On Thu, 7 Feb 2013 08:08:59 +, Eggert, Lars wrote:
> On Jan 31, 2013, at 16:03, Matthew Luckie wrote:
> >
> > 00510 allow ip from me to not me out via em1
> > 00550 divert 8668 ip from any to any via em1
> >
> > Rule 510 fixes it.
>
> Yep, it does. Can I ask someone to commit this t
On Thu, 7 Feb 2013 12:50:51 +, Eggert, Lars wrote:
> Hi,
>
> On Feb 7, 2013, at 13:40, Ian Smith wrote:
> > On Thu, 7 Feb 2013 08:08:59 +, Eggert, Lars wrote:
> >> On Jan 31, 2013, at 16:03, Matthew Luckie wrote:
> >>>
> >>&
On Sat, 6 Jul 2013 18:37:55 +0700, Eugene Grosbein wrote:
> On 06.07.2013 14:47, Sami Halabi wrote:
> > Hi,
> > Any hope?
>
> Have you used intedmediate "ipfw count log" rules between "ipfw nat" rules
> I recommended? If yes, why have not you show that logs yet?
> Include tcpdump output fro
On Sun, 18 Aug 2013 14:03:27 -0700, Barney Cordoba wrote:
> Criticism is the bedrock of innovation.
Constructive criticism, with clear design even without code, can be.
Relentless negativity achieves nothing, and fails to compile.
Ian
___
freebsd-net
On Wed, 18 Sep 2013 12:00:30 +0430, h bagade wrote:
> Hi all,
>
> I've heard that disabling firewall with commands or setting related sysctl
> parameter wouldn't increase performance and still firewalls participate in
> forwarding process. The only way to reach a better performance is making
On Wed, 18 Sep 2013 11:18:38 +0200, Luigi Rizzo wrote:
> On Wed, Sep 18, 2013 at 10:07 AM, Ian Smith wrote:
>
> > On Wed, 18 Sep 2013 12:00:30 +0430, h bagade wrote:
> > > Hi all,
> > >
> > > I've heard that disabling firewall
On Wed, 5 Mar 2014 20:44:51 +0100, Andreas Nilsson wrote:
> On Wed, Mar 5, 2014 at 7:49 PM, Andrey V. Elsukov wrote:
>
> > On 04.03.2014 09:58, Andreas Nilsson wrote:
> > > Why do I need the explict fwd rule? As far as I can see the ipfw man page
> > > says nothing about skipto changing the
On Sat, 29 Mar 2014 15:02:29 +0100, Willy Offermans wrote:
> Dear FreeBSD friends,
>
> On Fri, Mar 28, 2014 at 05:25:54PM +0100, Willy Offermans wrote:
> > Dear FreeBSD friends,
> >
> > I have a problem with my relatively new FreeBSD server. I came across the
> > problem when sending e-mai
On Mon, 19 May 2014 01:02:42 _0200, Luigi Rizzo wrote:
> Folks, i have two requests for you:
>
> 1. please do not complain about questions on this list related
>to a core network-related FreeBSD subsystem (netmap, dummynet,
>netgraph, tcp stack...) even if they are concerned with port
On Fri, 6 Jun 2014 00:10:26 +0800, bycn82 wrote:
Hi Bill,
> Sorry for waste you time to explain it again, I will read the code first.
Especially the code provided in free tutorials by your busy professor ..
> And the latest patch of `PPS` should be OK, I checked the logic carefully
> this t
On Sun, 15 Jun 2014 18:08:59 +0800, Julian Elischer wrote:
> On 6/15/14, 3:00 AM, Alexander V. Chernikov wrote:
> > On 14.06.2014 21:35, Michael Sierchio wrote:
> > > Luigi -
> > >
> > > Does table entry matching use a longest prefix match?
