On Wed, 8 Mar 2017 16:52:36 +0100, Andrea Venturoli wrote:
Just on one point:
> Second question:
> _ if I issue "ipfw nat 2 config if re0", I'll see the output "ipfw nat 2
> config if re0";
> _ if I issue "ipfw nat 2 config ip 192.168.0.1", I'll see the output "ipfw
> nat 2 config ip
On Fri, 29 Apr 2016 00:32:05 -0300, lpa lpa wrote:
> On Thu, Apr 28, 2016 at 4:06 PM, Nikolay Denev wrote:
>> Hi,
>>
>> Have you looked at the natd(8) source code?
> yes but it's a complete application, it does a lot of stuff and I am
> not able to "clean" it up to
On Thu, 7 Apr 2016 17:08:38 +0100, Dr Josef Karthauser wrote:
[ AppleMail msgs fail to quote properly in pine, so a partial quote: ]
> Looks like the first packet is being retransmitted, which means that
> the nat is probably misconfigured and the TCP connection is broken in
> some strange
On Wed, 9 Mar 2016 14:40:16 +0100, el...@sentor.se wrote:
> On Wed, 9 Mar 2016, Jan Bramkamp wrote:
[..]
> > I would avoid policies based on IP addresses and prefer to define policies
> > based on (pseudo-) interfaces e.g. route (and nat?) traffic from vlan123
> > through the VPN tunnel.
>
On Sun, 21 Feb 2016 16:32:53 -0800, Julian Elischer wrote:
> On 20/02/2016 6:22 PM, Valeri Galtsev wrote:
> > Dear Experts,
> >
> > I'm one of Linux refugees who several years ago migrated majority of
> > servers from Linux to FreeBSD and is happy since. When recently I needed
> > to set up
On Sun, 24 Jan 2016 17:41:17 -0700, Russell L. Carter wrote:
> Hi,
>
> I am making myself learn better how ipfw works. I am curious about
> the optimal location of the NAT rule definition code. My immediate
> application is a generic NATing gateway with an outside iface armored
> up and
On Tue, 15 Dec 2015 23:47:39 +0100, bcs wrote:
[..]
> I use ipfw but "ipfw -q -f flush" didn't solve the issue. Here are my
[..]
> /boot/loader.conf:
> ipfw_load="YES"
> net.inet.ip.fw.default_to_accept=1
ipfw(8):
Tunables can be set in loader(8) prompt, loader.conf(5) or kenv(1) before
On Sat, 7 Nov 2015 01:51:29 +, Rasool Al-Saadi wrote:
> On Saturday, 7 November 2015 2:05 AM, Hans Petter Selasky wrote:
> > On 11/06/15 11:08, Luigi Rizzo wrote:
> > > On Fri, Nov 6, 2015 at 10:52 AM, Hans Petter Selasky
> > wrote:
> > >> On 11/06/15 09:50, Luigi
On Mon, 19 Oct 2015 21:47:36 -0700, Kevin Oberman wrote:
> > I suspect it might not touch the c states, but better check. The safest is
> > disable them in the bios.
> >
>
> To disable C-States:
> sysctl dev.cpu.0.cx_lowest=C1
Actually, you want to set hw.acpi.cpu.cx_lowest=C1 instead.
