* Fafa Hafiz Krantz [EMAIL PROTECTED] [20050508 15:32]: wrote:
Hey!
Here are some aliases I snagged of some dood on IRC:
How can these PF aliases be improved?
The last one doesn't really reload PF. I need to reboot for that.
alias pfdump 'tcpdump -n -e -ttt -r /var/log/pflog
On Sun, 8 May 2005, Fafa Hafiz Krantz wrote:
Hello.
My ruleset is all twisted.
Unless I disable the default deny policy, this is what happens:
* My nameserver setup goes disfunctional.
* My web, mail and fileserver goes disfunctional.
* I cannot SSH and FTP into certain servers.
*
Fafa Hafiz Krantz wrote:
Hello.
My ruleset is all twisted.
Unless I disable the default deny policy, this is what happens:
* My nameserver setup goes disfunctional.
* My web, mail and fileserver goes disfunctional.
* I cannot SSH and FTP into certain servers.
* I cannot ping my IP from the
Fafa Hafiz Krantz wrote:
Perhaps you should check the archives. :)
What do you mean? There are many archives out there ...
Please tell me which one?
Thanks!
--
Fafa Hafiz Krantz
Research Designer @ http://www.home.no/barbershop
Enlightened @ http://www.home.no/barbershop/smart/sharon.pdf
Did
Hello!
Problems:
1. BIND stops workin after a while
2. I cannot establish SSH connections
3. I cannot FTP to certain sites
4. PF crashes my computer on FTP uploads
So I'm seeking solutions to these problems.
And maybe ways to SIMPLIFY my pf.conf:
-
int_if
Simple question, do problems 1, 2, 3 still happen when you comment
out the pf statements in rc.conf and run with out a firewall?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Fafa Diliha
Romanova
Sent: Saturday, April 30, 2005 7:51 AM
To: [EMAIL PROTECTED
PROTECTED]
To: Fafa Diliha Romanova [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: RE: Please help me with PF (thanks)
Date: Sat, 30 Apr 2005 08:06:49 -0400
Simple question, do problems 1, 2, 3 still happen when you comment
out the pf statements in rc.conf and run with out a firewall
2) i also need to type some three stupid commands after every
reboot for my nat to work. i have to type:
pfctl -F a ; pfctl -Nf /etc/pf.conf ; pfctl -sr
Fafa, it would help a lot if you read the suggestions offered in the
followups to your earlier messages and reported back if trying what
Peter N. M. Hansteen wrote:
3) how does this ftp-proxy work if i want to disable inetd, and
switch ftpd with pure-ftpd?
You could try running ftpsesame or pftpx instead.
Why not simply use sftp?
--
Best regards,
Chris
The only new TV show worth watching will be cancelled.
Chris [EMAIL PROTECTED] writes:
You could try running ftpsesame or pftpx instead.
Why not simply use sftp?
That would be a bit smarter in quite a few cases, certainly.
I'm no fan of ftp myself, but there are circumstances where you need to
accomodate users' perceived needs. That's where
hello!
1) i have reasons to believe that pf causes my server to crash
whenever i upload/download.
http://www.home.no/hedhnta/pf.conf
2) i also need to type some three stupid commands after every
reboot for my nat to work. i have to type:
pfctl -F a ; pfctl -Nf /etc/pf.conf ; pfctl -sr
3) how
Hi,
1) i have reasons to believe that pf causes my server to crash
whenever i upload/download.
Why do you mean with crashing your server? (panic, freeze ...)
2) i also need to type some three stupid commands after every
reboot for my nat to work. i have to type:
pfctl -F a ; pfctl -Nf /etc
Hello!
I am running FreeBSD 5.4-STABLE, with PF as firewall and NAT server.
My question is: Why do I have to type this after everytime I've rebooted
to make my NAT gateway server allow Internet access to my workstation?
# pfctl -F a ; pfctl -Nf /etc/pf.conf ; pfctl -sr
Here is my /etc/pf.conf
Fafa Diliha Romanova [EMAIL PROTECTED] writes:
My question is: Why do I have to type this after everytime I've rebooted
to make my NAT gateway server allow Internet access to my workstation?
