sh/bash: export FTP_PASSIVE_MODE=true
Ah... because in passive mode, the client (my server) sets the data
port, and my PF rules allow return data on the port used for the
request.
Okay... that makes sense, I think... (little by little, it sinks in...)
-- John
On Fri, 10 Oct 2008 11:41:40 -0700
Jeremy Chadwick [EMAIL PROTECTED] wrote:
On Fri, Oct 10, 2008 at 06:54:32PM +0100, RW wrote:
On Fri, 10 Oct 2008 09:51:16 -0700
Jeremy Chadwick [EMAIL PROTECTED] wrote:
passive ftp has been the default for long time, fetch is called
with the -p option.
firewall problem in the first
place, and that the file has simply been added to ftp.freebsd.org since
you got the original failure.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe
building).
Unless you turn-up something odd for FETCH_CMD, I think there's
a good chance that you never had an FTP firewall problem in the first
place, and that the file has simply been added to ftp.freebsd.org
since
you got the original failure.
I just removed the FTP_PASSIVE_MODE variable from
Hello All:
We have a load balanced pair of PF boxes sitting in front of a whole bunch of
server doing all manner of things! It's been working great up until today when
it, well, didn't. Here's what I see in top -S.
PID USERNAME THR PRI NICE SIZERES STATE C TIME WCPU
On Mon, Oct 06, 2008 at 06:08:50PM -0700, Michael K. Smith - Adhost wrote:
Hello All:
We have a load balanced pair of PF boxes sitting in front of a whole bunch of
server doing all manner of things! It's been working great up until today
when it, well, didn't. Here's what I see in top
On Fri, Oct 3, 2008 at 5:24 AM, fire jotawski [EMAIL PROTECTED] wrote:
On Thu, Oct 2, 2008 at 7:39 PM, Dominique Goncalves
[EMAIL PROTECTED] wrote:
Hi,
On Thu, Oct 2, 2008 at 6:09 AM, fire jotawski [EMAIL PROTECTED] wrote:
On Thu, Sep 25, 2008 at 12:10 AM, Kevin Kinsey [EMAIL PROTECTED]
Hi,
On Thu, Oct 2, 2008 at 6:09 AM, fire jotawski [EMAIL PROTECTED] wrote:
On Thu, Sep 25, 2008 at 12:10 AM, Kevin Kinsey [EMAIL PROTECTED] wrote:
FBSD1 wrote:
natd_enable=YES This statement in rc.conf enables ipfw nated function.
firewall_nat_enable=YES This is an invalid statement. No
This is no longer true; he did indeed find firewall_nat_enable
in /etc/defaults/rc.conf. The knob seems to have first appeared
in February in HEAD and I'm guessing it cues the system to use a
new kernel-based nat rather than natd(8), but I've not read anything
further about this, as my
On Thu, Oct 2, 2008 at 7:39 PM, Dominique Goncalves
[EMAIL PROTECTED] wrote:
Hi,
On Thu, Oct 2, 2008 at 6:09 AM, fire jotawski [EMAIL PROTECTED] wrote:
On Thu, Sep 25, 2008 at 12:10 AM, Kevin Kinsey [EMAIL PROTECTED] wrote:
FBSD1 wrote:
natd_enable=YES This statement in rc.conf
On Thu, Sep 25, 2008 at 12:10 AM, Kevin Kinsey [EMAIL PROTECTED] wrote:
FBSD1 wrote:
natd_enable=YES This statement in rc.conf enables ipfw nated function.
firewall_nat_enable=YES This is an invalid statement. No such thing as
you have here.
This is no longer true; he did indeed find
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of fire jotawski
Sent: Wednesday, September 24, 2008 12:13 PM
To: freebsd-questions@freebsd.org
Subject: nat and firewall
hi sirs,
i am confused now that what is the difference between nat and firewall_nat
On Wed, Sep 24, 2008 at 2:52 PM, FBSD1 [EMAIL PROTECTED] wrote:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of fire jotawski
Sent: Wednesday, September 24, 2008 12:13 PM
To: freebsd-questions@freebsd.org
Subject: nat and firewall
hi sirs,
i am
FBSD1 wrote:
natd_enable=YES This statement in rc.conf enables ipfw nated function.
firewall_nat_enable=YES This is an invalid statement. No such thing as
you have here.
