Thanks. :-)
Any hints on the rulebase when dhcrelay runs on the same machine as pf?
Will source address 0.0.0.0 work for example?
Regards,
Mipam.
On Thu, 31 Aug 2006, David A de Gruyl wrote:
* on [06-08-31 09:11] Mipam wrote:
Is it possible to forward these dhcp discover and requests through
On Tue, 16 May 2006, [ISO-8859-1] Per-Olov Sjöholm wrote:
Mipam wrote:
Hi All,
A small internal network is defined to be able to send traffic outside:
outside = { a.b.c.d }
special = { 10.23.145.10 }
internal = { 10.23.145.0/24, !10.23.145.10 }
nat on fxp0 from $internal
with natting and portmapping on all normal
connections, but only the host 10.23.145.10 should not be portmapped.
Actually i wish it more specified, only source port from $special
should not be portmapped, the rest doesnt matter. Is such possible or
should i stick to this?
Bye,
Mipam.
,
Mipam.
On Sun, 3 Oct 2004, Peter Matulis wrote:
Output from pflog0:
4. 422299 rule 1/0(match): block in on wm0: IP (tos
0x0, ttl 242, id
58380, offset 0, flags [DF], length: 44, bad cksum
d0ab (-2145)!)
129.128.5.191.20 82.161.169.153.55674: S [tcp sum
ok]
693991520:693991520(0) win
,
Mipam.
keep state
It worked for me.
Bye,
Mipam.
On Sat, 11 Sep 2004, Mipam wrote:
Hi,
I was trying to make ftp'ing from my inside nw to internet possible.
So in pf.conf (state-policy is floating):
rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021
pass in on $ext_if inet proto tcp from any to $ext_if user proxy keep
packet from 10.1.1.12?
Bye,
Mipam.18:46:54.422934 10.1.1.12.1043 213.133.51.82.500: [udp sum ok] isakmp 1.0 msgid
cookie ff4b138f02d5925e-: phase 1 I ident:
(sa: doi=ipsec situation=identity
(p: #1 protoid=isakmp transform=6
(t: #1 id=ike (type=enc
On Sun, 5 Sep 2004, Oliver Humpage wrote:
On Sun, 5 Sep 2004, Mipam wrote:
If I have set state-poliy floating and i have
block in on $ext_if
pass out on $ext_if modulate state
Then traffic incomming on $int_if will be allowed, because it may
leave through the $ext_if right? Traffic
On Mon, 6 Sep 2004, Oliver Humpage wrote:
on 6/9/04 11:18 am, Mipam at [EMAIL PROTECTED] wrote:
On Mon, 6 Sep 2004, Oliver Humpage wrote:
on 6/9/04 9:21 am, Mipam at [EMAIL PROTECTED] wrote:
Hmm i see, so for outbound traffic over $ext_if
1) nat
2) filtering
Is this correct or am i missing things (apart from natting)?
Bye,
Mipam.
, or maybe its just me thinking broadcom doesnt make the
best nics. Maybe placing 82541GI cards in a machine which needs to perform
is also silly, but it runs just fine and i dont notice much difference
with another machine which has 82547EI / CSA cards in it.
Bye,
Mipam.
(as is being done in fbsd). Maybe pf need changing
too at that time?
What will be faster, 64 bits architecture or multiple threads on multiple
cpu's?
Bye,
Mipam.
checksum offloading, but since you're using the machine as
bridge, this shouldnt be the case right?
Bye,
Mipam.
be the case right?
Bye,
Mipam.
Hi Mipam,
The NIC is an Intel Pro/1000MT (dual port) which has HW checksum offloading
as a default as far as I can make out. If this is causing the problem have you any
idea how to turn it off?
The fact that you see bad udp/tcp checksums
connected to
the interface but a switch back. It looks like an extra line with a
checksum error is being generated, either by tcpdump or by pf. From
Mipam it may be a problem with the hardware. Has this showed up before
with Intel pro/1000 adapters?
I didn't say it's a problem with the hardware
?
Bye,
Mipam.
18 matches
Mail list logo
