From owner-freebsd-ipfw@FreeBSD.ORG Sun Oct 1 23:32:10 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 590AC16A403 for ; Sun, 1 Oct 2006 23:32:10 +0000 (UTC) (envelope-from ohauer@gmx.de) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 8FEB043D45 for ; Sun, 1 Oct 2006 23:32:09 +0000 (GMT) (envelope-from ohauer@gmx.de) Received: (qmail invoked by alias); 01 Oct 2006 23:32:08 -0000 Received: from u18-124.dsl.vianetworks.de (EHLO [172.20.1.30]) [194.231.39.124] by mail.gmx.net (mp018) with SMTP; 02 Oct 2006 01:32:08 +0200 X-Authenticated: #1956535 Message-ID: <45204FF7.1050301@gmx.de> Date: Mon, 02 Oct 2006 01:32:07 +0200 From: Olli Hauer User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Subject: spamd-4.0 port tester wanted X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Oct 2006 23:32:10 -0000 Hi, I have ported the last mail/spamd port from OpenBSD 4.0 to FreeBSD. The port has a new Layout, I made a split between pf and ipwf to handle conflicts and patches between them. If you are interested in testing, you can get the source here: - the new ports (mail/spamd-pf, mail/spamd-ipfw) http://sorry.mine.nu/patches/FreeBSD/ports/spamd/port_mail_spamd-pf-ipfw.shar - the distfile http://sorry.mine.nu/patches/FreeBSD/ports/spamd/spamd_4.0.tar.bz2 Instructions: get the file port_mail_spamd-pf-ipfw.shar get the file spamd_4.0.tar.bz2 cp port_mail_spamd-pf-ipfw.shar /usr/ports/mail/ cp spamd_4.0.tar.bz2 /usr/ports/distfiles/ cd /usr/ports/mail && sh port_mail_spamd-pf-ipfw.shar cd /usr/ports/mail/spamd-(pd|ipfw)/ make clean install major changes for spamd-4.0 - new parameter -h - new parameter -S - separate port for spamd-pf / spamd-ipfw ipfw patches: I have merged the ipfw patches from version spamd-3.7_1 to spamd-4.0. Since I have no machine with ipfw I cannot make full tests here. happy testing olli From owner-freebsd-ipfw@FreeBSD.ORG Mon Oct 2 06:55:07 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D22E616A407 for ; Mon, 2 Oct 2006 06:55:06 +0000 (UTC) (envelope-from subscriber@osk.com.ua) Received: from gandalf.osk.com.ua (osk.com.ua [195.5.17.76]) by mx1.FreeBSD.org (Postfix) with ESMTP id 91EB943D46 for ; Mon, 2 Oct 2006 06:55:05 +0000 (GMT) (envelope-from subscriber@osk.com.ua) Received: from localhost (localhost [127.0.0.1]) by gandalf.osk.com.ua (Postfix) with ESMTP id 9845878C22 for ; Mon, 2 Oct 2006 09:57:54 +0300 (EEST) Received: from gandalf.osk.com.ua ([127.0.0.1]) by localhost (gandalf.osk.com.ua [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 53026-10 for ; Mon, 2 Oct 2006 09:57:53 +0300 (EEST) Received: from oleg.piramida.com (unknown [192.168.82.111]) by gandalf.osk.com.ua (Postfix) with ESMTP id C6C9578C1F for ; Mon, 2 Oct 2006 09:57:53 +0300 (EEST) Date: Mon, 2 Oct 2006 09:55:02 +0300 From: Oleg Tarasov X-Mailer: The Bat! (v3.64.01 Christmas Edition) Professional X-Priority: 3 (Normal) Message-ID: <1667794444.20061002095502@osk.com.ua> To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at osk.com.ua Subject: ipfw forward does not work X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: FreeBSD MailList List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 06:55:07 -0000 Hello, I've got a machine running FreeBSD 6.0. This problem occured on 6.0-p0 and 6.0-p12. Introduction ============= I've got two internet connections from two different providers. One is the main and second for failover. Both interfaces have attached natd using divert function of ipfw. Here are interface parameters: ng0: flags=88d1 mtu 1492 inet xxx.xxx.xxx.xxx --> XXX.XXX.XXX.XXX netmask 0xffffffff ng8: flags=88d1 mtu 1492 inet yyy.yyy.yyy.yyy --> YYY.YYY.YYY.YYY netmask 0xffffffff Here yyy.yyy.yyy.yyy is an IP address of main connection. routing table looks like this: ------------------------- default YYY.YYY.YYY.YYY UGS 0 21878 ng8 yyy.yyy.yyy.yyy lo0 UHS 0 51 lo0 xxx.xxx.xxx.xxx lo0 UHS 0 0 lo0 127.0.0.1 127.0.0.1 UH 0 3810 lo0 192.168.82 link#1 UC 0 0 rl0 192.168.82.253 00:30:4f:27:ae:85 UHLW 1 74 lo0 