> > I'm not Luigi, but the answer is "yes" anyway :
On Sun, 15 Jun 2014 16:04:45 +0400, Alexander V. Chernikov wrote:
> On 15.06.2014 16:01, Ian Smith wrote:
> > On Sun, 15 Jun 2014 18:08:59 +0800, Julian Elischer wrote:
> > > On 6/15/14, 3:00 AM, Alexander V. Chernikov wrote:
> > > > On 14.06.2014
On Tue, 29 Nov 2011 00:22:04 +0700, Eugene Grosbein wrote:
> Cc: eiv...@dimaga.com, c...@linktel.net, arc...@whistle.com,
> br...@awfulhak.org, suut...@iki.fi, n...@freebsd.org,
> Eugene Grosbein
I've trimmed ccs except net@, feel free to re-add if desired.
> On Mon, Nov 28, 2011 at
On Tue, 3 Jan 2012 17:52:53 +0900, Randy Bush wrote:
> ignore. i sorted it.
Too late, sucked in .. diff from prior config might be bone enough?
cheers, Ian
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
On Fri, 27 Jan 2012, Nikolay Denev wrote:
> On Jan 27, 2012, at 4:41 AM, Kevin Oberman wrote:
>
> > On Thu, Jan 26, 2012 at 11:41 AM, Chuck Swiger wrote:
> >> Hi--
> >>
> >> On Jan 26, 2012, at 9:24 AM, satish amara wrote:
> >>> I have question regarding the size of the state table kept i
On Sat, 21 Apr 2012 15:41:30 +0400, Dmitry S. Kasterin wrote:
[..]
> 9.0-STABLE / custom kernel
>
> > Also, if
> > you choose to use stateful TCP filtering, it is probably best to do it
> > in the manner shown in the ipfw(8) man page under DYNAMIC RULES. This
> > is very different from the w
On Mon, 14 May 2012 16:02:40 +0300, Ivo Vachkov wrote:
> Hello all,
>
> On Mon, May 14, 2012 at 1:52 PM, Monthadar Al Jaberi
> wrote:
>
> > On Sun, May 13, 2012 at 2:49 PM, Ivan Voras wrote:
> > > On 13 May 2012 06:46, Ivo Vachkov wrote:
> > >> Please define "working"? Porting? Kernel-
On Sun, 5 Aug 2012 13:40:21 +0430, h bagade wrote:
> Hi all,
>
> I have problem with setting mac option on ipfw rule. I want to drop all
> traffic but the traffic with source mac for example 11:22:33:44:55:66. I
> thought it would be possible using the not option to do the work and I have
>
On Wed, 29 Aug 2012 22:31:25 +0400, Lev Serebryakov wrote:
> Hello, Michael.
> You wrote 29 ??? 2012 ?., 19:01:08:
>
>
> >> I have interface (vr1), most of traffic on which is PPPoE. I have ipfw
> >> firewall, which splits traffic by interfaces via:
> >>
> >> add 2000 skipto 5000 a
On Thu, 13 Sep 2012 21:53:23 +0300, ? ??? wrote:
> Then my guess is wrong. I found the message, where similiar problem was
> described in ipfw mailling list
> http://lists.freebsd.org/pipermail/freebsd-ipfw/2011-March/004582.html, with
> no answer.
> Maybe it will be usefull for someb
On Fri, 19 Oct 2012 15:25:24 +0400, Andrey V. Elsukov wrote:
> Hi All,
>
> Many years ago i have already proposed this feature, but at that time
> several people were against, because as they said, it could affect
> performance. Now, when we have high speed network adapters, SMP kernel
> and
On Sat, 15 Dec 2012 12:51:11 -0800, Chris H wrote:
> in rc.conf, adding the following (order is important!), everything
> works as expected/desired/anticipated;
>
> --- begin rc,conf
> --
> ifconfig_ue0="ether ##:##:##:##:##:##"
On Tue, 8 Jan 2013 07:57:04 -0800, Garrett Cooper wrote:
> On Jan 8, 2013, at 7:50 AM, Barney Cordoba wrote:
>
> > --- On Mon, 1/7/13, Erich Dollansky wrote:
> >
> >> From: Erich Dollansky
> >> Subject: Re: To SMP or not to SMP
> >> To: "Barney Cordoba"
> >> Cc: freebsd-net@freebsd.org
On Tue, 19 Oct 2010, Paul Thornton wrote:
> I'm hoping that someone can point me in the right direction to get
> enough debug to troubleshoot a very annoying connection problem with
> PPPoE to a Cisco.
