Fbsd8 wrote:
Running 9.0 and connecting to Time Warner for the first time.
I have private lan behind my 9.0 box.
I have made a real simple rule set and nat rule just to get log
of what is happing.
ipfilter rules. dc0 faces lan, fxp0 faces public internet
pass in log quick on dc0 all
pass out
Running 9.0 and connecting to Time Warner for the first time.
I have private lan behind my 9.0 box.
I have made a real simple rule set and nat rule just to get log
of what is happing.
ipfilter rules. dc0 faces lan, fxp0 faces public internet
pass in log quick on dc0 all
pass out log quick on
On Wed, 2 Mar 2011 09:34:39 +0100, n j wrote:
On Tue, Mar 1, 2011 at 8:38 PM, Dean E. Weimer wrote:
I have been doing some work with cleaning up my log files to make
them
easier to read, and for the life of me can't figure out how to get
my
IPFilter logs to stop going into the /va
On Wed, 02 Mar 2011 12:23:27 +0100, Bernt Hansson wrote:
Put this in your rc.conf ipmon_flags="-D -f /var/log/ipf.log"
I don't doubt that would work, but I would rather stick with using
syslogd to handle the logging. As I am hoping to implement remote
logging to another server for log con
On Tue, Mar 1, 2011 at 8:38 PM, Dean E. Weimer wrote:
> I have been doing some work with cleaning up my log files to make them
> easier to read, and for the life of me can't figure out how to get my
> IPFilter logs to stop going into the /var/log/messages log. I have a syslog
>
I have been doing some work with cleaning up my log files to make them
easier to read, and for the life of me can't figure out how to get my
IPFilter logs to stop going into the /var/log/messages log. I have a
syslog entry for local0.* /var/log/ipfilter.log which works great, and
capture
I'm using ipfilter on -current.
Here's a fragment of the outgoing rules:
# ipfstat -on
*skip*
@14 pass out quick on bge0 proto udp from any to any port = 8649 keep state
*skip*
@18 pass out log first quick on bge0 all
And I see these ipmon entries in /var/log/ipfilter.log:
ipmon[7
Have this nat rule
rdr rl0 0.0.0.0/0 port 6355 -> 10.0.10.3 port 6355
I can see in the log that tcp packets are being redirected but udp
packets are not. Can not find any verbiage in man 5 0r 8 ipnat that
states rdr rule only matches on tcp packets. I thought tcp/udp packets
should be redirected?
Hi,
I use FreeBSD 7.2-RELEASE with IPFilter used as proxy server for our LAN.
I have following rules for external interface:
block in log on rl0 all head 100
block out log on rl0 all head 200
pass out quick proto udp from a.b.c.d/32 to any keep state group 200
pass out quick proto tcp from
Have this nat rule
rdr rl0 0.0.0.0/0 port 6355 -> 10.0.10.3 port 6355
I can see in the log that tcp packets are being redirected but udp
packets are not. Can not find any verbiage in man 5 0r 8 ipnat that
states rdr rule only matches on tcp packets. I thought tcp/udp packets
should be redirect
This is my freebsd 7.2:
[code]
FreeBSD fbsd.test.com 7.2-RELEASE FreeBSD 7.2-RELEASE #0: Mon Aug 3
06:40:56 UTC 2009
r...@vfbsd.shstorm.com:/usr/src/sys/amd64/compile/kernel_IPF amd64
[/code]
In kenrel_IPF, I add these lines:
[code]
options IPFILTER
options IPFILTER_LOG
[/code]
Add these
+++ dacoder [01/03/09 13:17 -0500]:
updating my system friday from the feb 7 version of 7.1 to the latest broke
tcp and udp (but *not* icmp) over ipnat, which had worked forever with my
current ipfilter rules and ipnat mapping rules, which are pretty simple.
what has changed?
/etc/ipnat.rules
updating my system friday from the feb 7 version of 7.1 to the latest broke
tcp and udp (but *not* icmp) over ipnat, which had worked forever with my
current ipfilter rules and ipnat mapping rules, which are pretty simple.
what has changed?
/etc/ipnat.rules:
map age0 10.0.0.0/24 ->
-questions@freebsd.org; Dean Weimer
Subject: Re: IPFilter section in Handbook needs updating
G magicman wrote:
> And incomplete yes i agree that the doc does need to be updated and examples
> (more) need to be added.
