From owner-freebsd-pf@FreeBSD.ORG Mon Nov 8 11:03:48 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D6AA116A4CE for ; Mon, 8 Nov 2004 11:03:48 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id B62DE43D31 for ; Mon, 8 Nov 2004 11:03:48 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id iA8B3mag011942 for ; Mon, 8 Nov 2004 11:03:48 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id iA8B3mho011936 for pf@freebsd.org; Mon, 8 Nov 2004 11:03:48 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 8 Nov 2004 11:03:48 GMT Message-Id: <200411081103.iA8B3mho011936@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: pf@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Nov 2004 11:03:48 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- p [2004/10/08] kern/72444 pf PF can't properly detect interface after 1 problem total. Non-critical problems From owner-freebsd-pf@FreeBSD.ORG Mon Nov 8 14:30:46 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3A5B416A4CE for ; Mon, 8 Nov 2004 14:30:46 +0000 (GMT) Received: from pinco.pl (gw-z-futuro.pinco.pl [62.233.197.58]) by mx1.FreeBSD.org (Postfix) with SMTP id 0E46743D48 for ; Mon, 8 Nov 2004 14:30:45 +0000 (GMT) (envelope-from mocart@pinco.pl) Received: (qmail 60413 invoked by uid 1001); 8 Nov 2004 14:30:59 -0000 Date: Mon, 8 Nov 2004 15:30:59 +0100 From: =?iso-8859-2?Q?=A3ukasz?= Dudek To: freebsd-pf@freebsd.org Message-ID: <20041108143059.GA54873@dorbja.pinco.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Organization: Nigdy nie =?iso-8859-2?Q?spe=B3nione?= sny. User-Agent: Mutt/1.5.6i Subject: pf multipath nat X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Nov 2004 14:30:46 -0000 Hello, i've tried to configure multipath nat using RELENG_5 box (when it was current and now when it became stable) this are simplified rules schema i've been using nat on $ext_if1 from $int_subnet to any -> ($ext_if1) nat on $ext_if2 from $int_subnet to any -> ($ext_if2) # ## routing for internal subnets pass in on $int_if \ route-to { ( $ext_if1 $gateway1), ( $ext_if2 $gateway2 ) } round-robin \ from $int_subnet to any keep state ## need the next rules to properly pass traffic to/from the external IPs pass out on $ext_if2 route-to ($ext_if1 $gateway1) from $ext_if1 to any pass out on $ext_if1 route-to ($ext_if2 $gateway2) from $ext_if2 to any every time i've loaded this rules machine hangs hard in 30 to 300 seconds leaving nothing on special information on console or in logs i've been manipulating debug.mpsafenet without any change i've compiled in remote console via serial cable support i've also compiled in required debugging options. and it shows nothing but i've been able to send break. and probably manualy send doadump (i didnt try) then i've setup an openbsd 3.5 generic install on another disk and just copied my pf.conf to started the machine and everything was working fine for few hours. so i'm curios what should i look for to make it working on freebsd, or meaby something is wrong whith my configuration or freebsd. Regards, Lukasz Dudek From owner-freebsd-pf@FreeBSD.ORG Mon Nov 8 15:21:42 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 99B9916A4CE for ; Mon, 8 Nov 2004 15:21:42 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.185]) by mx1.FreeBSD.org (Postfix) with ESMTP id E138143D39 for ; Mon, 8 Nov 2004 15:21:41 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.179] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1CRBKu-0000QZ-00; Mon, 08 Nov 2004 16:21:40 +0100 Received: from [217.227.150.133] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1CRBKt-0005wh-00; Mon, 08 Nov 2004 16:21:39 +0100 From: Max Laier To: freebsd-pf@freebsd.org Date: Mon, 8 Nov 2004 16:21:39 +0100 User-Agent: KMail/1.7 References: <20041108143059.GA54873@dorbja.pinco.pl> In-Reply-To: <20041108143059.GA54873@dorbja.pinco.pl> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2090757.JIVDIWOjU2"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200411081621.46313.