This is no longer true; he did indeed find firewall_nat_enable
in /etc/defaults/rc.conf. The knob seems to have first
Hello,
I have been using FreeBSD for many years as a server and have based
most of my hosting services on this fantastic OS.
Since three years I have been using SonicWall firewall as a firewall
device.
As my hosting services are growing, It seems that the SonicWall device
is quite light
I was wondering if there is a good if possible integrated firewall
device running on FreeBSD.
I think monowall is what you are looking for.
Olivier
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd
I think monowall is what you are looking for.
Or his more advanced brother - pfSense.
Bye,
Nejc
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL
Also have a look at pfsense
www.pfsense.org
regards,
Johan Hendriks
No virus found in this outgoing message.
Checked by AVG - http://www.avg.com
Version: 8.0.169 / Virus Database: 270.7.0/1685 - Release Date: 22-9-2008 16:08
___
quite light for what I am doing. I have now 10 servers hosted on one uniq
/28 network with direct connexion to the Net.
I was wondering if there is a good if possible integrated firewall device
running on FreeBSD.
just read manual. ipfw is excellent
*This message was transferred with a trial version of CommuniGate(r) Pro*
Nejc Škoberne wrote:
*This message was transferred with a trial version of CommuniGate(r) Pro*
I think monowall is what you are looking for.
Or his more advanced brother - pfSense.
Bye,
Nejc
Either m0n0wall or
hi sirs,
i am confused now that what is the difference between nat and firewall_nat
in /etc/rc file
natd_enable=YES
firewall_nat_enable=YES
just one question per asking. there will be another more questions about
this but for this moment only this one first.
thanks in advance for any helps
Hi all
I've some servers for internal use. On those servers I have some pf (or
ipfw) rule to deny any connection from inside to outside.
Long time ago when ports tree is update with cvs, I'm using something like
pf command to open inside -- outside connection
cvsup
portupgrade --fetch-only
Date: Fri, 5 Sep 2008 16:14:02 +0200 From: [EMAIL PROTECTED] To:
freebsd-questions@freebsd.org Subject: portsnap in cron and firewall Hi
all I've some servers for internal use. On those servers I have some pf
(or ipfw) rule to deny any connection from inside to outside. Long time
Le 05/09/2008 à 11:33:59-0400, Sean Cavanaugh a écrit
Date: Fri, 5 Sep 2008 16:14:02 +0200 From: [EMAIL PROTECTED]
To: freebsd-questions@freebsd.org Subject: portsnap in cron and
firewall Hi all I've some servers for internal use. On those
servers I have some pf (or ipfw) rule
Date: Fri, 5 Sep 2008 17:43:44 +0200 From: [EMAIL PROTECTED] To: [EMAIL
PROTECTED] CC: freebsd-questions@freebsd.org Subject: Re: portsnap in cron
and firewall Le 05/09/2008 à 11:33:59-0400, Sean Cavanaugh a écrit
Date: Fri, 5 Sep 2008 16:14:02 +0200 From: [EMAIL PROTECTED
Le 05/09/2008 à 11:51:57-0400, Sean Cavanaugh a écrit
---
Yes I known. That's why I'm asking you how can I make portsnap through the
cron and opening firewall just before he going to make the connection
On Fri, 5 Sep 2008 16:14:02 +0200
Albert Shih [EMAIL PROTECTED] wrote:
Hi all
I've some servers for internal use. On those servers I have some pf
(or ipfw) rule to deny any connection from inside to outside.
Long time ago when ports tree is update with cvs, I'm using something
like
On Fri, 5 Sep 2008 16:49:26 +0100
RW [EMAIL PROTECTED] wrote:
On Fri, 5 Sep 2008 16:14:02 +0200
Albert Shih [EMAIL PROTECTED] wrote:
But now with portsnap cron (that's mean random sleep) I don't known
when the system try to connect outside.
