SOLVED. I forout pass out on tcp on $ext_if.
[EMAIL PROTECTED]([EMAIL PROTECTED])@2008.11.14 11:16:17 +0100:
>
> if have been fighting with this problem too, i think it's not so
> well dokumented for n00b's in the online-documentation - i suggest
> good book would help you alot more ...
>
No luck. In my case, looking at the tcpdump output th
[EMAIL PROTECTED]([EMAIL PROTECTED])@2008.11.14 11:16:17 +0100:
> Hi Dan,
> if you include everything --- i'm using "rdr" for openvpn + ssh from
> internet to two internal hosts, maybe this gives you a little help ...
>
> regards
> Marc
Thanks! Will give it a try!
Stuart Henderson([EMAIL PROTECTED])@2008.11.12 17:39:15 +:
> Depending on where you test from,
> http://www.openbsd.org/faq/pf/rdr.html#reflect may help.
>
> On 2008/11/12 12:28, Dan wrote:
Testing from an external box sitting on the internet. Thanks.
> > Hi all, I am ne
Stuart Henderson([EMAIL PROTECTED])@2008.11.12 17:39:15 +:
> Depending on where you test from,
> http://www.openbsd.org/faq/pf/rdr.html#reflect may help.
>
That does not help. I am testing from the outside.
Hi all, I am new to PF. Trying to set up a simple, typical ruleset as
described on openbsd.org and other places. NAT works, rdr to a machine
behind pf doesn't. The documentation says it should work. What gives?
ext_if="dc0"
int_if="fxp0"
set skip on lo
scrub in
rdr pass on $ext_if proto { tcp
an high availability bridged firewall solution.
Would it be possible to put two openbsd bridged firewall on an
etherchannel link (between two cisco switch) and let the switch manage
the failover ?
Thanks,
--
Best Regards,
Dan
Using Opera's revolutionary e-mail client: http://www.opera.com/m2/
]
queue p2p bandwidth 9.60Kb priority 0
[ pkts: 537567 bytes: 520760419 dropped pkts:627 bytes:
165911 ]
[ qlength: 0/ 50 borrows: 0 suspends: 71886 ]
[ measured: 1.4 packets/s, 13.31Kb/s ]
--
Best Regards,
Dan
Using Opera's revolutionary e-mail client:
The error message was misleading.
I got wrong spelling of the word bandwidth.
On Fri, 03 Dec 2004 11:00:02 +0200, Dan <[EMAIL PROTECTED]> wrote:
Hello all,
why do i get
pfctl: the sum of the child bandwidth higher than parent "root_tun0"
/etc/pf.conf:15: syntax error
for:
alt
ack out to multiple analysis boxes simultaneously, but that
would cost many thousands of dollars. Wouldn't it be nice if PF could
to this? :)
Matt
--
Best Regards,
Dan
Using Opera's revolutionary e-mail client: http://www.opera.com/m2/
lt, borrow)
queue low bandwidth 10% priority 1 cbq(borrow)
queue p2p bandidth 10% priority 0
???
--
Best Regards,
Dan
Using Opera's revolutionary e-mail client: http://www.opera.com/m2/
May be just implement Cisco's WFQ.
It's based on min-max fair-share algorithem.
On Fri, 16 Apr 2004 23:21:10 +0200, Miroslav Kubik
<[EMAIL PROTECTED]> wrote:
Hi
I would like to have new option in traffic shaping. I feel like restrict
connection speed according to connection persistence. It
What is 10.2.0.0/24 ? Which network is it?
The problem is with the /30 network connected to your ISP
On Sun, Apr 11, 2004 at 04:45:40PM +0100, Greg Hennessy wrote:
On 11 Apr 2004 07:16:03 -0700, [EMAIL PROTECTED] (Role Account for
SysAdmin) wrote:
>4) $air /30 (a nic to a wireless router, part of
ifstated is also very important when you want to protect yourself from
link failure.
On Sun, 28 Mar 2004 18:23:07 +, tefol tefol <[EMAIL PROTECTED]> wrote:
Hiya.
IS it possible to fail over OpenBSD + PF firewalls?
What are the impliocations if there are several VPNs terminated on the
fi
Normal STP should converge within 50 seconds.
2*forward time + max_age time = 15*2 + 20 = 50
It's also depends on how your fw connected (what swtiches and how)
On Mon, 29 Mar 2004 08:40:09 +1200, Russell Fulton
<[EMAIL PROTECTED]> wrote:
Hi I have a couple of boxes running 3.4 acting as bridges
If it only Ip addresses use tables.
Or use anchors: http://www.openbsd.org/faq/pf/anchors.html
On Tue, 23 Mar 2004 18:55:49 +0100, Ed White <[EMAIL PROTECTED]> wrote:
Hi,
someone asked me how to add a rdr rule on the fly.
