From owner-freebsd-net@FreeBSD.ORG Sun Dec 21 16:28:24 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 91BDB16A4CE for ; Sun, 21 Dec 2003 16:28:24 -0800 (PST) Received: from sizone.org (mortar.sizone.org [65.126.154.242]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8790E43D3F for ; Sun, 21 Dec 2003 16:28:23 -0800 (PST) (envelope-from dgilbert@daveg.ca) Received: by sizone.org (Postfix, from userid 66) id 970A1307E1; Sun, 21 Dec 2003 19:28:22 -0500 (EST) Received: by canoe.dclg.ca (Postfix, from userid 101) id 0AF201D1F43; Sun, 21 Dec 2003 19:28:20 -0500 (EST) From: David Gilbert MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16358.15011.888736.676362@canoe.dclg.ca> Date: Sun, 21 Dec 2003 19:28:19 -0500 To: Alfred Perlstein In-Reply-To: <20031220151122.GQ60229@elvis.mu.org> References: <20031220151122.GQ60229@elvis.mu.org> X-Mailer: VM 7.17 under 21.4 (patch 14) "Reasonable Discussion" XEmacs Lucid cc: net@freebsd.org Subject: crossover between gigE? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Dec 2003 00:28:24 -0000 >>>>> "Alfred" == Alfred Perlstein writes: Alfred> Any suggestion of the kind of cable one should look for at Alfred> Frys to run between two gigE card (intel em0) to function as a Alfred> crossover? As long as the chipsets are compliant, an 8 wire straight thru cable works as both a straight and a crossover. The GigE standard requires this behaviour. Dave. -- ============================================================================ |David Gilbert, Independent Contractor. | Two things can only be | |Mail: dave@daveg.ca | equal if and only if they | |http://daveg.ca | are precisely opposite. | =========================================================GLO================ From owner-freebsd-net@FreeBSD.ORG Mon Dec 22 03:19:27 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 330A216A4CE for ; Mon, 22 Dec 2003 03:19:27 -0800 (PST) Received: from ibague.terra.com.br (ibague.terra.com.br [200.154.55.225]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3AD0843D5F for ; Mon, 22 Dec 2003 03:19:25 -0800 (PST) (envelope-from eick.jac@terra.com.br) Received: from rosario.terra.com.br (rosario.terra.com.br [200.176.3.33]) by ibague.terra.com.br (Postfix) with ESMTP id 31BB1EC694 for ; Mon, 22 Dec 2003 09:19:23 -0200 (BRST) Received: from eicke (unknown [200.162.114.126]) (authenticated user eick.jac) by rosario.terra.com.br (Postfix) with ESMTP id 00F8B3C07D for ; Mon, 22 Dec 2003 09:19:23 -0200 (BRST) Message-ID: <009701c3c87d$0dbb6d00$0905a8c0@alellyxbr.com.br> From: "Eicke" To: "FreeBSD_Net" References: <003301c3c635$2109e9d0$0905a8c0@alellyxbr.com.br> Date: Mon, 22 Dec 2003 09:16:31 -0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300 Subject: squid to ftp and https X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Dec 2003 11:19:27 -0000 Hi folks, I am using a FreeBSD server as transparent proxy server. To make this I use ipfw to foward port 80 requests. I have a doubt, I like that 443, 8080, 8000, 8081 ports and FTP pass through proxy too. How can I make this? Thanks and regards. Eicke. From owner-freebsd-net@FreeBSD.ORG Mon Dec 22 05:14:45 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2FB7C16A4CE for ; Mon, 22 Dec 2003 05:14:45 -0800 (PST) Received: from smtp107.mail.sc5.yahoo.com (smtp107.mail.sc5.yahoo.com [66.163.169.227]) by mx1.FreeBSD.org (Postfix) with SMTP id 6022F43D2D for ; Mon, 22 Dec 2003 05:14:43 -0800 (PST) (envelope-from q_dolan@yahoo.com.au) Received: from unknown (HELO ?192.168.100.140?) (q?dolan@203.144.21.67 with plain) by smtp107.mail.sc5.yahoo.com with SMTP; 22 Dec 2003 12:57:05 -0000 From: Q To: Eicke In-Reply-To: <009701c3c87d$0dbb6d00$0905a8c0@alellyxbr.com.br> References: <003301c3c635$2109e9d0$0905a8c0@alellyxbr.com.br> <009701c3c87d$0dbb6d00$0905a8c0@alellyxbr.com.br> Message-Id: <1072097816.5821.35.camel@boxster.onthenet.com.au> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Mon, 22 Dec 2003 22:56:56 +1000 Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.1 cc: FreeBSD_Net Subject: Re: squid to ftp and https X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Dec 2003 13:14:45 -0000 You can only transparently proxy unencrypted data streams. There is no point in proxying port 443 because the SSL protocol is designed to prevent exactly this from being possible. So port 443 is out.. but there are a few others that are still viable.. and it's not very hard to setup. Make sure you have to following set in squid: httpd_accel_host virtual httpd_accel_port 0 And then just add the necessary rules to ipfw like so: 00500 fwd 192.168.100.254,3128 tcp from 192.168.100.0/24 to any dst-port 80 00500 fwd 192.168.100.254,3128 tcp from 192.168.100.0/24 to any dst-port 81 00500 fwd 192.168.100.254,3128 tcp from 192.168.100.0/24 to any dst-port 8080 00500 fwd 192.168.100.254,3128 tcp from 192.168.100.0/24 to any dst-port 8081 You can also redirect 'ftp' (port 21) using the "Frox" port in exactly the same way, but ftp is a more complicated protocol, so it may break things for some client/server combinations. Seeya...Q On Mon, 2003-12-22 at 21:16, Eicke wrote: > Hi folks, > > I am using a FreeBSD server as transparent proxy server. To make this I use > ipfw to foward port 80 requests. > I have a doubt, I like that 443, 8080, 8000, 8081 ports and FTP pass through > proxy too. > How can I make this? > > > Thanks and regards. > Eicke. > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Mon Dec 22 11:02:32 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8D05516A4CE for ; Mon, 22 Dec 2003 11:02:32 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C98B43D7B for ; Mon, 22 Dec 2003 11:01:43 -0800 (PST) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.10/8.12.10) with ESMTP id hBMJ1SFR067420 for ; Mon, 22 Dec 2003 11:01:28 -0800 (PST) (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.10/8.12.10/Submit) id hBMJ1R1e067414 for freebsd-net@freebsd.org; Mon, 22 Dec 2003 11:01:27 -0800 (PST) (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 22 Dec 2003 11:01:27 -0800 (PST) Message-Id: <200312221901.hBMJ1R1e067414@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Dec 2003 19:02:32 -0000 Current FreeBSD problem reports Critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2002/03/09] conf/35726 net Won't let me use ifconfig on the interfac 1 problem total. Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2000/11/14] bin/22846 net Routed does not reflect preference of Int 1 problem total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2002/05/04] kern/37761 net process exits but socket is still ESTABLI o [2003/07/11] kern/54383 net NFS root configurations without dynamic p 2 problems total. From owner-freebsd-net@FreeBSD.ORG Mon Dec 22 11:03:10 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 18EA616A4CE for ; Mon, 22 Dec 2003 11:03:09 -0800 (PST) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id B54F543D70 for ; Mon, 22 Dec 2003 11:02:13 -0800 (PST) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: from khavrinen.lcs.mit.edu (localhost [IPv6:::1]) by khavrinen.lcs.mit.edu (8.12.9/8.12.9) with ESMTP id hBMJ1eDa034344 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK CN=khavrinen.lcs.mit.edu issuer=SSL+20Client+20CA); Mon, 22 Dec 2003 14:01:41 -0500 (EST) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.12.9/8.12.9/Submit) id hBMJ1cSo034341; Mon, 22 Dec 2003 14:01:38 -0500 (EST) (envelope-from wollman) Date: Mon, 22 Dec 2003 14:01:38 -0500 (EST) From: Garrett Wollman Message-Id: <200312221901.hBMJ1cSo034341@khavrinen.lcs.mit.edu> To: David Gilbert In-Reply-To: <16358.15011.888736.676362@canoe.dclg.ca> References: <20031220151122.GQ60229@elvis.mu.org> <16358.15011.888736.676362@canoe.dclg.ca> X-Spam-Score: -19.8 () IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES X-Scanned-By: MIMEDefang 2.37 cc: net@FreeBSD.ORG Subject: crossover between gigE? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Dec 2003 19:03:10 -0000 < said: > As long as the chipsets are compliant, an 8 wire straight thru cable > works as both a straight and a crossover. The GigE standard requires > this behaviour. "Crossover" isn't meaningful in the case of GigE: both stations transmit and receive simultaneously on all four paris. -GAWollman From owner-freebsd-net@FreeBSD.ORG Mon Dec 22 12:48:10 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3209616A4D0 for ; Mon, 22 Dec 2003 12:48:10 -0800 (PST) Received: from monkeytest.eng.utah.edu (mailhub.eng.utah.edu [155.99.222.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id A6A3943D54 for ; Mon, 22 Dec 2003 12:48:08 -0800 (PST) (envelope-from ogden@eng.utah.edu) Received: from lab3-2.eng.utah.edu (lab3-2.eng.utah.edu [155.99.222.201]) hBMKm5uR002832 for ; Mon, 22 Dec 2003 13:48:06 -0700 (MST) Received: (from ogden@localhost) by lab3-2.eng.utah.edu (8.12.9/8.12.9/Submit) id hBMKm6Zq008527 for freebsd-net@freebsd.org; Mon, 22 Dec 2003 13:48:06 -0700 (MST) Date: Mon, 22 Dec 2003 13:48:06 -0700 From: Mark Ogden To: freebsd-net@freebsd.org Message-ID: <20031222204805.GA8522@lab3-2.eng.utah.edu> Mail-Followup-To: freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.25i Subject: arla X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Dec 2003 20:48:10 -0000 Has anyone out there built arla on 5.1? -- Mark L Ogden ogden@eng.utah.edu From owner-freebsd-net@FreeBSD.ORG Mon Dec 22 13:02:06 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2408316A4CE for ; Mon, 22 Dec 2003 13:02:06 -0800 (PST) Received: from voodoo.oberon.net (voodoo.oberon.net [212.118.165.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2719A43D31 for ; Mon, 22 Dec 2003 13:02:05 -0800 (PST) (envelope-from krion@voodoo.oberon.net) Received: from krion by voodoo.oberon.net with local (Exim 4.24) id 1AYXBk-000P92-Bc for freebsd-net@freebsd.org; Mon, 22 Dec 2003 22:02:04 +0100 Date: Mon, 22 Dec 2003 22:02:04 +0100 From: Kirill Ponomarew To: freebsd-net@freebsd.org Message-ID: <20031222210204.GC93568@voodoo.oberon.net> Mail-Followup-To: Kirill Ponomarew , freebsd-net@freebsd.org References: <20031222204805.GA8522@lab3-2.eng.utah.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="IpbVkmxF4tDyP/Kb" Content-Disposition: inline In-Reply-To: <20031222204805.GA8522@lab3-2.eng.utah.edu> X-NCC-Regid: de.oberon Sender: Kirill Ponomarew Subject: Re: arla X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Dec 2003 21:02:06 -0000 --IpbVkmxF4tDyP/Kb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi, On Mon, Dec 22, 2003 at 01:48:06PM -0700, Mark Ogden wrote: > Has anyone out there built arla on 5.1? If you meant net/arla, it's broken. -Kirill --IpbVkmxF4tDyP/Kb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/51vMQC1G6a60JuURAtmrAKCtwwA5mBQL3t8S4P66aCyAxy3GTgCaA7xi K/Lc74LBM5N6TuexhLKCEB4= =F5w/ -----END PGP SIGNATURE----- --IpbVkmxF4tDyP/Kb-- From owner-freebsd-net@FreeBSD.ORG Mon Dec 22 13:09:09 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 46BA416A4CE for ; Mon, 22 Dec 2003 13:09:09 -0800 (PST) Received: from monkeytest.eng.utah.edu (mailhub.eng.utah.edu [155.99.222.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id 73A1C43D3F for ; Mon, 22 Dec 2003 13:09:07 -0800 (PST) (envelope-from ogden@eng.utah.edu) Received: from lab3-2.eng.utah.edu (lab3-2.eng.utah.edu [155.99.222.201]) hBML91uT004197 for ; Mon, 22 Dec 2003 14:09:04 -0700 (MST) Received: (from ogden@localhost) by lab3-2.eng.utah.edu (8.12.9/8.12.9/Submit) id hBML7wAk008580 for freebsd-net@freebsd.org; Mon, 22 Dec 2003 14:07:58 -0700 (MST) Date: Mon, 22 Dec 2003 14:07:58 -0700 From: Mark Ogden To: freebsd-net@freebsd.org Message-ID: <20031222210758.GA8576@lab3-2.eng.utah.edu> Mail-Followup-To: freebsd-net@freebsd.org References: <20031222204805.GA8522@lab3-2.eng.utah.edu> <20031222210204.GC93568@voodoo.oberon.net> <20031222210614.GA8570@lab3-2.eng.utah.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031222210614.GA8570@lab3-2.eng.utah.edu> User-Agent: Mutt/1.3.25i Subject: Re: arla X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Dec 2003 21:09:09 -0000 Mark Ogden on Mon, Dec 22, 2003 at 02:06:14PM -0700 wrote: > Kirill Ponomarew on Mon, Dec 22, 2003 at 10:02:04PM +0100 wrote: > > Hi, > > > > On Mon, Dec 22, 2003 at 01:48:06PM -0700, Mark Ogden wrote: > > > Has anyone out there built arla on 5.1? > > > > If you meant net/arla, it's broken. > > Um, yes I did mean net/arla but not using the port. Arla will build > from http://www.stacken.kth.se/projekt/arla/ on 4.9 and according to > the arla site, it will also build on the 5 series. I have been able to > build it on 4.9 but not on any version of 5. > > -Mark > > > > > -Kirill > > > > -- Mark L Ogden ogden@eng.utah.edu From owner-freebsd-net@FreeBSD.ORG Mon Dec 22 13:11:24 2003 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8CEBC16A4CE; Mon, 22 Dec 2003 13:11:24 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id CC6B243D49; Mon, 22 Dec 2003 13:11:23 -0800 (PST) (envelope-from andre@FreeBSD.org) Received: from freefall.freebsd.org (andre@localhost [127.0.0.1]) hBMLBNFR084051; Mon, 22 Dec 2003 13:11:23 -0800 (PST) (envelope-from andre@freefall.freebsd.org) Received: (from andre@localhost) by freefall.freebsd.org (8.12.10/8.12.10/Submit) id hBMLBNkr084046; Mon, 22 Dec 2003 13:11:23 -0800 (PST) (envelope-from andre) Date: Mon, 22 Dec 2003 13:11:23 -0800 (PST) From: Andre Oppermann Message-Id: <200312222111.hBMLBNkr084046@freefall.freebsd.org> To: fn@hungry.com, andre@FreeBSD.org, freebsd-net@FreeBSD.org, andre@FreeBSD.org Subject: Re: kern/37761: process exits but socket is still ESTABLISHED X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Dec 2003 21:11:24 -0000 Synopsis: process exits but socket is still ESTABLISHED State-Changed-From-To: open->feedback State-Changed-By: andre State-Changed-When: Mon Dec 22 13:10:42 PST 2003 State-Changed-Why: Asking whether this is still a problem. Responsible-Changed-From-To: freebsd-net->andre Responsible-Changed-By: andre Responsible-Changed-When: Mon Dec 22 13:10:42 PST 2003 Responsible-Changed-Why: Asking whether this is still a problem. http://www.freebsd.org/cgi/query-pr.cgi?pr=37761 From owner-freebsd-net@FreeBSD.ORG Mon Dec 22 13:19:21 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D7C9A16A4CE for ; Mon, 22 Dec 2003 13:19:21 -0800 (PST) Received: from voodoo.oberon.net (voodoo.oberon.net [212.118.165.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id C276743D1F for ; Mon, 22 Dec 2003 13:19:20 -0800 (PST) (envelope-from krion@voodoo.oberon.net) Received: from krion by voodoo.oberon.net with local (Exim 4.24) id 1AYXSS-000PI3-53; Mon, 22 Dec 2003 22:19:20 +0100 Date: Mon, 22 Dec 2003 22:19:20 +0100 From: Kirill Ponomarew To: Mark Ogden Message-ID: <20031222211920.GE93568@voodoo.oberon.net> Mail-Followup-To: Kirill Ponomarew , Mark Ogden , freebsd-net@FreeBSD.org References: <20031222204805.GA8522@lab3-2.eng.utah.edu> <20031222210204.GC93568@voodoo.oberon.net> <20031222210614.GA8570@lab3-2.eng.utah.edu> <20031222210917.GD93568@voodoo.oberon.net> <20031222211216.GB8576@lab3-2.eng.utah.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="X3gaHHMYHkYqP6yf" Content-Disposition: inline In-Reply-To: <20031222211216.GB8576@lab3-2.eng.utah.edu> X-NCC-Regid: de.oberon Sender: Kirill Ponomarew cc: freebsd-net@FreeBSD.org Subject: Re: arla X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Dec 2003 21:19:22 -0000 --X3gaHHMYHkYqP6yf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi, On Mon, Dec 22, 2003 at 02:12:16PM -0700, Mark Ogden wrote: > I have built 0.35.9 and 0.35.10 on 4.9 and 4.8. If you take a look at net/arla/Makefile, you can see why it's broken in ports. It requires kernel sources and kerberos. -Kirill --X3gaHHMYHkYqP6yf Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/51/YQC1G6a60JuURAqLgAJ9AOS98I0iaPWh5uCxIT+27ak5dYwCgkV5W oSKuatglGx/kay0D9WbVnCE= =k2y3 -----END PGP SIGNATURE----- --X3gaHHMYHkYqP6yf-- From owner-freebsd-net@FreeBSD.ORG Mon Dec 22 16:33:36 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5D24216A4CE for ; Mon, 22 Dec 2003 16:33:36 -0800 (PST) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id D6E4D43D5A for ; Mon, 22 Dec 2003 16:33:34 -0800 (PST) (envelope-from silby@silby.com) Received: (qmail 48523 invoked from network); 23 Dec 2003 00:33:33 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 23 Dec 2003 00:33:33 -0000 X-pair-Authenticated: 209.68.2.70 Date: Mon, 22 Dec 2003 18:33:31 -0600 (CST) From: Mike Silbersack To: Brett Glass In-Reply-To: <6.0.0.22.2.20031212175801.04b066d8@localhost> Message-ID: <20031222182913.M2799@odysseus.silby.com> References: <200312120312.UAA10720@lariat.org> <20031212074519.GA23452@pit.databus.com> <20031212083522.GA24267@pit.databus.com> <20031212181944.GA33245@pit.databus.com> <20031213001913.GA40544@pit.databus.com> <6.0.0.22.2.20031212175801.04b066d8@localhost> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: Barney Wolff cc: net@freebsd.org Subject: Re: Controlling ports used by natd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2003 00:33:36 -0000 On Fri, 12 Dec 2003, Brett Glass wrote: > net.inet.ip.portrange.lowfirst: 1023 > net.inet.ip.portrange.lowlast: 600 > net.inet.ip.portrange.first: 1024 > net.inet.ip.portrange.last: 5000 > net.inet.ip.portrange.hifirst: 49152 > net.inet.ip.portrange.hilast: 65535 > > Why is "lowfirst" greater than "lowlast" above? That's just an implementation issue, nothing major. The port choosing algorithm can handle both the cases where first > last and last > first, and someone put the low ports in that order. > It is also interesting that natd doesn't respect the > "hifirst..hilast" settings here. Shouldn't it look at > these variables and avoid assigning ports that the > machine on which it's running would not use? Or should > there be a "net.inet.alias.portrange.first", etc., so > that one could specify the ranges or lists for everything > in one place? The high range is really a "feature" added for ftpd's sake, if you take a look back through the cvs history. There's no problem with the normal and high ranges overlapping; -current uses 49152-65535 for both. Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Mon Dec 22 21:13:02 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA87116A4CE for ; Mon, 22 Dec 2003 21:13:02 -0800 (PST) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B02943D31 for ; Mon, 22 Dec 2003 21:13:01 -0800 (PST) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost.databus.com [127.0.0.1]) by pit.databus.com (8.12.9p2/8.12.9) with ESMTP id hBN5D0ot036780; Tue, 23 Dec 2003 00:13:00 -0500 (EST) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.9p2/8.12.9/Submit) id hBN5CxmQ036779; Tue, 23 Dec 2003 00:12:59 -0500 (EST) (envelope-from barney) Date: Tue, 23 Dec 2003 00:12:59 -0500 From: Barney Wolff To: Mike Silbersack Message-ID: <20031223051259.GA36331@pit.databus.com> References: <200312120312.UAA10720@lariat.org> <20031212074519.GA23452@pit.databus.com> <6.0.0.22.2.20031212011133.047ae798@localhost> <20031212083522.GA24267@pit.databus.com> <6.0.0.22.2.20031212103142.04611738@localhost> <20031212181944.GA33245@pit.databus.com> <6.0.0.22.2.20031212161250.045e9408@localhost> <20031213001913.GA40544@pit.databus.com> <6.0.0.22.2.20031212175801.04b066d8@localhost> <20031222182913.M2799@odysseus.silby.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031222182913.M2799@odysseus.silby.com> User-Agent: Mutt/1.5.5.1i X-Scanned-By: MIMEDefang 2.37 cc: Brett Glass cc: net@freebsd.org Subject: Re: Controlling ports used by natd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2003 05:13:02 -0000 On Mon, Dec 22, 2003 at 06:33:31PM -0600, Mike Silbersack wrote: > > On Fri, 12 Dec 2003, Brett Glass wrote: > > > It is also interesting that natd doesn't respect the > > "hifirst..hilast" settings here. Shouldn't it look at > > these variables and avoid assigning ports that the > > machine on which it's running would not use? Or should > > there be a "net.inet.alias.portrange.first", etc., so > > that one could specify the ranges or lists for everything > > in one place? > > The high range is really a "feature" added for ftpd's sake, if you take a > look back through the cvs history. There's no problem with the normal and > high ranges overlapping; -current uses 49152-65535 for both. It is odd that libalias picks a port number, and then, if the "use sockets" option is set, tries to open a socket on that port. Perhaps if the above option is set, it should bind port 0 and use the port the kernel assigns. If folks think that's a good idea, I could produce a patch to alias_db.c for evaluation. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Mon Dec 22 21:26:49 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A88F716A4CE for ; Mon, 22 Dec 2003 21:26:49 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 295AF43D39 for ; Mon, 22 Dec 2003 21:26:48 -0800 (PST) (envelope-from brett@lariat.org) Received: from runaround.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id WAA13493; Mon, 22 Dec 2003 22:26:39 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <6.0.0.22.2.20031222222449.03cd58c8@localhost> X-Sender: brett@localhost (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Mon, 22 Dec 2003 22:25:43 -0700 To: Barney Wolff , Mike Silbersack From: Brett Glass In-Reply-To: <20031223051259.GA36331@pit.databus.com> References: <200312120312.UAA10720@lariat.org> <20031212074519.GA23452@pit.databus.com> <6.0.0.22.2.20031212011133.047ae798@localhost> <20031212083522.GA24267@pit.databus.com> <6.0.0.22.2.20031212103142.04611738@localhost> <20031212181944.GA33245@pit.databus.com> <6.0.0.22.2.20031212161250.045e9408@localhost> <20031213001913.GA40544@pit.databus.com> <6.0.0.22.2.20031212175801.04b066d8@localhost> <20031222182913.M2799@odysseus.silby.com> <20031223051259.GA36331@pit.databus.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" cc: net@freebsd.org Subject: Re: Controlling ports used by natd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2003 05:26:49 -0000 At 10:12 PM 12/22/2003, Barney Wolff wrote: >It is odd that libalias picks a port number, and then, if the "use sockets" >option is set, tries to open a socket on that port. Perhaps if the above >option is set, it should bind port 0 and use the port the kernel assigns. > >If folks think that's a good idea, I could produce a patch to alias_db.c >for evaluation. Good idea. One might also want to set a separate pair of sysctl variables to control the range of ports selected by libalias, just in case the administrator wanted to reserve distinct ports for NAT. --Brett From owner-freebsd-net@FreeBSD.ORG Tue Dec 23 01:19:17 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F309216A4CE for ; Tue, 23 Dec 2003 01:19:16 -0800 (PST) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 2A9D343D39 for ; Tue, 23 Dec 2003 01:19:15 -0800 (PST) (envelope-from silby@silby.com) Received: (qmail 67067 invoked from network); 23 Dec 2003 09:19:13 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 23 Dec 2003 09:19:13 -0000 X-pair-Authenticated: 209.68.2.70 Date: Tue, 23 Dec 2003 03:19:03 -0600 (CST) From: Mike Silbersack To: Barney Wolff In-Reply-To: <20031223051259.GA36331@pit.databus.com> Message-ID: <20031223031435.S2131@odysseus.silby.com> References: <200312120312.UAA10720@lariat.org> <20031212074519.GA23452@pit.databus.com> <20031212083522.GA24267@pit.databus.com> <20031212181944.GA33245@pit.databus.com> <20031213001913.GA40544@pit.databus.com> <20031222182913.M2799@odysseus.silby.com> <20031223051259.GA36331@pit.databus.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: Brett Glass cc: net@freebsd.org Subject: Re: Controlling ports used by natd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2003 09:19:17 -0000 On Tue, 23 Dec 2003, Barney Wolff wrote: > It is odd that libalias picks a port number, and then, if the "use sockets" > option is set, tries to open a socket on that port. Perhaps if the above > option is set, it should bind port 0 and use the port the kernel assigns. > > If folks think that's a good idea, I could produce a patch to alias_db.c > for evaluation. > > -- > Barney Wolff http://www.databus.com/bwresume.pdf I haven't looked at libalias, but there may be some method to the madness. If you just ask the kernel for a source port, it can only hand out the portrange of ports. However, if you know your source / destination tuple beforehand, you may be able to get around the portrange limitation for your concurrent connection count. Now, whether or not libalias is smart enough and whether or not the kernel is playing along is another question entirely. I looked into ephemeral port allocation a few months ago, and it's an absolute nightmare to determine what combination of socket / bind / connect calls are necessary to get the best possible behavior. Hence why I gave up and enhanced time_wait recycling instead. :) Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Tue Dec 23 01:29:07 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 04CA616A4CE for ; Tue, 23 Dec 2003 01:29:07 -0800 (PST) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id C824743D1D for ; Tue, 23 Dec 2003 01:29:04 -0800 (PST) (envelope-from silby@silby.com) Received: (qmail 68850 invoked from network); 23 Dec 2003 09:29:03 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 23 Dec 2003 09:29:03 -0000 X-pair-Authenticated: 209.68.2.70 Date: Tue, 23 Dec 2003 03:29:02 -0600 (CST) From: Mike Silbersack To: Brett Glass In-Reply-To: <6.0.0.22.2.20031222222449.03cd58c8@localhost> Message-ID: <20031223032000.T2131@odysseus.silby.com> References: <200312120312.UAA10720@lariat.org> <20031212074519.GA23452@pit.databus.com> <20031212083522.GA24267@pit.databus.com> <20031212181944.GA33245@pit.databus.com> <20031213001913.GA40544@pit.databus.com> <20031222182913.M2799@odysseus.silby.com> <6.0.0.22.2.20031222222449.03cd58c8@localhost> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: Barney Wolff cc: net@freebsd.org Subject: Re: Controlling ports used by natd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2003 09:29:07 -0000 On Mon, 22 Dec 2003, Brett Glass wrote: > Good idea. One might also want to set a separate pair of sysctl variables > to control the range of ports selected by libalias, just in case the > administrator wanted to reserve distinct ports for NAT. > > --Brett I think that it might be best to keep choosing ports inside of libalias. Adding yet another port range would just complicate the kernel more without much benefit. You know, since we're talking about blocking specific ports, port ranges for specific applications, etc... it almost sounds like this is a firewall issue. ipfw can already filter by uid, and you can already deny packets to / from port ranges, so maybe it would be possible to add a quick hack into the port binding routines that would check to see if sending a packet to / from that port would be valid before completing the bind. Of course, that would only give you deny capabilities, but I think that might be good enough for your purposes, and it should be relatively straightforward to implement. Also, it would not break ephemeral port binding, as that piece of code will simply try all possible ports in the range before giving up. Unfortunately, I'm not familiar with ipfw's internals at all, I do not know how easy it would be to query it for allow / deny with just a few bits of ip information. Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Tue Dec 23 01:47:54 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 101FD16A4CE for ; Tue, 23 Dec 2003 01:47:54 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 237C443D5A for ; Tue, 23 Dec 2003 01:47:45 -0800 (PST) (envelope-from brett@lariat.org) Received: from runaround.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id CAA15578; Tue, 23 Dec 2003 02:47:33 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <6.0.0.22.2.20031223023730.037cbd28@localhost> X-Sender: brett@localhost (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Tue, 23 Dec 2003 02:47:32 -0700 To: Mike Silbersack From: Brett Glass In-Reply-To: <20031223032000.T2131@odysseus.silby.com> References: <200312120312.UAA10720@lariat.org> <20031212074519.GA23452@pit.databus.com> <6.0.0.22.2.20031212011133.047ae798@localhost> <20031212083522.GA24267@pit.databus.com> <6.0.0.22.2.20031212103142.04611738@localhost> <20031212181944.GA33245@pit.databus.com> <6.0.0.22.2.20031212161250.045e9408@localhost> <20031213001913.GA40544@pit.databus.com> <6.0.0.22.2.20031212175801.04b066d8@localhost> <20031222182913.M2799@odysseus.silby.com> <20031223051259.GA36331@pit.databus.com> <6.0.0.22.2.20031222222449.03cd58c8@localhost> <20031223032000.T2131@odysseus.silby.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" cc: Barney Wolff cc: net@freebsd.org Subject: Re: Controlling ports used by natd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2003 09:47:54 -0000 At 02:29 AM 12/23/2003, Mike Silbersack wrote: >I think that it might be best to keep choosing ports inside of libalias. >Adding yet another port range would just complicate the kernel more >without much benefit. Actually, it would just change the code in libalias. It wouldn't change the kernel at all, except that it would make two 16-bit unsigned quantities available to libalias. (These variables might be instanced in jails, by the way.) >You know, since we're talking about blocking specific ports, port ranges >for specific applications, etc... it almost sounds like this is a firewall >issue. ipfw can already filter by uid, and you can already deny packets >to / from port ranges, so maybe it would be possible to add a quick hack >into the port binding routines that would check to see if sending a packet >to / from that port would be valid before completing the bind. Interesting point. After all, my original situation came up because there were conflicts between what IPFW and libalias thought would be valid ports. >Of course, >that would only give you deny capabilities, but I think that might be good >enough for your purposes, and it should be relatively straightforward to >implement. Also, it would not break ephemeral port binding, as that piece >of code will simply try all possible ports in the range before giving up. > >Unfortunately, I'm not familiar with ipfw's internals at all, I do not >know how easy it would be to query it for allow / deny with just a few >bits of ip information. Hmmm.... If you want to do this, It might be better to make a global bitmap whose contents are set by whatever firewall is in operation (IPFW, ipf, pf) and then masked by allowed port ranges. This would be a simple, fixed overhead operation. And it would probably speed the random, nondeterministic process via which libalias currentl picks a port. Yes, it'd waste some ports if you had snaky firewall rules that only sometimes blocked a port. But it's not worth the time it would take to test all the rules, which might depend on src/dst addresses, etc. --Brett From owner-freebsd-net@FreeBSD.ORG Tue Dec 23 04:45:54 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A5E5016A4CE; Tue, 23 Dec 2003 04:45:54 -0800 (PST) Received: from nsuncom.rz.hu-berlin.de (nsuncom.rz.hu-berlin.de [141.20.1.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id C51FB43D2F; Tue, 23 Dec 2003 04:45:52 -0800 (PST) (envelope-from h0444lp6@student.hu-berlin.de) Received: from localhost (localhost [127.0.0.1])hBNCjq0n027958; Tue, 23 Dec 2003 13:45:52 +0100 (MET) Received: from nsuncom.rz.hu-berlin.de ([127.0.0.1]) by localhost (nsuncom [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27764-01-4; Tue, 23 Dec 2003 13:45:51 +0100 (MET) Received: from kojo (x82.rewi.hu-berlin.de [141.20.121.82]) hBNChJcD026948; Tue, 23 Dec 2003 13:43:23 +0100 (MET) From: "h0444lp6" To: , , Date: Tue, 23 Dec 2003 20:43:54 +0800 Message-ID: <008301c3c952$7e5e5b00$5279148d@kojo> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal X-Virus-Scanned: by amavisd-new at hu-berlin.de Subject: WLAN card experiences wanted X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2003 12:45:54 -0000 Hi Does anyone have any experiences with one of the following cards? D-Link DWL-G520 (54MBit, PCI) Netgear WG311 (54MBit, PCI) Netgear MA111 (11MBit, USB) And which of these two is better Netgear MA311 D-Link DWL-520 Thanks From owner-freebsd-net@FreeBSD.ORG Tue Dec 23 05:22:43 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D28FE16A4CE for ; Tue, 23 Dec 2003 05:22:43 -0800 (PST) Received: from cpanel.servercity.com (cpanel.servercity.com [216.235.252.152]) by mx1.FreeBSD.org (Postfix) with ESMTP id 191FC43D1F for ; Tue, 23 Dec 2003 05:22:37 -0800 (PST) (envelope-from peter@easytree.net) Received: from me-waterville-qs-38.mint.adelphia.net ([216.227.133.38] helo=easytree.net) by cpanel.servercity.com with asmtp (Exim 4.24) id 1AYmUc-0003E3-Rc for freebsd-net@freebsd.org; Tue, 23 Dec 2003 08:22:35 -0500 Message-ID: <3FE841B4.8E6D47E9@easytree.net> Date: Tue, 23 Dec 2003 08:23:00 -0500 From: Peter Serwe X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - cpanel.servercity.