>
> --- On Fri, 12/5/08, Dean Weimer <[EMAIL PROTECTED]> wrote:
&
G magicman wrote:
And incomplete yes i agree that the doc does need to be updated and examples
(more) need to be added.
--- On Fri, 12/5/08, Dean Weimer <[EMAIL PROTECTED]> wrote:
From: Dean Weimer <[EMAIL PROTECTED]>
Subject: IPFilter section in Handbook needs updating
To: freeb
And incomplete yes i agree that the doc does need to be updated and examples
(more) need to be added.
--- On Fri, 12/5/08, Dean Weimer <[EMAIL PROTECTED]> wrote:
From: Dean Weimer <[EMAIL PROTECTED]>
Subject: IPFilter section in Handbook needs updating
To: freebsd-questions@free
On Dec 5, 2008, at 7:07 AM, Dean Weimer wrote:
I was just setting up ipfilter and ipmon on a FreeBSD 7 server, and
noticed that the ipmon and syslog information under the ipfilter
section of the handbook is incorrect.
A couple of years back, I submitted a one liner to some email
address
I was just setting up ipfilter and ipmon on a FreeBSD 7 server, and noticed
that the ipmon and syslog information under the ipfilter section of the
handbook is incorrect.
The section reads:
-snip-
31.5.7 IPMON Logging
Syslogd uses its own special method for segregation of log data. It
Hi all,
I have a server running 6.2-stable that experiences mbuf leakage
if I perform policy routing with ipfilter. This is independent of the
hardware as I have moved the disk to a different machine with different
MB, NICs etc and had the same result.
The server is running quagga, postfix and
Hallo,
I got strange problem ipfilter on FreeBSD 6.2-STABLE. After uptime my
machine running 7 days until 10 days, I can't access DNS, sometime
SSH, and etc, to my box, but this happen randomly. For example I've
rule like this:
# SSH
pass in quick on rl0 proto tcp from 192.
On Tue, 10 Apr 2007 15:26:36 -0400
Lowell Gilbert <[EMAIL PROTECTED]> wrote:
> "J.D. Bronson" <[EMAIL PROTECTED]> writes:
>
> > Ok...what do you guys do to handle a change of IP/network via DHCP
> > with ipfilter?
> >
> > I have been to
"J.D. Bronson" <[EMAIL PROTECTED]> writes:
> Ok...what do you guys do to handle a change of IP/network via DHCP
> with ipfilter?
>
> I have been told that if my IP changes while the machine is up and
> running that ipfilter WON'T see this change and needs to
Ok...what do you guys do to handle a change of IP/network via DHCP
with ipfilter?
I have been told that if my IP changes while the machine is up and
running that ipfilter WON'T see this change and needs to be
told...supposedly it only reads the IP when it starts itself.
If this is tru
Garrett Cooper :
Hello,
> Just wondering if anyone has IPFilter / nfsd setup properly on their
> boxes with any beta versions of FBSD.
>
> I am having loads of issues transferring large files (~300MB apiece) or
> issues transferring a large number of smaller files (3MB ~ 10MB a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck Swiger wrote:
> You really don't want to mix machines which are trusted with machines
> which are not trusted on the same subnet. If you can't control which
> client machines get which IPs, you pretty much cannot use firewall rules
> to restr
On Jan 11, 2007, at 1:50 PM, Garrett Cooper wrote:
Actually, no. While rpcbind/portmap/portmapper is assigned to 111/
tcp &
udp, most other RPC services get assigned high port numbers in the
327xx
range, but that varies considerably from platform to platform.
True. NFS is port 2049 by defau
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck Swiger wrote:
>
> Actually, no. While rpcbind/portmap/portmapper is assigned to 111/tcp &
> udp, most other RPC services get assigned high port numbers in the 327xx
> range, but that varies considerably from platform to platform.
True. NFS is p
firewall setup (albeit
it'd be sort of a pain). Does ipfw / pf work better with RPC than
IPFilter?
