Re: Anyone using squid and pf?

ntrating on getting the web traffic to work first. I've changed rule #1 as you can see below but pf returns a syntax error. # redirect www trafic to proxy rdr in on $int_if inet proto tcp from !$proxy to any port $proxy_services -> $proxy $proxyport tag rdr_proxy My variables are:

Re: getting packets on a specific port by pf

not sure about it's being right at all.. may be someone else can give both of us a tip on its being right or wrong?? :) regards, takCoder Best Regards, t.a.k On Thu, Nov 8, 2012 at 5:30 PM, s m wrote: > dear takcoder > > maybe you are right but now it is not important for me.

Re: Anyone using squid and pf?

On 30 Nov 2012, at 08:30, Leslie Jensen wrote: > > > Damien Fleuriot skrev 2012-11-29 00:28: >> On 27 November 2012 22:01, Leslie Jensen wrote: >>> >>> >> >> >> Well, that depends on what you want to do. >> >> If you want FTP traffic to go to ftp-proxy running on the firewall, >> then re

Re: Anyone using squid and pf?

Damien Fleuriot skrev 2012-11-29 00:28: On 27 November 2012 22:01, Leslie Jensen wrote: Well, that depends on what you want to do. If you want FTP traffic to go to ftp-proxy running on the firewall, then redirect to 8021. If you want it to go to your squid proxy, then send it to port 80

Re: Anyone using squid and pf?

On 27 November 2012 22:01, Leslie Jensen wrote: > > > Volodymyr Kostyrko skrev 2012-11-26 21:50: >> >> 26.11.2012 20:40, Leslie Jensen: >> >>> Rules from pf.conf >>> >>> >>> # macros >>> ext_if="xl0" >>> int_if="bge0" >>> >>> tcp_services="{ 22, 993, 59

Re: Anyone using squid and pf?

Volodymyr Kostyrko skrev 2012-11-26 21:50: 26.11.2012 20:40, Leslie Jensen: Rules from pf.conf # macros ext_if="xl0" int_if="bge0" tcp_services="{ 22, 993, 5910:5917 }" tcp_priv_services="{ 389, 443 }" proxy_services = "{ 21, 80 }" icmp_types="{ e

Re: Anyone using squid and pf?

Doug Sampson skrev 2012-11-27 18:34: [...] Rules from pf.conf # macros ext_if="xl0" int_if="bge0" tcp_services="{ 22, 993, 5910:5917 }" tcp_priv_services="{ 389, 443 }" proxy_services = "{ 21, 80 }" icmp_types="{ echoreq unreach squench timex }"

Re: Anyone using squid and pf?

On Nov 27, 2012, at 6:34 PM, Doug Sampson wrote: > [...] > >> Rules from pf.conf >> >> >> # macros >> ext_if="xl0" >> int_if="bge0" >> >> tcp_services="{ 22, 993, 5910:5917 }" >> tcp_priv_services="{ 389, 443 }" >> proxy_services = "{ 21, 80 }" >>

RE: Anyone using squid and pf?

[...] > Rules from pf.conf > > > # macros > ext_if="xl0" > int_if="bge0" > > tcp_services="{ 22, 993, 5910:5917 }" > tcp_priv_services="{ 389, 443 }" > proxy_services = "{ 21, 80 }" > icmp_types="{ echoreq unreach squench timex }" > internal_net = "17

Re: Anyone using squid and pf?

Volodymyr Kostyrko skrev 2012-11-26 21:50: rdr pass proto tcp from any to any port ftp -> 127.0.0.1 port 8021 # redirect www trafic to proxy rdr on $int_if inet proto tcp from $internal_net to any port $proxy_services -> $proxy port 8080 I could be wrong here but I think you have a loop. Y

Re: Anyone using squid and pf?

