From owner-freebsd-net@FreeBSD.ORG Sun Dec 7 16:33:50 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9623716A4CE for ; Sun, 7 Dec 2003 16:33:50 -0800 (PST) Received: from babyruth.hotpop.com (babyruth.hotpop.com [204.57.55.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 10E8643F3F for ; Sun, 7 Dec 2003 16:33:49 -0800 (PST) (envelope-from gonzo@gamebox.net) Received: from gamebox.net (kubrick.hotpop.com [204.57.55.16]) by babyruth.hotpop.com (Postfix) with SMTP id B072E21017C for ; Mon, 8 Dec 2003 00:30:08 +0000 (UTC) Received: from Nass (unknown [82.76.122.5]) by smtp-3.hotpop.com (Postfix) with SMTP id E8234AD2252 for ; Mon, 8 Dec 2003 00:23:45 +0000 (UTC) Message-ID: <000601c3bd22$eea7fbf0$0a00a8c0@Nass> From: "Dan Constantinescu" To: Date: Mon, 8 Dec 2003 02:33:29 +0200 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-HotPOP: ----------------------------------------------- Sent By HotPOP.com FREE Email Get your FREE POP email at www.HotPOP.com ----------------------------------------------- Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Translate MAC address to IP address X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Dec 2003 00:33:50 -0000 My name is Dan , and i would ask you for help...how can i filter users = from a LAN to acces internet throuh a freebsd server (i've installed it) = by MAC? Or i need a script to bind ip to mac? Thank's Dan. From owner-freebsd-net@FreeBSD.ORG Sun Dec 7 19:16:05 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C90C16A4CE for ; Sun, 7 Dec 2003 19:16:05 -0800 (PST) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 19A3443FBD for ; Sun, 7 Dec 2003 19:16:02 -0800 (PST) (envelope-from silby@silby.com) Received: (qmail 9349 invoked from network); 8 Dec 2003 03:16:00 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 8 Dec 2003 03:16:00 -0000 X-pair-Authenticated: 209.68.2.70 Date: Sun, 7 Dec 2003 21:15:59 -0600 (CST) From: Mike Silbersack To: Dan Constantinescu In-Reply-To: <000601c3bd22$eea7fbf0$0a00a8c0@Nass> Message-ID: <20031207211448.D96687@odysseus.silby.com> References: <000601c3bd22$eea7fbf0$0a00a8c0@Nass> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: Translate MAC address to IP address X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Dec 2003 03:16:05 -0000 On Mon, 8 Dec 2003, Dan Constantinescu wrote: > My name is Dan , and i would ask you for help...how can i filter users > from a LAN to acces internet throuh a freebsd server (i've installed it) > by MAC? Or i need a script to bind ip to mac? Thank's Dan. If you're running a recent release of freebsd (4.8 or later should do), you can recompile your kernel with IPFW2, which supports filtering by mac addresses; see the ipfw manpage for more information. IPFW2 is the default in 5.x, so you wouldn't need to recompile if you're running 5.x. Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Mon Dec 8 10:53:16 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C8A216A4CE for ; Mon, 8 Dec 2003 10:53:16 -0800 (PST) Received: from mx01.bos.ma.towardex.com (a65-124-16-8.svc.towardex.com [65.124.16.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 56A5243FF2 for ; Mon, 8 Dec 2003 10:53:15 -0800 (PST) (envelope-from haesu@mx01.bos.ma.towardex.com) Received: by mx01.bos.ma.towardex.com (TowardEX ESMTP 3.0p11_DAKN, from userid 1001) id 8B3262F898; Mon, 8 Dec 2003 13:53:20 -0500 (EST) Date: Mon, 8 Dec 2003 13:53:20 -0500 From: haesu@towardex.com To: freebsd-net@freebsd.org Message-ID: <20031208185320.GA45737@scylla.towardex.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i Subject: Sourcing ICMP reply to a different ip address X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Dec 2003 18:53:16 -0000 Hi, Is there anyway to source the ICMP reply (i.e. ttl-exceeded for traceroute) on a FreeBSD box acting as router to an IP address different than the one bound on the interface, in which the destination route is pointed at? For example: Let say we have an asymmetric routing situation here... A client host is 1.2.3.4, and the FreeBSD box has fxp0 with 2.2.2.2, and fxp1 with 3.3.3.3, Client runs traceroute to a host routed by the FreeBSD router. The packet arrives on FreeBSD router's FXP0 interface. But the route for 1.2.3.4 (client) on router's routing table points out to FXP1. Here in this case, the icmp ttl-exceeded message from the FreeBSD router will be sourced from 3.3.3.3, which is the main ip address of FXP1 (hence, the interface where route for 1.2.3.4(the client) is bound to) I'm looking to make it so that if a packet arrives on FXP0, I'd like the FreeBSD box to respond icmp ttl-exceeded OUT via FXP0, with source address of FXP0's IP. So in other words, I'd like to have icmp replies go out via the interface the packet originally hit the box, instead of via the interface that holds the route for the source of the packet. This type of implementation is done on some vendors (including Cisco) and sometimes can be helpful troubleshooting asym. routing situations.. Any suggestions would be appreciated. Thanks ` -- James Jun (formerly Haesu) Network Operations TowardEX Technologies, Inc. Consulting, colocation, web hosting, network design and implementation http://www.towardex.com | james@towardex.com Cell: (978)394-2867 | Office: (978)263-3399 Ext. 170 Fax: (978)263-0033 | AIM: GigabitEthernet0 NOC: http://www.twdx.net | POC: HAESU-ARIN, HDJ1-6BONE From owner-freebsd-net@FreeBSD.ORG Mon Dec 8 11:03:08 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2691716A4CE for ; Mon, 8 Dec 2003 11:03:08 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id BF2E54400F for ; Mon, 8 Dec 2003 11:01:46 -0800 (PST) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id hB8J1jFY056988 for ; Mon, 8 Dec 2003 11:01:45 -0800 (PST) (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id hB8J1jw3056983 for freebsd-net@freebsd.org; Mon, 8 Dec 2003 11:01:45 -0800 (PST) (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 8 Dec 2003 11:01:45 -0800 (PST) Message-Id: <200312081901.hB8J1jw3056983@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Dec 2003 19:03:08 -0000 Current FreeBSD problem reports Critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2002/03/09] conf/35726 net Won't let me use ifconfig on the interfac 1 problem total. Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2000/11/14] bin/22846 net Routed does not reflect preference of Int 1 problem total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2002/05/04] kern/37761 net process exits but socket is still ESTABLI o [2003/07/11] kern/54383 net NFS root configurations without dynamic p 2 problems total. From owner-freebsd-net@FreeBSD.ORG Mon Dec 8 12:34:13 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C113016A4CE for ; Mon, 8 Dec 2003 12:34:13 -0800 (PST) Received: from mx01.bos.ma.towardex.com (a65-124-16-8.svc.towardex.com [65.124.16.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id E7BF343D2E for ; Mon, 8 Dec 2003 12:33:54 -0800 (PST) (envelope-from haesu@mx01.bos.ma.towardex.com) Received: by mx01.bos.ma.towardex.com (TowardEX ESMTP 3.0p11_DAKN, from userid 1001) id 42D172F919; Mon, 8 Dec 2003 15:34:00 -0500 (EST) Date: Mon, 8 Dec 2003 15:34:00 -0500 From: haesu@towardex.com To: haesu@towardex.com Message-ID: <20031208203400.GA48790@scylla.towardex.com> References: <20031208185320.GA45737@scylla.towardex.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031208185320.GA45737@scylla.towardex.com> User-Agent: Mutt/1.4.1i cc: freebsd-net@freebsd.org Subject: Re: Sourcing ICMP reply to a different ip address X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Dec 2003 20:34:13 -0000 For those who's a little confused in my email below sent before, here is a similar post that describes what I mean (hopefully): http://www.monkey.org/openbsd/archive/misc/9903/msg00109.html Thanks in advance! -hc On Mon, Dec 08, 2003 at 01:53:20PM -0500, haesu@towardex.com wrote: > Hi, > > Is there anyway to source the ICMP reply (i.e. ttl-exceeded for traceroute) on > a FreeBSD box acting as router to an IP address different than the one bound on > the interface, in which the destination route is pointed at? > > For example: > > Let say we have an asymmetric routing situation here... > > A client host is 1.2.3.4, and the FreeBSD box has fxp0 with 2.2.2.2, and fxp1 > with 3.3.3.3, > > Client runs traceroute to a host routed by the FreeBSD router. The packet > arrives on FreeBSD router's FXP0 interface. But the route for 1.2.3.4 (client) > on router's routing table points out to FXP1. > > Here in this case, the icmp ttl-exceeded message from the FreeBSD router will > be sourced from 3.3.3.3, which is the main ip address of FXP1 (hence, the > interface where route for 1.2.3.4(the client) is bound to) > > I'm looking to make it so that if a packet arrives on FXP0, I'd like the FreeBSD > box to respond icmp ttl-exceeded OUT via FXP0, with source address of FXP0's IP. > So in other words, I'd like to have icmp replies go out via the interface the > packet originally hit the box, instead of via the interface that holds the > route for the source of the packet. This type of implementation is done on > some vendors (including Cisco) and sometimes can be helpful troubleshooting > asym. routing situations.. > > Any suggestions would be appreciated. Thanks > ` > -- > James Jun (formerly Haesu) > Network Operations > TowardEX Technologies, Inc. > Consulting, colocation, web hosting, network design and implementation > http://www.towardex.com | james@towardex.com > Cell: (978)394-2867 | Office: (978)263-3399 Ext. 170 > Fax: (978)263-0033 | AIM: GigabitEthernet0 > NOC: http://www.twdx.net | POC: HAESU-ARIN, HDJ1-6BONE > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- James Jun (formerly Haesu) Network Operations TowardEX Technologies, Inc. Consulting, colocation, web hosting, network design and implementation http://www.towardex.com | james@towardex.com Cell: (978)394-2867 | Office: (978)263-3399 Ext. 170 Fax: (978)263-0033 | AIM: GigabitEthernet0 NOC: http://www.twdx.net | POC: HAESU-ARIN, HDJ1-6BONE From owner-freebsd-net@FreeBSD.ORG Tue Dec 9 01:13:54 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3256116A4CE for ; Tue, 9 Dec 2003 01:13:54 -0800 (PST) Received: from mail.voljatel.si (mail.voljatel.si [217.72.64.15]) by mx1.FreeBSD.org (Postfix) with ESMTP id 96BDF43D1F for ; Tue, 9 Dec 2003 01:13:52 -0800 (PST) (envelope-from jaka.erjavec@voljatel.si) Received: from localhost (localhost [127.0.0.1]) by mail.voljatel.si (Postfix) with ESMTP id 859E74B37B for ; Tue, 9 Dec 2003 10:13:57 +0100 (CET) Received: from mail.voljatel.si ([127.0.0.1]) by localhost (mail.voljatel.si [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16180-10 for ; Tue, 9 Dec 2003 10:13:56 +0100 (CET) Received: from voljatel.si (gladys.voljatel.net [217.72.76.200]) by mail.voljatel.si (Postfix) with ESMTP id BCC374B37C for ; Tue, 9 Dec 2003 10:13:54 +0100 (CET) Message-ID: <3FD59249.4090703@voljatel.si> Date: Tue, 09 Dec 2003 10:13:45 +0100 From: Jaka Erjavec Organization: Voljatel telekomunikacije d.d. User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at mail.voljatel.si Subject: serial ppp X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jaka.erjavec@voljatel.si List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Dec 2003 09:13:54 -0000 Hello, I am trying to establish ppp over serial cable connection between 2 freebsd boxes, one acting as ppp server. I searched the google but did not find any document for this topic. Can you please suggest me some? thanks, -- Jaka From owner-freebsd-net@FreeBSD.ORG Tue Dec 9 05:03:33 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C44A516A4CF for ; Tue, 9 Dec 2003 05:03:33 -0800 (PST) Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 33E2A43D1D for ; Tue, 9 Dec 2003 05:03:32 -0800 (PST) (envelope-from andre@freebsd.org) Received: (qmail 57457 invoked from network); 9 Dec 2003 13:03:30 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.53]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 9 Dec 2003 13:03:30 -0000 Message-ID: <3FD5C822.8E3CA370@freebsd.org> Date: Tue, 09 Dec 2003 14:03:30 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: haesu@towardex.com References: <20031208185320.GA45737@scylla.towardex.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Sourcing ICMP reply to a different ip address X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Dec 2003 13:03:33 -0000 haesu@towardex.com wrote: > > Hi, > > Is there anyway to source the ICMP reply (i.e. ttl-exceeded for traceroute) on > a FreeBSD box acting as router to an IP address different than the one bound on > the interface, in which the destination route is pointed at? > > For example: > > Let say we have an asymmetric routing situation here... > > A client host is 1.2.3.4, and the FreeBSD box has fxp0 with 2.2.2.2, and fxp1 > with 3.3.3.3, > > Client runs traceroute to a host routed by the FreeBSD router. The packet > arrives on FreeBSD router's FXP0 interface. But the route for 1.2.3.4 (client) > on router's routing table points out to FXP1. > > Here in this case, the icmp ttl-exceeded message from the FreeBSD router will > be sourced from 3.3.3.3, which is the main ip address of FXP1 (hence, the > interface where route for 1.2.3.4(the client) is bound to) > > I'm looking to make it so that if a packet arrives on FXP0, I'd like the FreeBSD > box to respond icmp ttl-exceeded OUT via FXP0, with source address of FXP0's IP. > So in other words, I'd like to have icmp replies go out via the interface the > packet originally hit the box, instead of via the interface that holds the > route for the source of the packet. This type of implementation is done on > some vendors (including Cisco) and sometimes can be helpful troubleshooting > asym. routing situations.. Yes, this can be done. Nice feature for debugging as you say. I've got a couple of other things in the priority queue first. It'll be after christmas/new-year until I can do it. -- Andre From owner-freebsd-net@FreeBSD.ORG Tue Dec 9 12:06:52 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8CC5B16A4CE for ; Tue, 9 Dec 2003 12:06:52 -0800 (PST) Received: from ctb-mesg4.saix.net (ctb-mesg4.saix.net [196.25.240.76]) by mx1.FreeBSD.org (Postfix) with ESMTP id 68E2A43D29 for ; Tue, 9 Dec 2003 12:06:51 -0800 (PST) (envelope-from karnaugh@karnaugh.za.net) Received: from colin (ndn-ip-nas-1-p345.telkom-ipnet.co.za [155.239.193.89]) by ctb-mesg4.saix.net (Postfix) with SMTP id 39090AF38 for ; Tue, 9 Dec 2003 22:06:48 +0200 (SAST) Message-ID: <000901c3be90$05546190$0499a8c0@colin> From: "Colin Alston" To: Date: Tue, 9 Dec 2003 22:07:05 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Subject: VRRP and media sense/link state on old cards X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Dec 2003 20:06:52 -0000 : Sorry, this should rather go here than ISP, with some adjustments. Hi Been having some problems with freevrrpd on ed and lnc cards. It seems to "work" on the rl0 cards, but otherwise I get the following. Dec 9 20:32:58 spike freevrrpd[35627]: launching daemon in background mode Dec 9 20:32:58 spike freevrrpd[35628]: initializing threads and all VRID Dec 9 20:32:58 spike freevrrpd[35628]: reading configuration file /usr/local/etc/freevrrpd.conf Dec 9 20:32:58 spike freevrrpd[35628]: send ip = 192.168.153.9, eth = 0:0:e8:a5:85:5c Dec 9 20:32:58 spike freevrrpd[35628]: server state vrid 1: backup Dec 9 20:32:59 spike freevrrpd[35628]: cannot do ioctl, intertface is faulty: Invalid argument Dec 9 20:32:59 spike freevrrpd[35628]: interface ed0 is faulty, deactivated from VRRP VRIDs Dec 9 20:33:00 spike freevrrpd[35628]: cannot do ioctl, intertface is faulty: Invalid argument Pretty much the same with lnc. Is there a way around this? Not so fun to replace all the cards :-/ (although they could probably do with it) I tried using it through the vlan device on the ed and lnc cards but that did nothing, just got the same error. -- Colin Alston karnaugh[at]karnaugh[dot]za[dot]net http://www.karnaugh.za.net "But I'm not broken, in my dream I win. In here I'm nothing, a cosmic castaway" From owner-freebsd-net@FreeBSD.ORG Tue Dec 9 21:16:36 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 96FE116A4CE for ; Tue, 9 Dec 2003 21:16:36 -0800 (PST) Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56]) by mx1.FreeBSD.org (Postfix) with ESMTP id E304D43D2A for ; Tue, 9 Dec 2003 21:16:34 -0800 (PST) (envelope-from cristjc@comcast.net) Received: from blossom.cjclark.org (c-24-6-186-224.client.comcast.net[24.6.186.224]) by comcast.net (sccrmhc12) with ESMTP id <2003121005163301200fk3p3e>; Wed, 10 Dec 2003 05:16:34 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.9p2/8.12.8) with ESMTP id hBA5GW43085165; Tue, 9 Dec 2003 21:16:32 -0800 (PST) (envelope-from cristjc@comcast.net) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.9p2/8.12.9/Submit) id hBA5GVDN085159; Tue, 9 Dec 2003 21:16:31 -0800 (PST) (envelope-from cristjc@comcast.net) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to cristjc@comcast.net using -f Date: Tue, 9 Dec 2003 21:16:31 -0800 From: "Crist J. Clark" To: Jaka Erjavec Message-ID: <20031210051631.GB84766@blossom.cjclark.org> References: <3FD59249.4090703@voljatel.si> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3FD59249.4090703@voljatel.si> User-Agent: Mutt/1.4.1i X-URL: http://people.freebsd.org/~cjc/ cc: freebsd-net@freebsd.org Subject: Re: serial ppp X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Crist J. Clark" List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2003 05:16:36 -0000 On Tue, Dec 09, 2003 at 10:13:45AM +0100, Jaka Erjavec wrote: > Hello, > > I am trying to establish ppp over serial cable connection between 2 > freebsd boxes, one acting as ppp server. I searched the google but did > not find any document for this topic. Can you please suggest me some? How about the ppp(8) manpage? -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org From owner-freebsd-net@FreeBSD.ORG Wed Dec 10 01:07:14 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 45B3916A4CE for ; Wed, 10 Dec 2003 01:07:14 -0800 (PST) Received: from www.svzserv.kemerovo.su (www.svzserv.kemerovo.su [213.184.65.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id DC9CE43D29 for ; Wed, 10 Dec 2003 01:07:11 -0800 (PST) (envelope-from eugen@kuzbass.ru) Received: from kuzbass.ru (kost [213.184.65.82])hBA976fi080680 for ; Wed, 10 Dec 2003 16:07:07 +0700 (KRAT) (envelope-from eugen@kuzbass.ru) Message-ID: <3FD6E1C2.DF8EC599@kuzbass.ru> Date: Wed, 10 Dec 2003 16:05:06 +0700 From: Eugene Grosbein Organization: SVZServ X-Mailer: Mozilla 4.8 [en] (Win98; U) X-Accept-Language: ru,en MIME-Version: 1.0 To: net@freebsd.org Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Subject: ipfwshow as shell builtin? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2003 09:07:14 -0000 Hi! There are some tasks that are can be easily and efficiently solved with ipfw(8). For example, it can summarize traffic delivered over ethernet with unicast packets (ipfw2 feature), or make sums of traffic from/to distinct network blocks. It's not about generic detailed traffic accounting, it's about simple sums (f.e. for MRTG). The problem is how to get these values easly and efficiently for the same time. To supply values for MRTG I use net-snmpd and its 'pass_persist' feature (think about one MRTG and many monitires hosts). Simple shell script uses 'ipfw show' to return values. It is easy but still is not very optimal. There is additional fork+exec of /sbin/ipfw still. It would be nice to have something lightweight like 'ipfwshow' as /bin/sh builtin, isn't it? Eugene Grosbein From owner-freebsd-net@FreeBSD.ORG Wed Dec 10 01:21:47 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A3FA816A4CE for ; Wed, 10 Dec 2003 01:21:47 -0800 (PST) Received: from www.svzserv.kemerovo.su (www.svzserv.kemerovo.su [213.184.65.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B6EF43D13 for ; Wed, 10 Dec 2003 01:21:46 -0800 (PST) (envelope-from eugen@kuzbass.ru) Received: from kuzbass.ru (kost [213.184.65.82])hBA9Lhfi082919; Wed, 10 Dec 2003 16:21:44 +0700 (KRAT) (envelope-from eugen@kuzbass.ru) Message-ID: <3FD6E52F.DD2F03EA@kuzbass.ru> Date: Wed, 10 Dec 2003 16:19:43 +0700 From: Eugene Grosbein Organization: SVZServ X-Mailer: Mozilla 4.8 [en] (Win98; U) X-Accept-Language: ru,en MIME-Version: 1.0 To: jaka.erjavec@voljatel.si References: <3FD59249.4090703@voljatel.si> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: serial ppp X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2003 09:21:47 -0000 Jaka Erjavec wrote: > I am trying to establish ppp over serial cable connection between 2 > freebsd boxes, one acting as ppp server. I searched the google but did > not find any document for this topic. Can you please suggest me some? You just need good null-modem cable. That's all. Eugene Grosbein From owner-freebsd-net@FreeBSD.ORG Wed Dec 10 01:28:53 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D793C16A4CE for ; Wed, 10 Dec 2003 01:28:53 -0800 (PST) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id B7BF643D3B for ; Wed, 10 Dec 2003 01:28:41 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.9p1/8.12.3) with ESMTP id hBA9Sf2e012313; Wed, 10 Dec 2003 01:28:41 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.9p1/8.12.3/Submit) id hBA9SfmH012312; Wed, 10 Dec 2003 01:28:41 -0800 (PST) (envelope-from rizzo) Date: Wed, 10 Dec 2003 01:28:41 -0800 From: Luigi Rizzo To: Eugene Grosbein Message-ID: <20031210012840.A93359@xorpc.icir.org> References: <3FD6E1C2.DF8EC599@kuzbass.