You can do this
sleep `jot -r 1 0 3599`
Hello,
since FreeBSD 5.0 I was using 'pf' as the packet filter on FreeBSD due
to some performance advantages over ipfw in the time when FreeBSD was
introduced. Now I'm al littel bit detached from development and status
quo. I read about problems in FreeBSD 7 when using 'pf' in a bridged
Woj, another of the few joys of -digests: two birds with one stone:
is there a way to check on running system how much CPU time is used to
perform firewalling/traffic manager - be it pf or ipfw?
Sure, compare ping times / traffic throughput with firewall turned off
and on? I recall
is there a way to check on running system how much CPU time is used to
perform firewalling/traffic manager - be it pf or ipfw?
Sure, compare ping times / traffic throughput with firewall turned off
and on?
this will not measure CPU load but delays. delays are unnoticable and
doesn't look
My preferred firewall these days, for general use, is pf. I seem to
recall someone who has used it in high-load scenarios that it can kinda
choke at high loads, though I don't recall whether that was due to pf
itself or the fact he was running it on OpenBSD. Until now, this has not
been
Chad Perrin wrote:
My preferred firewall these days, for general use, is pf. I seem to
recall someone who has used it in high-load scenarios that it can kinda
choke at high loads, though I don't recall whether that was due to pf
itself or the fact he was running it on OpenBSD. Until now
connections. The default is 10,000 states. If your firewall
machine is dedicated to running pf and it has hundreds of MB if not GB
of
RAM, then upping the size of some of those parameters by an order of
magnitude is feasible, and works well.
Thanks for the further elaboration. I'll keep all
My preferred firewall these days, for general use, is pf. I seem to
recall someone who has used it in high-load scenarios that it can kinda
choke at high loads, though I don't recall whether that was due to pf
itself or the fact he was running it on OpenBSD. Until now, this has not
been
Actually, I tracked down the guy who had originally given a poor review
of pf performance, and it turns out that the missing part of his review
was related to use of dummynet for bandwidth management. Since I'm not
planning to use dummynet for bandwidth management, that's not really a
factor we
High load may or may not be a problem depending on your traffic patterns.
I've seen pf firewalls suffer by running out of state-table space in
situations where there are a lot of fairly short-lived but low volume
network connections. The default is 10,000 states. If your firewall machine
Hi all,
I have a FreeBSD v7 box set up as gateway/mailserver/WAP. I leave my WAP
unencrypted, so my neighbors can use it, and use PF to allow just a few
specific services (dhcp dns, http, https).
I'd like to be able to mount a couple of NFS shares from a desktop box
running Fedora on a wireless
quoth the Colin Brace:
Hi all,
I have a FreeBSD v7 box set up as gateway/mailserver/WAP. I leave my WAP
unencrypted, so my neighbors can use it, and use PF to allow just a few
specific services (dhcp dns, http, https).
I'd like to be able to mount a couple of NFS shares from a desktop box
On Thu, 17 Apr 2008 07:59:20 +0300, Manolis Kiagias [EMAIL PROTECTED]
wrote:
Running an FTP behind a home DSL router is perfectly possible. You will
just have to open a range of ports on the router itself eg 25000-25050
and forward them to your ftp server internal IP address. Then set the
FTP
On Apr 17, 2008, at 12:59 , Manolis Kiagias wrote:
Gilles wrote:
On Wed, 16 Apr 2008 22:06:24 -0400, Jon Radel [EMAIL PROTECTED] wrote:
What control do you have over the firewall? One of the cleaner
solutions would be to run an ftp proxy on the firewall, such as that
supplied with pf. See
On Thursday 17 April 2008 04:32:41 Gilles wrote:
Actually, we don't necessarily need an FTP. Whatever solution to send
files is fine, provided I can add this feature in a VB Classic client
application.
Depends a bit on the max filesize and number of files. You can do a HTTP POST
request,
Hello
We have FreeBSD server on our private LAN behind a NAT firewall on
which I'd like to add an FTP server so that customers can send us
stuff.
Problem is, since customers might have a NAT firewall on their end,
the client application must connect in passive mode... but this just
moves
Gilles wrote:
Hello
We have FreeBSD server on our private LAN behind a NAT firewall on
which I'd like to add an FTP server so that customers can send us
stuff.
