From owner-freebsd-ipfw@FreeBSD.ORG Mon Oct 13 06:53:26 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AC27D16A4B3 for ; Mon, 13 Oct 2003 06:53:26 -0700 (PDT) Received: from labe.afribone.net.gn (kimbo.afribone.net.gn [216.252.183.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6A49C43F3F for ; Mon, 13 Oct 2003 06:53:20 -0700 (PDT) (envelope-from traore@afribone.net.gn) Received: from localhost (labe.afribone.net.gn [127.0.0.1]) by labe.afribone.net.gn (8.12.9/8.12.8) with ESMTP id h9DDaqu4030740 for ; Mon, 13 Oct 2003 13:36:52 GMT Received: from labe.afribone.net.gn ([127.0.0.1]) by localhost (labe.afribone.net.gn [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 30423-06 for ; Mon, 13 Oct 2003 13:36:48 +0000 (GMT) Received: from labe.afribone.net.gn (labe.afribone.net.gn [127.0.0.1]) by labe.afribone.net.gn (8.12.9/8.12.8) with ESMTP id h9DDaVMQ030708 for ; Mon, 13 Oct 2003 13:36:31 GMT Received: (from apache@localhost) by labe.afribone.net.gn (8.12.9/8.12.8/Submit) id h9DDaVA5030707 for freebsd-ipfw@freebsd.org; Mon, 13 Oct 2003 13:36:31 GMT X-Authentication-Warning: labe.afribone.net.gn: apache set sender to traore@afribone.net.gn using -f Received: from 10.0.1.13 ([10.0.1.13]) by mail.afribone.net.gn (IMP) with HTTP for ; Mon, 13 Oct 2003 13:36:31 +0000 Message-ID: <1066052191.3f8aaa5f7bc9b@mail.afribone.net.gn> Date: Mon, 13 Oct 2003 13:36:31 +0000 From: traore@afribone.net.gn To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.2.1 X-Originating-IP: 10.0.1.13 X-Virus-Scanned: by Admin at afribone.net.gn Subject: IPFW and Mac address X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Oct 2003 13:53:26 -0000 Hello I'm using Freebsd 5.0 Release. And i want to use ipfw with Mac adresses fitering. But its not working. When i add a rule like: ipfw add 49 deny mac any 00:E0:18:F1:57:94 the kernel change it to be: ipfw add 49 deny ip from any to any mac any 00:E0:18:F1:54:94 Can you help me? Rgards! From owner-freebsd-ipfw@FreeBSD.ORG Mon Oct 13 11:02:15 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4CD4916A4B3 for ; Mon, 13 Oct 2003 11:02:15 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id D49AC43FDF for ; Mon, 13 Oct 2003 11:01:53 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h9DI1rFY044700 for ; Mon, 13 Oct 2003 11:01:53 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h9DI1rRg044691 for ipfw@freebsd.org; Mon, 13 Oct 2003 11:01:53 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 13 Oct 2003 11:01:53 -0700 (PDT) Message-Id: <200310131801.h9DI1rRg044691@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: ipfw@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Oct 2003 18:02:15 -0000 Current FreeBSD problem reports Critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/03/23] kern/50216 ipfw kernel panic on 5.0-current when use ipfw 1 problem total. Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2002/12/27] kern/46557 ipfw ipfw pipe show fails with lots of queues o [2003/04/22] kern/51274 ipfw ipfw2 create dynamic rules with parent nu f [2003/04/24] kern/51341 ipfw ipfw rule 'deny icmp from any to any icmp 3 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- a [2001/04/13] kern/26534 ipfw Add an option to ipfw to log gid/uid of w o [2002/12/07] kern/46080 ipfw [PATCH] logamount in ipfw2 does not defau o [2002/12/10] kern/46159 ipfw ipfw dynamic rules lifetime feature o [2002/12/27] kern/46564 ipfw IPFilter and IPFW processing order is not o [2003/02/11] kern/48172 ipfw ipfw does not log size and flags o [2003/03/10] kern/49086 ipfw [patch] Make ipfw2 log to different syslo o [2003/03/12] bin/49959 ipfw ipfw tee port rule skips parsing next rul o [2003/04/09] bin/50749 ipfw ipfw2 incorrectly parses ports and port r o [2003/08/25] kern/55984 ipfw [patch] time based firewalling support fo 9 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Oct 13 18:59:55 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C04516A4B3 for ; Mon, 13 Oct 2003 18:59:55 -0700 (PDT) Received: from mta3.adelphia.net (mta3.adelphia.net [68.168.78.181]) by mx1.FreeBSD.org (Postfix) with ESMTP id 79A2A43FA3 for ; Mon, 13 Oct 2003 18:59:54 -0700 (PDT) (envelope-from tscrum@1wisp.com) Received: from wolf ([68.235.82.98]) by mta3.adelphia.net (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with ESMTP id <20031014015953.MKLY24177.mta3.adelphia.net@wolf> for ; Mon, 13 Oct 2003 21:59:53 -0400 From: "Thomas S. Crum" To: Date: Mon, 13 Oct 2003 21:59:46 -0400 Organization: 1WISP, Inc. Message-ID: <001a01c391f6$db089160$6252eb44@wolf> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300 Subject: ipfw size mismatch? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2003 01:59:55 -0000 Hello all, I recently installed FreeBSD 4.8 release and am having problems getting a dummynet bridge working. Not that dummynet is the problem, I cannot get the bridge itself working. I keep getting an error at start: ipfw: size mismatch (have 176 want 36) and when I enter: sh /etc/rc.firewall I get the mismatch along with getsockopt(IP_FW_ADD): Invalid argument. I have no ip addresses assigned to either of my two interfaces. The kernel was rebuilt with the added options: options BRIDGE options IPFIREWALL options IPDIVERT (tried with and without this option) options IPFIREWALL_VERBOSE options IPFW2 options DUMMYNET I built the kernel with: cd /usr/src make buildkernel KERNCONF=MYKERNEL make installkernel KERNCONF=MYKERNEL I put these lines in /etc/rc.conf: firewall_enable="YES" firewall_type="OPEN" firewall_quiet="YES" firewall_logging="YES" Put these lines in /etc/sysctl.conf (where rl0 and rl1 are my NIC's): net.link.ether.bridge_cfg=rl0:0,rl1:0 net.link.ether.bridge_ipfw=1 net.link.ether.bridge=1 I have used this same setup w/ 4.4 with no problem (of course lacking the ipfw2 option). Tried google with the errors I'm getting to no avail. Any help getting this bridge up will be appreciated. Best, Tom From owner-freebsd-ipfw@FreeBSD.ORG Mon Oct 13 20:00:38 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 949D916A4B3 for ; Mon, 13 Oct 2003 20:00:38 -0700 (PDT) Received: from ns1.itga.com.au (ns1.itga.com.au [202.53.40.214]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B6CE43FBF for ; Mon, 13 Oct 2003 20:00:37 -0700 (PDT) (envelope-from gnb@itga.com.au) Received: from lightning.itga.com.au (lightning.itga.com.au [192.168.71.20]) by ns1.itga.com.au (8.12.9/8.12.9) with ESMTP id h9E30RR5054273; Tue, 14 Oct 2003 13:00:27 +1000 (EST) (envelope-from gnb@itga.com.au) Received: from lightning.itga.com.au (localhost [127.0.0.1]) by lightning.itga.com.au (8.9.3/8.9.3) with ESMTP id NAA04399; Tue, 14 Oct 2003 13:00:27 +1000 (EST) Message-Id: <200310140300.NAA04399@lightning.itga.com.au> X-Mailer: exmh version 2.4 05/15/2001 with nmh-1.0.4 From: Gregory Bond To: "Thomas S. Crum" In-reply-to: Your message of Mon, 13 Oct 2003 21:59:46 -0400. Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 14 Oct 2003 13:00:27 +1000 Sender: gnb@itga.com.au cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw size mismatch? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2003 03:00:38 -0000 >options IPFW2 If you add this to your kernel, you also have to recompile the ipfw userland program and the alias library. Failure to do so will give the error you are seeing. (And make sure the kernel and userland use source from the same cvsup, if you are using that!) From owner-freebsd-ipfw@FreeBSD.ORG Tue Oct 14 09:10:34 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A910316A4B3 for ; Tue, 14 Oct 2003 09:10:34 -0700 (PDT) Received: from mta7.adelphia.net (mta7.adelphia.net [68.168.78.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id 992E243F85 for ; Tue, 14 Oct 2003 09:10:32 -0700 (PDT) (envelope-from tscrum@1wisp.com) Received: from wolf ([68.235.82.98]) by mta7.adelphia.net (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with ESMTP id <20031014161034.QLCF21600.mta7.adelphia.net@wolf>; Tue, 14 Oct 2003 12:10:34 -0400 From: "Thomas S. Crum" To: Date: Tue, 14 Oct 2003 12:10:28 -0400 Organization: 1WISP, Inc. Message-ID: <000201c3926d$b24961b0$6252eb44@wolf> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300 Importance: Normal In-Reply-To: <3F8B7387.FACB2860@usww.com> cc: freebsd-ipfw@freebsd.org Subject: RE: ipfw size mismatch? Revised X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2003 16:10:34 -0000 Thanks Ben, it worked like a charm. IPFW2 and dummynet, can't wait! :) Tom -----Original Message----- From: unix@usww.com [mailto:unix@usww.com] Sent: Monday, October 13, 2003 11:55 PM To: Thomas S. Crum; unix@usww.com Subject: Re: ipfw size mismatch? Revised I hate it when a patch comes out an then a revision. Well this is not a patch but I made a couple typos in kernel name. Sorry about that. Ben Bentsen USWW Systems 706-547-0087 ######## Prev Email ########## I use 4.8 also and had a problem. The following email came in and it worked with the standard release of ipfw2.c. I could not get any of the newer ipfw2.c to properly compile. I sent off an email to the ipfw group but have had no response. I already had the src's on my drives. Subject: RES: ipfw2 with FreeBSD 4.7-Release Date: Fri, 10 Oct 2003 08:20:33 -0300 From: Renato Barreto To: "'freebsd-ipfw@freebsd.org'" CC: "'traore@afribone.net.gn'" Hi, To do this run /stand/sysinstall (as root), choose Configure -> Distributions, then src, and then lib, sbin and sys. To compile libalias: cd /usr/src/lib/libalias make -DIPFW2 make install To compile ipfw: cd /usr/src/sbin/ipfw make -DIPFW2 make install Build a Kernel with: cd /usr/src/sys/i386/conf options IPFW2 # Renato ##### End of Email ##### Beginning of what I personally did in addition to the email ################################################################# I personally used the following to compile the kernel # cd /usr/src/sys/i386/conf # cp GENERIC USWW48-1 # ee USWW48-1 and added options IPFW2 # /usr/sbin/config USWW48-1 # cd ../../compile/USWW48-1 # make depend # make # make install And it worked Additionally I made the following changes to the kernel I commented out the following #cpu I386_CPU #cpu I486_CPU #options INET6 #IPv6 communications protocols #pseudo-device gif # IPv6 and IPv4 tunneling #pseudo-device faith 1 # IPv6-to-IPv4 relaying (translation) ### I have had many problems with ip6 so I just omit it for now. ### Until it becomes more of a standard I won;t dive in to it. And I added the following under maxusers 0 ## Start BB # Add the next line to the end of this file uncommented # pseudo-device speaker #Play IBM BASIC-style noises out your speaker BB Added # I added "reveille" below to the end of rc.local file so when it boots I know it did. # echo "t255l8c.f.afc~c.f.afc~c.f.afc.f.a..f.~c.f.afc~c.f.afc~c.f.afc~c.f..">/d ev/speaker # TCPDEBUG is undocumented. # /usr/sbin/config USWW48V1;cd ../../compile/USWW48V1;make depend;make;make install # # BRIDGE enables bridging between ethernet cards -- see bridge(4). # You can use IPFIREWALL and dummynet together with bridging. options IPFW2 # USE make -DIPFW2 when Making kernel options BRIDGE options DUMMYNET # This is for bandwith limiting see man dummynet options MROUTING # Multicast routing options IPFIREWALL # firewall options IPFIREWALL_FORWARD # enable transparent proxy support options IPFIREWALL_VERBOSE # print information about # dropped packets options IPFIREWALL_VERBOSE_LIMIT=100 # limit verbosity options IPFIREWALL_DEFAULT_TO_ACCEPT # allow everything by default options IPDIVERT # divert sockets options TCPDEBUG ## End BB I hope this helps it works well for me Your rules sets may need to checked and MAC addresses addressed Remember the order of the MACs in rc.local or rc.firewall. I personally do not use rc.firewall I put all rules in rc.local. An old method but works much better and safer for me. Destination Source ipfw add 880 pass log logamount 10000 mac 00:50:bf:16:15:37 00:48:54:8a:b7:f4 ipfw add 880 pass log logamount 10000 mac 00:48:54:8a:b7:f4 00:50:bf:16:15:37 I have used FreeBSD for years and am well satisfied with it. I use it on all my network boxes. Ben Bentsen USWW Systems 706-547-0087 "Thomas S. Crum" wrote: > > Hello all, > > I recently installed FreeBSD 4.8 release and am having problems getting > a dummynet bridge working. Not that dummynet is the problem, I cannot > get the bridge itself working. I keep getting an error at start: ipfw: > size mismatch (have 176 want 36) and when I enter: sh /etc/rc.firewall I > get the mismatch along with getsockopt(IP_FW_ADD): Invalid argument. > > I have no ip addresses assigned to either of my two interfaces. > > The kernel was rebuilt with the added options: > > options BRIDGE > options IPFIREWALL > options IPDIVERT (tried with and without this option) > options IPFIREWALL_VERBOSE > options IPFW2 > options DUMMYNET > > I built the kernel with: > > cd /usr/src > make buildkernel KERNCONF=MYKERNEL > make installkernel KERNCONF=MYKERNEL > > I put these lines in /etc/rc.conf: > > firewall_enable="YES" > firewall_type="OPEN" > firewall_quiet="YES" > firewall_logging="YES" > > Put these lines in /etc/sysctl.conf (where rl0 and rl1 are my NIC's): > > net.link.ether.bridge_cfg=rl0:0,rl1:0 > net.link.ether.bridge_ipfw=1 > net.link.ether.bridge=1 > > I have used this same setup w/ 4.4 with no problem (of course lacking > the ipfw2 option). Tried google with the errors I'm getting to no > avail. Any help getting this bridge up will be appreciated. > > Best, > > Tom > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" From owner-freebsd-ipfw@FreeBSD.ORG Tue Oct 14 12:51:20 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0C23216A4B3 for ; Tue, 14 Oct 2003 12:51:20 -0700 (PDT) Received: from boole.cs.uh.edu (Boole.cs.uh.edu [129.7.240.