From owner-freebsd-isp@FreeBSD.ORG Sun Sep 24 05:42:49 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B40316A407 for ; Sun, 24 Sep 2006 05:42:49 +0000 (UTC) (envelope-from corwin@aeternal.net) Received: from amber.aeternal.net (amber.aeternal.net [212.232.17.148]) by mx1.FreeBSD.org (Postfix) with ESMTP id 96A1043D6D for ; Sun, 24 Sep 2006 05:42:48 +0000 (GMT) (envelope-from corwin@aeternal.net) Received: from localhost (localhost.aeternal.net [127.0.0.1]) by amber.aeternal.net (Postfix) with ESMTP id DB3D2B9CE; Sun, 24 Sep 2006 07:42:46 +0200 (CEST) X-Virus-Scanned: by amavisd-new at aeternal.net Received: from amber.aeternal.net ([127.0.0.1]) by localhost (amber.aeternal.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WNP6a7HSKB2k; Sun, 24 Sep 2006 07:42:46 +0200 (CEST) Received: from [127.0.0.1] (chello089173027168.chello.sk [89.173.27.168]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by amber.aeternal.net (Postfix) with ESMTP id 24FFCB984; Sun, 24 Sep 2006 07:42:46 +0200 (CEST) Message-ID: <45161AD4.8070500@aeternal.net> Date: Sun, 24 Sep 2006 07:42:44 +0200 From: Martin Hudec User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: Dave Kingsley References: <20060921232238.12681.qmail@web58411.mail.re3.yahoo.com> In-Reply-To: <20060921232238.12681.qmail@web58411.mail.re3.yahoo.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: DNS - Postfix X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: corwin@aeternal.net List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Sep 2006 05:42:49 -0000 Hello Dave, Dave Kingsley wrote: > Our DNS server coughed a major hairball and our > postfix based email setup suddenly stopped working. > Here's our setup: > smtp server w/postfix also serving amavis w/sophie > imap server w/postfix mail store authentication via > LDAP > > Our problem seemd to be centered around MX records.?! > > What do I need to post (file chuncks, etc.) to aid > getting help? First of all, if this issue seems to be related to MX, though you seem not to be sure, just use: dig @server domain.tld -t mx where server is the server(s) from /etc/resolv.conf and domain.tld is free to choose. Nevertheless so far we do not have enough information to pinpoint the root cause. And as such we are just guessing. Some questions that need to be answered: 1.) what exactly stopped to work? relaying, delivering, fetching? 2.) what say the logs? 3.) are there any firewalls on the way? if yes, were they reconfigured (as to stop either dns or mail traffic)? 5.) what is that hairball coughed by your dns? 4.) setup postfix to do debug, try to send mail and check logs? debug can be set by debug_peer_level (verbosity) and debug_peer_list (ip address for which verbosity will be increased). Martin From owner-freebsd-isp@FreeBSD.ORG Mon Sep 25 22:42:53 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9690E16A403 for ; Mon, 25 Sep 2006 22:42:53 +0000 (UTC) (envelope-from daniel@readytechnology.co.uk) Received: from th4.trendhosting.net (th4.trendhosting.net [195.8.117.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F93843D69 for ; Mon, 25 Sep 2006 22:42:52 +0000 (GMT) (envelope-from daniel@readytechnology.co.uk) Received: from localhost (localhost [127.0.0.1]) by th4.trendhosting.net (Postfix) with ESMTP id 332C31461CF for ; Mon, 25 Sep 2006 23:42:51 +0100 (BST) Received: from th4.trendhosting.net ([127.0.0.1]) by localhost (th4 [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 24667-02-3 for ; Mon, 25 Sep 2006 23:42:50 +0100 (BST) Received: from [82.70.93.201] (82-70-93-201.dsl.in-addr.zen.co.uk [82.70.93.201]) by th4.trendhosting.net (Postfix) with ESMTP id 0288A1461CC for ; Mon, 25 Sep 2006 23:42:49 +0100 (BST) Message-ID: <45185B6B.7080108@readytechnology.co.uk> Date: Mon, 25 Sep 2006 23:42:51 +0100 From: Daniel Pocock User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13) Gecko/20060620 Debian/1.7.13-0.2 X-Accept-Language: en MIME-Version: 1.0 To: freebsd-isp@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: L2TP server support? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Sep 2006 22:42:53 -0000 Hi, I've been looking at the L2TP server support in FreeBSD. So far, I've found the following: sl2tps mpd + some patch - L2TP patch documented in German l2tpd - marked as broken Given that the mpd patch was not in ports, and was only documented in German, and that l2tpd was marked broken, I though I would try sl2tps. However, when trying to connect from l2tpd on Linux, the FreeBSD box logs the following and rejects the attempt: "processing failed on mandatory AVP" After a few attempts, the sl2tps process stops responding to any L2TP packets. Even killing the process and starting it again doesn't help - I have to completely reboot the FreeBSD box, which suggests there is a fault in the kernel code. Can someone please advise the preferred way of running a stable L2TP server on FreeBSD? Which