From owner-freebsd-pf@FreeBSD.ORG Mon Nov 5 02:54:38 2007 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2289816A418; Mon, 5 Nov 2007 02:54:38 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 0269B13C48D; Mon, 5 Nov 2007 02:54:38 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id lA52sbLN096340; Mon, 5 Nov 2007 02:54:37 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id lA52sbmG096336; Mon, 5 Nov 2007 02:54:37 GMT (envelope-from linimon) Date: Mon, 5 Nov 2007 02:54:37 GMT Message-Id: <200711050254.lA52sbmG096336@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-pf@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/117827: [pf] kernel panic with pf and ng X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Nov 2007 02:54:38 -0000 Old Synopsis: Kernel Panic New Synopsis: [pf] kernel panic with pf and ng Responsible-Changed-From-To: freebsd-bugs->freebsd-pf Responsible-Changed-By: linimon Responsible-Changed-When: Mon Nov 5 02:53:10 UTC 2007 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=117827 From owner-freebsd-pf@FreeBSD.ORG Mon Nov 5 11:07:02 2007 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E387916A49C for ; Mon, 5 Nov 2007 11:07:02 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id D47CE13C4B2 for ; Mon, 5 Nov 2007 11:07:02 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id lA5B72Vj026389 for ; Mon, 5 Nov 2007 11:07:02 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id lA5B729G026385 for freebsd-pf@FreeBSD.org; Mon, 5 Nov 2007 11:07:02 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 5 Nov 2007 11:07:02 GMT Message-Id: <200711051107.lA5B729G026385@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Nov 2007 11:07:03 -0000 Current FreeBSD problem reports Critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/111220 pf [pf] repeatable hangs while manipulating pf tables 1 problem total. Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/82271 pf [pf] cbq scheduler cause bad latency o kern/92949 pf [pf] PF + ALTQ problems with latency o kern/110698 pf [pf] nat rule of pf without "on" clause causes invalid o bin/116610 pf [patch] teach tcpdump(1) to cope with the new-style pf o kern/117827 pf [pf] kernel panic with pf and ng 5 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/93825 pf [pf] pf reply-to doesn't work o kern/106400 pf [pf] fatal trap 12 at restart of PF with ALTQ if ng0 d s conf/110838 pf tagged parameter on nat not working on FreeBSD 5.2 o kern/114567 pf [pf] LOR pf_ioctl.c + if.c o kern/115640 pf [net] [pf] pfctl -k dont works o kern/116645 pf pfctl -k does not work in securelevel 3 7 problems total. From owner-freebsd-pf@FreeBSD.ORG Mon Nov 5 17:50:03 2007 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6645D16A41B for ; Mon, 5 Nov 2007 17:50:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 50D3813C4BA for ; Mon, 5 Nov 2007 17:50:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id lA5Ho3rO050942 for ; Mon, 5 Nov 2007 17:50:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id lA5Ho3E6050939; Mon, 5 Nov 2007 17:50:03 GMT (envelope-from gnats) Date: Mon, 5 Nov 2007 17:50:03 GMT Message-Id: <200711051750.lA5Ho3E6050939@freefall.freebsd.org> To: freebsd-pf@FreeBSD.org From: Remko Lodder Cc: Subject: Re: kern/117827: Kernel Panic X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Remko Lodder List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Nov 2007 17:50:03 -0000 The following reply was made to PR kern/117827; it has been noted by GNATS. From: Remko Lodder To: Dmitry Rybin Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: kern/117827: Kernel Panic Date: Mon, 05 Nov 2007 18:46:02 +0100 Dmitry Rybin wrote: > FreeBSD alpha.kirgudu.loc 7.0-BETA2 FreeBSD 7.0-BETA2 #0: Mon Nov 5 00:34:07 MSK 2007 diman@alpha.kirgudu.loc:/usr/obj/usr/src/sys/ALPHA7 i386 > >> Description: > If I use pf packet filter and use ng interface, then I am destroy interface and create it -> pfctl -f /etc/pf.conf -> kernel panic >> How-To-Repeat: > 1. > enable pf. > pf.conf > vpn_if="ng0" > > pass out quick on $vpn_if keep state > =========================== > 2. > mpd4, create connection. > =========================== > 3. > pfctl -f /etc/pf.conf > =========================== > 4. > Stop and then start mpd4. > =========================== > 5. > pfctl -f /etc/pf.conf > > KERNEL PANIC >> Fix: > I don't know > Hello, Please obtain a kernel dump and backtrace and post them in the ticket (reply-all to this message). You can read how you do that through: http://www.freebsd.org/doc/en/developers-handbook/kerneldebug.html The current information is too narrow to be useful for resolving the problem. Thanks, remko -- Kind regards, Remko Lodder ** remko@elvandar.org FreeBSD ** remko@FreeBSD.org /* Quis custodiet ipsos custodes */ From owner-freebsd-pf@FreeBSD.ORG Mon Nov 5 21:06:54 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ABB7F16A419 for ; Mon, 5 Nov 2007 21:06:54 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177]) by mx1.freebsd.org (Postfix) with ESMTP id 36D3D13C4B3 for ; Mon, 5 Nov 2007 21:06:54 +0000 (UTC) (envelope-from max@love2party.net) Received: from amd64.laiers.local (dslb-088-066-005-200.pools.arcor-ip.net [88.66.5.200]) by mrelayeu.kundenserver.de (node=mrelayeu8) with ESMTP (Nemesis) id 0ML31I-1Ip93o49Dd-0003dT; Mon, 05 Nov 2007 22:00:44 +0100 From: Max Laier Organization: FreeBSD To: "Mark Miles" Date: Mon, 5 Nov 2007 22:00:30 +0100 User-Agent: KMail/1.9.7 References: In-Reply-To: X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2338776.X3askWqLb8"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200711052200.38733.max@love2party.net> X-Provags-ID: V01U2FsdGVkX19n7/qTwoT3TOKl4SoKvpdeSOfkmhH/nxEOhla 1h2HbX/HItUOKjOQoXM89tbsA5Tht90O0SB6SkKd9vnKkn/6OX yKh6Y+12QhbuHFvtZFuAkjzyvAfCT2/BA3GazqhAfk= Cc: freebsd-pf@freebsd.org Subject: Re: carp_iamatch filling up system log X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Nov 2007 21:06:54 -0000 --nextPart2338776.X3askWqLb8 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 05 November 2007, Mark Miles wrote: > I am getting a lot of errors using the carpdev BETA patch against HEAD > provided by Max a few days ago. I don't know if I should be concerned > about them or if they are just informational. These are the main two > carp/vlan devices causing errors, but it happens on others as well - > at random times. > > > carp_iamatch(vlan2, xx.xxx.xx.37, xx.xx.xxx.137, ...) > not: carp2 > carp_iamatch(vlan6, xx.xxx.xx.6, xx.xx.xxx.169, ...) > not: carp6 Ups ... left over debugging. I'll provide an updated patch in a bit. You= =20 can also just grep for that printf and comment it out. Thanks for=20 testing! > fxp1: flags=3D8943 > metric 0 mtu 1500 > options=3D4b > ether 00:02:b3:4d:0b:58 > media: Ethernet 100baseTX > status: active > > vlan2: flags=3D8943 > metric 0 mtu 1500 > ether 00:02:b3:4d:0b:58 > media: Ethernet 100baseTX > status: active > vlan: 2 parent interface: fxp1 > > vlan6: flags=3D8943 > metric 0 mtu 1500 > ether 00:02:b3:4d:0b:58 > media: Ethernet 100baseTX > status: active > vlan: 6 parent interface: fxp1 > > carp2: flags=3D8843 metric 0 mtu > 1500 ether 00:00:5e:00:01:02 > inet xx.xxx.xxx.137 netmask 0xfffffff8 > carp: BACKUP carpdev vlan2 vhid 2 advbase 1 advskew 200 > > carp6: flags=3D8843 metric 0 mtu > 1500 ether 00:00:5e:00:01:06 > inet xx.xx.xxx.169 netmask 0xfffffff8 > carp: BACKUP carpdev vlan6 vhid 6 advbase 1 advskew 200 > > I also got this error when I had an IP on fxp0 and carp100 using > carpdev fxp0: > > arp: xx.xxx.xx.34 is on fxp0 but got reply from 00:03:47:71:a8:b3 on > carp100 carp_iamatch(fxp0, xx.xxx.xx.37, xx.xxx.xx.34, ...) > arp: xx.xxx.xx.33 is on fxp0 but got reply from 00:0c:f1:bb:66:84 on > carp100 I'll look into it. Looks like a too strict check for the carp case - i.e.