From owner-freebsd-isp@FreeBSD.ORG Mon Jun 6 09:58:36 2005 Return-Path: X-Original-To: isp@freebsd.org Delivered-To: freebsd-isp@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 01A7116A41C for ; Mon, 6 Jun 2005 09:58:36 +0000 (GMT) (envelope-from inference@tilson.com) Received: from rba-cache2-vif0.saix.net (rndf-146-57-154.telkomadsl.co.za [165.146.57.154]) by mx1.FreeBSD.org (Postfix) with SMTP id 009A843D1F for ; Mon, 6 Jun 2005 09:58:34 +0000 (GMT) (envelope-from inference@tilson.com) Received: from [62.94.34.80] (port=4236 helo=[Doug]) by rba-cache2-vif0.saix.net with esmtp id 488787649klystron69855 for isp@freebsd.org; Mon, 6 Jun 2005 11:58:51 +0200 Mime-Version: 1.0 (Apple Message framework v728) Content-Transfer-Encoding: 7bit Message-Id: <2567127690.1965517311@rba-cache2-vif0.saix.net> Content-Type: text/plain; charset=US-ASCII; format=flowed To: isp@freebsd.org From: Clotilda Date: Mon, 6 Jun 2005 11:58:50 +0200 X-Mailer: Apple Mail (2.728) Cc: Subject: Loaded with technology for business and home. X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jun 2005 09:58:36 -0000 Best software prices. http://tldpwu.w30bzve7t6e3bfw.sophbisoph8.com If a pig loses its voice, is it disgruntled? We must not let our rulers load us with perpetual debt. From owner-freebsd-isp@FreeBSD.ORG Tue Jun 7 11:27:40 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C7FA216A41C for ; Tue, 7 Jun 2005 11:27:40 +0000 (GMT) (envelope-from mail@ns.tridas.net) Received: from ns.tridas.net (server1.tridas.net [64.239.69.139]) by mx1.FreeBSD.org (Postfix) with ESMTP id 74E8243D48 for ; Tue, 7 Jun 2005 11:27:40 +0000 (GMT) (envelope-from mail@ns.tridas.net) Received: from ns.tridas.net (localhost.localdomain [127.0.0.1]) by ns.tridas.net (8.12.8/8.12.8) with ESMTP id j57BRd6m024311 for ; Tue, 7 Jun 2005 07:27:39 -0400 Received: (from mail@localhost) by ns.tridas.net (8.12.8/8.12.8/Submit) id j57BRd7r024309; Tue, 7 Jun 2005 07:27:39 -0400 Date: Tue, 7 Jun 2005 07:27:39 -0400 Message-Id: <200506071127.j57BRd7r024309@ns.tridas.net> To: freebsd-isp@freebsd.org From: gtbsupport@gtb.tridas.net Subject: {100-3790} Help Desk Submission X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jun 2005 11:27:40 -0000 Thank you for submitting a support request. A summary of your request is below: ----------------------------------------------------------- Details [Submitted 7-6-2005-07:27 ] ----------------------------------------------------------- ID............: 3790 Viewing Key...: OPNIMYDO Name..........: Unregistered Subject.......: Does it matter? ----------------------------------------------------------- Registered users may login to track the status of their request : http://gtb.tridas.net/cgi-bin/pdesk.cgi Thank you, Help Desk From owner-freebsd-isp@FreeBSD.ORG Thu Jun 9 01:51:41 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DF89216A41F for ; Thu, 9 Jun 2005 01:51:40 +0000 (GMT) (envelope-from khaled.abu@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2C20343D49 for ; Thu, 9 Jun 2005 01:51:39 +0000 (GMT) (envelope-from khaled.abu@gmail.com) Received: by wproxy.gmail.com with SMTP id 69so25034wra for ; Wed, 08 Jun 2005 18:51:39 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition; b=CyV/al1NPFmfI8ZQCMnKD9FODopBiEPkJlFuSZ3cYYpWrb9AeueEEKpY51YRGEa9WxCTNCNNNUJgii5pXAnlZbNixuspKdktYaXdM/rL9X78ciLXMrxk+ZGHBygJHTM62pqPU/bLkQQO29PjD9iKGgynDULDgNH92fJxOuclD8k= Received: by 10.54.77.7 with SMTP id z7mr62733wra; Wed, 08 Jun 2005 18:51:39 -0700 (PDT) Received: by 10.54.66.16 with HTTP; Wed, 8 Jun 2005 18:51:39 -0700 (PDT) Message-ID: Date: Thu, 9 Jun 2005 04:51:39 +0300 From: Abu Khaled To: freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Cc: freebsd-isp@freebsd.org Subject: Squid transparent proxy masquerading as Client IPs X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Abu Khaled List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2005 01:51:41 -0000 Some ISPs use Linux with tproxy kernel patch to masquerade the requests from clients and make them appear as if they came from the client with no proxy connection. After digging around the squid-cache archives and mailing lists, Henrik Nordstrom suggested using tcp_outgoing_address and nat to achieve the same on FreeBSD and Squid in transparent (intercepting mode). The Idea is to assign for each Client a private IP on the Squid Server (as aliases worked fine). In squid.conf we add header_access Via deny all header_access X-Forwarded-For deny all # this removes both headers # and for each client we need acl clientxxx src =20 tcp_outgoing_address clientxxx Squid binds requests from clientxxx's to the then we nat those to the making the request appear as if it came directly from the client not the proxy. To make things easy I used two scripts. =20 1. I added the add-alias.sh script to /etc/rc.local to create the aliases on startup # < add-alias.sh > start IP=3D110 MAXIP=3D150 PRIV=3D10.10.10 ALIASIF=3D # I used lo0 to do the aliases on # Also I tested a virtual interface (netgraph) # Just to make sure no conflicts with transparent proxy rules (loops) while [ $IP -le $MAXIP ] do if !( ifconfig $ALIASIF inet $PRIV.$IP netmask 0xffffffff alias ) t= hen echo Error Creating Alias $PRIV.$IP on $ALIASIF exit fi IP=3D$(( $IP + 1 )) done # < add-alias.sh > end 2. The squid-ipnat.sh script deletes the old ipnat.conf file and creates a new one with rules for the external interface. It also creates 2 files with ACLs for squid I used it once to create the ipnat.conf file and keep it just in case I need to change the IPs (real/private). And the 2 files with ACLs for squid were used to copy and paste the ACLs to squid.conf. Oh ya backup you configuration files just in case. # < squid-ipnat.sh > start IP=3D110 MAXIP=3D150 PRIV=3D10.10.10 REAL=3Dxxx.xxx.xxx EXTIF=3D # I used the external interface for nat=20 cd rm ipnat.conf # carefull deletes old ipnat.conf file rm squid_acl.conf rm squid_tcp.conf while [ $IP -le $MAXIP ] do echo "bimap $EXTIF from $PRIV.$IP/32 to 0.0.0.0/0 port =3D 80 -> $REAL.$IP/32" >> ipnat.conf echo "acl Client$IP src $REAL.$IP" >> squid_acl.conf echo "tcp_outgoing_address $PRIV.$IP Client$IP" >> squid_tcp.conf # Client$IP is the name for the ACL expands from Client110 to Client150 # squid_acl.conf and squid_tcp.conf end in copy and paste to squid.conf both IP=3D$(( $IP + 1 )) done # < squid-ipnat.sh > end As you can see, I used IPNAT's bimap and tested the configuration for 40+ clients. My network is small and I wonder if someone can use this to test a larger network. Also test PF or IPFW/DIVERT/NAT and see what performs better or just for fun. One last note the tcp_outgoing_address does not follow the X-Forwarded-For patch and it caused me to lose my head since I had Dansguardian in front of Squid. The Delay pools followed-X fine and that caused me to think there was a problem with my configuration. After Disabling Dansguardian the configuration worked as expected. So do not wonder if it does not work if you use another proxy before squid. --=20 Kind regards Abu Khaled From owner-freebsd-isp@FreeBSD.ORG Thu Jun 9 10:30:31 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B883416A41F for ; Thu, 9 Jun 2005 10:30:31 +0000 (GMT) (envelope-from erik@microcontroller.nl) Received: from rena.mysmt.net (rena.mysmt.net [82.150.137.