Re: Problem with ipfw table add 0.0.0.0/8

On Sat, May 17, 2014 at 05:44:37PM +0400, Alexander V. Chernikov wrote: > On 13.05.2014 16:05, Dennis Yusupoff wrote: > > I think that universal table for all kind of data (ipv4, ipv6, ports, > > etc) is a bad idea by design. At least unless you haven't any ability to > It is not always "universal"

Re: strange ping response times...

CPU cache? Cx states? powerd? On Tue, Apr 10, 2012 at 03:40:27PM -0700, Julian Elischer wrote: > On 4/10/12 3:52 PM, Luigi Rizzo wrote: > > I noticed this first on a 10G interface, but now there seems > > to be a similar issue on the loopback. > > > > Apparently a ping -f has a much lower RTT than

Re: IPFW shows me Strangeness in fresh 8.2-RELEASE system

d > I've really never seen anything quite like this before. Do 8.x releases now > cause ethernet cards to listen for stuff they should not even be listening > for? > > Color me perplexed. > ___ > freebsd-net@freebsd.org mailing li

Re: DHCP client not getting IP address from Time Warner

Power-cycle your cable box, leaving it off for a few minutes. Cable co's seem to check the MAC, and take a while to forget the previous one. On Tue, Nov 03, 2009 at 07:47:14AM -0800, Ask Bjrn Hansen wrote: > Hi everyone, > > After years with Speakeasy at home I'm trying out Time Warner Cable >

Re: who uses this port?

On Thu, Nov 05, 2015 at 09:45:38AM +0200, Andriy Gapon wrote: > On 05/11/2015 09:20, Ben Woods wrote: > > On Wednesday, 4 November 2015, Andriy Gapon > > wrote: > > > > $ sockstat -l | fgrep 631 > > ?? ? ? tcp4 127.0.0.1:631 > >

Re: pppoa connection

> > The question is, can I establish a pppoa connection from the > FreeBSD box to my ISP by sending packets over ethernet to the > DSL modem? > > Thanks, > Kim -- Barney Wolff I never met a computer I didn't like. ___ freebs

Re: pppoa connection

e connections and the modem is configured > as a bridge. Unfortunately, my ISP doesn't support pppoe, only > pppoa. > > So, can I pull this off? -- Barney Wolff I never met a computer I didn't like. ___ freebsd-net@free

Re: net.inet.ip.portrange.randomized=1 hurts

two systems have different ideas of MSL? -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman

Re: net.inet.ip.portrange.randomized=1 hurts

rval is 128, given the default 16384 range. That's far too short. The justified response to user complaints is "send patches" and I'm willing to try, if no-one else is working on it. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract o

Re: kern/56461: FreeBSD client rpc.lockd incompatible with Linux server rpc.lockd

h advisory locks. Pardon an ignorant question, but what happens to unfortunate people who have to talk to both Linux and non-quirky servers at the same time? Is there a way to detect what flavor of server you're talking to and adjust accordingly? That would be far better than a sysctl. --

Re: kern/56461: FreeBSD client rpc.lockd incompatible with Linux server rpc.lockd

On Fri, Jun 18, 2004 at 02:19:17PM -0700, Alfred Perlstein wrote: > * Barney Wolff <[EMAIL PROTECTED]> [040618 14:09] wrote: > > > > Pardon an ignorant question, but what happens to unfortunate people who > > have to talk to both Linux and non-quirky servers at the sam

Re: allowing LAN the direct access to outside DNS with ipfw

n to originate from port > 53? > > What's the meaning of the "keep-state" clause in the rule above? I > thought, it "magically" allows DNS-responses to come back only, but that > does not work... Do ipfw show and see if the keep-state rule is ever trigge

Re: DHCP server over PPPoE server

ide will just ignore them. DHCP is not restricted to broadcast networks. In fact, the ietf-ppp(ext) working group is quite adamant that DHCP be used to get configuration data rather than adding new attributes to LCP/IPCP. -- Barney Wolff http://www.databus.com/bwresu

Re: [FreeBSD 5.2] Bandwith and packet throttling

man ipfw will point out that the first allow or deny that "hits" terminates rule processing. Perhaps you're more familiar with other firewalls, where this sensible design is not the normal case. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by con

Re: Traceroute Anomaly

7;re blocking the UDP somewhere, presumably. tcpdump and/or adding logging to your firewall rules should tell you more. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. __

Re: fooling nmap

ot the only OS fingerprinter around. Getting into spy-vs-spy with Fyodor is a waste of time. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. ___ [EMAIL PROT

Re: modularization

. It's important to make a distinction between specification and implementation. Protocols should be designed and defined with clear boundaries between layers, but protocol handlers need not, and often should not, be implemented that way. -- Barney Wolff http://ww

Re: Universal Client Gateway

dangerous - would you notice if such a client claimed to have the IP address of your Internet gateway, and thus captured everybody's traffic? -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. __

Re: PPP-layer Echo

nd contains uninterpreted > data for use by the sender. The data may consist of any binary > value. The end of the field is indicated by the Length. > > But it seems wrong to modify the data field. It is wrong. Is the other end OS/2 or something derived from it? I rec

Re: Testing Ethernet Ports

nternal. With a crossover cable (not required with gigabit nics) you can't tell, so if you try it use a switch and look at the lights. -- Barney Wolff http://www.databus.com/bwresume.pdf I never met a computer I didn't like. ___ freebsd-

Re: unbound and (isc) dhcpd startup order

On Tue, Jun 16, 2020 at 08:18:59AM -0700, Rodney W. Grimes wrote: > ... Sometimes > that leads to duplicate IP information stored in various config files. > > When possible managing those configuraitons via ansible or other CM > system that can pull the data from dns and build the config files > m

Re: what to do now ? Was: cvs commit: src/sys/netinet ip_icmp.c tcp_subr.c tcp_var.h

t TCP. Without the check on seq # & state as well as port/ip, it's too easy to DoS by blindly blasting unreachables to every source port. Barney Wolff To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message

Re: mpd errors when trying to connect using MS pptp client

Can you ping the host you're talking to? The log lines describe options in a single LCP request being sent, which apparently cannot be sent because there is no route for the target IP addr. Barney Wolff On Tue, Mar 06, 2001 at 12:50:10PM -0500, Sonne, Byron wrote: > Greetings all, >

Re: [itojun@iijlab.net: accept(2) behavior with tcp RST right after handshake]

ul or ugly close semantics. Having said all that, I certainly agree with Wietse that the POLA demands that a PF-LOCAL stream socket behave like TCP. Barney Wolff To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message

Re: dhclient not setting IP ...

I've heard folklore that power-cycling the cable-modem works - apparently it's the thing that remembers the MAC. Barney Wolff On Fri, Mar 23, 2001 at 08:55:14AM -0400, The Hermit Hacker wrote: > On Thu, 22 Mar 2001, Matthew Emmerton wrote: > > > > I'm connected

Re: 3com pcmcia install

IIRC, this is a cardbus card. Those are only supported in current, not 4.x. Get a cheap 16-bit pcmcia, for now. Barney Wolff On Fri, Mar 23, 2001 at 11:00:07PM -0500, Satish Sambandham wrote: > Hi, > > I have a 3com 3CXFE575CT pcmcia network card and need some help having > it

Re: please document that kevent does not automatically restart when interrupted by signals

7;re using kevent you've already decided the other way. The manpages should document what is very unlikely to change across releases, but I don't think even that is an absolute commitment. Posix is a much safer bet. Barney Wolff, who has been asked about his own 15-year-old code, and is

Re: running two instances of bind

That's the named control channel, used to pass commands to it, replacing the old way of using signals. Check the docs, there must be a way to tell it to listen on a different Unix-domain socket. Barney Wolff On Thu, Apr 12, 2001 at 12:58:04PM -0400, Peter Brezny wrote: > I'm atte

Re: non-random IP IDs

it's treated consistently, with externals never compared with internals. Barney Wolff > > Date: Mon, 16 Apr 2001 12:10:19 -0700 > > From: Kris Kennaway <[EMAIL PROTECTED]> > > > > I can't think of anything off the top of my head, but there was some

Re: non-random IP IDs

uence number.) Barney On Mon, Apr 16, 2001 at 12:50:53PM -0700, Kris Kennaway wrote: > On Mon, Apr 16, 2001 at 03:42:49PM -0400, Barney Wolff wrote: > > If ip_randomid() is an asm rather than C code, I have sometimes > > seen problems with an asm func calling another asm func. That

Re: ICMP echo measurement discrepancy

How many packets does fping send in a burst? Perhaps it's too many for the router or switch to buffer, and they're getting dropped before ever leaving your site. Your host can send them far faster than they can be transmitted over the sdsl link. Barney Wolff On Wed, Apr 18, 2001 at

Re: dual dns box, ssh/ftp no like.

man resolv.conf To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message

Re: IP alias problem /w 2 different subnets.

