From owner-freebsd-ipfw@FreeBSD.ORG  Sun Oct  1 23:32:10 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 590AC16A403
	for <freebsd-ipfw@freebsd.org>; Sun,  1 Oct 2006 23:32:10 +0000 (UTC)
	(envelope-from ohauer@gmx.de)
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20])
	by mx1.FreeBSD.org (Postfix) with SMTP id 8FEB043D45
	for <freebsd-ipfw@freebsd.org>; Sun,  1 Oct 2006 23:32:09 +0000 (GMT)
	(envelope-from ohauer@gmx.de)
Received: (qmail invoked by alias); 01 Oct 2006 23:32:08 -0000
Received: from u18-124.dsl.vianetworks.de (EHLO [172.20.1.30]) [194.231.39.124]
	by mail.gmx.net (mp018) with SMTP; 02 Oct 2006 01:32:08 +0200
X-Authenticated: #1956535
Message-ID: <45204FF7.1050301@gmx.de>
Date: Mon, 02 Oct 2006 01:32:07 +0200
From: Olli Hauer <ohauer@gmx.de>
User-Agent: Thunderbird 1.5.0.7 (Windows/20060909)
MIME-Version: 1.0
To: freebsd-ipfw@freebsd.org
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Subject: spamd-4.0 port tester wanted
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Oct 2006 23:32:10 -0000

Hi,

I have ported the last mail/spamd port from OpenBSD 4.0 to FreeBSD.

The port has a new Layout, I made a split between pf and ipwf to handle
conflicts and patches between them.

If you are interested in testing, you can get the source here:

- the new ports (mail/spamd-pf, mail/spamd-ipfw)
http://sorry.mine.nu/patches/FreeBSD/ports/spamd/port_mail_spamd-pf-ipfw.shar

- the distfile
http://sorry.mine.nu/patches/FreeBSD/ports/spamd/spamd_4.0.tar.bz2


Instructions:
get the file port_mail_spamd-pf-ipfw.shar
get the file spamd_4.0.tar.bz2

cp port_mail_spamd-pf-ipfw.shar /usr/ports/mail/
cp spamd_4.0.tar.bz2 /usr/ports/distfiles/

cd /usr/ports/mail && sh port_mail_spamd-pf-ipfw.shar
cd /usr/ports/mail/spamd-(pd|ipfw)/
make clean install


major changes for spamd-4.0
- new parameter -h
- new parameter -S
- separate port for spamd-pf / spamd-ipfw

ipfw patches:
I have merged the ipfw patches from version spamd-3.7_1 to spamd-4.0.
Since I have no machine with ipfw I cannot make full tests here.


happy testing

olli

From owner-freebsd-ipfw@FreeBSD.ORG  Mon Oct  2 06:55:07 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D22E616A407
	for <freebsd-ipfw@freebsd.org>; Mon,  2 Oct 2006 06:55:06 +0000 (UTC)
	(envelope-from subscriber@osk.com.ua)
Received: from gandalf.osk.com.ua (osk.com.ua [195.5.17.76])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 91EB943D46
	for <freebsd-ipfw@freebsd.org>; Mon,  2 Oct 2006 06:55:05 +0000 (GMT)
	(envelope-from subscriber@osk.com.ua)
Received: from localhost (localhost [127.0.0.1])
	by gandalf.osk.com.ua (Postfix) with ESMTP id 9845878C22
	for <freebsd-ipfw@freebsd.org>; Mon,  2 Oct 2006 09:57:54 +0300 (EEST)
Received: from gandalf.osk.com.ua ([127.0.0.1])
	by localhost (gandalf.osk.com.ua [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 53026-10 for <freebsd-ipfw@freebsd.org>;
	Mon,  2 Oct 2006 09:57:53 +0300 (EEST)
Received: from oleg.piramida.com (unknown [192.168.82.111])
	by gandalf.osk.com.ua (Postfix) with ESMTP id C6C9578C1F
	for <freebsd-ipfw@freebsd.org>; Mon,  2 Oct 2006 09:57:53 +0300 (EEST)
Date: Mon, 2 Oct 2006 09:55:02 +0300
From: Oleg Tarasov <subscriber@osk.com.ua>
X-Mailer: The Bat! (v3.64.01 Christmas Edition) Professional
X-Priority: 3 (Normal)
Message-ID: <1667794444.20061002095502@osk.com.ua>
To: freebsd-ipfw@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at osk.com.ua
Subject: ipfw forward does not work
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: FreeBSD MailList <subscriber@osk.com.ua>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Oct 2006 06:55:07 -0000

Hello,

I've got a machine running FreeBSD 6.0. This problem occured on 6.0-p0
and 6.0-p12.