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id E840743D4C for ; Thu, 9 Jun 2005 10:30:30 +0000 (GMT) (envelope-from erik@microcontroller.nl) Received: (qmail 40483 invoked by uid 89); 9 Jun 2005 10:30:26 -0000 Received: by simscan 1.1.0 ppid: 40476, pid: 40478, t: 1.8758s scanners: clamav: 0.84/m:31/d:876 spam: 3.0.2 Received: from unknown (HELO 192.168.0.14) (microcon@microcontroller.nl@213.84.50.76) by 82-150-137-14.mysmt.net with SMTP; 9 Jun 2005 10:30:24 -0000 From: "Erik @ Microcontroller.nl" To: freebsd-isp@freebsd.org Content-Type: text/plain Date: Thu, 09 Jun 2005 12:35:50 +0200 Message-Id: <1118313350.4665.19.camel@tessa.mysmt.net> Mime-Version: 1.0 X-Mailer: Evolution 2.0.2 (2.0.2-3) Content-Transfer-Encoding: 7bit X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on rena.mysmt.net X-Spam-Level: X-Spam-Status: No, score=-2.5 required=4.0 tests=AWL,BAYES_00 autolearn=ham version=3.0.2 Subject: serial ata raid X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2005 10:30:31 -0000 Hi, Does anyone uses a serial ata raid controller with freebsd 5 ? More specific I would like to use the Promise TX2200 or an other simple cheap little controller only for mirroring. What is support? any experiences? Thanks for any input, -Erik. From owner-freebsd-isp@FreeBSD.ORG Thu Jun 9 13:39:00 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 46B6416A41C for ; Thu, 9 Jun 2005 13:39:00 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from mail.yazzy.org (mail.yazzy.org [217.8.140.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id E319F43D48 for ; Thu, 9 Jun 2005 13:38:59 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from localhost.localdomain (yazzy.yazzy.org [192.168.98.11]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yazzy.org (Postfix) with ESMTP id D1FAD39869; Thu, 9 Jun 2005 15:39:20 +0200 (CEST) Date: Thu, 9 Jun 2005 15:38:56 +0200 From: Marcin Jessa To: john@day-light.com Message-Id: <20050609153856.2e349f42.lists@yazzy.org> In-Reply-To: References: <20050604174732.GG79969@numachi.com> Organization: YazzY.org X-Mailer: Sylpheed version 1.0.4 (GTK+ 1.2.10; i386-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: inbound ssh ceased on 4 servers at same time X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2005 13:39:00 -0000 Hi John, guys. On Sat, 4 Jun 2005 13:14:28 -0500 "John Brooks" wrote: > Thanks, sounds good to do on the outward facing firewall. These > four freebsd boxes are protected behind an openbsd firewall so > none of the brute-force sshd attacks have ever reached them. How do you filter those brute-force attacks? Do you check existence of users on the actual server running sshd ? I get hundreds of those attacks every day. Cheers, Marcin Jessa. From owner-freebsd-isp@FreeBSD.ORG Thu Jun 9 13:55:35 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 838F016A41C for ; Thu, 9 Jun 2005 13:55:35 +0000 (GMT) (envelope-from steve.rieger@tbwachiat.com) Received: from tbwachiat.com (mercury.tbwachiat.com [204.17.229.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F96343D1F for ; Thu, 9 Jun 2005 13:55:33 +0000 (GMT) (envelope-from steve.rieger@tbwachiat.com) Received: from [10.20.4.87] steve_rieger [10.20.4.87] by tbwachiat.com with NetMail SMTP Agent $Revision: 3.22.1.16 $ on Novell NetWare via secured & encrypted transport (TLS); Thu, 09 Jun 2005 06:55:32 -0700 In-Reply-To: <1118313350.4665.19.camel@tessa.mysmt.net> References: <1118313350.4665.19.camel@tessa.mysmt.net> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <504b4d01c62d3a2a0129c093359c831b@tbwachiat.com> Content-Transfer-Encoding: 7bit From: Steve Rieger Date: Thu, 9 Jun 2005 09:55:42 -0400 To: "Erik @ Microcontroller.nl" X-Mailer: Apple Mail (2.622) Cc: freebsd-isp@freebsd.org Subject: Re: serial ata raid X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2005 13:55:35 -0000 3ware works great for me On Jun 9, 2005, at 6:35 AM, Erik @ Microcontroller.nl wrote: > Hi, > > Does anyone uses a serial ata raid controller with freebsd 5 ? > More specific I would like to use the Promise TX2200 or an other simple > cheap little controller only for mirroring. > > What is support? any experiences? > > Thanks for any input, > > -Erik. > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > > -- Steve Rieger (212) 804-1131 (Work) (646) 335-8915 (Cell) chozrim (aim) From owner-freebsd-isp@FreeBSD.ORG Thu Jun 9 13:56:29 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DA2E516A41C for ; Thu, 9 Jun 2005 13:56:29 +0000 (GMT) (envelope-from john@day-light.com) Received: from joseph.day-light.net (209-145-160-141.accessus.net [209.145.160.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9010643D53 for ; Thu, 9 Jun 2005 13:56:29 +0000 (GMT) (envelope-from john@day-light.com) Received: from w1 (unknown [10.1.5.36]) by joseph.day-light.net (Postfix) with SMTP id 49C634F3E2; Thu, 9 Jun 2005 08:56:28 -0500 (CDT) From: "John Brooks" To: "Marcin Jessa" Date: Thu, 9 Jun 2005 08:56:33 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <20050609153856.2e349f42.lists@yazzy.org> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Importance: Normal Cc: freebsd-isp@freebsd.org Subject: RE: inbound ssh ceased on 4 servers at same time X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: john@day-light.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2005 13:56:30 -0000 All traffic must pass thru the firewall in order to reach the inside network. There are no nat redirect rules for port 22, so all port 22 traffic is intercepted by the firewall. The only way to reach interior hosts is to specifically log onto the firewall and from the firewall ssh into the interior hosts. On some of my networks the firewall will only accept traffic from specific hosts, dropping all others. (sshd is running on all hosts) All of my firewalls are running hardened versions of OpenBSD. All of the servers behind the firewalls are running FreeBSD. -- John Brooks john@day-light.com > -----Original Message----- > From: Marcin Jessa [mailto:lists@yazzy.org] > Sent: Thursday, June 09, 2005 8:39 AM > To: john@day-light.com > Cc: freebsd-isp@freebsd.org > Subject: Re: inbound ssh ceased on 4 servers at same time > > > Hi John, guys. > > On Sat, 4 Jun 2005 13:14:28 -0500 > "John Brooks" wrote: > > > Thanks, sounds good to do on the outward facing firewall. These > > four freebsd boxes are protected behind an openbsd firewall so > > none of the brute-force sshd attacks have ever reached them. > > How do you filter those brute-force attacks? > Do you check existence of users on the actual server running sshd ? > I get hundreds of those attacks every day. > > Cheers, > Marcin Jessa. > From owner-freebsd-isp@FreeBSD.ORG Thu Jun 9 14:35:08 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1556316A41C for ; Thu, 9 Jun 2005 14:35:08 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from mail.yazzy.org (mail.yazzy.org [217.8.140.