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - easytree.net Subject: ipfw/natd/3 nic X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2003 13:22:43 -0000 Okay, Basically, since FreeBSD is (in my mind anyway) the ultimate leatherman of the OS world, and God's own gift to networking and network services in general I decided to try to do a 3 nic ipfw/natd setup. I've done 2 nic ipfw/natd a couple of times, straight ipfw public-->public ipfw a couple of times, I'm fairly comfortable with it.. After searching around, I found a message from Gilson (de?)Paiva referencing some stuff Barney Wolff told him that basically straightened it out. Here's what I'm trying to accomplish: I have 2 internal networks that I'll term private_private (192.168.1.0/24) and public_private (192.168.2.0/24). The total number of clients between both networks probably could never exceed 100, and probably won't ever exceed 50. I have one public ip address. I need both networks to be able to surf, but I _never_ want ANY traffic to be able to go in between except from someone having direct access to the router. The router shouldn't be passing any traffic in between private networks. My ideal as I've currently envisioned it would be 3 nic nat, with both private networks being able to get out the public interface. Here's the part that's got me thrown for a loop: Run 2 instances of natd on 8668/8669 - no problem. Run divert rule twice, one to first nat interface on 8668, one to second on 8669. The second natd line is the problem child for me: /sbin/natd -f /etc/natd.conf -p 8669 -alias_address public_address Is this to imply that I need to run a second public address for the second natd instance to run? Hopefully I've left out nothing relevant, Thanks all. Pete -- Peter Serwe Cheaper, Faster, Better, pick any two. From owner-freebsd-net@FreeBSD.ORG Tue Dec 23 06:07:42 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE8ED16A50C for ; Tue, 23 Dec 2003 06:07:42 -0800 (PST) Received: from cpanel.servercity.com (cpanel.servercity.com [216.235.252.152]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8DF5643D48 for ; Tue, 23 Dec 2003 06:07:40 -0800 (PST) (envelope-from peter@easytree.net) Received: from me-waterville-qs-38.mint.adelphia.net ([216.227.133.38] helo=easytree.net) by cpanel.servercity.com with asmtp (Exim 4.24) id 1AYnCD-0004SR-RB for freebsd-net@freebsd.org; Tue, 23 Dec 2003 09:07:38 -0500 Message-ID: <3FE84C46.494045F6@easytree.net> Date: Tue, 23 Dec 2003 09:08:06 -0500 From: Peter Serwe X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <3FE841B4.8E6D47E9@easytree.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - cpanel.servercity.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - easytree.net Subject: Re: ipfw/natd/3 nic X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2003 14:07:42 -0000 Okay, to make a long story short, I got the second public ip to alias to the outside interface. Sounds like: No problem! If there are any extra pointers to extra documentation that would help this out, I'd greatly appreciate it. Thanks again, Pete Peter Serwe wrote: > Okay, > > Basically, since FreeBSD is (in my mind anyway) > the ultimate leatherman of the OS world, and God's > own gift to networking and network services in general > I decided to try to do a 3 nic ipfw/natd setup. > > I've done 2 nic ipfw/natd a couple of times, straight > ipfw public-->public ipfw a couple of times, I'm fairly > comfortable with it.. > > After searching around, I found a message from > Gilson (de?)Paiva referencing some stuff Barney Wolff > told him that basically straightened it out. > > Here's what I'm trying to accomplish: > > I have 2 internal networks that I'll term > private_private (192.168.1.0/24) > and public_private (192.168.2.0/24). > > The total number of clients between both > networks probably could never exceed 100, > and probably won't ever exceed 50. > > I have one public ip address. > > I need both networks to be able to surf, > but I _never_ want ANY traffic to be able > to go in between except from someone having > direct access to the router. The router shouldn't > be passing any traffic in between private networks. > > My ideal as I've currently envisioned it would be > 3 nic nat, with both private networks being able > to get out the public interface. > > Here's the part that's got me thrown for a loop: > > Run 2 instances of natd on 8668/8669 - no problem. > > Run divert rule twice, one to first nat interface > on 8668, one to second on 8669. > > The second natd line is the problem child for me: > > /sbin/natd -f /etc/natd.conf -p 8669 -alias_address public_address > > Is this to imply that I need to run a second public > address for the second natd instance to run? > > Hopefully I've left out nothing relevant, > > Thanks all. > > Pete > -- > Peter Serwe > Cheaper, Faster, Better, pick any two. > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- Peter Serwe Cheaper, Faster, Better, pick any two. From owner-freebsd-net@FreeBSD.ORG Tue Dec 23 08:06:47 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 103A216A4CE; Tue, 23 Dec 2003 08:06:47 -0800 (PST) Received: from otter3.centtech.com (moat3.centtech.com [207.200.51.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id B737243D2F; Tue, 23 Dec 2003 08:06:45 -0800 (PST) (envelope-from anderson@centtech.com) Received: from centtech.com (neutrino.centtech.com [10.177.171.220]) by otter3.centtech.com (8.12.3/8.12.3) with ESMTP id hBNG6j6T021029; Tue, 23 Dec 2003 10:06:45 -0600 (CST) (envelope-from anderson@centtech.com) Message-ID: <3FE8680D.1020405@centtech.com> Date: Tue, 23 Dec 2003 10:06:37 -0600 From: Eric Anderson User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 X-Accept-Language: en-us, en MIME-Version: 1.0 To: h0444lp6 References: <008301c3c952$7e5e5b00$5279148d@kojo> In-Reply-To: <008301c3c952$7e5e5b00$5279148d@kojo> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: freebsd-current@freebsd.org cc: freebsd-hardware@freebsd.org Subject: Re: WLAN card experiences wanted X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2003 16:06:47 -0000 h0444lp6 wrote: >Hi > >Does anyone have any experiences with one of the following cards? > >D-Link DWL-G520 (54MBit, PCI) >Netgear WG311 (54MBit, PCI) >Netgear MA111 (11MBit, USB) > I've used cards with the same chipsets as those above, but not directly any of those cards. They work great (thanks Sam Leffler and everyone else!). I would not expect the full 54MBit however, but that's with any wireless networking. >And which of these two is better > >Netgear MA311 >D-Link DWL-520 > > Better for what? Eric -- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology All generalizations are false, including this one. ------------------------------------------------------------------ From owner-freebsd-net@FreeBSD.ORG Tue Dec 23 08:23:28 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 218CD16A4CF for ; Tue, 23 Dec 2003 08:23:28 -0800 (PST) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id A281543D48 for ; Tue, 23 Dec 2003 08:23:26 -0800 (PST) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost.databus.com [127.0.0.1]) by pit.databus.com (8.12.9p2/8.12.9) with ESMTP id hBNGNNot044728; Tue, 23 Dec 2003 11:23:23 -0500 (EST) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.9p2/8.12.9/Submit) id hBNGNNtD044727; Tue, 23 Dec 2003 11:23:23 -0500 (EST) (envelope-from barney) Date: Tue, 23 Dec 2003 11:23:23 -0500 From: Barney Wolff To: Peter Serwe Message-ID: <20031223162323.GA44463@pit.databus.com> References: <3FE841B4.8E6D47E9@easytree.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3FE841B4.8E6D47E9@easytree.net> User-Agent: Mutt/1.5.5.1i X-Scanned-By: MIMEDefang 2.37 cc: freebsd-net@freebsd.org Subject: Re: ipfw/natd/3 nic X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2003 16:23:28 -0000 On Tue, Dec 23, 2003 at 08:23:00AM -0500, Peter Serwe wrote: > > I have 2 internal networks that I'll term > private_private (192.168.1.0/24) > and public_private (192.168.2.0/24). > > I have one public ip address. > > I need both networks to be able to surf, > but I _never_ want ANY traffic to be able > to go in between except from someone having > direct access to the router. The router shouldn't > be passing any traffic in between private networks. I don't think you need(ed) two public addresses to accomplish what you want. The ipfw divert rule can have "via " to apply only to packets to/from the Internet, and you can have deny rules for packets flowing between your two internal nets. I don't see a need to run two natd's here. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Tue Dec 23 08:54:14 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3742316A4CE for ; Tue, 23 Dec 2003 08:54:14 -0800 (PST) Received: from mail2.dbitech.ca (radius.wavefire.com [64.141.13.252]) by mx1.FreeBSD.org (Postfix) with SMTP id D99BE43D3F for ; Tue, 23 Dec 2003 08:54:12 -0800 (PST) (envelope-from darcy@wavefire.com) Received: (qmail 18085 invoked from network); 23 Dec 2003 17:29:44 -0000 Received: from dbitech.wavefire.com (HELO 64.141.15.253) (darcy@64.141.15.253) by radius.wavefire.com with SMTP; 23 Dec 2003 17:29:44 -0000 From: Darcy Buskermolen Organization: Wavefire Technologies Corp. To: Peter Serwe , freebsd-net@freebsd.org Date: Tue, 23 Dec 2003 08:54:14 -0800 User-Agent: KMail/1.5.4 References: <3FE841B4.8E6D47E9@easytree.net> In-Reply-To: <3FE841B4.8E6D47E9@easytree.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200312230854.14948.darcy@wavefire.com> Subject: Re: ipfw/natd/3 nic X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2003 16:54:14 -0000 On December 23, 2003 05:23 am, Peter Serwe wrote: > Okay, > > Basically, since FreeBSD is (in my mind anyway) > the ultimate leatherman of the OS world, and God's > own gift to networking and network services in general > I decided to try to do a 3 nic ipfw/natd setup. > > I've done 2 nic ipfw/natd a couple of times, straight > ipfw public-->public ipfw a couple of times, I'm fairly > comfortable with it.. > > After searching around, I found a message from > Gilson (de?)Paiva referencing some stuff Barney Wolff > told him that basically straightened it out. > > Here's what I'm trying to accomplish: > > I have 2 internal networks that I'll term > private_private (192.168.1.0/24) > and public_private (192.168.2.0/24). > > The total number of clients between both > networks probably could never exceed 100, > and probably won't ever exceed 50. > > I have one public ip address. > > I need both networks to be able to surf, > but I _never_ want ANY traffic to be able > to go in between except from someone having > direct access to the router. Why not just add soem simple firewall rules such as: ipfw add deny ip from private_private to public_private ipfw add deny ip from public_private to private_private before you do your divert rule ? -- Darcy Buskermolen Wavefire Technologies Corp. ph: 250.717.0200 fx: 250.763.1759 http://www.wavefire.com From owner-freebsd-net@FreeBSD.ORG Tue Dec 23 09:38:39 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F24F416A4CE for ; Tue, 23 Dec 2003 09:38:38 -0800 (PST) Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143]) by mx1.FreeBSD.org (Postfix) with ESMTP id F1D3B43D1F for ; Tue, 23 Dec 2003 09:38:34 -0800 (PST) (envelope-from smithi@nimnet.asn.au) Received: from localhost (smithi@localhost) by gaia.nimnet.asn.au (8.8.8/8.8.8R1.2) with SMTP id EAA16282; Wed, 24 Dec 2003 04:38:32 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Wed, 24 Dec 2003 04:38:32 +1100 (EST) From: Ian Smith To: freebsd-net@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: bridge with access on both interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Ian Smith List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2003 17:38:39 -0000 Hello net crew, We're new to bridges; please be gentle. 4.8-RELEASE box, 2 ed NICs, test rig with 10-base coax. Bridging itself is working nicely. Aim is for the box to bridge a 192.168.0.1 gateway (satellite down / ISDN back proxy server black box) to a /24 of about a dozen mostly winXP boxes, using IPFW to count and dis/enable bridged connections to gw. All that's well along, but the firewall is just open so far while struggling with inside/outside connectivity to/from the bridge box itself. Assigning an address (.7) to the outside interface (ed0) works fine for outside (gw side) access, but we also need this box accessible from the inside, for ssh/webmin/web/mysql and a samba domain controller / file server for the inside network. My coworker has that side well in hand. What I can't get to is setting up both NICs for the same /24, using either one or two separate addresses. I'd hoped to get away with one IP, which some of the docs (and bridge.c, skimmed) led me to believe that any local IPs of this host, on whatever of the bridged interfaces, should provide unbridged local stack access - however if we need to have 'inside' and 'outside' IPs separately on each bridge interface, fine. In short, ifconfig appears unwilling to have two NICs covering the same /24. Can this be set up? I'm also at a bit of a loss with the routing, so inside packets to the bridge box (ie unbridged packets) are responded to on the same interface, and outside unbridged packets go only to/from the gw. Some tcpdumps on both in and outside interfaces suggest an ARP response problem also, perhaps; no responses on the inside iface at all. I'm unsure if that's too little initial detail or too much? Clues, anyone? Ian From owner-freebsd-net@FreeBSD.ORG Tue Dec 23 10:23:57 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 449BB16A4CE for ; Tue, 23 Dec 2003 10:23:57 -0800 (PST) Received: from phoenix.gargantuan.com (rrcs-se-24-73-171-238.biz.rr.com [24.73.171.238]) by mx1.FreeBSD.org (Postfix) with ESMTP id BAFFE43D5A for ; Tue, 23 Dec 2003 10:23:53 -0800 (PST) (envelope-from michael@gargantuan.com) Received: from localhost (localhost.gargantuan.com [127.0.0.1]) by spamassassin-injector (Postfix) with SMTP id 997EE60C; Tue, 23 Dec 2003 13:23:52 -0500 (EST) Received: by phoenix.gargantuan.com (Postfix, from userid 1001) id 584B2609; Tue, 23 Dec 2003 13:23:40 -0500 (EST) Date: Tue, 23 Dec 2003 13:23:40 -0500 From: "Michael W. Oliver" To: Ian Smith Message-ID: <20031223182340.GA81289@gargantuan.com> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="0F1p//8PRICkK4MW" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i X-Personal-Email: michael@gargantuan.com X-WWW-Site: http://michael.gargantuan.com X-GPG-Public-Key: $X-WWW-Site/gnupg/pubkey.asc X-Home-Phone: +1-863-816-8091 X-Mobile-Phone: +1-863-738-2334 X-Home-Address: 8008 Apache Lane, Lakeland, FL, US 33810-2172 X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on phoenix.gargantuan.com X-Spam-Level: X-Spam-Status: No, hits=-104.2 required=5.0 tests=AWL,BAYES_00, USER_IN_WHITELIST autolearn=ham version=2.60 cc: freebsd-net@freebsd.org Subject: Re: bridge with access on both interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2003 18:23:57 -0000 --0F1p//8PRICkK4MW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 24, 2003 at 04:38:32AM +1100, Ian Smith wrote: > Hello net crew, [...] > In short, ifconfig appears unwilling to have two NICs covering the same > /24. Can this be set up? I'm also at a bit of a loss with the routing, > so inside packets to the bridge box (ie unbridged packets) are responded > to on the same interface, and outside unbridged packets go only to/from > the gw. Some tcpdumps on both in and outside interfaces suggest an ARP > response problem also, perhaps; no responses on the inside iface at all. You can't have two interfaces within the same IP subnet, with the same mask, on one box. What you can do is configure the primary interface with the /24 mask, and then configure the other interface with a /32 mask. This is the same process that you would use to put two (or more) addresses from the same IP subnet on a single interface. Regarding the other stuff, if a particular service is configured to listen on any interface (noted by the "*.*" under "Local Address" in a netstat listing), then it should be available via either interface of the bridge, assuming that the bridge is configured correctly (sysctl's and such). What are your /etc/rc.conf settings with regards to the bridge configuration? --=20 Mike perl -e 'print unpack("u","88V]N=3D&%C=3D\"!I;F9O(&EN(&AE861E Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4510816A4CE for ; Tue, 23 Dec 2003 11:41:21 -0800 (PST) Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143]) by mx1.FreeBSD.org (Postfix) with ESMTP id A864243D58 for ; Tue, 23 Dec 2003 11:41:11 -0800 (PST) (envelope-from smithi@nimnet.asn.au) Received: from localhost (smithi@localhost) by gaia.nimnet.asn.au (8.8.8/8.8.8R1.2) with SMTP id GAA19066; Wed, 24 Dec 2003 06:41:00 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Wed, 24 Dec 2003 06:41:00 +1100 (EST) From: Ian Smith To: "Michael W. Oliver" In-Reply-To: <20031223182340.GA81289@gargantuan.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: bridge with access on both interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2003 19:41:21 -0000 On Tue, 23 Dec 2003, Michael W. Oliver wrote: > On Wed, Dec 24, 2003 at 04:38:32AM +1100, Ian Smith wrote: > [...] > > > In short, ifconfig appears unwilling to have two NICs covering the same > > /24. Can this be set up? I'm also at a bit of a loss with the routing, > > so inside packets to the bridge box (ie unbridged packets) are responded > > to on the same interface, and outside unbridged packets go only to/from > > the gw. Some tcpdumps on both in and outside interfaces suggest an ARP > > response problem also, perhaps; no responses on the inside iface at all. > You can't have two interfaces within the same IP subnet, with the same > mask, on one box. What you can do is configure the primary interface > with the /24 mask, and then configure the other interface with a /32 > mask. This is the same process that you would use to put two (or more) > addresses from the same IP subnet on a single interface. Ah, thankyou. In that case, what we'd seem to need is the outside (gw) interface as the /32 - since only the gw is outside here - and the /24 inside, since all the internal boxes need access to its servers. Will try that out tomorrow (family / holiday plans permitting :) > Regarding the other stuff, if a particular service is configured to > listen on any interface (noted by the "*.