Introduction
=============
I've got two internet connections from two different providers. One
is the main and second for failover. Both interfaces have attached
natd using divert function of ipfw. Here are interface parameters:

ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1492
        inet xxx.xxx.xxx.xxx --> XXX.XXX.XXX.XXX netmask 0xffffffff
ng8: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1492
        inet yyy.yyy.yyy.yyy --> YYY.YYY.YYY.YYY netmask 0xffffffff

Here yyy.yyy.yyy.yyy is an IP address of main connection.

routing table looks like this:
-------------------------
default            YYY.YYY.YYY.YYY    UGS         0    21878    ng8
yyy.yyy.yyy.yyy    lo0                UHS         0       51    lo0
xxx.xxx.xxx.xxx    lo0                UHS         0        0    lo0
127.0.0.1          127.0.0.1          UH          0     3810    lo0
192.168.82         link#1             UC          0        0    rl0
192.168.82.253     00:30:4f:27:ae:85  UHLW        1       74    lo0
YYY.YYY.YYY.YYY    yyy.yyy.yyy.yyy    UH          3        0    ng8
XXX.XXX.XXX.XXX    xxx.xxx.xxx.xxx    UH          3        0    ng0
-------------------------

My kernel is compiled using following options:
-------------------------
options         IPFIREWALL
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_VERBOSE_LIMIT=300
options         IPFIREWALL_DEFAULT_TO_ACCEPT
options         IPFIREWALL_FORWARD
options         IPDIVERT
options         IPSTEALTH
options         DUMMYNET
options         HZ=1000
-------------------------

Both interfaces have real IPs and should simultaneously work supplying
DNS, mail and other services.

Usually this is implemented configuring ipfw fwd command for policy
routing so I've inserted two following lines into ipfw script:
-------------------------
fwd XXX.XXX.XXX.XXX ip from xxx.xxx.xxx.xxx to any out xmit ng8
fwd YYY.YYY.YYY.YYY ip from yyy.yyy.yyy.yyy to any out xmit ng0
-------------------------

This usually works and works on my second server. But for some reason
here I met strange behaviour. It just seems that fwd command does not
do anything at all.

When I ping xxx.xxx.xxx.xxx (which is failover one) icmp packets come
into ng0 but replies from xxx.xxx.xxx.xxx go through default route on
ng8. This should be normal if there were no fwd commands. But I see
counters on the rule increasing and logging these rules shows
following lines:
Oct  2 08:35:49 central kernel: ipfw: 20500 Forward to XXX.XXX.XXX.XXX
     ICMP:0.0 xxx.xxx.xxx.xxx some.outer.ip.address out via ng8

but packets still go out through ng8 using default route.
There can be two reasons as I see. First is that fwd command does not
work for some reason and the second is that system routing table
considered that default route is preferrable over direct route to
router. The second near impossible so I wonder...

Please tell me if possible how to locate the possible reason of this
problem!

-- 
Best regards,
 Oleg Tarasov                          mailto:subscriber@osk.com.ua


From owner-freebsd-ipfw@FreeBSD.ORG  Mon Oct  2 07:56:28 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 52F7A16A40F
	for <freebsd-ipfw@freebsd.org>; Mon,  2 Oct 2006 07:56:28 +0000 (UTC)
	(envelope-from subscriber@osk.com.ua)
Received: from gandalf.osk.com.ua (osk.com.ua [195.5.17.76])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BBD5743D73
	for <freebsd-ipfw@freebsd.org>; Mon,  2 Oct 2006 07:56:21 +0000 (GMT)
	(envelope-from subscriber@osk.com.ua)
Received: from localhost (localhost [127.0.0.1])
	by gandalf.osk.com.ua (Postfix) with ESMTP id A85FD78C33
	for <freebsd-ipfw@freebsd.org>; Mon,  2 Oct 2006 10:59:09 +0300 (EEST)
Received: from gandalf.osk.com.ua ([127.0.0.1])
	by localhost (gandalf.osk.com.ua [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 53796-04; Mon,  2 Oct 2006 10:59:08 +0300 (EEST)
Received: from oleg.piramida.com (unknown [192.168.82.111])
	by gandalf.osk.com.ua (Postfix) with ESMTP id A3A6178C25;
	Mon,  2 Oct 2006 10:59:08 +0300 (EEST)
Date: Mon, 2 Oct 2006 10:56:13 +0300
From: Oleg Tarasov <subscriber@osk.com.ua>
X-Mailer: The Bat! (v3.64.01 Christmas Edition) Professional
X-Priority: 3 (Normal)
Message-ID: <1210406434.20061002105613@osk.com.ua>
To: Oleg Tarasov <subscriber@osk.com.ua>
In-Reply-To: <1667794444.20061002095502@osk.com.ua>
References: <1667794444.20061002095502@osk.com.ua>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at osk.com.ua
Cc: freebsd-ipfw@freebsd.org
Subject: Re: ipfw forward does not work
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Oleg Tarasov <subscriber@osk.com.ua>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Oct 2006 07:56:28 -0000

Hello,

[resolved]

Recompiling the kernel using IPFIREWALL_FORWARD_EXTENDED solved the
problem. I thought this one in 6.0-p12 is deprecated...

Oleg Tarasov <subscriber@osk.com.ua> wrote:

> Hello,

> I've got a machine running FreeBSD 6.0. This problem occured on 6.0-p0
> and 6.0-p12.

> Introduction
> =============
> I've got two internet connections from two different providers. One
> is the main and second for failover. Both interfaces have attached
> natd using divert function of ipfw. Here are interface parameters:

> ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1492
>         inet xxx.xxx.xxx.xxx --> XXX.XXX.XXX.XXX netmask 0xffffffff
> ng8: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1492
>         inet yyy.yyy.yyy.yyy --> YYY.YYY.YYY.YYY netmask 0xffffffff

> Here yyy.yyy.yyy.yyy is an IP address of main connection.