On Thu, 15 Oct 2015 17:03:55 +0800, Julian Elischer wrote:
> On 10/10/15 10:59 PM, Luigi Rizzo wrote:
> > the nice folks at cloudflare implemented a nice feature
> > in netmap that puts some queues of the NIC in netmap mode
> > leaving others attached to the host stack
> >
> >
On Wed, 7 Oct 2015 08:57:42 -0500, Mark Felder wrote:
> Hi all,
>
> I've only used IPFW in the past for the most basic of tasks. I'd like to
> use it with in-kernel NAT protecting both v4 and v6 and add
> dummynet/pipe later, but I have to get the basic working first. I'm
> either
On Tue, 15 Sep 2015 07:51:11 -0600 (MDT), Warren Block wrote:
> On Tue, 15 Sep 2015, Ian Smith wrote:
>
O. Hartmann wrote:
> > > But that is an other issue and it is most likely
> > > due to the outdated documentation (that doc still uses port 37 for NTP
&g
On Tue, 15 Sep 2015 09:47:57 +0200, O. Hartmann wrote:
> On Tue, 15 Sep 2015 10:21:21 +0300
> Kimmo Paasiala wrote:
>
> > On Tue, Sep 15, 2015 at 10:06 AM, O. Hartmann
> > wrote:
> > > Hopefully, I'm right on this list. if not, please
On Sun, 23 Aug 2015 08:44:53 +0900, Hiroki Sato wrote:
Don Lewis truck...@freebsd.org wrote
in 201508222103.t7ml3gax000...@gw.catspoiler.org:
tr The example /etc/rc.firewall has provisions to use either in-kernel NAT
tr or natd for the open and client firewall types, but the simple
On Thu, 6 Aug 2015 01:13:31 +1000, Kubilay Kocak wrote:
On 6/08/2015 1:02 AM, Sean Bruno wrote:
On 08/04/15 16:13, grenville armitage wrote:
de-lurk
I'm curious about the uptick of bugzilla chatter turning up in
freebsd-net@ the last few days.
Whilst I can filter it
On Fri, 12 Jun 2015 08:59:40 +0200, Guido Falsi wrote:
looks correct, assuming xl0 is your internal interface (better put it in
a variable and use the variable in your rules imho)
Forgot one thing, working around this block is as easy as changing the
machine IP, teenager can learn
On Thu, 11 Jun 2015 19:49:06 -0700, John Reynolds wrote:
Hello all, I've read in sections 30.4.4 and 30.4.3 of the handbook about
using IPFW and I've got some clarification questions.
1) When you're using any sort of firewall rules outside the
open/client/simple/closed, etc. pre-canned
On Fri, 12 Jun 2015 10:24:05 +0200, Guido Falsi wrote:
On 06/12/15 10:07, Ian Smith wrote:
On Fri, 12 Jun 2015 08:59:40 +0200, Guido Falsi wrote:
looks correct, assuming xl0 is your internal interface (better put it
in
a variable and use the variable in your rules imho
On Mon, 4 May 2015 15:29:13 +, Barney Cordoba via freebsd-net wrote:
It's not faster than wedging into the if_input()s. It simply can't
be. Your getting packets at interrupt time as soon as their processed
and you there's no network stack involved, and your able to receive
and
On Wed, 8 Apr 2015 00:10:51 +0200, Marek Salwerowicz wrote:
Hi list,
I am trying to find correct setup of sysctl's for following machines (VMs
under Vmware Workstation 8) to test large TCP window size:
There are 2 boxes, each of them has following setup:
- % uname -a
FreeBSD
On Sat, 4 Apr 2015 18:11:55 +0100, Robert N. M. Watson wrote:
On 4 Apr 2015, at 16:59, Hans Petter Selasky h...@selasky.org wrote:
Thankyou Robert for this most interesting dissertation.
And thanks Hans for the provocation to draw it forth ..