>
> I have a freshly installed 8.1-RELEASE amd64 box with a very simple
> PPPoE daemon set
On Wed, 20 Oct 2010, Paul Thornton wrote:
[..]
> With a Windows XP client (I know, it was nearby though) the following
> things happen:
>
> Server -> Client PPP CHAP Success (Welcome!! message).
> Server -> Client PPP CCP config request
> Server -> Client IPCP Config request (setting IP
On Fri, 22 Oct 2010, Thomas Sevestre wrote:
> Le 21 oct. 10 à
> 19:04, Julian Elischer a écrit :
>
> > On 10/21/10 8:26 AM, Thomas Sevestre wrote:
> > > Hi all,
> > >
> > > I'm using freebsd 8 as a router. Say I have a sis0 interface. Th
On Tue, 9 Nov 2010, Pyun YongHyeon wrote:
> On Tue, Nov 09, 2010 at 10:01:36PM +0100, Yamagi Burmeister wrote:
> > On Tue, 9 Nov 2010, Pyun YongHyeon wrote:
[..]
> > >You can switch to suspend mode with "acpiconf -s1". If all goes
> > >well, driver would put the controller into suspend mode aft
On Sun, 14 Nov 2010, Milen Dzhumerov wrote:
> Hi all,
>
> We're investigating some ways to perform symbolic execution of
> distributed systems and we're looking for real-world programs to
> test. The "routed" daemon[1] which is included with FreeBSD seemed
> like a good candidate and I wa
On Sun, 6 Mar 2011, Dave Johnson wrote:
> Hi all
>
>
> An IPFW problem when going from release to stable on 8.2
>
> An help gladly accepted
>
> LOG ON
>
> Flushed all rules.
> 00010 allow ip from 127.0.0.1 to 127.0.0.1 via lo0
> 00030 divert 8668 ip from any to any via bge0
> ipfw
On Mon, 14 Mar 2011, Ryan Coleman wrote:
> I've searched high and low and have no idea where to start to get
> this thing going... It's recognizing it now but I am not finding any
> details online (like people who have shared their full configuration
> details) on how they got the VirginMob
On Sat, 16 Apr 2011, rondzie...@comcast.net wrote:
> After the firewall rules are loaded, the rc script then loads natd,
> Once the system is up, i can ipfw list and the divert command is,
> in fact, not there, but by this time natd is running. If I run the
> rc.firewall
> script interact
On Sun, 17 Apr 2011, J. Hellenthal wrote:
> On Sun, Apr 17, 2011 at 03:36:40PM +1000, Ian Smith wrote:
> >On Sat, 16 Apr 2011, rondzie...@comcast.net wrote:
> >
> > > After the firewall rules are loaded, the rc script then loads natd,
> > > Once the syst
On Sat, 21 May 2011, Doug Barton wrote:
> On 05/21/2011 01:58, Matthew Bowman wrote:
> > I have an uplink to my ISP on a 2 IP /30 network (1.1.1.0/30 in the
> > diagram)
>
> No help for your actual problem, sorry. I just wanted to point out that 1/8
> has been assigned by IANA to APNIC, so i
On Wed, 7 Oct 2009, rihad wrote:
> Robert Watson wrote:
>
> > I would suggest making just the HZ -> 4000 change for now and see how it
> > goes.
> >
> OK, I will try testing HZ=4000 tomorrow morning, although I'm pretty sure
> there still will be some drops.
Even if there are, I'd like t
On Fri, 13 Nov 2009, Stephane D'Alu wrote:
> Is there a way to have tcpdump only showing packed that have pass the
> filtering rules, so to check that firewall rules were correctly written and
> not letting unwanted packets in.
tcpdump sees packets before they're passed to the firewall coming i
On Fri, 13 Nov 2009, Stephane D'Alu wrote:
> On 13/11/2009 13:08, Ian Smith wrote:
> > On Fri, 13 Nov 2009, Stephane D'Alu wrote:
> > > Is there a way to have tcpdump only showing packed that have pass the
> > > filtering rules, so to check that firew
On Tue, 29 Dec 2009, Julian Elischer wrote:
> Luigi Rizzo wrote:
> > There a difference between the documented and actual behaviour of
> > "ipfw tee" which occurs when there are multiple rules with the same
> > number, e.g.
