Displaying 20 results from an estimated 200 matches similar to: "[ronvdaal@zarathustra.linux666.com: Possible security issue with FreeBSD 5.4 jailing and BPF]"
2007 Apr 18
1
[Bridge] Setting the interfaces in promiscuous mode
Hello,
I have been using the bridging facilities provided by Linux (vanilla
2.6.7 SMP with UML skas host patch applied) to bridge a regular
physical ethernet network (on interface eth0) with a virtual network
(on interface tap0, cf uml_switch,
http://user-mode-linux.sourceforge.net/networking.html). A couple of
virtual machines (run using user-mode linux, a tool that enables you
to run linux
2010 Jun 14
4
Promiscuous mode
Hi Everyone,
In order to prevent DomU from entering promiscuous mode, is it just a matter of adding these 2 rules when the vif is created?
# Accept packets leaving the bridge going to the domU only if
# the destination IP for that packet matches an authorized IPv4
# address for that domU.
iptables -A FORWARD -m physdev --physdev-out vif1.0 \
--destination 216.146.46.43 -j ACCEPT
2006 Mar 07
3
Jails and loopback interfaces
Hi,
Running: Freebsd 6.0
I am wondering if it is possible to have acces to loopback ip in a jail. I
currently have a server running a jail. In the jail, there is a database and a
web server. I would like to be able to have the database only bind on a
loopback address and not on the jail's ip.
Can this be done and how?
Thanks
-Cyril
2007 May 02
0
network-route
Re hello list !
I''m using XEN 3.0.3 with 3 VM in bridge mode.
I would like to use route mode to ''remove'' the promiscious mode.
How can i do that?
I have tried to comment (vif-script vif-bridge) and (network-script
multi-bridge)
and uncomment
(vif-script vif-route)
(network script-network-route)
but it doesn''t work !
ANd what about (network nat) ! Do
2007 Apr 18
1
[Bridge] About simple bridging using Fedora Core 2
Hi, I am a beginner of bridge. I have a problem of using Fedora Core 2 to make a
simple bridge. Here is my setup:
The bridge computer is installed with Fedore Core 2 (with the SE Linux patch).
As I know that kernel 2.6.5 is already support bridging by default, so I didn't
recompile the kernel. Then I installed bridge-utils-0.9.6-1.i386. And no
additional configuration is made. After
2007 Apr 18
1
[Bridge] Man-in-the-middle scenario within vmware - problem
Hi there,
I'm trying to set up a man-in-the-middle scenario within a VMWare Workstation
team, using brctl. What I want is the following:
PC1 eth0 >---LAN-segment-1---< eth0 PCMITM eth1 >---LAN-segment-2---< eth0 PC2
Now I did the following on PCMITM (PC man in the middle):
ifconfig eth0 down
ifconfig eth1 down
brctl addbr lnxbr0
brctl addif lnxbr0 eth0
brctl addif lnxbr0 eth1
2004 Jul 03
1
samba+obsd+subnets
Hello,
I'm having problems getting my samba setup to work at a little LAN i
partially maintain. I've been reading quite a lot about what I could think
of being related to my problems/setup, and I've also googled my ass off :(
So here I am, resorting to you guys in hope of help =] Sorry to say, but I
don't have much experience, and therefore I'm a bit lost at the moment. Not
2009 Nov 02
0
[PATCHv4 3/6] qemu/net: add raw backend
Add raw network backend option which uses a packet socket to provide
raw networking access. Once the socket is opened it's bound to a
provided host interface, such that packets received on the interface
are delivered to the VM and packets sent by the VM are sent to the
interface.
This is functionally similar to the existing pcap network
backend, with the same advantages and problems.
2009 Nov 02
0
[PATCHv4 3/6] qemu/net: add raw backend
Add raw network backend option which uses a packet socket to provide
raw networking access. Once the socket is opened it's bound to a
provided host interface, such that packets received on the interface
are delivered to the VM and packets sent by the VM are sent to the
interface.
This is functionally similar to the existing pcap network
backend, with the same advantages and problems.
