On 3/15/2012 7:27 PM, Kevin Oberman wrote:
2012/3/14 Eugene Grosbein:
15.03.2012 06:33, hiren panchasara пишет:
network_interfaces is basically historic rudiment
used in 2.2.x FreeBSD version and alike.
In general, you should not use it in modern version at all.
Thanks Eugene
[sigh]
I stand enlightened with increased understanding. Thank you very much.
That is exactly what I've been seeing on my pfSense machine and could
not replicate on my stand-alone FBSD box.
On 2/1/2012 10:14 AM, Hajimu UMEMOTO wrote:
Hi,
On Wed, 01 Feb 2012 09:15:15 -0500
"Eri
On 2/1/2012 3:32 AM, Hajimu UMEMOTO wrote:
Hi,
ericx> Am I even correct in assuming that my gif packets are being blocked?
Are you trying to pass an IPv6 over IPv4 tunnel? If so,
$fwcmd add 00140 allow ip4 from $he_tun to me proto ipv6
$fwcmd add 00141 allow ip4 from me to
obviously blocking something and I can't get a handle on
it with tcpdump, I'm groping for an understanding of the shape of the
gif packets.
On 01/31/2012 22:55, Eugene Grosbein wrote:
01.02.2012 11:36, Eric W. Bates пишет:
Seems like a silly question; but how does one allow the pac
Seems like a silly question; but how does one allow the packets
composing a gif tunnel thru ipfw?
I assumed a gif was made up of ipencap (IP proto 4) packets and added rules:
$fwcmd add 00140 allow ipencap from $he_tun to me
$fwcmd add 00141 allow ipencap from me to $he_tun
($he_tun is an Hurr
On 6/22/2010 3:55 PM, r...@dzie-ciuch.pl wrote:
I managed to do an IP in IP tunnel with IPsec encryption between a
FreeBSD and a cisco router running 12.1(mumble) several years ago.
It is a desirable option if you want to use routing (e.g. ospf). You
can't route an IPSec tunnel (actually, is th
On 6/22/2010 2:22 PM, David DeSimone wrote:
Maciej Suszko wrote:
So as you write they should set: ??
10.20.0.1 (my ip on gif device)<-> 78.x<-> 95.x<-> 10.10.1.90
(other side)
Yes, indeed.
And additionaly I thing I should correct set spd policy to:
spdadd 10.20.0.1 10.10.1.90 any -P o
I'm trying to wrap my head around freebsd-update.
Is there a way to activate IPSEC and IPFIREWALL-FORWARD without building
a custom kernel?
Thanks for your time.
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-
__
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
--
Eric W. Bates
er...@vineyard.net
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
the man pages
really seem to cover this and we have had little luck with Google.
Thank you for your time.
- --
Eric W. Bates
er...@vineyard.net
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkmR5JYACgkQD1roJ
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I forgot to mention: we are using 6.2-RELEASE-p1.
- Original Message
Subject: ipfw policy routing esp
Date: Mon, 08 Dec 2008 15:57:35 -0500
From: Eric W. Bates <[EMAIL PROTECTED]>
To: freebsd-net@freebsd.org
We have a bewil
a known problem?
Thank you for your time.
- --
Eric W. Bates
[EMAIL PROTECTED]
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJPYo/D1roJTQ4LlERAp//AJ9C5VFQWk0Q5iwKVD6elTItny8pLgCbB5Tn
9a3/ut3rswi7nPs10nCkk9s=
=wW
I think I have finally given up on cisco.
What are folks recommendations for a machine doing full bgp routes?
I think I need to get a Sangoma card; but what is the current favorite
bgp routing software and how much RAM do folks think I can get away with?
Thanks for your time.
--
Eric W
no idea
whether this is even possible.
Has anyone successfully used OSPF over a tunnel?
Can you recommend a routing program? We've been very happy with zebra
over the years; but I understand OpenOSPF and Quagga might be the
current favorites.
Thanks for your time.
--
Eric W. Bates
[
t the machines in the DMZ.
Because you are inviting the public to poke at ports 25, 80, 143, et al.
on those machines you have to assume they will be exploited at any
moment; so you separate them from your safe world as much as possible.