No, not really. What you probably want to focus on is protecting
your entire subnet, including the fileserver and clients, from
malicious traffic via your Internet link(s), and then wo
Chuck Swiger wrote:
On Jan 11, 2007, at 10:58 AM, Garrett Cooper wrote:
Just wondering if anyone has IPFilter / nfsd setup properly on their
boxes with any beta versions of FBSD.
It is typically not useful to implement firewall rules between NFS
servers and legitimate NFS clients.
The
On Jan 11, 2007, at 10:58 AM, Garrett Cooper wrote:
Just wondering if anyone has IPFilter / nfsd setup properly on
their boxes with any beta versions of FBSD.
It is typically not useful to implement firewall rules between NFS
servers and legitimate NFS clients.
The large number of RPC
Just wondering if anyone has IPFilter / nfsd setup properly on their
boxes with any beta versions of FBSD.
I am having loads of issues transferring large files (~300MB apiece) or
issues transferring a large number of smaller files (3MB ~ 10MB apiece)
from a FBSD 6.1 client to a FBSD 6.1
On Sat, 28 Oct 2006 08:59:40 +0700, in sentex.lists.freebsd.questions
you wrote:
>
>Any ideas how to optimize my Gateway (FreeBSD/NATD/IPFilter) to ensure
>that it will reserv the bandwidth priority for my VoIP Application?
You are better off using pf+ALTQ rather than mixing ipfilter
Dear all,
I have install one FreeBSD Firewall in my office and its running NATD
and IPFilter now. My external Interface is connected to my ISP through
Wimax PPPoE (256 kbps).
I have install another PC for PC-to-Phone VoIP Call and there is no
Internet Application running on that PC except
Answer found, NAT implemented using libalias library: man 3 libalias
--
Nathan Vidican
[EMAIL PROTECTED]
On Wed, 18 Oct 2006 13:59:29 -0400, Nathan Vidican wrote
> using:
>
> ppp -ddial -nat
>
> How does the "-nat" flag implement nat for PPPoE ? Using ipfw/natd,
&g
using:
ppp -ddial -nat
How does the "-nat" flag implement nat for PPPoE ? Using ipfw/natd,
ipnat/ipfilter, and is it hard-coded or can it be optionally changed?
Can I use rules created for/through ipfilter/ipnat, or should I simply
disable NAT translation on the ppp interface and
In response to Odhiambo Washington <[EMAIL PROTECTED]>:
> * On 20/09/06 11:16 -0400, Bill Moran wrote:
> | In response to Odhiambo Washington <[EMAIL PROTECTED]>:
> |
> | [snip]
> |
> | > The scenario:
> | >
> | > I am running a FreeBSD
* On 20/09/06 17:16 +0200, Erik Norgaard wrote:
| Odhiambo Washington wrote:
|
| >I need to control bandwidth on the external interface only, not on the
| >LAN (internal interfaces).
| >
| >Is this rightful thinking or sheer imagination which is not practical?
|
| If you're ha
* On 20/09/06 11:16 -0400, Bill Moran wrote:
| In response to Odhiambo Washington <[EMAIL PROTECTED]>:
|
| [snip]
|
| > The scenario:
| >
| > I am running a FreeBSD 5.x box with IPFilter/IPNAT. The box has two
| > interfaces at the moment, external interface connec
Odhiambo Washington wrote:
I need to control bandwidth on the external interface only, not on the
LAN (internal interfaces).
Is this rightful thinking or sheer imagination which is not practical?
If you're happy with IPFilter and need to ensure minimum bandwidth for
some network se
In response to Odhiambo Washington <[EMAIL PROTECTED]>:
[snip]
> The scenario:
>
> I am running a FreeBSD 5.x box with IPFilter/IPNAT. The box has two
> interfaces at the moment, external interface connected to the hostile
> Internet and internal interface connected to
d to spend days reading about
IPFW, which, sincerely, is not one of those firewall implementations
that is easy for me. I therefore need help to prove a point and keep
a customer..