Well, you need a route by which responses from 209.190.x.y can get back out. Does your defaultrouter also have an alias in 209.190? Barney Wolff On Fri, May 04, 2001 at 01:50:45PM -0400, Drew J. Weaver wrote: > Does anyone see any problem with the below rc.conf network info? Because

Re: size of data to ip layer from tcp layer

would be a very bad idea to hard-code 1460 into any software you're writing. Barney Wolff On Fri, May 11, 2001 at 02:45:10AM -0400, [EMAIL PROTECTED] wrote: > Hi, > This is regarding the size of data from TCP/UDP layer to the ip layer. The number of >bytes sent from tcp layer to ip

Re: Using connect() on UDP RPC client sockets.

ere an RFC mandates that the reply source address must be the same as the request dest addr (as it does for dns, radius, some others) the extra work on the server's part is mandatory. Is it mandated for rpc? Barney Wolff On Sun, May 20, 2001 at 10:56:34PM +0100, Ian Dowse wrote: > > T

Re: Using connect() on UDP RPC client sockets.

term is these days, is of questionable value. Can anyone realistically see bind or ntpd being modified to take advantage of it when running on FreeBSD? Use of such a feature buried in FreeBSD's own rpc code is different, I suppose. Barney Wolff On Mon, May 21, 2001 at 02:50:13PM -0400, Garre

Re: why cannot bind to someipaddress:port when something else has *:port bound?

See SO_REUSEADDR. Barney Wolff On Wed, May 30, 2001 at 07:41:42AM -0600, Alex Rousskov wrote: > On Wed, 30 May 2001 [EMAIL PROTECTED] wrote: > > > The following program binds *:1000 to a socket, and then tries to > > bind 200.47.36.254:1000 to another socket, the error i ge

Re: New TCP sequence number generation algorithm; review needed

ly. Suggestion - write an internet-draft and get the end2end group to endorse your scheme, rather than commiting FreeBSD to it. Barney Wolff To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message

Re: TCP sequence numbers: RFC1948 patch ready for testing

hat may return arc4random. 5. You seem to have ignored 1948's advice to include some configurable secret in the hash - are we really sure that read_random gives good bits right after reboot? Regards, Barney Wolff On Tue, Jul 24, 2001 at 11:19:57PM -0500, Mike Silbersack wrote: > >

Re: TCP sequence numbers: RFC1948 patch ready for testing

Existing sessions would not be broken by rekeying. The risk is that some new session might fail - and this can happen any time a new session with the same tuple starts shortly after an old session which spans the rekeying event ends. If it becomes possible to brute-force (or smart-sneak) reverse

Re: Proposed change to icmp_may_rst induced ENETRESET

ished, and just report the error to the user. Barney Wolff On Wed, Aug 22, 2001 at 02:05:04AM -0700, Scott Renfro wrote: > On Tue, Mar 27, 2001 at 10:48:26AM -0600, Jonathan Lemon wrote: > > On Tue, Mar 27, 2001 at 06:36:46PM +0200, Jesper Skriver wrote: > > > On Tue, Mar 27, 2

Re: How does getsockname() work?

You're using htons on an int. Try not doing that. Barney Wolff On Fri, Sep 14, 2001 at 12:23:57PM -0700, Jos Backus wrote: > I am seeing the following difference between FreeBSD and Solaris when using > the attached program, which uses getsockname(). > I am using the following c

Re: How does getsockname() work?

Oh yeah - you have to initialize local_len to the max length you can accept. Whatever you took this code from either doesn't work reliably or you copied it wrong. Barney On Fri, Sep 14, 2001 at 04:55:55PM -0400, Barney Wolff wrote: > You're using htons on an int. Try not doing t

Re: Silly problem has me stumped

there a way to get > FreeBSD to use a particular address out of several on an interface as the > source address? > > Please forgive me if I sound like a crack junkie. I've been looking at the > screen too long for one day's work. > -- > Kirk Strauser > > To Uns

Re: Silly problem has me stumped

f there's anybody filtering 1918 between you - are you prepared for the help desk load? -- Barney Wolff "Nonetheless, ease and peace had left this people still curiously tough. They were, if it came to it, difficult to daunt or to kill; and they were, perhaps, so unwearyingly fond o

Re: SCTP and multiple default routes

routing tables. I would gladly pay for two such links if there were an automatic way to switch away from a broken link. Without asking cable or dsl providers to talk bgp to me (which they will surely refuse to do) this is not easy. -- Barney Wolff "Nonetheless, ease and peace had left this peop

Re: SCTP and multiple default routes

The catch here is you can send out your other link, but your partner cannot send back to your other address via that link since the ISP won't route it that way. To make your partner know to switch over means major mods to TCP, equivalent to replacing it with SCTP. Barney On Fri, Nov 02, 2001 at

Re: get client ip from accept(2) ?

#x27;m wrong and how I can get this ip? > > Thank you for advance. > > -- > With best regards. > -- > Sergey Artjushkin Network Operation Center > (SKIV-RIPE)

Re: pcap_open_live() takes 1 sec to complete?

ligment fix. > > Doug A. > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message -- Barney Wolff "Nonetheless, ease and peace had left this people still curiously tough. They were, if it came to it, difficult to

Re: pptp + mschap

See RFC2548. On Fri, Feb 01, 2002 at 01:51:37AM +, Brian Somers wrote: > > If you could find a spec on how to talk MSCHAP & MSCHAPv2 to a radius > server, I'd certainly be happy to add support to ppp. You never know > - the client may come back :*) -- Barney Wolf

Re: HEADS UP: upcoming change to net.link.ether.bridge_cfg handling

How about the ability to list i'faces that should NOT bridge, and let all others bridge? Pattened after the traditional allow/deny lists of other things. People could then use whichever polarity made life easiest for their config. Barney Wolff On Mon, Feb 11, 2002 at 05:08:47PM -0800,

Re: HUT Project

Does anyone have any insight on how this compares to the existing net/freevrrpd port? Without digging at all, it appears that freevrrpd tries to update everybody's ARP tables rather than taking over the MAC address. I wonder how well that would work. -- Barney Wolff I never met a compu

Re: Please review: ppp(8) and RADIUS address allocation

> -- > Tatsumi Hosokawa > <[EMAIL PROTECTED]> > http://FromTo.Cc/hosokawa/ > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message -- Barney Wolff I never met a computer I didn't like. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message

Re: Forcing packets to the wire

Think about using vmware? -- Barney Wolff I never met a computer I didn't like. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message

Re: patch -- An ingress filter (RFC2827)

ions/code/algo...) > > > Because this is merely equivalent to "const char *ptr". -- Barney Wolff I never met a computer I didn't like. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message

Re: 4.4 route add default problem

If you want a stupid hack that I believe will work, do ifconfig fxp0 1.1.1.1 instead of downing it. That will delete the default route, as the address will not be reachable. You can then bring up fxp1 and add back the default route, which should be reachable through it. -- Barney Wolff I never

Re: Broken PMTUD in FreeBSD?

gt; Mike "Silby" Silbersack > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message -- Barney Wolff I never met a computer I didn't like. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message

Re: tracking down strange MTU issues with PPPoE)

yet, a transfer from just a few > > > > hops away is fine. > > > > > > > > My question is, how can I track this problem down ? There seems to be > >some > > > > strange interaction with FreeBSD because if I put a Windows box on the > > > >

Re: limiting directed broadcasts with ipfw.

looked like it could help mitigate smurf attacks similar to > the cisco: > no ip directed-broadcast > > feature. > > Is there a way? > > TIA > > Peter Brezny > Skyrunner.net > > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with &q

Re: Skinny (SCCP) protocol gateway for libalias

t; some time. > > If there isn't a big demand for this, I guess there's not a reason to > commit it to the tree. However, if people find this useful, it might > make a nice addition. -- Barney Wolff I never met a computer I didn't like. To Unsubscribe: send mail to [

Re: Skinny (SCCP) protocol gateway for libalias

big today. None of this carries much weight. On Sun, Jun 30, 2002 at 09:08:50PM -0400, Joe Marcus Clarke wrote: > On Sun, 2002-06-30 at 20:44, Barney Wolff wrote: > > I'd be happy to see this as a port, less happy as base code. > > Why less happy as base code? Like all other

Re: mbuf external buffer reference counters

rmance. -- Barney Wolff I never met a computer I didn't like. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message

Re: Denial-of-service through ARP snooping

d in > response to locally originated requests? Initial latency might be a bit > higher, since the ARP table won't be pre-loaded, but it will add some > protection against this particular DOS attack. > > Lars > -- > Lars Eggert <[EMAIL PROTECTED]> US