> Sorry for the off topic post.
>
> Thanks for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
VANHULLEBUS Yvan wrote:
> On Thu, Feb 01, 2007 at 11:46:49AM -0500, Eric W. Bates wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> ashoke saha wrote:
>>> basic kame (racoon) as NAT_T for IKE. It did
esp rather than
> ashoke.
>
> --- Darren Pilgrim <[EMAIL PROTECTED]> wrote:
>
>> Eric W. Bates wrote:
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA1
>>>
>>> Can someone please refer me to some documentation
>> describing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Can someone please refer me to some documentation describing how to
implement NAT Traversal?
- --
Eric W. Bates
[EMAIL PROTECTED]
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http
Phil Regnauld wrote:
> Eric W. Bates (ericx_lists) writes:
>> When you establish an esp tunnel, the subnets on the remote end of the
>> tunnel do not seem to appear in either "netstat -nr" or 'route get
>> xxx.xxx.xxx.xxx'
>>
>> Is there a w
When you establish an esp tunnel, the subnets on the remote end of the
tunnel do not seem to appear in either "netstat -nr" or 'route get
xxx.xxx.xxx.xxx'
Is there a way to display those routes other than using setkey to dump
the SPD's?
Thanks for your time.
__
Jon Otterholm wrote:
> Eric W. Bates wrote:
>
>> Andrew Thompson wrote:
>>
>>
>>> On Wed, Apr 12, 2006 at 02:38:47PM +0200, Jon Otterholm wrote:
>>>
>>>
>>>> Hi.
>>>>
>>>> I am designing a new networ
Andrew Thompson wrote:
> On Wed, Apr 12, 2006 at 02:38:47PM +0200, Jon Otterholm wrote:
>> Hi.
>>
>> I am designing a new network and one way to go is to configure a router
>> based on FreeBSD with one IF/customer. This would mean around 1000
>> VLAN-IF's/router - would this work? Do you see any
Sam Leffler wrote:
>
> rndtest was done to evaluate the goodness of h/w entropy sources for
> various reasons that are not important. It is not intended for
> production use. Why pfsense includes it is unclear.
Thank you. I feel much better.
rndtest appears to be part of 6.0-RELEASE and 6.1-S
Sam Leffler wrote:
> Eric W. Bates wrote:
>
>> I'm running pfsense (an embedded FreeBSD 6.1) on a wrap2C. I recently
>> added a Soekris vpn1411 and am now getting infrequent errors:
>>
>> hifn0: rndtest: ones interval 4 failed (382, 251-373)
>> hif
I'm running pfsense (an embedded FreeBSD 6.1) on a wrap2C. I recently
added a Soekris vpn1411 and am now getting infrequent errors:
hifn0: rndtest: ones interval 4 failed (382, 251-373)
hifn0: rndtest: ones interval 1 failed (2663, 2343-2657)
hifn0: rndtest: zeros interval 5 failed (206, 111-201)
Dmitry Pryanishnikov wrote:
>
> Hello!
>
> On Sun, 2 Apr 2006, Bjoern A. Zeeb wrote:
>
>>> Why not? IMHO it will be very useful feature: think about e.g.
>>> traffic shaping for several different networks which are routed via
>>> the same
>>> ipsec tunnel. Without the enc0, you can only shape t
This seems like a dumb question; but I wonder if one can use tcpdump to
view the decrypted out flow from and esp tunnel?
I have an established tunnel on machine 'firewall'.
The tunnel is a route between net 10.128.10.0/24 and 192.168.10.0/24.
'firewall' has 192.168.10.1 as the ip on its internal
s not been established yet.
With log set to 'debug2', there is a lot of information; but this is the
first line in the log which is expresses any level of warning or error.
Further details happily provided...
--
Eric W. Bates
___
freebsd-net@free
me6 (I never noticed the latter before
because I'm not using IPv6 yet [shame])?
Is this a change in the way the 6.0 kernel handles lo0 traffic in general?
Is this a change in ssh forwarding? Or has there always been IPv6 traffic?
Thanks for your time.
--
Eric W.
[sigh] I have created the same problem on 2 machines.
