nnect, and then when try to switch to root,
your connection is lost? Or after some inactivity?
Try firs to leave ipfw open, and test ssh to be shure that this one
work right. Then use ipfw, i think that the right form for what u
want is (acording with documentation):
add 1000 check-state
To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
Read this : http://www.mail-archive.com/freebsd-ipfw@freebsd.org/msg00642.html
--
Best regards,
vladonemailto:[EMAIL PROTECTED]
___
freebsd-ipfw@freebsd.org
only for private classes.
Example natd.conf (asuming that xl0 is public interface)
use_sockets yes
same_ports yes
interface xl0
dynamic yes
unregistered_only yes
redirect_address 192.168.0.10 208.xxx.xxx.xxx
.
--
B
incoming.
So u need an rule like this at the end of rules
add 05000 divert natd ip from any to any out via sis0
With two rules for natd (one for incoming and another for outgoing) u
can control more exactly traffic flow.
Else u can us an single natd rule at begining like this
add 1000
ulate and routing
table, because packets need to know where to go.
For that try to set this in rc.conf (but i think that u have already
set that)
defaultrouter="192.168.1.2"
gateway_enable="YES"
where 192.168.1.2 (for example)is ip of external interface
Tabela de
> Roteamento IP do Kernel" means Kernel IP Routing Table, "Destino" means
> Destiny, "Roteador" means Router, "Máscara" means Mask.
U have two simply solutions, and one a little more complicated
1. use bridge, ho suggest someoane
2. if dont' wnat
en, in order to work right?
Thanks anticipate anyone for reply, and i think that disscution is
good to clear up this elements!
--
Best regards,
vladone mailto:[EMAIL PROTECTED]
___
freebsd-ipfw@freebsd.org mailing list
http://li
Hello vladone,
Friday, July 14, 2006, 12:21:09 PM, you wrote:
> Hello Adam,
> Thursday, July 13, 2006, 2:37:19 AM, you wrote:
>> Vladone,
>> Thanks much for the response. I looked into what you were
>> telling me and here are the results:
>> 1) This wa
Hello Adam,
Thursday, July 13, 2006, 2:37:19 AM, you wrote:
> Vladone,
> Thanks much for the response. I looked into what you were
> telling me and here are the results:
> 1) This wasn't a typo. Apparently, after looking into it, I've seen both
> options used
reebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
I dont't use it bridge but some thinks that can help u:
1. use corect syctl variables form: net.link.ether.bridge.ipfw
tinfo/freebsd-ipfw
> To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
Use table option like this:
ipfw table my_access add 200.200.200.1
ipfw table my_access add 200.200.200.2
ipfw add 100 allow ip from "table(my_access)" to me
ipfw add 200 deny ip from any to me
-
rom any to any via lo0
ipfw add 20 deny ip from any to 127.0.0.1
Second:
Try to change packet size (-s parameter) and frequency (-i parameter) in ping
command, to see what
is happening (see man ping).
--
Best regards,
vladonemailto:[EMAIL PROTECTED]
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Hello Luigi,
Sunday, May 21, 2006, 11:51:47 AM, you wrote:
> On Fri, May 19, 2006 at 09:05:49PM +0300, vladone wrote:
>> Know anybody if dummynet use an queuing discipline when congestion is
>> anticipated, to alert the sender to slow down?
>> Or a little explain about
Know anybody if dummynet use an queuing discipline when congestion is
anticipated, to alert the sender to slow down?
Or a little explain about how to work dummynet?
--
Best regards,
vladone mailto:[EMAIL PROTECTED
g list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
And again from man ipfw:
"
..
If ipaddr is not a local address, then the port number (if spec
le on that system to
capture them.
..
"
I think that u have an problem with route's in that machine
In relation with choice ipfw vs. pf, who know what u use? :)
Explain that some thinks can be done with pf and anothers with ipfw.
Pf have some problems, in older versions freeb
forward traffic with fwd.
In your example u have six divert rules. Something is wrong.
U need to pay atention where put fwd command in relation with divert
rules.
--
Best regards,
vladonemailto:[EMAIL PROTECTED]
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Hello Gilberto,
Wednesday, May 3, 2006, 11:06:59 PM, you wrote:
> Helo Vladone,
> I tested your rule, but it didn't work.
> I maked some tests and I think discovery the problem, but not the solution.
> I have my servers (DNS, www, e-mail and etc) in DMZ thought PF. When I us
about 50Kbytes, i think that is set by default, so no need to
set again.
--
Best regards,
vladonemailto:[EMAIL PROTECTED]
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To
or a hostname. Hostnames are resolved at the time the
rule is added to the firewall list.
So if u want to deny packets from some hostname u have an rule like:
ipfw add 100 deny ip from me to www.hahoo.com
--
Best regards,
How to work this rules?
ipfw add allow tcp from any to me setup limit src-addr 4
and
ipfw add allow tcp from my_net to any setup limit src-addr 10
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To uns
I think that, u receive this from kernel anyway, because is an error
that is processed by kernel. With firewall u can block packets to
pass throught an interface.