> >
> >rule_id number body
> >r1 500 tee port1 ds
On Wed, 2 Jun 2010, Jose M Rodriguez wrote:
> The following reply was made to PR kern/147191; it has been noted by GNATS.
>
> From: Jose M Rodriguez
> To: bug-follo...@freebsd.org
> Cc:
> Subject: Re: kern/147191: [ppp] Problems with ppp -nat [pppoe], ipfw,
> dummynet
> Date: Wed, 02 J
On Thu, 1 Jul 2010, Garrett Cooper wrote:
> On Thu, Jul 1, 2010 at 4:54 PM, Pyun YongHyeon wrote:
> > On Wed, Jun 30, 2010 at 07:00:53PM -0700, Garrett Cooper wrote:
> >> Hi,
> >> Just an observation I made while transferring a file:
> >>
> >> # time scp floppy.img somehost:
> >> Passwo
On Tue, 15 Jun 2010, Garrett Cooper wrote:
> Hi,
> I'm experiencing a deterministic situation on a development box I
> manage when I do the following to enable ipfw and natd to bridge a
> network with two bce(4) enabled NICs, where if I do the following
> steps below, then try to push a fe
On Sat, 3 Jul 2010, Ian Smith wrote:
> On Tue, 15 Jun 2010, Garrett Cooper wrote:
> > Hi,
> > I'm experiencing a deterministic situation on a development box I
> > manage when I do the following to enable ipfw and natd to bridge a
> > network with two
On Wed, 7 Jul 2010, Shtorm wrote:
>
> > Yow, 30 vlans, but only em1 is using vlans not em0?
> >
> > Is only em1 having watchdogs? I noticed you appear to
> > have flow control off, maybe turning it on would help.
> >
> > I would like to see the log messages from the watchdogs.
> > Jack
On Fri, 9 Jul 2010, Shtorm wrote:
> Yeah, saw this too, it was first boot for this install and I forgot to
> run tzsetup during flash image build.
>
> As for the latest log, this box connected to internet via em0, ntpd just
> says it have some peers to sync with after interface flap.
>
>
On Fri, 9 Jul 2010, Ryan Stone wrote:
> No, defining EM_WATCHDOG as 10 * hz should mean that the watchdog
> expires after 10 seconds no matter what your kern.hz is. hz is set to
> the number of ticks in a second.
Ok, one more probably wild punt .. Shtorm you say HZ=4000, giving:
===
And here
On Sat, 10 Jul 2010, Ian Smith wrote:
>
> HZ=4000 ticks are 250ns, not 25ms.
Up way too late .. that's 250us of course, thanks Ryan.
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubs
On Mon, 11 Oct 2010, Eugene Grosbein wrote:
> Hi!
>
> FreeBSD 8.1-STABLE:
>
> # host koin-nkz.com.
> koin-nkz.com has address 62.231.164.101
> Host koin-nkz.com not found: 3(NXDOMAIN)
>
> This domain does not have MX records but NXDOMAIN seems to wrong return
> code to me. Think about
On Tue, 12 Oct 2010, Tom Evans wrote:
> On Tue, Oct 12, 2010 at 10:05 AM, Ian Smith wrote:
> > On Mon, 11 Oct 2010, Eugene Grosbein wrote:
> > > Hi!
> > >
> > > FreeBSD 8.1-STABLE:
> > >
> > > # host koin-nkz.com.
> >
On Tue, 12 Oct 2010, Tom Evans wrote:
> On Tue, Oct 12, 2010 at 3:39 PM, Ian Smith wrote:
> > On Tue, 12 Oct 2010, Tom Evans wrote:
> > > On Tue, Oct 12, 2010 at 10:05 AM, Ian Smith
> > wrote:
[..]
> > > > If a domain has no MX server, how's
On Thu, 12 Jun 2008, Brooks Davis wrote:
> On Thu, Jun 12, 2008 at 06:30:05PM -0700, Peter Losher wrote:
> > Randy Bush wrote:
> >> this has been a cause of great pain for a lng time.