= =20 the code should ignore this condition on carp interfaces, but somehow my=20 check is wrong. > Please advise, I am filling up message logs at the rate of every 3 > hours!! > > On a side note, this machine is serves vlan trunks which is why I > needed carpdev in the first place (as to not waste more usable public > ips with two gateway ips in a /29 that are silent just to run the one > gateway needed), thus giving my customers 2 useable IP addresses. > With carpdev I can give them 5. Currently, an OpenBSD 4.2-current box > serves as the "MASTER" and I am using a FreeBSD 8.0-CURRENT box to > serve as "BACKUP". When I rebooted the OpenBSD box, everything failed > over as it should, but I got more carp_iamatch errors on almost every > vlan/carp pair. Could the OpenBSD <-> FreeBSD differences in carp be > causing these errors?? Neither are real errors, as far as I can tell ... I'll look into it in=20 more detail and provide an updated patch. For now you can just shut up=20 the printfs. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2338776.X3askWqLb8 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBHL4R2XyyEoT62BG0RAqtUAJ91qdqIym6pGaLIR6JqnJv7V2JtKQCdFUxk 0dHDKSUHhv+ji2R0NR0cJCo= =BlfK -----END PGP SIGNATURE----- --nextPart2338776.X3askWqLb8-- From owner-freebsd-pf@FreeBSD.ORG Mon Nov 5 21:12:51 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D228816A46B for ; Mon, 5 Nov 2007 21:12:51 +0000 (UTC) (envelope-from mlmiles@gmail.com) Received: from el-out-1112.google.com (el-out-1112.google.com [209.85.162.182]) by mx1.freebsd.org (Postfix) with ESMTP id 73A4C13C4A6 for ; Mon, 5 Nov 2007 21:12:51 +0000 (UTC) (envelope-from mlmiles@gmail.com) Received: by el-out-1112.google.com with SMTP id s27so351746ele for ; Mon, 05 Nov 2007 13:12:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth; bh=Iv5kTuuPm5nrYzpPQqAHG3txldMKTzuUWz5YdtPi0Uk=; b=VnfADG20kB680uKO6nsBT0teFFeJbJ7zerPkTpA92ViUZZbmATvfJXU5WFTRkXZzsgUinoKQzUWLaSwFpbnl/mebtCVl3EGPle+mO6lfPld5LTugpW2fycOB3NOWfO1gLvg5VZ8eFA69VtoX0BTLqf9bcyJOMDeXR/fG8o4arJ4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth; b=KwU+/CyAIYWpa9SsdL09KBfdU1rLx6Sb0AfvDFR5+t1j6Gn7gA1gOQ0aWBCYi1XRsFtnrm9RpOfMyi7KaRRTgCnJq/x4EY2G3cQ9Qk+qQRcG5aTuyNWdNqXY0a/mQ5mwYa7BzEV/krBOvGLmC2JepxKeS9ES7qXK9O8UgX00Iaw= Received: by 10.142.97.20 with SMTP id u20mr440375wfb.1194295666629; Mon, 05 Nov 2007 12:47:46 -0800 (PST) Received: by 10.142.86.9 with HTTP; Mon, 5 Nov 2007 12:47:46 -0800 (PST) Message-ID: Date: Mon, 5 Nov 2007 14:47:46 -0600 From: "Mark Miles" Sender: mlmiles@gmail.com To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Google-Sender-Auth: 1d6b7209d07f422c Subject: carp_iamatch filling up system log X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Nov 2007 21:12:51 -0000 I am getting a lot of errors using the carpdev BETA patch against HEAD provided by Max a few days ago. I don't know if I should be concerned about them or if they are just informational. These are the main two carp/vlan devices causing errors, but it happens on others as well - at random times. carp_iamatch(vlan2, xx.xxx.xx.37, xx.xx.xxx.137, ...) not: carp2 carp_iamatch(vlan6, xx.xxx.xx.6, xx.xx.xxx.169, ...) not: carp6 fxp1: flags=8943 metric 0 mtu 1500 options=4b ether 00:02:b3:4d:0b:58 media: Ethernet 100baseTX status: active vlan2: flags=8943 metric 0 mtu 1500 ether 00:02:b3:4d:0b:58 media: Ethernet 100baseTX status: active vlan: 2 parent interface: fxp1 vlan6: flags=8943 metric 0 mtu 1500 ether 00:02:b3:4d:0b:58 media: Ethernet 100baseTX status: active vlan: 6 parent interface: fxp1 carp2: flags=8843 metric 0 mtu 1500 ether 00:00:5e:00:01:02 inet xx.xxx.xxx.137 netmask 0xfffffff8 carp: BACKUP carpdev vlan2 vhid 2 advbase 1 advskew 200 carp6: flags=8843 metric 0 mtu 1500 ether 00:00:5e:00:01:06 inet xx.xx.xxx.169 netmask 0xfffffff8 carp: BACKUP carpdev vlan6 vhid 6 advbase 1 advskew 200 I also got this error when I had an IP on fxp0 and carp100 using carpdev fxp0: arp: xx.xxx.xx.34 is on fxp0 but got reply from 00:03:47:71:a8:b3 on carp100 carp_iamatch(fxp0, xx.xxx.xx.37, xx.xxx.xx.34, ...) arp: xx.xxx.xx.33 is on fxp0 but got reply from 00:0c:f1:bb:66:84 on carp100 Please advise, I am filling up message logs at the rate of every 3 hours!! On a side note, this machine is serves vlan trunks which is why I needed carpdev in the first place (as to not waste more usable public ips with two gateway ips in a /29 that are silent just to run the one gateway needed), thus giving my customers 2 useable IP addresses. With carpdev I can give them 5. Currently, an OpenBSD 4.2-current box serves as the "MASTER" and I am using a FreeBSD 8.0-CURRENT box to serve as "BACKUP". When I rebooted the OpenBSD box, everything failed over as it should, but I got more carp_iamatch errors on almost every vlan/carp pair. Could the OpenBSD <-> FreeBSD differences in carp be causing these errors?? Thanks for any assistance, Mark Miles Network Manager I20 Access mmiles@i20a.com From owner-freebsd-pf@FreeBSD.ORG Tue Nov 6 19:32:44 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2C38816A41A for ; Tue, 6 Nov 2007 19:32:44 +0000 (UTC) (envelope-from bounces@nabble.com) Received: from kuber.nabble.com (kuber.nabble.com [216.139.236.158]) by mx1.freebsd.org (Postfix) with ESMTP id 145DD13C491 for ; Tue, 6 Nov 2007 19:32:44 +0000 (UTC) (envelope-from bounces@nabble.com) Received: from isper.nabble.com ([192.168.236.156]) by kuber.nabble.com with esmtp (Exim 4.63) (envelope-from ) id 1IpTrX-000237-EN for freebsd-pf@freebsd.org; Tue, 06 Nov 2007 11:13:23 -0800 Message-ID: <13613687.post@talk.nabble.com> Date: Tue, 6 Nov 2007 11:13:23 -0800 (PST) From: Umar To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Nabble-From: unix.co@gmail.com Subject: squid and apache same machine X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Nov 2007 19:32:44 -0000 I have squid and apache in the same machine. My problem is that the users cannot see the web page at the same machine in which squid is installed. Any idea why? Here is the pf rules for transparenting squid. rdr on $int_if proto tcp from $internal_net to port 80 -> 127.0.0.1 port 3128 Regards, Umar Draz -- View this message in context: http://www.nabble.com/squid-and-apache-same-machine-tf4760325.html#a13613687 Sent from the freebsd-pf mailing list archive at Nabble.com. From owner-freebsd-pf@FreeBSD.ORG Tue Nov 6 22:16:11 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9ECA316A418 for ; Tue, 6 Nov 2007 22:16:11 +0000 (UTC) (envelope-from Greg.Hennessy@nviz.net) Received: from smtp1.bethere.co.uk (smtp1.betherenow.co.uk [87.194.0.68]) by mx1.freebsd.org (Postfix) with ESMTP id 6754713C480 for ; Tue, 6 Nov 2007 22:16:10 +0000 (UTC) (envelope-from Greg.Hennessy@nviz.net) Received: from thebeast (87-194-161-157.bethere.co.uk [87.194.161.157]) by smtp1.bethere.co.uk (Postfix) with SMTP id 484EF98118; Tue, 6 Nov 2007 21:57:44 +0000 (GMT) From: "Greg Hennessy" To: "'Umar'" , References: <13613687.post@talk.nabble.com> In-Reply-To: <13613687.post@talk.nabble.com> Date: Tue, 6 Nov 2007 21:57:43 -0000 Message-ID: <004e01c820c0$0f642490$2e2c6db0$@Hennessy@nviz.