version of FreeBSD and which daemon? We are aiming to terminate 100+ concurrent tunnels from a variety of client devices. Regards, Daniel r2# sl2tps -D debug: starting subsystem "curconf" debug: starting subsystem "pidfile" debug: creating pidfile "/var/run/sl2tps.pid" debug: starting subsystem "error_log" notice: process 567 server started Segmentation fault (core dumped) r2# sl2tps -D info: waiting for connections... debug: starting subsystem "curconf" debug: starting subsystem "pidfile" debug: creating pidfile "/var/run/sl2tps.pid" debug: starting subsystem "error_log" notice: process 568 server started info: [xxxx:1701]: rec'd SCCRQ in state idle info: [xxxx:1701]: connected to "h1", version=1.0 info: [xxxx:1701]: rec'd SCCCN in state wait-ctl-conn info: [xxxx:1701]: rec'd ICRQ in state established info: [xxxx:1701]: call #0: rec'd CDN in state wait-connect info: call from [xxxx:1701] terminated: result=2 error=6 errmsg="processing failed on mandatory AVP" From owner-freebsd-isp@FreeBSD.ORG Tue Sep 26 14:46:29 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A37BD16A407 for ; Tue, 26 Sep 2006 14:46:29 +0000 (UTC) (envelope-from mark@gaiahost.coop) Received: from biodiesel.gaiahost.coop (biodiesel.gaiahost.coop [64.95.78.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5FD3543D4C for ; Tue, 26 Sep 2006 14:46:29 +0000 (GMT) (envelope-from mark@gaiahost.coop) Received: from gaiahost.coop (host-64-65-195-19.spr.choiceone.net [::ffff:64.65.195.19]) (AUTH: LOGIN mark@hubcapconsulting.com) by biodiesel.gaiahost.coop with esmtp; Tue, 26 Sep 2006 10:46:25 -0400 id 007940C3.45193D42.000043A0 Received: by gaiahost.coop (sSMTP sendmail emulation); Tue, 26 Sep 2006 10:46:32 -0400 Date: Tue, 26 Sep 2006 10:46:32 -0400 From: Mark Bucciarelli To: freebsd-isp@freebsd.org Message-ID: <20060926144632.GV3064@rabbit> Mail-Followup-To: freebsd-isp@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Subject: restricted shell X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Sep 2006 14:46:29 -0000 I'm looking into using ibsh as a restricted shell for ssh access to virtual host containers. For the most part, our customers are trustworthy and for us ibsh strikes a nice balance between security, complexity and functionality. I've looked at rbash, ondir and chroot ssh (and a post from Theo that says chroot ssh is not worth the effort). I see ibsh is vulnerable to programs that can spawn their own shells (like vim and emacs). I am assuming there is a way to disable this features from both editors. Customers will want an editor. Can folks here suggest other ways I might try to crack ibsh? What vulnerabilities can you imagine? Thanks, m From owner-freebsd-isp@FreeBSD.ORG Wed Sep 27 05:29:40 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 71E4416A407 for ; Wed, 27 Sep 2006 05:29:40 +0000 (UTC) (envelope-from mail@vickysh.wlink.com.np) Received: from krishna.wlink.com.np (krishna.wlink.com.np [202.79.32.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 71C5A43D88 for ; Wed, 27 Sep 2006 05:29:27 +0000 (GMT) (envelope-from mail@vickysh.wlink.com.np) Received: from [202.166.212.72] (unknown [202.166.212.72]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by krishna.wlink.com.np (Postfix) with ESMTP id 49892625F6; Wed, 27 Sep 2006 11:14:18 +0545 (NPT) Message-ID: <451A0C2D.1020605@vickysh.wlink.com.np> Date: Wed, 27 Sep 2006 11:14:17 +0545 From: Vicky Shrestha User-Agent: Thunderbird 1.5.0.5 (X11/20060803) MIME-Version: 1.0 To: Daniel Pocock References: <45185B6B.7080108@readytechnology.co.uk> In-Reply-To: <45185B6B.7080108@readytechnology.co.uk> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: L2TP server support? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: mail@vickysh.wlink.com.np List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2006 05:29:40 -0000 Hi, We have been using sl2tps in FreeBSD. Except for a few unknown crashes during OS boot its working fine. Only few users are using the L2TP and we have moved to OpenVPN. We are using FreeBSD 5.4-STABLE and sl2tps-0.4. Daniel Pocock wrote: > > > Hi, > > I've been looking at the L2TP server support in FreeBSD. > > So far, I've found the following: > > sl2tps > > mpd + some patch - L2TP patch documented in German > > l2tpd - marked as broken > > Given that the mpd patch was not in ports, and was only documented in > German, and that l2tpd was marked broken, I though I would try sl2tps. > > However, when trying to connect from l2tpd on Linux, the FreeBSD box > logs the following and rejects the attempt: "processing failed on > mandatory AVP" > > After a few attempts, the sl2tps process stops responding to any L2TP > packets. Even killing the process and starting it again doesn't help - > I have to completely reboot the FreeBSD box, which suggests there is a > fault in the kernel code. > > Can someone please advise the preferred way of running a stable L2TP > server on FreeBSD? Which version of FreeBSD and which daemon? We are > aiming to terminate 100+ concurrent tunnels from a variety of client > devices. > > Regards, > > Daniel > > > r2# sl2tps -D > debug: starting subsystem "curconf" > debug: starting subsystem "pidfile" > debug: creating pidfile "/var/run/sl2tps.pid" > debug: starting subsystem "error_log" > notice: process 567 server started > Segmentation fault (core dumped) > > r2# sl2tps -D > info: waiting for connections... > debug: starting subsystem "curconf" > debug: starting subsystem "pidfile" > debug: creating pidfile "/var/run/sl2tps.pid" > debug: starting subsystem "error_log" > notice: process 568 server started > info: [xxxx:1701]: rec'd SCCRQ in state idle > info: [xxxx:1701]: connected to "h1", version=1.0 > info: [xxxx:1701]: rec'd SCCCN in state wait-ctl-conn > info: [xxxx:1701]: rec'd ICRQ in state established > info: [xxxx:1701]: call #0: rec'd CDN in state wait-connect > info: call from [xxxx:1701] terminated: result=2 error=6 > errmsg="processing failed on mandatory AVP" > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > From owner-freebsd-isp@FreeBSD.ORG Wed Sep 27 12:12:35 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5DBFC16A40F for ; Wed, 27 Sep 2006 12:12:35 +0000 (UTC) (envelope-from root@evunix.uevora.pt) Received: from evunix.uevora.pt (evunix.uevora.pt [193.136.216.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0021543D8C for ; Wed, 27 Sep 2006 12:12:28 +0000 (GMT) (envelope-from root@evunix.uevora.pt) Received: from evunix.uevora.pt (localhost [127.0.0.1]) by evunix.uevora.pt (8.13.8/8.13.8/Debian-2) with ESMTP id k8RCCOpk026174 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Wed, 27 Sep 2006 13:12:24 +0100 Received: (from root@localhost) by evunix.uevora.pt (8.13.8/8.13.8/Submit) id k8RCCNib026170; Wed, 27 Sep 2006 13:12:23 +0100 Date: Wed, 27 Sep 2006 13:12:23 +0100 Message-Id: <200609271212.k8RCCNib026170@evunix.uevora.pt> To: freebsd-isp@freebsd.org References: <200609271212.k8RCC6Za025773@evunix.uevora.pt> In-Reply-To: <200609271212.k8RCC6Za025773@evunix.uevora.pt> From: "Serviço de Computação" X-Virus-Scan: Message Blocked Subject: A SUA MENSAGEM FOI BLOQUEADA X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2006 12:12:35 -0000 Caro utilizador o e-mail que enviou foi BLOQUEADO. MOTIVO: Message file/filetype blocked. Certos nomes ou tipos de ficheiros não são permitidos devido a serem usados para difundir Vírus. ---------- Parte dos Headers da Mensagem ---------- From: freebsd-isp@freebsd.org To: mafm@evunix.uevora.pt Subject: hi Date: Wed, 27 Sep 2006 13:12:09 +0100 for ; Wed, 27 Sep 2006 13:12:09 +0100 --------------------------------------------------- /var/tmp/emailscan26142/attachment/game_xxo.txt .pif: MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit /var/tmp/emailscan26142/attachment/game_xxo.txtXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pif: MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit From owner-freebsd-isp@FreeBSD.ORG Wed Sep 27 20:43:10 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9142016A412 for ; Wed, 27 Sep 2006 20:43:10 +0000 (UTC) (envelope-from akachler@telcom.net) Received: from mail.telcom.net (mail.telcom.net [200.62.2.251]) by mx1.FreeBSD.org (Postfix) with ESMTP id 460B443D73 for ; Wed, 27 Sep 2006 20:43:07 +0000 (GMT) (envelope-from akachler@telcom.net) Received: from [127.0.0.1] (adsl-8-187-70.mia.bellsouth.net [65.8.187.70]) by mail.telcom.net (8.13.6/8.13.6) with ESMTP id k8RKk5dq001486 for ; Wed, 27 Sep 2006 16:46:07 -0400 Message-ID: <451AE254.3050603@telcom.net> Date: Wed, 27 Sep 2006 16:43:00 -0400 From: Arie Kachler Organization: Telcom.Net User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: freebsd-isp@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: pf/altq X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: akachler@telcom.net List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2006 20:43:10 -0000 Hello, We need to replace our bandwidth management solution because it's not working properly anymore. Does anybody have experience with pf/altq in high traffic production environments. We expect to run 100Mbps through each pf/altq box. Man pages don't show shortcomings one may experience in real life. Any real life experiences you can share will be greatly appreciated. Arie Kachler From owner-freebsd-isp@FreeBSD.ORG Wed Sep 27 20:56:45 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 98E5E16A416 for ; Wed, 27 Sep 2006 20:56:45 +0000 (UTC) (envelope-from ormandj@corenode.com) Received: from zone2.corenode.com (zone2.corenode.com [66.91.129.