Your rule set does not contain any rules which let packets pass *in* on
your internal interface.
did you enable the default variables in rc.conf (or rc.conf.local)?
see:
grep -e pf_ -e pflog /etc/defaults/rc.conf
and set the appropriate variables.
regards,
didier
___
freebsd-questions@freebsd.org mailing list
Hey everyone,
I would like to bock all traffic from one host, the problem is the data
isn't comming from that host anymore, it is redirected from my router, I
am using PF as firewall, this is te ruleset I wanted to use for it:
block in from { example.host.com , example2.secondhost.com } to any
,
generally around 3mbit/s on average. I'm starting to think this is just
an inherent problem in FreeBSD 5.3. Maybe I just need to upgrade to 5.4
when it is released, but I don't think there were many pf updates in
that release. I'm reluctant to post too much information about the
firewall and it's
amount
of bandwidth, generally around 3mbit/s on average. I'm starting to
think this is just an inherent problem in FreeBSD 5.3. Maybe I just
need to upgrade to 5.4 when it is released, but I don't think there
were many pf updates in that release. I'm reluctant to post too much
information about
Hello,
I have read the manpage on pf but I am still stumped. I get some error
messages when starting up that say something like 'rule expands to no
possible valid combination' or something to that effect. If someone can
tell me how I can find out what the error messages are when I boot I
I have read the manpage on pf but I am still stumped. I get some error
messages when starting up that say something like 'rule expands to no
possible valid combination' or something to that effect. If someone can tell
me how I can find out what the error messages are when I boot I will post
for tinkering with pf.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Hello.
I have to write this command on my server after every reboot to allow
my workstation to access the Internet through it:
# pfctl -F a ; pfctl -Nf /etc/pf.conf ; pfctl -sr
My pf.conf looks like this:
int_if=ep0
ext_if=lnc0
# *** Options
#
set block-policy drop
# *** Scrub incoming
Fafa Diliha Romanova [EMAIL PROTECTED] writes:
I have to write this command on my server after every reboot to allow
my workstation to access the Internet through it:
Ok, so the server here is the gateway.
# pfctl -F a ; pfctl -Nf /etc/pf.conf ; pfctl -sr
and you essentially turn off
hello.
just installed pf, everything is looking good.
except my imap is blocked. what do i need to add, where?
# FreeBSD [i386]
# my.hostname.com
# City, Country
# pfctl -F a ; pfctl -Nf /etc/pf.conf ; pfctl -sr
int_if=ep0
ext_if=lnc0
# *** Options
#
set block-policy drop
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Steven Bjørken Vang
Sent: 18 April 2005 11:25
To: [EMAIL PROTECTED]
Subject: pf ruleset for imap
hello.
just installed pf, everything is looking good.
except my imap is blocked. what do i need to add, where?
# FreeBSD [i386
Hello.
I use the ppp utility to configure and setup a line (at the moment no
other way possible). How can I trigger 'pfctl -F all -f /etc/pf.conf'
after the line has been setup to make pf working with the tun0 assigned IP?
Or are there other way doing so?
Thanks,
Oliver
On Thu, Apr 07, 2005 at 04:11:12PM +0200, O. Hartmann wrote:
I use the ppp utility to configure and setup a line (at the moment no
other way possible). How can I trigger 'pfctl -F all -f /etc/pf.conf'
after the line has been setup to make pf working with the tun0 assigned IP
On Sun, 3 Apr 2005, Brian John wrote:
altq on $ext_if priq
queue mail priority 13
queue ssh priority 12
queue web priority 14
I see one syntactical thing you missed.
You have to define your child queues in your altq declaration. Something
like:
altq on $ext_if priq queue {mail, ssh, web}
Also,
Hello,
I read the manpage on pf and constructed a basic set of rules and
macros. However, when I start pf it gives me errors about the syntax of
my file. Basically all I want to accomplish is I don't want my p2p
programs to be able to hog the traffic away from me if I'm trying to
surf. When
Brian John wrote:
However, when I start pf it gives me errors
about the syntax of my file.
Read http://www.openbsd.org/faq/pf/queueing.html. There are
good examples.
Regards Björn
___
freebsd-questions@freebsd.org mailing list
http
On Apr 2, 2005 12:18 AM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
I'm running 5.3 stable.
I've recently switched from ipfilter to pf to take advantage of the
traffic shaping, and I've run into something I don't understand.