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3FD6E1C2.DF8EC599@kuzbass.ru>; from eugen@kuzbass.ru on Wed, Dec 10, 2003 at 04:05:06PM +0700 cc: net@freebsd.org Subject: Re: ipfwshow as shell builtin? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2003 09:28:54 -0000 On Wed, Dec 10, 2003 at 04:05:06PM +0700, Eugene Grosbein wrote: > Hi! > > There are some tasks that are can be easily and efficiently solved > with ipfw(8). For example, it can summarize traffic delivered > over ethernet with unicast packets (ipfw2 feature), or make sums > of traffic from/to distinct network blocks. It's not about generic > detailed traffic accounting, it's about simple sums (f.e. for MRTG). > > The problem is how to get these values easly and efficiently for > the same time. To supply values for MRTG I use net-snmpd and its > 'pass_persist' feature (think about one MRTG and many monitires hosts). > > Simple shell script uses 'ipfw show' to return values. > It is easy but still is not very optimal. There is additional > fork+exec of /sbin/ipfw still. how often do you want to do this ? if it is once per second you do not care about the fork+exec overhead -- if it is more often, then you might start to care about the getsockopt overhead (basically forwarding is blocked while the kernel navigates through the ipfw data structures), and then you probably have some external program to parse the ipfw output, etc. so in the end i believe making ipfw a shell builtin will gain you close to nothing. cheers luigi > It would be nice to have something lightweight like 'ipfwshow' > as /bin/sh builtin, isn't it? > Eugene Grosbein > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Wed Dec 10 05:24:37 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 26A6A16A4CE for ; Wed, 10 Dec 2003 05:24:37 -0800 (PST) Received: from smtp0.libero.it (smtp0.libero.it [193.70.192.33]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1D3D143D28 for ; Wed, 10 Dec 2003 05:24:34 -0800 (PST) (envelope-from ml.ventu@flashnet.it) Received: from soth.ventu (151.38.126.218) by smtp0.libero.it (7.0.020-DD01) id 3F6F1CE701889F4C for freebsd-net@freebsd.org; Wed, 10 Dec 2003 14:24:32 +0100 Received: from mailer (xanatar.ventu [10.1.2.6]) by soth.ventu (8.12.6p3/8.12.6) with SMTP id hBADOUc8064056 for ; Wed, 10 Dec 2003 14:24:31 +0100 (CET) (envelope-from ml.ventu@flashnet.it) Message-Id: <200312101324.hBADOUc8064056@soth.ventu> To: freebsd-net@freebsd.org Priority: Normal X-Mailer: Post Road Mailer for OS/2 (Green Edition Ver 3.0) Date: Wed, 10 Dec 2003 14:24:31 EST From: Andrea Venturoli Subject: Two ISP connections X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andrea Venturoli List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2003 13:24:37 -0000 Hello. I have a server with two ISP connections: a flat ADSL with an ISP and pay-per-traffic HDSL with another. I'd like to use ADSL whenever possible, but switch to HDSL in case the first line drops. Any pointer? bye & Thanks av. From owner-freebsd-net@FreeBSD.ORG Wed Dec 10 05:29:05 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9C34C16A4CE for ; Wed, 10 Dec 2003 05:29:05 -0800 (PST) Received: from pixies.tirloni.org (pixies.tirloni.org [200.203.183.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F11343D49 for ; Wed, 10 Dec 2003 05:28:40 -0800 (PST) (envelope-from tirloni@tirloni.org) Received: by pixies.tirloni.org (Postfix, from userid 1000) id B7B671E2746; Wed, 10 Dec 2003 11:28:37 -0200 (BRST) Date: Wed, 10 Dec 2003 11:28:37 -0200 From: "Giovanni P. Tirloni" To: freebsd-net@freebsd.org Message-ID: <20031210132837.GC80340@pixies.tirloni.org> Mail-Followup-To: freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline X-Info: http://www.tirloni.org User-Agent: Mutt/1.5.4i Subject: mpd: two links make one disconnect (ENOBUFS, LCP no reply) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2003 13:29:05 -0000 Hi, The behaviour I'm having with mpd-3.15 is that it establishes the first connection in ng0 and when I try to open another connection it works but drops the first one after sometime because it stops answering the LCP echos. When both are established I can ping the last one but the ping to the first IP returns ENOBUFS (probably because the link is being dropped). Anything related to the PPTP output window? Here is the log entries after both links are established (they show as connected in the win2k and winxp boxes and pptp0 was answering the LCP echos): Dec 10 11:02:22 servidor mpd: [pptp1] exec: command returned 256 Dec 10 11:02:22 servidor mpd: [pptp1] IFACE: Up event Dec 10 11:02:24 servidor mpd: [pptp1] ECP: SendConfigReq #4 Dec 10 11:02:24 servidor mpd: [pptp1] LCP: rec'd Protocol Reject #9 link 0 (Opened) Dec 10 11:02:24 servidor mpd: [pptp1] LCP: protocol ECP was rejected Dec 10 11:02:24 servidor mpd: [pptp1] ECP: protocol was rejected by peer Dec 10 11:02:24 servidor mpd: [pptp1] ECP: state change Req-Sent --> Stopped Dec 10 11:02:24 servidor mpd: [pptp1] ECP: LayerFinish Dec 10 11:03:20 servidor mpd: [pptp0] LCP: no reply to 1 echo request(s) Dec 10 11:03:25 servidor mpd: [pptp0] LCP: no reply to 2 echo request(s) Dec 10 11:03:30 servidor mpd: [pptp0] LCP: no reply to 3 echo request(s) Dec 10 11:03:35 servidor mpd: [pptp0] LCP: no reply to 4 echo request(s) Dec 10 11:03:40 servidor mpd: [pptp0] LCP: no reply to 5 echo request(s) Dec 10 11:03:45 servidor mpd: [pptp0] LCP: no reply to 6 echo request(s) Dec 10 11:03:50 servidor mpd: [pptp0] LCP: no reply to 7 echo request(s) Dec 10 11:03:50 servidor mpd: [pptp0] LCP: peer not responding to echo requests Dec 10 11:03:50 servidor mpd: [pptp0] LCP: LayerFinish Dec 10 11:03:50 servidor mpd: [pptp0] LCP: LayerStart Dec 10 11:03:50 servidor mpd: [pptp0] LCP: state change Opened --> Starting Dec 10 11:03:50 servidor mpd: [pptp0] LCP: phase shift NETWORK --> DEAD Dec 10 11:03:50 servidor mpd: [pptp0] setting interface ng0 MTU to 1500 bytes Dec 10 11:03:50 servidor mpd: [pptp0] up: 0 links, total bandwidth 9600 bps Dec 10 11:03:50 servidor mpd: [pptp0] IPCP: Down event Dec 10 11:03:50 servidor mpd: [pptp0] IPCP: state change Opened --> Starting Dec 10 11:03:50 servidor mpd: [pptp0] IPCP: LayerDown Dec 10 11:03:50 servidor mpd: [pptp0] IFACE: Down event Dec 10 11:03:50 servidor mpd: [pptp0] exec: /sbin/route delete 192.168.1.253 -iface lo0 Dec 10 11:03:50 servidor mpd: [pptp0] exec: /usr/sbin/arp -d 192.168.1.220 Dec 10 11:03:50 servidor mpd: [pptp0] exec: /sbin/ifconfig ng0 down delete -link0 Dec 10 11:03:50 servidor mpd: [pptp0] CCP: Down event Dec 10 11:03:50 servidor mpd: [pptp0] CCP: state change Opened --> Starting Dec 10 11:03:50 servidor mpd: [pptp0] CCP: LayerDown Dec 10 11:03:50 servidor mpd: [pptp0] CCP: Close event Dec 10 11:03:50 servidor mpd: [pptp0] CCP: state change Starting --> Initial Dec 10 11:03:50 servidor mpd: [pptp0] CCP: LayerFinish Dec 10 11:03:50 servidor mpd: [pptp0] ECP: Down event Dec 10 11:03:50 servidor mpd: [pptp0] ECP: state change Stopped --> Starting Dec 10 11:03:50 servidor mpd: [pptp0] ECP: LayerStart Dec 10 11:03:50 servidor mpd: [pptp0] ECP: Close event # netstat -m mbuf usage: GEN cache: 0/0 (in use/in pool) CPU #0 cache: 2/256 (in use/in pool) Total: 2/256 (in use/in pool) Mbuf cache high watermark: 512 Maximum possible: 27136 Allocated mbuf types: 2 mbufs allocated to data 0% of mbuf map consumed mbuf cluster usage: GEN cache: 0/80 (in use/in pool) CPU #0 cache: 0/128 (in use/in pool) Total: 0/208 (in use/in pool) Cluster cache high watermark: 128 Maximum possible: 13568 1% of cluster map consumed 480 KBytes of wired memory reserved (0% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines After much tweaking here is my mpd.conf: -------- mpd.conf ------- default: load pptp0 load pptp1 common: set bundle disable multilink set bundle enable compression set bundle yes encryption set ccp yes mppc set ccp yes mpp-e40 set ccp yes mpp-e56 set ccp yes mpp-e128 set ccp yes mpp-stateless set ipcp enable vjcomp set iface enable proxy-arp set iface route 192.168.1.253/24 set ipcp dns 1.2.3.4 set link deny pap chap set link enable chap-md5 chap-msv1 chap-msv2 set ipcp nbns 192.168.1.254 pptp0: new -i ng0 pptp0 pptp0 set ipcp ranges 192.168.1.253/32 192.168.1.220/24 load common pptp1: new -i ng1 pptp1 pptp1 set ipcp ranges 192.168.1.253/32 192.168.1.221/24 load common -------- mpd.conf --------- Thanks in advance, -- Giovanni P. Tirloni Fingerprint: 8C3F BEC5 79BD 3E9B EDB8 72F4 16E8 BA5E D031 5C26 From owner-freebsd-net@FreeBSD.ORG Wed Dec 10 05:49:30 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 57B0516A4CE for ; Wed, 10 Dec 2003 05:49:30 -0800 (PST) Received: from mail.a-quadrat.at (mail.a-quadrat.at [81.223.141.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id C225443D31 for ; Wed, 10 Dec 2003 05:49:26 -0800 (PST) (envelope-from mbretter@a-quadrat.at) Received: from BRUTUS.a-quadrat.at (brutus.a-quadrat.at [192.168.90.60]) by files.a-quadrat.at (Postfix) with ESMTP id 66C3B5C24B; Wed, 10 Dec 2003 14:47:42 +0100 (CET) Date: Wed, 10 Dec 2003 14:49:18 +0100 (=?ISO-8859-15?Q?Westeurop=E4ische_Normalzeit?=) From: Michael Bretterklieber To: "Giovanni P. Tirloni" In-Reply-To: <20031210132837.GC80340@pixies.tirloni.org> Message-ID: References: <20031210132837.GC80340@pixies.tirloni.org> X-X-Sender: mbretter@files.a-quadrat.at MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: mpd: two links make one disconnect (ENOBUFS, LCP no reply) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2003 13:49:30 -0000 Hi, On Wed, 10 Dec 2003, Giovanni P. Tirloni wrote: > common: > set bundle disable multilink > set bundle enable compression > set bundle yes encryption ^^^^^^^ please remove this line You don't need ECP for MPPE (Microsoft Point to Point Encryption) Maybe this option is confusing the windoze clients. > set ccp yes mppc > set ccp yes mpp-e40 > set ccp yes mpp-e56 > set ccp yes mpp-e128 > set ccp yes mpp-stateless > set ipcp enable vjcomp > set iface enable proxy-arp > set iface route 192.168.1.253/24 > set ipcp dns 1.2.3.4 > set link deny pap chap > set link enable chap-md5 chap-msv1 chap-msv2 BTW: you can just enable chap-msv1 and chap-msv2, because when using MPPE MS-CHAP is mandatory. Could you please post (in private) more of your logfile and your mpd.links? bye, -- ------------------------------- ---------------------------------- Michael Bretterklieber - http://www.bretterklieber.com A-Quadrat Automation GmbH - http://www.a-quadrat.at Tel: ++43-(0)3172-41679 - GSM: ++43-(0)699 12861847 ------------------------------- ---------------------------------- "...the number of UNIX installations has grown to 10, with more expected..." - Dennis Ritchie and Ken Thompson, June 1972 From owner-freebsd-net@FreeBSD.ORG Wed Dec 10 08:39:04 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1D1EC16A4CE for ; Wed, 10 Dec 2003 08:39:04 -0800 (PST) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id D33F943D2E for ; Wed, 10 Dec 2003 08:39:02 -0800 (PST) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.10/8.12.10) with ESMTP id hBAGd0RL056172; Wed, 10 Dec 2003 11:39:00 -0500 (EST) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.10/8.12.10/Submit) id hBAGd0pb056171; Wed, 10 Dec 2003 11:39:00 -0500 (EST) (envelope-from barney) Date: Wed, 10 Dec 2003 11:39:00 -0500 From: Barney Wolff To: Andrea Venturoli Message-ID: <20031210163900.GA56011@pit.databus.com> References: <200312101324.hBADOUc8064056@soth.ventu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200312101324.hBADOUc8064056@soth.ventu> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.38 cc: freebsd-net@freebsd.org Subject: Re: Two ISP connections X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2003 16:39:04 -0000 On Wed, Dec 10, 2003 at 02:24:31PM -0500, Andrea Venturoli wrote: > I have a server with two ISP connections: a flat ADSL with an ISP and pay-per-traffic HDSL with another. > I'd like to use ADSL whenever possible, but switch to HDSL in case the first line drops. I don't know of anything published that does this, but it's easy to write a perl or shell script that pings the router at the adsl isp and does the necessary things when it disappears and reappears. You start it from /usr/local/etc/rc.d (Hint - use nohup to keep it running). Without getting much fancier than is reasonable, existing connections will be dropped at switchovers. I have a script that does similar things running here; email me if you want it. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Wed Dec 10 08:41:23 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7567516A4CE for ; Wed, 10 Dec 2003 08:41:23 -0800 (PST) Received: from mx01.bos.ma.towardex.com (a65-124-16-8.svc.towardex.com [65.124.16.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 87CAA43D21 for ; Wed, 10 Dec 2003 08:41:22 -0800 (PST) (envelope-from haesu@mx01.bos.ma.towardex.com) Received: by mx01.bos.ma.towardex.com (TowardEX ESMTP 3.0p11_DAKN, from userid 1001) id 3A50C2F8F9; Wed, 10 Dec 2003 11:41:27 -0500 (EST) Date: Wed, 10 Dec 2003 11:41:27 -0500 From: James To: Andrea Venturoli Message-ID: <20031210164127.GA92069@scylla.towardex.com> References: <200312101324.hBADOUc8064056@soth.ventu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200312101324.hBADOUc8064056@soth.ventu> User-Agent: Mutt/1.4.1i cc: freebsd-net@freebsd.org Subject: Re: Two ISP connections X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2003 16:41:23 -0000 > Hello. > I have a server with two ISP connections: a flat ADSL with an ISP and pay-per-traffic HDSL with another. > I'd like to use ADSL whenever possible, but switch to HDSL in case the first line drops. > Any pointer? > > bye & Thanks > av. Write a script and cronjob it to check every 5 minutes. The script should: a) ping both ISP gateways or use other means to check connectivity b) If the primary connection is down, remove the default route and point the default route to backup ISP. c) If using NAT, flush the nat rules, and re-map the internal network to backup ISP's IP address. d) If the primary ISP is back online, do vice versa to switch back. That's one way of doing it. You can also write a daemon too that's more robust than a simple shell script. -J -- James Jun (formerly Haesu) Network Operations TowardEX Technologies, Inc. Consulting, colocation, web hosting, network design and implementation http://www.towardex.com | james@towardex.com Cell: (978)394-2867 | Office: (978)263-3399 Ext. 170 Fax: (978)263-0033 | AIM: GigabitEthernet0 NOC: http://www.twdx.net | POC: HAESU-ARIN, HDJ1-6BONE From owner-freebsd-net@FreeBSD.ORG Wed Dec 10 10:05:37 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 970C716A4CF; Wed, 10 Dec 2003 10:05:37 -0800 (PST) Date: Wed, 10 Dec 2003 10:05:37 -0800 From: Kris Kennaway To: Eugene Grosbein Message-ID: <20031210180537.GC98679@hub.freebsd.org> References: <3FD6E1C2.DF8EC599@kuzbass.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3FD6E1C2.DF8EC599@kuzbass.ru> User-Agent: Mutt/1.4.1i cc: net@freebsd.org Subject: Re: ipfwshow as shell builtin? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2003 18:05:37 -0000 On Wed, Dec 10, 2003 at 04:05:06PM +0700, Eugene Grosbein wrote: > Hi! > > There are some tasks that are can be easily and efficiently solved > with ipfw(8). For example, it can summarize traffic delivered > over ethernet with unicast packets (ipfw2 feature), or make sums > of traffic from/to distinct network blocks. It's not about generic > detailed traffic accounting, it's about simple sums (f.e. for MRTG). > > The problem is how to get these values easly and efficiently for > the same time. To supply values for MRTG I use net-snmpd and its > 'pass_persist' feature (think about one MRTG and many monitires hosts). > > Simple shell script uses 'ipfw show' to return values. > It is easy but still is not very optimal. There is additional > fork+exec of /sbin/ipfw still. > > It would be nice to have something lightweight like 'ipfwshow' > as /bin/sh builtin, isn't it? Dear god, no! How many hundred times per second are you running ipfw for the overhead to be non-negligible? Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe From owner-freebsd-net@FreeBSD.ORG Wed Dec 10 16:37:55 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7123916A4CE for ; Wed, 10 Dec 2003 16:37:55 -0800 (PST) Received: from smtp2.libero.it (smtp2.libero.it [193.70.192.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id 26AC943D13 for ; Wed, 10 Dec 2003 16:37:54 -0800 (PST) (envelope-from ml.ventu@flashnet.it) Received: from soth.ventu (151.38.126.218) by smtp2.libero.it (7.0.020-DD01) id 3F6F0DA9018B92DD for freebsd-net@freebsd.org; Thu, 11 Dec 2003 01:38:38 +0100 Received: from mailer (xanatar.ventu [10.1.2.6]) by soth.ventu (8.12.6p3/8.12.6) with SMTP id hBB0bpb6066726 for ; Thu, 11 Dec 2003 01:37:52 +0100 (CET) (envelope-from ml.ventu@flashnet.it) Message-Id: <200312110037.hBB0bpb6066726@soth.ventu> To: freebsd-net@freebsd.org Priority: Normal X-Mailer: Post Road Mailer for OS/2 (Green Edition Ver 3.0) Date: Thu, 11 Dec 2003 01:37:52 EST From: Andrea Venturoli Subject: Re: Two ISP connections X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andrea Venturoli List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2003 00:37:55 -0000 ** Reply to note from Barney Wolff Wed, 10 Dec 2003 11:39:00 -0500 > I don't know of anything published that does this, but it's easy to > write a perl or shell script that pings the router at the adsl isp > and does the necessary things when it disappears and reappears. Mmh, only problem is one of the ISP is famous for blocking ICMP as a whole, so no pings work. I haven't tried this particular line yet, but I may need to use come other protocol. > You start it from /usr/local/etc/rc.d (Hint - use nohup to keep it running). Why nohup? > Without getting much fancier than is reasonable, existing connections > will be dropped at switchovers. I can easily live with that. > I have a script that does similar things running here; email me if you > want it. Why not! If you don't mind, the please send it to me :) bye & Thanks av. From owner-freebsd-net@FreeBSD.ORG Wed Dec 10 17:00:31 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A8C8B16A4D2 for ; Wed, 10 Dec 2003 17:00:31 -0800 (PST) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 515B743D2D for ; Wed, 10 Dec 2003 17:00:12 -0800 (PST) (envelope-from don@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2657.72) id ; Wed, 10 Dec 2003 20:00:11 -0500 Message-ID: From: Don Bowman To: 'Andrea Venturoli' , freebsd-net@freebsd.org Date: Wed, 10 Dec 2003 20:00:10 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="iso-8859-1" Subject: RE: Two ISP connections X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2003 01:00:31 -0000 From: Andrea Venturoli [mailto:ml.ventu@flashnet.it] > ** Reply to note from Barney Wolff Wed, > 10 Dec 2003 11:39:00 -0500 > > > > I don't know of anything published that does this, but it's easy to > > write a perl or shell script that pings the router at the adsl isp > > and does the necessary things when it disappears and reappears. > > Mmh, only problem is one of the ISP is famous for blocking > ICMP as a whole, so no pings work. I haven't tried this > particular line yet, but I may need to use come other protocol. > > see the lft port (layer 4 traceroute) http://www.mainnerve.com/lft/ you can use this to get an ICMP response (albeit not echo) from your isp this way. [you can't really block icmp would fragment, it would break PMTU]. --don From owner-freebsd-net@FreeBSD.ORG Wed Dec 10 17:39:35 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 194D616A4CE for ; Wed, 10 Dec 2003 17:39:35 -0800 (PST) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id AD39843D13 for ; Wed, 10 Dec 2003 17:39:33 -0800 (PST) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.10/8.12.10) with ESMTP id hBB1dSRL065398; Wed, 10 Dec 2003 20:39:28 -0500 (EST) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.10/8.12.10/Submit) id hBB1dSOr065397; Wed, 10 Dec 2003 20:39:28 -0500 (EST) (envelope-from barney) Date: Wed, 10 Dec 2003 20:39:28 -0500 From: Barney Wolff To: Andrea Venturoli Message-ID: <20031211013928.GA64700@pit.databus.com> References: <200312110037.hBB0bpb6066726@soth.ventu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200312110037.hBB0bpb6066726@soth.ventu> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.38 cc: freebsd-net@freebsd.org Subject: Re: Two ISP connections X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2003 01:39:35 -0000 On Thu, Dec 11, 2003 at 01:37:52AM -0500, Andrea Venturoli wrote: > ** Reply to note from Barney Wolff Wed, 10 Dec 2003 11:39:00 -0500 > > > > I don't know of anything published that does this, but it's easy to > > write a perl or shell script that pings the router at the adsl isp > > and does the necessary things when it disappears and reappears. > > Mmh, only problem is one of the ISP is famous for blocking ICMP as a whole, so no pings work. I haven't tried this > particular line yet, but I may need to use come other protocol. You can substitute anything that should get a response via isp1, and whose result can be tested easily. > > You start it from /usr/local/etc/rc.d (Hint - use nohup to keep it running). > Why nohup? Things started from /usr/local/etc/rc.d get a hup signal when rc is finished with all the startup scripts - I think. Anyway, if you don't use nohup, or a more-conventional way to daemonize what you've started, it will die mysteriously in a very short time. I've never seen anybody else use nohup for this purpose but it works just fine on both 4.x and 5.x. > > Without getting much fancier than is reasonable, existing connections > > will be dropped at switchovers. > > I can easily live with that. > > > I have a script that does similar things running here; email me if you > > want it. > > Why not! If you don't mind, the please send it to me :) http://www.databus.com/dslsec.tgz (FreeBSD lists don't allow attachments.) Anyone is welcome to use/copy/modify these scripts. For the two-isp problem, if you're using NAT, you probably have to kill natd, reconfigure it and restart it in the dslsec-gopri/gosec scripts. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Thu Dec 11 04:51:23 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 13F1816A4CE for ; Thu, 11 Dec 2003 04:51:23 -0800 (PST) Received: from smtp1.libero.it (smtp1.libero.it [193.70.192.51]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3895943D2E for ; Thu, 11 Dec 2003 04:51:21 -0800 (PST) (envelope-from ml.ventu@flashnet.it) Received: from soth.ventu (151.38.126.218) by smtp1.libero.it (7.0.020-DD01) id 3F6F0E48018DC0E6 for freebsd-net@freebsd.org; Thu, 11 Dec 2003 13:51:53 +0100 Received: from mailer (xanatar.ventu [10.1.2.6]) by soth.ventu (8.12.6p3/8.12.6) with SMTP id hBBCpIb6069100 for ; Thu, 11 Dec 2003 13:51:19 +0100 (CET) (envelope-from ml.ventu@flashnet.it) Message-Id: <200312111251.hBBCpIb6069100@soth.ventu> To: freebsd-net@freebsd.org Priority: Normal X-Mailer: Post Road Mailer for OS/2 (Green Edition Ver 3.0) Date: Thu, 11 Dec 2003 13:51:19 EST From: Andrea Venturoli Subject: RE: Two ISP connections X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andrea Venturoli List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2003 12:51:23 -0000 ** Reply to note from Don Bowman Wed, 10 Dec 2003 20:00:10 -0500 > see the lft port (layer 4 traceroute) http://www.mainnerve.com/lft/ Thanks. > [you can't really block icmp would fragment Let's say "you shouln't really". > it would break PMTU]. Is this what you are talking about? (from the FreeBSD FAQ) > 14.26. Why do MacOS and Windows 98 connections freeze when > running PPPoE on the gateway? If so, you are going to have this problem with this ISP. Didn't choose it myself :( bye av. From owner-freebsd-net@FreeBSD.ORG Thu Dec 11 04:51:23 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8CD7216A4CF for ; Thu, 11 Dec 2003 04:51:23 -0800 (PST) Received: from smtp2.libero.it (smtp2.libero.it [193.70.192.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3DF8F43D2F for ; Thu, 11 Dec 2003 04:51:22 -0800 (PST) (envelope-from ml.ventu@flashnet.it) Received: from soth.ventu (151.38.126.218) by smtp2.libero.it (7.0.020-DD01) id 3F6F0DA9018D54F3 for freebsd-net@freebsd.org; Thu, 11 Dec 2003 13:52:06 +0100 Received: from mailer (xanatar.ventu [10.1.2.6]) by soth.ventu (8.12.6p3/8.12.6) with SMTP id hBBCpIb8069100 for ; Thu, 11 Dec 2003 13:51:20 +0100 (CET) (envelope-from ml.ventu@flashnet.it) Message-Id: <200312111251.hBBCpIb8069100@soth.ventu> To: freebsd-net@freebsd.org Priority: Normal X-Mailer: Post Road Mailer for OS/2 (Green Edition Ver 3.0) Date: Thu, 11 Dec 2003 13:51:20 EST From: Andrea Venturoli Subject: Re: Two ISP connections X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andrea Venturoli List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2003 12:51:23 -0000 ** Reply to note from Barney Wolff Wed, 10 Dec 2003 20:39:28 -0500 > Things started from /usr/local/etc/rc.d get a hup signal when rc is finished > with all the startup scripts - I think. Anyway, if you don't use nohup, > or a more-conventional way to daemonize what you've started, it will die > mysteriously in a very short time. I've never seen anybody else use nohup > for this purpose but it works just fine on both 4.x and 5.x. Are you sure? I never heard anything like that and I never used nohup before... Maybe net is not the right place to discuss this, though. > http://www.databus.com/dslsec.tgz > (FreeBSD lists don't allow attachments.) > > Anyone is welcome to use/copy/modify these scripts. For the two-isp > problem, if you're using NAT, you probably have to kill natd, reconfigure > it and restart it in the dslsec-gopri/gosec scripts. Thanks a lot. bye av. From owner-freebsd-net@FreeBSD.ORG Thu Dec 11 04:59:56 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A34316A4CF for ; Thu, 11 Dec 2003 04:59:56 -0800 (PST) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id A497D43D1F for ; Thu, 11 Dec 2003 04:59:51 -0800 (PST) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id hBBCxnAB038878 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 11 Dec 2003 15:59:49 +0300 (MSK) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id hBBCxmkZ038877 for freebsd-net@freebsd.org; Thu, 11 Dec 2003 15:59:48 +0300 (MSK) Date: Thu, 11 Dec 2003 15:59:48 +0300 From: Gleb Smirnoff To: freebsd-net@freebsd.org Message-ID: <20031211125948.GN37784@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="yrj/dFKFPuw6o+aM" Content-Disposition: inline User-Agent: Mutt/1.5.4i Subject: incorrect connect() behavior X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2003 12:59:56 -0000 --yrj/dFKFPuw6o+aM Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Dear sirs, as it is described in connect(2): ERRORS The connect() call fails if: ... [ENETUNREACH] The network is not reachable from this host. [EHOSTUNREACH] The remote host is not reachable from this host. However, this sample program (attached) shows that connect() does not return -1 in case of absence of routing do destination.(One should run test program after "route delete default") Testing FreeBSD-STABLE showed that connect() will return 0, and following getsockname() on same sockaddr will return 127.0.0.1 as source address. What does this break? ntpd(8) will not work after temporary route flapping, or in case when ntpd(8) starts before time servers are reachable. Same problem with ports/net/net-snmp, it freezes after route flapping. In latter case I haven't looked into sources, but I suppose the problem is similar to ntpd's. Testing FreeBSD 5.1-RELEASE showed that connect() will return 0, and following getsockname() on same sockaddr will return same address, as would be returned in presence of default route. Haven't tested on multihomed 5.x boxes. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE --yrj/dFKFPuw6o+aM Content-Type: text/plain; charset=koi8-r Content-Disposition: attachment; filename="no-route-test.c" #include #include #include #include #define SOMEHOST "209.132.205.227" int main() { int s, rtn; struct sockaddr_in saddr; int saddrlen = sizeof(saddr); saddr.sin_family = AF_INET; saddr.sin_addr.s_addr = inet_addr(SOMEHOST); saddr.sin_port = htons(2000); s = socket(AF_INET, SOCK_DGRAM, 0); if (s < 0) { printf("Error from socket()\n"); return -1; } rtn = connect(s, (struct sockaddr *)&saddr, sizeof(saddr)); if (rtn < 0) { printf("Error from connect(): %s\n", strerror(errno)); return -1; } rtn = getsockname(s, (struct sockaddr *)&saddr, &saddrlen); if (rtn < 0) { printf("Error from getsockname()\n"); return -1; } close(s); printf("Addr is %s\n", inet_ntoa(saddr.sin_addr)); } --yrj/dFKFPuw6o+aM-- From owner-freebsd-net@FreeBSD.ORG Thu Dec 11 06:06:48 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8274616A4CE for ; Thu, 11 Dec 2003 06:06:48 -0800 (PST) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id EC56743D2B for ; Thu, 11 Dec 2003 06:06:46 -0800 (PST) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id 5600C653D8; Thu, 11 Dec 2003 14:06:43 +0000 (GMT) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 80610-04-2; Thu, 11 Dec 2003 14:06:42 +0000 (GMT) Received: from saboteur.dek.spc.org (unknown [82.147.19.91]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id B96AF651EB; Thu, 11 Dec 2003 14:06:42 +0000 (GMT) Received: by saboteur.dek.spc.org (Postfix, from userid 1001) id D4DD932; Thu, 11 Dec 2003 14:06:41 +0000 (GMT) Date: Thu, 11 Dec 2003 14:06:41 +0000 From: Bruce M Simpson To: freebsd-net@FreeBSD.org, consume-thenet@lists.consume.net Message-ID: <20031211140641.GB51836@saboteur.dek.spc.org> Mail-Followup-To: freebsd-net@FreeBSD.org, consume-thenet@lists.consume.net Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="k1lZvvs/B4yU6o8G" Content-Disposition: inline Subject: ANNOUNCE: net/tcpdump Radiotap-aware port committed. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2003 14:06:48 -0000 --k1lZvvs/B4yU6o8G Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable All, I've just committed a new port of tcpdump 3.8.1 with David Young's radiotap patches. On FreeBSD 5.2 I was able to get the radiotap headers =66rom the wi(4) driver with this. This is fairly bleeding edge so there may be rough edges around it, play with it and let me know how you get on. The main motivation for committing the port was to bring in features like this without disrupting the vendor branch of tcpdump/libpcap in the FreeBSD base system. I'll be looking at bringing dstumbler back into the fold next. Have fun, and happy warwalking! Regards, BMS --k1lZvvs/B4yU6o8G Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: '' iD8DBQE/2HnxueUpAYYNtTsRAk/2AJ0enxDr/bTIcSAUOuamKYdyUO5tzACgpIRU o4Lqqx0tr8lRshpz/iCBupk= =T0Nz -----END PGP SIGNATURE----- --k1lZvvs/B4yU6o8G-- From owner-freebsd-net@FreeBSD.ORG Thu Dec 11 07:20:31 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5348116A4CE; Thu, 11 Dec 2003 07:20:31 -0800 (PST) Received: from silver.he.iki.fi (helenius.fi [193.64.42.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8718843D2A; Thu, 11 Dec 2003 07:20:28 -0800 (PST) (envelope-from pete@he.iki.fi) Received: from he.iki.fi (localhost [127.0.0.1]) by silver.he.iki.fi (8.12.9p2/8.11.4) with ESMTP id hBBFKPgr088990; Thu, 11 Dec 2003 17:20:26 +0200 (EET) (envelope-from pete@he.iki.fi) Message-ID: <3FD88B14.1020801@he.iki.fi> Date: Thu, 11 Dec 2003 17:19:48 +0200 From: Petri Helenius User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Bruce M Simpson References: <20031211140641.GB51836@saboteur.dek.spc.org> In-Reply-To: <20031211140641.GB51836@saboteur.dek.spc.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit cc: freebsd-net@freebsd.org cc: consume-thenet@lists.consume.net Subject: Re: ANNOUNCE: net/tcpdump Radiotap-aware port committed. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2003 15:20:31 -0000 Bruce M Simpson wrote: >The main motivation for committing the port was to bring in features like >this without disrupting the vendor branch of tcpdump/libpcap in the FreeBSD >base system. > > Is there a port of libpcap? The system tcpdump seems to be out of synch with libpcap already since tcpdump has been imported once after last libpcap import. And as said before, libpcap in the system contains the bug which severely limits it´s usefulness in larger bandwidth environments. Pete From owner-freebsd-net@FreeBSD.ORG Thu Dec 11 08:54:07 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B7BA216A4CE for ; Thu, 11 Dec 2003 08:54:07 -0800 (PST) Received: from tenebras.com (laptop.tenebras.com [66.92.188.18]) by mx1.FreeBSD.org (Postfix) with SMTP id 044E943D1F for ; Thu, 11 Dec 2003 08:54:06 -0800 (PST) (envelope-from kudzu@tenebras.com) Received: (qmail 23376 invoked from network); 11 Dec 2003 16:54:05 -0000 Received: from sapphire.tenebras.com (HELO tenebras.com) (192.168.188.241) by laptop.tenebras.com with SMTP; 11 Dec 2003 16:54:05 -0000 Message-ID: <3FD8A12C.3060204@tenebras.com> Date: Thu, 11 Dec 2003 08:54:04 -0800 From: Michael Sierchio User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, zh-tw, zh-cn, fr, en, de-de MIME-Version: 1.0 To: Petri Helenius References: <20031211140641.GB51836@saboteur.dek.spc.org> <3FD88B14.1020801@he.iki.fi> In-Reply-To: <3FD88B14.1020801@he.iki.fi> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit cc: freebsd-net@freebsd.org cc: Bruce M Simpson cc: consume-thenet@lists.consume.net Subject: Re: ANNOUNCE: net/tcpdump Radiotap-aware port committed. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2003 16:54:07 -0000 Petri Helenius wrote: > Is there a port of libpcap? The system tcpdump seems to be out of synch > with libpcap already > since tcpdump has been imported once after last libpcap import. > > And as said before, libpcap in the system contains the bug which > severely limits it´s usefulness in > larger bandwidth environments. What are the chances of Phil Wood's patches getting ported? Or am I mistaken in thinking they would help solve the bandwidth limitation imposed by buffer management? From owner-freebsd-net@FreeBSD.ORG Thu Dec 11 09:20:21 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1244616A4CE for ; Thu, 11 Dec 2003 09:20:21 -0800 (PST) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id D42F643D31 for ; Thu, 11 Dec 2003 09:20:19 -0800 (PST) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.10/8.12.10) with ESMTP id hBBHKHiR010718; Thu, 11 Dec 2003 12:20:17 -0500 (EST) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.10/8.12.10/Submit) id hBBHKHYg010717; Thu, 11 Dec 2003 12:20:17 -0500 (EST) (envelope-from barney) Date: Thu, 11 Dec 2003 12:20:17 -0500 From: Barney Wolff To: Andrea Venturoli Message-ID: <20031211172017.GA9970@pit.databus.com> References: <200312111251.hBBCpIb8069100@soth.ventu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200312111251.hBBCpIb8069100@soth.ventu> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.38 cc: freebsd-net@freebsd.org Subject: Re: Two ISP connections X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2003 17:20:21 -0000 On Thu, Dec 11, 2003 at 01:51:20PM -0500, Andrea Venturoli wrote: > ** Reply to note from Barney Wolff Wed, 10 Dec 2003 20:39:28 -0500 > > > > Things started from /usr/local/etc/rc.d get a hup signal when rc is finished > > with all the startup scripts - I think. Anyway, if you don't use nohup, > > or a more-conventional way to daemonize what you've started, it will die > > mysteriously in a very short time. I've never seen anybody else use nohup > > for this purpose but it works just fine on both 4.x and 5.x. > > Are you sure? > I never heard anything like that and I never used nohup before... > Maybe net is not the right place to discuss this, though. You're welcome to try not doing it and see how it works. If you don't like nohup, man perlfaq8 and look at the answer to "How can I fork a daemon process?" - or look it up in Stevens' Unix Network Programming. I am *not* sure that it's HUP, but my experience is that processes get something fatal quickly, and nohup prevents it. Regards, Barney -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Thu Dec 11 11:59:05 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 862A416A4CE for ; Thu, 11 Dec 2003 11:59:05 -0800 (PST) Received: from midgard.ttsg.com (midgard.ttsg.com [216.231.105.235]) by mx1.FreeBSD.org (Postfix) with ESMTP id 540B743D1D for ; Thu, 11 Dec 2003 11:59:03 -0800 (PST) (envelope-from hali@ttsg.com) Received: from midgard.ttsg.com (localhost [127.0.0.1]) by midgard.ttsg.com (8.12.10/8.12.9) with ESMTP id hBBJx2XR020315 for ; Thu, 11 Dec 2003 14:59:02 -0500 (EST) Received: from localhost (hali@localhost)hBBJx2WO020312 for ; Thu, 11 Dec 2003 14:59:02 -0500 (EST) Date: Thu, 11 Dec 2003 14:59:02 -0500 (EST) From: Hussain Ali To: freebsd-net@freebsd.org Message-ID: <20031211145746.N99176-100000@midgard.ttsg.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: grouping 2 or more interfaces as 1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2003 19:59:05 -0000 Hello, I am freebsd newbie, so bear with me. I was searching if its possible to bond 2 ethernet interfaces as 1 under FreeBsd. Ie similiar to creating a trunk. Any references? Thanks, -Hussain From owner-freebsd-net@FreeBSD.ORG Thu Dec 11 12:32:01 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5DDFE16A4CE for ; Thu, 11 Dec 2003 12:32:01 -0800 (PST) Received: from mx03.ca.mci.com (mx03.ca.mci.com [142.77.2.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8E16143D2B for ; Thu, 11 Dec 2003 12:31:55 -0800 (PST) (envelope-from kfl@xiphos.ca) Received: from tick (unknown [216.95.199.148]) by mx03.ca.mci.com (Postfix) with SMTP id 8083B104A5; Thu, 11 Dec 2003 15:31:52 -0500 (EST) From: "kfl" To: "Hussain Ali" , Date: Thu, 11 Dec 2003 15:39:45 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 In-Reply-To: <20031211145746.N99176-100000@midgard.ttsg.com> Subject: RE: grouping 2 or more interfaces as 1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2003 20:32:01 -0000 Look into bridge(4). > -----Original Message----- > From: owner-freebsd-net@freebsd.org > [mailto:owner-freebsd-net@freebsd.org]On Behalf Of Hussain Ali > Sent: Thursday, December 11, 2003 2:59 PM > To: freebsd-net@freebsd.org > Subject: grouping 2 or more interfaces as 1 > > > > Hello, > > I am freebsd newbie, so bear with me. I was searching if its possible > to bond 2 ethernet interfaces as 1 under FreeBsd. Ie similiar to > creating a trunk. > > Any references? > > Thanks, > > -Hussain > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Thu Dec 11 13:14:18 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D6A716A4CE for ; Thu, 11 Dec 2003 13:14:18 -0800 (PST) Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.85]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8E17743D31 for ; Thu, 11 Dec 2003 13:14:16 -0800 (PST) (envelope-from julian@elischer.org) Received: from interjet.elischer.org ([24.7.73.28]) by comcast.net (rwcrmhc12) with ESMTP id <20031211211414014007notbe>; Thu, 11 Dec 2003 21:14:15 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id NAA88562; Thu, 11 Dec 2003 13:14:14 -0800 (PST) Date: Thu, 11 Dec 2003 13:14:12 -0800 (PST) From: Julian Elischer To: kfl In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org cc: Hussain Ali Subject: RE: grouping 2 or more interfaces as 1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2003 21:14:18 -0000 On Thu, 11 Dec 2003, kfl wrote: > Look into bridge(4). more likely he wants something like ng_fec or ng_one2many > > > -----Original Message----- > > From: owner-freebsd-net@freebsd.org > > [mailto:owner-freebsd-net@freebsd.org]On Behalf Of Hussain Ali > > Sent: Thursday, December 11, 2003 2:59 PM > > To: freebsd-net@freebsd.org > > Subject: grouping 2 or more interfaces as 1 > > > > > > > > Hello, > > > > I am freebsd newbie, so bear with me. I was searching if its possible > > to bond 2 ethernet interfaces as 1 under FreeBsd. Ie similiar to > > creating a trunk. > > > > Any references? > > > > Thanks, > > > > -Hussain > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Thu Dec 11 13:19:40 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7B33916A4CE for ; Thu, 11 Dec 2003 13:19:40 -0800 (PST) Received: from web10405.mail.yahoo.com (web10405.mail.yahoo.com [216.136.130.97]) by mx1.FreeBSD.org (Postfix) with SMTP id B572443D32 for ; Thu, 11 Dec 2003 13:19:39 -0800 (PST) (envelope-from opolyakov@yahoo.com) Message-ID: <20031211211939.49992.qmail@web10405.mail.yahoo.com> Received: from [67.112.213.229] by web10405.mail.yahoo.com via HTTP; Thu, 11 Dec 2003 13:19:39 PST Date: Thu, 11 Dec 2003 13:19:39 -0800 (PST) From: Oleg Polyakov To: Hussain Ali , freebsd-net@freebsd.org In-Reply-To: <20031211145746.N99176-100000@midgard.ttsg.