i am running nat on my freeBSD and web/ftp server.
The rule allow ip from any to any must always be? or how? if i accept all packets to go on my ep0 which diverts all to my intranet it doesnt help, must the rule allow ip from any to any always be ?
even if many rules are between divert rule and... (3 Replies)
Is there a general rule I can apply when examining/editing ipfw entries?
Also, does each new entry have to have a unique rule number?
And, I think I can write a script to block code red infected machines (though I'm not sure it would do more than slim down my web server error message log),... (0 Replies)
just as the title says.
thanks.
#General Rule Sets
/sbin/ipfw add 0300 check-state
/sbin/ipfw add 0301 deny tcp from any to any in established
/sbin/ipfw add 0302 pass tcp from any to any out setup keep-state
/sbin/ipfw add 0303 pass udp from any to any out
#SSH FTP
/sbin/ipfw add 0400... (11 Replies)
Hi folks,
I am a Mac User, and have little knowledge on IPFW.
I have a set up at home where my computer (with 2 ethernet cards and static IP adresses) serves Internet to my family's computers.
I have already a script that will run automatically at login and called from Cron at certain... (2 Replies)
Here's the problem: Some email-service providers (like
Google) have more than one server and distribute the load such that, e.g. the incoming mail server imap.gmail.com is assigned to more than one IP-address.
With stateful rules, the ipfw firewall correctly allows outgoing packages to one of... (1 Reply)
Hi!
I've already posted this on the freebsd-questions mailing list, but I thought I could try it here too.
I'm using FreeBSD 7.0 with IPFW DUMMYNET enabled.
I've got a problem with creating a ruleset, which allows me to limit the overall bandwidth of a link and afterwards pass the packets... (0 Replies)
Hello,
I have a little problem with my server configuration.
So: I have two PC's with DHCP enable and both of them have two NIC's.
PC1 - le0 ADSL
PC1 - le1 192.168.10.1
PC2 - le0 192.168.10.10
PC2 - le1 192.168.20.1
One NIC on PC1 is connected to ADSL, another one have IP address... (3 Replies)
Hello, excuse my English. Please could tell me how I can pass this syntax for iptables to ipfw.
iptables -A OUTPUT -p tcp --dport 80 -m state --state NEW -m recent
--set --name thor --rdest -j ACCEPT
iptables -A INPUT -p tcp -m tcp --tcp-flag RST RST -m state --state
ESTABLISHED -m recent... (0 Replies)
Hello,
This is an SSH Block hammer script using ipfw, that I have modified for my own use. It is for a freenas 7.2 box which is FreeBSD based.
The script works, but if there is more then one hammer attack per day, my issue is the script reads the first five instances of refused or invalid... (2 Replies)
Under Mountain Lion, I want logs from ipfw sent to ipfw.log instead of dumped in system.log I've tried to figure out how OSX handles logs, but... after going back and forth between a syslog.conf which does little if anything, a newsyslog.conf that seems to only handle rotation, an asl.conf that... (3 Replies)
Discussion started by: jnojr
3 Replies
LEARN ABOUT OPENSOLARIS
txp
TXP(4) BSD Kernel Interfaces Manual TXP(4)NAME
txp -- 3Com 3XP Typhoon/Sidewinder (3CR990) Ethernet interface
SYNOPSIS
To compile this driver into the kernel, place the following line in your kernel configuration file:
device txp
Alternatively, to load the driver as a module at boot time, place the following line in loader.conf(5):
if_txp_load="YES"
DESCRIPTION
The txp interface provides access to the 10Mb/s and 100Mb/s Ethernet networks via the 3Com Typhoon/Sidewinder chipset.
Basic Ethernet functions are provided as well as support for vlan(4) tag removal and insertion assistance, receive ip(4), tcp(4), and udp(4)
checksum offloading, and transmit ip(4) checksum offloading. There is currently no support for transmit tcp(4) or udp(4) checksum offload-
ing, tcp(4) segmentation, nor ipsec(4) acceleration.
Each of the host's network addresses is specified at boot time with an SIOCSIFADDR ioctl(2). The txp interface employs the address resolu-
tion protocol described in arp(4) to dynamically map between Internet and Ethernet addresses on the local network.
When a txp interface is brought up, by default, it will attempt to auto-negotiate the link speed and duplex mode. The speeds, in order of
attempt, are: 100Mb/s Full Duplex, 100Mb/s Half Duplex, 10 Mb/s Full Duplex, and 10 Mb/s Half Duplex.
The txp supports several media types, which are selected via the ifconfig(8) command. The supported media types are:
media autoselect
Attempt to autoselect the media type (default)
media 100baseTX mediaopt full-duplex
Use 100baseTX, full duplex
media 100baseTX [mediaopt half-duplex]
Use 100baseTX, half duplex
media 10baseT mediaopt full-duplex
Use 10baseT, full duplex
media 10baseT [mediaopt half-duplex]
Use 10baseT, half duplex
HARDWARE
The txp driver supports the following cards:
o 3Com 3CR990-TX-95
o 3Com 3CR990-TX-97
o 3Com 3cR990B-TXM
o 3Com 3CR990SVR95
o 3Com 3CR990SVR97
o 3Com 3cR990B-SRV
SEE ALSO altq(4), arp(4), inet(4), intro(4), ip(4), miibus(4), tcp(4), udp(4), vlan(4), ifconfig(8)HISTORY
The txp driver first appeared in OpenBSD 2.9.
BSD March 12, 2009 BSD