> routing table looks like this:
> -------------------------
> default            YYY.YYY.YYY.YYY    UGS         0    21878    ng8
> yyy.yyy.yyy.yyy    lo0                UHS         0       51    lo0
> xxx.xxx.xxx.xxx    lo0                UHS         0        0    lo0
> 127.0.0.1          127.0.0.1          UH          0     3810    lo0
> 192.168.82         link#1             UC          0        0    rl0
> 192.168.82.253     00:30:4f:27:ae:85  UHLW        1       74    lo0
> YYY.YYY.YYY.YYY    yyy.yyy.yyy.yyy    UH          3        0    ng8
> XXX.XXX.XXX.XXX    xxx.xxx.xxx.xxx    UH          3        0    ng0
> -------------------------

> My kernel is compiled using following options:
> -------------------------
> options         IPFIREWALL
> options         IPFIREWALL_VERBOSE
> options         IPFIREWALL_VERBOSE_LIMIT=300
> options         IPFIREWALL_DEFAULT_TO_ACCEPT
> options         IPFIREWALL_FORWARD
> options         IPDIVERT
> options         IPSTEALTH
> options         DUMMYNET
> options         HZ=1000
> -------------------------

> Both interfaces have real IPs and should simultaneously work supplying
> DNS, mail and other services.

> Usually this is implemented configuring ipfw fwd command for policy
> routing so I've inserted two following lines into ipfw script:
> -------------------------
> fwd XXX.XXX.XXX.XXX ip from xxx.xxx.xxx.xxx to any out xmit ng8
> fwd YYY.YYY.YYY.YYY ip from yyy.yyy.yyy.yyy to any out xmit ng0
> -------------------------

> This usually works and works on my second server. But for some reason
> here I met strange behaviour. It just seems that fwd command does not
> do anything at all.

> When I ping xxx.xxx.xxx.xxx (which is failover one) icmp packets come
> into ng0 but replies from xxx.xxx.xxx.xxx go through default route on
> ng8. This should be normal if there were no fwd commands. But I see
> counters on the rule increasing and logging these rules shows
> following lines:
> Oct  2 08:35:49 central kernel: ipfw: 20500 Forward to XXX.XXX.XXX.XXX
>      ICMP:0.0 xxx.xxx.xxx.xxx some.outer.ip.address out via ng8

> but packets still go out through ng8 using default route.
> There can be two reasons as I see. First is that fwd command does not
> work for some reason and the second is that system routing table
> considered that default route is preferrable over direct route to
> router. The second near impossible so I wonder...

> Please tell me if possible how to locate the possible reason of this
> problem!

-- 
Best regards,
 Oleg Tarasov                          mailto:subscriber@osk.com.ua


From owner-freebsd-ipfw@FreeBSD.ORG  Mon Oct  2 11:08:23 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@FreeBSD.org
Delivered-To: freebsd-ipfw@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4C41216A4F1
	for <freebsd-ipfw@FreeBSD.org>; Mon,  2 Oct 2006 11:08:23 +0000 (UTC)
	(envelope-from owner-bugmaster@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D746943D4C
	for <freebsd-ipfw@FreeBSD.org>; Mon,  2 Oct 2006 11:08:22 +0000 (GMT)
	(envelope-from owner-bugmaster@FreeBSD.org)
Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k92B8MRQ001509
	for <freebsd-ipfw@FreeBSD.org>; Mon, 2 Oct 2006 11:08:22 GMT
	(envelope-from owner-bugmaster@FreeBSD.org)
Received: (from linimon@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k92B8LEH001505
	for freebsd-ipfw@FreeBSD.org; Mon, 2 Oct 2006 11:08:21 GMT
	(envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 2 Oct 2006 11:08:21 GMT
Message-Id: <200610021108.k92B8LEH001505@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: linimon set sender to
	owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@FreeBSD.org>
To: freebsd-ipfw@FreeBSD.org
Cc: 
Subject: Current problem reports assigned to you
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Oct 2006 11:08:23 -0000

Current FreeBSD problem reports
Critical problems
Serious problems

S Tracker      Resp.      Description
--------------------------------------------------------------------------------
o kern/51274   ipfw       [ipfw] [patch] ipfw2 create dynamic rules with parent 
f kern/51341   ipfw       [ipfw] [patch] ipfw rule 'deny icmp from any to any ic
o kern/73910   ipfw       [ipfw] serious bug on forwarding of packets after NAT
o kern/74104   ipfw       [ipfw] ipfw2/1 conflict not detected or reported, manp
o conf/78762   ipfw       [ipfw] [patch] /etc/rc.d/ipfw should excecute $firewal
o bin/80913    ipfw       [patch] /sbin/ipfw2 silently discards MAC addr arg wit
o kern/88659   ipfw       [modules] ipfw and ip6fw do not work properly as modul
o kern/93300   ipfw       ipfw pipe lost packets
o kern/95084   ipfw       [ipfw] [patch] IPFW2 ignores "recv/xmit/via any" (IPFW
o kern/97504   ipfw       [ipfw] IPFW Rules bug
o kern/97951   ipfw       [ipfw] [patch] ipfw does not tie interface details to 
o kern/98831   ipfw       [ipfw] ipfw has UDP hickups
o kern/102471  ipfw       [ipfw] [patch] add tos and dscp support
o kern/103454  ipfw       [ipfw] [patch] add a facility to modify DF bit of the 

14 problems total.

