From owner-freebsd-isp@FreeBSD.ORG Mon Dec 11 03:36:02 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1458516A492 for ; Mon, 11 Dec 2006 03:36:02 +0000 (UTC) (envelope-from ccowart@hal.rescomp.berkeley.edu) Received: from rescomp.berkeley.edu (keyserver.Rescomp.Berkeley.EDU [169.229.70.167]) by mx1.FreeBSD.org (Postfix) with ESMTP id E596B43CA5 for ; Mon, 11 Dec 2006 03:34:47 +0000 (GMT) (envelope-from ccowart@hal.rescomp.berkeley.edu) Received: by rescomp.berkeley.edu (Postfix, from userid 1225) id B1EC35B771; Sun, 10 Dec 2006 19:36:01 -0800 (PST) Date: Sun, 10 Dec 2006 19:36:01 -0800 From: Christopher Cowart To: freebsd-isp@freebsd.org Message-ID: <20061211033601.GG13567@rescomp.berkeley.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="xs+9IvWevLaxKUtW" Content-Disposition: inline User-Agent: Mutt/1.5.9i Subject: Multihomed router with NAT X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Dec 2006 03:36:02 -0000 --xs+9IvWevLaxKUtW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello, I posted this to freebsd-questions last week, but didn't receive any responses. I'm hoping this more focused group will be able to help. I'm working on a router that acts as a captive portal and transparent http proxy for unregistered or disabled hosts that plug in to our network. The router has a public administrative interface on em0,=20 192.168.100.10/24. The router has a physically seperate interface,=20 192.168.200.10/24 on vlan200 using em1, for the NAT clients. The router also has the interface vlan100 on em1 with the address 10.100.0.1/16. The "captured" machines are assigned addresses on the 10.100/16 subnet. The router's firewall allows certain http traffic through the NAT, such as windows updates. All other http requests are forwarded through an instance of squid to an apache instance. The system's default route is configured on the administrative interface, via 192.168.100.1. My firewall includes the rule: $cmd 0013 divert natd ip from not me to any via vlan200 The NAT does not work. From a "captured" machine, I am able to ping both 192.168.200.10 and the gateway 192.168.200.1, but nothing off-subnet. We suspect the packets leaving the NAT, tagged with source-address 192.168.200.10 are being routed via the system's default route at 192.168.100.1. The router is dropping these packets on the floor, because the source address doesn't match the subnet it's routing. This theory is further supported by the fact that if I configured the NAT interface on the 192.168.100.10/24 subnet, everything works fine. Is it possible to tell the system to use a different default route based on the source address of the packet? We want to keep the administrative interface on a separate subnet from the client traffic. I tried using an ipfw fwd rule: $cmd 0014 fwd 192.168.200.1 ip from 192.168.200.10 to not \ 192.168.200.10/24 But this had no effect. Any suggestions would be greatly appreciated. Thanks, --=20 Chris Cowart Unix Systems Administrator Residential Computing, UC Berkeley "May all your pushes be popped" --xs+9IvWevLaxKUtW Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFFfNIhV3SOqjnqPh0RAglLAJ40hKloUqF9LeeUVhgok0IxSlPt2ACdG8Ag vScYYptQG5HpreSVcC1djjE= =uVmE -----END PGP SIGNATURE----- --xs+9IvWevLaxKUtW-- From owner-freebsd-isp@FreeBSD.ORG Mon Dec 11 12:12:00 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6EF5316A403 for ; Mon, 11 Dec 2006 12:12:00 +0000 (UTC) (envelope-from janasamit@wlink.com.np) Received: from smtp7.wlink.com.np (smtp7.wlink.com.np [202.79.32.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id 76F5443C9D for ; Mon, 11 Dec 2006 12:10:43 +0000 (GMT) (envelope-from janasamit@wlink.com.np) Received: from sameat.wlink.com.np (unknown [202.79.36.215]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp7.wlink.com.np (Postfix) with ESMTP id A5F1E5C1D for ; Mon, 11 Dec 2006 18:09:48 +0545 (NPT) From: Samit Jana Organization: WorldLink Communication Pvt. Ltd. To: freebsd-isp@freebsd.org Date: Mon, 11 Dec 2006 18:01:03 +0545 User-Agent: KMail/1.9.