From owner-freebsd-net@FreeBSD.ORG Sun Jan 15 00:13:14 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3468F16A41F; Sun, 15 Jan 2006 00:13:14 +0000 (GMT) (envelope-from joe@tao.org.uk) Received: from mailhost.tao.org.uk (transwarp.tao.org.uk [87.74.4.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id ADDB343D45; Sun, 15 Jan 2006 00:13:13 +0000 (GMT) (envelope-from joe@tao.org.uk) Received: from genius.tao.org.uk (genius.tao.org.uk [87.74.4.41]) by mailhost.tao.org.uk (Postfix) with ESMTP id 9404E704E; Sun, 15 Jan 2006 00:13:11 +0000 (GMT) Received: by genius.tao.org.uk (Postfix, from userid 100) id 5D3BF40DC; Sun, 15 Jan 2006 00:13:10 +0000 (GMT) Date: Sun, 15 Jan 2006 00:13:10 +0000 From: Josef Karthauser To: sam@freebsd.org Message-ID: <20060115001310.GC8889@genius.tao.org.uk> References: <20060114140304.GN2839@genius.tao.org.uk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="DSayHWYpDlRfCAAQ" Content-Disposition: inline In-Reply-To: <20060114140304.GN2839@genius.tao.org.uk> User-Agent: Mutt/1.5.11 Cc: net@freebsd.org Subject: Re: Problems with ath under FreeBSD-6x X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Jan 2006 00:13:14 -0000 --DSayHWYpDlRfCAAQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jan 14, 2006 at 02:03:04PM +0000, Josef Karthauser wrote: > x# ifconfig ath0 > ath0: flags=3D8843 mtu 1500 > inet6 fe80::209:5bff:fee5:1fa4%ath0 prefixlen 64 scopeid 0x1=20 > inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 > ether 00:09:5b:e5:1f:a4 > media: IEEE 802.11 Wireless Ethernet autoselect mode 11g > status: associated > ssid tao channel 2 bssid 00:09:5b:e5:1f:a4 > authmode OPEN privacy ON deftxkey UNDEF wepkey 1:40-bit txpowmax = 30 > protmode CTS burst dtimperiod 1 bintval 100 Problem solved. Ian Dowse pointed me in the right direction. What I need under 6 that I didn't need under 5 is: ifconfig ath0 weptxkey 1 Joe --=20 Josef Karthauser (joe@tao.org.uk) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D An eclectic mix of fact an= d theory. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --DSayHWYpDlRfCAAQ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iEYEARECAAYFAkPJk5UACgkQXVIcjOaxUBb2MACg4cBoYs0juK0ODzoxsK6SwY7a +psAoL6+4SH85SX4g0qEmhM4XCZ/8KgG =8Z1p -----END PGP SIGNATURE----- --DSayHWYpDlRfCAAQ-- From owner-freebsd-net@FreeBSD.ORG Sun Jan 15 00:43:44 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0895816A423 for ; Sun, 15 Jan 2006 00:43:44 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id CCF2743D64 for ; Sun, 15 Jan 2006 00:43:38 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.13.3/8.13.3) with ESMTP id k0F0hNFU014291 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 15 Jan 2006 03:43:24 +0300 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.sick.ru (8.13.3/8.13.1/Submit) id k0F0hMlo014290; Sun, 15 Jan 2006 03:43:22 +0300 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Sun, 15 Jan 2006 03:43:22 +0300 From: Gleb Smirnoff To: Tiago Cruz Message-ID: <20060115004322.GL83922@FreeBSD.org> Mail-Followup-To: Gleb Smirnoff , Tiago Cruz , "freebsd-net@FreeBSD.org" References: <1136999785.5995.147.camel@localhost.localdomain> <20060112154527.GV57606@FreeBSD.org> <1137087349.10917.48.camel@localhost.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <1137087349.10917.48.camel@localhost.localdomain> User-Agent: Mutt/1.5.6i Cc: "freebsd-net@FreeBSD.org" Subject: Re: Help with CARP implementation X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Jan 2006 00:43:44 -0000 On Thu, Jan 12, 2006 at 03:35:49PM -0200, Tiago Cruz wrote: T> > There are examples in 'man 4 carp'. T> T> Yes, I've read all the FAQ from OpenBSD from CARP, man pages of carp and T> pfsync. But the better article about this I found here: T> T> http://www.samag.com/documents/s=9658/sam0505e/ T> T> Following this I can do my redundancy in my LAN interface, BUT: T> T> When I has downloading something, and do a reboot in MASTER firewall, T> the download is not continued. T> T> Is because I have 02 external links, one in each WAN interface? Probably yes. Are you doing NAT and each link has NAT to a different IP address? In this case you can't achieve such level of redundancy that TCP sessions will survive failure of the one link. T> What arp balance do exactly? It will be good for my? You probably don't need it. T> And... I need to use ifstated? Only if you need to do something in case of CARP changing state. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Mon Jan 16 00:44:40 2006 Return-Path: X-Original-To: net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1CA6E16A41F for ; Mon, 16 Jan 2006 00:44:40 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id C7DD043D46 for ; Mon, 16 Jan 2006 00:44:39 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id A30501A4D7C for ; Sun, 15 Jan 2006 16:44:39 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id E78E554A46; Sun, 15 Jan 2006 19:44:38 -0500 (EST) Date: Sun, 15 Jan 2006 19:44:38 -0500 From: Kris Kennaway To: net@FreeBSD.org Message-ID: <20060116004438.GA27901@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="huq684BweRXVnRxX" Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Cc: Subject: Changing time causes ipv6 panics X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2006 00:44:40 -0000 --huq684BweRXVnRxX Content-Type: text/plain; charset=us-ascii Content-Disposition: inline I ran ntpdate on an amd64 system with ipv6 enabled and a skewed clock (ntpdate stepped it back by about an hour), and immediately got a use-after-free panic in ifaddr. When I rebooted with memguard enabled on this malloc type and retried, I got this panic upon changing the date forward, then back, then forward again (also note the garbage return data from ntpdate): # date 200606011200 Thu Jun 1 12:00:00 UTC 2006 # ntpdate ntp.apple.com 16 Jan 00:40:18 ntpdate[612]: step time server 17.254.0.28 offset -~9000pm6}9426375508.195959 sec # date 200606011200 Thu Jun 1 12:00:00 UTC 2006 Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0xffffffff91bd2198 fault code = supervisor write, protection violation instruction pointer = 0x8:0xffffffff80321346 stack pointer = 0x10:0xffffffffbcfa1b60 frame pointer = 0x10:0xffffffffbcfa1b90 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 14 (swi4: clock sio) [thread pid 14 tid 100010 ] Stopped at nd6_timer+0x106: movl %eax,0x198(%rbx) db> wh Tracing pid 14 tid 100010 td 0xffffff03e15d6c30 nd6_timer() at nd6_timer+0x106 softclock() at softclock+0x279 ithread_execute_handlers() at ithread_execute_handlers+0x12f ithread_loop() at ithread_loop+0x99 fork_exit() at fork_exit+0xdf fork_trampoline() at fork_trampoline+0xe --- trap 0, rip = 0, rsp = 0xffffffffbcfa1d40, rbp = 0 --- Unfortunately I can't dump on this system, but: (kgdb) list *(nd6_timer+0x106) 0xffffffff80321346 is in nd6_timer (../../../netinet6/nd6.c:585). 580 goto addrloop; /* XXX: see below */ 581 } 582 if (IFA6_IS_DEPRECATED(ia6)) { 583 int oldflags = ia6->ia6_flags; 584 585 ia6->ia6_flags |= IN6_IFF_DEPRECATED; 586 587 /* 588 * If a temporary address has just become deprecated, 589 * regenerate a new one if possible. Kris --huq684BweRXVnRxX Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDyux2Wry0BWjoQKURAp5eAKCHAm1I8JeP7TEY4hYQ4x5Df3ilNACeIMjN 2cSnayeCI1ipsN1PYtR2RLM= =0PJL -----END PGP SIGNATURE----- --huq684BweRXVnRxX-- From owner-freebsd-net@FreeBSD.ORG Mon Jan 16 02:13:44 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BB09816A41F for ; Mon, 16 Jan 2006 02:13:44 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 43AF743D45 for ; Mon, 16 Jan 2006 02:13:44 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id k0G2DhxX022962; Sun, 15 Jan 2006 18:13:43 -0800 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id k0G2DhhS022961; Sun, 15 Jan 2006 18:13:43 -0800 Date: Sun, 15 Jan 2006 18:13:43 -0800 From: Brooks Davis To: "Bjoern A. Zeeb" Message-ID: <20060116021342.GA22516@odin.ac.hmc.edu> References: <20060113053023.GA21887@odin.ac.hmc.edu> <20060114235317.I24703@maildrop.int.zabbadoz.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="GvXjxJ+pjyke8COw" Content-Disposition: inline In-Reply-To: <20060114235317.I24703@maildrop.int.zabbadoz.net> User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu Cc: freebsd-net@freebsd.org Subject: Re: sized data in struct ifreq X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2006 02:13:44 -0000 --GvXjxJ+pjyke8COw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jan 14, 2006 at 11:53:45PM +0000, Bjoern A. Zeeb wrote: > On Thu, 12 Jan 2006, Brooks Davis wrote: > > > >Are there any objections to this change? I plan to use it to add the > >requested feature of interface descriptions. Here is a diff of possible > >changes to if.h. >=20 > I still think that interface descriptions do not belong to kernel > space. What does this have to do with my proposal? I'm simply proposing a minor extenstion so the ioctl API to make it suck slightly less. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --GvXjxJ+pjyke8COw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDywFWXY6L6fI4GtQRAjO3AJ9KNcb3b4XokYUZgPh12utFq4H36wCgqvhT Z0ztTD+Jlj9OE1HhDgVkDVI= =541v -----END PGP SIGNATURE----- --GvXjxJ+pjyke8COw-- From owner-freebsd-net@FreeBSD.ORG Mon Jan 16 09:16:34 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 216A816A41F for ; Mon, 16 Jan 2006 09:16:34 +0000 (GMT) (envelope-from thompsa@freebsd.org) Received: from dbmail-mx1.orcon.net.nz (loadbalancer1.orcon.net.nz [219.88.242.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 76FB843D7D for ; Mon, 16 Jan 2006 09:16:05 +0000 (GMT) (envelope-from thompsa@freebsd.org) Received: from heff.fud.org.nz (60-234-149-201.bitstream.orcon.net.nz [60.234.149.201]) by dbmail-mx1.orcon.net.nz (8.13.2/8.13.2/Debian-1) with ESMTP id k0G9FtAM012918 for ; Mon, 16 Jan 2006 22:15:56 +1300 Received: by heff.fud.org.nz (Postfix, from userid 1001) id 284432843B; Mon, 16 Jan 2006 22:16:05 +1300 (NZDT) Date: Mon, 16 Jan 2006 22:16:05 +1300 From: Andrew Thompson To: freebsd-net@freebsd.org Message-ID: <20060116091605.GB18530@heff.fud.org.nz> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="6c2NcOVqGQ03X4Wi" Content-Disposition: inline User-Agent: Mutt/1.5.11 X-Virus-Scanned: ClamAV version 0.88, clamav-milter version 0.87 on dbmail-mx1.orcon.net.nz X-Virus-Status: Clean Subject: autobridge patch X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2006 09:16:34 -0000 --6c2NcOVqGQ03X4Wi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi, I have a patch here that adds the ability to automatically add an interface to a bridge when its attached. This is aimed towards apps like qemu or vmware that open a tap interface and need it bridged with the network adapter, the user can set up a glob for interfaces to be automatically added (eg tap*). It may also be useful for Xen dom0 support. This patch includes a big change to how interfaces are configured in userland. Before only physical Ethernet cards were handled by devd, now _ALL_ interfaces are (vlans, pflog, pfsync, tap, tun, etc..). This has the added bonus that the pseudo interfaces can be configured after boottime in rc.conf, ifconfig_xxx="". Please test this patch, even if you dont use a bridge. Im not in a hurry to commit it. cheers, Andrew --6c2NcOVqGQ03X4Wi Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="autobridge.diff" Index: etc/devd.conf =================================================================== RCS file: /home/ncvs/src/etc/devd.conf,v retrieving revision 1.30 diff -u -p -r1.30 devd.conf --- etc/devd.conf 11 Dec 2005 00:18:28 -0000 1.30 +++ etc/devd.conf 12 Jan 2006 21:15:22 -0000 @@ -28,17 +28,19 @@ options { # override these general rules. # -# For ethernet like devices start configuring the interface. Due to -# a historical accident, this script is called pccard_ether. +# Configure the interface on attach. Due to a historical accident, this +# script is called pccard_ether. # -attach 0 { - media-type "ethernet"; - action "/etc/pccard_ether $device-name start"; +notify 0 { + match "system" "IFNET"; + match "type" "ATTACH"; + action "/etc/pccard_ether $subsystem start"; }; -detach 0 { - media-type "ethernet"; - action "/etc/pccard_ether $device-name stop"; +notify 0 { + match "system" "IFNET"; + match "type" "DETACH"; + action "/etc/pccard_ether $subsystem stop"; }; # Index: etc/defaults/rc.conf =================================================================== RCS file: /home/ncvs/src/etc/defaults/rc.conf,v retrieving revision 1.270 diff -u -p -r1.270 rc.conf --- etc/defaults/rc.conf 8 Jan 2006 10:15:30 -0000 1.270 +++ etc/defaults/rc.conf 12 Jan 2006 21:15:09 -0000 @@ -163,6 +163,9 @@ ifconfig_lo0="inet 127.0.0.1" # default #ifconfig_fxp0_name="net0" # Change interface name from fxp0 to net0. #ipv4_addrs_fxp0="192.168.0.1/24 192.168.1.1-5/28" # example IPv4 address entry. # +#autobridge_interfaces="bridge0" # List of bridges to check +#autobridge_bridge0="tap* vlan0" # Interface glob to automatically add to the bridge +# # If you have any sppp(4) interfaces above, you might also want to set # the following parameters. Refer to spppcontrol(8) for their meaning. sppp_interfaces="" # List of sppp interfaces. Index: etc/rc.d/Makefile =================================================================== RCS file: /home/ncvs/src/etc/rc.d/Makefile,v retrieving revision 1.62 diff -u -p -r1.62 Makefile --- etc/rc.d/Makefile 15 Dec 2005 01:04:48 -0000 1.62 +++ etc/rc.d/Makefile 16 Jan 2006 08:59:15 -0000 @@ -4,7 +4,7 @@ FILES= DAEMON LOGIN NETWORKING SERVERS \ abi accounting addswap adjkerntz amd \ apm apmd archdep atm1 atm2 atm3 \ - bgfsck bluetooth bootparams bsnmpd \ + bgfsck bluetooth bootparams bridge bsnmpd \ ccd cleanvar cleartmp cron \ devd devfs dhclient \ dmesg dumpon \ Index: etc/rc.d/bridge =================================================================== RCS file: etc/rc.d/bridge diff -N etc/rc.d/bridge --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ etc/rc.d/bridge 16 Jan 2006 08:53:34 -0000 @@ -0,0 +1,71 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: bridge +# REQUIRE: netif +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="bridge" +start_cmd="bridge_start" +stop_cmd="bridge_stop" +_cmd="" + +glob_int () { + case "$1" in + $2 ) true ;; + * ) false ;; + esac +} + +bridge_test () { + bridge=$1 + iface=$2 + + eval interfaces=\$autobridge_${bridge} + if [ -n "${interfaces}" ]; then + for i in ${interfaces}; do + if glob_int $iface $i ; then + ifconfig $bridge $_cmd $iface > /dev/null 2>&1 + return + fi + done + fi +} + +autobridge() +{ + if [ -n "${autobridge_interfaces}" ]; then + if [ -z "$_iflist" ]; then + # We're operating as a general network start routine. + _iflist="`list_net_interfaces`" + fi + + for br in ${autobridge_interfaces}; do + for i in $_iflist; do + bridge_test $br $i + done + done + fi +} + +bridge_start() +{ + _cmd="addm" + autobridge +} + +bridge_stop() +{ + _cmd="deletem" + autobridge +} + +_iflist=$2 + +load_rc_config $name +run_rc_command "$1" Index: etc/rc.d/netif =================================================================== RCS file: /home/ncvs/src/etc/rc.d/netif,v retrieving revision 1.18 diff -u -p -r1.18 netif --- etc/rc.d/netif 14 Nov 2005 23:34:50 -0000 1.18 +++ etc/rc.d/netif 16 Jan 2006 08:48:56 -0000 @@ -71,6 +71,9 @@ network_start() # Resync ipfilter /etc/rc.d/ipfilter resync fi + if [ -f /etc/rc.d/bridge -a -n "$_cmdifn" ] ; then + /etc/rc.d/bridge start $_cmdifn + fi } network_stop() Index: share/man/man5/rc.conf.5 =================================================================== RCS file: /home/ncvs/src/share/man/man5/rc.conf.5,v retrieving revision 1.278 diff -u -p -r1.278 rc.conf.5 --- share/man/man5/rc.conf.5 8 Jan 2006 13:20:57 -0000 1.278 +++ share/man/man5/rc.conf.5 11 Jan 2006 18:58:11 -0000 @@ -3395,6 +3395,23 @@ has been mounted. Both the .Xr md 4 device and the mount point will be changed. +.It Va autobridge_interfaces +.Pq Vt str +Set to the list of bridge interfaces that will have newly arriving interfaces +checked against to be automatically added. +If not set to +.Dq Li NO +then for each whitespace separated +.Ar element +in the value, a +.Va autobridge_ Ns Aq Ar element +variable is assumed to exist which has a whitespace separated list of interface +names to match, these names can use wildcards. +For example: +.Bd -literal +autobridge_interfaces="bridge0" +autobridge_bridge0="tap* dc0 dc[345]" +.Ed .El .Sh FILES .Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact @@ -3411,6 +3428,7 @@ device and the mount point will be chang .Xr makewhatis 1 , .Xr vi 1 , .Xr vidcontrol 1 , +.Xr bridge 4 , .Xr ip 4 , .Xr ipf 4 , .Xr ipfw 4 , Index: sys/net/if.c =================================================================== RCS file: /home/ncvs/src/sys/net/if.c,v retrieving revision 1.251 diff -u -p -r1.251 if.c --- sys/net/if.c 11 Nov 2005 16:04:48 -0000 1.251 +++ sys/net/if.c 12 Jan 2006 21:15:22 -0000 @@ -501,6 +501,7 @@ if_attach(struct ifnet *ifp) if_attachdomain1(ifp); EVENTHANDLER_INVOKE(ifnet_arrival_event, ifp); + devctl_notify("IFNET", ifp->if_xname, "ATTACH", NULL); /* Announce the interface. */ rt_ifannouncemsg(ifp, IFAN_ARRIVAL); @@ -684,6 +685,7 @@ if_detach(struct ifnet *ifp) /* Announce that the interface is gone. */ rt_ifannouncemsg(ifp, IFAN_DEPARTURE); EVENTHANDLER_INVOKE(ifnet_departure_event, ifp); + devctl_notify("IFNET", ifp->if_xname, "DETACH", NULL); IF_AFDATA_LOCK(ifp); for (dp = domains; dp; dp = dp->dom_next) { --6c2NcOVqGQ03X4Wi-- From owner-freebsd-net@FreeBSD.ORG Mon Jan 16 09:50:47 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F1FF716A41F; Mon, 16 Jan 2006 09:50:46 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from mail.yazzy.org (mail.yazzy.org [217.8.140.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id C43DB43D49; Mon, 16 Jan 2006 09:50:42 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from [84.247.144.144] (helo=marcin) by mail.yazzy.org with esmtps (TLSv1:AES256-SHA:256) (YazzY.org) id 1EyR05-0000R8-DO; Mon, 16 Jan 2006 10:50:14 +0100 Date: Mon, 16 Jan 2006 10:50:38 +0100 From: Marcin Jessa To: Andrew Thompson Message-Id: <20060116105038.79212b42.lists@yazzy.org> In-Reply-To: <20060116091605.GB18530@heff.fud.org.nz> References: <20060116091605.GB18530@heff.fud.org.nz> Organization: YazzY.org X-Mailer: Sylpheed version 2.0.4 (GTK+ 2.8.9; i386-portbld-freebsd6.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Score: -2.1 (--) Cc: freebsd-net@freebsd.org Subject: Re: autobridge patch X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2006 09:50:47 -0000 On Mon, 16 Jan 2006 22:16:05 +1300 Andrew Thompson wrote: > Hi, Hi Andrew. > I have a patch here that adds the ability to automatically add an > interface to a bridge when its attached. This is aimed towards apps > like qemu or vmware that open a tap interface and need it bridged > with the network adapter, the user can set up a glob for interfaces > to be automatically added (eg tap*). It may also be useful for Xen > dom0 support. > > This patch includes a big change to how interfaces are configured in > userland. Before only physical Ethernet cards were handled by devd, > now _ALL_ interfaces are (vlans, pflog, pfsync, tap, tun, etc..). This > has the added bonus that the pseudo interfaces can be configured after > boottime in rc.conf, ifconfig_xxx="". > > Please test this patch, even if you dont use a bridge. Im not in a > hurry to commit it. Very cool, thanks. Before trying to patch my sources.. Are the patches for CURRENT only or will they also work on 6.0 ? Marcin From owner-freebsd-net@FreeBSD.ORG Mon Jan 16 09:54:57 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA35816A420 for ; Mon, 16 Jan 2006 09:54:56 +0000 (GMT) (envelope-from thompsa@freebsd.org) Received: from dbmail-mx1.orcon.net.nz (loadbalancer1.orcon.net.nz [219.88.242.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5333343D4C for ; Mon, 16 Jan 2006 09:54:53 +0000 (GMT) (envelope-from thompsa@freebsd.org) Received: from heff.fud.org.nz (60-234-149-201.bitstream.orcon.net.nz [60.234.149.201]) by dbmail-mx1.orcon.net.nz (8.13.2/8.13.2/Debian-1) with ESMTP id k0G9sr5U005725; Mon, 16 Jan 2006 22:54:53 +1300 Received: by heff.fud.org.nz (Postfix, from userid 1001) id 7EC242843B; Mon, 16 Jan 2006 22:55:02 +1300 (NZDT) Date: Mon, 16 Jan 2006 22:55:02 +1300 From: Andrew Thompson To: Marcin Jessa Message-ID: <20060116095502.GC18530@heff.fud.org.nz> References: <20060116091605.GB18530@heff.fud.org.nz> <20060116105038.79212b42.lists@yazzy.