> On Jun 1, 2021, at 16:50, Stuart Henderson wrote:
>
> On 2021-05-30, Dave Anderson wrote:
>> I’m setting up on 6.9-release a (for now) IPv4-only firewall with multiple
>> public addresses and multiple subnets behind it, and have a couple of
>> questions related to connections
On 2021-05-30, Dave Anderson wrote:
> I’m setting up on 6.9-release a (for now) IPv4-only firewall with multiple
> public addresses and multiple subnets behind it, and have a couple of
> questions related to connections originating from the firewall itself to
> which I haven’t found definitive
I’m setting up on 6.9-release a (for now) IPv4-only firewall with multiple
public addresses and multiple subnets behind it, and have a couple of questions
related to connections originating from the firewall itself to which I haven’t
found definitive answers.
When not overridden (for example,
Robert Gilaard wrote:
max-src-conn-rate 2/30 implies 1 in 15 seconds
No, it does not!
Helmut
--
No Swen today, my love has gone away
My mailbox stands for lorn, a symbol of the dawn
Hi openbsd people,
My PF firewall says:
tcp_services = { ftp, ssh, domain, www, auth, https }
udp_services = { ftp, domain, ntp }
icmp_types = { echoreq, unreach }
set skip on lo
scrub in all no-df random-id
block all
pass in quick on lo0
pass out quick on lo0
table bruteforce persist
block
Dear OpenBSD people,
Please ignore my previous post.
pfctl -t bruteforce -T show gives
60.190.60.78
63.119.11.119
119.147.106.248
121.242.15.135
200.195.127.215
So I don' t know what I was thinking. I'm tired after a long day and will go to
bed and sleep well knowing pf takes
Hi,
My goal is to use OpenBSD to filter packets between my wireless
segment and my DMZ. I've protected my wireless with WEP but in the
long haul I'd like to be able to remove any authentication, WEP or WPA
from the wireless segment. My first question is this: This strategy
seemed to
On Mar 31, 2008, at 4:58 PM, Christopher Sean Hilton wrote:
Hi,
Just a followup. I figured that I might have better luck with this
configuration.
de0 - External interface to Internet
de1 - Internal interface to DMZ
de2 - No IP interface to DMZ
de3 - No IP interface to
On Mar 31, 2008, at 8:53 PM, Jon Radel wrote:
Christopher Sean Hilton wrote:
On Mar 31, 2008, at 4:58 PM, Christopher Sean Hilton wrote:
Hi,
Just a followup. I figured that I might have better luck with this
configuration.
de0 - External interface to Internet
de1 - Internal
On Thu, 23 Feb 2006, Ryan McBride wrote:
SNIP
In my opinion if you're talking about NATing 750 Windows boxes doing
regular Windows-type things, you're going to want to at least at crank
the limits on states and turn on adaptive timeouts; I wouldn't go any
further than that unless you run into
Hi,
I'm setting up a gateway (1.7 Ghz machine with 1 Gig of ram) for 700+
users using pf with NAT and BINAT's (90% NAT).I would like to know
if anyone has any recommendations on tweaking the runtime options in
PF. This box will pretty much just be handling the natting with a bare
On 2/23/06, Steve D. [EMAIL PROTECTED] wrote:
I'm setting up a gateway (1.7 Ghz machine with 1 Gig of ram) for 700+
users using pf with NAT and BINAT's (90% NAT).I would like to know
if anyone has any recommendations on tweaking the runtime options in
PF. This box will pretty much just be
Steve D. wrote:
Hi,
I'm setting up a gateway (1.7 Ghz machine with 1 Gig of ram) for 700+
users using pf with NAT and BINAT's (90% NAT).I would like to know
if anyone has any recommendations on tweaking the runtime options in
PF. This box will pretty much just be handling the natting
Nick Holland wrote:
Steve D. wrote:
Hi,
I'm setting up a gateway (1.7 Ghz machine with 1 Gig of ram) for 700+
users using pf with NAT and BINAT's (90% NAT).I would like to
know if anyone has any recommendations on tweaking the runtime
options in PF. This box will pretty much just be
On Wed, Feb 22, 2006 at 08:39:36PM -0500, Nick Holland wrote:
Steve D. wrote:
Hi,
I'm setting up a gateway (1.7 Ghz machine with 1 Gig of ram) for 700+
users using pf with NAT and BINAT's (90% NAT).I would like to know
if anyone has any recommendations on tweaking the runtime options
On 2005-07-18 03:32, Vivek Ayer wrote:
One last thing. Looking at my pf.conf, which I assume you still have,
what modification would I have to make to make sure rsync over ssh
work properly between two clients on the internal networks? Thanks.
Vivek
If it's over SSH you should only need port
One last thing. Looking at my pf.conf, which I assume you still have,
what modification would I have to make to make sure rsync over ssh
work properly between two clients on the internal networks? Thanks.
Vivek
I don't quite understand what you mean by that. What do I have to do
to that line? Will it let me ping if I remove it? Also, how would I
open up bittorrent port 6881, icecast port 8000 and soulseek port 2430
(somewhere in that range). Do add an rdr line? I'm just tired of
getting the NAT error in
I don't quite understand what you mean by that. What do I have to do
to that line? Will it let me ping if I remove it? Also, how would I
open up bittorrent port 6881, icecast port 8000 and soulseek port 2430
(somewhere in that range). Do add an rdr line? I'm just tired of
getting the NAT
Hi guys,
I'm a newbie in pf. Got a question about pinging and ssh stuff. Say I
have two clients connected to a firewall that's running pf to the
internet. I can ssh from one client to the other or vice versa. I
can't ping either. I feel pf is not allowing it. What do I modify in
pf to let hosts
Sorry for the short question. No, actually one is one a wired network,
the other is on a wireless network both connected to the firewall. I'm
sending you my pf.conf. Check it out. The reason this is a problem is
because I keep getting a NAT error in Azureus when I test the port.
/etc/pf.conf
#
21 matches
Mail list logo