Hi Guys,
an excusse for my question:
I am relativelly new to the OpenBSD (and PF) though not so the other
firewall/filtering/nating :)
Now, few days ago I've set up a transparent bridge on freshly
installed OpenBSD 3.6 (my experience with OpenBSD started with 3.5 used
as a desktop, just to
Hi,
On Tue, Nov 23, 2004 at 11:24:18AM +0100, Roman Marcinek wrote:
As the bridge is completely transparent and without ANY IP number on
any of the two cards I cannot solve my ftp problem via local ftp-proxy
solution descibed in the documentation. Also setting simple rules like:
pass in
On Tue, 23 Nov 2004, Roman Marcinek wrote:
Are there any smarted solutions I haven't found yet? I know that
linux's iptables make use of special connection tracking module for ftp
to handle that problem but ... is there anything like this for OpenBSD?
Ok, let me plug my own program
On Tue, 23 Nov 2004, Camiel Dobbelaar wrote:
On Tue, 23 Nov 2004, Roman Marcinek wrote:
Are there any smarted solutions I haven't found yet? I know that
linux's iptables make use of special connection tracking module for ftp
to handle that problem but ... is there anything like this
Roman Marcinek wrote:
Are there any smarted solutions I haven't found yet? I know that
linux's iptables make use of special connection tracking module for ftp
to handle that problem but ... is there anything like this for OpenBSD?
If things like this are solvable shouldn't the solutions find
On Tuesday 23 November 2004 12:50, Camiel Dobbelaar wrote:
On Tue, 23 Nov 2004, Camiel Dobbelaar wrote:
On Tue, 23 Nov 2004, Roman Marcinek wrote:
Are there any smarted solutions I haven't found yet? I know that
linux's iptables make use of special connection tracking module for ftp
Well, it certainly does the job! :)
To Roman's initial question though, monitoring ftp connections is
really an application layer problem/responsibility. pf is lower level
and would need to implement (pretty much) a full protocol layer to
monitor ftp.
Anyway, there you have it.. check out
Yes, that's true :) ftpsesame really works as said so ... thanks to all
:)
Romek
altq on $ext_if cbq bandwidth 220Kb queue { q_def, q_vpn, q_ssh, q_pri }
queue q_def bandwidth 200Kb priority 4 cbq(default)
queue q_vpn bandwidth 180Kb priority 2
queue q_pri bandwidth 200Kb priority 6 cbq(borrow)
queue q_ssh bandwidth 200Kb priority 7 cbq(borrow)
Sum of child bandwith is
Hi there,
In the Tables section of the PF guide, it is said that:
tables can be used in the following ways:
..
* destination address in route-to, reply-to and dup-to filter rule
options.
The man page for pf.conf says:
The route-to option routes the packet to the specified interface
with an
On Tue, Nov 23, 2004 at 04:05:01PM -0300, Emilio Lucena wrote:
1. Is the next-hop really optional?
The next-hop is required when the destination IP address of the packet
being route-to'd is not on the local network segment connected to the
interface you specify.
For instance, if you have an
Greetings,
I was wondering if anyone noticed that any interface on OpenBSD with PF
is sending traffic pfsync?
For example
fxp0 and fxp1 are being setup as a bridge
fxp2 is the pfsync interface.
And you have a pf rule something like
block in log fxp1
You will see that in pflog0 (tcpdump -ni
On Mon, 22 Nov 2004 17:17:18 +1300, you wrote:
HI Folks,
has anyone written a helper application like ftpsesame that will allow
citrix metaframe to work through a pf firewall?
Citrix did... ;-) It is called Citrix Secure Gateway(CSG) or their
new name of Citrix Secure Access
Greetings,
Just note.
Stateful inspection on gateway can hamper tcp-connections, when
inbound or outbound packets goes another route (i.e. when one of
directions not goes thru gateway).
Connection works fine on low rate, but fast transfers stops on
each 64K (because suddenly PF stops
After some thinking
I believe the problem is that we have ip forwarding enabled thus when
pfsync interface send the traffic, it gets forwarded to the fxp1.
In order to avoid the annoyance log message ... a workaround is to
allow pfsync traffic on fxp1.
Cheers,
Edy
On Wed, 2004-11-24 at 09:06,
15 matches
Mail list logo
