Hi everyone. I sent this out to freebsd-questions@ yesterday but
haven't had any nibbles.
I'm testing NAT on FreeBSD 8.1. My setup is very simple:
My workstation -> { internal network switch } -> FreeBSD 8.1routing
firewall with squid 3 -> { switch going to Internet }
My pf configuration is a ba
Hello all. I've been using FreeBSD 7.x and 8.x for bridged firewalls
and logging hasn't been an issue. Now I'm moving one of them to NAT
and I suddenly realise I have a major problem - I can't log the actual
translations.
Consider the following:
Client A - 10.1.1.1
Client B - 10.1.2.2
Remote serv
On Mon, May 2, 2011 at 10:41, Zhu Sha Zang wrote:
> I'm trying to block facebook access only using PF in FreeBSD 8.2.
>
> But putting the name or the ip returned with the command host
> www.facebook.com i can't deny any user to connect facebook.
>
> Some trick to do that?
>
> Thanks for now.
Sho
On Mon, Aug 20, 2012 at 11:53 AM, J David wrote:
> However, the nature of a DDOS attack is that there is not a single
> source IP. The source IP is either outright forged or one of a large
> number of compromised attacking hosts. So what I really want to do is
> have a "max-dst-states" rule tha
On 16 November 2012 09:40, Peter McAlpine wrote:
> data_if = "tap3"
> ext_if = "em0"
> set skip on lo0
> nat on $ext_if from !$ext_if:network to any -> ($ext_if)
> pass in on $ext_if route-to $data_if from any to !$ext_if:network
> The issue I'm having is that the 'pass' rule is not being matche
On Nov 19, 2012 3:12 PM, "Peter McAlpine" wrote:
>
> Thanks for your reply. I've tried the configuration you suggested but
> it's providing the same issue I was encountering before.
>
> My goal is to route all traffic from the tunnel out the external
> interface nat'ing it on the way out. Any traf
On Nov 19, 2012 5:54 PM, "Kevin Wilcox" wrote:
> It is. The "pass in" rule I used in my example assumes the inside
interface and the other devices it talks to are in the same network.
Correction, the "pass in" and "nat" rules, not just th
On 19 November 2012 18:56, David DeSimone wrote:
> This doesn't seem right, because even traffic coming in via the external
> interface will have its target IP changed to be the router, even if
> it is destined for some other place. Previously you were using "from
> $int_if:network" to prevent t
On Nov 20, 2012 9:44 AM, "Mark Martinec"
wrote:
>
> Paul Webster wrote:
> > I am aware this is a much discussed subject since the upgrade of PF,
> > I believe the final decision was that too many users are used to the old
> > style pf and an upgrade to the new syntax would cause too much
confusion
On Dec 1, 2012 3:55 PM, "Laszlo Danielisz"
wrote:
>
> Hi Everybody,
>
> Today I just found out that my pf rules are not loaded on boot if I
configure my machine's interface with DHCP
If you use your interface in your rules, for example,
pass in on em0
then you can tell pf to adapt to a changing
On Dec 2, 2012 12:55 PM, "Laszlo Danielisz"
wrote:
> @Kevin, yes I'm using interfaces, is there any what not using them in
pf.conf?
I don't think so. I was replying by phone at the time so it was a little
short, I meant if you were using the interface in the rule versus defining
a macro and usin
11 matches
Mail list logo
