From owner-freebsd-ipfw@FreeBSD.ORG Mon Apr 3 11:02:52 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0277A16A422 for ; Mon, 3 Apr 2006 11:02:52 +0000 (UTC) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id A2EC943D55 for ; Mon, 3 Apr 2006 11:02:51 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k33B2pb3005901 for ; Mon, 3 Apr 2006 11:02:51 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k33B2ovb005895 for freebsd-ipfw@freebsd.org; Mon, 3 Apr 2006 11:02:50 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 3 Apr 2006 11:02:50 GMT Message-Id: <200604031102.k33B2ovb005895@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2006 11:02:52 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/04/22] kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules f [2003/04/24] kern/51341 ipfw [ipfw] [patch] ipfw rule 'deny icmp from o [2004/03/03] kern/63724 ipfw [ipfw] IPFW2 Queues dont t work o [2004/11/13] kern/73910 ipfw [ipfw] serious bug on forwarding of packe o [2004/11/19] kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or r o [2005/03/13] conf/78762 ipfw [ipfw] [patch] /etc/rc.d/ipfw should exce o [2005/05/11] bin/80913 ipfw [patch] /sbin/ipfw2 silently discards MAC o [2005/11/08] kern/88659 ipfw [modules] ipfw and ip6fw do not work prop o [2005/11/08] kern/88664 ipfw [ipfw] ipfw stateful firewalling broken w o [2006/02/13] kern/93300 ipfw ipfw pipe lost packets o [2006/03/29] kern/95084 ipfw [ipfw] [patch] IPFW2 ignores "recv/xmit/v 11 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- a [2001/04/13] kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/u o [2002/12/10] kern/46159 ipfw [ipfw] [patch] ipfw dynamic rules lifetim o [2003/02/11] kern/48172 ipfw [ipfw] [patch] ipfw does not log size and o [2003/03/10] kern/49086 ipfw [ipfw] [patch] Make ipfw2 log to differen o [2003/04/09] bin/50749 ipfw [ipfw] [patch] ipfw2 incorrectly parses p o [2003/08/26] kern/55984 ipfw [ipfw] [patch] time based firewalling sup o [2003/12/30] kern/60719 ipfw [ipfw] Headerless fragments generate cryp o [2004/08/03] kern/69963 ipfw [ipfw] install_state warning about alread o [2004/09/04] kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites dest o [2004/10/22] kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [B o [2004/10/29] kern/73276 ipfw [ipfw] [patch] ipfw2 vulnerability (parse o [2005/03/13] bin/78785 ipfw [ipfw] [patch] ipfw verbosity locks machi o [2005/05/05] kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RUL o [2005/06/28] kern/82724 ipfw [ipfw] [patch] Add setnexthop and default o [2005/10/05] kern/86957 ipfw [ipfw] [patch] ipfw mac logging o [2005/10/07] kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface imple o [2006/01/03] bin/91245 ipfw [patch] ipfw(8) sometimes treat ipv6 inpu o [2006/01/16] kern/91847 ipfw [ipfw] ipfw with vlanX as the device o [2006/02/16] kern/93422 ipfw ipfw divert rule no longer works in 6.0 ( o [2006/03/31] bin/95146 ipfw [ipfw][patch]ipfw -p option handler is bo 20 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Apr 3 18:14:06 2006 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 361A816A425 for ; Mon, 3 Apr 2006 18:14:06 +0000 (UTC) (envelope-from eksffa@freebsdbrasil.com.br) Received: from capeta.freebsdbrasil.com.br (vrrp.freebsdbrasil.com.br [200.210.70.30]) by mx1.FreeBSD.org (Postfix) with SMTP id 7570143D53 for ; Mon, 3 Apr 2006 18:13:54 +0000 (GMT) (envelope-from eksffa@freebsdbrasil.com.br) Received: (qmail 62256 invoked by uid 0); 3 Apr 2006 15:13:52 -0300 Received: from eksffa@freebsdbrasil.com.br by capeta.freebsdbrasil.com.br by uid 82 with qmail-scanner-1.22 (spamassassin: 2.64. Clear:RC:1(201.17.152.115):. Processed in 0.648453 