Problem is, since customers might have a NAT firewall on their end,
the client application must connect in passive mode
On Wed, 16 Apr 2008 22:06:24 -0400, Jon Radel [EMAIL PROTECTED] wrote:
What control do you have over the firewall? One of the cleaner
solutions would be to run an ftp proxy on the firewall, such as that
supplied with pf. See ftp-proxy(8) or
http://www.openbsd.org/faq/pf/ftp.html
Unfortunately
Gilles wrote:
On Wed, 16 Apr 2008 22:06:24 -0400, Jon Radel [EMAIL PROTECTED] wrote:
What control do you have over the firewall? One of the cleaner
solutions would be to run an ftp proxy on the firewall, such as that
supplied with pf. See ftp-proxy(8) or
http://www.openbsd.org/faq/pf
hi,
i am facing a problem while extracting a package
1)i created a package using pkg_create
command used is :
*pkg_create -f cwd/filelist -p cwd/avamar -c cwd/comments -d cwd/desc*
package is getting created and it is in cwd
2)extracting it using pkg_add
command used is :*pkg_add
be allowed through the local firewall:
UDP port 500, port 1
ESP all ports
AH all ports
My original /etc/pf.conf:
ext_if=fxp0
int_if=fxp3
internal_net=192.168.0.0/24
nat on $ext_if from $internal_net to any - ($ext_if)
and I added these three lines (the Windows machine is 192.168.0.3
Wojciech Puchar [EMAIL PROTECTED] wrote: Memory: 4GB 667MHz (4x1GB), Dual
Ranked DIMMs
incredibly important for firewall to have 4GB RAM. why not 64GB or more?
;)
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman
ajtiM wrote:
Hi!
I am a new FreeBSD 7.0 beta3 user and I have standalone computer connected to
the internet (cable). I use both, console and KDE desktop. I tried to setup
PF firewall for the standalone computer but I have a problem with internal
messages (mail) which are blocked
ajtiM wrote:
Hi!
I am a new FreeBSD 7.0 beta3 user and I have standalone computer connected to
the internet (cable). I use both, console and KDE desktop. I tried to setup
PF firewall for the standalone computer but I have a problem with internal
messages (mail) which are blocked if firewall
On Fri, Dec 07, 2007 at 06:20:37AM -0600, ajtiM wrote:
Hi!
I am a new FreeBSD 7.0 beta3 user and I have standalone computer connected to
the internet (cable). I use both, console and KDE desktop. I tried to setup
PF firewall for the standalone computer but I have a problem with internal
Hi!
I am a new FreeBSD 7.0 beta3 user and I have standalone computer connected to
the internet (cable). I use both, console and KDE desktop. I tried to setup
PF firewall for the standalone computer but I have a problem with internal
messages (mail) which are blocked if firewall running
Hello all,
I'm trying to use ng_netflow module along with PF+CARP implementation on
freebsd 6.2.
I understand from different posts that ng_netflow module is performing quite
well and does not add so much cpu load since packets are processed in the
kernel.
However, ng_netflow
Lucas Neves Martins wrote:
422 ipfw add 950 divert 8082 tcp from any to any 80 via em0
Hi!
I do something similar, except with a small home-grown server used to
serve 'You are banned' pages to people who insist on driving my poor
little webserver into swap.
The directive you're looking for
On Nov 30, 2007 5:59 AM, Lucas Neves Martins [EMAIL PROTECTED] wrote:
Hello guys,
I´m having the following problem:
Redirect requests from the port 80, to the port 8082. - for apache tomcat.
I´m new on freeBSD, Of course, I had looked out on google, and read the
firewall section
On 11/30/07, Lucas Neves Martins [EMAIL PROTECTED] wrote:
Hello guys,
I´m having the following problem:
Redirect requests from the port 80, to the port 8082. - for apache tomcat.
I´m new on freeBSD, Of course, I had looked out on google, and read the
firewall section on the Handbook
Hello guys,
I´m having the following problem:
Redirect requests from the port 80, to the port 8082. - for apache tomcat.