The scenario:
I am running a FreeBSD 5.x box with IPFilter/IPNAT. The box has two
interfaces at the moment, external
On 9/9/06, rithy4u- CEO <[EMAIL PROTECTED]> wrote:
Dear all,
I have tried to read some documents online and build my own firewall using
ipfilter enabled in my kernel. but now I want some idea regarding a
coperate, dedicate firewall for company upto 250 users something. what
should we do
> Dear all,
>
> I have tried to read some documents online and build my own firewall using
> ipfilter enabled in my kernel. but now I want some idea regarding a
> coperate, dedicate firewall for company upto 250 users something. what
> should we do to get those type of firew
Dear all,
I have tried to read some documents online and build my own firewall using
ipfilter enabled in my kernel. but now I want some idea regarding a coperate,
dedicate firewall for company upto 250 users something. what should we do to
get those type of firewall system? how to scale for it
On 2006-08-26 20:31, "J.D. Bronson" <[EMAIL PROTECTED]> wrote:
> At 07:59 PM 8/26/2006, you wrote:
> >I'd go for the simpler syntax of:
> >
> >MYADDR:
> > ! /sbin/ipf -y
>
> well that didnt work either. what a pain. :(
>
> tun0: Warning: /etc/ppp/ppp.linkup: ! /sbin/ipf -y: Invalid comman
At 07:59 PM 8/26/2006, you wrote:
I'd go for the simpler syntax of:
MYADDR:
! /sbin/ipf -y
well that didnt work either. what a pain. :(
tun0: Warning: /etc/ppp/ppp.linkup: ! /sbin/ipf -y: Invalid command
perhaps its time to write a script and simply reference the script
from ppp.
On 2006-08-26 19:46, "J.D. Bronson" <[EMAIL PROTECTED]> wrote:
> Ok guys...now that I have ipfilter working...I need to run a few
> commands in /etc/ppp/ppp;linkup and cant figure out the syntax...
>
> % cat /etc/ppp/ppp.linkup
>
> # It is no longer necessary t
Ok guys...now that I have ipfilter working...I need to run a few
commands in /etc/ppp/ppp;linkup and cant figure out the syntax...
% cat /etc/ppp/ppp.linkup
# It is no longer necessary to re-add the default route here as our
MYADDR:
! sh -c "/sbin/ipnat -CF -f /etc/ipnat.conf"
! sh
'd be interested to see how you modified IP Filter
> >to make it use a "block by default" policy.
> >
> >Regards,
> >Giorgos
>
> This fixed it. WHEW!
Great :)
> Simply adding this to my own kernel:
>
> options IPFILTER
> options
Giorgos
This fixed it. WHEW!
Simply adding this to my own kernel:
options IPFILTER
options IPFILTER_LOG
options IPFILTER_DEFAULT_BLOCK
then:
# ipf -V
ipf: IP Filter: v4.1.8 (416)
Kernel: IP Filter: v4.1.8
Running: yes
Log Flags: 0 = none set
Default: blo
On 2006-08-26 17:48, "J.D. Bronson" <[EMAIL PROTECTED]> wrote:
>At 05:19 PM 8/26/2006, Giorgos Keramidas wrote:
>> You are implicitly blocking all traffic on the lo0 interface (by the
>> modified default policy to "block" all traffic, and missing an
>> explicit rule to allow lo0 traffic).
>>
>> Whe
On Saturday, August 26, 2006 at 8:02:10 PM, J.D. confabulated:
> I got a full load of 6.1p4 installed and all built. I have pppoe and
> ipfilter running almost perfect.
> Clients can use the machine (as a router) and get out perfectly!
> No issues with network performance at al
At 05:19 PM 8/26/2006, Giorgos Keramidas wrote:
You are implicitly blocking all traffic on the lo0 interface (by the
modified default policy to "block" all traffic, and missing an explicit
rule to allow lo0 traffic).
When a system tries to connect to itself, it uses lo0/127.0.0.1 and this
is no
On 2006-08-26 17:10, "J.D. Bronson" <[EMAIL PROTECTED]> wrote:
> At 05:07 PM 8/26/2006, Giorgos Keramidas wrote:
> >Weird. This doesn't seem ot include *ANY* block rules at all.
> >
> >Is this a standard 6.1 installation, or do you have local IP Filter
> >modifications (like, for instance, a modif
At 05:07 PM 8/26/2006, Giorgos Keramidas wrote:
Weird. This doesn't seem ot include *ANY* block rules at all.