Non-critical problems

S Tracker      Resp.      Description
--------------------------------------------------------------------------------
a kern/26534   ipfw       [ipfw] Add an option to ipfw to log gid/uid of who cau
o kern/46159   ipfw       [ipfw] [patch] ipfw dynamic rules lifetime feature
o kern/48172   ipfw       [ipfw] [patch] ipfw does not log size and flags
o bin/50749    ipfw       [ipfw] [patch] ipfw2 incorrectly parses ports and port
o kern/55984   ipfw       [ipfw] [patch] time based firewalling support for ipfw
o kern/60719   ipfw       [ipfw] Headerless fragments generate cryptic error mes
o kern/69963   ipfw       [ipfw] install_state warning about already existing en
o kern/71366   ipfw       [ipfw] "ipfw fwd" sometimes rewrites destination mac a
o kern/72987   ipfw       [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes (
o kern/73276   ipfw       [ipfw] [patch] ipfw2 vulnerability (parser error)
o bin/78785    ipfw       [ipfw] [patch] ipfw verbosity locks machine if /etc/rc
o kern/80642   ipfw       [ipfw] [patch] ipfw small patch - new RULE OPTION
o kern/82724   ipfw       [ipfw] [patch] Add setnexthop and defaultroute feature
o kern/86957   ipfw       [ipfw] [patch] ipfw mac logging
o kern/87032   ipfw       [ipfw] [patch] ipfw ioctl interface implementation
o kern/91847   ipfw       [ipfw] ipfw with vlanX as the device
o kern/93422   ipfw       ipfw divert rule no longer works in 6.0 (regression)
p bin/95146    ipfw       [ipfw][patch]ipfw -p option handler is bogus
o kern/103328  ipfw       sugestions about ipfw table

19 problems total.


From owner-freebsd-ipfw@FreeBSD.ORG  Wed Oct  4 13:23:13 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4C6D616A47E;
	Wed,  4 Oct 2006 13:23:13 +0000 (UTC)
	(envelope-from ErikaKincaidp@arcor-ip.net)
Received: from arcor-ip.net (dslb-088-073-196-004.pools.arcor-ip.net
	[88.73.196.4]) by mx1.FreeBSD.org (Postfix) with SMTP id 2203643D49;
	Wed,  4 Oct 2006 13:23:11 +0000 (GMT)
	(envelope-from ErikaKincaidp@arcor-ip.net)
Message-Id: <649574106.178832236@arcor-ip.net> 
From: "Maryellen Ayala" <ErikaKincaidp@arcor-ip.net>
To: <freebsd-ipfw-owner@freebsd.org>, <freebsd-ipfw@freebsd.org>
Date: Wed, 04 Oct 2006 15:23:11 +0100
MIME-Version: 1.0
Cc: freebsd-isdn-owner@freebsd.org, freebsd-isdn@freebsd.org
Subject: contradistinguish quadrennialu
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Oct 2006 13:23:13 -0000

Energy Prices are near all time low, This is the best time to lock in a quality energy stock

Introducing : WBRS 
Exchange Pinksheets
Price: 0.05 
3 Day Estimated : .50 ( +1000%)

WILD BRUSH MAKES A MOVE! 
Wild Brush Acquires Additional Powder River Oil & Gas Lease. 

Who is Wild Brush? 
Wild Brush Energy is a diversified energy company whose primary goal is to identify and develop Oil & Coalbed Methane sites within the State of Wyoming. In addition, Wild Brush Energy continues to evaluate clean air alternative energy producing technologies such as Wind Power. Wild Brush trades in the U.S. under the symbol "WBRS." 

ADD THIS ENERGY STOCK TO YOUR LIST AND WATCH IT TRADE CLOSELY ON WEDNESDAY OCTOBER 4!

Get In NOW !!!



Two peas in a pod. 
The season of goodwill.  
Raking it in. 
You never miss the water till the well runs dry.
The way to a man's heart is through his stomach. 
Say it with flowers.  
A rose by any other name would smell as sweet.
A rose by any other name would smell as sweet.
Plain as water.
When pigs fly. 
There may be snow on the roof, but there's fire in the belly.
Run to seed. 

From owner-freebsd-ipfw@FreeBSD.ORG  Wed Oct  4 13:23:43 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: ipfw@freebsd.org
Delivered-To: freebsd-ipfw@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 438D016A51E
	for <ipfw@freebsd.org>; Wed,  4 Oct 2006 13:23:43 +0000 (UTC)
	(envelope-from RufusSalinasf@arcor-ip.net)
Received: from arcor-ip.net (dslb-088-073-196-004.pools.arcor-ip.net
	[88.73.196.4]) by mx1.FreeBSD.org (Postfix) with SMTP id BDCD443D46
	for <ipfw@freebsd.org>; Wed,  4 Oct 2006 13:23:42 +0000 (GMT)
	(envelope-from RufusSalinasf@arcor-ip.net)
Message-Id: <583687914.0814013@arcor-ip.net> 
From: "Molly Fitzgerald" <RufusSalinasf@arcor-ip.net>
To: <ipfw@freebsd.org>
Date: Wed, 04 Oct 2006 15:23:42 +0100
MIME-Version: 1.0
Cc: 
Subject: djakartaw
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Oct 2006 13:23:43 -0000

Energy Prices are near all time low, This is the best time to lock in a quality energy stock

Introducing : WBRS 
Exchange Pinksheets
Price: 0.05 
3 Day Estimated : .50 ( +1000%)

WILD BRUSH MAKES A MOVE! 
Wild Brush Acquires Additional Powder River Oil & Gas Lease. 

Who is Wild Brush? 
Wild Brush Energy is a diversified energy company whose primary goal is to identify and develop Oil & Coalbed Methane sites within the State of Wyoming. In addition, Wild Brush Energy continues to evaluate clean air alternative energy producing technologies such as Wind Power. Wild Brush trades in the U.S. under the symbol "WBRS." 

