similar to: Fwd: Re: IPFW: Blocking me out. How to debug?

Dear W.D. Do you understand that by adding the rules into kernel space numbered from zero to sixty five thousand five hundred thirty four you may alter the behavior of the rule number sixty five thousand five hundred thirty five can you please define and list the goals you are trying to achieve by altering default rule in the terms you can both explain and understand. ----- Original Message

Hi peeps, After compiling ipfw into the new 6.2 kernel, and typing "ipfw list", all I get is: "65535 deny ip from any to any" From reading the docs, this might indicate that this is the default rule. (I am certainly protected this way--but can't be very productive ;^) ) By the way, when I run "man ipfw" I get nothing. Using this instead:

Hello all, After upgrading to 3.0.23c on my FreeBSD 6.1 box Samba stopped working on any connections. When connecting to smbd, tcp session is established (SYN, SYN+ACK, ACK) then a client send a NEGOTIATION packet, and after some timeout (about 10-15 seconds) this tcp session is closed (by the client) because no response to NEG. packet was received. Then after 75 seconds (counting from the

Hi, i've got this problem with my jail and i'm abolutly lost as in the why of it. I previously posted this on comp.unix.bsd.freebsd.misc but i was advised to send here I was unable to find help on google :( To resume quick, when i'm in a jail, netstat doesn't work properly. Hopefully i have provided sufficient information for anyone willing to help me :p First of all, my system :

heya i've been using freebsd's ipfw for quite a while and recently on a new server i've got this issue with ipfw that i can't understand ... something is wrong ... 01000 8042 1947866 allow ip from any to any via fxp0 01010 0 0 allow ip from any to any via lo0 01014 9886 4170269 divert 8668 ip from any to any in via vr0 01015 0 0 check-state 01130 14679 5695969 skipto 1800 ip from

I compiled the 3.0.21a samba software with the following configure options: configure --prefix=/opt/samba --exec-prefix=/opt/samba --with-krb=/usr/krb5 --with-smbwrapper --with-syslog --with-mandir=/usr/man --with-winbind Everything compiled fine; however, I am unable to see the server on the microsoft network. My smb.conf file looks like the this: [global] workgroup = CAREMARKRX

If someone has some free time, can you go over my ipfw config. See if I have any problems, or things i should add. Im not an ipfw expert or anything. Here is the config. add 100 allow all from any to any via lo0 add 110 deny log all from any to 127.0.0.0/8 add 120 deny log ip from 127.0.0.0/8 to any add 00200 check-state add 00250 deny all from any to any frag in via bge0 add 00260 deny

On 11/07/15 04:06, Lee Brown wrote: > Hi Everyone, my first foray into Samba and AD both. > > Not sure if this is an OS or configuration problem. I've found similar > issues, but nothing either recent enough (is related to samba 3) or close > enough. > > FreeBSD-10.1-RELENG, Samba 4.2.2. > > I have the domain provisioned as rfc2307 > I have joined a Win7-virtual

On 11/07/15 10:16, Rowland Penny wrote: > On 11/07/15 04:06, Lee Brown wrote: >> Hi Everyone, my first foray into Samba and AD both. >> >> Not sure if this is an OS or configuration problem. I've found similar >> issues, but nothing either recent enough (is related to samba 3) or >> close >> enough. >> >> FreeBSD-10.1-RELENG, Samba 4.2.2.

Hi Everyone, my first foray into Samba and AD both. Not sure if this is an OS or configuration problem. I've found similar issues, but nothing either recent enough (is related to samba 3) or close enough. FreeBSD-10.1-RELENG, Samba 4.2.2. I have the domain provisioned as rfc2307 I have joined a Win7-virtual machine to the domain I have created a new user with ADUC I have assigned 10000 to

Almost forgot - diff need ot be appied only on FreeBSD 5 version of 550.ipfwlimit, but resulting file can be used on both 4 and 5 releases. On Wed, Feb 23, 2005 at 03:59:51PM +0100, Alexander Leidinger wrote: Better version then previos, it will not break order of rules. awk version, it will work on all 4 and 5 releases, at least those, where IPFW enabled ;-) Also i removed check for

Hello, I've been trying to get a solution (or at least an explanation) from the FreeBSD guys at freebsd-questions lists, but I guess no one knew the answer. I am trying to run Samba 3 (latest) in a FreeBSD 7.0 jail (http://en.wikipedia.org/wiki/FreeBSD_Jail). It seems I cannot convince Samba to answer NetBIOS broadcast requests and therefore Windows machines cannot browse it directly by name

Hello, I have been using FreeBSD-7.0STABLE with BIND-9.4.2 ( i guess, forget to check before upgrade) up to 2008-01-26 (yesterday). But after upgrade FreeBSD-7.0STABLE-->FreeBSD-7.1STABLE everything goes wrong. 1.BIND can't start anymore and giving me following message at /var/log/messages: . . . Jan 27 12:30:20 ns kernel: ad4: 152587MB <WDC WD1600AAJS-75PSA0 05.06H05> at

550.ipfwlimit check in /etc/periodic/security takes into account only global/default verbosity limit and does not account for a specific logging limit set for a particular rule e.g.: $ ipfw -a l | fgrep log 65000 *521* 41764 deny log logamount *1000* ip from any to any $ sysctl -n net.inet.ip.fw.verbose_limit *100* >From security run output: ipfw log limit reached: 65000 519

For reasons unknown, any connections to localhost -- tcp, icmp, or udp -- are all originating from my external interface, rl0: $ telnet localhost 25 Trying ::1... Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Can't assign requested address telnet: Unable to connect to remote host IPFW log: Jul 16 12:46:43 octo ipfw: 100 Accept TCP 192.168.1.119:1434 127.0.0.1:25 out via rl0

Hi There, I've been having an issue trying to figure out a way to policy route outbound packets from a multihomed machine through the proper interface using IPFW to no avail. I've tried several different incantations of IPFW fwd/forward statements, and none of them seem to do the trick. Basically, I have a host that has multiple Internet connections. This host is running FreeBSD 4.9

On Fri, 3 Sep 2004 freebsd-security-request@freebsd.org wrote: > Send freebsd-security mailing list submissions to > freebsd-security@freebsd.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.freebsd.org/mailman/listinfo/freebsd-security > or, via email, send a message with subject or body 'help' to >

Hello security, This output I've received from conventional cron daily job: [...] gw.nbh.ru kernel log messages: > Limiting closed port RST response from 201 to 200 packets per second [...] where fxp0 is an external interface. What could involve such a messages? In /var/log/messages the above strings was prepended by string: Feb 10 13:24:29 gw /kernel: ipfw: limit 100 reached on entry

I've attached a patch to OpenSSH 3.0.2p1 that will allow the client side of local port forwarding to be bound to a single address. For my purposes, binding to 127.0.0.1 or (via GatewayPorts) all addresses would not work. I overloaded the "-b local_host" option so that it's address will be used when "-L port:remote_host:remote_port" is also specified. Today is the first

Recently we have been having a lot of trouble with time synchronisation between our samba DC and the domain clients. We are not sure what started this issue since the Samba domain went live on October 11, 2016 and the issues only began to surface this past January but at some point the time on the clients and the DC diverged enough that we began to get strange network errors. Once we figured out