> >>
> >>http://www.psc.edu/networking/projects/hpn-ssh/
> >>
> >> as openssh seems not to be fixi
On Fri, 13 Jun 2008, Matt Brennan wrote:
> Hi All,
>
> I am running FreeBSD 6.2-release. I have been running PAT via natd
> and ipfw for some time now and it runs great. However, I continue to
> try and employ static NAT on this router, and as soon as I do so all
> other clients lose routing
On Fri, 27 Jun 2008, Chuck Swiger wrote:
> On Jun 27, 2008, at 3:01 PM, Freddie Cash wrote:
> [ ... ]
> >> If net.inet.ip.fw.one_pass is true, then you definitely want to
> >> apply your
> >> deny rules first, as once something matches a pipe rule, it's going
> >> to be
> >> passed. The
On Sat, 28 Jun 2008, Freddie Cash wrote:
> On Fri, Jun 27, 2008 at 11:14 PM, Ian Smith <[EMAIL PROTECTED]> wrote:
> > On Fri, 27 Jun 2008, Chuck Swiger wrote:
> > > On Jun 27, 2008, at 3:01 PM, Freddie Cash wrote:
> > > [ ... ]
> > > >&
On Tue, 15 Jul 2008, Kris Kennaway wrote:
> Thomas Vogt wrote:
> > Hello
> >
> > Since i updated my FreeBSD 6.3 dns server with the latest bind version
> > in the ports (dns/bind94) my system is flooding my log with "too many
> > open file descriptors" messages.
> >
> > Is there somethi
On Thu, 17 Jul 2008, Wasily Lin wrote:
> Hello,
> I set up a PPPoE server on FreeBSD 7.0(amd64) with mpd 5.1 and it works
> fine for all clients except for my FreeBSD 7.0(i386) Notebook.
> Connecting has no problem and I get ip but all website can not be access
> even on PPPoE server itself
On Thu, 17 Jul 2008, Julian Elischer wrote:
> The current code in -current will add a new interface to all
> FIBs.
Consider yanking/reinserting cardbus NICs as one source of fun.
> So for example when you add a gre interface irt shows up everywhere.
>
> This behaviour is probbaly correct fo
On Thu, 17 Jul 2008, Julian Elischer wrote:
> Julian Elischer wrote:
> > Ian Smith wrote:
> >> On Thu, 17 Jul 2008, Julian Elischer wrote:
> >> > The current code in -current will add a new interface to all
> >> > FIBs.
[..]
> >> Yes i
On Fri, 1 Aug 2008, Mike Makonnen wrote:
> Patrick Tracanelli wrote:
> > Mike Makonnen escreveu:
> >> Hi,
> >>
> >> An Internet Cafe I do some work for was recently having problems with
> >> very slow internet access. It turns out customers were running P2P
> >> file sharing applications w
On Sun, 3 Aug 2008, Eugene Grosbein wrote:
> I need /etc/namedb to be owned by root:bind and have permissions 01775,
> so bind may write to it but may not overwrite files that belong to root
> here, and I made it so. Suprise!
>
> # /etc/rc.d/named restart
On Sun, 3 Aug 2008, Eugene Grosbein wrote:
> On Sun, Aug 03, 2008 at 10:32:22PM +1000, Ian Smith wrote:
>
> > > I need /etc/namedb to be owned by root:bind and have permissions 01775,
> > > so bind may write to it but may not overwrite files that belong to root
&g
On Sun, 3 Aug 2008, Mike Makonnen wrote:
> Ian Smith wrote:
> > On Fri, 1 Aug 2008, Mike Makonnen wrote:
> > > Patrick Tracanelli wrote:
> > > > Mike Makonnen escreveu:
[..]
> > /*
> > * I
On Sun, 3 Aug 2008, Doug Barton wrote:
> Eugene Grosbein wrote:
> > On Sun, Aug 03, 2008 at 10:54:05PM -0700, Doug Barton wrote:
[..]
> >>> Well, I just want bind be allowed to write to is working directory.
