Help with Emule
Hi, I have difficulty to define correct rules to work with Emule. $EXT is my internal interface and $LAN internal one. 192.168.0.10 is computer running Emule I've defined the following rdr on $EXT proto tcp from any to any port 4662 - 192.168.0.10 port 4662 rdr on $EXT proto udp from any to any port 4672 - 192.168.010 port 4672 pass in on $EXT inet proto tcp from any to 192.168.10 port = 4662 modulate state pass in on $EXT inet proto udp from any to 192.168.10 port = 4672 keep state It works but I never get HighID and I cann't connect to a lot of servers. More than this if add the following block in log on $LAN all block out log on $LAN all I get no connection at all. How it possible to connect to emule servers ( and get HighID ) and block any other traffic ? Thanks, Uri
Re: Help with Emule
Hi, On Thu, Dec 23, 2004 at 09:47:31AM +0200, [EMAIL PROTECTED] wrote: I have difficulty to define correct rules to work with Emule. $EXT is my internal interface and $LAN internal one. 192.168.0.10 is computer running Emule I've defined the following rdr on $EXT proto tcp from any to any port 4662 - 192.168.0.10 port 4662 rdr on $EXT proto udp from any to any port 4672 - 192.168.010 port 4672 pass in on $EXT inet proto tcp from any to 192.168.10 port = 4662 modulate state pass in on $EXT inet proto udp from any to 192.168.10 port = 4672 keep state You have some errors with your internal IP (192.168.0.10) in your pf.conf file : 192.168.010 or 192.168.10 in your rules above. Correct it and everything will work fine. You can also suppress 'modulate state' on the TCP pass rule : 'modulate state' are usefull for outbond connections, not inbound. Replace it with 'keep state'. I have the same rules to use Emule/Amule on an internal host and I have no problems (connection on server and HighID). A++ Foxy -- Laurent Cheylus [EMAIL PROTECTED] OpenPGP ID 0x5B766EC2
Re: Help with Emule
On 23 Dec 2004 01:56:04 -0800, [EMAIL PROTECTED] wrote: It works but I never get HighID and I cann't connect to a lot of servers. Cant say I've used 'modulate state' on incoming traffic, but synproxy has caused problems for yours truly with p2p in the past, replace it with a simple 'keep state'. 1st rule should be block log all for a default deny policy. greg -- Yeah - straight from the top of my dome As I rock, rock, rock, rock, rock the microphone
Re: Help with Emule
Hi, Thanks for the answer , but First of all there's no error in pf.conf , it's an error in typing ( didn't use copy and paste :/ ) What about block in log on $LAN all block out log on $LAN all I guess I have to define some rule(s) for $LAN ( internal interface ) if I want to block anything else on $LAN Something like pass in on $LAN inet proto tcp from 192.168.0.10 to any port 4662 pass in on $LAN inet proto udp from 192.168.0.10 to any port 4672 pass out on $LAN inet proto tcp from 192.168.0.10 to any port 4662 modulate state pass out on $LAN inet proto udp from 192.168.0.10 to any port 4672 keep state Is that sounds right ? Thanks, Uri Laurent Cheylus [EMAIL PROTECTED] To: pf@benzedrine.cx Sent by: cc: [EMAIL PROTECTED] Subject: Re: Help with Emule ine.cx 23/12/2004 15:59 Hi, On Thu, Dec 23, 2004 at 09:47:31AM +0200, [EMAIL PROTECTED] wrote: I have difficulty to define correct rules to work with Emule. $EXT is my internal interface and $LAN internal one. 192.168.0.10 is computer running Emule I've defined the following rdr on $EXT proto tcp from any to any port 4662 - 192.168.0.10 port 4662 rdr on $EXT proto udp from any to any port 4672 - 192.168.010 port 4672 pass in on $EXT inet proto tcp from any to 192.168.10 port = 4662 modulate state pass in on $EXT inet proto udp from any to 192.168.10 port = 4672 keep state You have some errors with your internal IP (192.168.0.10) in your pf.conf file : 192.168.010 or 192.168.10 in your rules above. Correct it and everything will work fine. You can also suppress 'modulate state' on the TCP pass rule : 'modulate state' are usefull for outbond connections, not inbound. Replace it with 'keep state'. I have the same rules to use Emule/Amule on an internal host and I have no problems (connection on server and HighID). A++ Foxy -- Laurent Cheylus [EMAIL PROTECTED] OpenPGP ID 0x5B766EC2
Traffic Monitoring, IP
Hi Im trying to make some kind of network traffic graphs on my OpenBSD box but I have a few requirements. First of all I need some graphs similar to graphs generated by PFSTAT, but not only for all traffic. Id like to see graphs for each IP of my network. Unfortunately PFSTAT cant do it, I tryed IPFM with MRTG but theres a trouble because if no traffic is generated IPFM doesnt update log file so graph in MRTG is very strange then. Can somebody help me what to use for individual IP traffic monitoring? I like PFSTAT very much is simple and effective but is tehre a way how to monitor IPs? Thanks MK
RE: Traffic Monitoring, IP
http://www.ntop.org might be what your looking for Bob
CARP again, again
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello again, sorry to bother you all again. I have a question, we have two DSL connections, and I plan on using two boxes, which are carped. But, I'd like to do this in a fashion such that I can failover to a different connection when the primary one becomes unusable. Would anyone have experience of doing this, and how exactly does one determine that the connection has failed? Does it base the failure on link status or on IP untouchables? To illustrate what I am thinking here is a picture: .--. .--. | internet cloud 1 | | internet cloud 1 | `--' `--' 83.146.4.1/24 | | 65.10.5.1/24 `-' | .. | switch | `' | .-. | | .--. | carp0 83.146.4.3carp1 65.10.5.3 | `--' | | .---. .--. | fw01 | | fw02 | | fxp0 83.146.4.1 |--| fxp0 83.146.4.2 | | fxp0 alias 65.10.5.2 | | fxp0 alias 65.10.5.3 | `---' `--' | | ... What I have thought is that I may be able to alias the second connection on the external interfaces, and make a carp for that. - -- /-- _| | Regards. Please note, my PGP key ID has changed. |-- / | | If you are planning on sending me something encrypted \__ \_| | please update your keyring. Debian/OpenBSD. 53C9FC6C. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBy0ajjtZArFPJ/GwRAoQWAJ48CzruBi/b6ThV7p9gsbJdtweeSACfSBWT V2GIznEIHogkkcZm6ZgzpzY= =r3MZ -END PGP SIGNATURE-