2002 Jun 27
1
jailing transfer-only accounts
hello,
we need to transfer files in a secure way with different partners and
clients.
at the momet we're using commercial ssh because we found it the only way to
transfer files in a jailed environment and without offering a login shell.
we'd like to use openssh but found only some patches and wrapper scripts but
nothing "official" to do what we need.
i could image (and read on
2002 May 22
2
chrooting/jailing transfer-only accounts
Folks,
I've been tasked to find a solution that will create
file-transfer-only accounts that are jailed or chrooted to a specific
directory. (Not an uncommon task, I think.)
Using the OpenSSH server and the OpenSSH scp client program, I can
achieve the goal of having a file transfer only account jailed to a
specified directory, by using the "scpjail" script (attached) as a
2008 Sep 23
1
fxp multicast forwarding problems
Hi,
Whilst doing some QA work on XORP on my desktop, which has fxp0 and
msk0, fxp0 got totally hosed.
I was running PIM-SM and IGMPv2 router-mode on the box at the time.
I wonder if this is related to the problems with fxp multicast
transmission I saw back in April.
I'm a bit concerned about this as fxp is still a very widespread and
useful network chip.
I am running
2009 Apr 08
1
fxp: stalled transfers
Hello,
after upgrading my system from 7.1-RELEASE to recent RELENG_7 I noticed
stalled network transfers in certain cases. I have an Intel PRO/100
ethernet adapter (card=0x00408086 chip=0x12298086 rev=0x0c). In general
networking works fine. I can ping hosts, surf on websites and so on. But
if I send large files (>1 MB) to my server the transfer stalls after a few
kilobytes. This concerns FTP
2003 Jun 06
0
fxp0: device timeout
Morning all ...
I saw the previous thread, and ignorantly didn't follow it ... and now I
can't seem to find it in the archives to go through it now that its hit me
...
This morning, after 5 days of uptime, my server got hit with:
Jun 6 09:52:19 pluto /kernel: fxp0: device timeout
Jun 6 09:52:19 pluto /kernel: fxp0: SCB timeout: 0x60 0x0 0x0 0x800
Jun 6 09:52:19 pluto /kernel:
2004 Dec 25
3
odd log mesage...looks serious
hello all-
and a happy holiday to all you geeks that are in front of the crt!
I found these log messages in my logs and I am not sure what some of
them signify.
Dec 23 19:08:39 smtp kernel: Limiting closed port RST response from 221
to 200 packets/sec
Dec 23 19:08:40 smtp kernel: Limiting closed port RST response from 241
to 200 packets/sec
Dec 24 05:32:34 smtp kernel: fxp0: promiscuous mode
2004 Jan 14
4
re hardware requirement - asterisk
I have just checked the Openbsd box on the if interface.
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:02:55:30:54:28
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::202:55ff:fe30:5428%fxp0 prefixlen 64 scopeid 0x1
xl0:
2003 Oct 30
1
Using racoon-negotiated IPSec with ipfw and natd
[ -netters, please Cc me or security@ with replies. ]
I'm running into trouble integrating dynamic racoon-based IPSec into a network
with ipfw and natd. I need to be able to allow VPN access from any address
from authenticated clients. I've got the dynamic VPN working, with racoon
negotiating SAs and installing SPs, but the problem is that I can't tell
whether an incoming packet on
2003 Sep 12
0
multiple problems with fxp0 and 4.8/9-stable
I've spent the past four days or so updating machines here to 4.8/9-stable via
cvsup, and have done a complete make buildworld/kernel on each machine (some
SMP, some single processor). It seems something is broken with the latest fxp
driver, on each machine (different mobos and hardware configs) heavy network
traffic with fxp NICs causes timeouts and random kernel panics.
First machine to
2003 Jun 11
7
IPFW: combining "divert natd" with "keep-state"
I've been using ipfw for a while to create a router with NAT
and packet filtering, but have never combined it with
stateful filtering, instead using things like "established" to
accept incoming TCP packets which are part of a conversation
initiated from the "inside".
I'd like to move to using keep-state/check-state to get tighter
filtering and also to allow outgoing
2008 Oct 29
2
Problem with Bridging ... and bge devices under FreeBSD 7.x?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm trying to run a QEMU VM on top of a FreeBSD 7.x server ... I've tried the
exact same setup on my desktop, using 192.168.1.x and an fxp device, and it all
works perfectly, but as soon as I do this on another machine on a public IP,
I'm not getting any routing, I can't even ping it from the same machine ...
My first thought was