YYY.YYY.YYY.YYY yyy.yyy.yyy.yyy UH 3 0 ng8 XXX.XXX.XXX.XXX xxx.xxx.xxx.xxx UH 3 0 ng0 ------------------------- My kernel is compiled using following options: ------------------------- options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=300 options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_FORWARD options IPDIVERT options IPSTEALTH options DUMMYNET options HZ=1000 ------------------------- Both interfaces have real IPs and should simultaneously work supplying DNS, mail and other services. Usually this is implemented configuring ipfw fwd command for policy routing so I've inserted two following lines into ipfw script: ------------------------- fwd XXX.XXX.XXX.XXX ip from xxx.xxx.xxx.xxx to any out xmit ng8 fwd YYY.YYY.YYY.YYY ip from yyy.yyy.yyy.yyy to any out xmit ng0 ------------------------- This usually works and works on my second server. But for some reason here I met strange behaviour. It just seems that fwd command does not do anything at all. When I ping xxx.xxx.xxx.xxx (which is failover one) icmp packets come into ng0 but replies from xxx.xxx.xxx.xxx go through default route on ng8. This should be normal if there were no fwd commands. But I see counters on the rule increasing and logging these rules shows following lines: Oct 2 08:35:49 central kernel: ipfw: 20500 Forward to XXX.XXX.XXX.XXX ICMP:0.0 xxx.xxx.xxx.xxx some.outer.ip.address out via ng8 but packets still go out through ng8 using default route. There can be two reasons as I see. First is that fwd command does not work for some reason and the second is that system routing table considered that default route is preferrable over direct route to router. The second near impossible so I wonder... Please tell me if possible how to locate the possible reason of this problem! -- Best regards, Oleg Tarasov mailto:subscriber@osk.com.ua From owner-freebsd-ipfw@FreeBSD.ORG Mon Oct 2 07:56:28 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 52F7A16A40F for ; Mon, 2 Oct 2006 07:56:28 +0000 (UTC) (envelope-from subscriber@osk.com.ua) Received: from gandalf.osk.com.ua (osk.com.ua [195.5.17.76]) by mx1.FreeBSD.org (Postfix) with ESMTP id BBD5743D73 for ; Mon, 2 Oct 2006 07:56:21 +0000 (GMT) (envelope-from subscriber@osk.com.ua) Received: from localhost (localhost [127.0.0.1]) by gandalf.osk.com.ua (Postfix) with ESMTP id A85FD78C33 for ; Mon, 2 Oct 2006 10:59:09 +0300 (EEST) Received: from gandalf.osk.com.ua ([127.0.0.1]) by localhost (gandalf.osk.com.ua [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 53796-04; Mon, 2 Oct 2006 10:59:08 +0300 (EEST) Received: from oleg.piramida.com (unknown [192.168.82.111]) by gandalf.osk.com.ua (Postfix) with ESMTP id A3A6178C25; Mon, 2 Oct 2006 10:59:08 +0300 (EEST) Date: Mon, 2 Oct 2006 10:56:13 +0300 From: Oleg Tarasov X-Mailer: The Bat! (v3.64.01 Christmas Edition) Professional X-Priority: 3 (Normal) Message-ID: <1210406434.20061002105613@osk.com.ua> To: Oleg Tarasov In-Reply-To: <1667794444.20061002095502@osk.com.ua> References: <1667794444.20061002095502@osk.com.ua> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at osk.com.ua Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw forward does not work X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Oleg Tarasov List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 07:56:28 -0000 Hello, [resolved] Recompiling the kernel using IPFIREWALL_FORWARD_EXTENDED solved the problem. I thought this one in 6.0-p12 is deprecated... Oleg Tarasov wrote: > Hello, > I've got a machine running FreeBSD 6.0. This problem occured on 6.0-p0 > and 6.0-p12. > Introduction > ============= > I've got two internet connections from two different providers. One > is the main and second for failover. Both interfaces have attached > natd using divert function of ipfw. Here are interface parameters: > ng0: flags=88d1 mtu 1492 > inet xxx.xxx.xxx.xxx --> XXX.XXX.XXX.XXX netmask 0xffffffff > ng8: flags=88d1 mtu 1492 > inet yyy.yyy.yyy.yyy --> YYY.YYY.YYY.YYY netmask 0xffffffff > Here yyy.yyy.yyy.yyy is an IP address of main connection. > routing table looks like this: > ------------------------- > default YYY.YYY.YYY.YYY UGS 0 21878 ng8 > yyy.yyy.yyy.yyy lo0 UHS 0 51 lo0 > xxx.xxx.xxx.xxx lo0 UHS 0 0 lo0 > 127.0.0.1 127.0.0.1 UH 0 3810 lo0 > 192.168.82 link#1 UC 0 0 rl0 > 192.168.82.253 00:30:4f:27:ae:85 UHLW 1 74 lo0 > YYY.YYY.YYY.YYY yyy.yyy.yyy.yyy UH 3 0 ng8 > XXX.XXX.XXX.XXX xxx.xxx.xxx.xxx UH 3 0 ng0 > ------------------------- > My kernel is compiled using following options: > ------------------------- > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=300 > options IPFIREWALL_DEFAULT_TO_ACCEPT > options IPFIREWALL_FORWARD > options IPDIVERT > options IPSTEALTH > options DUMMYNET > options HZ=1000 > ------------------------- > Both interfaces have real IPs and should simultaneously work supplying > DNS, mail and other services. > Usually this is implemented configuring ipfw fwd command for policy > routing so I've inserted two following lines into ipfw script: > ------------------------- > fwd XXX.XXX.XXX.XXX ip from xxx.xxx.xxx.xxx to any out xmit ng8 > fwd YYY.YYY.YYY.YYY ip from yyy.yyy.yyy.yyy to any out xmit ng0 > ------------------------- > This usually works and works on my second server. But for some reason > here I met strange behaviour. It just seems that fwd command does not > do anything at all. > When I ping xxx.xxx.xxx.xxx (which is failover one) icmp packets come > into ng0 but replies from xxx.xxx.xxx.xxx go through default route on > ng8. This should be normal if there were no fwd commands. But I see > counters on the rule increasing and logging these rules shows > following lines: > Oct 2 08:35:49 central kernel: ipfw: 20500 Forward to XXX.XXX.XXX.XXX > ICMP:0.0 xxx.xxx.xxx.xxx some.outer.ip.address out via ng8 > but packets still go out through ng8 using default route. > There can be two reasons as I see. First is that fwd command does not > work for some reason and the second is that system routing table > considered that default route is preferrable over direct route to > router. The second near impossible so I wonder... > Please tell me if possible how to locate the possible reason of this > problem! -- Best regards, Oleg Tarasov mailto:subscriber@osk.com.ua From owner-freebsd-ipfw@FreeBSD.ORG Mon Oct 2 11:08:23 2006 Return-Path: X-Original-To: freebsd-ipfw@FreeBSD.org Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4C41216A4F1 for ; Mon, 2 Oct 2006 11:08:23 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id D746943D4C for ; Mon, 2 Oct 2006 11:08:22 +0000 (GMT) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k92B8MRQ001509 for ; Mon, 2 Oct 2006 11:08:22 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k92B8LEH001505 for freebsd-ipfw@FreeBSD.org; Mon, 2 Oct 2006 11:08:21 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 2 Oct 2006 11:08:21 GMT Message-Id: <200610021108.k92B8LEH001505@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: linimon set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 11:08:23 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent f kern/51341 ipfw [ipfw] [patch] ipfw rule 'deny icmp from any to any ic o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o conf/78762 ipfw [ipfw] [patch] /etc/rc.d/ipfw should excecute $firewal o bin/80913 ipfw [patch] /sbin/ipfw2 silently discards MAC addr arg wit o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/93300 ipfw ipfw pipe lost packets o kern/95084 ipfw [ipfw] [patch] IPFW2 ignores "recv/xmit/via any" (IPFW o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/103454 ipfw [ipfw] [patch] add a facility to modify DF bit of the 14 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau o kern/46159 ipfw [ipfw] [patch] ipfw dynamic rules lifetime feature o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o bin/50749 ipfw [ipfw] [patch] ipfw2 incorrectly parses ports and port o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/73276 ipfw [ipfw] [patch] ipfw2 vulnerability (parser error) o bin/78785 ipfw [ipfw] [patch] ipfw verbosity locks machine if /etc/rc o kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o kern/82724 ipfw [ipfw] [patch] Add setnexthop and defaultroute feature o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/93422 ipfw ipfw divert rule no longer works in 6.0 (regression) p bin/95146 ipfw [ipfw][patch]ipfw -p option handler is bogus o kern/103328 ipfw sugestions about ipfw table 19 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Wed Oct 4 13:23:13 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4C6D616A47E; Wed, 4 Oct 2006 13:23:13 +0000 (UTC) (envelope-from ErikaKincaidp@arcor-ip.net) Received: from arcor-ip.net (dslb-088-073-196-004.pools.arcor-ip.net [88.73.196.4]) by mx1.FreeBSD.org (Postfix) with SMTP id 2203643D49; Wed, 4 Oct 2006 13:23:11 +0000 (GMT) (envelope-from ErikaKincaidp@arcor-ip.net) Message-Id: <649574106.178832236@arcor-ip.net> From: "Maryellen Ayala" To: , Date: Wed, 04 Oct 2006 15:23:11 +0100 MIME-Version: 1.0 Cc: freebsd-isdn-owner@freebsd.org, freebsd-isdn@freebsd.org Subject: contradistinguish quadrennialu X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Oct 2006 13:23:13 -0000 Energy Prices are near all time low, This is the best time to lock in a quality energy stock Introducing : WBRS Exchange Pinksheets Price: 0.05 3 Day Estimated : .50 ( +1000%) WILD BRUSH MAKES A MOVE! Wild Brush Acquires Additional Powder River Oil & Gas Lease. Who is Wild Brush? Wild Brush Energy is a diversified energy company whose primary goal is to identify and develop Oil & Coalbed Methane sites within the State of Wyoming. In addition, Wild Brush Energy continues to evaluate clean air alternative energy producing technologies such as Wind Power. Wild Brush trades in the U.S. under the symbol "WBRS." ADD THIS ENERGY STOCK TO YOUR LIST AND WATCH IT TRADE CLOSELY ON WEDNESDAY OCTOBER 4! Get In NOW !!! Two peas in a pod. The season of goodwill. Raking it in. You never miss the water till the well runs dry. The way to a man's heart is through his stomach. Say it with flowers. A rose by any other name would smell as sweet. A rose by any other name would smell as sweet. Plain as water. When pigs fly. There may be snow on the roof, but there's fire in the belly. Run to seed. From owner-freebsd-ipfw@FreeBSD.ORG Wed Oct 4 13:23:43 2006 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 438D016A51E for ; Wed, 4 Oct 2006 13:23:43 +0000 (UTC) (envelope-from RufusSalinasf@arcor-ip.net) Received: from arcor-ip.net (dslb-088-073-196-004.pools.arcor-ip.net [88.73.196.4]) by mx1.FreeBSD.org (Postfix) with SMTP id BDCD443D46 for ; Wed, 4 Oct 2006 13:23:42 +0000 (GMT) (envelope-from RufusSalinasf@arcor-ip.net) Message-Id: <583687914.0814013@arcor-ip.net> From: "Molly Fitzgerald" To: Date: Wed, 04 Oct 2006 15:23:42 +0100 MIME-Version: 1.0 Cc: Subject: djakartaw X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Oct 2006 13:23:43 -0000 Energy Prices are near all time low, This is the best time to lock in a quality energy stock Introducing : WBRS Exchange Pinksheets Price: 0.05 3 Day Estimated : .50 ( +1000%) WILD BRUSH MAKES A MOVE! Wild Brush Acquires Additional Powder River Oil & Gas Lease. Who is Wild Brush? Wild Brush Energy is a diversified energy company whose primary goal is to identify and develop Oil & Coalbed Methane sites within the State of Wyoming. In addition, Wild Brush Energy continues to evaluate clean air alternative energy producing technologies such as Wind Power. Wild Brush trades in the U.S. under the symbol "WBRS." ADD THIS ENERGY STOCK TO YOUR LIST AND WATCH IT TRADE CLOSELY ON WEDNESDAY OCTOBER 4! Get In NOW !!! Two peas in a pod. A rose is a rose is a rose. Run to seed. When you get lemons, make lemonade.(When life gives you scraps make quilts.) Under the weather. The sun will shine into our yard to. Plain as water. Up a tree. She's the apple of my eye. Tools of the trade. From owner-freebsd-ipfw@FreeBSD.ORG Thu Oct 5 22:53:22 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6BFA516A47B for ; Thu, 5 Oct 2006 22:53:22 +0000 (UTC) (envelope-from aoga@mail.Linux-Consulting.com) Received: from Mail.Linux-Consulting.com (Mail.linux-consulting.com [157.22.35.