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 Subject: Re: pf multipath nat X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Nov 2004 15:21:42 -0000 --nextPart2090757.JIVDIWOjU2 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 08 November 2004 15:30, =A3ukasz Dudek wrote: > i've tried to configure multipath nat using RELENG_5 box > (when it was current and now when it became stable) > > this are simplified rules schema i've been using Please send the *complete* ruleset you are useing. > nat on $ext_if1 from $int_subnet to any -> ($ext_if1) > nat on $ext_if2 from $int_subnet to any -> ($ext_if2) > > # > ## routing for internal subnets > > pass in on $int_if \ > route-to { ( $ext_if1 $gateway1), ( $ext_if2 $gateway2 ) } > round-robin \ from $int_subnet to any keep state > > > ## need the next rules to properly pass traffic to/from the external IPs > > pass out on $ext_if2 route-to ($ext_if1 $gateway1) from $ext_if1 to any > pass out on $ext_if1 route-to ($ext_if2 $gateway2) from $ext_if2 to any > > every time i've loaded this rules machine hangs hard in 30 to 300 > seconds leaving nothing on special information on console or in logs > > i've been manipulating debug.mpsafenet without any change Are you *sure* that you had debug.mpsafenet=3D0 in the end? You know that i= t is=20 only changeable during the loader and *not* in the live system? > i've compiled in remote console via serial cable support > i've also compiled in required debugging options. > > and it shows nothing but i've been able to send break. > and probably manualy send doadump (i didnt try) > > then i've setup an openbsd 3.5 generic install on another disk > and just copied my pf.conf to started the machine and everything > was working fine for few hours. > > so i'm curios what should i look for to make it working on freebsd, or > meaby something is wrong whith my configuration or freebsd. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2090757.JIVDIWOjU2 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBj48KXyyEoT62BG0RAoSXAJ9omDbeATe1LuVzX5ksND5UaZ/SxQCfb6yr cdbnzROSDdH91bECq70FEw4= =tZlC -----END PGP SIGNATURE----- --nextPart2090757.JIVDIWOjU2-- From owner-freebsd-pf@FreeBSD.ORG Tue Nov 9 13:13:21 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E488016A4CE for ; Tue, 9 Nov 2004 13:13:21 +0000 (GMT) Received: from pinco.pl (gw-z-futuro.pinco.pl [62.233.197.58]) by mx1.FreeBSD.org (Postfix) with SMTP id EE85443D45 for ; Tue, 9 Nov 2004 13:13:18 +0000 (GMT) (envelope-from mocart@pinco.pl) Received: (qmail 41805 invoked by uid 1001); 9 Nov 2004 13:13:34 -0000 Date: Tue, 9 Nov 2004 14:13:34 +0100 From: =?iso-8859-2?Q?=A3ukasz?= Dudek To: Max Laier Message-ID: <20041109131334.GA63180@dorbja.pinco.pl> References: <20041108143059.GA54873@dorbja.pinco.pl> <200411081621.46313.max@love2party.net> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <200411081621.46313.max@love2party.net> Organization: Nigdy nie =?iso-8859-2?Q?spe=B3nione?= sny. User-Agent: Mutt/1.5.6i cc: freebsd-pf@freebsd.org Subject: Re: pf multipath nat X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Nov 2004 13:13:22 -0000 Dnia Pon, Lis 08, 2004 o godzinie 04:21:39 +0100, Max Laier napisa³(a): > On Monday 08 November 2004 15:30, £ukasz Dudek wrote: > > i've tried to configure multipath nat using RELENG_5 box > > (when it was current and now when it became stable) > > > > this are simplified rules schema i've been using # Macros: define common values, so they can be referenced and changed easily. ext_if="fxp0" ext_if2="fxp2" int_if="fxp1" # replace with actual internal interface name i.e., dc1 internal_net="192.168.0.1/23" external_addr="10.53.28.234" gateway="10.53.28.233" gateway2="10.10.8.1" scrub in all nat on $ext_if from $internal_net