*" under "Local Address" in a > netstat listing), then it should be available via either interface of > the bridge, assuming that the bridge is configured correctly (sysctl's > and such). Sounds good, and as I'd hoped initially. Webmin/apache/samba listen where they're told to anyway, and IPFW will be moderating all that. > What are your /etc/rc.conf settings with regards to the bridge > configuration? So far, only gateway_enable="NO" and basic IPFW setup ("open" till this much goes, on a protected subnet currently so no worries there), 4.8-R GENERIC kernel - brought the bridge up with kldload and sysctls, as per http://www.freebsd.org/doc/en_US.ISO8859-1/articles/filtering-bridges/ Specifically, in /etc/rc.local for now, pre invoking IPFW, just: kldload bridge sysctl net.link.ether.bridge_cfg=ed0,ed1 sysctl net.link.ether.bridge=1 tubi# kldstat Id Refs Address Size Name 1 7 0xc0100000 41b538 kernel 2 1 0xc0d32000 6000 ipfw.ko 3 1 0xc0d9c000 2000 green_saver.ko 4 1 0xc0d9f000 15000 linux.ko 5 1 0xc0dcd000 3000 streams.ko 6 1 0xc0dd0000 11000 svr4.ko 7 1 0xc0df3000 7000 bridge.ko Of course I'll be building it a proper kernel after proving concept. I see at 4.8 it's no longer necessary to use IPFIREWALL_DEFAULT_TO_ACCEPT to pass ARP and other non-IP traffic (after reading many earlier docs!) As mentioned, no problems seen with bridging; this session is doing a round trip through ssh into a box behind the bridge, back to this gw; rebooting the box hasn't even murdered ssh sessions bridged through it. I can't see any problem with just having a /32 on the gw side, and will swap the ifconfig over to bring up the /24 on the inside iface instead. Thanks heaps Mike, Cheers, Ian From owner-freebsd-net@FreeBSD.ORG Wed Dec 24 15:41:44 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6FADD16A4CE; Wed, 24 Dec 2003 15:41:44 -0800 (PST) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id B254A43D31; Wed, 24 Dec 2003 15:41:36 -0800 (PST) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.12.10/8.12.10) with ESMTP id hBONelUd025984; Wed, 24 Dec 2003 18:40:47 -0500 (EST) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)hBONedEq025936; Wed, 24 Dec 2003 18:40:39 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Wed, 24 Dec 2003 18:40:39 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Kirill Ponomarew In-Reply-To: <20031222211920.GE93568@voodoo.oberon.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@FreeBSD.org cc: Mark Ogden Subject: Re: arla X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Dec 2003 23:41:44 -0000 On Mon, 22 Dec 2003, Kirill Ponomarew wrote: > On Mon, Dec 22, 2003 at 02:12:16PM -0700, Mark Ogden wrote: > > I have built 0.35.9 and 0.35.10 on 4.9 and 4.8. > > If you take a look at net/arla/Makefile, you can see why it's broken in > ports. It requires kernel sources and kerberos. My recollection is that our Arla port has fallen substantially behind the main Arla development tree, which has not only buildable but functional code for at least FreeBSD 5.1. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Senior Research Scientist, McAfee Research From owner-freebsd-net@FreeBSD.ORG Wed Dec 24 15:45:31 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 767D216A4CE for ; Wed, 24 Dec 2003 15:45:31 -0800 (PST) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id CF9CA43D39 for ; Wed, 24 Dec 2003 15:45:29 -0800 (PST) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.12.10/8.12.10) with ESMTP id hBONiTUd026572; Wed, 24 Dec 2003 18:44:29 -0500 (EST) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)hBONiM0u026569; Wed, 24 Dec 2003 18:44:29 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Wed, 24 Dec 2003 18:44:22 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Ian Smith In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: bridge with access on both interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Dec 2003 23:45:31 -0000 On Wed, 24 Dec 2003, Ian Smith wrote: > What I can't get to is setting up both NICs for the same /24, using > either one or two separate addresses. I'd hoped to get away with one > IP, which some of the docs (and bridge.c, skimmed) led me to believe > that any local IPs of this host, on whatever of the bridged interfaces, > should provide unbridged local stack access - however if we need to have > 'inside' and 'outside' IPs separately on each bridge interface, fine. > > In short, ifconfig appears unwilling to have two NICs covering the same > /24. Can this be set up? I'm also at a bit of a loss with the routing, > so inside packets to the bridge box (ie unbridged packets) are responded > to on the same interface, and outside unbridged packets go only to/from > the gw. Some tcpdumps on both in and outside interfaces suggest an ARP > response problem also, perhaps; no responses on the inside iface at all. > > I'm unsure if that's too little initial detail or too much? If you want to use IP while bridging, you'll typically want to configure IP on one of the interfaces making up the bridge, and then simply "ifconfig up" the remaining interfaces without explicitly configuring IP on them. If you get ARP warnings, you can silence them using a sysctl (I can't remember if I got them last time I did this, however). At one point I rewrote bits of our bridge code to create virtual bridge interfaces, the idea being that you'd configure IP on the virtual interface rather than on one of the member interfaces. However, I never got around to merging those changes -- my real goal was to allow sniffing of packets to/from the host on any component interface, and BPF only picked up packets from/to a specific interface (or leaked bridge packets for unknown target addresses). I'm sure at some point, someone will get to reimplementing our bridge code to take this approach, however. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Senior Research Scientist, McAfee Research From owner-freebsd-net@FreeBSD.ORG Wed Dec 24 15:56:29 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 34D4416A4CE for ; Wed, 24 Dec 2003 15:56:29 -0800 (PST) Received: from tenebras.com (laptop.tenebras.com [66.92.188.18]) by mx1.FreeBSD.org (Postfix) with SMTP id BF0DD43D45 for ; Wed, 24 Dec 2003 15:56:18 -0800 (PST) (envelope-from kudzu@tenebras.com) Received: (qmail 41561 invoked from network); 24 Dec 2003 23:56:17 -0000 Received: from sapphire.tenebras.com (HELO tenebras.com) (192.168.188.241) by laptop.tenebras.com with SMTP; 24 Dec 2003 23:56:17 -0000 Message-ID: <3FEA27A0.7030902@tenebras.com> Date: Wed, 24 Dec 2003 15:56:16 -0800 From: Michael Sierchio User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, zh-tw, zh-cn, fr, en, de-de MIME-Version: 1.0 To: Robert Watson References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: Ian Smith Subject: Re: bridge with access on both interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Dec 2003 23:56:29 -0000 Robert Watson wrote: > On Wed, 24 Dec 2003, Ian Smith wrote: > > > >>What I can't get to is setting up both NICs for the same /24, using >>either one or two separate addresses. I'd hoped to get away with one >>IP, which some of the docs (and bridge.c, skimmed) led me to believe >>that any local IPs of this host, on whatever of the bridged interfaces, >>should provide unbridged local stack access - however if we need to have >>'inside' and 'outside' IPs separately on each bridge interface, fine. >> >>In short, ifconfig appears unwilling to have two NICs covering the same >>/24. Can this be set up? I'm also at a bit of a loss with the routing, >>so inside packets to the bridge box (ie unbridged packets) are responded >>to on the same interface, and outside unbridged packets go only to/from >>the gw. Some tcpdumps on both in and outside interfaces suggest an ARP >>response problem also, perhaps; no responses on the inside iface at all. >> >>I'm unsure if that's too little initial detail or too much? > > > > If you want to use IP while bridging, you'll typically want to configure > IP on one of the interfaces making up the bridge, and then simply > "ifconfig up" the remaining interfaces without explicitly configuring IP > on them. If you get ARP warnings, you can silence them using a sysctl (I > can't remember if I got them last time I did this, however). > > At one point I rewrote bits of our bridge code to create virtual bridge > interfaces, the idea being that you'd configure IP on the virtual > interface rather than on one of the member interfaces. However, I never > got around to merging those changes -- my real goal was to allow sniffing > of packets to/from the host on any component interface, and BPF only > picked up packets from/to a specific interface (or leaked bridge packets > for unknown target addresses). I'm sure at some point, someone will get > to reimplementing our bridge code to take this approach, however. Robert - when digging into the bridging code, you may want to look at an apparent performance bug. This was discovered by Soekris users -- when two of three interfaces were configured in the bridge, performance was significantly less than when all interfaces were, even if one interface was unused/uncabled. From: Soren Kristensen Organization: Soekris Engineering To: timg@tpi.com CC: Soekris-tech Subject: Re: [Soekris] Slow net speed on Net4801 I just did a little testing on the net4801 ethernet performance, as I wanted to make sure there wasn't any hardware problems. I wanted to be sure as the Geode used to have some serious PCI bus performance issues, but those problems should be fixed on the SC1100 if you program it up correctly. Also, one difference between the net4501 and net4801 is that the 3 ethernet controllers now share one interrupt. As I had limited interrupts available on the SC1100, I decided that I would prefer that chips using the same drivers are sharing rather than random chips used on the expansion slots.... Sharing interrupts will reduce performance a little, but not very much on a correct implemented shared interrupt system. So I set up a full FreeBSD 4.9 Release (on one of those nice new 2.2Gbyte Microdrives....) and enabled bridging. I quickly found performance problems, but after testing I now believe I instead found a bug in FreeBSD interrupt code.... At first I got about 35 Mbit/sec with 99% interrupt time. I then tried on a net4501 and got 50 Mbit/sec with 60% interrupt time. But after some testing I found out that when I on the net4801 configured all 3 ethernet controllers for bridging instead of the first 2 as I started with, the net4801 got 50 Mbit/sec with 40% interrupt time, much better and beating the net4501 as you would expect. You should also expect higher raw speed, but my test setup was limited to 50 Mbit/sec. (hand timing filecopy in msdos window on win2000....). As soon as I set net.link.ether.bridge_cfg=sis0,sis1,sis2, performance was much better on the net4801, but didn't affect the net4501. So the conclusion so far is that you should be able to get very good performance, but the ethernet drivers and operating systems need to handle shared interrupts correctly. Apperently there is a problem with FreeBSD when you have 3 ethernet controllers sharing one interrupt and only bridging 2 of them. When doing that, the processor spend a lot of time in interrupt.... Can one of the FreeBSD gurus (Poul-Henning ?) look into the FreeBSD interrupt and/or bridging code ? Regards, Soren Kristensen _____________________________________________________________________ Soekris Engineering, technical discussion mailing list [un]subscribe: http://lists.soekris.com/mailman/listinfo/soekris-tech From owner-freebsd-net@FreeBSD.ORG Wed Dec 24 23:20:42 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7B05316A4CE for ; Wed, 24 Dec 2003 23:20:42 -0800 (PST) Received: from flock1.newmail.ru (morda.newmail.ru [212.48.140.150]) by mx1.FreeBSD.org (Postfix) with SMTP id 562E243D41 for ; Wed, 24 Dec 2003 23:20:38 -0800 (PST) (envelope-from Andrew.Karjagin@newmail.ru) Received: (qmail 20265 invoked by alias); 25 Dec 2003 07:20:38 -0000 Message-ID: <20031225072038.20264.qmail@flock1.newmail.ru> From: Andrew Karjagin To: freebsd-net@freebsd.org X-Priority: 3 MIME-Version: 1.0 X-Mailer: DenMail v1.0 by ORC X-Uid: 689 X-RemoteIP: 81.89.64.3 (81.89.64.105) Date: Thu, 25 Dec 2003 10:20:38 +0300 Content-type: text/plain; charset="koi8-r" Subject: CHAP FreeRadius and MPD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Dec 2003 07:20:42 -0000 Hello! I am install FreeRadius 0.9.3 with mpd 3.15 on FreeBSD 4.9-STABLE. FreeRadius work with MySQL. And I can't setup VPN connection. View archive http://www.freebsd.org/cgi/getmsg.cgi?fetch=484342+498693+/usr/local/www/db/text/2003/freebsd-net/20031116.freebsd-net but it doesn't help me. microsoft dictionary to radius config includes. This is my mpd.conf: default: load pptp0 pptp0: new -i ng0 pptp0 pptp0 set ipcp ranges 81.89.xx.251/32 81.89.xx.252/32 load pptp_standart pptp_standart: set iface disable on-demand set bundle enable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link keep-alive 60 180 set ipcp yes vjcomp set ipcp dns 81.89.xx.250 18.89.xy.2 set iface enable proxy-arp set bundle enable compression set ccp yes mppc set ccp yes mpp-e40 set ccp yes mpp-e128 set ccp yes mpp-stateless set pptp enable incoming set pptp disable originate set link mtu 1440 load radius radius: set radius server 81.89.xx.xxy testpw 1812 1813 set radius timeout 10 set radius config /etc/radius.conf set radius retries 3 set bundle enable radius-auth radius-fallback set bundle enable radius-acct set ipcp yes radius-ip And this is my mpd.log: Dec 25 09:20:47 savvin /kernel: mpd Dec 25 09:20:47 savvin mpd: mpd: pid 177, version 3.15 (root@savvin.tel.ru 13:53 19-Dec-2003) Dec 25 09:20:48 savvin mpd: [pptp0] ppp node is "mpd177-pptp0" Dec 25 09:20:48 savvin mpd: [pptp0] using interface ng0 Dec 25 09:20:48 savvin mpd: mpd: local IP address for PPTP is 0.0.0.0 Dec 25 09:25:44 savvin mpd: mpd: PPTP connection from 81.89.xx.x:1655 Dec 25 09:25:44 savvin mpd: pptp0: attached to connection with 81.89.xx.x:1655 Dec 25 09:25:44 savvin mpd: [pptp0] IFACE: Open event Dec 25 09:25:44 savvin mpd: [pptp0] IPCP: Open event Dec 25 09:25:44 savvin mpd: [pptp0] IPCP: state change Initial --> Starting Dec 25 09:25:44 savvin mpd: [pptp0] IPCP: LayerStart Dec 25 09:25:44 savvin mpd: [pptp0] IPCP: Open event Dec 25 09:25:44 savvin mpd: [pptp0] bundle: OPEN event in state CLOSED Dec 25 09:25:44 savvin mpd: [pptp0] opening link "pptp0"... Dec 25 09:25:44 savvin mpd: [pptp0] link: OPEN event Dec 25 09:25:44 savvin mpd: [pptp0] LCP: Open event Dec 25 09:25:44 savvin mpd: [pptp0] LCP: state change Initial --> Starting Dec 25 09:25:44 savvin mpd: [pptp0] LCP: LayerStart Dec 25 09:25:44 savvin mpd: [pptp0] device: OPEN event in state DOWN Dec 25 09:25:44 savvin mpd: [pptp0] attaching to peer's outgoing call Dec 25 09:25:45 savvin mpd: [pptp0] device is now in state OPENING Dec 25 09:25:45 savvin mpd: [pptp0] device: UP event in state OPENING Dec 25 09:25:45 savvin mpd: [pptp0] device is now in state UP Dec 25 09:25:45 savvin mpd: [pptp0] link: UP event Dec 25 09:25:45 savvin mpd: [pptp0] link: origination is remote Dec 25 09:25:45 savvin mpd: [pptp0] LCP: Up event Dec 25 09:25:45 savvin mpd: [pptp0] LCP: state change Starting --> Req-Sent Dec 25 09:25:45 savvin mpd: [pptp0] LCP: phase shift DEAD --> ESTABLISH Dec 25 09:25:45 savvin mpd: [pptp0] LCP: SendConfigReq #1 Dec 25 09:25:45 savvin mpd: ACFCOMP Dec 25 09:25:45 savvin mpd: PROTOCOMP Dec 25 09:25:45 savvin mpd: MRU 1500 Dec 25 09:25:45 savvin mpd: MAGICNUM 65229a88 Dec 25 09:25:45 savvin mpd: AUTHPROTO CHAP MSOFTv2 Dec 25 09:25:45 savvin mpd: MP MRRU 1600 Dec 25 09:25:45 savvin mpd: MP SHORTSEQ Dec 25 09:25:45 savvin mpd: ENDPOINTDISC [802.1] 00 c0 26 a2 da 23 Dec 25 09:25:46 savvin mpd: pptp0-0: ignoring SetLinkInfo Dec 25 09:25:46 savvin mpd: [pptp0] LCP: rec'd Configure Request #0 link 0 (Req-Sent) Dec 25 09:25:46 savvin mpd: MRU 1400 Dec 25 09:25:46 savvin mpd: MAGICNUM 382c40eb Dec 25 09:25:46 savvin mpd: PROTOCOMP Dec 25 09:25:46 savvin mpd: ACFCOMP Dec 25 09:25:46 savvin mpd: CALLBACK Dec 25 09:25:46 savvin mpd: Not supported Dec 25 09:25:46 savvin mpd: [pptp0] LCP: SendConfigRej #0 Dec 25 09:25:46 savvin mpd: CALLBACK Dec 25 09:25:46 savvin mpd: [pptp0] LCP: rec'd Configure Request #1 link 0 (Req-Sent) Dec 25 09:25:46 savvin mpd: MRU 1400 Dec 25 09:25:46 savvin mpd: MAGICNUM 382c40eb Dec 25 09:25:46 savvin mpd: PROTOCOMP Dec 25 09:25:46 savvin mpd: ACFCOMP Dec 25 09:25:46 savvin mpd: [pptp0] LCP: SendConfigAck #1 Dec 25 09:25:46 savvin