On Wed, Mar 09, 2005 at 10:19:17PM -0800, Ben wrote:
Mar 09 22:10:45.682221 0:9:5b:12:43:xx 0:c:f1:91:70:xx 0800 62:
192.168.1.132.1273 216.51.232.100.80: S 417417262:417417262(0) win 16384
mss 1460,nop,nop,sackOK (DF)
$internal_net = 192.168.1.0
nat on rl0 from $internal_net to
I've been messing around with a similar setup with dsl cable
going into one PF firewall. One thing I noticed that might be giving
you problems is your nat rules:
nat on rl0 from $internal_net to !$internal_net - (rl0)
nat on rl1 from $internal_net to !$internal_net - (rl1)
The way it's
Hi
In my opinion there's no reason why to block LANDs attacks with PF. I
suppose that you have a windows server with private IP address behind PF and
you use some portmapping for services you need accessible from outside. So
if you want to make a LAND attack you have to make a packet with
Hi,
On Thu, Mar 10, 2005 at 03:53:46PM +0100, Miroslav Kubik wrote:
In my opinion there's no reason why to block LANDs attacks with PF.
Why ?
Every good firewall blocks LAND Attacks (and PF is a very godd one).
I don't know if PF does it but the test is simple (with hping : 5
minutes to
Daniel:
H, could have sworn pf assumed that .0 meant that all possible .x was
valid (in this instance 192.168.1.0/24) but fair enough; the network is
defined as 192.168.1.0/24 (sorry, was in a hurry so when I re-wrote the
ruleset I used shorthand. My appologies)
Ben
-Original
I was testing a pair of firewalls yesterday and found that there were no
issues with CARP except for ICMP echo requests not failing over when a
master fails. Are there any known issues with just using ping(8) to test
load balanced firewalls? TCP connections work just fine without problem.
Here's
Jay (and all)
I replaced my two separate nat lines with one testing line (using another
machine since that user (wife) would kill me if I kept having her test
things):
nat on rl1 from 192.168.1.142 to !$internal_net - (rl1)
#and then re-enabled the route-to
pass in on em0 route-to (rl1
On Thu, 10 Mar 2005 10:58:35 -0800, Ben [EMAIL PROTECTED] wrote:
nat on rl0 from $internal_net to !$internal_net - (rl0)
nat on rl1 from $internal_net to !$internal_net - (rl1)
snip
pass in on em0 route-to (rl1 128.195.88.1) from 192.168.1.142 to
!$internal_net keep state
pass out on rl1
Thanks for the answer.
Can you shed any light on my other question, namely (quoting myself):
So with fully-specified service curves, does HFSC as implemented here
in fact superimpose CBQ-style hierarchical priorities ontop, or do the
service curve specifications somehow mean that also giving