> And even more thanks for an extraordinary packet filter.
> I don't know what I would do without it.
>
> Kevin
Here! Here!
Dom
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Dom De Vitto Tel. 07855 805 271
http://www.devitto.com
On Fri, 13 Jun 2003 09:06:50 +0200
Daniel Hartmeier <[EMAIL PROTECTED]> wrote:
> The only workaround at this time is to assign IP addresses to the
> interfaces of the bridge. This results in routing table entries on the
> bridge machine, which allows the packets generated by pf to get sent
> out.
I will *try* to implement a solution for that problem,
assuming symetrical routing when no routing table is defined.
I don't think that makes sense...
Why?
I, for one, would love it.
Cedric
On Fri, Jun 13, 2003 at 02:59:23PM +0200, Cedric Berger wrote:
>
> >>Thanks for the quick reply. Do you know if support for synproxy on a
> >>bridge is planned?
> >>
> >>
> >
> >it can only work if the bridge has in ip address.
> >the same applies to the link2 for brconfig(8) and other things.
Thanks for the quick reply. Do you know if support for synproxy on a
bridge is planned?
it can only work if the bridge has in ip address.
the same applies to the link2 for brconfig(8) and other things.
I will *try* to implement a solution for that problem,
assuming symetrical routing when no
On Thu, Jun 12, 2003 at 06:56:35PM -0500, Kevin wrote:
> On Fri, 13 Jun 2003 01:32:46 +0200 (CEST)
> Dries Schellekens <[EMAIL PROTECTED]> wrote:
> >
> > return-{rst,icmp,icmp6) and synproxy don't work on a bridge.
> >
> > pb@ added a remark to pf.conf(5) and bridge(4) about this yesterday.
> >
On Thu, Jun 12, 2003 at 06:56:35PM -0500, Kevin wrote:
> Thanks for the quick reply. Do you know if support for synproxy on a
> bridge is planned?
The only workaround at this time is to assign IP addresses to the
interfaces of the bridge. This results in routing table entries on the
bridge machi
On Thu, Jun 12, 2003 at 06:09:17PM -0500, Kevin wrote:
> Am I missing something?
yes. synproxy, as well as return/return-rst/return-icmp, use stack
functions. thus (well, would be nearly the same if we hand-crufted that
again, what we won't do in any case) they rely on ip adresses on the
machin
On Thu, Jun 12, 2003 at 06:56:35PM -0500, Kevin wrote:
> On Fri, 13 Jun 2003 01:32:46 +0200 (CEST)
> Dries Schellekens <[EMAIL PROTECTED]> wrote:
> >
> > return-{rst,icmp,icmp6) and synproxy don't work on a bridge.
> >
> > pb@ added a remark to pf.conf(5) and bridge(4) about this yesterday.
> >
On Fri, 13 Jun 2003 01:32:46 +0200 (CEST)
Dries Schellekens <[EMAIL PROTECTED]> wrote:
>
> return-{rst,icmp,icmp6) and synproxy don't work on a bridge.
>
> pb@ added a remark to pf.conf(5) and bridge(4) about this yesterday.
>
> NOTES of -current bridge(4) state
> It is unsupported to use f
On Thu, 12 Jun 2003, Kevin wrote:
>
> Just installed the June 11 snapshot to do some testing with synproxy.
> The server has three NICs installed with fxp0 and fxp1 making up the
> bridge and dc0 for remote access.
>
> Traffic through the bridge works fine, unless I enable synproxy. Both
> keep s
Just installed the June 11 snapshot to do some testing with synproxy.
The server has three NICs installed with fxp0 and fxp1 making up the
bridge and dc0 for remote access.
Traffic through the bridge works fine, unless I enable synproxy. Both
keep state and moduleate state work as expected, the
12 matches
Mail list logo
