Hi all,
I am trying to modify snaplen for pflogd under FreeBSD 14.1 but it doesn't seem
to work. I have tried the following options in rc.conf:
pflog_flags="-s 256"
and
pflogd_flags="-s 256"
.. but nothing, snaplen is 116 (default value) always. Do I need to reconfigure
something?
Best reg
On 25/08/2022 12:20, Michael Gmelin wrote:
On Thu, 25 Aug 2022 10:48:45 +0200
Carlos López Martínez wrote:
Hi all,
I am tryping to rate limit public connections for certain services to
avoid brutforce attacks under a FreeBSD 13.1 firewall. Under OpenBSD
is "pretty simple" w
On 25/08/2022 11:46, Marek Zarychta wrote:
W dniu 25.08.2022 o 11:32, Carlos López Martínez pisze:
On 25/08/2022 11:26, Marek Zarychta wrote:
W dniu 25.08.2022 o 10:48, Carlos López Martínez pisze:
But under Freebsd when I try to combine "pass" with "rdr" rules, it
On 25/08/2022 11:26, Marek Zarychta wrote:
W dniu 25.08.2022 o 10:48, Carlos López Martínez pisze:
But under Freebsd when I try to combine "pass" with "rdr" rules, it
doesn't works. For example:
rdr on egress inet proto tcp from ! to egress port
$tcp_services ->
Hi all,
I am tryping to rate limit public connections for certain services to
avoid brutforce attacks under a FreeBSD 13.1 firewall. Under OpenBSD is
"pretty simple" with a rule like:
table persist
block quick from
pass inet proto tcp from ! to (egress:0) port
$tcp_services \
flag
Thank you all for the feedback.
I'll resume work on this taking your comments into account.
Thanks again!
On Fri, Oct 23, 2020 at 10:00 PM Dewayne Geraghty <
dewayne.gerag...@heuristicsystems.com.au> wrote:
> On 15/10/2020 9:00 am, carlos antonio neira bustos wrote:
> > H
Hello,
I have currently a patch in review with jamie which is the current jail
maintainer and kyle evans, if anyone else could comment/review this patch :
https://reviews.freebsd.org/D26782
What has been done is the following :
Raw socket access is allowed for ICMP protocol as is required by
PIN
etmap.
On 30 December 2014 at 18:55, Carlos Ferreira wrote:
> Well... due to budget constraints I'm using USB 100Mb ports :)
> This is for experimental purposes only for now.
>
> Btw, can netmap work with wireless interfaces? I believe you once answered
> this question, but I
wrote:
> On Tue, Dec 30, 2014 at 6:38 PM, Carlos Ferreira
> wrote:
> > Ok, I'm having some trouble in tuning the amount of memory for netmap.
> >
> > I have been following the man page from FreeBSD in other to understand
> the
> > values at /sys/modules/netm
educe by lowering NM_BRIDGS).
> The saving is probably not worth the effort.
>
> cheers
> luigi
>
> On Tue, Dec 30, 2014 at 5:08 PM, Carlos Ferreira
> wrote:
> > By the way, another question.
> > Is there a way to not compile the code regarding the VALE switch? I'm
By the way, another question.
Is there a way to not compile the code regarding the VALE switch? I'm only
interested in using netmap with Tap Devices and NICs, so I was hoping to
save some memory.
On 30 December 2014 at 15:47, Carlos Ferreira wrote:
> You mean netmap_mem2.c ? It was the
You mean netmap_mem2.c ? It was there where I found the NETMAP_BUF_MAX_NUM
define.
On 30 December 2014 at 15:43, Carlos Ferreira wrote:
> Ok thanks. I was hoping not having to recompile the module, but it's ok.
> Thank you for the info!
>
>
> On 30 December 2014 at 15:38
t; cheers
> luigi
>
>
> On Tue, Dec 30, 2014 at 4:12 PM, Carlos Ferreira
> wrote:
> > Update:
> >
> > I noticed that the netmap module was still crashing, after changing the
> > OpenWRT VM ram to 256MB. I now raised to 1GB and it no longer crashed.
> The
&g
Update:
I noticed that the netmap module was still crashing, after changing the
OpenWRT VM ram to 256MB. I now raised to 1GB and it no longer crashed. The
netmap module is now consuming about 350MB of Ram, which for my objectives
is just too much...
