Search Results

Search found 8 results on 1 pages for 'polemon'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 1/1 | 1 

  • Help me upgrade my pf.conf for OpenBSD 4.7

    - by polemon
    I'm planning on upgrading my OpenBSD to 4.7 (from 4.6) and as you may or may not know, they changed the syntax for pf.conf. This is the relevant portion from the upgrade guide: pf(4) NAT syntax change As described in more detail in this mailing list post, PF's separate nat/rdr/binat (translation) rules have been replaced with actions on regular match/filter rules. Simple rulesets may be converted like this: nat on $ext_if from 10/8 -> ($ext_if) rdr on $ext_if to ($ext_if) -> 1.2.3.4 becomes match out on $ext_if from 10/8 nat-to ($ext_if) match in on $ext_if to ($ext_if) rdr-to 1.2.3.4 and... binat on $ext_if from $web_serv_int to any -> $web_serv_ext becomes match on $ext_if from $web_serv_int to any binat-to $web_serv_ext nat-anchor and/or rdr-anchor lines, e.g. for relayd(8), ftp-proxy(8) and tftp-proxy(8), are no longer used and should be removed from pf.conf(5), leaving only the anchor lines. Translation rules relating to these and spamd(8) will need to be adjusted as appropriate. N.B.: Previously, translation rules had "stop at first match" behaviour, with binat being evaluated first, followed by nat/rdr depending on direction of the packet. Now the filter rules are subject to the usual "last match" behaviour, so care must be taken with rule ordering when converting. pf(4) route-to/reply-to syntax change The route-to, reply-to, dup-to and fastroute options in pf.conf move to filteropts; pass in on $ext_if route-to (em1 192.168.1.1) from 10.1.1.1 pass in on $ext_if reply-to (em1 192.168.1.1) to 10.1.1.1 becomes pass in on $ext_if from 10.1.1.1 route-to (em1 192.168.1.1) pass in on $ext_if to 10.1.1.1 reply-to (em1 192.168.1.1) Now, this is my current pf.conf: # $OpenBSD: pf.conf,v 1.38 2009/02/23 01:18:36 deraadt Exp $ # # See pf.conf(5) for syntax and examples; this sample ruleset uses # require-order to permit mixing of NAT/RDR and filter rules. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. ext_if="pppoe0" int_if="nfe0" int_net="192.168.0.0/24" polemon="192.168.0.10" poletopw="192.168.0.12" segatop="192.168.0.20" table <leechers> persist set loginterface $ext_if set skip on lo match on $ext_if all scrub (no-df max-mss 1440) altq on $ext_if priq bandwidth 950Kb queue {q_pri, q_hi, q_std, q_low} queue q_pri priority 15 queue q_hi priority 10 queue q_std priority 7 priq(default) queue q_low priority 0 nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" nat on $ext_if from !($ext_if) -> ($ext_if) rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021 rdr pass on $ext_if proto tcp to port 2080 -> $segatop port 80 rdr pass on $ext_if proto tcp to port 2022 -> $segatop port 22 rdr pass on $ext_if proto tcp to port 4000 -> $polemon port 4000 rdr pass on $ext_if proto tcp to port 6600 -> $polemon port 6600 anchor "ftp-proxy/*" block pass on $int_if queue(q_hi, q_pri) pass out on $ext_if queue(q_std, q_pri) pass out on $ext_if proto icmp queue q_pri pass out on $ext_if proto {tcp, udp} to any port ssh queue(q_hi, q_pri) pass out on $ext_if proto {tcp, udp} to any port http queue(q_std, q_pri) #pass out on $ext_if proto {tcp, udp} all queue(q_low, q_hi) pass out on $ext_if proto {tcp, udp} from <leechers> queue(q_low, q_std) pass in on $ext_if proto tcp to ($ext_if) port ident queue(q_hi, q_pri) pass in on $ext_if proto tcp to ($ext_if) port ssh queue(q_hi, q_pri) pass in on $ext_if proto tcp to ($ext_if) port http queue(q_hi, q_pri) pass in on $ext_if inet proto icmp all icmp-type echoreq queue q_pri If someone has experience with porting the 4.6 pf.conf to 4.7, please help me do the correct changes. OK, this is how far I've got: I commented out nat-anchor and rdr-anchor, as describted in the guide: #nat-anchor "ftp-proxy/*" #rdr-anchor "ftp-proxy/*" And this is how I've "converted" the rdr rules: #nat on $ext_if from !($ext_if) -> ($ext_if) match out on $ext_if from !($ext_if) nat-to ($ext_if) #rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021 match in on $int_if proto tcp to port ftp rdr-to 127.0.0.1 port 8021 #rdr pass on $ext_if proto tcp to port 2080 -> $segatop port 80 match in on $ext_if proto tcp tp port 2080 rdr-to $segatop port 80 #rdr pass on $ext_if proto tcp to port 2022 -> $segatop port 22 match in on $ext_if proto tcp tp port 2022 rdr-to $segatop port 22 rdr pass on $ext_if proto tcp to port 4000 -> $polemon port 4000 match in on $ext_if proto tcp tp port 4000 rdr-to $polemon port 4000 rdr pass on $ext_if proto tcp to port 6600 -> $polemon port 6600 match in on $ext_if proto tcp tp port 6600 rdr-to $polemon port 6600 Did I miss anything? Is the anchor for ftp-proxy OK as it is now? Do I need to change something in the other pass in on... lines?