This is my opinion.
--
Best regards,
vladonemailto:[EMAIL PROTECTED]
__
Hi!
I have an freebsd(5.4) router that act as router, between my network and
internet. I use ipfw+dummynet for traffic shaping.
I see when i downloading some files, ping to server grow about 2500ms.
When i stop downloading (i testing with ftp and torrent client,
bitcomet, ping is normaly, about 8m
Your point of view is (my opinion) wrong. All clients pay same
money, so, use bandwidth how they want. U need to make settings, to be
shure that all users receive same bandwidth (according with contract
of course), but u not have any rights to limit some traffic. If i want
to use p2p is my problem.
U can use:
ipfw enable or ipfw disable command (man ipfw)
or from sysctl:
sysctl net.inet.ip.fw.enable=0 (to disable)
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMA
Thanks for reply Luigi!
I want to implements, but i dont know programming so good to modify
dummynet code.
My sugestions is because i love dummynet, i think that work great, but
need some improvements, to be more adaptable to different situations.
For moment will utilize, passing packets to mult
I know what is WF2Q, but still dont see what is the problem for wich
dont't exist a possibility to limit bandwidth that is given to a
queue, with queue settings.
And exist a precedent, "queue" paramater that exist for pipe and
queue.
For example, if a "bw" parameter is not used for queue, then band
U have (for set 2) this rules to divert packets that outgoing:
$cmd 10050 set 2 divert natd2 ip from any to any out via $ext_if1
$cmd 10050 set 2 divert natd2 ip from any to any out via $ext_if2
I dont understand what u want to do?
This rules translate all adress that outgoing throught $ext_if1 and
Yes, thanks! But is a little redundant and confused to pass packets to
multiple pipe and queue. Isn't more elegant to put an option on queue
that limit maximum bandwitdth to that queue (like "bw" option for pipe)?
I dont know programming (not well), but i think that, can do the job,
if is put an su
Look good. Most useful is to testing this rules, and depend of your
traffic, u can change settings.I think that is good to eliminate
delay options from pipe. For queue u can test different value. Man
page explain very well. If u have too large queue size, then delay can
grow for traffic.
Second qu
Can someone make an patch for dummynet, so an user can't get maximum
bandwith. Queue work great for sharing same bandwidth, but an user can
get much banditdth if is not used but anothers.
So is wonderfull if i can put an paramaters for queue (like for pipe),
to limit bandwidth:
For example:
ipfw pi
U speak in this explanation about "outgoing path" or "incoming path".
How i can find when i have an situation or another?
U say: "If the packet is on the outgoing path ", so need to know
when the packet is on "outgoing path" or "incoming path". How know
that?
Know someone if freebsd 6.0 have integration for altq and ipfw?
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
I have some problem. After i post some message i understand that with
dummynet u can't make traffc priority, only bandwith management.
U can manage bandwidth with pipe or queue (weight option).
Weight parameter is used to specify how is alocate bandwidth from a
pipe which is shared to different que
Thanks!
And what collection file need to update?
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Hi!
I have an frebsd 5.4 release system. I want to use ipfw+altq. I read
seome abiut, and i want to tryit.
My questions is about altq. How to enable altq?
In my kernel configuration i put:
options ALTQ
options ALTQ_CBQ
options ALTQ_RED
options ALTQ_RIO
options ALTQ_HFSC
options ALTQ_PRIQ
options AL
So:
in via fxp0 = in recv fxp0?
out via fxp0 = out xmit fxp0?
Or give some example, please!
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Hi!
What is difference between:
1. in via - in recv
2. out via - out xmit
When need to use an variant or another?
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAI
How i can calculate (or best aproximate) queue size?
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
I know about pf+altq. I can use even ipfw+altw. But i'm fun dummynet,
and i want to use'it. :)
My work at moment is:
#download total
$cmd pipe 1 config bw 1000kbits/s
#download agregate (low pri. 300kbits/s agregate)
$cmd pipe 2 config bw 300kbits/s
$cmd queue 2 config weight 1 pipe 1
$cmd que
Hi!
I want to organize my bandwith in this mode
# download section
1000kbit/s
|
|
||
||
||
hight low
prioriz
Hi!
The scope of this mail is to challenge anybody that have some
experience to present some complex situation with
dummynet. This idea is because i dont find anywhere some complex
presentation. I see some features about htb in linux (i dont want to
begin an long and ponderously discution about lin
Hi!
I try to use table option but not work.
First, i use Freebsd 5.4 release.
In short i have:
cmd="ipfw -q"
$cmd table 1 add 192.168.0.0/24
$cmd table 1 add 192.168.2.0/24
$cmd table 1 add 192.168.3.0/24
$cmd table 1 add 192.168.4.0/24
$cmd add 700 count ip from table(1) to any via $lif
When i
If i understand corectly, weight is a keyword that config queue.
Queue is used to share bandwith on same pipe.
