Displaying 20 results from an estimated 600 matches similar to: "Gigabit Ethernet Security With Ipfilter"
2003 Apr 09
5
httpd exited on signal 11
Hello Folks,
I have used FreeBSD-4.8-RC and apache 1.3.2x. In some days,my dmesg
has shown as the lines;
pid 9229 (httpd), uid 80: exited on signal 11
pid 10106 (httpd), uid 80: exited on signal 11
pid 9842 (httpd), uid 80: exited on signal 11
pid 35708 (httpd), uid 80: exited on signal 11
pid 9371 (httpd), uid 80: exited on signal 11
pid 10337 (httpd), uid 80: exited on
2003 Apr 11
2
Ipf headers not installed per default ?
Just rebuilt and installed/world kernel: FreeBSD 4.8-STABLE #0: Fri Apr 11
14:34:37 EDT 2003
Using the latest Makefile for squid25:
# fgrep \$FreeBSD /usr/ports/www/squid/Makefile
# $FreeBSD: ports/www/squid/Makefile,v 1.100 2003/04/09 08:31:30 adrian Exp $
Modified with:
# fgrep CONFIGURE_ARGS Makefile |fgrep -v \#
CONFIGURE_ARGS= --bindir=${PREFIX}/sbin --sysconfdir=${PREFIX}/etc/squid \
2003 Jun 20
6
How can convert user expired days in human readable ?
Hello all,
On my system, some users have expire day user settings. I write a
(python) script
then parse the: 7.th selection in the master.passwd
blabla:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:1064005200:xxxx:xxxx:xxxx:xxxx
How can I conver the number like 1064005200 to human readable date format ?
Or, there is a way to collect the information from a command interactively ?
Regards,
Murat Ustuntas
2003 Aug 07
1
problems with ipfilter on 5.1-RELEASE
hi all
i'm trying to get ipfilter set up on my new 5.1-RELEASE box. ipfilter
seems to be working fine. i just have a couple of issues that are
probably not very serious...
one thing is that during network startup at boot, i get the message
IPFilter: already initialized
repeated 4 times.
i think i have everything configured properly
my kernel config looks like
options IPFILTER
options
2004 Aug 10
2
Error With Kernel Module IPFILTER
I've found out from two different kernel configs
that after properly compling kernel with IPFILTER support
it causes the system not to boot. Its hard to say, what exactly it does, cause its not a local system.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
2003 Jun 07
1
Impossible to IPfilter this?
Hi!
I'm trying to increase security on my FreeBSD 4.8 firewall/DSL router/VPN
router.
My problem is with firewalling the VPN part. I'm using a tunnel to a
RedHat 7.1 box running FreeS/WAN. This tunnel allows traffic from my
internal net (172.17.0.0/24) to that box only:
spdadd 172.17.0.0/24 $REDHAT/32 any -P out ipsec esp/tunnel/$MYADDR-$REDHAT/unique;
spdadd $REDHAT/32 172.17.0.0/24
2004 Feb 13
3
SYN Attacks - how i cant stop it
Hi,
I got this error when i tried to type for some of those.
"sysctl: unknown oid...." any idea..
my server seems to be very lagged, where else
the network connection seems fine, i think BSD
itself as my other redhat box is fine.
What else can i do to get optimum protection.
Thanks.
----- Original Message -----
From: "Per Engelbrecht" <per@xterm.dk>
To:
2003 Apr 08
7
4.8-STABLE Kernel Panic with dummynet options.
I first met this problem when our (60 students) internetgateway refused to
boot its new kernel, it was a 4.7-RELEASE. Then i loaded the old kernel and
went home to check if my 4.8-STABLE does likewise. And the answer was yes!
Both kernels were GENERIC + these options taken from the dummynet man pages:
options DUMMYNET
options NMBCLUSTERS
options HZ
When i boot the machine
2003 Mar 26
7
Multiple Firewalls with ipfilter?
We're supposed to provide redundant firewall service. I'm wondering
if anyone has ever tried to do this and if it's realistic. Basically
2 firewall machines hooked up so if one fails the other will
transparently step in. I've googled it to death without much luck.
The security issue here lies in that the 2 firewalls can't talk to
each other. So if I'm keeping state on
2003 Jul 12
5
jails, ipfilter & stunnel
I'm setting up a server where I plan to use Jails to improve security
I also have installed and am configuring ipfilter. Here are my
questions:
Because I'm using Jails, I will have to have multiple ip aliases on the
network interface. I will use ipfilter to specify what can go to each
of the addresses. (e.g., allow only incoming to port 80 on the jail
running apache).
Another
2004 Nov 24
2
Mbuf errors
Hi All,
Mysql service is going down continously in my system due to lack of memory
space.
I checked the messages log and found the following error message.
