similar to: Problems with pf + ftp-proxy on gateway

Hi All, I have an asterisk box on my DMZ, and I'm using a PF for my firewall, I can make a call but some reasons I have a dead air. Any Ideas? below are my rules... ext_if = "bce0" int_if = "bce1" altitude = "172.16.1.0/24" #### machines #### vbox = "172.16.1.1" uci = "172.16.1.4" voices = "203.172.x.1" ipc =

Hello, I have problems with htb. The problem is that when I download any file via shaper with htb, the traffic is very dinamic, it jumps, for example: if i have set ceil = 128kbit the results that it jumps from 112kbps to 144kbps or smth like that maybe its not very bad, but when the traffic drops down to 40kbps or less and then after 1 or 2 seconds jumps to 144kbps, its bad :-( and it is often.

Has anybody on this managed to get ChilliSpot and Shorewall to work together? I have managed to get it to work with the supplied firewall script but if I wanted to do my firewall like that I would not be using Shorewall. At any rate, I am having all kinds of trouble translating the supplied rules to something that Shorewall would understand. If anybody has already done it I would love to see the

Hi ! I have an error in this script as it is not working and I can''t figure out what that is. Anyone can help? Thanks! #!/bin/bash ### unitati de masura pt debit # kbps - kilobytes per second # mbps - megabytes per second # kbit - kilbits per second # mbit - megabits per second EXT_IF="eth0" INT_IF="eth1" TC=/sbin/tc IPTABLES=/sbin/iptables # RATE

Hi Andreas! I mainly understand what you mean, I tried to fix something on the script, I don''t know if I did it well. Can you take another look on it please and if is wrong to make the corrections directly on it so that I see where the mistake is... With this script I want to make limits for IP class 85.120.48.0/25 for international traffic in 256 KBps classes and for metropolitan

I try use setup traffic shaping with Shorewall-4.0.2 and have fault. When i start Shorewall with tc-files configured i get follow messages: ... RTNETLINK answers: No such file or directory We have an error talking to the kernel ERROR: Command "tc filter add dev eth2 parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate 500kbit burst 10k drop flowid :1" Failed

current setup SIP phone 192.168.1.30 --> linksys wrt54g sveasoft -- INTERNET -- (xl0) Firewall (xl2:172.16.0.50)--> (em1:172.16.0.101) Asterisk problem is RTP stream not oging trouhg from * to sip and vice versa. #1 and asterusk is pushing 192.168.1.30 back to linksys with 172 as return address.... or #2 asterisk trying to get back to me as 192.168 on public internet.. got

https://bugzilla.netfilter.org/show_bug.cgi?id=1248 Bug ID: 1248 Summary: The rr-load-balance part doesn't actually work on 0.7 Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: minor Priority: P5 Component: nft Assignee: pablo at

Gang, For months now, we're all seeing repeated bruteforce attempts on SSH. I've configured my pf install to ratelimit TCP connections to port 22 and to automatically add IP-addresses that connect too fast to a table that's filtered: table <lamers> { } block quick from <lamers> to any pass in quick on $ext_if inet proto tcp from any to ($ext_if) port 22 modulate

>Submitter-Id: current-users >Originator: Janos Mohacsi >Organization: NIIF/HUNGARNET >Confidential: no >Synopsis: pf does not use IPv6 interface addresses at startups >Severity: serious >Priority: low >Category: bin >Class: sw-bug >Release: FreeBSD 6.2-STABLE i386 >Environment: System: FreeBSD scone.ki.iif.hu 6.2-STABLE FreeBSD 6.2-STABLE #23: Wed May 9 18:23:24

Hi, I was reading document http://shorewall.net/MultiISP.html#idp3634200. Inspired by the document I was trying to establish the following changes: * one additional interface: COMA_IF * COM[A,B,C]_IF interfaces request IP address via DHCP * all non-RFC 1918 destined trafic is NATed from INT_IF to COMA_IF * all non-RFC 1918 destined trafic from GW is routed via COMB_IF by default * non-RFC 1918

I've got a server running FreeBSD 6.2 and PF. The server has a couple dozen jails on it. Previously, I had a few "private" services such as MySQL running on loopback IPs (127.0.0.2+) and the rest of the jails running on the public IPs. I have to renumber my machine with a new block of public IPs so I thought I'd be clever and move all the jails onto loopback IPs. Then

I have the need to know how many connection the server has, i run this command but i don't know how to sum all the results and get a final number. any ideas? netstat -an | grep -E 'tcp|udp' | awk '{print $6}' | sort | uniq -c | sort -n ?? 1 CLOSE_WAIT ?? 1 FIN_WAIT_2 ?? 1 LAST_ACK ?? 1 TIME_WAIT ?? 4 SYN_SENT ? 15 ? 37 LISTEN ? 44 ESTABLISHED

Hey list and possible Arne... I try to get traffic shaping working on my firewall but getting cunfused with settings, but first my current setup: tcclasses file: #INTERFACE MARK RATE CEIL PRIORITY OPTIONS $EXT_IF 10 64kbit full 1 tcp-ack,tos-minimize-delay $EXT_IF 20 full/3 full/2 2 default $EXT_IF 30

Tinc OpenBSD masquerading firewall users: I just found that in OpenBSD's 3.2 and greater kernel, the packet filter (pf) added the ability to specify a source port for NATing. Therefore, my UDP rig outlined in my last post is not a desirable solution for OpenBSD users. I am unsure if Darren Reed's ipf has a similar function (pf's syntax was originally based on Darren Reed's

Hi list! We tested mod_antiloris 0.4 and found it quite efficient, but before putting it in production, we would like to hear some feedback from freebsd users. We are using Apache 2.2.x on Freebsd 6.2 and 7.2. Is anyone using it? Do you have any other way to patch against Slowloris other than putting a proxy in front or using the HTTP accept filter? Thanks for your feedback, Martin

Hello everyone! How can I detect if a folder have changed (sync logic) than run a script if it's true? I found this script over the net, but I think it's such complicated for that simple thing... #!/bin/bash ############### detectdir.sh by Jagbir Singh ################# # # script to detect changes in directory. #

Hello, I built a system based on centos 5.3, now i'm planing to move to 5.4. To do it I rebuilt all rpms making some changes. When I use a common centos 5.3, it automatically detects that 5.4 is available and move update for it when i run yum update. How does this work? How the system detects new version and update for it? I thought centos-release rpm just update repo for it, but I saw this

ive got such network: |--------| |-------------| | WORLD |---|ROUTER/server| ------ NATED LAN |--------| |-------------| I want to use imq on ROUTER, what behaviour to choose ? AA, BA, AB, BB ?? --

I have configured asterisk with the AMP php configuration utility. I am able to make outgoing calls through broadvoice but incoming calls are sent to BV's Voicemail and never actually enter the IVR. When I show sip debug info through the asterisk prompt it actually reads the incoming call from BV but then issues a busy signal sending the call to BV's voicemail. I also modified