Re: BSD / Firewall / 0 window size problem

(DF) > 10:41:23.019171 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 337 > win 33304 (DF) [tos 0x10] > 10:41:38.614141 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: . ack 154 > win 0 > 10:41:38.614200 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 337

Re: ARP risks

that did not success. I had no time to investigate any further but it used to work with kernel 2.2. I had no time to check if this behavior came from the change of the kernel or from something else. Regards -- Frederic RAYNAL, Ph.D. http://minimum.inria.fr/~raynal Chief Editor of M.I.S.C. Mult

Re: Tcp question.

Elischer wrote: > > OK so I have 3 machines: > > > A--routerB---routerC > > > if I send data from B to A I see 7MB/sec. > if I send data from B to C I see 700KB/sec -- Barney Wolff I'm available by contract or FT: http://www.databus.com

Re: UNKNOWN IP OPTION emergency

an put 2 ip address in it that no router delete my > data -- Barney Wolff I'm available by contract or FT: http://www.databus.com/bwresume.pdf To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message

Re: Q about sbin/ipfw2.c:list()

list() ? > > because the buffer has a limited size (nbytes) and you don't want > to read past it. However there is a bug in the code below, > because you should swap the checks (void *)r < lim && r->rulenum < 65535 > > Whether ipfw1.c has the same bug or

Re: xl driver

re on packets you're sending, not receiving. Seriously asymmetric performance is often caused by duplex mismatch. Try forcing the card to half or full duplex with ifconfig, or in whatever switch you're using, and see if the problem goes away. -- Barney Wolff I'm available by contr

Re: wired and wireless network setup interactions

so will disable it's ability to accept wireless clients. I'd also like the > wireless network to be secure. Use the Belkin as a bridge rather than a router, by simply not using its WAN port, and do turn off its dhcp server. I do the same with a Netgear. -- Barne

Re: ifconfig_fxp0 with both DHCP and Link?

r cycle will also work - depends on whether the memory of the MAC is in the cable modem itself or at the other end.) -- Barney Wolff http://www.databus.com/bwresume.pdf I never met a computer I didn't like. ___ freebsd-net@freebsd.org mailing li

Re: forwarding icmp redirects.

h the good behavior of widely used commercial routers. -- Barney Wolff http://www.databus.com/bwresume.pdf I never met a computer I didn't like. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To

[EMAIL PROTECTED]: Re: [e2e] Can we revive T/TCP ?]

found an error in the specific state transitions, of T/TCP although I have never seen the details. Bob Braden - End forwarded message - -- Barney Wolff http://www.databus.com/bwresume.pdf I never met a computer I didn't like. ___

Re: blocking a string in a packet using ipfw

ctually, it should. I have over 60 addresses in an ipfw table with no observable trouble. But that rule is triggered only about 1 times a day (part of a spam blocker). -- Barney Wolff I never met a computer I didn't like. ___ free

the arp thread

Ah, the first entry into my procmail block regex from a freebsd list. All the other s**theads are from nanog. Good luck next time, fella. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. To Unsubscribe:

Re: Problem in High Speed and Long Delay with FreeBSD

the stack timing granularity? I would also try setting ttcp's block size to a multiple of the exact transmitted seg size rather than a power of 2. Barney -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the

Re: bpf

it should return the fd for the bpf ? > > Pete > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in t

Re: [Fwd: [lir-wg] Important Informational Message - root.zone change]

rrow morning. They haven't actually loaded the > new zone yet, and probably won't till sometime near or after 3am > California time. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. To

Re: bpf

n at wakeup do the bpf read, having set nonblocking and immediate mode so you don't get stuck in the read. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. To Unsubscribe: send mail to [EMAIL PROTEC

Re: Killing SPAM

when they do that I would love to have their spam filterd out, would > that be possible with any of those two programs and are there any good > examples? -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the &#x

[bugtraq-partner@seculution.de: [OpenBSD] [syslogd] false src-IP when logging to remote syslogd]

B?nen Germany E-Mail: [EMAIL PROTECTED] http://www.4ss.de - End forwarded message - -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message

Re: SO_DONTROUTE, arp's, ipfw fwd, etc

better, not worse, because of the decreased chance for interesting bugs taking the whole complex down. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message

