similar to: Dead Air on PF firewall

I'm trying to use pf + ftp-proxy n a 6.1-PRERELEASE machine. I have this line on inetd.conf: ftp-proxy stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy -n And this lines on pf.conf: rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port ftp-proxy pass in quick on $ext_if inet proto tcp from any port ftp-data to $ext_if:0 user proxy flags S/SA keep

Hello, I have problems with htb. The problem is that when I download any file via shaper with htb, the traffic is very dinamic, it jumps, for example: if i have set ceil = 128kbit the results that it jumps from 112kbps to 144kbps or smth like that maybe its not very bad, but when the traffic drops down to 40kbps or less and then after 1 or 2 seconds jumps to 144kbps, its bad :-( and it is often.

current setup SIP phone 192.168.1.30 --> linksys wrt54g sveasoft -- INTERNET -- (xl0) Firewall (xl2:172.16.0.50)--> (em1:172.16.0.101) Asterisk problem is RTP stream not oging trouhg from * to sip and vice versa. #1 and asterusk is pushing 192.168.1.30 back to linksys with 172 as return address.... or #2 asterisk trying to get back to me as 192.168 on public internet.. got

Has anybody on this managed to get ChilliSpot and Shorewall to work together? I have managed to get it to work with the supplied firewall script but if I wanted to do my firewall like that I would not be using Shorewall. At any rate, I am having all kinds of trouble translating the supplied rules to something that Shorewall would understand. If anybody has already done it I would love to see the

Hi ! I have an error in this script as it is not working and I can''t figure out what that is. Anyone can help? Thanks! #!/bin/bash ### unitati de masura pt debit # kbps - kilobytes per second # mbps - megabytes per second # kbit - kilbits per second # mbit - megabits per second EXT_IF="eth0" INT_IF="eth1" TC=/sbin/tc IPTABLES=/sbin/iptables # RATE

Hi Andreas! I mainly understand what you mean, I tried to fix something on the script, I don''t know if I did it well. Can you take another look on it please and if is wrong to make the corrections directly on it so that I see where the mistake is... With this script I want to make limits for IP class 85.120.48.0/25 for international traffic in 256 KBps classes and for metropolitan

I try use setup traffic shaping with Shorewall-4.0.2 and have fault. When i start Shorewall with tc-files configured i get follow messages: ... RTNETLINK answers: No such file or directory We have an error talking to the kernel ERROR: Command "tc filter add dev eth2 parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate 500kbit burst 10k drop flowid :1" Failed

I've got a server running FreeBSD 6.2 and PF. The server has a couple dozen jails on it. Previously, I had a few "private" services such as MySQL running on loopback IPs (127.0.0.2+) and the rest of the jails running on the public IPs. I have to renumber my machine with a new block of public IPs so I thought I'd be clever and move all the jails onto loopback IPs. Then

Tinc OpenBSD masquerading firewall users: I just found that in OpenBSD's 3.2 and greater kernel, the packet filter (pf) added the ability to specify a source port for NATing. Therefore, my UDP rig outlined in my last post is not a desirable solution for OpenBSD users. I am unsure if Darren Reed's ipf has a similar function (pf's syntax was originally based on Darren Reed's

https://bugzilla.netfilter.org/show_bug.cgi?id=1248 Bug ID: 1248 Summary: The rr-load-balance part doesn't actually work on 0.7 Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: minor Priority: P5 Component: nft Assignee: pablo at

Gang, For months now, we're all seeing repeated bruteforce attempts on SSH. I've configured my pf install to ratelimit TCP connections to port 22 and to automatically add IP-addresses that connect too fast to a table that's filtered: table <lamers> { } block quick from <lamers> to any pass in quick on $ext_if inet proto tcp from any to ($ext_if) port 22 modulate

>Submitter-Id: current-users >Originator: Janos Mohacsi >Organization: NIIF/HUNGARNET >Confidential: no >Synopsis: pf does not use IPv6 interface addresses at startups >Severity: serious >Priority: low >Category: bin >Class: sw-bug >Release: FreeBSD 6.2-STABLE i386 >Environment: System: FreeBSD scone.ki.iif.hu 6.2-STABLE FreeBSD 6.2-STABLE #23: Wed May 9 18:23:24

Hi, I was reading document http://shorewall.net/MultiISP.html#idp3634200. Inspired by the document I was trying to establish the following changes: * one additional interface: COMA_IF * COM[A,B,C]_IF interfaces request IP address via DHCP * all non-RFC 1918 destined trafic is NATed from INT_IF to COMA_IF * all non-RFC 1918 destined trafic from GW is routed via COMB_IF by default * non-RFC 1918

Hey list and possible Arne... I try to get traffic shaping working on my firewall but getting cunfused with settings, but first my current setup: tcclasses file: #INTERFACE MARK RATE CEIL PRIORITY OPTIONS $EXT_IF 10 64kbit full 1 tcp-ack,tos-minimize-delay $EXT_IF 20 full/3 full/2 2 default $EXT_IF 30

Since last upgrade, I see much more CPU time "eated" by interrupts (at least 10% cpu in top) (see http://dgeo.perso.ec-marseille.fr/cpu-week.png) The server behave correctly (Or seems to?), and high interrupt number seems to come from bce cards (source: systat -vmstat) I just upgraded from "RELENG_7 Mon Sep 8 12:33:06 CEST 2008" to "RELENG_7_1 Sat Nov 29 16:20:35 CET

Hello R users I have question about the time involved in list assignment. Consider the following code snippet(see below). The first line creates a reader object, which is the interface to 1MM key-value pairs (serialized R objects) spanning 50 files (a total of 50MB). rhsqstart initiates the reading and I loop, reading each key-value pair using rhsqnextKVR. If this returns NULL, we switch to the

Hi, I am using icecast2-2.4.1,1 on FreeBSD 10.1-RELEASE. In order to be able to stream on port 80, I have redirected port 8080 to port 80 by means of firewall on icecast server itself (packet filter): rdr pass on $ext_if proto tcp to port 80 -> 127.0.0.1 port 8000 The only thing that bothers me is the fact that autogenerated playlist files (m3u, xspf and vclt) in web interface direct to port

Hello, I've been using samba to share files on a Redhat server within a windows NT domain. Recently, security policies in the domain have changed, and security signatures are required for the LanManServer and Rdr services. Now that this has been deployed, I get an error when I try to connect to the SMB shares on the Redhat server from Windows hosts saying "account is not authorized to log

ive got such network: |--------| |-------------| | WORLD |---|ROUTER/server| ------ NATED LAN |--------| |-------------| I want to use imq on ROUTER, what behaviour to choose ? AA, BA, AB, BB ?? --

Hi. On one of my fresh installed servers I am seeing the following output during boot: gptzfsboot: error 4 lba 30 gptzfsboot: error 4 lba 31 gptzfsboot: error 4 lba 31 gptzfsboot: error 4 lba 31 gptzfsboot: error 4 lba 30 gptzfsboot: error 4 lba 31 gptzfsboot: error 4 lba 31 gptzfsboot: error 4 lba 31 gptzfsboot: error 4 lba 31 gptzfsboot: error 4 lba 31 gptzfsboot: error 4 lba 31 gptzfsboot: