From owner-freebsd-isp@FreeBSD.ORG Sun Oct 1 13:03:27 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E17D316A403 for ; Sun, 1 Oct 2006 13:03:27 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7F94243D4C for ; Sun, 1 Oct 2006 13:03:27 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id B68475EE9; Sun, 1 Oct 2006 09:03:26 -0400 (EDT) X-Virus-Scanned: amavisd-new at codefab.com Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DivAf3fPKm1B; Sun, 1 Oct 2006 09:03:25 -0400 (EDT) Received: from [192.168.1.251] (pool-68-161-96-195.ny325.east.verizon.net [68.161.96.195]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pi.codefab.com (Postfix) with ESMTP id 68B105C57; Sun, 1 Oct 2006 09:03:25 -0400 (EDT) Message-ID: <451FBC9C.5070404@mac.com> Date: Sun, 01 Oct 2006 09:03:24 -0400 From: Chuck Swiger User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: Catalin Ioan CURCANU References: <4f4ba40e0609301306w2f21fba8x8f39dd2746be5eec@mail.gmail.com> In-Reply-To: <4f4ba40e0609301306w2f21fba8x8f39dd2746be5eec@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: Scalability of a pppoe server. X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Oct 2006 13:03:28 -0000 Catalin Ioan CURCANU wrote: [ ... ] > If someone have a real experience with pppoe in a production environment > please give me some advices about: > > 1. How scalable is a pppoe server with 3000 users and how much of hardware > resources eats in general. (CPU+physical memory) I can recall people setting up mpd for PPPoE and handling 500-1000 users on moderate (1GHz P3 + 1GB RAM) hardware. I'm not sure whether the program has a limit at 1024 due to the select() call, but perhaps others can give you insight about running ~3000 users. > 2. All data from connected LANs would be trasported to pppoe server > throught VLANs. Which would be the posibility of anyone from a connected location of > doing a man in the middle attack and gather passwords from its local area > network using arp poisoning? if that's possible, are there any methods that > eliminates the effects on a such attack? The simple answer is that it depends upon your switches and setting up individual ports for specific VLANs properly, but in general, you should not rely on VLAN switches to provide complete and reliable separation of traffic. http://www.sans.org/resources/idfaq/vlan.php -- -Chuck From owner-freebsd-isp@FreeBSD.ORG Wed Oct 4 13:23:13 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8492716A49E; Wed, 4 Oct 2006 13:23:13 +0000 (UTC) (envelope-from KendraSaenzj@arcor-ip.net) Received: from arcor-ip.net (dslb-088-073-196-004.pools.arcor-ip.net [88.73.196.4]) by mx1.FreeBSD.org (Postfix) with SMTP id 25D4C43D4C; Wed, 4 Oct 2006 13:23:11 +0000 (GMT) (envelope-from KendraSaenzj@arcor-ip.net) Message-Id: <618384412095.293737469@arcor-ip.net> From: "Antony Koehler" To: , Date: Wed, 04 Oct 2006 15:23:11 +0100 MIME-Version: 1.0 Cc: freebsd-isp@freebsd.org, freebsd-java-owner@freebsd.org, freebsd-java@freebsd.org Subject: shadowy doggonec X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Oct 2006 13:23:13 -0000 Energy Prices are near all time low, This is the best time to lock in a quality energy stock Introducing : WBRS Exchange Pinksheets Price: 0.05 3 Day Estimated : .50 ( +1000%) WILD BRUSH MAKES A MOVE! Wild Brush Acquires Additional Powder River Oil & Gas Lease. Who is Wild Brush? Wild Brush Energy is a diversified energy company whose primary goal is to identify and develop Oil & Coalbed Methane sites within the State of Wyoming. In addition, Wild Brush Energy continues to evaluate clean air alternative energy producing technologies such as Wind Power. Wild Brush trades in the U.S. under the symbol "WBRS." ADD THIS ENERGY STOCK TO YOUR LIST AND WATCH IT TRADE CLOSELY ON WEDNESDAY OCTOBER 4! Get In NOW !!! You can't squeeze blood out of a turnip. Stop and smell the roses. Sow much, reap much; sow little, reap little. Up one side and down the other. She's the apple of my eye. You can't teach an old dog new tricks. Up a tree. When it rains it pours. Red as a beet. When pigs fly. To live from hand to mouth. From owner-freebsd-isp@FreeBSD.ORG Thu Oct 5 14:02:24 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1C1F016A403 for ; Thu, 5 Oct 2006 14:02:24 +0000 (UTC) (envelope-from dblais@interplex.ca) Received: from smtp1.interplex.ca (smtp1.interplex.ca [207.134.105.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1024E43D81 for ; Thu, 5 Oct 2006 14:02:17 +0000 (GMT) (envelope-from dblais@interplex.ca) Received: by smtp1.interplex.ca (Postfix, from userid 106) id B424F2AE21; Thu, 5 Oct 2006 10:02:10 -0400 (EDT) Received: from secure.interplex.ca (webapps.interplex.ca [207.134.105.8]) by smtp1.interplex.ca (Postfix) with ESMTP id 4FDEF2ADED for ; Thu, 5 Oct 2006 10:02:10 -0400 (EDT) Received: from 205.237.37.179 (SquirrelMail authenticated user dblais) by secure.interplex.ca with HTTP; Thu, 5 Oct 2006 10:02:10 -0400 (EDT) Message-ID: <1683.205.237.37.179.1160056930.squirrel@secure.interplex.ca> Date: Thu, 5 Oct 2006 10:02:10 -0400 (EDT) From: "Dominic Blais" To: freebsd-isp@freebsd.org User-Agent: SquirrelMail/1.4.4 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: Linksys BEFSR41 v4.0 cause big troubles with ppp(oe) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dblais@interplex.ca List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Oct 2006 14:02:24 -0000 Hi! Since some times, we noticed that one of our pppoe server running FreeBSD had multiples tun interfaces stuck with a never stoping ppp process. The logs clearly shows the user is logging on a new session with with the same router... We ensured it's not a script kiddy trying to suck some ip addresses. Then we tried to figure out what's the link with these users and we found it was their router. In fact, the Linksys BEFSR41 ver. 4 (maybe others too) makes the ppp process kinda freeze and lock a tun interface with it's IP address until you kill the ppp process. Our ppp.conf file sets a max of 1472 for the mtu. Fortunately, we can find these locked interfaces by their MTU which is at 1500 and abnormal for our tun interfaces. For the moment we can only monitor it and tell our clients not to use this kind of router but we think FreeBSD's ppp should manage this threat and release the precious and limited ressource (IP addresses). Note that this problem can take some hours to show... To reproduce it, take a BEFSR41 router from Linksys, connect it to your FreeBSD server with pppoed and wait 12 hours. It can happen anytime from 5 seconds to 12 hours..but in 12 hours, it really should happen ;) Has anybody noticed this problem? We experienced it on release 5.x and 6.x. -- Dominic Blais Network Administrator Interplex Télécom Inc. http://www.interplex.ca From owner-freebsd-isp@FreeBSD.ORG Fri Oct 6 09:46:05 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D69F816A412; Fri, 6 Oct 2006 09:46:05 +0000 (UTC) (envelope-from Tyrone@TelecityRedbus.se) Received: from s200aog11.obsmtp.com (s200aog11.obsmtp.com [207.126.144.125]) by mx1.FreeBSD.org (Postfix) with SMTP id A3C9943D4C; Fri, 6 Oct 2006 09:46:04 +0000 (GMT) (envelope-from Tyrone@TelecityRedbus.se) Received: from source ([195.149.172.5]) by eu1sys200aob011.postini.com ([207.126.147.11]) with SMTP; Fri, 06 Oct 2006 09:46:02 UTC Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Fri, 6 Oct 2006 11:46:02 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Dummynet,VLAN and CARP broken?? Thread-Index: AcbpLFTjGrthcXWmTJafZwTkIxW2aw== From: To: , Cc: Subject: Dummynet,VLAN and CARP broken?? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Oct 2006 09:46:06 -0000 Hi Running FreeBSD6.1-RC Kernel compiled with the following=20 options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #enable logging to syslogd(8) options IPFIREWALL_FORWARD #enable transparent proxy options IPFIREWALL_VERBOSE_LIMIT=3D100 #limit verbosity options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by options IPDIVERT #divert sockets options DUMMYNET options BRIDGE options HZ=3D1000=09 options FAST_IPSEC options TCP_SIGNATURE device crypto device cryptodev device carp Problem is with the CARP addresses staying in the "master" "master" position when I have dummynet stripping bandwidth on that vlan. I take the dummnet config away then the carp interfaces go to "master" and "backup" as required. My dummynet configs look like this ipfw pipe 100 config bw 10500Kbit/s #setup shaping pipes 10Mbit ipfw queue 1 config pipe 100 weight 100 ipfw queue 2 config pipe 100 weight 100 ipfw add 1000 queue 1 ip from any to any in via vlan148 =20 ipfw add 1000 queue 2 ip from any to any out via vlan148 I have an open FW so no carp message should be blocked is dummynet broken? Regards Tyrone This e-mail is intended only for the use of the addressees named above an= d may be confidential. = If you are not an addressee you must not use any information contained in= nor copy it nor inform any person other than the addressees of its exist= ence or contents. = =0D From owner-freebsd-isp@FreeBSD.ORG