On 25 jun 2012, at 15:36, Matthias Cramer wrote:
> After clearing all states with pfctl -F states the connection is blocked.
>
> Is there a way to:
> - clear a single state?
> - to block a packet even with a established state ?
Hi Matthias,
The pfctl -K/-k options allow you to "kill" specific s
On 16 jan 2011, at 18:49, Mike. wrote:
> In any case, now that I've moved to OpenBSD 4.8 for the firewall/router
> everything is working as expected now. I can traceroute from the
> FreeBSD client, and Windows without a problem.
This was fixed between 4.7 and 4.8:
http://marc.info/?l=openbsd-mi
On 30 dec 2010, at 19:58, Alessandro Baggi wrote:
> Hi list. I've installed two firewall, 1 master and 1 backup. Trying some
test to see if carp and pfsync works, I get this issue: fw master works, all
network connection works, then I disconnect che external interface cable of
fw1 and carp0 go in
On 09-07-23 17.07, Marian Hettwer wrote:
Right now, I configured the box like that:
# cat /etc/hostname.bge0
up
# cat /etc/hostname.bge1
up
# cat /etc/hostname.trunk0
trunkproto failover trunkport bge0 trunkport bge1 up
On 09-05-07 05.00, J.C. Roberts wrote:
If anyone here mistakenly thinks they can actually run *ANALYSIS* at
these speeds with off the shelf components...
BAWAHAHAHAHAHAHAHA!
Well, depends on what you mean by "off the shelf". Procera Networks is
doing layer 7 analysis at 40Gbps FD with
On 08-11-28 12.54, Michael wrote:
Hi,
when using trunk (in failover mode) the MAC addresses of the network
interfaces change.
Is there any way, if using trunk, to read the real MAC address as
mentioned in dmesg (even much later when the kernel boot dmesg got
spammed away)?
grep address /var/r
On 08-11-06 14.44, Alexander Hall wrote:
Hi!
I have issues booting a HP ProLiant DL180 G5 ("456830-421") [1] which I
hope someone can shed some light on.
[ While writing thie email I've done some more testing and realized
that the behaviour is not really consistent, but what I describe
below is
On 08-05-09 08.25, Reyk Floeter wrote:
On Fri, May 09, 2008 at 10:40:18AM +0530, Srikant Tangirala wrote:
for all the common protocols? With my little bit
of knowledge what I figure is that we need some
piece of software(s) which understands each protocol
thoroughly, can look at raw packets in r
On 08-03-31 10.44, Simon Kammerer wrote:
Hi!
after several years without any problems, we upgraded the hardware of
our carp/pfsync gateway about four week ago. Two weeks ago, the gateway
crashed completely: Both nodes were unreachable on all network
interfaces, we had to reset both machines.
Hi all,
I bought a PCI SATA controller off the shelf at a local store last week.
It was so cheap I didn't bother checking the chipset on it. It's a
rebranded Sunix card:
http://www.sunix.com.tw/it/en/Product_Detail.php?cate=2&class_a_id=34&sid=447
When I plugged it in I realised it uses a In
On 08-02-01 07:40, Chris wrote:
JetFlash*)
[.. snip ..]
+ disklabel=TS8GJFV30
Change "JetFlash*)" to "TS8GJFV30)"
/Johan
On 08-01-30 22:43, Kent Watsen wrote:
I've set up boxes this way, but without the trunk.
And it was completely transparent to your switch? - you had both carped
boxes plugged into the same switch?
Yep, two boxes with one cable each to the switch. Both with a bunch of
vlans and carp interface
On 08-01-30 17:50, Kent Watsen wrote:
hme0 \
hme1 \ /- vlan0 --- carp0
--- trunk0 - vlan1 --- carp1
hme2 / \- valn2 --- carp2
hme3 /
I say this is the way to go. You can consider trunk0 a physical
interface (consisting of four underlay
On 08-01-29 11:01, Chris wrote:
#!/bin/sh
DEVCLASS=$1
DEVNAME=$2
case $DEVCLASS in
2)
# disk devices
disklabel=`/sbin/disklabel $DEVNAME 2>&1 | \
sed -n '/^label: /s/^label: //p
Gustavo A. Baratto wrote:
[.. snip ..]
FW2 hostname.carpX (3.8)
---
fw2# cat /etc/hostname.carp0
inet 1.2.3.2 255.255.255.0 1.2.3.255 vhid 1 pass foo carpdev em0 advskew 127
inet alias 1.2.3.6 255.255.255.0 1.2.3.255 vhid 1 pass foo carpdev em0
advskew 127
inet alias 1.2
Hello People,
I've just setup a squid proxy at a local school. It's been humming along
fine for two weeks now. Today it started to work rather sporadically.
I'm using squid-2.5.STABLE10-transparent from ports, on an OpenBSD
snapshot from 1st september (too be upgraded to -stable on Nov 1st).
On Thu, 4 Aug 2005, Roland Penner wrote:
I am setting up new firewall running OpenBSD 3.7. I am trying to
implement rules using tagging. I ran into trouble with the following
line:
nat on $ext_if tagged LAN_INET tag LAN_INET_NAT -> ($ext_if)
I get the following error:
/etc/pf.conf:16: syntax
On Fri, 29 Jul 2005, stan wrote:
Now, I suspect that might be because I have an existing pair of 3.5
machines doing carp, which are my firwall. Can I not have 2 different
carp0's on one netwokr, if they have different virtyal, and real addresses?
Just make sure you use different vhid's on the c
On Mon, 16 May 2005, Greg Thomas wrote:
Default install of 3.6 with patches. This is my first attempt at
setting up a bridge:
# cat /etc/bridgename.bridge0
add xl0
add xl1
up
# ifconfig -a
lo0: flags=8049 mtu 33224
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet
Hello people
I've recently baught myself one of these small little WRAP boards
(http://www.pcengines.ch/wrap.htm), soekris-look-alike. After installing
-current on it, I noticed the following:
--
# dhclient sis0
DHCPDISCOVER on sis0 to 255.255.255.255 port 67 interval 6
ip length 328 disagre
20 matches
Mail list logo