mpd: MRU 1400 Dec 25 09:25:46 savvin mpd: MAGICNUM 382c40eb Dec 25 09:25:46 savvin mpd: PROTOCOMP Dec 25 09:25:46 savvin mpd: ACFCOMP Dec 25 09:25:46 savvin mpd: [pptp0] LCP: state change Req-Sent --> Ack-Sent Dec 25 09:25:47 savvin mpd: [pptp0] LCP: SendConfigReq #2 Dec 25 09:25:47 savvin mpd: ACFCOMP Dec 25 09:25:47 savvin mpd: PROTOCOMP Dec 25 09:25:47 savvin mpd: MRU 1500 Dec 25 09:25:47 savvin mpd: MAGICNUM 65229a88 Dec 25 09:25:47 savvin mpd: AUTHPROTO CHAP MSOFTv2 Dec 25 09:25:47 savvin mpd: MP MRRU 1600 Dec 25 09:25:47 savvin mpd: MP SHORTSEQ Dec 25 09:25:47 savvin mpd: ENDPOINTDISC [802.1] 00 c0 26 a2 da 23 Dec 25 09:25:47 savvin mpd: [pptp0] LCP: rec'd Configure Reject #2 link 0 (Ack-Sent) Dec 25 09:25:47 savvin mpd: MP MRRU 1600 Dec 25 09:25:47 savvin mpd: MP SHORTSEQ Dec 25 09:25:47 savvin mpd: ENDPOINTDISC [802.1] 00 c0 26 a2 da 23 Dec 25 09:25:47 savvin mpd: [pptp0] LCP: SendConfigReq #3 Dec 25 09:25:47 savvin mpd: ACFCOMP Dec 25 09:25:47 savvin mpd: PROTOCOMP Dec 25 09:25:47 savvin mpd: MRU 1500 Dec 25 09:25:47 savvin mpd: MAGICNUM 65229a88 Dec 25 09:25:47 savvin mpd: AUTHPROTO CHAP MSOFTv2 Dec 25 09:25:47 savvin mpd: [pptp0] LCP: rec'd Configure Ack #3 link 0 (Ack-Sent) Dec 25 09:25:47 savvin mpd: ACFCOMP Dec 25 09:25:47 savvin mpd: PROTOCOMP Dec 25 09:25:47 savvin mpd: MRU 1500 Dec 25 09:25:47 savvin mpd: MAGICNUM 65229a88 Dec 25 09:25:47 savvin mpd: AUTHPROTO CHAP MSOFTv2 Dec 25 09:25:47 savvin mpd: [pptp0] LCP: state change Ack-Sent --> Opened Dec 25 09:25:47 savvin mpd: [pptp0] LCP: phase shift ESTABLISH --> AUTHENTICATE Dec 25 09:25:47 savvin mpd: [pptp0] LCP: auth: peer wants nothing, I want CHAP Dec 25 09:25:47 savvin mpd: [pptp0] CHAP: sending CHALLENGE Dec 25 09:25:47 savvin mpd: [pptp0] LCP: LayerUp Dec 25 09:25:47 savvin mpd: pptp0-0: ignoring SetLinkInfo Dec 25 09:25:47 savvin mpd: [pptp0] LCP: rec'd Ident #2 link 0 (Opened) Dec 25 09:25:47 savvin mpd: MESG: MSRASV5.10 Dec 25 09:25:47 savvin mpd: [pptp0] LCP: rec'd Ident #3 link 0 (Opened) Dec 25 09:25:47 savvin mpd: MESG: MSRAS-0-KARYAGIN Dec 25 09:25:47 savvin mpd: [pptp0] CHAP: rec'd RESPONSE #1 Dec 25 09:25:47 savvin mpd: Name: "richi" Dec 25 09:25:47 savvin mpd: [pptp0] RADIUS: using /etc/radius.conf Dec 25 09:25:47 savvin mpd: [pptp0] RADIUS: RadiusAddServer Adding 81.89.xx.xxy Dec 25 09:25:47 savvin mpd: [pptp0] RADIUS: RadiusPutAuth: RADIUS_CHAP (MSOFTv2) peer name: richi Dec 25 09:25:57 savvin mpd: [pptp0] RADIUS: RadiusSendRequest: RAD_ACCESS_REJECT for user richi Dec 25 09:25:57 savvin mpd: [pptp0] RADIUS: RadiusGetParams: PANIC no MS-CHAPv2 response received Dec 25 09:25:57 savvin mpd: Peer name: "richi" Dec 25 09:25:57 savvin mpd: mpd: warning: line too long, truncated Dec 25 09:25:57 savvin mpd: Can't get credentials for "richi" Dec 25 09:25:57 savvin mpd: [pptp0] CHAP: sending FAILURE Dec 25 09:25:57 savvin mpd: [pptp0] LCP: authorization failed Dec 25 09:25:57 savvin mpd: [pptp0] device: CLOSE event in state UP Dec 25 09:25:57 savvin mpd: pptp0-0: clearing call Dec 25 09:25:57 savvin mpd: pptp0-0: killing channel Dec 25 09:25:57 savvin mpd: [pptp0] PPTP call terminated Dec 25 09:25:57 savvin mpd: [pptp0] IFACE: Close event Dec 25 09:25:57 savvin mpd: [pptp0] IPCP: Close event Dec 25 09:25:57 savvin mpd: [pptp0] IPCP: state change Starting --> Initial Dec 25 09:25:57 savvin mpd: [pptp0] IPCP: LayerFinish Dec 25 09:25:57 savvin mpd: [pptp0] IFACE: Close event And this is my radius.log: Thu Dec 25 09:12:03 2003 : Info: Using deprecated naslist file. Support for this will go away soon. Thu Dec 25 09:12:03 2003 : Info: Using deprecated clients file. Support for this will go away soon. Thu Dec 25 09:12:03 2003 : Info: Using deprecated realms file. Support for this will go away soon. Thu Dec 25 09:12:03 2003 : Info: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Thu Dec 25 09:12:03 2003 : Info: rlm_sql (sql): Attempting to connect to freeradius@localhost:/freeradius Thu Dec 25 09:12:03 2003 : Info: rlm_sql_mysql: Starting connect to MySQL server for #0 Thu Dec 25 09:12:03 2003 : Info: rlm_sql_mysql: Starting connect to MySQL server for #1 Thu Dec 25 09:12:03 2003 : Info: rlm_sql_mysql: Starting connect to MySQL server for #2 Thu Dec 25 09:12:03 2003 : Info: rlm_sql_mysql: Starting connect to MySQL server for #3 Thu Dec 25 09:12:03 2003 : Info: rlm_sql_mysql: Starting connect to MySQL server for #4 Thu Dec 25 09:12:03 2003 : Info: Listening on IP address *, ports 1812/udp and 1813/udp. Thu Dec 25 09:12:03 2003 : Info: Ready to process requests. Thu Dec 25 09:17:01 2003 : Auth: Login incorrect: [richi/] (from client ns port 0 cli 81.89.64.105) Thu Dec 25 09:17:11 2003 : Auth: Login incorrect: [richi/] (from client ns port 0) Thu Dec 25 09:17:21 2003 : Auth: Login incorrect: [richi/] (from client ns port 0) Can anyone help me - where and what I made wrong? __________ www.newmail.ru -- всегда что-то новое. From owner-freebsd-net@FreeBSD.ORG Thu Dec 25 01:54:34 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0B05316A4CE for ; Thu, 25 Dec 2003 01:54:34 -0800 (PST) Received: from mail.a-quadrat.at (mail.a-quadrat.at [81.223.141.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id BE5DF43D39 for ; Thu, 25 Dec 2003 01:54:32 -0800 (PST) (envelope-from mbretter@a-quadrat.at) Received: from localhost.jawa.at (files.a-quadrat.at [192.168.90.9]) by files.a-quadrat.at (Postfix) with ESMTP id 9B2875C1B5; Thu, 25 Dec 2003 10:52:03 +0100 (CET) Date: Thu, 25 Dec 2003 10:54:28 +0100 (=?ISO-8859-15?Q?Westeurop=E4ische_Normalzeit?=) From: Michael Bretterklieber To: Andrew Karjagin In-Reply-To: <20031225072038.20264.qmail@flock1.newmail.ru> Message-ID: References: <20031225072038.20264.qmail@flock1.newmail.ru> X-X-Sender: mbretter@localhost.jawa.at MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: CHAP FreeRadius and MPD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Dec 2003 09:54:34 -0000 Hi Andrew, On Thu, 25 Dec 2003, Andrew Karjagin wrote: > Dec 25 09:25:47 savvin mpd: [pptp0] RADIUS: RadiusPutAuth: RADIUS_CHAP (MSOFTv2) peer name: richi > Dec 25 09:25:57 savvin mpd: [pptp0] RADIUS: RadiusSendRequest: RAD_ACCESS_REJECT for user richi > Dec 25 09:25:57 savvin mpd: [pptp0] RADIUS: RadiusGetParams: PANIC no MS-CHAPv2 response received You forgot including the Microsoft dictionary to your FreeRADIUS configuration. bye, -- ------------------------------- ---------------------------------- Michael Bretterklieber - http://www.bretterklieber.com A-Quadrat Automation GmbH - http://www.a-quadrat.at Tel: ++43-(0)3172-41679 - GSM: ++43-(0)699 12861847 ------------------------------- ---------------------------------- "...the number of UNIX installations has grown to 10, with more expected..." - Dennis Ritchie and Ken Thompson, June 1972 From owner-freebsd-net@FreeBSD.ORG Thu Dec 25 03:10:22 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7FE3416A4CE for ; Thu, 25 Dec 2003 03:10:22 -0800 (PST) Received: from flock1.newmail.ru (morda.newmail.ru [212.48.140.150]) by mx1.FreeBSD.org (Postfix) with SMTP id A6B9843D2D for ; Thu, 25 Dec 2003 03:10:20 -0800 (PST) (envelope-from Andrew.Karjagin@newmail.ru) Received: (qmail 30412 invoked by alias); 25 Dec 2003 11:10:21 -0000 Message-ID: <20031225111021.30405.qmail@flock1.newmail.ru> From: Andrew Karjagin To: Michael Bretterklieber X-Priority: 3 MIME-Version: 1.0 X-Mailer: DenMail v1.0 by ORC X-Uid: 689 X-RemoteIP: 81.89.64.3 (81.89.64.105) Date: Thu, 25 Dec 2003 14:10:21 +0300 In-Reply-To: X-DWM-In-Reply-To: <1072350621.30380.denwebmail-6824-INBOX@Andrew_Karjagin> Content-type: text/plain; charset="koi8-r" cc: freebsd-net@freebsd.org Subject: Re[2]: CHAP FreeRadius and MPD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Dec 2003 11:10:22 -0000 No, I am include microsoft dictionary. This is my master dictionary file placed in /usr/opt/etc/raddb #====================================== # The first file in this list also has INCLUDE directive for all dict files $INCLUDE /usr/opt/share/freeradius/dictionary $INCLUDE /usr/opt/share/freeradius/dictionary.microsoft #====================================== I think may be I use wrong parameters in sql database? All that I do with it - I do very base. Is there some links where I can read examples of working configurations? Hello Michael Bretterklieber Чт, 25.12.2003 13:54:28 you wrote: > MB> Hi Andrew, MB> MB> On Thu, 25 Dec 2003, Andrew Karjagin wrote: MB> > Dec 25 09:25:47 savvin mpd: [pptp0] RADIUS: RadiusPutAuth: RADIUS_CHAP (MSOFTv2) peer name: richi MB> > Dec 25 09:25:57 savvin mpd: [pptp0] RADIUS: RadiusSendRequest: RAD_ACCESS_REJECT for user richi MB> > Dec 25 09:25:57 savvin mpd: [pptp0] RADIUS: RadiusGetParams: PANIC no MS-CHAPv2 response received MB> MB> You forgot including the Microsoft dictionary to your FreeRADIUS MB> configuration. MB> MB> bye, MB> -- MB> ------------------------------- ---------------------------------- MB> Michael Bretterklieber - http://www.bretterklieber.com MB> A-Quadrat Automation GmbH - http://www.a-quadrat.at MB> Tel: ++43-(0)3172-41679 - GSM: ++43-(0)699 12861847 MB> ------------------------------- ---------------------------------- MB> "...the number of UNIX installations has grown to 10, with more MB> expected..." - Dennis Ritchie and Ken Thompson, June 1972 __________ www.newmail.ru -- всегда что-то новое. From owner-freebsd-net@FreeBSD.ORG Thu Dec 25 10:26:40 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 500AE16A4CE; Thu, 25 Dec 2003 10:26:40 -0800 (PST) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id C39C043D46; Thu, 25 Dec 2003 10:25:53 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.9p1/8.12.3) with ESMTP id hBPIPqSN079238; Thu, 25 Dec 2003 10:25:52 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.9p1/8.12.3/Submit) id hBPIPn0O079237; Thu, 25 Dec 2003 10:25:49 -0800 (PST) (envelope-from rizzo) Date: Thu, 25 Dec 2003 10:25:49 -0800 From: Luigi Rizzo To: Michael Sierchio Message-ID: <20031225102549.A79161@xorpc.icir.org> References: <3FEA27A0.7030902@tenebras.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3FEA27A0.7030902@tenebras.com>; from kudzu@tenebras.com on Wed, Dec 24, 2003 at 03:56:16PM -0800 cc: Robert Watson cc: Ian Smith cc: net@freebsd.org cc: timg@tpi.com cc: soekris-tech@lists.soekris.com Subject: Re: bridge with access on both interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Dec 2003 18:26:40 -0000 [slightly rearranging the Cc list...] i have read Soren's report, and I think he is probably right in pointing to the interrupt handling code rhather than the bridging code. If the 4801 has the "sis" driver, the following lines in /sys/pci/if_sis.c: sis_intr() might be the cause of the problem: /* Supress unwanted interrupts */ if (!(ifp->if_flags & IFF_UP)) { sis_stop(sc); return; } If you have shared interrupts, and one of the interfaces is not up, you end up doing a lot of useless calls to sis_stop(), which is terribly expensive (it even includes a DELAY(1000) call). At the very least, one should add a 'stopped' flag so that sis_stop() is only called when necessary -- or possibly even never at all. The second (minor) cause of performance loss are the calls (not shown above) to disable and re-enable the interrupts around the driver. These are completely useless, yet cause some extra PCI transactions. If my diagnosis is correct, you should be able to fix the performance problem by either doing an 'ifconfig sisX up' on the interface that is idle, or by putting '#ifdef 0 ... #endif' around the block above. Another way to test is to use a kernel with DEVICE_POLLING and enable it with sysctl kern.polling.enable=1 I believe there are several drivers which share the same structure hence have the same potential problem. cheers luigi On Wed, Dec 24, 2003 at 03:56:16PM -0800, Michael Sierchio wrote: ... > Robert - > > when digging into the bridging code, you may want to look > at an apparent performance bug. This was discovered by > Soekris users -- when two of three interfaces were configured > in the bridge, performance was significantly less than when > all interfaces were, even if one interface was unused/uncabled. > From: Soren Kristensen > Organization: Soekris Engineering > To: timg@tpi.com > CC: Soekris-tech > Subject: Re: [Soekris] Slow net speed on Net4801 > > > I just did a little testing on the net4801 ethernet performance, as I > wanted to make sure there wasn't any hardware problems. > > I wanted to be sure as the Geode used to have some serious PCI bus > performance issues, but those problems should be fixed on the SC1100 if > you program it up correctly. Also, one difference between the net4501 > and net4801 is that the 3 ethernet controllers now share one interrupt. > > As I had limited interrupts available on the SC1100, I decided that I > would prefer that chips using the same drivers are sharing rather than > random chips used on the expansion slots.... Sharing interrupts will > reduce performance a little, but not very much on a correct implemented > shared interrupt system. > > So I set up a full FreeBSD 4.9 Release (on one of those nice new > 2.2Gbyte Microdrives....) and enabled bridging. > > I quickly found performance problems, but after testing I now believe I > instead found a bug in FreeBSD interrupt code.... > > At first I got about 35 Mbit/sec with 99% interrupt time. > I then tried on a net4501 and got 50 Mbit/sec with 60% interrupt time. > > But after some testing I found out that when I on the net4801 configured > all 3 ethernet controllers for bridging instead of the first 2 as I > started with, the net4801 got 50 Mbit/sec with 40% interrupt time, much > better and beating the net4501 as you would expect. You should also > expect higher raw speed, but my test setup was limited to 50 Mbit/sec. > (hand timing filecopy in msdos window on win2000....). > > As soon as I set net.link.ether.bridge_cfg=sis0,sis1,sis2, performance > was much better on the net4801, but didn't affect the net4501. > > So the conclusion so far is that you should be able to get very good > performance, but the ethernet drivers and operating systems need to > handle shared interrupts correctly. > > Apperently there is a problem with FreeBSD when you have 3 ethernet > controllers sharing one interrupt and only bridging 2 of them. When > doing that, the processor spend a lot of time in interrupt.... > > Can one of the FreeBSD gurus (Poul-Henning ?) look into the FreeBSD > interrupt and/or bridging code ? > > > Regards, > > > Soren Kristensen > > _____________________________________________________________________ > Soekris Engineering, technical discussion mailing list > [un]subscribe: http://lists.soekris.com/mailman/listinfo/soekris-tech > > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Thu Dec 25 10:41:30 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A249916A4CE for ; Thu, 25 Dec 2003 10:41:30 -0800 (PST) Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0A16D43D1F for ; Thu, 25 Dec 2003 10:41:29 -0800 (PST) (envelope-from phk@phk.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.12.10/8.12.10) with ESMTP id hBPIfK1o059489; Thu, 25 Dec 2003 19:41:20 +0100 (CET) (envelope-from phk@phk.freebsd.dk) To: Luigi Rizzo From: "Poul-Henning Kamp" In-Reply-To: Your message of "Thu, 25 Dec 2003 10:25:49 PST." <20031225102549.A79161@xorpc.icir.org> Date: Thu, 25 Dec 2003 19:41:20 +0100 Message-ID: <59488.1072377680@critter.freebsd.dk> cc: Robert Watson cc: Ian Smith cc: soekris-tech@lists.soekris.com cc: timg@tpi.com cc: net@freebsd.org Subject: Re: [Soekris] Re: bridge with access on both interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Dec 2003 18:41:30 -0000 In message <20031225102549.A79161@xorpc.icir.org>, Luigi Rizzo writes: >If you have shared interrupts, and one of the interfaces is not up, you >end up doing a lot of useless calls to sis_stop(), which is terribly >expensive (it even includes a DELAY(1000) call). >At the very least, one should add a 'stopped' flag so that >sis_stop() is only called when necessary -- or possibly even >never at all. > >The second (minor) cause of performance loss are the calls >(not shown above) >to disable and re-enable the interrupts around the driver. These are >completely useless, yet cause some extra PCI transactions. I don't know if it is correct, but at the very least I have thought the same thoughts when I looked at the driver last, but I didn't get time to try out the idea... Somebody with some spare time should look at this... Poul-Henning -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. From owner-freebsd-net@FreeBSD.ORG Thu Dec 25 11:53:57 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 89D5616A4D5 for ; Thu, 25 Dec 2003 11:53:57 -0800 (PST) Received: from mail.a-quadrat.at (mail.a-quadrat.at [81.223.141.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id A4E9B43D31 for ; Thu, 25 Dec 2003 11:53:55 -0800 (PST) (envelope-from mbretter@a-quadrat.at) Received: from localhost.jawa.at (files.a-quadrat.at [192.168.90.9]) by files.a-quadrat.at (Postfix) with ESMTP id AB2D25C03C; Thu, 25 Dec 2003 20:51:25 +0100 (CET) Date: Thu, 25 Dec 2003 20:53:52 +0100 (=?ISO-8859-15?Q?Westeurop=E4ische_Normalzeit?