I´m new on freeBSD, Of course, I had looked out on google, and read the
firewall section on the Handbook.
But only found missed things, and nothing worked.
I have tried
Lucas Neves Martins wrote:
Redirect requests from the port 80, to the port 8082. - for apache tomcat.
[[snip]]
422 ipfw add 950 divert 8082 tcp from any to any 80 via em0
425 ipfw add 950 divert 8082 tcp from any to any 80 via em0
428 ipfw add 950 divert 80 tcp from any to any 8082
are easy. I've been
using Solaris for this, but it's rather archaic in many ways, and the
only reason I use it is for the stable ZFS support. Everything else in
Solaris - given my needs - is a poor match.
Can anybody suggest what options there are for having a router/
firewall configuration
[EMAIL PROTECTED] wrote:
FreeBSD 7 supports ZFS. From there, NFS and Samba are easy. I've been
using Solaris for this, but it's rather archaic in many ways, and the
only reason I use it is for the stable ZFS support. Everything else in
Solaris - given my needs - is a poor match.
People have
On Wed, Nov 28, 2007 at 09:08:37PM +0100, Ivan Voras wrote:
[EMAIL PROTECTED] wrote:
FreeBSD 7 supports ZFS. From there, NFS and Samba are easy. I've been
using Solaris for this, but it's rather archaic in many ways, and the
only reason I use it is for the stable ZFS support. Everything
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Aryeh M.
Friedman
Sent: Monday, November 26, 2007 11:40 PM
To: Ted Mittelstaedt
Cc: freebsd-questions@freebsd.org; Bob Richards
Subject: Re: Getting around ISP SMTP firewall settings (Re: Submitting
Hi folks,
Just built a 6.2 box.
Wondering what is the best software firewall.
Yes, I know that this is a loaded, and
subjective issue.
I just couldn't find a definitive answer:
http://www.google.com/search?hl=ensafe=offq=firewall+%282007+OR+2006%29+site%3Alists.freebsd.org%2Fpipermail
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of W. D.
Sent: Tuesday, November 27, 2007 12:08 AM
To: FreeBSD-Questions@freebsd.org
Subject: Best FreeBSD Firewall for 6.X?
Hi folks,
Just built a 6.2 box.
Wondering what is the best software
On Tue, 2007-11-27 at 02:07 -0600, W. D. wrote:
Hi folks,
Just built a 6.2 box.
Wondering what is the best software firewall.
Yes, I know that this is a loaded, and
subjective issue.
I just couldn't find a definitive answer:
There is no such thing best.
It's a matter of you defining
To be perfectly clear this isn't really receiving mail. Your
configuring a system at dydns.org or some other mail forwarder to
receive your mail for you then forward it on to your system using the
alternative port.
Not what I am doing. I only suggested that to the original poster who
has an
Ted Mittelstaedt wrote:
[deleted]
Don't know but a dime is too much right now (I am personally living on
$15/mo once the rent, food and connectivity is paid for [the wonders
of a startup with no investors]). That is one reason why colo is not
possible... yes I understand most of the hassles
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
BTW I a redirected this to -questions
You should be able to set up a local mailer/MTA (sendmail, postfix,
etc.) and tell it to use your ISP's mail server on TCP port 25, and it
all should just magically work unless they require SMTP AUTH (not
On 2007-11-26 04:00, Aryeh M. Friedman [EMAIL PROTECTED] wrote:
BTW I a redirected this to -questions
You should be able to set up a local mailer/MTA (sendmail, postfix,
etc.) and tell it to use your ISP's mail server on TCP port 25, and
it all should just magically work unless they require
On November 26, 2007 at 04:00AM Aryeh M. Friedman wrote:
You should be able to set up a local mailer/MTA (sendmail, postfix,
etc.) and tell it to use your ISP's mail server on TCP port 25, and it
all should just magically work unless they require SMTP AUTH (not many
do from what I've
On Mon, 26 Nov 2007 13:15:59 +0200
Giorgos Keramidas [EMAIL PROTECTED] wrote:
I don't think there's an easy way to set up the local Sendmail
installation to *receive* email from the world without some sort of
`static address' though.
