From owner-freebsd-net Sun Mar 14 12:27:36 1999 Delivered-To: freebsd-net@freebsd.org Received: from mrdata.com (unknown [216.61.45.9]) by hub.freebsd.org (Postfix) with ESMTP id BED0B151CE for ; Sun, 14 Mar 1999 12:27:30 -0800 (PST) (envelope-from blakef@mrdata.com) Received: from teelah (teelah.mrdata.com [216.61.45.4]) by mrdata.com (8.8.8/8.8.5) with ESMTP id OAA09167 for ; Sun, 14 Mar 1999 14:27:11 -0600 (CST) Message-Id: <4.2.0.25.19990314142459.04370e90@mail.mrdata.com> X-Sender: blakef@mail.mrdata.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.25 (Beta) Date: Sun, 14 Mar 1999 14:27:10 -0600 To: freebsd-net@freebsd.org From: Blake Freeburg Subject: SNMP agent for 3.1? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, I have been trying to use the snmpd (ucd) version found in the ports (3.5.3) as well as 3.6. Wondering if I have missed anything, because if I try (using the straight compile and generated Example.conf with network modified to mine...) I get the following... Is there some kernel options I need to add? Blake # ./snmpstatus door local Error in packet. Reason: (noSuchName) There is no such variable name in this MIB. This name doesn't exist: system.sysDescr.0 Error in packet. Reason: (noSuchName) There is no such variable name in this MIB. This name doesn't exist: system.sysUpTime.0 Error in packet. Reason: (noSuchName) There is no such variable name in this MIB. This name doesn't exist: ip.ipInReceives.0 Error in packet. Reason: (noSuchName) There is no such variable name in this MIB. This name doesn't exist: ip.ipOutRequests.0 [216.61.45.1]=>[(null)] Up: 0:00:00 Error in packet. Reason: (noSuchName) There is no such variable name in this MIB. This name doesn't exist: interfaces.ifTable.ifEntry.ifOperStatus Interfaces: 0, Recv/Trans packets: 0/0 | IP: 0/0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Mar 15 1: 3:38 1999 Delivered-To: freebsd-net@freebsd.org Received: from arthur.axion.bt.co.uk (arthur.axion.bt.co.uk [132.146.5.4]) by hub.freebsd.org (Postfix) with ESMTP id 03B2514E1E for ; Mon, 15 Mar 1999 01:03:31 -0800 (PST) (envelope-from graeme.brown@bt-sys.bt.co.uk) Received: from rambo (actually rambo.futures.bt.co.uk) by arthur (local) with SMTP; Mon, 15 Mar 1999 09:02:07 +0000 Received: from maczebedee (actually macsmtp) by rambo with SMTP (PP); Mon, 15 Mar 1999 09:03:06 +0000 Message-ID: Date: 15 Mar 1999 09:06:36 +0100 From: Graeme Brown Subject: Why does it it take so long to establish a connection to some FreeBSD hosts ? To: "FreeBSD-Net (FreeBSD.Org) List" X-Mailer: Mail*Link SMTP for Quarterdeck Mail; Version 4.0.0 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi I have noticed on several occasions that it may take on the order of minutes to establish a telnet or ftp connection between two FreeBSD (typically our FBSD boxes are using releases 2.2.6 -> 2.2.8. Does this have something to do with TCP configuration options ? What do I need to do to speed this up ? TIA Graeme N Brown BT labs, Uk email: graeme.brown@bt-sys.bt.co.uk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Mar 15 1:10:11 1999 Delivered-To: freebsd-net@freebsd.org Received: from arthur.axion.bt.co.uk (arthur.axion.bt.co.uk [132.146.5.4]) by hub.freebsd.org (Postfix) with ESMTP id BCEBC14EA8 for ; Mon, 15 Mar 1999 01:10:09 -0800 (PST) (envelope-from graeme.brown@bt-sys.bt.co.uk) Received: from rambo (actually rambo.futures.bt.co.uk) by arthur (local) with SMTP; Mon, 15 Mar 1999 09:07:44 +0000 Received: from maczebedee (actually macsmtp) by rambo with SMTP (PP); Mon, 15 Mar 1999 09:09:07 +0000 Message-ID: Date: 15 Mar 1999 09:12:27 +0100 From: Graeme Brown Subject: Running superuser scripts remotely To: "FreeBSD-Net (FreeBSD.Org) List" X-Mailer: Mail*Link SMTP for Quarterdeck Mail; Version 4.0.0 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi What would folks on this list recommend as a convenient and secure way to run a script (which needs to run with root level permissions) remotely on a FreeBSD box controlled from another FreeBSD box without having to go through a login/password sequence ? Should I be looking at ssh and sudo etc form ports collection ? TIA Graeme N Brown BT labs, UK email: graeme.brown@bt-sys.bt.co.uk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Mar 15 2: 2:23 1999 Delivered-To: freebsd-net@freebsd.org Received: from rose.niw.com.au (app3022-2.gw.connect.com.au [203.63.119.4]) by hub.freebsd.org (Postfix) with ESMTP id 626E514FBA for ; Mon, 15 Mar 1999 02:00:25 -0800 (PST) (envelope-from ian@apdata.com.au) Received: from apdata.com.au (localhost [127.0.0.1]) by rose.niw.com.au (Postfix) with ESMTP id 992F4A372B; Mon, 15 Mar 1999 20:30:05 +1030 (CST) Message-ID: <36ECDA25.62537880@apdata.com.au> Date: Mon, 15 Mar 1999 20:30:05 +1030 From: Ian West Organization: Applied Data Control X-Mailer: Mozilla 4.5 [en] (X11; I; FreeBSD 4.0-CURRENT i386) X-Accept-Language: en MIME-Version: 1.0 To: Graeme Brown , freebsd-net@freebsd.org Subject: Re: Why does it it take so long to establish a connection to some FreeBSDhosts ? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Graeme Brown wrote: > > Hi > > I have noticed on several occasions that it may take on the order of minutes > to establish > a telnet or ftp connection between two FreeBSD (typically our FBSD > boxes are using releases 2.2.6 -> 2.2.8. Does this have something to do with > TCP configuration options ? What do I need to do to speed this up ? > > TIA > > Graeme N Brown > BT labs, Uk > email: graeme.brown@bt-sys.bt.co.uk > When I have seen this, it is usually due to DNS lookups timing out, either due to an unresolveable source address, or a loss of connection to the master DNS server. Easy answer if you are using local boxes is to make sure /etc/hosts is referenced first (/etc/host.conf), and put the interfaces of the two boxes into /etc/hosts. If do not have DNS enabled, then I have no idea :-) ... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Mar 15 4:34:19 1999 Delivered-To: freebsd-net@freebsd.org Received: from mail.rwth-aachen.de (mail.RWTH-Aachen.DE [137.226.144.9]) by hub.freebsd.org (Postfix) with ESMTP id 9484114F44 for ; Mon, 15 Mar 1999 04:33:56 -0800 (PST) (envelope-from heinig@hdz-ima.rwth-aachen.de) Received: from HDZ-IMA.RWTH-Aachen.de (majestix.hdz-ima.RWTH-Aachen.DE) by mail.rwth-aachen.de (PMDF V5.1-12 #30440) with ESMTP id <01J8V07XZ3DC00055S@mail.rwth-aachen.de> for freebsd-net@FreeBSD.ORG; Mon, 15 Mar 1999 13:33:38 +0100 Received: from MAJESTIX/MAIL by HDZ-IMA.RWTH-Aachen.de (Mercury 1.20); Mon, 15 Mar 1999 13:35:44 +0000 Received: from MAIL by MAJESTIX (Mercury 1.20); Mon, 15 Mar 1999 13:35:35 +0000 Received: from hdz-ima.rwth-aachen.de by HDZ-IMA.RWTH-Aachen.de (Mercury 1.20) with ESMTP; Mon, 15 Mar 1999 13:35:29 +0000 Date: Mon, 15 Mar 1999 13:34:00 +0100 From: Gerald Heinig Subject: Re: Running superuser scripts remotely To: Graeme Brown Cc: "FreeBSD-Net (FreeBSD.Org) List" Message-id: <36ECFE38.7DF02DFC@hdz-ima.rwth-aachen.de> Organization: Informatik im Maschinenbau / Hochschuldidaktisches Zentrum, RWTH Aachen MIME-version: 1.0 X-Mailer: Mozilla 4.5 [en] (X11; I; FreeBSD 2.2.7-RELEASE i386) Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7bit X-Accept-Language: en References: Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Graeme Brown wrote: > > Hi > > What would folks on this list recommend as a convenient and secure > way to run a script (which needs to run with root level permissions) remotely > on a FreeBSD box controlled from another FreeBSD box without having to go > through a login/password sequence ? > > Should I be looking at ssh and sudo etc form ports collection ? > Graeme, I used rsh with kerberos authentication on my two machines at home, just for fun. The transmissions don't get encrypted, which might not be enough for you, but it would prevent the wrong people doing stuff on your machine remotely. I'm sure ssh has the same and better functionality, though. Gerald -- "Would you like to buy an encyclopaedia to help your child get to college?" "He doesn't need it. He takes the bus!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Mar 15 7:39:56 1999 Delivered-To: freebsd-net@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 30D2014F85 for ; Mon, 15 Mar 1999 07:38:37 -0800 (PST) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id KAA26142; Mon, 15 Mar 1999 10:35:49 -0500 (EST) (envelope-from wollman) Date: Mon, 15 Mar 1999 10:35:49 -0500 (EST) From: Garrett Wollman Message-Id: <199903151535.KAA26142@khavrinen.lcs.mit.edu> To: Gerald Heinig Cc: Graeme Brown , "FreeBSD-Net (FreeBSD.Org) List" Subject: Re: Running superuser scripts remotely In-Reply-To: <36ECFE38.7DF02DFC@hdz-ima.rwth-aachen.de> References: <36ECFE38.7DF02DFC@hdz-ima.rwth-aachen.de> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > I used rsh with kerberos authentication on my two machines at home, just > for fun. The transmissions don't get encrypted, which might not be > enough for you, but it would prevent the wrong people doing stuff on > your machine remotely. `rsh -x' is your friend.... I use it all the time (as well as its cousin `rcp -x'). However, Kerberos is a but much to be setting up for an individual workstation -- it really only makes sense in environments like ours where you have O(1000) machines and users. (That said, many of our groups these days can't be bothered to set up Kerberos on their machines, either, despite the fact that it would make their lives a lot easier.) Kerberos v4 has a number of now-well-known security weaknesses as well as (if the KDC is old enough) a serious Y2K problem. Kerberos v5 is better, but the transition is a pain. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Mar 15 8:30:43 1999 Delivered-To: freebsd-net@freebsd.org Received: from mail.cc.ncu.edu.tw (mail.cc.ncu.edu.tw [140.115.17.120]) by hub.freebsd.org (Postfix) with ESMTP id 459A214E06 for ; Mon, 15 Mar 1999 08:30:31 -0800 (PST) (envelope-from s4362021@cc.ncu.edu.tw) Received: from NET.H2.NU ([140.115.81.98]) by mail.cc.ncu.edu.tw (8.9.1/8.9.1/SUN/Solaris) with SMTP id AAA14451 for ; Tue, 16 Mar 1999 00:27:45 +0800 (CST) From: "=?big5?B?rUqlv73l?=" To: Subject: CNET-1.4p3 on 3.1 Release??? Date: Tue, 16 Mar 1999 00:30:26 +0800 Message-ID: <000001be6f01$22920d40$6251738c@NET.H2.NU> MIME-Version: 1.0 Content-Type: text/plain; charset="big5" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi...ALL...: Now my system had install FreeBSD 3.1 Release and cnet-1.4p3 with package (not porting). But when I run cnet It shows the following message: >cnet TICKTOCK Warniing - DISPLAY variable not defined, using ASCI environment Linking ticktock.cnet cc : could not exec elf/cc in usr/libexec : No such file or directory What it means? I checked the dir in /usr/libexec/elf and I can't fine the file "cc" How should I install it?! Thanx for your help... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Mar 15 9:36: 4 1999 Delivered-To: freebsd-net@freebsd.org Received: from mail.promo.de (mail.Promo.DE [194.45.188.65]) by hub.freebsd.org (Postfix) with ESMTP id 4365515108 for ; Mon, 15 Mar 1999 09:35:45 -0800 (PST) (envelope-from stefan.bethke@hanse.de) Received: from d225.promo.de (d225.Promo.DE [194.45.188.225]) by mail.promo.de (8.8.8/8.8.8) with ESMTP id SAA00961; Mon, 15 Mar 1999 18:34:49 +0100 (CET) Date: Mon, 15 Mar 1999 18:34:49 +0100 From: Stefan Bethke To: Steve Rubin , Jesse Cc: freebsd-net@FreeBSD.ORG Subject: Re: routing based on source address Message-ID: <421040.3130511689@d225.promo.de> In-Reply-To: <19990313234328.A758@tch.org> Originator-Info: login-id=stefan; server=mail X-Mailer: Mulberry (MacOS) [1.4.2, s/n U-301178] MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > On Fri, Feb 26, 1999 at 01:53:50AM -0800, Jesse wrote: >> >> Hi, >> >> I have a box hooked up to a network with access to two seperate lines >> going to two seperate networks (206.x.x.x for link #1 and 207.x.x.x for >> link #2). The machine has IP addresses on both IP ranges. The default >> gateway is 207.x.x.1. >> >> I'm running a server which is bound to a 206.x.x.x IP. However, since = my >> default gateway is 207.x.x.1, it sends all data out on link #2 but >> receives incoming data over link #1. This means that if either link #1 = or >> link #2 is down, I'm effectively dead in the water. >> >> Is there any way to tell my box that for all data going out of it with = a >> /source/ address of 206.x.x.x should be sent through the 206.x.x.1 >> gateway? I know I can do this based on destination, but I have no clue >> how to do it based on source (and unfortunately I can't predict the >> addresses of all the clients I'll be communicating with). If you're running 3.0 or later, try ipfw(8) and look for the 'forward=B4 action. A rule like # ipfw add ip from 206.x.x.y to any forward 206.x.x.1 should forward all packets originating in 206.x.x.y to the gateway on the 206.x.x.y network. If you have locally attached machines, or more than = one gateway, I would guess it doesn't work. HTH, Stefan -- M=FChlendamm 12 | Voice +49-40-256848, +49-177-3504009 D-22089 Hamburg | e-mail: stefan.bethke@hanse.de Germany | stb@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Mar 15 10:10:22 1999 Delivered-To: freebsd-net@freebsd.org Received: from mail.rwth-aachen.de (mail.RWTH-Aachen.DE [137.226.144.9]) by hub.freebsd.org (Postfix) with ESMTP id 84C7B151BA for ; Mon, 15 Mar 1999 10:10:09 -0800 (PST) (envelope-from heinig@hdz-ima.rwth-aachen.de) Received: from HDZ-IMA.RWTH-Aachen.de (majestix.hdz-ima.RWTH-Aachen.DE) by mail.rwth-aachen.de (PMDF V5.1-12 #30440) with ESMTP id <01J8VBT2LINA00002K@mail.rwth-aachen.de> for freebsd-net@FreeBSD.ORG; Mon, 15 Mar 1999 19:06:01 +0100 Received: from MAJESTIX/MAIL by HDZ-IMA.RWTH-Aachen.de (Mercury 1.20); Mon, 15 Mar 1999 19:08:09 +0000 Received: from MAIL by MAJESTIX (Mercury 1.20); Mon, 15 Mar 1999 19:07:53 +0000 Received: from hdz-ima.rwth-aachen.de by HDZ-IMA.RWTH-Aachen.de (Mercury 1.20) with ESMTP; Mon, 15 Mar 1999 19:07:49 +0000 Date: Mon, 15 Mar 1999 19:06:20 +0100 From: Gerald Heinig Subject: Re: Running superuser scripts remotely To: Garrett Wollman Cc: "FreeBSD-Net (FreeBSD.Org) List" Message-id: <36ED4C1C.C4F71A49@hdz-ima.rwth-aachen.de> Organization: Informatik im Maschinenbau / Hochschuldidaktisches Zentrum, RWTH Aachen MIME-version: 1.0 X-Mailer: Mozilla 4.5 [en] (X11; I; FreeBSD 2.2.7-RELEASE i386) Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7bit X-Accept-Language: en References: <36ECFE38.7DF02DFC@hdz-ima.rwth-aachen.de> <199903151535.KAA26142@khavrinen.lcs.mit.edu> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Garrett Wollman wrote: > > < said: > > > I used rsh with kerberos authentication on my two machines at home, just > > for fun. The transmissions don't get encrypted, which might not be > > enough for you, but it would prevent the wrong people doing stuff on > > your machine remotely. > > `rsh -x' is your friend.... I use it all the time (as well as its > cousin `rcp -x'). You're right :-) It's quite a while since I did this and all I can remember is that one of the commands refused to encrypt the transmission. I can't even remember if I managed to sort that one out, after all, it's not *really* necessary on a private domestic network... :-) :-) > > However, Kerberos is a but much to be setting up for an individual > workstation -- it really only makes sense in environments like ours > where you have O(1000) machines and users. (That said, many of our > groups these days can't be bothered to set up Kerberos on their > machines, either, despite the fact that it would make their lives a > lot easier.) > > Kerberos v4 has a number of now-well-known security weaknesses as well > as (if the KDC is old enough) a serious Y2K problem. Kerberos v5 is > better, but the transition is a pain. While we're on the subject: is there a way of encrypting NFS transfers? AFAIK, even secure NFS doesn't actually encrypt all transmissions, but I'm not sure. I haven't looked at the Sun manuals recently. Gerald -- "Would you like to buy an encyclopaedia to help your child get to college?" "He doesn't need it. He takes the bus!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Mar 15 14:55:24 1999 Delivered-To: freebsd-net@freebsd.org Received: from hugin.odin-corporation.com (fredriks-1.pr.mcs.net [205.164.50.241]) by hub.freebsd.org (Postfix) with ESMTP id 85ACD14BE4 for ; Mon, 15 Mar 1999 14:55:13 -0800 (PST) (envelope-from lars@odin-corporation.com) Received: from odin-corporation.com (localhost [127.0.0.1]) by hugin.odin-corporation.com (8.9.2/8.9.1) with ESMTP id QAA67454; Mon, 15 Mar 1999 16:54:54 -0600 (CST) (envelope-from lars@odin-corporation.com) Message-ID: <36ED8FBE.D2BD78DC@odin-corporation.com> Date: Mon, 15 Mar 1999 16:54:54 -0600 From: Lars Fredriksen Organization: Odin Corporation X-Mailer: Mozilla 4.5 [en] (X11; I; FreeBSD 4.0-CURRENT i386) X-Accept-Language: no, en MIME-Version: 1.0 To: freebsd-net@freebsd.org, Paul.Mackerras@cs.anu.edu.au Subject: pppd in current Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, 3/22/98 version 1.8 of lcp.c changed the async map for the receiving side from defaulting to 0 to all Fs. This seems to cause problems with a few ppp servers as far as I can tell. The symptom is that one get connected ok, but no packets seems to flow. If you turn on debugging for the ppp driver you will find the following message: ppp0: missing UI (0x3), got 0x21 You will also notice that nestat -i is reporting input errors on the ppp interface. The question I have is this: 1) Is this a bug ? I believe starting pppd with the -asyncmap 0x0 option will work around the problem. 