Hello Bjoern,
Friday, July 30, 2004, 9:04:49 AM, Bjoern A. Zeeb wrote:
BAZ> I do not understand what your are trying to do but filitering ipsec
BAZ> encrypted packets in ipfw is available for quite some time now.
BAZ> I can and do check packets that:
BAZ> - come in encrypted and leave unencrypted
On Fri, 30 Jul 2004, Nickolay A. Kritsky wrote:
> Hello freebsd-net,
>
> From searching the archives this looks like an old issue, but I
> still can't understand something.
> AFAIU, now the ipfw + ipsec interoperation looks like this:
> input: encrypted packet comes to system. It is not ch
I don't know what the reasons are, but I know the result.
After much frustrating reasearch I came to the conclusion that I can:
a) use linux (not an option as far as I'm concerned)
b) use openvpn
I need to create a hub and spoke type of vpn arrangement - one spoke node
needs to communicate with
Hello freebsd-net,
From searching the archives this looks like an old issue, but I
still can't understand something.
AFAIU, now the ipfw + ipsec interoperation looks like this:
input: encrypted packet comes to system. It is not checked against
ipfw rules. Rules are applied to decrypted p
Hi all,
I was wondering for some time in a while.. How is the performance difference in
general between IPFW2 and PF in stateless rules? I know performance really is
hard to tell and depends on your environment. Are they just about the same
since stateless rules are going at linear rate of O(N) o
On Thu, Jul 29, 2004 at 01:23:52AM +0200, Jeremie Le Hen wrote:
> AFAIK, ipf takes precedence on ipfw for incoming packets on -STABLE,
> and this is of course symmetric for outgoing ones.
No, outgoing packets are passed through ipf/ipnat before they reach
ipfw (at least in STABLE, PR kern/46564).
On Thu, 29 Jul 2004, Bjoern A. Zeeb wrote:
> is anyone else seeing this behavior ?
Thanks to Thomas Wolf for pointing me to 'dynamic' missing.
Got lost somewhere when changing to multi-instance entries.
This should solve the problem :-)
Thanks.
--
Bjoern A. Zeeb bzeeb
Is there any ng_device users? I have some patches to test.
Can you spend some time?
--
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail t
Hi,
I started using the multi instance natd feature and running into
problems.
Every morning when the IP on the dialup interface with the default
route (tun0) changes I need to re-start the natd. Else I am getting:
natd[88668]: failed to write packet back (Permission denied)
looks like n
On Thu, Jul 29, 2004 at 10:55:27AM +0300, [EMAIL PROTECTED] wrote:
D> hello,
D> is there any posibility to monitor network and cpu loads on netgraph nodes
D> or do some dumping on each node?
D> in our case there are:
D> ng_atm <> ng_atmllc <--> ng_ether
You can insert ng_tee to s
hello,
is there any posibility to monitor network and cpu loads on netgraph nodes
or do some dumping on each node?
in our case there are:
ng_atm <> ng_atmllc <--> ng_ether
thank you
___
[EMAIL PROTECTED] mailing list
http://lists.freeb
On Thursday 29 July 2004 09:25, Andrew Riabtsev wrote:
> Hello Max,
>
> Thursday, July 29, 2004, 1:46:06 AM, you wrote:
>
> ML> Another alternative (on FreeBSD-current) would be pf+ALTQ, btw ;)
> Is there any chance to see one day pf for 4.X-RELEASE? I'm still
> thinking pf is the best firewall eve
Hi,
We're actually planning to migrate to PF instead of IPF+IPFW to meet
these needs.
IPFW from what I've gathered over the past few years is the traditional
FreeBSD way of handling firewalls, nat and bandwidth limiting.
We found IPFW a little complex to use, granted very powerful.
We ended up
Hello Charlie,
> I'm running ipf because I like it ...but now I need to use ipfw's pipe
> feature. I was thinking that I could just run both, and keep all my
> rules in ipf, then in ipfw: limit bandwidth for a few vlans, then allow all.
>
> It didn't work (no rate-limiting happened).. and I'm
Hello Max,
Thursday, July 29, 2004, 1:46:06 AM, you wrote:
ML> Another alternative (on FreeBSD-current) would be pf+ALTQ, btw ;)
Is there any chance to see one day pf for 4.X-RELEASE? I'm still
thinking pf is the best firewall ever made but it is very frustrated i
can't use it on freeBSD boxes. :
Hello Charlie,
Thursday, July 29, 2004, 1:23:33 AM, you wrote:
CS> So, what is the order, if I'm running ipf AND ipfw at the same time?
CS> Will it work at all in this manner?
Load both firewalls as modules, then you can be sure packets goes
first through firewall you load first. And yes, this sh
16 matches
Mail list logo
