nat before ipsec ...

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hi, please, may somebody help with the subj? is it possible at all on FreeBSD with pf? I need to binat some of my LAN (network A) ip addresses to some of secure communication addresses (network B) for, behind IPSec network C, access target - world

Re: nat before ipsec ...

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 wishmaster artem...@ukr.net wrote: If I understand you correctly, you want binat inside IPSec and I'm not sure ... what I want is to nat packets from net A before they are entering IPSec, as if they originate not on the freebsd host so, they

Re: nat before ipsec ...

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 target - world -- em0 - freebsd - vlanA -- LAN ^^ net A || +- netC -.-.-.-.- IPSec -.-.-.-.- net B -+ ... where: A1 is some address from net A B2 is

pfctl ... driver does not support altq

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 greetings, I see, in list the issue appears from time to time but I was not able to find the solution for my case, please help me to get working altq on my igb(4) if it is possible at all I was trying igb(4) original OS drivers and the one from

Re: wan1 as default, wan2 dedicated to a service

Max wrote: > Probably you should use > pass out log on $if_dvr reply-to ($if_wan2 $gw_wan2) to thank you, Max, this helped -- Zeus V. Panchenko jid:z...@im.ibs.dn.ua IT Dpt., I.B.S. LLC GMT+2 (EET)

wan1 as default, wan2 dedicated to a service

hi, I need trivial thing but wondering where am I wrong ... :( help please I have two WAN interfaces: wan1 and wan2 wan1 is default route interface, wan2 is dedicated for DVR (video) I'm trying to direct all output from DVR to wan2 (here I do not care of where a request to DVR came from, I want

Re: default to wan1, definite subnet replies to wan2

sorry for noise, please ignore this incomplete message Zeus Panchenko <z...@ibs.dn.ua> wrote: > greetings, > > I have two wan intefaces, wan1 and wan2 > > wan1 is for default > > I have subnet in my LAN all replies from which I need to direct throug

psync for sshguard table sync on several hosts

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hi, please advise I think of pfsync-ing sshguard table content among several hosts to get one big table on each host, since IP blocked on one host I want to be blocked on all others automatically (all hosts are terminated in one VPN) ... am I

Re: pfsync for sshguard table sync on several hosts

mxb wrote: > Use BGP to distribute list of IP addresses. > Like it is done at http://bgp-spamd.net/ what about pfsync indeed? I need black list of addresses I do can control on my own and to install BGP infrastructure for local needs looks excessive isn't psync aimed

[Q] what is the correct way to filter by remote pf?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 greetings please, advise WHAT I HAVE: routerB <-> netX/16 ^ | V clients <-> routerA <-> netX/24 WHAT I NEED: to provide `clients <-> netX/24' traffic on the base of routerB pf rules so, the

[Q] is there way to use bgp-spamd.net?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hi, is there way to use BGP to block traffic, like it is described on https://www.bgp-spamd.net/index.html or even BGP feeds from spamhaus https://www.spamhaus.org/news/article/683/spamhaus-releases-bgp-feed-bgpf-and-botnet-cc-list-bgpcc - -- Zeus