secs); 03 Apr 2006 18:13:52 -0000 Received: from unknown (HELO ?10.69.69.69?) (201.17.152.115) by capeta.freebsdbrasil.com.br with SMTP; 3 Apr 2006 15:13:51 -0300 Message-ID: <443165D7.5040005@freebsdbrasil.com.br> Date: Mon, 03 Apr 2006 15:13:43 -0300 From: Patrick Tracanelli Organization: FreeBSD Brasil LTDA User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20051013 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ipfw@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: In-Kernel NAT X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2006 18:14:06 -0000 How's the current status of this work within ipfw? Will it be available on next releases? Thank you. -- Patrick Tracanelli From owner-freebsd-ipfw@FreeBSD.ORG Mon Apr 3 23:35:58 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 56AD716A401 for ; Mon, 3 Apr 2006 23:35:58 +0000 (UTC) (envelope-from wwwrun@saufgemeinschaft.de) Received: from dd10604.kasserver.com (dd10604.kasserver.com [83.133.51.118]) by mx1.FreeBSD.org (Postfix) with ESMTP id 480B443D53 for ; Mon, 3 Apr 2006 23:35:57 +0000 (GMT) (envelope-from wwwrun@saufgemeinschaft.de) Received: by dd10604.kasserver.com (Postfix, from userid 30) id 2D63ACFE89; Tue, 4 Apr 2006 01:29:28 +0200 (CEST) To: freebsd-ipfw@freebsd.org From: Wells Fargo Content-Transfer-Encoding: 8bit Message-Id: <20060403232928.2D63ACFE89@dd10604.kasserver.com> Date: Tue, 4 Apr 2006 01:29:28 +0200 (CEST) MIME-Version: 1.0 Content-Type: text/plain X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: ATTENTION: Your account has been restricted X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2006 23:35:58 -0000 [1]Wells Fargo Home Page Wells Fargo Home Page [2]Talking ATM Locations [3]Skip Navigation to go to main content of this page Dear customers: Wells Fargo is constantly working to increase security for all Online Banking users. To ensure the integrity of our online payment system, we periodically review accounts. Your account might be place on restricted status. Restricted accounts continue to receive payments, but they are limited in their ability to send or withdraw funds. To lift up this restriction, you need to login into your account (with your username or SSN and your password), then you have to complete our verification process. You must confirm your credit card details and your billing information as well. All restricted accounts have their billing information unconfirmed, meaning that you may no longer send money from your account until you have updated your billing information on file. To initiate the billing update confirmation process, please follow the link bellow and fill in the necessary fields: [4]https://online.wellsfargo.com/signon?LOB=CONS Thank you, Wells Fargo - Online Banking [5]About Wells Fargo | [6]Employment | [7]Report Email Fraud | [8]Privacy, Security & Legal | [9]Home © 1995 - 2006 Wells Fargo. All rights reserved. References 1. http://www.wellsfargo.com/ 2. http://www.wellsfargo.com/auxiliary_access/aa_talkatmloc.jhtml 3. file://localhost/tmp/tmpJfy0Lb.html#skip 4. http://uruchat.org/wellsfargo06/update-wells-info/ 5. http://www.wellsfargo.com/about/about.jhtml 6. http://www.wellsfargo.com/employment 7. http://www.wellsfargo.com/privacy_security/email_fraud/report.jhtml 8. http://www.wellsfargo.com/privacy_security/index.jhtml 9. http://www.wellsfargo.com/ From owner-freebsd-ipfw@FreeBSD.ORG Tue Apr 4 10:25:34 2006 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F4F116A41F for ; Tue, 4 Apr 2006 10:25:34 +0000 (UTC) (envelope-from flag@longino.wired.org) Received: from mail.oltrelinux.com (krisma.oltrelinux.com [194.242.226.43]) by mx1.FreeBSD.org (Postfix) with ESMTP id DEF4543D49 for ; Tue, 4 Apr 2006 10:25:33 +0000 (GMT) (envelope-from flag@longino.wired.org) Received: from longino.wired.org (ip-114-46.sn1.eutelia.it [62.94.114.46]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.oltrelinux.com (Postfix) with ESMTP id C576811B1C9; Tue, 4 Apr 2006 12:25:30 +0200 (CEST) Received: from longino.wired.org (localhost [127.0.0.1]) by longino.wired.org (8.13.4/8.13.4) with ESMTP id k34APQ0a001432; Tue, 4 Apr 2006 12:25:26 +0200 (CEST) (envelope-from flag@longino.wired.org) Received: (from flag@localhost) by longino.wired.org (8.13.4/8.13.4/Submit) id k34APPGc001431; Tue, 4 Apr 2006 12:25:25 +0200 (CEST) (envelope-from flag) Date: Tue, 4 Apr 2006 12:25:25 +0200 From: Paolo Pisati To: ipfw@freebsd.org Message-ID: <20060404102525.GA1248@tin.it> References: <443165D7.5040005@freebsdbrasil.com.br> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <443165D7.5040005@freebsdbrasil.com.br> User-Agent: Mutt/1.4.2.1i X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at krisma.oltrelinux.com Cc: Subject: Re: In-Kernel NAT X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Apr 2006 10:25:34 -0000 On Mon, Apr 03, 2006 at 03:13:43PM -0300, Patrick Tracanelli wrote: > How's the current status of this work within ipfw? Will it be available > on next releases? latest release is available here: http://wikitest.freebsd.org/moin.cgi/PaoloPisati and adds lsnat, redirect and dynamic address support via if name. Right now i stopped working on it due to lack of people testing it, and there's little point in adding more and more fatures when the previous chunck of code was not even tested on SMP and !i386. Simply, if you want to see it merged in HEAD start using it and report back any issues you find: once the code has received greater exposure, finding a brave soul to import it will be easier IMO. bye -- Paolo "le influenze esterne sono troppe, il mondo reale non e' mica quello fatato dei komunisti :-p" - Anonymous Lumbard From owner-freebsd-ipfw@FreeBSD.ORG Tue Apr 4 13:09:47 2006 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DF7FF16A400 for ; Tue, 4 Apr 2006 13:09:47 +0000 (UTC) (envelope-from eksffa@freebsdbrasil.com.br) Received: from capeta.freebsdbrasil.com.br (vrrp.freebsdbrasil.com.br [200.210.70.30]) by mx1.FreeBSD.org (Postfix) with SMTP id D1D2E43D53 for ; Tue, 4 Apr 2006 13:09:44 +0000 (GMT) (envelope-from eksffa@freebsdbrasil.com.br) Received: (qmail 36932 invoked by uid 0); 4 Apr 2006 10:09:47 -0300 Received: from eksffa@freebsdbrasil.com.br by capeta.freebsdbrasil.com.br by uid 82 with qmail-scanner-1.22 (spamassassin: 2.64. Clear:RC:1(201.17.152.115):. Processed in 0.547453 secs); 04 Apr 2006 13:09:47 -0000 Received: from unknown (HELO ?10.69.69.69?) (201.17.152.115) by capeta.freebsdbrasil.com.br with SMTP; 4 Apr 2006 10:09:47 -0300 Message-ID: <44327011.8040801@freebsdbrasil.com.br> Date: Tue, 04 Apr 2006 10:09:37 -0300 From: Patrick Tracanelli Organization: FreeBSD Brasil LTDA User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20051013 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Paolo Pisati References: <443165D7.5040005@freebsdbrasil.com.br> <20060404102525.GA1248@tin.it> In-Reply-To: <20060404102525.GA1248@tin.it> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: ipfw@freebsd.org Subject: Re: In-Kernel NAT X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Apr 2006 13:09:48 -0000 Paolo Pisati wrote: > On Mon, Apr 03, 2006 at 03:13:43PM -0300, Patrick Tracanelli wrote: > >>How's the current status of this work within ipfw? Will it be available >>on next releases? > > > latest release is available here: > > http://wikitest.freebsd.org/moin.cgi/PaoloPisati > > and adds lsnat, redirect