> >> I think that your idea of "BIND's working directory" is probably
> >> flawed
>
On Mon, 4 Aug 2008, Doug Barton wrote:
> Adrian Penisoara wrote:
> > On Mon, Aug 4, 2008 at 12:57 PM, Ian Smith <[EMAIL PROTECTED]
> > <mailto:[EMAIL PROTECTED]>> wrote:
> > With the notable exception of making standard functions rndc trace and
>
On Mon, 11 Aug 2008, Onur Aslan wrote:
> I am using named for a ns server. Named listening all ips for my
> machine. But when i reboot machine, my ppp network connecting after
> started named. named doesn't listening my ppp network's ip. Do you
> have a solution?
Assuming you have a fixed IP a
On Mon, 11 Aug 2008, Paul Schmehl wrote:
> --On Tuesday, August 12, 2008 01:08:46 +1000 Ian Smith <[EMAIL PROTECTED]>
> wrote:
>
> > On Mon, 11 Aug 2008, Onur Aslan wrote:
> > > I am using named for a ns server. Named listening all ips for my
> > >
On Thu, 31 Jul 2008, Julian Elischer wrote:
> looking int he code I noticed that the following command gave
> no error but didn't work..
>
>
> ipfw add 1000 skipto tablearg ip from any to table(31)
Content addressible branching is an elegant and useful idea, thanks for
making it work. A si
On Tue, 19 Aug 2008, Luigi Rizzo wrote:
> On Tue, Aug 19, 2008 at 11:12:04PM +1000, Ian Smith wrote:
> > On Thu, 31 Jul 2008, Julian Elischer wrote:
> ...
> > > ipfw add 1000 skipto tablearg ip from any to table(31)
> ...
> > > see attached
On Thu, 13 Nov 2008, Julian Elischer wrote:
> At home I use the following change.
>
>
> basically, instead of doing 8 rules before and after the nat,
> use a table and to 1 rule on each side.
>
>
> any objections?
Only that if people are already using tables for anything, chances are
-- Forwarded message --
Date: Fri, 17 Oct 2008 05:24:43 +1100 (EST)
From: Ian Smith <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Speaking of rc.firewall ..
On Thu, 16 Oct 2008, Ian Smith wrote:
> I see that both HEAD and RELENG_7 rc.firewall have been updat
On Fri, 14 Nov 2008, Julian Elischer wrote:
> Julian Elischer wrote:
> > Ian Smith wrote:
> > > On Thu, 13 Nov 2008, Julian Elischer wrote:
> > > > At home I use the following change.
> > > > > > basically, instead of doing 8 rules before a
On Fri, 12 Dec 2008, Randall Stewart wrote:
> Bruce:
>
> So lets see:
>
> 1) I went ahead and fixed the comments.. even added a ! instead of :-(
Personally: emoticons ARE punctuation; adding a period is totally anal.
> 2) No problem using func_t.. changed to that.. seems nicer :-D
I gues
On Sat, 13 Dec 2008, Peter Jeremy wrote:
> On 2008-Dec-13 13:55:18 +1100, Ian Smith wrote:
> >I guess submitting patches for style(9) is considered a suicide method?
>
> Not necessarily but you need to have very good justification for any
> change. It's much easier
On Fri, 2 Jan 2009, per...@pluto.rain.com wrote:
> Why would a local interface, reported as up in ifconfig, not respond
> to a ping of its own IP address? The tun0 reported below doesn't,
> and I have no idea how to debug it. (I've overwritten the two most-
> significant octets of its IP add
On Fri, 2 Jan 2009, per...@pluto.rain.com wrote:
> Ian Smith wrote:
uucp .. how quaint :)
> ...
> > > tun0: flags=8051 mtu 1412
> > > inet6 fe80::2b0:d0ff:fe28:ad4f%tun0 prefixlen 64 scopeid 0x4
> > > inet ZZZ.ZZZ.233.42 --&g
On Sat, 3 Jan 2009, per...@pluto.rain.com wrote:
> Ian Smith wrote:
> > On Fri, 2 Jan 2009, per...@pluto.rain.com wrote:
> > > Ian Smith wrote:
> >
> > uucp .. how quaint :)
>
> Yep, but running over ssh since agora no longer has modems.
> How
On Sun, 4 Jan 2009, per...@pluto.rain.com wrote:
> Ian Smith wrote:
> > On Fri, 2 Jan 2009, per...@pluto.rain.com wrote:
> >
> > > Why would a local interface, reported as up in ifconfig, not respond
> > > to a ping of its own IP address?