I read the documentation on the synproxy option and it sounded
I found it out, just didn't have pf.ko loaded up.
On Mar 31, 2005 11:50 PM, Peter N. M. Hansteen [EMAIL PROTECTED] wrote:
Pat Maddox [EMAIL PROTECTED] writes:
FreeBSD 5.3-RELEASE-p5. I'm not sure how to check the pf version.
One possible source of trouble is running pf from ports on 5.3
I'm running 5.3 stable.
I've recently switched from ipfilter to pf to take advantage of the
traffic shaping, and I've run into something I don't understand.
I read the documentation on the synproxy option and it sounded good to me,
so I replaced my keep state rules with synproxy state.
After
Pat Maddox [EMAIL PROTECTED] writes:
I'm trying to set up PF on a server, and when I run pfctl -nf
/etc/pf.conf, I get the following error:
pfctl: ifa_load: pfi_get_ifaces: Bad file descriptor
More info is required.
Which FreeBSD and PF versions (not all permutations of pf and FreeBSD
FreeBSD 5.3-RELEASE-p5. I'm not sure how to check the pf version.
I just started getting this error a couple days ago, and I've got
absolutely no clue why. I don't recall making any significant changes
to the box. Anyway, here's pf.conf:
# --- pf.conf skeleton for server
the pf version.
I just started getting this error a couple days ago, and I've got
absolutely no clue why. I don't recall making any significant changes
to the box. Anyway, here's pf.conf:
# --- pf.conf skeleton for server
#
# --- MACRO Section -
EXT_IF
Pat Maddox [EMAIL PROTECTED] writes:
FreeBSD 5.3-RELEASE-p5. I'm not sure how to check the pf version.
One possible source of trouble is running pf from ports on 5.3-release
or newer. That could happen if you were running, say, 5.2.something with
the port, upgraded your system to 5.3 but left
I'm trying to set up PF on a server, and when I run pfctl -nf
/etc/pf.conf, I get the following error:
pfctl: ifa_load: pfi_get_ifaces: Bad file descriptor
Google doesn't come up with anything, I've got no clue what that is. Any help?
___
freebsd
Eugene M. Minkovskii [EMAIL PROTECTED] writes:
pf@benzedrine.cx is it mail-list or private e-mail. Does I need
to register anywhere before mail to it?
pf@benzedrine.cx is a mailing list, which I think allows posting by
non-subscribers, but obviously you may want to sign up to make sure you
get
Sorry, it's again I.
So, I was trying to modify my OpenBSD pf brandmauer to collect me
information about traffic. Now I has following rules:
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state
So, where could I put label to mark
Eugene M. Minkovskii [EMAIL PROTECTED] writes:
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state
So, where could I put label to mark inbound traffic? This traffic
goes into my machine because I use state table.
I'd say
On Tue, Mar 22, 2005 at 01:18:27PM +0100, Peter N. M. Hansteen wrote:
Eugene M. Minkovskii [EMAIL PROTECTED] writes:
I'd say something along the lines of
allowed_out = { ssh, domain, http, https, etc... }
pass out on $ext_if proto tcp $allowed_out label allowed-out keep state
you
Eugene M. Minkovskii [EMAIL PROTECTED] writes:
Just a moment, does it mean that your last rule allow any
incoming connections from world to clients if thay matched by
client2_inports, ANY, not only connections opened by clients?
That rule would let new connections from anywhere pass on the
.
Unfortunely, this mean, that OpenBSD's pf can not measure
traffic, because we can not separate incoming and outgoing
traffic in bidirectional rule. Or we must not use keep state
feature.
--
Sensory yours, Eugene Minkovskii
,
___
freebsd
Eugene M. Minkovskii [EMAIL PROTECTED] writes:
Unfortunely, this mean, that OpenBSD's pf can not measure
traffic, because we can not separate incoming and outgoing
traffic in bidirectional rule. Or we must not use keep state
feature.