2) If the correct value is 0xffffffff, what is needed to be able to talk to the remote, besides setting the async map to 0? Is there some option negotiation that pppd should be doing with the remote that remedies this? Lars To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Mar 15 15: 1:43 1999 Delivered-To: freebsd-net@freebsd.org Received: from mail.numachi.com (numachi.numachi.com [198.175.254.2]) by hub.freebsd.org (Postfix) with SMTP id 39E0214F29 for ; Mon, 15 Mar 1999 15:01:14 -0800 (PST) (envelope-from reichert@numachi.com) Received: (qmail 1940 invoked by uid 1001); 15 Mar 1999 23:00:54 -0000 Message-ID: <19990315180054.D28579@numachi.com> Date: Mon, 15 Mar 1999 18:00:54 -0500 From: Brian Reichert To: freebsd-net@freebsd.org Subject: Re: Running superuser scripts remotely References: <36ECFE38.7DF02DFC@hdz-ima.rwth-aachen.de> <199903151535.KAA26142@khavrinen.lcs.mit.edu> <36ED4C1C.C4F71A49@hdz-ima.rwth-aachen.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.91i In-Reply-To: <36ED4C1C.C4F71A49@hdz-ima.rwth-aachen.de>; from Gerald Heinig on Mon, Mar 15, 1999 at 07:06:20PM +0100 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Mar 15, 1999 at 07:06:20PM +0100, Gerald Heinig wrote: > Garrett Wollman wrote: > > While we're on the subject: is there a way of encrypting NFS transfers? > AFAIK, even secure NFS doesn't actually encrypt all transmissions, but > I'm not sure. I haven't looked at the Sun manuals recently. See if this looks like fun: http://zaphod.ethz.ch/linux/tcfs/ > Gerald -- Brian 'you Bastard' Reichert reichert@numachi.com 37 Crystal Ave. #303 Current daytime number: (603)-434-6842 Derry NH 03038-1713 USA Intel architecture: the left-hand path To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Mar 15 16:41:30 1999 Delivered-To: freebsd-net@freebsd.org Received: from tango.anu.edu.au (tango.anu.edu.au [150.203.164.89]) by hub.freebsd.org (Postfix) with ESMTP id A447C14C3F for ; Mon, 15 Mar 1999 16:41:23 -0800 (PST) (envelope-from paulus@tango.anu.edu.au) Received: (from paulus@localhost) by tango.anu.edu.au (8.8.8/8.8.8) id LAA16633; Tue, 16 Mar 1999 11:39:58 +1100 Date: Tue, 16 Mar 1999 11:39:58 +1100 Message-Id: <199903160039.LAA16633@tango.anu.edu.au> From: Paul Mackerras To: lars@odin-corporation.com Cc: freebsd-net@freebsd.org In-reply-to: <36ED8FBE.D2BD78DC@odin-corporation.com> (message from Lars Fredriksen on Mon, 15 Mar 1999 16:54:54 -0600) Subject: Re: pppd in current Reply-To: Paul.Mackerras@cs.anu.edu.au References: <36ED8FBE.D2BD78DC@odin-corporation.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Lars Fredriksen wrote: > 3/22/98 version 1.8 of lcp.c changed the async map for the receiving > side from defaulting to 0 to all Fs. That's correct according to the RFC. > This seems to cause problems with a few ppp servers as far as I can > tell. The symptom is that one get > connected ok, but no packets seems to flow. If you turn on debugging for > the ppp driver you will find the > following message: > > ppp0: missing UI (0x3), got 0x21 That debug message doesn't seem to relate to the asyncmap. I would have to see a log of the negotiation to know more exactly what's going on. There are some buggy PPP implementations out there that assume that if the asyncmap isn't negotiated they can assume it is 0. I guess that's what you're probably encountering. Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Mar 15 17: 5: 5 1999 Delivered-To: freebsd-net@freebsd.org Received: from mail.rwth-aachen.de (mail.RWTH-Aachen.DE [137.226.144.9]) by hub.freebsd.org (Postfix) with ESMTP id C43C4151AA for ; Mon, 15 Mar 1999 17:05:00 -0800 (PST) (envelope-from heinig@hdz-ima.rwth-aachen.de) Received: from HDZ-IMA.RWTH-Aachen.de (majestix.hdz-ima.RWTH-Aachen.DE) by mail.rwth-aachen.de (PMDF V5.1-12 #30440) with ESMTP id <01J8VQG6ESH60000BW@mail.rwth-aachen.de> for freebsd-net@FreeBSD.ORG; Tue, 16 Mar 1999 02:04:44 +0100 Received: from MAJESTIX/MAIL by HDZ-IMA.RWTH-Aachen.de (Mercury 1.20); Tue, 16 Mar 1999 02:06:51 +0000 Received: from MAIL by MAJESTIX (Mercury 1.20); Tue, 16 Mar 1999 02:06:49 +0000 Received: from hdz-ima.rwth-aachen.de by HDZ-IMA.RWTH-Aachen.de (Mercury 1.20) with