cheers from the peanut gallery,
Ian
On Wed, 25 Feb 2015 14:59:18 +, Gary Palmer wrote:
On Wed, Feb 25, 2015 at 09:30:49PM +1100, Ian Smith wrote:
This snippet is from an old linux 2.4 router/firewall/proxy box, usually
clockwork. Clipped this while monitoring one night, saved it, forgot,
but still find it curious
This snippet is from an old linux 2.4 router/firewall/proxy box, usually
clockwork. Clipped this while monitoring one night, saved it, forgot,
but still find it curious and haven't seen anything similar before or
since. 31.13.70.1 173.252.102.24 are facebook, our guy 192.168.9.21
25/9/2014
On Tue, 10 Feb 2015 19:34:20 +0100, Andre Albsmeier wrote:
On Wed, 11-Feb-2015 at 04:33:15 +1100, Ian Smith wrote:
On Tue, 10 Feb 2015 14:26:52 +0100, Andre Albsmeier wrote:
On Tue, 10-Feb-2015 at 13:49:23 +0300, Lev Serebryakov wrote:
On 10.02.2015 00:21, Andre Albsmeier wrote
On Tue, 10 Feb 2015 14:26:52 +0100, Andre Albsmeier wrote:
On Tue, 10-Feb-2015 at 13:49:23 +0300, Lev Serebryakov wrote:
On 10.02.2015 00:21, Andre Albsmeier wrote:
The ipfw man page says:
Usually a simple rule like:
# reassemble incoming fragments ipfw add reass all
On Thu, 5 Feb 2015 02:14:41 +0300, Lev Serebryakov wrote:
On 05.02.2015 01:16, Lev Serebryakov wrote:
I have such rules in my firewall:
nat 9 config redirect_port tcp 192.168.134.2:16881 16881
redirect_port udp 192.158.134.2:16881 16881 redirect_port tcp
192.168.134.2:22 2
On Tue, 3 Feb 2015 13:23:38 +0300, Lev Serebryakov wrote:
On 03.02.2015 13:04, Ian Smith wrote:
Now to make stateful firewall with NAT you need to make some not
very readable tricks to record state (allow) of outbound
connection before NAT, but pass packet to NAT after that. I know
On Mon, 2 Feb 2015 22:17:25 +0300, Lev Serebryakov wrote:
Now to make stateful firewall with NAT you need to make some not very
readable tricks to record state (allow) of outbound connection
before NAT, but pass packet to NAT after that. I know two:
(a) skipto-nat-allow pattern from
On Fri, 30 Jan 2015 16:57:28 -0800, Kevin Oberman wrote:
On Wed, Jan 28, 2015 at 9:13 AM, Lev Serebryakov l...@freebsd.org wrote:
I could not resolve names with DNSSEC (for example, in freebsd.org
domain) on two of my installations, one with FreeBSD 11 and other with
FreeBSD 9.3.
On Fri, 30 Jan 2015 12:05:07 +0300, Lev Serebryakov wrote:
On 30.01.2015 05:33, Julian Elischer wrote:
12700 skipto 12900 ip from any to any keep-state 12800 deny ip
from any to any 12900 nat 1 ip from any to any out 12999 allow ip
from any to any
And rules for inbound ones
On Thu, 4 Dec 2014 06:01:06 +0100, Martin Hanson wrote:
(Warren Block wrote:)
I would use three of these sections, one with the serial number of each
interface. So:
action ifconfig $device-name name wan inet ...
action ifconfig $device-name name dmz inet ...
action ifconfig $device-name
On Tue, 11 Nov 2014 13:15:30 -0800, John-Mark Gurney wrote:
Ian Smith wrote this message on Tue, Nov 11, 2014 at 21:31 +1100:
[..]
So can anyone confirm that ep(4) is present on 9.3-R, even if only i386?
Yeh, it looks like ep is in GENERIC on i386.. We also compile ep on
amd64 too
In a conversation on questions@ re natd(8), Gary said he was about to
upgrade to 9.3 from some (embarrassingly :) old version, and I said:
Strangely, there's no man page for ep nor if_ep on 8.x or 9.x?
To which Gary replied:
ugh. That will be interesting when my upgrade starts in a few
On Fri, 31 Oct 2014 18:28:28 -0700, Freddie Cash wrote:
On Oct 31, 2014 12:12 PM, John-Mark Gurney j...@funkthat.com wrote:
Can any one think of a good reason not to enable IPDIVERT sockets in
the ipfw module?
Yes, two. Nowadays people are just as or perhaps more likely to use
On Sat, 1 Nov 2014 15:38:33 +0330, Hooman Fazaeli wrote:
On 10/31/2014 8:30 PM, Ian Smith wrote:
[..]
: ipfw add 10 fwd localhost,7000 udp from any to any recv em1
Given these are local packets and that ipfw(8) /fwd states:
The fwd action does not change the contents
On Fri, 31 Oct 2014 18:30:00 +0330, Hooman Fazaeli wrote:
On 10/31/2014 5:30 PM, Mark Felder wrote:
I'm not sure if this is what you're looking for, but perhaps the
solution is in net/samplicator ?