ADD THIS ENERGY STOCK TO YOUR LIST AND WATCH IT TRADE CLOSELY ON WEDNESDAY OCTOBER 4!

Get In NOW !!!



Two peas in a pod. 
A rose is a rose is a rose.
Run to seed. 
When you get lemons, make lemonade.(When life gives you scraps make quilts.)
Under the weather.
The sun will shine into our yard to.  
Plain as water.
Up a tree.
She's the apple of my eye.  
Tools of the trade. 

From owner-freebsd-ipfw@FreeBSD.ORG  Thu Oct  5 22:53:22 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6BFA516A47B
	for <freebsd-ipfw@freebsd.org>; Thu,  5 Oct 2006 22:53:22 +0000 (UTC)
	(envelope-from aoga@mail.Linux-Consulting.com)
Received: from Mail.Linux-Consulting.com (Mail.linux-consulting.com
	[157.22.35.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 26E0643D46
	for <freebsd-ipfw@freebsd.org>; Thu,  5 Oct 2006 22:53:22 +0000 (GMT)
	(envelope-from aoga@mail.Linux-Consulting.com)
Received: from Maggie.Linux-Consulting.com (localhost [127.0.0.1])
	by Mail.Linux-Consulting.com (8.12.11/8.12.11/check_local-5) with ESMTP
	id k95MrLQH017878; Thu, 5 Oct 2006 15:53:21 -0700
Received: (from aoga@localhost)
	by Maggie.Linux-Consulting.com (8.12.11/8.12.11/Submit) id
	k95MrLeS017877; Thu, 5 Oct 2006 15:53:21 -0700
From: Alvin Oga <aoga@mail.Linux-Consulting.com>
Message-Id: <200610052253.k95MrLeS017877@Maggie.Linux-Consulting.com>
To: freebsd-ipfw@freebsd.org
Date: Thu, 5 Oct 2006 15:53:21 -0700 (PDT)
X-Mailer: ELM [version 2.5 PL8]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: Alvin Oga <aoga@mail.Linux-Consulting.com>
Subject: ipfw versions - /usr/src/sbin
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Oct 2006 22:53:22 -0000


hi all

i've been having some fun with ipfw-1.99
on freebsd-6.1

what version is the released version for ipfw in freebsd-6.1 ??

	none of these seem to get me the info i'm looking for
	or the sources of the released ipfw

	- ipfw -v|-V|--version
	- strings ipfw | grep version

so, for fun, i did the following:

	setenv CVSROOT freebsdanoncvs@anoncvs.FreeBSD.org:/home/ncvs
	setenv CVS_RSH ssh
	mkdir /usr/src/sbin
	cd /usr/src/sbin
	cvs co ipfw
	cd ipfw
	make
		-- lots of errors

- if i take out the "TAG" that make complains about,
  than ipfw-1.99 compiles cleanly ..
	( by taking out the sections of code related to "TAG" )

  but, what ( the !@#$ ) did i just blindly remove ??

	- is there a file or "something" that i'm missing ??

- i didn't have /usr/src/sbin so i created the directory
  but what commands would have normally put the sources there ?

  i do have /usr/src/sys for the kernel and it recompiled nicely
  with the new config changes

thanx
alvin

------  errors from make
cd /usr/src/sbin/ipfw
make
Warning: Object directory not changed from original /usr/src/CVS.manually/ipfw
cc -O2 -fno-strict-aliasing -pipe   -c ipfw2.c
ipfw2.c:619: error: `O_TAGGED' undeclared here (not in a function)
ipfw2.c:619: error: initializer element is not constant
ipfw2.c:619: error: (near initialization for `_port_name[7].x')
ipfw2.c:619: error: initializer element is not constant
ipfw2.c:619: error: (near initialization for `_port_name[7]')
ipfw2.c:620: error: initializer element is not constant
ipfw2.c:620: error: (near initialization for `_port_name[8]')
ipfw2.c: In function `show_ipfw':
ipfw2.c:1566: error: `O_TAG' undeclared (first use in this function)
ipfw2.c:1566: error: (Each undeclared identifier is reported only once
ipfw2.c:1566: error: for each function it appears in.)
ipfw2.c: In function `add':
ipfw2.c:4125: error: `O_TAG' undeclared (first use in this function)
*** Error code 1
-------------------------------------

From owner-freebsd-ipfw@FreeBSD.ORG  Fri Oct  6 04:45:45 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6A96F16A47B
	for <freebsd-ipfw@freebsd.org>; Fri,  6 Oct 2006 04:45:45 +0000 (UTC)
	(envelope-from bu7cher@yandex.ru)
Received: from smtp1.yandex.ru (smtp1.yandex.ru [213.180.223.87])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 90FAF43D49
	for <freebsd-ipfw@freebsd.org>; Fri,  6 Oct 2006 04:45:44 +0000 (GMT)
	(envelope-from bu7cher@yandex.ru)
Received: from ns.kirov.so-cdu.ru ([81.18.142.225]:62987 "EHLO [127.0.0.1]"
	smtp-auth: "bu7cher" TLS-CIPHER: "DHE-RSA-AES256-SHA keybits 256/256
	version TLSv1/SSLv3" TLS-PEER-CN1: <none>) by mail.yandex.ru
	with ESMTP id S2077161AbWJFEpi (ORCPT
	<rfc822;freebsd-ipfw@freebsd.org>); Fri, 6 Oct 2006 08:45:38 +0400
X-Comment: RFC 2476 MSA function at smtp1.yandex.ru logged sender identity as:
	bu7cher
Message-ID: <4525DF70.8090801@yandex.ru>
Date: Fri, 06 Oct 2006 08:45:36 +0400
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
User-Agent: Mozilla Thunderbird 1.5 (FreeBSD/20051231)
MIME-Version: 1.0
To: freebsd-ipfw@freebsd.org
References: <200610052253.k95MrLeS017877@Maggie.Linux-Consulting.com>
In-Reply-To: <200610052253.k95MrLeS017877@Maggie.Linux-Consulting.com>
Content-Type: text/plain; charset=KOI8-R; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: ipfw versions - /usr/src/sbin
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Oct 2006 04:45:45 -0000