Actually there is an easy way, I do it here at my work
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Bob Richards
Sent: Monday, November 26, 2007 3:45 AM
To: freebsd-questions@freebsd.org
Subject: Re: Getting around ISP SMTP firewall settings (Re: Submitting a
new port if send-pr is broken)
On Mon
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Frankly, unless you processing mail for a lot of people, there is no
benefit to running your own mailserver, and you really ought to be
using a client-server model for getting mail, as you are doing. The
OP just hasn't realized this yet.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Aryeh M. Friedman wrote:
Frankly, unless you processing mail for a lot of people, there is no
benefit to running your own mailserver, and you really ought to be
using a client-server model for getting mail, as you are doing. The
OP just
-Original Message-
From: Aryeh M. Friedman [mailto:[EMAIL PROTECTED]
Sent: Monday, November 26, 2007 10:02 PM
To: Aryeh M. Friedman
Cc: Ted Mittelstaedt; Bob Richards; freebsd-questions@freebsd.org
Subject: Re: Getting around ISP SMTP firewall settings (Re: Submitting a
new port
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Really, as others have said, it's easier to pay the money for the
business line. How much extra do they want for it?
Don't know but a dime is too much right now (I am personally living on
$15/mo once the rent, food and connectivity is paid for
to be
contacting, and contact only that person.
I understand that in the business world it's normal to CC everyone and all
of their managers as well, but that's because in the business world,
politics is more important than getting things done.
The reason we believe to be problems of a firewall is to make
Dear Gentlemen,
We INPE / CPTEC an institution of meteorology government of Brazil, we
are having trouble accessing the servers of FreeBSD, we believe that
your firewall is blocking our access.
Due to use its operating system in our computational park, blocking our
access is causing
Rodrigo Moura Bittencourt [EMAIL PROTECTED] wrote:
Dear Gentlemen,
We INPE / CPTEC an institution of meteorology government of Brazil, we
are having trouble accessing the servers of FreeBSD, we believe that
your firewall is blocking our access.
While this is possible, I find it unlikely
Aloha,
Anybody on this list know of a how to for configuring a firewall for a 5
IP ATM DSL? I know that the firewall has to come between the DSL modem
and the Switch/router for the 5 IP's assigned. However the gateway IP
must be able to be seen through the firewall in order for the ATM
I found this interesting account of someone installing
the (freebsd-based) m0n0wall firewall on an old
WatchGuard Firebox II firewall using a discarded 8MB
compact flash card:
http://www.ls-net.com/m0n0wall-watchguard/
I happen to have a Firebox II sitting around, and was
wondering what
I've made a /etc/rc.firewall.local I may rename it in the future
to stand out more, but we'll see how it goes for now.
Neat. Have fun with the new firewall ruleset then.
Thanks. I wish it wasn't necessary, but the server runs MySQL
and if I turn TCPwrappers on, someone just
On 2007-08-02 14:49, Tuc at T-B-O-H.NET [EMAIL PROTECTED] wrote:
Giorgos Keramidas wrote:
On 2007-08-02 12:36, Tuc at T-B-O-H.NET [EMAIL PROTECTED] wrote:
Hi,
I'm developing firewall rules for a machine, and I'm wondering what
the standard is for putting my version of an ipfw firewall_script
Hi,
I'm developing firewall rules for a machine, and I'm wondering
what the standard is for putting my version of an ipfw firewall_script?
I'd normally drop it onto /usr/local/etc somewhere, but my /u/l/e
is an NFS filesystem, and according to rcorder it starts ipfw WAY before
On Thu, 2 Aug 2007 12:36:51 -0400 (EDT)
Tuc at T-B-O-H.NET [EMAIL PROTECTED] wrote:
Hi,
I'm developing firewall rules for a machine, and I'm wondering
what the standard is for putting my version of an ipfw
firewall_script?