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 thread-index: Acggr9tCtmbNDi9vQGS08OO2KQm9ewAD83kw Content-Language: en-gb x-cr-hashedpuzzle: BOzx EfKm Fqrj G3rl G5vj H0ZG IhNt LcQe P0df QwNm R74D SfPx TNfd TRt9 Uigx Uqn6; 2; ZgByAGUAZQBiAHMAZAAtAHAAZgBAAGYAcgBlAGUAYgBzAGQALgBvAHIAZwA7AHUAbgBpAHgALgBjAG8AQABnAG0AYQBpAGwALgBjAG8AbQA=; Sosha1_v1; 7; {CD928064-DF78-4C9B-B8B5-4E75DE2F9F26}; ZwByAGUAZwAuAGgAZQBuAG4AZQBzAHMAeQBAAG4AdgBpAHoALgBuAGUAdAA=; Tue, 06 Nov 2007 21:57:38 GMT; UgBFADoAIABzAHEAdQBpAGQAIABhAG4AZAAgAGEAcABhAGMAaABlACAAcwBhAG0AZQAgAG0AYQBjAGgAaQBuAGUA x-cr-puzzleid: {CD928064-DF78-4C9B-B8B5-4E75DE2F9F26} X-Antivirus: avast! (VPS 071105-1, 05/11/2007), Outbound message X-Antivirus-Status: Clean Cc: Subject: RE: squid and apache same machine X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Nov 2007 22:16:11 -0000 > I have squid and apache in the same machine. My problem is that the > users > cannot see the web page at the same machine in which squid is > installed. Any > idea why? Yes, you should only policy route traffic *not* destined for your webserver Try something like this instead # Transparent Squid Redirect # # rdr pass on $Int $TCP from to ! port www -> 127.0.0.1 port 3128 Greg From owner-freebsd-pf@FreeBSD.ORG Tue Nov 6 22:34:49 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0C20016A420 for ; Tue, 6 Nov 2007 22:34:49 +0000 (UTC) (envelope-from atanas.gendov@gmail.com) Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.188]) by mx1.freebsd.org (Postfix) with ESMTP id D672513C4A6 for ; Tue, 6 Nov 2007 22:34:48 +0000 (UTC) (envelope-from atanas.gendov@gmail.com) Received: by rv-out-0910.google.com with SMTP id l15so1665963rvb for ; Tue, 06 Nov 2007 14:34:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=+m2pPyt2skwo0ng7y785cLVTQ2emeuLG57u5STVD75M=; b=oocRnUBqeP2N5iDr7unZJEuVOEz9ncBdHoJkscieXjiT7wCKRKeqCDoAZm+F4A5jzEcZjE5oxNJsJAmzc/2gPi8TkHgbkA08a1JX+Ye8MMlmt1vS7fEY/s3L+moOkEH7E7ELa2dbbmJnMyqV5qnLGtH8sxTfOosPK9bWKPFoWU0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=RpcVMCQ9uNUksXgT07b4iy9BlxIMQiQV5R6W80g1m7vxlz89XkgPaxqQRNlGf0Fr1NOqS4RL8EkOl0AV44Gry8RcXVnWm7bThhWd6K8ZWlFDfigQVl/05Dyf49r3KR2djIfRpVHhMG7eNQWLEGL1G7aCvQEcqtCumDq3y63X2jo= Received: by 10.141.14.14 with SMTP id r14mr3185315rvi.1194386926740; Tue, 06 Nov 2007 14:08:46 -0800 (PST) Received: by 10.140.169.20 with HTTP; Tue, 6 Nov 2007 14:08:46 -0800 (PST) Message-ID: <36e46ac80711061408k68717024ia30e89f9f6e97eed@mail.gmail.com> Date: Wed, 7 Nov 2007 00:08:46 +0200 From: "Atanas Gendov" To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: About Packet Filter 4.2 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Nov 2007 22:34:49 -0000 Dear developers, I found this mail and I hope this is the right address. I have questions about new OpenBSD's PF 4.2. I found some interesting news about PF http://www.onlamp.com/lpt/a/7155 Me and many other people are interested to see PF 4.2 in FreeBSD 7, because we like FreeBSD, but we use PF. Are you planning to include PF 4.2 in FreeBSD 7 during the Beta versions? Please give me an answer about PF on FreeBSD! :) Best Regards, Atanas Gendov From owner-freebsd-pf@FreeBSD.ORG Wed Nov 7 03:15:27 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7EB5C16A418 for ; Wed, 7 Nov 2007 03:15:27 +0000 (UTC) (envelope-from syleishere@hotmail.com) Received: from bay0-omc1-s35.bay0.hotmail.com (bay0-omc1-s35.bay0.hotmail.com [65.54.246.107]) by mx1.freebsd.org (Postfix) with ESMTP id 69EAB13C491 for ; Wed, 7 Nov 2007 03:15:27 +0000 (UTC) (envelope-from syleishere@hotmail.com) Received: from BAY102-W42 ([64.4.61.142]) by bay0-omc1-s35.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 6 Nov 2007 19:03:14 -0800 Message-ID: X-Originating-IP: [24.79.240.75] From: syle ishere To: Date: Tue, 6 Nov 2007 21:03:14 -0600 Importance: Normal MIME-Version: 1.0 X-OriginalArrivalTime: 07 Nov 2007 03:03:14.0485 (UTC) FILETIME=[BCF7C650:01C820EA] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: pflogd not logging certain rules X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Nov 2007 03:15:27 -0000 pass in log proto { tcp, udp } from any to $ext_if port { 21, 22 } flags S/= SA keep state \(max-src-conn 5, max-src-conn-rate 5/60, overload flus= h global) =20 I use the "pass in LOG" here and it does not log at all. I go connect to port 21 or 22 and watch logs and nothing. My other logging rules do work for things like: pass in log proto tcp from any to $ext_if port 25 keep state =20 So i know the logging actually does work, but the first line does not, any = ideas? =20 Dan. =20 =20 _________________________________________________________________ Send a smile, make someone laugh, have some fun! Start now! http://www.freemessengeremoticons.ca/?icid=3DEMENCA122= From owner-freebsd-pf@FreeBSD.ORG Wed Nov 7 03:22:53 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 12D8716A421 for ; Wed, 7 Nov 2007 03:22:53 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by mx1.freebsd.org (Postfix) with ESMTP id 998C713C4B6 for ; Wed, 7 Nov 2007 03:22:52 +0000 (UTC) (envelope-from max@love2party.net) Received: from amd64.laiers.local (dslb-088-066-012-178.pools.arcor-ip.net [88.66.12.178]) by mrelayeu.kundenserver.de (node=mrelayeu7) with ESMTP (Nemesis) id 0ML2xA-1IpbVB1M3g-0005On; Wed, 07 Nov 2007 04:22:49 +0100 From: Max Laier Organization: FreeBSD To: freebsd-pf@freebsd.org Date: Wed, 7 Nov 2007 04:22:41 +0100 User-Agent: KMail/1.9.7 References: In-Reply-To: X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2603792.viM6RKrmlF"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200711070422.48022.max@love2party.net> X-Provags-ID: V01U2FsdGVkX1+GuD8LrlPbqqLHw1UYg9+QLDGJlxkLvzRFqyj ilnVu9PkvAxQf63vLky6MELFmjbWP3EBJxlBObldg09egq0cyf g1+NcuQXS3wRCFSVb3LK6WVuFpf3tYFWxnGbF5ItSM= Cc: Subject: Re: pflogd not logging certain rules X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Nov 2007 03:22:53 -0000 --nextPart2603792.viM6RKrmlF Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Wednesday 07 November 2007, syle ishere wrote: > pass in log proto { tcp, udp } from any to $ext_if port { 21, 22 } > flags S/SA keep state \(max-src-conn 5, max-src-conn-rate 5/60, > overload flush global) > > I use the "pass in LOG" here and it does not log at all. > I go connect to port 21 or 22 and watch logs and nothing. > My other logging rules do work for things like: > pass in log proto tcp from any to $ext_if port 25 keep state > > So i know the logging actually does work, but the first line does not, > any ideas? Are you sure the rule is even hit? Check with "pfctl -vvvsr" and look at=20 the match/packets/bytes counters. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2603792.viM6RKrmlF Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBHMS+IXyyEoT62BG0RAqyVAJ4/JgR2hQbZ5OJgBVM+taEN5m+rIwCeJ9Ri vsWGtVAcp8r1E3eO+DxkjH0= =k1sL -----END PGP SIGNATURE----- --nextPart2603792.viM6RKrmlF-- From owner-freebsd-pf@FreeBSD.ORG Wed Nov 7 03:24:14 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BEC4F16A417 for ; Wed, 7 Nov 2007 03:24:14 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171]) by mx1.freebsd.org (Postfix) with ESMTP id 53BCC13C4BD for ; Wed, 7 Nov 2007 03:24:14 +0000 (UTC) (envelope-from max@love2party.net) Received: from amd64.laiers.local (dslb-088-066-012-178.pools.arcor-ip.net [88.66.12.178]) by mrelayeu.kundenserver.de (node=mrelayeu6) with ESMTP (Nemesis) id 0ML29c-1IpbWV25nK-0006VF; Wed, 07 Nov 2007 04:24:11 +0100 From: Max Laier Organization: FreeBSD To: freebsd-pf@freebsd.org Date: Wed, 7 Nov 2007 04:24:09 +0100 User-Agent: KMail/1.9.7 References: <36e46ac80711061408k68717024ia30e89f9f6e97eed@mail.gmail.com> In-Reply-To: <36e46ac80711061408k68717024ia30e89f9f6e97eed@mail.gmail.com> X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1430316.k1Mj6TAP2N"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200711070424.10662.max@love2party.net> X-Provags-ID: V01U2FsdGVkX1/k91WQGKPH45yqJdI6mKAUmxjOhK4mWyLPOqs zKIsXZirT/5k8DH+oD0cthPTQ+ujVHrVB3Z3IU/14PHw/41RIP RXXbyFEX2zQDY0hiut5YhvqHYZmAvPBP2KTyWnQxFs= Cc: Atanas Gendov Subject: Re: About Packet Filter 4.2 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Nov 2007 03:24:14 -0000 --nextPart1430316.k1Mj6TAP2N Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 06 November 2007, Atanas Gendov wrote: > Dear developers, I found this mail and I hope this is the right > address. I have questions about new OpenBSD's PF 4.2. I found some > interesting news about PF http://www.onlamp.com/lpt/a/7155 > Me and many other people are interested to see PF 4.2 in FreeBSD 7, > because we like FreeBSD, but we use PF. Are you planning to include PF > 4.2 in FreeBSD 7 during the Beta versions? > Please give me an answer about PF on FreeBSD! :) We will first have to get 7.0 out of the door and look at the 4.2=20 improvements after that. There are some things in there that break ABI=20 and will thus not be in any 7.x releases, but most of the performance=20 improvements can easily be MFCed later on. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1430316.k1Mj6TAP2N Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBHMS/aXyyEoT62BG0RAgGxAJ9fec/65vi8yZsg1pUqQyaHdYPI6QCeN6/M xFkHmzd0noPlzdLsi5jYCVo= =p2MU -----END PGP SIGNATURE----- --nextPart1430316.k1Mj6TAP2N-- From owner-freebsd-pf@FreeBSD.ORG Wed Nov 7 05:34:08 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AED2E16A421 for ; Wed, 7 Nov 2007 05:34:08 +0000 (UTC) (envelope-from syleishere@hotmail.com) Received: from bay0-omc2-s35.bay0.hotmail.com (bay0-omc2-s35.bay0.hotmail.com [65.54.246.171]) by mx1.freebsd.org (Postfix) with ESMTP id 985B313C4B8 for ; Wed, 7 Nov 2007 05:34:08 +0000 (UTC) (envelope-from syleishere@hotmail.com) Received: from BAY102-W20 ([64.4.61.120]) by bay0-omc2-s35.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 6 Nov 2007 21:34:03 -0800 Message-ID: X-Originating-IP: [24.79.240.75] From: syle ishere To: Max Laier , Date: Tue, 6 Nov 2007 23:34:03 -0600 Importance: Normal In-Reply-To: <200711070422.48022.max@love2party.net> References: <200711070422.48022.max@love2party.net> MIME-Version: 1.0 X-OriginalArrivalTime: 07 Nov 2007 05:34:03.0719 (UTC) FILETIME=[CEBB4D70:01C820FF] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: RE: pflogd not logging certain rules X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Nov 2007 05:34:08 -0000 Your right, I had a rule up top , when I was testing from home, it passed m= e in and ignored all other rules which is exactly what I wanted. I tried from another IP on the internet and= the rule did in fact log.=20 Sorry for wasting time with this post. =20 This is excellent software, I've spent about 2 days now completely learning= it. I;ve read all the man pages, and different examples on the internet. =20 Here are some of my suggestions to make it even better or maybe you can sug= gest ways to do it: 2 points I have are: a) tcp.established definable on a per rule basis (why I say this is alot of= times you want to have a global value for the established timeout state, b= ut there are times that you;d like to say, not timeout your ssh session fro= m home for a week/month period) b) program interaction with a ruleset ( I beleive this one is what will mak= e any firewall rule all the other ones, a way to execute a program if a rul= eset returns TRUE.) Typical example, firewall matches one of your rules, ru= le returns true, executes a program where we can evaluate some conditions, = passing variables such as IP and PORT, program then executes pfclt to add t= hat IP to the table or anything else. =20 =20 Dan. =20 > From: max@love2party.net> To: freebsd-pf@freebsd.org> Subject: Re: pflogd= not logging certain rules> Date: Wed, 7 Nov 2007 04:22:41 +0100> CC: sylei= shere@hotmail.com> > On Wednesday 07 November 2007, syle ishere wrote:> > p= ass in log proto { tcp, udp } from any to $ext_if port { 21, 22 }> > flags = S/SA keep state \(max-src-conn 5, max-src-conn-rate 5/60,> > overload = flush global)> >> > I use the "pass in LOG" here and it does not log at al= l.> > I go connect to port 21 or 22 and watch logs and nothing.> > My other= logging rules do work for things like:> > pass in log proto tcp from any t= o $ext_if port 25 keep state> >> > So i know the logging actually does work= , but the first line does not,> > any ideas?> > Are you sure the rule is ev= en hit? Check with "pfctl -vvvsr" and look at > the match/packets/bytes cou= nters.> > -- > /"\ Best regards, | mlaier@freebsd.org> \ / Max Laier | ICQ = #67774661> X http://pf4freebsd.love2party.net/ | mlaier@EFnet> / \ ASCII Ri= bbon Campaign | Against HTML Mail and News _________________________________________________________________ Have fun while connecting on Messenger! Click here to learn more. http://entertainment.sympatico.msn.ca/WindowsLiveMessenger= From owner-freebsd-pf@FreeBSD.ORG Thu Nov 8 08:28:22 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9D7D816A468 for ; Thu, 8 Nov 2007 08:28:22 +0000 (UTC) (envelope-from mudassir@tseoman.com) Received: from mail.infosaic.com (infosaic.com [216.226.129.129]) by mx1.freebsd.org (Postfix) with ESMTP id 4953213C4C8 for ; Thu, 8 Nov 2007 08:28:21 +0000 (UTC) (envelope-from mudassir@tseoman.com) Received: from UnknownHost [85.154.8.18] by mail.infosaic.com with SMTP; Thu, 8 Nov 2007 01:53:17 -0500 Message-ID: <9FAFA056C1434FD8972FAF2CBBA6318F@AaliPC> From: "Mudassar Iqbal" To: In-Reply-To: 20070803073610.GA39968@quartzo.cirp.usp.br Date: Thu, 8 Nov 2007 10:48:10 +0400 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Windows Mail 6.0.6000.16386 X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16386 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Block WWW.ORKUT.COM X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Nov 2007 08:28:22 -0000 hi. can u plz help to block orkut with ISA server 2000 thnx From owner-freebsd-pf@FreeBSD.ORG Thu Nov 8 10:27:00 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5580816A41A for ; Thu, 8 Nov 2007 10:27:00 +0000 (UTC) (envelope-from tevans.uk@googlemail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.180]) by mx1.freebsd.org (Postfix) with ESMTP id 001D613C4B7 for ; Thu, 8 Nov 2007 10:26:59 +0000 (UTC) (envelope-from