On Wed, Nov 12, 2003 at 05:13:39PM -0500, Jung-uk Kim wrote:
> On Wednesday 12 November 2003 04:56 pm, [EMAIL PROTECTED]
> wrote:
> > On Wed, Nov 12, 2003 at 04:23:30PM -0500, Jung-uk Kim wrote:
> > > On Wednesday 12 November 2003 04:11 pm, Jung-uk Kim wrote:
> > > > > pci0: (vendor=0x11ab, dev=0
Hi all
How would one go about running several instances of natd with unique public IP's for
several VLAN's terminated on the same interface ?
The idea being that multiple seperate RFC-1918 networks are
terminated as VLANS in the FreeBSD machine and that
each VLAN goes through a seperate NAT'd in
On Thu, Nov 13, 2003 at 09:05:11AM +0100, Kristian Rask wrote:
> Hi all
>
> How would one go about running several instances of natd with unique
> public IP's for several VLAN's terminated on the same interface ?
>
How this is different from having several LANs (NICs) connected to
one central hub
Haesu wrote:
I agree in that flow cache is bad and it should not be used.
Everything is not black or white.
A flow cache can accelerate for example Access Control Lists
and/or firewalling, since only the first packet needs to be
verified.
Cisco just added ACL bypass for firewall, which is a simila
There was a thread on this list about how to do multiple nat'tings less than a year
ago.
Run your natd's on separate ports.
Get ipfw to do lots of logging. (don't make the mistake of having natd log: all
instances try to open the same log file path)
- Original Message -
From: "Kristian
> Everything is not black or white.
>
> A flow cache can accelerate for example Access Control Lists
> and/or firewalling, since only the first packet needs to be
> verified.
That is true , yea. But also note that ACLs in provider environment
are often used during times of diverse DoS attacks whi
Andre Oppermann wrote:
If we stored special "for us" /32 routes in the routing table for
addresses configured on this host, we could avoid the above 2 loops,
which can quite expensive.
Good idea. I will look at that after 5.2 code freeze.
Question from someone who doesn't really understand the cod
I setup a firewall with ipfw2 and natd on freebsd 4.9 release.
I have mapped my subnet with alias_address
I have mapped 4 private ip address with 4 public ip address
Everything is working fine (web, email, ftp, etc..) for outgoing and
incoming connexion for anyone on my network.
With this config
Andre Oppermann wrote:
Makes sense.
Can we ever have a packet that has a source address with INADDR_BROADCAST
or IN_MULTICAST? I can't think of such a case.
Can we ever have a packet with destination address INADDR_ANY? Maybe
for BOOTP? But then the source address would be 0.0.0.0 too?
IIRC, in
It's my understanding that certain IPSEC does not encrypt the entire
packet, leaving the header to be mangled by nat or whatever and refused
by the IPSEC machine that you are connecting to. I believe therein your
problem lies.
Best,
Tom
-Original Message-
From: [EMAIL PROTECTED]
[mailto
I'm trying to play around with netgraph(4) for the first time and
there seem to be some aspects of it that haven't "clicked" in my head
just yet.
What I want to do seems like it should be pretty easy. I want to
send some packets through a UDP tunnel. There is an
/usr/share/examples/netgraph/udp.tu
On Thu, Nov 13, 2003 at 12:46:24PM -0500, Vincent Goupil wrote:
> I setup a firewall with ipfw2 and natd on freebsd 4.9 release.
>
> I have mapped my subnet with alias_address
> I have mapped 4 private ip address with 4 public ip address
>
> Everything is working fine (web, email, ftp, etc..) for
But if I use this config file for natd:
unregistered_only
use_sockets
log
log_denied
redirect_address 192.168.1.50 208.x.y.120
redirect_address 192.168.1.51 208.x.y.121
redirect_address 192.168.1.52 208.x.y.122
redirect_address 192.168.1.53 208.x.y.123
alias_address 208.x.y.124
With this setup, I
On Thu, Nov 13, 2003 at 01:54:33PM +0100, Anders Lowinger wrote:
> >It only takes x num. of kpps with diverse destinations to knock off a
> >router running flow based caching.
>
> Yep, that is true and its hard to work around.
>
> >Extreme switches use flow based caching (called ipfdb) and any DoS
Hi,
The sysctl net.inet.ip.subnets_are_local doesn't appear to be referenced
anywhere anymore (in RELENG_4 or HEAD). Can it go in the bin? Or is it
there for a specific reason?
BMS
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/list
On Tue, Nov 11, 2003 at 09:29:49AM +0100, Harti Brandt wrote:
> Here you are. This was even once (about a year ago) reviewed by someone,
> but did make it into the tree, because I did not insist.
I've put the userland code (and a cleaned up version of this diff) up
at http://people.freebsd.org/~bm
On Tue, Nov 11, 2003 at 09:29:49AM +0100, Harti Brandt wrote:
> Here you are. This was even once (about a year ago) reviewed by someone,
> but did make it into the tree, because I did not insist.
Ok. The NET_RT_IFMALIST sysctl is not completely identical to the existing
NET_RT_IFLIST interface. I'
[ Charset ISO-8859-1 unsupported, converting... ]
> How would one go about running several instances of natd with unique public IP's for
> several VLAN's terminated on the same interface ?
>
> The idea being that multiple seperate RFC-1918 networks are
> terminated as VLANS in the FreeBSD machine
Sorry if this is well-traveled territory, but I haven't found anything
relevant in the lists, handbook or FAQ.
I have a setup on a network where 802.11b traffic from a group of
wireless hosts is "reflected" off the internal interface of an OpenBSD
firewall. In order to encrypt all wireless traffi
19 matches
Mail list logo
