Hi!
Living on a DSL link is hard when it comes to ALTQ configuration on the
upstream side.
If you are able to configure both sides of a link policy based routing
is no problem (i.e. prioritizing ACKs or icmp/udp/Diablo 2 :)).
In my (and prob. this is the most common setup) I cannot (legally) take
On Mon, Aug 11, 2003 at 04:01:38PM +0200, Hendrik Scholz wrote:
> Before starting setting up an OpenBSD box I'd like to know if there
> are any caveats/reasons since this has not been done already.
I guess the question is: does a significant share of internet routers
honour the flag? What effect
Ed White wrote:
>> > pass in quick inet proto tcp from $My_ISP_class_B to $eth_ext port 22 tos
>> > $key keep state
>>
>> This is the worst kind of security through obscurity.
>
> That's not security at all.
My point exactly.
> That's custom setup, like using sshd on port 31337.
And equally st
On Tue, Aug 12, 2003 at 10:09:01PM +1000, Damien Miller wrote:
> OTOH a "pass set-tos xxx" option (what this discussion was originally
> about) would be nice...
there are various people now asking for a possibility to set the tos.
I tend to think it makes sense.
not sure about the syntax tho.
--
On Wed, Aug 13, 2003 at 01:43:18PM +0200, Hendrik Scholz wrote:
> Hi!
>
> On Wed, 13 Aug 2003 12:01:16 +0200
> Henning Brauer <[EMAIL PROTECTED]> wrote:
>
> > there are various people now asking for a possibility to set the tos.
> > I tend to think it makes sense.
> > not sure about the syntax t
Hi!
On Mon, 11 Aug 2003 17:06:30 +0200
Daniel Hartmeier <[EMAIL PROTECTED]> wrote:
> On Mon, Aug 11, 2003 at 04:01:38PM +0200, Hendrik Scholz wrote:
>
> > Before starting setting up an OpenBSD box I'd like to know if there
> > are any caveats/reasons since this has not been done already.
>
> I
Hi!
On Wed, 13 Aug 2003 12:01:16 +0200
Henning Brauer <[EMAIL PROTECTED]> wrote:
> there are various people now asking for a possibility to set the tos.
> I tend to think it makes sense.
> not sure about the syntax tho.
>From my point of view it fits into the scrub scheme.
Adding it to each rul
Hi!
On Wed, 13 Aug 2003 14:51:35 +0200
Daniel Hartmeier <[EMAIL PROTECTED]> wrote:
> Yes. Basic question is: do you want to set the same tos on all packets
> of one connection (state entry) automatically?
>
> Or is setting tos completely unrelated to connections, and you want to
> do it per pack
Ed White wrote:
> BTW filtering on TOS value introduce a good way to filter some ports even if
> you get a dynamic IP.
>
> Example:
>
> You want to filter port tcp:22 to avoid the whole internet to get the OpenSSH
> prompt. Adding a rule like this would make it possible...
>
> pass in quick i
On Monday 11 August 2003 18:33, Hendrik Scholz wrote:
> Where should I install a bridge?
LANrouter
> I cannot insert anything behind my router but like to modify the
> telco routers queueing mechanism.
I don't know your situation, but putting a bridge there could be invisible for
L
On Monday 11 August 2003 16:01, Hendrik Scholz wrote:
> Living on a DSL link is hard when it comes to ALTQ configuration on the
> upstream side.
> In my (and prob. this is the most common setup) I cannot (legally) take
> control of the upstream router and its queueing policies.
Sorry it's not clea
On Wednesday, Aug 13, 2003, at 03:01 US/Pacific, Henning Brauer wrote:
On Tue, Aug 12, 2003 at 10:09:01PM +1000, Damien Miller wrote:
OTOH a "pass set-tos xxx" option (what this discussion was originally
about) would be nice...
there are various people now asking for a possibility to set the tos.
On Wed, Aug 13, 2003 at 01:43:18PM +0200, Hendrik Scholz wrote:
> You'd have to add the tos statement to both rules in case you want
> the replies to incoming icmp echo request packets to be passed out
> with a tos flag set.
Yes. Basic question is: do you want to set the same tos on all packets
o
On Tuesday 12 August 2003 00:08, Damien Miller wrote:
> > You want to filter port tcp:22 to avoid the whole internet to get the
> > OpenSSH prompt. Adding a rule like this would make it possible...
> >
> > pass in quick inet proto tcp from $My_ISP_class_B to $eth_ext port 22 tos
> > $key keep state
Hi!
On Mon, 11 Aug 2003 18:05:41 +0200
Ed White <[EMAIL PROTECTED]> wrote:
> Sorry it's not clear to me the problem.
> Couldn't you insert a bridge ?
Where should I install a bridge?
LAN-router--(DSL connection)---DSLAM/Telco---Internet)
I cannot insert anything behind my router but like t
15 matches
Mail list logo