From the project's website:
This simple program listens for UDP datagrams on
On Sat, 6 Sep 2014 02:52:22 +, John Case wrote:
I would like to use sshuttle (http://github.com/apenwarr/sshuttle) on
FreeBSD.
I have it working for TCP connections, but it does not properly tunnel DNS
requests. The documentation for sshuttle says that ipfw forward rules will
On Tue, 9 Sep 2014 19:33:05, Ian Smith wrote:
add 1000 divert natd ip from any to any in recv xl0
add 2000 divert natd ip from any to any out xmit xl0
Oops, 'ip' should nowadays be 'ip4|ipv4' for divert rules, if ip6 is
configured on that interface. Last I heard, ip6 packets break
On Fri, 6 Jun 2014 00:10:26 +0800, bycn82 wrote:
Hi Bill,
Sorry for waste you time to explain it again, I will read the code first.
Especially the code provided in free tutorials by your busy professor ..
And the latest patch of `PPS` should be OK, I checked the logic carefully
this
On Mon, 19 May 2014 01:02:42 _0200, Luigi Rizzo wrote:
Folks, i have two requests for you:
1. please do not complain about questions on this list related
to a core network-related FreeBSD subsystem (netmap, dummynet,
netgraph, tcp stack...) even if they are concerned with ports
On Sat, 29 Mar 2014 15:02:29 +0100, Willy Offermans wrote:
Dear FreeBSD friends,
On Fri, Mar 28, 2014 at 05:25:54PM +0100, Willy Offermans wrote:
Dear FreeBSD friends,
I have a problem with my relatively new FreeBSD server. I came across the
problem when sending e-mails of
On Wed, 5 Mar 2014 20:44:51 +0100, Andreas Nilsson wrote:
On Wed, Mar 5, 2014 at 7:49 PM, Andrey V. Elsukov bu7c...@yandex.ru wrote:
On 04.03.2014 09:58, Andreas Nilsson wrote:
Why do I need the explict fwd rule? As far as I can see the ipfw man page
says nothing about skipto
On Wed, 18 Sep 2013 12:00:30 +0430, h bagade wrote:
Hi all,
I've heard that disabling firewall with commands or setting related sysctl
parameter wouldn't increase performance and still firewalls participate in
forwarding process. The only way to reach a better performance is making
On Wed, 18 Sep 2013 11:18:38 +0200, Luigi Rizzo wrote:
On Wed, Sep 18, 2013 at 10:07 AM, Ian Smith smi...@nimnet.asn.au wrote:
On Wed, 18 Sep 2013 12:00:30 +0430, h bagade wrote:
Hi all,
I've heard that disabling firewall with commands or setting related
sysctl
On Sun, 18 Aug 2013 14:03:27 -0700, Barney Cordoba wrote:
Criticism is the bedrock of innovation.
Constructive criticism, with clear design even without code, can be.
Relentless negativity achieves nothing, and fails to compile.
Ian
___
On Sat, 6 Jul 2013 18:37:55 +0700, Eugene Grosbein wrote:
On 06.07.2013 14:47, Sami Halabi wrote:
Hi,
Any hope?
Have you used intedmediate ipfw count log rules between ipfw nat rules
I recommended? If yes, why have not you show that logs yet?
Include tcpdump output from external
On Thu, 7 Feb 2013 12:50:51 +, Eggert, Lars wrote:
Hi,
On Feb 7, 2013, at 13:40, Ian Smith smi...@nimnet.asn.au wrote:
On Thu, 7 Feb 2013 08:08:59 +, Eggert, Lars wrote:
On Jan 31, 2013, at 16:03, Matthew Luckie m...@luckie.org.nz wrote:
00510 allow ip from me to not me
On Thu, 7 Feb 2013 08:08:59 +, Eggert, Lars wrote:
On Jan 31, 2013, at 16:03, Matthew Luckie m...@luckie.org.nz wrote:
00510 allow ip from me to not me out via em1
00550 divert 8668 ip from any to any via em1
Rule 510 fixes it.
