On Thu, Dec 11, 2003 at 08:12:49PM -0700, Brett Glass wrote:
> Is there a way to control the range of ports to which FreeBSD's
> natd maps outgoing connections? I'm attempting to deal with a
> situation in which natd is (sometimes) changing outgoing UDP
> packets' source port numbers to ones which
Hi Paul,
I guess we already met on the mip6 mailing list... :-)
paul van den bergen wrote [2003-12-12]:
> Hi all,
>
> I have a situation that has not been fully addressed by the excellent
> documentation on getting ssh tunnels and remote X-windows display managers
> (like VNC) running. And my
At 12:45 AM 12/12/2003, Barney Wolff wrote:
>UTSL libpcap/alias_db.c
I can find no such file in /usr/src/contrib/libpcap. I did find
one in /usr/src/lib/libalias. It seems to have in it a function
called FindNewPortGroup that hunts for ports at random, but
there's no discipline there to make it a
On Fri, Dec 12, 2003 at 01:19:34AM -0700, Brett Glass wrote:
> At 12:45 AM 12/12/2003, Barney Wolff wrote:
>
> >UTSL libpcap/alias_db.c
>
> I can find no such file in /usr/src/contrib/libpcap. I did find
> one in /usr/src/lib/libalias. It seems to have in it a function
> called FindNewPortGroup t
Marco Molteni:
>> I have a situation that has not been fully addressed by the excellent
>> documentation on getting ssh tunnels and remote X-windows display managers
>
>> (like VNC) running. And my feeble brain is too damaged by the dreaded
>lurgy
>> to make heads or tails of it.
>>
>> home mach
- Original Message -
From: "Helge Oldach" <[EMAIL PROTECTED]>
To: "Marco Molteni" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, December 12, 2003 11:26 AM
Subject: Re: ssh tunnels and Xvnc - (yes, I know... What? not again!?)
> Marco Molteni:
> >> I can ssh from home to the wo
On Thursday 11 December 2003 23:14, Michael Sierchio wrote:
> Julian Elischer wrote:
> >>>more likely he wants something like ng_fec or ng_one2many
> >>
> >>Unless performance is the reason for bonding the ether channels...
> >>
> >>Can't we steal the Linux code? ;-)
> >
> > is the netgraph version
On Thu, Dec 11, 2003 at 08:12:49PM -0700, Brett Glass wrote:
> Is there a way to control the range of ports to which FreeBSD's
> natd maps outgoing connections? I'm attempting to deal with a
> situation in which natd is (sometimes) changing outgoing UDP
> packets' source port numbers to ones which
Juan Rodriguez Hervella:
>On Thursday 11 December 2003 23:14, Michael Sierchio wrote:
>> Julian Elischer wrote:
>> >>>more likely he wants something like ng_fec or ng_one2many
>> >>
>> >>Unless performance is the reason for bonding the ether channels...
>> >>
>> >>Can't we steal the Linux code? ;-)
Hi, Everybody.
the following are my non-working configs for mpd running as a VPN server for
Windows 2000 workstations.
what's up with it? what should I do?
I am trying to login as user "admin" with password "1234567"
Multi-link PPP for FreeBSD, by Archie L. Cobbs.
Based on iij-ppp, by Toshiharu O
I'm working on a hack right now. Today I added SNMP agent support to
a very slim tool called trafd, which can be used to keep statistics
on host-host traffic.
With the Radiotap stuff I've committed to the new tcpdump port this week,
it isn't too much of a stretch to extend support to trafd. The i
At 01:35 AM 12/12/2003, Barney Wolff wrote:
>Oops, sorry for the confusion. How fancy a change is up to you,
>but changing ALIAS_PORT_BASE and ALIAS_PORT_MASK (and _EVEN)
>would let you confine the port range without much work.
The current algorithm works so long as the blocked ports have
numb
Hey,
Could it be that the gre packets are dropped somewhere along the way? It
seems as if after authenticating, mpd attempts to setup the GRE session,
not receiving responses to it's requests. I've encountered this a few
times with a few cable connections and school firewalls.
In that case the
At 06:26 AM 12/12/2003, Jacques A. Vidrine wrote:
>I suppose there is brute force. Use an application like PortSentry to
>bind the ports that you don't want to be used by natd.
