nat, rdr) doesn't generally work on pure bridges. The
reason for that is on ethernet level, the way IP and MAC addresses
On Thu, Mar 24, 2005 at 01:40:53AM -0800, Ian wrote:
Hmm, yeah this gets difficuilt. If you have extra computers, you
could setup an IPless box running pf with just two rules, pass all
out, pass all in, and then label each and measure based on that. But
that's just another box to manage and
On Wed, Mar 23, 2005 at 10:47:34PM -0800, Kevin wrote:
yet this does not:
rdr on $ext proto tcp from any to web_servers_ext port 80 - \
web_servers_int round-robin sticky-address
There was a bug fixed recently where pf would fail to select a
translation when a rule did
On Wed, Mar 23, 2005 at 06:47:49PM -0300, Emilio Lucena wrote:
The question now is why NAT is not having its chance to rewrite the
packets with the right source IP address?
Try using 'set state-policy if-bound'. Without it, the re-routed packet
cannot create a second state entry on the second
On Mon, Mar 21, 2005 at 10:11:31PM -0500, Jim Fron wrote:
Any thoughts as to what I'm doing wrong?
It's probably some simple mistake in manipulating the ruleset. Make sure
you have both filter and translation rules loaded successfully, i.e. run
# pfctl -sn
and check whether rdr rule is
Maybe I'm missing something about your requirements, but why not just us MRTG?
It will measure input/output on as many interfaces as you want.
Since all it *really* does is graph data, it can also be used to
measure virtually anything.
It is relatively easy to create scripts that gather data
What exactly does PF think 'lowdelay' is though? I need to specificly
make sure IP precedence 5 packets are given priority over other traffic
(except maybe IP precedence 6 and 7).
I found buried in the pf.conf man page that I should be able to specify
a TOS value using something like:
pass
..an example of what you are talking about from my system I just restarted,
I am not clear how to zero these stats -
pfctl -z doesn't seem to do it (only two ifs) :
# pfctl -vvs Interfaces
.. many other interfaces snipped...
dc0 (instance, attached)
Cleared: Wed Mar 23 03:02:28
On Thu, Mar 24, 2005 at 02:17:55PM +0100, Daniel Hartmeier wrote:
On Thu, Mar 24, 2005 at 02:58:51PM +0300, Eugene M. Minkovskii wrote:
Yes, it can help me and I do this in one of networks, were I'm
system administrator. But I has other network where gateway has 3
network interface (I
yet this does not:
rdr on $ext proto tcp from any to web_servers_ext port 80 -
\
web_servers_int round-robin sticky-address
There was a bug fixed recently where pf would fail to select a
translation when a rule did not have an explicit (or implicit) address
It's probably some simple mistake in manipulating the ruleset. Make
sure
you have both filter and translation rules loaded successfully, i.e.
run
# pfctl -sn
No errors...
and check whether rdr rule is correctly loaded like you intend.
Check.
One somewhat obscure mistake is to run pfctl -R -f
On Thu, Mar 24, 2005 at 08:36:31PM -0500, Jim Fron wrote:
# pfctl -sn
No errors...
Can you please post the verbatim output of pfctl -vvsn?
Daniel
On Mar 24, 2005, at 8:55 PM, Daniel Hartmeier wrote:
Can you please post the verbatim output of pfctl -vvsn?
Got it. Unlike /bin/sh, which does NOT concatenate a comment
line ending in \ with the following line, pf.conf considers
# foo \
bar
to be a multi-line comment. Hence, in
On Mar 24, 2005, at 8:55 PM, Daniel Hartmeier wrote:
On Thu, Mar 24, 2005 at 08:36:31PM -0500, Jim Fron wrote:
# pfctl -sn
No errors...
Can you please post the verbatim output of pfctl -vvsn?
Interesting:
With rules as posted:
@0 nat on le1 inet from 192.168.1.0/24 to any - 69.241.239.150
[
20 matches
Mail list logo