Yep, it does. Can I ask someone to commit
On Tue, 8 Jan 2013 07:57:04 -0800, Garrett Cooper wrote:
On Jan 8, 2013, at 7:50 AM, Barney Cordoba wrote:
--- On Mon, 1/7/13, Erich Dollansky erichsfreebsdl...@alogt.com wrote:
From: Erich Dollansky erichsfreebsdl...@alogt.com
Subject: Re: To SMP or not to SMP
To: Barney
On Sat, 15 Dec 2012 12:51:11 -0800, Chris H wrote:
in rc.conf, adding the following (order is important!), everything
works as expected/desired/anticipated;
--- begin rc,conf
--
ifconfig_ue0=ether ##:##:##:##:##:##
On Fri, 19 Oct 2012 15:25:24 +0400, Andrey V. Elsukov wrote:
Hi All,
Many years ago i have already proposed this feature, but at that time
several people were against, because as they said, it could affect
performance. Now, when we have high speed network adapters, SMP kernel
and
On Thu, 13 Sep 2012 21:53:23 +0300, ? ??? wrote:
Then my guess is wrong. I found the message, where similiar problem was
described in ipfw mailling list
http://lists.freebsd.org/pipermail/freebsd-ipfw/2011-March/004582.html, with
no answer.
Maybe it will be usefull for somebody.
On Wed, 29 Aug 2012 22:31:25 +0400, Lev Serebryakov wrote:
Hello, Michael.
You wrote 29 ??? 2012 ?., 19:01:08:
I have interface (vr1), most of traffic on which is PPPoE. I have ipfw
firewall, which splits traffic by interfaces via:
add 2000 skipto 5000 all from any to
On Sun, 5 Aug 2012 13:40:21 +0430, h bagade wrote:
Hi all,
I have problem with setting mac option on ipfw rule. I want to drop all
traffic but the traffic with source mac for example 11:22:33:44:55:66. I
thought it would be possible using the not option to do the work and I have
a set
On Mon, 14 May 2012 16:02:40 +0300, Ivo Vachkov wrote:
Hello all,
On Mon, May 14, 2012 at 1:52 PM, Monthadar Al Jaberi
montha...@gmail.comwrote:
On Sun, May 13, 2012 at 2:49 PM, Ivan Voras ivo...@gmail.com wrote:
On 13 May 2012 06:46, Ivo Vachkov ivo.vach...@gmail.com wrote:
On Sat, 21 Apr 2012 15:41:30 +0400, Dmitry S. Kasterin wrote:
[..]
9.0-STABLE / custom kernel
Also, if
you choose to use stateful TCP filtering, it is probably best to do it
in the manner shown in the ipfw(8) man page under DYNAMIC RULES. This
is very different from the way you
On Fri, 27 Jan 2012, Nikolay Denev wrote:
On Jan 27, 2012, at 4:41 AM, Kevin Oberman wrote:
On Thu, Jan 26, 2012 at 11:41 AM, Chuck Swiger cswi...@mac.com wrote:
Hi--
On Jan 26, 2012, at 9:24 AM, satish amara wrote:
I have question regarding the size of the state table kept in
On Tue, 3 Jan 2012 17:52:53 +0900, Randy Bush wrote:
ignore. i sorted it.
Too late, sucked in .. diff from prior config might be bone enough?
cheers, Ian
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
On Sat, 21 May 2011, Doug Barton wrote:
On 05/21/2011 01:58, Matthew Bowman wrote:
I have an uplink to my ISP on a 2 IP /30 network (1.1.1.0/30 in the
diagram)
No help for your actual problem, sorry. I just wanted to point out that 1/8
has been assigned by IANA to APNIC, so it
On Sun, 17 Apr 2011, J. Hellenthal wrote:
On Sun, Apr 17, 2011 at 03:36:40PM +1000, Ian Smith wrote:
On Sat, 16 Apr 2011, rondzie...@comcast.net wrote:
After the firewall rules are loaded, the rc script then loads natd,
Once the system is up, i can ipfw list and the divert command
On Sat, 16 Apr 2011, rondzie...@comcast.net wrote:
After the firewall rules are loaded, the rc script then loads natd,
Once the system is up, i can ipfw list and the divert command is,
in fact, not there, but by this time natd is running. If I run the
rc.firewall
script
On Mon, 14 Mar 2011, Ryan Coleman wrote:
I've searched high and low and have no idea where to start to get
this thing going... It's recognizing it now but I am not finding any
details online (like people who have shared their full configuration
details) on how they got the VirginMobile
On Sun, 6 Mar 2011, Dave Johnson wrote:
Hi all
An IPFW problem when going from release to stable on 8.2
An help gladly accepted
LOG ON
Flushed all rules.
