I'm curious if anyone can provide some experience on something I have
observed...
We have a OpenBSD 3.1 firewall protecting a public web site. We are using
good hardware (Intel ISP1100 1u server / Intel Pro Ethernet adapters) by all
accounts, etc. At times, the only way we have been able to get
Hello all,
Windows XP / Windows 2000 / OpenBSD systems behind a OpenBSD 3.2-stable
firewall with PF.
During "heavy web surfing sessions", especially when loading a lot over a
slower (90Kbps link)... I see my "block in rule" stopping a few packets from
port 80 servers.
A good example is a web pag
Hello Anders,
What you describe is a VPN... Your 'Server B' would establish a VPN (IPSec)
connection into 'Server A' network. The twist is that you are trying to do
this through a uncooperative firewall, it is pretty common to use SSH
tunneling for such purpose.
The VPN: Acting like a router.
Hi,
I'm booting firewall from Compact Flash and want to have PF log to a mounted
hard drive. My goal is to keep logs longer. I have a 2GB partition set for
logging.
Is there anything I need to do other than:
revise /etc/rc.conf
pflogd_flags="-f /fwlog/active/pflog"
revise /etc/newsyslog
all and see what we find.
Again, anyone else in same boat?
Thanks.
Stephen Gutknecht
-Original Message-
From: Stephen Gutknecht (OBSD-PF) [mailto:[EMAIL PROTECTED]]
Sent: Saturday, November 23, 2002 3:02 AM
To: [EMAIL PROTECTED]
Subject: Public web server behind a PF bridge, crap clients
[snip]
Correction to last post...
I wrote:
When we used "keep state" on our out rules, we would see port 80 packets
originating from our IIS server were sometimes showing in the log as
dropped.
I meant to say:
When we used keep state on our *in* rules (both interfaces of bridge) - we
would sometimes
Hi Daniel,
Are the default timeout values documented somewhere. If not, you post them.
The man pages for pf.conf show how to set them, but doesn't seem to indicate
the defaults.
On similar note: does "set optimization" influence the timeouts, or is it
merely relaxing the state matching toleranc
Howdy,
I'm trying to NAT using only a single Ethernet interface. Laptop system
where another interface is not available. The upstream is a cable modem
that provides address via DHCP.
I have configured my /etc/hostname.if to have:
dhcp NONE NONE NONE
inet alias 192.168.148.249 255.255.255.0
Hi,
Is there a way with OpenBSD 3.2 to "bridge" the wireless and wired
interface.
I have a 3-leg firewall:
wi0 - private wireless
fxp0 - public interface
fxp1 - private interface
I have seen Linux and WinXP firewalls that allow you to bridge the private
and wireless interface to allow a
ith NAT. um no.
-----Original Message-
From: Stephen Gutknecht (OBSD-PF) [mailto:[EMAIL PROTECTED]
Sent: Saturday, March 08, 2003 8:45 AM
To: [EMAIL PROTECTED]
Subject: wireless interface sharing same subnet as wired
Hi,
Is there a way with OpenBSD 3.2 to "bridge" the wireless and w
10 matches
Mail list logo