26.11.2012 20:40, Leslie Jensen: Rules from pf.conf # macros ext_if="xl0" int_if="bge0" tcp_services="{ 22, 993, 5910:5917 }" tcp_priv_services="{ 389, 443 }" proxy_services = "{ 21, 80 }" icmp_types="{ echoreq unreach squench timex }" internal_net =

Re: Anyone using squid and pf?

se provide relevant parts of pf.conf and full log output, not just the first line? Just to clarify. I'm running pf and squid on the same machine. Yes I've also split the listening ports. http_port 172.18.0.1:8080 intercept http_port 127.0.0.1:8080 Output from cache.log: 2012/11/24 14

Re: Anyone using squid and pf?

24.11.2012 17:39, Leslie Jensen: I've upgraded squid from 3.1 to 3.2. Starting squid 3.2 with the same configuration file now gives me errors in cache.log when one tries to access any site, and of course no access! 2012/11/24 16:24:56 kid1| WARNING: Forwarding loop detected for: Reverting back

Re: PF and tables for disabling network

On 23/11/2012 15:58, Fleuriot Damien wrote: On Nov 23, 2012, at 3:46 PM, David Demelier wrote: Hello, I would like to disable the network traffic for specific IPs, for the moment I just add to my pf.conf a rule that will block everything for a specified table like this : table [...] other

Anyone using squid and pf?

I've upgraded squid from 3.1 to 3.2. Starting squid 3.2 with the same configuration file now gives me errors in cache.log when one tries to access any site, and of course no access! 2012/11/24 16:24:56 kid1| WARNING: Forwarding loop detected for: Reverting back to 3.1 works. I know there ar

Re: PF and tables for disabling network

On Nov 23, 2012, at 3:46 PM, David Demelier wrote: > Hello, > > I would like to disable the network traffic for specific IPs, for the > moment I just add to my pf.conf a rule that will block everything for a > specified table like this : > > table > > [...] others rules [...] > > block from

PF and tables for disabling network

Hello, I would like to disable the network traffic for specific IPs, for the moment I just add to my pf.conf a rule that will block everything for a specified table like this : table [...] others rules [...] block from Then I just need to add my IP using pfctl, it will works, no packet can b

Re: pf synproxy slowdown

On Fri, Nov 09, 2012 at 05:40:16AM +, Anders N. wrote: A> Hi. I've got a server running pf that has been displaying some odd (at least to me) behavior. A> A> I use the "synproxy state"[1] option quite a few times in my config without any ill effects that I've

pf synproxy slowdown

Hi. I've got a server running pf that has been displaying some odd (at least to me) behavior. I use the "synproxy state"[1] option quite a few times in my config without any ill effects that I've noticed until now. I realized it was on every open port except for ssh, so

Re: getting packets on a specific port by pf

dear takcoder maybe you are right but now it is not important for me. i want to get packets by pf in order to set packet's TOS bit (packets which comes from IPFW). have you any suggestion? thanks for your attention sam On Thu, Nov 8, 2012 at 4:11 PM, takCoder wrote: > hey sam, >

Re: getting packets on a specific port by pf

:53 PM, s m wrote: > hello guys > > i have a problem with getting packets which are diverted to a specific port > by PF. i mean i diverted my packets to a specific port by IPFW and want to > get these packets by PF to change them. > i used "ipfw add 1000 divert 8000 all

getting packets on a specific port by pf

hello guys i have a problem with getting packets which are diverted to a specific port by PF. i mean i diverted my packets to a specific port by IPFW and want to get these packets by PF to change them. i used "ipfw add 1000 divert 8000 all form any to any" command to divert my packets.

marking packets in IPFW and recognize them in PF

hello every body i want to mark some of my packets (by tag, mark, divert or anything else) in IPFW and recognize these packets in PF in the same system. please let me know if it is possible and how i can do that. i have freebsd 8.2. if it is impossible in freebsd 8.2, what about freebsd 9? can

Re: recompiling pf module, pfctl

Hello, If I need to recompile pfctl and snmp_pf, would I run 'make clean', 'make', and 'make install' in /usr/src/usr.sbin/bsnmpd/modules/snmp_pf and /usr/src/sbin/pfctl? Is either of the directories incorrect or some other combination of make calls required there? Oh, forgot to mention. T

recompiling pf module, pfctl

Hello, If I need to recompile pfctl and snmp_pf, would I run 'make clean', 'make', and 'make install' in /usr/src/usr.sbin/bsnmpd/modules/snmp_pf and /usr/src/sbin/pfctl? Is either of the directories incorrect or some other combination of make calls required there? Thank you, Darrel ___

