Hi,
I have a suspicion that route-to is changing sequence numbers on TCP packets.
My pf-based router is set up so that packets travelling between
internal hosts and the internet get routed through a separate IPS box:
imagine the IPS as basically a plugin to the router, and packets get
, in which case do some kind of binat?
Or perhaps I missed the point. I usually do :)
Oliver.
--
Oliver Humpage
ICT Co-ordinator, Watershed Media Centre -- +44 (0)117 9276444
E-mails received are assumed to be for my attention, to do with as I wish.
No responsibility is accepted if communications
on 18/10/04 1:35 am, Trevor Talbot at [EMAIL PROTECTED] wrote:
On Sunday, Oct 17, 2004, at 14:15 US/Pacific, [EMAIL PROTECTED]
wrote:
On So, 17 Okt 2004, Oliver Humpage wrote:
State only works on the interface on which it was created. You will
need another keep state rule on the external
between passive and active FTP. Then make sure
that you're allowing all the ports out from both interfaces (49152 to 65534
is standard, but you may want to open all high-numbered ports) for the
ftp-proxy user.
Oliver.
--
Oliver Humpage
ICT Co-ordinator, Watershed Media Centre -- +44 (0)117 9276444
E
, how else can it know if there's an existing relationship with the
remote server...?
Oliver.
--
Oliver Humpage
ICT Co-ordinator, Watershed Media Centre -- +44 (0)117 9276444
E-mails received are assumed to be for my attention, to do with as I wish.
No responsibility is accepted if communications
missing something obvious - any takers?
Thanks,
Oliver.
--
Oliver Humpage
ICT Co-ordinator, Watershed Media Centre -- +44 (0)117 9276444
E-mails received are assumed to be for my attention, to do with as I wish.
No responsibility is accepted if communications are sent to me in error
on 8/9/04 12:18 pm, Oliver Humpage at [EMAIL PROTECTED] wrote:
I'm sure I'm missing something obvious - any takers?
I was - I was keeping state on packets from $adsl_if, so they totally
bypassed my route-to rule on the way out of $leased_line_if.
Oliver.
--
Oliver Humpage
ICT Co-ordinator
server behind your firewall), then you'll need to use port
forwarding or a rdr. Or have I misunderstood?
Oliver.
--
Oliver Humpage
ICT Co-ordinator, Watershed Media Centre -- +44 (0)117 9276444
E-mails received are assumed to be for my attention, to do with as I wish.
No responsibility
on 6/9/04 11:18 am, Mipam at [EMAIL PROTECTED] wrote:
On Mon, 6 Sep 2004, Oliver Humpage wrote:
on 6/9/04 9:21 am, Mipam at [EMAIL PROTECTED] wrote:
Hmm i see, so for outbound traffic over $ext_if
1) nat
2) filtering
And for inbound traffic first filtering and then nat.
For ipf its
yet :)
Oliver.
--
Oliver Humpage
ICT Co-ordinator, Watershed Media Centre -- +44 (0)117 9276444
E-mails received are assumed to be for my attention, to do with as I wish.
No responsibility is accepted if communications are sent to me in error.
This disclaimer has as much legal status as yours.
and internally) using tcpdump.
Has anyone got *any* ideas why internally there's only one master, yet
externally there are two? This is driving me nuts :)
Many thanks,
Oliver.
--
Oliver Humpage
ICT Co-ordinator, Watershed Media Centre -- +44 (0)117 9276444
E-mails received are assumed to be for my
on 26/8/04 5:27 pm, Ryan McBride at [EMAIL PROTECTED] wrote:
On Thu, Aug 26, 2004 at 04:29:04PM +0100, Oliver Humpage wrote:
Has anyone got *any* ideas why internally there's only one master, yet
externally there are two? This is driving me nuts :)
You might get some indication as to what
12 matches
Mail list logo
