--- Sven Ingebrigt Ulland <[EMAIL PROTECTED]>
wrote:
> I'm keeping basic in/out IP accounting info using
> labels. However,
> consider this simple ruleset:
>
>
> pass out keep state
>
> pass in on $int_if from $client1 to ! $localnet
> label "Client1_out"
> pass out on $int_if from ! $localne
On Tue, Aug 02, 2005 at 03:05:11AM -0700, Tihomir Koychev wrote:
> --- Sven Ingebrigt Ulland <[EMAIL PROTECTED]>
> wrote:
>
> http://www.openbsd.org/faq/pf/filter.html#state>:
> > "[...] not only do packets going from the sender to
> > receiver match the
> > state entry and bypass ruleset evaluati
On Tue, 26 Jul 2005 05:58:18 -0700 (PDT)
Pejman Moghadam <[EMAIL PROTECTED]> wrote:
> I have one FreeBSD 5.4 router/firewall box in my LAN that do NAT with PF.
> The problem is I can't ping the same machine on the internet from two or more
> different machines
> on my LAN at the same time. only o
On Tue, Aug 02, 2005 at 09:37:40PM +0800, Lars Hansson wrote:
> Pinging from 2 w2k workstations thru a NAT'ing openbsd 3.4 (yes, it's old
> i know) to 66.94.230.34 (www.yahoo.com) I can reproduce this problem.
> The second workstation gets "destination unreachable" until a while after
> the first
I am trying to find the appropriate way to set the external ip used. I
have a user who wants their outbound traffic to all go out their ip. This
way they have their reverse appropriate.
ifconfig snip:
inet 69.13.34.82 netmask 0xfff0 broadcast 69.13.34.95
inet 69.13.34.83 n
* Tihomir Koychev <[EMAIL PROTECTED]> [2005-08-02 12:11]:
> > Does this mean that basic label-based IP accounting
> > won't mix with
> > keeping state at all?
no, states have a pointer back to the rule that created it and update
the stats on it.
> there is patch in current
> http://www.openbsd.o