[ FYI ] New version of PF now SMP-scalable

[HEADS UP] merging projects/pf into head Some good news: http://lists.freebsd.org/pipermail/freebsd-pf/2012-September/006740.html ___ freebsd-questions@freebsd.org

PF RDR from LAN to LAN

Hi folks, I've little questions about RDR using Packet Filter (PF), I used IPF (IPFILTER) before and success with this scenario. extif = outside interface intif = internal interface public_ip = 202.xxx.xxx.xxx client_create = 192.168.1.1, port = 6112 client_join = 192.168.1.2 for ou

Re: ToS marking in pf

17.08.2012, 20:54, "Darren Baginski" : > Hi list! > > Could you please point me how can I set DSCP/TOS bits for outgoing packets > using pf ? > I would like to mark all packets going to the specific port marked with DSCP > CS3. >

ToS marking in pf

Hi list! Could you please point me how can I set DSCP/TOS bits for outgoing packets using pf ? I would like to mark all packets going to the specific port marked with DSCP CS3. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org

Working openvpn/pf configuration broken on upgrade from 8.3 to 9.0

Hi. I'm running a small VPN for ~10 office users. Upon upgrading the machine from 8.3 to 9.0 yesterday, it became impossible for users to connect to the VPN. I've tried everything I can think of to track down the problem and it seems (although I may be mistaken) to be something to

Re: packet filter problem on transparent firewall using bridge and pf

I have another problem . >_< Sometimes , I cannot connect to server ( in trust zone ) from untrust. Even I turn off the firewall, the situation still come up. But, when the state appears, I ping some ip from the server ( in trust ) to a host ( in untrust ). Suddenly, I connect to the server

Re: packet filter problem on transparent firewall using bridge and pf

ule ( block out on bridge0 ). So, I change some configuration. 1. bind freebsd ip ( 10.1.1.1 ) on em0 2. change some pf rules ( please see below ) pf.conf my_net=10.1.1.0/24 serv1="10.1.1.101" client1="10.1.6.73" set skip lo0 set skip bridge0 block in all blo

packet filter problem on transparent firewall using bridge and pf

I have some trouble with pf on freebsd bridge. Network topology: ( untrust ) -- { em0 , bridge0 , em1 } -- ( trust ) Bridge Network: 10.1.1.0/24 bridge0 IP: 10.1.1.1 ( freebsd's ip ) default gw: 10.1.1.254 ( in untrust area ) server: 10.1.1.101 ~ 200 ( in trust area ) pf.conf on fr

Re: pf firewall and ftp

There's also web available manuals for probably every release of OpenBSD here: http://www.openbsd.org/cgi-bin/man.cgi http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&manpath=OpenBSD+4.5 ___ freebsd-questions@freebsd.org mailing list http://lists.fre

Re: SV: pf firewall and ftp

On Mon, Apr 16, 2012 at 09:39:38AM +0200, Hasse Hansson wrote: > To solve the ftp pre 4.7 part, you can start reading here > http://home.nuug.no/~peter/pf/en/long-firewall.html#FTPPROBLEM > > /Hasse > -Oprindelig meddelelse- > Fra: owner-freebsd-questi...@freebsd.o

SV: pf firewall and ftp

To solve the ftp pre 4.7 part, you can start reading here http://home.nuug.no/~peter/pf/en/long-firewall.html#FTPPROBLEM /Hasse -Oprindelig meddelelse- Fra: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] På vegne af Fbsd8 Sendt: den 16 april 2012 04:31

