James Shupe wrote:
Check into smtp_bind_address in Postfix. If you're still having issues,
binat rather than rdr to internal IPs so connections will originate
properly. Without seeing your pf.conf or master.cf, this is a guess, but
I think these tips should lead you in the right direction.
...ma
Check into smtp_bind_address in Postfix. If you're still having issues,
binat rather than rdr to internal IPs so connections will originate
properly. Without seeing your pf.conf or master.cf, this is a guess, but
I think these tips should lead you in the right direction.
...master.cf:
smtp ...
On Sat, Mar 27, 2010 at 1:02 AM, Scott McEachern wrote:
> Hi folks, I'm running into a bit of a routing gotcha getting two mail
> servers to send mail out using their own respective IP addresses. (While
> this involves postfix, this is not a postfix support question, it's a
> routing question)
I
On 2009-12-06, Alastair Johnson wrote:
> rdr pass on $ext_if1 proto tcp from $supplierIP to $CARP_ip_line1 port 443
> -> 10.0.0.50 port 443
> rdr pass on $ext_if2 proto tcp from $supplierIP to $CARP_ip_line2 port 443
> -> 10.0.0.50 port 443
This works like 'pass quick' without reply-to. Remov
Hi RW
I found the problem :-) My OpenVPN setup is OK. My ipsecctl.conf
was almost perfect: I setup the flow from my OpenBSD box (the branch
office) to be passive ... duh!!! ;-) Now that it has been converted
to dynamic the tunnel gets setup if the OpenVPN client initiates
traffic :-)
TIA
Paol
On Mon, 03 Sep 2007 20:26:14 -0400, Paolo Supino wrote:
>Hi RW
>
> Except for the branch VPN to the main office subnet (line# 3) I have
>the other IPSEC rules: peer to peer, 2 subnets to 1 subnet (and vice
>versa on the main office VPN peer). Why do I need to setup a tunnel
>between the branch f
Hi RW
Except for the branch VPN to the main office subnet (line# 3) I have
the other IPSEC rules: peer to peer, 2 subnets to 1 subnet (and vice
versa on the main office VPN peer). Why do I need to setup a tunnel
between the branch firewall and main office subnet?
TIA
Paolo
RW wrote:
On M
On Mon, 03 Sep 2007 17:15:02 -0400, Paolo Supino wrote:
>Hi
>
> I have a firewall that also acts as a VPN peer for 2 VPNs. One of
>the VPNs is IPSEC that connects between the main office and a branch
>office. The second VPN is OpenVPN that connects windows based road
>warriors to the branch offic
Hi David
I do push the route to the OpenVPN clients and I do have the route
back on the servers in the main office. To be sure I ran a sniffer on
a server in the main office to see if any traffic reaches the server
from the VPN client and the sniffer showed nothing reached the server.
It's not a
Hi David
It's true that all IP addresses are in the 10.x.x.x private address
space that isn't supposed to be routed on the Internet, but in all the
connections over the Internet the only visible addresses are the
public ones (otherwise the VPNs wouldn't be working): Main and branch
office public
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 9/3/07 3:28 PM, Paolo Supino wrote:
> Hi David
>
> It's true that all IP addresses are in the 10.x.x.x private address
> space that isn't supposed to be routed on the Internet, but in all the
> connections over the Internet the only visible addres
On 2007/09/03 17:15, Paolo Supino wrote:
> I have a firewall that also acts as a VPN peer for 2 VPNs. One of
> the VPNs is IPSEC that connects between the main office and a branch
> office. The second VPN is OpenVPN that connects windows based road
> warriors to the branch office. I want to enable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 9/3/07 2:15 PM, Paolo Supino wrote:
> Hi
>
> I have a firewall that also acts as a VPN peer for 2 VPNs. One of
> the VPNs is IPSEC that connects between the main office and a branch
> office. The second VPN is OpenVPN that connects windows based r
Good day,
I have seen similar problems before.