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id CDBDE43D5A for ; Wed, 27 Sep 2006 20:56:44 +0000 (GMT) (envelope-from ormandj@corenode.com) Received: from corenode.com ([127.0.0.1]) by zone2.corenode.com (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) with ESMTP id <0J69000FPRKS0N10@zone2.corenode.com> for freebsd-isp@freebsd.org; Wed, 27 Sep 2006 10:58:04 -1000 (HST) Received: from [66.91.129.182] by zone2.corenode.com (mshttpd); Wed, 27 Sep 2006 10:58:04 -1000 Date: Wed, 27 Sep 2006 10:58:04 -1000 From: "David J. Orman" In-reply-to: <451AE254.3050603@telcom.net> To: akachler@telcom.net Message-id: MIME-version: 1.0 X-Mailer: Sun Java(tm) System Messenger Express 6.2-6.01 (built Apr 3 2006) Content-type: text/plain; charset=us-ascii Content-language: en Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: en Priority: normal References: <451AE254.3050603@telcom.net> Cc: freebsd-isp@freebsd.org Subject: Re: pf/altq X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2006 20:56:45 -0000 I've dealt with that much traffic without issue. It all depends on the *type* of traffic though. If you get some really extensive rules going (expensive CPU-wise type rules) you might run into issues depending on the processing power of the machine. Also, your pps could be wildly different than mine, even at the same 100Mbps rate. We ended up moving to a dedicated router for reliability reasons, *not* the incapacity of FreeBSD to handle the traffic with PF/ALTQ. At 100Mbps, I don't think you will have any issues. Testing against simulated load like your real load is the only way you're going to know for sure, though - so I hesitate to say "It'll work great!" We were doing transparent filtering (over bridged adapters) with somewhat complex rulesets, for a web-server farm, on 100Mbps, utilizing 80Mbps consistantly. We used altq to prioritize http traffic over everything else. Cheers, David ----- Original Message ----- From: Arie Kachler Date: Wednesday, September 27, 2006 10:45 am Subject: pf/altq To: freebsd-isp@freebsd.org > Hello, > > We need to replace our bandwidth management solution because it's > not > working properly anymore. > Does anybody have experience with pf/altq in high traffic > production > environments. We expect to run 100Mbps through each pf/altq box. > Man pages don't show shortcomings one may experience in real life. > > Any real life experiences you can share will be greatly appreciated. > > Arie Kachler > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Wed Sep 27 21:25:00 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8EACC16A657 for ; Wed, 27 Sep 2006 21:25:00 +0000 (UTC) (envelope-from akachler@telcom.net) Received: from mail.telcom.net (mail.telcom.net [200.62.2.251]) by mx1.FreeBSD.org (Postfix) with ESMTP id 91C4C43DE7 for ; Wed, 27 Sep 2006 21:22:32 +0000 (GMT) (envelope-from akachler@telcom.net) Received: from [127.0.0.1] (adsl-8-187-70.mia.bellsouth.net [65.8.187.70]) by mail.telcom.net (8.13.6/8.13.6) with ESMTP id k8RLPPWU002095; Wed, 27 Sep 2006 17:25:27 -0400 Message-ID: <451AEB8A.20501@telcom.net> Date: Wed, 27 Sep 2006 17:22:18 -0400 From: Arie Kachler Organization: Telcom.Net User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: "David J. Orman" References: <451AE254.3050603@telcom.net> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-isp@freebsd.org Subject: Re: pf/altq X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: akachler@telcom.net List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2006 21:25:00 -0000 Thank you for your response David. We basically need to limit the bandwidth of each one of our customers based on what they have contracted. Some customers have simple, mostly web traffic, while some others have very complex patterns with lots of DNS/mail/web/ssh/etc. But your telling me that sustained 80Mbps is possible tells me that it is a robust system. We haven't even started testing, but your response gives us the confidence to at least spend the time testing. Thanks again David. David J. Orman wrote: > I've dealt with that much traffic without issue. It all depends on the *type* of traffic though. If you get some really extensive rules going (expensive CPU-wise type rules) you might run into issues depending on the processing power of the machine. Also, your pps could be wildly different than mine, even at the same 100Mbps rate. We ended up moving to a dedicated router for reliability reasons, *not* the incapacity of FreeBSD to handle the traffic with PF/ALTQ. > > At 100Mbps, I don't think you will have any issues. Testing against simulated load like your real load is the only way you're going to know for sure, though - so I hesitate to say "It'll work great!" > > We were doing transparent filtering (over bridged adapters) with somewhat complex rulesets, for a web-server farm, on 100Mbps, utilizing 80Mbps consistantly. We used altq to prioritize http traffic over everything else. > > Cheers, > David > > ----- Original Message ----- > From: Arie Kachler > Date: Wednesday, September 27, 2006 10:45 am > Subject: pf/altq > To: freebsd-isp@freebsd.org > > >> Hello, >> >> We need to replace our bandwidth management solution