Re: pf firewall and ftp

Fbsd8 wrote: Running 9.0 as a gateway host with pf firewall enabled. FTP is launched by inetd. Both active and passive ftp works from lan pc's to the host ftp. The lan ftp session can be initiated from the host or any lan pc and things work because there are no rules on the lan interface e

pf firewall and ftp

Running 9.0 as a gateway host with pf firewall enabled. FTP is launched by inetd. Both active and passive ftp works from lan pc's to the host ftp. The lan ftp session can be initiated from the host or any lan pc and things work because there are no rules on the lan interface except single

Re: pf firewall rule numbers

Mike Tancsa wrote: On 4/11/2012 8:34 PM, Fbsd8 wrote: In the pf log I see the rule number of the rule used to create the log file entry. pfctl -sr command does not list the rule number of each rule it lists. Hi, Try pfctl -sr -vv ---Mike Thanks the -vv printed the rule number

Re: pf firewall rule numbers

On 4/11/2012 8:34 PM, Fbsd8 wrote: > In the pf log I see the rule number of the rule used to create the log > file entry. pfctl -sr command does not list the rule number of each rule > it lists. Hi, Try pfctl -sr -vv ---Mike -- --- Mike Tancsa, tel +1 519

pf firewall rule numbers

In the pf log I see the rule number of the rule used to create the log file entry. pfctl -sr command does not list the rule number of each rule it lists. So my question is how do I relate the rule number shown in the log listing back to the text rule file rules

Windows XP ssh client to FreeBSD 5.3/pf issue

8.x, 9.x BSD servers though from Windows 7. If I switch to an XP client on same network (192.168.0.0/16) it works. If I shutoff pf on the 5.3 server Win 7 clients can connect. So it must be pf, but I don't see how pf would be affected by a windows OS version. pf.conf follows -Matt **/etc/pf.c

Re: pf not seeing inbound packets on netgraph interface

man 4 enc On Tue, Jan 3, 2012 at 8:30 PM, Edward Carrel wrote: > On Jan 3, 2012, at 12:12 AM, Damien Fleuriot wrote: > >> Thinking -pf@ or -net@ would be a better place to discuss this, more chances >> of getting an answer. > > I was wondering about that. I'll send

Re: pf not seeing inbound packets on netgraph interface

On Jan 3, 2012, at 12:12 AM, Damien Fleuriot wrote: > Thinking -pf@ or -net@ would be a better place to discuss this, more chances > of getting an answer. I was wondering about that. I'll send my question to -net@ to start. Thanks. > Out of curiosity why not use a gif interface

Re: pf not seeing inbound packets on netgraph interface

Thinking -pf@ or -net@ would be a better place to discuss this, more chances of getting an answer. Out of curiosity why not use a gif interface ? I had that working just fine with racoon and was able to actually firewall traffic on it with PF, iirc

Re: pf not seeing inbound packets on netgraph interface

On 01/03/12 16:17, Ed Carrel wrote: Hi freebsd-questions, I am running into a roadblock getting PF to filter traffic on a Netgraph interface representing an L2TP/IPSec connection. I have done some narrowing down of the problem, but was hoping to get some advice on figuring out where to go

pf not seeing inbound packets on netgraph interface

Hi freebsd-questions, I am running into a roadblock getting PF to filter traffic on a Netgraph interface representing an L2TP/IPSec connection. I have done some narrowing down of the problem, but was hoping to get some advice on figuring out where to go digging next, or things to try. Also

Re: Implementation details of altq hfsc scheduler in pf 4.5

On Thu, 15 Dec 2011 12:52:15 -0500 Maxim Khitrov wrote: > On Tue, Dec 13, 2011 at 8:15 AM, RW > wrote: > > It's about latency, realtime has priority over non-realtime. > > I sort of understand this, but I can't figure out how that would apply > to my example: > > altq on $wan hfsc bandwidth 25

Re: PF/ALTQ - Stable TSC?