ESMTP; Tue, 16 Mar 1999 02:06:39 +0000 Date: Tue, 16 Mar 1999 02:05:09 +0100 From: Gerald Heinig Subject: Re: Running superuser scripts remotely To: Brian Reichert Cc: freebsd-net@FreeBSD.ORG Message-id: <36EDAE45.ADD2BC63@hdz-ima.rwth-aachen.de> Organization: Informatik im Maschinenbau / Hochschuldidaktisches Zentrum, RWTH Aachen MIME-version: 1.0 X-Mailer: Mozilla 4.5 [en] (X11; I; FreeBSD 2.2.7-RELEASE i386) Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7bit X-Accept-Language: en References: <36ECFE38.7DF02DFC@hdz-ima.rwth-aachen.de> <199903151535.KAA26142@khavrinen.lcs.mit.edu> <36ED4C1C.C4F71A49@hdz-ima.rwth-aachen.de> <19990315180054.D28579@numachi.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brian Reichert wrote: > > On Mon, Mar 15, 1999 at 07:06:20PM +0100, Gerald Heinig wrote: > > Garrett Wollman wrote: > > > > While we're on the subject: is there a way of encrypting NFS transfers? > > AFAIK, even secure NFS doesn't actually encrypt all transmissions, but > > I'm not sure. I haven't looked at the Sun manuals recently. > > See if this looks like fun: > > http://zaphod.ethz.ch/linux/tcfs/ > ...certainly does :-) Gerald -- "Would you like to buy an encyclopaedia to help your child get to college?" "He doesn't need it. He takes the bus!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Mar 16 2:19:25 1999 Delivered-To: freebsd-net@freebsd.org Received: from web701.mail.yahoo.com (web701.mail.yahoo.com [128.11.23.21]) by hub.freebsd.org (Postfix) with SMTP id 8456414CD0 for ; Tue, 16 Mar 1999 02:19:24 -0800 (PST) (envelope-from fredv6@yahoo.fr) Message-ID: <19990316101735.16201.rocketmail@web701.mail.yahoo.com> Received: from [130.79.75.90] by web701.mail.yahoo.com; Tue, 16 Mar 1999 02:17:35 PST Date: Tue, 16 Mar 1999 02:17:35 -0800 (PST) From: "Frédéric" SOULIER To: freebsd-net MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi there ! I'm looking for documentation about Net kernel sources Are there books or other ressources ? Thanx. == ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Frédéric SOULIER - CS student @ ULP - Strasbourg - FRANCE e-mail : fredv6@yahoo.fr, soulier@dess-info.u-strasbg.fr web : http://dess-info.u-strasbg.fr/~soulier ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _________________________________________________________ ÊTES-VOUS YAHOO!? Votre e-mail @yahoo.fr gratuit sur http://courrier.yahoo.fr To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Mar 16 2:57:25 1999 Delivered-To: freebsd-net@freebsd.org Received: from gateway.newtoy.com (snowfox.pr.mcs.net [205.164.44.72]) by hub.freebsd.org (Postfix) with ESMTP id 6263F151F3 for ; Tue, 16 Mar 1999 02:57:00 -0800 (PST) (envelope-from snowfox@snowfox.net) Received: from milk ([192.168.2.1]) by gateway.newtoy.com (8.8.8/8.8.8) with SMTP id EAA04455 for ; Tue, 16 Mar 1999 04:59:51 -0600 (CST) (envelope-from snowfox@snowfox.net) Message-ID: <001901be6f9c$1c941280$0102a8c0@milk.newtoy.com> From: "SnowFox" To: Subject: Re: Net Kernel Sources Date: Tue, 16 Mar 1999 04:59:49 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3155.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org There's a nice brief overview of the system in Design and Implementation of the 4.4BSD Operating System and TCP/IP illustrated (3 volumes) provides a nice 4.4BSD dissection. Cheers - Brian V. McGroarty -----Original Message----- From: Frédéric SOULIER To: freebsd-net Date: Tuesday, March 16, 1999 4:22 AM > Hi there ! > >I'm looking for documentation about Net kernel sources >Are there books or other ressources ? > >Thanx. > >== >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Frédéric SOULIER - CS student @ ULP - Strasbourg - FRANCE > e-mail : fredv6@yahoo.fr, soulier@dess-info.u-strasbg.fr > web : http://dess-info.u-strasbg.fr/~soulier >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >_________________________________________________________ >ÊTES-VOUS YAHOO!? >Votre e-mail @yahoo.fr gratuit sur http://courrier.yahoo.fr > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Mar 16 4: 4:11 1999 Delivered-To: freebsd-net@freebsd.org Received: from arthur.axion.bt.co.uk (arthur.axion.bt.co.uk [132.146.5.4]) by hub.freebsd.org (Postfix) with ESMTP id 3D85B15395 for ; Tue, 16 Mar 1999 04:04:03 -0800 (PST) (envelope-from caroline.beauchamps@bt-sys.bt.co.uk) Received: from rambo (actually rambo.futures.bt.co.uk) by arthur (local) with SMTP; Tue, 16 Mar 1999 12:02:17 +0000 Received: from mussel.futures.bt.co.uk (actually mussel) by rambo with SMTP (PP); Tue, 16 Mar 1999 11:06:57 +0000 Received: by mussel.futures.bt.co.uk with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62) id <01BE6F9C.1732D060@mussel.futures.bt.co.uk>; Tue, 16 Mar 1999 10:59:40 -0000 Message-ID: From: Caroline Beauchamps To: 'freebsd-net' , =?iso-8859-1?Q?