On 30 December 2014 at 14:06, Carlos Ferreira
etmap.
Resuming, I want to know if there is a way to reduce the memory buffer
allocation, without recompiling the netmap kernel module.
Thank you for the attention.
--
Carlos Miguel Ferreira
Researcher at Telecommunications Institute
Aveiro - Portugal
Work E-mail - c...@av.it.pt
Skype & GTalk -&
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
>
--
Carlos Miguel Ferreira
Researcher at Telecommunications Institute
Aveiro - Portug
n Tue, Jul 22, 2014 at 12:23 PM, Carlos Ferreira
> wrote:
>
>> I think the results presented at the paper are regarding one port sending
>> or receiving at 14.88Mpps. Using several ports at the same time will
>> surely
>> give much lower results. But then again, if on
/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
>
--
Carlos Miguel Ferreira
Researcher at Telecommunications Institute
Aveiro - Portugal
Work E-mail - c...@av.it.pt
Skype & GTalk -> carlosmf...@gmail.com
LinkedIn -> http://www.linkedin
d the real_num_rx_queues field
depends now on CONFIG_SYSFS field.
On 12 July 2014 15:36, Carlos Ferreira wrote:
> Ok it seems that Symmetric MultiProcessing is broken for the IXP4xx arch
> when compiling the OpenWRT linux kernel. Since netmap requires SMP to be
> active. Netmap uses the real
just posted at the OpenWRT development mailing list, requesting info and
also, contacted Ryan Erbstoesser at Gateworks to also request info.
On 12 July 2014 11:52, Carlos Ferreira wrote:
> Ok,I solved that problem that I was having but now I have another one. For
> what I was able to determin
ting if this is really the problem and if it is, if it
is possible to overcome.
I will try to keep regular updates on this situation.
Carlos
On 11 July 2014 22:54, Carlos Ferreira wrote:
> OK, ignore what I said in the last e-mail. My Makefile is nor working
> properly and I'm trying
OK, ignore what I said in the last e-mail. My Makefile is nor working
properly and I'm trying to figure out why. OpenWRT documentation for module
Makefiles creation is scarce and confuse...
On 11 July 2014 18:27, Carlos Ferreira wrote:
> I'm building for OpenWRT (trunk) for the
I'm building for OpenWRT (trunk) for the IXP4xx target.
Attached goes the output for the compile attempt. Maybe I'm missing
something very basic...
On 11 July 2014 17:13, Luigi Rizzo wrote:
>
>
>
> On Fri, Jul 11, 2014 at 6:07 PM, Carlos Ferreira
> wrote:
>
>&g
Luigi one question. Does netmap requires a processor with 64 bits? I'm
having some trouble in compiling netmap, using the same Makefile I used
previously, but for an Intel IXP435 CPU (Gateworks Cambria).
On 28 June 2014 14:07, Carlos Ferreira wrote:
> Hello to all.
> Unfortunately,
Sanuri, in order to achieve your goal, you should look for service
distribution over several systems (computers), basically a Cloud
architecture.
Depending on the language that your system is implemented, you should look
for the appropriate framework.
My regards,
Carlos
On 2 July 2014 10:08
iating an RXSYNC and whenever in user space I find
>> that there is nothing on the ring (probably half way down the ring size), I
>> do an RXSYNC to get more packets thus saving system calls.
>>
>> But on tx side, I have noticed that unless I do a TXSYNC, the packet does
>>
yield "frag needed and DF set";
>
> _ no way I could ping with a packet bigger than 500 bytes until I rebooted.
>
> Is this expected behaviour? Any way to get around this?
>
> bye & Thanks
> av.
> ___
>
Great! :)
I will give you the results as soon as I can get them :)
On 17 June 2014 12:55, Luigi Rizzo wrote:
> On Mon, Jun 16, 2014 at 5:30 PM, Carlos Ferreira
> wrote:
>
>> Ok, thanks for the enlightenment regarding the loss of performance.
>>
>> One question
Just a remainder, so that the question doesn't get lost in time.
On 16 June 2014 16:30, Carlos Ferreira wrote:
> Ok, thanks for the enlightenment regarding the loss of performance.