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 48D8B43FD7 for ; Tue, 14 Oct 2003 12:51:19 -0700 (PDT) (envelope-from mzu@cs.uh.edu) Received: from mail.cs.uh.edu (pascal [129.7.240.15]) by boole.cs.uh.edu (Postfix) with SMTP id C9317F97C for ; Tue, 14 Oct 2003 14:51:18 -0500 (CDT) Received: from 63.172.179.2 (SquirrelMail authenticated user mzu) by mail.cs.uh.edu with HTTP; Tue, 14 Oct 2003 14:51:18 -0500 (CDT) Message-ID: <16380.63.172.179.2.1066161078.squirrel@mail.cs.uh.edu> Date: Tue, 14 Oct 2003 14:51:18 -0500 (CDT) From: mzu@cs.uh.edu To: freebsd-ipfw@freebsd.org User-Agent: SquirrelMail/1.4.1 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal Subject: HELP!!! Dummynet Causing Machines Dead?? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2003 19:51:20 -0000 I have three Squid machines working together as a cache array. I used Dummynet to control the inter-cache bandwidth. My three squid is 10.12.0.1, 10.12.0.2 and 10.12.0.3 I used the following commands to create pipes in each squid For example, in Squid1: ipfw add pipe 1 IP from 10.12.0.1 to 10.12.0.2 out ipfw add pipe 2 IP from 10.12.0.1 to 10.12.0.3 out ipfw pipe 1 config bw 10Mbit/s queue 75Kbytes ipfw pipe 2 config bw 10Mbit/s queue 75Kbytes I have another program to change the bandwidth of each pipe every half an hour, with a lot of traffic going through the caches at the same time. So that the configeration for a pipe can change FROM: ipfw pipe 1 config bw 10Mbit/s queue 73Kbytes TO: ipfw pipe 1 config bw 2Mbit/s queue 25Kbytes Then in very short time, the machine is dead. I think the problem might because of the setting of "queue". But I don't know how much should be correct. I was using "bw x Mbit/s queue 6*x+13 Kbytes". Oh, when bandwidth change from 5M to 3M ,or 8M to 5M (smaller difference), the machines will run just fine with my 6*x+13 setting. Only steep jump like from 8M to 2M will cause death. Please help me out!!! This is emergency!!!! From owner-freebsd-ipfw@FreeBSD.ORG Tue Oct 14 12:58:44 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DDE4316A4B3 for ; Tue, 14 Oct 2003 12:58:44 -0700 (PDT) Received: from boole.cs.uh.edu (Boole.cs.uh.edu [129.7.240.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4307B43FBD for ; Tue, 14 Oct 2003 12:58:44 -0700 (PDT) (envelope-from mzu@cs.uh.edu) Received: from mail.cs.uh.edu (pascal [129.7.240.15]) by boole.cs.uh.edu (Postfix) with SMTP id CEEBEF97C for ; Tue, 14 Oct 2003 14:58:43 -0500 (CDT) Received: from 63.172.179.2 (SquirrelMail authenticated user mzu) by mail.cs.uh.edu with HTTP; Tue, 14 Oct 2003 14:58:43 -0500 (CDT) Message-ID: <11261.63.172.179.2.1066161523.squirrel@mail.cs.uh.edu> Date: Tue, 14 Oct 2003 14:58:43 -0500 (CDT) From: mzu@cs.uh.edu To: freebsd-ipfw@freebsd.org User-Agent: SquirrelMail/1.4.1 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal Subject: Dummynet Causing Machines Dead X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2003 19:58:45 -0000 I have three Squid machines working together as a cache array. I used Dummynet to control the inter-cache bandwidth. My three squid is 10.12.0.1, 10.12.0.2 and 10.12.0.3 I used the following commands to create pipes in each squid For example, in Squid1: ipfw add pipe 1 IP from 10.12.0.1 to 10.12.0.2 out ipfw add pipe 2 IP from 10.12.0.1 to 10.12.0.3 out ipfw pipe 1 config bw 10Mbit/s queue 75Kbytes ipfw pipe 2 config bw 10Mbit/s queue 75Kbytes I have another program to change the bandwidth of each pipe every half an hour, with a lot of traffic going through the caches at the same time. So that the configeration for a pipe can change FROM: ipfw pipe 1 config bw 10Mbit/s queue 73Kbytes TO: ipfw pipe 1 config bw 2Mbit/s queue 25Kbytes Then in very short time, the machine is dead. I think the problem might because of the setting of "queue". But I don't know how much should be correct. I was using "bw x Mbit/s queue 6*x+13 Kbytes". Oh, when bandwidth change from 5M to 3M ,or 8M to 5M (smaller difference), the machines will run just fine with my 6*x+13 setting. Only steep jump like from 8M to 2M will cause death. Please help me out!!! This is emergency!!!! Thanks, Ming From owner-freebsd-ipfw@FreeBSD.ORG Tue Oct 14 13:00:43 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 793E416A4B3 for ; Tue, 14 Oct 2003 13:00:43 -0700 (PDT) Received: from shellma.zin.lublin.pl (shellma.zin.lublin.pl [212.182.126.