On Tue, Mar 21, 2017, at 16:56, Marko Cupać wrote:
> ...
>
> What exactly I should pass on enc interface so that the above packet
> passes?
>
> Thank you in advance.
Hi,
You probably need to allow ipencap protocol packets. I also need l2tp
packets, but that depends on whether you use it.
--
Fran
On Fri, 2 Dec 2016 12:14:56 + (UTC)
Stuart Henderson wrote:
> On 2016-11-25, Marko Cupać wrote:
> > Hi,
> >
> > I'd like to do limit bandwidth on gre tunnel protected with ipsec in
> > transport mode.
> I haven't tried this exact scenario. But I understand the general way
> things work and
On 2016-11-25, Marko Cupać wrote:
> Hi,
>
> I'd like to do limit bandwidth on gre tunnel protected with ipsec in
> transport mode.
>
> I've set single default queue on gre interface, matched everything
> that goes out to that queue, and finally passed everything out that
> interface:
>
> # SNIP
>
2010/3/17 N. Arley Dealey
> Help! I'm obviously overlooking something really obvious but I just can't
> see it.
>
> I'm building my first PF-based router/firewall using OpenBSD 4.6. For now,
> what I
> need it to do is pretty simple:
>
>1. Allow all outbound traffic via NAT and allow all inbo
Stuart Henderson escreveu:
On 2008-12-30, Giancarlo Razzolini wrote:
fRANz escreveu:
Hi.
I've some trouble with this configuration:
LAN -- fw (openbsd 4.4) -- adsl router
LAN: 192.168.100.0/24
fw int int: sis1
fw int ind: 192.168.100.2
fw ext int: sis0
fw ext ind: 10.0.0.2
router in
On 2008-12-30, Giancarlo Razzolini wrote:
> fRANz escreveu:
>> Hi.
>>
>> I've some trouble with this configuration:
>>
>> LAN -- fw (openbsd 4.4) -- adsl router
>>
>> LAN: 192.168.100.0/24
>> fw int int: sis1
>> fw int ind: 192.168.100.2
>> fw ext int: sis0
>> fw ext ind: 10.0.0.2
>> router int in
fRANz escreveu:
Hi.
I've some trouble with this configuration:
LAN -- fw (openbsd 4.4) -- adsl router
LAN: 192.168.100.0/24
fw int int: sis1
fw int ind: 192.168.100.2
fw ext int: sis0
fw ext ind: 10.0.0.2
router int ind: 10.0.0.1
I try to configure pf to redirect all web traffic from internal
On 27 Dec 2008 at 1:02, fRANz wrote:
> On Fri, Dec 26, 2008 at 7:50 PM, System Administrator
> wrote:
>
> > Here is a hint to simpler life: to avoid assymtric routing make sure
> > that all you redirect (RDR) rules fully traverse the firewall, i.e. the
> > source and destination are connected t
On Fri, Dec 26, 2008 at 7:50 PM, System Administrator wrote:
> Here is a hint to simpler life: to avoid assymtric routing make sure
> that all you redirect (RDR) rules fully traverse the firewall, i.e. the
> source and destination are connected to different interfaces. In your
> case that would m
What you are attempting is known as "assymetric routing". An extensive
search of the archives will show that it has been discussed a number of
times, and the configuration you are attempting _can_ be made to work.
However, to get it working [properly] requires a fairly advanced
routing an pf kn
Just passing through while looking for something else, but can help:
Aaron proficuous.com> writes:
> my pf.conf:
> ...
> pass in on fxp3 inet proto tcp from $lan_net port { ssh www ntp https smtp
imap imaps domain } to any
> ...
> pass in on fxp3 inet proto udp from $lan_net port { domain ntp }
Hi Aaron,
The problem is that you pass base on src not destination:
pass in on fxp3 inet proto tcp from $lan_net port { ssh www ntp https
smtp imap imaps domain } to any
it should be
pass in on fxp3 inet proto tcp from $lan_net to port { ssh www ntp https
smtp imap imaps domain }
Also be a
Preston Norvell wrote:
On 2007/12/01 3:04 PM, "Aaron" <[EMAIL PROTECTED]> muttered eloquently:
I believe I see the issue with general traffic flow. The clue being that
you are being blocked by the generic block drop in log rule (you can get
rule numbers with 'pfctl -vvsr'). You have the destin
On 2007/12/01 3:04 PM, "Aaron" <[EMAIL PROTECTED]> muttered eloquently:
I believe I see the issue with general traffic flow. The clue being that
you are being blocked by the generic block drop in log rule (you can get
rule numbers with 'pfctl -vvsr'). You have the destination port on the
source
14 matches
Mail list logo