All mbuf clusters exhausted, please see tuning(7).
I have no idea about mbuf cluster. Can anyone please help me to fix the issue.
I hope the information below will help you.
Following is the output of top.
last pid: 84718; load
2003 May 31
3
Packet flow through IPFW+IPF+IPNAT ?
Hi.
On my FreeBSD 4.8 configured IPFW2+IPF+IPNAT and I use them all:
- IPFW - traffic accounting, shaping, balancing and filtering;
- IPFilter - policy routing;
- IPNAT - masquerading.
I want to know, how IP-packets flow through all of this components?
What's the path?
incoming: IPFW Layer2 -> IPFW&Dummynet -> IPNAT -> IPFilter ?
outgoing: IPFW Layer2 ->
2004 Apr 22
0
ipfilter/ipfw + bridge + out checking
Hi all.
I didn't find any thread discussing it, sorry if I am re-posting the same
subject.
Is there a way to check the ipfilter/ipfw out-flow with bridge? Is it
implemented?
I've heard its not done due a performance issue (it's writen in ipf-howto),
but performance is not the main goal for me in this single situation. I
would like to have the stateful firewall and the bridge _fully_
2003 Jun 06
0
Request for documenting IPSec, NAT/divert, ipfw, ipfilter ... in kernel flow ?
Hi,
sorry for cross-mailing. Reply-to: set to freebsd-net.
I have seen some discussion on freebsd-security etc. about some parts
of the subject. I have seen older messages in archives.
Regularly the same questions seem to come up.
I have not found an all-including description of the answer to s.th.
like:
"Can anybody tell me the order packets get processed in kernel related
to IPSec,
2010 Jan 15
4
Bridging firewall with snv_125 and ipfilter
Has anyone gotten a transparent firewall working? I''m using snv_125 on an IBM x346 (snv_130
goes into endless boot loops on this hardware). I can create a working bridge with dladm, but
can''t stop packets, even with "block in quick all". That stops packets on my management
interface bge0, but not on the bridge. :(
tim at ghost:~# ifconfig -a
lo0:
2008 Jul 24
0
cvs commit: src/contrib/pf/pfctl parse.y src/lib/libc/sys Symbol.map getsockopt.2 src/sbin/ipfw ipfw.8 ipfw2.c src/sys/conf NOTES options src/sys/contrib/ipfilter/netinet ip_fil_freebsd.c src/sys/contrib/pf/net pf.c pf_ioctl.c src/sys/kern init_sysent.c
This looks like a very cool feature addition to RELENG_7! Are there
any performance penalties that you know of with this built in ?
---Mike
At 09:13 PM 7/23/2008, Julian Elischer wrote:
>julian 2008-07-24 01:13:22 UTC
>
> FreeBSD src repository
>
> Modified files: (Branch: RELENG_7)
> contrib/pf/pfctl parse.y
> lib/libc/sys
2003 Jan 13
2
Rsync over SSH v2 with strong authentication but not encrypted to get the highest speed on Rsync?
Hello
I am trying to set up a backup server running Solaris 8 with rsync 2.5.5 and
ipfilter the latest version.
The problem i have is i have about 16 different interfaces that are secured
via ipfilter , and i tried running rsync via rsh but ipfilter would not set
up a keepstate with rsh which meant i had to open up and that is not
acceptable.
So what i tried then was via ssh and that worked fine
2004 Feb 29
5
mbuf vulnerability
In
http://docs.freebsd.org/cgi/mid.cgi?200402260743.IAA18903
it seems RELENG_4 is vulnerable. Is there any work around to a system that
has to have ports open ?
Version: 1 2/18/2004@03:47:29 GMT
>Initial report
>
<<https://ialert.idefense.com/KODetails.jhtml?irId=207650>https://ialert.idefense.com/KODetails.jhtml?irId=207650;
>ID#207650:
>FreeBSD Memory Buffer
2003 May 20
3
lots of sockets in TIME_WAIT
Hi there,
I have some DDOS(?) attack on my router going where my apache HTTP
server is flooded with short-timed connections from some host. This
results in LOTS of sockets in TIME_WAIT/LAST_ACK/CLOSING states and
eventually I'm out of mbufs, which, consequently means I can't even
connect to the router from LAN. The kern.ipc.nmbclusters is 2560, (I
guess high enough for router with
2003 Sep 29
4
IPFILTER_DEFAULT_BLOCK & No route to host
Hi,
After the option IPFILTER_DEFAULT_BLOCK is specified at kernel conf on FreeBSD 4.8 stable (cvsup'd
with tag RELENG_4_8), the machine cannot be ping'd by others on the same network.
In addition, the machine cannot ping itself.
ping localhost (or 127.0.0.1) -> no route to host
ping itself with its own ip address -> no route to host
The freebsd box, with an external pppoe