Is this a standard 6.1 installation, or do you have local IP Filter
modifications (like, for instance, a modified 'default' rule which
blocks everything, instead of allowing everything)
On 2006-08-26 16:05, "J.D. Bronson" <[EMAIL PROTECTED]> wrote:
> At 03:40 PM 8/26/2006, Giorgos Keramidas wrote:
>
> >Don't show us the ipf.conf file you are using, but the output of:
> >
> >% ipfstat -hni
> >% ipfstat -hno
> >
> >Then we can really know what rules you have loaded in IP Fi
At 04:05 PM 8/26/2006, J.D. Bronson wrote:
# ipfstat -hni
2 @1 pass in quick on bge0 all keep state keep frags
# ipfstat -hno
1 @1 pass out quick on bge0 all keep state keep frags
1 @2 pass out quick on tun0 proto tcp from any to any flags S/FSRPAU
keep state keep frags
1 @3 pass out quick on
At 03:40 PM 8/26/2006, Giorgos Keramidas wrote:
Don't show us the ipf.conf file you are using, but the output of:
% ipfstat -hni
% ipfstat -hno
Then we can really know what rules you have loaded in IP Filter.
# ipfstat -hni
2 @1 pass in quick on bge0 all keep state keep frags
# ipf
On 2006-08-26 15:02, "J.D. Bronson" <[EMAIL PROTECTED]> wrote:
> I got a full load of 6.1p4 installed and all built. I have
> pppoe and ipfilter running almost perfect.
>
> Clients can use the machine (as a router) and get out
> perfectly! No issues with network
I got a full load of 6.1p4 installed and all built. I have pppoe and
ipfilter running almost perfect.
Clients can use the machine (as a router) and get out perfectly!
No issues with network performance at all. I am very pleased...until...
I found out that the router itself cant get out 100
>
>> Nicholas wrote:
>>
>> I am currently running a couple of 6.1 and 5.4 servers as firewall /
>> routers for my company. I am experiencing some problems on the 6.1
>> server with ipfilter where it blocks oow (out of window) packets. I
>> have tried to u
I run 6.1 with ipfilter and LAN full of window boxes NO PROBLEM.
You need to provide a much greater level of details before making
such unfounded statements as ipfilter is broken.
Your rule set is most likely incorrect.
Post description of your firewall/LAN setup along with your complete
rule
I am currently running a couple of 6.1 and 5.4 servers as firewall /
routers for my company. I am experiencing some problems on the 6.1
server with ipfilter where it blocks oow (out of window) packets. I
have tried to update to the latest version of ipfilter but was unable to
compile my kernel
Brett Wiggins wrote:
> Hi everyone,
> I am having some problems installing ports when I have
>
> IPFILTER running. I have put FTP_PASSIVE_MODE=YES in /etc/make.conf
>
> but the command 'make all install clean' yields;
>
> ===> Vulnerabili
Brett Wiggins wrote:
Hi everyone,
I am having some problems installing ports when I have
IPFILTER running. I have put FTP_PASSIVE_MODE=YES in /etc/make.conf
Try putting it in /etc/login.conf
/etc #grep PASSIVE *
login.conf: :setenv=MAIL=/var/mail/$,BLOCKSIZE=K
Hi everyone,
I am having some problems installing ports when I have
IPFILTER running. I have put FTP_PASSIVE_MODE=YES in /etc/make.conf
but the command 'make all install clean' yields;
===> Vulnerability check disabled, database not found
=> jce-aba-1.1.tar.gz
On 4/25/2006 1:19 PM, Aaron Siegel wrote:
Hello
I cannot get ipfilter to load any rules. When I type in the iptest command I
receive the following output:
<[EMAIL PROTECTED]># ipftest
no rules loaded
man ipftest says:
At least one of -N, -P or -r must be specified.
Sounds like yo
Hello
I cannot get ipfilter to load any rules. When I type in the iptest command I
receive the following output:
<[EMAIL PROTECTED]># ipftest
no rules loaded
I used the example found in the /usr/share/examples directory I am unable to
load the firewall. I have tried to load the file
Nikos, thank you. I appended " mssclamp 1440 " in ipf.rule, it works
now! And I have tried not use it but add "set link mtu 1440" in mpd.conf, and
failed. Yes, the problem occurs when NATing, and mssclamp 1440 is the key.
fbsd, thank you anyway.