I think I understand what you mean - you do not want per
On Tue, Mar 22, 2005 at 02:28:09PM +0100, Peter N. M. Hansteen wrote:
Eugene M. Minkovskii [EMAIL PROTECTED] writes:
Unfortunely, this mean, that OpenBSD's pf can not measure
traffic, because we can not separate incoming and outgoing
traffic in bidirectional rule. Or we must not use keep
Sure you can
check out IP accountingit's a great tool for web
hosters and such, and they have an pf module
http://ipa-system.sourceforge.net/
Jorge Mario Mazo
_
Do You Yahoo!?
Información de Estados Unidos y América Latina, en Yahoo
On Mon, Mar 21, 2005 at 08:54:35AM +0100, Peter N. M. Hansteen wrote:
Eugene M. Minkovskii [EMAIL PROTECTED] writes:
block in log on $ext_ip inet from any to $ext_ip label $ext_ip
pass in on $ext_ip inet from any to $ext_ip port 22 keep sate
As you can see, ssh packets match to all
Hello!
Does any body know, how can I use OpenBSD's pf (packet filter) for
determine total traffic volume on network interface? If it's
impossible, what facility you recommend me to do this?
--
Sensory yours, Eugene Minkovskii
,
___
freebsd
Eugene M. Minkovskii wrote:
Hello!
Does any body know, how can I use OpenBSD's pf (packet filter) for
determine total traffic volume on network interface? If it's
impossible, what facility you recommend me to do this?
I don't realy know if it is impossible to use PF for monitoring the
total
Eugene M. Minkovskii pe v ne 20. 03. 2005 v 12:31 +0300:
Hello!
Does any body know, how can I use OpenBSD's pf (packet filter) for
determine total traffic volume on network interface? If it's
impossible, what facility you recommend me to do this?
I don't know much about pf, but I use ipfw
Eugene M. Minkovskii [EMAIL PROTECTED] writes:
Does any body know, how can I use OpenBSD's pf (packet filter) for
determine total traffic volume on network interface? If it's
impossible, what facility you recommend me to do this?
Various pfctl -s options (eg pfctl -s info) give you counters
I recently setup a box with 5.3 release and enabled PF in order to do
NAT and eventually firewalling and bandwidth control when I become
more acustom to the workings of PF. Regardless of which however, I'm
having tremendous speed issues with the box currently.
Here is my pf.conf:
ext_if=rl1
: Tomas Quintero [EMAIL PROTECTED]
To: freebsd-questions@freebsd.org
Sent: Sunday, March 20, 2005 11:36 AM
Subject: Slow Performance with OpenBSD's PF on 5.3-RELEASE
I recently setup a box with 5.3 release and enabled PF in order to do
NAT and eventually firewalling and bandwidth control when I become
]
To: freebsd-questions@freebsd.org
Sent: Sunday, March 20, 2005 11:36 AM
Subject: Slow Performance with OpenBSD's PF on 5.3-RELEASE
I recently setup a box with 5.3 release and enabled PF in order to do
NAT and eventually firewalling and bandwidth control when I become
more acustom
On Sun, Mar 20, 2005 at 05:51:58PM +0100, Peter N. M. Hansteen wrote:
Eugene M. Minkovskii [EMAIL PROTECTED] writes:
Does any body know, how can I use OpenBSD's pf (packet filter) for
determine total traffic volume on network interface? If it's
impossible, what facility you recommend me
Eugene M. Minkovskii [EMAIL PROTECTED] writes:
block in log on $ext_ip inet from any to $ext_ip label $ext_ip
pass in on $ext_ip inet from any to $ext_ip port 22 keep sate
As you can see, ssh packets match to all rule and pass in because
last rule win. Does it mean, that I can't see
Volodymyr Kostyrko [EMAIL PROTECTED]:
Shouldn't PF start right after the interfaces come up? [...]
Guys, didn't you forgot that pf sometimes uses resolver to lookup
hostnames present in pf.conf? What happens if it should resole hostnames
with local named?
I noticed that openbsd does
Andreas Davour [EMAIL PROTECTED] writes:
Can someone tell me if it's ok to just use IPFW on my STABLE system, or
is there some other knobs in the kernelconfig I should toggle to turn
off pf support?
By default pf is compiled as a loadable module, which you load if you
want to run pf, leave
Andreas Davour [EMAIL PROTECTED] writes:
So, the base systems ships with two firewalls?