00010 allow ip from 127.0.0.1 to 127.0.0.1 via lo0
00030 divert 8668 ip from any to any via bge0
ipfw:
On Sun, 14 Nov 2010, Milen Dzhumerov wrote:
Hi all,
We're investigating some ways to perform symbolic execution of
distributed systems and we're looking for real-world programs to
test. The routed daemon[1] which is included with FreeBSD seemed
like a good candidate and I was
On Tue, 9 Nov 2010, Pyun YongHyeon wrote:
On Tue, Nov 09, 2010 at 10:01:36PM +0100, Yamagi Burmeister wrote:
On Tue, 9 Nov 2010, Pyun YongHyeon wrote:
[..]
You can switch to suspend mode with acpiconf -s1. If all goes
well, driver would put the controller into suspend mode after
On Fri, 22 Oct 2010, Thomas Sevestre wrote:
Le 21 oct. 10 à
19:04, Julian Elischer a écrit :
On 10/21/10 8:26 AM, Thomas Sevestre wrote:
Hi all,
I'm using freebsd 8 as a router. Say I have a sis0 interface. The
On Wed, 20 Oct 2010, Paul Thornton wrote:
[..]
With a Windows XP client (I know, it was nearby though) the following
things happen:
Server - Client PPP CHAP Success (Welcome!! message).
Server - Client PPP CCP config request
Server - Client IPCP Config request (setting IP address
On Mon, 11 Oct 2010, Eugene Grosbein wrote:
Hi!
FreeBSD 8.1-STABLE:
# host koin-nkz.com.
koin-nkz.com has address 62.231.164.101
Host koin-nkz.com not found: 3(NXDOMAIN)
This domain does not have MX records but NXDOMAIN seems to wrong return
code to me. Think about MTA that
On Tue, 12 Oct 2010, Tom Evans wrote:
On Tue, Oct 12, 2010 at 10:05 AM, Ian Smith smi...@nimnet.asn.au wrote:
On Mon, 11 Oct 2010, Eugene Grosbein wrote:
Hi!
FreeBSD 8.1-STABLE:
# host koin-nkz.com.
koin-nkz.com has address 62.231.164.101
Host koin-nkz.com
On Tue, 12 Oct 2010, Tom Evans wrote:
On Tue, Oct 12, 2010 at 3:39 PM, Ian Smith smi...@nimnet.asn.au wrote:
On Tue, 12 Oct 2010, Tom Evans wrote:
On Tue, Oct 12, 2010 at 10:05 AM, Ian Smith smi...@nimnet.asn.au
wrote:
[..]
If a domain has no MX server, how's an MTA supposed
On Wed, 7 Jul 2010, Shtorm wrote:
Yow, 30 vlans, but only em1 is using vlans not em0?
Is only em1 having watchdogs? I noticed you appear to
have flow control off, maybe turning it on would help.
I would like to see the log messages from the watchdogs.
Jack
Yes, em0 -
On Fri, 9 Jul 2010, Shtorm wrote:
Yeah, saw this too, it was first boot for this install and I forgot to
run tzsetup during flash image build.
As for the latest log, this box connected to internet via em0, ntpd just
says it have some peers to sync with after interface flap.
On Fri, 9 Jul 2010, Ryan Stone wrote:
No, defining EM_WATCHDOG as 10 * hz should mean that the watchdog
expires after 10 seconds no matter what your kern.hz is. hz is set to
the number of ticks in a second.
Ok, one more probably wild punt .. Shtorm you say HZ=4000, giving:
===
And here
On Sat, 10 Jul 2010, Ian Smith wrote:
HZ=4000 ticks are 250ns, not 25ms.
Up way too late .. that's 250us of course, thanks Ryan.
