Displaying 20 results from an estimated 4000 matches similar to: "IPFW: combining "divert natd" with "keep-state""
2003 Oct 30
1
Using racoon-negotiated IPSec with ipfw and natd
[ -netters, please Cc me or security@ with replies. ]
I'm running into trouble integrating dynamic racoon-based IPSec into a network
with ipfw and natd. I need to be able to allow VPN access from any address
from authenticated clients. I've got the dynamic VPN working, with racoon
negotiating SAs and installing SPs, but the problem is that I can't tell
whether an incoming packet on
2005 May 11
3
icmp problem
hi i have a problem with my icmp, i have a router that
performs nat. i cannot ping to internet hosts from
more than one stations situated behind NAT at once. if
i want to ping from another station i have to stop the
ping that was initiated from the first host, and after
a few seconds i can ping from another station.i've
checked firewll and i have no ipfw rules that could
stop icmp traffic.
2003 Apr 30
6
how to configure a FreeBSD firewall to pass IPSec?
I have a FreeBSD box acting as a firewall and NAT gateway
I would like to set it up to transparently pass IPSec packets -- I have
an IPSec VPN client running on another machine, connecting to a remote network.
Is there a way to do this? I can't find any hints in the man pages.
2003 Jun 02
6
4.8-Stable DummyNet
Hi. We just opened a gaming center and have chosen to run a FreeBsd box for
our firewall. IPFW is configured at it's very basic running natd through rl0
and allowing any to any connections from the lan to the outer world. Natd
controls access to the lan.
We have a 6.0 mb/s ADSL net connection for all the gaming clients to use,
however if a gamer starts downloading a file, that file
2003 Oct 22
9
IPSec VPNs: to gif or not to gif
I will shortly be replacing a couple of proprietary VPN boxes
with a FreeBSD solution. Section 10.10 of the Handbook has a
detailed description of how to do this.
However I remember a lot of discussion about a year ago about
whether the gif interface was necessary to set up VPNs like
this or whether it was just a convenience, for "getting the
routing right". A number of people said
2003 Dec 19
6
Configuring JAIL to bind on lo0 interface
Hello,
I have configured jail for users with sshd ftpd and auth. I started this
jail on IP 127.0.0.10(there is an alias on lo0 interface), there was
not any bigger problem to start it. But i have a problem with internet in
this jail. I can log in to this jail through ssh or ftpd but i can't
connect to the internet. I try to set up some kind of nat but it doesn't
work.
Can anybody help me
2003 Sep 15
5
strange problem with: ed driver / 4.9-PRE
Hi,
in the kernel I have these lines:
[...]
device miibus # MII bus support
device rl
device ed
options IPFIREWALL #firewall
options IPFIREWALL_VERBOSE #enable logging to syslogd(8)
options IPFIREWALL_VERBOSE_LIMIT=0 #limit verbosity
options IPDIVERT #divert sockets
options DUMMYNET
2004 Feb 19
2
traffic normalizer for ipfw?
Hi there,
Is there some way to configure ipfw to do traffic
normalizing ("scrubbing", as in ipf for OpenBSD)? Is
there any tool to do it for FreeBSD firewalling?
I've heard that ipf was ported on current, anything
else?
TIA,
/Dorin.
__________________________________
Do you Yahoo!?
Yahoo! Mail SpamGuard - Read only the mail you want.
http://antispam.yahoo.com/tools
2005 May 17
1
ipfw question
does anyone what is the ipfw equivalent line for this
one?
rdr fxp0 external_ip_addres/32 port 69 -> 192.168.66.3
port 69 udp
i use a tftpd server behind a nat and i want to
redirect all trafic coming from internet on port 69 to
the tftpd server
10x for help
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
2003 May 31
3
Packet flow through IPFW+IPF+IPNAT ?
Hi.
On my FreeBSD 4.8 configured IPFW2+IPF+IPNAT and I use them all:
- IPFW - traffic accounting, shaping, balancing and filtering;
- IPFilter - policy routing;
- IPNAT - masquerading.
I want to know, how IP-packets flow through all of this components?
