ipfw nat

2010-06-23 Thread Michal 

Hello.

I am currently trying to replace pf with ipfw. NAT is the biggest 
missing bit in my configuration.


I want to go with ipfw nat (libalias) because I've been told it works 
fine with dynamic rules (unlike divert) - is that statement correct?


If yes, then could somebody point me to some kind of howto or manual 
please. All I'm finding in handbook, manuals and google is about divert 
and not ipfw nat.


Thanks, M.
--
The real problem is not whether machines think but whether men do. -B. 
F. Skinner


___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to freebsd-ipfw-unsubscr...@freebsd.org

beginner's question about proper syntax

2010-06-02 Thread Michal 

Hello,

I don't have to worry about backward compatibility and I would like to 
go with 'modern' syntax for rule body.
Are these two rules equal and exactly the same for ipfw? Is there any 
overhead or drawbacks of using one and not the other?


example 1:
allow tcp from me $ports_range_bc to any 80 out via $if_ext setup 
keep-state uid $user_regular


example 2:
allow out via $if_ext proto tcp src-ip me src-port $ports_range_bc 
dst-ip any dst-port 80 uid $user_regular setup keep-state


After loading and listing my rules I can see that example 2 was 
processed as:
allow ip from any to any out via wlan0 proto tcp src-ip me src-port 
1024-65535 dst-port 80 uid michal setup keep-state


Michal
--
Et ipsa scientia potestas est. -- Francis Bacon

___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to freebsd-ipfw-unsubscr...@freebsd.org

RE: page fault while in kernel-mode (dummynet) - amd64

2007-05-29 Thread Michal Zygmunt 
 iomem 0xa-0xb on isa0
Timecounters tick every 1.000 msec
fwe0f0: Ethernet address: 02:90:27:c9:fa:f9
fwe0f1: Ethernet address: 02:90:27:c9:fa:f9
fwe0f2: Ethernet address: 02:90:27:c9:fa:f9
fwe0f3: Ethernet address: 02:90:27:c9:fa:f9
fxp0f0: Ethernet address: 00:08:c7:8c:96:06
fxp0f1: Ethernet address: 00:08:c7:8c:96:06
fxp0f2: Ethernet address: 00:08:c7:8c:96:06
fxp0f3: Ethernet address: 00:08:c7:8c:96:06
em0f0: Ethernet address: 00:19:d1:79:cf:bf
em0f1: Ethernet address: 00:19:d1:79:cf:bf
em0f2: Ethernet address: 00:19:d1:79:cf:bf
em0f3: Ethernet address: 00:19:d1:79:cf:bf
IPv6 packet filtering initialized, default to accept, logging limited to 100
packets/entry
IPsec: Initialized Security Association Processing.
IP Filter: v4.1.13 initialized.  Default = pass all, Logging = enabled
ipfw2 (+ipv6) initialized, divert enabled, rule-based forwarding enabled,
default to accept, logging limited to 100 packets/entry by default
ad8: 190782MB Seagate ST3200822A 3.01 at ata4-master UDMA100
ad10: 76318MB WDC WD800BB-00JHA0 05.01C05 at ata5-master UDMA100
ad12: 305245MB Seagate ST3320620AS 3.AAK at ata6-master SATA150
SMP: AP CPU #1 Launched!

P.S. I added [EMAIL PROTECTED] as CC but I am not subscribed to that list so
I am not sure if this mail will be delivered properly to that list.


If you will need any other dumps, let me know.

Thanks,
Michal Zygmunt



-Original Message-
From: Remko Lodder [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, May 29, 2007 11:33 PM
To: Michal Zygmunt
Cc: [EMAIL PROTECTED]
Subject: Re: page fault while in kernel-mode (dummynet) - amd64

Michal Zygmunt wrote:
 Hi,
 
  
 
 It seems that there is some problem with dummynet implementation and
 happened on amd64 build
 
  
 

hello,

The information you provided is not nearly enough to get
started {sorry}, please see the developers handbook
for more information
http://www.freebsd.org/doc/en/books/developers-handbook on
how to obtain the proper kernel dump that can be processed
by our developers. Also please consider using [EMAIL PROTECTED]
for this report since it would most likely get better attention
there {special ipfw mailinglist which seems more appropriate}.

Thanks for using FreeBSD!!

-- 
Kind regards,

 Remko Lodder   ** [EMAIL PROTECTED]
 FreeBSD** [EMAIL PROTECTED]

 /* Quis custodiet ipsos custodes */

___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to [EMAIL PROTECTED]