Hello all,
I recently updated a machine to OpenBSD 4.7 and rewrote the ruleset. Things
seem to be working, though the system message buffer is getting filled with
this error:
pf: stack key attach failed on fxp0: ICMP in wire: (0) xxx.142.100.44:22793
xxx.142.101.241:8 stack: (0) xxx.142.100.44:22
On Wed, Aug 16, 2006 at 02:04:32PM -0700, George Pontis wrote:
> pass in quick on $int_if \
> route-to ($ext_if2 $ext_gw2) \
> inet proto tcp from 192.168.1.120 to any flags S/SA \
> keep state (floating) \
You seem to be assuming that a floating state create
Config: Firewall using OpenBSD 3.8, 2 WAN, 1 LAN
I am experiencing a problem with my configuration of pf as regards the
choice of WAN ports to route an outgoing packet. Can someone help
please ?
The scenario comes up when ext_if1 is the default gateway in the
routing tables, but I am trying to u
Firewall using OpenBSD 3.8, 2 WAN, 1 LAN
I am experiencing a problem with my configuration of pf as regards the
choice of WAN ports to route an outgoing packet. Can someone help
please ?
The scenario comes up when ext_if1 is the default gateway in the
routing tables, but I am trying to use a rul
I am having a hard time routing a reply out the correct WAN interface.
In spite of using a reply-to and creating state, the packet is routed
to the other interface and then dropped.
In detail, the machine has two WAN interfaces ext_if1 and ext_if2. A
backup mail server runs on the same machine, wh
Daniel Hartmeier wrote:
> ...
> Make sure that all your 'pass keep state' rules which can possibly
> apply to TCP packets also use 'flags S/SA' (so they only apply to
> initial SYNs), and that you block other TCP packets by default.
>
> ...
For a rule that matches both UDP and TCP packets, is "
I posted a similar question previously but incorrectly said ftpd when I
meant ftp-proxy. This led to several private emails but yet no solution.
More directly to the point now:
I am following the example from the User's Guide to use pf's route-to option
on "pass in" from the LAN for packets destin
>--- George Pontis <[EMAIL PROTECTED]> wrote:
>
>> >From the pf user's guide:
>>
>> "The route-to option is used on traffic coming in on
>> the internal interface
>> to specify the outgoing network interfaces..."
>>
>> I foll
>From the pf user's guide:
"The route-to option is used on traffic coming in on the internal interface
to specify the outgoing network interfaces..."
I followed this usage and the example in the user's guide to set up OpenBSD
3.5 to load-balance outgoing connections over two gateways. There is al
I am working with a common SMTP configuration in which connections are
treated with NAT and RDR to direct them to an internal mail server. It
seemed useful to apply synproxy to incoming traffic destined for the mail
server, but after changing statement from "keep state" to "synproxy state",
the mai
Hello,
Having some trouble here with mail when I try to implement outbound
load-balancing. I am following the example for outbound load balancing in
the
pf User's Guide. But I have changed it to be special for SMTP, to ensure
that
all mail is sent and received from the same IP which is advertized
11 matches
Mail list logo