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: grouping 2 or more interfaces as 1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2003 21:19:40 -0000 There are couple modules: ng_one2many, there is a man page for it; ng_fec - no man page, but here are some info: http://www.bsd-dk.dk/archives/2001/Mar/0027.html http://www.securityfocus.com/archive/96/340308/2003-09-29/2003-10-05/0 --- Hussain Ali wrote: > > Hello, > > I am freebsd newbie, so bear with me. I was searching if its possible > to bond 2 ethernet interfaces as 1 under FreeBsd. Ie similiar to > creating a trunk. > > Any references? > > Thanks, > > -Hussain > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" __________________________________ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ From owner-freebsd-net@FreeBSD.ORG Thu Dec 11 13:51:12 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E11A116A4CE for ; Thu, 11 Dec 2003 13:51:12 -0800 (PST) Received: from tenebras.com (laptop.tenebras.com [66.92.188.18]) by mx1.FreeBSD.org (Postfix) with SMTP id A3AA043D2F for ; Thu, 11 Dec 2003 13:51:11 -0800 (PST) (envelope-from kudzu@tenebras.com) Received: (qmail 27113 invoked from network); 11 Dec 2003 21:51:10 -0000 Received: from sapphire.tenebras.com (HELO tenebras.com) (192.168.188.241) by laptop.tenebras.com with SMTP; 11 Dec 2003 21:51:10 -0000 Message-ID: <3FD8E6CD.9070006@tenebras.com> Date: Thu, 11 Dec 2003 13:51:09 -0800 From: Michael Sierchio User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, zh-tw, zh-cn, fr, en, de-de MIME-Version: 1.0 To: Julian Elischer References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: Hussain Ali Subject: Re: grouping 2 or more interfaces as 1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2003 21:51:13 -0000 Julian Elischer wrote: > > On Thu, 11 Dec 2003, kfl wrote: > > >>Look into bridge(4). > > > more likely he wants something like ng_fec or ng_one2many Unless performance is the reason for bonding the ether channels... Can't we steal the Linux code? ;-) From owner-freebsd-net@FreeBSD.ORG Thu Dec 11 14:39:26 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 454EB16A4CE for ; Thu, 11 Dec 2003 14:39:26 -0800 (PST) Received: from tenebras.com (laptop.tenebras.com [66.92.188.18]) by mx1.FreeBSD.org (Postfix) with SMTP id 1A6DC43DFE for ; Thu, 11 Dec 2003 14:14:56 -0800 (PST) (envelope-from kudzu@tenebras.com) Received: (qmail 27480 invoked from network); 11 Dec 2003 22:14:55 -0000 Received: from sapphire.tenebras.com (HELO tenebras.com) (192.168.188.241) by laptop.tenebras.com with SMTP; 11 Dec 2003 22:14:55 -0000 Message-ID: <3FD8EC5D.3060506@tenebras.com> Date: Thu, 11 Dec 2003 14:14:53 -0800 From: Michael Sierchio User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, zh-tw, zh-cn, fr, en, de-de MIME-Version: 1.0 To: Julian Elischer References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: Hussain Ali Subject: Re: grouping 2 or more interfaces as 1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2003 22:39:26 -0000 Julian Elischer wrote: >>>more likely he wants something like ng_fec or ng_one2many >> >>Unless performance is the reason for bonding the ether channels... >> >>Can't we steal the Linux code? ;-) > > is the netgraph version particularly slow? Not slower than a single ether channel, no ;-) Considerably slower than link layer bonding. The netgraph version provides a really useful functionality, and I suppose that 2GB and 10GB fiber interfaces will do away with any pressure to give us bonding in the kernel. Sorry, didn't mean to sound ungrateful. From owner-freebsd-net@FreeBSD.ORG Thu Dec 11 14:56:05 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D1EEF16A4E8 for ; Thu, 11 Dec 2003 14:56:05 -0800 (PST) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.198.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 25E0D43D3C for ; Thu, 11 Dec 2003 14:02:59 -0800 (PST) (envelope-from julian@elischer.org) Received: from interjet.elischer.org ([24.7.73.28]) by comcast.net (rwcrmhc11) with ESMTP id <2003121122025601300bp26pe>; Thu, 11 Dec 2003 22:02:56 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id OAA89151; Thu, 11 Dec 2003 14:02:54 -0800 (PST) Date: Thu, 11 Dec 2003 14:02:53 -0800 (PST) From: Julian Elischer To: Michael Sierchio In-Reply-To: <3FD8E6CD.9070006@tenebras.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org cc: Hussain Ali Subject: Re: grouping 2 or more interfaces as 1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2003 22:56:06 -0000 On Thu, 11 Dec 2003, Michael Sierchio wrote: > Julian Elischer wrote: > > > > On Thu, 11 Dec 2003, kfl wrote: > > > > > >>Look into bridge(4). > > > > > > more likely he wants something like ng_fec or ng_one2many > > Unless performance is the reason for bonding the ether channels... > > Can't we steal the Linux code? ;-) is the netgraph version particularly slow? > > > From owner-freebsd-net@FreeBSD.ORG Thu Dec 11 17:33:47 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8DF5316A4CE for ; Thu, 11 Dec 2003 17:33:47 -0800 (PST) Received: from swin.edu.au (c3p0.cc.swin.edu.au [136.186.1.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id E797B43D35 for ; Thu, 11 Dec 2003 17:33:45 -0800 (PST) (envelope-from pvandenbergen@swin.edu.au) Received: from pvdbergen.caia.swin.edu.au (pvdbergen.caia.swin.edu.au [136.186.229.26]) by swin.edu.au (8.9.3p2-20030918/8.9.3) with ESMTP id MAA910286 for ; Fri, 12 Dec 2003 12:33:44 +1100 (EST) From: paul van den bergen To: freebsd-net@freebsd.org Date: Fri, 12 Dec 2003 12:33:43 +1100 User-Agent: KMail/1.5 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200312121233.43680.pvandenbergen@swin.edu.au> Subject: ssh tunnels and Xvnc - (yes, I know... What? not again!?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2003 01:33:47 -0000 Hi all, I have a situation that has not been fully addressed by the excellent documentation on getting ssh tunnels and remote X-windows display managers (like VNC) running. And my feeble brain is too damaged by the dreaded lurgy to make heads or tails of it. home machine (home) ---- ISP --- internet --- work firewall --- work machine1 (additional firewall?) (work1) --- work machine 2 (desktop) (work2). I can ssh from home to the work1 and ssh from there to work2. home runs windows 2k and I have (full) admin access work1 and 2 run FreeBSD I have root access on work2 but not work 1 I guess I have to: run Xvncserver on work2 ssh tunnel (tunnel1-2) from work 2 to work 1 ssh tunnel (tunnelh-2) inside tunnel1-2 run vnclistener on home. any suggestions as to what is actually needed? can someone hold my hand though this? -- Dr Paul van den Bergen Centre for Advanced Internet Architectures caia.swin.edu.au pvandenbergen@swin.edu.au IM:bulwynkl2002 "And some run up hill and down dale, knapping the chucky stones to pieces wi' hammers, like so many road makers run daft. They say it is to see how the world was made." Sir Walter Scott, St. Ronan's Well 1824 From owner-freebsd-net@FreeBSD.ORG Thu Dec 11 18:55:04 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5144016A4CE for ; Thu, 11 Dec 2003 18:55:04 -0800 (PST) Received: from mail-out3.apple.com (mail-out3.apple.com [17.254.13.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id C2CDA43D46 for ; Thu, 11 Dec 2003 18:54:37 -0800 (PST) (envelope-from guy@alum.mit.edu) Received: from mailgate1.apple.com (a17-128-100-225.apple.com [17.128.100.225]) by mail-out3.apple.com (8.12.10/8.12.9) with ESMTP id hBC2sbLh029931 for ; Thu, 11 Dec 2003 18:54:37 -0800 (PST) Received: from scv2.apple.com (scv2.apple.com) by mailgate1.apple.com ; Thu, 11 Dec 2003 18:54:34 -0800 Received: from [17.202.40.208] (gharris.apple.com [17.202.40.208]) by scv2.apple.com (8.12.9/8.12.9) with ESMTP id hBC2sCEV019527; Thu, 11 Dec 2003 18:54:12 -0800 (PST) Mime-Version: 1.0 (Apple Message framework v609) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <85615588-2C4E-11D8-8759-000A958097E4@alum.mit.edu> Content-Transfer-Encoding: 7bit From: Guy Harris Date: Thu, 11 Dec 2003 18:54:36 -0800 To: Michael Sierchio X-Mailer: Apple Mail (2.609) cc: freebsd-net@FreeBSD.org cc: consume-thenet@lists.consume.net Subject: Re: ANNOUNCE: net/tcpdump Radiotap-aware port committed. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2003 02:55:04 -0000 > What are the chances of Phil Wood's patches getting ported? If you mean the patches from http://public.lanl.gov/cpw/ then the chances are no greater than the chances of memory mapping being added to BPF. :-) I.e., the patches support use of Linux's memory-mapped PF_PACKET socket support; there's no equivalent memory-mapped BPF mechanism in any BSD, so there'd be nothing for a ported version to use - a memory-mapped BPF would have to be implemented before his changes could be ported. Michael T. Stolarchuk was working on such a mechanism at one point: http://www.tcpdump.org/lists/workers/2000/msg01156.html but I don't know what happened to that. (He was working on it for OpenBSD, I think, and was, I think, relying on UVM: http://www.ccrc.wustl.edu/pub/chuck/tech/uvm/ for it: http://www.usenix.org/events/lisa2001/tech/stolarchuk/ .) From owner-freebsd-net@FreeBSD.ORG Thu Dec 11 19:12:54 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A062016A4CE for ; Thu, 11 Dec 2003 19:12:54 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9B91D43D36 for ; Thu, 11 Dec 2003 19:12:53 -0800 (PST) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.org (8.9.3/8.9.3) id UAA10720 for net@freebsd.org; Thu, 11 Dec 2003 20:12:49 -0700 (MST) Date: Thu, 11 Dec 2003 20:12:49 -0700 (MST) From: Brett Glass Message-Id: <200312120312.UAA10720@lariat.org> To: net@freebsd.org Subject: Controlling ports used by natd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2003 03:12:54 -0000 Is there a way to control the range of ports to which FreeBSD's natd maps outgoing connections? I'm attempting to deal with a situation in which natd is (sometimes) changing outgoing UDP packets' source port numbers to ones which are commonly used by worms. Sometimes, a firewall at the destination blocks the packet; at other times, the response is blocked on the way back. If it is possible to tell natd to avoid using ports that are firewalled, it ought to be possible to avoid this problem. But I can find no way to do this. Does one exist? --Brett Glass From owner-freebsd-net@FreeBSD.ORG Thu Dec 11 23:45:21 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2DFA116A4CE for ; Thu, 11 Dec 2003 23:45:21 -0800 (PST) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id C1E6743D1F for ; Thu, 11 Dec 2003 23:45:19 -0800 (PST) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.10/8.12.10) with ESMTP id hBC7jJiR023600; Fri, 12 Dec 2003 02:45:19 -0500 (EST) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.10/8.12.10/Submit) id hBC7jJNH023599; Fri, 12 Dec 2003 02:45:19 -0500 (EST) (envelope-from barney) Date: Fri, 12 Dec 2003 02:45:19 -0500 From: Barney Wolff To: Brett Glass Message-ID: <20031212074519.GA23452@pit.databus.com> References: <200312120312.UAA10720@lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200312120312.UAA10720@lariat.org> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.38 cc: net@freebsd.org Subject: Re: Controlling ports used by natd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2003 07:45:21 -0000 On Thu, Dec 11, 2003 at 08:12:49PM -0700, Brett Glass wrote: > Is there a way to control the range of ports to which FreeBSD's > natd maps outgoing connections? I'm attempting to deal with a > situation in which natd is (sometimes) changing outgoing UDP > packets' source port numbers to ones which are commonly used > by worms. Sometimes, a firewall at the destination blocks the > packet; at other times, the response is blocked on the way > back. > > If it is possible to tell natd to avoid using ports that are > firewalled, it ought to be possible to avoid this problem. But > I can find no way to do this. Does one exist? UTSL libpcap/alias_db.c -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 00:01:42 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B6DEC16A4CE for ; Fri, 12 Dec 2003 00:01:42 -0800 (PST) Received: from mwinf0401.wanadoo.fr (smtp4.wanadoo.fr [193.252.22.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 59CBE43D32 for ; Fri, 12 Dec 2003 00:01:36 -0800 (PST) (envelope-from molter@tin.it) Received: from www.example.org (ANice-205-1-10-92.w81-248.abo.wanadoo.fr [81.248.121.92]) by mwinf0401.wanadoo.fr (SMTP Server) with SMTP id C355D58000F0 for ; Fri, 12 Dec 2003 09:01:34 +0100 (CET) Received: (qmail 1017 invoked by uid 1000); 12 Dec 2003 08:01:31 -0000 Date: Fri, 12 Dec 2003 09:01:31 +0100 From: Marco Molteni To: paul van den bergen Message-ID: <20031212080131.GB962@cobweb.example.org> References: <200312121233.43680.pvandenbergen@swin.edu.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200312121233.43680.pvandenbergen@swin.edu.au> User-Agent: Mutt/1.4.1i cc: freebsd-net@freebsd.org Subject: Re: ssh tunnels and Xvnc - (yes, I know... What? not again!?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2003 08:01:42 -0000 Hi Paul, I guess we already met on the mip6 mailing list... :-) paul van den bergen wrote [2003-12-12]: > Hi all, > > I have a situation that has not been fully addressed by the excellent > documentation on getting ssh tunnels and remote X-windows display managers > (like VNC) running. And my feeble brain is too damaged by the dreaded lurgy > to make heads or tails of it. > > home machine (home) ---- ISP --- internet --- work firewall --- work machine1 > (additional firewall?) (work1) --- work machine 2 (desktop) (work2). > > I can ssh from home to the work1 and ssh from there to work2. > home runs windows 2k and I have (full) admin access > work1 and 2 run FreeBSD > I have root access on work2 but not work 1 you should be able to do it in one step, no need to log into work1, no need to run the listener... you just need your ssh public keys in work1 and work2 from home you double tunnel: LOCALPORT=6333 REMOTEPORT=5901 ssh -t -L $LOCALPORT:localhost:12945 work1 \ ssh -L 12945:localhost:$REMOTEPORT work2 then, always from home, you use vncviewer. You have to force the encodings otherwise vncviewer thinks it is local and will not compress. This syntax works fine for tightvnc LOCALPORT=6333 vncviewer -bgr233 \ -encodings "copyrect tight hextile zlib corre rre raw" \ localhost::$LOCALPORT marco From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 00:19:44 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0F3A616A4CE for ; Fri, 12 Dec 2003 00:19:44 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id DB06D43D33 for ; Fri, 12 Dec 2003 00:19:42 -0800 (PST) (envelope-from brett@lariat.org) Received: from runaround.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id BAA13230; Fri, 12 Dec 2003 01:19:36 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <6.0.0.22.2.20031212011133.047ae798@localhost> X-Sender: brett@localhost (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Fri, 12 Dec 2003 01:19:34 -0700 To: Barney Wolff From: Brett Glass In-Reply-To: <20031212074519.GA23452@pit.databus.com> References: <200312120312.UAA10720@lariat.org> <20031212074519.GA23452@pit.databus.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" cc: net@freebsd.org Subject: Re: Controlling ports used by natd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2003 08:19:44 -0000 At 12:45 AM 12/12/2003, Barney Wolff wrote: >UTSL libpcap/alias_db.c I can find no such file in /usr/src/contrib/libpcap. I did find one in /usr/src/lib/libalias. It seems to have in it a function called FindNewPortGroup that hunts for ports at random, but there's no discipline there to make it avoid specific ports or groups of ports. Are you suggesting that I modify this function to add port exclusion as a new feature? I suppose that I could do this, but it would involve changing data structures that were used by many programs, including natd and ppp. So, there could be a huge ripple effect. --Brett From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 00:35:24 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C43B016A4CE for ; Fri, 12 Dec 2003 00:35:24 -0800 (PST) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8B04143D09 for ; Fri, 12 Dec 2003 00:35:23 -0800 (PST) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.10/8.12.10) with ESMTP id hBC8ZNiR024672; Fri, 12 Dec 2003 03:35:23 -0500 (EST) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.10/8.12.10/Submit) id hBC8ZMb7024671; Fri, 12 Dec 2003 03:35:22 -0500 (EST) (envelope-from barney) Date: Fri, 12 Dec 2003 03:35:22 -0500 From: Barney Wolff To: Brett Glass Message-ID: <20031212083522.GA24267@pit.databus.com> References: <200312120312.UAA10720@lariat.org> <20031212074519.GA23452@pit.databus.com> <6.0.0.22.2.20031212011133.047ae798@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6.0.0.22.2.20031212011133.047ae798@localhost> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.38 cc: net@freebsd.org Subject: Re: Controlling ports used by natd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2003 08:35:24 -0000 On Fri, Dec 12, 2003 at 01:19:34AM -0700, Brett Glass wrote: > At 12:45 AM 12/12/2003, Barney Wolff wrote: > > >UTSL libpcap/alias_db.c > > I can find no such file in /usr/src/contrib/libpcap. I did find > one in /usr/src/lib/libalias. It seems to have in it a function > called FindNewPortGroup that hunts for ports at random, but > there's no discipline there to make it avoid specific ports > or groups of ports. Are you suggesting that I modify this > function to add port exclusion as a new feature? I suppose that > I could do this, but it would involve changing data structures > that were used by many programs, including natd and ppp. So, > there could be a huge ripple effect. Oops, sorry for the confusion. How fancy a change is up to you, but changing ALIAS_PORT_BASE and ALIAS_PORT_MASK (and _EVEN) would let you confine the port range without much work. Un-nat'd folks are most likely using ports in the hi range, and usually without trouble - presumably normal programs don't make special checks for trojan ports. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 01:26:42 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8678C16A4CE for ; Fri, 12 Dec 2003 01:26:42 -0800 (PST) Received: from mizar.origin-it.net (mizar.origin-it.net [194.8.96.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7F92943D32 for ; Fri, 12 Dec 2003 01:26:40 -0800 (PST) (envelope-from helge.oldach@atosorigin.com) Received: from matar.hbg.de.int.atosorigin.com (dehsfw3e.origin-it.net [194.8.96.68])hBC9Qbm3012638 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 12 Dec 2003 10:26:37 +0100 (CET) (envelope-from helge.oldach@atosorigin.com) Received: from galaxy.hbg.de.ao-srv.com (galaxy.hbg.de.ao-srv.com [161.89.20.4])ESMTP id hBC9QbQ8084116; Fri, 12 Dec 2003 10:26:37 +0100 (CET) (envelope-from helge.oldach@atosorigin.com) Received: (from hmo@localhost) by galaxy.hbg.de.ao-srv.com (8.9.3p2/8.9.3/hmo30mar03) id KAA06641; Fri, 12 Dec 2003 10:26:36 +0100 (MET) Message-Id: <200312120926.KAA06641@galaxy.hbg.de.ao-srv.com> In-Reply-To: <20031212080131.GB962@cobweb.example.org> from Marco Molteni at "Dec 12, 2003 9: 1:31 am" To: molter@tin.it (Marco Molteni) Date: Fri, 12 Dec 2003 10:26:35 +0100 (MET) From: Helge Oldach X-Address: Atos Origin GmbH, Friesenstraße 13, D-20097 Hamburg, Germany X-Phone: +49 40 7886 7464, Fax: +49 40 7886 9464, Mobile: +49 160 4782517 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: ssh tunnels and Xvnc - (yes, I know... What? not again!?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2003 09:26:42 -0000 Marco Molteni: >> I have a situation that has not been fully addressed by the excellent >> documentation on getting ssh tunnels and remote X-windows display managers > >> (like VNC) running. And my feeble brain is too damaged by the dreaded >lurgy >> to make heads or tails of it. >> >> home machine (home) ---- ISP --- internet --- work firewall --- work >machine1 >> (additional firewall?) (work1) --- work machine 2 (desktop) (work2). >> >> I can ssh from home to the work1 and ssh from there to work2. >> home runs windows 2k and I have (full) admin access >> work1 and 2 run FreeBSD >> I have root access on work2 but not work 1 > >you should be able to do it in one step, no need to log into work1, >no need to run the listener... you just need your ssh public keys >in work1 and work2 Yep. >from home you double tunnel: >LOCALPORT=6333 >REMOTEPORT=5901 >ssh -t -L $LOCALPORT:localhost:12945 work1 \ > ssh -L 12945:localhost:$REMOTEPORT work2 As home is a W2k box, ssh won't probably work exactly like this... Putty supports a "don't allocate a pseudo-terminal" option to achieve the effect of ssh's "-t" option. (Required, otherwise work1 will bark.) Helge From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 02:01:34 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A938316A4CE for ; Fri, 12 Dec 2003 02:01:34 -0800 (PST) Received: from apollo.laserfence.net (apollo.laserfence.net [196.44.69.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE5FD43D32 for ; Fri, 12 Dec 2003 02:01:31 -0800 (PST) (envelope-from will@unfoldings.net) Received: from [127.0.0.1] (helo=localhost) by apollo.laserfence.net with esmtp (Exim 4.24; FreeBSD) id 1AUk6p-000Bgd-HT; Fri, 12 Dec 2003 12:01:19 +0200 Received: from apollo.laserfence.net ([127.0.0.1]) by localhost (apollo.laserfence.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 40384-10; Fri, 12 Dec 2003 12:01:01 +0200 (SAST) Received: from [192.168.255.1] (helo=prometheus.home.laserfence.net) by apollo.laserfence.net with esmtp (Exim 4.24; FreeBSD) id 1AUk6V-000BgN-Rz; Fri, 12 Dec 2003 12:01:01 +0200 Received: from arista.home.laserfence.net ([192.168.0.10] helo=arista) by prometheus.home.laserfence.net with smtp (Exim 4.10) id 1AUk6K-0005ie-00; Fri, 12 Dec 2003 12:00:48 +0200 Message-ID: <002e01c3c096$f5e57970$0a00a8c0@arista> From: "Willie Viljoen" To: "Marco Molteni" , "Helge Oldach" References: <200312120926.KAA06641@galaxy.hbg.de.ao-srv.com> Date: Fri, 12 Dec 2003 12:01:49 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Virus-Scanned: by amavisd-new at laserfence.net cc: freebsd-net@freebsd.org Subject: Re: ssh tunnels and Xvnc - (yes, I know... What? not again!?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2003 10:01:34 -0000 ----- Original Message ----- From: "Helge Oldach" To: "Marco Molteni" Cc: Sent: Friday, December 12, 2003 11:26 AM Subject: Re: ssh tunnels and Xvnc - (yes, I know... What? not again!?) > Marco Molteni: > >> I can ssh from home to the work1 and ssh from there to work2. > >> home runs windows 2k and I have (full) admin access > >> work1 and 2 run FreeBSD > >> I have root access on work2 but not work 1 > > > >you should be able to do it in one step, no need to log into work1, > >no need to run the listener... you just need your ssh public keys > >in work1 and work2 > > Yep. > > >from home you double tunnel: > >LOCALPORT=6333 > >REMOTEPORT=5901 > >ssh -t -L $LOCALPORT:localhost:12945 work1 \ > > ssh -L 12945:localhost:$REMOTEPORT work2 > > As home is a W2k box, ssh won't probably work exactly like this... > > Putty supports a "don't allocate a pseudo-terminal" option to achieve > the effect of ssh's "-t" option. (Required, otherwise work1 will bark.) PuTTY is problematic though. There is a way to get it to work exactly like this. A Windows NT/2000/XP/2003 port of OpenSSH with an installer is at http://lexa.mckenna.edu/ The port installs a small subset of Cygwin and uses it to provide full OpenSSH functionality, so you can get SSH as it is on UNIX from the Windows command prompt. Will From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 04:46:16 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 03DDF16A4CE for ; Fri, 12 Dec 2003 04:46:16 -0800 (PST) Received: from smtp02.uc3m.es (smtp02.uc3m.es [163.117.136.