=) From: Michael Bretterklieber To: Andrew Karjagin In-Reply-To: <20031225111021.30405.qmail@flock1.newmail.ru> Message-ID: References: <20031225111021.30405.qmail@flock1.newmail.ru> X-X-Sender: mbretter@localhost.jawa.at MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re[2]: CHAP FreeRadius and MPD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Dec 2003 19:53:57 -0000 Hi, On Thu, 25 Dec 2003, Andrew Karjagin wrote: > No, I am include microsoft dictionary. This is my master dictionary file > Thu Dec 25 09:17:01 2003 : Auth: Login incorrect: [richi/ attribute>] (from client ns port 0 > cli 81.89.64.105) I guess there is something wrong with your RADIUS+MySql+MS-CHAP configuration, because the RADIUS server rejects the request. You could try running the RADIUS server in the foreground "radiusd -X", and then take a look at the debug output. > > I think may be I use wrong parameters in sql database? All that I do with it - I do very base. Is there some links where I can read examples of working configurations? > I never used FreeRADIUS+MySql, just FreeRADIUS+MS-Chap+SAMBA password files, so sorry, I can't help you in that case. bye, -- ------------------------------- ---------------------------------- Michael Bretterklieber - http://www.bretterklieber.com A-Quadrat Automation GmbH - http://www.a-quadrat.at Tel: ++43-(0)3172-41679 - GSM: ++43-(0)699 12861847 ------------------------------- ---------------------------------- "...the number of UNIX installations has grown to 10, with more expected..." - Dennis Ritchie and Ken Thompson, June 1972 From owner-freebsd-net@FreeBSD.ORG Thu Dec 25 12:52:25 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6666B16A4CE for ; Thu, 25 Dec 2003 12:52:25 -0800 (PST) Received: from eth0.a.smtp.sonic.net (eth0.a.smtp.sonic.net [64.142.16.244]) by mx1.FreeBSD.org (Postfix) with ESMTP id 13C3443D31 for ; Thu, 25 Dec 2003 12:52:14 -0800 (PST) (envelope-from bmah@intruder.kitchenlab.org) Received: from intruder.kitchenlab.org (adsl-64-142-31-106.sonic.net [64.142.31.106])hBPKqCB0022055 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Thu, 25 Dec 2003 12:52:13 -0800 Received: from intruder.kitchenlab.org (bmah@localhost [127.0.0.1]) hBPKqC6x064945; Thu, 25 Dec 2003 12:52:12 -0800 (PST) (envelope-from bmah@intruder.kitchenlab.org) Received: (from bmah@localhost) by intruder.kitchenlab.org (8.12.10/8.12.9/Submit) id hBPKqCXF064944; Thu, 25 Dec 2003 12:52:12 -0800 (PST) (envelope-from bmah) Date: Thu, 25 Dec 2003 12:52:12 -0800 From: "Bruce A. Mah" To: Ian Smith Message-ID: <20031225205212.GA64786@intruder.kitchenlab.org> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="gBBFr7Ir9EOA20Yy" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i X-Image-Url: http://www.employees.org/~bmah/Images/bmah-cisco-small.gif X-url: http://www.employees.org/~bmah/ cc: freebsd-net@FreeBSD.org Subject: Re: bridge with access on both interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Dec 2003 20:52:25 -0000 --gBBFr7Ir9EOA20Yy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline If memory serves me right, Ian Smith wrote: > In short, ifconfig appears unwilling to have two NICs covering the same > /24. Can this be set up? I'm also at a bit of a loss with the routing, > so inside packets to the bridge box (ie unbridged packets) are responded > to on the same interface, and outside unbridged packets go only to/from > the gw. Some tcpdumps on both in and outside interfaces suggest an ARP > response problem also, perhaps; no responses on the inside iface at all. Hi Ian-- This may or may not be the source of your problem, but I've been procrastinating on writing this up for a couple months and this was the impetus that pushed me over the edge. In 4-STABLE, there's a bug that prevents ARP from working correctly on unnumbered bridge interfaces when bridging is enabled using the bridge.ko module. Basically, there are some checks in the ARP code that decide when to accept inbound ARP packets. These checks are a little different when the inbound interface is part of a bridge group. Some of these tests are conditional on the BRIDGE preprocessor symbol; this symbol gets defined if "options BRIDGE" is compiled into the kernel but not if you use the bridge.ko module. As a result, ARP packets on unnumbered interfaces get thrown away. The workaround for this problem is just to compile BRIDGE into the kernel. Manuel Kasper and I spent a few cycles working on this trying to make a m0n0wall box into a filtering bridge. For more specifics, see src/sys/netinet/if_ether.c (grep for BRIDGE in this file). Merry Christmas! Bruce. --gBBFr7Ir9EOA20Yy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/60382MoxcVugUsMRAqLXAJwO3y9wj1b1YQNIu9YQBc3gOH/zIQCdFuvu ow3f8V92Nvw7QYk0hUCEVMU= =/ute -----END PGP SIGNATURE----- --gBBFr7Ir9EOA20Yy-- From owner-freebsd-net@FreeBSD.ORG Fri Dec 26 01:50:25 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0F59916A4CE for ; Fri, 26 Dec 2003 01:50:25 -0800 (PST) Received: from flock1.newmail.ru (morda.newmail.ru [212.48.140.150]) by mx1.FreeBSD.org (Postfix) with SMTP id 3AF8943D2F for ; Fri, 26 Dec 2003 01:50:22 -0800 (PST) (envelope-from Andrew.Karjagin@newmail.ru) Received: (qmail 30265 invoked by alias); 26 Dec 2003 09:50:21 -0000 Message-ID: <20031226095021.30261.qmail@flock1.newmail.ru> From: Andrew Karjagin To: Michael Bretterklieber X-Priority: 3 MIME-Version: 1.0 X-Mailer: DenMail v1.0 by ORC X-Uid: 689 X-RemoteIP: 81.89.64.3 (81.89.64.105) Date: Fri, 26 Dec 2003 12:50:21 +0300 In-Reply-To: X-DWM-In-Reply-To: <1072432221.30233.denwebmail-2-INBOX.freebsd-net@Andrew_Karjagin> Content-type: text/plain; charset="koi8-r" cc: freebsd-net@freebsd.org Subject: Re[3]: CHAP FreeRadius and MPD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Dec 2003 09:50:25 -0000 Hello Michael Bretterklieber Configure user-level PPPoE with CHAP authorization via ic-radius - everything is Ok! Working fine. May be with mpd-3.15 something wrong when use CHAP? It's not a question :-) Thank you for answers! Чт, 25.12.2003 23:53:52 you wrote: > MB> Hi, MB> MB> On Thu, 25 Dec 2003, Andrew Karjagin wrote: MB> > No, I am include microsoft dictionary. This is my master dictionary file MB> MB> > Thu Dec 25 09:17:01 2003 : Auth: Login incorrect: [richi/ User-Password MB> > attribute>] (from client ns port 0 MB> > cli 81.89.64.105) MB> MB> I guess there is something wrong with your RADIUS+MySql+MS-CHAP MB> configuration, because the RADIUS server rejects the request. MB> MB> You could try running the RADIUS server in the foreground "radiusd -X", MB> and then take a look at the debug output. MB> MB> > MB> > I think may be I use wrong parameters in sql database? All that I do with it - I do very base. Is there some links where I can read examples of working configurations? MB> > MB> I never used FreeRADIUS+MySql, just FreeRADIUS+MS-Chap+SAMBA password MB> files, so sorry, I can't help you in that case. MB> MB> MB> bye, MB> -- MB> ------------------------------- ---------------------------------- MB> Michael Bretterklieber - http://www.bretterklieber.com MB> A-Quadrat Automation GmbH - http://www.a-quadrat.at MB> Tel: ++43-(0)3172-41679 - GSM: ++43-(0)699 12861847 MB> ------------------------------- ---------------------------------- MB> "...the number of UNIX installations has grown to 10, with more MB> expected..." - Dennis Ritchie and Ken Thompson, June 1972 MB> __________ MB> http://www.newhost.ru - Уютно, по-домашнему, в тапочках..... __________ www.newmail.ru -- Новая Почта для нового поколения. From owner-freebsd-net@FreeBSD.ORG Fri Dec 26 05:12:19 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2FE4F16A4CE for ; Fri, 26 Dec 2003 05:12:19 -0800 (PST) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187]) by mx1.FreeBSD.org (Postfix) with ESMTP id C7A5E43D39 for ; Fri, 26 Dec 2003 05:12:15 -0800 (PST) (envelope-from max@love2party.net) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1AZrlH-00048O-00 for freebsd-net@freebsd.org; Fri, 26 Dec 2003 14:12:15 +0100 Received: from [217.83.3.47] (helo=vampire.homelinux.org) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 1AZrlG-0006p7-00 for freebsd-net@freebsd.org; Fri, 26 Dec 2003 14:12:14 +0100 Received: (qmail 53980 invoked from network); 26 Dec 2003 13:16:35 -0000 Received: from unknown (HELO fbsd52.laiers.local) (192.168.4.88) by 192.168.4.1 with SMTP; 26 Dec 2003 13:16:35 -0000 From: Max Laier To: "Tanmay Ganacharya" Date: Fri, 26 Dec 2003 14:12:10 +0100 User-Agent: KMail/1.5.4 References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200312261412.10182.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:e28873fbe4dbe612ce62ab869898ff08 cc: freebsd-net@freebsd.org cc: freebsd-current@freebsd.org Subject: Re: Recording RTT and RTO values X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Dec 2003 13:12:19 -0000 On Friday 26 December 2003 11:49, Tanmay Ganacharya wrote: > Hello, > > I am a student from the University of Southern California. I am currently > pursuing my master. > I am working on a project in which I need to record the RTT and RTO values > of a TCP connection. > To achieve the same I first re-compiled my kernel to support debug mode. > I then used a simple client server socket program to transfer a file. The > sockets had the debug option set. > Thus the kernel logs were then collected using the trpt command. > But the problem is I am not able to figure out the required RTT and RTO > values from the log. > > The log looks somewhat like the following > 762 ESTABLISHED:input (src=128.8.126.6,32858, > dst=204.57.0.2,1666)f5ac168b@5269bce1(win=f8e0) -> ESTABLISHED > rcv_nxt f5ac168b rcv_wnd e240 snd_una 5269bce1 snd_nxt 5269d381 snd_max > 5269d381 > snd_wl1 f5ac168b snd_wl2 5269bce1 snd_wnd f8e0 > > 762 ESTABLISHED:output (src=204.57.0.2,1666, > dst=128.8.126.6,32858)[5269d381..5269d36d)@f5ac168b(win=e240) -> > ESTABLISHED > rcv_nxt f5ac168b rcv_wnd e240 snd_una 5269bce1 snd_nxt 5269d929 snd_max > 5269d929 > snd_wl1 f5ac168b snd_wl2 5269bce1 snd_wnd f8e0 > > I am really not able to understand which are the RTT and RTO values in > these. > Please if anyone knows do let me know. It would really be useful. > Also if anyone knows any other methods of recording the RTT and RTO values > of a connection > please do let me know abt it. > I would really be grateful. CC: net@ (current@ isn't exactly the list for this). None of these values are the RTT or RTO values of the connection as the debug is rather sequence number centric. Take a look at "src/sys/netinet/tcp_var.h: struct tcpcb", where you will find short explainations for each field. The value you might be looking for is "int t_rtttime". Modify the printf's in tcp_debug.c to give you the values you need and recompile your kernel. Hope this helps. -- Best regards, | max@love2party.net Max Laier | ICQ #67774661 http://pf4freebsd.love2party.net/ | mlaier@EFnet #DragonFlyBSD From owner-freebsd-net@FreeBSD.ORG Fri Dec 26 06:30:53 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5459116A4CE for ; Fri, 26 Dec 2003 06:30:53 -0800 (PST) Received: from oak.FernUni-Hagen.de (oak.fernuni-hagen.de [132.176.114.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id 543DF43D45 for ; Fri, 26 Dec 2003 06:30:51 -0800 (PST) (envelope-from q5480035@mailstore.FernUni-Hagen.de) Received: from amavis by oak.FernUni-Hagen.de with scanned-ok (Exim 4.04) id 1AZszK-0002l2-00 for freebsd-net@freebsd.org; Fri, 26 Dec 2003 15:30:50 +0100 Received: from mailstore.fernuni-hagen.de ([132.176.114.185]) by oak.FernUni-Hagen.de with esmtp (Exim 4.04) id 1AZszD-0002kr-00 for freebsd-net@freebsd.org; Fri, 26 Dec 2003 15:30:43 +0100 Received: from [132.176.122.136] (account q5480035 HELO oranje.my.domain) by mailstore.fernuni-hagen.de (CommuniGate Pro SMTP 4.0.6) with ESMTP id 3177217 for freebsd-net@freebsd.org; Fri, 26 Dec 2003 15:30:31 +0100 To: freebsd-net@freebsd.org From: Marc van Woerkom Organization: =?iso-8859-1?Q?FernUniversit=E4t_in_Hagen?= Content-Type: text/plain; format=flowed; charset=iso-8859-1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Date: Fri, 26 Dec 2003 15:29:13 +0100 Message-ID: User-Agent: Opera7.23/FreeBSD M2 build 516 X-Virus-Scanned: by AMaViS perl-11 Subject: Configuring DNS on a machine connected temporary to the internet X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Dec 2003 14:30:53 -0000 My machine is connected to the internet via an ISDN modem, using kernel ppp and i4b. If the link is up, it resolves symbolic names by asking some nameserver. If the link is down, it should just use /etc/hosts to resolve "localhost" and the name of the second computer attached to it by an ethernet link. My problem is that if the ISDN link is down, even a lookup of "localhost" doesn't work. What do you recommend as configuration settings? I seem to get stuck. Regards, Marc From owner-freebsd-net@FreeBSD.ORG Fri Dec 26 06:56:06 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6D87616A4CE for ; Fri, 26 Dec 2003 06:56:06 -0800 (PST) Received: from bilver.wjv.com (user38.net339.fl.sprint-hsd.net [65.40.24.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id CC8A843D48 for ; Fri, 26 Dec 2003 06:56:02 -0800 (PST) (envelope-from bv@bilver.wjv.com) Received: from bilver.wjv.com (localhost.wjv.com [127.0.0.1]) by bilver.wjv.com (8.12.10/8.12.10) with ESMTP id hBQEqoBe095006; Fri, 26 Dec 2003 09:52:50 -0500 (EST) (envelope-from bv@bilver.wjv.com) Received: (from bv@localhost) by bilver.wjv.com (8.12.10/8.12.10/Submit) id hBQEqoq2095005; Fri, 26 Dec 2003 09:52:50 -0500 (EST) (envelope-from bv) Date: Fri, 26 Dec 2003 09:52:50 -0500 From: Bill Vermillion To: Marc van Woerkom Message-ID: <20031226145250.GA94952@wjv.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Organization: W.J.Vermillion / Orlando - Winter Park ReplyTo: bv@wjv.com User-Agent: Mutt/1.5.5.1i X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60 X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on bilver.wjv.com cc: freebsd-net@freebsd.org Subject: Re: Configuring DNS on a machine connected temporary to the internet X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: bv@wjv.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Dec 2003 14:56:06 -0000 On Fri, Dec 26, 2003 at 15:29 , Marc van Woerkom exclaimed "Las Cucarachas entran, Pero no puede en salir", and then rambled on saying with: > My machine is connected to the internet via an ISDN modem, using kernel > ppp and i4b. > If the link is up, it resolves symbolic names by asking some > nameserver. > If the link is down, it should just use /etc/hosts to > resolve "localhost" and the name of the second computer > attached to it by an ethernet link. > My problem is that if the ISDN link is down, even > a lookup of "localhost" doesn't work. > What do you recommend as configuration settings? > I seem to get stuck. Is the order in you /etc/host.conf file set to hosts bind Are the names in you /etc/hosts file correct. IP first then FQDN followed by short name. You didn't give details that they are this way. -- Bill Vermillion - bv @ wjv . com From owner-freebsd-net@FreeBSD.ORG Fri Dec 26 07:20:01 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9367616A4CE for ; Fri, 26 Dec 2003 07:20:01 -0800 (PST) Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5423F43D48 for ; Fri, 26 Dec 2003 07:19:58 -0800 (PST) (envelope-from andre@freebsd.org) Received: (qmail 64566 invoked from network); 26 Dec 2003 15:19:56 -0000 Received: from unknown (HELO freebsd.org) ([195.134.148.7]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 26 Dec 2003 15:19:56 -0000 Message-ID: <3FEC50CC.CE7685AB@freebsd.org> Date: Fri, 26 Dec 2003 16:16:28 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Max Laier References: <200312261412.10182.max@love2party.