Arnold Lee
2006 -04-14
On Wednesday 12 April 2006 11:34, Arnold Lee wrote:
> I am in a small lan and want to use fb 6.0 as a router to share internet
> access. I use mpd 3.18 to dial adsl on demand. I configured ipnat with :
> map rl0 10.0.0.0/8 -> 0.0.0.0/32 portmap tcp/udp auto
> map rl0 10.0.0.0/8 -> 0.0.0.0/32
> A
es file
Then ipf will use its default pass all rule which results in the
ipnat function working with a firewall rule of pass all
Also your nat rules are incorrect.
The special alias 0.0.0.0/32 should be 0/32
The FreeBSD handbook has a good section on ipfilter.
-Original Message-
From: [E
I am in a small lan and want to use fb 6.0 as a router to share internet
access. I use mpd 3.18 to dial adsl on demand. I configured ipnat with :
map rl0 10.0.0.0/8 -> 0.0.0.0/32 portmap tcp/udp auto
map rl0 10.0.0.0/8 -> 0.0.0.0/32
And then I use my client compute(windows 2000 Pro) to acces
Just a quick question. How are you connecting to the Internet, by that I
mean are you using aDSL? If you are, I can help you.
Don
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe,
Erik Norgaard
Sent: Wednesday, March 29, 2006 2:54 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED] ORG
Subject: Re: FBSD 6.0 ipfilter nat redirect not working.
fbsd_user wrote:
# /root >ipnat -l
List of active MAP/Redirect filters:
map rl0 10.0.10.0/29 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map
OTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Erik Norgaard
Sent: Wednesday, March 29, 2006 2:54 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED] ORG
Subject: Re: FBSD 6.0 ipfilter nat redirect not working.
fbsd_user wrote:
> # /root >ipnat -l
> List of active MAP/Redirect filters:
> map rl
fbsd_user wrote:
# /root >ipnat -l
List of active MAP/Redirect filters:
map rl0 10.0.10.0/29 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map rl0 0.0.0.0/0 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map rl0 10.0.10.0/29 -> 0.0.0.0/32
rdr rl0 0.0.0.0/0 port 6188 -> 10.0.10.4 port 80 tcp
List of active session
Been running ipfilter long time.
Now with FBSD 6.0 having no joy at getting
redirect to web server on LAN to work.
This is first time trying this.
rl0 is NIC facing the public internet.
10.0.10.4 is the LAN ip address of the web server.
Have friend uses http://79.69.59.49:6188/index.htm
to target
John Murphy wrote:
I think the filter action occurs before NAT so you would need this:
pass in log quick on dc0 proto tcp from any to port = 80
For ip-filter, if nat is done when the packet comes IN on an interface,
like with rdr, then this takes place BEFORE filtering. If nat is done
when
s port 80,
then re-write the packet's destination ip address and port to
10.0.10.4 port 8080 and create the internal nat table to
handle the translation of the outbound packets coming from
10.0.10.4.
Then hand the re-written packet to the firewall to be processed
against the firewall rules.
and create the internal nat table to
>handle the translation of the outbound packets coming from
>10.0.10.4.
>Then hand the re-written packet to the firewall to be processed
>against the firewall rules.
>
>My ipfilter firewall rules would need a pass rule like this
>
>pass in
,
then re-write the packet's destination ip address and port to
10.0.10.4 port 8080 and create the internal nat table to
handle the translation of the outbound packets coming from
10.0.10.4.
Then hand the re-written packet to the firewall to be processed
against the firewall rules.
My ipfilt
I have a FreeBSD firewall which does packet filtering and NAT.
The internal address range is 172.16.64.0/24. The only filtering
is incoming on the external NIC, fxp0.
The machine also runs mpd for remote access.
By pure chance I was tailing ipf.log when I connected an XP laptop
to the mpd servic
Yes, that's it! Thanks! I've managed to miss somehow your message,
Giorgos, and flooded a bit :-)
Regards,
Muxas
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
x27;s true. I did post the relevant message:
Date: Tue, 14 Feb 2006 17:13:33 +0200
From: Giorgos Keramidas <[EMAIL PROTECTED]>
Subject: Re: IPFILTER rule error
To: Maxim Vetrov <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
[...]
Note that
Maxim Vetrov wrote:
# Internal interface #1 - rl0 (10.0.1.0/29) #
#% Block-and-log
Hi!