On Sat, 10 Jan 2009, Skip Ford wrote:
> Matthias Apitz wrote:
> > El d?a Saturday, January 10, 2009 a las 05:54:56AM -0500, Skip Ford
> > escribi?:
> > > Matthias Apitz wrote:
> > > > What kind of software I could use in FreeBSD? There is some port
> > > > net/rp-pppoe but the man pages spea
On Sun, 25 Jan 2009, Daniel O'Connor wrote:
> On Sunday 25 January 2009 11:43:48 Mark Andrews wrote:
Doug Barton wrote:
> > > I've never used mpd myself, but you might want to try adding the
> > > following line to /usr/local/etc/rc.d/mpd and see if it helps:
> > >
> > > # BEFORE: named
On Sun, 25 Jan 2009, Len Gross wrote:
> The following configuration works fine _until_ I make a change in MTU
> setting on the link between FreeBSD1 and FreeBSD2
>
> Internet
>|
> Router x.x.x.x
> 192.168.0.1/
On Sun, 25 Jan 2009, Daniel O'Connor wrote:
> On Sunday 25 January 2009 11:43:48 Mark Andrews wrote:
Doug Barton wrote:
> > > I've never used mpd myself, but you might want to try adding the
> > > following line to /usr/local/etc/rc.d/mpd and see if it helps:
> > >
> > > # BEFORE: named
behaviour with FreeBSD 6.3 as machine
> #2,, but it was ignored at the time. I've seen the problem with
> connections to two different ISPs.
>
> I can live with having a Web Proxy on FreeBSD # 1, but I am concerned
> that this issue will crop up someplace else.
>
On Fri, 20 Feb 2009, Artyom Viklenko wrote:
> On Thu, 19 Feb 2009, Bakul Shah wrote:
>
> > I am wondering if there is a more dynamic and scriptable
> > firewall program. The idea is to send it alerts (with sender
> > host address) whenever a dns probe fails or ssh login fails
> > or smtpd f
On Fri, 20 Feb 2009, Bakul Shah wrote:
> Thanks to everyone who responded. Looks like all the pieces
> to do this exist. All I have to do is to package it all in
> one program "sheriff" that watches various log files and
> pulls the trigger on the bad guy(s) at appropriate time.
Wild West im
smell like just an IPFW
issue. I was pointing out that despite 20 times the CPU clock rate,
probably at least 30 times CPU throughput and likely 10 times the tick
rate, you appear to be suffering something like 30 to 900 times the
increased latency to be expected by traversing 'to
On Wed, 13 May 2009, Brett Glass wrote:
> I need to find a way to do "MAC address locking" in FreeBSD -- that is, to
> ensure that only a machine with a particular MAC address can use a particular
> IP address. Unfortunately, it appears that rules in FreeBSD's IPFW are
> "stuck" on one layer: r
On Thu, 14 May 2009, Brett Glass wrote:
> At 12:17 AM 5/14/2009, Ian Smith wrote:
>
> >You can use fixed leases with MAC specified in dhcp for that,
>
> This lets you assign specific addresses to machines with specific MAC
> addresses. But it doesn't inhibit
On Sun, 24 May 2009, Rui Paulo wrote:
> Hi,
> If anyone is interested in testing out wireless mesh networking under
> FreeBSD, the project has now reached a point where you can transfer
> packets between mesh nodes.
Always a good point to celebrate :)
> I try to keep the branch in sync with
On Tue, 26 May 2009, Brooks Davis wrote:
> On Tue, May 26, 2009 at 08:06:25PM +1000, Ian Smith wrote:
> > On Sun, 24 May 2009, Rui Paulo wrote:
> > > Hi,
> > > If anyone is interested in testing out wireless mesh networking under
> > > FreeBSD, the proje
On Sat, 6 Sep 2014 02:52:22 +, John Case wrote:
> I would like to use sshuttle (http://github.com/apenwarr/sshuttle) on
> FreeBSD.