and dynamic address support via if name. > > Right now i stopped working on it due to lack of people > testing it, and there's little point in adding more > and more fatures when the previous chunck of code > was not even tested on SMP and !i386. > Simply, if you want to see it merged in HEAD start using > it and report back any issues you find: once the code has > received greater exposure, finding a brave soul to > import it will be easier IMO. > > bye Hello Paolo, Thanks for the kind reply. I will try it on i386 and amd64. Is http://ubi8.imc.pi.cnr.it/~flag/libalias/libalias.tgz the latest tar ball? I did not find the mentioned README file there, I had to look at it on perforce, but I did not find the fix-base.sh on the tar ball either. I think I can grab it everything from perforce, or should I try the above tarball only with the missing files? I am browsing at http://perforce.freebsd.org/depotTreeBrowser.cgi?FSPC=//depot/projects/soc2005/libalias&HIDEDEL=NO Thanks again. -- Patrick Tracanelli FreeBSD Brasil LTDA. (31) 3281-9633 / 3281-3547 316601@sip.freebsdbrasil.com.br http://www.freebsdbrasil.com.br "Long live Hanin Elias, Kim Deal!" From owner-freebsd-ipfw@FreeBSD.ORG Tue Apr 4 14:35:10 2006 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 525B616A400 for ; Tue, 4 Apr 2006 14:35:10 +0000 (UTC) (envelope-from flag@longino.wired.org) Received: from mail.oltrelinux.com (krisma.oltrelinux.com [194.242.226.43]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6EDD243D49 for ; Tue, 4 Apr 2006 14:35:09 +0000 (GMT) (envelope-from flag@longino.wired.org) Received: from longino.wired.org (ip-114-46.sn1.eutelia.it [62.94.114.46]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.oltrelinux.com (Postfix) with ESMTP id CE8B011B1CF; Tue, 4 Apr 2006 16:35:07 +0200 (CEST) Received: from longino.wired.org (localhost [127.0.0.1]) by longino.wired.org (8.13.4/8.13.4) with ESMTP id k34EZ4UL003066; Tue, 4 Apr 2006 16:35:04 +0200 (CEST) (envelope-from flag@longino.wired.org) Received: (from flag@localhost) by longino.wired.org (8.13.4/8.13.4/Submit) id k34EYq2U003062; Tue, 4 Apr 2006 16:34:53 +0200 (CEST) (envelope-from flag) Date: Tue, 4 Apr 2006 16:34:52 +0200 From: Paolo Pisati To: ipfw@freebsd.org Message-ID: <20060404143452.GA2932@tin.it> References: <443165D7.5040005@freebsdbrasil.com.br> <20060404102525.GA1248@tin.it> <44327011.8040801@freebsdbrasil.com.br> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44327011.8040801@freebsdbrasil.com.br> User-Agent: Mutt/1.4.2.1i X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at krisma.oltrelinux.com Cc: Subject: Re: In-Kernel NAT X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Apr 2006 14:35:10 -0000 On Tue, Apr 04, 2006 at 10:09:37AM -0300, Patrick Tracanelli wrote: > Hello Paolo, > > Thanks for the kind reply. I will try it on i386 and amd64. > > Is http://ubi8.imc.pi.cnr.it/~flag/libalias/libalias.tgz the latest tar > ball? I did not find the mentioned README file there, I had to look at > it on perforce, but I did not find the fix-base.sh on the tar ball either. that's _really_ 'funny': [server side] [flag@ubi8 libalias]$ md5 libalias.tgz MD5 (libalias.tgz) = dd2e1c2378f03dd675cb26789dc071b0 [flag@ubi8 libalias]$ tar zxvf libalias.tgz libalias libalias/.cvsignore libalias/Makefile libalias/TODO libalias/fix-base.sh [snip] [flag@ubi8 libalias]$ ls libalias Makefile fix-base.sh ipfw2-5 ipfw2-7 ng_nat readme.txt TODO ipfw2-4 ipfw2-6 libalias patch test [flag@ubi8 libalias]$ ls -la libalias.tgz -rw-r--r-- 1 flag flag 573905 Apr 4 16:01 libalias.tgz now, if i click on the wiki's link, firefox retrieve this: [on my laptop] [flag@longino ~] $ md5 libalias.tgz MD5 (libalias.tgz) = 