This is great news, thank you guys.
This is what I found during my testing.
#1. Connecting from w2k behind the fbsd using VPN doesn't work. Using
the original natd does not have this problem,
#2. rdr, can we redirect udp as well?
This is my conf file,
divert port natd -> dp1
nat on dp1 from an
On Tue, 1 Oct 2002, Vinod wrote:
> i use the commands
> ipfw add pipe 1 ip from any to 10.0.1.0/24
> ipfw pipe 1 config bw 100Kbit/s
Make sure that you don't have ipfw allow all from any to any before the
rule which adds pipe 1. If so, packets will never enter the pipe.
Mike "Silby" Silbersack
Vinod wrote:
> --- Lars Eggert <[EMAIL PROTECTED]> wrote:
>
>>That looks OK. What does "ipfw show" print?
>
ipfw pipe 1 show prints:
1: 100.000 Kbit/s 0 ms 50 sl. 0 queues (1 buckets)
droptail
mask: 0x00 0x/0x ->0x/0x
*Just* "ipfw show" - I was wondering if your pack
ipfw pipe 1 show prints:
1: 100.000 Kbit/s 0 ms 50 sl. 0 queues (1 buckets)
droptail
mask: 0x00 0x/0x ->0x/0x
Thanks,
Vinod
--- Lars Eggert <[EMAIL PROTECTED]> wrote:
> Vinod wrote:
> > my topology loks like this:
> >
> > 10.0.0.8
> >
Vinod wrote:
> my topology loks like this:
>
> 10.0.0.8
> _ _ _ Video Server
> |
> outsideswitch-proxy---clients
>10.0.0.2 10.0.1.1 10.0.1.0/24
>
> i dont have any other firewall rules.I am
Sorry to reply to my own post, but I have some updated info...
It appears that a host route is being cloned from the default route.
The host route has an ssthresh value associated with it, which is
picked up by subsequent connections that use this route.
We attempted to lock the ssthresh valu
my topology loks like this:
10.0.0.8
_ _ _ Video Server
|
outsideswitch-proxy---clients
10.0.0.2 10.0.1.1 10.0.1.0/24
i dont have any other firewall rules.I am using
Dummynet just as a packet
Vinod wrote:
> i have proxy from which i would like to throttle the
> bandwidth of clients.the proxy acts as a router here.
>
> i use the commands
> ipfw add pipe 1 ip from any to 10.0.1.0/24
> ipfw pipe 1 config bw 100Kbit/s
>
> but i still dont see any reduction in bw.its the same
> high bw it
i am sorry to ask such a simple question but
however hard i have tried i am not getting 'dummynet'
to
work.
i have proxy from which i would like to throttle the
bandwidth of clients.the proxy acts as a router here.
i use the commands
ipfw add pipe 1 ip from any to 10.0.1.0/24
ipfw pipe 1 config
Hi all,
I'm seeing something strange here... I have a freebsd box running
iperf (4.6-RELEASE-p1, iperf 1.6.2 with pthreads patches). When
attempting to use a 1MB tcp window, the box won't put more than 256kB
in flight after the first connection to a given host.
I seem to remember hearing/re
Hi,
I've been running FreeBSD on 2 boxes, each with their own WAN links for over
18 months
or so. Each box has its own WAN link (one uses T1 leased line to a remote
site, the other
uses DSL to an ISP.) The ISP link runs IPsec and racoon The other end of
the IPsec
tunnel is a VPN appliance.
* De: Marc Ernst Eddy van Woerkom <[EMAIL PROTECTED]> [ Data:
2002-10-01 ]
[ Subjecte: Intel PRO/100 S ]
> Hi,
>
> yesterday I bought a network card to connect a second PC
> to my old machine.
> They had only one type of card in the store so I bought it anyway,
> despite its rather hig
On Tue, Oct 01, 2002 at 09:42:08AM -0700, Maksim Yevmenkin wrote:
> Hello Julian,
>
> Sorry to bug you, but are you still interested in this? Not sure if you
> were following but the latest snapshot (2002/09/22) is available for download
> at http://www.geocities.com/m_evmenkin/
>
> I asking bec
Andre Oppermann wrote:
>
> In the FreeBSD May-June 2002 Status Report we have announced a natd
> rewrite to make it's configuration options more powerful and support
> more ip addresses to nat to.
I haven't had time to look at the new natd yet, but the old one would
easily get into a state wher
Hello Julian,
Sorry to bug you, but are you still interested in this? Not sure if you
were following but the latest snapshot (2002/09/22) is available for download
at http://www.geocities.com/m_evmenkin/
I asking because you are the only person who has some interest and actually
looked at the co
Hi,
yesterday I bought a network card to connect a second PC
to my old machine.
They had only one type of card in the store so I bought it anyway,
despite its rather high price of 37 Euro.
Today I took a closer look.
It is an Intel PRO/100 S board packaged in
plastic pack, without docs.
It co
Hello
I'm looking for a good book on unix routing (from the ground up) every routingbook I
seem to find only cover IOS.
There are diffrent solutions, for example gated, zebra and so on, what is most used
and what can you recomend and what supports both ipv6 and ipv4
thanks
/John
To Unsubscr
I have done similar to this using teh GIF interface.
Each tunnel between sites had a gif interface and I firewalled
for only ESP packets to and from the correct machines on the external
interface, and for correct packets for permitted protocols
and ports on the unencrypted data on the gif interfa
I have a firewall system that has a dedicated interface on which nly
IPsec traffic is going out and comming in. The firewall
encrypts and decrypts these packets.
I am using Ipfilter on that system and I would like to filter on
the unencrypted content, both incoming and outgoing.
The problem is
On Tue, Oct 01, 2002 at 08:34:35AM +0300, Ari Suutari wrote:
> Hi,
>
> Great to see natd maintained. As original author, I kind of miss
> the long command line options (ie. something like
> --daemon in addition to -d).
>
I used getopt(3) to parse the commandline because I hate to reinvent the
w
20 matches
Mail list logo
