freebsd openvpn and firewall protocols

2005-12-16 Thread Dave
Hello, I'm running openvpn via ports on a freebsd6 machine. This box is natted behind another freebsd6 box which uses pf as it's firewall. I've got windows clients that are outside the firewall with openvpn windows client. I was getting an error about tls parameters failed to be negotiated w

RE: mrtg

2005-12-16 Thread Greg Hennessy
> does anybody know a good guid to set up mrtg it's killing me I would strongly counsel against using MRTG, http://www.cacti.net/ Is trivial to setup and far easier to manage. Greg ___ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org

Re: mrtg

2005-12-16 Thread link
> http://mrtg.dawntempo.net/rrd/ > > like this? > > > > [EMAIL PROTECTED] írta: > >>>Robert írta: >>> >>> >>> does anybody know a good guid to set up mrtg it's killing me ___ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org

Re: very odd PF + FreeBSD6.0 problems

2005-12-16 Thread Paul Dokas
On Fri, 16 Dec 2005 20:38:30 +0100 Daniel Hartmeier <[EMAIL PROTECTED]> wrote: > Doh. > > delta_tsval == 1424952994 - 1424712993 == 240001 > delta_time == 120082719 us (120.082719 s) > > freq == delta_tsval / delta_time > == 240001 / 120.082719 > == 240001 * 100 / 120082719 >

Re: very odd PF + FreeBSD6.0 problems

2005-12-16 Thread Daniel Hartmeier
Doh. delta_tsval == 1424952994 - 1424712993 == 240001 delta_time == 120082719 us (120.082719 s) freq == delta_tsval / delta_time == 240001 / 120.082719 == 240001 * 100 / 120082719 == 1998 Hz (> 1000 Hz) So it's not that far off, the server seems to increment timestamps at 0

Re: very odd PF + FreeBSD6.0 problems

2005-12-16 Thread Paul Dokas
On Fri, 16 Dec 2005 19:34:47 +0100 Daniel Hartmeier <[EMAIL PROTECTED]> wrote: > The additional checks are automatically enabled when using "reassemble > tcp", which explains why the same ruleset didn't block the packets on > 5.4 but now does on 6.0. You can disable "reassemble tcp" and the new > (

Re: mrtg

2005-12-16 Thread link
> Robert írta: > >>does anybody know a good guid to set up mrtg >>it's killing me >>___ >>freebsd-pf@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-pf >>To unsubscribe, send any mail to "[EMAIL PROTECTED]" >> >> >> > what do

Re: very odd PF + FreeBSD6.0 problems

2005-12-16 Thread Daniel Hartmeier
On Fri, Dec 16, 2005 at 02:04:54PM -0500, Mike Frantzen wrote: > > So, between those two subsequent packets, the server incremented its > > timestamp by > > delta_tsval == 1424952994 - 1424712993 == 240001 > > within the timespan of > > delta_usec == 120 * 100 + 82719 == 2082719 Wait, tha

Re: very odd PF + FreeBSD6.0 problems

2005-12-16 Thread Mike Frantzen
> >From the logged values and the source code we can deduce that the last > two packets from the SSH server (that.host) to the client (this.host) > were seen (by pf, in the kernel) exactly > delta_ts.tv_sec == 120 > delta_ts.tv_usec == 82719 > apart. This approximately matches the difference i

Re: very odd PF + FreeBSD6.0 problems

2005-12-16 Thread Daniel Hartmeier
On Fri, Dec 16, 2005 at 10:09:15AM -0600, Paul Dokas wrote: > I recently upgrade to FreeBSD 6.0 via a full reinstall and I've run into a > very > strange problem with PF. First of all, I'm using the same PF ruleset that I > used on 5.4. I know for a fact that it works correctly there. This is

mrtg

2005-12-16 Thread Robert
does anybody know a good guid to set up mrtg it's killing me ___ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: altq and max number of classes on xBSD

2005-12-16 Thread Stanislaw Halik
Nickola Kolev <[EMAIL PROTECTED]> wrote: > Finally, my question is is there a way to raise the maximum number of > classes in a hierarchy (besides the artificial change in altq_hfsc.h > and altq_cbq.h)? How stable would a system like that be? there are no stability issues involved. and you don't h

very odd PF + FreeBSD6.0 problems

2005-12-16 Thread Paul Dokas
I recently upgrade to FreeBSD 6.0 via a full reinstall and I've run into a very strange problem with PF. First of all, I'm using the same PF ruleset that I used on 5.4. I know for a fact that it works correctly there. What's happening is that when I turn on PF, I'm able to make outbound connect

Re: address mapping with pf

2005-12-16 Thread Bill Marquette
binat is likely what you want. --Bill On 12/16/05, Robert <[EMAIL PROTECTED]> wrote: > can pf do address mapping ? > > i hava a server with 5 ips on the ext_if > and i want to map an ip to let's say 192.168.1.11 > ___ > freebsd-pf@freebsd.org mailing li

address mapping with pf

2005-12-16 Thread Robert
can pf do address mapping ? i hava a server with 5 ips on the ext_if and i want to map an ip to let's say 192.168.1.11 ___ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL

altq and max number of classes on xBSD

2005-12-16 Thread Nickola Kolev
Hello, Currently I have a GNU/Linux based router, which is serving as a traffic control gateway for a /19 network. Right now, there are about 6000 classes in a hierarchy, built upon the hierarchycal token bucket qdisc. I'd like to build a Free/Open/NetBSD router, utilizing ALTQ+pf, to replace the