On Tue, Jul 30, 2013 at 8:02 PM, Jeff Kell wrote:
> On 7/30/2013 10:55 PM, Jay Ashworth wrote:
> > - Original Message -
> >> From: "Jared Geiger"
> >>
> >> We are seeing that all our customers in the Brighthouse Orlando, FL
> market
> >> that would make outbound connections on TCP port 3
On 7/30/2013 10:55 PM, Jay Ashworth wrote:
> - Original Message -
>> From: "Jared Geiger"
>>
>> We are seeing that all our customers in the Brighthouse Orlando, FL market
>> that would make outbound connections on TCP port 3306 suddenly can't
>> connect to us now. This happened suddenly mi
- Original Message -
> From: "Jared Geiger"
> We are seeing that all our customers in the Brighthouse Orlando, FL market
> that would make outbound connections on TCP port 3306 suddenly can't
> connect to us now. This happened suddenly mid day today.
>
> Other ISPs can still make the sam
Understood. I expected as much but thought I'd ask. Most of my suggestions
would require more knowledge of the layout to be filtered out.
I really don't know what you'd find that would do what you want in this
case, based on the requirements stated previously. Sorry =/
I'd look more to finding a
On Tue, 2013-07-30 at 18:15 -0500, Jimmy Hess wrote:
> I would encourage looking at Checkpoint / Palo
> Alto / Stonegate / Sonicwall/ some others.
>
If this were me, I would give Stonegate a call and explain what I
wanted to have happen. They are knowledgeable and kind folks.
On 7/30/13, William Herrin wrote:
> Hi folks,
I don't know about IPIP tunnel inspection; it seems like an odd
requirement to me, unless you mean _preventing_ IPIP tunnels from
being established, in that case a non-appliance solution may be
necessary.Is the IPIP tunnel supposed to land on t
On Jul 30, 2013, at 13:10 , Charles N Wyble
wrote:
> Not sure how bsd handles ipip connections. If it breaks them out as a
> dedicated interface (like it does for openvpn connections) , then rules can
> be applied and pfsense would be quite useful. The UI is very simple.
That would only wor
Aren't there appliance versions that are just iptables/linux under the hood?
For example, IPCop, IPFire, Smoothwall, Untangle, and Vyatta should fit the
bill.
Owen
On Jul 30, 2013, at 13:00 , William Herrin wrote:
> Hi folks,
>
> I'm trying to identify a firewall appliance for one of my cust
Hi Bill,
I found nDPI (http://www.ntop.org/products/ndpi/) lists IP in IP as a
supported protocol. That doesn't fit your requirement that it be an
appliance but maybe it gets you going in the right direction.
Cheers,
Kyle
On Tue, Jul 30, 2013 at 1:38 PM, William Herrin wrote:
> On Tue, Jul 3
On Tue, Jul 30, 2013 at 5:36 PM, Blake Dunlap wrote:
> Well, I guess my first question is: Is this a design you are stuck with for
> some reason or alternately, is there a good reason for it, and I need to be
> educated as to real world design? It seems rather odd to put a firewall
> boundry betwe
Well, I guess my first question is: Is this a design you are stuck with for
some reason or alternately, is there a good reason for it, and I need to be
educated as to real world design? It seems rather odd to put a firewall
boundry between a LB and its associated cluster as opposed to in front of
t
On Tue, Jul 30, 2013 at 4:19 PM, Michael Brown wrote:
> In the pfSense UI, you create the physical interface as a GRE tunnel
> then assign it to a logical interface against which you can apply the
> firewall rules:
Thanks all. To be clear: I'm dealing with IPIP packets, not GRE
packets. Linux LV
We are seeing that all our customers in the Brighthouse Orlando, FL market
that would make outbound connections on TCP port 3306 suddenly can't
connect to us now. This happened suddenly mid day today.
Other ISPs can still make the same outbound connections. VPN connections on
Brighthouse into the
In the pfSense UI, you create the physical interface as a GRE tunnel
then assign it to a logical interface against which you can apply the
firewall rules:
The screenshot is a GIF IPv6 he.net tunnel (this is 2.1RC0) but it works
the same way on 2.0.1.
Works great!
M.
On 13-07-30 04:10 PM, Char
Not sure how bsd handles ipip connections. If it breaks them out as a dedicated
interface (like it does for openvpn connections) , then rules can be applied
and pfsense would be quite useful. The UI is very simple.
Warren Bailey wrote:
>Look into pfsense. It's rock solid and bad based, and can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
An algorithm roll for the .gov zone will occur at the end of August, 2013.
This notice is provided
as a courtesy to the DNSSEC community. No action should be required on your
part.
The .gov zone is currently signed with algorithm 7 (RSASHA1-NSEC3-
Look into pfsense. It's rock solid and bad based, and can be purchased as an
appliance. (both real and vm)
Sent from my Mobile Device.
Original message
From: William Herrin
Date: 07/30/2013 1:02 PM (GMT-08:00)
To: nanog@nanog.org
Subject: which firewall product?
Hi folks,
Hi folks,
I'm trying to identify a firewall appliance for one of my customers.
The wrinkle is: it has to be able to inspect packets inside an IPIP
tunnel and accept/reject based on IP address, TCP port number and
standard things like that. On the packet carried *inside* the IPIP
tunnel packet.
>
the common transit point for this problem is vodafone backone:
aut-num:AS3209
as-name:VODANET
On Tue, Jul 30, 2013 at 2:13 PM, Nick Hilliard wrote:
> On 30/07/2013 18:34, ryanL wrote:
> > anyone hanging out from vodafone in europe? or anyone know someone over
> at
> > vodafone?
You might have better luck asking at LACNOG;
https://mail.lacnic.net/mailman/listinfo/lacnog
Cheers,
James.
On 30/07/2013 18:34, ryanL wrote:
> anyone hanging out from vodafone in europe? or anyone know someone over at
> vodafone? we are having goofy issues with mobile clients on your LTE
> network. we're having to dump mtu and advmss a whole bunch to make things
> work. wondering if you'd be willing to
Are there any Mexico ISPs on the list or does anybody here have any contacts at
any Mexican ISPs?
Thank you,
Anne
Anne P. Mitchell, Attorney at Law
Author: Section 6 of the CAN-SPAM Act of 2003
CEO/President: Institute for Social Internet Public Policy
Providers: SuretyMail Email Accreditation
anyone hanging out from vodafone in europe? or anyone know someone over at
vodafone? we are having goofy issues with mobile clients on your LTE
network. we're having to dump mtu and advmss a whole bunch to make things
work. wondering if you'd be willing to chat offline.
appreciated.
r
Hi,
John Curran wrote:
> On Jul 26, 2013, at 4:34 PM, Jimmy Hess wrote:
>
> > If someone studies that and finds there is a correlation to spam
based
> > on WHOIS listing alone,
> > then perhaps
>
> No study has been conducted, but we do receive a small number of
complaints
> each year abou
This is just about to start. Not on the IETF schedule. The panel will
tackle the fundamental questions of how to avoid conflicting congestion
fixes that screw up transmission protocols. Should be interesting.
**
joly posted: "Today, Tuesday July 29 2013 the Internet Society will
present a briefi
I don't mind doing it on list if that makes any difference. Please
understand we are all under tremendous stress and growing pains here. Your
best bet is to email n...@digitalocean.com. If that doesn't work, email me.
--
Jeff Carr
Chief Architect
PS: We are hiring
On Mon, Jul 29, 2013 at 8:24 AM
26 matches
Mail list logo