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 26E0643D46 for ; Thu, 5 Oct 2006 22:53:22 +0000 (GMT) (envelope-from aoga@mail.Linux-Consulting.com) Received: from Maggie.Linux-Consulting.com (localhost [127.0.0.1]) by Mail.Linux-Consulting.com (8.12.11/8.12.11/check_local-5) with ESMTP id k95MrLQH017878; Thu, 5 Oct 2006 15:53:21 -0700 Received: (from aoga@localhost) by Maggie.Linux-Consulting.com (8.12.11/8.12.11/Submit) id k95MrLeS017877; Thu, 5 Oct 2006 15:53:21 -0700 From: Alvin Oga Message-Id: <200610052253.k95MrLeS017877@Maggie.Linux-Consulting.com> To: freebsd-ipfw@freebsd.org Date: Thu, 5 Oct 2006 15:53:21 -0700 (PDT) X-Mailer: ELM [version 2.5 PL8] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: Alvin Oga Subject: ipfw versions - /usr/src/sbin X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Oct 2006 22:53:22 -0000 hi all i've been having some fun with ipfw-1.99 on freebsd-6.1 what version is the released version for ipfw in freebsd-6.1 ?? none of these seem to get me the info i'm looking for or the sources of the released ipfw - ipfw -v|-V|--version - strings ipfw | grep version so, for fun, i did the following: setenv CVSROOT freebsdanoncvs@anoncvs.FreeBSD.org:/home/ncvs setenv CVS_RSH ssh mkdir /usr/src/sbin cd /usr/src/sbin cvs co ipfw cd ipfw make -- lots of errors - if i take out the "TAG" that make complains about, than ipfw-1.99 compiles cleanly .. ( by taking out the sections of code related to "TAG" ) but, what ( the !@#$ ) did i just blindly remove ?? - is there a file or "something" that i'm missing ?? - i didn't have /usr/src/sbin so i created the directory but what commands would have normally put the sources there ? i do have /usr/src/sys for the kernel and it recompiled nicely with the new config changes thanx alvin ------ errors from make cd /usr/src/sbin/ipfw make Warning: Object directory not changed from original /usr/src/CVS.manually/ipfw cc -O2 -fno-strict-aliasing -pipe -c ipfw2.c ipfw2.c:619: error: `O_TAGGED' undeclared here (not in a function) ipfw2.c:619: error: initializer element is not constant ipfw2.c:619: error: (near initialization for `_port_name[7].x') ipfw2.c:619: error: initializer element is not constant ipfw2.c:619: error: (near initialization for `_port_name[7]') ipfw2.c:620: error: initializer element is not constant ipfw2.c:620: error: (near initialization for `_port_name[8]') ipfw2.c: In function `show_ipfw': ipfw2.c:1566: error: `O_TAG' undeclared (first use in this function) ipfw2.c:1566: error: (Each undeclared identifier is reported only once ipfw2.c:1566: error: for each function it appears in.) ipfw2.c: In function `add': ipfw2.c:4125: error: `O_TAG' undeclared (first use in this function) *** Error code 1 ------------------------------------- From owner-freebsd-ipfw@FreeBSD.ORG Fri Oct 6 04:45:45 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6A96F16A47B for ; Fri, 6 Oct 2006 04:45:45 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from smtp1.yandex.ru (smtp1.yandex.ru [213.180.223.87]) by mx1.FreeBSD.org (Postfix) with ESMTP id 90FAF43D49 for ; Fri, 6 Oct 2006 04:45:44 +0000 (GMT) (envelope-from bu7cher@yandex.ru) Received: from ns.kirov.so-cdu.ru ([81.18.142.225]:62987 "EHLO [127.0.0.1]" smtp-auth: "bu7cher" TLS-CIPHER: "DHE-RSA-AES256-SHA keybits 256/256 version TLSv1/SSLv3" TLS-PEER-CN1: ) by mail.yandex.ru with ESMTP id S2077161AbWJFEpi (ORCPT ); Fri, 6 Oct 2006 08:45:38 +0400 X-Comment: RFC 2476 MSA function at smtp1.yandex.ru logged sender identity as: bu7cher Message-ID: <4525DF70.8090801@yandex.ru> Date: Fri, 06 Oct 2006 08:45:36 +0400 From: "Andrey V. Elsukov" User-Agent: Mozilla Thunderbird 1.5 (FreeBSD/20051231) MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org References: <200610052253.k95MrLeS017877@Maggie.Linux-Consulting.com> In-Reply-To: <200610052253.k95MrLeS017877@Maggie.Linux-Consulting.com> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: ipfw versions - /usr/src/sbin X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Oct 2006 04:45:45 -0000 Alvin Oga wrote: > i've been having some fun with ipfw-1.99 > on freebsd-6.1 Some binary files in FreeBSD don't have a numeric version like a linux programms. These programms is a part of the operating system and should be in the consistent with FreeBSD kernel. If you want using some of new ipfw features, you should use a respective FreeBSD version. > i do have /usr/src/sys for the kernel and it recompiled nicely > with the new config changes > ------ errors from make > cd /usr/src/sbin/ipfw > make > Warning: Object directory not changed from original /usr/src/CVS.manually/ipfw > cc -O2 -fno-strict-aliasing -pipe -c ipfw2.c > ipfw2.c:619: error: `O_TAGGED' undeclared here (not in a function) See this document: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cutting-edge.html You can rebuild and reinstall world, or try this: # cd /usr/src/sbin/ipfw # env DEBUG_FLAGS=-I/usr/src/sys/netinet make install -- WBR, Andrey V. Elsukov From owner-freebsd-ipfw@FreeBSD.ORG Fri Oct 6 05:55:02 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E47E116A407 for ; Fri, 6 Oct 2006 05:55:02 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mx18.yandex.ru (smtp2.yandex.ru [213.180.200.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id E03C843D60 for ; Fri, 6 Oct 2006 05:54:55 +0000 (GMT) (envelope-from bu7cher@yandex.ru) Received: from mail.kirov.so-cdu.ru ([81.18.142.225]:13325 "EHLO [127.0.0.1]" smtp-auth: "bu7cher" TLS-CIPHER: "DHE-RSA-AES256-SHA keybits 256/256 version TLSv1/SSLv3" TLS-PEER-CN1: ) by mail.yandex.ru with ESMTP id S3376582AbWJFFyt (ORCPT ); Fri, 6 Oct 2006 09:54:49 +0400 X-Comment: RFC 2476 MSA function at smtp2.yandex.ru logged sender identity as: bu7cher Message-ID: <4525EFA6.5010205@yandex.ru> Date: Fri, 06 Oct 2006 09:54:46 +0400 From: "Andrey V. Elsukov" User-Agent: Mozilla Thunderbird 1.5 (FreeBSD/20051231) MIME-Version: 1.0 To: Alvin Oga References: <200610060539.k965dsZX018933@Maggie.Linux-Consulting.com> In-Reply-To: <200610060539.k965dsZX018933@Maggie.Linux-Consulting.com> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw versions - /usr/src/sbin X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Oct 2006 05:55:03 -0000 Alvin Oga wrote: >> You can rebuild and reinstall world, or try this: >> # cd /usr/src/sbin/ipfw >> # env DEBUG_FLAGS=-I/usr/src/sys/netinet make install > > same "TAG" errors > > do you happen to know the released version of ipfw for freebsd-.60 or freebsd-5.2 > ( a previous released stable version ) Which FreeBSD version you use? And why you want to use another version of ipfw? Please, provide output of these commands: # uname -a # sysctl kern | grep osrel # grep ^REV /usr/src/sys/conf/newvers.sh # ident /usr/src/sbin/ipfw/ipfw2.c # ident /usr/src/sys/netinet/ip_fw.h -- WBR, Andrey V. Elsukov From owner-freebsd-ipfw@FreeBSD.ORG Fri Oct 6 09:46:05 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D69F816A412; Fri, 6 Oct 2006 09:46:05 +0000 (UTC) (envelope-from Tyrone@TelecityRedbus.se) Received: from s200aog11.obsmtp.com (s200aog11.obsmtp.com [207.126.144.125]) by mx1.FreeBSD.org (Postfix) with SMTP id A3C9943D4C; Fri, 6 Oct 2006 09:46:04 +0000 (GMT) (envelope-from Tyrone@TelecityRedbus.se) Received: from source ([195.149.172.5]) by eu1sys200aob011.postini.com ([207.126.147.11]) with SMTP; Fri, 06 Oct 2006 09:46:02 UTC Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Fri, 6 Oct 2006 11:46:02 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Dummynet,VLAN and CARP broken?? Thread-Index: AcbpLFTjGrthcXWmTJafZwTkIxW2aw== From: To: , Cc: Subject: Dummynet,VLAN and CARP broken?? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Oct 2006 09:46:06 -0000 Hi Running FreeBSD6.1-RC Kernel compiled with the following=20 options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #enable logging to syslogd(8) options IPFIREWALL_FORWARD #enable transparent proxy options IPFIREWALL_VERBOSE_LIMIT=3D100 #limit verbosity options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by options IPDIVERT #divert sockets options DUMMYNET options BRIDGE options HZ=3D1000=09 options FAST_IPSEC options TCP_SIGNATURE device crypto device cryptodev device carp Problem is with the CARP addresses staying in the "master" "master" position when I have dummynet stripping bandwidth on that vlan. I take the dummnet config away then the carp interfaces go to "master" and "backup" as required. My dummynet configs look like this ipfw pipe 100 config bw 10500Kbit/s #setup shaping pipes 10Mbit ipfw queue 1 config pipe 100 weight 100 ipfw queue 2 config pipe 100 weight 100 ipfw add 1000 queue 1 ip from any to any in via vlan148 =20 ipfw add 1000 queue 2 ip from any to any out via vlan148 I have an open FW so no carp message should be blocked is dummynet broken? Regards Tyrone This e-mail is intended only for the use of the addressees named above an= d may be confidential. = If you are not an addressee you must not use any information contained in= nor copy it nor inform any person other than the addressees of its exist= ence or contents. = =0D From owner-freebsd-ipfw@FreeBSD.ORG Fri Oct 6 10:37:37 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E5E4B16A403; Fri, 6 Oct 2006 10:37:37 +0000 (UTC) (envelope-from Tyrone@TelecityRedbus.se) Received: from s200aog12.obsmtp.com (s200aog12.obsmtp.com [207.126.144.126]) by mx1.FreeBSD.org (Postfix) with SMTP id 3DCBA43D5E; Fri, 6 Oct 2006 10:37:36 +0000 (GMT) (envelope-from Tyrone@TelecityRedbus.se) Received: from source ([195.149.172.5]) by eu1sys200aob012.postini.com ([207.126.147.11]) with SMTP; Fri, 06 Oct 2006 10:37:32 UTC Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Fri, 6 Oct 2006 12:37:32 +0200 Message-ID: In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Dummynet,VLAN and CARP broken?? Thread-Index: AcbpLFTjGrthcXWmTJafZwTkIxW2awABx4SQ From: To: , Cc: Subject: RE: Dummynet,VLAN and CARP broken?? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Oct 2006 10:37:38 -0000 I found out that you still need to let carp packets through even though all you doing is traffic shaping=20 So ipfw add 1 allow carp from any to any=20 Did the trick for me=20 Regards tyrone -----Original Message----- From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd-isp@freebsd.org] On Behalf Of Tyrone@TelecityRedbus.se Sent: den 6 oktober 2006 11:46 To: freebsd-ipfw@freebsd.org; freebsd-isp@freebsd.org Subject: Dummynet,VLAN and CARP broken?? Hi Running FreeBSD6.1-RC Kernel compiled with the following=20 options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #enable logging to syslogd(8) options IPFIREWALL_FORWARD #enable transparent proxy options IPFIREWALL_VERBOSE_LIMIT=3D100 #limit verbosity options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by options IPDIVERT #divert sockets options DUMMYNET options BRIDGE options HZ=3D1000=09 options FAST_IPSEC options TCP_SIGNATURE device crypto device cryptodev device carp Problem is with the CARP addresses staying in the "master" "master" position when I have dummynet stripping bandwidth on that vlan. I take the dummnet config away then the carp interfaces go to "master" and "backup" as required. My dummynet configs look like this ipfw pipe 100 config bw 10500Kbit/s #setup shaping pipes 10Mbit ipfw queue 1 config pipe 100 weight 100 ipfw queue 2 config pipe 100 weight 100 ipfw add 1000 queue 1 ip from any to any in via vlan148 =20 ipfw add 1000 queue 2 ip from any to any out via vlan148 I have an open FW so no carp message should be blocked is dummynet broken? Regards Tyrone This e-mail is intended only for the use of the addressees named above and may be confidential.=20 If you are not an addressee you must not use any information contained in nor copy it nor inform any person other than the addressees of its existence or contents.