Re: GRE and PF problem

2005-07-13 Thread Alex Povolotsky
compunction wrote: GRE needs to pass bidirectional. You will need a binat to make it work. I have not found a firewall that will allow GRE to work with a many to one nat. The most painful thing is that pf's nat works for GRE - SOMETIMES :-( The only thing firewall needs to implement for

Re: GRE and PF problem

2005-07-13 Thread Alex Povolotsky
compunction wrote: GRE needs to pass bidirectional. You will need a binat to make it work. I have not found a firewall that will allow GRE to work with a many to one nat. The most painful thing is that pf's nat works for GRE - SOMETIMES :-( The only thing firewall needs to implement for

Re: GRE and PF problem

2005-07-13 Thread compunction
GRE needs to pass bidirectional. You will need a binat to make it work. I have not found a firewall that will allow GRE to work with a many to one nat. -Mark On 7/13/05, Alex Povolotsky <[EMAIL PROTECTED]> wrote: > Hello! > > I'm using FreeBSD (5.3-RELEASE-p5) as internet access server, and I

Re: Problem with Path MTU Discovery

2005-07-13 Thread gnn
At Wed, 13 Jul 2005 15:00:42 +0200, Jeremie Le Hen wrote: > > Hi, > > I set a gif(4)-based IPSec tunnel between my network and a friend's one. > This works pretty well, except that Path MTU Discovery doesn't work. > > Quick draw: > MTU: 1500 MTU:1280 MTU:1500 > Comp1 --

Re: ntop binary for 5.x in existence ? (the real ntop, not the kitchen sink one...)

2005-07-13 Thread Joe Schmoe
Matt, --- Matt Emmerton <[EMAIL PROTECTED]> wrote: > I was only able to find the ntop-1.1 sources on the > web. Can you point me > to the ntop-1.3 sources? http://www.netsw.org/net/ip/audit/packets/ntop-1.3.1.tar.gz __ Do You Yahoo!? Tired of sp

Re: ntop binary for 5.x in existence ? (the real ntop, not the kitchen sink one...)

2005-07-13 Thread Matt Emmerton
> > Matt, > > --- Matt Emmerton <[EMAIL PROTECTED]> wrote: > > > I'm working on it :) It's a bit hairy because of > > the changes between 4.x > > and 5.x, but I should have something by next week. > > Wow - this is really great of you. Just some trivia > to pass on - I do believe that they made s

GRE and PF problem

2005-07-13 Thread Alex Povolotsky
Hello! I'm using FreeBSD (5.3-RELEASE-p5) as internet access server, and I have to NAT GRE packets. I'm using pf. The problem is that SOMETIMES PF fails to create proper rule using nat, while binat works fine. Not only I do not want to expose Windows boxes (even if those addresses are fire

Problem with Path MTU Discovery

2005-07-13 Thread Jeremie Le Hen
Hi, I set a gif(4)-based IPSec tunnel between my network and a friend's one. This works pretty well, except that Path MTU Discovery doesn't work. Quick draw: MTU: 1500 MTU:1280 MTU:1500 Comp1 - Gate1 Gate2 -+-- Comp2 RELENG_5RELENG_4