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7F98243F75 for ; Tue, 14 Oct 2003 13:00:42 -0700 (PDT) (envelope-from pawmal-posting@freebsd.lublin.pl) Received: by shellma.zin.lublin.pl (Postfix, from userid 1018) id EA97E5F103; Tue, 14 Oct 2003 22:05:06 +0200 (CEST) Date: Tue, 14 Oct 2003 22:05:06 +0200 From: Pawel Malachowski To: mzu@cs.uh.edu Message-ID: <20031014200506.GA25016@shellma.zin.lublin.pl> References: <16380.63.172.179.2.1066161078.squirrel@mail.cs.uh.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <16380.63.172.179.2.1066161078.squirrel@mail.cs.uh.edu> User-Agent: Mutt/1.4.1i cc: freebsd-ipfw@freebsd.org Subject: Re: HELP!!! Dummynet Causing Machines Dead?? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-ipfw@freebsd.org List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2003 20:00:43 -0000 On Tue, Oct 14, 2003 at 02:51:18PM -0500, mzu@cs.uh.edu wrote: > I have another program to change the bandwidth of each pipe every half an > hour, with a lot of traffic going through the caches at the same time. So > that the configeration for a pipe can change > > FROM: ipfw pipe 1 config bw 10Mbit/s queue 73Kbytes > > TO: ipfw pipe 1 config bw 2Mbit/s queue 25Kbytes > > Then in very short time, the machine is dead. What version of FreeBSD do You run with? This bug is believed to be fixed in RELENG_4. -- Paweł Małachowski From owner-freebsd-ipfw@FreeBSD.ORG Tue Oct 14 13:30:09 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 31DB316A4B3 for ; Tue, 14 Oct 2003 13:30:09 -0700 (PDT) Received: from boole.cs.uh.edu (Boole.cs.uh.edu [129.7.240.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id B284C43FA3 for ; Tue, 14 Oct 2003 13:30:07 -0700 (PDT) (envelope-from mzu@cs.uh.edu) Received: from mail.cs.uh.edu (pascal [129.7.240.15]) by boole.cs.uh.edu (Postfix) with SMTP id 0F16CF978 for ; Tue, 14 Oct 2003 15:30:07 -0500 (CDT) Received: from 63.172.179.2 (SquirrelMail authenticated user mzu) by mail.cs.uh.edu with HTTP; Tue, 14 Oct 2003 15:30:07 -0500 (CDT) Message-ID: <11261.63.172.179.2.1066163407.squirrel@mail.cs.uh.edu> In-Reply-To: <20031014200506.GA25016@shellma.zin.lublin.pl> References: <16380.63.172.179.2.1066161078.squirrel@mail.cs.uh.edu> <20031014200506.GA25016@shellma.zin.lublin.pl> Date: Tue, 14 Oct 2003 15:30:07 -0500 (CDT) From: mzu@cs.uh.edu To: freebsd-ipfw@freebsd.org User-Agent: SquirrelMail/1.4.1 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal Subject: Re: HELP!!! Dummynet Causing Machines Dead?? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2003 20:30:09 -0000 Thank you very much! But I'm using FreeBSD 4.1.1 Is there anyway to avoice the death? I do need some lower bandwidth such as 1Mbit/s, 800Kbit/s. Is there a safe way to set queue? How about queue= 0? I remember last time I tried large queue size like 150Kbytes for 5M bandwidth, the machine died immediately. :( > On Tue, Oct 14, 2003 at 02:51:18PM -0500, mzu@cs.uh.edu wrote: > >> I have another program to change the bandwidth of each pipe every half >> an >> hour, with a lot of traffic going through the caches at the same time. >> So >> that the configeration for a pipe can change >> >> FROM: ipfw pipe 1 config bw 10Mbit/s queue 73Kbytes >> >> TO: ipfw pipe 1 config bw 2Mbit/s queue 25Kbytes >> >> Then in very short time, the machine is dead. > > What version of FreeBSD do You run with? This bug is believed to be fixed > in RELENG_4. > > > -- > Paweł Małachowski > From owner-freebsd-ipfw@FreeBSD.ORG Tue Oct 14 14:07:52 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 650A716A4B3 for ; Tue, 14 Oct 2003 14:07:52 -0700 (PDT) Received: from shellma.zin.lublin.pl (shellma.zin.lublin.pl [212.182.126.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id A493243FAF for ; Tue, 14 Oct 2003 14:07:51 -0700 (PDT) (envelope-from pawmal-posting@freebsd.lublin.pl) Received: by shellma.zin.lublin.pl (Postfix, from userid 1018) id 9FE655F103; Tue, 14 Oct 2003 23:12:18 +0200 (CEST) Date: Tue, 14 Oct 2003 23:12:18 +0200 From: Pawel Malachowski To: mzu@cs.uh.edu Message-ID: <20031014211218.GA38738@shellma.zin.lublin.pl> References: <16380.63.172.179.2.1066161078.squirrel@mail.cs.uh.edu> <20031014200506.GA25016@shellma.zin.lublin.pl> <11261.63.172.179.2.1066163407.squirrel@mail.cs.uh.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <11261.63.172.179.2.1066163407.squirrel@mail.cs.uh.edu> User-Agent: Mutt/1.4.1i cc: freebsd-ipfw@freebsd.org Subject: Re: HELP!!! Dummynet Causing Machines Dead?? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-ipfw@freebsd.org List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2003 21:07:52 -0000 On Tue, Oct 14, 2003 at 03:30:07PM -0500, mzu@cs.uh.edu wrote: > Thank you very much! But I'm using FreeBSD 4.1.1 It's time for update then. > Is there anyway to avoice the death? I do need some lower bandwidth such > as 1Mbit/s, 800Kbit/s. Is there a safe way to set queue? How about queue= > 0? I remember last time I tried large queue size like 150Kbytes for 5M > bandwidth, the machine died immediately. :( Try removing pipes (ipfw pipe flush) and recreating them with newer configuration values. -- Paweł Małachowski From owner-freebsd-ipfw@FreeBSD.ORG Tue Oct 14 14:31:51 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3ADB716A4B3 for ; Tue, 14 Oct 2003 14:31:51 -0700 (PDT) Received: from boole.cs.uh.edu (Boole.cs.uh.edu [129.7.240.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 530FE43F3F for ; Tue, 14 Oct 2003 14:31:50 -0700 (PDT) (envelope-from mzu@cs.uh.edu) Received: from mail.cs.uh.edu (pascal [129.7.240.15]) by boole.cs.uh.edu (Postfix) with SMTP id 3EAD0F978 for ; Tue, 14 Oct 2003 16:31:48 -0500 (CDT) Received: from 63.172.179.2 (SquirrelMail authenticated user mzu) by mail.cs.uh.edu with HTTP; Tue, 14 Oct 2003 16:31:48 -0500 (CDT) Message-ID: <16380.63.172.179.2.1066167108.squirrel@mail.cs.uh.edu> In-Reply-To: <20031014211218.GA38738@shellma.zin.lublin.pl> References: <16380.63.172.179.2.1066161078.squirrel@mail.cs.uh.edu><20031014200506.GA25016@shellma.zin.lublin.pl><11261.63.172.179.2.1066163407.squirrel@mail.cs.uh.edu> <20031014211218.GA38738@shellma.zin.lublin.pl> Date: Tue, 14 Oct 2003 16:31:48 -0500 (CDT) From: mzu@cs.uh.edu To: freebsd-ipfw@freebsd.org User-Agent: SquirrelMail/1.4.1 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal Subject: Re: HELP!!! Dummynet Causing Machines Dead?? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2003 21:31:51 -0000 Thanks very much! But I can't upgrade now. :( There're a lot of other stuff involved. Too dangerous. What do you mean flush the pipe and creating the new pipe? I want to change my bandwidth every half an hour? Are you saying now my pipe is "bw 10Mbit/s queue 75Kbytes" In half an hour, if I do > ipfw pipe flush > ipfw add pipe 1 ip from xxxx to xxxx" > ipfw pipe 1 config bw 2Mbit/s queue 25Kbytes" The machine won't die? So it has nothing to do with my queue size? > On Tue, Oct 14, 2003 at 03:30:07PM -0500, mzu@cs.uh.edu wrote: > >> Thank you very much! But I'm using FreeBSD 4.1.1 > > It's time for update then. > >> Is there anyway to avoice the death? I do need some lower bandwidth such >> as 1Mbit/s, 800Kbit/s. Is there a safe way to set queue? How about >> queue= >> 0? I remember last time I tried large queue size like 150Kbytes for 5M >> bandwidth, the machine died immediately. :( > > Try removing pipes (ipfw pipe flush) and recreating them with newer > configuration values. > > > -- > Paweł Małachowski > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > From owner-freebsd-ipfw@FreeBSD.ORG Tue Oct 14 14:45:10 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E8D3E16A4B3 for ; Tue, 14 Oct 2003 14:45:10 -0700 (PDT) Received: from shellma.zin.lublin.pl (shellma.zin.lublin.pl [212.182.126.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1FAFF43FBF for ; Tue, 14 Oct 2003 14:45:01 -0700 (PDT) (envelope-from pawmal-posting@freebsd.lublin.pl) Received: by shellma.zin.lublin.pl (Postfix, from userid 1018) id 2387C5F103; Tue, 14 Oct 2003 23:48:47 +0200 (CEST) Date: Tue, 14 Oct 2003 23:48:47 +0200 From: Pawel Malachowski To: mzu@cs.uh.edu Message-ID: <20031014214847.GB38738@shellma.zin.lublin.pl> References: <20031014211218.GA38738@shellma.zin.lublin.pl> <16380.63.172.179.2.1066167108.squirrel@mail.cs.uh.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <16380.63.172.179.2.1066167108.squirrel@mail.cs.uh.edu> User-Agent: Mutt/1.4.1i cc: freebsd-ipfw@freebsd.org Subject: Re: HELP!!! Dummynet Causing Machines Dead?? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-ipfw@freebsd.org List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2003 21:45:11 -0000 On Tue, Oct 14, 2003 at 04:31:48PM -0500, mzu@cs.uh.edu wrote: > What do you mean flush the pipe and creating the new pipe? I want to > change my bandwidth every half an hour? Are you saying > > now my pipe is "bw 10Mbit/s queue 75Kbytes" > > In half an hour, if I do > > ipfw pipe flush > > ipfw add pipe 1 ip from xxxx to xxxx" > > ipfw pipe 1 config bw 2Mbit/s queue 25Kbytes" > > The machine won't die? So it has nothing to do with my queue size? Probably the best workaround for You will be to create two different pipes and to pass trafic throught the proper one. ipfw pipe 1 config bw 2Mbit/s queue 25Kbytes ipfw pipe Z config bw 10Mbit/s queue 75Kbytes to switch: ipfw del XXX;ipfw add XXX pipe 1 ip from xxxx to xxxx or ipfw del XXX;ipfw add XXX pipe Z ip from xxxx to xxxx -- Paweł Małachowski From owner-freebsd-ipfw@FreeBSD.ORG Wed Oct 15 08:50:03 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1853216A4C1 for ; Wed, 15 Oct 2003 08:50:03 -0700 (PDT) Received: from boole.cs.uh.edu (Boole.cs.uh.edu [129.7.240.