In my configuration each computer receive same bandwith on different
pipe (dynamicaly created with mask), and i dont know how to use weight
keyword in this situation.
Not work anyway, this is not a good reason. Filter work with rules
with same number. I test to block only win98 computer and i can't.
I try to block by ip address and not work.
I forgot to specifies that on win98 computer after i try to block, not
work messenger, but navigation very well.
___
Hi!
I want to block illegal acces to server with mac address.
For testing i write this rules:
ipfw add 100 deny mac any xx:xx:xx:xx:ab:12 in via $lif
ipfw add 100 deny mac any xx:xx:xx:xx:ab:34 in via $lif
$lif is private interface on my server.
After i apply this rule result is strange. Compute
Hi!
I want to build some traffic shaping. I want to have clients with
128kbs/s and 256kbits/s. So i make two pipe:
ipfw pipe 1 config bw 128kbits/s mask dst-ip 0xff
ipfw pipe 1 config bw 256kbits/s mask dst-ip 0xff
With this any host in my network receive the maximum bandwith for that
pipe
Thanks! Thanks! Thanks!
Work perfect!
Now can block any traffic that is illegal.
For anyone that is interestedly can put rule how suggest Jara or like
this:
ipfw add 1 allow ip from any to any layer2 mac-type arp
Is same affair.
And how permit this traffic?
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Hi!
I want to permit only traffic from my network class throught internal
interface. So i put in ipfw rules this rule to see what traffic is:
$cmd add 51 count log logamount 0 all from not $local_net to any in via $lif
I study my logs and i find this:
Aug 12 09:58:14 freebsd kernel: ipfw: 51 Coun
Hi!
I have this situation:
ipfw pipe 1 config bw 512kbits/s
ipfw queue 1 config pipe 1 mask dst-ip 0xff
ipfw add queue 1 ip from any to any out via $private_interface
Acording with man pages, this configurations give to each host same
bandwith.
My question:
I have 2 users:
first download an fi
Hi!
I have an freebsd (5.4) server that act as gateway. NAT is done with ipnat
and traffic shaping with ipfw+dummynet.
I have this problem: server work whell, but after aproximatively 5
min. my private interface stop responding (i dont have
ping, nothing).
After i give "ipfw flush" and reload ipfw
I dont understand u! If have an rule for filter traffic incoming to
server, why put options for "incoming" and "not outgoing"?
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail
Please, explain more clearly, what u want to do?
P.S. looks very strange "out not recv any xmit"
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
If i understand corectly with redirect_address i can forward an given
public ip (commonly an alias on pubic interface) to an internal ip
(private). I dont know if this is good for what i want.
More exactly description for what i want:
My private network is: 192.168.0.0/24
I have (example) public ip
I have assignet from my ISP multiple public IP. How i can nat local
ip's with different public ip's?
Local interface is fxp0 and public interface is rl0.
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To
Hi!
I want to prevent some denyal of service attack and i try to limit tcp
with syn flags, but i dont know exactly how to!
Or another solution that can be usefull!
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebs
Hi!
How i can redirect web traffic from my lan, throught my proxy server?
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Hi!
I dont have experience with ipfw. My question is about DoS.
How i can prevent this type of attack or flood with ipfw and limit
options?
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, s
Now i test this type of control with:
pif is the private interface
$cmd add 200 skipto 210 all from any to any in via $pif layer2
$cmd add 200 skipto 4000 all from any to any out via $pif layer2
#client1
$cmd add 210 skipto 3000 MAC any 00:0e:a6:81:40:3e
#client2
$cmd add 211 skipto 3000 MAC any
I have this script:
#!/bin/sh
cmd="/sbin/ipfw -q"
#external interface
oif="rl0"
#internal interface
pif="fxp1"
down_bw="100kbit/s"
up_bw="70kbit/s"
#flush rules
$cmd flush
$cmd pipe flush
$cmd pipe 2 config bw $up_bw
$cmd queue 1 config pipe 2 weight 20
$cmd add 100 queue 1 ip from any to any in
Hello Jon,
Tuesday, July 5, 2005, 9:18:20 PM, you wrote:
> On 7/5/05, vladone <[EMAIL PROTECTED]> wrote:
>> I want to permit only few MAC address to pass on my gateway.
> MAC filtering is done at layer 2, so you need to allow ipfw access to
> the layer 2 pa
I want to permit only few MAC address to pass on my gateway.
I put in my script this line:
ipfw -q -f flush
cmd="/sbin/ipfw -q"
oif="rl0"
pif="fxp1"
$cmd add 110 skipto 5000 MAC any 00:0e:a6:81:40:3e in via $pif
$cmd add 120 skipto 5000 MAC any 00:50:8b:6b:0c:b2 in via $pif
...
Hi!
I want to build an freeBSD gateway. I had configured all i need, but i
dont understand something. What is corect order for ipfw.
I have rule that divert traffic:
ex: add 50 divert natd all from any to any via rl0
I want to put firewall rule to block some traffic or ports.
I want to build so
64 matches
Mail list logo
