Has anyone used LaBrea successfully on a FreeBSD box?
It's sounds very cool, basically it "traps" systems scanning your network (i.e. nimda
or code red infected).
-Tony
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
> I recently setup a box on our network, running FreeBSD 4.4-PRERELEASE,
> with ipfw and dummynet to do bandwidth shaping as well as firewalling ...
> The machine is a Dual PIII 733 w/1gig of RAM and 2xfxp0 devices ...
> I've got an /etc/fw.rules file that has ~1200 rules in it so far, and
>
Luigi Rizzo wrote:
>
> > On Wed, Sep 19, 2001 at 07:39:13PM +0200, Leif Neland wrote:
> >
> > > Or you could patch ipfw to be able to use a hash-db :-)
> >
> > skipto caches the pointer of the rule its skipping to the first time
> > it uses that rule. not going to get a better hash hit then that.
On Tue, Sep 18, 2001 at 11:09:18PM -0700, Jerry Murdock wrote:
> Can an IPSEC tunnel be established between two LANs when one side is using
> PPPoE/DSL with dynamic IP using either manual keys or IKE?
[...]
> A simple "yes," "no," or "ARE YOU NUTS!?" would be adequate, but any
> pointers on a "y
On Thu, Sep 20, 2001 at 05:04:41AM +0900, Hajimu UMEMOTO wrote:
> jabley> The tunnel is configured like this:
>
> jabley> buffoon# ifconfig gif0
> jabley> gif0: flags=8011 mtu 1280
> jabley> inet6 fe80::2d0:b7ff:fe79:a0a7%gif0 --> :: prefixlen 64 scopeid 0x4
> jabley> inet6 2001:
The complete FreeBSD (Walnut Creek) or the new FreeBSD Handbook, which one is adequate
to acquire as my first one, in your opinion??
saudações,
irado furioso com tudo
linux user 179402
Padre Marcelo Rossi (vulgo O Mala, TeViNaTV) é mosca nova na mesma
mer*¨&% de sempre.
por fav
Hi,
> On Wed, 19 Sep 2001 15:37:40 -0400
> Joe Abley <[EMAIL PROTECTED]> said:
jabley> I have a cosmetic difficulty in a v6-in-v4 tunnel set up between
jabley> a 4.3-RELEASE box and a cisco router.
jabley> The tunnel is configured like this:
jabley> buffoon# ifconfig gif0
jabley> gif0:
Dmitry,
I have W2K working with ipsec on FreeBSD. On FreeBSD racoon is doing the
ISAKMP, out of the ports directory. On win2k the standard ipsec stuff.
I also have PPTP running using netgraph on FreeBSD. There are plenty of
examples how to set it up for PPTP. On windows 98 and W2k the standard P
> On Wed, Sep 19, 2001 at 07:39:13PM +0200, Leif Neland wrote:
>
> > Or you could patch ipfw to be able to use a hash-db :-)
>
> skipto caches the pointer of the rule its skipping to the first time
> it uses that rule. not going to get a better hash hit then that...
not enough. The original mes
Hi,
I have a cosmetic difficulty in a v6-in-v4 tunnel set up between
a 4.3-RELEASE box and a cisco router.
The tunnel is configured like this:
buffoon# ifconfig gif0
gif0: flags=8011 mtu 1280
inet6 fe80::2d0:b7ff:fe79:a0a7%gif0 --> :: prefixlen 64 scopeid 0x4
inet6 2001:438:1ff
Does anybody have working VPN between
Win32 client and FreeBSD server (PPTP or IPSec)
if yes - which software you use.
Could someone point me to really working free or commercial software
to solve this problem?
Thank you.
--
Dmitry Samersoff
[EMAIL PROTECTED], http://devnull.wplus.net
ICQ
On Wed, Sep 19, 2001 at 07:39:13PM +0200, Leif Neland wrote:
> Or you could patch ipfw to be able to use a hash-db :-)
skipto caches the pointer of the rule its skipping to the first time
it uses that rule. not going to get a better hash hit then that...
--
- bill fumerola / [EMAIL PROTECTED]
> > The gateway's IP address actually refers to two different machines.
> > Naturally the gateway is used quite a bit, and the syslog fills up with "arp
> > X moved from Y to Z on fxp0" messages.