Or, for that matter, a do-nothing application that just binds them but
throws away data (in the case of UDP) or rejects
On Fri, Dec 12, 2003 at 10:41:50AM -0700, Brett Glass wrote:
> At 01:35 AM 12/12/2003, Barney Wolff wrote:
>
> >Oops, sorry for the confusion. How fancy a change is up to you,
> >but changing ALIAS_PORT_BASE and ALIAS_PORT_MASK (and _EVEN)
> >would let you confine the port range without much work
paul van den bergen wrote:
Hi all,
I have a situation that has not been fully addressed by the excellent
documentation on getting ssh tunnels and remote X-windows display managers
(like VNC) running. And my feeble brain is too damaged by the dreaded lurgy
to make heads or tails of it.
VNC pr
At 11:19 AM 12/12/2003, Barney Wolff wrote:
>How is this problem confined to NAT? Seems to me that any system
>connecting to the Internet would have the same issue, if it's actually
>a problem at all.
Well, yes and no. A system behind a firewall that uses a port that's
commonly used by a worm co
On Fri, Dec 12, 2003 at 04:20:04PM -0700, Brett Glass wrote:
> At 11:19 AM 12/12/2003, Barney Wolff wrote:
>
> >How is this problem confined to NAT? Seems to me that any system
> >connecting to the Internet would have the same issue, if it's actually
> >a problem at all.
>
> Well, yes and no. A
At 05:19 PM 12/12/2003, Barney Wolff wrote:
>For most systems, the coarse granularity of sysctl net.inet.ip.portrange
>would seem sufficient.
This brings up an interesting point. I just typed
sysctl -a | grep portrange
into a recently minted 4.9 box, and got:
net.inet.ip.portrange.lowfirst:
On Fri, Dec 12, 2003 at 06:17:46PM -0700, Brett Glass wrote:
>
> In practice, I think we need to come up with something better than the
> notions of "well-known" and "privileged" ports. Something that, unlike
> portmap, is easy for firewalls to work with.
It's not so easy, because malware is not
At 07:18 PM 12/12/2003, Barney Wolff wrote:
>In fact, your real problem is with lazy
>firewalls that can't tell UDP responses from requests. A stateless
>firewall is an ACL, not a firewall. That works not so badly for TCP
>but is simply inadequate for UDP.
Not so. A stateful firewall on UDP mig
On Fri, Dec 12, 2003 at 04:20:04PM -0700, Brett Glass wrote:
> It'd be nice to restrict which ports the OS
> allowed apps to use, not only so that they don't get blocked by a firewall
> but so that a worm that's gotten into the system is detected. (You could set
> off an alarm if it tried to bind a
--=-=-=
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Hello,
I'm using the following setup :
FreeBSD 4.8-RELEASE-p14 with stock ipfilter 3.4.31
(uname -a attached)
I'm using the following ipnat rules
# Nat rules
map ng0 192.168.10.0/24 -> 0/32 proxy port ftp ftp/tc
Hi!
Is it possible to saturate 100Mbit ethernet using FreeBSD 4.9-STABLE,
Pentium-133 & Intel 430VX-based motherboard (PCI-33),
Intel 82559 Pro/100 Ethernet (fxp) ?
I tried to use sendfile(2) on /dev/zero but that does not work.
Then I created 8Tb holey file and used sendfile() on it.
That gave
Eugene Grosbein wrote:
Is it possible to saturate 100Mbit ethernet using FreeBSD 4.9-STABLE,
Pentium-133 & Intel 430VX-based motherboard (PCI-33),
Intel 82559 Pro/100 Ethernet (fxp) ?
I tried to use sendfile(2) on /dev/zero but that does not work.
Then I created 8Tb holey file and used sendfile()
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
You can also use a tool like iperf to test things like this. Just a
thought.
nb
On Dec 13, 2003, at 12:06 AM, Clark Gaylord wrote:
Eugene Grosbein wrote:
Is it possible to saturate 100Mbit ethernet using FreeBSD 4.9-STABLE,
Pentium-133 & Intel 43
On Fri, Dec 12, 2003 at 08:18:11PM -0700, Brett Glass wrote:
> At 07:18 PM 12/12/2003, Barney Wolff wrote:
>
> >In fact, your real problem is with lazy
> >firewalls that can't tell UDP responses from requests. A stateless
> >firewall is an ACL, not a firewall. That works not so badly for TCP
> >
27 matches
Mail list logo