Thahks for your attention!
>> First of all you really need to read the ipfilter section of the
FreeBSD handbook...
>> [EMAIL PROTECTED]
I've read the handbook. Good starting point! :-) Given that I just
_TEST_ ipf config ported from 5.4 to 6.0 on local LAN, I do not vio
First of all you really need to read the ipfilter section of the
FreeBSD handbook.
The correct solution is exampled in the handbook.
You do not need to compile ipfilter in to the kernel to work.
>From your rules I see no need for that head/group stuff so remove
it.
I see rl0 being assigned
Maxim Vetrov wrote:
Hi,
kernel conf:
---
...
optionsIPFILTER
optionsIPFILTER_LOG
#optionsIPFILTER_DEFAULT_BLOCK
#optionsIPSTEALTH
...
---
The rc scripts
Hi,
Sorry, I really do not want you to guess! Here is what you asked:
kernel conf:
---
...
optionsIPFILTER
optionsIPFILTER_LOG
#optionsIPFILTER_DEFAULT_BLOCK
#optionsIPSTEALTH
> Hi,
>
> I'm running FreeBSD 6.0, IPFilter 4.1.8(416).
>
> Setting line for rpc outbound calls
>
> pass out quick on rl0 \
> proto udp from any to any port = sunrpc keep state group 20
>
> gives me this error:
>
> ioctl (add/insert rule): No such pr
Maxim Vetrov wrote:
Hi,
I'm running FreeBSD 6.0, IPFilter 4.1.8(416).
Setting line for rpc outbound calls
pass out quick on rl0 \
proto udp from any to any port = sunrpc keep state group 20
gives me this error:
ioctl (add/insert rule): No such process
What is the process i'm mis
On 2006-02-14 10:09, Maxim Vetrov <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I'm running FreeBSD 6.0, IPFilter 4.1.8(416).
>
> Setting line for rpc outbound calls
>
> pass out quick on rl0 \
> proto udp from any to any port = sunrpc keep state group 20
>
> g
Hi,
I'm running FreeBSD 6.0, IPFilter 4.1.8(416).
Setting line for rpc outbound calls
pass out quick on rl0 \
proto udp from any to any port = sunrpc keep state group 20
gives me this error:
ioctl (add/insert rule): No such process
What is the process i'm missing?
Rega
Has anybody tried to upgrade from the 3r branch of Ipfilter to 4th in
FreeBSD 5.4?
The procedure described in official document isn't correct - my kernel
don't compile with ipfilter - couldn't create needed dependencies. Has
anybody encounter
Got it working. forgot to add security.none after *.notice;
Thanks guys...
--
Elmer Rivera, http://www.vizcayano.com, http://youand.i.ph
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscr
in message <[EMAIL PROTECTED]>,
wrote Rob Lytle thusly...
>
>
>
> > > Here's my setup:
...
> > > in /etc/syslog.conf
> >
> > yes, there is no other security.* facility, actually i got it
> > working
Please keep the attribution & attribute the respective authors.
> I have the problem that ipmo
> > Here's my setup:
> >
> > /etc/rc.conf
> > ipmon_enable="YES"
> > ipmon_flags="-Dns"
> >
> > /etc/syslog.conf
> > security.* /var/log/ipfilter.log
> >
> >
> > Make sure you don't have any other security.* facility specified in
> > /etc/syslog.conf
>
> yes, there is no other security.
/var/log/maillog
--
>
> > its working now unfortunately, its loggin on
> > that file AND to my messages log file. is it possible to log ipfilter
> > log only to my log file?
>
> Yes, it is possible.
# cat /etc/rc.conf
--
ipfilter_enable="YES&
In FBSD 4.11 and older, ipfilter logged to local0.
Then in 5.4 it was changed to security.
Now in 6.0 it has reverted back to logging to local0.
The /etc/syslog.conf file is where you define the log files.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
On 12/13/05, Elmer Rivera <[EMAIL PROTECTED]> wrote:
> hello,
Hello,
>
> my freebsd box is already setup and followed some of the docs on
> setting up the firewall using ipfilter. question on logging.
>
> setup /var/log/ipfilter.log as my log file.
How/where did you
1 - 100 of 361 matches
Mail list logo