>
> I have it working for TCP connections, but it does not properly tunnel DNS
> requests. The documentation for sshuttle says that ipfw forward rules will
On Tue, 9 Sep 2014 19:33:05, Ian Smith wrote:
> add 1000 divert natd ip from any to any in recv xl0
> add 2000 divert natd ip from any to any out xmit xl0
Oops, 'ip' should nowadays be 'ip4|ipv4' for divert rules, if ip6 is
configured on that interface. Last
On Fri, 31 Oct 2014 18:30:00 +0330, Hooman Fazaeli wrote:
> On 10/31/2014 5:30 PM, Mark Felder wrote:
> > I'm not sure if this is what you're looking for, but perhaps the
> > solution is in net/samplicator ?
> >
> > From the project's website:
> >
> > This simple program listens for UDP d
On Fri, 31 Oct 2014 18:28:28 -0700, Freddie Cash wrote:
> On Oct 31, 2014 12:12 PM, "John-Mark Gurney" wrote:
> >
> > Can any one think of a good reason not to enable IPDIVERT sockets in
> > the ipfw module?
Yes, two. Nowadays people are just as or perhaps more likely to use
in-kernel NAT,
On Sat, 1 Nov 2014 15:38:33 +0330, Hooman Fazaeli wrote:
> On 10/31/2014 8:30 PM, Ian Smith wrote:
[..]
> > : ipfw add 10 fwd localhost,7000 udp from any to any recv em1
> >
> > Given these are local packets and that ipfw(8) /fwd states:
> >
> > T
In a conversation on questions@ re natd(8), Gary said he was about to
upgrade to 9.3 from some (embarrassingly :) old version, and I said:
>> Strangely, there's no man page for ep nor if_ep on 8.x or 9.x?
To which Gary replied:
> ugh. That will be interesting when my upgrade starts in a few
On Tue, 11 Nov 2014 13:15:30 -0800, John-Mark Gurney wrote:
> Ian Smith wrote this message on Tue, Nov 11, 2014 at 21:31 +1100:
[..]
> > So can anyone confirm that ep(4) is present on 9.3-R, even if only i386?
>
> Yeh, it looks like ep is in GENERIC on i386.. We also compile
On Mon, 17 Nov 2014 15:48:13 +0800, Sato Kentney wrote:
> I saw a email in dragonflybsd email list, someone is doing this!
> http://www.dragonflybsd.org/docs/ipfw2/
We've had 'ipfw2' for a very long while. I couldn't help wondering why
DF wouldn't just import our many years of development and
On Thu, 4 Dec 2014 06:01:06 +0100, Martin Hanson wrote:
(Warren Block wrote:)
> I would use three of these sections, one with the serial number of each
> interface. So:
>
> action "ifconfig $device-name name wan inet ..."
> action "ifconfig $device-name name dmz inet ..."
> action "ifconfig $devic
On Fri, 30 Jan 2015 12:05:07 +0300, Lev Serebryakov wrote:
> On 30.01.2015 05:33, Julian Elischer wrote:
>
> >> 12700 skipto 12900 ip from any to any keep-state 12800 deny ip
> >> from any to any 12900 nat 1 ip from any to any out 12999 allow ip
> >> from any to any
> >>
> >> And rules for
On Fri, 30 Jan 2015 16:57:28 -0800, Kevin Oberman wrote:
> On Wed, Jan 28, 2015 at 9:13 AM, Lev Serebryakov wrote:
> > I could not resolve names with DNSSEC (for example, in freebsd.org
> > domain) on two of my installations, one with FreeBSD 11 and other with
> > FreeBSD 9.3.
> >
> > Sym
On Mon, 2 Feb 2015 22:17:25 +0300, Lev Serebryakov wrote:
> Now to make stateful firewall with NAT you need to make some not very
> "readable" tricks to record state ("allow") of outbound connection
> before NAT, but pass packet to NAT after that. I know two:
>
> (a) skipto-nat-allow patte
On Tue, 3 Feb 2015 13:23:38 +0300, Lev Serebryakov wrote:
> On 03.02.2015 13:04, Ian Smith wrote:
>
> >> Now to make stateful firewall with NAT you need to make some not
> >> very "readable" tricks to record state ("allow") of outbound
> >>
1 - 100 of 177 matches
Mail list logo