tevans.uk@googlemail.com) Received: by py-out-1112.google.com with SMTP id u77so236331pyb for ; Thu, 08 Nov 2007 02:26:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=beta; h=domainkey-signature:received:received:subject:from:to:cc:in-reply-to:references:content-type:date:message-id:mime-version:x-mailer; bh=v8z6RjnTDGfxmYU6SZQz+IO8oe186wHEC9HV5Y7NFzM=; b=EcHVof1JNPJPl5Vdf8szZUt0ntSBu/VqPCUwWCR1rUl1t3cRko+StCsxLqPyck7OWCIum8bDdzr7WQyX4ogxhsE3Zt9EdKbAvrpWCkr11ZyLr+FZFSpX4XOQacNgjYnNZVGPxsUidaNmdaj3jTBO/AurJ+ac6nswpkpuiq/s/UI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=beta; h=received:subject:from:to:cc:in-reply-to:references:content-type:date:message-id:mime-version:x-mailer; b=Z1zrqS4C35Q3VJ7C1I/Liop2+KX7bGsfmGfv9tP26EzY3HXgPg/eXfGwzyKLJFI4TS3IAwVWe2DeNE8O8VY4ch/StT3G0UH/QW3oQURNlN1h8TTv26Am8C/xVE2eDcHQ4Z7f/zkrrEKlaEOlvKhziqNBf/rnMVkMigbvAbPXQ6k= Received: by 10.64.250.7 with SMTP id x7mr4021163qbh.1194516047243; Thu, 08 Nov 2007 02:00:47 -0800 (PST) Received: from ?127.0.0.1? ( [217.206.187.79]) by mx.google.com with ESMTPS id 2sm518206nfv.2007.11.08.02.00.44 (version=SSLv3 cipher=RC4-MD5); Thu, 08 Nov 2007 02:00:45 -0800 (PST) From: Tom Evans To: Mudassar Iqbal In-Reply-To: <9FAFA056C1434FD8972FAF2CBBA6318F@AaliPC> References: <9FAFA056C1434FD8972FAF2CBBA6318F@AaliPC> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-YQFDHQcX/IFDhJOf9f7b" Date: Thu, 08 Nov 2007 10:00:43 +0000 Message-Id: <1194516043.64797.54.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.10.2 FreeBSD GNOME Team Port Cc: freebsd-pf@freebsd.org Subject: Re: Block WWW.ORKUT.COM X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Nov 2007 10:27:00 -0000 --=-YQFDHQcX/IFDhJOf9f7b Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 2007-11-08 at 10:48 +0400, Mudassar Iqbal wrote: > hi. > can u plz help to block orkut with ISA server 2000 > thnx I'm fairly sure Microsoft Windows Internet Security & Acceleration Server 2000 isn't based on FreeBSD, so no, can't really help :o --=-YQFDHQcX/IFDhJOf9f7b Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQBHMt5ClcRvFfyds/cRAqraAJ9V/mCooiDiMRuMS21pbA9SaijQ2wCfaa2E qwcJbrvXO4FFpHULzHyqyj0= =F50L -----END PGP SIGNATURE----- --=-YQFDHQcX/IFDhJOf9f7b-- From owner-freebsd-pf@FreeBSD.ORG Thu Nov 8 10:59:30 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2670D16A468 for ; Thu, 8 Nov 2007 10:59:30 +0000 (UTC) (envelope-from teklimbu@wlink.com.np) Received: from smtp5.wlink.com.np (smtp5.wlink.com.np [202.79.32.52]) by mx1.freebsd.org (Postfix) with SMTP id 5A3DA13C4F2 for ; Thu, 8 Nov 2007 10:59:26 +0000 (UTC) (envelope-from teklimbu@wlink.com.np) Received: (qmail 87418 invoked from network); 8 Nov 2007 10:25:32 -0000 Received: from unknown (HELO smtp2.wlink.com.np) (202.79.32.49) by 0 with SMTP; 8 Nov 2007 10:25:32 -0000 Received: (qmail 61615 invoked by uid 98); 8 Nov 2007 10:25:30 -0000 Received: from 202.79.36.7 by smtp2.wlink.com.np (envelope-from , uid 1010) with qmail-scanner-1.25 (clamdscan: 0.90.3/3492. Clear:RC:1(202.79.36.7):. Processed in 5.199302 secs); 08 Nov 2007 10:25:30 -0000 X-Qmail-Scanner-Mail-From: teklimbu@wlink.com.np via smtp2.wlink.com.np X-Qmail-Scanner: 1.25 (Clear:RC:1(202.79.36.7):. Processed in 5.199302 secs) Received: from [202.79.36.7] (HELO [202.79.36.7]) by smtp2.wlink.com.np (qmail-smtpd) with SMTP; 08 Nov 2007 10:25:18 -0000 (Thu, 08 Nov 2007 16:10:18 +0545) Message-ID: <4732E3F7.8090306@wlink.com.np> Date: Thu, 08 Nov 2007 16:09:55 +0545 From: Tek Bahadur Limbu User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: Mudassar Iqbal References: <9FAFA056C1434FD8972FAF2CBBA6318F@AaliPC> In-Reply-To: <9FAFA056C1434FD8972FAF2CBBA6318F@AaliPC> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Check-By: smtp2.wlink.com.np Spam: No ; 0.2 / 8.0 X-Spam-Status-WL: No, hits=0.2 required=8.0 Cc: freebsd-pf@freebsd.org Subject: Re: Block WWW.ORKUT.COM X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Nov 2007 10:59:30 -0000 Hi Mudassar, Mudassar Iqbal wrote: > hi. > can u plz help to block orkut with ISA server 2000 Consult the ISA server guide or install Squid in your Windows Server! > thnx > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > > > -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com From owner-freebsd-pf@FreeBSD.ORG Thu Nov 8 16:07:09 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DFCA416A420 for ; Thu, 8 Nov 2007 16:07:09 +0000 (UTC) (envelope-from balgaa@mongol.net) Received: from smtp.mobinet.mn (smtp.mobinet.mn [202.131.224.27]) by mx1.freebsd.org (Postfix) with SMTP id C86F713C4A3 for ; Thu, 8 Nov 2007 16:07:08 +0000 (UTC) (envelope-from balgaa@mongol.net) Received: (qmail 1489 invoked by uid 502); 8 Nov 2007 20:27:56 -0000 Received: from 202.131.245.202 by smtp.mobinet.mn (envelope-from , uid 92) with qmail-scanner-1.25-st-qms (clamdscan: 0.87/1082. spamassassin: 3.0.4. perlscan: 1.25-st-qms. Clear:RC:1(202.131.245.202):. Processed in 0.146442 secs); 08 Nov 2007 20:27:56 -0000 X-Antivirus-MOBINET-Mail-From: balgaa@mongol.net via smtp.mobinet.mn X-Antivirus-MOBINET: 1.25-st-qms (Clear:RC:1(202.131.245.202):. Processed in 0.146442 secs Process 1482) Received: from unknown (HELO balgaa) (202.131.245.202) by smtp.mobinet.mn with SMTP; 8 Nov 2007 20:27:55 -0000 Message-ID: <015301c8221f$68ebe600$c801000a@balgaa> From: "Balgansuren Batsukh" To: Date: Thu, 8 Nov 2007 23:52:15 +0800 Organization: Personal MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Bandwidth manager solution X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Balgansuren Batsukh List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Nov 2007 16:07:10 -0000 Hello All, Is there any hardware vendor suggest for me? I need to manage bandwidth management 1xSTM-1/OC3-2xSTM-1 optical IP=20 bandwidth circuit. Anyone has experience with www.etinc.com bandwidth manager? I saw others like Allot, Packeteer, Cisco SCE2000 only doing protocol,=20 service based bandwidth management using TCP rate limit, fair queueing. I am looking high performance bandwidth manager, traffic shaper for IP = core=20 network to configure leased line, xDSL, Ethernet, GPON/EPON, wireless=20 subscribers. Is there any FreeBSD based solution? Regards, Balgaa From owner-freebsd-pf@FreeBSD.ORG Thu Nov 8 16:34:27 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 48F2716A417 for ; Thu, 8 Nov 2007 16:34:27 +0000 (UTC) (envelope-from balgaa@mongol.net) Received: from smtp.mobinet.mn (smtp.mobinet.mn [202.131.224.27]) by mx1.freebsd.org (Postfix) with SMTP id 5D0F913C4D1 for ; Thu, 8 Nov 2007 16:34:25 +0000 (UTC) (envelope-from balgaa@mongol.net) Received: (qmail 1557 invoked by uid 502); 8 Nov 2007 16:34:18 -0000 Received: from 202.131.245.202 by smtp.mobinet.mn (envelope-from , uid 92) with qmail-scanner-1.25-st-qms (clamdscan: 0.87/1082. spamassassin: 3.0.4. perlscan: 1.25-st-qms. Clear:RC:1(202.131.245.202):. Processed in 0.249762 secs); 08 Nov 2007 16:34:18 -0000 X-Antivirus-MOBINET-Mail-From: balgaa@mongol.net via smtp.mobinet.mn X-Antivirus-MOBINET: 1.25-st-qms (Clear:RC:1(202.131.245.202):. Processed in 0.249762 secs Process 1550) Received: from unknown (HELO balgaa) (202.131.245.202) by smtp.mobinet.mn with SMTP; 8 Nov 2007 16:34:18 -0000 Message-ID: <019601c82225$32605ed0$c801000a@balgaa> From: "Balgansuren Batsukh" To: "Gregory