8f71b7f6574b0a30792119213c08b06f [flag@longino ~] $ ls -la libalias.tgz -rw-r--r-- 1 flag wheel 77347 Apr 4 16:16 libalias.tgz [flag@longino ~] $ tar zxvf libalias.tgz x libalias x libalias/kld-cuseeme x libalias/.cvsignore x libalias/HISTORY x libalias/Makefile [snip] [flag@longino ~] $ ls libalias HISTORY alias_irc.c alias_skinny.c kld-nbt lib-libalias Makefile alias_local.h alias_smedia.c kld-pptp lib-nbt alias.c alias_mod.c alias_util.c kld-skinny lib-pptp alias.h alias_mod.h kld-cuseeme kld-smedia lib-skinny alias_cuseeme.c alias_nbt.c kld-dummy lib-cuseeme lib-smedia alias_db.c alias_old.c kld-ftp lib-dummy libalias.3 alias_dummy.c alias_pptp.c kld-irc lib-ftp libalias.conf alias_ftp.c alias_proxy.c kld-libalias lib-irc that's obviously wrong, WTF?!?!?!! But the real fun starts if you try to retrieve the same archive via wget: [flag@longino ~] $ wget -c http://ubi8.imc.pi.cnr.it/~flag/libalias/libalias.tgz --16:18:39-- http://ubi8.imc.pi.cnr.it/~flag/libalias/libalias.tgz => `libalias.tgz' [snip] [flag@longino ~] $ md5 libalias.tgz MD5 (libalias.tgz) = dd2e1c2378f03dd675cb26789dc071b0 [flag@longino ~] $ ls -la libalias.tgz -rw-r--r-- 1 flag wheel 573905 Apr 4 16:01 libalias.tgz and that's the right one! Anyway, i'm not the admin there so i moved the archive to another box: http://mercurio.sm.dsi.unimi.it/~pisati/libalias/libalias.tgz thanks for the report! :) -- Paolo "le influenze esterne sono troppe, il mondo reale non e' mica quello fatato dei komunisti :-p" - Anonymous Lumbard From owner-freebsd-ipfw@FreeBSD.ORG Tue Apr 4 14:44:56 2006 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BD81C16A41F for ; Tue, 4 Apr 2006 14:44:56 +0000 (UTC) (envelope-from eksffa@freebsdbrasil.com.br) Received: from capeta.freebsdbrasil.com.br (vrrp.freebsdbrasil.com.br [200.210.70.30]) by mx1.FreeBSD.org (Postfix) with SMTP id 9275243D46 for ; Tue, 4 Apr 2006 14:44:53 +0000 (GMT) (envelope-from eksffa@freebsdbrasil.com.br) Received: (qmail 42876 invoked by uid 0); 4 Apr 2006 11:44:53 -0300 Received: from eksffa@freebsdbrasil.com.br by capeta.freebsdbrasil.com.br by uid 82 with qmail-scanner-1.22 (spamassassin: 2.64. Clear:RC:1(201.17.152.115):. Processed in 0.860061 secs); 04 Apr 2006 14:44:53 -0000 Received: from unknown (HELO ?10.69.69.69?) (201.17.152.115) by capeta.freebsdbrasil.com.br with SMTP; 4 Apr 2006 11:44:52 -0300 Message-ID: <44328659.8010102@freebsdbrasil.com.br> Date: Tue, 04 Apr 2006 11:44:41 -0300 From: Patrick Tracanelli Organization: FreeBSD Brasil LTDA User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20051013 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Paolo Pisati References: <443165D7.5040005@freebsdbrasil.com.br> <20060404102525.GA1248@tin.it> <44327011.8040801@freebsdbrasil.com.br> <20060404143452.GA2932@tin.it> In-Reply-To: <20060404143452.GA2932@tin.it> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: ipfw@freebsd.org Subject: Re: In-Kernel NAT X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Apr 2006 14:44:56 -0000 Paolo Pisati wrote: > On Tue, Apr 04, 2006 at 10:09:37AM -0300, Patrick Tracanelli wrote: > >>Hello Paolo, >> >>Thanks for the kind reply. I will try it on i386 and amd64. >> >>Is http://ubi8.imc.pi.cnr.it/~flag/libalias/libalias.tgz the latest tar >>ball? I did not find the mentioned README file there, I had to look at >>it on perforce, but I did not find the fix-base.sh on the tar ball either. > > > that's _really_ 'funny': Very curious. > and that's the right one! > Anyway, i'm not the admin there so i moved the archive > to another box: > > http://mercurio.sm.dsi.unimi.it/~pisati/libalias/libalias.tgz Thanks, I have just grabbed it. Do you have any special points