Three, actually - ipfw, ipf and pf. There's a brief explanation why in
the handbook at
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-apps.html
I prefer pf myself, but which one
Andreas Davour [EMAIL PROTECTED] writes:
I have read the handbook about firewalls, and compiled my kernel
without switching on any explicit support for pf.
Now, when I ran the mergemaster it suddenly found a lot of references
to pf in my startup scripts.
The startup scripts support pf
On Tue, 15 Mar 2005, Lowell Gilbert wrote:
Andreas Davour [EMAIL PROTECTED] writes:
I have read the handbook about firewalls, and compiled my kernel
without switching on any explicit support for pf.
Now, when I ran the mergemaster it suddenly found a lot of references
to pf in my startup scripts
I have read the handbook about firewalls, and compiled my kernel without
switching on any explicit support for pf.
Now, when I ran the mergemaster it suddenly found a lot of references to
pf in my startup scripts.
Is pf some kind of mandatory part of the base system these days? I
thought
On Fri, Mar 04, 2005 at 01:41:23PM +0100, Albert Shih wrote:
Le 03/03/2005 ? 13:07:53-0800, Loren M. Lang a ?crit
Well it's not de syntaxes, I always use packet filter system (sometime on
hardware like Foundry/Cisco) where the rule is : First match first use.
And
the pf use entire
is : First
match first use. And the pf use entire rules is very strange for me
(I known I can use ?quick? butwell it's not the philosophy I
think).
I like first match better too, but I think pf is sufficiently better
that I just use it with quick over ipfw.
Better
Mar 4 06:15:16 sole kernel: Enabling pflogd
Mar 4 06:15:16 sole kernel: .
Mar 4 06:15:16 sole kernel: Mar 4 06:15:16 sole kernel: pflog0: promiscuous
mode enabled
Mar 4 06:15:16 sole kernel: Enabling pf.
Mar 4 06:15:16 sole kernel: pf enabled
Shouldn't PF start right after the interfaces come
First my ifconfig -A:
# ifconfig -A
bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
address:
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.82.1 netmask 0xff00 broadcast 192.168.82.255
inet
does it pick the alias IP on the nic and not the actual IP?
Is this intended by design?
Because the first IP address has a netmask with zero bits, and pf is
smart enough to recognize this as part of a subnet/network (this is,
after all the meaning of the :network modifier). The alias IP has
: Mar 4 06:15:16 sole kernel: pflog0:
promiscuous mode enabled
Mar 4 06:15:16 sole kernel: Enabling pf.
Mar 4 06:15:16 sole kernel: pf enabled
..shouldnt PF start right after the interfaces come up?
The interface comes up and then NTP/NTPD start...and duing this time for
5secs or more there seems
Le 03/03/2005 à 13:07:53-0800, Loren M. Lang a écrit
Well it's not de syntaxes, I always use packet filter system (sometime on
hardware like Foundry/Cisco) where the rule is : First match first use. And
the pf use entire rules is very strange for me (I known I can use ?quick?
butwell
J.D. Bronson [EMAIL PROTECTED] writes:
Can someone tell me which is appropriate when FreeBSD 5.4-PRE is used as a
router running pf with built in NAT ?
fastforwarding may or may not be useful, but as far as I can tell, it's
no replacement for the net.inet.ip.forwarding sysctl. By convention
ldconfig path: /usr/lib/aout
/usr/lib/compat/aout
Mar 4 06:15:16 sole kernel: Enabling pflogd
Mar 4 06:15:16 sole kernel: .
Mar 4 06:15:16 sole kernel: Mar 4 06:15:16 sole kernel: pflog0: promiscuous
mode enabled
Mar 4 06:15:16 sole kernel: Enabling pf.
Mar 4 06:15:16 sole kernel: pf enabled
sole kernel: Enabling pf.
Mar 4 06:15:16 sole kernel: pf enabled
Shouldn't PF start right after the interfaces come up? [...]
[...]
Can you try the following patch to your /etc/rc.d/pf script and tell me
if it works for you or if it breaks anything important?
%%%
Index: pf
+++ J.D. Bronson [freebsd] [02-03-05 16:57 -0600]:
| net.inet.ip.fastforwarding
| or
| net.inet.ip.forwarding
AFAIK, its net.inet.ip.forwarding
|
|
| Can someone tell me which is appropriate when FreeBSD 5.4-PRE is used as a
| router running pf with built in NAT ?
|
| And what
No one replied to this and I thought it was easy for someone on this list
to help me?