I'd normally drop it onto /usr/local/etc somewhere
On Thu, Aug 02, 2007 at 10:04:20AM -0400, [EMAIL PROTECTED] wrote:
It might not be as challenging as rolling your own... but have you
considered using one of the ready-to-install BSD firewall/router
packages like m0n0wall ? http://m0n0.ch/wall/
I have thinked about it. I have tried monowall
On 2007-08-02 12:36, Tuc at T-B-O-H.NET [EMAIL PROTECTED] wrote:
Hi,
I'm developing firewall rules for a machine, and I'm wondering what
the standard is for putting my version of an ipfw firewall_script?
I usually save my rules in '/etc/pf.conf' or '/etc/ipfw.rules'.
It's not like the '/etc
On 2007-08-02 12:36, Tuc at T-B-O-H.NET [EMAIL PROTECTED] wrote:
Hi,
I'm developing firewall rules for a machine, and I'm wondering what
the standard is for putting my version of an ipfw firewall_script?
I usually save my rules in '/etc/pf.conf' or '/etc/ipfw.rules'.
It's not like
the ipnumbers on the three cards
in the box.
sis0 have 83.x.x.x
sis1 have 192.168.0.1 , and this is the lan.
sis2 have 10.0.0.1 , and this is meant to be a dmz.
Another box with ip 10.0.0.2 is connected to sis2 and is
configured as a webserver.
I have a working firewall in the soekris-box with ipfw
On Wed, 16 May 2007 16:58:39 +1200
Brett Davidson [EMAIL PROTECTED] wrote:
I keep firewall rules in a file that I then run via a sh command. You
know, like /etc/rc.firewall. :-)
Essentially the file does
ipfw -q -f flush
$cmd 0015 check-state
$cmd set 31 rule# allow tcp from address
I keep firewall rules in a file that I then run via a sh command. You
know, like /etc/rc.firewall. :-)
Essentially the file does
ipfw -q -f flush
$cmd 0015 check-state
$cmd set 31 rule# allow tcp from address/subnet to me 22 in via
$pif setup keep-state
where $cmd = ipfw -q add and $pif
of the connection
attempts in /var/log (grepping for the host name or IP of the other machine
gives no results, and even ping doesn't work), and it seems that, according
to the FreeBSD handbook chapter 26, there is no firewall installed by
default.
Why would FreeBSD be dropping packets, without recording
is that the machine is
discarding packets. However, I can't find any record of the connection
attempts in /var/log (grepping for the host name or IP of the other machine
gives no results, and even ping doesn't work), and it seems that, according
to the FreeBSD handbook chapter 26, there is no firewall installed
On 4/4/07, Javier Henderson [EMAIL PROTECTED] wrote:
Can SSH clients on your local network connect to your system?
You say packets are arriving at your machine, can you elaborate on this
further? Assuming a SYN packet arrives from a host, so you see a
SYN+ACK go out, etc?
Actually, it turns
suggestions? Does the Linux firewall
system have a similar way to block access to a particular IP if it
were doing forwarding? We were experimenting with a new proxy
machine but it is running Ubuntu.
-Bart
___
freebsd-questions@freebsd.org mailing
Hello,
My question is related to PF performances with large state tables.
FreeBSD : 5.5
hw.model: Intel(R) Xeon(TM) CPU 3.20GHz
hw.physmem: 2138378240 = 2 Gb
If I put a mail server
20 SMTP hits per second (thanks to spam...)
15 seconds per SMTP dialog
90 seconds for PF
On 2/26/07, Jacques Beigbeder [EMAIL PROTECTED] wrote:
Hello,
My question is related to PF performances with large state tables.
FreeBSD : 5.5
hw.model: Intel(R) Xeon(TM) CPU 3.20GHz
hw.physmem: 2138378240 = 2 Gb
If I put a mail server
20 SMTP hits per second (thanks to spam...)
Noah wrote:
Erik Norgaard wrote:
Noah wrote:
the servers and clients are not on the same LAN segment. capturing
MAC has nothing to do with this scenario.
You haven't exactly told a lot about the network you want to setup.
The logic thing is to authenticate against the firewall connected
Noah wrote:
Does anybody have a recommendation for a program out there that would
allow somebody to enter an account and password on my website, their IP
address is cached, and the cached IP address is added temporarily to the
firewall ruleset to be allowed.
I am not aware of anything
201 - 300 of 1122 matches
Mail list logo