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060116105038.79212b42.lists@yazzy.org> User-Agent: Mutt/1.5.11 X-Virus-Scanned: ClamAV version 0.88, clamav-milter version 0.87 on dbmail-mx1.orcon.net.nz X-Virus-Status: Clean Cc: freebsd-net@freebsd.org Subject: Re: autobridge patch X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2006 09:54:57 -0000 On Mon, Jan 16, 2006 at 10:50:38AM +0100, Marcin Jessa wrote: > On Mon, 16 Jan 2006 22:16:05 +1300 > > I have a patch here that adds the ability to automatically add an > > interface to a bridge when its attached. This is aimed towards apps > > like qemu or vmware that open a tap interface and need it bridged > > with the network adapter, the user can set up a glob for interfaces > > to be automatically added (eg tap*). It may also be useful for Xen > > dom0 support. > > > > This patch includes a big change to how interfaces are configured in > > userland. Before only physical Ethernet cards were handled by devd, > > now _ALL_ interfaces are (vlans, pflog, pfsync, tap, tun, etc..). This > > has the added bonus that the pseudo interfaces can be configured after > > boottime in rc.conf, ifconfig_xxx="". > > > > Please test this patch, even if you dont use a bridge. Im not in a > > hurry to commit it. > > Very cool, thanks. > Before trying to patch my sources.. > Are the patches for CURRENT only or will they also work on 6.0 ? The patch applies fine to RELENG_6, it will work. -- Andrew From owner-freebsd-net@FreeBSD.ORG Mon Jan 16 10:13:34 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AC04A16A420 for ; Mon, 16 Jan 2006 10:13:34 +0000 (GMT) (envelope-from qus2@o2.pl) Received: from rekin14.go2.pl (rekin14.go2.pl [193.17.41.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1174A43D45 for ; Mon, 16 Jan 2006 10:13:33 +0000 (GMT) (envelope-from qus2@o2.pl) Received: from poczta.o2.pl (rekin [127.0.0.1]) by rekin14.go2.pl (o2.pl Mailer 2.0.1) with ESMTP id 8258821401E for ; Mon, 16 Jan 2006 11:13:32 +0100 (CET) MIME-Version: 1.0 From: =?iso-8859-2?Q?Przemyslaw_Szczygielski?= To: freebsd-net@freebsd.org Date: Mon, 16 Jan 2006 11:13:32 +0100 Content-Type: multipart/mixed; boundary="===_=o2.plWebMail-ID163672308==_=_" X-Mailer: o2.pl WebMail v5.28 X-Originator: 160.83.64.94 Message-Id: <20060116101332.8258821401E@rekin14.go2.pl> X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: NAT over IPSECed WLAN X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2006 10:13:34 -0000 --===_=o2.plWebMail-ID163672308==_=_ Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable Well, for me the config is so complex, that I doubt anyone will waste time on going into my config files, but, well... There's always hope... It's about FreeBSD 6.0 "Gateway", which routes WLAN connected stations to the Internet through NAT. I want IPSEC between WLAN interfaces of "Gateway" and "Clients". Let's say are two machines: 1. "Gateway" is FreeBSD 6.0 and has 2 interfaces: a. fxp0 (public, connecting to the Internet) b. ndis0 (private, 10.2.0.1, serving WLAN clients) 2. "Client" is Windows XP and has 1 interface: a. some interface (private, 10.2.0.2, WLAN) =20 I have a working setup that has working NAT ("Client" sees Internet throuogh NAT on "Gateway", configured as default gateway on Windows), when IPSEC is turned off. I also have working IPSEC between these two machines (they can ping each other) but then NAT stops working (but "Gateway" still connects to the Internet, so i.e. I can putty from "Client" to "Gateway", it goes through IPESECed WLAN, and from putty use Lynx to browse. But can't browse internet on "Client". So to make it short: IPSEC working =3D no NAT. IPSEC off =3D NAT working. I have attached my config files: ipsec.conf, natd.conf, racoon.conf and rc.firewall.rules (please don't ask me why do I have ssh on 5901...) If you can tell me, what went wrong I'd be very grateful. And I will surely write a detailed HOWTO for future generations... ;-) Cheers, Przemek --===_=o2.plWebMail-ID163672308==_=_-- From owner-freebsd-net@FreeBSD.ORG Mon Jan 16 10:40:15 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2480916A420 for ; Mon, 16 Jan 2006 10:40:15 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 94F7A43D64 for ; Mon, 16 Jan 2006 10:40:09 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id 273081FFAD4; Mon, 16 Jan 2006 11:40:08 +0100 (CET) Received: by transport.cksoft.de (Postfix, from userid 66) id 087E11FFAD2; Mon, 16 Jan 2006 11:40:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id D450844487E; Mon, 16 Jan 2006 10:37:37 +0000 (UTC) Date: Mon, 16 Jan 2006 10:37:37 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: =?iso-8859-2?Q?Przemyslaw_Szczygielski?= In-Reply-To: <20060116101332.8258821401E@rekin14.go2.pl> Message-ID: <20060116103054.J24703@maildrop.int.zabbadoz.net> References: <20060116101332.8258821401E@rekin14.go2.pl> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de Cc: freebsd-net@freebsd.org Subject: Re: NAT over IPSECed WLAN X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2006 10:40:15 -0000 On Mon, 16 Jan 2006, Przemyslaw Szczygielski wrote: Hi, > Well, for me the config is so complex, that I doubt anyone will > waste time on going into my config files, but, well... There's > always hope... > > It's about FreeBSD 6.0 "Gateway", which routes WLAN connected > stations to the Internet through NAT. I want IPSEC between WLAN > interfaces of "Gateway" and "Clients". .... The only thing I can say up to now is "works here" so there is hope though the setup here is a bit more complicated (more interfaces, more ipsec, etc.. ;-). > I have attached my config files: ipsec.conf, natd.conf, racoon.conf > and rc.firewall.rules (please don't ask me why do I have ssh on 5901...) The attachments got removed for the mailing list posting. I don't know if you really want to reveal all the details to public. > If you can tell me, what went wrong I'd be very grateful. And I will > surely write a detailed HOWTO for future generations... ;-) What firewall are you using? ipfw? In case you may want to contact me offlist feel free to do so. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT From owner-freebsd-net@FreeBSD.ORG Mon Jan 16 11:02:43 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5D45416A41F for ; Mon, 16 Jan 2006 11:02:43 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5911143D55 for ; Mon, 16 Jan 2006 11:02:36 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k0GB2Zme084942 for ; Mon, 16 Jan 2006 11:02:35 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k0GB2Ywe084936 for freebsd-net@freebsd.org; Mon, 16 Jan 2006 11:02:34 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 16 Jan 2006 11:02:34 GMT Message-Id: <200601161102.k0GB2Ywe084936@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2006 11:02:43 -0000 Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/07/11] kern/54383 net [nfs] [patch] NFS root configurations wit o [2005/11/03] kern/88450 net SYN+ACK reports strange size of window 2 problems total. From owner-freebsd-net@FreeBSD.ORG Mon Jan 16 11:25:53 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E20BC16A41F; Mon, 16 Jan 2006 11:25:53 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from mail.yazzy.org (mail.yazzy.org [217.8.140.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4943D43D49; Mon, 16 Jan 2006 11:25:53 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from [84.247.144.144] (helo=lapdance.yazzy.net) by mail.yazzy.org with esmtps (TLSv1:AES256-SHA:256) (YazzY.org) id 1EySUG-0007kx-BH; Mon, 16 Jan 2006 12:25:24 +0100 Date: Mon, 16 Jan 2006 11:25:04 +0000 From: Marcin Jessa To: freebsd-net@freebsd.org Message-Id: <20060116112504.63ba886b.lists@yazzy.org> In-Reply-To: <20060116091605.GB18530@heff.fud.org.nz> References: <20060116091605.GB18530@heff.fud.org.nz> Organization: YazzY.org X-Mailer: Sylpheed version 2.0.4 (GTK+ 2.8.10; i386-portbld-freebsd6.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Score: -2.1 (--) Cc: Andrew Thompson Subject: Re: autobridge patch X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2006 11:25:54 -0000 On Mon, 16 Jan 2006 22:16:05 +1300 Andrew Thompson wrote: > Hi, > > > I have a patch here that adds the ability to automatically add an interface to a > bridge when its attached. This is aimed towards apps like qemu or vmware that > open a tap interface and need it bridged with the network adapter, the user can > set up a glob for interfaces to be automatically added (eg tap*). It may > also be useful for Xen dom0 support. > > This patch includes a big change to how interfaces are configured in > userland. Before only physical Ethernet cards were handled by devd, > now _ALL_ interfaces are (vlans, pflog, pfsync, tap, tun, etc..). This > has the added bonus that the pseudo interfaces can be configured after > boottime in rc.conf, ifconfig_xxx="". > > Please test this patch, even if you dont use a bridge. Im not in a hurry > to commit it. I just rebuild and installed my world and kernel to test the patches. Seems like things did not work as expected. The name part of ifconfig_vlan0 left me with renamed but not configured device. The IP etc of VLAN01 was not set at boot. Am I doning something wrong? cloned_interfaces="bridge0 vlan0" ifconfig_sk0="up" ifconfig_vlan0="name VLAN01 inet 10.137.99.4 vlan 1 vlandev sk0" Cheers, Marcin. From owner-freebsd-net@FreeBSD.ORG Mon Jan 16 12:16:20 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 640D516A41F for ; Mon, 16 Jan 2006 12:16:20 +0000 (GMT) (envelope-from vanhu@zeninc.net) Received: from caine.easynet.fr (smarthost167.mail.easynet.fr [212.180.1.167]) by mx1.FreeBSD.org (Postfix) with ESMTP id EC88043D45 for ; Mon, 16 Jan 2006 12:16:19 +0000 (GMT) (envelope-from vanhu@zeninc.net) Received: from easyconnect2121135-233.clients.easynet.fr ([212.11.35.233] helo=smtp.zeninc.net) by caine.easynet.fr with esmtp (Exim 4.50) id 1EyTHV-0001hQ-SJ; Mon, 16 Jan 2006 13:16:18 +0100 Received: from localhost.localdomain (spartacus.zen.inc [192.168.1.20]) by smtp.zeninc.net (smtpd) with ESMTP id E52103F17; Mon, 16 Jan 2006 13:16:09 +0100 (CET) Received: by localhost.localdomain (Postfix, from userid 1000) id D22EA8560D; Mon, 16 Jan 2006 13:16:09 +0100 (CET) Date: Mon, 16 Jan 2006 13:16:09 +0100 From: VANHULLEBUS Yvan To: Przemyslaw Szczygielski Message-ID: <20060116121609.GA2769@zeninc.net> References: <20060116101332.8258821401E@rekin14.go2.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060116101332.8258821401E@rekin14.go2.pl> User-Agent: All mail clients suck. This one just sucks less. Cc: freebsd-net@freebsd.org Subject: Re: NAT over IPSECed WLAN X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2006 12:16:20 -0000 On Mon, Jan 16, 2006 at 11:13:32AM +0100, Przemyslaw Szczygielski wrote: > Well, for me the config is so complex, that I doubt anyone will > waste time on going into my config files, but, well... There's > always hope... This is not the first time I saw such configurations requests, and that's why I suggested you to ask on a public ML, because answers will also be available to others. [....] > So to make it short: IPSEC working = no NAT. IPSEC off = NAT working. > > I have attached my config files: ipsec.conf, natd.conf, racoon.conf > and rc.firewall.rules (please don't ask me why do I have ssh on 5901...) Unfortunately, your configuration attachements were filtered. But could you send ("inline" in the mail) at least your SPD configuration ? For what you want, you should have configuration like: spdadd 0/0 out ESP/tunnel/xp-FreeBSD gate/require ("pseudo setkey" syntax, view from XP host, incoming entry also required, which is reverse). The important points are "ESP" "tunnel" and "0/0" as remote traffic endpoint. On BSD side, you can have reversed spd entries, or use racoon's generate-policy feature. Is that what you have ? Another way of doing things is to use IPSec transport+L2TP, which can looks simpler from Window's side, but which I think is more complex in fact (another encapsulation level). > If you can tell me, what went wrong I'd be very grateful. And I will > surely write a detailed HOWTO for future generations... ;-) Would be welcome, perhaps on FreeBSD's docs, and at least at ipsec-tools website ! Yvan. -- NETASQ - Secure Internet Connectivity http://www.netasq.com From owner-freebsd-net@FreeBSD.ORG Mon Jan 16 12:45:40 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5241616A41F for ; Mon, 16 Jan 2006 12:45:40 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from thorn.pobox.com (thorn.pobox.com [208.210.124.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id ADBB843D48 for ; Mon, 16 Jan 2006 12:45:39 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from thorn (localhost [127.0.0.1]) by thorn.pobox.com (Postfix) with ESMTP id DEBE0D6; Mon, 16 Jan 2006 07:46:00 -0500 (EST) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by thorn.sasl.smtp.pobox.com (Postfix) with ESMTP id 955ED4D09; Mon, 16 Jan 2006 07:45:59 -0500 (EST) Received: from lists by mappit.local.linnet.org with local (Exim 4.60 (FreeBSD)) (envelope-from ) id 1EyTjr-0007Io-PR; Mon, 16 Jan 2006 12:45:36 +0000 Date: Mon, 16 Jan 2006 12:45:35 +0000 From: Brian Candler To: Przemyslaw Szczygielski Message-ID: <20060116124535.GA28026@uk.tiscali.com> References: <20060116101332.8258821401E@rekin14.go2.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060116101332.8258821401E@rekin14.go2.pl> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org Subject: Re: NAT over IPSECed WLAN X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2006 12:45:40 -0000 On Mon, Jan 16, 2006 at 11:13:32AM +0100, Przemyslaw Szczygielski wrote: > Well, for me the config is so complex, that I doubt anyone will > waste time on going into my config files, but, well... There's > always hope... A diagram helps lots. Tell me if this is correct: \|/ - - - - - - - \|/ | | 10.2.0.2 10.2.0.1 ndis0 WinXP FreeBSD 6.0 client x.x.x.x fxp0 | +---------------> Internet <==================> IPSEC tunnel mode? > I have a working setup that has working NAT ("Client" sees Internet > throuogh NAT on "Gateway", configured as default gateway on > Windows), when IPSEC is turned off. > > I also have working IPSEC between these two machines (they can ping > each other) but then NAT stops working (but "Gateway" still connects > to the Internet, so i.e. I can putty from "Client" to "Gateway", it > goes through IPESECed WLAN, and from putty use Lynx to browse. But > can't browse internet on "Client". > > So to make it short: IPSEC working = no NAT. IPSEC off = NAT working. It's possible that IPSEC isn't configured properly, since you have IPSEC only ever working between the two endpoints. How have you configured IPSEC: (a) on the Windows XP box? and (b) on the FreeBSD box? I think you should be running IPSEC tunnel mode, so I'm guessing at the Windows XP side you have something like: ipseccmd -f 0=* -t 10.2.0.1 -a PRESHARE:"foo" ipseccmd -f *=0 -t 10.2.0.2 -a PRESHARE:"foo" And at the FreeBSD side you have in /etc/ipsec.conf spdflush; spdadd 10.2.0.2/32 0.0.0.0/0 any -P in ipsec esp/tunnel/10.2.0.2-10.2.0.1/require; spdadd 0.0.0.0/0 10.2.0.2/32 any -P out ipsec esp/tunnel/10.2.0.1-10.2.0.2/require; Also, the output of 'tcpdump' on both ndis0 and fxp0, while you try to browse a website from the XP box, could be very enlightening. Regards, Brian. From owner-freebsd-net@FreeBSD.ORG Mon Jan 16 13:30:10 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 316A516A41F for ; Mon, 16 Jan 2006 13:30:10 +0000 (GMT) (envelope-from qus2@o2.pl) Received: from rekin14.go2.pl (rekin14.go2.pl [193.17.41.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id C9BF743D58 for ; Mon, 16 Jan 2006 13:30:09 +0000 (GMT) (envelope-from qus2@o2.pl) Received: from poczta.o2.pl (rekin [127.0.0.1]) by rekin14.go2.pl (o2.pl Mailer 2.0.1) with ESMTP id B3F8D214092; Mon, 16 Jan 2006 14:30:08 +0100 (CET) From: =?iso-8859-2?Q?Przemyslaw_Szczygielski?= To: =?iso-8859-2?Q?Brian_Candler?= Date: Mon, 16 Jan 2006 14:30:08 +0100 Content-Type: text/plain; charset="iso-8859-2"; Content-Transfer-Encoding: 8bit X-Mailer: o2.pl WebMail v5.28 X-Originator: 160.83.64.94 Message-Id: <20060116133008.B3F8D214092@rekin14.go2.pl> Cc: freebsd-net@freebsd.org Subject: Re: NAT over IPSECed WLAN X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2006 13:30:10 -0000 > A diagram helps lots. Tell me if this is correct: > > \|/ - - - - - - - \|/ > | | > 10.2.0.2 10.2.0.1 ndis0 > WinXP FreeBSD 6.0 > client x.x.x.x fxp0 > | > +---------------> Internet > > <==================> IPSEC tunnel mode? + NAT!!!! But plus NAT. Exactly. > How have you configured IPSEC: > (a) on the Windows XP box? and > (b) on the FreeBSD box? > > I think you should be running IPSEC tunnel mode, so I'm guessing at the > Windows XP side you have something like: > > ipseccmd -f 0=* -t 10.2.0.1 -a PRESHARE:"foo" > ipseccmd -f *=0 -t 10.2.0.2 -a PRESHARE:"foo" > XP: (configured by wizard, from MMC): "InboundIPsec" prot: ANY, src port: ANY, dst port: ANY, src IP: ANY/0, dst IP: MY/0 "OutboundIPsec" prot: ANY, src port: ANY, dst port: ANY, src IP: MY/0, dst IP: ANY/0 > And at the FreeBSD side you have in /etc/ipsec.conf > > spdflush; > spdadd 10.2.0.2/32 0.0.0.0/0 any -P in ipsec esp/tunnel/10.2.0.2-10.2.0.1/require; > spdadd 0.0.0.0/0 10.2.0.2/32 any -P out ipsec esp/tunnel/10.2.0.1-10.2.0.2/require; > BSD: flush; spdflush; spdadd 10.2.0.2/8 0.0.0.0/0 any -P in ipsec esp/tunnel/10.2.0.2-10.2.0.1/require; spdadd 0.0.0.0/0 10.2.0.2/8 any -P out ipsec esp/tunnel/10.2.0.1-10.2.0.2/require; > Also, the output of 'tcpdump' on both ndis0 and fxp0, while you try to > browse a website from the XP box, could be very enlightening. > Ermmm... on ndis0 I can only see encrypted content, but haven't tried fxp0, thought nothing interesting will be happening, as I can't browse from XP... From owner-freebsd-net@FreeBSD.ORG Mon Jan 16 14:16:24 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 83B1116A41F for ; Mon, 16 Jan 2006 14:16:24 +0000 (GMT) (envelope-from chvogt@tm.uka.de) Received: from iramx1.ira.uni-karlsruhe.de (iramx1.ira.uni-karlsruhe.de [141.3.10.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8F09143D49 for ; Mon, 16 Jan 2006 14:16:21 +0000 (GMT) (envelope-from chvogt@tm.uka.de) Received: from i72ms2.tm.uni-karlsruhe.de ([141.3.70.17] helo=smtp.ipv6.tm.uni-karlsruhe.de) by iramx1.ira.uni-karlsruhe.de with esmtps id 1EyV9Z-0006Xy-U5 for ; Mon, 16 Jan 2006 15:16:20 +0100 Received: from [IPv6:2001:638:204:6:20c:6eff:fe40:8d95] (archimedes.ipv6.tm.uni-karlsruhe.de [IPv6:2001:638:204:6:20c:6eff:fe40:8d95]) by smtp.ipv6.tm.uni-karlsruhe.de (Postfix) with ESMTP id B6E048BFA for ; Mon, 16 Jan 2006 15:16:13 +0100 (CET) Message-ID: <43CBAAAD.7090407@tm.uka.de> Date: Mon, 16 Jan 2006 15:16:13 +0100 From: Christian Vogt User-Agent: Mozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.7.12) Gecko/20050923 Thunderbird/1.0.7 Mnenhy/0.7.2.0 X-Accept-Language: de-DE, de, en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org X-Enigmail-Version: 0.90.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -6.0 (------) X-Spam-Status: No X-Spam-Report: -1.8 ALL_TRUSTED Passed through trusted hosts only via SMTP -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0000] -1.6 AWL AWL: From: address is in the auto white-list Subject: EBU/CBA Implementation X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2006 14:16:24 -0000 Everybody, here is a link to our software implementation of Early Binding Updates and Credit-Based Authorization: http://www.tm.uka.de/~chvogt/ebucba/ The implementation is a patch for the Kame- Shisa Mobile IPv6 software, version 20050822, for FreeBSD 5.4. Kind regards, - Christian -- Christian Vogt, Institute of Telematics, Universitaet Karlsruhe (TH) www.tm.uka.de/~chvogt/pubkey/ From owner-freebsd-net@FreeBSD.ORG Mon Jan 16 15:04:44 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5022816A41F for ; Mon, 16 Jan 2006 15:04:44 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from thorn.pobox.com (thorn.pobox.com [208.210.124.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id E6F7743D45 for ; Mon, 16 Jan 2006 15:04:41 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from thorn (localhost [127.0.0.1]) by thorn.pobox.com (Postfix) with ESMTP id 38F90A6; Mon, 16 Jan 2006 10:04:57 -0500 (EST) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by thorn.sasl.smtp.pobox.com (Postfix) with ESMTP id E74F44BFC; Mon, 16 Jan 2006 10:04:55 -0500 (EST) Received: from brian by mappit.local.linnet.org with local (Exim 4.60 (FreeBSD)) (envelope-from ) id 1EyVuK-0007P9-MS; Mon, 16 Jan 2006 15:04:32 +0000 Date: Mon, 16 Jan 2006 15:04:32 +0000 From: Brian Candler To: Przemyslaw Szczygielski Message-ID: <20060116150432.GA28435@uk.tiscali.com> References: <20060116133008.B3F8D214092@rekin14.go2.