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any
On Tue, 15 Jun 2010, Garrett Cooper wrote:
Hi,
I'm experiencing a deterministic situation on a development box I
manage when I do the following to enable ipfw and natd to bridge a
network with two bce(4) enabled NICs, where if I do the following
steps below, then try to push a few
On Sat, 3 Jul 2010, Ian Smith wrote:
On Tue, 15 Jun 2010, Garrett Cooper wrote:
Hi,
I'm experiencing a deterministic situation on a development box I
manage when I do the following to enable ipfw and natd to bridge a
network with two bce(4) enabled NICs, where if I do
On Thu, 1 Jul 2010, Garrett Cooper wrote:
On Thu, Jul 1, 2010 at 4:54 PM, Pyun YongHyeon pyu...@gmail.com wrote:
On Wed, Jun 30, 2010 at 07:00:53PM -0700, Garrett Cooper wrote:
Hi,
Just an observation I made while transferring a file:
# time scp floppy.img somehost:
On Wed, 2 Jun 2010, Jose M Rodriguez wrote:
The following reply was made to PR kern/147191; it has been noted by GNATS.
From: Jose M Rodriguez jos...@freebsd.jazztel.es
To: bug-follo...@freebsd.org
Cc:
Subject: Re: kern/147191: [ppp] Problems with ppp -nat [pppoe], ipfw,
dummynet
On Tue, 29 Dec 2009, Julian Elischer wrote:
Luigi Rizzo wrote:
There a difference between the documented and actual behaviour of
ipfw tee which occurs when there are multiple rules with the same
number, e.g.
rule_id number body
r1 500 tee port1 dst-ip
On Fri, 13 Nov 2009, Stephane D'Alu wrote:
Is there a way to have tcpdump only showing packed that have pass the
filtering rules, so to check that firewall rules were correctly written and
not letting unwanted packets in.
tcpdump sees packets before they're passed to the firewall coming in,
On Fri, 13 Nov 2009, Stephane D'Alu wrote:
On 13/11/2009 13:08, Ian Smith wrote:
On Fri, 13 Nov 2009, Stephane D'Alu wrote:
Is there a way to have tcpdump only showing packed that have pass the
filtering rules, so to check that firewall rules were correctly
written
On Wed, 7 Oct 2009, rihad wrote:
Robert Watson wrote:
I would suggest making just the HZ - 4000 change for now and see how it
goes.
OK, I will try testing HZ=4000 tomorrow morning, although I'm pretty sure
there still will be some drops.
Even if there are, I'd like to know
On Sun, 24 May 2009, Rui Paulo wrote:
Hi,
If anyone is interested in testing out wireless mesh networking under
FreeBSD, the project has now reached a point where you can transfer
packets between mesh nodes.
Always a good point to celebrate :)
I try to keep the branch in sync with head
On Tue, 26 May 2009, Brooks Davis wrote:
On Tue, May 26, 2009 at 08:06:25PM +1000, Ian Smith wrote:
On Sun, 24 May 2009, Rui Paulo wrote:
Hi,
If anyone is interested in testing out wireless mesh networking under
FreeBSD, the project has now reached a point where you can
On Wed, 13 May 2009, Brett Glass wrote:
I need to find a way to do MAC address locking in FreeBSD -- that is, to
ensure that only a machine with a particular MAC address can use a particular
IP address. Unfortunately, it appears that rules in FreeBSD's IPFW are
stuck on one layer: rules
On Thu, 14 May 2009, Brett Glass wrote:
At 12:17 AM 5/14/2009, Ian Smith wrote:
You can use fixed leases with MAC specified in dhcp for that,
This lets you assign specific addresses to machines with specific MAC
addresses. But it doesn't inhibit MAC address cloning, and the DHCP
that despite 20 times the CPU clock rate,
probably at least 30 times CPU throughput and likely 10 times the tick
rate, you appear to be suffering something like 30 to 900 times the
increased latency to be expected by traversing 'too many' ipfw rules.
