On Sat, Jul 31, 2004 at 04:34:09AM +0200, Max Laier wrote:
> Hi,
>
> patch at:
> http://people.freebsd.org/~mlaier/altq_driver2.diff
>
> If you are maintaining any of the above, please take a look and tell me if you
> object. ndis(4) maintains code portability to 5.2.1 as requested.
>
> All dri
Hi,
patch at:
http://people.freebsd.org/~mlaier/altq_driver2.diff
If you are maintaining any of the above, please take a look and tell me if you
object. ndis(4) maintains code portability to 5.2.1 as requested.
All drivers were tested as described on:
http://people.freebsd.org/~mlaier/ALTQ_dr
> But by adding the following option to the kernel conf file you can get
> the processing path I think you are asking for??
>
> options IPSEC_FILTERGIF (documented in LINT)
>
> This then causes the decrypted packet to be passed thru IPFW again.
>
> Be aware this has significant conseq
Dinesh Nair wrote:
by default the flow is:
wire -> ipnat -> ipfilter -> ipfw -> kernel -> ipfilter -> ipnat ->ipfw
the patch in the above PR changes it to:
wire -> ipnat -> ipfilter -> ipfw -> kernel -> ipfw -> ipfilter -> ipnat
Interesting! Thanks for all the great info guys.
I don't really need t
On Thu, 29 Jul 2004, Jeremie Le Hen wrote:
> Hello Charlie,
>
> > I'm running ipf because I like it ...but now I need to use ipfw's pipe
> > feature. I was thinking that I could just run both, and keep all my
> > rules in ipf, then in ipfw: limit bandwidth for a few vlans, then allow all.
> >
> >
On Fri, Jul 30, 2004 at 01:31:44PM +0400, Nickolay A. Kritsky wrote:
> Hello freebsd-net,
>
> How can a body do ethernet over ip on FreeBSD? I have heard that
> with netgraph you can do that. Has anybody tried this or maybe some
> other way? The goal is to connect two L2 networks on remote s
Hello freebsd-net,
How can a body do ethernet over ip on FreeBSD? I have heard that
with netgraph you can do that. Has anybody tried this or maybe some
other way? The goal is to connect two L2 networks on remote sites.
Thanks.
--
Best regards,
; Nickolay A. Kritsky
; SysAdmin STAR Soft
Hello Bjoern,
Friday, July 30, 2004, 12:12:52 PM, Bjoern A. Zeeb wrote:
>> see? if the incoming packet is not in table, _and_ natd is not running
>> in proxy_only mode (which is not acceptable here) the packet flows by
>> without any change. And that's what the `man natd' says.
BAZ> please type
On Fri, 30 Jul 2004, Nickolay A. Kritsky wrote:
Hi,
> I think I have got your point here, but filtering esp in tunnel mode
> is of no use in many scenarios since higher protocol information (like
> ports for TCP/UDP) is hidden in encrypted payload.
at first it helps you to accept (only) encrypte
> From searching the archives this looks like an old issue, but I
> still can't understand something.
> AFAIU, now the ipfw + ipsec interoperation looks like this:
> input: encrypted packet comes to system. It is not checked against
> ipfw rules. Rules are applied to decrypted payload pac
Hello Bjoern,
Friday, July 30, 2004, 11:02:26 AM, Bjoern A. Zeeb wrote:
>> Then I do (on VPN_router2):
>> bash-2.05b# uname -sr
>> FreeBSD 4.9-RELEASE
BAZ> ok; for the 'ipsec' ipfw option this is too old. It's been functional
BAZ> in 5.x since 2003-12-02, that is 5.2, 5.2.1, HEAD and in RELENG_4
On Fri, 30 Jul 2004, Nickolay A. Kritsky wrote:
> OK. let's place a small demonstration.
>
> 217.195.82.43 <-->VPN_router1 <--> [---INTERNET---]
> |
> |
> 192.168.64.10 <---> VPN_router2
>
> Traffic
12 matches
Mail list logo