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200612111801.03438.janasamit@wlink.com.np> Subject: Problem implementing vlan on release 6.1 amd64 X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Dec 2006 12:12:00 -0000 Hi, I am stuck making VLAN operational in FreeBSD 6.1-RELEASE , amd64. The same type config working beautifully over a year in FreeBSD 4.10-RELEASE. It looks like although ifconfig has created the virtual interfaces but the kernel doesn't have vlan support at all. While i do tcpdump on real and virtual interface I don't see any incoming packets either and my Catalyst 2950 port (both on trunk and access mode) also doesn't learn the mac of the NIC card. Any help or tips appreciated. -- With regards, Samit From owner-freebsd-isp@FreeBSD.ORG Mon Dec 11 12:25:37 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 00D8016A40F for ; Mon, 11 Dec 2006 12:25:37 +0000 (UTC) (envelope-from robert@guldan.demon.nl) Received: from post-26.mail.nl.demon.net (post-26.mail.nl.demon.net [194.159.73.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9CA8E43CA2 for ; Mon, 11 Dec 2006 12:24:18 +0000 (GMT) (envelope-from robert@guldan.demon.nl) Received: from guldan-dsl.demon.nl ([83.160.7.100]:55769) by post-26.mail.nl.demon.net with esmtp (Exim 4.51) id 1GtkDt-000828-HM for freebsd-isp@freebsd.org; Mon, 11 Dec 2006 12:25:33 +0000 Received: from bombur.guldan.demon.nl ([192.168.201.3] helo=localhost) by guldan-dsl.demon.nl with esmtp (Exim 4.62 (FreeBSD)) (envelope-from ) id 1GtkDm-0005YN-13; Mon, 11 Dec 2006 13:25:32 +0100 Date: Mon, 11 Dec 2006 13:25:21 +0100 From: Robert Blacquiere To: freebsd-isp@freebsd.org Message-ID: <20061211122521.GV84104@bombur.guldan.demon.nl> References: <200612111801.03438.janasamit@wlink.com.np> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200612111801.03438.janasamit@wlink.com.np> User-Agent: Mutt/1.4.1i X-Disclaimer: running FreeBSD X-SA-Exim-Connect-IP: 192.168.201.3 X-SA-Exim-Mail-From: robert@guldan.demon.nl X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on mail.guldan.demon.nl X-Spam-Level: X-Spam-Status: No, score=-1.4 required=5.0 tests=ALL_TRUSTED autolearn=failed version=3.1.3 X-SA-Exim-Version: 4.2 X-SA-Exim-Scanned: Yes (on guldan-dsl.demon.nl) Subject: Re: Problem implementing vlan on release 6.1 amd64 X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Dec 2006 12:25:37 -0000 On Mon, Dec 11, 2006 at 06:01:03PM +0545, Samit Jana wrote: > Hi, > > I am stuck making VLAN operational in FreeBSD 6.1-RELEASE , amd64. The same > type config working beautifully over a year in FreeBSD 4.10-RELEASE. It looks > like although ifconfig has created the virtual interfaces but the kernel > doesn't have vlan support at all. While i do tcpdump on real and virtual > interface I don't see any incoming packets either and my Catalyst 2950 port > (both on trunk and access mode) also doesn't learn the mac of the NIC card. Please give us a bit more info: ifconfig output etc. Maybe the master interface isn't up? Robert -- Microsoft: Where do you want to go today? Linux: Where do you want to go tomorrow? FreeBSD: Are you guys coming or what? OpenBSD: Hey guys you left some holes out there! From owner-freebsd-isp@FreeBSD.ORG Mon Dec 11 16:28:20 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 48AD516A525 for ; Mon, 11 Dec 2006 16:28:20 +0000 (UTC) (envelope-from fcash@ocis.net) Received: from smtp.sd73.bc.ca (smtp.sd73.bc.ca [142.24.13.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0467A43CD3 for ; Mon, 11 Dec 2006 16:26:46 +0000 (GMT) (envelope-from fcash@ocis.net) Received: from localhost (localhost [127.0.0.1]) by localhost.sd73.bc.ca (Postfix) with ESMTP id C0B501A000B2D for ; Mon, 11 Dec 2006 08:28:01 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at smtp.sd73.bc.ca Received: from smtp.sd73.bc.ca ([127.0.0.1]) by localhost (smtp.sd73.bc.ca [127.0.0.1]) (amavisd-new, port 10024) with LMTP id arHmYHODUSEI for ; Mon, 11 Dec 2006 08:27:51 -0800 (PST) Received: from s10.sbo (s10.sbo [192.168.0.10]) by smtp.sd73.bc.ca (Postfix) with ESMTP id 576351A0007CC for ; Mon, 11 Dec 2006 08:27:51 -0800 (PST) From: Freddie Cash To: freebsd-isp@freebsd.org Date: Mon, 11 Dec 2006 08:27:49 -0800 User-Agent: KMail/1.9.5 References: <200612111801.03438.janasamit@wlink.com.np> In-Reply-To: <200612111801.03438.janasamit@wlink.com.np> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200612110827.49866.fcash@ocis.net> Subject: Re: Problem implementing vlan on release 6.1 amd64 X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Dec 2006 16:28:20 -0000 On Monday 11 December 2006 04:16 am, Samit Jana wrote: > I am stuck making VLAN operational in FreeBSD 6.1-RELEASE , amd64. The > same type config working beautifully over a year in FreeBSD > 4.10-RELEASE. It looks like although ifconfig has created the virtual > interfaces but