similar to: icmp problem

Hi, I have tried to enable IPSec support for my FreeBSD( 4.11-RELEASE) system. First, I copied the generic kernel configuration file to a file I called MYKERNEL: #cp /usr/src/sys/i386/conf/GENERIC /usr/src/sys/i386/conf/MYKERNEL Then, I added the following three lines to the options section of /usr/src/sys/i386/conf/MYKERNEL: options IPSEC options IPSEC_ESP options

Hello, all! In the beginning I want to say, that this question seems to be a security one, isn't it so?.. Recently I was googling for the subject and coulnd't find anything... Even in the opennet.ru forum nobody answered me about this. So, as far as I got to know, randomizing source ports in FreeBSD is impossible now? (to be exact - is not implemented?) It's very interesting to me

Hi everyone, today I got an e-mail from a company claiming that my server is doing port scans on their firewall machine. I found that hard to believe so I started checking the box. The company rep told me that the scan was originating at port 80 with destination port 8254 on their machine. I couldn't find any hints as to why that computer was subject to the alleged port scans. Searching

[ -netters, please Cc me or security@ with replies. ] I'm running into trouble integrating dynamic racoon-based IPSec into a network with ipfw and natd. I need to be able to allow VPN access from any address from authenticated clients. I've got the dynamic VPN working, with racoon negotiating SAs and installing SPs, but the problem is that I can't tell whether an incoming packet on

I've been using ipfw for a while to create a router with NAT and packet filtering, but have never combined it with stateful filtering, instead using things like "established" to accept incoming TCP packets which are part of a conversation initiated from the "inside". I'd like to move to using keep-state/check-state to get tighter filtering and also to allow outgoing

Hi. We just opened a gaming center and have chosen to run a FreeBsd box for our firewall. IPFW is configured at it's very basic running natd through rl0 and allowing any to any connections from the lan to the outer world. Natd controls access to the lan. We have a 6.0 mb/s ADSL net connection for all the gaming clients to use, however if a gamer starts downloading a file, that file

Hi, I have a system with a 4.11 Kernel. Unless I'm doing something very wrong, there seems to be something odd with ipfw. Take the following rules: ipfw add 00280 allow tcp from any to any 22 out via bge0 setup keep- state ipfw add 00299 deny log all from any to any out via bge0 ipfw add 0430 allow log tcp from any to me 22 in via bge0 setup limit src-addr 2 ipfw add 00499 deny log

I have a FreeBSD box acting as a firewall and NAT gateway I would like to set it up to transparently pass IPSec packets -- I have an IPSec VPN client running on another machine, connecting to a remote network. Is there a way to do this? I can't find any hints in the man pages.

Hi. On my FreeBSD 4.8 configured IPFW2+IPF+IPNAT and I use them all: - IPFW - traffic accounting, shaping, balancing and filtering; - IPFilter - policy routing; - IPNAT - masquerading. I want to know, how IP-packets flow through all of this components? What's the path? incoming: IPFW Layer2 -> IPFW&Dummynet -> IPNAT -> IPFilter ? outgoing: IPFW Layer2 ->

This note is essentially a request for a reality check. I use IPFW & natd on the box that provides the interface between my home networks and the Internet; the connection is (static) residential DSL. I configured IPFW to accept & log all SSH "setup" requests, and use natd to forward such requests to an internal machine that only accepts public key authentication; that

Made a typo in the cc: line. Coffee time, I guess. -------- Original Message -------- Date: Mon, 12 May 2003 19:52:17 -0400 From: Bob K <melange@yip.org> To: Michael Collette <metrol@metrol.net> CC: freebsd.-security@freebsd.org Subject: Re: Down the MPD road > I did this, and it does correct the immediate problem. Of course, it > also > creates a new glitchy. >

does anyone what is the ipfw equivalent line for this one? rdr fxp0 external_ip_addres/32 port 69 -> 192.168.66.3 port 69 udp i use a tftpd server behind a nat and i want to redirect all trafic coming from internet on port 69 to the tftpd server 10x for help __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around

I hope this isn't too off topic, but I'd like a quick solution to a problem. I have a small network behind a NAT firewall (FreeBSD of course) and I'd like to block/redirect all traffic from the internal network to the local mail server (same box as firewall) in order to prevent direct smtp requests to the outside world (mainly virus/trokan programs). I think I have it right in this

Hello! A machine I manage remotely for a friend comes under a distributed ssh break-in attack every once in a while. Annoyed (and alarmed) by the messages like: Aug 12 10:21:17 symbion sshd[4333]: Invalid user mythtv from 85.234.158.180 Aug 12 10:21:18 symbion sshd[4335]: Invalid user mythtv from 85.234.158.180 Aug 12 10:21:20 symbion sshd[4337]: Invalid user mythtv from 85.234.158.180 Aug 12

Hello! A machine I manage remotely for a friend comes under a distributed ssh break-in attack every once in a while. Annoyed (and alarmed) by the messages like: Aug 12 10:21:17 symbion sshd[4333]: Invalid user mythtv from 85.234.158.180 Aug 12 10:21:18 symbion sshd[4335]: Invalid user mythtv from 85.234.158.180 Aug 12 10:21:20 symbion sshd[4337]: Invalid user mythtv from 85.234.158.180 Aug 12

Hi there, Is there some way to configure ipfw to do traffic normalizing ("scrubbing", as in ipf for OpenBSD)? Is there any tool to do it for FreeBSD firewalling? I've heard that ipf was ported on current, anything else? TIA, /Dorin. __________________________________ Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. http://antispam.yahoo.com/tools

>> 3. I'm intrested in blocking kazaa/P2P trafic with IPFW any help in this issue you could possibly block connections at known p2p ports. deny tcp from any to any 6699 step but most of the newer protocols use dynamic ports and in turn, are configurable. so ipfw isn't exactly ideal on it's own for this. -r. -----Original Message----- From: Pons [mailto:pons@gmx.li] Sent:

Hi, in the kernel I have these lines: [...] device miibus # MII bus support device rl device ed options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #enable logging to syslogd(8) options IPFIREWALL_VERBOSE_LIMIT=0 #limit verbosity options IPDIVERT #divert sockets options DUMMYNET

I will shortly be replacing a couple of proprietary VPN boxes with a FreeBSD solution. Section 10.10 of the Handbook has a detailed description of how to do this. However I remember a lot of discussion about a year ago about whether the gif interface was necessary to set up VPNs like this or whether it was just a convenience, for "getting the routing right". A number of people said

Hi ! First of all, I am sorry if this is not the list for that, but I've been learning (a little bit...) a way to implement a freeBSD firewall. So far I came up with a set of rules I would like to show you for commenting. I am sure there're a lot of errors and/or stupid rules (I am not sure the rules order is good for what I need) and I would be really pleased if one could have a look