Edigarov" , References: <015301c8221f$68ebe600$c801000a@balgaa> <4733370D.2010705@bestnet.kharkov.ua> Date: Fri, 9 Nov 2007 00:33:34 +0800 Organization: Personal MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 Cc: freebsd-pf@freebsd.org Subject: Re: Bandwidth manager solution X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Balgansuren Batsukh List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Nov 2007 16:34:27 -0000 What about performance of ipfw+dummynet and pf+altq? Is both handle FastEthernet and GigaEthernet traffic? I want to install several 100Mbps or 1Gbps NIC on one machine and to use it as bandwidth manager. Is it possible to mix different speed of NICs? Regards, Balgaa ----- Original Message ----- From: "Gregory Edigarov" To: "Balgansuren Batsukh" Cc: Sent: Friday, November 09, 2007 12:19 AM Subject: Re: Bandwidth manager solution > Balgansuren Batsukh wrote: >> Hello All, >> >> Is there any hardware vendor suggest for me? >> >> I need to manage bandwidth management 1xSTM-1/OC3-2xSTM-1 optical IP >> bandwidth circuit. >> >> Anyone has experience with www.etinc.com bandwidth manager? >> >> I saw others like Allot, Packeteer, Cisco SCE2000 only doing protocol, >> service based bandwidth management using TCP rate limit, fair queueing. >> >> I am looking high performance bandwidth manager, traffic shaper for IP >> core network to configure leased line, xDSL, Ethernet, GPON/EPON, >> wireless subscribers. >> >> Is there any FreeBSD based solution? >> > Uhmmm. Well. Does 'ipfw pipe' or pf altq enoug freebsd based solution? ;-) > > -- > With best regards, > Gregory Edigarov > > > > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: > 269.15.24/1117 - Release Date: 11/7/2007 10:52 PM > > From owner-freebsd-pf@FreeBSD.ORG Thu Nov 8 16:50:05 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BD50F16A420 for ; Thu, 8 Nov 2007 16:50:05 +0000 (UTC) (envelope-from greg@bestnet.kharkov.ua) Received: from relay.bestnet.ua (relay.bestnet.ua [193.124.57.92]) by mx1.freebsd.org (Postfix) with ESMTP id 6CCF813C4B5 for ; Thu, 8 Nov 2007 16:50:04 +0000 (UTC) (envelope-from greg@bestnet.kharkov.ua) Received: from relay.bestnet.ua (db.bestnet.ua [127.0.0.1]) by relay.bestnet.ua (Postfix) with ESMTP id 584BFC003; Thu, 8 Nov 2007 18:19:28 +0200 (EET) Received: from [80.92.224.11] (greg.bestnet.kharkov.ua [80.92.224.11]) by relay.bestnet.ua (Postfix) with ESMTP id 346FBC001; Thu, 8 Nov 2007 18:19:27 +0200 (EET) Message-ID: <4733370D.2010705@bestnet.kharkov.ua> Date: Thu, 08 Nov 2007 18:19:25 +0200 From: Gregory Edigarov User-Agent: Thunderbird 1.5.0.7 (X11/20061027) MIME-Version: 1.0 To: Balgansuren Batsukh References: <015301c8221f$68ebe600$c801000a@balgaa> In-Reply-To: <015301c8221f$68ebe600$c801000a@balgaa> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP Cc: freebsd-pf@freebsd.org Subject: Re: Bandwidth manager solution X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Nov 2007 16:50:05 -0000 Balgansuren Batsukh wrote: > Hello All, > > Is there any hardware vendor suggest for me? > > I need to manage bandwidth management 1xSTM-1/OC3-2xSTM-1 optical IP > bandwidth circuit. > > Anyone has experience with www.etinc.com bandwidth manager? > > I saw others like Allot, Packeteer, Cisco SCE2000 only doing protocol, > service based bandwidth management using TCP rate limit, fair queueing. > > I am looking high performance bandwidth manager, traffic shaper for IP core > network to configure leased line, xDSL, Ethernet, GPON/EPON, wireless > subscribers. > > Is there any FreeBSD based solution? > Uhmmm. Well. Does 'ipfw pipe' or pf altq enoug freebsd based solution? ;-) -- With best regards, Gregory Edigarov From owner-freebsd-pf@FreeBSD.ORG Thu Nov 8 17:01:51 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 93A2416A417 for ; Thu, 8 Nov 2007 17:01:51 +0000 (UTC) (envelope-from sp@sde.ru) Received: from mail.sde.ru (mail.sde.ru [62.117.90.129]) by mx1.freebsd.org (Postfix) with ESMTP id 4AC4C13C4A5 for ; Thu, 8 Nov 2007 17:01:51 +0000 (UTC) (envelope-from sp@sde.ru) From: "Sergey A. Prisada" To: freebsd-pf@freebsd.org Date: Thu, 8 Nov 2007 19:42:02 +0300 User-Agent: KMail/1.9.6 (enterprise 0.20070907.709405) References: <9FAFA056C1434FD8972FAF2CBBA6318F@AaliPC> In-Reply-To: <9FAFA056C1434FD8972FAF2CBBA6318F@AaliPC> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3647772.WhDecBu2Oo"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200711081942.07539.sp@sde.ru> Subject: Re: Block WWW.ORKUT.COM X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Nov 2007 17:01:51 -0000 --nextPart3647772.WhDecBu2Oo Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline =F7 =D3=CF=CF=C2=DD=C5=CE=C9=C9 =CF=D4 Thursday 08 November 2007 Mudassar I= qbal =CE=C1=D0=C9=D3=C1=CC(a): > hi. > can u plz help to block orkut with ISA server 2000 > thnx > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" saboteur :))) =2D-=20 WBR, Sergey sp@sde.ru --nextPart3647772.WhDecBu2Oo Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQBHMzxfVhGzXKDXfYERAgsUAKCEDBaJxZng6D77cQlXuQgDb902tACePRIq 7Zl2zFqAoAJNWI1aBpbJLG4= =+SR0 -----END PGP SIGNATURE----- --nextPart3647772.WhDecBu2Oo-- From owner-freebsd-pf@FreeBSD.ORG Thu Nov 8 20:19:56 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C46CF16A417 for ; Thu, 8 Nov 2007 20:19:56 +0000 (UTC) (envelope-from pyueshd@b2e.co.za) Received: from canit02.b2e.co.za (filtermx5.b2e.co.za [196.3.168.6]) by mx1.freebsd.org (Postfix) with ESMTP id DE0B713C4A6 for ; Thu, 8 Nov 2007 20:19:55 +0000 (UTC) (envelope-from pyueshd@b2e.co.za) Received: from b2ecgp.b2e.co.za ([172.31.252.253]) by canit02.b2e.co.za (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id lA8JuwZM022141 for ; Thu, 8 Nov 2007 21:57:00 +0200 Received: from [196.209.203.84] (account pyueshd@b2e.co.za HELO [192.168.1.100]) by b2ecgp.b2e.co.za (CommuniGate Pro SMTP 5.1.12) with ESMTPSA id 808720 for freebsd-pf@freebsd.org; Thu, 08 Nov 2007 21:57:51 +0200 Message-ID: <47336A25.1070207@b2e.co.za> Date: Thu, 08 Nov 2007 21:57:25 +0200 From: Pyuesh Daya Organization: Beginning 2 End Technologies (Pty) Ltd User-Agent: Thunderbird 2.0.0.6 (X11/20071022) MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Canit-CHI2: 0.00 X-Bayes-Prob: 0.0001 (Score 0, tokens from: @@RPTN, default) X-Spam-Score: 0.00 () [Tag at 6.50] X-CanItPRO-Stream: default X-Canit-Stats-ID: 685832 - a3e1d98a1d5e X-Antispam-Training-Forget: http://spamfilter.b2e.co.za/canit/b.php?i=685832&m=a3e1d98a1d5e&c=f X-Antispam-Training-Nonspam: http://spamfilter.b2e.co.za/canit/b.php?i=685832&m=a3e1d98a1d5e&c=n X-Antispam-Training-Spam: http://spamfilter.b2e.co.za/canit/b.php?i=685832&m=a3e1d98a1d5e&c=s X-Scanned-By: CanIt (www . roaringpenguin . com) on 192.168.20.133 Subject: pflog reporting X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: pyueshd@b2e.co.za List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Nov 2007 20:19:56 -0000 Hi Guys Is there a simple tools which can analyse and reports on the pflog file. I'm looking for something that works with FreeBSD and something according to the lines of logwatch or fwlogwatch. -- Regards Pyuesh Daya Beginning 2 End Technologies (Pty) Ltd Tel : +27 861 223 223 Fax : +27 866 741 600 Cell: +27 82 777 9983 E-Mail: pyueshd@b2e.co.za WebSite: http://www.b2e.co.za