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 40CB943D32 for ; Fri, 12 Dec 2003 04:46:08 -0800 (PST) (envelope-from jrh@it.uc3m.es) Received: from smtp02.uc3m.es (localhost [127.0.0.1]) by localhost.uc3m.es (Postfix) with ESMTP id DAC7330C; Fri, 12 Dec 2003 13:46:06 +0100 (CET) Received: from cimborrio (cimborrio.it.uc3m.es [163.117.139.95]) by smtp02.uc3m.es (Postfix) with ESMTP id B2F682F2; Fri, 12 Dec 2003 13:46:06 +0100 (CET) From: Juan Rodriguez Hervella Organization: UC3M To: Michael Sierchio , Julian Elischer Date: Fri, 12 Dec 2003 13:46:02 +0100 User-Agent: KMail/1.5.4 References: <3FD8EC5D.3060506@tenebras.com> In-Reply-To: <3FD8EC5D.3060506@tenebras.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200312121346.03744.jrh@it.uc3m.es> cc: freebsd-net@freebsd.org cc: Hussain Ali Subject: Re: grouping 2 or more interfaces as 1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2003 12:46:16 -0000 On Thursday 11 December 2003 23:14, Michael Sierchio wrote: > Julian Elischer wrote: > >>>more likely he wants something like ng_fec or ng_one2many > >> > >>Unless performance is the reason for bonding the ether channels... > >> > >>Can't we steal the Linux code? ;-) > > > > is the netgraph version particularly slow? > > Not slower than a single ether channel, no ;-) Considerably > slower than link layer bonding. The netgraph version provides > a really useful functionality, and I suppose that 2GB and 10GB > fiber interfaces will do away with any pressure to give us > bonding in the kernel. > Hello, I've never had heard talking about ng_fec, so I've been looking at the pointers of the previous mails and I find it very interesting, but there are some things I don't understand well. For example, if we aggregate 4 ethernet cards into one virtual interface (fec), do this mean that the throughput is 4 times the capacity of one ethernet card ?. Also, if the pyshical interfaces are connected to different LANs, how can we think about the virtual iface ? is it as if we were joining the 4 LANs to make one common link ? is this right ? -- ****** JFRH ****** A classic is something that everybody wants to have read and nobody wants to read. -- Mark Twain From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 05:26:31 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0FD0116A4CE for ; Fri, 12 Dec 2003 05:26:31 -0800 (PST) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id D348043D1D for ; Fri, 12 Dec 2003 05:26:29 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id 67B8A5482B; Fri, 12 Dec 2003 07:26:29 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id EF9E46D45F; Fri, 12 Dec 2003 07:26:28 -0600 (CST) Date: Fri, 12 Dec 2003 07:26:28 -0600 From: "Jacques A. Vidrine" To: Brett Glass Message-ID: <20031212132628.GB19204@madman.celabo.org> References: <200312120312.UAA10720@lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200312120312.UAA10720@lariat.org> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.4i-ja.1 cc: net@freebsd.org Subject: Re: Controlling ports used by natd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2003 13:26:31 -0000 On Thu, Dec 11, 2003 at 08:12:49PM -0700, Brett Glass wrote: > Is there a way to control the range of ports to which FreeBSD's > natd maps outgoing connections? I'm attempting to deal with a > situation in which natd is (sometimes) changing outgoing UDP > packets' source port numbers to ones which are commonly used > by worms. Sometimes, a firewall at the destination blocks the > packet; at other times, the response is blocked on the way > back. > > If it is possible to tell natd to avoid using ports that are > firewalled, it ought to be possible to avoid this problem. But > I can find no way to do this. Does one exist? I suppose there is brute force. Use an application like PortSentry to bind the ports that you don't want to be used by natd. Cheers, -- Jacques Vidrine NTT/Verio SME FreeBSD UNIX Heimdal nectar@celabo.org jvidrine@verio.net nectar@freebsd.org nectar@kth.se From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 06:07:53 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E046C16A4CE for ; Fri, 12 Dec 2003 06:07:53 -0800 (PST) Received: from mizar.origin-it.net (mizar.origin-it.net [194.8.96.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id A567A43D09 for ; Fri, 12 Dec 2003 06:07:51 -0800 (PST) (envelope-from helge.oldach@atosorigin.com) Received: from matar.hbg.de.int.atosorigin.com (dehsfw3e.origin-it.net [194.8.96.68])hBCE7Fm3027867 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 12 Dec 2003 15:07:15 +0100 (CET) (envelope-from helge.oldach@atosorigin.com) Received: from galaxy.hbg.de.ao-srv.com (galaxy.hbg.de.ao-srv.com [161.89.20.4])ESMTP id hBCE7FQ8099563; Fri, 12 Dec 2003 15:07:15 +0100 (CET) (envelope-from helge.oldach@atosorigin.com) Received: (from hmo@localhost) by galaxy.hbg.de.ao-srv.com (8.9.3p2/8.9.3/hmo30mar03) id PAA10760; Fri, 12 Dec 2003 15:07:10 +0100 (MET) Message-Id: <200312121407.PAA10760@galaxy.hbg.de.ao-srv.com> In-Reply-To: <200312121346.03744.jrh@it.uc3m.es> from Juan Rodriguez Hervella at "Dec 12, 2003 1:46: 2 pm" To: jrh@it.uc3m.es (Juan Rodriguez Hervella) Date: Fri, 12 Dec 2003 15:07:09 +0100 (MET) From: Helge Oldach X-Address: Atos Origin GmbH, Friesenstraße 13, D-20097 Hamburg, Germany X-Phone: +49 40 7886 7464, Fax: +49 40 7886 9464, Mobile: +49 160 4782517 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: hali@ttsg.com cc: julian@elischer.org Subject: Re: grouping 2 or more interfaces as 1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2003 14:07:54 -0000 Juan Rodriguez Hervella: >On Thursday 11 December 2003 23:14, Michael Sierchio wrote: >> Julian Elischer wrote: >> >>>more likely he wants something like ng_fec or ng_one2many >> >> >> >>Unless performance is the reason for bonding the ether channels... >> >> >> >>Can't we steal the Linux code? ;-) >> > >> > is the netgraph version particularly slow? >> >> Not slower than a single ether channel, no ;-) Considerably >> slower than link layer bonding. The netgraph version provides >> a really useful functionality, and I suppose that 2GB and 10GB >> fiber interfaces will do away with any pressure to give us >> bonding in the kernel. >> >For example, if we aggregate 4 ethernet cards into one >virtual interface (fec), do this mean that the throughput is >4 times the capacity of one ethernet card ?. In theory, yes. In practice, throughput is pretty often limited by PC architectural issues. Consider, for example, PCI bus speed... Also consider the overhead of actually distributing traffic between the physical interfaces... My personal experience tells me that channelling more than two FE interfaces tends to be a slightly pointless exercise. On the other hand, FECs are often implemented not for performance reasons but for resilience reasons. If you just need throughput, Gigabit is probably a better choice. Channeling of gigabit interfaces IMHO doesn't make sense, given the hardware choices that support FreeBSD. >Also, if the pyshical interfaces are connected to different LANs, They are not. A FEC (Fast Ether Channel) is a point-to-point link, commonly between a terminal device (computer) and a network device (switch). Both sides must have a common and identical understanding of the remote end, and both ends necessarily belong to the same single (V)LAN or 802.1Q trunk. Usually this also involves protocol support such as PAgP. Helge From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 08:29:02 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 119C516A4CE for ; Fri, 12 Dec 2003 08:29:02 -0800 (PST) Received: from profi.kharkov.ua (ats36sas-23.kharkov.ukrtel.net [195.5.17.87]) by mx1.FreeBSD.org (Postfix) with ESMTP id 99A6943D35 for ; Fri, 12 Dec 2003 08:28:51 -0800 (PST) (envelope-from greg@profi.kharkov.ua) Received: by profi.kharkov.ua (Postfix, from userid 1000) id 18C3F142ADA; Fri, 12 Dec 2003 18:29:11 +0200 (EET) Date: Fri, 12 Dec 2003 18:29:11 +0200 From: Gregory Edigarov To: freebsd-net@freebsd.org Message-ID: <20031212162911.GA8763@profi.kharkov.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline User-Agent: Mutt/1.4.1i Subject: mpd vpn X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2003 16:29:02 -0000 Hi, Everybody. the following are my non-working configs for mpd running as a VPN server for Windows 2000 workstations. what's up with it? what should I do? I am trying to login as user "admin" with password "1234567" Multi-link PPP for FreeBSD, by Archie L. Cobbs. Based on iij-ppp, by Toshiharu OHNO. mpd: pid 8799, version 3.14 (root@profi.kharkov.ua 10:51 5-Nov-2003) [pptp] ppp node is "mpd8799-pptp" mpd: local IP address for PPTP is 192.168.4.1 [pptp] using interface ng0 [pptp:pptp] mpd: PPTP connection from 192.168.4.2:1298 pptp0: attached to connection with 192.168.4.2:1298 [pptp] IFACE: Open event [pptp] IPCP: Open event [pptp] IPCP: state change Initial --> Starting [pptp] IPCP: LayerStart [pptp] IPCP: Open event [pptp] bundle: OPEN event in state CLOSED [pptp] opening link "pptp"... [pptp] link: OPEN event [pptp] LCP: Open event [pptp] LCP: state change Initial --> Starting [pptp] LCP: LayerStart [pptp] device: OPEN event in state DOWN [pptp] attaching to peer's outgoing call [pptp] device is now in state OPENING [pptp] device: UP event in state OPENING [pptp] device is now in state UP [pptp] link: UP event [pptp] link: origination is remote [pptp] LCP: Up event [pptp] LCP: state change Starting --> Req-Sent [pptp] LCP: phase shift DEAD --> ESTABLISH [pptp] LCP: SendConfigReq #1 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM b99f6ba1 AUTHPROTO CHAP MSOFTv2 pptp0-0: ignoring SetLinkInfo [pptp] LCP: SendConfigReq #2 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM b99f6ba1 AUTHPROTO CHAP MSOFTv2 [pptp] LCP: SendConfigReq #3 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM b99f6ba1 AUTHPROTO CHAP MSOFTv2 [pptp] LCP: SendConfigReq #4 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM b99f6ba1 AUTHPROTO CHAP MSOFTv2 [pptp] LCP: SendConfigReq #5 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM b99f6ba1 AUTHPROTO CHAP MSOFTv2 [pptp] LCP: SendConfigReq #6 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM b99f6ba1 AUTHPROTO CHAP MSOFTv2 [pptp] LCP: SendConfigReq #7 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM b99f6ba1 AUTHPROTO CHAP MSOFTv2 [pptp] LCP: SendConfigReq #8 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM b99f6ba1 AUTHPROTO CHAP MSOFTv2 [pptp] LCP: SendConfigReq #9 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM b99f6ba1 AUTHPROTO CHAP MSOFTv2 [pptp] LCP: SendConfigReq #10 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM b99f6ba1 AUTHPROTO CHAP MSOFTv2 [pptp] LCP: state change Req-Sent --> Stopped [pptp] LCP: LayerFinish [pptp] LCP: parameter negotiation failed [pptp] LCP: LayerFinish [pptp] device: CLOSE event in state UP pptp0-0: clearing call pptp0-0: killing channel [pptp] PPTP call terminated [pptp] IFACE: Close event [pptp] IPCP: Close event [pptp] IPCP: state change Starting --> Initial [pptp] IPCP: LayerFinish [pptp] IFACE: Close event pptp0: closing connection with 192.168.4.2:1298 [pptp] IFACE: Close event [pptp] device is now in state CLOSING [pptp] bundle: CLOSE event in state OPENED [pptp] closing link "pptp"... [pptp] device: CLOSE event in state CLOSING [pptp] device is now in state CLOSING [pptp] link: CLOSE event [pptp] LCP: Close event [pptp] LCP: state change Stopped --> Closed [pptp] device: DOWN event in state CLOSING [pptp] device is now in state DOWN [pptp] link: DOWN event [pptp] LCP: Down event [pptp] LCP: state change Closed --> Initial [pptp] LCP: phase shift ESTABLISH --> DEAD [pptp] device: DOWN event in state DOWN [pptp] device is now in state DOWN pptp0: killing connection with 192.168.4.2:1298 [pptp] link: DOWN event [pptp] LCP: Down event mpd: PPTP connection from 192.168.4.2:1299 pptp0: attached to connection with 192.168.4.2:1299 [pptp] IFACE: Open event [pptp] IPCP: Open event [pptp] IPCP: state change Initial --> Starting [pptp] IPCP: LayerStart [pptp] IPCP: Open event [pptp] bundle: OPEN event in state CLOSED [pptp] opening link "pptp"... [pptp] link: OPEN event [pptp] LCP: Open event [pptp] LCP: state change Initial --> Starting [pptp] LCP: LayerStart [pptp] device: OPEN event in state DOWN [pptp] pausing 4 seconds before open [pptp] device is now in state DOWN [pptp] device: OPEN event in state DOWN [pptp] attaching to peer's outgoing call [pptp] device is now in state OPENING [pptp] device: UP event in state OPENING [pptp] device is now in state UP [pptp] link: UP event [pptp] link: origination is remote [pptp] LCP: Up event [pptp] LCP: state change Starting --> Req-Sent [pptp] LCP: phase shift DEAD --> ESTABLISH [pptp] LCP: SendConfigReq #11 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM edfcd17c AUTHPROTO CHAP MSOFTv2 pptp0-0: ignoring SetLinkInfo pptp0-0: ignoring SetLinkInfo [pptp] LCP: SendConfigReq #12 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM edfcd17c AUTHPROTO CHAP MSOFTv2 [pptp] LCP: SendConfigReq #13 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM edfcd17c AUTHPROTO CHAP MSOFTv2 pptp0-0: call cleared by peer pptp0-0: killing channel [pptp] PPTP call terminated [pptp] IFACE: Close event [pptp] IPCP: Close event [pptp] IPCP: state change Starting --> Initial [pptp] IPCP: LayerFinish [pptp] IFACE: Close event pptp0: closing connection with 192.168.4.2:1299 [pptp] bundle: CLOSE event in state OPENED [pptp] closing link "pptp"... [pptp] device: DOWN event in state UP [pptp] device is now in state DOWN [pptp] link: CLOSE event [pptp] LCP: Close event [pptp] LCP: state change Req-Sent --> Closing [pptp] LCP: phase shift ESTABLISH --> TERMINATE [pptp] LCP: SendTerminateReq #14 [pptp] error writing len 8 frame to bypass: Network is down [pptp] link: DOWN event [pptp] LCP: Down event [pptp] LCP: LayerFinish [pptp] LCP: state change Closing --> Initial [pptp] LCP: phase shift TERMINATE --> DEAD pptp0: killing connection with 192.168.4.2:1299 [pptp] device: CLOSE event in state DOWN [pptp] device is now in state DOWN --------------------------- mpd.conf --------- default: load pptp pptp: new -i ng0 pptp pptp set iface disable on-demand set iface enable proxy-arp set iface idle 1800 set bundle disable multilink set link yes acfcomp protocomp set link no pap chap set link disable pap set link enable chap set link keep-alive 10 60 set ipcp yes vjcomp set ipcp ranges 192.168.6.3/32 192.168.6.230/32 set ipcp dns 192.168.6.1 set ccp yes mppc set ccp yes mpp-e40 set ccp yes mpp-e128 set ccp yes mpp-stateless set bundle yes crypt-reqd --------------------------- mpd.links --------- pptp: set link type pptp set pptp self 192.168.4.1 set pptp enable incoming set pptp disable originate -------------------------- mpd.secret -------- admin "1234567" -- With best regards, Gregory Edigarov ------------------------------------------------------------------------------ profi.kharkov.ua Systems Administrator ------------------------------------------------------------------------------ From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 09:28:37 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2245E16A4CE for ; Fri, 12 Dec 2003 09:28:37 -0800 (PST) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1C32143D36 for ; Fri, 12 Dec 2003 09:28:31 -0800 (PST) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id 80DE265339; Fri, 12 Dec 2003 17:28:29 +0000 (GMT) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 96625-05; Fri, 12 Dec 2003 17:28:28 +0000 (GMT) Received: from saboteur.dek.spc.org (unknown [82.147.19.91]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id 7D8B66530D; Fri, 12 Dec 2003 17:28:28 +0000 (GMT) Received: by saboteur.dek.spc.org (Postfix, from userid 1001) id 81B6332; Fri, 12 Dec 2003 17:28:24 +0000 (GMT) Date: Fri, 12 Dec 2003 17:28:24 +0000 From: Bruce M Simpson To: consume-thenet@lists.consume.net Message-ID: <20031212172824.GA41572@saboteur.dek.spc.org> Mail-Followup-To: consume-thenet@lists.consume.net, freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="/04w6evG8XlLl3ft" Content-Disposition: inline cc: freebsd-net@freebsd.org Subject: Under wraps -- FreeBSD signal quality monitoring X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2003 17:28:37 -0000 --/04w6evG8XlLl3ft Content-Type: text/plain; charset=us-ascii Content-Disposition: inline I'm working on a hack right now. Today I added SNMP agent support to a very slim tool called trafd, which can be used to keep statistics on host-host traffic. With the Radiotap stuff I've committed to the new tcpdump port this week, it isn't too much of a stretch to extend support to trafd. The idea is that radiotap could be used to provide a means of collecting signal quality statistics, per-node, on a FreeBSD host, with SNMP agent support. (*) This will allow node builders to use the many excellent tools out there based on MRTG and RRDTOOL, such as Cricket, to provide network monitoring and time-series graphs. Pretty essential if you're planning a wide community network rollout. I'm getting pretty close to a working prototype. I'll post details here when I have something people can run and play with. BMS (*) I'm aware of the fact that the Atheros code keeps various RSSI stats inside. I'll be looking to push some of the housekeeping back into the kernel so that hacks such as trafd aren't needed, and the SNMP agent component would shrink as a result. --/04w6evG8XlLl3ft Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: '' iD8DBQE/2fq3ueUpAYYNtTsRAiE0AJ4w0hOZpDHOKOBAo9YJsxDukf8amACfaTPU u85RxSQ+6uHU27nHYJAHVEI= =4HmG -----END PGP SIGNATURE----- --/04w6evG8XlLl3ft-- From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 09:42:01 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 752EA16A4CE for ; Fri, 12 Dec 2003 09:42:01 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id E5B2C43D41 for ; Fri, 12 Dec 2003 09:41:59 -0800 (PST) (envelope-from brett@lariat.org) Received: from runaround.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id KAA17938; Fri, 12 Dec 2003 10:41:55 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <6.0.0.22.2.20031212103142.04611738@localhost> X-Sender: brett@localhost (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Fri, 12 Dec 2003 10:41:50 -0700 To: Barney Wolff From: Brett Glass In-Reply-To: <20031212083522.GA24267@pit.databus.com> References: <200312120312.UAA10720@lariat.org> <20031212074519.GA23452@pit.databus.com> <6.0.0.22.2.20031212011133.047ae798@localhost> <20031212083522.GA24267@pit.databus.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" cc: net@freebsd.org Subject: Re: Controlling ports used by natd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2003 17:42:01 -0000 At 01:35 AM 12/12/2003, Barney Wolff wrote: >Oops, sorry for the confusion. How fancy a change is up to you, >but changing ALIAS_PORT_BASE and ALIAS_PORT_MASK (and _EVEN) >would let you confine the port range without much work. The current algorithm works so long as the blocked ports have numbers less than 32768. But there are now lots of Trojans and worms that use higher ports, and admins may want to block them. So, there ought to be a way to tell libalias "don't assign anything in this set of ports" -- via a list or a bitmap. If one can tap directly into libalias and make this a global restriction, it might be that other programs (e.g. ppp) could remain blissfully ignorant of it. If the restrictions were allowed to be different for different instances of programs that used libalias (for example, several instances of natd, each handling an interface with unique restrictions), one would have to modify the API of libalias, which might break code if not done carefully. --Brett From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 09:43:14 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AC11716A4CE for ; Fri, 12 Dec 2003 09:43:14 -0800 (PST) Received: from brainlink.com (mail.brainlink.com [66.228.0.129]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4C8DE43D09 for ; Fri, 12 Dec 2003 09:43:12 -0800 (PST) (envelope-from anthonyv@brainlink.com) Received: from [24.185.193.147] (HELO superior.local.non-standard.net) by brainlink.com (CommuniGate Pro SMTP 4.1.5) with ESMTP id 25024052; Fri, 12 Dec 2003 12:43:11 -0500 Date: Fri, 12 Dec 2003 12:43:19 -0500 (EST) From: Anthony Volodkin X-X-Sender: anthonyv@superior.local.non-standard.net To: Gregory Edigarov In-Reply-To: <20031212162911.GA8763@profi.kharkov.ua> Message-ID: <20031212124001.P36479-100000@superior.local.non-standard.