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: Tanmay Ganacharya cc: freebsd-net@freebsd.org cc: freebsd-current@freebsd.org Subject: Re: Recording RTT and RTO values X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Dec 2003 15:20:01 -0000 Max Laier wrote: > > On Friday 26 December 2003 11:49, Tanmay Ganacharya wrote: > > Hello, > > > > I am a student from the University of Southern California. I am currently > > pursuing my master. > > I am working on a project in which I need to record the RTT and RTO values > > of a TCP connection. > > To achieve the same I first re-compiled my kernel to support debug mode. > > I then used a simple client server socket program to transfer a file. The > > sockets had the debug option set. > > Thus the kernel logs were then collected using the trpt command. > > But the problem is I am not able to figure out the required RTT and RTO > > values from the log. > > > > The log looks somewhat like the following > > 762 ESTABLISHED:input (src=128.8.126.6,32858, > > dst=204.57.0.2,1666)f5ac168b@5269bce1(win=f8e0) -> ESTABLISHED > > rcv_nxt f5ac168b rcv_wnd e240 snd_una 5269bce1 snd_nxt 5269d381 snd_max > > 5269d381 > > snd_wl1 f5ac168b snd_wl2 5269bce1 snd_wnd f8e0 > > > > 762 ESTABLISHED:output (src=204.57.0.2,1666, > > dst=128.8.126.6,32858)[5269d381..5269d36d)@f5ac168b(win=e240) -> > > ESTABLISHED > > rcv_nxt f5ac168b rcv_wnd e240 snd_una 5269bce1 snd_nxt 5269d929 snd_max > > 5269d929 > > snd_wl1 f5ac168b snd_wl2 5269bce1 snd_wnd f8e0 > > > > I am really not able to understand which are the RTT and RTO values in > > these. > > Please if anyone knows do let me know. It would really be useful. > > Also if anyone knows any other methods of recording the RTT and RTO values > > of a connection > > please do let me know abt it. > > I would really be grateful. > > CC: net@ (current@ isn't exactly the list for this). > > None of these values are the RTT or RTO values of the connection as the debug > is rather sequence number centric. Take a look at "src/sys/netinet/tcp_var.h: > struct tcpcb", where you will find short explainations for each field. > > The value you might be looking for is "int t_rtttime". Modify the printf's in > tcp_debug.c to give you the values you need and recompile your kernel. The tcp_hostcache in -current is recording these values. Depending on what you exactly need you can either just look at the hostcache output with "sysctl -a net.inet.tcp.hostcache.list" or you can put some printf's into tcp_close() or tcp_hc_update(). -- Andre From owner-freebsd-net@FreeBSD.ORG Fri Dec 26 07:44:24 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B08BF16A4CE for ; Fri, 26 Dec 2003 07:44:24 -0800 (PST) Received: from oak.FernUni-Hagen.de (oak.fernuni-hagen.de [132.176.114.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7885D43D1D for ; Fri, 26 Dec 2003 07:44:23 -0800 (PST) (envelope-from q5480035@mailstore.FernUni-Hagen.de) Received: from amavis by oak.FernUni-Hagen.de with scanned-ok (Exim 4.04) id 1AZu8U-00059D-00; Fri, 26 Dec 2003 16:44:22 +0100 Received: from mailstore.fernuni-hagen.de ([132.176.114.185]) by oak.FernUni-Hagen.de with esmtp (Exim 4.04) id 1AZu8N-00058r-00; Fri, 26 Dec 2003 16:44:15 +0100 Received: from [132.176.122.136] (account q5480035 HELO oranje.my.domain) by mailstore.fernuni-hagen.de (CommuniGate Pro SMTP 4.0.6) with ESMTP id 3177493; Fri, 26 Dec 2003 16:44:14 +0100 Date: Fri, 26 Dec 2003 16:43:05 +0100 To: bv@wjv.com References: <20031226145250.GA94952@wjv.com> From: Marc van Woerkom Organization: =?iso-8859-1?Q?FernUniversit=E4t_in_Hagen?= Content-Type: text/plain; format=flowed; charset=iso-8859-1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID: In-Reply-To: <20031226145250.GA94952@wjv.com> User-Agent: Opera7.23/FreeBSD M2 build 516 X-Virus-Scanned: by AMaViS perl-11 cc: freebsd-net@freebsd.org Subject: Re: Configuring DNS on a machine connected temporary to the internet X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Dec 2003 15:44:24 -0000 On Fri, 26 Dec 2003 09:52:50 -0500, Bill Vermillion wrote: > Is the order in you /etc/host.conf file set to > hosts > bind I see, I gave not enough information. Here are /etc/nsswitch.conf: hosts: files dns > Are the names in you /etc/hosts file correct. > > IP first then FQDN followed by short name. > > You didn't give details that they are this way. Hm.. for some reason localhost is shortname first and FQDN then. I try to change the order here. Regards, Marc From owner-freebsd-net@FreeBSD.ORG Fri Dec 26 09:23:47 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DA78B16A4CE for ; Fri, 26 Dec 2003 09:23:47 -0800 (PST) Received: from inbound.maa.sify.net (inbound.maa.sify.net [202.144.76.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 41DC243D46 for ; Fri, 26 Dec 2003 09:23:45 -0800 (PST) (envelope-from umeshbalani@sify.com) Received: (sifymail 2763 invoked by uid 508); 26 Dec 2003 22:47:45 +0530 Received: from 202.144.76.8 (HELO SMRP04) (202.144.76.8) by 202.144.76.8 with SMTP; 26 Dec 2003 22:47:45 +0530 Received: (sifymail 2576 invoked by uid 508); 26 Dec 2003 22:47:44 +0530 Received: from 202.131.147.80 (HELO b1037c125ksb) (202.131.147.80) by 202.144.76.8 with SMTP; 26 Dec 2003 22:47:40 +0530 From: "Umesh Balani" To: Date: Fri, 26 Dec 2003 22:46:17 +0530 Message-ID: <000001c3cbd4$01666960$601811ac@C125.in.niit.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Bogosity: No, tests=bogofilter, spamicity=0.415000, version=0.15.6 Subject: Need lil help in mrouted configuration. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Dec 2003 17:23:48 -0000 Any one out there who had his hands dirty on mrouted. __________________________ Regards Umesh Balani From owner-freebsd-net@FreeBSD.ORG Fri Dec 26 12:00:02 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E92C16A4CE for ; Fri, 26 Dec 2003 12:00:02 -0800 (PST) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 5D5DF43D3F for ; Fri, 26 Dec 2003 12:00:00 -0800 (PST) (envelope-from silby@silby.com) Received: (qmail 15704 invoked from network); 26 Dec 2003 19:59:58 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 26 Dec 2003 19:59:58 -0000 X-pair-Authenticated: 209.68.2.70 Date: Fri, 26 Dec 2003 13:59:57 -0600 (CST) From: Mike Silbersack To: Brett Glass In-Reply-To: <6.0.0.22.2.20031223023730.037cbd28@localhost> Message-ID: <20031226135400.D22953@odysseus.silby.com> References: <200312120312.UAA10720@lariat.org> <20031212074519.GA23452@pit.databus.com> <20031212083522.GA24267@pit.databus.com> <20031212181944.GA33245@pit.databus.com> <20031213001913.GA40544@pit.databus.com> <20031222182913.M2799@odysseus.silby.com> <6.0.0.22.2.20031222222449.03cd58c8@localhost> <6.0.0.22.2.20031223023730.037cbd28@localhost> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: Barney Wolff cc: net@freebsd.org Subject: Re: Controlling ports used by natd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Dec 2003 20:00:02 -0000 On Tue, 23 Dec 2003, Brett Glass wrote: > At 02:29 AM 12/23/2003, Mike Silbersack wrote: > > >I think that it might be best to keep choosing ports inside of libalias. > >Adding yet another port range would just complicate the kernel more > >without much benefit. > > Actually, it would just change the code in libalias. It wouldn't > change the kernel at all, except that it would make two 16-bit > unsigned quantities available to libalias. (These variables > might be instanced in jails, by the way.) Ah, so you want a central location for all users of libalias to pull settings from. I think that might be better served by a /etc/libalias.conf or something. > Hmmm.... If you want to do this, It might be better to make a global > bitmap whose contents are set by whatever firewall is in operation (IPFW, > ipf, pf) and then masked by allowed port ranges. This would be a simple, > fixed overhead operation. And it would probably speed the random, > nondeterministic process via which libalias currentl picks a port. Yes, > it'd waste some ports if you had snaky firewall rules that only sometimes > blocked a port. But it's not worth the time it would take to test all the > rules, which might depend on src/dst addresses, etc. > > --Brett The problem is that a bitmap is really too simplistic, because you might allow certain ports to certain IPs and not others. I don't think the overhead of checking ipfw would be too great, considering that every packet would normally go through all those rules anyway; my concern is simply that ipfw / ipf do not have a "test" function that will run without a real packet being passed. Well, in any case, I don't have time to work on this project anytime soon. If one of you guys can come up with some relatively simple solution to the problem (perhaps some simple comma-delimited sysctl which lists ports to deny) that works, I'd be happy to look into merging it. Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Fri Dec 26 12:05:43 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C9EC416A4CE; Fri, 26 Dec 2003 12:05:43 -0800 (PST) Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5BD7043D55; Fri, 26 Dec 2003 12:04:50 -0800 (PST) (envelope-from smithi@nimnet.asn.au) Received: from localhost (smithi@localhost) by gaia.nimnet.asn.au (8.8.8/8.8.8R1.2) with SMTP id HAA01938; Sat, 27 Dec 2003 07:04:46 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Sat, 27 Dec 2003 07:04:46 +1100 (EST) From: Ian Smith To: "Bruce A. Mah" In-Reply-To: <20031225205212.GA64786@intruder.kitchenlab.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@FreeBSD.org cc: "Michael W. Oliver" cc: Robert Watson Subject: kludgily solved: bridge with access on both interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Dec 2003 20:05:43 -0000 On Thu, 25 Dec 2003, Bruce A. Mah wrote: > If memory serves me right, Ian Smith wrote: > > > In short, ifconfig appears unwilling to have two NICs covering the same > > /24. Can this be set up? I'm also at a bit of a loss with the routing, > > so inside packets to the bridge box (ie unbridged packets) are responded > > to on the same interface, and outside unbridged packets go only to/from > > the gw. Some tcpdumps on both in and outside interfaces suggest an ARP > > response problem also, perhaps; no responses on the inside iface at all. > > Hi Ian-- Hi Bruce, and thanks also to Michael and Robert for contributions; the Soekris-symptoms thread was of interest too - I want one someday .. > This may or may not be the source of your problem, but I've been > procrastinating on writing this up for a couple months and this was > the impetus that pushed me over the edge. Always glad in helping to push someone over the edge! Seems likely the problem, but I guess working around it we've come up with what seems a bizarre solution with routes, that does work to put an address on each interface that is only accessible (via ARP, I assume) from its own interface side of the bridge - which is actually what we wanted, though I still don't really understand why it works! > In 4-STABLE, there's a bug that prevents ARP from working correctly on > unnumbered bridge interfaces when bridging is enabled using the > bridge.ko module. Basically, there are some checks in the ARP code > that decide when to accept inbound ARP packets. These checks are a > little different when the inbound interface is part of a bridge group. Ah, so. I'd spent some time playing with 'pub' and 'pub only' entries trying to get around this behaviour before reading your message, but wound up having better luck with route, though it was still a struggle despite the copious examples of syntax usage in man 8 route :-) > Some of these tests are conditional on the BRIDGE preprocessor symbol; > this symbol gets defined if "options BRIDGE" is compiled into the > kernel but not if you use the bridge.ko module. As a result, ARP > packets on unnumbered interfaces get thrown away. Or ones on numbered interfaces, but on the wrong/other side, it seems. > The workaround for this problem is just to compile BRIDGE into the > kernel. Manuel Kasper and I spent a few cycles working on this trying > to make a m0n0wall box into a filtering bridge. Always happy to follow already beaten paths! > For more specifics, see src/sys/netinet/if_ether.c (grep for BRIDGE in > this file). I guess I wondered why it wouldn't check the sysctl to see if bridging's enabled, but I gather light weight's needed here, and runtime's unknown. Anyway, maybe the following will break with BRIDGE in the kernel (next job after our current heatwave abates!) and maybe the single IP for the bridge box that everyone has advised is best will then be accessible on either interface - which would be fine too, I'm happy to differentiate outside and inside access to services by IPFW - but here's what works, apparently reliably so far, while still using 4.8-RELEASE GENERIC: /etc/rc.conf: ifconfig_ed0="inet aaa.bbb.c.174 netmask 255.255.255.248" ifconfig_ed1="inet aaa.bbb.c.173 netmask 255.255.255.255" defaultrouter="aaa.bbb.c.171" /etc/rc.local: kldload bridge sysctl net.link.ether.bridge_cfg=ed0,ed1 sysctl net.link.ether.bridge=1 # yes I know the syntax is weird, and the last is a netmask route add aaa.bbb.c.169 aaa.bbb.c.173 -interface aaa.bbb.c.173 # and nothing worked (on reboot) even with that, until this! route delete -net aaa.bbb.c.169/32 smithi on tubi% arp -an ? (aaa.bbb.c.169) at 00:aa:00:b7:6c:1d on ed1 [ethernet] ? (aaa.bbb.c.171) at 00:80:48:9e:0b:db on ed0 [ethernet] ? (aaa.bbb.c.173) at 52:54:05:e3:d9:a5 on ed1 permanent [ethernet] ? (aaa.bbb.c.174) at 52:54:05:e4:28:3d on ed0 permanent [ethernet] ? (aaa.bbb.c.175) at ff:ff:ff:ff:ff:ff on ed0 permanent [ethernet] Now .174 is only visible from ed0, and .173 from ed1 (as desired/ok), and .169, our mock 'outside' gateway in this setup, is accessible (as well as being properly bridged to all the 'inside' hosts on ed0). smithi on tubi% netstat -finet -ran Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default aaa.bbb.c.171 UGSc 1 0 ed0 127.0.0.1 127.0.0.1 UH 1 1206 lo0 aaa.bbb.c.131 aaa.bbb.c.171 UGHW3 0 47 ed0 417 aaa.bbb.c.168/29 link#1 UC 3 0 ed0 aaa.bbb.c.169 00:aa:00:b7:6c:1d UHLW 1 654 ed1 864 => aaa.bbb.c.169&0xcb2934ad link#2 UCSc 1 0 ed1 aaa.bbb.c.171 link#1 UHLW 2 61 ed0 aaa.bbb.c.173 52:54:05:e3:d9:a5 UHLW 0 951 lo0 => aaa.bbb.c.173/32 link#2 UC 1 0 ed1 aaa.bbb.c.174 52:54:05:e4:28:3d UHLW 0 0 lo0 aaa.bbb.c.175 ff:ff:ff:ff:ff:ff UHLWb 3 1482 ed0 Seems from my reading to date that a correct single route command using '-interface ed1' correctly, possibly with the -ifp (?) modifier in the right place (?), may give the same result (ie .173 <==> .169 routed via ed1, with .174 being its address everywhere on the 'inside' ed0), which is correct for this test rig - but I can't figure out the syntax; any pointers to some beyond-the-basics route(8) usage, anyone? ie, the below is working as the right result, but what's a better way to get to it than those two route statements above, with the weird netmask? smithi on tubi% route -vn get aaa.bbb.c.169 u: inet aaa.bbb.c.169; u: link ; RTM_GET: Report Metrics: len 164, pid: 0, seq 1, errno 0, flags: locks: inits: sockaddrs: aaa.bbb.c.169 route to: aaa.bbb.c.169 destination: aaa.bbb.c.169 interface: ed1 flags: recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire 0 0 0 0 0 0 1500 1171 locks: inits: sockaddrs: aaa.bbb.c.169 0.aa.0.b7.6c.1d ed1:52.54.5.e3.d9.a5 aaa.bbb.c.173 > Merry Christmas! and a Happy and Peaceful New Year! Ian From owner-freebsd-net@FreeBSD.ORG Fri Dec 26 15:07:57 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BC49D16A4CF for ; Fri, 26 Dec 2003 15:07:57 -0800 (PST) Received: from hotmail.com (law10-f82.law10.hotmail.com [64.4.15.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id 45F9343D41 for ; Fri, 26 Dec 2003 15:07:55 -0800 (PST) (envelope-from segr@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 26 Dec 2003 15:07:55 -0800 Received: from 207.176.232.142 by lw10fd.law10.hotmail.msn.com with HTTP; Fri, 26 Dec 2003 23:07:54 GMT X-Originating-IP: [207.176.232.142] X-Originating-Email: [segr@hotmail.com] X-Sender: segr@hotmail.com From: "Stephane Raimbault" To: net@freebsd.org Date: Fri, 26 Dec 2003 16:07:54 -0700 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 26 Dec 2003 23:07:55.0079 (UTC) FILETIME=[18482570:01C3CC05] Subject: VLAN MTU problem in 4.9 ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Dec 2003 23:07:57 -0000 Hi, I have the following setup on a freebsd box acting as a router for multiple LAN's. xl0: flags=8843 mtu 1500 inet 10.0.0.3 netmask 0xffffffc0 broadcast 10.0.0.63 inet6 fe80::260:97ff:fe07:5f4b%xl0 prefixlen 64 scopeid 0x1 ether 00:60:97:07:5f:4b media: Ethernet autoselect (100baseTX ) status: active xl1: flags=8843 mtu 1500 inet 207.176.232.142 netmask 0xffffffe0 broadcast 207.176.232.159 inet6 fe80::2c0:4fff:fe9e:b9c7%xl1 prefixlen 64 scopeid 0x2 ether 00:c0:4f:9e:b9:c7 media: Ethernet autoselect (100baseTX ) status: active vlan0: flags=8843 mtu 1500 inet 10.0.1.3 netmask 0xffffffe0 broadcast 10.0.1.31 inet6 fe80::260:97ff:fe07:5f4b%vlan0 prefixlen 64 scopeid 0x4 ether 00:c0:4f:9e:b9:c7 media: Ethernet autoselect (100baseTX ) status: active vlan: 3 parent interface: xl1 vlan1: flags=8843 mtu 1500 inet 10.0.11.3 netmask 0xffffffe0 broadcast 10.0.11.31 inet6 fe80::260:97ff:fe07:5f4b%vlan1 prefixlen 64 scopeid 0x5 ether 00:c0:4f:9e:b9:c7 media: Ethernet autoselect (100baseTX ) status: active vlan: 4 parent interface: xl1 The setup is physically connected like this Switch 1 <---> (xl0) FreeBSD (xl1) <---> Switch 2 My Workstation is connected to Switch 1 on the ip network 10.0.0.0/26 The Server(s) I'm connecting to are on Switch 2 on the ip network 10.0.11.0/27 and/or 10.0.1.0/27 I seem to have some problems connecting to the above mentioned servers on vlan0 and vlan1. My SSH session seems to freeze when I type a command that will output quite a bit of data (top, etc...) I also seem to have some other large data problems between the servers communicating to each other over the VLAN's. I had a working setup, but since I upgraded from 4.9-RC2 on the FreeBSD router to 4.9-RELEASE-p1 I've been having the above described problem. I'm wondering if I left something out in my KERNEL configuration when I upgraded or