On Thu, 1 May 2014, Brian Hechinger wrote:
On Thu, May 01, 2014 at 02:03:33PM -0400, Cory Smelosky wrote:
On Thu, 1 May 2014, Brian Hechinger wrote:
for each tunnel? I'll likely pull it from tftp using a cronjob and
shoving it in to a pf anchor.
Use a table instead.
Oooh. I wasn't aware of tables. Pf really does have some neat features.
pf is my favorite firewall of all times. It's awesome.
It's exceptionally powerful! Looks like 5.5 is out now, too. I'll need to upgrade my router.
I have tftp-proxy running, but I was unable to pull anything via
tftp. Is it my end or yours?
If you can pull your router config you can pull this. Same server.
Is anyone else's end up? My DNS is up, rules are in place and no
GRE packets were being logged to pflog.
Reloading router: 75.49.17.245 hecnetconfigupdate 199.166.5.172 tunnel-dev.gimme-sympathy.org-ipv4.txt
Error reloading router: dev.gimme-sympathy.org :: No SNMP response received before timeout
Something is amis.
Ahhhh! That isn't the current IP for dev.gimme-sympathy.org!
dev.gimme-sympathy.org (75.49.0.26)
-brian
--
Cory Smelosky
http://gewt.net Personal stuff
http://gimme-sympathy.org Projects
On Thu, 1 May 2014, Dave McGuire wrote:
On 05/01/2014 02:10 PM, Cory Smelosky wrote:
On Thu, 1 May 2014, Dave McGuire wrote:
On 05/01/2014 02:03 PM, Cory Smelosky wrote:
Is anyone else's end up? My DNS is up, rules are in place and no GRE
packets were being logged to pflog.
My stuff's up all the time. You can always ping 61.1 (A61RTR) for
testing, that's a Cisco 7206VXR. Also, 61.3 (EBOLA) is nearly always
up; that's a VAX-4000/700A.
I meant your tunnel. ;)
You won't see those unless my tunnel is up, Sparky. ;)
Right. ;)
all gre 50.73.179.1 <- 10.10.0.10 NO_TRAFFIC:SINGLE
all gre 75.49.0.26 (10.10.0.10) -> 50.73.179.1 SINGLE:NO_TRAFFIC
Tunnel53 is up, line protocol is up
marjorie#sh decnet route
Node Cost Hops Next Hop to Node Expires Prio
*9.1 10 1 Ethernet0 -> 9.1 43
*9.2 10 1 Ethernet0 -> 9.2 45
*9.5 10 1 Ethernet0 -> 9.5 27
*9.10 10 1 Ethernet0 -> 9.10 33
*9.1023 0 0 (Local) -> 9.1023
marjorie#
Did I forget something? Hmmm.
-Dave
--
Cory Smelosky
http://gewt.net Personal stuff
http://gimme-sympathy.org Projects
On 05/01/2014 02:10 PM, Cory Smelosky wrote:
On Thu, 1 May 2014, Dave McGuire wrote:
On 05/01/2014 02:03 PM, Cory Smelosky wrote:
Is anyone else's end up? My DNS is up, rules are in place and no GRE
packets were being logged to pflog.
My stuff's up all the time. You can always ping 61.1 (A61RTR) for
testing, that's a Cisco 7206VXR. Also, 61.3 (EBOLA) is nearly always
up; that's a VAX-4000/700A.
I meant your tunnel. ;)
You won't see those unless my tunnel is up, Sparky. ;)
-Dave
--
Dave McGuire, AK4HZ
New Kensington, PA
On Thu, 1 May 2014, Dave McGuire wrote:
On 05/01/2014 02:03 PM, Cory Smelosky wrote:
Is anyone else's end up? My DNS is up, rules are in place and no GRE
packets were being logged to pflog.
My stuff's up all the time. You can always ping 61.1 (A61RTR) for
testing, that's a Cisco 7206VXR. Also, 61.3 (EBOLA) is nearly always
up; that's a VAX-4000/700A.
I meant your tunnel. ;)
-Dave
--
Cory Smelosky
http://gewt.net Personal stuff
http://gimme-sympathy.org Projects
On 05/01/2014 02:03 PM, Cory Smelosky wrote:
Is anyone else's end up? My DNS is up, rules are in place and no GRE
packets were being logged to pflog.