Re: concurrent connections

netstat -n |grep EST |wc -l If that's too much overhead, steal from the netstat source. On Thu, Dec 05, 2002 at 04:18:54PM -0800, randall ehren wrote: > is there a simple way to measure the amount of concurrent network (tcp) > connections to a freebsd host? -- Barney Wolff

Re: concurrent connections

i have a freebsd box acting as a IPFilter bridge for a class c subnet - is > there any way i can view how many concurrent connections this machine is > handling? -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or

Re: passive mode ftp server, need stateful ipfw rule.

t; > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > > with "unsubscribe freebsd-net" in the body of the message > > > > > --- > Orville R. Weyrich, Jr PhD. KD7HJV > mailto:[E

Re: passive mode ftp server, need stateful ipfw rule.

o do the job, as all the pieces necessary are in there. But beware - a server must cope with tricks such as asking for a nonexistent file that looks like the response to a PASV command, and so on. Firewall vendors sometimes actually do earn their money. -- Barney Wolff http://www.databus

Re: Need help dealing with (D)DoS attacks (desperately)

t rules, with the most heavily used addresses first. That way, many fewer rules should get interpreted for each packet. An even fancier scheme would use skipto and divide up your IP ranges in a binary search. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by cont

Re: Does natd(8) really need to see _all_ packets?

t of slots? If you insist on using only one nic, putting a "pass ip LN LN" right after the lo0/127 rules will minimize overhead for local traffic. If you need protection from the other hosts on your lan there are things running on your firewall that should not be there. -- Barney

Re: Does natd(8) really need to see _all_ packets?

ink my ISP does check source MAC on packets from subscribers, but would be worth a try. All in all, knowing that a packet came from "outside" is important. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via

Re: IPFIREWALL, /dev/ipl and friends

< options APIC_IO # Symmetric (APIC) I/O IPFIREWALL and friends are for ipfw, not ipfilter (except IPSTEALTH). 5.0 uses devfs and creates pseudo-devices as needed. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in th

Re: route pointing to a gateway that's not on net

e default route, and put a permanent entry into the arp table with the gateway's actual mac address. That ought to work. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. To Unsubscribe: send mail

Re: Choices for security

nally, if the problem is strictly http(s) requests, you can put an allow tcp established rule before the blocking rules, and take the hit only on setup packets. That doesn't stop an attacker using hping or equivalent, but does stop request bots. -- Barney Wolff http://www.databus.

Re: Cascading qmail servers

correspondents use the sub-domains the problem is easier, but employees in large orgs move around so often it's impractical. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. ___

[dab@BSDI.COM: Re: [e2e] TCP-SYN and delayed TCB allocation]

oning to > ESTABLISHED)... As long as you don't ACK the data, you don't need to save it. Throw away the data and just ACK the SYN. The other side will have retained a copy of the data, and will have to retransmit it. Slow, but it will work. -David Borman ---

Re: [dab@BSDI.COM: Re: [e2e] TCP-SYN and delayed TCB allocation]

i boxes, and probably should not pick a victim at random. :) Regards, Barney -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. ___ [EMAIL PROTECTED] mailing list h

Re: ipfw rules vs routes to localhost?

s a way to put custom code in the kernel that looks up the source IP addr in a hash table. But the hard part will be updating the table of banned IPs and informing the kernel. How often must the table change? -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available b

Re: ipfw rules vs routes to localhost?

d both to kernel and user space? With SVR4 Streams, I'd probably use an ioctl to communicate. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. ___ [EMAIL

Re: Cascading qmail servers

On Thu, May 29, 2003 at 12:14:34AM -0700, Wes Peters wrote: > On Wednesday 28 May 2003 08:00 am, Barney Wolff wrote: > > On Wed, May 28, 2003 at 07:45:10AM -0700, Wes Peters wrote: > > > > Don't assume that you can't create an alias for each user. When I > &g

Re: Cascading qmail servers

rnet. And also I want to keep part of the e-mail accounts on the > main server for the whatever.com domain itself. Don't assume that you can't create an alias for each user. When I worked at a very large NY bank, with well over 100,000 employees, /etc/mail/aliases was that big, a

Re: ADSL PPoA or RFC1483, any solutions ?

P address of the ISP's router as the default route. My ISP works that way. My Freebsd system's external Ethernet has address w.x.y.z/24 and my default route is w.x.y.1. If you don't get a static IP address, running dhclient on the Ethernet interface that talks to the DSL modem

  1   2   >