> On Jun 1, 2021, at 16:50, Stuart Henderson wrote:
>
> On 2021-05-30, Dave Anderson wrote:
>> I’m setting up on 6.9-release a (for now) IPv4-only firewall with multiple
>> public addresses and multiple subnets behind it, and have a couple of
>> questions related to connections originating
On 2021-05-30, Dave Anderson wrote:
> I’m setting up on 6.9-release a (for now) IPv4-only firewall with multiple
> public addresses and multiple subnets behind it, and have a couple of
> questions related to connections originating from the firewall itself to
> which I haven’t found definitive
I’m setting up on 6.9-release a (for now) IPv4-only firewall with multiple
public addresses and multiple subnets behind it, and have a couple of questions
related to connections originating from the firewall itself to which I haven’t
found definitive answers.
When not overridden (for example, b
Robert Gilaard wrote:
> max-src-conn-rate 2/30 implies 1 in 15 seconds
No, it does not!
Helmut
--
No Swen today, my love has gone away
My mailbox stands for lorn, a symbol of the dawn
Dear OpenBSD people,
Please ignore my previous post.
pfctl -t bruteforce -T show gives
60.190.60.78
63.119.11.119
119.147.106.248
121.242.15.135
200.195.127.215
So I don' t know what I was thinking. I'm tired after a long day and will go to
bed and sleep well knowing pf takes c
Hi openbsd people,
My PF firewall says:
tcp_services = "{ ftp, ssh, domain, www, auth, https }"
udp_services = "{ ftp, domain, ntp }"
icmp_types = "{ echoreq, unreach }"
set skip on lo
scrub in all no-df random-id
block all
pass in quick on lo0
pass out quick on lo0
table persist
block quick fro
On Mar 31, 2008, at 8:53 PM, Jon Radel wrote:
Christopher Sean Hilton wrote:
On Mar 31, 2008, at 4:58 PM, Christopher Sean Hilton wrote:
Hi,
Just a followup. I figured that I might have better luck with this
configuration.
de0 - External interface to Internet
de1 - Internal interf
On Mar 31, 2008, at 4:58 PM, Christopher Sean Hilton wrote:
Hi,
Just a followup. I figured that I might have better luck with this
configuration.
de0 - External interface to Internet
de1 - Internal interface to DMZ
de2 - No IP interface to DMZ
de3 - No IP interface to w
Hi,
My goal is to use OpenBSD to filter packets between my wireless
segment and my DMZ. I've protected my wireless with WEP but in the
long haul I'd like to be able to remove any authentication, WEP or WPA
from the wireless segment. My first question is this: This strategy
seemed to mak
On Thu, 23 Feb 2006, Ryan McBride wrote:
SNIP
> In my opinion if you're talking about NATing 750 Windows boxes doing
> regular Windows-type things, you're going to want to at least at crank
> the limits on states and turn on adaptive timeouts; I wouldn't go any
> further than that unless you run in
On Wed, Feb 22, 2006 at 08:39:36PM -0500, Nick Holland wrote:
> Steve D. wrote:
> >Hi,
> >
> >I'm setting up a gateway (1.7 Ghz machine with 1 Gig of ram) for 700+
> >users using pf with NAT and BINAT's (90% NAT).I would like to know
> >if anyone has any recommendations on tweaking the runtim
Nick Holland wrote:
Steve D. wrote:
Hi,
I'm setting up a gateway (1.7 Ghz machine with 1 Gig of ram) for 700+
users using pf with NAT and BINAT's (90% NAT).I would like to
know if anyone has any recommendations on tweaking the runtime
options in PF. This box will pretty much just be han
Steve D. wrote:
Hi,
I'm setting up a gateway (1.7 Ghz machine with 1 Gig of ram) for 700+
users using pf with NAT and BINAT's (90% NAT).I would like to know
if anyone has any recommendations on tweaking the runtime options in
PF. This box will pretty much just be handling the natting wit
On 2/23/06, Steve D. <[EMAIL PROTECTED]> wrote:
> I'm setting up a gateway (1.7 Ghz machine with 1 Gig of ram) for 700+
> users using pf with NAT and BINAT's (90% NAT).I would like to know
> if anyone has any recommendations on tweaking the runtime options in
> PF. This box will pretty much ju
Hi,
I'm setting up a gateway (1.7 Ghz machine with 1 Gig of ram) for 700+
users using pf with NAT and BINAT's (90% NAT).I would like to know
if anyone has any recommendations on tweaking the runtime options in
PF. This box will pretty much just be handling the natting with a bare
minimum
On 2005-07-18 03:32, Vivek Ayer wrote:
One last thing. Looking at my pf.conf, which I assume you still have,
what modification would I have to make to make sure rsync over ssh
work properly between two clients on the internal networks? Thanks.
Vivek
If it's over SSH you should only need port 2
One last thing. Looking at my pf.conf, which I assume you still have,
what modification would I have to make to make sure rsync over ssh
work properly between two clients on the internal networks? Thanks.
Vivek
> I don't quite understand what you mean by that. What do I have to do
> to that line? Will it let me ping if I remove it? Also, how would I
> open up bittorrent port 6881, icecast port 8000 and soulseek port 2430
> (somewhere in that range). Do add an rdr line? I'm just tired of
> getting the NAT
I don't quite understand what you mean by that. What do I have to do
to that line? Will it let me ping if I remove it? Also, how would I
open up bittorrent port 6881, icecast port 8000 and soulseek port 2430
(somewhere in that range). Do add an rdr line? I'm just tired of
getting the NAT error in A
might be good to also let the little guys out ;-)
--
John Brooks
[EMAIL PROTECTED]
...
> pass in inet proto icmp all icmp-type $icmp_types keep state
^^
...
> Hi guys,
>
> I'm a newbie in pf. Got a question about pinging and ssh stuff. Say I
> have two clients connected to a fir
Sorry for the short question. No, actually one is one a wired network,
the other is on a wireless network both connected to the firewall. I'm
sending you my pf.conf. Check it out. The reason this is a problem is
because I keep getting a NAT error in Azureus when I test the port.
/etc/pf.conf
#
alf Of
> Vivek Ayer
> Sent: Thursday, July 14, 2005 6:04 PM
> To: misc@openbsd.org
> Subject: pf questions
>
>
> Hi guys,
>
> I'm a newbie in pf. Got a question about pinging and ssh stuff. Say I
> have two clients connected to a firewall that's running pf t
Hi guys,
I'm a newbie in pf. Got a question about pinging and ssh stuff. Say I
have two clients connected to a firewall that's running pf to the
internet. I can ssh from one client to the other or vice versa. I
can't ping either. I feel pf is not allowing it. What do I modify in
pf to let hosts o
23 matches
Mail list logo