to any -> ($ext_if) nat on $ext_if2 from $internal_net to any -> ($ext_if2) rdr on $ext_if proto { tcp, udp } from any to $external_addr/32 port 1100 -> 192.168.0.2 port 1100 rdr on $ext_if proto { tcp, udp } from any to $external_addr/32 port 1101 -> 192.168.0.2 port 1101 rdr on $ext_if proto { tcp, udp } from any to $external_addr/32 port 4664 -> 192.168.0.2 port 4664 rdr on $ext_if proto { tcp, udp } from any to $external_addr/32 port 4666 -> 192.168.0.4 port 4666 rdr on $ext_if proto { tcp, udp } from any to $external_addr/32 port 4670 -> 192.168.1.4 port 4670 rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port 8021 no rdr on { lo0, lo1 } from any to any pass in all pass out all block in all pass in on $ext_if inet proto tcp from any to $ext_if user proxy keep state pass in on $ext_if2 inet proto tcp from any to $ext_if2 user proxy keep state pass in on $ext_if proto tcp from any to $ext_if port 22 keep state pass in on $ext_if proto tcp from any to $ext_if port 25 keep state pass in on $ext_if proto tcp from any to $ext_if port 80 keep state pass in on $ext_if proto tcp from any to $ext_if port 110 keep state pass in on $ext_if proto tcp from any to $ext_if port 443 keep state pass in on $ext_if proto tcp from any to $ext_if port 465 keep state pass in on $ext_if proto tcp from any to $ext_if port 995 keep state pass in on $ext_if proto udp from any to $ext_if port 53 keep state pass out on $ext_if proto { tcp, udp, icmp } all keep state pass out on $ext_if2 proto { tcp, udp, icmp } all keep state pass in quick on $int_if proto udp from $internal_net to 192.168.0.1 port 53 keep state pass in on $int_if proto { tcp, udp, icmp } all keep state pass out on $int_if proto { tcp, udp, icmp } all keep state pass in on lo0 proto { tcp, udp, icmp } all keep state pass out on lo0 proto { tcp, udp, icmp } all keep state pass in on $int_if \ route-to { ( $ext_if $gateway), ( $ext_if2 $gateway2 ) } round-robin \ from $internal_net to any keep state pass out on $ext_if2 route-to ($ext_if $gateway) from $ext_if to any pass out on $ext_if route-to ($ext_if2 $gateway2) from $ext_if2 to any > > > Are you *sure* that you had debug.mpsafenet=0 in the end? You know that it is > only changeable during the loader and *not* in the live system? > yes i'm sure /boot/loader.conf is a place where i keep such tunables. Regards, Lukasz Dudek From owner-freebsd-pf@FreeBSD.ORG Thu Nov 11 12:43:15 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 08FA516A4CE for ; Thu, 11 Nov 2004 12:43:15 +0000 (GMT) Received: from moof.catpipe.net (moof.catpipe.net [195.249.214.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 941B043D45 for ; Thu, 11 Nov 2004 12:43:14 +0000 (GMT) (envelope-from sv@moof.catpipe.net) Received: from localhost (localhost [127.0.0.1]) by localhost.catpipe.net (Postfix) with ESMTP id 4F92170657 for ; Thu, 11 Nov 2004 13:43:12 +0100 (CET) Received: from moof.catpipe.net ([127.0.0.1]) by localhost (moof.catpipe.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 62013-03 for ; Thu, 11 Nov 2004 13:43:11 +0100 (CET) Received: by moof.catpipe.net (Postfix, from userid 1024) id A46EC70656; Thu, 11 Nov 2004 13:43:11 +0100 (CET) Date: Thu, 11 Nov 2004 13:43:11 +0100 From: =?iso-8859-1?Q?S=F8ren?= Vrist To: freebsd-pf@freebsd.org Message-ID: <20041111124311.GR20446@moof.catpipe.net> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-Operating-System: FreeBSD 4.8-STABLE i386 Organization: catpipe Systems ApS User-Agent: Mutt/1.5.6i X-Virus-Scanned: by amavisd-new at catpipe.net Subject: carp and internal dependencies on a router X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Nov 2004 12:43:15 -0000 Ive been toying with carp for a customer and found out that if fx. a port in the switch goes wild, and the redundant router boxs current master loses one of the interfaces, its only one of the carp interfaces that