because it's >> not >> working properly anymore. >> Does anybody have experience with pf/altq in high traffic >> production >> environments. We expect to run 100Mbps through each pf/altq box. >> Man pages don't show shortcomings one may experience in real life. >> >> Any real life experiences you can share will be greatly appreciated. >> >> Arie Kachler >> >> >> _______________________________________________ >> freebsd-isp@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-isp >> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >> >> > > > . > > From owner-freebsd-isp@FreeBSD.ORG Wed Sep 27 21:30:35 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 715D816A6E6 for ; Wed, 27 Sep 2006 21:30:35 +0000 (UTC) (envelope-from ormandj@corenode.com) Received: from zone2.corenode.com (zone2.corenode.com [66.91.129.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9CA2343E16 for ; Wed, 27 Sep 2006 21:29:33 +0000 (GMT) (envelope-from ormandj@corenode.com) Received: from corenode.com ([127.0.0.1]) by zone2.corenode.com (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) with ESMTP id <0J69000GLT2Q0N10@zone2.corenode.com> for freebsd-isp@freebsd.org; Wed, 27 Sep 2006 11:30:26 -1000 (HST) Received: from [66.91.129.182] by zone2.corenode.com (mshttpd); Wed, 27 Sep 2006 11:30:26 -1000 Date: Wed, 27 Sep 2006 11:30:26 -1000 From: "David J. Orman" In-reply-to: <451AEB8A.20501@telcom.net> To: akachler@telcom.net Message-id: MIME-version: 1.0 X-Mailer: Sun Java(tm) System Messenger Express 6.2-6.01 (built Apr 3 2006) Content-type: text/plain; charset=us-ascii Content-language: en Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: en Priority: normal References: <451AE254.3050603@telcom.net> <451AEB8A.20501@telcom.net> Cc: freebsd-isp@freebsd.org Subject: Re: pf/altq X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2006 21:30:35 -0000 > Thank you for your response David. > We basically need to limit the bandwidth of each one of our > customers > based on what they have contracted. Some customers have simple, > mostly > web traffic, while some others have very complex patterns with lots > of > DNS/mail/web/ssh/etc. >From what you are describing, it sounds doable with decent hardware. It's certainly worth a shot, pf/altq is fairly easy to work with, and shouldn't take you more than a few hours to get FreeBSD installed, the network configured, the rules in place, and the traffic shaping going. Tons of howtos all over the net. I used the OpenBSD documentation on PF to get myself going, from what I remember. > But your telling me that sustained 80Mbps is possible tells me that > it > is a robust system. Like most things coming from the OpenBSD project, I think "robust" accurate describes it. I just had issues with hardware reliability, I couldn't do N+1 redundancy on all parts like I can with hardware routers. BGP/etc was also a mess to work with, so for my situation it was better to go the HW route. That said, I did very much like the flexibility of having a general purpose machine/OS - it allowed me to do some creative things that I might be limited on with the pure HW solutions from the likes of Cisco/Juniper/etc. > We haven't even started testing, but your response gives us the > confidence to at least spend the time testing. Great! I don't think you'll be disappointed. :) > Thanks again David. Anytime! Cheers, David From owner-freebsd-isp@FreeBSD.ORG Thu Sep 28 09:09:35 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E68F16A4B3 for ; Thu, 28 Sep 2006 09:09:35 +0000 (UTC) (envelope-from jmoscins@lemon.ia.polsl.gliwice.pl) Received: from lemon.ia.polsl.gliwice.pl (lemon.ia.polsl.gliwice.pl [157.158.13.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B1F943D4C for ; Thu, 28 Sep 2006 09:09:33 +0000 (GMT) (envelope-from jmoscins@lemon.ia.polsl.gliwice.pl) Received: from lemon.ia.polsl.gliwice.pl (localhost [127.0.0.1]) by lemon.ia.polsl.gliwice.pl (8.13.4/linuxconf) with ESMTP id k8S99VqJ015868 for ; Thu, 28 Sep 2006 11:09:31 +0200 Received: (from jmoscins@localhost) by lemon.ia.polsl.gliwice.pl (8.13.4/8.13.1/Submit) id k8S99VEH015867; Thu, 28 Sep 2006 11:09:31 +0200 Date: Thu, 28 Sep 2006 11:09:31 +0200 Message-Id: <200609280909.k8S99VEH015867@lemon.ia.polsl.gliwice.pl> From: "Jerzy Moscinski" To: freebsd-isp@freebsd.org X-AskVersion: 2.5.0 (http://www.paganini.net/ask) X-ASK-Auth: 1159434571-347765ab36a8b74f6733798e3e0d56d8 Precedence: bulk Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit In-Reply-To: <200609280909.k8S99QCs015862@lemon.ia.polsl.gliwice.pl> Subject: Please confirm (conf#9fdcb339ae5e1fd1b1c0f8a4080844b6) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2006 09:09:35 -0000 This is an automated anti-spam filter. Your e-mail to "Jerzy Moscinski" has not been delivered and awaits your confirmation. If you really want your original e-mail to be delivered please hit "Reply" and send this (!!!) automated message back. ---------- Otrzymujesz te informacje poniewaz przeslales e-mail do Jurka Moscinskiego. Twoj e-mail zostal tymczasowo zatrzymany przez filtr antyspamowy. Jesli chcesz, aby Twoj e-mail do Jurka Moscinskiego zostal dostarczony, kliknij "Reply" lub "Odpowiedz" i odeslij ten (!!!) e-mail. This email account is protected by: Active Spam Killer (ASK) V2.5.0 - (C) 2001-2002 by Marco Paganini For more information visit http://www.paganini.net/ask --- Original Message Follows --- From: freebsd-isp@freebsd.org To: jmoscinski@ia.polsl.gliwice.pl Subject: Re: Re: my product Date: Thu, 28 Sep 2006 11:09:32 +0200 (Original message truncated) From owner-freebsd-isp@FreeBSD.ORG Thu Sep 28 12:21:35 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3F2AE16A4A7 for ; Thu, 28 Sep 2006 12:21:35 +0000 (UTC) (envelope-from filin@bsd.by) Received: from mx1.cybernet.by (mx1.cybernet.by [195.222.70.246]) by mx1.FreeBSD.org (Postfix) with ESMTP id 993DC43D72 for ; Thu, 28 Sep 2006 12:21:34 +0000 (GMT) (envelope-from filin@bsd.by) Received: from mx1.cybernet.by (mx1.cybernet.by [127.0.0.4]) by mx1.cybernet.by (Postfix) with ESMTP id 60D283C1016 for ; Thu, 28 Sep 2006 15:17:39 +0300 (EEST) Received: by mx1.cybernet.by (Postfix, from userid 58) id 37AA13C0EE5; Thu, 28 Sep 2006 15:17:39 +0300 (EEST) X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on mx1.cybernet.by X-Spam-Level: X-Spam-Status: No, score=-2.5 required=8.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.1.1 Received: from XMAN (ns1.4enet.by [194.158.195.131]) by mx1.cybernet.by (Postfix) with ESMTP id CDDA03C06A3 for ; Thu, 28 Sep 2006 15:17:33 +0300 (EEST) Date: Thu, 28 Sep 2006 15:21:18 +0300 From: =?windows-1251?B?wujy4Ovo6SDH4PHo7O7i6Pc=?= X-Mailer: The Bat! (v3.80.06) Professional Organization: BSD.by X-Priority: 3 (Normal) Message-ID: <1655948308.20060928152118@bsd.by> To: freebsd-isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP on mx1.cybernet.by X-Mailman-Approved-At: Thu, 28 Sep 2006 12:28:54 +0000 Subject: L2TP client X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: =?windows-1251?B?wujy4Ovo6SDH4PHo7O7i6Pc=?= List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2006 12:21:35 -0000 Hi Plz who know any L2tp client for Freebsd ? -- Best regards, Vitali V. Zasimovich BSD.by Team. E-mail: filin@bsd.by Minsk, Republic of Belarus http://bsd.by From owner-freebsd-isp@FreeBSD.ORG Thu Sep 28 16:07:04 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 22FB716A412 for ; Thu, 28 Sep 2006 16:07:04 +0000 (UTC) (envelope-from ovidiue@unixware.ro) Received: from elgreco.hmdnsgroup.com (elgreco.hmdnsgroup.com [63.247.135.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 40F3843D49 for ; Thu, 28 Sep 2006 16:07:01 +0000 (GMT) (envelope-from ovidiue@unixware.ro) Received: from [88.158.148.79] (port=1694 helo=unixware.ro) by elgreco.hmdnsgroup.com with esmtpa (Exim 4.52) id 1GSyPb-0002ws-L3; Thu, 28 Sep 2006 12:06:59 -0400 Message-ID: <451C00A0.7090103@unixware.ro> Date: Thu, 28 Sep 2006 19:04:32 +0200 From: ovidiu ene User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 To: akachler@telcom.net References: <451AE254.3050603@telcom.net> In-Reply-To: <451AE254.3050603@telcom.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-HMDNSGroup-MailScanner-Information: Please contact the ISP for more information X-HMDNSGroup-MailScanner-SpamCheck: X-HMDNSGroup-MailScanner-From: ovidiue@unixware.ro X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - elgreco.hmdnsgroup.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] X-AntiAbuse: Sender Address Domain - unixware.ro X-Source: X-Source-Args: X-Source-Dir: Cc: freebsd-isp@freebsd.org Subject: Re: pf/altq X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2006 16:07:04 -0000 Hello Arie We are using pf with altq for a router with 10 mbits Internet connection, to share internet for more than 1000 users and it works fine. Users are connected to the router using a pppoe server, which also works fine. The problem is that we use HFSC algorytm on altq, which is a liner algoritm and will not work fine for thousands of queues. We did not find a way to cap CBQ per user. Give us more details... about your infrastructure you are thinking of. If you plan to use high bandwidth with not many queues, hfsc altq works great. Best regards ovidiu Arie Kachler wrote: > Hello, > > We need to replace our bandwidth management solution because it's not > working properly anymore. > Does anybody have experience with pf/altq in high traffic production > environments. We expect to run 100Mbps through each pf/altq box. > Man pages don't show shortcomings one may experience in real life. > > Any real life experiences you can share will be greatly appreciated. > > Arie Kachler > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Fri Sep 29 15:39:18 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 76E7F16A412 for ; Fri, 29 Sep 2006 15:39:18 +0000 (UTC) (envelope-from ovidiue@unixware.ro) Received: from elgreco.hmdnsgroup.com (elgreco.hmdnsgroup.com [63.247.135.