relayd for lan servers with carp and pfsync

Hi misc, I have 2 OpenBSD 5.1 64bit boxes. I want to setup relayd for lan servers with carp and pfsync for LAN USERS. What I want to achieve is that LAN USERS connect to carp1 ip address ( lan shared ip - 192.168.0.100 ). then, relayd will redirect that traffic to 2 lan servers running

Re: Question about redirecting to a multiple log files from pflogd

carlopm...@gmail.com (C. L. Martinez), 2012.08.15 (Wed) 20:20 (CEST): On Tue, Aug 14, 2012 at 10:00 AM, C. L. Martinez carlopm...@gmail.com wrote: Hi all, I have some rules that I would like to redirect in syslog format to a log file. I don't need to touch /var/log/pflog. To accomplish

pf 'synproxy state' doesn't work with pppoe

Hi! I'm using 5.1-stable on two machines with pppoe connections. The pf synproxy state option doesn't work on pppoe interfaces, it just sends back a TCP reset when trying to connect to a port configured with synproxy state. Meanwhile it works on any other interface (eg. the internal LAN

Re: pf 'synproxy state' doesn't work with pppoe

On cs, aug 16, 2012 at 12:19:06 +0200, LEVAI Daniel wrote: [...] Forgot the dmesg. If it matters. OpenBSD 5.1-stable (GENERIC) #0: Tue Aug 7 02:00:34 CEST 2012 root@.:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 2.40GHz (GenuineIntel 686-class) 2.42 GHz cpu0:

Re: relayd for lan servers with carp and pfsync

Hi ALL, I myself got it working after changing pf.conf file and relayd.conf files here are the new working ones * in /etc/pf.conf file* *( on both nodes - fw1 and fw2 )* # cat /etc/pf.conf # $OpenBSD: pf.conf,v 1.50 2011/04/28 00:19:42 mikeb Exp $ # # See pf.conf(5) for syntax and

Re: pf 'synproxy state' doesn't work with pppoe

Any help would be appreciated. Works for me on 5.1 I don't think it's the rule but the combination of rules. Try reordering your ruleset. I've had a problem before but I forget or never found the specific reason. -- ___

Re: pf 'synproxy state' doesn't work with pppoe

On cs, aug 16, 2012 at 12:20:56 +0100, Kevin Chadwick wrote: Any help would be appreciated. Works for me on 5.1 I don't think it's the rule but the combination of rules. Try reordering your ruleset. I've had a problem before but I forget or never found the specific reason. Okay, okay,

Re: relayd for lan servers with carp and pfsync

Serwus W czwartek, 16 sie 2012 o 16:18 CEST Indunil Jayasooriya induni...@gmail.com napisał(a): I myself got it working after changing pf.conf file and relayd.conf files You've changed redirect to relay in relayd.conf. I suppose this is the real solution (it changes the way how relayd handle

Re: pf 'synproxy state' doesn't work with pppoe

On cs, aug 16, 2012 at 14:26:05 +0200, LEVAI Daniel wrote: On cs, aug 16, 2012 at 12:20:56 +0100, Kevin Chadwick wrote: Any help would be appreciated. Works for me on 5.1 I don't think it's the rule but the combination of rules. Try reordering your ruleset. I've had a problem

OpenBGPd - how to blackhole traffic?

Hi list, I'd like to blackhole some traffic. For instance, my AS is 12.34.56.0/20, so 12.34.58.0 might be announced, but is not necessarily connected (internal routing via OSPFd). On Cisco one uses: ip route 0.0.0.0 0.0.0.0 Null0 This would throw any traffic headed to a network within my

Re: The ultimate OpenBSD email server

Le 15 août 2012 à 16:16, L. V. Lammert a écrit : On Wed, 15 Aug 2012, Mikkel Bang wrote: But with so many people recommending so many different tools, it gets hard to come to a conclusion. Looks like I'm finally arriving at this though: postfix (postfix-anti-UCE.txt) + dspam - what do you

Re: Question about redirecting to a multiple log files from pflogd

On Thu, Aug 16, 2012 at 11:41 AM, MERIGHI Marcus mcmer-open...@tor.at wrote: carlopm...@gmail.com (C. L. Martinez), 2012.08.15 (Wed) 20:20 (CEST): On Tue, Aug 14, 2012 at 10:00 AM, C. L. Martinez carlopm...@gmail.com wrote: Hi all, I have some rules that I would like to redirect in

Re: pf 'synproxy state' doesn't work with pppoe

# pfctl -sr pass all flags S/SA pass in on pppoe0 inet proto tcp from src to dst port = flags S/SA synproxy state This is the only rule. Otherwise it's just 'pass all'. If I remove this rule too *or* change synproxy to keep, the connection is working. I remember being puzzled by

Re: OpenBGPd - how to blackhole traffic?

http://www.openbsd.org/cgi-bin/man.cgi?query=routeapropos=0sektion=0manpath=OpenBSD+Currentarch=i386format=html Route has a -blackhole option, so you might try route add -blackhole 0.0.0.0/0 127.0.0.1 On Thu, Aug 16, 2012 at 7:47 AM, Bernd be...@kroenchenstadt.de wrote: Hi list, I'd like to

Re: OpenBGPd - how to blackhole traffic?