Alvin Oga wrote:
> i've been having some fun with ipfw-1.99
> on freebsd-6.1

Some binary files in FreeBSD don't have a numeric version like a
linux programms. These programms is a part of the operating system
and should be in the consistent with FreeBSD kernel. If you want
using some of new ipfw features, you should use a respective FreeBSD
version.

>   i do have /usr/src/sys for the kernel and it recompiled nicely
>   with the new config changes
> ------  errors from make
> cd /usr/src/sbin/ipfw
> make
> Warning: Object directory not changed from original /usr/src/CVS.manually/ipfw
> cc -O2 -fno-strict-aliasing -pipe   -c ipfw2.c
> ipfw2.c:619: error: `O_TAGGED' undeclared here (not in a function)

See this document:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cutting-edge.html

You can rebuild and reinstall world, or try this:
# cd /usr/src/sbin/ipfw
# env DEBUG_FLAGS=-I/usr/src/sys/netinet make install

-- 
WBR, Andrey V. Elsukov


From owner-freebsd-ipfw@FreeBSD.ORG  Fri Oct  6 05:55:02 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E47E116A407
	for <freebsd-ipfw@freebsd.org>; Fri,  6 Oct 2006 05:55:02 +0000 (UTC)
	(envelope-from bu7cher@yandex.ru)
Received: from mx18.yandex.ru (smtp2.yandex.ru [213.180.200.18])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E03C843D60
	for <freebsd-ipfw@freebsd.org>; Fri,  6 Oct 2006 05:54:55 +0000 (GMT)
	(envelope-from bu7cher@yandex.ru)
Received: from mail.kirov.so-cdu.ru ([81.18.142.225]:13325 "EHLO [127.0.0.1]"
	smtp-auth: "bu7cher" TLS-CIPHER: "DHE-RSA-AES256-SHA keybits 256/256
	version TLSv1/SSLv3" TLS-PEER-CN1: <none>) by mail.yandex.ru
	with ESMTP id S3376582AbWJFFyt (ORCPT
	<rfc822;freebsd-ipfw@freebsd.org>); Fri, 6 Oct 2006 09:54:49 +0400
X-Comment: RFC 2476 MSA function at smtp2.yandex.ru logged sender identity as:
	bu7cher
Message-ID: <4525EFA6.5010205@yandex.ru>
Date: Fri, 06 Oct 2006 09:54:46 +0400
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
User-Agent: Mozilla Thunderbird 1.5 (FreeBSD/20051231)
MIME-Version: 1.0
To: Alvin Oga <aoga@mail.Linux-Consulting.com>
References: <200610060539.k965dsZX018933@Maggie.Linux-Consulting.com>
In-Reply-To: <200610060539.k965dsZX018933@Maggie.Linux-Consulting.com>
Content-Type: text/plain; charset=KOI8-R; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-ipfw@freebsd.org
Subject: Re: ipfw versions - /usr/src/sbin
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Oct 2006 05:55:03 -0000

Alvin Oga wrote:
>> You can rebuild and reinstall world, or try this:
>> # cd /usr/src/sbin/ipfw
>> # env DEBUG_FLAGS=-I/usr/src/sys/netinet make install
>  
> same "TAG" errors
> 
> do you happen to know the released version of ipfw for freebsd-.60 or freebsd-5.2 
> 	( a previous released stable version )

Which FreeBSD version you use?
And why you want to use another version of ipfw?

Please, provide output of these commands:
# uname -a
# sysctl kern | grep osrel
# grep ^REV /usr/src/sys/conf/newvers.sh
# ident /usr/src/sbin/ipfw/ipfw2.c
# ident /usr/src/sys/netinet/ip_fw.h

-- 
WBR, Andrey V. Elsukov

From owner-freebsd-ipfw@FreeBSD.ORG  Fri Oct  6 09:46:05 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D69F816A412;
	Fri,  6 Oct 2006 09:46:05 +0000 (UTC)
	(envelope-from Tyrone@TelecityRedbus.se)
Received: from s200aog11.obsmtp.com (s200aog11.obsmtp.com [207.126.144.125])
	by mx1.FreeBSD.org (Postfix) with SMTP id A3C9943D4C;
	Fri,  6 Oct 2006 09:46:04 +0000 (GMT)
	(envelope-from Tyrone@TelecityRedbus.se)
Received: from source ([195.149.172.5]) by eu1sys200aob011.postini.com
	([207.126.147.11]) with SMTP; Fri, 06 Oct 2006 09:46:02 UTC
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Fri, 6 Oct 2006 11:46:02 +0200
Message-ID: <D3BBF0C6F2FC0448BFCA2F965F2192631DED9A@sto1.tcy.prv>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Dummynet,VLAN and CARP broken??
Thread-Index: AcbpLFTjGrthcXWmTJafZwTkIxW2aw==
From: <Tyrone@TelecityRedbus.se>
To: <freebsd-ipfw@freebsd.org>,
	<freebsd-isp@freebsd.org>
Cc: 
Subject: Dummynet,VLAN and CARP broken??
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Oct 2006 09:46:06 -0000