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060116133008.B3F8D214092@rekin14.go2.pl> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org Subject: Re: NAT over IPSECed WLAN X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2006 15:04:44 -0000 On Mon, Jan 16, 2006 at 02:30:08PM +0100, Przemyslaw Szczygielski wrote: > > ipseccmd -f 0=* -t 10.2.0.1 -a PRESHARE:"foo" > > ipseccmd -f *=0 -t 10.2.0.2 -a PRESHARE:"foo" > > > > XP: (configured by wizard, from MMC): > > "InboundIPsec" prot: ANY, src port: ANY, dst port: ANY, src IP: > ANY/0, dst IP: MY/0 > > "OutboundIPsec" prot: ANY, src port: ANY, dst port: ANY, src IP: > MY/0, dst IP: ANY/0 But if you've not given any tunnel endpoints, then you have configured *transport* mode, and that won't work for communicating with arbitary hosts on the Internet. Perhaps you've got tunnel mode (I guess you must if you have tunnel mode in your SPD), but I'd still prefer working from the command line. To get ipseccmd.exe run setup.exe from the \support\tools directory on the XP SP2 CD. Note that in XP you can give 'MY' as a policy source/destination ('0' in ipseccmd), but not as a tunnel endpoint. You must give the explicit IP address, as in the -t example above. > > And at the FreeBSD side you have in /etc/ipsec.conf > > > > spdflush; > > spdadd 10.2.0.2/32 0.0.0.0/0 any -P in ipsec > esp/tunnel/10.2.0.2-10.2.0.1/require; > > spdadd 0.0.0.0/0 10.2.0.2/32 any -P out ipsec > esp/tunnel/10.2.0.1-10.2.0.2/require; > > > > BSD: > > flush; > spdflush; > spdadd 10.2.0.2/8 0.0.0.0/0 any -P in ipsec > esp/tunnel/10.2.0.2-10.2.0.1/require; > spdadd 0.0.0.0/0 10.2.0.2/8 any -P out ipsec > esp/tunnel/10.2.0.1-10.2.0.2/require; 10.2.0.2/8 can never match any IP address, but perhap the kernel masks it silently to 10.0.0.0/8 In any case, you should list only the address which you want to protect (i.e. 10.2.0.2/32), unless there is a separate subnet sitting behind the XP laptop which needs to be protected. Otherwise, once you have a second laptop, you will have two conflicting policies, both trying to protect 10.0.0.0/8 > > Also, the output of 'tcpdump' on both ndis0 and fxp0, while you try to > > browse a website from the XP box, could be very enlightening. > > > Ermmm... on ndis0 I can only see encrypted content, but haven't > tried fxp0, thought nothing interesting will be happening, as I > can't browse from XP... Not true. Seeing what packets are sent out to the Internet, even if nothing comes back, is definitely interesting. It would show, for example, if your NAT isn't working. Even if nothing at all goes out of fxp0, that is also interesting. It shows your tunnel is not configured correctly. (Presumably you do have IP forwarding turned on, since the gateway works in the absence of IPSEC) I suggest you don't "browse" from XP: start by sending pings. Then you have a steady stream of packets, and DNS doesn't get in the way either. Regards, Brian. From owner-freebsd-net@FreeBSD.ORG Mon Jan 16 18:03:39 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 44EAA16A41F; Mon, 16 Jan 2006 18:03:39 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6B78643D66; Mon, 16 Jan 2006 18:03:34 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id k0GI3X82032248; Mon, 16 Jan 2006 10:03:33 -0800 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id k0GI3XEN032247; Mon, 16 Jan 2006 10:03:33 -0800 Date: Mon, 16 Jan 2006 10:03:33 -0800 From: Brooks Davis To: Marcin Jessa Message-ID: <20060116180333.GA30608@odin.ac.hmc.edu> References: <20060116091605.GB18530@heff.fud.org.nz> <20060116112504.63ba886b.lists@yazzy.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Kj7319i9nmIyA2yE" Content-Disposition: inline In-Reply-To: <20060116112504.63ba886b.lists@yazzy.org> User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu Cc: freebsd-net@freebsd.org, Andrew Thompson Subject: Re: autobridge patch X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2006 18:03:39 -0000 --Kj7319i9nmIyA2yE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jan 16, 2006 at 11:25:04AM +0000, Marcin Jessa wrote: > On Mon, 16 Jan 2006 22:16:05 +1300 > Andrew Thompson wrote: >=20 > > Hi, > >=20 > >=20 > > I have a patch here that adds the ability to automatically add an inter= face to a > > bridge when its attached. This is aimed towards apps like qemu or vmwar= e that > > open a tap interface and need it bridged with the network adapter, the = user can > > set up a glob for interfaces to be automatically added (eg tap*). It may > > also be useful for Xen dom0 support. > >=20 > > This patch includes a big change to how interfaces are configured in > > userland. Before only physical Ethernet cards were handled by devd, > > now _ALL_ interfaces are (vlans, pflog, pfsync, tap, tun, etc..). This > > has the added bonus that the pseudo interfaces can be configured after > > boottime in rc.conf, ifconfig_xxx=3D"". > >=20 > > Please test this patch, even if you dont use a bridge. Im not in a hurry > > to commit it. >=20 > I just rebuild and installed my world and kernel to test the patches. > Seems like things did not work as expected. > The name part of ifconfig_vlan0 left me with renamed but not configured d= evice. > The IP etc of VLAN01 was not set at boot. Am I doning something wrong? >=20 > cloned_interfaces=3D"bridge0 vlan0" > ifconfig_sk0=3D"up" > ifconfig_vlan0=3D"name VLAN01 inet 10.137.99.4 vlan 1 vlandev sk0" If you want to rename the vlan interface use: ifconfig_vlan0_name=3D"name VLAN01" ifconfig_VLAN01=3D"inet 10.137.99.4 vlan 1 vlandev sk0" not that this has anything to do with the Andrew's bridging script. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --Kj7319i9nmIyA2yE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDy9/0XY6L6fI4GtQRAsiDAKCtMMPQI/70ThA9KrX9W79q7exxigCg56cd ZclOj08h6cV4xOttsazhIKQ= =VY6/ -----END PGP SIGNATURE----- --Kj7319i9nmIyA2yE-- From owner-freebsd-net@FreeBSD.ORG Mon Jan 16 19:56:27 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A0CB16A41F for ; Mon, 16 Jan 2006 19:56:27 +0000 (GMT) (envelope-from qus2@go2.pl) Received: from poczta.o2.pl (mx.go2.pl [193.17.41.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id 82F6343D45 for ; Mon, 16 Jan 2006 19:56:25 +0000 (GMT) (envelope-from qus2@go2.pl) Received: from host35-ursus.spray.net.pl (host35-ursus.spray.net.pl [83.143.43.35]) by poczta.o2.pl (Postfix) with ESMTP id 0AC6F1378F3; Mon, 16 Jan 2006 20:56:15 +0100 (CET) Date: Mon, 16 Jan 2006 20:55:03 +0100 From: =?windows-1250?Q?Przemys=B3aw_Szczygielski?= X-Mailer: The Bat! (v3.51.10) Professional Organization: QUS X-Priority: 3 (Normal) Message-ID: <19010305057.20060116205503@go2.pl> To: "Bjoern A. Zeeb" In-Reply-To: <20060116113059.X24703@maildrop.int.zabbadoz.net> References: <20060116105944.E48AD214034@rekin14.go2.pl> <20060116110714.X24703@maildrop.int.zabbadoz.net> <20060116112511.14611214033@rekin14.go2.pl> <20060116113059.X24703@maildrop.int.zabbadoz.net> MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1250 Content-Transfer-Encoding: 8bit Cc: freebsd-net@freebsd.org Subject: Re: NAT over IPSECed WLAN X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: =?windows-1250?Q?Przemys=B3aw_Szczygielski?= List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2006 19:56:27 -0000 > And I can see you have two NAT statements with differen rule numbers > is "not so good" if you don't know what you are doing. When I removed the second one - it stopped working... -- Pozdrowienia, Przemys³aw Szczygielski From owner-freebsd-net@FreeBSD.ORG Mon Jan 16 19:56:27 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A531016A41F for ; Mon, 16 Jan 2006 19:56:27 +0000 (GMT) (envelope-from qus2@go2.pl) Received: from poczta.o2.pl (mx.go2.pl [193.17.41.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2CB5743D46 for ; Mon, 16 Jan 2006 19:56:26 +0000 (GMT) (envelope-from qus2@go2.pl) Received: from host35-ursus.spray.net.pl (host35-ursus.spray.net.pl [83.143.43.35]) by poczta.o2.pl (Postfix) with ESMTP id 730FB1378EF; Mon, 16 Jan 2006 20:56:16 +0100 (CET) Date: Mon, 16 Jan 2006 20:55:18 +0100 From: =?windows-1250?Q?Przemys=B3aw_Szczygielski?= X-Mailer: The Bat! (v3.51.10) Professional Organization: QUS X-Priority: 3 (Normal) Message-ID: <838981858.20060116205518@go2.pl> To: Brian Candler In-Reply-To: <20060116150432.GA28435@uk.tiscali.com> References: <20060116133008.B3F8D214092@rekin14.go2.pl> <20060116150432.GA28435@uk.tiscali.com> MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1250 Content-Transfer-Encoding: quoted-printable Cc: freebsd-net@freebsd.org Subject: Re: NAT over IPSECed WLAN X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: =?windows-1250?Q?Przemys=B3aw_Szczygielski?= List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2006 19:56:27 -0000 Witaj Brian, W Twoim li=9Ccie datowanym 16 stycznia 2006 (16:04:32) mo=BFna przeczyta=E6: > On Mon, Jan 16, 2006 at 02:30:08PM +0100, Przemyslaw Szczygielski wrote: >> > ipseccmd -f 0=3D* -t 10.2.0.1 -a PRESHARE:"foo" >> > ipseccmd -f *=3D0 -t 10.2.0.2 -a PRESHARE:"foo" >> >=20 >>=20 >> XP: (configured by wizard, from MMC): >>=20 >> "InboundIPsec" prot: ANY, src port: ANY, dst port: ANY, src IP: >> ANY/0, dst IP: MY/0 >>=20 >> "OutboundIPsec" prot: ANY, src port: ANY, dst port: ANY, src IP: >> MY/0, dst IP: ANY/0 > But if you've not given any tunnel endpoints, then you have configured > *transport* mode, and that won't work for communicating with arbitary hos= ts > on the Internet. > Perhaps you've got tunnel mode (I guess you must if you have tunnel mode = in > your SPD), but I'd still prefer working from the command line. To get > ipseccmd.exe run setup.exe from the \support\tools directory on the XP SP2 > CD. Well - both ways work. The one from the wizard and the one by ipseccmd. The difference is i don't know how to deactivate ipseccmd filters ;-) > Note that in XP you can give 'MY' as a policy source/destination ('0' in > ipseccmd), but not as a tunnel endpoint. You must give the explicit IP > address, as in the -t example above. >> flush; >> spdflush; >> spdadd 10.2.0.2/8 0.0.0.0/0 any -P in ipsec >> esp/tunnel/10.2.0.2-10.2.0.1/require; >> spdadd 0.0.0.0/0 10.2.0.2/8 any -P out ipsec >> esp/tunnel/10.2.0.1-10.2.0.2/require; > 10.2.0.2/8 can never match any IP address, but perhap the kernel masks it > silently to 10.0.0.0/8 Ah, my faut. That's corrected now. But didn't help. >> > Also, the output of 'tcpdump' on both ndis0 and fxp0, while you try to >> > browse a website from the XP box, could be very enlightening. >> >=20 >> Ermmm... on ndis0 I can only see encrypted content, but haven't >> tried fxp0, thought nothing interesting will be happening, as I >> can't browse from XP... > Not true. Seeing what packets are sent out to the Internet, even if nothi= ng > comes back, is definitely interesting. It would show, for example, if your > NAT isn't working. > Even if nothing at all goes out of fxp0, that is also interesting. It sho= ws > your tunnel is not configured correctly. (Presumably you do have IP > forwarding turned on, since the gateway works in the absence of IPSEC) > I suggest you don't "browse" from XP: start by sending pings. Then you ha= ve > a steady stream of packets, and DNS doesn't get in the way either. From=20XP I pinged 10.2.0.1 with IPSEC on tcpdump -i ndis0 host 10.2.0.2 on 10.2.0.1 showed encrypted packets tcpdump -i fxp0 host 10.2.0.2 on 10.2.0.1 showed nothing... From owner-freebsd-net@FreeBSD.ORG Tue Jan 17 00:40:09 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BBA4416A41F for ; Tue, 17 Jan 2006 00:40:09 +0000 (GMT) (envelope-from netbuzzme@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id 53AF443D45 for ; Tue, 17 Jan 2006 00:40:09 +0000 (GMT) (envelope-from netbuzzme@gmail.com) Received: by wproxy.gmail.com with SMTP id i28so1374412wra for ; Mon, 16 Jan 2006 16:40:08 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=m/V4IrmJT3pB/UDaHO3JtfxQu5d8ixLrCcu1BnjH20oZ6ultqRLJZi14UPU7HOKxqUr2vKgjQSEOWFhYXFwvoPYwmbEbRNCFoEelBXY98BK8bN726EpJ2L/Nhbi0Hl592K8F87qhjWxf2oYQRL1hOKBbXXx4ak3OLov3p56U0mA= Received: by 10.65.188.12 with SMTP id q12mr3457992qbp; Mon, 16 Jan 2006 16:40:08 -0800 (PST) Received: by 10.65.153.19 with HTTP; Mon, 16 Jan 2006 16:40:08 -0800 (PST) Message-ID: Date: Tue, 17 Jan 2006 06:10:08 +0530 From: Ajey Gore To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Subject: Zeroconf Implementation, what about Howl? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jan 2006 00:40:09 -0000 I was browsing through Project Ideas for volunteers and came across this http://www.freebsd.org/projects/ideas/#p-zeroconf Add zeroconf (Rendezvous/Bonjour) support to FreeBSD, And then I started looking around for more information for Technical Contact and details. This project does not list contact details for ZeroConf project. More over I looked at howl and it seeems both projects are aiming at the same target? Is that true? Can some one please let me know if this still stands true - "Add zeroconf (Rendezvous/Bonjour) support to FreeBSD" and tell me whom should I contact for more information. If this list is not the right platform to ask, Please let me know where can I obtain this information from. thanks -ajey From owner-freebsd-net@FreeBSD.ORG Tue Jan 17 02:38:20 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 55F6C16A420 for ; Tue, 17 Jan 2006 02:38:20 +0000 (GMT) (envelope-from dgilbert@daveg.ca) Received: from ox.eicat.ca (ox.eicat.ca [66.96.30.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id B87BB43D60 for ; Tue, 17 Jan 2006 02:38:17 +0000 (GMT) (envelope-from dgilbert@daveg.ca) Received: by ox.eicat.ca (Postfix, from userid 66) id 8806B11EB7; Mon, 16 Jan 2006 21:38:16 -0500 (EST) Received: by canoe.dclg.ca (Postfix, from userid 101) id CEBD34AC28; Mon, 16 Jan 2006 21:38:15 -0500 (EST) From: David Gilbert MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <17356.22679.292355.134613@canoe.dclg.ca> Date: Mon, 16 Jan 2006 21:38:15 -0500 To: freebsd-net@freebsd.org X-Mailer: VM 7.17 under 21.4 (patch 18) "Social Property" XEmacs Lucid Subject: New atheros chipset? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jan 2006 02:38:20 -0000 I'm looking at an auction on eBay selling an Atheros AR5006XR chipset mini-pci card. It aparently features the AR5414 ... Is there an expectation that the ath driver will work with this card? Dave. -- ============================================================================ |David Gilbert, Independent Contractor. | Two things can be | |Mail: dave@daveg.ca | equal if and only if they | |http://daveg.ca | are precisely opposite. | =========================================================GLO================ From owner-freebsd-net@FreeBSD.ORG Tue Jan 17 08:10:42 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5657B16A41F; Tue, 17 Jan 2006 08:10:42 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from mail.yazzy.org (mail.yazzy.org [217.8.140.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id DD49A43D4C; Tue, 17 Jan 2006 08:10:41 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from [84.247.144.144] (helo=marcin) by mail.yazzy.org with esmtps (TLSv1:AES256-SHA:256) (YazzY.org) id 1Eylus-0002rT-TG; Tue, 17 Jan 2006 09:10:11 +0100 Date: Tue, 17 Jan 2006 09:10:38 +0100 From: Marcin Jessa To: Brooks Davis Message-Id: <20060117091038.2a2027e0.lists@yazzy.org> In-Reply-To: <20060116180333.GA30608@odin.ac.hmc.edu> References: <20060116091605.GB18530@heff.fud.org.nz> <20060116112504.63ba886b.lists@yazzy.org> <20060116180333.GA30608@odin.ac.hmc.edu> Organization: YazzY.org X-Mailer: Sylpheed version 2.0.4 (GTK+ 2.8.9; i386-portbld-freebsd6.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Score: -2.1 (--) Cc: freebsd-net@freebsd.org, thompsa@freebsd.org Subject: Re: autobridge patch X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jan 2006 08:10:42 -0000 On Mon, 16 Jan 2006 10:03:33 -0800 Brooks Davis wrote: > On Mon, Jan 16, 2006 at 11:25:04AM +0000, Marcin Jessa wrote: > > On Mon, 16 Jan 2006 22:16:05 +1300 > > Andrew Thompson wrote: > > > > > Hi, > > > > > > > > > I have a patch here that adds the ability to automatically add an > > > interface to a bridge when its attached. This is aimed towards > > > apps like qemu or vmware that open a tap interface and need it > > > bridged with the network adapter, the user can set up a glob for > > > interfaces to be automatically added (eg tap*). It may also be > > > useful for Xen dom0 support. > > > > > > This patch includes a big change to how interfaces are configured > > > in userland. Before only physical Ethernet cards were handled by > > > devd, now _ALL_ interfaces are (vlans, pflog, pfsync, tap, tun, > > > etc..). This has the added bonus that the pseudo interfaces can > > > be configured after boottime in rc.conf, ifconfig_xxx="". > > > > > > Please test this patch, even if you dont use a bridge. Im not in > > > a hurry to commit it. > > > > I just rebuild and installed my world and kernel to test the > > patches. Seems like things did not work as expected. > > The name part of ifconfig_vlan0 left me with renamed but not > > configured device. The IP etc of VLAN01 was not set at boot. Am I > > doning something wrong? > > > > cloned_interfaces="bridge0 vlan0" > > ifconfig_sk0="up" > > ifconfig_vlan0="name VLAN01 inet 10.137.99.4 vlan 1 vlandev sk0" > > If you want to rename the vlan interface use: > > ifconfig_vlan0_name="name VLAN01" > ifconfig_VLAN01="inet 10.137.99.4 vlan 1 vlandev sk0" > > not that this has anything to do with the Andrew's bridging script. Would be great if Andrew also wrote an example of how the patchset works. I read the patches now and it seems it works for bridge interfaces only adding ability to automatically add new interfaces to the bridge with the new "autobridge_*" options. The original post confused me making me think the patches made it possible to use a feature I was looking for and that I did know existed - operate on pseudo interfaces the same way one does with the normal ones. Your last comment in the "Automatic VLANS" thread on the same mailinglist made me assume I could not rename pseudo devices at boot with the rc.conf script, which I can see now was fully possible. Thanks, Marcin. From owner-freebsd-net@FreeBSD.ORG Tue Jan 17 08:23:45 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 92B2216A41F for ; Tue, 17 Jan 2006 08:23:45 +0000 (GMT) (envelope-from thompsa@freebsd.org) Received: from dbmail-mx4.orcon.co.nz (loadbalancer1.orcon.net.nz [219.88.242.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id D9BC343D45 for ; Tue, 17 Jan 2006 08:23:44 +0000 (GMT) (envelope-from thompsa@freebsd.org) Received: from heff.fud.org.nz (60-234-149-201.bitstream.orcon.net.nz [60.234.149.201]) by dbmail-mx4.orcon.co.nz (8.13.5/8.13.5/Debian-3) with ESMTP id k0H8NdAG003564; Tue, 17 Jan 2006 21:23:39 +1300 Received: by heff.fud.org.nz (Postfix, from userid 1001) id 18D972843B; Tue, 17 Jan 2006 21:23:50 +1300 (NZDT) Date: Tue, 17 Jan 2006 21:23:49 +1300 From: Andrew Thompson To: Marcin Jessa Message-ID: <20060117082349.GC25291@heff.fud.org.nz> References: <20060116091605.GB18530@heff.fud.org.nz> <20060116112504.63ba886b.lists@yazzy.org> <20060116180333.GA30608@odin.ac.hmc.edu> <20060117091038.2a2027e0.lists@yazzy.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060117091038.2a2027e0.lists@yazzy.org> User-Agent: Mutt/1.5.11 X-Virus-Scanned: ClamAV 0.88/1243/Mon Jan 16 07:35:18 2006 on dbmail-mx4.orcon.co.nz X-Virus-Status: Clean Cc: freebsd-net@freebsd.org Subject: Re: autobridge patch X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jan 2006 08:23:45 -0000 On Tue, Jan 17, 2006 at 09:10:38AM +0100, Marcin Jessa wrote: > Brooks Davis wrote: > > > Andrew Thompson wrote: > > > > > > > > I have a patch here that adds the ability to automatically add an > > > > interface to a bridge when its attached. This is aimed towards > > > > > > I just rebuild and installed my world and kernel to test the > > > patches. Seems like things did not work as expected. > > If you want to rename the vlan interface use: > > ... > > Would be great if Andrew also wrote an example of how the patchset > works. I read the patches now and it seems it works for bridge > interfaces only adding ability to automatically add new interfaces to > the bridge with the new "autobridge_*" options. Yes, the patch is purely to add the autobridge feature. Its controlled from rc.conf and a typical setup would be: # create the bridge and add the wired interface cloned_interfaces="bridge0" ifconfig_bridge0="up addm fxp0" # set it so that tap interfaces get added too autobridge_interfaces="bridge0" autobridge_bridge0="tap*" > The original post confused me making me think the patches made it > possible to use a feature I was looking for and that I did know existed > - operate on pseudo interfaces the same way one does with the normal > ones. > Your last comment in the "Automatic VLANS" thread on the same > mailinglist made me assume I could not rename pseudo devices at boot > with the rc.conf script, which I can see now was fully possible. Well it does that too while not the intention of the patch. Think of it as a bonus. Andrew From owner-freebsd-net@FreeBSD.ORG Tue Jan 17 08:32:06 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F1B1816A41F; Tue, 17 Jan 2006 08:32:06 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from mail.yazzy.org (mail.yazzy.org [217.8.140.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8412843D45; Tue, 17 Jan 2006 08:32:06 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from [84.247.144.144] (helo=marcin) by mail.yazzy.org with esmtps (TLSv1:AES256-SHA:256) (YazzY.org) id 1EymFc-0000id-BE; Tue, 17 Jan 2006 09:31:37 +0100 Date: Tue, 17 Jan 2006 09:32:03 +0100 From: Marcin Jessa To: Brooks Davis Message-Id: <20060117093203.1fb41851.lists@yazzy.org> In-Reply-To: <20060116180333.GA30608@odin.ac.hmc.edu> References: <20060116091605.GB18530@heff.fud.org.nz> <20060116112504.63ba886b.lists@yazzy.org> <20060116180333.GA30608@odin.ac.hmc.edu> Organization: YazzY.org X-Mailer: Sylpheed version 2.0.4 (GTK+ 2.8.9; i386-portbld-freebsd6.