>
> That's really not the right way to do it, and probably doesn't balance
> the load as well as you m
Hi,
Is there a utility that will allow me to inject an IP#/port# into a
hash (or similiar structure) table that the kernel can consult to
determine if it should drop an incoming connection? I am trying to
stop the new worm that is out there. I have about 8000 and growing
hosts that I need to blo
>
> psychopompus# ipfw add 00661 skipto 00708 ip from any to 136.0.0.0/5
> 00661 skipto 56 ip from any to 136.0.0.0/5
>
> why is the 00708 changing to 56? :(
because the leading 0's force strtol to believe that the number is
octal, then the trailing 8 is considered illegal in the
basis so the n
> > Third, take into account that since ipfw takes 'first matching rule
> > wins' approach, you will get performance boost by moving more
> > frequently used and more general rules "up" in the ruleset. For
> > example, if you move the rule from position 700 to 200 packet will be
> > matched only
> Can an IPSEC tunnel be established between two LANs when one side is
using
> PPPoE/DSL with dynamic IP using either manual keys or IKE?
...
> A simple "yes," "no," or "ARE YOU NUTS!?" would be adequate, but any
> pointers on a "yes" answer would be great.
Yes. :-)
It should definitly work wi
Hi
i recently had exactly this problem, and it turned out to be the way I'd
connected the machine. It was cured when I connected the uplink cable
directly the the outside interface instead of into the hub. Could this be a
similar situation?
Best Regards
Mike
At 18:45 18/09/2001 -0500, you
psychopompus# ipfw add 00661 skipto 00708 ip from any to 136.0.0.0/5
00661 skipto 56 ip from any to 136.0.0.0/5
why is the 00708 changing to 56? :(
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
[Please don't cross-post]
You did not tell us what exactly does not work.
DNS should work, and FTP should not as it requires data
channel on a separate port. If that's the case, you
may run natd(8) with the -punch_fw option.
On Wed, Sep 19, 2001 at 05:06:38PM +0300, Vladimir Terziev wrote:
> S
Sorry, but there is a rule number mistake in my previous e-mail with the same
subject.
I have a gateway machine which runs NATD (natd -unregistered_only -interface
an0) and have IP packet filter IPFW with the following rules:
ipfw add 100 allow ip from any to any via lo0
ipfw add 10002 skipt
Sorry, but there is a rule number mistake in my previous e-mail with the same
subject.
I have a gateway machine which runs NATD (natd -unregistered_only -interface
an0) and have IP packet filter IPFW with the following rules:
ipfw add 100 allow ip from any to any via lo0
ipfw add 10002 skipt
On Wed, 19 Sep 2001, Krzysztof Zaraska wrote:
> First, is there any specific reason for allowing only specific 900 subnets
> instead of the whole 'cost nothing' network? How big is this network? How
> would this increase the risk?
CA*Net3 vs "commercial net" traffic ...
> Second, with that numb
maybe not so specific, but as you asked for any kind of info :
freeswan (look at freshmeat) can clarify something, besides it is linux-based. Also
you can ask to http://groups.google.com, with something like [freebsd ipsec mobile ],
where you can tightening your search replacing mobile with som
Thanks,
I know from an IPSEC perspective it is do-able. I've done it with several
other products without problems. I'm hoping to get a FreeBSD specific answer.
My real questions concern if and how gifconfig/gif and setkey/spdadd can
manage a dynamic endpoint(0.0.0.0?). And if I should look tow
On Wed, Sep 19, 2001 at 12:05:34AM -0400, Anthony Schneider wrote:
> it might have something to do with the prereleasenature of the machine.
> -Anthony.
No it has nothing to do with -PRERELEASE. ipfw by any other name is ipfw.
> On Tue, Sep 18, 2001 at 11:14:50PM -0400, Marc G. Fournier wrote:
Hi,
I have a gateway machine which runs NATD (natd -unregistered_only -interface
an0) and have IP packet filter IPFW with the following rules:
ipfw add 100 allow ip from any to any via lo0
ipfw add 10002 skipto 2 tcp from 192.168.15.2 to any 21
ipfw add 10003 skipto 2 tcp from 192.16
On Tue, 18 Sep 2001, Marc G. Fournier wrote:
>
> I recently setup a box on our network, running FreeBSD 4.4-PRERELEASE,
> with ipfw and dummynet to do bandwidth shaping as well as firewalling ...
>
> The machine is a Dual PIII 733 w/1gig of RAM and 2xfxp0 devices ...
>
> I've got an /etc/fw.ru
28 matches
Mail list logo