From owner-freebsd-pf@FreeBSD.ORG Thu Nov 8 23:44:00 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1430616A419 for ; Thu, 8 Nov 2007 23:44:00 +0000 (UTC) (envelope-from reed@reedmedia.net) Received: from c-0500.emailmediator.com (c-0500.emailmediator.com [64.85.162.118]) by mx1.freebsd.org (Postfix) with ESMTP id D429C13C4A3 for ; Thu, 8 Nov 2007 23:43:59 +0000 (UTC) (envelope-from reed@reedmedia.net) Received: from pool-71-170-114-32.dllstx.fios.verizon.net ([71.170.114.32] helo=reedmedia.net) by c-0500.emailmediator.com with esmtpa (Exim 4.67) (envelope-from ) id 1IqG9t-00000j-1X; Thu, 08 Nov 2007 17:47:33 -0500 Received: from reed@reedmedia.net by reedmedia.net with local (mailout 0.17) id 8892-1194562048; Thu, 08 Nov 2007 16:47:29 -0600 Date: Thu, 8 Nov 2007 16:47:28 -0600 (CST) From: "Jeremy C. Reed" To: Pyuesh Daya In-Reply-To: <47336A25.1070207@b2e.co.za> Message-ID: References: <47336A25.1070207@b2e.co.za> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-pf@freebsd.org Subject: Re: pflog reporting X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Nov 2007 23:44:00 -0000 On Thu, 8 Nov 2007, Pyuesh Daya wrote: > Is there a simple tools which can analyse and reports on the pflog file. > I'm looking for something that works with FreeBSD and something > according to the lines of logwatch or fwlogwatch. I don't know if any of the following do what you want, but have a look: http://tud.at/programm/fwanalog/ ports/security/fwanalog http://www.dixongroup.net/hatchet/ http://www.securityoffice.net/products/metacortex/ https://www.solarflux.org/pf/pf2mrtg.sh.txt http://craz1.homelinux.com/#pf2x http://team.gcu-squad.org/~aflab/projects/pfsysinfo/ does "log analysis" Jeremy C. Reed p.s. This was from the PF Packet Filter Book appendix. http://www.amazon.com/OpenBSD-PF-Packet-Filter-Book/dp/0979034205 From owner-freebsd-pf@FreeBSD.ORG Fri Nov 9 01:12:09 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0A34C16A417 for ; Fri, 9 Nov 2007 01:12:09 +0000 (UTC) (envelope-from rmaglasang@infoweapons.com) Received: from ironmail.infoweapons.com (ironmail.infoweapons.com [58.71.34.140]) by mx1.freebsd.org (Postfix) with ESMTP id 2579313C4A6 for ; Fri, 9 Nov 2007 01:12:07 +0000 (UTC) (envelope-from rmaglasang@infoweapons.com) Received: (qmail 68369 invoked by uid 98); 9 Nov 2007 00:45:17 -0000 Received: from 10.3.1.41 by ironmail.cebu.infoweapons.com (envelope-from , uid 82) with qmail-scanner-1.25 (clamdscan: 0.86.1/959. spamassassin: 3.0.4. Clear:RC:1(10.3.1.41):. Processed in 0.124556 secs); 09 Nov 2007 00:45:17 -0000 X-Qmail-Scanner-Mail-From: rmaglasang@infoweapons.com via ironmail.cebu.infoweapons.com X-Qmail-Scanner: 1.25 (Clear:RC:1(10.3.1.41):. Processed in 0.124556 secs) Received: from unknown (HELO ?10.3.1.41?) (10.3.1.41) by ironmail.infoweapons.com with AES256-SHA encrypted SMTP; 9 Nov 2007 00:45:16 -0000 Message-ID: <4733A9D1.2080406@infoweapons.com> Date: Fri, 09 Nov 2007 08:29:05 +0800 From: "Ronnel P. Maglasang" User-Agent: Thunderbird 1.5 (X11/20060613) MIME-Version: 1.0 To: Balgansuren Batsukh References: <015301c8221f$68ebe600$c801000a@balgaa> In-Reply-To: <015301c8221f$68ebe600$c801000a@balgaa> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms040101020403070502010403" Cc: freebsd-pf@freebsd.org Subject: Re: Bandwidth manager solution X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Nov 2007 01:12:09 -0000 This is a cryptographically signed message in MIME format. --------------ms040101020403070502010403 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Balgansuren Batsukh wrote: > Hello All, > > Is there any hardware vendor suggest for me? > > I need to manage bandwidth management 1xSTM-1/OC3-2xSTM-1 optical IP > bandwidth circuit. > > Anyone has experience with www.etinc.com bandwidth manager? > > I saw others like Allot, Packeteer, Cisco SCE2000 only doing protocol, > service based bandwidth management using TCP rate limit, fair queueing. > > I am looking high performance bandwidth manager, traffic shaper for IP core > network to configure leased line, xDSL, Ethernet, GPON/EPON, wireless > subscribers. > > Is there any FreeBSD based solution? > > > (PF) + ALTQ + HFSC should do it for you. --------------ms040101020403070502010403 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJJzCC Au4wggJXoAMCAQICEAu/SDiU2iBCvVIhUs/w2UcwDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UE BhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA3MTAxNTAwNTc1NloX DTA4MTAxNDAwNTc1NlowTDEfMB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEpMCcG CSqGSIb3DQEJARYacm1hZ2xhc2FuZ0BpbmZvd2VhcG9ucy5jb20wggEiMA0GCSqGSIb3DQEB AQUAA4IBDwAwggEKAoIBAQDRRLPsALDKEs3TQzU0eDChMYbbwnAaQMAWe8Pwu8d3M2gii7yL 3BgWRPlqHQq2Fg5OPHB6NhkWlHyLIMLSnAxvdTSF6iVGvUUp2FG57hv5fA0P7Vw/9CqQ48U8 15QRkoRa0FcJ3IgRn/S4UW2tCV24JwU+kuswho9bkfUU5YcW0rnTcbpD8MuTV2FGzyzpJGu0 mZjgnv3+SbeidbjFNqzpdKERavnTbatLLzb3KIt5t5Lb1hTxVAdU3poiU3+ZIkBEpTFo4ZZh z+bpeJ17xMHo+jYUS21Nofe9zFYOX1IxJSVyiO1TABRiZe/X49xKRtrdPszjxhY5N2H5qu0h d9rxAgMBAAGjNzA1MCUGA1UdEQQeMByBGnJtYWdsYXNhbmdAaW5mb3dlYXBvbnMuY29tMAwG A1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADgYEAHMrh2u0k50O3mgk4HUS+sYT52S02cK2c 4LD3YZIZnC32hNKgSWNoyoTUjstPtzJG6D9QlSpVn9o0QtJOVAuUJUTrEKnEVCclRxunYRAi DzdwJekW1af3SaxviVHWjqUTf4/aVo/8iUIzpBVotvykg/H/ZIUZhhzTeuUmih5ikDYwggLu MIICV6ADAgECAhALv0g4lNogQr1SIVLP8NlHMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNVBAYT AlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNU aGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTAeFw0wNzEwMTUwMDU3NTZaFw0w ODEwMTQwMDU3NTZaMEwxHzAdBgNVBAMTFlRoYXd0ZSBGcmVlbWFpbCBNZW1iZXIxKTAnBgkq hkiG9w0BCQEWGnJtYWdsYXNhbmdAaW5mb3dlYXBvbnMuY29tMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEA0USz7ACwyhLN00M1NHgwoTGG28JwGkDAFnvD8LvHdzNoIou8i9wY FkT5ah0KthYOTjxwejYZFpR8iyDC0pwMb3U0heolRr1FKdhRue4b+XwND+1cP/QqkOPFPNeU EZKEWtBXCdyIEZ/0uFFtrQlduCcFPpLrMIaPW5H1FOWHFtK503G6Q/DLk1dhRs8s6SRrtJmY 4J79/km3onW4xTas6XShEWr5022rSy829yiLebeS29YU8VQHVN6aIlN/mSJARKUxaOGWYc/m 6Xide8TB6Po2FEttTaH3vcxWDl9SMSUlcojtUwAUYmXv1+PcSkba3T7M48YWOTdh+artIXfa 8QIDAQABozcwNTAlBgNVHREEHjAcgRpybWFnbGFzYW5nQGluZm93ZWFwb25zLmNvbTAMBgNV HRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUAA4GBABzK4drtJOdDt5oJOB1EvrGE+dktNnCtnOCw 92GSGZwt9oTSoEljaMqE1I7LT7cyRug/UJUqVZ/aNELSTlQLlCVE6xCpxFQnJUcbp2EQIg83 cCXpFtWn90msb4lR1o6lE3+P2laP/IlCM6QVaLb8pIPx/2SFGYYc03rlJooeYpA2MIIDPzCC AqigAwIBAgIBDTANBgkqhkiG9w0BAQUFADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdl c3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3Vs dGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UE AxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25h bC1mcmVlbWFpbEB0aGF3dGUuY29tMB4XDTAzMDcxNzAwMDAwMFoXDTEzMDcxNjIzNTk1OVow YjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4x LDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMIGfMA0GCSqG SIb3DQEBAQUAA4GNADCBiQKBgQDEpjxVc1X7TrnKmVoeaMB1BHCd3+n/ox7svc31W/Iadr1/ DDph8r9RzgHU5VAKMNcCY1osiRVwjt3J8CuFWqo/cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+ K/67GD4Hv0CAAmTXp6a7n2XRxSpUhQ9IBH+nttE8YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIG A1UdEwEB/wQIMAYBAf8CAQAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC50aGF3dGUu Y29tL1RoYXd0ZVBlcnNvbmFsRnJlZW1haWxDQS5jcmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQi MCCkHjAcMRowGAYDVQQDExFQcml2YXRlTGFiZWwyLTEzODANBgkqhkiG9w0BAQUFAAOBgQBI jNFQg+oLLswNo2asZw9/r6y+whehQ5aUnX9MIbj4Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZ foSxmRsAxRoLgnSeJVCUYsfbJ3FXJY3dqZw5jowgT2Vfldr394fWxghOrvbqNOUQGls1TXfj ViF4gtwhGTXeJLHTHUb/XV9lTzGCA2QwggNgAgEBMHYwYjELMAkGA1UEBhMCWkExJTAjBgNV BAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJz b25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAhALv0g4lNogQr1SIVLP8NlHMAkGBSsOAwIaBQCg ggHDMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA3MTEwOTAw MjkwNVowIwYJKoZIhvcNAQkEMRYEFIvaSAjCIhIZD3ifVIQYo6LQPmHJMFIGCSqGSIb3DQEJ DzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsO AwIHMA0GCCqGSIb3DQMCAgEoMIGFBgkrBgEEAYI3EAQxeDB2MGIxCzAJBgNVBAYTAlpBMSUw IwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUg UGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQC79IOJTaIEK9UiFSz/DZRzCBhwYLKoZI hvcNAQkQAgsxeKB2MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGlu ZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWlu ZyBDQQIQC79IOJTaIEK9UiFSz/DZRzANBgkqhkiG9w0BAQEFAASCAQC27Ir8PXq3CRoSzfS6 bdvc0CWApWAwE2wekomsOCG+CErQncPD1avjBkJek34QdQfJe3Suc+b2lX72jJBk4Ebuh6Px 2V93lzgixLlg+aj0MSJ2PjJf98glv8ZYp9IM1+GHBRJr1fE7Jh0NJkC6tlyG13UFeHVI18jv Q7zOL08JRQdco1ndGWLt9Uec6rbWEnZhZCUu0aUlo9dMv71Bw6lLH7uBYiPUXw9wG6gMzha9 NWRK5p8c7EijlfKRJ+WV9gD1u3UdID6bho8HSTF1G7XUftSThnJI3fEjrjjFg8e8AByGIjEi rNVzbqUssVb9YP18ZZTegAbYv67nuPwApwRAAAAAAAAA --------------ms040101020403070502010403-- From owner-freebsd-pf@FreeBSD.ORG Fri Nov 9 09:38:46 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 347F716A420 for ; Fri, 9 Nov 2007 09:38:46 +0000 (UTC) (envelope-from rednikov@riss-telecom.ru) Received: from sva.riss-telecom.ru (sva.riss-telecom.ru [80.66.65.9]) by mx1.freebsd.org (Postfix) with SMTP id 2FC1113C49D for ; Fri, 9 Nov 2007 09:38:44 +0000 (UTC) (envelope-from rednikov@riss-telecom.ru) Received: (qmail 48381 invoked from network); 9 Nov 2007 09:11:44 -0000 Received: from unknown (HELO buh-sw.office.riss-telecom.ru) (10.10.15.10) by sva.office.riss-telecom.ru with SMTP; 9 Nov 2007 09:11:44 -0000 From: Krasnov Andrey Organization: riss-telecom To: freebsd-pf@freebsd.org Date: Fri, 9 Nov 2007 15:11:28 +0600 User-Agent: KMail/1.9.7 MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200711091511.28593.rednikov@riss-telecom.ru> Subject: pfctl: DIOCADDALTQ: Cannot allocate memory X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Nov 2007 09:38:46 -0000 Hello. pfctl-f/etc/pf.conf pfctl: DIOCADDALTQ: Cannot allocate memory In /etc/pf.conf about 100 hfsc queues... Has seen a branch http: // lists.freebsd.org/mailman/htdig/freebsd-pf/2005-December/001771.html Has executed all as there it is told. To be exact in files /usr/include/altq/altq_hfsc.h /usr/src/sbin/pfctl/missing/altq/altq_hfsc.h /usr/src/sys/contrib/altq/altq/altq_hfsc.h has changed a line #define HFSC_MAX_CLASSES 64 on #define HFSC_MAX_CLASSES 1024 and rebuild a kernel. The result is not present... Excuse for bad English. From owner-freebsd-pf@FreeBSD.ORG Fri Nov 9 14:43:05 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2C11C16A468 for ; Fri, 9 Nov 2007 14:43:05 +0000 (UTC) (envelope-from nikky@mnet.bg) Received: from home.mnet.bg (home.mnet.bg [84.43.191.2]) by mx1.freebsd.org (Postfix) with ESMTP id 8861013C494 for ; Fri, 9 Nov 2007 14:43:04 +0000 (UTC) (envelope-from nikky@mnet.bg) Received: from localhost (localhost [127.0.0.1]) by home.mnet.bg (Postfix) with ESMTP id 1DCAB832B4; Fri, 9 Nov 2007 16:24:27 +0200 (EET) X-Virus-Scanned: Debian amavisd-new at mnet.bg Received: from home.mnet.bg ([127.0.0.1]) by localhost (mail.mnet.bg [127.0.0.1]) (amavisd-new, port 10024) with LMTP id HTlAk+LcO1dc; Fri, 9 Nov 2007 16:24:22 +0200 (EET) Received: from orange.mnet.bg (orange.mnet.bg [84.43.191.120]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by home.mnet.bg (Postfix) with ESMTP id 625B28331D; Fri, 9 Nov 2007 16:24:22 +0200 (EET) Date: Fri, 9 Nov 2007 16:24:19 +0200 From: Nickola Kolev To: Gregory Edigarov Message-Id: <20071109162419.ab37c614.nikky@mnet.bg> In-Reply-To: <4733370D.2010705@bestnet.kharkov.ua> References: <015301c8221f$68ebe600$c801000a@balgaa> <4733370D.2010705@bestnet.kharkov.ua> Organization: MNET X-Mailer: Sylpheed 2.4.7 (GTK+ 2.12.1; i486-pc-linux-gnu) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="PGP-SHA1"; boundary="Signature=_Fri__9_Nov_2007_16_24_19_+0200_oRcwUF208ms9TUIy" Cc: Balgansuren Batsukh , freebsd-pf@freebsd.org Subject: Re: Bandwidth manager solution X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Nov 2007 14:43:05 -0000 --Signature=_Fri__9_Nov_2007_16_24_19_+0200_oRcwUF208ms9TUIy Content-Type: text/plain; charset=UTF-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello, =D0=9D=D0=B0 Thu, 08 Nov 2007 18:19:25 +0200 Gregory Edigarov =D0=BD=D0=B0=D0=BF=D0=B8=D1=81= =D0=B0: > Balgansuren Batsukh wrote: > > Hello All, > > > > Is there any hardware vendor suggest for me? > > > > I need to manage bandwidth management 1xSTM-1/OC3-2xSTM-1 optical > > IP bandwidth circuit. > > > > Anyone has experience with www.etinc.com bandwidth manager? > > > > I saw others like Allot, Packeteer, Cisco SCE2000 only doing > > protocol, service based bandwidth management using TCP rate limit, > > fair queueing. > > > > I am looking high performance bandwidth manager, traffic shaper for > > IP core network to configure leased line, xDSL, Ethernet, > > GPON/EPON, wireless subscribers. > > > > Is there any FreeBSD based solution? > > =20 > Uhmmm. Well. Does 'ipfw pipe' or pf altq enoug freebsd based > solution? ;-) IPFW is a mere traffic shaper, and not a traffic control solution. Will pf/altq be flexible enough with its limit of 64 classes? --=20 Regards, Nickola Kolev --Signature=_Fri__9_Nov_2007_16_24_19_+0200_oRcwUF208ms9TUIy Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHNG2W/g+8nwXNejkRAhR+AJkBPY/moWBf9huX3/3Il4eMnZ8PtwCfW98f iWr2+o/+41g/WvZ0aEXQKco= =NiDZ -----END PGP SIGNATURE----- --Signature=_Fri__9_Nov_2007_16_24_19_+0200_oRcwUF208ms9TUIy-- From owner-freebsd-pf@FreeBSD.ORG Fri Nov 9 19:30:23 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 94DDC16A4C0 for ; Fri, 9 Nov 2007 19:30:23 +0000 (UTC) (envelope-from bounces@nabble.com) Received: from kuber.nabble.com (kuber.nabble.com [216.139.236.158]) by mx1.freebsd.org (Postfix) with ESMTP id 908C713C4B8 for ; Fri, 9 Nov 2007 19:30:23 +0000 (UTC) (envelope-from bounces@nabble.com) Received: from isper.nabble.com ([192.168.236.156]) by kuber.nabble.com with esmtp (Exim 4.63) (envelope-from ) id 1IqZYT-0001ku-NU for freebsd-pf@freebsd.org; Fri, 09 Nov 2007 11:30:13 -0800 Message-ID: <13673552.post@talk.nabble.com> Date: Fri, 9 Nov 2007 11:30:13 -0800 (PST) From: Umar To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Nabble-From: unix.co@gmail.com Subject: VPN Routing X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Nov 2007 19:30:23 -0000 Dear All! I have installed openvpn on FreeBSD 6.2. My Localnetwork is 192.168.1.0/24 My VPN Network is 10.0.0.0/24 Now I want my VPN Network also access my Local Network so please tell me how i can do it with pf. Regards, Umar Draz -- View this message in context: http://www.nabble.com/VPN-Routing-tf4779599.html#a13673552 Sent from the freebsd-pf mailing list archive at Nabble.com.