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Score: -2.2 (--) Cc: freebsd-net@freebsd.org, thompsa@freebsd.org Subject: Re: autobridge patch X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jan 2006 08:32:07 -0000 On Mon, 16 Jan 2006 10:03:33 -0800 Brooks Davis wrote: > On Mon, Jan 16, 2006 at 11:25:04AM +0000, Marcin Jessa wrote: > > On Mon, 16 Jan 2006 22:16:05 +1300 > > Andrew Thompson wrote: > > > > > Hi, > > > > > > > > > I have a patch here that adds the ability to automatically add an > > > interface to a bridge when its attached. This is aimed towards > > > apps like qemu or vmware that open a tap interface and need it > > > bridged with the network adapter, the user can set up a glob for > > > interfaces to be automatically added (eg tap*). It may also be > > > useful for Xen dom0 support. > > > > > > This patch includes a big change to how interfaces are configured > > > in userland. Before only physical Ethernet cards were handled by > > > devd, now _ALL_ interfaces are (vlans, pflog, pfsync, tap, tun, > > > etc..). This has the added bonus that the pseudo interfaces can > > > be configured after boottime in rc.conf, ifconfig_xxx="". > > > > > > Please test this patch, even if you dont use a bridge. Im not in > > > a hurry to commit it. > > > > I just rebuild and installed my world and kernel to test the > > patches. Seems like things did not work as expected. > > The name part of ifconfig_vlan0 left me with renamed but not > > configured device. The IP etc of VLAN01 was not set at boot. Am I > > doning something wrong? > > > > cloned_interfaces="bridge0 vlan0" > > ifconfig_sk0="up" > > ifconfig_vlan0="name VLAN01 inet 10.137.99.4 vlan 1 vlandev sk0" > > If you want to rename the vlan interface use: > > ifconfig_vlan0_name="name VLAN01" > ifconfig_VLAN01="inet 10.137.99.4 vlan 1 vlandev sk0" Actually only this will work: ifconfig_vlan0_name="VLAN01" ifconfig_VLAN01="inet 10.137.99.4 vlan 1 vlandev sk0" One thing I noticed was VLAN01 could not be called something more descriptive like VLAN-FOO since then the startup scripts went bananas leaving my console in an ifconfig loop. There was a patch from bart that he posted to net@ adding possibility to add an ASCII description to devices the same way Cisco does. Was it ever conserned as a commit candidate? Cheers, Marcin From owner-freebsd-net@FreeBSD.ORG Tue Jan 17 08:36:57 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5413516A41F; Tue, 17 Jan 2006 08:36:57 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from mail.yazzy.org (mail.yazzy.org [217.8.140.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E8C443D7B; Tue, 17 Jan 2006 08:36:47 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from [84.247.144.144] (helo=marcin) by mail.yazzy.org with esmtps (TLSv1:AES256-SHA:256) (YazzY.org) id 1EymK6-0001Vi-2T; Tue, 17 Jan 2006 09:36:18 +0100 Date: Tue, 17 Jan 2006 09:36:41 +0100 From: Marcin Jessa To: Andrew Thompson Message-Id: <20060117093641.7d297105.lists@yazzy.org> In-Reply-To: <20060117082349.GC25291@heff.fud.org.nz> References: <20060116091605.GB18530@heff.fud.org.nz> <20060116112504.63ba886b.lists@yazzy.org> <20060116180333.GA30608@odin.ac.hmc.edu> <20060117091038.2a2027e0.lists@yazzy.org> <20060117082349.GC25291@heff.fud.org.nz> Organization: YazzY.org X-Mailer: Sylpheed version 2.0.4 (GTK+ 2.8.9; i386-portbld-freebsd6.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Score: -2.2 (--) Cc: freebsd-net@freebsd.org Subject: Re: autobridge patch X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jan 2006 08:36:57 -0000 On Tue, 17 Jan 2006 21:23:49 +1300 Andrew Thompson wrote: > On Tue, Jan 17, 2006 at 09:10:38AM +0100, Marcin Jessa wrote: > > Brooks Davis wrote: > > > > Andrew Thompson wrote: > > > > > > > > > > I have a patch here that adds the ability to automatically > > > > > add an interface to a bridge when its attached. This is aimed > > > > > towards > > > > > > > > I just rebuild and installed my world and kernel to test the > > > > patches. Seems like things did not work as expected. > > > If you want to rename the vlan interface use: > > > ... > > > > Would be great if Andrew also wrote an example of how the patchset > > works. I read the patches now and it seems it works for bridge > > interfaces only adding ability to automatically add new interfaces > > to the bridge with the new "autobridge_*" options. > > Yes, the patch is purely to add the autobridge feature. Its controlled > from rc.conf and a typical setup would be: > > # create the bridge and add the wired interface > cloned_interfaces="bridge0" > ifconfig_bridge0="up addm fxp0" > > # set it so that tap interfaces get added too > autobridge_interfaces="bridge0" > autobridge_bridge0="tap*" > > > The original post confused me making me think the patches made it > > possible to use a feature I was looking for and that I did know > > existed > > - operate on pseudo interfaces the same way one does with the normal > > ones. > > Your last comment in the "Automatic VLANS" thread on the same > > mailinglist made me assume I could not rename pseudo devices at boot > > with the rc.conf script, which I can see now was fully possible. > > Well it does that too while not the intention of the patch. Think of > it as a bonus. So how the heck does this renaming thing work with your patches ? :) Could you please type down a quick example for me? Having the old scripts work I am still confused how that "bonus" part works. Cheers, Marcin From owner-freebsd-net@FreeBSD.ORG Tue Jan 17 09:45:06 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5AB5016A41F for ; Tue, 17 Jan 2006 09:45:06 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from thorn.pobox.com (thorn.pobox.com [208.210.124.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id F002343D45 for ; Tue, 17 Jan 2006 09:45:05 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from thorn (localhost [127.0.0.1]) by thorn.pobox.com (Postfix) with ESMTP id 230B8A8; Tue, 17 Jan 2006 04:45:27 -0500 (EST) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by thorn.sasl.smtp.pobox.com (Postfix) with ESMTP id DE6B93AE0; Tue, 17 Jan 2006 04:45:25 -0500 (EST) Received: from brian by mappit.local.linnet.org with local (Exim 4.60 (FreeBSD)) (envelope-from ) id 1EynOg-00089v-KP; Tue, 17 Jan 2006 09:45:02 +0000 Date: Tue, 17 Jan 2006 09:45:02 +0000 From: Brian Candler To: Przemys?aw Szczygielski Message-ID: <20060117094502.GA31333@uk.tiscali.com> References: <20060116133008.B3F8D214092@rekin14.go2.pl> <20060116150432.GA28435@uk.tiscali.com> <838981858.20060116205518@go2.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <838981858.20060116205518@go2.pl> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org Subject: Re: NAT over IPSECed WLAN X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jan 2006 09:45:06 -0000 On Mon, Jan 16, 2006 at 08:55:18PM +0100, Przemys?aw Szczygielski wrote: > Well - both ways work. The one from the wizard and the one by > ipseccmd. The difference is i don't know how to deactivate ipseccmd > filters ;-) ipseccmd -u > From XP I pinged 10.2.0.1 with IPSEC on > > tcpdump -i ndis0 host 10.2.0.2 on 10.2.0.1 showed encrypted packets ESP packets with source 10.2.0.2 and destination 10.2.0.1? Is the SPI in your SAD? # echo "dump;" | setkey -c > tcpdump -i fxp0 host 10.2.0.2 on 10.2.0.1 showed nothing... Hmm. Then I would next try turning off ipfw completely, to see if you get outgoing non-NAT packets on fxp0 with a source of 10.2.0.2 and destination of x.x.x.x If so, you've narrowed it to an ipfw problem. If you're trying to do reverse-path checking or the like, that could be it. Turning on logging for all deny rules might help locate it. If you still think its an IPSEC problem, "options IPSEC_DEBUG" might also be useful. Regards, Brian. From owner-freebsd-net@FreeBSD.ORG Tue Jan 17 17:50:11 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 329B016A465; Tue, 17 Jan 2006 17:50:11 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9DCE043DED; Tue, 17 Jan 2006 17:49:23 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id k0HHnJnF017554; Tue, 17 Jan 2006 09:49:19 -0800 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id k0HHnJxE017553; Tue, 17 Jan 2006 09:49:19 -0800 Date: Tue, 17 Jan 2006 09:49:19 -0800 From: Brooks Davis To: Marcin Jessa Message-ID: <20060117174919.GC21625@odin.ac.hmc.edu> References: <20060116091605.GB18530@heff.fud.org.nz> <20060116112504.63ba886b.lists@yazzy.org> <20060116180333.GA30608@odin.ac.hmc.edu> <20060117093203.1fb41851.lists@yazzy.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="1ccMZA6j1vT5UqiK" Content-Disposition: inline In-Reply-To: <20060117093203.1fb41851.lists@yazzy.org> User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu Cc: freebsd-net@freebsd.org, thompsa@freebsd.org Subject: Re: autobridge patch X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jan 2006 17:50:11 -0000 --1ccMZA6j1vT5UqiK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 17, 2006 at 09:32:03AM +0100, Marcin Jessa wrote: > On Mon, 16 Jan 2006 10:03:33 -0800 > Brooks Davis wrote: >=20 > > On Mon, Jan 16, 2006 at 11:25:04AM +0000, Marcin Jessa wrote: > > > On Mon, 16 Jan 2006 22:16:05 +1300 > > > Andrew Thompson wrote: > > >=20 > > > > Hi, > > > >=20 > > > >=20 > > > > I have a patch here that adds the ability to automatically add an > > > > interface to a bridge when its attached. This is aimed towards > > > > apps like qemu or vmware that open a tap interface and need it > > > > bridged with the network adapter, the user can set up a glob for > > > > interfaces to be automatically added (eg tap*). It may also be > > > > useful for Xen dom0 support. > > > >=20 > > > > This patch includes a big change to how interfaces are configured > > > > in userland. Before only physical Ethernet cards were handled by > > > > devd, now _ALL_ interfaces are (vlans, pflog, pfsync, tap, tun, > > > > etc..). This has the added bonus that the pseudo interfaces can > > > > be configured after boottime in rc.conf, ifconfig_xxx=3D"". > > > >=20 > > > > Please test this patch, even if you dont use a bridge. Im not in > > > > a hurry to commit it. > > >=20 > > > I just rebuild and installed my world and kernel to test the > > > patches. Seems like things did not work as expected. > > > The name part of ifconfig_vlan0 left me with renamed but not > > > configured device. The IP etc of VLAN01 was not set at boot. Am I > > > doning something wrong? > > >=20 > > > cloned_interfaces=3D"bridge0 vlan0" > > > ifconfig_sk0=3D"up" > > > ifconfig_vlan0=3D"name VLAN01 inet 10.137.99.4 vlan 1 vlandev sk0" > >=20 > > If you want to rename the vlan interface use: > >=20 > > ifconfig_vlan0_name=3D"name VLAN01" > > ifconfig_VLAN01=3D"inet 10.137.99.4 vlan 1 vlandev sk0" >=20 > Actually only this will work: > ifconfig_vlan0_name=3D"VLAN01" > ifconfig_VLAN01=3D"inet 10.137.99.4 vlan 1 vlandev sk0" >=20 > One thing I noticed was VLAN01 could not be called something more > descriptive like VLAN-FOO since then the startup scripts went bananas > leaving my console in an ifconfig loop. I know about that problem and plan to fix it (by collapsing the namespace so that all unsupported characters are treated as though they are _'s in the rc.conf scripts). It's not super high on my current list though so if someone else wasn't to do it, that would be great. > There was a patch from bart that he posted to > net@ adding possibility to add an ASCII description to devices the same > way Cisco does.=20 > Was it ever conserned as a commit candidate? I plan to commit a revised version at some point, but first I want to commit the ioctl changes I proposed a few days ago so we don't end up with an implicit size encoded in the ioctl interface. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --1ccMZA6j1vT5UqiK Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDzS4eXY6L6fI4GtQRAolrAJ9byR3kovyexG5+ODnnml1DspoQDQCfRpzJ FeoTlRqL7me2Ibbd7yQXKk8= =eQF+ -----END PGP SIGNATURE----- --1ccMZA6j1vT5UqiK-- From owner-freebsd-net@FreeBSD.ORG Tue Jan 17 17:53:14 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 61DC816A425 for ; Tue, 17 Jan 2006 17:53:14 +0000 (GMT) (envelope-from tiagocruz@b4br.net) Received: from vader.b4br.net (vader.b4br.net [200.152.202.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id C40B543D8C for ; Tue, 17 Jan 2006 17:52:25 +0000 (GMT) (envelope-from tiagocruz@b4br.net) Received: from localhost (localhost.b4br.net [127.0.0.1]) by vader.b4br.net (Postfix) with ESMTP id E7F6018146C for ; Tue, 17 Jan 2006 15:47:13 -0200 (BRST) Received: from vader.b4br.net ([127.0.0.1]) by localhost (vader.b4br.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 38730-03 for ; Tue, 17 Jan 2006 15:47:07 -0200 (BRST) Received: from tuxkiller.matter.b4br.net (yoda.b4br.net [200.152.202.10]) by vader.b4br.net (Postfix) with ESMTP id 9E2FD18142D for ; Tue, 17 Jan 2006 15:47:07 -0200 (BRST) From: Tiago Cruz To: "freebsd-net@FreeBSD.org" Content-Type: text/plain Date: Tue, 17 Jan 2006 15:52:00 -0200 Message-Id: <1137520320.15943.92.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.0.4 Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at b4br.net Cc: Subject: MPD and client behind firewall X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jan 2006 17:53:14 -0000 Hi all! I have a FreeBSD 6.0 running MPD server 3.18_3. The MPD server works very good when I has _direct_ connected by Internet. My problem is with one _client_ (Win XP) behind NAT from iptables. I have to do some in my PF? In this case, I've tried do this (in iptables from client): # Allow forwarding from inside to out and vice versa iptables -A FORWARD -i $INTINT -s $LOCALNETWORK -j ACCEPT iptables -A FORWARD -o $INTINT -d $LOCALNETWORK -j ACCEPT # Allow pptpd connections (port 1723) iptables -t nat -A PREROUTING -i $EXTINT -p TCP --sport $PUBLICPORTS --dport 1723 -j ACCEPT iptables -t nat -A OUTPUT -o $EXTINT -p 47 -j ACCEPT iptables -A OUTPUT -o $EXTINT -p 47 -j ACCEPT iptables -A INPUT -i $EXTINT -p 47 -j ACCEPT But still don't woking. Somebody can help me? Follow the mpd.log: Jan 17 11:36:19 luke mpd: mpd: PPTP connection from 200.171.131.250:1860 Jan 17 11:36:19 luke mpd: pptp0: attached to connection with 200.171.131.250:1860 Jan 17 11:36:19 luke mpd: [pptp1] IFACE: Open event Jan 17 11:36:19 luke mpd: [pptp1] IPCP: Open event Jan 17 11:36:19 luke mpd: [pptp1] IPCP: state change Initial --> Starting Jan 17 11:36:19 luke mpd: [pptp1] IPCP: LayerStart Jan 17 11:36:19 luke mpd: [pptp1] IPCP: Open event Jan 17 11:36:19 luke mpd: [pptp1] bundle: OPEN event in state CLOSED Jan 17 11:36:19 luke mpd: [pptp1] opening link "pptp1"... Jan 17 11:36:19 luke mpd: [pptp1] link: OPEN event Jan 17 11:36:19 luke mpd: [pptp1] LCP: Open event Jan 17 11:36:19 luke mpd: [pptp1] LCP: state change Initial --> Starting Jan 17 11:36:19 luke mpd: [pptp1] LCP: LayerStart Jan 17 11:36:19 luke mpd: [pptp1] device: OPEN event in state DOWN Jan 17 11:36:19 luke mpd: [pptp1] attaching to peer's outgoing call Jan 17 11:36:19 luke mpd: [pptp1] device is now in state OPENING Jan 17 11:36:19 luke mpd: [pptp1] device: UP event in state OPENING Jan 17 11:36:19 luke mpd: [pptp1] device is now in state UP Jan 17 11:36:19 luke mpd: [pptp1] link: UP event Jan 17 11:36:19 luke mpd: [pptp1] link: origination is remote Jan 17 11:36:19 luke mpd: [pptp1] LCP: Up event Jan 17 11:36:19 luke mpd: [pptp1] LCP: state change Starting --> Req-Sent Jan 17 11:36:19 luke mpd: [pptp1] LCP: phase shift DEAD --> ESTABLISH Jan 17 11:36:19 luke mpd: [pptp1] LCP: SendConfigReq #27 Jan 17 11:36:19 luke mpd: ACFCOMP Jan 17 11:36:19 luke mpd: PROTOCOMP Jan 17 11:36:19 luke mpd: MRU 1500 Jan 17 11:36:19 luke mpd: MAGICNUM ce26e81c Jan 17 11:36:19 luke mpd: AUTHPROTO CHAP MSOFTv2 Jan 17 11:36:19 luke mpd: MP MRRU 1600 Jan 17 11:36:19 luke mpd: MP SHORTSEQ Jan 17 11:36:19 luke mpd: ENDPOINTDISC [802.1] 00 01 03 1e 4d 01 Jan 17 11:36:19 luke mpd: pptp0-0: ignoring SetLinkInfo Jan 17 11:36:21 luke mpd: [pptp1] LCP: SendConfigReq #28 Jan 17 11:36:21 luke mpd: ACFCOMP Jan 17 11:36:21 luke mpd: PROTOCOMP Jan 17 11:36:21 luke mpd: MRU 1500 Jan 17 11:36:21 luke mpd: MAGICNUM ce26e81c Jan 17 11:36:21 luke mpd: AUTHPROTO CHAP MSOFTv2 Jan 17 11:36:21 luke mpd: MP MRRU 1600 Jan 17 11:36:21 luke mpd: MP SHORTSEQ Jan 17 11:36:21 luke mpd: ENDPOINTDISC [802.1] 00 01 03 1e 4d 01 Jan 17 11:36:23 luke mpd: [pptp1] LCP: SendConfigReq #29 Jan 17 11:36:23 luke mpd: ACFCOMP Jan 17 11:36:23 luke mpd: PROTOCOMP Jan 17 11:36:23 luke mpd: MRU 1500 Jan 17 11:36:23 luke mpd: MAGICNUM ce26e81c Jan 17 11:36:23 luke mpd: AUTHPROTO CHAP MSOFTv2 Jan 17 11:36:23 luke mpd: MP MRRU 1600 Jan 17 11:36:23 luke mpd: MP SHORTSEQ Jan 17 11:36:23 luke mpd: ENDPOINTDISC [802.1] 00 01 03 1e 4d 01 Jan 17 11:36:25 luke mpd: [pptp1] LCP: SendConfigReq #30 Jan 17 11:36:25 luke mpd: ACFCOMP Jan 17 11:36:25 luke mpd: PROTOCOMP Jan 17 11:36:25 luke mpd: MRU 1500 Jan 17 11:36:25 luke mpd: MAGICNUM ce26e81c Jan 17 11:36:25 luke mpd: AUTHPROTO CHAP MSOFTv2 Jan 17 11:36:25 luke mpd: MP MRRU 1600 Jan 17 11:36:25 luke mpd: MP SHORTSEQ Jan 17 11:36:25 luke mpd: ENDPOINTDISC [802.1] 00 01 03 1e 4d 01 Jan 17 11:36:27 luke mpd: [pptp1] LCP: SendConfigReq #31 Jan 17 11:36:27 luke mpd: ACFCOMP Jan 17 11:36:27 luke mpd: PROTOCOMP Jan 17 11:36:27 luke mpd: MRU 1500 Jan 17 11:36:27 luke mpd: MAGICNUM ce26e81c Jan 17 11:36:27 luke mpd: AUTHPROTO CHAP MSOFTv2 Jan 17 11:36:27 luke mpd: MP MRRU 1600 Jan 17 11:36:27 luke mpd: MP SHORTSEQ Jan 17 11:36:27 luke mpd: ENDPOINTDISC [802.1] 00 01 03 1e 4d 01 Jan 17 11:36:29 luke mpd: [pptp1] LCP: SendConfigReq #32 Jan 17 11:36:29 luke mpd: ACFCOMP Jan 17 11:36:29 luke mpd: PROTOCOMP Jan 17 11:36:29 luke mpd: MRU 1500 Jan 17 11:36:29 luke mpd: MAGICNUM ce26e81c Jan 17 11:36:29 luke mpd: AUTHPROTO CHAP MSOFTv2 Jan 17 11:36:29 luke mpd: MP MRRU 1600 Jan 17 11:36:29 luke mpd: MP SHORTSEQ Jan 17 11:36:29 luke mpd: ENDPOINTDISC [802.1] 00 01 03 1e 4d 01 Jan 17 11:36:31 luke mpd: [pptp1] LCP: SendConfigReq #33 Jan 17 11:36:31 luke mpd: ACFCOMP Jan 17 11:36:31 luke mpd: PROTOCOMP Jan 17 11:36:31 luke mpd: MRU 1500 Jan 17 11:36:31 luke mpd: MAGICNUM ce26e81c Jan 17 11:36:31 luke mpd: AUTHPROTO CHAP MSOFTv2 Jan 17 11:36:31 luke mpd: MP MRRU 1600 Jan 17 11:36:31 luke mpd: MP SHORTSEQ Jan 17 11:36:31 luke mpd: ENDPOINTDISC [802.1] 00 01 03 1e 4d 01 Jan 17 11:36:33 luke mpd: [pptp1] LCP: SendConfigReq #34 Jan 17 11:36:33 luke mpd: ACFCOMP Jan 17 11:36:33 luke mpd: PROTOCOMP Jan 17 11:36:33 luke mpd: MRU 1500 Jan 17 11:36:33 luke mpd: MAGICNUM ce26e81c Jan 17 11:36:33 luke mpd: AUTHPROTO CHAP MSOFTv2 Jan 17 11:36:33 luke mpd: MP MRRU 1600 Jan 17 11:36:33 luke mpd: MP SHORTSEQ Jan 17 11:36:33 luke mpd: ENDPOINTDISC [802.1] 00 01 03 1e 4d 01 Jan 17 11:36:35 luke mpd: [pptp1] LCP: SendConfigReq #35 Jan 17 11:36:35 luke mpd: ACFCOMP Jan 17 11:36:35 luke mpd: PROTOCOMP Jan 17 11:36:35 luke mpd: MRU 1500 Jan 17 11:36:35 luke mpd: MAGICNUM ce26e81c Jan 17 11:36:35 luke mpd: AUTHPROTO CHAP MSOFTv2 Jan 17 11:36:35 luke mpd: MP MRRU 1600 Jan 17 11:36:35 luke mpd: MP SHORTSEQ Jan 17 11:36:35 luke mpd: ENDPOINTDISC [802.1] 00 01 03 1e 4d 01 Jan 17 11:36:37 luke mpd: [pptp1] LCP: SendConfigReq #36 Jan 17 11:36:37 luke mpd: ACFCOMP Jan 17 11:36:37 luke mpd: PROTOCOMP Jan 17 11:36:37 luke mpd: MRU 1500 Jan 17 11:36:37 luke mpd: MAGICNUM ce26e81c Jan 17 11:36:37 luke mpd: AUTHPROTO CHAP MSOFTv2 Jan 17 11:36:37 luke mpd: MP MRRU 1600 Jan 17 11:36:37 luke mpd: MP SHORTSEQ Jan 17 11:36:37 luke mpd: ENDPOINTDISC [802.1] 00 01 03 1e 4d 01 Jan 17 11:36:39 luke mpd: [pptp1] LCP: state change Req-Sent --> Stopped Jan 17 11:36:39 luke mpd: [pptp1] LCP: LayerFinish Jan 17 11:36:39 luke mpd: [pptp1] LCP: parameter negotiation failed Jan 17 11:36:39 luke mpd: [pptp1] LCP: LayerFinish Jan 17 11:36:39 luke mpd: [pptp1] device: CLOSE event in state UP Jan 17 11:36:39 luke mpd: pptp0-0: clearing call Jan 17 11:36:39 luke mpd: pptp0-0: killing channel Jan 17 11:36:39 luke mpd: [pptp1] PPTP call terminated Jan 17 11:36:39 luke mpd: [pptp1] IFACE: Close event Jan 17 11:36:39 luke mpd: [pptp1] IPCP: Close event Jan 17 11:36:39 luke mpd: [pptp1] IPCP: state change Starting --> Initial Jan 17 11:36:39 luke mpd: [pptp1] IPCP: LayerFinish Jan 17 11:36:39 luke mpd: [pptp1] IFACE: Close event Jan 17 11:36:39 luke mpd: pptp0: closing connection with 200.171.131.250:1860 Jan 17 11:36:39 luke mpd: [pptp1] IFACE: Close event Jan 17 11:36:39 luke mpd: [pptp1] device is now in state CLOSING Jan 17 11:36:39 luke mpd: [pptp1] bundle: CLOSE event in state OPENED Jan 17 11:36:39 luke mpd: [pptp1] closing link "pptp1"... Jan 17 11:36:39 luke mpd: [pptp1] device: CLOSE event in state CLOSING Jan 17 11:36:39 luke mpd: [pptp1] device is now in state CLOSING Jan 17 11:36:39 luke mpd: [pptp1] link: CLOSE event Jan 17 11:36:39 luke mpd: [pptp1] LCP: Close event Jan 17 11:36:39 luke mpd: [pptp1] LCP: state change Stopped --> Closed Jan 17 11:36:39 luke mpd: [pptp1] device: DOWN event in state CLOSING Jan 17 11:36:39 luke mpd: [pptp1] device is now in state DOWN Jan 17 11:36:39 luke mpd: [pptp1] link: DOWN event Jan 17 11:36:39 luke mpd: [pptp1] LCP: Down event Jan 17 11:36:39 luke mpd: [pptp1] LCP: state change Closed --> Initial Jan 17 11:36:39 luke mpd: [pptp1] LCP: phase shift ESTABLISH --> DEAD Jan 17 11:36:39 luke mpd: [pptp1] device: DOWN event in state DOWN Jan 17 11:36:39 luke mpd: [pptp1] device is now in state DOWN Jan 17 11:36:39 luke mpd: [pptp1] link: DOWN event Jan 17 11:36:39 luke mpd: [pptp1] LCP: Down event Jan 17 11:36:39 luke mpd: pptp0: killing connection with 200.171.131.250:1860 -- Tiago Cruz http://linuxrapido.org Linux User #282636 "The box said: Requires MS Windows or better, so I installed Linux" From owner-freebsd-net@FreeBSD.ORG Wed Jan 18 10:29:05 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7596616A41F for ; Wed, 18 Jan 2006 10:29:05 +0000 (GMT) (envelope-from lists@wm-access.no) Received: from lakepoint.domeneshop.no (lakepoint.domeneshop.no [194.63.248.