Hi.
I have many routers with wavelan card working with freeBSD and i am trying without
sucessfull use IPSTEALTH work
this is my kernel options
options IPFIREWALL
options IPDIVERT
options IPSTEALTH
options IPFIREWALL_VERBOSE
options IPFIREWALL_FORWARD
op
I tried to configure dummynet to allow for normal work when downloading files
using queue mechanism (4.2-STABLE).
IPFW rules are:
add 100 queue 10 tcp from any to any uid dnld1 in
add 200 queue 11 ip from any to any
queue 10 config weight 1 pipe 1
queue 11 config weight 10 pipe 1 m
Hello,
Are people actually using uid type rules heavily? I'm having trouble matching
the packets generated by programs like Apache and ProFTPD. I believe that may
be because of root binding the ports these programs use before they setuid() or
something, I'm not sure. Particularly I have trouble m
On Mon, Jan 01, 2001 at 09:08:26PM +0100, Anders Nordby wrote:
> Are people actually using uid type rules heavily? I'm having trouble matching
> the packets generated by programs like Apache and ProFTPD. I believe that may
> be because of root binding the ports these programs use before they setu
On Mon, Jan 01, 2001 at 05:24:09PM -0600, Bill Fumerola wrote:
>> Are people actually using uid type rules heavily? I'm having trouble matching
>> the packets generated by programs like Apache and ProFTPD. I believe that may
>> be because of root binding the ports these programs use before they se
On Tue, Jan 02, 2001 at 01:14:18AM +0100, Anders Nordby wrote:
> FYI I am running 4.1.1-STABLE as of Tue Oct 24 01:25:55 CEST 2000, and top(1)
> shows all proftpd processes as being owned by root.
If I filter on uid root, the rules will match the packets (I tried with
specific IPs + uid root):
0
On Sun, 31 Dec 2000 19:54:19 PST, Julian Elischer wrote:
> > The current VLAN (and Ethernet) implementaiton in FreeBSD needs work.
> > FreeBSD should should handle multiple ethernet encapsulations on
> > the same physical interface, and relay packets to/from some subordinate
> > interface. This
On Tue, 2 Jan 2001, C. Stephen Gunn wrote:
> For example, you would no longer simply ``ifconfig xl'', but
> associate a netgraph link-layer node on top of the xl interface,
> and a netgraph interface node on top of the link-layer node, which
> would function (mostly) like xl does now.
Interesting
Hello,
> I have many routers with wavelan card working with freeBSD and i am
> trying without sucessfull use IPSTEALTH work i want whem one machine
> make traceroute dont show my router and go a way
sysctl -w net.inet.ip.stealth=1
-
the easy way could be (probably) force the ftp daemon run as some
other user, or assign a second IP to the server and make sure that
the ftpd binds to the second address.
But in the end, one probably might also like to have a separate
namespace where processes can [be forced to] register and who
> I tried to configure dummynet to allow for normal work when downloading files
> using queue mechanism (4.2-STABLE).
>
> IPFW rules are:
>
> add 100 queue 10 tcp from any to any uid dnld1 in
> add 200 queue 11 ip from any to any
>
> queue 10 config weight 1 pipe 1
> queue 11 confi
"C. Stephen Gunn" wrote:
>
> On Sun, 31 Dec 2000 19:54:19 PST, Julian Elischer wrote:
>
> > > The current VLAN (and Ethernet) implementaiton in FreeBSD needs work.
> > > FreeBSD should should handle multiple ethernet encapsulations on
> > > the same physical interface, and relay packets to/from
Wes Peters wrote:
>
> "C. Stephen Gunn" wrote:
> >
> > Netgraph is an excellent technology. While your comment makes
> > sense, there are several issues that will need to be addressed.
> > For instance, the current ARP implementation in FreeBSD is
> > entangled with the generic ethernet code.
>
Wes Peters wrote:
>
[SNIP]
>
> Doing link-layer encapsulation modules is really not very difficult.
> I've written pretty much the full complement, covering ethernet (10,
> 100, and 1000), FDDI/CDDI, token ring, ATM, and Frame Relay. (Chuck,
What about a netgraph-enabled ATM NIC driver ? (this
Hello,
( > Attila Nagy)
> > I have many routers with wavelan card working with freeBSD and i am
> > trying without sucessfull use IPSTEALTH work i want whem one machine
> > make traceroute dont show my router and go a way
> sysctl -w net.inet.ip.stealth=1
...or you can live happy with IPFilter'
Hi, I\'m playing around the auth rule and the sample userauth.c of
IP Filter on FreeBSD 4.2-RELEASE and below are some results and
questions:
1. There is a typo in ip_auth.c which causes the ioctl(SIOCAUTHW)
unable to fetch all the fields of the frauth_t struct. Below is
a patch for 4.2-R
Wes Peters wrote:
>
> Thierry Herbelot wrote:
> >
> > Wes Peters wrote:
> > >
> > [SNIP]
> > >
> > > Doing link-layer encapsulation modules is really not very difficult.
> > > I've written pretty much the full complement, covering ethernet (10,
> > > 100, and 1000), FDDI/CDDI, token ring, ATM, an
17 matches
Mail list logo
