I'm planning on setting up a pool of mail servers, sitting behind a
redundant pair of obsd/pf boxes. I want to automatically remove the IP
of a mail server that is no longer responding on port 25. My initial
thoughts are to use an expect script that calls pfctl when necessary.
I'd be
This is a part of /var/log/messages
/root # more /var/log/messages
Jan 14 09:26:53 dmzserv3 /bsd: pf: started
Jan 14 09:26:53 dmzserv3 /bsd: altq: started
Jan 14 09:31:08 dmzserv3 /bsd: d address 192.168.13.3
Jan 14 09:31:08 dmzserv3 /bsd: pf_map_addr: selected address 192.168.13.3
Jan 14
Okay. I have a problem that I can't get my brain around and I need
some help. My wife needs to connect to her VPN at work. I've
captured packets for her connection and see that it's connecting to
her work server on ports 53 (dns) and 500 (isakmp).
I have been doing a lot of reading
Rick Barter wrote:
Okay. I have a problem that I can't get my brain around and I need some
help. My wife needs to connect to her VPN at work. I've captured
packets for her connection and see that it's connecting to her work
server on ports 53 (dns) and 500 (isakmp).
I have been doing a lot
Hi all,
I have two networks at home, one being part of a vpn with my office.
I would like to nat the second one so it can also access the vpn (I know
I could configure the second network to be part of the vpn but it's more
a nat test)
I have a rule like this:
nat on $int_if from 192.168.1.0/24
On Mon, Jan 17, 2005 at 10:38:05PM +0100, the unit calling itself Laurent
Cheylus wrote:
Okay. I have a problem that I can't get my brain around and I need
some help. My wife needs to connect to her VPN at work. I've
captured packets for her connection and see that it's connecting to
Hi Daniel,
thanks a bunch for all your work with pf.
'Does not work' means that the packets are not matching the rdr rule when a
table is used:
# pfctl -vvsn
@0 rdr on xl0 proto tcp from any to any port = smtp - smtp round-robin
sticky-address
[ Evaluations: 14Packets: 0
Hi All,
I'm new to pf so bear with me if i'm asking a silly question.
ok, backround info. I have an external ip of 444.444.444.444/32 (real
world routable) and a block of addresses 333.333.333.333/29 (also real
world routeable). Now on my desktop pc 555.555.555.555 I am running a
p2p program.
On Mon, Jan 17, 2005 at 07:29:02PM -0800, Gustavo A. Baratto wrote:
Based on your rule, it works fine if I do this:
rdr pass on $ext_if proto tcp from any to $ext_if port {25 80 110 143
443} - smtp sticky-address
But if I do as specified in the pf FAQ, it doesn't:
rdr pass on $ext_if
It turns out to be a rather simple bug. Could you try the patch below
and check whether it resolves the issue for you, too?
If it doesn't apply cleanly to FreeBSD, it's simple to apply manually:
- edit /usr/src/sys/contrib/pf/net/pf.c
- find function pf_get_translation()
- within that
10 matches
Mail list logo