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id C2B2743D58 for ; Wed, 18 Jan 2006 10:29:04 +0000 (GMT) (envelope-from lists@wm-access.no) Received: from [192.168.9.8] (gw1.arcticwireless.no [80.203.184.14]) (authenticated bits=0) by lakepoint.domeneshop.no (8.13.4/8.13.4) with ESMTP id k0IASuCX029231 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 18 Jan 2006 11:28:56 +0100 Message-ID: <43CE1866.2090507@wm-access.no> Date: Wed, 18 Jan 2006 11:28:54 +0100 From: =?ISO-8859-1?Q?Sten_Daniel_S=F8rsdal?= User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Tiago Cruz References: <1137520320.15943.92.camel@localhost.localdomain> In-Reply-To: <1137520320.15943.92.camel@localhost.localdomain> X-Enigmail-Version: 0.94.0.0 OpenPGP: id=D6F56A9B Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig52ECABBEC55E37AC7EE5CCB4" Cc: "freebsd-net@FreeBSD.org" Subject: Re: MPD and client behind firewall X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jan 2006 10:29:05 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig52ECABBEC55E37AC7EE5CCB4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Tiago Cruz wrote: > I have a FreeBSD 6.0 running MPD server 3.18_3. > The MPD server works very good when I has _direct_ connected by > Internet. >=20 > My problem is with one _client_ (Win XP) behind NAT from iptables. I > have to do some in my PF? >=20 > In this case, I've tried do this (in iptables from client): >=20 I believe it to be an IPTables and PF issue. Hints to bring along to the IPTables mailing lists: PPTP needs PPTP helper, _make sure_ the PPTP helper doesn't corrupt the PPTP ID. PF doesn't have really try to fix NAT issues by rewriting packets. There might be a PPTP proxy out there somewhere? --=20 Sten Daniel S=F8rsdal --------------enig52ECABBEC55E37AC7EE5CCB4 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFDzhhmMvOF8Nb1apsRAubcAJ4gsXF6/DuH8BsdRGhDFHXp963JQwCfXG1V LDO3W+d4879u5BW+pH8puAY= =Ci3R -----END PGP SIGNATURE----- --------------enig52ECABBEC55E37AC7EE5CCB4-- From owner-freebsd-net@FreeBSD.ORG Wed Jan 18 13:03:11 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D5BD516A41F for ; Wed, 18 Jan 2006 13:03:11 +0000 (GMT) (envelope-from tiagocruz@b4br.net) Received: from vader.b4br.net (vader.b4br.net [200.152.202.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 431D043D5C for ; Wed, 18 Jan 2006 13:03:10 +0000 (GMT) (envelope-from tiagocruz@b4br.net) Received: from localhost (localhost.b4br.net [127.0.0.1]) by vader.b4br.net (Postfix) with ESMTP id 4FB71181635; Wed, 18 Jan 2006 10:58:13 -0200 (BRST) Received: from vader.b4br.net ([127.0.0.1]) by localhost (vader.b4br.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 75021-09; Wed, 18 Jan 2006 10:58:07 -0200 (BRST) Received: from tuxkiller.matter.b4br.net (yoda.b4br.net [200.152.202.10]) by vader.b4br.net (Postfix) with ESMTP id 28C051815BD; Wed, 18 Jan 2006 10:58:07 -0200 (BRST) From: Tiago Cruz To: Sten Daniel =?ISO-8859-1?Q?S=F8rsdal?= In-Reply-To: <43CE1866.2090507@wm-access.no> References: <1137520320.15943.92.camel@localhost.localdomain> <43CE1866.2090507@wm-access.no> Content-Type: text/plain; charset=ISO-8859-1 Date: Wed, 18 Jan 2006 11:03:02 -0200 Message-Id: <1137589382.15943.146.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.0.4 Content-Transfer-Encoding: 8bit X-Virus-Scanned: amavisd-new at b4br.net Cc: "freebsd-net@FreeBSD.org" Subject: Re: MPD and client behind firewall X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jan 2006 13:03:11 -0000 Hello Sten, very thanks by your reply! On Wed, 2006-01-18 at 11:28 +0100, Sten Daniel Sørsdal wrote: > I believe it to be an IPTables and PF issue. What? Oh my god... So, what can I do in PF-side? My potential VPN users have the client configured in your notebook, and I think that they always will need to connect trough NAT (modem, routers, netfilter, pf...) and I will have always this problem? :-/ > Hints to bring along to the IPTables mailing lists: > PPTP needs PPTP helper, _make sure_ the PPTP helper doesn't corrupt the > PPTP ID. So, I think that I'll need modify my kernel/ netfilter... but this information I'll look at netfilter mailing, thank you! > PF doesn't have really try to fix NAT issues by rewriting packets. There > might be a PPTP proxy out there somewhere? Well, my server-side haven't NAT, the pptp is listen direct at internet. But, if I this pptp proxy solve my problem I'll create one :) Can you help me to do this? Very thanks! -- Tiago Cruz http://linuxrapido.org Linux User #282636 "The box said: Requires MS Windows or better, so I installed Linux" From owner-freebsd-net@FreeBSD.ORG Wed Jan 18 13:12:51 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0AD6316A41F for ; Wed, 18 Jan 2006 13:12:51 +0000 (GMT) (envelope-from dave@raven.za.net) Received: from elektra.opteqint.net (elektra.opteqint.net [209.25.178.105]) by mx1.FreeBSD.org (Postfix) with ESMTP id DDA7643D5D for ; Wed, 18 Jan 2006 13:12:49 +0000 (GMT) (envelope-from dave@raven.za.net) Received: from [165.165.205.92] (helo=LUCY) by elektra.opteqint.net with esmtpsa (TLSv1:RC4-MD5:128) (Exim 4.52 (FreeBSD)) id 1EzDD7-000PUA-Li for freebsd-net@freebsd.org; Wed, 18 Jan 2006 05:18:51 -0800 From: "Dave Raven" To: Date: Wed, 18 Jan 2006 15:12:27 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 thread-index: AcYcMNRxMI712YvxRn+tCxvLE6brlw== X-Spam-Score: -101.4 (---------------------------------------------------) X-Spam-Report: Spam detection software, running on the system "elektra.opteqint.net", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hi all, I'm having an interesting problem at the moment. I want to bridge between two cisco switches on trunk ports. Basically bridging vlans - if I bridge my two main interfaces it works fine if they are fxp, but not when I use em cards... [...] Content analysis details: (-101.4 points, 4.5 required) pts rule name description ---- ---------------------- -------------------------------------------------- -100 USER_IN_WHITELIST From: address is in the user's white-list -1.4 ALL_TRUSTED Passed through trusted hosts only via SMTP Message-Id: <20060118131249.DDA7643D5D@mx1.FreeBSD.org> Subject: em driver + VLAN's X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jan 2006 13:12:51 -0000 Hi all, I'm having an interesting problem at the moment. I want to bridge between two cisco switches on trunk ports. Basically bridging vlans - if I bridge my two main interfaces it works fine if they are fxp, but not when I use em cards... Could this be related to the driver, or BSD in some way? Thanks Dave From owner-freebsd-net@FreeBSD.ORG Wed Jan 18 14:54:37 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 35B7216A424 for ; Wed, 18 Jan 2006 14:54:37 +0000 (GMT) (envelope-from sschwerdhoefer@multamedio.de) Received: from imap.multamedio.de (imap.multamedio.de [62.52.48.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id BF69143D45 for ; Wed, 18 Jan 2006 14:54:36 +0000 (GMT) (envelope-from sschwerdhoefer@multamedio.de) Received: by imap.multamedio.de (Postfix, from userid 65534) id 5ABC62911E5; Wed, 18 Jan 2006 15:54:34 +0100 (CET) Received: from amalthea (124.net2.multamedio.de [62.52.48.124]) by imap.multamedio.de (Postfix) with ESMTP id 493272910F6; Wed, 18 Jan 2006 15:54:33 +0100 (CET) Date: Wed, 18 Jan 2006 15:49:18 +0100 From: Sebastian Schwerdhoefer To: freebsd-net@freebsd.org Message-ID: <20060118144918.GX14058@localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: mutt X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on imap.multamedio.de X-Spam-Level: X-Spam-Status: No, hits=-4.7 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.63 Subject: pf: redirect packets from localhost X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jan 2006 14:54:37 -0000 Short question: Is it possible to redirect packets from localhost with "rdr"? Regards, Sebastian Schwerdhoefer From owner-freebsd-net@FreeBSD.ORG Wed Jan 18 14:58:35 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 08E5316A41F for ; Wed, 18 Jan 2006 14:58:35 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4363743D49 for ; Wed, 18 Jan 2006 14:58:34 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.13.3/8.13.3) with ESMTP id k0IEwVjf085362 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 18 Jan 2006 17:58:32 +0300 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.sick.ru (8.13.3/8.13.1/Submit) id k0IEwVia085361; Wed, 18 Jan 2006 17:58:31 +0300 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Wed, 18 Jan 2006 17:58:30 +0300 From: Gleb Smirnoff To: Dave Raven Message-ID: <20060118145830.GS83922@FreeBSD.org> Mail-Followup-To: Gleb Smirnoff , Dave Raven , freebsd-net@freebsd.org References: <20060118131249.DDA7643D5D@mx1.FreeBSD.org> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20060118131249.DDA7643D5D@mx1.FreeBSD.org> User-Agent: Mutt/1.5.6i Cc: freebsd-net@FreeBSD.org Subject: Re: em driver + VLAN's X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jan 2006 14:58:35 -0000 On Wed, Jan 18, 2006 at 03:12:27PM +0200, Dave Raven wrote: D> Hi all, D> I'm having an interesting problem at the moment. I want to bridge D> between two cisco switches on trunk ports. Basically bridging vlans - if I D> bridge my two main interfaces it works fine if they are fxp, but not when I D> use em cards... D> D> Could this be related to the driver, or BSD in some way? This probably can. What FreeBSD version are you using? Can you please show ifconfig output and bridge configuration? -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Wed Jan 18 15:01:33 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F3A5016A41F for ; Wed, 18 Jan 2006 15:01:32 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3ED9043D49 for ; Wed, 18 Jan 2006 15:01:32 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.13.3/8.13.3) with ESMTP id k0IF1HqH085431 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 18 Jan 2006 18:01:17 +0300 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.sick.ru (8.13.3/8.13.1/Submit) id k0IF1HZD085430; Wed, 18 Jan 2006 18:01:17 +0300 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Wed, 18 Jan 2006 18:01:17 +0300 From: Gleb Smirnoff To: Tiago Cruz Message-ID: <20060118150117.GT83922@FreeBSD.org> Mail-Followup-To: Gleb Smirnoff , Tiago Cruz , "freebsd-net@FreeBSD.org" References: <1137520320.15943.92.camel@localhost.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <1137520320.15943.92.camel@localhost.localdomain> User-Agent: Mutt/1.5.6i Cc: "freebsd-net@FreeBSD.org" Subject: Re: MPD and client behind firewall X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jan 2006 15:01:33 -0000 On Tue, Jan 17, 2006 at 03:52:00PM -0200, Tiago Cruz wrote: T> I have a FreeBSD 6.0 running MPD server 3.18_3. T> The MPD server works very good when I has _direct_ connected by T> Internet. T> T> My problem is with one _client_ (Win XP) behind NAT from iptables. I T> have to do some in my PF? T> T> In this case, I've tried do this (in iptables from client): T> T> # Allow forwarding from inside to out and vice versa T> iptables -A FORWARD -i $INTINT -s $LOCALNETWORK -j ACCEPT T> iptables -A FORWARD -o $INTINT -d $LOCALNETWORK -j ACCEPT T> T> # Allow pptpd connections (port 1723) T> iptables -t nat -A PREROUTING -i $EXTINT -p TCP --sport $PUBLICPORTS T> --dport 1723 -j ACCEPT T> iptables -t nat -A OUTPUT -o $EXTINT -p 47 -j ACCEPT T> iptables -A OUTPUT -o $EXTINT -p 47 -j ACCEPT T> iptables -A INPUT -i $EXTINT -p 47 -j ACCEPT T> T> But still don't woking. Somebody can help me? Follow the mpd.log: Masquarading GRE protocol, which is used by PPTP as transport, isn't simple. Not all NATs can do this. If you are going to server a lot of clients connecting from random places in the world, then you will face this problem time to time. Can you check whether iptables support NATing PPTP? -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Wed Jan 18 15:06:07 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B14F16A41F; Wed, 18 Jan 2006 15:06:07 +0000 (GMT) (envelope-from dave@raven.za.net) Received: from elektra.opteqint.net (elektra.opteqint.net [209.25.178.105]) by mx1.FreeBSD.org (Postfix) with ESMTP id AA33C43D9D; Wed, 18 Jan 2006 15:05:33 +0000 (GMT) (envelope-from dave@raven.za.net) Received: from [165.165.205.92] (helo=LUCY) by elektra.opteqint.net with esmtpsa (TLSv1:RC4-MD5:128) (Exim 4.52 (FreeBSD)) id 1EzEpu-0000o4-GN; Wed, 18 Jan 2006 07:03:03 -0800 From: "Dave Raven" To: "'Gleb Smirnoff'" Date: Wed, 18 Jan 2006 17:05:02 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 In-Reply-To: <20060118145830.GS83922@FreeBSD.org> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 thread-index: AcYcP1fo/WfYJ9uaSIukwIm7bzDhwwAAMbLg X-Spam-Score: -101.4 (---------------------------------------------------) X-Spam-Report: Spam detection software, running on the system "elektra.opteqint.net", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: FreeBSD 4.9 - char em_driver_version[] = "1.7.16"; I've tried multiple bridge configurations - from bridging just em0,em1 to bridging two vlan's attached to each card. Unfortunately I don't have access to the box at the moment - if its still necessary I will fetch the information tomorrow (ifconfig etc) [...] Content analysis details: (-101.4 points, 4.5 required) pts rule name description ---- ---------------------- -------------------------------------------------- -100 USER_IN_WHITELIST From: address is in the user's white-list -1.4 ALL_TRUSTED Passed through trusted hosts only via SMTP 0.1 TW_FX BODY: Odd Letter Triples with FX Message-Id: <20060118150533.AA33C43D9D@mx1.FreeBSD.org> Cc: freebsd-net@FreeBSD.org Subject: RE: em driver + VLAN's X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jan 2006 15:06:07 -0000 FreeBSD 4.9 - char em_driver_version[] = "1.7.16"; I've tried multiple bridge configurations - from bridging just em0,em1 to bridging two vlan's attached to each card. Unfortunately I don't have access to the box at the moment - if its still necessary I will fetch the information tomorrow (ifconfig etc) To sum up its something like the following net.inet.ether.bridge_config=em0,em1 net.inet.ether.bridge=1 Or vlan0,vlan1 with: ifconfig vlan0 create ifconfig vlan1 create ifconfig vlan0 vlan 100 vlandev em0 ifconfig vlan1 vlan 100 vlandev em1 If I change to using fxp it immediately works.. Thanks for the help Dave -----Original Message----- From: Gleb Smirnoff [mailto:glebius@FreeBSD.org] Sent: 18 January 2006 04:59 PM To: Dave Raven Cc: freebsd-net@FreeBSD.org Subject: Re: em driver + VLAN's On Wed, Jan 18, 2006 at 03:12:27PM +0200, Dave Raven wrote: D> Hi all, D> I'm having an interesting problem at the moment. I want to bridge D> between two cisco switches on trunk ports. Basically bridging vlans - D> if I bridge my two main interfaces it works fine if they are fxp, but D> not when I use em cards... D> D> Could this be related to the driver, or BSD in some way? This probably can. What FreeBSD version are you using? Can you please show ifconfig output and bridge configuration? -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Wed Jan 18 18:29:24 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C930D16A41F; Wed, 18 Jan 2006 18:29:24 +0000 (GMT) (envelope-from tiagocruz@b4br.net) Received: from vader.b4br.net (vader.b4br.net [200.152.202.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5086843D49; Wed, 18 Jan 2006 18:29:24 +0000 (GMT) (envelope-from tiagocruz@b4br.net) Received: from localhost (localhost.b4br.net [127.0.0.1]) by vader.b4br.net (Postfix) with ESMTP id 5AEA618146B; Wed, 18 Jan 2006 16:24:26 -0200 (BRST) Received: from vader.b4br.net ([127.0.0.1]) by localhost (vader.b4br.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 94797-07; Wed, 18 Jan 2006 16:24:20 -0200 (BRST) Received: from tuxkiller.matter.b4br.net (yoda.b4br.net [200.152.202.10]) by vader.b4br.net (Postfix) with ESMTP id E8E12181478; Wed, 18 Jan 2006 16:24:19 -0200 (BRST) From: Tiago Cruz To: Gleb Smirnoff In-Reply-To: <20060118150117.GT83922@FreeBSD.org> References: <1137520320.15943.92.camel@localhost.localdomain> <20060118150117.GT83922@FreeBSD.org> Content-Type: text/plain Date: Wed, 18 Jan 2006 16:29:15 -0200 Message-Id: <1137608955.4177.8.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.0.4 Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at b4br.net Cc: "freebsd-net@FreeBSD.org" Subject: Re: MPD and client behind firewall X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jan 2006 18:29:24 -0000 On Wed, 2006-01-18 at 18:01 +0300, Gleb Smirnoff wrote: > Masquarading GRE protocol, which is used by PPTP as transport, isn't > simple. Not all NATs can do this. If you are going to server a lot > of clients connecting from random places in the world, then you will > face this problem time to time. So, I'll desist to use PPTP, because my clients are from random places. Many thanks for this information! > Can you check whether iptables support NATing PPTP? Yes, but with some limitations... Now, please, what can I do use on FreeBSD to my objectives? Very Thanks! Tiago Cruz http://linuxrapido.org Linux User #282636 "The box said: Requires MS Windows or better, so I installed Linux" From owner-freebsd-net@FreeBSD.ORG Wed Jan 18 20:04:29 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7D37D16A422; Wed, 18 Jan 2006 20:04:29 +0000 (GMT) (envelope-from ambrisko@ambrisko.com) Received: from mail.ambrisko.com (mail.ambrisko.com [64.174.51.43]) by mx1.FreeBSD.org (Postfix) with ESMTP id 27DE943D45; Wed, 18 Jan 2006 20:04:29 +0000 (GMT) (envelope-from ambrisko@ambrisko.com) Received: from server2.ambrisko.com (HELO www.ambrisko.com) ([192.168.1.2]) by mail.ambrisko.com with ESMTP; 18 Jan 2006 12:04:26 -0800 Received: from ambrisko.com (localhost [127.0.0.1]) by www.ambrisko.com (8.12.11/8.12.9) with ESMTP id k0IK4PJ8071639; Wed, 18 Jan 2006 12:04:25 -0800 (PST) (envelope-from ambrisko@ambrisko.com) Received: (from ambrisko@localhost) by ambrisko.com (8.12.11/8.12.11/Submit) id k0IK4OV8071638; Wed, 18 Jan 2006 12:04:24 -0800 (PST) (envelope-from ambrisko) From: Doug Ambrisko Message-Id: <200601182004.k0IK4OV8071638@ambrisko.com> In-Reply-To: <20060118150533.AA33C43D9D@mx1.FreeBSD.org> To: Dave Raven Date: Wed, 18 Jan 2006 12:04:24 -0800 (PST) X-Mailer: ELM [version 2.4ME+ PL94b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Cc: freebsd-net@freebsd.org Subject: Re: em driver + VLAN's X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jan 2006 20:04:29 -0000 Dave Raven writes: | FreeBSD 4.9 - char em_driver_version[] = "1.7.16"; | | I've tried multiple bridge configurations - from bridging just em0,em1 to | bridging two vlan's attached to each card. Unfortunately I don't have access | to the box at the moment - if its still necessary I will fetch the | information tomorrow (ifconfig etc) | | To sum up its something like the following | net.inet.ether.bridge_config=em0,em1 | net.inet.ether.bridge=1 | | Or vlan0,vlan1 with: | ifconfig vlan0 create | ifconfig vlan1 create | ifconfig vlan0 vlan 100 vlandev em0 | ifconfig vlan1 vlan 100 vlandev em1 | | | If I change to using fxp it immediately works.. I think you will find you are bridging in promiscous mode and the HW VLAN stuff isn't there. You should try to bridge the vlan devices or disable the VLAN HW (driver hack). It works with the fxp0 since you are using SW VLAN so the HW part isn't grabing it. I've done the driver hack for some things I needed to do. Doug A. From owner-freebsd-net@FreeBSD.ORG Wed Jan 18 20:20:15 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 646FB16A420 for ; Wed, 18 Jan 2006 20:20:15 +0000 (GMT) (envelope-from sten@blinkenlights.nl) Received: from ford.blinkenlights.nl (ford.blinkenlights.nl [213.204.211.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id A341F43D53 for ; Wed, 18 Jan 2006 20:20:14 +0000 (GMT) (envelope-from sten@blinkenlights.nl) Received: from tea.blinkenlights.nl (tea.blinkenlights.nl [192.168.1.21]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ford.blinkenlights.nl (Postfix) with ESMTP id A70CEBDBC; Wed, 18 Jan 2006 21:20:08 +0100 (CET) Received: by tea.blinkenlights.nl (Postfix, from userid 101) id B4AD317B; Wed, 18 Jan 2006 21:20:07 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by tea.blinkenlights.nl (Postfix) with ESMTP id AE883156; Wed, 18 Jan 2006 21:20:07 +0100 (CET) Date: Wed, 18 Jan 2006 21:20:07 +0100 (CET) From: Sten Spans To: Doug Ambrisko In-Reply-To: <200601182004.k0IK4OV8071638@ambrisko.com> Message-ID: References: <200601182004.k0IK4OV8071638@ambrisko.