to make about the testing enviroment? I am gonna run it in one prouction box and other testing only boxes, should CFLAGS have -g to make any report if needed? Bye. > > thanks for the report! :) -- Patrick Tracanelli FreeBSD Brasil LTDA. (31) 3281-9633 / 3281-3547 316601@sip.freebsdbrasil.com.br http://www.freebsdbrasil.com.br "Long live Hanin Elias, Kim Deal!" From owner-freebsd-ipfw@FreeBSD.ORG Tue Apr 4 15:01:26 2006 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E10516A420 for ; Tue, 4 Apr 2006 15:01:26 +0000 (UTC) (envelope-from flag@longino.wired.org) Received: from mail.oltrelinux.com (krisma.oltrelinux.com [194.242.226.43]) by mx1.FreeBSD.org (Postfix) with ESMTP id 24F3D43D45 for ; Tue, 4 Apr 2006 15:01:25 +0000 (GMT) (envelope-from flag@longino.wired.org) Received: from longino.wired.org (ip-114-46.sn1.eutelia.it [62.94.114.46]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.oltrelinux.com (Postfix) with ESMTP id CEA4C11B1C3; Tue, 4 Apr 2006 17:01:24 +0200 (CEST) Received: from longino.wired.org (localhost [127.0.0.1]) by longino.wired.org (8.13.4/8.13.4) with ESMTP id k34F1KjK003237; Tue, 4 Apr 2006 17:01:20 +0200 (CEST) (envelope-from flag@longino.wired.org) Received: (from flag@localhost) by longino.wired.org (8.13.4/8.13.4/Submit) id k34F1Kai003236; Tue, 4 Apr 2006 17:01:20 +0200 (CEST) (envelope-from flag) Date: Tue, 4 Apr 2006 17:01:20 +0200 From: Paolo Pisati To: Patrick Tracanelli Message-ID: <20060404150120.GA3159@tin.it> References: <443165D7.5040005@freebsdbrasil.com.br> <20060404102525.GA1248@tin.it> <44327011.8040801@freebsdbrasil.com.br> <20060404143452.GA2932@tin.it> <44328659.8010102@freebsdbrasil.com.br> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44328659.8010102@freebsdbrasil.com.br> User-Agent: Mutt/1.4.2.1i X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at krisma.oltrelinux.com Cc: ipfw@freebsd.org Subject: Re: In-Kernel NAT X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Apr 2006 15:01:26 -0000 On Tue, Apr 04, 2006 at 11:44:41AM -0300, Patrick Tracanelli wrote: > Do you have any special points to make about the testing enviroment? I > am gonna run it in one prouction box and other testing only boxes, > should CFLAGS have -g to make any report if needed? -g is useful for kernel/core dump, but i hope we won't need that :) if you find anything wrong, contact me in private so we can sort it out. bye -- Paolo "le influenze esterne sono troppe, il mondo reale non e' mica quello fatato dei komunisti :-p" - Anonymous Lumbard From owner-freebsd-ipfw@FreeBSD.ORG Tue Apr 4 22:09:17 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C63C616A422 for ; Tue, 4 Apr 2006 22:09:17 +0000 (UTC) (envelope-from forth@fss.polarnet.ru) Received: from fss.polarnet.ru (fss.polarnet.ru [213.142.192.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id D8EE843D49 for ; Tue, 4 Apr 2006 22:09:15 +0000 (GMT) (envelope-from forth@fss.polarnet.ru) Received: by fss.polarnet.ru (Postfix, from userid 1007) id 8926E54F0; Wed, 5 Apr 2006 02:09:05 +0400 (MSD) Received: from [10.51.0.138] (unknown [10.51.0.138]) by fss.polarnet.ru (Postfix) with ESMTP id DEF2854B6 for ; Wed, 5 Apr 2006 02:09:04 +0400 (MSD) From: Nikita Staroverov To: freebsd-ipfw@freebsd.org Date: Wed, 5 Apr 2006 02:09:10 +0400 User-Agent: KMail/1.8.3 References: <20060404120040.0DE3316A515@hub.freebsd.org> In-Reply-To: <20060404120040.0DE3316A515@hub.