    Read the article

  • Daylight saving time: Annoying and pointless [closed]

    - by polemon
    Daylight saving time is a big annoyance for me. Not just from the standpoint, that I never know when we set our clocks an hour ahead or an hour back. Setting the clock ahead or back disturbs my time organization, and is responsible for my bad mood around that day. From the standpoint of a programmer, it's no less annoying. you always have to check whether it isn't "that date" in the year, when you have to work with local time. I hear people have the same views on this that I have. also, I don't see any benefits from it. The supposedly added "extra hour" of sunlight; I don't feel that. In case you live in a region where daylight savings is observed (like in Germany, where I live), please tell me how you manage the annoyances that come with it, and (if possible) how to get rid of it, once and for all...

    Read the article

  • How to remap media keys on laptop,without external programs?

    - by polemon
    As on most laptops, my laptop has "special" keys, or media keys, as they are sometimes called. On Linux, I can easily read keycodes with things like xev, put other functions back to it. Either with xmodmap or by simply giving the keys functions in my window manager. How is that possible on Windows? Is there even a way to scan those keys and remap them? Possibly even give them different functions as on Linux? If so, where do I do that? I heard of several programs atempting on changing that, but I don't see why I should install another program. I see it as integral part of the OS. For instance, I have a key with an 'i' in a circle. It normally opens a new browser window. When Chrome is already open, it makes the current tab go to my selected homepage (which is about:blank). I'd like to change the functionality of it.

    Read the article

  • How to set TV-out options under Linux of an Geforce 9600 GT video card

    - by polemon
    I'm using the TV-out connector of my Geforce 9600 GT to connect it to an old TV set. It's obviously in Composite mode, the other two cables of Component video are dead, only Pb/VIDEO labeled one gives me a signal. The picture appears black/white on the TV, I presume it's because the video card gives me an NTSC signal, but it's a PAL tv set. How do I change the TV-out from NTSC to PAL? My Component to SCART adapter hasn't arrived yet, but I think I should be able to set manually, whether the signal should be Composite or Component. How do I switch modes of the TV-out, between Component and Composite? I'm running Linux, so it's probably some settings I need to make in xorg.conf. Edit: I got this far: I need to set in the "Device" section of my xorg.conf: Option "TVStandard" "PAL-B" Option "TVOutFormat" "COMPOSITE" The whole section looks like this now: Section "Device" Identifier "Device0" Driver "nvidia" VendorName "NVIDIA Corporation" BoardName "GeForce 9600 GT" Option "AddARGBGLXVisuals" "True" Option "TVStandard" "PAL-B" Option "TVOutFormat" "COMPOSITE" EndSection How can I list all available settings for "TVStandard" and "TVOutFormat"?

    Read the article

  • Content delivery: Alternatives to SHOUTcast

    - by polemon
    I've been using Icecast and SHOUTcast for several years now, to deliver audio and Video content. I wonder what kind of alternatives do I have to those two, especially when streaming video. On the client side, what software can I choose from to stream to those servers live? Making the streams available with Flash would be great, but that's maybe another story. We're still using EdCast, which is kinda dead by now, Shoutcast DSP plugin is not an option, as this tends to crash, etc. Are there any alternatives to that, when livestreaming video? I'm using Liquidsoap for content generation, mixing, etc. It should work with Icecast, Liquidsoap and if possible SHOUTcast.

    Read the article

  • How do I remove any SELinux context or ACL?

    - by polemon
    HI, I have some files, that I'd like to remove the SELinux context or ACLs from (denoted by a '.' or a '+' respectively when using ls -alZ). I don't have too much time on my hands to read on the , etc on how to use chcon etc., so I just want to quickly know how to disable them all. Also, if someone knows a SELinux/ACL Cheat-Sheet, that would be terrific. Here's a screen shot: Notice the dots right after the permission symbols: drwxr-xr-x., etc.

    Read the article

  • How to bridge two networks via VPN (IPsec)?

    - by polemon
    I'd like to do a Site-to-Site bridging with VPN (IPsec), how do I do that? On the local side, I have a DrayTec Vigor2910, it is supposed to be able to manage IPsec tunnels. Anyway, I need to have several VPN tunnels to various sites, but how exactly do I do that, If the only router I can configure, is the local one? As I understand it, I'd need some sort of VPN server or client, or whatever on the other side. In any event, please clarify that issue. Thanks.

    Read the article

  • Using git with cgit for decentralized/centralized development

    - by polemon
    I plan to use git for hosting my projects on my server. I've read about cgit, git-daemon, and I more or less decided to use those tools. But general use is still kind of confusing for me. What do I need to set up on the server, to push my files onto it. And when the files on the server are newer as the files on my computer, how do I merge them? Also, I use, say, two computers where I develop. How do I merge from one computer to the other? Also, when two people are working on the same project, how do they merge their local repos from one another? As you probably can tell by now, I come from SVN, but I've worked with Mercurial and now I'd like to test git.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

1