VPN up but no traffic
I have a small problem with my VPN connection, It's up and running but I can't ping the other end, I get traffic from the other end in form of: 22:17:56.114188 192.168.5.2.netbios-ns > 192.168.5.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 22:17:56.863179 192.168.5.2.netbios-ns > 192.168.5.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 22:17:57.612417 192.168.5.2.netbios-ns > 192.168.5.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST but when I try to ping I just get: 22:20:06.082020 arp who-has 192.168.5.2 tell 192.168.5.1 22:20:08.093102 arp who-has 192.168.5.2 tell 192.168.5.1 22:20:10.103089 arp who-has 192.168.5.2 tell 192.168.5.1 22:20:12.113091 arp who-has 192.168.5.2 tell 192.168.5.1 22:20:14.123231 arp who-has 192.168.5.2 tell 192.168.5.1 5.1 Is the system on my side and 5.2 is the remote system, everything is working perfectly otherwise and i have opened up my ipfw config to an allow all from any to any just to test it out. The system worked fine and then someone pulled the plug from the server and now everything is back up and working except the traffic over the VPN, what could I be doing wrong? /John ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
NAT problem with public network
Hello I have a network setup like this: xl0: External:213.115.251.220 xl1: DMZ: 213.115.148.64/28 xl2: Internal: 192.168.20.0/24 Now my problem seems to be that I need to get external connection for my Internal network but not nating the DMZ To simplify it all /etc/natd.conf has this line: interface xl0 and to get nat to work I just use: ipfw add divert natd log all from any to any via xl0 but that would nat all the traffic, how should I do just to use nat for my 192.168.20.0/24 network and not the 213.115.148.64/28 network? /John ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: NAT problem with public network
Nickolay A. Kritsky wrote: Hello John, You can use two ways: 1. Add 'unregistered_only yes' to your natd.conf 2. Run natd on xl2 with -reverse option If I were you I would do the first one. I tried that with this rule on top ipfw add divert natd log all from any to any via xl0 Well that handles all the packages and just then kicks out the packets not to 192.168.20.0/24 to the rest of the IPFW rules, should I do something like this instead: ipfw add divert natd log all from 192.168.20.0/24 to any via xl0 keep-state I simply want to only nat the right rules and let the rest of the packages be handled by ipfw /John ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Traffic statistics
I'm looking for some kind of software that can show me how much diffrent ports in my firewall are used and where the traffic is originating This way I can see if we get an attack over http from so I quickly can stop it in the FW /John ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
FreeBSD - windows communication
Hello I have two questions about windows - freebsd communication 1. What VPN servers work with freebsd, the VPN server should run under freebsd, and the clients should run under Win2k (and winxp/freebsd/linux if possible) the clients has to be easy to handle. 2. I want to make sure that only users logged in to the network can have access to the internet, since I have a FreeBSD box as firewall what kind of solutions are possible? Commercial solutions are very welcome :) /John To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
"dynamic" ipfw
Hello I have a small problem with IPFW How can I handle adding and removing rules based on IP/MAC per user? I can add a rule for a specific IP/MAC without the need to flush but can I remove it in the same way? now lets say I have a user that only needs access to it's mailserver mail.user.com with pop3 and smtp then the rule for pop3 would be something like add allow ip from mail.user.com 110 to IP/HOST (MAC dosn't work here right?) Now mail.user.com uses runrobin so the IP changes from request to request but dosn't the IPFW resolve the IP when its added to the rules, how can this be solved for the user? /John To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: "dynamic" ipfw
On Wed, 22 May 2002 17:28:37 -0700 "Crist J. Clark" <[EMAIL PROTECTED]> wrote: > On Mon, May 20, 2002 at 07:39:36PM +0200, John Angelmo wrote: > > Hello > > > > I have a small problem with IPFW > > > > How can I handle adding and removing rules based on IP/MAC per user? > > Per user? You mean with 'uid' options? Sorry, bad explenation from my side, in this case, for a user to get routing outside the server he/she needs to login via a webform, after that well then he/she can do what he/she wants to. I wonder if I can map that userlogin (in an mysql/pgsql db) to IPFW in some way so I can add/remove rules in an easy way based on userlogin? Just a shot in the dark :) > > > I can add a rule for a specific IP/MAC without the need to flush but can > > I remove it in the same way? > > It kind of sounds like you want to use 'keep-state' rules? But I'm > confused about the "user" stuff. > > > now lets say I have a user that only needs access to it's mailserver > > mail.user.com with pop3 and smtp > > then the rule for pop3 would be something like > > add allow ip from mail.user.com 110 to IP/HOST (MAC dosn't work here right?) > > Well, support for MAC addresses in ipfw(8) only exists in -CURRENT > right now. But I think you want, > > add pass tcp from me to mail.user.com 25,110 keep-state Well for 4.5 this seems to exist: http://www.bsdshell.net > > Which will pass the return traffic. > > > Now mail.user.com uses runrobin so the IP changes from request to > > request but dosn't the IPFW resolve the IP when its added to the rules, > > how can this be solved for the user? > > You can load all of the IP addresses at start-up? There really is no > way to deal with this within ipfw(8) itself. Rules for hostnames whose > IP address changes is not a problem that can really be efficiently > solved in a general way. the problem is that the person configuring the firewall for the user can't possibly know about this problem unless the user states it. well one way would be to hack a bit in ipfw so that the hostname isn't looked up when the rule is added but every time the user uses it, but thi would take to much cpu time for IPFW I think /John msg06080/pgp0.pgp Description: PGP signature
Win2k - FreeBSD
I'mabout to install a FreeBSD box as a firewall for a school. The box will also be standing as a gateway, my question is could in some way check that the IP(or user) is logged in to the 2k domain before he/she is allowed to surf outside the local net? And I'm also setting up the fbsd box as a VPN server, can I sync the usernames with win2k in some way? ;) /John To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
increasing throughput
Hello I was thinking of cunstructing a small routerbox in my sparetime. Now since FreeBSD is my choise of OS i was thinking of a small box silent box. So how can I combine speed, size, silence and price? I was thinking of vias small buget systems (via Eden) and to that an extra intel pro 10/100 NIC Now how much can I expect in loss in throughput when selecting this system,since it is a budget system ;) Its just supposed to shuffle traffic as a router or perhaps as a gateway with a simple ipfw firewall. What extra features should I add to the kernel and are there any othere great hints? /John To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
unix routing
Hello I'm looking for a good book on unix routing (from the ground up) every routingbook I seem to find only cover IOS. There are diffrent solutions, for example gated, zebra and so on, what is most used and what can you recomend and what supports both ipv6 and ipv4 thanks /John To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Killing SPAM
Hello I just wonder what port/package you have found most usefull for fighting spam in a FreeBSD/Sendmail enviorment. I seem to have two good options: http://www.roaringpenguin.com/mimedefang/ http://savannah.gnu.org/projects/spamass-milt/ The users simply connect with a pop3/imap4 client to read their mail, when they do that I would love to have their spam filterd out, would that be possible with any of those two programs and are there any good examples? Thanks To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Sendmail AUTH agains passwd?
Hello I'm intrested in implementing sendmail with AUTH agains passwd, I have only been able to do this agains TSL with their database, has anyone tried agains passwd and got it to work? /John To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Vacation?
OK I have a sendmail mail server and some users want to add vacation messages as they go on vacation, is there any EASY (web)gui that the users can use for this? Usermin requiers a file and well quite simply Usermin is to advanced for them ;) /John ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