I am going to run pf and setup FBSD as a router (3 NICs).
And I see there are some options:
net.inet.ip.fastforwarding
or
net.inet.ip.forwarding
Can someone tell me which is appropriate when FreeBSD 5.4-PRE
On Thu, 03 Mar 2005 06:30:52 -0600, J.D. Bronson [EMAIL PROTECTED] wrote:
No one replied to this and I thought it was easy for someone on this list
to help me?
I am going to run pf and setup FBSD as a router (3 NICs).
And I see there are some options:
net.inet.ip.fastforwarding
At 09:15 AM 03/03/2005, Tomas Quintero wrote:
Are you entirely sure you want to do it using PF? Has PF even been
fully implemented into the 5.x series?
I recently setup an FBSD router with 3 external NICs and 1 internal,
using NAT and open ipfw rules for now, until I learn a bit more about
ipfw
On Thu, 03 Mar 2005 06:30:52 -0600, J.D. Bronson [EMAIL PROTECTED] wrote:
No one replied to this and I thought it was easy for someone on this list
to help me?
I am going to run pf and setup FBSD as a router (3 NICs).
And I see there are some options:
net.inet.ip.fastforwarding
On 2005-03-03 10:15, Tomas Quintero [EMAIL PROTECTED] wrote:
On Thu, 03 Mar 2005 06:30:52 -0600, J.D. Bronson [EMAIL PROTECTED] wrote:
No one replied to this and I thought it was easy for someone on this
list to help me?
I am going to run pf and setup FBSD as a router (3 NICs).
And I see
Giorgos Keramidas wrote:
On 2005-03-03 10:15, Tomas Quintero [EMAIL PROTECTED] wrote:
On Thu, 03 Mar 2005 06:30:52 -0600, J.D. Bronson [EMAIL PROTECTED] wrote:
No one replied to this and I thought it was easy for someone on this
list to help me?
I am going to run pf and setup FBSD as a router (3
At 12:13 PM 03/03/2005, Chris Hodgins wrote:
Hmm I found this:
http://mailman.twdx.net/pipermail/occaid/2003-October/000250.html
Google for freebsd net.inet.ip.fastforwarding.
Chris
Hey guys...all of this seems really coolbut is it appropriate for one
to use 'fast forwarding' when using pf
to help me?
I am going to run pf and setup FBSD as a router (3 NICs). And I
see there are some options:
net.inet.ip.fastforwarding
or
net.inet.ip.forwarding
Can someone tell me which is appropriate when FreeBSD 5.4-PRE is
used as a router running pf with built in NAT ?
As far
but is it appropriate for one
to use 'fast forwarding' when using pf/nat ?
It -seems- to me that if one wants to use pf and/or nat that 'fast
forwarding is not applicable nor desired.
OTOH, if it IS desirable, I certainly want to use it.
Yes and no.
When fast forwarding is enabled, the network packets
On Wed, Mar 02, 2005 at 12:57:06PM +0100, Albert Shih wrote:
Le 02/03/2005 ? 09:03:23+0100, Stevan Tiefert a ?crit
On Tue, 1 Mar 2005, Albert Shih wrote:
The both packef filters are maintained! pf is ported from OpenBSD and
ipfw is from FreeBSD.
GreatI can continu
On Tue, 1 Mar 2005, Albert Shih wrote:
Hi all,
From FreeBSD 4.5 I use ipfw on freebsd-box with 3 NIC card.
Now I'm in FreeBSD 5.1. I've see in FreeBSD 5.3 there are pf and ipfw, why
there two versions ? The ipfw is always maintened ? Or I need to switch to
pf ?
Why can I do with PF
Le 02/03/2005 à 09:03:23+0100, Stevan Tiefert a écrit
On Tue, 1 Mar 2005, Albert Shih wrote:
The both packef filters are maintained! pf is ported from OpenBSD and
ipfw is from FreeBSD.
GreatI can continu to use ipfw;-))
Whenever two programs two syntaxes...
Well it's
net.inet.ip.fastforwarding
or
net.inet.ip.forwarding
Can someone tell me which is appropriate when FreeBSD 5.4-PRE is used as a
router running pf with built in NAT ?