APseudoUtopia wrote: > Hello, > I'm setting up pf with altq support in my kernel on freebsd 9.0-Stable > (soon to switch to the -RELEASE once it's available). > The system is a quad-core Xeon E31220, running amd64. > I've done a bit of googling and found various

Re: Implementation details of altq hfsc scheduler in pf 4.5

On Tue, Dec 13, 2011 at 8:15 AM, RW wrote: > On Mon, 12 Dec 2011 21:51:39 -0500 > Maxim Khitrov wrote: > >> I've read everything I could find on the topic of configuring hfsc >> altq in pf (4.5, FreeBSD 9), but I still have no clear idea of how it >> is actu

PF/ALTQ - Stable TSC?

Hello, I'm setting up pf with altq support in my kernel on freebsd 9.0-Stable (soon to switch to the -RELEASE once it's available). The system is a quad-core Xeon E31220, running amd64. I've done a bit of googling and found various results. I know the freebsd handbook says ALTQ_NO

Re: Implementation details of altq hfsc scheduler in pf 4.5

On Mon, 12 Dec 2011 21:51:39 -0500 Maxim Khitrov wrote: > I've read everything I could find on the topic of configuring hfsc > altq in pf (4.5, FreeBSD 9), but I still have no clear idea of how it > is actually implemented. I even started looking through the source > code, but

Implementation details of altq hfsc scheduler in pf 4.5

I've read everything I could find on the topic of configuring hfsc altq in pf (4.5, FreeBSD 9), but I still have no clear idea of how it is actually implemented. I even started looking through the source code, but that might take a while. My main questions are: 1. Difference between 

Re: pf rdr (redirect) syntax solved

--- Original message --- From: "Damien Fleuriot" To: "Mark Moellering" Date: 30 November 2011, 21:11:19 Subject: Re: pf rdr (redirect) syntax solved > On 30 Nov 2011, at 17:49, Mark Moellering wrote: > > > My apologies for posting an answer without

Re: pf rdr (redirect) syntax solved

On 30 Nov 2011, at 17:49, Mark Moellering wrote: > My apologies for posting an answer without a question but this is something I > want searchable in the future. > To use redirection ( rdr ) in pf, you MUST specify an ip address or interface. > For example, if you want to fo

Re: pf rdr (redirect) syntax solved

On Wed, Nov 30, 2011 at 11:49 AM, Mark Moellering wrote: > My apologies for posting an answer without a question but this is something > I want searchable in the future. > To use redirection ( rdr ) in pf, you MUST specify an ip address or > interface. > For example, if you want to

pf rdr (redirect) syntax solved

My apologies for posting an answer without a question but this is something I want searchable in the future. To use redirection ( rdr ) in pf, you MUST specify an ip address or interface. For example, if you want to force external traffic coming in on port 80 to port 443 and write this; rdr

Re: need help with pf configuration

g in on an interface > >>> > > other than that which holds the route back to the packet's source > >>> > > address. > >> > > >> > Excuse me, I do not see how this is relevant to my question (allowing > >> > traffic to be

Re: need help with pf configuration

Le Mon, 10 Oct 2011 14:10:53 +0700, Victor Sudakov a écrit : > The problem is, there could be several routed networks behind the > inside interfaces. Not all inside networks are directly connected, and > the :network macro works only for directly connected interfaces, > right? Rigth, this is why

Re: need help with pf configuration

Nikos Vassiliadis wrote: > >> > >>>I have a configuration with 2 inside interfaces, 1 outside and 1 dmz > >>>interface. The traffic should be able to flow > >>> > >>>1) from inside1 to any (and back) > >>>2) from inside2 to any (and back) > >>>3) from dmz to outside only (and back). > >>> > >>>I ne

Re: need help with pf configuration

g in on an interface > >>> > > other than that which holds the route back to the packet's source > >>> > > address. > >> > > >> > Excuse me, I do not see how this is relevant to my question (allowing > >> > traffic to be

Re: need help with pf configuration

ource > > > address. > > > > Excuse me, I do not see how this is relevant to my question (allowing > > traffic to be initiated from a more secure interface to a less secure > > interface and not vice versa). > > Sorry, you can't do this with pf, ipf or ipfw (

Re: need help with pf configuration

On 10/9/2011 10:39 AM, Victor Sudakov wrote: Patrick Lamaiziere wrote: I have a configuration with 2 inside interfaces, 1 outside and 1 dmz interface. The traffic should be able to flow 1) from inside1 to any (and back) 2) from inside2 to any (and back) 3) from dmz to outside only (and back).

