Intel PRO/1000 and BRIDGE

2003-06-02 Thread Jeff Opie
I have a Dell PE1650 server with dual on-board Intel 82544 NICs which is intended to be an external firewall using options BRIDGE, IPFIREWALL, etc.   Packets are not being passed from em0 to em1. I have tried 4.7-Release (em driver 1.3.4), 4.8-Release (em driver 1.4.10) and the current 1.5.31 em dr

Re: ipfw and hostnames

2003-06-02 Thread Petri Helenius
> > If your firewall needs to perform *any* DNS queries, what happens if the DNS > server(s) are down or unreachable when the firewall tries to restart? Does it > fail in a way that you are happy with? > That´s an another defect in ipfw client utility, it stops processing rules if it fails to look

if_dc - ADMTek AN983B problem (solution)

2003-06-02 Thread Andrew Gordon
Problem: if_dc driver fails to read MAC address from AN983B (on-board ethernet on MSI motherboard in this case). Not only does it get the wrong value of MAC address, but it permanently trashes the EEPROM contents, so that it is necessary to use the manufacturer's utility to re-set the MA

Fw: Very weird network behaviour with 4.7-RELEASE-p10 (large)

2003-06-02 Thread Giovanni P. Tirloni
I'm forwarding this here in case anyone wants to take a look. - Forwarded message from "Giovanni P. Tirloni" <[EMAIL PROTECTED]> - Date: Sun, 1 Jun 2003 04:12:55 -0300 From: "Giovanni P. Tirloni" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] User-Agent: Mutt/1.5.3i Subject: Very weird networ

Re: ipfw and hostnames

2003-06-02 Thread Chuck Swiger
Petri Helenius wrote: [ ...using DNS in firewall rules... ] I know that, I control the domains and additionally they are for non-critical resources like NTP access. OK: it's good to keep your firewall clocks syncronized. External NTP servers are best accessed by name, agreed. So run a NTP server on

Re: ipfw and hostnames

2003-06-02 Thread Petri Helenius
> > You are strongly advised to use IP addresses instead of hostnames in firewall > rulesets, to avoid DNS spoofing attacks subverting your firewall. Ideally, your > firewall should function without depending on any external network resources. > I know that, I control the domains and additiona

Re: ipfw and hostnames

2003-06-02 Thread Chuck Swiger
Petri Helenius wrote: How do I compile/load ipfw kld so that it has "default to accept" which seems to be required to allow hostnames to be used in firewall configuration loaded at boot time. You are strongly advised to use IP addresses instead of hostnames in firewall rulesets, to avoid DNS spoof