Hello. Tried that and still no luck. Even did chown and chgrp to pflogger
and nothing.
At 11:39 AM 8/13/2003 -0400, Jason Dixon wrote:
On Wed, 2003-08-13 at 10:19, [EMAIL PROTECTED] wrote:
Hello. Just got an OpenBSD 3.3 machine running as the firewall for a
small
network - I've just
At 12:27 PM 8/13/2003 -0400, you wrote:
a) Please stop top-posting.
Sorry about that. If you would prefer that I not reply all also, please
let me know.
b) Whenever you create a new file for a daemon like syslog to write to,
you need to restart that daemon.
kill -HUP `cat /var/run/syslog.pid`
On Wed, Aug 13, 2003 at 01:43:18PM +0200, Hendrik Scholz wrote:
You'd have to add the tos statement to both rules in case you want
the replies to incoming icmp echo request packets to be passed out
with a tos flag set.
Yes. Basic question is: do you want to set the same tos on all packets
of
Folks,
since I couldn't find anything related to this on the archive, I'm hoping
that you guys can help me out.
Last may, Hartmeier sent an e-mail with the Hackathon Summary[1]. He
mentioned that there was some work in progress on accounting per host, being
made by Ryan McBride. Does anyone know
On Wed, Aug 06, 2003 at 05:47:43PM -0300, Gustavo Chamone wrote:
Last may, Hartmeier sent an e-mail with the Hackathon Summary[1]. He
mentioned that there was some work in progress on accounting per host, being
made by Ryan McBride. Does anyone know the status of this feature?
I'm flying to
On Fri, Aug 08, 2003 at 02:57:18PM -0700, Bryan Irvine wrote:
Is there a way to assign more than one ip to the $ext_if and do rdr
based on that?
You can add an ip alias and use binat. I had problems w/arp that way.
Could have been a problem between the keyboard chair though.
like (pretend
On Wed, Aug 13, 2003 at 05:39:56PM -0400, Amir Seyavash Mesry wrote:
Henning or eh I forget, know of a bug using this configuration, then it
should work as I have seen it.
I don't know what should prevent that from working indeed.
--
Henning Brauer, BS Web Services, http://bsws.de
[EMAIL
On Monday 11 August 2003 16:01, Hendrik Scholz wrote:
Living on a DSL link is hard when it comes to ALTQ configuration on the
upstream side.
In my (and prob. this is the most common setup) I cannot (legally) take
control of the upstream router and its queueing policies.
Sorry it's not clear
J. Sabino wrote:
Been reading a lot about pf recently, extremely nice software and love
the easy syntax and great features. Something however has me a bit
confused that I've read on this page:
http://www.openbsd.org/faq/pf/filter.html#example
I'm trying to remember what I had in mind when I
Tuesday, August 5, 2003, 11:00:14 AM, Daniel Hartmeier wrote:
Well, not an arbitrary number of states per connection, at most two
(unless translation and/or encapsulation is involved, then you could
possibly create more).
You can easily see how this works by loading the simple ruleset
Oh no problem. Thanks for clearing that up for me, I feel so much
better now that I know I'm not crazy. Also, I agree that Daniel did
make a good point that I hadn't thought about previously regarding the
internal users using the firewall for DNS, Proxy, etc. I am of the
mindset that these
Hi,
thanks for the answers I've received to this.
Dom De Vitto wrote:
This is because most switches are not security oriented and should be
considered dumb hubs on all ports, all vlans. If anyone says this isn't
so I'll beat them with enough references to flood a STM64...
I think that was
On Monday 11 August 2003 18:33, Hendrik Scholz wrote:
Where should I install a bridge?
LAN--BRIDGE--router
I cannot insert anything behind my router but like to modify the
telco routers queueing mechanism.
I don't know your situation, but putting a bridge there could be invisible
On Mon, Aug 04, 2003 at 11:35:13PM +0300, Alexey E. Suslikov wrote:
so, what is the point of example? we are unable to match in and out packets
to shape them separately (remember, the state is the matching criteria) and
we are unable to shape same packets on the different interfaces (the state
Hi All,
I apologise if this is off topic for the list, but I am sure someone here
must be doing this.
I am running the standard distro of OpenBSD 3.2 on our firewall. We
currently have an SDSL connection which has an Ethernet interface.
We would like to change ISPs and have been told we need to
I apologize in advance if this is a stupid question :)
OpenBSD pf firewall for small network, adsl in, doing nat. I want to
rdr certain ports on the firewall to an internal server. My rdr and
pass lines work fine for some services (http [80], rsync [873], etc) but
two services DON'T work--MS
Hi Everyone,
I have been trying for the past couple of days to get FTP chroot
working on my 3.3 machine. I have added the user name to /etc/ftpchroot.
Started the ftp server with ftpd -D. I can log into the ftp server and
get to the root directory. It is not restricting the user in the
As long as you separate the rulesets for the bridged config and the
management nic, I don't see how it could happen unless the pf code is not
meant to handle this, I am running the same config roughly and it works damn
good, in fact too good when I first configed it. Also I would like to point
out
Hi,
I have implemented Daniel's solutions (pf+relaydb on OpenBSD) and it works great! I
have a question though... Why does relaydb ignore addresses inside of round brackets ?
