Search results

  1. M

    PF: block between two IP address on same NIC

    Great thread, I spun my wheels on this same issue all night. Who would have thunk to look at that lo0 interface that's just sitting down there in ifconfig all these years.
  2. M

    Controlling traffic between jails on the same host

    After spending a bit more time searching through this forum, I found a very helpful thread! https://forums.freebsd.org/viewtopic.php?f=44&t=41263&hilit=block+between+two+IP+addresses+on+same+NIC I was searching "jails" mostly and when I found this it made me realize it's not really a jail...
  3. M

    Controlling traffic between jails on the same host

    The Setup: I've got a pretty simple setup... A FreeBSD 10.0 host with 3 jails on it. The host, and each jail are assigned a public IP address. The host runs PF that controls inbound and outbound traffic for itself and it's jails. All works really nicely. Here's a basic diagram: HOST: IF: BCE0 -...
  4. M

    Why is package being built?

    I've noticed just today that certain ports are having packages automatically created for them, which I don't ever recall seeing. I only really noticed this because in my jails, /etc/make.conf specifies to save packages to /var/ports/packages. That directory has never existed in my jails, so all...
  5. M

    MySQL Server Facing Internet

    Very good ideas as well, throAU. All of my applications that talk to the MySQL server are actually FAT desktop based applications in Windows and some in Linux... That being said, obviously injection attacks are possible in those too and I'm very concious of those during the design and build of...
  6. M

    MySQL Server Facing Internet

    I suppose for an added layer of security. I distribute a customer SSL cert to each client that must load that into their application. Without that cert, even knowing the login and password to the MySQL server would do them no good. I guess it's not so much for more encryption, but for an added...
  7. M

    MySQL Server Facing Internet

    Yes that's a good point, but if the client application is establishing an SSL connection with the MySQL server through the SSH tunnel, then that traffic would be encrypted from the client to the tunnel and then to the MySQL server. I did some testing with tcpdump and there was nothing plain text...
  8. M

    MySQL Server Facing Internet

    I took the approach of the SSH tunnel and I am very pleased. Rather than using plink.exe, I actually used some .NET SSH components by Chilkat so everything takes place from within the code. The tunnel gets established and then I talk to the MySQL server through it. I still use REQUIRE SSL on the...
  9. M

    MySQL Server Facing Internet

    I've got the MySQL server in a jail, so it is isolated from other services, but I guess my main concern would be protecting the data within the MySQL server.
  10. M

    MySQL Server Facing Internet

    Interesting approach... A seamless solution to the client is certainly desired, we install into a lot of large companies who have strict policies and I wonder if this approach would be too invasive in the way it interacts with the operating system, especially if the software is install on...
  11. M

    MySQL Server Facing Internet

    I write a lot of VB.NET Windows desktop applications that communicate centrally to MySQL servers. All of the desktop applications use the official MySQL connectors and all users in the system are set to REQUIRE SSL. I've got permissions on databases, tables, and columns very locked down. So all...
  12. M

    New to BSD Programming, where to start?

    I'm a long time hardcore FreeBSD user, since the 2.2.x days, and have become pleanty familiar with perl, shell scripting, php, etc. I'm also a heavy VB.NET developer on the Microsoft side. I work a ton with MySQL, MSSQL, SQLite, etc. I'm really wanting to start programming more extensivly on...
  13. M

    ALTQ - Does this make sense?

    I've got a FreeBSD host that has a public address assigned to bge0. I have a webserver running on port 80 that is providing an HTTP mirror for one of my buddies. I've got 5Mbits available on this system. What I'm trying to do is cap the mirror at 1Mbit for port 80 and give the rest of the system...
  14. M

    Default Route Question

    Does anyone have a dual homing example? My understanding is that only one default route can exist on a given system... So bge0 would have the default route. So once I configure the other subnet on bge1, how do I tell the system to route traffic to or from the IP on bge1 through a gateway other...
  15. M

    Default Route Question

    Interesting, good to know. If I put a public IP on the second interface that had a DIFFERENT subnet, would it still have to route through the default route on bge0, or can I specify a default route for bge0 and another default route for bge1? I.E. bge0 was plugged into one Internet connection...
  16. M

    Default Route Question

    I have a FreeBSD host that has two network cards. I've placed one public IP on bge0 and another public IP on the same subnet on bge1. It looks like this, I've masked my public IP addresses as 172.16.0.0 bge0: 172.16.0.100 bge1: 172.16.0.101 The default route is 172.16.0.1. When I issue a...
  17. M

    PF NAT with multiple public IP addresses

    When I reload that rule I get: /etc/pf.conf:59: interface bge0*:0* has bad modifier *** IGNORE THIS... That's how it appeared on the ipad in my E-mail. Sheesh.
  18. M

    PF NAT with multiple public IP addresses

    I've got a FreeBSD NAT router using PF. It looks like this: bge0 (Public Interface) A.A.A.1 A.A.A.2 A.A.A.3 bge1 (Internal Interface) 172.16.10.1 172.16.10.10 My NAT line in /etc/pf.conf looks like this: nat on bge0 from 172.16.10.0/24 to any -> (bge0) Everything works well, hosts...
  19. M

    Rebuild of ports after upgrade?

    Just bringing some systems up from 8.3-REL to 9.0-REL. Everything's gone smoothly. I've always wondered what the final word is on rebuilding all ports after a release from one branch to the next. I use portupgrade, what is the proper way to rebuild all ports? Any advice would be appreciated.
  20. M

    Jail Portability

    I use FreeBSD 8.3 and ezjail to administrate and maintain my jails. I know ezjail has backup and restore capabilities, but I thought I'd see if people have real world successes with moving jails between FreeBSD hosts. My main assumption is that in order to move a jail from one physical host to...
Back
Top