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-net@freebsd.org, Dave Raven Subject: Re: em driver + VLAN's X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jan 2006 20:20:15 -0000 On Wed, 18 Jan 2006, Doug Ambrisko wrote: > Dave Raven writes: > | FreeBSD 4.9 - char em_driver_version[] = "1.7.16"; > | > | I've tried multiple bridge configurations - from bridging just em0,em1 to > | bridging two vlan's attached to each card. Unfortunately I don't have access > | to the box at the moment - if its still necessary I will fetch the > | information tomorrow (ifconfig etc) > | > | To sum up its something like the following > | net.inet.ether.bridge_config=em0,em1 > | net.inet.ether.bridge=1 > | > | Or vlan0,vlan1 with: > | ifconfig vlan0 create > | ifconfig vlan1 create > | ifconfig vlan0 vlan 100 vlandev em0 > | ifconfig vlan1 vlan 100 vlandev em1 > | > | > | If I change to using fxp it immediately works.. > > I think you will find you are bridging in promiscous mode and the > HW VLAN stuff isn't there. You should try to bridge the vlan devices > or disable the VLAN HW (driver hack). It works with the fxp0 since you > are using SW VLAN so the HW part isn't grabing it. I've done the driver > hack for some things I needed to do. what about vlanhwtag (ifconfig) ? according to the em manpage it is disabled by default so this setup should work. -- Sten Spans "There is a crack in everything, that's how the light gets in." Leonard Cohen - Anthem From owner-freebsd-net@FreeBSD.ORG Wed Jan 18 20:28:09 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5CDEE16A41F for ; Wed, 18 Jan 2006 20:28:09 +0000 (GMT) (envelope-from ambrisko@ambrisko.com) Received: from mail.ambrisko.com (mail.ambrisko.com [64.174.51.43]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5723443D4C for ; Wed, 18 Jan 2006 20:28:07 +0000 (GMT) (envelope-from ambrisko@ambrisko.com) Received: from server2.ambrisko.com (HELO www.ambrisko.com) ([192.168.1.2]) by mail.ambrisko.com with ESMTP; 18 Jan 2006 12:28:07 -0800 Received: from ambrisko.com (localhost [127.0.0.1]) by www.ambrisko.com (8.12.11/8.12.9) with ESMTP id k0IKS6OY073020; Wed, 18 Jan 2006 12:28:06 -0800 (PST) (envelope-from ambrisko@ambrisko.com) Received: (from ambrisko@localhost) by ambrisko.com (8.12.11/8.12.11/Submit) id k0IKS6Nf073019; Wed, 18 Jan 2006 12:28:06 -0800 (PST) (envelope-from ambrisko) From: Doug Ambrisko Message-Id: <200601182028.k0IKS6Nf073019@ambrisko.com> In-Reply-To: To: Sten Spans Date: Wed, 18 Jan 2006 12:28:06 -0800 (PST) X-Mailer: ELM [version 2.4ME+ PL94b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Cc: freebsd-net@freebsd.org, Dave Raven Subject: Re: em driver + VLAN's X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jan 2006 20:28:09 -0000 Sten Spans writes: | On Wed, 18 Jan 2006, Doug Ambrisko wrote: | > Dave Raven writes: | > | FreeBSD 4.9 - char em_driver_version[] = "1.7.16"; | > | | > | I've tried multiple bridge configurations - from bridging just em0,em1 to | > | bridging two vlan's attached to each card. Unfortunately I don't have access | > | to the box at the moment - if its still necessary I will fetch the | > | information tomorrow (ifconfig etc) | > | | > | To sum up its something like the following | > | net.inet.ether.bridge_config=em0,em1 | > | net.inet.ether.bridge=1 | > | | > | Or vlan0,vlan1 with: | > | ifconfig vlan0 create | > | ifconfig vlan1 create | > | ifconfig vlan0 vlan 100 vlandev em0 | > | ifconfig vlan1 vlan 100 vlandev em1 | > | | > | | > | If I change to using fxp it immediately works.. | > | > I think you will find you are bridging in promiscous mode and the | > HW VLAN stuff isn't there. You should try to bridge the vlan devices | > or disable the VLAN HW (driver hack). It works with the fxp0 since you | > are using SW VLAN so the HW part isn't grabing it. I've done the driver | > hack for some things I needed to do. | | what about vlanhwtag (ifconfig) ? | according to the em manpage it is disabled by default | so this setup should work. I'm not sure ... things have changed over time. Doug A. From owner-freebsd-net@FreeBSD.ORG Wed Jan 18 20:31:34 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E4AF816A41F for ; Wed, 18 Jan 2006 20:31:34 +0000 (GMT) (envelope-from toasty@dragondata.com) Received: from tokyo01.jp.mail.your.org (tokyo01.jp.mail.your.org [204.9.54.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8C56A43D45 for ; Wed, 18 Jan 2006 20:31:34 +0000 (GMT) (envelope-from toasty@dragondata.com) Received: from mail.your.org (server3-a.your.org [64.202.112.67]) by tokyo01.jp.mail.your.org (Postfix) with ESMTP id 7738D2AD5CA1; Wed, 18 Jan 2006 20:31:32 +0000 (UTC) Received: from [69.31.99.38] (pool038.dhcp.your.org [69.31.99.38]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by mail.your.org (Postfix) with ESMTP id CE36DA0A427; Wed, 18 Jan 2006 20:31:31 +0000 (UTC) In-Reply-To: <20060118150533.AA33C43D9D@mx1.FreeBSD.org> References: <20060118150533.AA33C43D9D@mx1.FreeBSD.org> Mime-Version: 1.0 (Apple Message framework v746.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <7FFD38BE-1F95-48B1-B4D6-39A835C62CFB@dragondata.com> Content-Transfer-Encoding: 7bit From: Kevin Day Date: Wed, 18 Jan 2006 14:31:28 -0600 To: "Dave Raven" X-Mailer: Apple Mail (2.746.2) Cc: freebsd-net@FreeBSD.org Subject: Re: em driver + VLAN's X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jan 2006 20:31:35 -0000 On Jan 18, 2006, at 9:05 AM, Dave Raven wrote: > FreeBSD 4.9 - char em_driver_version[] = "1.7.16"; > > I've tried multiple bridge configurations - from bridging just > em0,em1 to > bridging two vlan's attached to each card. Unfortunately I don't > have access > to the box at the moment - if its still necessary I will fetch the > information tomorrow (ifconfig etc) > > To sum up its something like the following > net.inet.ether.bridge_config=em0,em1 > net.inet.ether.bridge=1 > > Or vlan0,vlan1 with: > ifconfig vlan0 create > ifconfig vlan1 create > ifconfig vlan0 vlan 100 vlandev em0 > ifconfig vlan1 vlan 100 vlandev em1 > > > If I change to using fxp it immediately works.. > > Thanks for the help > Dave > Try adding: ifconfig em0 promisc ifconfig em1 promisc We found it was necessary in a few situations with em devices and bridging. From owner-freebsd-net@FreeBSD.ORG Wed Jan 18 22:17:11 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E54E616A41F; Wed, 18 Jan 2006 22:17:11 +0000 (GMT) (envelope-from dave@raven.za.net) Received: from elektra.opteqint.net (elektra.opteqint.net [209.25.178.105]) by mx1.FreeBSD.org (Postfix) with ESMTP id 26B4743D46; Wed, 18 Jan 2006 22:17:10 +0000 (GMT) (envelope-from dave@raven.za.net) Received: from [165.165.205.92] (helo=LUCY) by elektra.opteqint.net with esmtpsa (TLSv1:RC4-MD5:128) (Exim 4.52 (FreeBSD)) id 1EzLZo-0002i2-TX; Wed, 18 Jan 2006 14:14:50 -0800 From: "Dave Raven" To: "'Doug Ambrisko'" Date: Thu, 19 Jan 2006 00:16:50 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 In-Reply-To: <200601182004.k0IK4OV8071638@ambrisko.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 thread-index: AcYcag75HMpitKKaTrCMWr3osZV3WQAEr6AA X-Spam-Score: -101.4 (---------------------------------------------------) X-Spam-Report: Spam detection software, running on the system "elektra.opteqint.net", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Thanks for the reply - I went down to the office to do exactly what you are suggesting and it worked fine - removed "em_enable_vlans(adapter);" Thanks all Dave Content analysis details: (-101.4 points, 4.5 required) pts rule name description ---- ---------------------- -------------------------------------------------- -100 USER_IN_WHITELIST From: address is in the user's white-list -1.4 ALL_TRUSTED Passed through trusted hosts only via SMTP 0.1 TW_FX BODY: Odd Letter Triples with FX Message-Id: <20060118221710.26B4743D46@mx1.FreeBSD.org> Cc: freebsd-net@freebsd.org Subject: RE: em driver + VLAN's X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jan 2006 22:17:12 -0000 Thanks for the reply - I went down to the office to do exactly what you are suggesting and it worked fine - removed "em_enable_vlans(adapter);" Thanks all Dave -----Original Message----- From: Doug Ambrisko [mailto:ambrisko@ambrisko.com] Sent: 18 January 2006 10:04 PM To: Dave Raven Cc: 'Gleb Smirnoff'; freebsd-net@freebsd.org Subject: Re: em driver + VLAN's Dave Raven writes: | FreeBSD 4.9 - char em_driver_version[] = "1.7.16"; | | I've tried multiple bridge configurations - from bridging just em0,em1 | to bridging two vlan's attached to each card. Unfortunately I don't | have access to the box at the moment - if its still necessary I will | fetch the information tomorrow (ifconfig etc) | | To sum up its something like the following | net.inet.ether.bridge_config=em0,em1 | net.inet.ether.bridge=1 | | Or vlan0,vlan1 with: | ifconfig vlan0 create | ifconfig vlan1 create | ifconfig vlan0 vlan 100 vlandev em0 | ifconfig vlan1 vlan 100 vlandev em1 | | | If I change to using fxp it immediately works.. I think you will find you are bridging in promiscous mode and the HW VLAN stuff isn't there. You should try to bridge the vlan devices or disable the VLAN HW (driver hack). It works with the fxp0 since you are using SW VLAN so the HW part isn't grabing it. I've done the driver hack for some things I needed to do. Doug A. From owner-freebsd-net@FreeBSD.ORG Wed Jan 18 22:41:42 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 53B3816A41F for ; Wed, 18 Jan 2006 22:41:42 +0000 (GMT) (envelope-from sekol@konto.pl) Received: from red.alpha.net.pl (konto.pl [83.238.28.15]) by mx1.FreeBSD.org (Postfix) with ESMTP id C1AD643D7B for ; Wed, 18 Jan 2006 22:41:34 +0000 (GMT) (envelope-from sekol@konto.pl) Received: from seksci.local.pl ([80.51.233.42]) (authenticated bits=0) by red.alpha.net.pl (8.13.3/8.12.11) with ESMTP id k0IMgWTV094415 for ; Wed, 18 Jan 2006 23:42:37 +0100 (CET) (envelope-from sekol@konto.pl) Date: Wed, 18 Jan 2006 23:41:20 +0100 From: Sekol X-Mailer: The Bat! (v3.62.14) Professional X-Priority: 3 (Normal) Message-ID: <276976297.20060118234120@konto.pl> To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=1.5 required=5.0 tests=SPF_SOFTFAIL autolearn=disabled version=3.1.0 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on red.alpha.net.pl Content-Disposition: inline X-Scanned-By: MIMEDefang 2.52 on 83.238.28.15 Subject: How to connect with ap X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Sekol List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jan 2006 22:41:42 -0000 Hi, Ap works in authmode shared, 64-bit ascii wepkey. Am trying to configure Gigabyte GN-WPKG wireless PCI card (chipset RT2500) I have FreeBSD 6, loaded wlan_wep module. in rc.conf: ifconfig_ral0="DHCP" When i try: ifconfig ral0 ssid name authmode shared channel 13 wemode on \ weptxkey 1 wepkey my_key in /var/log/messages i get: ral0: ieee80211_crypto_newkey: no h/w support for cipher WEP, falling back to s/w ral0: ieee80211_crypto_setkey: WEP keyix 0 flags 0x13 mac 00:14:85:16:d2:11 rsc 0 tsc 0 len 5 ral0: ieee80211_newstate: INIT -> INIT ral0: ieee80211_newstate: INIT -> SCAN ral0: begin active scan in 11g mode, scangen 418 ieee80211_reset_scan: scan set: 13 start chan 13 ral0: ieee80211_free_allnodes_locked: free all nodes in scan table ral0: node_reclaim: remove 0xc22c5400<00:14:85:16:d2:11> from scan table, refcnt 1 ral0: ieee80211_next_scan: chan 13->13 ral0: ieee80211_newstate: SCAN -> SCAN ral0: ieee80211_ref_node (ieee80211_send_probereq:979) 0xc22c5400<00:14:85:16:d2:11> refcnt 2 ral0: [ff:ff:ff:ff:ff:ff] send probe req on channel 13 ral0: received probe_resp from 00:0f:a3:58:c7:ae rssi 43 ral0: ieee80211_setup_node 0xc2267400<00:0f:a3:58:c7:ae> in scan table [00:0f:a3:58:c7:ae] new probe_resp on chan 13 (bss chan 13) "name" [00:0f:a3:58:c7:ae] caps 0x411 bintval 100 erp 0x6 country info 47 42 20 01 0d 14 ral0: received probe_resp from 00:0f:a3:58:c7:ae rssi 45 [00:0f:a3:58:c7:ae] probe_resp on chan 13 (bss chan 13) "name" ral0: ieee80211_cancel_scan: end active scan ral0: ral0: notify scan done ral0: macaddr bssid chan rssi rate flag wep essid + 00:0f:a3:58:c7:ae 00:0f:a3:58:c7:ae 13 45 54M ess wep "name" ral0: _ieee80211_free_node 0xc22c5400<00:14:85:16:d2:11> in table ral0: _ieee80211_crypto_delkey: NONE keyix 65535 flags 0x3 rsc 0 tsc 0 len 0 ral0: ieee80211_ref_node (ieee80211_send_mgmt:1063) 0xc2267400<00:0f:a3:58:c7:ae> refcnt 3 [00:0f:a3:58:c7:ae] send auth on channel 13 ral0: received auth from 00:0f:a3:58:c7:ae rssi 46 ral0: [00:0f:a3:58:c7:ae] recv auth frame with algorithm 1 seq 2 ral0: ieee80211_ref_node (ieee80211_send_mgmt:1063) 0xc2267400<00:0f:a3:58:c7:ae> refcnt 4 ral0: [00:0f:a3:58:c7:ae] request encrypt frame (ieee80211_send_mgmt) ral0: [00:0f:a3:58:c7:ae] encrypting frame (ieee80211_mgmt_output) [00:0f:a3:58:c7:ae] send auth on channel 13 [ral0:00:0f:a3:58:c7:ae] discard duplicate frame, seqno <3972,3972> fragno <0,0> tid 0 last message repeated 2 times ral0: received auth from 00:0f:a3:58:c7:ae rssi 46 ral0: [00:0f:a3:58:c7:ae] recv auth frame with algorithm 24907 seq 4 [ral0:00:0f:a3:58:c7:ae] discard auth frame, unsupported alg 24907 ral0: received beacon from 00:0f:a3:58:c7:ae rssi 46 last message repeated 13 times [ral0:00:0b:6b:3c:94:95] discard data frame, unauthorized port: ether type 0x2600 len 52 ral0: received beacon from 00:0f:a3:58:c7:ae rssi 46 last message repeated 4 times and my ifconfig ral0: ral0: flags=8802 mtu 1500 inet6 fe80::214:85ff:fe16:d211%ral0 prefixlen 64 scopeid 0x2 ether 00:14:85:16:d2:11 media: IEEE 802.11 Wireless Ethernet autoselect (autoselect) status: no carrier ssid name channel 13 authmode SHARED privacy ON deftxkey 1 wepkey 1:40-bit txpowmax 100 protmode CTS bintval 100 and still "no carrier" :-( -- Best regards, Sekol -- - NAJNIZSZE CENY DOMEN - http://domeny.alpha.pl - Domena .pl - 30 zl /rok Domena .com.pl - 23 zl / rok Domena regionalna - 7 zl /rok ------------------------------------------------- From owner-freebsd-net@FreeBSD.ORG Thu Jan 19 05:30:41 2006 Return-Path: X-Original-To: net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A1CF716A41F for ; Thu, 19 Jan 2006 05:30:41 +0000 (GMT) (envelope-from jinmei@isl.rdc.toshiba.co.jp) Received: from shuttle.wide.toshiba.co.jp (shuttle.wide.toshiba.co.jp [202.249.10.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3833843D4C for ; Thu, 19 Jan 2006 05:30:40 +0000 (GMT) (envelope-from jinmei@isl.rdc.toshiba.co.jp) Received: from impact.jinmei.org (unknown [3ffe:501:100f:1010:598b:68a0:e50:98ce]) by shuttle.wide.toshiba.co.jp (Postfix) with ESMTP id 9643315267; Thu, 19 Jan 2006 14:30:39 +0900 (JST) Date: Thu, 19 Jan 2006 14:30:35 +0900 Message-ID: From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= To: Kris Kennaway In-Reply-To: <20060116004438.GA27901@xor.obsecurity.org> References: <20060116004438.GA27901@xor.obsecurity.org> User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI) Organization: Research & Development Center, Toshiba Corp., Kawasaki, Japan. MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Cc: net@FreeBSD.org Subject: Re: Changing time causes ipv6 panics X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jan 2006 05:30:41 -0000 >>>>> On Sun, 15 Jan 2006 19:44:38 -0500, >>>>> Kris Kennaway said: > I ran ntpdate on an amd64 system with ipv6 enabled and a skewed clock > (ntpdate stepped it back by about an hour), and immediately got a > use-after-free panic in ifaddr. When I rebooted with memguard enabled > on this malloc type and retried, I got this panic upon changing the > date forward, then back, then forward again (also note the garbage > return data from ntpdate): Which version of FreeBSD are you using? JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp From owner-freebsd-net@FreeBSD.ORG Thu Jan 19 08:48:43 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 51B4616A41F for ; Thu, 19 Jan 2006 08:48:43 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9A0EF43D45 for ; Thu, 19 Jan 2006 08:48:42 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.13.3/8.13.3) with ESMTP id k0J8mTpA000461 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 19 Jan 2006 11:48:29 +0300 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.sick.ru (8.13.3/8.13.1/Submit) id k0J8mPgt000460; Thu, 19 Jan 2006 11:48:25 +0300 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Thu, 19 Jan 2006 11:48:25 +0300 From: Gleb Smirnoff To: Tiago Cruz Message-ID: <20060119084825.GA83922@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Tiago Cruz , "freebsd-net@FreeBSD.org" References: <1137520320.15943.92.camel@localhost.localdomain> <20060118150117.GT83922@FreeBSD.org> <1137608955.4177.8.camel@localhost.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <1137608955.4177.8.camel@localhost.localdomain> User-Agent: Mutt/1.5.6i Cc: "freebsd-net@FreeBSD.org" Subject: Re: MPD and client behind firewall X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jan 2006 08:48:43 -0000 On Wed, Jan 18, 2006 at 04:29:15PM -0200, Tiago Cruz wrote: T> > Masquarading GRE protocol, which is used by PPTP as transport, isn't T> > simple. Not all NATs can do this. If you are going to server a lot T> > of clients connecting from random places in the world, then you will T> > face this problem time to time. T> T> So, I'll desist to use PPTP, because my clients are from random places. T> Many thanks for this information! Btw, there are also some dumb ISP (at least in Russia), who filter GRE. T> > Can you check whether iptables support NATing PPTP? T> T> Yes, but with some limitations... T> T> Now, please, what can I do use on FreeBSD to my objectives? As far as I understand your clients are Windows and you need to make the process of logging in quite simple? -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Thu Jan 19 10:36:22 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 03DB916A41F; Thu, 19 Jan 2006 10:36:22 +0000 (GMT) (envelope-from tiagocruz@b4br.net) Received: from vader.b4br.net (vader.b4br.net [200.152.202.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7FD4643D48; Thu, 19 Jan 2006 10:36:21 +0000 (GMT) (envelope-from tiagocruz@b4br.net) Received: from localhost (localhost.b4br.net [127.0.0.1]) by vader.b4br.net (Postfix) with ESMTP id 53451181420; Thu, 19 Jan 2006 08:31:21 -0200 (BRST) Received: from vader.b4br.net ([127.0.0.1]) by localhost (vader.b4br.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 21555-01; Thu, 19 Jan 2006 08:31:15 -0200 (BRST) Received: from tuxkiller.matter.b4br.net (yoda.b4br.net [200.152.202.10]) by vader.b4br.net (Postfix) with ESMTP id A4AC718142A; Thu, 19 Jan 2006 08:31:15 -0200 (BRST) From: Tiago Cruz To: Gleb Smirnoff In-Reply-To: <20060119084825.GA83922@cell.sick.ru> References: <1137520320.15943.92.camel@localhost.localdomain> <20060118150117.GT83922@FreeBSD.org> <1137608955.4177.8.camel@localhost.localdomain> <20060119084825.GA83922@cell.sick.ru> Content-Type: text/plain Date: Thu, 19 Jan 2006 08:36:13 -0200 Message-Id: <1137666973.22144.5.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.0.4 Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at b4br.net Cc: "freebsd-net@FreeBSD.org" Subject: Re: MPD and client behind firewall X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jan 2006 10:36:22 -0000 On Thu, 2006-01-19 at 11:48 +0300, Gleb Smirnoff wrote: > On Wed, Jan 18, 2006 at 04:29:15PM -0200, Tiago Cruz wrote: > Btw, there are also some dumb ISP (at least in Russia), who filter GRE. And is very complicate to do this GRE work, spend a lot of time do do this :-/ > As far as I understand your clients are Windows and you need to make > the process of logging in quite simple? Yes, simple and secure. I need that incoming client have a our internal address do access our management system. I've discarded the SSlExplorer and I'm testing the OpenVPN now... Very thanks! -- Tiago Cruz http://linuxrapido.org Linux User #282636 "The box said: Requires MS Windows or better, so I installed Linux" From owner-freebsd-net@FreeBSD.ORG Thu Jan 19 15:54:07 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 44F1816A41F for ; Thu, 19 Jan 2006 15:54:07 +0000 (GMT) (envelope-from jhall@vandaliamo.net) Received: from trueband.net (director.trueband.net [216.163.120.8]) by mx1.FreeBSD.org (Postfix) with SMTP id 4DC6443D49 for ; Thu, 19 Jan 2006 15:54:06 +0000 (GMT) (envelope-from jhall@vandaliamo.net) Received: (qmail 10105 invoked by uid 1006); 19 Jan 2006 15:54:05 -0000 Received: from jhall@vandaliamo.net by rs0 by uid 1003 with qmail-scanner-1.16 (spamassassin: 2.64. Clear:SA:0(-0.8/100.0):. Processed in 26.807714 secs); 19 Jan 2006 15:54:05 -0000 X-Spam-Status: No, hits=-0.8 required=100.0 X-Spam-Level: Received: from unknown (HELO trueband.net) (172.16.0.6) by -v with SMTP; 19 Jan 2006 15:53:36 -0000 Received: (qmail 22109 invoked from network); 19 Jan 2006 15:52:40 -0000 Received: from unknown (HELO admintool.trueband.net) (127.0.0.1) by -v with SMTP; 19 Jan 2006 15:52:40 -0000 Received: from 199.223.158.225 (SquirrelMail authenticated user jhall@vandaliamo.net) by admintool.trueband.net with HTTP; Thu, 19 Jan 2006 15:52:40 -0000 (GMT) Message-ID: <1302.199.223.158.225.1137685960.squirrel@admintool.trueband.net> Date: Thu, 19 Jan 2006 15:52:40 -0000 (GMT) From: jhall@vandaliamo.net To: freebsd-net@freebsd.org User-Agent: SquirrelMail/1.4.4 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: mpd 3.18 and FreeBSD 6.