switch over. On a router that means that still no traffic comes thorugh. Ive hacked a perl script for looking at ifconfig and doing som choices based on carp-interfaces-parent status and carpinterfaces status, in a way so a box is either all-master or all-slave if at anyway is possible. (With prempt and advskew). Im i all wrong here, is ther a way to do these dependencies a better way. Freevrrp does it with a config option called dependson or something like that. -- mvh. Søren Vrist From owner-freebsd-pf@FreeBSD.ORG Thu Nov 11 19:47:17 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 86AF516A4CE for ; Thu, 11 Nov 2004 19:47:17 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.173]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B9A943D1D for ; Thu, 11 Nov 2004 19:47:17 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.209] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1CSKua-0004hv-00; Thu, 11 Nov 2004 20:47:16 +0100 Received: from [217.227.159.25] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1CSKuZ-0002fZ-00; Thu, 11 Nov 2004 20:47:16 +0100 From: Max Laier To: freebsd-pf@freebsd.org Date: Thu, 11 Nov 2004 20:47:21 +0100 User-Agent: KMail/1.7.1 References: <20041111124311.GR20446@moof.catpipe.net> In-Reply-To: <20041111124311.GR20446@moof.catpipe.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2297524.c7IZZW7Ig7"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200411112047.28310.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 Subject: Re: carp and internal dependencies on a router X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Nov 2004 19:47:17 -0000 --nextPart2297524.c7IZZW7Ig7 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 11 November 2004 13:43, S=F8ren Vrist wrote: > Ive been toying with carp for a customer and found out that if fx. a > port in the switch goes wild, and the redundant router boxs current > master loses one of the interfaces, its only one of the carp interfaces > that switch over. On a router that means that still no traffic comes > thorugh. > Ive hacked a perl script for looking at ifconfig and doing som choices > based on carp-interfaces-parent status and carpinterfaces status, in a > way so a box is either all-master or all-slave if at anyway is possible. > (With prempt and advskew). > Im i all wrong here, is ther a way to do these dependencies a better > way. > Freevrrp does it with a config option called dependson or something like > that. OpenBSD has a daemon called ifstated(8) - unfortunately they haven't synced= =20 their online manpages lately: > DESCRIPTION > The ifstated daemon runs commands in response to network state chang= es, > which it determines by monitoring interface link state or running=20 > external tests. For example, it can be used with carp(4) to change= =20 > running services or to ensure that carp(4) interfaces stay in sync, = or=20 > with pf(4) to test server or link availability and modify translatio= n=20 > or routing rules. The options are as follows: =20 This is the one you probably want. I didn't come round to port it, yet. It'= s=20 certainly on my list, but first I want to get CARP itself into committable= =20 shape. So please, try your hands at it. It's even useful without CARP so=20 seeing it in ports would be nice for many people ;) =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2297524.c7IZZW7Ig7 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBk8HQXyyEoT62BG0RAlj0AJ4x2dmVIGNbxtVXq6kp04NNIfq5TwCff0xp MKSMruAExwkb/ddMqZpsiqU= =CyHT -----END PGP SIGNATURE----- --nextPart2297524.c7IZZW7Ig7-- From owner-freebsd-pf@FreeBSD.ORG Fri Nov 12 08:10:31 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E285B16A4D2 for ; Fri, 12 Nov 2004 08:10:31 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7FF3343D46 for ; Fri, 12 Nov 2004 08:10:31 +0000 (GMT) (envelope-from vladgalu@gmail.com) Received: by