Re: need help with pf configuration

> > forwarding (URPF) check, i.e. packets coming in on an interface >>> > > other than that which holds the route back to the packet's source >>> > > address. >> > >> > Excuse me, I do not see how this is relevant to my question (al

Re: need help with pf configuration

gt; address. > > Excuse me, I do not see how this is relevant to my question (allowing > traffic to be initiated from a more secure interface to a less secure > interface and not vice versa). Sorry, you can't do this with pf, ipf or ipfw (the 3 firewalls in FreeBSD). There is no con

Re: need help with pf configuration

Patrick Lamaiziere wrote: > > > I have a configuration with 2 inside interfaces, 1 outside and 1 dmz > > interface. The traffic should be able to flow > > > > 1) from inside1 to any (and back) > > 2) from inside2 to any (and back) > > 3) from dmz to outside only (and back). > > > > I need no det

Re: need help with pf configuration

Le Sun, 9 Oct 2011 12:15:54 +0700, Victor Sudakov a écrit : > I have a configuration with 2 inside interfaces, 1 outside and 1 dmz > interface. The traffic should be able to flow > > 1) from inside1 to any (and back) > 2) from inside2 to any (and back) > 3) from dmz to outside only (and back). >

need help with pf configuration

Colleagues, I have a configuration with 2 inside interfaces, 1 outside and 1 dmz interface. The traffic should be able to flow 1) from inside1 to any (and back) 2) from inside2 to any (and back) 3) from dmz to outside only (and back). I need no details, just a general hint how to setup such secu

Re: How to find out which version of PF a given box is using...

On 21/09/2011 09:17, krad wrote: > If its been syncd to openbsd 4.5 version of pf, its still quite a way behind > openbsd's version in the latest release as they are not on 4.9 with 5.0 > imminent. Looking at the docs there were quite a lot of changes when openbsd > was b

Re: How to find out which version of PF a given box is using...

On 21 September 2011 09:05, Matthew Seaman wrote: > On 21/09/2011 08:34, Matthew Seaman wrote: > > On 21/09/2011 07:34, Modulok wrote: > >> Is there an easy way to find out what version of PF a given FreeBSD > version is > >> using? Currently I'm doing this: &

Re: How to find out which version of PF a given box is using...

On 21/09/2011 08:34, Matthew Seaman wrote: > On 21/09/2011 07:34, Modulok wrote: >> Is there an easy way to find out what version of PF a given FreeBSD version >> is >> using? Currently I'm doing this: >> >> grep -iE '\bpf\b' /usr/src/UPDATING

Re: How to find out which version of PF a given box is using...

On 21/09/2011 07:34, Modulok wrote: > Is there an easy way to find out what version of PF a given FreeBSD version is > using? Currently I'm doing this: > > grep -iE '\bpf\b' /usr/src/UPDATING > > Just wondering if I'm missing something. I didn'

How to find out which version of PF a given box is using...

List, Is there an easy way to find out what version of PF a given FreeBSD version is using? Currently I'm doing this: grep -iE '\bpf\b' /usr/src/UPDATING Just wondering if I'm missing something. I didn't see any '--ve

PF and dup-to?

Hi folks, I have the following pf.conf on FreeBSD 8.1-RELEASE *and* 8.2-RELEASE === set block-policy return set skip on lo int_if=bge1 ext_if=bge0 dup_if=dc0 # NAT rule nat on $ext_if from $int_if:network to any -> ($ext_if) sticky-address # # Windows RDP redirectio

pf nat with pool addresses

Hi all, I am trying to use pf nat rules with pool support on FreeBsd 8.0, working together with ipfw as the main firewall. According to the natting concepts i faced in manuals and docs, nat concept is to map the source address to the natted address when sending the packets from that source and

Re: How to deny getting static ip address via pf ?