On Thu, 16 Aug 2012 14:47:25 +0200 Bernd be...@kroenchenstadt.de wrote: Is there a way to achieve this on OpenBSD? Directly from my mind... To blackhole some google stuff. route add -blackhole 8.8.0.0/16 127.0.0.1 /Martin

Re: OpenBGPd - how to blackhole traffic?

On Thu, Aug 16, 2012 at 02:47:25PM +0200, Bernd wrote: Hi list, I'd like to blackhole some traffic. For instance, my AS is 12.34.56.0/20, so 12.34.58.0 might be announced, but is not necessarily connected (internal routing via OSPFd). On Cisco one uses: ip route 0.0.0.0 0.0.0.0 Null0

Выиграй путевку от ICredit

Ïðèìè ó÷àñòèå â àêöèè îò iCredit è îòïðàâëÿéñÿ íà ×åðíîå ìîðå! Àêöèÿ ïðîâîäèòñÿ ïî 31 àâãóñòà âêëþ÷èòåëüíî Ðàçûãðûâàþòñÿ 3 ïóòåâêè, êàæäàÿ èç êîòîðûõ ðàññ÷èòàíà íà 2-õ ÷åëîâåê, íà Êðûìñêîå ïîáåðåæüå íà ïåðèîä áàðõàòíîãî ñåçîíà è ïîäàðêè – ñóìêè äëÿ ïóòåøåñòâèé. Óñëîâèÿ àêöèè: 1. Äëÿ òîãî, ÷òîáû

Re: pf 'synproxy state' doesn't work with pppoe

On Thu, 16 Aug 2012 14:37:50 +0200 LEVAI Daniel l...@ecentrum.hu wrote: On cs, aug 16, 2012 at 14:26:05 +0200, LEVAI Daniel wrote: On cs, aug 16, 2012 at 12:20:56 +0100, Kevin Chadwick wrote: Any help would be appreciated. Works for me on 5.1 I don't think it's the rule but

Re: pf 'synproxy state' doesn't work with pppoe

On cs, aug 16, 2012 at 17:18:08 +0200, Christopher Zimmermann wrote: On Thu, 16 Aug 2012 14:37:50 +0200 LEVAI Daniel l...@ecentrum.hu wrote: On cs, aug 16, 2012 at 14:26:05 +0200, LEVAI Daniel wrote: On cs, aug 16, 2012 at 12:20:56 +0100, Kevin Chadwick wrote: Any help would be

Re: pf 'synproxy state' doesn't work with pppoe

On cs, aug 16, 2012 at 15:10:51 +0100, Kevin Chadwick wrote: # pfctl -sr pass all flags S/SA pass in on pppoe0 inet proto tcp from src to dst port = flags S/SA synproxy state This is the only rule. Otherwise it's just 'pass all'. If I remove this rule too *or* change synproxy

Re: pf 'synproxy state' doesn't work with pppoe

pass all flags S/SA pass in on pppoe0 inet proto tcp from src to dst port = flags S/SA synproxy state Originally you posted pass in quick. Keep the quick in there, not for any reason other than I have a quick in my rules. Same with the NIC, I don't have any logical hopes for

Normas de Informacion Financieras

copy; 2012 Conference Corporativo S.C. Asista a los 45 Mejores Cursos en Meacute;xico de la Serie: CONTABILIDAD Y FINANZAS Incluye Temas Criacute;ticos Sobre: Cierre de Gestioacute;n, Observaciones y Responsabilidades Cursos, Contenidos y Metodologiacute;as Desarrollados en Alianza con las Mejores

Excelente curso de Comunicación Asertiva con PNL Nueva Fecha

¡Muy Importante! Si no puede visualizar correctamente este correo, le pedimos que lo arrastre a su Bandeja de Entrada Apreciable Ejecutivo: TIEM de México Empresa Líder en Capacitación y Actualización de Capital Humano Pone nuevamente a su disposición este exitoso curso denominado: Comunicación

Re: iked.conf question - muplitple clients with certs.

I'm not sure if it's relevant for your situation, but do you know that, according to the iked(8) manpage, iked is 'not finished' and not recommended for production networks? (See the last section - 'caveats') It might be better to use isakmpd(8) with ipsec(4)/ipsecctl(8)/ipsec.conf(5) if your