They are coding a well-known network manipulation utility and needed to
dhcpd.leases | grep -v \# | grep lease | awk '{print $2}' | while
read a ;do
pfctl -a foo:bar -t mytable -T add $a
done
or something like that...
Dan
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Ed White
Sent: 06 January 2004 18:09
To: [EMAIL
Drain Fade said:
> I apologize for the muddiness of my explanation of the problem. I'm not
> confusing DNS and SMTP, what I should have stated was "If I try and hit
> my webmail from a browser behind my NAT to the email server behind my
> NAT by name, it fails. If I go to the private IP direct in m
if you had a list of ip addresses of said p0rn sites you could simply have a
shell script read the list and call pfctl to block the ip address of the site
given the list of "bad" sites this is fairly easily achivable...
Dan
Quoting franciszek holop <[EMAIL PROTECTED]>:
> he
I need to write a userland process to monitor the status of the webservers
behind our openbsd 3.4 firewall and dynamicly add or remove them from the pool
of addresses in our load ballancing set up..
does anyone have and example of some code that could do this ?
Regards
Dan
Can anyone recomment a good wifi card to put into my openbsd firewall ?
Regards
Dan
if they will work or
not….
All comments appreciated….
Dan
can someone point it out to me please ?
Regards
Dan
Eek, that should keep be busy for a while :-~
-Original Message-
From: Daniel Hartmeier [mailto:[EMAIL PROTECTED]]
Sent: 13 January 2003 16:10
To: Dan Heaver
Cc: [EMAIL PROTECTED]
Subject: Re: adding a new subnet to my firewall
On Mon, Jan 13, 2003 at 03:11:36PM -, Dan Heaver wrote
o our firewall's external interface...
They do however need a different gateway
address, where do I speciy this ? is is something in my hostname.rl1 file ?
Dan
This e-mail has been scanned for all virus
In adition to my rule or instead of ?
-Original Message-
From: Gritche [mailto:[EMAIL PROTECTED]]
Sent: 07 January 2003 12:41
To: Dan Heaver
Cc: [EMAIL PROTECTED]
Subject: Re: what on eath have i missed ?
On Tue, 7 Jan 2003 11:12:24 -
Dan Heaver <[EMAIL PROTECTED]> wrote:
e I missed something ?
Dan
This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around
> "JD" == "Jason Dixon" <[EMAIL PROTECTED]>:
JD> On Wed, 2002-11-20 at 18:23, [EMAIL PROTECTED] wrote:
JD> Good news and bad news. The -current kernel (on a still -stable system)
JD> frags), "pfctl -F all && pfctl -f /etc/pf.conf" spit out the following
JD> error:
JD>
JD> pfctl: DIOCADDRULE:
he services has failed.
Does this sound feasible ?
Where would I have to look to dynamically change nat
rules in pf ?
Regards
Dan
This e-mail has been scanned for all viruses by Star Internet. The
servic
t; is applied.
>
> Daniel
>
I take it that no-df works for 3.2, is that correct? I
tried it on 3.1: the syntax is accepted but it doesn't
seem to change anything.
Regards,
Dan
__
Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site
http://webhosting.yahoo.com
Thank you very much.
Dan.
--- Daniel Hartmeier <[EMAIL PROTECTED]> wrote:
> On Tue, Nov 19, 2002 at 02:16:50AM -0800, Dan
> Moinescu wrote:
>
> > I don't think of it as giving in to one point of
> view
> > or another. All I really care about is for the box
&
lease do me a favor and tell me
what file that DF check is performed in? That would
save me from going through the kernel sources to find
it.
Thanks,
Dan.
__
Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site
http://webhosting.yahoo.com
--- Henning Brauer <[EMAIL PROTECTED]> wrote:
> On Mon, Nov 18, 2002 at 05:25:43AM -0800, Dan
> Moinescu wrote:
> > As it happens, some NFS packets are fragmented and
> the
> > "scrub in" directive was blocking the fragments.
> > I removed the scrub line
2?
And related to this, what exactly does "normalization"
mean? I thought scrub's main purpose was to to
defragmentation.
Best regards,
Dan.
__
Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site
http://webhosting.yahoo.com
2?
And related to this, what exactly does "normalization"
mean? I thought scrub's main purpose was to to
defragmentation.
Best regards,
Dan.
__
Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site
http://webhosting.yahoo.com
Looks like VRRP is what you want, but I don't know
whether it will work with the bridging scenario.
Regards,
Dan.
--- Stefan Sonnenberg-Carstens
<[EMAIL PROTECTED]> wrote:
> Hi list,
> I'd like to do the following :
>
> switch1
36 matches
Mail list logo