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jan 2006 15:54:07 -0000 Recently, I tried to upgrade my firewall from FreeBSD 4.8 to 6.0 and from mpd 3.17 to mpd 3.18. Initially, everything works. However, after a few hours (4 to 5) users start complaining about slow connection speeds, and eventually they are not able to connect to the Exchange server, or network drives shared over the WAN at all. If I put the FreeBSD 4.8 server and mpd 3.17 back on line, everything will start working properly almost immediately. To me, it sounds like a memory leak, or the operating system is running out of stack space. My network is configured in a star configuration. 5 offices connect to the corporate network using an mpd to mpd configuration. The corporate office has a dedicated T-1 and the other offices all have DSL connections. Nothing out of the ordinary is showing up in the mpd logs. And, nothing out of the ordinary is showing up in the syslog. In my mpd.conf file, I have 34 pptp connections defined, and at most 10 are in use at one time. The server is a Celeron processor with 128 MB of RAM. And, during peak usage times, I am showing approximately 1% usage on the processor. If needed, I would be happy to post my configuration files and log files. I have checked the log files around the times users report problems, and do not see anything out of the ordinary (no dropped connections, new connections, missed replies, etc). And, checking the T-1 usage at the time, approximately 500K of a full T-1 was in use. Any suggestions would be greatly appreciated. Thanks in advance. Jay From owner-freebsd-net@FreeBSD.ORG Thu Jan 19 16:21:11 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8711816A41F for ; Thu, 19 Jan 2006 16:21:11 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from thorn.pobox.com (thorn.pobox.com [208.210.124.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 31F6343D49 for ; Thu, 19 Jan 2006 16:21:11 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from thorn (localhost [127.0.0.1]) by thorn.pobox.com (Postfix) with ESMTP id 3D179F9; Thu, 19 Jan 2006 11:21:32 -0500 (EST) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by thorn.sasl.smtp.pobox.com (Postfix) with ESMTP id 0600A50BD; Thu, 19 Jan 2006 11:21:30 -0500 (EST) Received: from lists by mappit.local.linnet.org with local (Exim 4.60 (FreeBSD)) (envelope-from ) id 1EzcX5-000APQ-GC; Thu, 19 Jan 2006 16:21:07 +0000 Date: Thu, 19 Jan 2006 16:21:07 +0000 From: Brian Candler To: Sebastian Schwerdhoefer Message-ID: <20060119162107.GB39968@uk.tiscali.com> References: <20060118144918.GX14058@localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060118144918.GX14058@localdomain> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org Subject: Re: pf: redirect packets from localhost X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jan 2006 16:21:11 -0000 On Wed, Jan 18, 2006 at 03:49:18PM +0100, Sebastian Schwerdhoefer wrote: > Short question: > Is it possible to redirect packets from localhost with "rdr"? Short answer: yes. Longer answer: perhaps this is the kind of thing you're looking for. http://lists.freebsd.org/pipermail/freebsd-pf/2005-September/001487.html http://lists.freebsd.org/pipermail/freebsd-pf/2005-September/001495.html http://lists.freebsd.org/pipermail/freebsd-pf/2005-September/001498.html (Note that there is a pf-specific mailing list...) From owner-freebsd-net@FreeBSD.ORG Thu Jan 19 21:41:29 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9C9B516A41F for ; Thu, 19 Jan 2006 21:41:29 +0000 (GMT) (envelope-from rand@meridian-enviro.com) Received: from newman.meridian-enviro.com (newman.meridian-enviro.com [207.109.235.166]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1AC8343D45 for ; Thu, 19 Jan 2006 21:41:28 +0000 (GMT) (envelope-from rand@meridian-enviro.com) X-Envelope-To: Received: from delta.meridian-enviro.com (delta.meridian-enviro.com [10.10.10.43]) by newman.meridian-enviro.com (8.13.1/8.13.1) with ESMTP id k0JLfSiB050476 for ; Thu, 19 Jan 2006 15:41:28 -0600 (CST) (envelope-from rand@meridian-enviro.com) Date: Thu, 19 Jan 2006 15:41:28 -0600 Message-ID: <87slrjdhfb.wl%rand@meridian-enviro.com> From: "Douglas K. Rand" To: freebsd-net@freebsd.org User-Agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.7 (=?ISO-8859-4?Q?Sanj=F2?=) APEL/10.6 Emacs/21.3 (i386--freebsd) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII X-Virus-Scanned: ClamAV 0.84/1245/Wed Jan 18 10:57:44 2006 on newman.meridian-enviro.com X-Virus-Status: Clean Subject: ELSA XI330 in if_wi_pccard.c X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jan 2006 21:41:29 -0000 The ELSA XI330 wireless card was added to pccarddevs but not to if_wi_pccard.c. I was wondering if someone would merge this slight change in from revision 1.59 of if_wi_pccard.c to RELENG_6? (The AIRVAST WN_100B is a re-badged version of the same ELSA card.) From owner-freebsd-net@FreeBSD.ORG Fri Jan 20 04:03:01 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9ABAF16A41F for ; Fri, 20 Jan 2006 04:03:01 +0000 (GMT) (envelope-from amactaggart@hkis.edu.hk) Received: from mail2.hkis.edu.hk (mail2.hkis.edu.hk [202.40.134.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0954643D45 for ; Fri, 20 Jan 2006 04:03:00 +0000 (GMT) (envelope-from amactaggart@hkis.edu.hk) Received: from localhost ([127.0.0.1]) by mail2.hkis.edu.hk for freebsd-net@freebsd.org; Fri, 20 Jan 2006 12:02:56 +0800 Received: from RBSMTPD1-MTA by rbsmtp1.hkis.edu.hk with Novell_GroupWise; Fri, 20 Jan 2006 12:02:56 +0800 Message-Id: X-Mailer: Novell GroupWise Internet Agent 6.5.5 Date: Fri, 20 Jan 2006 12:02:28 +0800 From: "Andrew MacTaggart" To: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: nss_ldap and pam_ldap troubles X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jan 2006 04:03:01 -0000 having trouble getting nss_ldap and Pam_ldap to work. running freebsd 5.4 ldap - edirectory - remote server ldapsearch works installed nss_ldap installed pam_ldap change parameters in ldap.conf and nss_ldap.conf host 10.x.x.x base o=mybase basspw = XXXXXXXXXXXX nsswitch.conf group: files ldap passwd: files ldap pam.d/sshd auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass can't figure out how to enable logging ssh fails but it takes longer like it is querry something. need help on how to enable logging for pam_ldap and nss_ldap need to know where I am making a mistake. debug would be helpful. TKS A From owner-freebsd-net@FreeBSD.ORG Fri Jan 20 07:36:31 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 76F3316A41F for ; Fri, 20 Jan 2006 07:36:31 +0000 (GMT) (envelope-from Joerg.Pulz@frm2.tum.de) Received: from mailhost.frm2.tum.de (mailhost.frm2.tum.de [129.187.179.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id C353F43D49 for ; Fri, 20 Jan 2006 07:36:26 +0000 (GMT) (envelope-from Joerg.Pulz@frm2.tum.de) Received: from localhost (mailhost.frm2.tum.de [129.187.179.12]) by mailhost.frm2.tum.de (8.13.4/8.13.4) with ESMTP id k0K7aO6w051391; Fri, 20 Jan 2006 08:36:24 +0100 (CET) (envelope-from jpulz@frm2.tum.de) Received: from hades.admin.frm2 (hades.admin.frm2 [172.25.1.10]) by mailhost.frm2.tum.de (8.13.4/8.13.4) with ESMTP id k0K7aOPx051387 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 20 Jan 2006 08:36:24 +0100 (CET) (envelope-from jpulz@frm2.tum.de) Received: from hades.admin.frm2 (localhost [127.0.0.1]) by hades.admin.frm2 (8.13.4/8.13.4) with ESMTP id k0K7aOWo018772; Fri, 20 Jan 2006 08:36:24 +0100 (CET) (envelope-from jpulz@frm2.tum.de) Received: (from jpulz@localhost) by hades.admin.frm2 (8.13.4/8.13.4/Submit) id k0K7aNWM018771; Fri, 20 Jan 2006 08:36:23 +0100 (CET) (envelope-from jpulz) Date: Fri, 20 Jan 2006 08:36:20 +0100 (CET) From: Joerg Pulz To: Andrew MacTaggart In-Reply-To: Message-ID: <20060120083440.H1074@hades.admin.frm2> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: at mailhost.frm2.tum.de Cc: freebsd-net@freebsd.org Subject: Re: nss_ldap and pam_ldap troubles X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jan 2006 07:36:31 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 20 Jan 2006, Andrew MacTaggart wrote: > having trouble getting nss_ldap and Pam_ldap to work. > > running freebsd 5.4 > ldap - edirectory - remote server > ldapsearch works > > installed nss_ldap > installed pam_ldap > change parameters in ldap.conf and nss_ldap.conf > host 10.x.x.x > base o=mybase > basspw = XXXXXXXXXXXX > > nsswitch.conf > > group: files ldap > passwd: files ldap > > pam.d/sshd > > auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass > > can't figure out how to enable logging > > ssh fails but it takes longer like it is querry something. > > need help on how to enable logging for pam_ldap and nss_ldap > > need to know where I am making a mistake. > > debug would be helpful. Try the following lines in nss_ldap.conf and ldap.conf: logdir /var/log debug 9 Now you should get a seperate file for every process which is using either pam_ldap or nss_ldap. Joerg - -- The beginning is the most important part of the work. -Plato -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFD0JL3SPOsGF+KA+MRAqVWAJ9Y6ImfYN/zUjIGxtRHR9p1ugBC6ACbBeYj pGOVntAynd6lDfa45EH2Dk8= =2Yb9 -----END PGP SIGNATURE----- From owner-freebsd-net@FreeBSD.ORG Fri Jan 20 08:59:13 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A775616A41F for ; Fri, 20 Jan 2006 08:59:13 +0000 (GMT) (envelope-from amactaggart@hkis.edu.hk) Received: from mail2.hkis.edu.hk (mail2.hkis.edu.hk [202.40.134.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1CD5443D45 for ; Fri, 20 Jan 2006 08:59:12 +0000 (GMT) (envelope-from amactaggart@hkis.edu.hk) Received: from localhost ([127.0.0.1]) by mail2.hkis.edu.hk for freebsd-net@freebsd.org; Fri, 20 Jan 2006 16:59:09 +0800 Received: from RBSMTPD1-MTA by rbsmtp1.hkis.edu.hk with Novell_GroupWise; Fri, 20 Jan 2006 16:59:09 +0800 Message-Id: X-Mailer: Novell GroupWise Internet Agent 6.5.5 Date: Fri, 20 Jan 2006 16:58:55 +0800 From: "Andrew MacTaggart" To: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Re: nss_ldap and pam_ldap troubles X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jan 2006 08:59:13 -0000 Thanks Jorge for the debug read1msg: V2 referral chased, mark request completed, id = 1 new result: res_errno: 32, res_error: , res_matched: <> read1msg: 0 new referrals read1msg: mark request completed, id = 1 request 1 done res_errno: 32, res_error: , res_matched: <> ldap_free_request (origid 1, msgid 1) This is from a valid user in the local passwd file valid users from NDS don't create log files. I enabled the NDS attribute mapping for uniqueMember = member but uniquemember is spelled without a cap earlier in the nss_ldap.conf - so not sure if it should be changed NDS uses member for uniquemember NDS also uses cn for uid Anyway I have the ldap working via apache with the mosquit module, so I know it works, and from the server I can search for users using ldapsearch. It seems that the user needs to be in the passwd and then debug is generated. Users that are not in passwd just get a prompt for password and then disconnect after 3 attempts. no logs in the /var/log dir are created unless user exists in passwd. Any thoughts would be welcomed TKS A From owner-freebsd-net@FreeBSD.ORG Fri Jan 20 09:22:52 2006 Return-Path: X-Original-To: net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EA62F16A41F for ; Fri, 20 Jan 2006 09:22:51 +0000 (GMT) (envelope-from Alexander@Leidinger.net) Received: from www.ebusiness-leidinger.de (jojo.ms-net.de [84.16.236.246]) by mx1.FreeBSD.org (Postfix) with ESMTP id DBA0843D72 for ; Fri, 20 Jan 2006 09:22:46 +0000 (GMT) (envelope-from Alexander@Leidinger.net) Received: from Andro-Beta.Leidinger.net (p54A5F632.dip.t-dialin.net [84.165.246.50]) (authenticated bits=0) by www.ebusiness-leidinger.de (8.13.1/8.13.1) with ESMTP id k0K9FcxR072681 for ; Fri, 20 Jan 2006 10:15:38 +0100 (CET) (envelope-from Alexander@Leidinger.net) Received: from localhost (localhost [127.0.0.1]) by Andro-Beta.Leidinger.net (8.13.3/8.13.3) with ESMTP id k0K9Mhd6007663 for ; Fri, 20 Jan 2006 10:22:43 +0100 (CET) (envelope-from Alexander@Leidinger.net) Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by webmail.leidinger.net (Horde MIME library) with HTTP; Fri, 20 Jan 2006 10:22:43 +0100 Message-ID: <20060120102243.bzzq2uig0kgwksso@netchild.homeip.net> X-Priority: 3 (Normal) Date: Fri, 20 Jan 2006 10:22:43 +0100 From: Alexander Leidinger To: net@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.0.3) / FreeBSD-4.11 X-Virus-Scanned: by amavisd-new Cc: Subject: In case you haven't noticed this: John Nagle about fixing a problem in TCP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jan 2006 09:22:52 -0000 Hi, I just found this in the comments on slashdot (http://developers.slashdot.org/comments.pl?sid=174457&cid=14515105) ---snip--- The trouble with the Nagle algorithm I really should fix the bad interaction between the "Nagle algorithm" and "delayed ACKs". Both ideas went into TCP around the same time, and the interaction is terrible. That fixed timer for ACKs is all wrong. Here's the real problem, and its solution. The concept behind delayed ACKs is to bet, when receiving some data from the net, that the local application will send a reply very soon. So there's no need to send an ACK immediately; the ACK can be piggybacked on the next data going the other way. If that doesn't happen, after a 500ms delay, an ACK is sent anyway. The concept behind the Nagle algorithm is that if the sender is doing very tiny writes (like single bytes, from Telnet), there's no reason to have more than one packet outstanding on the connection. This prevents slow links from choking with huge numbers of outstanding tinygrams. Both are reasonable. But they interact badly in the case where an application does two or more small writes to a socket, then waits for a reply. (X-Windows is notorious for this.) When an application does that, the first write results in an immediate packet send. The second write is held up until the first is acknowledged. But because of the delayed ACK strategy, that acknowledgement is held up for 500ms. This adds 500ms of latency to the transaction, even on a LAN. The real problem is that 500ms unconditional delay. (Why 500ms? That was a reasonable response time for a time-sharing system of the 1980s.) As mentioned above, delaying an ACK is a bet that the local application will reply to the data just received. Some apps, like character echo in Telnet servers, do respond every time. Others, like X-Windows "clients" (really servers, but X is backwards about this), only reply some of the time. TCP has no strategy to decide whether it's winning or losing those bets. That's the real problem. The right answer is that TCP should keep track of whether delayed ACKs are "winning" or "losing". A "win" is when, before the 500ms timer runs out, the application replies. Any needed ACK is then coalesced with the next outgoing data packet. A "lose" is when the 500ms timer runs out and the delayed ACK has to be sent anyway. There should be a counter in TCP, incremented on "wins", and reset to 0 on "loses". Only when the counter exceeds some number (5 or so), should ACKs be delayed. That would eliminate the problem automatically, and the need to turn the "Nagle algorithm" on and off. So that's the proper fix, at the TCP internals level. But I haven't done TCP internals in years, and really don't want to get back into that. If anyone is working on TCP internals for Linux today, I can be reached at the e-mail address above. This really should be fixed, since it's been annoying people for 20 years and it's not a tough thing to fix. The user-level solution is to avoid write-write-read sequences on sockets. write-read-write-read is fine. write-write-write is fine. But write-write-read is a killer. So, if you can, buffer up your little writes to TCP and send them all at once. Using the standard UNIX I/O package and flushing write before each read usually works. John Nagle ---snip--- I've looked at the webpage which is connected to this Slashdot user and they have a "Patents" page. There a "John Nagle" is listed as the inventor of some patents. Bye, Alexander. -- http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 "Oh no, not again." -- A bowl of petunias on it's way to certain death. From owner-freebsd-net@FreeBSD.ORG Fri Jan 20 12:00:36 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E478116A422 for ; Fri, 20 Jan 2006 12:00:36 +0000 (GMT) (envelope-from dclerc55@hotmail.com) Received: from hotmail.com (bay112-f17.bay112.hotmail.com [64.4.26.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id BC28B43D4C for ; Fri, 20 Jan 2006 12:00:35 +0000 (GMT) (envelope-from dclerc55@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 20 Jan 2006 04:00:35 -0800 Message-ID: Received: from 64.4.26.200 by by112fd.bay112.hotmail.msn.com with HTTP; Fri, 20 Jan 2006 12:00:35 GMT X-Originating-IP: [24.120.192.133] X-Originating-Email: [dclerc55@hotmail.com] X-Sender: dclerc55@hotmail.com From: "David Clerc" To: freebsd-net@freebsd.org Date: Fri, 20 Jan 2006 13:00:35 +0100 Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-OriginalArrivalTime: 20 Jan 2006 12:00:35.0061 (UTC) FILETIME=[1EDD4250:01C61DB9] Subject: RFC 3042 support in FreeBSD 6 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jan 2006 12:00:37 -0000 Hi, I have a remark about the RFC 3042 code that is implemented in tcp_input.c (CVS version 1.281.2.2). When a duplicate ack comes in, the code saves the congestion window (cwnd), changes it to allow one packet to be sent, and then calls tcp_output(). Is there a reason for not saving the bandwidth window (bwnd), and changing it to the same value as cwnd ? I have a case (half duplex link), where the bwnd is at its lowest value (6144), preventing the limited transmit to occur (i.e. tcp_output does not send any packet because bwnd forces sendwin to a value that is lower than cwnd). David _________________________________________________________________ Don't just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ From owner-freebsd-net@FreeBSD.ORG Fri Jan 20 14:12:30 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 43D1716A41F for ; Fri, 20 Jan 2006 14:12:30 +0000 (GMT) (envelope-from aturetta@bestunion.it) Received: from ms011msg.fastweb.it (213-140-2-11.ip.fastwebnet.it [213.140.2.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id B970643D46 for ; Fri, 20 Jan 2006 14:12:29 +0000 (GMT) (envelope-from aturetta@bestunion.it) Received: from mail.bestunion.it (85.18.201.82) by ms011msg.fastweb.it (7.2.069.1) id 43C3E182006A1429 for freebsd-net@FreeBSD.org; Fri, 20 Jan 2006 15:12:28 +0100 Received: from [192.168.33.30] ([192.168.33.30]) (authenticated bits=0) by mail.bestunion.it (8.13.5/8.13.5) with ESMTP id k0KEC7pB028947 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 20 Jan 2006 15:12:09 +0100 (CET) (envelope-from aturetta@bestunion.it) Message-ID: <43D0EFB7.9040402@bestunion.it> Date: Fri, 20 Jan 2006 15:12:07 +0100 From: Angelo Turetta User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.11) Gecko/20050728 X-Accept-Language: it, en-us, en MIME-Version: 1.0 To: Tiago Cruz References: <1137520320.15943.92.camel@localhost.localdomain> In-Reply-To: <1137520320.15943.92.camel@localhost.localdomain> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV version 0.87.1, clamav-milter version 0.87 on mail.bestunion.it X-Virus-Status: Clean X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00, FM_MULTI_ODD2,TW_JC,TW_NB,TW_VJ autolearn=ham version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on mail.bestunion.it Cc: "freebsd-net@FreeBSD.org" Subject: Re: MPD and client behind firewall X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jan 2006 14:12:30 -0000 Tiago Cruz wrote: > Hi all! > > I have a FreeBSD 6.0 running MPD server 3.18_3. > The MPD server works very good when I has _direct_ connected by > Internet. > > My problem is with one _client_ (Win XP) behind NAT from iptables. I > have to do some in my PF? I think you are seeing the same problem that I had on my server with a setup similar to yours. The WinXP PPTP client is subtly different from the Win2000 one (that always worked fine in my setup), and it needs some extra config lines for MPD. Please find following my server's mpd.conf, as I don't remember exactly what the fix was (I found it by browsing the MPD mailing lists on SourceForge). I think it's those two 'set pptp disable ...' lines. Hope this helps, Angelo Turetta. Modena - ITALY server4: new -i ng3 s04 pptp3 set ipcp ranges 192.168.X.17/32 192.168.X.21/24 load pptpserver pptpserver: set iface disable on-demand set bundle disable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link keep-alive 0 600 set link mtu 1460 set link mru 1460 set ipcp yes vjcomp set ipcp dns 192.168.Y.200 192.168.Y.203 set ipcp nbns 192.168.Y.193 192.168.Y.194 set pptp disable delayed-ack set pptp disable windowing set bundle enable compression set ccp yes mppc set ccp no mpp-e40 set ccp yes mpp-e128 set ccp yes mpp-stateless set bundle yes crypt-reqd From owner-freebsd-net@FreeBSD.ORG Fri Jan 20 15:04:21 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0915B16A41F for ; Fri, 20 Jan 2006 15:04:21 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id C067E43D48 for ; Fri, 20 Jan 2006 15:04:19 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.13.3/8.13.3) with ESMTP id k0KF4GNT028052 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 20 Jan 2006 18:04:16 +0300 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.sick.ru (8.13.3/8.13.1/Submit) id k0KF4GSI028051; Fri, 20 Jan 2006 18:04:16 +0300 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Fri, 20 Jan 2006 18:04:15 +0300 From: Gleb Smirnoff To: jhall@vandaliamo.net Message-ID: <20060120150415.GU83922@FreeBSD.org> Mail-Followup-To: Gleb Smirnoff , jhall@vandaliamo.net, freebsd-net@freebsd.org References: <1302.199.223.158.225.1137685960.squirrel@admintool.trueband.net> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <1302.199.223.158.225.1137685960.squirrel@admintool.trueband.net> User-Agent: Mutt/1.5.6i Cc: freebsd-net@FreeBSD.org Subject: Re: mpd 3.18 and FreeBSD 6.