I tried:
pass out on rl0 route-to ne1:123.123.123.7 from any to 123.123.123.123 keep
state
but it didn't work.
Your assumption was correct, the default route is through rl0. Maybe with
some more information that comes to mind.
It's not possible to run a mailserver on the 234.234.234.234 ip add
On Tue, Aug 13, 2002 at 10:25:19PM +0200, Matijs wrote:
> pass out on ne1 route-to ne1:123.123.123.7 from any to 123.123.123.123 keep
> state
>
> ... but this doesn't work. Pings to 123.123.123.123 get 'replied' to through
> the rl0 (234.234.234.234) interface.
I assume your default route is th
Hello Daniel,
Cool to get a reply from the great DH himself!
I was hoping the sample I posted would suffice, however, this is as far as I
got:
== /etc/pf.conf =
# ethernet: rl0 234.234.234.234
# cable: ne1 123.123.123.123
# lan: ne3 192.168.0.1
scrub in all
scrub out all
nat on rl0 f
On Tue, Aug 13, 2002 at 09:11:38PM +0200, Matijs wrote:
> I am told I should use a route-to rule in /etc/pf.conf but I am totally
> lost.
Post a minimal rule set that reproduces the problem. Someone might spot
the problem. If you expect someone to write the entire rule set for you,
you better ge
Hi there,
I posted this on comp.unix.bsd.openbsd.misc as well but didn't get an answer
soon enough. Some of you probably think I'm too impatient but I kind of need
the answer to be able to receive mail.
So here goes:
I'm running an OpenBSD router with a snapshot from 10/8 and would like to
use
On Tue, Aug 13, 2002 at 10:28:38AM -0700, Paul B. Henson wrote:
> On Tue, 13 Aug 2002, Philipp Buehler wrote:
>
> > On 13/08/2002, francisco <[EMAIL PROTECTED]> wrote To Paul B. Henson:
> > > > foonets = "{ 10.0.0.0/24, # subnet blah
> > > > 10.0.1.0/24, # important stuff
> > > >
On Tue, 13 Aug 2002, Philipp Buehler wrote:
> On 13/08/2002, francisco <[EMAIL PROTECTED]> wrote To Paul B. Henson:
> > > foonets = "{ 10.0.0.0/24, # subnet blah
> > > 10.0.1.0/24, # important stuff
> > > 10.0.2.0/24 # don't forget
> > > }"
> >
> > it does in
On Mon, Aug 12, 2002 at 03:27:35PM -0700, Chris Willis wrote:
> I did not want to discuss the particular application, as it was developed
> by an outside vendor for us to use. It is a confidential app.
>
> Besides, the application is not of consequence.
It matters whether the protocol embeds
On 13/08/2002, francisco <[EMAIL PROTECTED]> wrote To Paul B. Henson:
> > foonets = "{ 10.0.0.0/24, # subnet blah
> > 10.0.1.0/24, # important stuff
> > 10.0.2.0/24 # don't forget
> > }"
>
> it does in -current, since July 19, 2002.
And it does not since some
On Mon, 12 Aug 2002, Paul B. Henson wrote:
>
> in putting together a rule set, I'm going to have a number of instances of
> variable definitions such as the following:
>
> foonets = "{ 10.0.0.0/24,
> 10.0.1.0/24,
> 10.0.2.0/24 }"
>
> I'd really like to be able to comment
in putting together a rule set, I'm going to have a number of instances of
variable definitions such as the following:
foonets = "{ 10.0.0.0/24,
10.0.1.0/24,
10.0.2.0/24 }"
I'd really like to be able to comment these in line, e.g.
foonets = "{ 10.0.0.0/24, # subnet bl
>Well, the admins who would potentially use this proposed feature, yes.
>It would not take a lot of effort to trick the firewall into exposing
>the ports. People aren't perfectly capable of writing a good ruleset.
>This is evident from the amount of traffic on the mailing lists asking
>for assist
On Mon, Aug 12, 2002 at 03:27:35PM -0700, Chris Willis wrote:
> I did not want to discuss the particular application, as it was developed
> by an outside vendor for us to use. It is a confidential app.
It would have be nice if you had mentioned this initially. Perhaps the
application itself cou
I did not want to discuss the particular application, as it was developed
by an outside vendor for us to use. It is a confidential app.
Besides, the application is not of consequence.
The logistical problems don't seem that big of a deal. If the server
records that 192.168.100.100 sends out
14 matches
Mail list logo