On Tue, July 26, 2011 9:01 am, Chuck Swiger wrote: > On Jul 26, 2011, at 3:44 AM, Yavuz Maşlak wrote: >> I use pf on freebsd as packet filter. >> >> I have a wireless area. The users get to the internet using automatic ip >> from the dhcp server. >> I wish to d

Re: How to deny getting static ip address via pf ?

On Jul 26, 2011, at 3:44 AM, Yavuz Maşlak wrote: > I use pf on freebsd as packet filter. > > I have a wireless area. The users get to the internet using automatic ip > from the dhcp server. > I wish to deny to assign a static ip address by manual. You can't prevent someo

Re: How to deny getting static ip address via pf ?

2011/7/26 Matthew Seaman > On 26/07/2011 11:44, Yavuz Maşlak wrote: > > I use pf on freebsd as packet filter. > > > > I have a wireless area. The users get to the internet using automatic ip > > from the dhcp server. > > I wish to deny to assign a static ip add

Re: How to deny getting static ip address via pf ?

On 26/07/2011 11:44, Yavuz Maşlak wrote: > I use pf on freebsd as packet filter. > > I have a wireless area. The users get to the internet using automatic ip > from the dhcp server. > I wish to deny to assign a static ip address by manual. > > How can I do that with pf or

Re: How to deny getting static ip address via pf ?

On 07/26/2011 12:44 PM, Yavuz Maşlak wrote: > Hello > > I use pf on freebsd as packet filter. > > I have a wireless area. The users get to the internet using automatic ip > from the dhcp server. > I wish to deny to assign a static ip address by manual. > > How can I

How to deny getting static ip address via pf ?

Hello I use pf on freebsd as packet filter. I have a wireless area. The users get to the internet using automatic ip from the dhcp server. I wish to deny to assign a static ip address by manual. How can I do that with pf or ipfw or another thing? thanks

Re: Problem with PF reply-to [SOLVED]

On Wednesday 13 July 2011 10:26:59 Mario Lobo wrote: > Hi; > > I have the following scenario. > > FreeBSD 8.2-STABLE FreeBSD 8.2-STABLE #0: Thu May 19 19:53:59 BRT 2011 > i386 > > I want to be able to connect to any of the 2 external IPs this machine has. > > ### pf.conf excerpt > > ext_if1 =

Problem with PF reply-to

Hi; I have the following scenario. FreeBSD 8.2-STABLE FreeBSD 8.2-STABLE #0: Thu May 19 19:53:59 BRT 2011 i386 I want to be able to connect to any of the 2 external IPs this machine has. ### pf.conf excerpt ext_if1 = sis0 (1M link. default gateway) ext_if2 = rl0 (2M link) aln_if = dc0

Re: pf, binat, rdr, and one ip

eb 09, 2011 at 09:08:53AM +1000, Da Rock wrote: >>>> >>>> >>>>> >>>>> On 02/09/11 01:18, Daniel Bye wrote: >>>>> >>>>> >>>>>> >>>>>> On Wed, Feb 09, 2011 at 12:20:56AM +1000, Da Roc

Re: pf, binat, rdr, and one ip

, Da Rock wrote: A very quick question. PF firewall. One static public IP. About 6 servers on the internal network (dmz). One server binat in the pf.conf, the rest redirected. Possible? Or would it die in the hole? I guess you're concerned about performanc

Re: pf, binat, rdr, and one ip

9, 2011 at 12:20:56AM +1000, Da Rock wrote: >>>> >>>> >>>>> >>>>> A very quick question. >>>>> >>>>> PF firewall. One static public IP. About 6 servers on the internal >>>>> network (dmz). One server

Re: pf, binat, rdr, and one ip

On 02/09/11 21:16, Daniel Bye wrote: On Wed, Feb 09, 2011 at 09:08:53AM +1000, Da Rock wrote: On 02/09/11 01:18, Daniel Bye wrote: On Wed, Feb 09, 2011 at 12:20:56AM +1000, Da Rock wrote: A very quick question. PF firewall. One static public IP. About 6 servers on the