rproxy.gmail.com with SMTP id b11so439531rne for ; Fri, 12 Nov 2004 00:10:31 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=pbD9pUe1FxDtVSsIbAhJuePqN4m/0WXPyWsn8+TmEVyEA7pCcxrSP7X3HVZPZJwkw3phwl71v2rC2s7bJClbCXvROERR6d27Stfg2ittp3P6XB8Fnc3EfGlAUlZSI3ccCBiEnE9gBi3zTvahgMyy92DAUcf+Hm5V7M29u3po8yY= Received: by 10.38.90.29 with SMTP id n29mr647973rnb; Fri, 12 Nov 2004 00:10:30 -0800 (PST) Received: by 10.38.149.19 with HTTP; Fri, 12 Nov 2004 00:10:30 -0800 (PST) Message-ID: <79722fad041112001022c29d13@mail.gmail.com> Date: Fri, 12 Nov 2004 08:10:30 +0000 From: Vlad GALU To: freebsd-pf@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: ALTQ and if_vlan X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Vlad GALU List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Nov 2004 08:10:32 -0000 Hello. Since there wasn't any mailing list dedicated to ALTQ in particular, and Max maintains both PF and ALTQ, I came asking here. What's the status of the two things above together ? I plan to install a routing machine with an em card and I'd like to split the link to the network in vlans. Would shaping work on each vlan if I do it on the parent interface ? -- If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it. From owner-freebsd-pf@FreeBSD.ORG Fri Nov 12 13:21:07 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4E6A016A4CE for ; Fri, 12 Nov 2004 13:21:07 +0000 (GMT) Received: from web88003.mail.re2.yahoo.com (web88003.mail.re2.yahoo.com [206.190.37.190]) by mx1.FreeBSD.org (Postfix) with SMTP id BEF9843D41 for ; Fri, 12 Nov 2004 13:21:06 +0000 (GMT) (envelope-from rviau75@rogers.com) Message-ID: <20041112132106.13626.qmail@web88003.mail.re2.yahoo.com> Received: from [66.203.207.7] by web88003.mail.re2.yahoo.com via HTTP; Fri, 12 Nov 2004 08:21:06 EST Date: Fri, 12 Nov 2004 08:21:06 -0500 (EST) From: Robert Viau To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: pfctl: DIOCGIFSPEED: Invalid argument X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: rviau75@rogers.com List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Nov 2004 13:21:07 -0000 Having some trouble with altq, here is all the information that should be required: su-2.05b# uname -a FreeBSD 5.3-RELEASE FreeBSD 5.3-RELEASE #5: Thu Nov 11 16:23:28 EST 2004 :/usr/obj/usr/src/sys/BEASTKERN i386 su-2.05b# grep queue /etc/pf.conf | grep -v ^# altq priq queue { interactive, www } queue interactive priority 15 queue www priority 14 su-2.05b# pfctl -n -f /etc/pf.conf pfctl: DIOCGIFSPEED: Invalid argument su-2.05b# I can't figure out for the life of me what the problem is. I'm not using the queues at all yet (commented all that out to troubleshoot) so it doesn't look like it's due to an unsupported interface type or anything, but just in case, here are the interfaces on the box: su-2.05b# ifconfig -l ath0 bge0 bge1 em0 lo0 tun0 lo1 Any thoughts? ______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca From owner-freebsd-pf@FreeBSD.ORG Sat Nov 13 03:54:38 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F20B16A4CE for ; Sat, 13 Nov 2004 03:54:38 +0000 (GMT) Received: from ns.kt-is.co.kr (ns.kt-is.co.kr [211.218.149.125]) by mx1.FreeBSD.org (Postfix) with ESMTP id DD1A043D1D for ; Sat, 13 Nov 2004 03:54:37 +0000 (GMT) (envelope-from yongari@kt-is.co.kr) Received: from michelle.kt-is.co.kr (ns2.kt-is.co.kr [220.76.118.193]) (authenticated bits=128) by ns.kt-is.co.kr (8.12.10/8.12.10) with ESMTP id iAD3qBAh088476 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Sat, 13 Nov 2004 12:52:11 +0900 (KST) Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1]) by michelle.kt-is.co.kr (8.13.1/8.13.1) with ESMTP id iAD3sZbe003089 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 13 Nov 2004 12:54:35 +0900 (KST) (envelope-from yongari@kt-is.co.kr) Received: (from yongari@localhost) by michelle.kt-is.co.kr (8.13.1/8.13.1/Submit) id iAD3sXGm003088; Sat, 13 Nov 2004 12:54:33 +0900 (KST) (envelope-from yongari@kt-is.co.kr) Date: Sat, 13 Nov 2004 12:54:33 +0900 From: Pyun YongHyeon To: Robert Viau Message-ID: <20041113035433.GA2853@kt-is.co.kr> References: <20041112132106.13626.qmail@web88003.mail.re2.