It seems to be adding only addresses within [].
Some emails do not even have a single address within [].
(who adds
My advice is, unless you are planning on BGP which increases the costs, to
buy an E1 capable CPE box (cisco is not the only make) and use it as first
hop :( Must less hassle in the long run.
Thanks for the advice Peter.
I haven't been able to source an LMC card so a router out front looks like
Ok, lets go through this...
Hi,
I have an OpenBSD 3.3 firewall which acts as a transparent bridge
between our network (not NATted) and a router giving access to the
rest
of the world. The bridging interfaces are configured without IP
address
and a third (management) NIC is configured
On Wed, 2003-08-13 at 12:08, [EMAIL PROTECTED] wrote:
Hello. Tried that and still no luck. Even did chown and chgrp to pflogger
and nothing.
a) Please stop top-posting.
b) Whenever you create a new file for a daemon like syslog to write to,
you need to restart that daemon.
kill -HUP `cat
Hi!
On Wed, 13 Aug 2003 12:01:16 +0200
Henning Brauer [EMAIL PROTECTED] wrote:
there are various people now asking for a possibility to set the tos.
I tend to think it makes sense.
not sure about the syntax tho.
From my point of view it fits into the scrub scheme.
Adding it to each rule
Ed White wrote:
BTW filtering on TOS value introduce a good way to filter some ports even if
you get a dynamic IP.
Example:
You want to filter port tcp:22 to avoid the whole internet to get the OpenSSH
prompt. Adding a rule like this would make it possible...
pass in quick inet
On Tue, Aug 12, 2003 at 01:50:43PM -0700, Meenal C wrote:
I have implemented Daniel's solutions (pf+relaydb on OpenBSD) and it works great!
I have a question though... Why does relaydb ignore addresses inside of round
brackets ? It seems to be adding only addresses within [].
Some emails
On Wed, Aug 13, 2003 at 01:43:18PM +0200, Hendrik Scholz wrote:
Hi!
On Wed, 13 Aug 2003 12:01:16 +0200
Henning Brauer [EMAIL PROTECTED] wrote:
there are various people now asking for a possibility to set the tos.
I tend to think it makes sense.
not sure about the syntax tho.
From
Hi,
I have an OpenBSD 3.3 firewall which acts as a transparent bridge
between our network (not NATted) and a router giving access to the rest
of the world. The bridging interfaces are configured without IP address
and a third (management) NIC is configured with an IP address inside our
This question is really not appropriate for a packet filter mailing list.
Please post this to [EMAIL PROTECTED]
//Wouter
On Wed, 13 Aug 2003, Justin Houchin wrote:
Hi Everyone,
I have been trying for the past couple of days to get FTP chroot
working on my 3.3 machine. I have added the
Hello. Just got an OpenBSD 3.3 machine running as the firewall for a small
network - I've just started using OpenBSD recently so I'm sure it a rookie
mistake. I've been trying to get the packet logging set up as in the faq
but I can't get the file pflog.txt to be created. I've read this post
On Tue, Aug 12, 2003 at 10:09:01PM +1000, Damien Miller wrote:
OTOH a pass set-tos xxx option (what this discussion was originally
about) would be nice...
there are various people now asking for a possibility to set the tos.
I tend to think it makes sense.
not sure about the syntax tho.
--
Ed White wrote:
pass in quick inet proto tcp from $My_ISP_class_B to $eth_ext port 22 tos
$key keep state
This is the worst kind of security through obscurity.
That's not security at all.
My point exactly.
That's custom setup, like using sshd on port 31337.
And equally stupid.
On Mon, Aug 11, 2003 at 04:01:38PM +0200, Hendrik Scholz wrote:
Before starting setting up an OpenBSD box I'd like to know if there
are any caveats/reasons since this has not been done already.
I guess the question is: does a significant share of internet routers
honour the flag? What effect
On Monday, Aug 11, 2003, at 18:35 US/Pacific, Scott Sipe wrote:
OpenBSD pf firewall for small network, adsl in, doing nat. I want to
rdr certain ports on the firewall to an internal server. My rdr and
pass lines work fine for some services (http [80], rsync [873], etc)
but two services DON'T
Hi!
Living on a DSL link is hard when it comes to ALTQ configuration on the
upstream side.
If you are able to configure both sides of a link policy based routing
is no problem (i.e. prioritizing ACKs or icmp/udp/Diablo 2 :)).
In my (and prob. this is the most common setup) I cannot (legally) take
Gustavo Chamone wrote:
Folks,
since I couldn't find anything related to this on the archive, I'm hoping
that you guys can help me out.
Last may, Hartmeier sent an e-mail with the Hackathon Summary[1]. He
mentioned that there was some work in progress on accounting per host, being
made by
35 matches
Mail list logo