Ian Smith escreveu:
On Fri, 24 Apr 2009, Daniel
On Fri, 20 Feb 2009, Artyom Viklenko wrote:
On Thu, 19 Feb 2009, Bakul Shah wrote:
I am wondering if there is a more dynamic and scriptable
firewall program. The idea is to send it alerts (with sender
host address) whenever a dns probe fails or ssh login fails
or smtpd finds it
On Fri, 20 Feb 2009, Bakul Shah wrote:
Thanks to everyone who responded. Looks like all the pieces
to do this exist. All I have to do is to package it all in
one program sheriff that watches various log files and
pulls the trigger on the bad guy(s) at appropriate time.
Wild West imagery
to two different ISPs.
I can live with having a Web Proxy on FreeBSD # 1, but I am concerned
that this issue will crop up someplace else.
-- Len
On Sun, Jan 25, 2009 at 9:51 PM, Ian Smith smi...@nimnet.asn.au wrote:
On Sun, 25 Jan 2009, Len Gross wrote:
The following
On Sun, 25 Jan 2009, Daniel O'Connor wrote:
On Sunday 25 January 2009 11:43:48 Mark Andrews wrote:
Doug Barton wrote:
I've never used mpd myself, but you might want to try adding the
following line to /usr/local/etc/rc.d/mpd and see if it helps:
# BEFORE: named
This
On Sun, 25 Jan 2009, Daniel O'Connor wrote:
On Sunday 25 January 2009 11:43:48 Mark Andrews wrote:
Doug Barton wrote:
I've never used mpd myself, but you might want to try adding the
following line to /usr/local/etc/rc.d/mpd and see if it helps:
# BEFORE: named
This
On Sun, 25 Jan 2009, Len Gross wrote:
The following configuration works fine _until_ I make a change in MTU
setting on the link between FreeBSD1 and FreeBSD2
Internet
|
Router x.x.x.x
192.168.0.1/16
On Sat, 10 Jan 2009, Skip Ford wrote:
Matthias Apitz wrote:
El d?a Saturday, January 10, 2009 a las 05:54:56AM -0500, Skip Ford
escribi?:
Matthias Apitz wrote:
What kind of software I could use in FreeBSD? There is some port
net/rp-pppoe but the man pages speaks about
On Sun, 4 Jan 2009, per...@pluto.rain.com wrote:
Ian Smith nimnet.asn.au!smi...@agora.rdrop.com wrote:
On Fri, 2 Jan 2009, per...@pluto.rain.com wrote:
Why would a local interface, reported as up in ifconfig, not respond
to a ping of its own IP address? The tun0 reported below
On Sat, 3 Jan 2009, per...@pluto.rain.com wrote:
Ian Smith nimnet.asn.au!smi...@agora.rdrop.com wrote:
On Fri, 2 Jan 2009, per...@pluto.rain.com wrote:
Ian Smith nimnet.asn.au!smi...@agora.rdrop.com wrote:
uucp .. how quaint :)
Yep, but running over ssh since agora no longer
On Fri, 2 Jan 2009, per...@pluto.rain.com wrote:
Ian Smith nimnet.asn.au!smi...@agora.rdrop.com wrote:
uucp .. how quaint :)
...
tun0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1412
inet6 fe80::2b0:d0ff:fe28:ad4f%tun0 prefixlen 64 scopeid 0x4
inet
On Fri, 2 Jan 2009, per...@pluto.rain.com wrote:
Why would a local interface, reported as up in ifconfig, not respond
to a ping of its own IP address? The tun0 reported below doesn't,
and I have no idea how to debug it. (I've overwritten the two most-
significant octets of its IP
On Sat, 13 Dec 2008, Peter Jeremy wrote:
On 2008-Dec-13 13:55:18 +1100, Ian Smith smi...@nimnet.asn.au wrote:
I guess submitting patches for style(9) is considered a suicide method?
Not necessarily but you need to have very good justification for any
change. It's much easier to read
On Fri, 12 Dec 2008, Randall Stewart wrote:
Bruce:
So lets see:
1) I went ahead and fixed the comments.. even added a ! instead of :-(
Personally: emoticons ARE punctuation; adding a period is totally anal.
2) No problem using func_t.. changed to that.. seems nicer :-D
I guess
1 - 100 of 168 matches
Mail list logo