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1524143FAF for ; Wed, 15 Oct 2003 08:50:02 -0700 (PDT) (envelope-from mzu@cs.uh.edu) Received: from mail.cs.uh.edu (pascal [129.7.240.15]) by boole.cs.uh.edu (Postfix) with SMTP id 66D91F978 for ; Wed, 15 Oct 2003 10:50:01 -0500 (CDT) Received: from 63.172.179.2 (SquirrelMail authenticated user mzu) by mail.cs.uh.edu with HTTP; Wed, 15 Oct 2003 10:50:01 -0500 (CDT) Message-ID: <17726.63.172.179.2.1066233001.squirrel@mail.cs.uh.edu> In-Reply-To: <20031014214847.GB38738@shellma.zin.lublin.pl> References: <20031014211218.GA38738@shellma.zin.lublin.pl><16380.63.172.179.2.1066167108.squirrel@mail.cs.uh.edu> <20031014214847.GB38738@shellma.zin.lublin.pl> Date: Wed, 15 Oct 2003 10:50:01 -0500 (CDT) From: mzu@cs.uh.edu To: freebsd-ipfw@freebsd.org User-Agent: SquirrelMail/1.4.1 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal Subject: Re: HELP!!! Dummynet Causing Machines Dead?? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Oct 2003 15:50:03 -0000 Thanks sooooo much, Pawel , It worked yesterday. The machines didn't die when I changed bandwidth from 10M to 2M. Today I am going to try lower bandwidth such as 5Mbit/s - 200Kbit/s. :) Have a nice day! Ming > On Tue, Oct 14, 2003 at 04:31:48PM -0500, mzu@cs.uh.edu wrote: > >> What do you mean flush the pipe and creating the new pipe? I want to >> change my bandwidth every half an hour? Are you saying >> >> now my pipe is "bw 10Mbit/s queue 75Kbytes" >> >> In half an hour, if I do >> > ipfw pipe flush >> > ipfw add pipe 1 ip from xxxx to xxxx" >> > ipfw pipe 1 config bw 2Mbit/s queue 25Kbytes" >> >> The machine won't die? So it has nothing to do with my queue size? > > Probably the best workaround for You will be to create two > different pipes and to pass trafic throught the proper one. > > ipfw pipe 1 config bw 2Mbit/s queue 25Kbytes > ipfw pipe Z config bw 10Mbit/s queue 75Kbytes > > to switch: > ipfw del XXX;ipfw add XXX pipe 1 ip from xxxx to xxxx > or > ipfw del XXX;ipfw add XXX pipe Z ip from xxxx to xxxx > > > -- > Paweł Małachowski > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > From owner-freebsd-ipfw@FreeBSD.ORG Thu Oct 16 03:04:49 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6310816A4B3 for ; Thu, 16 Oct 2003 03:04:49 -0700 (PDT) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 032AD43FCB for ; Thu, 16 Oct 2003 03:04:49 -0700 (PDT) (envelope-from billf@elvis.mu.org) Received: by elvis.mu.org (Postfix, from userid 1098) id E3C902ED44C; Thu, 16 Oct 2003 03:04:48 -0700 (PDT) Date: Thu, 16 Oct 2003 03:04:48 -0700 From: Bill Fumerola To: freebsd-ipfw@freebsd.org Message-ID: <20031016100448.GT53023@elvis.mu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i X-Operating-System: FreeBSD 4.8-MUORG-20030806 i386 Subject: releng_4 patch for ip & tcp header fields X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Oct 2003 10:04:49 -0000 if you run -current, you've already had this for three years. if you run ipfw2, it was derived from -current's ipfw, so this still isn't relevant. http://people.freebsd.org/~billf/ipfw_iphdr.patch however, if you run 4.x with ipfw1 and you need the visibility into the more obscure fields of the ip (len, tos, id, ttl, ver) or tcp (seq, ack, win) headers, check this mfc patch out. -- - bill fumerola / fumerola@yahoo-inc.com / billf@FreeBSD.org From owner-freebsd-ipfw@FreeBSD.ORG Thu Oct 16 04:53:27 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D9EB316A4B3 for ; Thu, 16 Oct 2003 04:53:27 -0700 (PDT) Received: from mta7.adelphia.net (mta7.adelphia.net [68.168.78.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id EDF9D43FBD for ; Thu, 16 Oct 2003 04:53:26 -0700 (PDT) (envelope-from tscrum@aaawebsolution.com) Received: from wolf ([68.235.82.98]) by mta7.adelphia.net (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with ESMTP id <20031016115329.GOUC21600.mta7.adelphia.net@wolf> for ; Thu, 16 Oct 2003 07:53:29 -0400 From: "Thomas S. Crum" To: Date: Thu, 16 Oct 2003 07:53:26 -0400 Organization: AAA Web Solution, Inc. Message-ID: <003501c393dc$1eca79e0$6252eb44@wolf> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300 Importance: Normal Subject: patch for freebsd 5.3 release / dummynet X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Oct 2003 11:53:28 -0000 Hi all, I recently installed FreeBSD 5.3 release and rebuilt ipfw and libalias. All seems to be working, but occasionally I get errors referencing dummynet. This is very likely just my syntax as I am new to ipfw2. But, I just wanted to ask is there any patching I need to do further or shall I just need to hit the books further. :) Thx, Tom From owner-freebsd-ipfw@FreeBSD.ORG Thu Oct 16 05:05:35 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A811B16A4B3; Thu, 16 Oct 2003 05:05:35 -0700 (PDT) Received: from relay.gufi.org (civetta.gufi.org [212.110.23.