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jan 2006 15:04:21 -0000 On Thu, Jan 19, 2006 at 03:52:40PM -0000, jhall@vandaliamo.net wrote: j> Recently, I tried to upgrade my firewall from FreeBSD 4.8 to 6.0 and from j> mpd 3.17 to mpd 3.18. j> j> Initially, everything works. However, after a few hours (4 to 5) users j> start complaining about slow connection speeds, and eventually they are j> not able to connect to the Exchange server, or network drives shared over j> the WAN at all. If I put the FreeBSD 4.8 server and mpd 3.17 back on j> line, everything will start working properly almost immediately. To me, j> it sounds like a memory leak, or the operating system is running out of j> stack space. j> j> My network is configured in a star configuration. 5 offices connect to j> the corporate network using an mpd to mpd configuration. The corporate j> office has a dedicated T-1 and the other offices all have DSL connections. j> j> Nothing out of the ordinary is showing up in the mpd logs. And, nothing j> out of the ordinary is showing up in the syslog. j> j> In my mpd.conf file, I have 34 pptp connections defined, and at most 10 j> are in use at one time. The server is a Celeron processor with 128 MB of j> RAM. And, during peak usage times, I am showing approximately 1% usage on j> the processor. j> j> If needed, I would be happy to post my configuration files and log files. j> I have checked the log files around the times users report problems, and j> do not see anything out of the ordinary (no dropped connections, new j> connections, missed replies, etc). And, checking the T-1 usage at the j> time, approximately 500K of a full T-1 was in use. j> j> Any suggestions would be greatly appreciated. I guess you are using PPTP, although this word is absent in your mail. mpd can support different protocols, so reporting what you are actually using is important. The PPTP protocol has a terrible idea - windowing, that degradates tunnel performance a lot. In FreeBSD 4.8-RELEASE ng_pptpgre(4) didn't support windowing at all. In modern FreeBSD ng_pptpgre(4) supports windowing. In mpd windowing is turned on by default. This is done because some modern MS Windows versions will refuse to connect if windowing is disabled. I think, that if you disable windowing in mpd config, your performance will come back. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Fri Jan 20 18:57:32 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 58E0016A41F for ; Fri, 20 Jan 2006 18:57:32 +0000 (GMT) (envelope-from jhall@vandaliamo.net) Received: from trueband.net (director.trueband.net [216.163.120.8]) by mx1.FreeBSD.org (Postfix) with SMTP id 01C3D43D45 for ; Fri, 20 Jan 2006 18:57:30 +0000 (GMT) (envelope-from jhall@vandaliamo.net) Received: (qmail 15497 invoked by uid 1006); 20 Jan 2006 18:57:30 -0000 Received: from jhall@vandaliamo.net by rs0 by uid 1003 with qmail-scanner-1.16 (spamassassin: 2.64. Clear:SA:0(-0.8/100.0):. Processed in 5.477012 secs); 20 Jan 2006 18:57:30 -0000 X-Spam-Status: No, hits=-0.8 required=100.0 X-Spam-Level: Received: from unknown (HELO trueband.net) (172.16.0.11) by -v with SMTP; 20 Jan 2006 18:57:24 -0000 Received: (qmail 1456 invoked from network); 20 Jan 2006 18:57:23 -0000 Received: from unknown (HELO admintool.trueband.net) (127.0.0.1) by -v with SMTP; 20 Jan 2006 18:57:23 -0000 Received: from 199.223.158.225 (SquirrelMail authenticated user jhall@vandaliamo.net) by admintool.trueband.net with HTTP; Fri, 20 Jan 2006 18:57:23 -0000 (GMT) Message-ID: <1406.199.223.158.225.1137783443.squirrel@admintool.trueband.net> In-Reply-To: <20060120150415.GU83922@FreeBSD.org> References: <1302.199.223.158.225.1137685960.squirrel@admintool.trueband.net> <20060120150415.GU83922@FreeBSD.org> Date: Fri, 20 Jan 2006 18:57:23 -0000 (GMT) From: jhall@vandaliamo.net To: "Gleb Smirnoff" User-Agent: SquirrelMail/1.4.4 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-net@freebsd.org, jhall@vandaliamo.net Subject: Re: mpd 3.18 and FreeBSD 6.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jan 2006 18:57:32 -0000 > On Thu, Jan 19, 2006 at 03:52:40PM -0000, jhall@vandaliamo.net wrote: > j> Recently, I tried to upgrade my firewall from FreeBSD 4.8 to 6.0 and > from > j> mpd 3.17 to mpd 3.18. > j> > j> Initially, everything works. However, after a few hours (4 to 5) users > j> start complaining about slow connection speeds, and eventually they are > j> not able to connect to the Exchange server, or network drives shared > over > j> the WAN at all. If I put the FreeBSD 4.8 server and mpd 3.17 back on > j> line, everything will start working properly almost immediately. To > me, > j> it sounds like a memory leak, or the operating system is running out of > j> stack space. > j> > j> My network is configured in a star configuration. 5 offices connect to > j> the corporate network using an mpd to mpd configuration. The corporate > j> office has a dedicated T-1 and the other offices all have DSL > connections. > j> > j> Nothing out of the ordinary is showing up in the mpd logs. And, > nothing > j> out of the ordinary is showing up in the syslog. > j> > j> In my mpd.conf file, I have 34 pptp connections defined, and at most 10 > j> are in use at one time. The server is a Celeron processor with 128 MB > of > j> RAM. And, during peak usage times, I am showing approximately 1% usage > on > j> the processor. > j> > j> If needed, I would be happy to post my configuration files and log > files. > j> I have checked the log files around the times users report problems, > and > j> do not see anything out of the ordinary (no dropped connections, new > j> connections, missed replies, etc). And, checking the T-1 usage at the > j> time, approximately 500K of a full T-1 was in use. > j> > j> Any suggestions would be greatly appreciated. > > I guess you are using PPTP, although this word is absent in your mail. mpd > can support different protocols, so reporting what you are actually using > is important. > > The PPTP protocol has a terrible idea - windowing, that degradates tunnel > performance a lot. In FreeBSD 4.8-RELEASE ng_pptpgre(4) didn't support > windowing at all. In modern FreeBSD ng_pptpgre(4) supports windowing. In > mpd windowing is turned on by default. This is done because some modern > MS Windows versions will refuse to connect if windowing is disabled. I > think, that if you disable windowing in mpd config, your performance will > come back. > > -- > Totus tuus, Glebius. > GLEBIUS-RIPN GLEB-RIPE > Yes, you are correct, I am using PPTP and I should have specified that in my initial e-mail. Since I am using FreeBSD with mpd at both ends of the link is preferred to disable windowing on the client side, or the server side? If possible, I would prefer to disable it on the client side since I have several Windows users who also connect to this server. Thanks for all your help. Jay From owner-freebsd-net@FreeBSD.ORG Fri Jan 20 19:08:09 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C3C5E16A420 for ; Fri, 20 Jan 2006 19:08:09 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id F1B5D43D48 for ; Fri, 20 Jan 2006 19:08:08 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.13.3/8.13.3) with ESMTP id k0KJ86A4029928 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 20 Jan 2006 22:08:06 +0300 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.sick.ru (8.13.3/8.13.1/Submit) id k0KJ854C029927; Fri, 20 Jan 2006 22:08:05 +0300 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Fri, 20 Jan 2006 22:08:05 +0300 From: Gleb Smirnoff To: jhall@vandaliamo.net Message-ID: <20060120190805.GW83922@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , jhall@vandaliamo.net, freebsd-net@FreeBSD.org References: <1302.199.223.158.225.1137685960.squirrel@admintool.trueband.net> <20060120150415.GU83922@FreeBSD.org> <1406.199.223.158.225.1137783443.squirrel@admintool.trueband.net> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <1406.199.223.158.225.1137783443.squirrel@admintool.trueband.net> User-Agent: Mutt/1.5.6i Cc: freebsd-net@FreeBSD.org Subject: Re: mpd 3.18 and FreeBSD 6.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jan 2006 19:08:09 -0000 On Fri, Jan 20, 2006 at 06:57:23PM -0000, jhall@vandaliamo.net wrote: j> > I guess you are using PPTP, although this word is absent in your mail. mpd j> > can support different protocols, so reporting what you are actually using j> > is important. j> > j> > The PPTP protocol has a terrible idea - windowing, that degradates tunnel j> > performance a lot. In FreeBSD 4.8-RELEASE ng_pptpgre(4) didn't support j> > windowing at all. In modern FreeBSD ng_pptpgre(4) supports windowing. In j> > mpd windowing is turned on by default. This is done because some modern j> > MS Windows versions will refuse to connect if windowing is disabled. I j> > think, that if you disable windowing in mpd config, your performance will j> > come back. j> > j> Yes, you are correct, I am using PPTP and I should have specified that in j> my initial e-mail. Since I am using FreeBSD with mpd at both ends of the j> link is preferred to disable windowing on the client side, or the server j> side? If possible, I would prefer to disable it on the client side since j> I have several Windows users who also connect to this server. In general it is better to disable it on server, but be ready to turn it back if some incomaptible Windows version will want to connect. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Fri Jan 20 21:08:43 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A3A5A16A41F for ; Fri, 20 Jan 2006 21:08:43 +0000 (GMT) (envelope-from jhall@vandaliamo.net) Received: from trueband.net (director.trueband.net [216.163.120.8]) by mx1.FreeBSD.org (Postfix) with SMTP id 10A7D43D76 for ; Fri, 20 Jan 2006 21:08:42 +0000 (GMT) (envelope-from jhall@vandaliamo.net) Received: (qmail 28969 invoked by uid 1006); 20 Jan 2006 21:08:42 -0000 Received: from jhall@vandaliamo.net by rs0 by uid 1003 with qmail-scanner-1.16 (spamassassin: 2.64. Clear:SA:0(-0.8/100.0):. Processed in 3.072569 secs); 20 Jan 2006 21:08:42 -0000 X-Spam-Status: No, hits=-0.8 required=100.0 X-Spam-Level: Received: from unknown (HELO trueband.net) (172.16.0.11) by -v with SMTP; 20 Jan 2006 21:08:38 -0000 Received: (qmail 2939 invoked from network); 20 Jan 2006 21:08:38 -0000 Received: from unknown (HELO admintool.trueband.net) (127.0.0.1) by -v with SMTP; 20 Jan 2006 21:08:38 -0000 Received: from 199.223.158.225 (SquirrelMail authenticated user jhall@vandaliamo.net) by admintool.trueband.net with HTTP; Fri, 20 Jan 2006 21:08:38 -0000 (GMT) Message-ID: <1674.199.223.158.225.1137791318.squirrel@admintool.trueband.net> In-Reply-To: <20060120190805.GW83922@cell.sick.ru> References: <1302.199.223.158.225.1137685960.squirrel@admintool.trueband.net> <20060120150415.GU83922@FreeBSD.org> <1406.199.223.158.225.1137783443.squirrel@admintool.trueband.net> <20060120190805.GW83922@cell.sick.ru> Date: Fri, 20 Jan 2006 21:08:38 -0000 (GMT) From: jhall@vandaliamo.net To: "Gleb Smirnoff" User-Agent: SquirrelMail/1.4.4 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-net@freebsd.org, jhall@vandaliamo.net Subject: Re: mpd 3.18 and FreeBSD 6.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jan 2006 21:08:43 -0000 > On Fri, Jan 20, 2006 at 06:57:23PM -0000, jhall@vandaliamo.net wrote: > j> > I guess you are using PPTP, although this word is absent in your > mail. mpd > j> > can support different protocols, so reporting what you are actually > using > j> > is important. > j> > > j> > The PPTP protocol has a terrible idea - windowing, that degradates > tunnel > j> > performance a lot. In FreeBSD 4.8-RELEASE ng_pptpgre(4) didn't > support > j> > windowing at all. In modern FreeBSD ng_pptpgre(4) supports windowing. > In > j> > mpd windowing is turned on by default. This is done because some > modern > j> > MS Windows versions will refuse to connect if windowing is disabled. > I > j> > think, that if you disable windowing in mpd config, your performance > will > j> > come back. > j> > > j> Yes, you are correct, I am using PPTP and I should have specified that > in > j> my initial e-mail. Since I am using FreeBSD with mpd at both ends of > the > j> link is preferred to disable windowing on the client side, or the > server > j> side? If possible, I would prefer to disable it on the client side > since > j> I have several Windows users who also connect to this server. > > In general it is better to disable it on server, but be ready to turn it > back if some incomaptible Windows version will want to connect. > > Thank you for all your help. I have added set pptp disable windowing in the mpd.links file and everything is humming along now. Thanks again for all your help. Jay From owner-freebsd-net@FreeBSD.ORG Fri Jan 20 21:53:38 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B02B16A41F for ; Fri, 20 Jan 2006 21:53:38 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from thorn.pobox.com (thorn.pobox.com [208.210.124.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id B77A943D4C for ; Fri, 20 Jan 2006 21:53:37 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from thorn (localhost [127.0.0.1]) by thorn.pobox.com (Postfix) with ESMTP id 5ADA3D0; Fri, 20 Jan 2006 16:53:58 -0500 (EST) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by thorn.sasl.smtp.pobox.com (Postfix) with ESMTP id 1D92869AF; Fri, 20 Jan 2006 16:53:57 -0500 (EST) Received: from lists by mappit.local.linnet.org with local (Exim 4.60 (FreeBSD)) (envelope-from ) id 1F04CM-000DI9-09; Fri, 20 Jan 2006 21:53:34 +0000 Date: Fri, 20 Jan 2006 21:53:33 +0000 From: Brian Candler To: Alexey Popov Message-ID: <20060120215333.GA48603@uk.tiscali.com> References: <20051228143817.GA6898@uk.tiscali.com> <001401c60bc0$a3c87e90$1200a8c0@gsicomp.on.ca> <20051228153106.GA7041@uk.tiscali.com> <20051228164339.GB3875@zen.inc> <43B38747.1060906@iteranet.com> <20051229122549.GA11055@uk.tiscali.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051229122549.GA11055@uk.tiscali.com> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org Subject: Re: IPSEC documentation X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jan 2006 21:53:38 -0000 > On Thu, Dec 29, 2005 at 09:50:47AM +0300, Alexey Popov wrote: > > If we would also have NAT-T support, FreeBSD would be the best choice > > of VPN concentrator. I just saw this patch posted on the ipsec-tools-devel list: http://ipsec-tools.sf.net/freebsd6-natt.diff It's for FreeBSD 6 but also seems to apply cleanly to 5.4, apart from one file which I think needs this instead: --- ./netinet/in_proto.c.orig Mon Mar 21 16:05:35 2005 +++ ./netinet/in_proto.c Fri Jan 20 21:41:59 2006 @@ -108,7 +108,7 @@ &nousrreqs }, { SOCK_DGRAM, &inetdomain, IPPROTO_UDP, PR_ATOMIC|PR_ADDR, - udp_input, 0, udp_ctlinput, ip_ctloutput, + udp_input, 0, udp_ctlinput, udp_ctloutput, 0, udp_init, 0, 0, 0, &udp_usrreqs Haven't tested it yet - just waiting for kernel to recompile :-) Regards, Brian. From owner-freebsd-net@FreeBSD.ORG Fri Jan 20 22:21:26 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D91E916A41F for ; Fri, 20 Jan 2006 22:21:26 +0000 (GMT) (envelope-from vanhu@zeninc.net) Received: from corwin.easynet.fr (smarthost171.mail.easynet.fr [212.180.1.171]) by mx1.FreeBSD.org (Postfix) with ESMTP id 74D9C43D45 for ; Fri, 20 Jan 2006 22:21:25 +0000 (GMT) (envelope-from vanhu@zeninc.net) Received: from easyconnect2121135-233.clients.easynet.fr ([212.11.35.233] helo=smtp.zeninc.net) by corwin.easynet.fr with esmtp (Exim 4.50) id 1F04dI-0002d6-Dj for freebsd-net@freebsd.org; Fri, 20 Jan 2006 23:21:24 +0100 Received: by smtp.zeninc.net (smtpd, from userid 1000) id A6B543F17; Fri, 20 Jan 2006 23:21:19 +0100 (CET) Date: Fri, 20 Jan 2006 23:21:19 +0100 From: VANHULLEBUS Yvan To: freebsd-net@freebsd.org Message-ID: <20060120222119.GA2889@zen.inc> References: <20051228143817.GA6898@uk.tiscali.com> <001401c60bc0$a3c87e90$1200a8c0@gsicomp.on.ca> <20051228153106.GA7041@uk.tiscali.com> <20051228164339.GB3875@zen.inc> <43B38747.1060906@iteranet.com> <20051229122549.GA11055@uk.tiscali.com> <20060120215333.GA48603@uk.tiscali.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060120215333.GA48603@uk.tiscali.com> User-Agent: All mail clients suck. This one just sucks less. Subject: Re: IPSEC documentation X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jan 2006 22:21:27 -0000 On Fri, Jan 20, 2006 at 09:53:33PM +0000, Brian Candler wrote: > > On Thu, Dec 29, 2005 at 09:50:47AM +0300, Alexey Popov wrote: > > > If we would also have NAT-T support, FreeBSD would be the best choice > > > of VPN concentrator. > > I just saw this patch posted on the ipsec-tools-devel list: > http://ipsec-tools.sf.net/freebsd6-natt.diff I already posted the URL of this patch here some months ago, it's integration is being discussed with various people (and I never took time to send a PR). There are still some things to do from this patch, including sync with NetBSD recent features, NAT-T support for FAST_IPSEC, and provide a cleaner to help racoon's configure guess if there is kernel NAT-T support. I won't have time to work on that before next month. > It's for FreeBSD 6 but also seems to apply cleanly to 5.4, apart from one > file which I think needs this instead: I first ported FreeBSD 4's patch to FreeBSD 5, then I ported it to FreeBSD 6, and fixed some various things. FreeBSD5 to FreeBSD6 was really more a cleanup and a rediff (lines numbers changed, etc...) than a "port". Except the indentation changes you reported (introduced between FreeBSD6-RELEASE and FreeBSD6-STABLE), it should work without problems on FreeBSD5, but I don't really want to maintain a separate FreeBSD5 patch, unless there is really some important needs for it ! Yvan. -- NETASQ - Secure Internet Connectivity http://www.netasq.com From owner-freebsd-net@FreeBSD.ORG Fri Jan 20 23:11:07 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 932B416A41F; Fri, 20 Jan 2006 23:11:07 +0000 (GMT) (envelope-from archie@dellroad.org) Received: from smtp.omnis.com (smtp.omnis.com [216.239.128.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5788243D45; Fri, 20 Jan 2006 23:11:07 +0000 (GMT) (envelope-from archie@dellroad.org) Received: from [10.3.2.11] (unknown [208.63.111.51]) by smtp-relay.omnis.com (Postfix) with ESMTP id 61EB520068BB; Fri, 20 Jan 2006 15:11:06 -0800 (PST) Message-ID: <43D16E09.7040009@dellroad.org> Date: Fri, 20 Jan 2006 17:11:05 -0600 From: Archie Cobbs User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050715) X-Accept-Language: en-us, en MIME-Version: 1.0 To: jhall@vandaliamo.net References: <1302.199.223.158.225.1137685960.squirrel@admintool.trueband.net> <20060120150415.GU83922@FreeBSD.org> <1406.199.223.158.225.1137783443.squirrel@admintool.trueband.net> In-Reply-To: <1406.199.223.158.225.1137783443.squirrel@admintool.trueband.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Gleb Smirnoff Subject: Re: mpd 3.18 and FreeBSD 6.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jan 2006 23:11:07 -0000 jhall@vandaliamo.net wrote: > link is preferred to disable windowing on the client side, or the server > side? If possible, I would prefer to disable it on the client side since > I have several Windows users who also connect to this server. They are independent. Not sure if or how you can disable it on Windows. -Archie __________________________________________________________________________ Archie Cobbs * CTO, Awarix * http://www.awarix.com