if I've stumbled onto a bug in 4.9-R ? I looked at some previous posts in the mailing lists and found some that indicated a problem with MTU's so I've provided some pings from servers on the same vlan as the freebsd router pinging it and discovered something, that I'm not so sure is strange behaviour for a vlan or not. No problems ssh'ng to the servers hanging off of Switch 2 on the xl1 interface (untagged vlan) from the workstations, and no problems with pings (From the 207.176.232.128/27 Network) # ping -c 1 -s 1500 207.176.232.142 PING 207.176.232.142 (207.176.232.142): 1500 data bytes 1508 bytes from 207.176.232.142: icmp_seq=0 ttl=64 time=1.169 ms --- 207.176.232.142 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.169/1.169/1.169/0.000 ms However I do have problem's ssh'ng to servers on the following 2 VLAN's. (From the 10.0.1.0/27 Network) # ping -c 1 -s 1468 10.0.1.3 PING 10.0.1.3 (10.0.1.3): 1468 data bytes 1476 bytes from 10.0.1.3: icmp_seq=0 ttl=64 time=0.758 ms --- 10.0.1.3 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.758/0.758/0.758/0.000 ms # ping -c 1 -s 1469 10.0.1.3 PING 10.0.1.3 (10.0.1.3): 1469 data bytes --- 10.0.1.3 ping statistics --- 1 packets transmitted, 0 packets received, 100% packet loss (From the 10.0.11.0/27 Network) # ping -c 1 -s 1468 10.0.11.3 PING 10.0.11.3 (10.0.11.3): 1468 data bytes 1476 bytes from 10.0.11.3: icmp_seq=0 ttl=64 time=1.039 ms --- 10.0.11.3 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.039/1.039/1.039/0.000 ms # ping -c 1 -s 1469 10.0.11.3 PING 10.0.11.3 (10.0.11.3): 1469 data bytes --- 10.0.11.3 ping statistics --- 1 packets transmitted, 0 packets received, 100% packet loss So it seems that when I specify a ping of greater then 1468 the pings stop responding to the vlan interface on the freebsd router? I also did a tcpdump while doing these pings from the freebsd router and it doesn't see any packets when specifying a ping of 1469, but it sees the ping with pkt size specified to 1468. Any thoughts on this problem that I'm having? Any other data I can provider perhaps? Thank you for your time, Stephane. _________________________________________________________________ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca From owner-freebsd-net@FreeBSD.ORG Fri Dec 26 15:15:09 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E9E516A4CE for ; Fri, 26 Dec 2003 15:15:09 -0800 (PST) Received: from tenebras.com (laptop.tenebras.com [66.92.188.18]) by mx1.FreeBSD.org (Postfix) with SMTP id 4A99643D1D for ; Fri, 26 Dec 2003 15:15:07 -0800 (PST) (envelope-from kudzu@tenebras.com) Received: (qmail 68503 invoked from network); 26 Dec 2003 23:15:06 -0000 Received: from sapphire.tenebras.com (HELO tenebras.com) (192.168.188.241) by laptop.tenebras.com with SMTP; 26 Dec 2003 23:15:06 -0000 Message-ID: <3FECC0F7.6090309@tenebras.com> Date: Fri, 26 Dec 2003 15:15:03 -0800 From: Michael Sierchio User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, zh-tw, zh-cn, fr, en, de-de MIME-Version: 1.0 To: Stephane Raimbault References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: net@freebsd.org Subject: Re: VLAN MTU problem in 4.9 ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Dec 2003 23:15:09 -0000 Stephane Raimbault wrote: > So it seems that when I specify a ping of greater then 1468 the pings > stop responding to the vlan interface on the freebsd router? > > I also did a tcpdump while doing these pings from the freebsd router and > it doesn't see any packets when specifying a ping of 1469, but it sees > the ping with pkt size specified to 1468. > > Any thoughts on this problem that I'm having? Any other data I can > provider perhaps? DF? Size of tagged frames? Recall that "packet size" perhaps not what you think, also. Have you read the vlan man page, specifically: Note: Unless marked as having native support for vlan, the above drivers don't inform the vlan driver about their long frame handling capability. Just increase the MTU of a vlan interface if it appears to be lower than 1500 bytes after attaching to a parent known to support long frames. But you invite speculation -- a raw tcpdump (-nqvv or so) would be nice. From owner-freebsd-net@FreeBSD.ORG Fri Dec 26 15:17:07 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AED6716A4CE for ; Fri, 26 Dec 2003 15:17:07 -0800 (PST) Received: from tenebras.com (laptop.tenebras.com [66.92.188.18]) by mx1.FreeBSD.org (Postfix) with SMTP id A5CE643D31 for ; Fri, 26 Dec 2003 15:17:06 -0800 (PST) (envelope-from kudzu@tenebras.com) Received: (qmail 68523 invoked from network); 26 Dec 2003 23:17:06 -0000 Received: from sapphire.tenebras.com (HELO tenebras.com) (192.168.188.241) by laptop.tenebras.com with SMTP; 26 Dec 2003 23:17:06 -0000 Message-ID: <3FECC171.5020207@tenebras.com> Date: Fri, 26 Dec 2003 15:17:05 -0800 From: Michael Sierchio User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, zh-tw, zh-cn, fr, en, de-de MIME-Version: 1.0 To: net@freebsd.org References: <3FECC0F7.6090309@tenebras.com> In-Reply-To: <3FECC0F7.6090309@tenebras.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: VLAN MTU problem in 4.9 ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Dec 2003 23:17:07 -0000 Michael Sierchio wrote: > But you invite speculation -- a raw tcpdump (-nqvv or so) would > be nice. Sorry, be sure to include the link-level header, add -e From owner-freebsd-net@FreeBSD.ORG Fri Dec 26 20:52:13 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 24AE016A4CE for ; Fri, 26 Dec 2003 20:52:13 -0800 (PST) Received: from ints.mail.pike.ru (ints.mail.pike.ru [195.9.45.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id BE44343D1F for ; Fri, 26 Dec 2003 20:52:10 -0800 (PST) (envelope-from babolo@cicuta.babolo.ru) Received: (qmail 22289 invoked from network); 27 Dec 2003 05:07:35 -0000 Received: from babolo.ru (HELO cicuta.babolo.ru) (194.58.226.160) by ints.mail.pike.ru with SMTP; 27 Dec 2003 05:07:35 -0000 Received: (nullmailer pid 13345 invoked by uid 136); Sat, 27 Dec 2003 04:54:39 -0000 X-ELM-OSV: (Our standard violations) hdr-charset=KOI8-R; no-hdr-encoding=1 In-Reply-To: To: Stephane Raimbault Date: Sat, 27 Dec 2003 07:54:39 +0300 (MSK) From: "."@babolo.ru X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Message-Id: <1072500879.937521.13344.nullmailer@cicuta.babolo.ru> cc: net@freebsd.org Subject: Re: VLAN MTU problem in 4.9 ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Dec 2003 04:52:13 -0000 > Hi, > > I have the following setup on a freebsd box acting as a router for multiple > LAN's. > > xl0: flags=8843 mtu 1500 > inet 10.0.0.3 netmask 0xffffffc0 broadcast 10.0.0.63 > inet6 fe80::260:97ff:fe07:5f4b%xl0 prefixlen 64 scopeid 0x1 > ether 00:60:97:07:5f:4b > media: Ethernet autoselect (100baseTX ) > status: active > xl1: flags=8843 mtu 1500 > inet 207.176.232.142 netmask 0xffffffe0 broadcast 207.176.232.159 > inet6 fe80::2c0:4fff:fe9e:b9c7%xl1 prefixlen 64 scopeid 0x2 > ether 00:c0:4f:9e:b9:c7 > media: Ethernet autoselect (100baseTX ) > status: active > vlan0: flags=8843 mtu 1500 > inet 10.0.1.3 netmask 0xffffffe0 broadcast 10.0.1.31 > inet6 fe80::260:97ff:fe07:5f4b%vlan0 prefixlen 64 scopeid 0x4 > ether 00:c0:4f:9e:b9:c7 > media: Ethernet autoselect (100baseTX ) > status: active > vlan: 3 parent interface: xl1 > vlan1: flags=8843 mtu 1500 > inet 10.0.11.3 netmask 0xffffffe0 broadcast 10.0.11.31 > inet6 fe80::260:97ff:fe07:5f4b%vlan1 prefixlen 64 scopeid 0x5 > ether 00:c0:4f:9e:b9:c7 > media: Ethernet autoselect (100baseTX ) > status: active > vlan: 4 parent interface: xl1 > > > The setup is physically connected like this > > Switch 1 <---> (xl0) FreeBSD (xl1) <---> Switch 2 > > My Workstation is connected to Switch 1 on the ip network 10.0.0.0/26 > The Server(s) I'm connecting to are on Switch 2 on the ip network > 10.0.11.0/27 and/or 10.0.1.0/27 > > I seem to have some problems connecting to the above mentioned servers on > vlan0 and vlan1. My SSH session seems to freeze when I type a command that > will output quite a bit of data (top, etc...) I also seem to have some > other large data problems between the servers communicating to each other > over the VLAN's. > > I had a working setup, but since I upgraded from 4.9-RC2 on the FreeBSD > router to 4.9-RELEASE-p1 I've been having the above described problem. I'm > wondering if I left something out in my KERNEL configuration when I upgraded > or if I've stumbled onto a bug in 4.9-R ? ifconfig vlan0 mtu 1496 ifconfig vlan1 mtu 1496 will restore old behavior. But I do not know when default mtu for vlan was changed. From owner-freebsd-net@FreeBSD.ORG Sat Dec 27 12:54:32 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6053F16A4CE for ; Sat, 27 Dec 2003 12:54:32 -0800 (PST) Received: from dufus.video-collage.com (h0000f8014fa4.ne.client2.attbi.com [24.131.189.222]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3825E43D2F for ; Sat, 27 Dec 2003 12:54:27 -0800 (PST) (envelope-from mabrams@video-collage.com) Received: from groucho.video-collage.com (groucho [10.222.222.12]) hBRKsHOJ000331; Sat, 27 Dec 2003 15:54:17 -0500 (EST) (envelope-from mabrams@video-collage.com) Message-Id: <6.0.0.22.2.20031227155203.02738df0@10.222.222.77> X-Sender: mark@10.222.222.77 X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Sat, 27 Dec 2003 15:57:16 -0500 To: net@freebsd.org From: mark abrams Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed cc: mi@aldan.algebra.com Subject: net access failover X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Dec 2003 20:54:32 -0000 Hello, I have a cable modem and and a dsl connction to my machine. I would like to use the cable modem as my default connection and automatically fail-over to the dsl connection if/when the cable modem goes down. Can routed(8) do this ? If so how? And is there a better way ? Any hints appreciated. Thanks, MArk From owner-freebsd-net@FreeBSD.ORG Sat Dec 27 13:28:30 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CCBEE16A4CE for ; Sat, 27 Dec 2003 13:28:30 -0800 (PST) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8B4DE43D54 for ; Sat, 27 Dec 2003 13:28:27 -0800 (PST) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost.databus.com [127.0.0.1]) by pit.databus.com (8.12.9p2/8.12.9) with ESMTP id hBRLSHot011353; Sat, 27 Dec 2003 16:28:20 -0500 (EST) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.9p2/8.12.9/Submit) id hBRLS9Ej011351; Sat, 27 Dec 2003 16:28:09 -0500 (EST) (envelope-from barney) Date: Sat, 27 Dec 2003 16:28:09 -0500 From: Barney Wolff To: mark abrams Message-ID: <20031227212809.GA11242@pit.databus.com> References: <6.0.0.22.2.20031227155203.02738df0@10.222.222.77> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6.0.0.22.2.20031227155203.02738df0@10.222.222.77> User-Agent: Mutt/1.5.5.1i X-Scanned-By: MIMEDefang 2.37 cc: mi@aldan.algebra.com cc: net@freebsd.org Subject: Re: net access failover X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Dec 2003 21:28:30 -0000 On Sat, Dec 27, 2003 at 03:57:16PM -0500, mark abrams wrote: > > I have a cable modem and and a dsl connction to my machine. I would like to > use the cable modem as my default connection and automatically fail-over to > the dsl connection if/when the cable modem goes down. > > Can routed(8) do this ? If so how? And is there a better way ? I guess this should be a FAQ. For something that can be adapted to do what you want, see http://www.databus.com/dslsec.tgz . routed won't do it because (unlike real multihoming) your address on the two networks is different and the ISPs are not sending you any routing protocol packets. A simpleminded ping of the cable ISP's router, and changing the default route when it goes away and comes back, should work fine. NATing adds a little to the effort, if you do it. Existing connections will not survive a transition, but that's usually not a big deal. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Sat Dec 27 15:03:40 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1BC7A16A4CE; Sat, 27 Dec 2003 15:03:40 -0800 (PST) Received: from silver.he.iki.fi (helenius.fi [193.64.42.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id C489C43D48; Sat, 27 Dec 2003 15:03:36 -0800 (PST) (envelope-from pete@he.iki.fi) Received: from he.iki.fi (localhost [127.0.0.1]) by silver.he.iki.fi (8.12.9p2/8.11.4) with ESMTP id hBRN3Ygr099059; Sun, 28 Dec 2003 01:03:34 +0200 (EET) (envelope-from pete@he.iki.fi) Message-ID: <3FEE0F9B.6070107@he.iki.fi> Date: Sun, 28 Dec 2003 01:02:51 +0200 From: Petri Helenius User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Tanmay Ganacharya References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: freebsd-current@freebsd.org Subject: Re: Finding RTT's and RTO's X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Dec 2003 23:03:40 -0000 Tanmay Ganacharya wrote: > Hello, > I am currently using FreeBSD 4.8. I am want to record RTT and RTO > values of a tcp connection. > Could anyone please tell me which variables in which files hold the > current RTT and RTO values. > Once known I can put printfs and print these values. This seems to come up often enough in the *BSD land and in the Linux-land so anyone up for specifying an ioctl to retrieve the tcpcb to userland ? Pete From owner-freebsd-net@FreeBSD.ORG Sat Dec 27 15:04:48 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 30A3316A4CE; Sat, 27 Dec 2003 15:04:48 -0800 (PST) Received: from hotmail.com (bay9-f6.bay9.hotmail.com [64.4.47.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6824B43D2F; Sat, 27 Dec 2003 15:04:47 -0800 (PST) (envelope-from ganacharya_tanmay@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sat, 27 Dec 2003 15:04:47 -0800 Received: from 66.229.166.54 by by9fd.bay9.hotmail.msn.com with HTTP; Sat, 27 Dec 2003 23:04:47 GMT X-Originating-IP: [66.229.166.54] X-Originating-Email: [ganacharya_tanmay@hotmail.com] X-Sender: ganacharya_tanmay@hotmail.com From: "Tanmay Ganacharya" To: freebsd-config@freebsd.org, freebsd-arch@freebsd.org, freebsd-binup@freebsd.org, freebsd-net@freebsd.org, freebsd-questions@freebsd.org Date: Sun, 28 Dec 2003 04:34:47 +0530 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 27 Dec 2003 23:04:47.0320 (UTC) FILETIME=[D2C82580:01C3CCCD] Subject: Recording RTT and RTO values X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Dec 2003 23:04:48 -0000 Hello, I am currently using FreeBSD 4.8. I am want to record RTT and RTO values of a tcp connection. Could anyone please tell me which variables in which files hold the current RTT and RTO values. Once known I can put printfs and print these values. Also if there is any other easier way of finding these values please do let me know. Thanks in advance, Regards, Tanmay Ganacharya _________________________________________________________________ Cricket crazy? Catch the latest action. http://server1.msn.co.in/sp03/gprs/ Now on your mobile! From owner-freebsd-net@FreeBSD.ORG Sat Dec 27 15:15:49 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AD2E616A4CE; Sat, 27 Dec 2003 15:15:49 -0800 (PST) Received: from liberteks.com (rrcs-nys-24-105-169-74.biz.rr.com [24.105.169.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0557A43D49; Sat, 27 Dec 2003 15:15:47 -0800 (PST) (envelope-from owner-freebsd-config@freebsd.org) Received: from mail pickup service by liberteks.com with Microsoft SMTPSVC; Sat, 27 Dec 2003 18:16:02 -0500 thread-index: AcPMz2UnISbLjZKDQmqoK0tk7dBtvQ== Delivered-To: freebsd-config@freebsd.org X-Originating-IP: [66.229.166.54] X-Originating-Email: [ganacharya_tanmay@hotmail.com] From: "Tanmay Ganacharya" Message-ID: <000101c3cccf$6527a760$3401a8c0@Libertekscom.local> To: , , , , , "IMB Recipient 1" Content-Transfer-Encoding: 7bit Date: Sat, 27 Dec 2003 18:16:02 -0500 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1" X-OriginalArrivalTime: 27 Dec 2003 23:04:47.0320 (UTC)FILETIME=[D2C82580:01C3CCCD] X-Mailer: Microsoft CDO for Exchange 2000 X-BeenThere: freebsd-config@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Content-Class: urn:content-classes:message Importance: normal Priority: normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0 Sender: Errors-To: owner-freebsd-config@freebsd.org Subject: Recording RTT and RTO values X-BeenThere: freebsd-net@freebsd.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Dec 2003 23:15:49 -0000 Hello, I am currently using FreeBSD 4.8. I am want to record RTT and RTO values of a tcp connection. Could anyone please tell me which variables in which files hold the current RTT and RTO values. Once known I can put printfs and print these values. Also if there is any other easier way of finding these values please do let me know. Thanks in advance, Regards, Tanmay Ganacharya _________________________________________________________________ Cricket crazy? Catch the latest action. http://server1.msn.co.in/sp03/gprs/ Now on your mobile! _______________________________________________ freebsd-config@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-config To unsubscribe, send any mail to "freebsd-config-unsubscribe@freebsd.org"