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id A9EFF43D1F for ; Thu, 9 Jun 2005 14:35:07 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from localhost.localdomain (yazzy.yazzy.org [192.168.98.11]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yazzy.org (Postfix) with ESMTP id 4261839866; Thu, 9 Jun 2005 16:35:29 +0200 (CEST) Date: Thu, 9 Jun 2005 16:35:04 +0200 From: Marcin Jessa To: john@day-light.com Message-Id: <20050609163504.45737ba4.lists@yazzy.org> In-Reply-To: References: <20050609153856.2e349f42.lists@yazzy.org> Organization: YazzY.org X-Mailer: Sylpheed version 1.0.4 (GTK+ 1.2.10; i386-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: inbound ssh ceased on 4 servers at same time X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2005 14:35:08 -0000 Hi. I know of a patch which locks out ssh users after X unsecessfull attempts (with possibility of whitelisting). I think the guys from pfsense use it or at least have that patch somewhere. I thought OpenBSD had an option in sshd or/and pf for that as well. Thanks for the answer John. Cheers, Marcin. On Thu, 9 Jun 2005 08:56:33 -0500 "John Brooks" wrote: > All traffic must pass thru the firewall in order to reach the > inside network. There are no nat redirect rules for port 22, so > all port 22 traffic is intercepted by the firewall. The only > way to reach interior hosts is to specifically log onto the firewall > and from the firewall ssh into the interior hosts. > > On some of my networks the firewall will only accept traffic from > specific hosts, dropping all others. (sshd is running on all hosts) > All of my firewalls are running hardened versions of OpenBSD. All > of the servers behind the firewalls are running FreeBSD. > > -- > John Brooks > john@day-light.com > > > -----Original Message----- > > From: Marcin Jessa [mailto:lists@yazzy.org] > > Sent: Thursday, June 09, 2005 8:39 AM > > To: john@day-light.com > > Cc: freebsd-isp@freebsd.org > > Subject: Re: inbound ssh ceased on 4 servers at same time > > > > > > Hi John, guys. > > > > On Sat, 4 Jun 2005 13:14:28 -0500 > > "John Brooks" wrote: > > > > > Thanks, sounds good to do on the outward facing firewall. These > > > four freebsd boxes are protected behind an openbsd firewall so > > > none of the brute-force sshd attacks have ever reached them. > > > > How do you filter those brute-force attacks? > > Do you check existence of users on the actual server running sshd ? > > I get hundreds of those attacks every day. > > > > Cheers, > > Marcin Jessa. > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Thu Jun 9 17:30:30 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4332516A41C for ; Thu, 9 Jun 2005 17:30:30 +0000 (GMT) (envelope-from ovidiue@unixware.ro) Received: from mail3.dr.myx.net (ns3.dr.myx.net [217.10.193.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id F069C43D58 for ; Thu, 9 Jun 2005 17:30:29 +0000 (GMT) (envelope-from ovidiue@unixware.ro) Received: by mail3.dr.myx.net (mydomain.myx.net, from userid 48) id 1CEA63B83B7; Thu, 9 Jun 2005 20:30:28 +0300 (EEST) Received: from 82.79.133.215 ([82.79.133.215]) by webmail.unixware.ro (Webmail) with HTTP for ; Thu, 9 Jun 2005 20:30:27 +0300 Message-ID: <1118338227.42a87cb3f27f1@webmail.unixware.ro> Date: Thu, 9 Jun 2005 20:30:27 +0300 From: ovidiue@unixware.ro To: freebsd-isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit User-Agent: MyDomain Webmail X-Originating-IP: 82.79.133.215 Subject: (no subject) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2005 17:30:30 -0000 Hello I've tried to optimize the speed using PPPoEd. I have a FreeBSD Box (5.4) and 4 windoze boxes (win xp, 2000 and 98) Without PPPoEd, the download speed is at 100mbps from FreeBSD box to windows boxes and 80 mbps from a windoze box to another. if i conect all windoze to pppoed freebsd server the download speed from freebsd to windoze is 80 mbps but the speed from one windoze box to another is too slow almost 10 mbps. why is that? If more clients are added the speed will be at 800 kbps. One single client when is connected to server via pppoed (100mbps) it uses 8% of CPU on a Pentium IV at 2.4 Ghz, all other process remains at 0 % of CPU. i've tried a lot of optimizing solutions but none worked. i've changed MTU, MRU (lower than 1492) from pppoed and tried other pppoed parameters anyone have experience with that? (for windoze box i use pppoe suport from win xp and raspppoe for windoze 2000 and 98) i do not have any pipe, i use a simple firewall with ipfw ovidiu From owner-freebsd-isp@FreeBSD.ORG Thu Jun 9 19:06:23 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5222B16A41C for ; Thu, 9 Jun 2005 19:06:23 +0000 (GMT) (envelope-from ovidiue@unixware.ro) Received: from mail3.dr.myx.net (ns3.dr.myx.net [217.10.193.