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20041112132106.13626.qmail@web88003.mail.re2.yahoo.com> User-Agent: Mutt/1.4.2.1i X-Filter-Version: 1.11a (ns.kt-is.co.kr) cc: freebsd-pf@freebsd.org Subject: Re: pfctl: DIOCGIFSPEED: Invalid argument X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: yongari@kt-is.co.kr List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Nov 2004 03:54:38 -0000 On Fri, Nov 12, 2004 at 08:21:06AM -0500, Robert Viau wrote: > Having some trouble with altq, here is all the > information that should be required: > > su-2.05b# uname -a > FreeBSD 5.3-RELEASE FreeBSD > 5.3-RELEASE #5: Thu Nov 11 16:23:28 EST 2004 > :/usr/obj/usr/src/sys/BEASTKERN i386 > > su-2.05b# grep queue /etc/pf.conf | grep -v ^# > altq priq queue { interactive, www } > queue interactive priority 15 > queue www priority 14 > > su-2.05b# pfctl -n -f /etc/pf.conf > pfctl: DIOCGIFSPEED: Invalid argument > su-2.05b# > > I can't figure out for the life of me what the problem > is. I'm not using the queues at all yet (commented > all that out to troubleshoot) so it doesn't look like > it's due to an unsupported interface type or anything, > but just in case, here are the interfaces on the box: > > su-2.05b# ifconfig -l > ath0 bge0 bge1 em0 lo0 tun0 lo1 > This may be stupid question. Did you compiled in pf or load pf module? ifconfig(8) didn't show pflog0 interface which should be listed if pf was available. > > Any thoughts? > -- Regards, Pyun YongHyeon http://www.kr.freebsd.org/~yongari | yongari@freebsd.org From owner-freebsd-pf@FreeBSD.ORG Sat Nov 13 20:59:18 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1C50D16A4CE for ; Sat, 13 Nov 2004 20:59:18 +0000 (GMT) Received: from ctb-mesg6.saix.net (ctb-mesg6.saix.net [196.25.240.78]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2995743D1F for ; Sat, 13 Nov 2004 20:59:17 +0000 (GMT) (envelope-from shane@virtek.co.za) Received: from uranus (tbnb-46-49.telkomadsl.co.za [165.165.46.49]) by ctb-mesg6.saix.net (Postfix) with SMTP id 562105E51 for ; Sat, 13 Nov 2004 22:59:14 +0200 (SAST) Message-ID: <000301c4c9c3$8e9c9a50$320a0a0a@uranus> From: "Shane James" To: Date: Sat, 13 Nov 2004 22:58:39 +0200 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Subject: FreeBSD ALTQ + PF Problem X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Nov 2004 20:59:18 -0000 Hey guys, I'm having a problem with pf + altq on FreeBSD 5.2.1 (FreeBSD uplink-rtr-jhb.virtek.co.za 5.2.1-RELEASE-p11 FreeBSD 5.2.1-RELEASE-p11 #1: Sat Nov 13 15:59:38 SAST 2004 root@uplink-rtr-jhb.virtek.co.za:/usr/src/sys.altq/i386/compile/UPLINK i386) The Traffic I assign to queue's does not get limited according to the specific limit, it only get's limited by the global bandwidth limited assign to the specific NIC. e.g. I assign traffic to a queue(argon_d) which is limited to 128Kb... but it performs at 256Kb which is what the NIC is set to. therefore not being assigned to it's designated queue. is it at all possible that this is a problem perhaps with my Network cards... if not... any suggestions? pf.conf altq on $uplink_if bandwidth 256Kb hfsc queue { dflt_u, argon_u } queue argon_u hfsc(realtime 64Kb upperlimit 64Kb) queue dflt_u hfsc(default upperlimit 128Kb) altq on $hosting_if bandwidth 256Kb hfsc queue { dflt_d, argon_d } queue argon_d hfsc(realtime 64Kb upperlimit 64Kb) queue dflt_d hfsc(default upperlimit 128Kb) #assign argon traffic pass out on $uplink_if from 196.23.168.137 to any keep state queue argon_u pass out on $hosting_if from any to 196.23.168.137 keep state queue argon_d Kind Regards, Shane James shane@phpboy.co.za