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2775643D7C for ; Fri, 29 Sep 2006 15:39:13 +0000 (GMT) (envelope-from ovidiue@unixware.ro) Received: from [88.158.148.79] (port=1766 helo=unixware.ro) by elgreco.hmdnsgroup.com with esmtpa (Exim 4.52) id 1GTKSL-0000CT-1C for freebsd-isp@freebsd.org; Fri, 29 Sep 2006 11:39:17 -0400 Message-ID: <451D4B8F.7080605@unixware.ro> Date: Fri, 29 Sep 2006 18:36:31 +0200 From: ovidiu ene User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-isp@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-HMDNSGroup-MailScanner-Information: Please contact the ISP for more information X-HMDNSGroup-MailScanner-SpamCheck: X-HMDNSGroup-MailScanner-From: ovidiue@unixware.ro X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - elgreco.hmdnsgroup.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] X-AntiAbuse: Sender Address Domain - unixware.ro X-Source: X-Source-Args: X-Source-Dir: Subject: MPD pppoe access concentrator name and service name X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Sep 2006 15:39:18 -0000 I've been trying for a while to setup a mpd pppoe server to have a access concentrator name and a service name and is not working. I understand that access concentrator name is given by hostname, but what about service name? I've used pppoe server for a year now and at service name i have * wildcard. If i use set pppoe service "test" instead of "*" after i start mpd, from a windows client i cannot see the service. Any ideea howto fix that? I've googled for a while without success. Best Regards ovidiu From owner-freebsd-isp@FreeBSD.ORG Fri Sep 29 19:26:01 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C052B16A531 for ; Fri, 29 Sep 2006 19:26:01 +0000 (UTC) (envelope-from lists@yazzy.org) Received: from mx1.yazzy.org (mx1.yazzy.org [84.247.145.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7D56C43E22 for ; Fri, 29 Sep 2006 19:25:43 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from gw.yazzy.net ([81.175.12.222] helo=lapdance.yazzy.net) by mx1.yazzy.org with esmtp (YazzY.org) id 1GTNzK-0004qP-M4; Fri, 29 Sep 2006 21:25:37 +0200 From: Marcin Jessa Organization: YazzY.org To: freebsd-isp@freebsd.org Date: Fri, 29 Sep 2006 21:23:00 +0200 User-Agent: KMail/1.9.3 References: <451D4B8F.7080605@unixware.ro> In-Reply-To: <451D4B8F.7080605@unixware.ro> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200609292123.01583.lists@yazzy.org> X-Spam-Score: -2.6 (--) Cc: ovidiu ene Subject: Re: MPD pppoe access concentrator name and service name X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: lists@yazzy.org List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Sep 2006 19:26:01 -0000 On Friday 29 September 2006 18:36, ovidiu ene wrote: > I've been trying for a while to setup a mpd pppoe server to have a > access concentrator name and a service name and is not working. > I understand that access concentrator name is given by hostname, but > what about service name? You can give the native PPPoE a try. man(8) pppoed explains how to do it. Take a look at this example: pppoed_flags="-d -P /var/run/pppoed.pid -a "yazzy.org" -l "default" " > I've used pppoe server for a year now and at service name i have * > wildcard. If i use set pppoe service "test" instead of "*" after i start > mpd, from a windows client i cannot see the service. Any ideea howto fix > that? I've googled for a while without success. AFAIR you can tell windows what service name to chose. There is also a free pppoe client - http://www.raspppoe.com/ which you can use to "browse" your network for pppoe broadcast packets. From owner-freebsd-isp@FreeBSD.ORG Fri Sep 29 20:02:58 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BC36D16A47B for ; Fri, 29 Sep 2006 20:02:58 +0000 (UTC) (envelope-from ovidiue@unixware.ro) Received: from elgreco.hmdnsgroup.com (elgreco.hmdnsgroup.com [63.247.135.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id CBF6A43D45 for ; Fri, 29 Sep 2006 20:02:57 +0000 (GMT) (envelope-from ovidiue@unixware.ro) Received: from [88.158.99.2] (port=54107 helo=unixware.ro) by elgreco.hmdnsgroup.com with esmtpa (Exim 4.52) id 1GTOZR-0002I9-OS; Fri, 29 Sep 2006 16:02:54 -0400 Message-ID: <451D8953.6090805@unixware.ro> Date: Fri, 29 Sep 2006 23:00:03 +0200 From: ovidiu ene User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 To: lists@yazzy.org References: <451D4B8F.7080605@unixware.ro> <200609292123.01583.lists@yazzy.org> In-Reply-To: <200609292123.01583.lists@yazzy.org> X-HMDNSGroup-MailScanner-Information: Please contact the ISP for more information X-HMDNSGroup-MailScanner-SpamCheck: X-HMDNSGroup-MailScanner-From: ovidiue@unixware.ro X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - elgreco.hmdnsgroup.