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1666043FA3; Thu, 16 Oct 2003 05:05:32 -0700 (PDT) (envelope-from sysadmin@alexdupre.com) Received: from server.alexdupre.com (host245-49.pool8288.interbusiness.it [82.88.49.245]) by relay.gufi.org (Postfix) with ESMTP id 022F920F42; Thu, 16 Oct 2003 14:05:30 +0200 (CEST) Received: from thunder.alexdupre.com (thunder.alexdupre.com [192.168.0.101]) h9GC5J8O026159; Thu, 16 Oct 2003 14:05:20 +0200 (CEST) (envelope-from sysadmin@alexdupre.com) Date: Thu, 16 Oct 2003 14:05:19 +0200 From: Alex Dupre X-Mailer: The Bat! (v1.60q) Message-ID: <1941572778836.20031016140519@alexdupre.com> To: owner-freebsd-ipfw@freebsd.org, "Thomas S. Crum" In-Reply-To: <003501c393dc$1eca79e0$6252eb44@wolf> References: <003501c393dc$1eca79e0$6252eb44@wolf> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-ipfw@freebsd.org Subject: Re: patch for freebsd 5.3 release / dummynet X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Alex Dupre List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Oct 2003 12:05:35 -0000 Thursday, October 16, 2003, 1:53:26 PM, you wrote: TSC> I recently installed FreeBSD 5.3 release and rebuilt ipfw and libalias. WTF, you're already playing with the 5-STABLE !!! =) -- Alex Dupre sysadmin@alexdupre.com http://www.alexdupre.com/ alex@sm.FreeBSD.org Today's excuse: You're out of memory From owner-freebsd-ipfw@FreeBSD.ORG Thu Oct 16 05:08:18 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8C5F116A4F4 for ; Thu, 16 Oct 2003 05:08:18 -0700 (PDT) Received: from mta6.adelphia.net (mta6.adelphia.net [68.168.78.190]) by mx1.FreeBSD.org (Postfix) with ESMTP id 81ACE43FCB for ; Thu, 16 Oct 2003 05:07:44 -0700 (PDT) (envelope-from tscrum@aaawebsolution.com) Received: from wolf ([68.235.82.98]) by mta6.adelphia.net (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with ESMTP id <20031016120733.NBGM21350.mta6.adelphia.net@wolf> for ; Thu, 16 Oct 2003 08:07:33 -0400 From: "Thomas S. Crum" To: Date: Thu, 16 Oct 2003 08:07:30 -0400 Organization: AAA Web Solution, Inc. Message-ID: <003b01c393de$15e41dc0$6252eb44@wolf> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300 Importance: Normal Subject: UPDATE 4.8 release / dummynet patch X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Oct 2003 12:08:18 -0000 Sry, just woke up. Hi all, I recently installed FreeBSD 4.8 release and rebuilt ipfw and libalias. All seems to be working, but occasionally I get errors referencing dummynet. This is very likely just my syntax as I am new to ipfw2. But, I just wanted to ask is there any patching I need to do further or shall I just need to hit the books further. :) Thx, Tom From owner-freebsd-ipfw@FreeBSD.ORG Fri Oct 17 08:06:48 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E500816A4B3 for ; Fri, 17 Oct 2003 08:06:48 -0700 (PDT) Received: from queue.unet.com.mk (queue.unet.com.mk [212.13.64.51]) by mx1.FreeBSD.org (Postfix) with ESMTP id B5B7A43FDF for ; Fri, 17 Oct 2003 08:06:43 -0700 (PDT) (envelope-from aleksandar@unet.com.mk) Received: from b166-er.unet.com.mk (ppp25.unet.com.mk [212.13.64.90] (may be forged)) by queue.unet.com.mk (8.11.6/8.11.6) with SMTP id h9HDpBj18829 for ; Fri, 17 Oct 2003 15:51:11 +0200 Date: Fri, 17 Oct 2003 17:09:14 +0200 From: Aleksandar Simonovski To: freebsd-ipfw@freebsd.org Message-Id: <20031017170914.4a26555d.aleksandar@unet.com.mk> Organization: Unet X-Mailer: Sylpheed version 0.9.4-gtk2-20030802 (GTK+ 2.2.4; i686-pc-linux-gnu) X-Operating-System: Slackware 9.1 Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: freebsd+natd+ipfw+DENY P2P X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Oct 2003 15:06:49 -0000 Hi, i wanna allow SSH,SMTP,DNS,WWW,POP3 and nothing else :) on my freebsd gateway, my local net is 192.168.1.0/24 and nat is working fine the point is the deny any P2P aplications to work. So any suggestions how to do this with ipfw and check-state,established,etc.. Just some examples or any link to them or any HOWTO's because i'm already reading the docs but i'm lettle confused Thank you, Aleksandar