Hi
I have seen strange issues with my firewall environment. It has the following
9 interfaces:
Internet - em1 (dual intel pci-e)
lan - em0 (dual intel pci-e)
pfsync - em2 (dual intel pci-x)
dmz1 - em3 (dual intel pci-x)
dmz2 - bge0 (server build in broadcom)
dmz3-6 - sis0-4 (soekris pci quad)
Hi All,
I am having some trouble with asterisk behind a NAT via pf. The trouble
I am having is that sometimes inbound RTP would fail with some SIP
connections. The problem was sporadic, but I think I've nailed it down.
The firewall was reporting state clashes (state failure errors, I believe)
On 02/01/2006 03:17:56 PM, Tim Pushor wrote:
What seems to be happening is that when the connection uses symmetric
RTP, the server (asterisk) sends UDP traffic to the server and makes
a state entry for the NAT that is taking place. Then when the client
tries to talk back on the same set o
Karl O. Pinc wrote:
On 02/01/2006 03:17:56 PM, Tim Pushor wrote:
What seems to be happening is that when the connection uses
symmetric RTP, the server (asterisk) sends UDP traffic to the server
and makes a state entry for the NAT that is taking place. Then when
the client tries to ta
Hello Everybody,
Faced like a lot of you with ssh bruteforce automated
attempts on my OpenBSD 3.8 box, I searched the web to
see what others did to protect themselves against
this.
I made the same, forbiding ssh connections with
password and opting for public key authentication, but
that was of n
Tr0go wrote:
> Hello Everybody,
>
> Faced like a lot of you with ssh bruteforce automated
> attempts on my OpenBSD 3.8 box, I searched the web to
> see what others did to protect themselves against
> this.
>
> I made the same, forbiding ssh connections with
> password and opting for public key au
I had a similar issue. I ended up using net.inet.carp.preempt=1 on the
primary firewall and net.inet.carp.preempt=0 on the secondary.
If the primary has an issue, the secondary becomes the master on all
interfaces. I must confess I haven't "fully tested" the configuration.
-Steve S.
[EMAIL PROT
I know this has been beaten up before but I didn't see this particular issue
addressed.
I have dual firewalls (carp'd) with dual ISPs. I perform outbound load
balancing per the following lines in pf.conf:
nat on fxp0 from $lan_net to any -> (carp0)
nat on fxp1 from $lan_net to any -> (carp1)
pa
