On 11/14/06, Peter Allgeyer <[EMAIL PROTECTED]> wrote:
Am Montag, den 13.11.2006, 18:14 -0600 schrieb Bill Marquette:
> This:
> net.inet.icmp.drop_redirect
> is NOT the same as:
> net.inet.ip.redirect
Ah, my fault, sure you're right. I meant I've played with
net.inet.ip.redirect. I do know what
Am Dienstag, den 14.11.2006, 08:25 -0600 schrieb Bill Marquette:
> Actually, doing stuff like this is likely to screw up your
> state table. State will be created for the first packet and there's a
> good chance that at least part of the flow will hit the firewall again
> and be out of state, prem
Am Montag, den 13.11.2006, 18:14 -0600 schrieb Bill Marquette:
> This:
> net.inet.icmp.drop_redirect
> is NOT the same as:
> net.inet.ip.redirect
Ah, my fault, sure you're right. I meant I've played with
net.inet.ip.redirect. I do know what net.inet.icmp.drop_redirect is for
and that it's wise to
Servus Holger!
Am Dienstag, den 14.11.2006, 00:02 +0100 schrieb Holger Bauer:
> As not everybody needs ICMP redirects how about making this a checkbox
> at system>advanced that is off by default and place a hint that enabling
> this option won't work with ICMP redirects?
I would go the other way
This:
net.inet.icmp.drop_redirect
is NOT the same as:
net.inet.ip.redirect
According to http://people.freebsd.org/~hmp/utilities/satbl/sysctl-net.html
is for ISSUING redirects. Obviously with what you dug up it probably
would have been disabled anyway. But we default pfsense to not
issuing redi
On 11/13/06, Scott Ullrich <[EMAIL PROTECTED]> wrote:
On 11/13/06, Peter Allgeyer <[EMAIL PROTECTED]> wrote:
> BTW: Although ICMP redirects are considered bad,
> it's a standard of TCP/IP we should honour.
You are not talking about:
# sysctl -a | grep icmp | grep redir
net.inet.icmp.drop_redire
m: Scott Ullrich [mailto:[EMAIL PROTECTED]
> Sent: Monday, November 13, 2006 11:23 PM
> To: support@pfsense.com
> Subject: Re: [pfSense Support] SOLVED: Re: [pfSense Support]
> ICMP redirects not functional in v1.0.1?
>
> Hrm. Well, if it's a bug I wonder what else is bei
Hrm. Well, if it's a bug I wonder what else is being affected. I do
not mind turning off Fast Forwarding by default until this can be
resolved.
Anyone object?
Scott
On 11/13/06, Peter Allgeyer <[EMAIL PROTECTED]> wrote:
Have to answer myself.
Am Montag, den 13.11.2006, 22:30 +0100 schrieb
Have to answer myself.
Am Montag, den 13.11.2006, 22:30 +0100 schrieb Peter Allgeyer:
>BTW: Has anyone benchmarked that?
http://m0n0.ch/wall/list-dev/showmsg.php?id=13/82
BR, PIT
---
copyleft(c) by | _-_ Those who do
Am Montag, den 13.11.2006, 15:55 -0500 schrieb Scott Ullrich:
> You are not talking about:
>
> # sysctl -a | grep icmp | grep redir
> net.inet.icmp.drop_redirect: 0
That's what I've played with. It's obvious, isn't it? Since setting
net.inet.icmp.drop_redirect from 0 to 1 hasn't made any differen
On 11/13/06, Peter Allgeyer <[EMAIL PROTECTED]> wrote:
BTW: Although ICMP redirects are considered bad,
it's a standard of TCP/IP we should honour.
You are not talking about:
# sysctl -a | grep icmp | grep redir
net.inet.icmp.drop_redirect: 0
Are you ?
Scott
---
-Original Message-
From: Peter Allgeyer [mailto:[EMAIL PROTECTED]
Sent: Monday, November 13, 2006 2:52 PM
To: support@pfsense.com
Subject: RE: [pfSense Support] ICMP redirects not functional in v1.0.1?
Am Montag, den 13.11.2006, 08:31 -0500 schrieb Mitch Martin:
> In your July thr
-Original Message-
From: Peter Allgeyer [mailto:[EMAIL PROTECTED]
Sent: Monday, November 13, 2006 2:13 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] ICMP redirects not functional in v1.0.1?
Hi Bill!
Am Montag, den 13.11.2006, 08:55 -0600 schrieb Bill Marquette:
>
Am Montag, den 13.11.2006, 08:31 -0500 schrieb Mitch Martin:
> In your July thread you wrote "Changing Rule 622 to pass any protocol
> solves the problem?!". I read that as meaning that you found a
> workaround and maybe it was something that I could implement on my box,
> as well.
Hmm, have to ta
Hi Bill!
Am Montag, den 13.11.2006, 08:55 -0600 schrieb Bill Marquette:
> You could try setting the following sysctl to 1:
> net.inet.ip.redirect
Have tried that already. Doesn't make any change.
Now we have to take a look at the filter code and how that is created.
Some notices about Kernel para
vember 13, 2006 9:55 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] ICMP redirects not functional in v1.0.1?
You could try setting the following sysctl to 1:
net.inet.ip.redirect
This at the command line:
sysctl net.inet.ip.redirect=1
I think it's whats stopping pfsense from s
From: Peter Allgeyer [mailto:[EMAIL PROTECTED]
Sent: Sunday, November 12, 2006 4:25 PM
To: support@pfsense.com
Subject: RE: [pfSense Support] ICMP redirects not functional in v1.0.1?
Am Sonntag, den 12.11.2006, 15:26 -0500 schrieb Mitch Martin:
> How might I implement the "fix" that Pet
-Original Message-
From: Peter Allgeyer [mailto:[EMAIL PROTECTED]
Sent: Sunday, November 12, 2006 4:25 PM
To: support@pfsense.com
Subject: RE: [pfSense Support] ICMP redirects not functional in v1.0.1?
Am Sonntag, den 12.11.2006, 15:26 -0500 schrieb Mitch Martin:
> How migh
Am Sonntag, den 12.11.2006, 15:26 -0500 schrieb Mitch Martin:
> How might I implement the "fix" that Peter did?
I can't remember any fix. I redefined my internal routing to our central
layer 3 switch instead of to the firewall.
> I_really_ need
> redirects to work as I don't have the time or mo
e with this so
maybe just a "pointer" or two in the right direction would suffice. ;-)
Mitch
-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Sunday, November 12, 2006 3:04 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] ICMP redirects not func
On 11/12/06, Mitch Martin <[EMAIL PROTECTED]> wrote:
Hello all,
I replaced our Sonicwall Pro 330 this weekend with pfSense v1.0.1 on a
Nokia IP330, 400MHZ, 256MB. I did this mainly because of the many
features that pfSense offers. It is working great. We have about 250
LAN users, 6 site-site I
Hello all,
I replaced our Sonicwall Pro 330 this weekend with pfSense v1.0.1 on a
Nokia IP330, 400MHZ, 256MB. I did this mainly because of the many
features that pfSense offers. It is working great. We have about 250
LAN users, 6 site-site IPSec VPN's, and, thanks to the OpenVPN feature,
we now
22 matches
Mail list logo