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 09BB543D48 for ; Thu, 9 Jun 2005 19:06:22 +0000 (GMT) (envelope-from ovidiue@unixware.ro) Received: by mail3.dr.myx.net (mydomain.myx.net, from userid 48) id CE0253B82FD; Thu, 9 Jun 2005 22:06:19 +0300 (EEST) Received: from 82.79.133.215 ([82.79.133.215]) by webmail.unixware.ro (Webmail) with HTTP for ; Thu, 9 Jun 2005 22:06:19 +0300 Message-ID: <1118343979.42a8932bb64b8@webmail.unixware.ro> Date: Thu, 9 Jun 2005 22:06:19 +0300 From: ovidiue@unixware.ro To: freebsd-isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit User-Agent: MyDomain Webmail X-Originating-IP: 82.79.133.215 Subject: pppoed tuning advice X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2005 19:06:23 -0000 Hello I've tried to optimize the speed using PPPoEd. I have a FreeBSD Box (5.4) and 4 windoze boxes (win xp, 2000 and 98) Without PPPoEd, the download speed is at 100mbps from FreeBSD box to windows boxes and 80 mbps from a windoze box to another. if i conect all windoze to pppoed freebsd server the download speed from freebsd to windoze is 80 mbps but the speed from one windoze box to another is too slow almost 10 mbps. why is that? If I have 4 or more users the speed slows down at 800 kbps, on a 100 mbps lan (when a user is using ftp to the router). Also when a single user copy a file from router the used CPU is 8%, the router is a Pentium IV at 2,4 Ghz, and it seems too much cpu is consumed. When not downloading files from router the ppp process uses 0% of cpu. i've tried a lot of optimizing solutions but none worked. i've changed MTU, MRU (lower than 1492) from pppoed and tried other pppoed parameters anyone have experience with that? (for windoze box i use pppoe suport from win xp and raspppoe for windoze 2000 and 98) I do not have any pipe, i use a simple firewall with ipfw ovidiu From owner-freebsd-isp@FreeBSD.ORG Sat Jun 11 11:00:50 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EE21316A41C for ; Sat, 11 Jun 2005 11:00:50 +0000 (GMT) (envelope-from fighters@domainforte.com) Received: from 254.172.broadband2.iol.cz (254.172.broadband2.iol.cz [83.208.172.254]) by mx1.FreeBSD.org (Postfix) with SMTP id 071AE43D53 for ; Sat, 11 Jun 2005 11:00:49 +0000 (GMT) (envelope-from fighters@domainforte.com) Received: from [39.95.222.70] (port=4190 helo=[Belgium]) by 254.172.broadband2.iol.cz with esmtp id 1438104100legend78431 for freebsd-isp@freebsd.org; Sat, 11 Jun 2005 13:00:49 +0200 Mime-Version: 1.0 (Apple Message framework v728) Content-Transfer-Encoding: 7bit Message-Id: <2945018008.107269110419@254.172.broadband2.iol.cz> Content-Type: text/plain; charset=US-ASCII; format=flowed To: freebsd-isp@freebsd.org From: Ophelia Date: Sat, 11 Jun 2005 13:00:48 +0200 X-Mailer: Apple Mail (2.728) Subject: You have not tried Cialis yet? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Jun 2005 11:00:51 -0000 Improve your erections in 30 minutes! http://beets.yourowndoctor.info/?joyouslyxtvuyAlgolzvpeconomizes Give me a place to stand, and I will move the Earth. ..the fog is rising. To err is human. (Errare Humanum Est) In heaven all the interesting people are missing.