Fri Oct 6 10:37:37 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E5E4B16A403; Fri, 6 Oct 2006 10:37:37 +0000 (UTC) (envelope-from Tyrone@TelecityRedbus.se) Received: from s200aog12.obsmtp.com (s200aog12.obsmtp.com [207.126.144.126]) by mx1.FreeBSD.org (Postfix) with SMTP id 3DCBA43D5E; Fri, 6 Oct 2006 10:37:36 +0000 (GMT) (envelope-from Tyrone@TelecityRedbus.se) Received: from source ([195.149.172.5]) by eu1sys200aob012.postini.com ([207.126.147.11]) with SMTP; Fri, 06 Oct 2006 10:37:32 UTC Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Fri, 6 Oct 2006 12:37:32 +0200 Message-ID: In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Dummynet,VLAN and CARP broken?? Thread-Index: AcbpLFTjGrthcXWmTJafZwTkIxW2awABx4SQ From: To: , Cc: Subject: RE: Dummynet,VLAN and CARP broken?? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Oct 2006 10:37:38 -0000 I found out that you still need to let carp packets through even though all you doing is traffic shaping=20 So ipfw add 1 allow carp from any to any=20 Did the trick for me=20 Regards tyrone -----Original Message----- From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd-isp@freebsd.org] On Behalf Of Tyrone@TelecityRedbus.se Sent: den 6 oktober 2006 11:46 To: freebsd-ipfw@freebsd.org; freebsd-isp@freebsd.org Subject: Dummynet,VLAN and CARP broken?? Hi Running FreeBSD6.1-RC Kernel compiled with the following=20 options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #enable logging to syslogd(8) options IPFIREWALL_FORWARD #enable transparent proxy options IPFIREWALL_VERBOSE_LIMIT=3D100 #limit verbosity options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by options IPDIVERT #divert sockets options DUMMYNET options BRIDGE options HZ=3D1000=09 options FAST_IPSEC options TCP_SIGNATURE device crypto device cryptodev device carp Problem is with the CARP addresses staying in the "master" "master" position when I have dummynet stripping bandwidth on that vlan. I take the dummnet config away then the carp interfaces go to "master" and "backup" as required. My dummynet configs look like this ipfw pipe 100 config bw 10500Kbit/s #setup shaping pipes 10Mbit ipfw queue 1 config pipe 100 weight 100 ipfw queue 2 config pipe 100 weight 100 ipfw add 1000 queue 1 ip from any to any in via vlan148 =20 ipfw add 1000 queue 2 ip from any to any out via vlan148 I have an open FW so no carp message should be blocked is dummynet broken? Regards Tyrone This e-mail is intended only for the use of the addressees named above and may be confidential.=20 If you are not an addressee you must not use any information contained in nor copy it nor inform any person other than the addressees of its existence or contents.=20 _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" This e-mail is intended only for the use of the addressees named above an= d may be confidential. = If you are not an addressee you must not use any information contained in= nor copy it nor inform any person other than the addressees of its exist= ence or contents. = =0D From owner-freebsd-isp@FreeBSD.ORG Fri Oct 6 15:01:52 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3718A16A403 for ; Fri, 6 Oct 2006 15:01:52 +0000 (UTC) (envelope-from up@3.am) Received: from richard2.pil.net (mail.pil.net [207.7.198.3]) by mx1.FreeBSD.org (Postfix) with SMTP id A417343D82 for ; Fri, 6 Oct 2006 15:01:45 +0000 (GMT) (envelope-from up@3.am) Received: (qmail 54245 invoked by uid 1825); 6 Oct 2006 15:01:44 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 6 Oct 2006 15:01:44 -0000 Date: Fri, 6 Oct 2006 11:01:44 -0400 (EDT) From: up@3.am X-X-Sender: up@richard2.pil.net To: FreeBSD ISP List Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Onboard or low profile RAID recommendations X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Oct 2006 15:01:52 -0000 Hi: I am starting the process of replacing an older 2RU server that uses an Intel ServerBoard and Adaptec 2110S low profile SCSI RAID card. This thing is several years old and much has changed since I last built one (using 2200S). Does FreeBSD now support any of the Intel ServerBoard on-board SCSI RAID systems, or is it still advisable to go with a separate card? If separate, what's a good, current (preferably Adaptec) low-profile SCSI RAID card that FreeBSD 6.x has suitable drivers for? Please reply directly, as I am not subscribed. Thanks! James Smallacombe PlantageNet, Inc. CEO and Janitor up@3.am http://3.am =========================================================================