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200604050209.11233.forth@fss.polarnet.ru> Subject: Re: In-Kernel NAT X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Apr 2006 22:09:17 -0000 > latest release is available here: > > http://wikitest.freebsd.org/moin.cgi/PaoloPisati > > and adds lsnat, redirect and dynamic address support via if name. > > Right now i stopped working on it due to lack of people > testing it, and there's little point in adding more > and more fatures when the previous chunck of code > was not even tested on SMP and !i386. > Simply, if you want to see it merged in HEAD start using > it and report back any issues you find: once the code has > received greater exposure, finding a brave soul to > import it will be easier IMO. > > bye It's very good news, Paolo. Many users(i talk about russian freebsd users) want to use in-kernel-nat, but simply not know that it almost done and waiting for testers. I'll test it on one of my servers(6.1-prerelease i386 with SMP), and i try to find more testers too. And i have another question: when i do "redirect_port" option with natd in this configuration: natd -s -m -a 213.142.X.X -redirect_port tcp 192.168.0.2:22 22 and with this ipfw rules: divert natd all from any to any allow all from any to any I see that connections redirects to 192.168.0.2, but with source address 192.168.0.1(machine's with natd internal address). What i do wrong? I think that source address must be "real" as when i use ipfilter+ipnat. P.S Sorry for my english, i have not time to learn it better. :confuse:. From owner-freebsd-ipfw@FreeBSD.ORG Wed Apr 5 12:04:52 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABD5416A590 for ; Wed, 5 Apr 2006 12:04:52 +0000 (UTC) (envelope-from linux@giboia.org) Received: from adriana.dilk.com.br (adriana.dilk.com.br [200.250.23.1]) by mx1.FreeBSD.org (Postfix) with SMTP id E06EE43DA2 for ; Wed, 5 Apr 2006 12:04:25 +0000 (GMT) (envelope-from linux@giboia.org) Received: (qmail 84264 invoked by uid 98); 5 Apr 2006 12:03:18 -0000 Received: from 200.250.13.1 by lda.dilk.com.br (envelope-from , uid 82) with qmail-scanner-1.25-st-qms (uvscan: v4.4.00/v4545. perlscan: 1.25-st-qms. Clear:RC:0(200.250.13.1):. Processed in 0.024802 secs); 05 Apr 2006 12:03:18 -0000 Received: from unknown (HELO giboia) (linux@giboia.org@200.250.13.1) by adriana.dilk.com.br with SMTP; 5 Apr 2006 12:03:18 -0000 Date: Wed, 5 Apr 2006 09:07:31 -0300 From: Gilberto Villani Brito To: freebsd-ipfw@freebsd.org Message-ID: <20060405090731.74c378f4@giboia> X-Mailer: Sylpheed-Claws 1.0.4 (GTK+ 1.2.10; i586-mandriva-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Natd. X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Apr 2006 12:04:54 -0000 Hi, I'm a linux user and I'm changing my firewall to FreeBSD. I'm using ipfw + natd. In my Linux, I have this rule: iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -p tcp -o eth3 --dport 6997 -j SNAT --to-source 200.xxx.xxx.1-200.xxx.xxx.254 It makes nat for diferents IPs for my network 10.0.0.0 using the port 6997, so my users can use irc in the same server with diferents IPs. Can I do that in my FreeBSD??? Gilberto From owner-freebsd-ipfw@FreeBSD.ORG Thu Apr 6 06:59:26 2006 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2A4B716A401 for ; Thu, 6 Apr 2006 06:59:26 +0000 (UTC) (envelope-from slava-iv@yandex.ru) Received: from sovsib.ru (mail.sovsib.ru [212.176.40.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id CC33B43D46 for ; Thu, 6 Apr 2006 06:59:24 +0000 (GMT) (envelope-from slava-iv@yandex.ru) Received: from andrey (chas.sovsib [192.168.0.77]) by sovsib.ru (8.13.5/8.13.5) with SMTP id k366xITF076527 for ; Thu, 6 Apr 2006 13:59:19 +0700 (NOVST) (envelope-from slava-iv@yandex.ru) Message-ID: <002601c65947$981d6090$4d00a8c0@andrey> From: =?iso-8859-1?B?Pz8/Pz8=?