What's the path?
incoming: IPFW Layer2 -> IPFW&Dummynet -> IPNAT -> IPFilter ?
outgoing: IPFW Layer2 ->
2005 Nov 22
2
ipfw check-state issue
heya
i've been using freebsd's ipfw for quite a while and recently on a new
server i've got this issue with ipfw that i can't understand ... something
is wrong ...
01000 8042 1947866 allow ip from any to any via fxp0
01010 0 0 allow ip from any to any via lo0
01014 9886 4170269 divert 8668 ip from any to any in via vr0
01015 0 0 check-state
01130 14679 5695969 skipto 1800 ip from
2003 May 12
1
[Fwd: Re: Down the MPD road]
Made a typo in the cc: line. Coffee time, I guess.
-------- Original Message --------
Date: Mon, 12 May 2003 19:52:17 -0400
From: Bob K <melange@yip.org>
To: Michael Collette <metrol@metrol.net>
CC: freebsd.-security@freebsd.org
Subject: Re: Down the MPD road
> I did this, and it does correct the immediate problem. Of course, it
> also
> creates a new glitchy.
>
2003 Jun 08
1
redirect unauthorized users to a login page (natd as a transparent proxy)
Hello
I am trying to redirect all http traffic of unauthorized wifi users on a
wireless hotspot to a login page. The problem I have is that I can not
disable the regular address translation (I want the source address to stay
the same).
10.0.0.7 is the wifi client
195.250.155.29 is the web wifi user tries to access from his browser
195.113.17.94 is my login page
10.0.0.1 is the wifi
2009 Jan 08
2
Problems with network in jail
Hi all,
Is it mandatory to add device mem to jails to enable network via the gateway?
Left ezjail with FreeBSD-6.3 (and a hardware replacement of my server)
and am now starting again with FreeBSD-7.1.
Early this week, I upgraded from 7.0 to 7.1 (not having 'used' jails
on 7.0). After creating the jail with
`ezjail-admin update -i`
I created a 'ports build' jail
`ezjail-admin
2005 Feb 03
1
need ipfw clarification
Hello,
I noticed that after enabling firewall in my kernel (5.3-release), my
dmesg now gives me this:
ipfw2 initialized, divert disabled, rule-based forwarding disabled,
default to accept, logging limited to 5 packets/entry by default
On 5.2.1, I used to get this:
ipfw2 initialized, divert disabled, rule-based forwarding enabled,
default to accept, logging disabled
If both cases, I am
2004 Jan 14
4
re hardware requirement - asterisk
I have just checked the Openbsd box on the if interface.
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:02:55:30:54:28
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::202:55ff:fe30:5428%fxp0 prefixlen 64 scopeid 0x1
xl0:
2005 Apr 04
1
Strange messages in dmesg after DDoS-attack.
Dear list,
A few days ago one of my machines were attacked by a DDoS-attack using UDP
on random ports.. When I later on analyzed the logs, I found this in my
dmesg:
xl0: initialization of the rx ring failed (55)
xl0: initialization of the rx ring failed (55)
xl0: initialization of the rx ring failed (55)
I tried to find out on google what it ment, but without any luck. What
does that mean and
2004 Feb 24
3
improve ipfw rules
>> 3. I'm intrested in blocking kazaa/P2P trafic with IPFW any help in this
issue
you could possibly block connections at known p2p ports.
deny tcp from any to any 6699 step
but most of the newer protocols use dynamic ports and in turn, are
configurable.
so ipfw isn't exactly ideal on it's own for this.
-r.
-----Original Message-----
From: Pons [mailto:pons@gmx.li]
Sent:
2003 Apr 25
2
firewalling help/audit
Hi !
First of all, I am sorry if this is not the list for that, but I've been
learning (a little bit...) a way to implement a freeBSD firewall.
So far I came up with a set of rules I would like to show you for commenting.
I am sure there're a lot of errors and/or stupid rules (I am not sure the
rules order is good for what I need) and I would be really pleased if one
could have a look
2003 Aug 05
6
Problems with JAIL in 4.8R
Hi, i've set the outside ip for the jail..It works.. When i try to ssh to
jail'ed system from the main system (in which is created jail) the
connection is successful, but when i try to connect to jailed system from
anywhere else i get this message:
ssh: connect to host IP_NUMBER port 22: Operation timed out
What can be wrong here? How to solve this problem?