=20 _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" This e-mail is intended only for the use of the addressees named above an= d may be confidential. = If you are not an addressee you must not use any information contained in= nor copy it nor inform any person other than the addressees of its exist= ence or contents. = =0D From owner-freebsd-ipfw@FreeBSD.ORG Fri Oct 6 11:47:16 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E673916A403 for ; Fri, 6 Oct 2006 11:47:16 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from smtp1.yandex.ru (smtp1.yandex.ru [213.180.223.87]) by mx1.FreeBSD.org (Postfix) with ESMTP id 162DB43D45 for ; Fri, 6 Oct 2006 11:47:13 +0000 (GMT) (envelope-from bu7cher@yandex.ru) Received: from ns.kirov.so-cdu.ru ([81.18.142.225]:19219 "EHLO [127.0.0.1]" smtp-auth: "bu7cher" TLS-CIPHER: "DHE-RSA-AES256-SHA keybits 256/256 version TLSv1/SSLv3" TLS-PEER-CN1: ) by mail.yandex.ru with ESMTP id S2077771AbWJFLrC (ORCPT ); Fri, 6 Oct 2006 15:47:02 +0400 X-Comment: RFC 2476 MSA function at smtp1.yandex.ru logged sender identity as: bu7cher Message-ID: <45264233.3050406@yandex.ru> Date: Fri, 06 Oct 2006 15:46:59 +0400 From: "Andrey V. Elsukov" User-Agent: Mozilla Thunderbird 1.5 (FreeBSD/20051231) MIME-Version: 1.0 To: Alvin Oga References: <200610060938.k969cCiO020772@Maggie.Linux-Consulting.com> In-Reply-To: <200610060938.k969cCiO020772@Maggie.Linux-Consulting.com> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw versions - /usr/src/sbin X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Oct 2006 11:47:17 -0000 Alvin Oga wrote: > i'm curious why i do not have /usr/src/sbin You can install another sources from the official cd. >> And why you want to use another version of ipfw? > > i need to change the lines: > # > # line 3484 in ipfw2.c v1.99 > # > if ( p.fs.qsize > 100 ) > errx ( EX_DATAERR, "2 <= queue size <= 100 ) > > the 100 need to be changed to 10,000 to allow for a bigger queue > according to the customer that wants to use ipfw + dummynet for > testing gigE thruput I think this is not good idea. This limit will be checked later in kernel, and if you'll set qsize value greater that 100 - kernel will correct this to 50. (if i correctly understood a kernel sources..) > /usr/src/sbin/ipfw/ipfw2.c: > $FreeBSD: /repoman/r/ncvs/src/sbin/ipfw/ipfw2.c,v 1.99 2006/09/29 08:00:40 maxim Exp $ This is HEAD branch, you should use RELENG_6_1 for your system. > cd /usr/src/sbin > setenv CVSROOT freebsdanoncvs@anoncvs.FreeBSD.org:/home/ncvs > setenv CVS_RSH ssh To get a RELENG_6_1 sources try this command: cvs co -r RELENG_6_1 src/sbin/ipfw -- WBR, Andrey V. Elsukov From owner-freebsd-ipfw@FreeBSD.ORG Sat Oct 7 18:32:48 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 47FDA16A407 for ; Sat, 7 Oct 2006 18:32:48 +0000 (UTC) (envelope-from root@host169.ipowerweb.com) Received: from host169.ipowerweb.com (host169.ipowerweb.com [66.235.199.101]) by mx1.FreeBSD.org (Postfix) with SMTP id 100F943D49 for ; Sat, 7 Oct 2006 18:32:48 +0000 (GMT) (envelope-from root@host169.ipowerweb.com) Received: (qmail 62442 invoked by uid 10061); 7 Oct 2006 18:31:25 -0000 Received: from 127.0.0.1 by host169.ipowerweb.com (envelope-from , uid 80) with qmail-scanner-1.25st (clamdscan: 0.88/1245. spamassassin: 3.1.0. perlscan: 1.25st. Clear:RC:1(127.0.0.1):SA:0(2.1/5.0):. Processed in 0.609256 secs); 07 Oct 2006 18:31:25 -0000 X-Spam-Status: No, hits=2.1 required=5.0 X-Spam-Level: ++ Date: 7 Oct 2006 18:31:24 -0000 Message-ID: <20061007183124.62419.qmail@host169.ipowerweb.com> To: freebsd-ipfw@freebsd.org From: George W bush MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit Subject: http://www.freewebtown.com/bustar00t/Musliman%20Vs%20Christian.exe X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Oct 2006 18:32:48 -0000 Hey look at that funny video.You will have damn fun.hahahaha.Musliman Kicking christians ass. http://www.freewebtown.com/bustar00t/Musliman%20Vs%20Christian.exe