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] X-AntiAbuse: Sender Address Domain - unixware.ro X-Source: X-Source-Args: X-Source-Dir: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-isp@freebsd.org Subject: Re: MPD pppoe access concentrator name and service name X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Sep 2006 20:02:58 -0000 Marcin Jessa wrote: >On Friday 29 September 2006 18:36, ovidiu ene wrote: > > >>I've been trying for a while to setup a mpd pppoe server to have a >>access concentrator name and a service name and is not working. >>I understand that access concentrator name is given by hostname, but >>what about service name? >> >> > >You can give the native PPPoE a try. >man(8) pppoed explains how to do it. Take a look at this example: >pppoed_flags="-d -P /var/run/pppoed.pid -a "yazzy.org" -l "default" " > > > I've been using pppoed in the past but i've migrated to mpd because i had problem with broken pppoe clients from lan which break pppoed server, making pppoe server unusable. > > >>I've used pppoe server for a year now and at service name i have * >>wildcard. If i use set pppoe service "test" instead of "*" after i start >>mpd, from a windows client i cannot see the service. Any ideea howto fix >>that? I've googled for a while without success. >> >> > >AFAIR you can tell windows what service name to chose. There is also a free >pppoe client - http://www.raspppoe.com/ which you can use to "browse" your >network for pppoe broadcast packets. > > > Yes, I'm using rasppoe on client side but if instead of "*" service I assign a name to the service, raspppoe is unable to find the pppoe service. This is a tcpdump for 2 situations: with "*" as service name in mpd and with an assigned name instead of "*" this is the case with a service name 1. 22:41:09.081502 PPPoE PADI [Service-Name] [Host-Uniq 0x5253504500000000E0D3063307E4C601] this is the case with "*" service name (working version) 1. 22:47:18.170867 PPPoE PADI [Service-Name] [Host-Uniq 0x5253504500000000609A050F08E4C601] 2. 22:47:18.175976 PPPoE PADO [AC-Name "wanna"] [Service-Name] [Service-Name "*"] [Host-Uniq 0x5253504500000000609A050F08E4C601] [AC-Cookie 0x006942C6] The problem with * is that if i have 2 pppoe servers, users connects randomly to one or other server, I want some of customers to go to a server, some to other, that's why I don't want to use * >_______________________________________________ >freebsd-isp@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-isp >To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > > From owner-freebsd-isp@FreeBSD.ORG Sat Sep 30 20:06:41 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9112916A403 for ; Sat, 30 Sep 2006 20:06:41 +0000 (UTC) (envelope-from catalin.curcanu@gmail.com) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.231]) by mx1.FreeBSD.org (Postfix) with ESMTP id B433243D49 for ; Sat, 30 Sep 2006 20:06:39 +0000 (GMT) (envelope-from catalin.curcanu@gmail.com) Received: by wx-out-0506.google.com with SMTP id i27so1287264wxd for ; Sat, 30 Sep 2006 13:06:39 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=nnFi2g1/nyew0jWf/tzF6Go1i5DCAxMx6a6g6Q9OUAdH9qd+8y6BB7jQVnbhNAnz49y99uvc6rWUMep3HDq/9Yz82yc2+B4yi3dXXawOvXmP2InCD/DOvofQ58QhaRoTKTaOqb6CV+1geyeiB8O9QMKKzHl1l96TN3OstdYMdRw= Received: by 10.90.25.3 with SMTP id 3mr1216209agy; Sat, 30 Sep 2006 13:06:38 -0700 (PDT) Received: by 10.90.115.18 with HTTP; Sat, 30 Sep 2006 13:06:38 -0700 (PDT) Message-ID: <4f4ba40e0609301306w2f21fba8x8f39dd2746be5eec@mail.gmail.com> Date: Sat, 30 Sep 2006 13:06:38 -0700 From: "Catalin Ioan CURCANU" To: freebsd-isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Scalability of a pppoe server. X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Sep 2006 20:06:41 -0000 Hello I'm doing administration on a FO network backbone from a campus network connecting 16 buildings, having ~ 3000users. Internet access bandwidth alocated by the provider is 20Mbps. In this moment, all connected locations are routed to internet throught local PCbased routers so the broadcast and collision domains are limited to the buildings connected. I'm intending to do some changes into the network so my further plan is to give internet access using a single box with a pppoe server, but I have some concerns about it. If someone have a real experience with pppoe in a production environment please give me some advices about: 1. How scalable is a pppoe server with 3000 users and how much of hardware resources eats in general. (CPU+physical memory) 2. All data from connected LANs would be trasported to pppoe server throught VLANs. Which would be the posibility of anyone from a connected location of doing a man in the middle attack and gather passwords from its local area network using arp poisoning? if that's possible, are there any methods that eliminates the effects on a such attack? Thank you in advance! Catalin Ioan I. CURCANU