You must be doing some sort of proxying or NAT to allow Internet sites to
communicate with hosts on the 192.168.10/24 subnet, right? So the site on
the Internet has to have a path back to a NAT'ed or Proxied service through
the 192.168.10/24 subnet i
> On Tue, 6 Sep 2005 15:25:29 -0500, John Brooks wrote:
>
> >My office network has an adsl connection with a single static
> >ip as follows:
> >
> > 209.145.160.141/24 (gw 209.145.160.1)
> >
> >I requested additional ip's from my provider and they gave me
> >8 addresses at:
> >
> > 207.246.1
> On Tuesday, September 06, John Brooks wrote:
>
> >
> > (209.145.160.141)
> > OBSD #1 -
> > \
> > Switch DSL Modem ISP(209.145.160.1)
> > /
> > OBSD #2 -
> > (207.246.198.220)
> >
> > I was expecting that 207.246.198.
On Tue, 6 Sep 2005 15:25:29 -0500, John Brooks wrote:
>My office network has an adsl connection with a single static
>ip as follows:
>
> 209.145.160.141/24 (gw 209.145.160.1)
>
>I requested additional ip's from my provider and they gave me
>8 addresses at:
>
> 207.246.198.216/29
>
>They are
On Tuesday, September 06, John Brooks wrote:
>
> (209.145.160.141)
> OBSD #1 -
> \
> Switch DSL Modem ISP(209.145.160.1)
> /
> OBSD #2 -
> (207.246.198.220)
>
> I was expecting that 207.246.198.217 would have been set
On Thu, 01 Sep 2005 23:03:44 +1000
"Rod.. Whitworth" <[EMAIL PROTECTED]> wrote:
> On Thu, 1 Sep 2005 08:11:28 -0400, Bill wrote:
> >
> >Date: Thu, 1 Sep 2005 08:09:24 -0400
> >From: Bill <[EMAIL PROTECTED]>
> >To: "Rod.. Whitworth" <
On Thu, 1 Sep 2005 08:11:28 -0400, Bill wrote:
>
>Date: Thu, 1 Sep 2005 08:09:24 -0400
>From: Bill <[EMAIL PROTECTED]>
>To: "Rod.. Whitworth" <[EMAIL PROTECTED]>
>Subject: Re: routing question - why one way?
>
>
>On Thu, 01 Sep 2005 16:36:13 +100
On Thursday, September 01, 2005, Bill wrote:
> Right now I have the router installed with two active interfaces...
>
> Segment A (192.168.0.4) interface on the router Segment B
> (10.3.0.1) interface on the router
>
> Now I have a machine on each segment also:
>
> 192.168.0.2 (Segment A)
> 10.
Begin forwarded message:
Date: Thu, 1 Sep 2005 08:09:24 -0400
From: Bill <[EMAIL PROTECTED]>
To: "Rod.. Whitworth" <[EMAIL PROTECTED]>
Subject: Re: routing question - why one way?
On Thu, 01 Sep 2005 16:36:13 +1000
"Rod.. Whitworth" <[EMAIL PROTECTED]>
On Thu, 01 Sep 2005 17:09:45 +0800
Uwe Dippel <[EMAIL PROTECTED]> wrote:
> On Thu, 01 Sep 2005 02:01:44 -0400, Bill wrote:
>
> > I will try to summarize...
>
> Is it this ?:
>
> firewallrouter=linux
>192.168.0.2 192.168.0.4 10.4.0.1 10.4.50.1
>
> In your FP it
On Thu, 01 Sep 2005 02:01:44 -0400, Bill wrote:
> I will try to summarize...
Is it this ?:
firewallrouter=linux
192.168.0.2 192.168.0.4 10.4.0.1 10.4.50.1
In your FP it is 10.3.0.0, now it is 10.4.0.0, right ?
> This is the routers table:
> Internet:
> Destinat
On Thu, 1 Sep 2005 01:01:08 -0400, Bill wrote:
>OBSD 3.7 - new install
>
>I am building a router. And I am having a routing problem. I am not
>doing any packet filtering, NAT or anything... its all strictly private
>address space nets I also most definately have ip forwarding set in
>sysctl
>
>R
Sorry for the confusion...
I will try to summarize...
I have a machine on each side of a router I am building (3.7).
One one side it is a firewall connected to the internet (192.168.0.2/24)
On the other side it is a linux notebook (10.4.50.1/16)
>From linux I can ping any interface on the route
That was kind of hard to follow.
Can you post traceroutes?
--Bryan
On 8/31/05, Bill <[EMAIL PROTECTED]> wrote:
> OBSD 3.7 - new install
>
> I am building a router. And I am having a routing problem. I am not
> doing any packet filtering, NAT or anything... its all strictly private
> address
27 matches
Mail list logo