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: mpd vpn X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2003 17:43:14 -0000 Hey, Could it be that the gre packets are dropped somewhere along the way? It seems as if after authenticating, mpd attempts to setup the GRE session, not receiving responses to it's requests. I've encountered this a few times with a few cable connections and school firewalls. In that case the solution would be to start allowing gre packets to reach the workstation+server. -Anthony On Fri, 12 Dec 2003, Gregory Edigarov wrote: > Hi, Everybody. > > the following are my non-working configs for mpd running as a VPN server for > Windows 2000 workstations. > what's up with it? what should I do? > I am trying to login as user "admin" with password "1234567" > > Multi-link PPP for FreeBSD, by Archie L. Cobbs. > Based on iij-ppp, by Toshiharu OHNO. > mpd: pid 8799, version 3.14 (root@profi.kharkov.ua 10:51 5-Nov-2003) > [pptp] ppp node is "mpd8799-pptp" > mpd: local IP address for PPTP is 192.168.4.1 > [pptp] using interface ng0 > [pptp:pptp] mpd: PPTP connection from 192.168.4.2:1298 > pptp0: attached to connection with 192.168.4.2:1298 > [pptp] IFACE: Open event > [pptp] IPCP: Open event > [pptp] IPCP: state change Initial --> Starting > [pptp] IPCP: LayerStart > [pptp] IPCP: Open event > [pptp] bundle: OPEN event in state CLOSED > [pptp] opening link "pptp"... > [pptp] link: OPEN event > [pptp] LCP: Open event > [pptp] LCP: state change Initial --> Starting > [pptp] LCP: LayerStart > [pptp] device: OPEN event in state DOWN > [pptp] attaching to peer's outgoing call > [pptp] device is now in state OPENING > [pptp] device: UP event in state OPENING > [pptp] device is now in state UP > [pptp] link: UP event > [pptp] link: origination is remote > [pptp] LCP: Up event > [pptp] LCP: state change Starting --> Req-Sent > [pptp] LCP: phase shift DEAD --> ESTABLISH > [pptp] LCP: SendConfigReq #1 > ACFCOMP > PROTOCOMP > MRU 1500 > MAGICNUM b99f6ba1 > AUTHPROTO CHAP MSOFTv2 > pptp0-0: ignoring SetLinkInfo > [pptp] LCP: SendConfigReq #2 > ACFCOMP > PROTOCOMP > MRU 1500 > MAGICNUM b99f6ba1 > AUTHPROTO CHAP MSOFTv2 > [pptp] LCP: SendConfigReq #3 > ACFCOMP > PROTOCOMP > MRU 1500 > MAGICNUM b99f6ba1 > AUTHPROTO CHAP MSOFTv2 > [pptp] LCP: SendConfigReq #4 > ACFCOMP > PROTOCOMP > MRU 1500 > MAGICNUM b99f6ba1 > AUTHPROTO CHAP MSOFTv2 > [pptp] LCP: SendConfigReq #5 > ACFCOMP > PROTOCOMP > MRU 1500 > MAGICNUM b99f6ba1 > AUTHPROTO CHAP MSOFTv2 > [pptp] LCP: SendConfigReq #6 > ACFCOMP > PROTOCOMP > MRU 1500 > MAGICNUM b99f6ba1 > AUTHPROTO CHAP MSOFTv2 > [pptp] LCP: SendConfigReq #7 > ACFCOMP > PROTOCOMP > MRU 1500 > MAGICNUM b99f6ba1 > AUTHPROTO CHAP MSOFTv2 > [pptp] LCP: SendConfigReq #8 > ACFCOMP > PROTOCOMP > MRU 1500 > MAGICNUM b99f6ba1 > AUTHPROTO CHAP MSOFTv2 > [pptp] LCP: SendConfigReq #9 > ACFCOMP > PROTOCOMP > MRU 1500 > MAGICNUM b99f6ba1 > AUTHPROTO CHAP MSOFTv2 > [pptp] LCP: SendConfigReq #10 > ACFCOMP > PROTOCOMP > MRU 1500 > MAGICNUM b99f6ba1 > AUTHPROTO CHAP MSOFTv2 > [pptp] LCP: state change Req-Sent --> Stopped > [pptp] LCP: LayerFinish > [pptp] LCP: parameter negotiation failed > [pptp] LCP: LayerFinish > [pptp] device: CLOSE event in state UP > pptp0-0: clearing call > pptp0-0: killing channel > [pptp] PPTP call terminated > [pptp] IFACE: Close event > [pptp] IPCP: Close event > [pptp] IPCP: state change Starting --> Initial > [pptp] IPCP: LayerFinish > [pptp] IFACE: Close event > pptp0: closing connection with 192.168.4.2:1298 > [pptp] IFACE: Close event > [pptp] device is now in state CLOSING > [pptp] bundle: CLOSE event in state OPENED > [pptp] closing link "pptp"... > [pptp] device: CLOSE event in state CLOSING > [pptp] device is now in state CLOSING > [pptp] link: CLOSE event > [pptp] LCP: Close event > [pptp] LCP: state change Stopped --> Closed > [pptp] device: DOWN event in state CLOSING > [pptp] device is now in state DOWN > [pptp] link: DOWN event > [pptp] LCP: Down event > [pptp] LCP: state change Closed --> Initial > [pptp] LCP: phase shift ESTABLISH --> DEAD > [pptp] device: DOWN event in state DOWN > [pptp] device is now in state DOWN > pptp0: killing connection with 192.168.4.2:1298 > [pptp] link: DOWN event > [pptp] LCP: Down event > mpd: PPTP connection from 192.168.4.2:1299 > pptp0: attached to connection with 192.168.4.2:1299 > [pptp] IFACE: Open event > [pptp] IPCP: Open event > [pptp] IPCP: state change Initial --> Starting > [pptp] IPCP: LayerStart > [pptp] IPCP: Open event > [pptp] bundle: OPEN event in state CLOSED > [pptp] opening link "pptp"... > [pptp] link: OPEN event > [pptp] LCP: Open event > [pptp] LCP: state change Initial --> Starting > [pptp] LCP: LayerStart > [pptp] device: OPEN event in state DOWN > [pptp] pausing 4 seconds before open > [pptp] device is now in state DOWN > [pptp] device: OPEN event in state DOWN > [pptp] attaching to peer's outgoing call > [pptp] device is now in state OPENING > [pptp] device: UP event in state OPENING > [pptp] device is now in state UP > [pptp] link: UP event > [pptp] link: origination is remote > [pptp] LCP: Up event > [pptp] LCP: state change Starting --> Req-Sent > [pptp] LCP: phase shift DEAD --> ESTABLISH > [pptp] LCP: SendConfigReq #11 > ACFCOMP > PROTOCOMP > MRU 1500 > MAGICNUM edfcd17c > AUTHPROTO CHAP MSOFTv2 > pptp0-0: ignoring SetLinkInfo > pptp0-0: ignoring SetLinkInfo > [pptp] LCP: SendConfigReq #12 > ACFCOMP > PROTOCOMP > MRU 1500 > MAGICNUM edfcd17c > AUTHPROTO CHAP MSOFTv2 > [pptp] LCP: SendConfigReq #13 > ACFCOMP > PROTOCOMP > MRU 1500 > MAGICNUM edfcd17c > AUTHPROTO CHAP MSOFTv2 > pptp0-0: call cleared by peer > pptp0-0: killing channel > [pptp] PPTP call terminated > [pptp] IFACE: Close event > [pptp] IPCP: Close event > [pptp] IPCP: state change Starting --> Initial > [pptp] IPCP: LayerFinish > [pptp] IFACE: Close event > pptp0: closing connection with 192.168.4.2:1299 > [pptp] bundle: CLOSE event in state OPENED > [pptp] closing link "pptp"... > [pptp] device: DOWN event in state UP > [pptp] device is now in state DOWN > [pptp] link: CLOSE event > [pptp] LCP: Close event > [pptp] LCP: state change Req-Sent --> Closing > [pptp] LCP: phase shift ESTABLISH --> TERMINATE > [pptp] LCP: SendTerminateReq #14 > [pptp] error writing len 8 frame to bypass: Network is down > [pptp] link: DOWN event > [pptp] LCP: Down event > [pptp] LCP: LayerFinish > [pptp] LCP: state change Closing --> Initial > [pptp] LCP: phase shift TERMINATE --> DEAD > pptp0: killing connection with 192.168.4.2:1299 > [pptp] device: CLOSE event in state DOWN > [pptp] device is now in state DOWN > > --------------------------- mpd.conf --------- > > default: > load pptp > > pptp: > new -i ng0 pptp pptp > set iface disable on-demand > set iface enable proxy-arp > set iface idle 1800 > set bundle disable multilink > set link yes acfcomp protocomp > set link no pap chap > set link disable pap > set link enable chap > set link keep-alive 10 60 > set ipcp yes vjcomp > set ipcp ranges 192.168.6.3/32 192.168.6.230/32 > set ipcp dns 192.168.6.1 > set ccp yes mppc > set ccp yes mpp-e40 > set ccp yes mpp-e128 > set ccp yes mpp-stateless > set bundle yes crypt-reqd > > --------------------------- mpd.links --------- > pptp: > set link type pptp > set pptp self 192.168.4.1 > set pptp enable incoming > set pptp disable originate > > -------------------------- mpd.secret -------- > admin "1234567" > > -- > With best regards, > Gregory Edigarov > ------------------------------------------------------------------------------ > profi.kharkov.ua Systems Administrator > ------------------------------------------------------------------------------ > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 09:47:16 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 327FA16A4CE; Fri, 12 Dec 2003 09:47:16 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9E1BF43D2D; Fri, 12 Dec 2003 09:47:14 -0800 (PST) (envelope-from brett@lariat.org) Received: from runaround.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id KAA18006; Fri, 12 Dec 2003 10:47:12 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <6.0.0.22.2.20031212104401.0460eae8@localhost> X-Sender: brett@localhost (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Fri, 12 Dec 2003 10:47:07 -0700 To: "Jacques A. Vidrine" From: Brett Glass In-Reply-To: <20031212132628.GB19204@madman.celabo.org> References: <200312120312.UAA10720@lariat.org> <20031212132628.GB19204@madman.celabo.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" cc: net@FreeBSD.org Subject: Re: Controlling ports used by natd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2003 17:47:16 -0000 At 06:26 AM 12/12/2003, Jacques A. Vidrine wrote: >I suppose there is brute force. Use an application like PortSentry to >bind the ports that you don't want to be used by natd. Or, for that matter, a do-nothing application that just binds them but throws away data (in the case of UDP) or rejects connections (in the case of TCP). That's certainly one approach, though it is brute force. --Brett From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 10:19:46 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 30C3216A4CE for ; Fri, 12 Dec 2003 10:19:46 -0800 (PST) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id E342743D2D for ; Fri, 12 Dec 2003 10:19:44 -0800 (PST) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.10/8.12.10) with ESMTP id hBCIJiiR033574; Fri, 12 Dec 2003 13:19:44 -0500 (EST) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.10/8.12.10/Submit) id hBCIJisC033573; Fri, 12 Dec 2003 13:19:44 -0500 (EST) (envelope-from barney) Date: Fri, 12 Dec 2003 13:19:44 -0500 From: Barney Wolff To: Brett Glass Message-ID: <20031212181944.GA33245@pit.databus.com> References: <200312120312.UAA10720@lariat.org> <20031212074519.GA23452@pit.databus.com> <6.0.0.22.2.20031212011133.047ae798@localhost> <20031212083522.GA24267@pit.databus.com> <6.0.0.22.2.20031212103142.04611738@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6.0.0.22.2.20031212103142.04611738@localhost> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.38 cc: net@freebsd.org Subject: Re: Controlling ports used by natd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2003 18:19:46 -0000 On Fri, Dec 12, 2003 at 10:41:50AM -0700, Brett Glass wrote: > At 01:35 AM 12/12/2003, Barney Wolff wrote: > > >Oops, sorry for the confusion. How fancy a change is up to you, > >but changing ALIAS_PORT_BASE and ALIAS_PORT_MASK (and _EVEN) > >would let you confine the port range without much work. > > The current algorithm works so long as the blocked ports have > numbers less than 32768. But there are now lots of Trojans and > worms that use higher ports, and admins may want to block them. > So, there ought to be a way to tell libalias "don't assign anything > in this set of ports" -- via a list or a bitmap. How is this problem confined to NAT? Seems to me that any system connecting to the Internet would have the same issue, if it's actually a problem at all. So if I were going to solve it (which I'm not) I would expose the kernel's "pick a high port" function, add hitlist capability, and have libalias use it. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 12:28:53 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4D91416A4CE for ; Fri, 12 Dec 2003 12:28:53 -0800 (PST) Received: from mail.vineyard.net (k1.vineyard.net [204.17.195.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id E172343D2D for ; Fri, 12 Dec 2003 12:28:50 -0800 (PST) (envelope-from ericx_lists@vineyard.net) Received: from localhost (loopback [127.0.0.1]) by mail.vineyard.net (Postfix) with ESMTP id D079593CAC; Fri, 12 Dec 2003 15:28:49 -0500 (EST) Received: from mail.vineyard.net ([127.0.0.1]) by localhost (king1.vineyard.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 99711-10; Fri, 12 Dec 2003 15:28:49 -0500 (EST) Received: from vineyard.net (loopback [127.0.0.1]) by mail.vineyard.net (Postfix) with ESMTP id 8014C933C4; Fri, 12 Dec 2003 15:28:49 -0500 (EST) Message-ID: <3FDA24BC.5040406@vineyard.net> Date: Fri, 12 Dec 2003 15:27:40 -0500 From: "Eric W. Bates" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: paul van den bergen References: <200312121233.43680.pvandenbergen@swin.edu.au> In-Reply-To: <200312121233.43680.pvandenbergen@swin.edu.au> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS at Vineyard.NET cc: freebsd-net@freebsd.org Subject: Re: ssh tunnels and Xvnc - (yes, I know... What? not again!?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2003 20:28:53 -0000 paul van den bergen wrote: > Hi all, > > I have a situation that has not been fully addressed by the excellent > documentation on getting ssh tunnels and remote X-windows display managers > (like VNC) running. And my feeble brain is too damaged by the dreaded lurgy > to make heads or tails of it. VNC probably isn't what you want to run. VNC is very useful and interesting; but unlike Windoze, you don't need to take over the console of your machines at work in order to use the FreeBSD machines. I run an X Server on my Win2k machine and tunnel X back from the remote machines. The ssh tunnels will daisy chain nicely from work1 to work2. The X Server we use is decent (copy/paste can be a pain). It cost us $45/copy from labtam-finland. I use VNC when I want to run a Windoze machine inside the firewall. I run the VNC server on the Windoze machine I need to control from home. The firewall is configured to block VNC. I ssh from home into a unix box at work, and run the VNC client app on the unix box and connect to the Windoze box. The VNC client is an X client; so it's window is tunneled back thru the ssh to my display at home. It can be a bit sluggish; but it works... > home machine (home) ---- ISP --- internet --- work firewall --- work machine1 > (additional firewall?) (work1) --- work machine 2 (desktop) (work2). > > I can ssh from home to the work1 and ssh from there to work2. > home runs windows 2k and I have (full) admin access > work1 and 2 run FreeBSD > I have root access on work2 but not work 1 > > I guess I have to: > > run Xvncserver on work2 > ssh tunnel (tunnel1-2) from work 2 to work 1 > ssh tunnel (tunnelh-2) inside tunnel1-2 > run vnclistener on home. > > any suggestions as to what is actually needed? can someone hold my hand though > this? > > > From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 15:21:02 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C535816A4CE for ; Fri, 12 Dec 2003 15:21:02 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B11943D33 for ; Fri, 12 Dec 2003 15:21:01 -0800 (PST) (envelope-from brett@lariat.org) Received: from runaround.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id QAA22204; Fri, 12 Dec 2003 16:20:54 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <6.0.0.22.2.20031212161250.045e9408@localhost> X-Sender: brett@localhost (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Fri, 12 Dec 2003 16:20:04 -0700 To: Barney Wolff From: Brett Glass In-Reply-To: <20031212181944.GA33245@pit.databus.com> References: <200312120312.UAA10720@lariat.org> <20031212074519.GA23452@pit.databus.com> <6.0.0.22.2.20031212011133.047ae798@localhost> <20031212083522.GA24267@pit.databus.com> <6.0.0.22.2.20031212103142.04611738@localhost> <20031212181944.GA33245@pit.databus.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" cc: net@freebsd.org Subject: Re: Controlling ports used by natd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2003 23:21:02 -0000 At 11:19 AM 12/12/2003, Barney Wolff wrote: >How is this problem confined to NAT? Seems to me that any system >connecting to the Internet would have the same issue, if it's actually >a problem at all. Well, yes and no. A system behind a firewall that uses a port that's commonly used by a worm could find a session blocked, because the firewall can't trust it not to be infected just because it's inside. But hopefully, it'd retry and would get another port the next time. With NAT, there's a bigger problem: the firewall that's doing NAT may give it the same port again and again, locking it out. (I've seen this happen.) >So if I were going to solve it (which I'm not) I would expose the kernel's >"pick a high port" function, add hitlist capability, and have libalias use it. Not a bad way to go, actually. It'd be nice to restrict which ports the OS allowed apps to use, not only so that they don't get blocked by a firewall but so that a worm that's gotten into the system is detected. (You could set off an alarm if it tried to bind a "forbidden" port.) --Brett From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 16:19:15 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F81C16A4CE for ; Fri, 12 Dec 2003 16:19:15 -0800 (PST) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id D5F8743D31 for ; Fri, 12 Dec 2003 16:19:13 -0800 (PST) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.10/8.12.10) with ESMTP id hBD0JDiR040752; Fri, 12 Dec 2003 19:19:13 -0500 (EST) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.10/8.12.10/Submit) id hBD0JDUb040751; Fri, 12 Dec 2003 19:19:13 -0500 (EST) (envelope-from barney) Date: Fri, 12 Dec 2003 19:19:13 -0500 From: Barney Wolff To: Brett Glass Message-ID: <20031213001913.GA40544@pit.databus.com> References: <200312120312.UAA10720@lariat.org> <20031212074519.GA23452@pit.databus.com> <6.0.0.22.2.20031212011133.047ae798@localhost> <20031212083522.GA24267@pit.databus.com> <6.0.0.22.2.20031212103142.04611738@localhost> <20031212181944.GA33245@pit.databus.com> <6.0.0.22.2.20031212161250.045e9408@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6.0.0.22.2.20031212161250.045e9408@localhost> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.38 cc: net@freebsd.org Subject: Re: Controlling ports used by natd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2003 00:19:15 -0000 On Fri, Dec 12, 2003 at 04:20:04PM -0700, Brett Glass wrote: > At 11:19 AM 12/12/2003, Barney Wolff wrote: > > >How is this problem confined to NAT? Seems to me that any system > >connecting to the Internet would have the same issue, if it's actually > >a problem at all. > > Well, yes and no. A system behind a firewall that uses a port that's > commonly used by a worm could find a session blocked, because the > firewall can't trust it not to be infected just because it's inside. > But hopefully, it'd retry and would get another port the next time. > With NAT, there's a bigger problem: the firewall that's doing NAT may > give it the same port again and again, locking it out. (I've seen > this happen.) This *should* not happen if the end-host uses different source ports on each try, at least as I read the alias_db.c code. Have you tried the -same_ports option? > >So if I were going to solve it (which I'm not) I would expose the kernel's >>"pick a high port" function, add hitlist capability, and have libalias use it. > > Not a bad way to go, actually. It'd be nice to restrict which ports the OS > allowed apps to use, not only so that they don't get blocked by a firewall > but so that a worm that's gotten into the system is detected. (You could set > off an alarm if it tried to bind a "forbidden" port.) For most systems, the coarse granularity of sysctl net.inet.ip.portrange would seem sufficient. I have a real philosophical problem with ceding ports to worms, viruses and trojans. Where will it stop? Portno is a finite resource. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 17:18:00 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 40B6516A4CE for ; Fri, 12 Dec 2003 17:18:00 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9A37B43D31 for ; Fri, 12 Dec 2003 17:17:58 -0800 (PST) (envelope-from brett@lariat.org) Received: from runaround.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id SAA23551; Fri, 12 Dec 2003 18:17:54 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <6.0.0.22.2.20031212175801.04b066d8@localhost> X-Sender: brett@localhost (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Fri, 12 Dec 2003 18:17:46 -0700 To: Barney Wolff From: Brett Glass In-Reply-To: <20031213001913.GA40544@pit.databus.com> References: <200312120312.UAA10720@lariat.org> <20031212074519.GA23452@pit.databus.com> <6.0.0.22.2.20031212011133.047ae798@localhost> <20031212083522.GA24267@pit.databus.com> <6.0.0.22.2.20031212103142.04611738@localhost> <20031212181944.GA33245@pit.databus.com> <6.0.0.22.2.20031212161250.045e9408@localhost> <20031213001913.GA40544@pit.databus.