And what is the difference on these 2 options?
Lastly, do I still need to set
gateway_enable=YES ?
(or does that do the same thing
FreeBSD MailingLists [EMAIL PROTECTED] writes:
when I start pf I get:
snip
Enabling pf.
/etc/pf.conf:4: anchor '(null)' invalid
Just to eliminate the obvious - the file you want to pull in exists, is
readable and contains what appears at first glance to be valid pf rules?
Does including
After sending off the question I did a little more digging and I think
I figured it out.
I was reading the current pf faq on the openbsd website, which turns
out to be based on OpenBSd 3.6 version of pf. FreeBSD 5.3 has OpenBSD
3.5 version of pf.
Turns out in the version 3.5 when loading
on firewalling on FreeBSD
(http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-pf.html)
and decided to pick pf as my firewall solution. The OpenBSD guide on this
simply and elegantly written and is very easy to get the hang of.
I have created a packet filtering ruleset in /etc/pf.conf
am deploying and stick to it.
I went through the webpage on firewalling on FreeBSD
(http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-
pf.html) and decided to pick pf as my firewall solution. The OpenBSD
guide on this simply and elegantly written and is very easy to get
Hi all,
From FreeBSD 4.5 I use ipfw on freebsd-box with 3 NIC card.
Now I'm in FreeBSD 5.1. I've see in FreeBSD 5.3 there are pf and ipfw, why
there two versions ? The ipfw is always maintened ? Or I need to switch to
pf ?
Why can I do with PF that I can't do with ipfw ?
I've ask this because
Hi,
I'm struggling with PF on FreeBSD 5.3-RELEASE...
I've got a custom kernel configuration; including:
device pf
device pflog
In rc.conf I've set:
pf_enable=YES
pf_rules=/etc/pf.conf
pf_flags=
pflog_enable=YES
pflog_logfile=/var/log/pflog
pflog_flags=
dmesg -a shows:
ELF ldconfig path: /lib
On Mon, 28 Feb 2005 15:34:09 +0200
Andrew Lewis [EMAIL PROTECTED] wrote:
How do I make it work? ;)
Forgot to run make installkernel. :(
It's funny laugh
-AL.
___
freebsd-questions@freebsd.org mailing list
So here's another question:
pfctl says:
No ALTQ support in kernel
ALTQ related functions disabled
^- I remember reading something about there being early support available for
this under fBSD? Where do I find the patches to make this work?
I'm intending on using PF for shaping *only* so
On Mon, 28 Feb 2005 14:42:57 +0100
Dominique Goncalves [EMAIL PROTECTED] wrote:
man altq ;-)
Oh... Ok... So I set the relevant options in the kernel, rebuilt it looks
good - thankyou. :) :) :)
Excuse my nonsense AheaHeaHe aHeooHAeHAaHa Thanku, Thanku...
-AL.
Ok, I have found THE solution :d
Yes, we can share connection with only one card !
The method:
Setup a card for the public address,
set an alias = 192.168.0.1 for example
set gateway_enable=YES in rc.conf
reload routing
ok, now here my PF file:
ext_if=rl0
int_ip=192.168.0.0/24
ext_ip
Ok, I have FreeBSD 5.3 with PF.
How to share connection from a routeur with only one network card ?
My network is like that:
Internet connection in DHCP, Routing computer, Workstation computer on
a switch
The router take connection by DHCP and share it to my Workstation
The workstation use my
On Sun, 27 Feb 2005, Bachelier Vincent wrote:
Ok, I have FreeBSD 5.3 with PF.
How to share connection from a routeur with only one network card ?
My network is like that:
Internet connection in DHCP, Routing computer, Workstation computer on
a switch
The router take connection by DHCP
a écrit:
From: Stevan Tiefert [EMAIL PROTECTED]
Cc: freebsd-questions@freebsd.org
To: Bachelier Vincent [EMAIL PROTECTED]
Date: Sun, 27 Feb 2005 21:42:49 +0100 (CET)
Subject: Re: Share connection with PF
On Sun, 27 Feb 2005, Bachelier Vincent wrote:
Ok, I have FreeBSD 5.3 with PF
901 - 1000 of 1112 matches
Mail list logo