=22=27Fr=7F?= =?iso-8859-1?Q?d=7Fric=5C=22_SOULIER=27=22?= Subject: RE: Date: Tue, 16 Mar 1999 11:12:04 -0000 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62 MIME-version: 1.0 Content-type: text/plain; charset="iso-8859-1" Content-transfer-encoding: quoted-printable Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi Frederic, You have the TCP/IP Illustrated Volume 2 from Richard Stevens, which explains the kernel sources. It is very useful. regards, Caroline >---------- >From: Fr=7Fd=7Fric" SOULIER[SMTP:fredv6@yahoo.fr] >Sent: 16 March 1999 10:17 >To: freebsd-net > > Hi there ! > >I'm looking for documentation about Net kernel sources >Are there books or other ressources ? > >Thanx. > >=3D=3D >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Fridiric SOULIER - CS student @ ULP - Strasbourg - FRANCE > e-mail : fredv6@yahoo.fr, soulier@dess-info.u-strasbg.fr > web : http://dess-info.u-strasbg.fr/~soulier >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >_________________________________________________________ >JTES-VOUS YAHOO!? >Votre e-mail @yahoo.fr gratuit sur http://courrier.yahoo.fr > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Mar 16 5:58:53 1999 Delivered-To: freebsd-net@freebsd.org Received: from obie.softweyr.com (unknown [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id 2468014E51 for ; Tue, 16 Mar 1999 05:58:50 -0800 (PST) (envelope-from wes@softweyr.com) Received: from softweyr.com (wes@zaphod.softweyr.com [204.68.178.35]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id GAA14650; Tue, 16 Mar 1999 06:58:01 -0700 (MST) (envelope-from wes@softweyr.com) Message-ID: <36EE6368.95A5FA71@softweyr.com> Date: Tue, 16 Mar 1999 06:58:00 -0700 From: Wes Peters Organization: Softweyr llc X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: =?iso-8859-1?Q?Fr=E9d=E9ric?= SOULIER Cc: freebsd-net Subject: Re: Net kernel sources References: <19990316101735.16201.rocketmail@web701.mail.yahoo.com> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Frédéric SOULIER" wrote: > > Hi there ! > > I'm looking for documentation about Net kernel sources > Are there books or other ressources ? Sure. Start with "TCP/IP Illustrated, Volume 2: The Implementation" by Gary Wright and W. Richard Stevens, or "The Design and Implementation of the 4.4BSD Operating System" by Marshall Kirk McKusick et al. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.softweyr.com/~softweyr wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Mar 16 21: 9:38 1999 Delivered-To: freebsd-net@freebsd.org Received: from web704.mail.yahoo.com (web704.mail.yahoo.com [128.11.23.24]) by hub.freebsd.org (Postfix) with SMTP id 17AB4152AE for ; Tue, 16 Mar 1999 21:09:20 -0800 (PST) (envelope-from boardyan@yahoo.com) Message-ID: <19990317050858.7049.rocketmail@web704.mail.yahoo.com> Received: from [131.228.20.19] by web704.mail.yahoo.com; Tue, 16 Mar 1999 21:08:58 PST Date: Tue, 16 Mar 1999 21:08:58 -0800 (PST) From: boards yan Subject: exhausted To: freebsd-net@FreeBSD.ORG MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I tried to set the tcp socket Option(SO_RCV,TCP_MAXSEG), but failed all the time. The program seems quite normal. However, the supervision using tcpdump shows that the option is unchanged. :-( Can anybody give me a reason? B.R. ------------------------------------------------- { int number=512,n,optlen; struct protoent *p; p = getprotobyname("tcp"); if( p && setsockopt(fd, p->p_proto, TCP_MAXSEG, &number, sizeof(one)) < 0) err("setsockopt: MAXSEG"); optlen=sizeof(n); if (getsockopt(fd, p->p_proto, TCP_MAXSEG, (char*) &n, &optlen)<0) err("getsockopt: MAXSEG-getsockopt"); fprintf(stderr,"\n MAXSEG set to %d",n); } ---------------------------------------------------- if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, (char*) &sockbufsize, sizeof(sockbufsize)) < 0) perror("setsockopt: rcvbuf"); { int n; int optlen; optlen=sizeof(n); if (getsockopt(fd, SOL_SOCKET, SO_RCVBUF, (char*) &n, &optlen)<0) perror("getsockopt"); if (n!