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" cc: net@freebsd.org Subject: Re: Controlling ports used by natd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2003 01:18:00 -0000 At 05:19 PM 12/12/2003, Barney Wolff wrote: >For most systems, the coarse granularity of sysctl net.inet.ip.portrange >would seem sufficient. This brings up an interesting point. I just typed sysctl -a | grep portrange into a recently minted 4.9 box, and got: net.inet.ip.portrange.lowfirst: 1023 net.inet.ip.portrange.lowlast: 600 net.inet.ip.portrange.first: 1024 net.inet.ip.portrange.last: 5000 net.inet.ip.portrange.hifirst: 49152 net.inet.ip.portrange.hilast: 65535 Why is "lowfirst" greater than "lowlast" above? It is also interesting that natd doesn't respect the "hifirst..hilast" settings here. Shouldn't it look at these variables and avoid assigning ports that the machine on which it's running would not use? Or should there be a "net.inet.alias.portrange.first", etc., so that one could specify the ranges or lists for everything in one place? >I have a real philosophical problem with ceding ports to worms, viruses >and trojans. Where will it stop? Portno is a finite resource. In theory, it stops when all Windows users have patched their machines. Alas, this will happen when a very warm place freezes over. :-( In practice, I think we need to come up with something better than the notions of "well-known" and "privileged" ports. Something that, unlike portmap, is easy for firewalls to work with. --Brett From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 18:18:15 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B683916A4CE for ; Fri, 12 Dec 2003 18:18:15 -0800 (PST) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4FF8743D09 for ; Fri, 12 Dec 2003 18:18:14 -0800 (PST) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.10/8.12.10) with ESMTP id hBD2IDiR042514; Fri, 12 Dec 2003 21:18:13 -0500 (EST) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.10/8.12.10/Submit) id hBD2IDo3042513; Fri, 12 Dec 2003 21:18:13 -0500 (EST) (envelope-from barney) Date: Fri, 12 Dec 2003 21:18:13 -0500 From: Barney Wolff To: Brett Glass Message-ID: <20031213021813.GA42371@pit.databus.com> References: <200312120312.UAA10720@lariat.org> <20031212074519.GA23452@pit.databus.com> <6.0.0.22.2.20031212011133.047ae798@localhost> <20031212083522.GA24267@pit.databus.com> <6.0.0.22.2.20031212103142.04611738@localhost> <20031212181944.GA33245@pit.databus.com> <6.0.0.22.2.20031212161250.045e9408@localhost> <20031213001913.GA40544@pit.databus.com> <6.0.0.22.2.20031212175801.04b066d8@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6.0.0.22.2.20031212175801.04b066d8@localhost> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.38 cc: net@freebsd.org Subject: Re: Controlling ports used by natd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2003 02:18:15 -0000 On Fri, Dec 12, 2003 at 06:17:46PM -0700, Brett Glass wrote: > > In practice, I think we need to come up with something better than the > notions of "well-known" and "privileged" ports. Something that, unlike > portmap, is easy for firewalls to work with. It's not so easy, because malware is not likely to be so polite as to keep to fixed source ports. In fact, your real problem is with lazy firewalls that can't tell UDP responses from requests. A stateless firewall is an ACL, not a firewall. That works not so badly for TCP but is simply inadequate for UDP. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 19:18:24 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 270BF16A4CE for ; Fri, 12 Dec 2003 19:18:24 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id B52F343D2D for ; Fri, 12 Dec 2003 19:18:22 -0800 (PST) (envelope-from brett@lariat.org) Received: from runaround.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id UAA24510; Fri, 12 Dec 2003 20:18:16 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <6.0.0.22.2.20031212201423.04a0dec0@localhost> X-Sender: brett@localhost (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Fri, 12 Dec 2003 20:18:11 -0700 To: Barney Wolff From: Brett Glass In-Reply-To: <20031213021813.GA42371@pit.databus.com> References: <200312120312.UAA10720@lariat.org> <20031212074519.GA23452@pit.databus.com> <6.0.0.22.2.20031212011133.047ae798@localhost> <20031212083522.GA24267@pit.databus.com> <6.0.0.22.2.20031212103142.04611738@localhost> <20031212181944.GA33245@pit.databus.com> <6.0.0.22.2.20031212161250.045e9408@localhost> <20031213001913.GA40544@pit.databus.com> <6.0.0.22.2.20031212175801.04b066d8@localhost> <20031213021813.GA42371@pit.databus.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" cc: net@freebsd.org Subject: Re: Controlling ports used by natd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2003 03:18:24 -0000 At 07:18 PM 12/12/2003, Barney Wolff wrote: >In fact, your real problem is with lazy >firewalls that can't tell UDP responses from requests. A stateless >firewall is an ACL, not a firewall. That works not so badly for TCP >but is simply inadequate for UDP. Not so. A stateful firewall on UDP might keep a worm from getting in, but it could still propgagate out. We don't want them getting through in either direction (especially since we don't want our users infecting one another). So, a full block of the port is appropriate. Especially since, in most cases, that port isn't a service that would be safe to use across the Net. Ports 135, 137, and 139, for example, should be blocked not only because they can spread worms and popup spam but because they should not be used on the open Internet. --Brett From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 19:36:46 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9940816A4CE for ; Fri, 12 Dec 2003 19:36:46 -0800 (PST) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8C70243D35 for ; Fri, 12 Dec 2003 19:36:44 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id 9739E548A5; Fri, 12 Dec 2003 21:36:42 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id 3E5126D45F; Fri, 12 Dec 2003 21:36:42 -0600 (CST) Date: Fri, 12 Dec 2003 21:36:42 -0600 From: "Jacques A. Vidrine" To: Brett Glass Message-ID: <20031213033642.GA76231@madman.celabo.org> References: <200312120312.UAA10720@lariat.org> <20031212074519.GA23452@pit.databus.com> <6.0.0.22.2.20031212011133.047ae798@localhost> <20031212083522.GA24267@pit.databus.com> <6.0.0.22.2.20031212103142.04611738@localhost> <20031212181944.GA33245@pit.databus.com> <6.0.0.22.2.20031212161250.045e9408@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6.0.0.22.2.20031212161250.045e9408@localhost> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.4i-ja.1 cc: Barney Wolff cc: net@freebsd.org Subject: Re: Controlling ports used by natd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2003 03:36:46 -0000 On Fri, Dec 12, 2003 at 04:20:04PM -0700, Brett Glass wrote: > It'd be nice to restrict which ports the OS > allowed apps to use, not only so that they don't get blocked by a firewall > but so that a worm that's gotten into the system is detected. (You could set > off an alarm if it tried to bind a "forbidden" port.) Er, that's the purpose of PortSentry, I believe, which I mentioned earlier :-) -- Jacques Vidrine NTT/Verio SME FreeBSD UNIX Heimdal nectar@celabo.org jvidrine@verio.net nectar@freebsd.org nectar@kth.se From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 19:38:36 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2597816A4CE for ; Fri, 12 Dec 2003 19:38:36 -0800 (PST) Received: from math.teaser.net (math.teaser.net [213.91.2.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9C84143D09 for ; Fri, 12 Dec 2003 19:38:34 -0800 (PST) (envelope-from e-masson@kisoft-services.com) Received: from t39bsdems.interne.kisoft-services.com (nantes.kisoft-services.com [193.56.60.243]) by math.teaser.net (Postfix) with ESMTP id 629D76C803 for ; Sat, 13 Dec 2003 04:38:33 +0100 (CET) Received: by t39bsdems.interne.kisoft-services.com (Postfix, from userid 1001) id 7263059FF2; Sat, 13 Dec 2003 04:37:51 +0100 (CET) X-From-Line: nobody Fri Dec 12 13:42:09 2003 To: Mailing List FreeBSD Network From: Eric Masson X-Operating-System: FreeBSD 4.9-STABLE i386 Date: Fri, 12 Dec 2003 13:42:08 +0100 User-Agent: Gnus/5.1003 (Gnus v5.10.3) XEmacs/21.4 (Portable Code, berkeley-unix) Lines: 136 Message-ID: <86r7z9ie0h.fsf@t39bsdems.interne.kisoft-services.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: FreeBSD, ipnat & timeouts while loading page X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2003 03:38:36 -0000 --=-=-= Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Hello, I'm using the following setup : FreeBSD 4.8-RELEASE-p14 with stock ipfilter 3.4.31 (uname -a attached) I'm using the following ipnat rules # Nat rules map ng0 192.168.10.0/24 -> 0/32 proxy port ftp ftp/tcp map ng0 192.168.10.0/24 -> 0/32 portmap tcp/udp 10000:24000 map ng0 192.168.10.0/24 -> 0/32 net.inet.ip.forwarding is set to 1. When I try to browse certain http sites from a box behind this gateway, name resolution succeeds, connection is opened and then stalls. (tcpdump of a connection to http://www.architectes.org on gateway external interface attached) When directly connected to the internet, the box can access these sites flawlessly. The symptoms are the same whether filtering is active or not (ipf.rules attached if needed) Google only sent back results talking about bad nic, so swap is the next thing I'll do but has anyone seen such symptoms . Regards Eric Masson -- où se trouve la boîte aux lettre de Outlook Express ? J'en ai besoin pour configurer mon modem Olitec smart memory, lorsqu'il daignera fonctionner correctement !! -+- DV in : Guide du Neuneu Usenetien - Tout est dans tout... -+- --=-=-= Content-Type: application/octet-stream Content-Disposition: attachment; filename=ipnat.rules # Nat rules map ng0 192.168.10.0/24 -> 0/32 proxy port ftp ftp/tcp map ng0 192.168.10.0/24 -> 0/32 portmap tcp/udp 10000:24000 map ng0 192.168.10.0/24 -> 0/32 --=-=-= Content-Type: application/octet-stream Content-Disposition: attachment; filename=ipf.rules Content-Transfer-Encoding: base64 IyBCbG9jayBtYWxmb3JtZWQgcGFja2V0cwoKYmxvY2sJaW4gIGxvZyBsZXZlbCBzZWN1cml0 eS5pbmZvCXF1aWNrIGFsbCB3aXRoIG9wdCBsc3JyCmJsb2NrCWluICBsb2cgbGV2ZWwgc2Vj dXJpdHkuaW5mbwlxdWljayBhbGwgd2l0aCBvcHQgc3NycgpibG9jawlpbiAgbG9nIGxldmVs IHNlY3VyaXR5LmluZm8JcXVpY2sgYWxsIHdpdGggaXBvcHRzCmJsb2NrCWluICBsb2cgbGV2 ZWwgc2VjdXJpdHkuaW5mbwlxdWljayBwcm90byB0Y3AgYWxsIHdpdGggc2hvcnQKYmxvY2sJ aW4gIGxvZyBsZXZlbCBzZWN1cml0eS5pbmZvCXF1aWNrIHByb3RvIGljbXAgYWxsIHdpdGgg ZnJhZwoKIyBObyByZXN0cmljdGlvbnMgb24gbG9vcGJhY2sgaW50ZXJmYWNlCgpwYXNzCWlu CQkJCXF1aWNrIG9uIGxvMCBhbGwKcGFzcwlvdXQJCQkJcXVpY2sgb24gbG8wIGFsbAoKIyBQ UFBvRSBzdXBwb3J0IGludGVyZmFjZSBydWxlcyAobm8gaXAgdHJhZmZpYyBhbGxvd2VkIGF0 IGFsbCkKCmJsb2NrCWluCQkJCSAgICAgIG9uIGVkMCBhbGwgaGVhZCAxMApibG9jawlpbgkJ CQlxdWljayBvbiBlZDAgcHJvdG8gdGNwIGZyb20gYW55IHRvIGFueSAgZ3JvdXAgMTAKYmxv Y2sJaW4JCQkJcXVpY2sgb24gZWQwIHByb3RvIHVkcCBmcm9tIGFueSB0byBhbnkgIGdyb3Vw IDEwCmJsb2NrCWluCQkJCXF1aWNrIG9uIGVkMCBwcm90byBpY21wIGZyb20gYW55IHRvIGFu eSBncm91cCAxMApwYXNzCWluCQkJCSAgICAgIG9uIGVkMCBhbGwgICAgICAgICAgICAgICAg ICAgICAgICBncm91cCAxMAoKYmxvY2sJb3V0CQkJCSAgICAgIG9uIGVkMCBhbGwgaGVhZCAx MQpibG9jawlvdXQJCQkJcXVpY2sgb24gZWQwIHByb3RvIHRjcCBmcm9tIGFueSB0byBhbnkg IGdyb3VwIDExCmJsb2NrCW91dAkJCQlxdWljayBvbiBlZDAgcHJvdG8gdWRwIGZyb20gYW55 IHRvIGFueSAgZ3JvdXAgMTEKYmxvY2sJb3V0CQkJCXF1aWNrIG9uIGVkMCBwcm90byBpY21w IGZyb20gYW55IHRvIGFueSBncm91cCAxMQpwYXNzCW91dAkJCQkgICAgICBvbiBlZDAgYWxs ICAgICAgICAgICAgICAgICAgICAgICAgZ3JvdXAgMTEKCiMgSW50ZXJuYWwgaW50ZXJmYWNl CgpwYXNzCWluCQkJCXF1aWNrIG9uIGRlMCBhbGwKcGFzcwlvdXQJCQkJcXVpY2sgb24gZGUw IGFsbAoKIyBQUFBvRSBpbnRlcmZhY2UgcnVsZXMKCnBhc3MJCQkJaW4gIGxvZyBsZXZlbCBz ZWN1cml0eS5pbmZvCXF1aWNrIG9uIG5nMCBwcm90byBpY21wIGZyb20gYW55IHRvIGFueSBp Y21wLXR5cGUgOCBrZWVwIHN0YXRlCgpibG9jawkJCQlpbgkJCQkJb24gbmcwCQkgIGFsbAkJ CQloZWFkIDI1CmJsb2NrCQkJCWluIGxvZyBsZXZlbCBzZWN1cml0eS5pbmZvCXF1aWNrCW9u IG5nMCAgICAgICAgICAgIGZyb20gMTkyLjE2OC4wLjAvMTYJdG8gYW55CWdyb3VwIDI1CmJs b2NrCQkJCWluIGxvZyBsZXZlbCBzZWN1cml0eS5pbmZvCXF1aWNrCW9uIG5nMCAgICAgICAg ICAgIGZyb20gMTcyLjE2LjAuMC8xMgl0byBhbnkJZ3JvdXAgMjUKYmxvY2sJCQkJaW4gbG9n IGxldmVsIHNlY3VyaXR5LmluZm8JcXVpY2sJb24gbmcwICAgICAgICAgICAgZnJvbSAxMjcu MC4wLjAvOAl0byBhbnkJZ3JvdXAgMjUKYmxvY2sJCQkJaW4gbG9nIGxldmVsIHNlY3VyaXR5 LmluZm8JcXVpY2sJb24gbmcwICAgICAgICAgICAgZnJvbSAxMC4wLjAuMC84CXRvIGFueQln cm91cCAyNQpibG9jawkJCQlpbiBsb2cgbGV2ZWwgc2VjdXJpdHkuaW5mbwlxdWljawlvbiBu ZzAgICAgICAgICAgICBmcm9tIDAuMC4wLjAvOAl0byBhbnkJZ3JvdXAgMjUKYmxvY2sJcmV0 dXJuLXJzdAkJaW4gbG9nIGxldmVsIHNlY3VyaXR5LmluZm8gCXF1aWNrCW9uIG5nMCBwcm90 byB0Y3AgIGZyb20gYW55CQl0byBhbnkJZ3JvdXAgMjUKYmxvY2sJcmV0dXJuLWljbXAocG9y dC11bnIpCWluIGxvZyBsZXZlbCBzZWN1cml0eS5pbmZvIAlxdWljawlvbiBuZzAgcHJvdG8g dWRwICBmcm9tIGFueQkJdG8gYW55CWdyb3VwIDI1CmJsb2NrCQkJCWluIGxvZyBsZXZlbCBz ZWN1cml0eS5pbmZvIAlxdWljawlvbiBuZzAJCSAgYWxsCQkJCWdyb3VwIDI1CgpibG9jawlv dXQJCQkJICAgICAgb24gbmcwIGFsbCBoZWFkIDMwCmJsb2NrCW91dCBsb2cgbGV2ZWwgc2Vj dXJpdHkuaW5mbwlxdWljayBvbiBuZzAgICAgICAgICAgICBmcm9tIGFueSB0byAxOTIuMTY4 LjAuMC8xNiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdyb3VwIDMwCmJsb2Nr CW91dCBsb2cgbGV2ZWwgc2VjdXJpdHkuaW5mbwlxdWljayBvbiBuZzAgICAgICAgICAgICBm cm9tIGFueSB0byAxNzIuMTYuMC4wLzEyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIGdyb3VwIDMwCmJsb2NrCW91dCBsb2cgbGV2ZWwgc2VjdXJpdHkuaW5mbwlxdWljayBv biBuZzAgICAgICAgICAgICBmcm9tIGFueSB0byAxMjcuMC4wLjAvOCAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIGdyb3VwIDMwCmJsb2NrCW91dCBsb2cgbGV2ZWwgc2Vj dXJpdHkuaW5mbwlxdWljayBvbiBuZzAgICAgICAgICAgICBmcm9tIGFueSB0byAxMC4wLjAu MC84ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdyb3VwIDMwCmJsb2Nr CW91dCBsb2cgbGV2ZWwgc2VjdXJpdHkuaW5mbwlxdWljayBvbiBuZzAgICAgICAgICAgICBm cm9tIGFueSB0byAwLjAuMC4wLzggICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIGdyb3VwIDMwCnBhc3MJb3V0CQkJCXF1aWNrIG9uIG5nMCBwcm90byB0Y3AgIGZyb20g YW55IHRvIGFueSBmbGFncyBTL1NBIGtlZXAgc3RhdGUga2VlcCBmcmFncyBncm91cCAzMApw YXNzCW91dAkJCQlxdWljayBvbiBuZzAgcHJvdG8gdWRwICBmcm9tIGFueSB0byBhbnkgICAg ICAgICAgICBrZWVwIHN0YXRlICAgICAgICAgICAgZ3JvdXAgMzAKcGFzcwlvdXQJCQkJcXVp Y2sgb24gbmcwIHByb3RvIGljbXAgZnJvbSBhbnkgdG8gYW55ICAgICAgICAgICAga2VlcCBz dGF0ZSAgICAgICAgICAgIGdyb3VwIDMwCmJsb2NrCW91dCBsb2cgbGV2ZWwgc2VjdXJpdHku aW5mbwkgICAgICBvbiBuZzAgYWxsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdyb3VwIDMwCg== --=-=-= Content-Type: application/octet-stream Content-Disposition: attachment; filename=tcpdump.err Content-Transfer-Encoding: base64 1MOyoQIABAAAAAAAAAAAAGAAAAAAAAAA1rTYP2M6DgAsAAAALAAAAAIAAABFAAAoNztAAH8G tmxR+cYjw2UypicSAFAAAY7fTU7snlAEAACxiAAA2bTYP0YIAAAwAAAAMAAAAAIAAABFAAAs OTtAAH8GtGhR+cYjw2UypicTAFAAAY2iAAAAAGACIAC09wAAAgQFtNm02D/xJAEAMAAAADAA AAACAAAARQAALFrpQAB3Bpq6w2UyplH5xiMAUCcTttVGqgABjaNgEv//12YAAAIEBbTZtNg/ IiYBACwAAAAsAAAAAgAAAEUAACg6O0AAfwazbFH5xiPDZTKmJxMAUAABjaO21UarUBAiOMzr AADZtNg/0CgBAGAAAAB1AQAAAgAAAEUAAXE7O0AAfwaxI1H5xiPDZTKmJxMAUAABjaO21Uar UBgiOA98AABHRVQgLyBIVFRQLzEuMQ0KQWNjZXB0OiBhcHBsaWNhdGlvbi92bmQubXMtZXhj ZWwsIGFw3LTYP7UjAQBgAAAAdQEAAAIAAABFAAFxPTtAAH8GryNR+cYjw2UypicTAFAAAY2j ttVGq1AYIjgPfAAAR0VUIC8gSFRUUC8xLjENCkFjY2VwdDogYXBwbGljYXRpb24vdm5kLm1z LWV4Y2VsLCBhcNy02D+DhAIALAAAACwAAAACAAAARQAAKFtHQAB3Bppgw2UyplH5xiMAUCcT ttVSEwABjuxQEP6247sAAA== --=-=-= Content-Disposition: attachment; filename=uname.txt FreeBSD rtrbsddupwan.dupont.lan 4.8-RELEASE-p14 FreeBSD 4.8-RELEASE-p14 #0: Thu Dec 11 19:08:37 CET 2003 emss@rtrbsddupwan.dupont.lan:/usr/src/sys/compile/FIREWALL i386 --=-=-=-- From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 21:47:03 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DDFD816A4CE for ; Fri, 12 Dec 2003 21:47:03 -0800 (PST) Received: from grosbein.pp.ru (dadv.svzserv.kemerovo.su [213.184.64.134]) by mx1.FreeBSD.org (Postfix) with ESMTP id E113F43D33 for ; Fri, 12 Dec 2003 21:46:57 -0800 (PST) (envelope-from eugen@grosbein.pp.ru) Received: from grosbein.pp.ru (eugen@localhost [127.0.0.1]) by grosbein.pp.ru (8.12.9p2/8.12.9) with ESMTP id hBD5ktJb001084 for ; Sat, 13 Dec 2003 12:46:55 +0700 (KRAT) (envelope-from eugen@grosbein.pp.ru) Received: (from eugen@localhost) by grosbein.pp.ru (8.12.9p2/8.12.9/Submit) id hBD5ksdt001083 for net@freebsd.org; Sat, 13 Dec 2003 12:46:54 +0700 (KRAT) (envelope-from eugen) Date: Sat, 13 Dec 2003 12:46:54 +0700 From: Eugene Grosbein To: net@freebsd.org Message-ID: <20031213054654.GA850@grosbein.pp.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i Subject: how to saturate 100Mbit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2003 05:47:04 -0000 Hi! Is it possible to saturate 100Mbit ethernet using FreeBSD 4.9-STABLE, Pentium-133 & Intel 430VX-based motherboard (PCI-33), Intel 82559 Pro/100 Ethernet (fxp) ? I tried to use sendfile(2) on /dev/zero but that does not work. Then I created 8Tb holey file and used sendfile() on it. That gave 100% CPU load and only 37Mbit/s on wire. Eugene Grosbein From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 22:06:28 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A2F3616A4CF for ; Fri, 12 Dec 2003 22:06:28 -0800 (PST) Received: from lennier.cc.vt.edu (lennier.cc.vt.edu [198.82.162.213]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7041843D09 for ; Fri, 12 Dec 2003 22:06:27 -0800 (PST) (envelope-from cgaylord@vt.edu) Received: from vivi.cc.vt.edu (IDENT:mirapoint@evil-vivi [10.1.1.12]) by lennier.cc.vt.edu (8.12.8/8.12.8) with ESMTP id hBD66Qca465129; Sat, 13 Dec 2003 01:06:26 -0500 (EST) Received: from vt.edu (h80ad22c1.async.vt.edu [128.173.34.193]) by vivi.cc.vt.edu (MOS 3.4.2-CR) with ESMTP id CCF07868; Sat, 13 Dec 2003 01:06:21 -0500 (EST) Message-ID: <3FDAAC5B.5030008@vt.edu> Date: Sat, 13 Dec 2003 01:06:19 -0500 From: Clark Gaylord User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20030925 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Eugene Grosbein References: <20031213054654.GA850@grosbein.pp.ru> In-Reply-To: <20031213054654.GA850@grosbein.pp.ru> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: net@freebsd.org Subject: Re: how to saturate 100Mbit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2003 06:06:28 -0000 Eugene Grosbein wrote: > Is it possible to saturate 100Mbit ethernet using FreeBSD 4.9-STABLE, > Pentium-133 & Intel 430VX-based motherboard (PCI-33), > Intel 82559 Pro/100 Ethernet (fxp) ? > > I tried to use sendfile(2) on /dev/zero but that does not work. > Then I created 8Tb holey file and used sendfile() on it. > That gave 100% CPU load and only 37Mbit/s on wire. I usually use ttcp for tcp throughput measurement. You may not be able to do 100Mbps, due to tcp-ness, but it has a udp mode as well. Depends on what you are interested in doing. But ttcp is pretty low impact. Also, when you use it, boost the buffersize; this can help performance (and lower cpu hit) considerably. I am doing 800+Mbps on gigE with FreeBSD 5.1 these days. The other trick we use for link utilization with tcp is to multiplex several sessions; we do a few score (or a few hundred :-) simultaneous ttcp's just with a shell script and background the processes. ping -f with larger packets can also be useful. --ckg From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 22:13:23 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2232116A4CE for ; Fri, 12 Dec 2003 22:13:23 -0800 (PST) Received: from heelflip.ncsa.uiuc.edu (12-221-104-90.client.insightBB.com [12.221.104.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id DC5A443D32 for ; Fri, 12 Dec 2003 22:13:21 -0800 (PST) (envelope-from nick@buraglio.com) Received: from [127.0.0.1] (localhost [127.0.0.1]) by heelflip.ncsa.uiuc.edu (Postfix) with ESMTP id CC5DE1D9C83; Sat, 13 Dec 2003 00:13:32 -0600 (CST) In-Reply-To: <3FDAAC5B.5030008@vt.edu> References: <20031213054654.GA850@grosbein.pp.ru> <3FDAAC5B.5030008@vt.edu> Mime-Version: 1.0 (Apple Message framework v606) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <76FB9BF4-2D33-11D8-8DDA-000393B61F2E@buraglio.com> Content-Transfer-Encoding: 7bit From: Nick Buraglio Date: Sat, 13 Dec 2003 00:13:27 -0600 To: net@freebsd.org X-Pgp-Agent: GPGMail 1.0 (v30, 10.3) X-Mailer: Apple Mail (2.606) cc: Eugene Grosbein Subject: Re: how to saturate 100Mbit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2003 06:13:23 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You can also use a tool like iperf to test things like this. Just a thought. nb On Dec 13, 2003, at 12:06 AM, Clark Gaylord wrote: > Eugene Grosbein wrote: >> Is it possible to saturate 100Mbit ethernet using FreeBSD 4.9-STABLE, >> Pentium-133 & Intel 430VX-based motherboard (PCI-33), >> Intel 82559 Pro/100 Ethernet (fxp) ? I tried to use sendfile(2) on >> /dev/zero but that does not work. >> Then I created 8Tb holey file and used sendfile() on it. >> That gave 100% CPU load and only 37Mbit/s on wire. > > I usually use ttcp for tcp throughput measurement. You may not be > able to do 100Mbps, due to tcp-ness, but it has a udp mode as well. > Depends on what you are interested in doing. But ttcp is pretty low > impact. Also, when you use it, boost the buffersize; this can help > performance (and lower cpu hit) considerably. > > I am doing 800+Mbps on gigE with FreeBSD 5.1 these days. The other > trick we use for link utilization with tcp is to multiplex several > sessions; we do a few score (or a few hundred :-) simultaneous ttcp's > just with a shell script and background the processes. > > ping -f with larger packets can also be useful. > > --ckg > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (Darwin) iD8DBQE/2q4LFOm2Sy5bRPQRAmO6AJ9tdPc6X8jf6lE0qRqGsjyXnQRZ/QCcDdNw hakmV6u54zdrp7XRyEaMn4M= =05mX -----END PGP SIGNATURE----- From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 22:16:24 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9285A16A4CE for ; Fri, 12 Dec 2003 22:16:24 -0800 (PST) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0EC0D43D31 for ; Fri, 12 Dec 2003 22:16:23 -0800 (PST) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.10/8.12.10) with ESMTP id hBD6GMiR045413; Sat, 13 Dec 2003 01:16:22 -0500 (EST) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.10/8.12.10/Submit) id hBD6GMCZ045412; Sat, 13 Dec 2003 01:16:22 -0500 (EST) (envelope-from barney) Date: Sat, 13 Dec 2003 01:16:22 -0500 From: Barney Wolff To: Brett Glass Message-ID: <20031213061622.GA45267@pit.databus.com> References: <20031212074519.GA23452@pit.databus.com> <6.0.0.22.2.20031212011133.047ae798@localhost> <20031212083522.GA24267@pit.databus.com> <6.0.0.22.2.20031212103142.04611738@localhost> <20031212181944.GA33245@pit.databus.com> <6.0.0.22.2.20031212161250.045e9408@localhost> <20031213001913.GA40544@pit.databus.com> <6.0.0.22.2.20031212175801.04b066d8@localhost> <20031213021813.GA42371@pit.databus.com> <6.0.0.22.2.20031212201423.04a0dec0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6.0.0.22.2.20031212201423.04a0dec0@localhost> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.38 cc: net@freebsd.org Subject: Re: Controlling ports used by natd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2003 06:16:24 -0000 On Fri, Dec 12, 2003 at 08:18:11PM -0700, Brett Glass wrote: > At 07:18 PM 12/12/2003, Barney Wolff wrote: > > >In fact, your real problem is with lazy > >firewalls that can't tell UDP responses from requests. A stateless > >firewall is an ACL, not a firewall. That works not so badly for TCP > >but is simply inadequate for UDP. > > Not so. A stateful firewall on UDP might keep a worm from getting in, > but it could still propgagate out. We don't want them getting through > in either direction (especially since we don't want our users infecting > one another). So, a full block of the port is appropriate. Especially > since, in most cases, that port isn't a service that would be safe to use > across the Net. Ports 135, 137, and 139, for example, should be blocked not > only because they can spread worms and popup spam but because they > should not be used on the open Internet. A stateful firewall is not limited to blocking inbound requests. If you want to block outbound requests to UDP port 12345, fine. But don't block a response from port 53 to your host's port 12345, and don't (if you run a nameserver) block a UDP packet from outside port 12345 to your nameserver's port 53, or the response. A stateful firewall, sensibly configured, can do all that; an ACL usually can't. I believe in ACLs and have configured them on every router for which I've had enable. I also believe in firewalls, for what ACLs can't do. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 23:44:28 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D0B6F16A4CE for ; Fri, 12 Dec 2003 23:44:28 -0800 (PST) Received: from www.svzserv.kemerovo.su (www.svzserv.kemerovo.su [213.184.65.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id 15DD143D32 for ; Fri, 12 Dec 2003 23:44:27 -0800 (PST) (envelope-from eugen@www.svzserv.kemerovo.su) Received: from www.svzserv.kemerovo.su (eugen@localhost [127.0.0.1]) hBD7iOjL015773; Sat, 13 Dec 2003 14:44:24 +0700 (KRAT) (envelope-from eugen@www.svzserv.kemerovo.su) Received: (from eugen@localhost) by www.svzserv.kemerovo.su (8.12.10/8.12.10/Submit) id hBD7iOoM015771; Sat, 13 Dec 2003 14:44:24 +0700 (KRAT) (envelope-from eugen) Date: Sat, 13 Dec 2003 14:44:24 +0700 From: Eugene Grosbein To: Clark Gaylord Message-ID: <20031213074423.GA2249@svzserv.kemerovo.su> References: <20031213054654.GA850@grosbein.pp.ru> <3FDAAC5B.5030008@vt.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3FDAAC5B.5030008@vt.edu> User-Agent: Mutt/1.4i cc: net@freebsd.org Subject: Re: how to saturate 100Mbit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2003 07:44:28 -0000 On Sat, Dec 13, 2003 at 01:06:19AM -0500, Clark Gaylord wrote: > >Is it possible to saturate 100Mbit ethernet using FreeBSD 4.9-STABLE, > >Pentium-133 & Intel 430VX-based motherboard (PCI-33), > >Intel 82559 Pro/100 Ethernet (fxp) ? > >I tried to use sendfile(2) on /dev/zero but that does not work. > >Then I created 8Tb holey file and used sendfile() on it. > >That gave 100% CPU load and only 37Mbit/s on wire. > I usually use ttcp for tcp throughput measurement. You may not be able > to do 100Mbps, due to tcp-ness, but it has a udp mode as well. Depends > on what you are interested in doing. But ttcp is pretty low impact. > Also, when you use it, boost the buffersize; this can help performance > (and lower cpu hit) considerably. Will ttcp or iperf use zero-copy mechanics like sendfile(2) or they will make CPU load by copying from/to kernel space? I made another attempt: set sendspace/recvspace for TCP/UDP to 65536, mounted filesystem using NFS over UDP with -r 65536, -w 65536 and ran from NFS client: dd if=holey-file of=/dev/null bs=10m I've got about 30% of CPU load for the server (P-133) and less than 35mbit/s on wire. Eugene Grosbein From owner-freebsd-net@FreeBSD.ORG Sat Dec 13 02:46:23 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C8BED16A4CE for ; Sat, 13 Dec 2003 02:46:23 -0800 (PST) Received: from vsmtp4.tin.it (vsmtp4.tin.it [212.216.176.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id ECE8E43D33 for ; Sat, 13 Dec 2003 02:46:22 -0800 (PST) (envelope-from dpphln@tin.it) Received: from drumfire (80.183.60.154) by vsmtp4.tin.it (7.0.019) id 3FD9A31C000AC843 for net@freebsd.org; Sat, 13 Dec 2003 11:46:21 +0100 Message-ID: <007401c3c166$e36e2fa0$9a3cb750@softec> From: "DrumFire" To: References: <20031213054654.GA850@grosbein.pp.ru> <3FDAAC5B.5030008@vt.edu> <20031213074423.GA2249@svzserv.kemerovo.su> Date: Sat, 13 Dec 2003 11:50:13 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4927.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200 Subject: Re: how to saturate 100Mbit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2003 10:46:23 -0000 >> dd if=holey-file of=/dev/null bs=10m > > I've got about 30% of CPU load for the server (P-133) and less than > 35mbit/s on wire. Also you can try to dump traffic with tcpdump and send it with /usr/ports/net/tcpreplay I'm trying to send 100Mbit/s for 5-6 minutes with Ethernet frame size at 64 bytes, but I need very good hardware to make this. From owner-freebsd-net@FreeBSD.ORG Sat Dec 13 02:49:54 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC29D16A4CE for ; Sat, 13 Dec 2003 02:49:54 -0800 (PST) Received: from smtp004.mail.ukl.yahoo.com (smtp004.mail.ukl.yahoo.com [217.12.11.35]) by mx1.FreeBSD.org (Postfix) with SMTP id A02E943D1F for ; Sat, 13 Dec 2003 02:49:53 -0800 (PST) (envelope-from NateBSD@yahoo.it) Received: from unknown (HELO LapBSD.MetalZone) (natebsd@80.182.195.178 with plain) by smtp004.mail.ukl.yahoo.com with SMTP; 13 Dec 2003 10:49:49 -0000 From: Nate Grey Date: Sat, 13 Dec 2003 11:49:44 +0000 User-Agent: KMail/1.5.4 To: net@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200312131149.44582.NateBSD@yahoo.it> Subject: Fwd: 5.2-RC + ipfw X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2003 10:49:55 -0000 Hello, on 5.2-RC I get this error from ipfw: ipfw in free(): error: modified (chunk -) pointer Aboirt trap (core dumped) examining my firewall script I noticed that error occurs when ipfw try to load this rules fwcmd="/sbin/ipfw -q/" ${fwcmd} add 310 set 1 deny ip from $bad_guys to any in recv ep0 ${fwcmd} add 310 set 2 deny ip from any to $bad_guys out via ep0 badguys are: bad_guys="(\ 127.0.0.0/8 or \ 192.168.0.1/16 or \ 10.0.0.0/8 or \ 172.16.0.0/12 or \ 0.0.0.0/8 or \ 169.254.0.0/16 or \ 192.0.2.0/24 or \ 224.0.0.0/4 \ )" anyway, according to `ipfw sh` output the rules are loaded. Bye Bye From owner-freebsd-net@FreeBSD.ORG Sat Dec 13 07:50:38 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 080E016A4CE for ; Sat, 13 Dec 2003 07:50:38 -0800 (PST) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id C32F343D09 for ; Sat, 13 Dec 2003 07:50:36 -0800 (PST) (envelope-from don@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2657.72) id ; Sat, 13 Dec 2003 10:50:35 -0500 Message-ID: From: Don Bowman To: 'DrumFire' , net@freebsd.org Date: Sat, 13 Dec 2003 10:50:33 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="iso-8859-1" Subject: RE: how to saturate 100Mbit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2003 15:50:38 -0000 From: DrumFire [mailto:dpphln@tin.it] > > >> dd if=holey-file of=/dev/null bs=10m > > > > I've got about 30% of CPU load for the server (P-133) and less than > > 35mbit/s on wire. > > Also you can try to dump traffic with tcpdump and send it with > > /usr/ports/net/tcpreplay > > I'm trying to send 100Mbit/s for 5-6 minutes with Ethernet > frame size at > 64 bytes, but I need very good hardware to make this. There is a netgraph module called ng_source which can do this. It can achieve about 400Kpps or >1Gbps on a xeon system with a gigabit card, should be able to saturate a fxp. From owner-freebsd-net@FreeBSD.ORG Sat Dec 13 10:17:12 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0B15616A4CE for ; Sat, 13 Dec 2003 10:17:12 -0800 (PST) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2344343D1F for ; Sat, 13 Dec 2003 10:17:11 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.9p1/8.12.3) with ESMTP id hBDIHA2e079857; Sat, 13 Dec 2003 10:17:10 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.9p1/8.12.3/Submit) id hBDIH6wA079856; Sat, 13 Dec 2003 10:17:06 -0800 (PST) (envelope-from rizzo) Date: Sat, 13 Dec 2003 10:17:06 -0800 From: Luigi Rizzo To: Don Bowman Message-ID: <20031213101706.A79791@xorpc.icir.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from don@sandvine.com on Sat, Dec 13, 2003 at 10:50:33AM -0500 cc: 'DrumFire' cc: net@freebsd.org Subject: Re: how to saturate 100Mbit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2003 18:17:12 -0000 On Sat, Dec 13, 2003 at 10:50:33AM -0500, Don Bowman wrote: ... > There is a netgraph module called ng_source which can do this. > It can achieve about 400Kpps or >1Gbps on a xeon system with > a gigabit card, should be able to saturate a fxp. the fxp has a problem which does not allow it to go above 103/110/120kpps depending on which descriptor model you use, no matter how fast the CPU is. Even not using any special kernel modules, a simple loop over a sendto() on a udp socket can achieve around 500kpps on a 2.4GHz box (em or bge). With some tricks and a sufficiently fast PCI bus you can reach some 750kpps but then it really depends on how fast is your PCI bus. cheers luigi > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Sat Dec 13 10:47:10 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9828916A4CE; Sat, 13 Dec 2003 10:47:10 -0800 (PST) Received: from relay.macomnet.ru (relay.macomnet.ru [195.128.64.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id F059743D35; Sat, 13 Dec 2003 10:47:08 -0800 (PST) (envelope-from maxim@macomnet.ru) Received: from news1.macomnet.ru (7yqi3ke0@news1.macomnet.ru [195.128.64.14]) by relay.macomnet.ru (8.12.10/8.12.10) with ESMTP id hBDIl7kQ27291005; Sat, 13 Dec 2003 21:47:07 +0300 (MSK) Date: Sat, 13 Dec 2003 21:47:07 +0300 (MSK) From: Maxim Konovalov To: Nate Grey In-Reply-To: <200312131149.44582.NateBSD@yahoo.it> Message-ID: <20031213214424.E42015@news1.macomnet.ru> References: <200312131149.44582.NateBSD@yahoo.it> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: luigi@freebsd.org cc: net@freebsd.org Subject: Re: Fwd: 5.2-RC + ipfw X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2003 18:47:10 -0000 [ CC: Luigi ] On Sat, 13 Dec 2003, 11:49-0000, Nate Grey wrote: > Hello, > > on 5.2-RC I get this error from ipfw: > > ipfw in free(): error: modified (chunk -) pointer > Aboirt trap (core dumped) > > examining my firewall script I noticed that error occurs when ipfw try to > load this rules > > fwcmd="/sbin/ipfw -q/" > ${fwcmd} add 310 set 1 deny ip from $bad_guys to any in recv ep0 > ${fwcmd} add 310 set 2 deny ip from any to $bad_guys out via ep0 > > badguys are: > > bad_guys="(\ > 127.0.0.0/8 or \ > 192.168.0.1/16 or \ > 10.0.0.0/8 or \ > 172.16.0.0/12 or \ > 0.0.0.0/8 or \ > 169.254.0.0/16 or \ > 192.0.2.0/24 or \ > 224.0.0.0/4 \ > )" > > anyway, according to `ipfw sh` output the rules are loaded. Please try an enclosed patch or put a whitespace right after the '(' before '\'. Index: ipfw2.c =================================================================== RCS file: /home/ncvs/src/sbin/ipfw/ipfw2.c,v retrieving revision 1.42 diff -u -r1.42 ipfw2.c --- ipfw2.c 31 Oct 2003 18:31:55 -0000 1.42 +++ ipfw2.c 13 Dec 2003 18:42:18 -0000 @@ -2901,15 +2901,14 @@ goto done; #define OR_START(target) \ - if (ac && (*av[0] == '(' || *av[0] == '{')) { \ + if (ac && ( \ + !strncmp(*av, "(", strlen(*av)) || \ + !strncmp(*av, "{", strlen(*av)) )) { \ if (open_par) \ errx(EX_USAGE, "nested \"(\" not allowed\n"); \ prev = NULL; \ open_par = 1; \ - if ( (av[0])[1] == '\0') { \ - ac--; av++; \ - } else \ - (*av)++; \ + ac--; av++; \ } \ target: \ %%% -- Maxim Konovalov, maxim@macomnet.ru, maxim@FreeBSD.org From owner-freebsd-net@FreeBSD.ORG Sat Dec 13 18:47:15 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6752A16A523 for ; Sat, 13 Dec 2003 18:47:15 -0800 (PST) Received: from tower.berklix.org (bsd.bsn.com [194.221.32.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 211EB43D2D for ; Sat, 13 Dec 2003 18:47:13 -0800 (PST) (envelope-from jhs@berklix.org) Received: from tower.berklix.org (localhost [127.0.0.1]) by tower.berklix.org (8.12.6/8.12.6) with ESMTP id hBE2lBfi030515; Sun, 14 Dec 2003 03:47:11 +0100 (CET) (envelope-from jhs@tower.berklix.org) Received: (from jhs@localhost) by tower.berklix.org (8.12.6/8.12.6/Submit) id hBE2iMm4030511; Sun, 14 Dec 2003 03:44:22 +0100 (CET) (envelope-from jhs) Date: Sun, 14 Dec 2003 03:44:22 +0100 (CET) Message-Id: <200312140244.hBE2iMm4030511@tower.berklix.org> To: freebsd-net@freebsd.org From: "Julian Stacey" Organization: http://berklix.com/~jhs/ Fcc: sent-mail User-agent: EXMH http://beedub.com/exmh/ on FreeBSD http://freebsd.org cc: jhs@berklix.org Subject: Auth + Sendmail help please X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Dec 2003 02:47:15 -0000 Hi freebsd-net@ folk. I've been having problems trying to simultaneously configure my 4.9 home client gateway & my remote 24/7 server to provide an Auth + SASL outgoing sendmail channel. My fault not FreeBSD's but I'm asking for help. One problem is I dont have a known good server or client to test the other half against. Another problem is too many options - each end :-) I'd much appreciate if some kind volunteer could either: A) Give me a temporary account for my sendmail client on their server (not even a login, I've got plenty of those thanks, just a `proper' SASL + Auth + Sendmail, (& it's easy to check I'm not a spammer seeking a relay, hit Google with my name & you'll see what I'm known for, better or worse :-) or B) I give you a temporary account on my half baked server, you point your client at it, wait for it to blow, & tell me what I've got wrong (Yes I can give you a full login so you can look yourself if you want.) Whichever, if either or both I'm offered please :-) I've read lots of docs, not restricted to (but just listing some) /usr/share/sendmail/cf/README http://docs.snake.de/smtp-auth.html http://home.leo.org/~barner/freebsd/articles/mailsetup/article.html http://www.sendmail.org/~ca/email/cyrus/sysadmin.html http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html & tried SASL2 & then SASL1, Ive tried SASL passwords & direct /etc/passwd type. I think I've tried most or all of ports/security/ cyrus-sasl cyrus-sasl2 cyrus-sasl2-saslauthd but I think not yet mail/sendmail-sasl My background .m4 files (both ends) are mastered from http://berklix.org/~jhs/src/bsd/fixes/FreeBSD/src/jhs/etc/sendmail/common.cpp My current error report is server end: AUTH warning: no mechanisms >From contrib/sendmail/src/srvrsmtp.c:3992 I have all of /usr/lib/sasl/Sendmail.conf -> ../../../site/usr/lib/sasl/Sendmail.conf /usr/local/lib/sasl/Sendmail.conf -> ../../../../site/usr/lib/sasl/Sendmail.conf /usr/local/lib/sasl2/Sendmail.conf -> ../../../../site/usr/lib/sasl/Sendmail.conf Are symbolic links acceptable ? Can Sendmail.conf contain comment lines beginning with hash char ? Any help appreciated, please ! Thanks ! - Julian Stacey. Munich Unix C & Net Services Consultant. http://berklix.com Mail in Ascii plain text; HTML mail is dumped with Spam. Ihr Rauchen => mein allergischer Kopfschmerz ! Schnupftabak probieren. Software Patents ? Vampires would approve ! http://berklix.com/jhs/patents From owner-freebsd-net@FreeBSD.ORG Sat Dec 13 20:28:53 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CF03716A4CE for ; Sat, 13 Dec 2003 20:28:53 -0800 (PST) Received: from www.svzserv.kemerovo.su (www.svzserv.kemerovo.su [213.184.65.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0660443D49 for ; Sat, 13 Dec 2003 20:28:38 -0800 (PST) (envelope-from eugen@www.svzserv.kemerovo.su) Received: from www.svzserv.kemerovo.su (eugen@localhost [127.0.0.1]) hBE4SEjL031167; Sun, 14 Dec 2003 11:28:14 +0700 (KRAT) (envelope-from eugen@www.svzserv.kemerovo.su) Received: (from eugen@localhost) by www.svzserv.kemerovo.su (8.12.10/8.12.10/Submit) id hBE4SCNO031164; Sun, 14 Dec 2003 11:28:12 +0700 (KRAT) (envelope-from eugen) Date: Sun, 14 Dec 2003 11:28:12 +0700 From: Eugene Grosbein To: Luigi Rizzo Message-ID: <20031214042812.GC2249@svzserv.kemerovo.su> References: <20031213101706.A79791@xorpc.icir.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031213101706.A79791@xorpc.icir.org> User-Agent: Mutt/1.4i cc: 'DrumFire' cc: net@freebsd.org Subject: Re: how to saturate 100Mbit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Dec 2003 04:28:53 -0000 On Sat, Dec 13, 2003 at 10:17:06AM -0800, Luigi Rizzo wrote: > the fxp has a problem which does not allow it to go above 103/110/120kpps > depending on which descriptor model you use, no matter how fast > the CPU is. Can you explain the problem, please? > Even not using any special kernel modules, a simple loop over > a sendto() on a udp socket can achieve around 500kpps on a 2.4GHz > box (em or bge). With some tricks and a sufficiently fast PCI > bus you can reach some 750kpps but then it really depends > on how fast is your PCI bus. 100*1024*1024/8/1500=8738.1(3) It seems one does not need hundred of thousand pps to achive 100Mbps. EUgene From owner-freebsd-net@FreeBSD.ORG Sat Dec 13 20:28:56 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A3D6C16A4CE for ; Sat, 13 Dec 2003 20:28:56 -0800 (PST) Received: from www.svzserv.kemerovo.su (www.svzserv.kemerovo.su [213.184.65.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id 232BE43D31 for ; Sat, 13 Dec 2003 20:28:40 -0800 (PST) (envelope-from eugen@www.svzserv.kemerovo.su) Received: from www.svzserv.kemerovo.su (eugen@localhost [127.0.0.1]) hBE4SajL031221; Sun, 14 Dec 2003 11:28:36 +0700 (KRAT) (envelope-from eugen@www.svzserv.kemerovo.su) Received: (from eugen@localhost) by www.svzserv.kemerovo.su (8.12.10/8.12.10/Submit) id hBE4SahB031220; Sun, 14 Dec 2003 11:28:36 +0700 (KRAT) (envelope-from eugen) Date: Sun, 14 Dec 2003 11:28:36 +0700 From: Eugene Grosbein To: Luigi Rizzo Message-ID: <20031214042812.GC2249@svzserv.kemerovo.su> References: <20031213101706.A79791@xorpc.icir.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031213101706.A79791@xorpc.icir.org> User-Agent: Mutt/1.4i cc: 'DrumFire' cc: net@freebsd.org Subject: Re: how to saturate 100Mbit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Dec 2003 04:28:56 -0000 On Sat, Dec 13, 2003 at 10:17:06AM -0800, Luigi Rizzo wrote: > the fxp has a problem which does not allow it to go above 103/110/120kpps > depending on which descriptor model you use, no matter how fast > the CPU is. Can you explain the problem, please? > Even not using any special kernel modules, a simple loop over > a sendto() on a udp socket can achieve around 500kpps on a 2.4GHz > box (em or bge). With some tricks and a sufficiently fast PCI > bus you can reach some 750kpps but then it really depends > on how fast is your PCI bus. 100*1024*1024/8/1500=8738.1(3) It seems one does not need hundred of thousand pps to achive 100Mbps. EUgene From owner-freebsd-net@FreeBSD.ORG Sat Dec 13 20:29:11 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9B50116A4CE for ; Sat, 13 Dec 2003 20:29:11 -0800 (PST) Received: from www.svzserv.kemerovo.su (www.svzserv.kemerovo.su [213.184.65.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id A71AA43D1D for ; Sat, 13 Dec 2003 20:29:08 -0800 (PST) (envelope-from eugen@www.svzserv.kemerovo.su) Received: from www.svzserv.kemerovo.su (eugen@localhost [127.0.0.1]) hBE4T7jL031293; Sun, 14 Dec 2003 11:29:07 +0700 (KRAT) (envelope-from eugen@www.svzserv.kemerovo.su) Received: (from eugen@localhost) by www.svzserv.kemerovo.su (8.12.10/8.12.10/Submit) id hBE4T7MB031292; Sun, 14 Dec 2003 11:29:07 +0700 (KRAT) (envelope-from eugen) Date: Sun, 14 Dec 2003 11:29:07 +0700 From: Eugene Grosbein To: Luigi Rizzo Message-ID: <20031214042812.GC2249@svzserv.kemerovo.su> References: <20031213101706.A79791@xorpc.icir.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031213101706.A79791@xorpc.icir.org> User-Agent: Mutt/1.4i cc: DrumFire cc: net@freebsd.org Subject: Re: how to saturate 100Mbit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Dec 2003 04:29:11 -0000 On Sat, Dec 13, 2003 at 10:17:06AM -0800, Luigi Rizzo wrote: > the fxp has a problem which does not allow it to go above 103/110/120kpps > depending on which descriptor model you use, no matter how fast > the CPU is. Can you explain the problem, please? > Even not using any special kernel modules, a simple loop over > a sendto() on a udp socket can achieve around 500kpps on a 2.4GHz > box (em or bge). With some tricks and a sufficiently fast PCI > bus you can reach some 750kpps but then it really depends > on how fast is your PCI bus. 100*1024*1024/8/1500=8738.1(3) It seems one does not need hundred of thousand pps to achive 100Mbps. EUgene