Re: pf, binat, rdr, and one ip

On Wed, Feb 09, 2011 at 09:08:53AM +1000, Da Rock wrote: > On 02/09/11 01:18, Daniel Bye wrote: > >On Wed, Feb 09, 2011 at 12:20:56AM +1000, Da Rock wrote: > > > >>A very quick question. > >> > >>PF firewall. One static public IP. About 6 servers on

Re: pf, binat, rdr, and one ip

On 02/09/11 01:18, Daniel Bye wrote: On Wed, Feb 09, 2011 at 12:20:56AM +1000, Da Rock wrote: A very quick question. PF firewall. One static public IP. About 6 servers on the internal network (dmz). One server binat in the pf.conf, the rest redirected. Possible? Or would it die in the

Re: pf, binat, rdr, and one ip

On Wed, Feb 09, 2011 at 12:20:56AM +1000, Da Rock wrote: > A very quick question. > > PF firewall. One static public IP. About 6 servers on the internal > network (dmz). One server binat in the pf.conf, the rest redirected. > > Possible? Or would it die in the hole? I gues

pf, binat, rdr, and one ip

A very quick question. PF firewall. One static public IP. About 6 servers on the internal network (dmz). One server binat in the pf.conf, the rest redirected. Possible? Or would it die in the hole? TIA ___ freebsd-questions@freebsd.org mailing list

Re: PF firewall rules and documentation

he internal interface? 2) why block all if I'm allowing everything out on the external interface? 3) why not pass everything on the internal interface and then filter on the external? The shortest answer is because I happen to like that starting point and it serves as a syntactical reminder

Re: PF firewall rules and documentation

) why block all if I'm allowing everything out on the external interface? 3) why not pass everything on the internal interface and then filter on the external? The shortest answer is because I happen to like that starting point and it serves as a syntactical reminder if I deploy without a pf r

Re: PF firewall rules and documentation

On 01/31/11 20:30, Patrick Lamaiziere wrote: Le Sat, 29 Jan 2011 12:39:18 +1000, Da Rock a écrit : I spent some time playing with pf and pf.conf, and followed the directions in the handbook. It redirected me to the openbsd site for pf.conf, and recommended it as the most comprehensive

Re: PF firewall rules and documentation

Le Sat, 29 Jan 2011 12:39:18 +1000, Da Rock a écrit : > I spent some time playing with pf and pf.conf, and followed the > directions in the handbook. It redirected me to the openbsd site for > pf.conf, and recommended it as the most comprehensive documentation > for pf. > >

Re: PF firewall rules and documentation

suitability, how else does one learn if not through practice? On 1/29/11, Da Rock wrote: I spent some time playing with pf and pf.conf, and followed the directions in the handbook. It redirected me to the openbsd site for pf.conf, and recommended it as the most comprehensive documentation for pf

PF firewall rules and documentation

I spent some time playing with pf and pf.conf, and followed the directions in the handbook. It redirected me to the openbsd site for pf.conf, and recommended it as the most comprehensive documentation for pf. Firstly, I didn't find that. I had to translate the instructions into the cu

Re: The book of pf...

On 1/19/11, Peter N. M. Hansteen wrote: > Modulok writes: > >> This book comes in two editions. The first was published in December >> 2007, the second, November, 2010. Does anyone have this? And if so >> would I be correct to get the first edition instead? I know Fr

Re: The book of pf...

Modulok writes: > This book comes in two editions. The first was published in December > 2007, the second, November, 2010. Does anyone have this? And if so > would I be correct to get the first edition instead? I know FreeBSD's > pf lags being openBSD's, so I'm not sur

Re: The book of pf...

> > Because Peter made mention on misc@ that the second edition was geared > towards OpenBSD 4.8 and the version of pf that's in FreeBSD is quite a > bit older. > > http://marc.info/?l=openbsd-misc&m=128938065524891&w=2 > Hi In the second edition there are als

  1   2   3   4   5   6   7   8   9   10   >