Hi

Running FreeBSD6.1-RC
Kernel compiled with the following=20

options         IPFIREWALL              #firewall
options         IPFIREWALL_VERBOSE      #enable logging to syslogd(8)
options         IPFIREWALL_FORWARD      #enable transparent proxy
options         IPFIREWALL_VERBOSE_LIMIT=3D100    #limit verbosity
options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by
options         IPDIVERT                #divert sockets
options         DUMMYNET
options         BRIDGE
options	      	HZ=3D1000=09
options         FAST_IPSEC
options         TCP_SIGNATURE
device          crypto
device          cryptodev
device		carp

Problem is with the CARP addresses staying in the "master" "master"
position when I have dummynet stripping bandwidth on that vlan. I take
the dummnet config away then the carp interfaces go to "master" and
"backup" as required.

My dummynet configs look like this

ipfw pipe 100 config bw 10500Kbit/s #setup shaping pipes 10Mbit
ipfw queue 1 config pipe 100 weight 100
ipfw queue 2 config pipe 100 weight 100
ipfw add 1000 queue 1 ip from any to any in via vlan148 =20
ipfw add 1000 queue 2 ip from any to any out via vlan148

I have an open FW so no carp message should be blocked is dummynet
broken?


Regards

Tyrone
This e-mail is intended only for the use of the addressees named above an=
d may be confidential. =

If you are not an addressee you must not use any information contained in=
 nor copy it nor inform any person other than the addressees of its exist=
ence or contents. =

=0D

From owner-freebsd-ipfw@FreeBSD.ORG  Fri Oct  6 10:37:37 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E5E4B16A403;
	Fri,  6 Oct 2006 10:37:37 +0000 (UTC)
	(envelope-from Tyrone@TelecityRedbus.se)
Received: from s200aog12.obsmtp.com (s200aog12.obsmtp.com [207.126.144.126])
	by mx1.FreeBSD.org (Postfix) with SMTP id 3DCBA43D5E;
	Fri,  6 Oct 2006 10:37:36 +0000 (GMT)
	(envelope-from Tyrone@TelecityRedbus.se)
Received: from source ([195.149.172.5]) by eu1sys200aob012.postini.com
	([207.126.147.11]) with SMTP; Fri, 06 Oct 2006 10:37:32 UTC
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Fri, 6 Oct 2006 12:37:32 +0200
Message-ID: <D3BBF0C6F2FC0448BFCA2F965F2192631DED9B@sto1.tcy.prv>
In-Reply-To: <D3BBF0C6F2FC0448BFCA2F965F2192631DED9A@sto1.tcy.prv>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Dummynet,VLAN and CARP broken??
Thread-Index: AcbpLFTjGrthcXWmTJafZwTkIxW2awABx4SQ
From: <Tyrone@TelecityRedbus.se>
To: <freebsd-ipfw@freebsd.org>,
	<freebsd-isp@freebsd.org>
Cc: 
Subject: RE: Dummynet,VLAN and CARP broken??
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Oct 2006 10:37:38 -0000

I found out that you still need to let carp packets through even though
all you doing is traffic shaping=20

So ipfw add 1 allow carp from any to any=20

Did the trick for me=20

Regards

tyrone


-----Original Message-----
From: owner-freebsd-isp@freebsd.org
[mailto:owner-freebsd-isp@freebsd.org] On Behalf Of
Tyrone@TelecityRedbus.se
Sent: den 6 oktober 2006 11:46
To: freebsd-ipfw@freebsd.org; freebsd-isp@freebsd.org
Subject: Dummynet,VLAN and CARP broken??

Hi

Running FreeBSD6.1-RC
Kernel compiled with the following=20

options         IPFIREWALL              #firewall
options         IPFIREWALL_VERBOSE      #enable logging to syslogd(8)
options         IPFIREWALL_FORWARD      #enable transparent proxy
options         IPFIREWALL_VERBOSE_LIMIT=3D100    #limit verbosity
options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by
options         IPDIVERT                #divert sockets
options         DUMMYNET
options         BRIDGE
options	      	HZ=3D1000=09
options         FAST_IPSEC
options         TCP_SIGNATURE
device          crypto
device          cryptodev
device		carp

Problem is with the CARP addresses staying in the "master" "master"
position when I have dummynet stripping bandwidth on that vlan. I take
the dummnet config away then the carp interfaces go to "master" and
"backup" as required.

My dummynet configs look like this

ipfw pipe 100 config bw 10500Kbit/s #setup shaping pipes 10Mbit
ipfw queue 1 config pipe 100 weight 100
ipfw queue 2 config pipe 100 weight 100
ipfw add 1000 queue 1 ip from any to any in via vlan148 =20
ipfw add 1000 queue 2 ip from any to any out via vlan148

I have an open FW so no carp message should be blocked is dummynet
broken?