My stuff's up all the time. You can always ping 61.1 (A61RTR) for
testing, that's a Cisco 7206VXR. Also, 61.3 (EBOLA) is nearly always
up; that's a VAX-4000/700A.
-Dave
--
Dave McGuire, AK4HZ
New Kensington, PA
On Thu, 1 May 2014, Brian Hechinger wrote:
On Wed, Apr 30, 2014 at 10:46:47PM -0400, Cory Smelosky wrote:
Brian,
As I run pf at the Edge, can you add a bit that autogenerates a file
that looks like:
pass in on $ext_if proto gre from <remote tunnel IP> to any port
rdr-to 10.10.0.10 port snmp
for each tunnel? I'll likely pull it from tftp using a cronjob and
shoving it in to a pf anchor.
Use a table instead.
Oooh. I wasn't aware of tables. Pf really does have some neat features.
table <hecnet_gre> persist file "/etc/hecnet"
pass in on $ext_if proto gre from <hecnet_gre> to any port
rdr-to 10.10.0.10 port snmp
then fetch ip_list via tftp and put it as /etc/hetnet
I have tftp-proxy running, but I was unable to pull anything via tftp. Is it my end or yours?
Then run: pfctl -t hecnet_gre -Tr -f /etc/hetnet
This file is re-generated every time my script is triggered. That being
said, it obviously only changes if people join/leave/change ip.
-brian
Is anyone else's end up? My DNS is up, rules are in place and no GRE packets were being logged to pflog.
--
Cory Smelosky
http://gewt.net Personal stuff
http://gimme-sympathy.org Projects
On Thu, May 01, 2014 at 02:03:33PM -0400, Cory Smelosky wrote:
On Thu, 1 May 2014, Brian Hechinger wrote:
for each tunnel? I'll likely pull it from tftp using a cronjob and
shoving it in to a pf anchor.
Use a table instead.
Oooh. I wasn't aware of tables. Pf really does have some neat features.
pf is my favorite firewall of all times. It's awesome.
I have tftp-proxy running, but I was unable to pull anything via
tftp. Is it my end or yours?
If you can pull your router config you can pull this. Same server.
Is anyone else's end up? My DNS is up, rules are in place and no
GRE packets were being logged to pflog.
Reloading router: 75.49.17.245 hecnetconfigupdate 199.166.5.172 tunnel-dev.gimme-sympathy.org-ipv4.txt
Error reloading router: dev.gimme-sympathy.org :: No SNMP response received before timeout
Something is amis.
-brian
On Wed, Apr 30, 2014 at 10:46:47PM -0400, Cory Smelosky wrote:
Brian,
As I run pf at the Edge, can you add a bit that autogenerates a file
that looks like:
pass in on $ext_if proto gre from <remote tunnel IP> to any port
rdr-to 10.10.0.10 port snmp
for each tunnel? I'll likely pull it from tftp using a cronjob and
shoving it in to a pf anchor.
Use a table instead.
table <hecnet_gre> persist file "/etc/hecnet"
pass in on $ext_if proto gre from <hecnet_gre> to any port
rdr-to 10.10.0.10 port snmp
then fetch ip_list via tftp and put it as /etc/hetnet
Then run: pfctl -t hecnet_gre -Tr -f /etc/hetnet
This file is re-generated every time my script is triggered. That being
said, it obviously only changes if people join/leave/change ip.
-brian
On Thu, 1 May 2014, Dave McGuire wrote:
On 05/01/2014 12:10 AM, Cory Smelosky wrote:
Speaking of PDP-11s, has your intermediary gotten the haul from VCF your
way yet?
Yes! I haven't looked at them yet, but they're here, safe and sound.
I'll work out a way to get them to you soon.
Cool!
Back to work now.
Back to waiting on crap in my case. ;)
-Dave
--
Cory Smelosky
http://gewt.net Personal stuff
http://gimme-sympathy.org Projects
On 05/01/2014 12:10 AM, Cory Smelosky wrote:
Speaking of PDP-11s, has your intermediary gotten the haul from VCF your
way yet?
Yes! I haven't looked at them yet, but they're here, safe and sound.
I'll work out a way to get them to you soon.
Back to work now.
-Dave
--
Dave McGuire, AK4HZ
New Kensington, PA