= To: References: <443165D7.5040005@freebsdbrasil.com.br><20060404102525.GA1248@tin.it><44327011.8040801@freebsdbrasil.com.br><20060404143452.GA2932@tin.it><44328659.8010102@freebsdbrasil.com.br> <20060404150120.GA3159@tin.it> Date: Thu, 6 Apr 2006 13:59:04 +0700 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Antivirus: Dr.Web (R) for Mail Servers on sovsib.sovsib host X-Antivirus-Code: 100000 Cc: Subject: fwd & established rules X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Apr 2006 06:59:26 -0000 Hi all! I am using ipfw2 rules and FreeBSD 6.0. Rule fwd xxx.xxx.xxx.xxx ip from yyy.yyy.yyy.yyy to not yyy.yyy.yyy.0/16 is not working if it is following after rule allow tcp from any to any established Why it so? Best regards! From owner-freebsd-ipfw@FreeBSD.ORG Fri Apr 7 17:58:17 2006 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 32B2A16A400 for ; Fri, 7 Apr 2006 17:58:17 +0000 (UTC) (envelope-from lists@jnielsen.net) Received: from ns1.jnielsen.net (ns1.jnielsen.net [69.55.238.237]) by mx1.FreeBSD.org (Postfix) with ESMTP id E4A9343D46 for ; Fri, 7 Apr 2006 17:58:16 +0000 (GMT) (envelope-from lists@jnielsen.net) Received: from localhost (jn@ns1 [69.55.238.237]) (authenticated bits=0) by ns1.jnielsen.net (8.12.9p2/8.12.9) with ESMTP id k37HwEVP055585 for ; Fri, 7 Apr 2006 10:58:16 -0700 (PDT) (envelope-from lists@jnielsen.net) From: John Nielsen To: ipfw@freebsd.org Date: Fri, 7 Apr 2006 13:57:27 -0400 User-Agent: KMail/1.9.1 X-Face: #X5#Y*q>F:]zT!DegL3z5Xo'^MN[$8k\[4^3rN~wm=s=Uw(sW}R?3b^*f1Wu*. X-Virus-Scanned: ClamAV version 0.88, clamav-milter version 0.87 on ns1.jnielsen.net X-Virus-Status: Clean Cc: Subject: Notes on using dummynet with if_bridge X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Apr 2006 17:58:17 -0000 I spent some time yesterday figuring out how to use dummynet and if_bridge (on a FreeBSD 6.x system) together to create a standalone rate-limiting device for simulating various types of links. I had some trouble and started to write a message asking for guidance, but was able to solve my problem as a result of describing it clearly. So I'm posting my setup as a reference for anyone else in the same situation. (I admit to being self-serving by doing so, since I'll inevitably want this information again in the future when I don't have access to the system I'm working on currently.) Comments are welcome but not needed (i.e. "it works"). ### From the kernel config: options IPFIREWALL options DUMMYNET ### From /boot/loader.conf: if_bridge_load="YES" ### From /etc/sysctl.conf net.inet.ip.fw.one_pass=0 net.link.bridge.ipfw=1 # values below are defaults, included for reference #net.inet.ip.fw.enable=1 #net.link.ether.ipfw=0 #net.link.bridge.pfil_member=0 #net.link.bridge.pfil_bridge=0 #net.link.bridge.pfil_onlyip=0 ### From /etc/rc.conf: ifconfig_rl0="DHCP" # Admin interface ifconfig_fxp0="up" # "Client" side ifconfig_xl0="up" # "Server" side cloned_interfaces="bridge0" ifconfig_bridge0="addm fxp0 addm xl0 up" firewall_enable="YES" firewall_script="/etc/rc.firewall.jcn" ### /etc/rc.firewall.jcn #!/bin/sh ipfw -q /etc/ipfw.conf ### /etc/ipfw.conf # flush old rules, queues and pipes. flush queue flush pipe flush # server->clients pipe 1 config bw 30Kbit/s delay 150 mask dst-ip 0xffffffff # clients->server pipe 2 config bw 30Kbit/s delay 150 mask src-ip 0xffffffff # Localhost add allow all from any to any via lo0 add deny all from any to 127.0.0.0/8 add deny all from 127.0.0.0/8 to any # Admin interface add skipto 60000 all from any to any via rl0 # server->clients add pipe 1 all from any to any out recv xl0 add skipto 60000 all from any to any out recv xl0 # clients->server add pipe 2 all from any to any out xmit xl0 add skipto 60000 all from any to any out xmit xl0 # Allow everything through add 60000 allow all from any to any ### Simple, no? :) JN