hi,
i'm setting up a soekris net4501 machine and during some testing i ran
into a problem. basically, if i compile:
options IPFILTER_DEFAULT_BLOCK
into the kernel then i get the following error during a net boot (pxe):
nfs send error 65 for xxx.xxx.xxx.xxx:/soekris/
and then the machi
> > how can i assign the default gateway to use fxp0 instead?
>
> route delete default
> route add default A.B.C.D
i read the man page, it indicated the use of the -inteface flag but i
could not get it to work. doing what you say did not fix the problem
either:
as you described:
root@fw-1[~]%
hi,
i have a freebsd box acting as a firewall using ipfilter over a bridge.
the machine has two interfaces:
fxp0 = connected to outside world interface
rl0 = connected to internal subnet
when i add the default gateway, it defaults to assigning it to rl0.
from netstat -rn:
Destination
> > http://isber.ucsb.edu/~randall/firewall/redundant/
>
> Cold failover, right? Existing PPTP sessions aren't taken over
> by the second machine if the first goes down, right?
correct. if a machine dies freevrrpd simply reassigns the slave machine to the
virtual IP/MAC, in which case a new PPTP
it's a bit of a work-in-progress, but if anyone is interested in setting up
freebsd as a bridging ipfilter firewall + pptp vpn server, in rc.diskless2
mode, along with the option of having a redundant failover machine:
http://isber.ucsb.edu/~randall/firewall/redundant/
despite the complexity at
> netstat -n |grep EST |wc -l
thank you.
let me make the grain a little bit finer:
i have a freebsd box acting as a IPFilter bridge for a class c subnet - is
there any way i can view how many concurrent connections this machine is
handling?
netstat -s returns:
root@fw[~]% netstat -s
tcp:
hi,
is there a simple way to measure the amount of concurrent network (tcp)
connections to a freebsd host?
also, not exactly related to freebsd, but is there a way to measure the
amount of concurrent connections while running ipfilter on the host?
thanks,
--
:// randall s. ehren
> I'd like to know whether the ipf/bridge patch located at :
> http://people.freebsd.org/~cjc/
>
> could be merged in the tree (-current then MFC) ?
hasn't it been merged?
root@heat[~]% uname -a
FreeBSD fw.redigital.org 4.7-STABLE FreeBSD 4.7-STABLE #1: Tue Nov 26 19:42:57
PST 2002 [EMAIL PRO
