--- Quoting ed on 2005/12/28 at 18:40 +:
> Hello,
>
> I have the following pf.conf on two identical firewalls, which combine
> two external ISP connections to a single RFC1819 network, providing
> complete failover if the ISP drops off the edge of the world.
>
> However, I notice that when I
--- Quoting William Bloom on 2005/10/10 at 13:56 -0700:
> The PF man page gives meager detail about the congestion counter. And the
> only
> FAQ items for this that I can find are related to queueing (and I don't have
> queues in my ruleset). What is the meaning of a non-zero congestion count
--- Quoting Vinicius Pavanelli Vianna on 2005/09/19 at 22:24 -0300:
> They say all their ifaces are forced to 100 full duplex, when i try to
> autoneg with their switches i always got 100 half duplex, and the speed
> is bad, so i forced all to 100 full duplex so i can get some speed,
> don't ask m
--- Quoting -f on 2005/09/19 at 17:21 +0200:
> hi there,
>
> i would like to log what was blocked from the outside.
> as of now i have the following in my pf.conf:
>
> block in log
>
> naturally this is logging too much redundant information.
> i would like to restrict the logging only to conne
Karl O. Pinc wrote:
I do recall some OpenBGP hooks into pf. Maybe there's
a way to use these to make failover work.
You need BGP pure and simple. The only caveat with BGP on OpenBSD is
that you cannot do equal cost load balancing. For instance, if your
providers send you a default route, yo
Karl O. Pinc wrote:
On 09/13/2005 05:16:38 PM, j knight wrote:
--- Quoting Darrin Chandler on 2005/09/13 at 13:56 -0700:
> which will try to talk you out of using BGP for load balancing and
> present a simpler alternative.
Best bet if this track is
taken is to involve pf&
--- Quoting Mattias R. Lindgren on 2005/09/13 at 19:31 -0600:
> bash-3.00# isakmpd -d
> 191943.477359 Default ipsec_validate_id_information: dubious ID information
> accepted
> 191951.404865 Default ipsec_validate_id_information: dubious ID information
> accepted
> 192010.536856 Default transport_
--- Quoting Darrin Chandler on 2005/09/13 at 13:56 -0700:
> You might also want to read
> http://www.inetdaemon.com/columns/ask/internet-load-balancing.shtml,
> which will try to talk you out of using BGP for load balancing and
> present a simpler alternative.
This solution talks about using
--- Quoting Karl O. Pinc on 2005/09/13 at 01:05 +:
> Finally, not knowing much about bgp, I've a question
> about load balancing over the two WAN links. Does
> bgp/OpenBGP have any provisions for load balancing, say
> based on WAN link latency? (Seems like this _could_
> be a "bgp policy" at
--- Quoting Xavier Beaudouin on 2005/09/04 at 22:37 +0200:
> rbgp2#sh ip bgp
> BGP table version is 19, local router ID is 192.168.0.31
> Status codes: s suppressed, d damped, h history, * valid, > best, i -
> internal,
> r RIB-failure, S Stale
> Origin codes: i - IGP, e - EGP, ? -
--- Quoting [EMAIL PROTECTED] on 2005/08/25 at 01:20 +0200:
(can you try wrap your lines at a reasonable 72 chars?)
> No, the rl0 gateway (PC_B) is 192.168.3.254. Client1 is .3.70, PC_B's
> internal network is, of course, 192.168.3.0/24.
Oops, I should've seen that 3.70 was an ARP entry. It'
--- Quoting [EMAIL PROTECTED] on 2005/08/24 at 18:35 +0200:
> 1) From Client1, I cannot ping its default gateway (.3.254) anymore. No ping
> replies. ssh connection is frozen.
What machine and interface is .3.254 on? From the information below it
does not look like it's on PC_B. PC_B is .3.70.
--- Quoting Daniel Eyholzer on 2005/08/24 at 08:33 +0200:
> Yes, I have tried to filter on VPN client ip addresses on the enc0
> interface. This works, but the problem is that not all users should be
> allowed to do the same things. Since the VPN client ip address can be
> chosen arbitrary on the
--- Quoting Daniel Eyholzer on 2005/08/17 at 15:58 +0200:
> I have tried to change Network and Netmask in the [default-route] section
> from 0.0.0.0 to the network and netmask of one of the vlan subnetworks, but
> it does not help. I can still connect to the other subnet if I define them
> in the
--- Quoting Spruell, Darren-Perot on 2005/06/29 at 11:16 -0700:
> How does a firewall configured to NAT connections for the outside
> interface on a given IP to an IP address behind the firewall handle
> the ARP replies for those addresses to the upstream router?
Add an alias on that interface.
--- Quoting kevin on 2005/06/28 at 10:00 -0500:
> Hi all,
>
> After my business cable provider replaced the router, I get
> the usual "arplookup: unable to locate address 10.19.240.183"
"unable to locate" or "unable to enter"?
This happens in more places than you might think. What impact is i
--- Quoting Serban Giuroiu on 2005/06/12 at 14:59 -0700:
> scrub random-id
> scrub fragment reassemble
> scrub reassemble tcp
> scrub out on $ppp max-mss 1440
These scrub rules aren't doing what you think they're doing. "scrub" is
a rule, not an option such as the "set" parameters. The first matc
--- Quoting eric on 2005/06/07 at 00:18 -0500:
> fxp0: flags=8843 mtu 1500
> address: 00:02:b3:b1:a8:9a
> description: ipv6_if
> media: Ethernet 100baseTX full-duplex
> status: active
> inet6 2001:x:y:z::133 prefixlen 96
> inet6 fe80::202:b3ff:feb1:a
Manon Goo wrote:
Hi,
I have setup openbgp on two routers (Config below). I am connecting to
two uplink routers at my ISP.
My ISP Complains that one of the his sessions allways is idle. (He is
running a cisco
12000 IOS 12.0.something) and this is filling his logs.
Might this be because of the state
Adam Papai wrote:
Regards.
I have a problem with ClamAV install to 3.6. None of the ClamAV sources
build.
For what it's worth, there is a clamav port/package in 3.7
(ports/security/clamav). CDs can be ordered here
http://www.openbsd.org/orders.html.
Fafa Hafiz Krantz wrote:
Hey!
Hi,
Can you please read the documentation before posting questions to this
list? All your questions to date have been easily answered by referring
to one of these documentation sources:
- pf.conf(5): http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf (or
"man pf
21 matches
Mail list logo
