Hi team,
Recently we had an upgrade to 12 Stable. Immediately after, we have started
seeing some strange connection establishment timeouts to some fixed number
of external (world) hosts. The issue was persistent and easy to reproduce.
Thanks to a patience and dedication of our system engineer we
On 06.07.2019 11:01, Yuri wrote:
> My network interface looks like this:
> $fw nat 1 config redirect_addr 192.168.100.2 192.168.1.2 redirect_addr
> 192.168.1.2 192.168.100.2 if sk0 unreg_only reset
>
> $fw add 1001 nat 1 tcp from 192.168.100.2/32 to any via sk0 keep-state
>
> $fw add 1002 check-s
> On 8. Jul 2019, at 12:37, Paul wrote:
>
> Hi team,
>
> Recently we had an upgrade to 12 Stable. Immediately after, we have started
> seeing some strange connection establishment timeouts to some fixed number
> of external (world) hosts. The issue was persistent and easy to reproduce.
> Thanks
Hi Michael,
8 July 2019, 15:53:15, by "Michael Tuexen" :
> > On 8. Jul 2019, at 12:37, Paul wrote:
> >
> > Hi team,
> >
> > Recently we had an upgrade to 12 Stable. Immediately after, we have started
> > seeing some strange connection establishment timeouts to some fixed number
> > of externa
> On 8. Jul 2019, at 15:24, Paul wrote:
>
> Hi Michael,
>
> 8 July 2019, 15:53:15, by "Michael Tuexen" :
>
>>> On 8. Jul 2019, at 12:37, Paul wrote:
>>>
>>> Hi team,
>>>
>>> Recently we had an upgrade to 12 Stable. Immediately after, we have started
>>> seeing some strange connection establ
8 July 2019, 17:12:21, by "Michael Tuexen" :
> > On 8. Jul 2019, at 15:24, Paul wrote:
> >
> > Hi Michael,
> >
> > 8 July 2019, 15:53:15, by "Michael Tuexen" :
> >
> >>> On 8. Jul 2019, at 12:37, Paul wrote:
> >>>
> >>> Hi team,
> >>>
> >>> Recently we had an upgrade to 12 Stable. Immedi
I have a server running FreeBSD 11.2 that I am wanting to use as a bridged
firewall. I have it set up and it mostly works. The problem is that ARP
replies are not being forwarded from the outside interface to the inside
interface. It appears to be working in the other direction. I see the
ARP
What's your firewall ruleset look like? (show, don't tell)
What does sysctl report on the interfaces and on arp?
On Mon, Jul 8, 2019 at 9:15 AM Dan Lists wrote:
> I have a server running FreeBSD 11.2 that I am wanting to use as a bridged
> firewall. I have it set up and it mostly works.
NAT is already maintaining state – it is possible to combine stateful rules
and NAT, but don't. ;-)
Are you really proposing to NAT twice, or is 192.168.1.2 a phony address
for the purposes of discussion here?
In any case, consider something like the following:
#!/bin/sh
fw="/sbin/ipfw -q"
sysc
On Mon, Jul 8, 2019 at 11:55 AM Michael Sierchio wrote:
> What's your firewall ruleset look like? (show, don't tell)
>
The firewall is off for testing (the machine is only on a private network).
# ipfw list
65535 allow ip from any to any
> What does sysctl report on the interfaces and on ar
09.07.2019 0:19, Dan Lists wrote:
> On Mon, Jul 8, 2019 at 11:55 AM Michael Sierchio wrote:
>
>> What's your firewall ruleset look like? (show, don't tell)
> The firewall is off for testing (the machine is only on a private network).
> # ipfw list
> 65535 allow ip from any to any
>> What does
On Mon, Jul 8, 2019 at 10:33 AM Eugene Grosbein wrote:
09.07.2019 0:19, Dan Lists wrote:
>
> > On Mon, Jul 8, 2019 at 11:55 AM Michael Sierchio
> wrote:
> >
> >> What's your firewall ruleset look like? (show, don't tell)
> > The firewall is off for testing (the machine is only on a private
> ne
On Mon, Jul 8, 2019 at 12:43 PM Michael Sierchio wrote:
>
> On Mon, Jul 8, 2019 at 10:33 AM Eugene Grosbein
> wrote:
>
> 09.07.2019 0:19, Dan Lists wrote:
>>
>> > On Mon, Jul 8, 2019 at 11:55 AM Michael Sierchio
>> wrote:
>> >
>> >> What's your firewall ruleset look like? (show, don't tell)
>>
09.07.2019 0:43, Michael Sierchio wrote:
> On Mon, Jul 8, 2019 at 10:33 AM Eugene Grosbein wrote:
>
> 09.07.2019 0:19, Dan Lists wrote:
>>
>>> On Mon, Jul 8, 2019 at 11:55 AM Michael Sierchio
>> wrote:
>>>
What's your firewall ruleset look like? (show, don't tell)
>>> The firewall is off
On Mon, Jul 8, 2019 at 11:22 AM Eugene Grosbein wrote:
> 09.07.2019 0:43, Michael Sierchio wrote:
>
> > On Mon, Jul 8, 2019 at 10:33 AM Eugene Grosbein
> wrote:
> >
> > 09.07.2019 0:19, Dan Lists wrote:
> >>
> >>> On Mon, Jul 8, 2019 at 11:55 AM Michael Sierchio
> >> wrote:
> >>>
> What's
I had this exact issue while virtualbox had a guest network adapter
bridged to the external interface that the FreeBDS bridge0 interface was
bridged to. If I shutdown the VMs, ARP magically started working
bidirectionally, and after restarting the VMs it failed again.
My fix was eventually to jus
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238789
Kubilay Kocak changed:
What|Removed |Added
Flags|mfc-stable11?, |mfc-stable11+,
|
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238642
Kubilay Kocak changed:
What|Removed |Added
Flags||mfc-stable11?,
|
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238641
Kubilay Kocak changed:
What|Removed |Added
Keywords||security
Resolution|FIXED
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238324
Kubilay Kocak changed:
What|Removed |Added
Severity|Affects Many People |Affects Some People
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238796
WHR changed:
What|Removed |Added
Resolution|Not A Bug |---
Status|Closed
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238796
--- Comment #8 from WHR ---
(In reply to Cy Schubert from comment #5)
> there is no need for this patch. It already works.
Why?
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238796
WHR changed:
What|Removed |Added
Version|12.0-STABLE |CURRENT
--
You are receiving this mail beca
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238796
Cy Schubert changed:
What|Removed |Added
Resolution|--- |Not A Bug
Status|Open
24 matches
Mail list logo