the kernel doesn't have vlan support at all. While i do > tcpdump on real and virtual interface I don't see any incoming packets > either and my Catalyst 2950 port (both on trunk and access mode) also > doesn't learn the mac of the NIC card. > > Any help or tips appreciated. The process we used to create our vLAN interfaces: ifconfig bge0 up ifconfig vlan100 create ifconfig vlan100 inet 10.0.0.1/24 vlan 100 vlandev bge0 The first line brings the parent interface up and establishes the connection to the switch. The second line create the vlan100 interface. The number can be anything you want, so long as it is unique for all vlan interfaces. The third line configures the IP on the vlan100 interface, sets the vlan number (to tag the packets with) and associates it with the parent interface. Any packets you route through vlan100 will have the vlan 100 tag added/removed as needed. The lines needed in /etc/rc.conf to automate this are: cloned_interfaces="vlan100" ifconfig_bge0="up" ifconfig_vlan100="inet 10.0.0.1/24 vlan 100 vlandev bge0" See the ifconfig(8) and rc.conf(5) man pages, and the comments in /etc/defaults/rc.conf for more info. -- Freddie Cash fcash@ocis.net From owner-freebsd-isp@FreeBSD.ORG Thu Dec 14 08:58:21 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8245116A47C for ; Thu, 14 Dec 2006 08:58:21 +0000 (UTC) (envelope-from matthews@greengenes.cit.cornell.edu) Received: from greengenes.cit.cornell.edu (greengenes.cit.cornell.edu [128.253.246.43]) by mx1.FreeBSD.org (Postfix) with ESMTP id BE2E743CAD for ; Thu, 14 Dec 2006 08:56:46 +0000 (GMT) (envelope-from matthews@greengenes.cit.cornell.edu) Received: from greengenes.cit.cornell.edu (localhost [127.0.0.1]) by greengenes.cit.cornell.edu (8.12.10/8.12.9) with ESMTP id kBE8wI5Z009679 for ; Thu, 14 Dec 2006 03:58:18 -0500 (EST) Received: (from matthews@localhost) by greengenes.cit.cornell.edu (8.12.10/8.12.9/Submit) id kBE8wIld009678 for freebsd-isp@freebsd.org; Thu, 14 Dec 2006 03:58:18 -0500 (EST) Date: Thu, 14 Dec 2006 03:58:18 -0500 (EST) Message-Id: <200612140858.kBE8wIld009678@greengenes.cit.cornell.edu> To: freebsd-isp@freebsd.org Auto-Submitted: auto-replied X-Mailer: vacation 1.46 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 From: matthews@greengenes.cit.cornell.edu (via the vacation program) Subject: away from my mail X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 08:58:21 -0000 Hi! Thanks for your message titled "Word document". I will be out of town until Thursday December 14 and will have limited access to email till I get home. For questions about GrainGenes in the interim please contact the other curators, curator@pw.usda.gov. Your message will be saved for me to read on my return. best regards, - Dave From owner-freebsd-isp@FreeBSD.ORG Sat Dec 16 19:06:04 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2E7FC16A49E for ; Sat, 16 Dec 2006 19:06:04 +0000 (UTC) (envelope-from jtweed@kismetsouls.com) Received: from kismetsouls.com (dfd234.neoplus.adsl.tpnet.pl [83.23.133.234]) by mx1.FreeBSD.org (Postfix) with SMTP id 68A5943CAA for ; Sat, 16 Dec 2006 19:05:57 +0000 (GMT) (envelope-from jtweed@kismetsouls.com) Message-ID: <001701c7214c$bc9b3d70$06a07e94@staleczka> From: "Glenna Barker" To: "freebsd-isp" Date: Sat, 16 Dec 2006 19:59:46 +0100 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2969 Subject: New Rumor On Wall Street X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Dec 2006 19:06:04 -0000 get in early and build a position Want to Turbocharge Your Portfolio? Under The Radar Equity Alert _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ New Breed of Equity Trader Apparel Manufacturing Associates, Inc. The Market's Pulse Symbol OTC : APPM Current Price : $0.06 perfect time to build a good position Huge news expected out on APPM, get in before the wire, We're taking it all the way to $1.00 Wall Street Micro News Report Watch it like a hawk and get in before the rush New Breed Equity Report About the Company We are a multifaceted management/development company concentrating on the world of Fashion and Music. Our affiliates and partners offer 4 decades of experience and recognized success in their respective fields. With offices in New York City, Miami and Zurich, we are in touch with the pulse of the "fashion forward". _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Investor's Insight Investment Idea our pick of the week - build a strong position