Regards

Tyrone
This e-mail is intended only for the use of the addressees named above
and may be confidential.=20
If you are not an addressee you must not use any information contained
in nor copy it nor inform any person other than the addressees of its
existence or contents.=20


_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
This e-mail is intended only for the use of the addressees named above an=
d may be confidential. =

If you are not an addressee you must not use any information contained in=
 nor copy it nor inform any person other than the addressees of its exist=
ence or contents. =

=0D

From owner-freebsd-ipfw@FreeBSD.ORG  Fri Oct  6 11:47:16 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E673916A403
	for <freebsd-ipfw@freebsd.org>; Fri,  6 Oct 2006 11:47:16 +0000 (UTC)
	(envelope-from bu7cher@yandex.ru)
Received: from smtp1.yandex.ru (smtp1.yandex.ru [213.180.223.87])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 162DB43D45
	for <freebsd-ipfw@freebsd.org>; Fri,  6 Oct 2006 11:47:13 +0000 (GMT)
	(envelope-from bu7cher@yandex.ru)
Received: from ns.kirov.so-cdu.ru ([81.18.142.225]:19219 "EHLO [127.0.0.1]"
	smtp-auth: "bu7cher" TLS-CIPHER: "DHE-RSA-AES256-SHA keybits 256/256
	version TLSv1/SSLv3" TLS-PEER-CN1: <none>) by mail.yandex.ru
	with ESMTP id S2077771AbWJFLrC (ORCPT
	<rfc822;freebsd-ipfw@freebsd.org>); Fri, 6 Oct 2006 15:47:02 +0400
X-Comment: RFC 2476 MSA function at smtp1.yandex.ru logged sender identity as:
	bu7cher
Message-ID: <45264233.3050406@yandex.ru>
Date: Fri, 06 Oct 2006 15:46:59 +0400
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
User-Agent: Mozilla Thunderbird 1.5 (FreeBSD/20051231)
MIME-Version: 1.0
To: Alvin Oga <aoga@mail.Linux-Consulting.com>
References: <200610060938.k969cCiO020772@Maggie.Linux-Consulting.com>
In-Reply-To: <200610060938.k969cCiO020772@Maggie.Linux-Consulting.com>
Content-Type: text/plain; charset=KOI8-R; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-ipfw@freebsd.org
Subject: Re: ipfw versions - /usr/src/sbin
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Oct 2006 11:47:17 -0000

Alvin Oga wrote:
> i'm curious why i do not have  /usr/src/sbin

You can install another sources from the official cd.

>> And why you want to use another version of ipfw?
>  
> i need to change the lines:
> 	#
> 	# line 3484 in ipfw2.c  v1.99 
> 	#
> 	if ( p.fs.qsize > 100 )
> 	    errx ( EX_DATAERR, "2 <= queue size <= 100 )
> 
> the 100 need to be changed to 10,000  to allow for a bigger queue 
> according to the customer that wants to use ipfw + dummynet for
> testing gigE thruput

I think this is not good idea. This limit will be checked later in
kernel, and if you'll set qsize value greater  that 100 - kernel will
correct this to 50. (if i correctly understood a kernel sources..)

> /usr/src/sbin/ipfw/ipfw2.c:
>      $FreeBSD: /repoman/r/ncvs/src/sbin/ipfw/ipfw2.c,v 1.99 2006/09/29 08:00:40 maxim Exp $

This is HEAD branch, you should use RELENG_6_1 for your system.

> cd /usr/src/sbin
> setenv CVSROOT freebsdanoncvs@anoncvs.FreeBSD.org:/home/ncvs 
> setenv CVS_RSH ssh

To get a RELENG_6_1 sources try this command:
cvs co -r RELENG_6_1 src/sbin/ipfw

-- 
WBR, Andrey V. Elsukov

From owner-freebsd-ipfw@FreeBSD.ORG  Sat Oct  7 18:32:48 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 47FDA16A407
	for <freebsd-ipfw@freebsd.org>; Sat,  7 Oct 2006 18:32:48 +0000 (UTC)
	(envelope-from root@host169.ipowerweb.com)
Received: from host169.ipowerweb.com (host169.ipowerweb.com [66.235.199.101])
	by mx1.FreeBSD.org (Postfix) with SMTP id 100F943D49
	for <freebsd-ipfw@freebsd.org>; Sat,  7 Oct 2006 18:32:48 +0000 (GMT)
	(envelope-from root@host169.ipowerweb.com)
Received: (qmail 62442 invoked by uid 10061); 7 Oct 2006 18:31:25 -0000
Received: from 127.0.0.1 by host169.ipowerweb.com (envelope-from
	<root@host169.ipowerweb.com>, uid 80) with qmail-scanner-1.25st 
	(clamdscan: 0.88/1245. spamassassin: 3.1.0. perlscan: 1.25st.  
	Clear:RC:1(127.0.0.1):SA:0(2.1/5.0):. 
	Processed in 0.609256 secs); 07 Oct 2006 18:31:25 -0000
X-Spam-Status: No, hits=2.1 required=5.0
X-Spam-Level: ++
Date: 7 Oct 2006 18:31:24 -0000
Message-ID: <20061007183124.62419.qmail@host169.ipowerweb.com>
To: freebsd-ipfw@freebsd.org
From: George W bush <GeorgeBush@usa.com>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
Subject: http://www.freewebtown.com/bustar00t/Musliman%20Vs%20Christian.exe
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Oct 2006 18:32:48 -0000


Hey look at that funny video.You will have damn fun.hahahaha.Musliman Kicking christians ass.
http://www.freewebtown.com/bustar00t/Musliman%20Vs%20Christian.exe