similar to: Jails and loopback interfaces

Hi All, I have an asterisk box on my DMZ, and I'm using a PF for my firewall, I can make a call but some reasons I have a dead air. Any Ideas? below are my rules... ext_if = "bce0" int_if = "bce1" altitude = "172.16.1.0/24" #### machines #### vbox = "172.16.1.1" uci = "172.16.1.4" voices = "203.172.x.1" ipc =

Tinc OpenBSD masquerading firewall users: I just found that in OpenBSD's 3.2 and greater kernel, the packet filter (pf) added the ability to specify a source port for NATing. Therefore, my UDP rig outlined in my last post is not a desirable solution for OpenBSD users. I am unsure if Darren Reed's ipf has a similar function (pf's syntax was originally based on Darren Reed's

I'm trying to use pf + ftp-proxy n a 6.1-PRERELEASE machine. I have this line on inetd.conf: ftp-proxy stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy -n And this lines on pf.conf: rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port ftp-proxy pass in quick on $ext_if inet proto tcp from any port ftp-data to $ext_if:0 user proxy flags S/SA keep

Hi ! I have an error in this script as it is not working and I can''t figure out what that is. Anyone can help? Thanks! #!/bin/bash ### unitati de masura pt debit # kbps - kilobytes per second # mbps - megabytes per second # kbit - kilbits per second # mbit - megabits per second EXT_IF="eth0" INT_IF="eth1" TC=/sbin/tc IPTABLES=/sbin/iptables # RATE

Hi Andreas! I mainly understand what you mean, I tried to fix something on the script, I don''t know if I did it well. Can you take another look on it please and if is wrong to make the corrections directly on it so that I see where the mistake is... With this script I want to make limits for IP class 85.120.48.0/25 for international traffic in 256 KBps classes and for metropolitan

Hello, I have problems with htb. The problem is that when I download any file via shaper with htb, the traffic is very dinamic, it jumps, for example: if i have set ceil = 128kbit the results that it jumps from 112kbps to 144kbps or smth like that maybe its not very bad, but when the traffic drops down to 40kbps or less and then after 1 or 2 seconds jumps to 144kbps, its bad :-( and it is often.

Hey list and possible Arne... I try to get traffic shaping working on my firewall but getting cunfused with settings, but first my current setup: tcclasses file: #INTERFACE MARK RATE CEIL PRIORITY OPTIONS $EXT_IF 10 64kbit full 1 tcp-ack,tos-minimize-delay $EXT_IF 20 full/3 full/2 2 default $EXT_IF 30

Hi, I am using icecast2-2.4.1,1 on FreeBSD 10.1-RELEASE. In order to be able to stream on port 80, I have redirected port 8080 to port 80 by means of firewall on icecast server itself (packet filter): rdr pass on $ext_if proto tcp to port 80 -> 127.0.0.1 port 8000 The only thing that bothers me is the fact that autogenerated playlist files (m3u, xspf and vclt) in web interface direct to port

https://bugzilla.netfilter.org/show_bug.cgi?id=1248 Bug ID: 1248 Summary: The rr-load-balance part doesn't actually work on 0.7 Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: minor Priority: P5 Component: nft Assignee: pablo at

Am 2017-03-14 10:19, schrieb Alice Wonder: > On 03/14/2017 12:53 AM, Rajmohan Banavi wrote: >> Is there any package available for qmail? I am having hard time >> finding it. >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > > I doubt it,

Hello list, I discover strange behaviour of shaping traffic that i setup from Shorewall-4.0.2. I know that this is not Shorewall problem but may be somebody from list can help me or explain this situation. I have follow interfaces in 'tcdevices' files: #INTERFACE IN-BANDWITH OUT-BANDWIDTH # $EXT_IF 500kbit 248kbit $INT1_IF 500mbit

On 2017-03-14, rainer at ultra-secure.de <rainer at ultra-secure.de> wrote: > > You could try Matt Simerson's Toaster: > > https://github.com/msimerson/Mail-Toaster-6 > > It does a lot more than just qmail and replaced as much of qmail as > possible... But is it for Linux? The Wiki says: "each component is thinly provisioned in a FreeBSD jail." If it

Am 2017-03-15 06:22, schrieb Keith Keller: > On 2017-03-14, rainer at ultra-secure.de <rainer at ultra-secure.de> wrote: >> >> You could try Matt Simerson's Toaster: >> >> https://github.com/msimerson/Mail-Toaster-6 >> >> It does a lot more than just qmail and replaced as much of qmail as >> possible... > > But is it for Linux? The

Gang, For months now, we're all seeing repeated bruteforce attempts on SSH. I've configured my pf install to ratelimit TCP connections to port 22 and to automatically add IP-addresses that connect too fast to a table that's filtered: table <lamers> { } block quick from <lamers> to any pass in quick on $ext_if inet proto tcp from any to ($ext_if) port 22 modulate

>Submitter-Id: current-users >Originator: Janos Mohacsi >Organization: NIIF/HUNGARNET >Confidential: no >Synopsis: pf does not use IPv6 interface addresses at startups >Severity: serious >Priority: low >Category: bin >Class: sw-bug >Release: FreeBSD 6.2-STABLE i386 >Environment: System: FreeBSD scone.ki.iif.hu 6.2-STABLE FreeBSD 6.2-STABLE #23: Wed May 9 18:23:24

hi, I''ve successfully implemented shaping and policing with HTB for my SDSL line. Some tips&tricks I discovered which were not covered in the FAQs and docs I read: - To discover the appropriate rate for your line, flood it with traffic and reduce the rate until the matching class starts to show a consistent backlog -- only then you''ve managed to take the queue away

current setup SIP phone 192.168.1.30 --> linksys wrt54g sveasoft -- INTERNET -- (xl0) Firewall (xl2:172.16.0.50)--> (em1:172.16.0.101) Asterisk problem is RTP stream not oging trouhg from * to sip and vice versa. #1 and asterusk is pushing 192.168.1.30 back to linksys with 172 as return address.... or #2 asterisk trying to get back to me as 192.168 on public internet.. got

Hello R users I have question about the time involved in list assignment. Consider the following code snippet(see below). The first line creates a reader object, which is the interface to 1MM key-value pairs (serialized R objects) spanning 50 files (a total of 50MB). rhsqstart initiates the reading and I loop, reading each key-value pair using rhsqnextKVR. If this returns NULL, we switch to the

Has anybody on this managed to get ChilliSpot and Shorewall to work together? I have managed to get it to work with the supplied firewall script but if I wanted to do my firewall like that I would not be using Shorewall. At any rate, I am having all kinds of trouble translating the supplied rules to something that Shorewall would understand. If anybody has already done it I would love to see the

I have a situation that I think might be a bug, but would like someone else to have a look at before I create a report. Here's a list of the source: drwxr-xr-x. 8 root root 4096 Feb 24 10:56 current -rw-r--r--. 2 root root 2427204 Feb 21 12:18 qmailadmin-toaster-1.2.16-1.4.1.src.rpm -rw-r--r--. 2 root root 24875 Mar 1 2012 qmailmrtg-toaster-4.2-1.3.7.src.rpm -rw-r--r--. 2 root root