>
> One question, just to be sure. Does the kernel module contains the VALA
> switch code
, thank you for the support.
On 14 June 2014 11:15, Luigi Rizzo wrote:
> On Fri, Jun 13, 2014 at 10:55:54AM +0100, Carlos Ferreira wrote:
> > Hello Luigi (and to all)
> >
> > I was able to successfully compile the netmap module for OpenWRT but
> > without drivers. Accordin
egradation should be expected. I would like
to run some tests to see if everything is ok and if the port was successful.
Thank you for the help!
On 12 June 2014 11:48, Carlos Ferreira wrote:
> First of all, thank you for the quick answer!
>
> I will try it myself to compile jus
First of all, thank you for the quick answer!
I will try it myself to compile just the netmap module without the drivers
and report the results back to you.
Once again, thank you!
On 12 June 2014 11:41, Luigi Rizzo wrote:
>
>
>
> On Thu, Jun 12, 2014 at 12:35 PM, Carlos Ferre
iated!
Once again, thank you!
--
Carlos Miguel Ferreira
Researcher at Telecommunications Institute
Aveiro - Portugal
Work E-mail - c...@av.it.pt
Skype & GTalk -> carlosmf...@gmail.com
LinkedIn -> http://www.linkedin.com/in/carlosmferreira
7;m wondering 2 things.
a.) Could this be an issue with the driver on this release for em0?
b.) Why was I not able to ssh to the client servers while the NFS server was
down?
Any clues would be greatly appreciated.
Thanks!
Carlos.
The following reply was made to PR kern/137776; it has been noted by GNATS.
From: Carlos
To: bug-follo...@freebsd.org,
f...@freebsd.org
Cc:
Subject: Re: kern/137776: [rum] panic in rum(4) driver on 8.0-BETA2
Date: Mon, 5 Oct 2009 12:52:32 +0200
hi list,
I would like to say sorry for my
hi list,
I would like to say sorry for my poor english
i want to say that I can reproduce this panic always. If i run wine +
WoW (World of Warcraft), the internet connection is lost and then if i
run /etc/rc.d/netif restart the panic always appear.
if you need make tests i can make it on my pc
Hi I have an wireless card PCI ENLWL-G, and it appear to lspci -v -l as:
[EMAIL PROTECTED]:12:0:class=0x02 card=0x1faa11ab chip=0x1faa11ab
rev=0x03 hdr=0x00
vendor = 'Marvell Semiconductor (Was: Galileo Technology Ltd)'
class = network
subclass = ethernet
After r
Hi.
You're right, net.link.bridge.ipfw must be set to 1 to enable layer2
filtering. Anyway, divert still doesn't work.
Thanks!
Carlos
Andrew Thompson wrote:
On Tue, May 09, 2006 at 05:45:02PM -0300, Carlos E Gaspar wrote:
Hi.
I have the following setup:
FreeBSD abc5.5-
if_bridge? Do I need FBSD 6.1?
Thanks for advance... sorry about my english
Carlos Gaspar
[EMAIL PROTECTED]
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Hi,
i have upgraded my ports with cvsup and when installing samba i have the
following error:
" ...
Building for libtool-1.5.22_2
.
Making all in doc
make: don't know how to make libtool14.texi. Stop.
***Error Code 1
"
someone have any idea?
best regards,
car
ET on the kernel..
Anyone knows the solution?
Best Regards,
Carlos Silva
http://osiris.csilva.org/
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
0fcaa0b1cb34a
It details how to setup a Bridge with ipfw and dummynet for bandwitdh
control, just change the queue rules, it should work.
--
Carlos Alloatti
calloatti_at_gmail.com
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RES STATE C TIME WCPUCPU
COMMAND
474 squid 960 68276K 62480K select 0 53:38 16.80% 16.80%
squid
311 bind 200 10628K 6016K kserel 0 12:28 0.00% 0.00%
named
Jonny
--
João Carlos Mendes
Martin Eugen wrote:
Hi there,
I'm currently trying to implement some networking protocols in the
kernel. I would like to ask a few questions, but first, let me explain
some details about those protocols: the network is composed of smaller
subnets connected through gateways. Hosts have a fairly com
ars
first in the startup. There is some way to change the order of the
interfaces that are configured in the startup?
Thanks for the attention
**
* *
* Carlos Alberto Matos
Hello
I have a server VPN, with application MPD for the connections, and
need that the users validate against a domain Windows 2000, when
they accede by the VPN
say to me that it needs to me to mount this, please?
I badly feel it by my english
Thanks
Carlos Castro
Spain
login-time 240
diskspace 1024
notify faxadmin
fax-owner uucp
fax-group modem
fax-mode 0660
/usr/local/etc/mgetty+sendfax/login.config:
/AutoPPP/ - - /etc/ppp/ppp-incoming
and finally, /etc/ppp/ppp-incoming:
#!/bin/sh
exec /usr/sbin/ppp -direct $IDENT
What am I doing wrong?
Best regards
Oh,
please disregard. man rc.conf is my friend.
Thanks,
Carlos.
__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net&qu
Hi,
I wonder if I can put stuff in rc.conf to add static
routes when my machine boots. Is that possible? I
mean, currently I'm adding those routes in rc.local,
but I'd really like to see them in rc.conf.
Best regards,
Carlos.
__
Do
hanks.
---
Joao Carlos
[EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
Hi,
> I think you want NAT:
Umm, not really. Following Mr. Hallstrom suggestion I
tried balance and it works beautifully for my needs.
Thanks a lot :)
Carlos.
__
Do you Yahoo!?
Yahoo! Mail Plus Powerful. Affordable. Sign up now.
h
r instance, opening port 3389
on the firewall (from the inside, machine A) would
open port 3389 of machine B that sits on the other
network.
Is there a port that can handle that?
I don't need encryption, so (I think) that SSH tunnels
are way too much for me.
Best
Hi,
--- Archie Cobbs <[EMAIL PROTECTED]> wrote:
> Carlos Carnero writes:
> > I've succesfully configured mpd as PPTP server for
> > VPNs. But I have one stumbling block: when I
> > connect to the server from a Windows XP client,
> > the new connection gets a
tmask:255.255.255.0
Client gateway:192.168.250.240
the latter _should_ be 192.168.250.1.
I can't ping to any other IP addresses inside the VPN.
Has any one been there?
Best regards,
Carlos.
__
Do you Yahoo!?
Y! Web Hosting - Let the expert hos
to be LOG_KERNEL.
> >
> > Searching the cvsweb tree, I assume the changes that made it fail were
> > made to kern/subr_prf.c, and not directly to netinet/ip_fw.c. Probably a
> > longer search should be made to detect if any other call to log(9) uses t
t the client still talks to the web-server directly :( The squid's log
> is quiet... Anything I'm missing? Perhaps, I need a user-space program
> of some sort to run on the firewall to do the tunneling? Thanks!
IIRC, ipfw fwd to another machine does not change tcp port n
if any other call to log(9) uses this
approach. (CC: to phk, who made the change to kern/subr_prf.c, 1.61.2.1, at
2000.01.16)
Hoping this is the final solution and waiting for the cvs commit, thanks
to everybody,
Jonny
--
João Carlos Mendes Luís
st mere luck! Time to
audit changes since -release?
I'd love to help more, but I've been far from FreeBSD cvs lists for a long
time now.
Jonny
--
João Carlos Mendes Luís [EMAIL PROTECTED]
Networking Engineer [EMAIL PROTECTED]
Inte
y removing DUMMYNET from config, and the bug continues. Should
I try the changes below?
> + if you are not using bridging, keep the SMP option and change
>splimp -> splnet in ip_dummynet.c
>and see if the problem is still there.
J
e picobsd image i am using does not
> produce the problem and yusuf could confirm that using the
> same picobsd image, so there might be something wrong with the
> way you upgraded your source (or i forgot to commit something).
>
> cheers
> luigi
--
g this ?
Yes! Me!!! I'm not alone, then!
> >
> > Regards, Yusuf
> > --
> > Yusuf Goolamabbas
> > [EMAIL PROTECTED]
Jonny
--
João Carlos Mendes Luís [EMAIL PROTECTED]
Networking Engineer [EMAIL PROTECTED]
I
61 matches
Mail list logo