After an upgrade from 4.x to 5.3-p10 netstat will no longer display the
routing table:
** [EMAIL PROTECTED] ** ~ ** Fri Apr 29 16:59:37
# netstat -nr
netstat: kvm not available
Routing tables
rt_tables: symbol not in namelist
During the upgra
Ip forwarding is on?
Flag in rc.conf:
gateway_enable=yes
Will toggle:
net.inet.ip.forwarding=1
Anton Bester wrote:
From the client can you ping the IP of ed0
ping 126...66 I think
ping IP of ed0 196...66 from client, no problem, but cannot ping 196...65,
which is my cisco router to the outside.
M
Sten Spans wrote:
On Wed, 15 Sep 2004, Eric W. Bates wrote:
That looks good. I should have RTFM.
Is it reasonable to try something like:
ipfw add allow tcp from evil/24 to any dst-port 80 setup limit src-addr 100
Anyone ever figured out what the average/max number of simultaneous
dynamic rules
number up?
--
Eric W. Bates
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Pat Lashley wrote:
| --On Tuesday, September 14, 2004 20:59:43 -0400 "Eric W. Bates"
| <[EMAIL PROTECTED]> wrote:
|
|> It's a small store. Folks with broken computers bring the
|> machines in because "It doesn't w
s a way to limit the number of dynamic rules created, I can apply
it to that IP range easily enough.
Eric W. Bates wrote:
Friends run an IT business and I helped build them a firewall using
ipfw.
The box has multiple interfaces; one of which is untrusted and it is
where they put suspect machin
can create in x
number of minutes?
Thanks for your time.
--
Eric W. Bates
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
paul van den bergen wrote:
Hi all,
I have a situation that has not been fully addressed by the excellent
documentation on getting ssh tunnels and remote X-windows display managers
(like VNC) running. And my feeble brain is too damaged by the dreaded lurgy
to make heads or tails of it.
VNC pr
There was a thread on this list about how to do multiple nat'tings less than a year
ago.
Run your natd's on separate ports.
Get ipfw to do lots of logging. (don't make the mistake of having natd log: all
instances try to open the same log file path)
- Original Message -
From: "Kristian
4.8-RELEASE-p10
ipfw2
I have a firewall which appears to be behaving well. I have quite a few
'log' instructions for the sake of debugging. However, I seem to be
generating quite a few kern:emerg messages as well as security:info
messages.
Oct 13 14:11:26 brock /kernel: .132:80 out via de0
Oct
I've done this on ciscos but not on FBSD. There is probably a couple of good ways to
do this. I think this will work (criticism welcome).
Given that you have a network 1.2.3.176/29 (8 addresses, 6 hosts), and your ISP has
given you a gateway address of 1.2.4.239/30 for your external interface..
If you grovel up a PCI card with a PCMCIA slot, you may be all set (I
haven't tried the Netgear). This is, in fact, the way the 'PCI' version of
the Lucent card is sold.
I'm sorry to make a plug on the list, but I think these guys are cool
(YMMV), and they can sell you such a card for $40:
http://
Can someone please point me to a method for measuring the packet lag between
interfaces when using ipfw and/or ipfw2?
Thanks.
Eric W. Bates
[EMAIL PROTECTED]___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To
According to your ifconfig, I believe you have essentially assigned the same
networks to both interfaces (128.111.147.250 netmask 0x falls within
the larger 128.111.147.251/24). In which case, there is no way to
distinguish between the two interfaces because your default IP,
128.111.147.25
- Original Message -
From: "Markko Merzin" <[EMAIL PROTECTED]>
To: "Charlie Root" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, October 24, 2002 4:16 PM
Subject: Re: VLAN problems with replies to broadcast
> On Wed, 23 Oct 2002, Charlie Root wrote:
>
> > The fxp is plugged
While using tcpdump to debug a new VLAN config, I noticed some problems and
wanted to ask whether I was simply doing something wrong.
I have 3 vlan interfaces attached to an fxp. The 3 vlan are bridged, but
the fxp is not included in the group. The fxp has no IP. vlan0 has the IP
for the bridge
45 matches
Mail list logo
