From owner-freebsd-pf@FreeBSD.ORG Wed Nov 24 17:14:23 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 287DC16A4CE for ; Wed, 24 Nov 2004 17:14:23 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1AB2543D4C for ; Wed, 24 Nov 2004 17:14:22 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1CX0ii-0007wf-00; Wed, 24 Nov 2004 18:14:20 +0100 Received: from [84.128.135.252] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1CX0ih-0002cC-00; Wed, 24 Nov 2004 18:14:20 +0100 From: Max Laier To: freebsd-pf@freebsd.org Date: Wed, 24 Nov 2004 18:14:38 +0100 User-Agent: KMail/1.7.1 References: <419EA38B.4000907@cuk.nu> In-Reply-To: <419EA38B.4000907@cuk.nu> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3600262.3W7UDktdrk"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200411241814.50964.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 Subject: Re: pf multipath nat X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Nov 2004 17:14:23 -0000 --nextPart3600262.3W7UDktdrk Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Marko, [ Please line-wrap your mail ] On Saturday 20 November 2004 02:53, Marko Cuk wrote: > I have a question regarding this... > > What happen, if one of the uplinks goes down ? What does pf knows about > states of interfaces and availiability ? Nothing. In OpenBSD there is a daemon called ifstated(8) which monitors the= =20 interface states and can take action if one link goes down. For instance, i= t=20 could remove the related rules from an anchor. =46ortunately, Matthew George has just recently ported ifstated(8) and it h= as=20 been included into the ports collection ad net/ifstated: http://www.freshports.org/net/ifstated/ > I'd like to know also, how to configure FreeBSD, to send out packet with > proper source IP and what is the default route in that case ? Can anyone > speak a little about that ? That depends on what you want. For traffic from your LAN you explicitly set= =20 the source IP in the NAT rules. For traffic originating from the gateway=20 itself, you have to decide where you want it to go and how it should get=20 there. You can always ask pf to pickup that traffic as well and transform i= t=20 in the same ways you do it for traffic originated from your LAN/DMZ. > Tnx, Marko Cuk > > On Tuesday 16 November 2004 13:08, =C5=81ukasz Dudek wrote: > >/ Dnia Wto, Lis 09, 2004 o godzinie 02:13:34 +0100, =C5=81ukasz Dudek > > napisa=C5=82(a): > > />/ > Dnia Pon, Lis 08, 2004 o godzinie 04:21:39 +0100, Max Laier > napisa=C5=82(a): />/ > > On Monday 08 November 2004 15:30, =C5=81ukasz Du= dek wrote: > />/ > > > i've tried to configure multipath nat using RELENG_5 box > />/ > > > (when it was current and now when it became stable) > />/ > />/ this is full ruleset > / > Okay sorry for the delay, but I was (and in fact still am) very busy with > real life these days. Will hopefully resume to full working speed soon. > > Nontheless, I finally found some time to rig a test-setup for this ruleset > with two Soekris boxes. Unfortunately I wasn't able to see any problem. No > hang, no stalling, nothing! Can you please try to get more information > about the problem in your setup? > > I need to know what kind of "hang" it is. Deadlock, lifelock, etc? Try to > break into the debugger via serial console or Crtl + ALt + Esc etc. I > cannot reproduce it, sorry. > > Does anybody successfully run more than one uplink in this way? What > hardware do you have? > > Same question to =C5=81ukasz, what kind of box is this? Are we looking at= an SMP > box? > > >/ can i provide any more information or is there anything anything i can > > />/ do to help resolv this issue, have anyone been able to reproduce this > />/ behaviour, i would really like to utilize second link using freebsd b= ox > />/ moving every service from free to open will be performance lost and > />/ services, network downtime. this box without configuring second link > />/ is 100% stable > / > I really need some definite description of the problem. "It seems to hang" > is way too imprecise, sorry. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart3600262.3W7UDktdrk Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBpMGKXyyEoT62BG0RAvisAJ0carU0FYwIjGIn4DPozYH1yPKSZgCfVoSU y+9k7u/3+mrzczo0AvvTQS8= =9opC -----END PGP SIGNATURE----- --nextPart3600262.3W7UDktdrk--