=sockbufsize) printf("\n revbuff not set correctly"); else printf("\n buffer set to %d",n); } ---------------------------------------------------- _________________________________________________________ DO YOU YAHOO!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Mar 16 21:24:15 1999 Delivered-To: freebsd-net@freebsd.org Received: from bladerunner.skynetweb.com (bladerunner.skynetweb.com [208.239.240.41]) by hub.freebsd.org (Postfix) with ESMTP id 19D7814F50 for ; Tue, 16 Mar 1999 21:24:10 -0800 (PST) (envelope-from pryker@skynetweb.com) Received: from skynetweb.com (host80.skynetweb.com [208.231.1.80] (may be forged)) by bladerunner.skynetweb.com (8.8.8/8.8.8) with ESMTP id AAA12848 for ; Wed, 17 Mar 1999 00:23:51 -0500 (EST) (envelope-from pryker@skynetweb.com) Message-ID: <36EEF483.50E1623A@skynetweb.com> Date: Wed, 17 Mar 1999 00:17:07 +0000 From: Phillip Ryker Organization: SkyNetWEB Ltd. X-Mailer: Mozilla 4.5 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: IP_Dummynet... Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Good evening, I am writting to see if it would be possible to get a little more insight on setting up dummynet. I have installed freeBSD v3.1 -STABLE on a box with 2 ethernet cards. I have done a make world and have recompiled the kernel with the following options: OPTION IPFIREWALL OPTION IPFIREWALL_VERBOSE OPTION DUMMYNET I have setup an "OPEN" firewall scenario and have the following rules in rc.firewall: # -------------------------------------------------- # Molasses Firewall Setup # -------------------------------------------------- $fwcmd add 65000 pass all from any to any # Packet Selection Pipes $fwcmd add 500 pipe 1 ip from any to any in via xl1 $fwcmd add 600 pipe 2 all from any to any out via xl0 # Bandwidth Limiter Pipes $fwcmd pipe 1 config bw 64Kbit/s $fwcmd pipe 2 config bw 64Kbit/s # -------------------------------------------------- and a 'ipfw show' gives me: 00500 4 336 pipe 1 ip from any to any in recv xl1 00600 2501 142167 pipe 2 ip from any to any out xmit xl0 65000 6418 432995 allow ip from any to any 65535 0 0 deny ip from any to any But it is not working at all. The box is passing packets properly between the 2 interfaces and I can ping through the firewall but it will not limit the bandwidth to 64kbps. Would it be possible that you could send me an example config from a working setup or send me any information on what I am doing wrong. I basically just want the box to limit traffic through it. I have read the man page and the dummynet web page but I am still stumped. Your assistance would be greatly appreciated. -- Phillip Ryker ------------------------------ | SkyNetWEB Ltd. | | 1301 S. Baylis Street | | Baltimore Maryland 21226 | | Phone: 410.563.6384 | | Fax: 410.563.5457 | ------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Mar 16 22:55:56 1999 Delivered-To: freebsd-net@freebsd.org Received: from smtp1.jps.net (smtp1.jps.net [209.63.224.236]) by hub.freebsd.org (Postfix) with ESMTP id DF4ED150A3 for ; Tue, 16 Mar 1999 22:55:53 -0800 (PST) (envelope-from onemo@jps.net) Received: from jps.net (209-63-247-21.smf.jps.net [209.63.247.21]) by smtp1.jps.net (8.8.5/8.8.5) with ESMTP id WAA13781 for ; Tue, 16 Mar 1999 22:55:33 -0800 (PST) Message-ID: <36EF50D4.D3495A0D@jps.net> Date: Tue, 16 Mar 1999 22:51:00 -0800 From: me X-Mailer: Mozilla 4.5 [en] (X11; I; FreeBSD 3.1-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: [Fwd: named message since upgrading to 3.1-Stable] Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I sent the following message to the FreeBSD-Stable list, and haven't received any responses, so I figured I'd send it to this list and see if anyone here can help. Please respond directly to me since I don't subscribe to this list. Thanks, MO! > Hello all, > > I keep getting the following message from named: > > ... named[104]: bind(dfd=24), [{ip addr}].53): Permission denied > > I chown'd the /etc/namedb/s directory to the bind sandbox ID as > instructed. I'm using the following named.conf file: > > // $Id: named.conf,v 1.3 1998/11/14 19:43:00 mso Exp $ > // > options { > directory "/etc/namedb"; > dump-file "s/named_dump.db"; > forward only; > forwarders { > (isp addr1); > (isp addr2); > }; > }; > > zone "." { > type hint; > file "named.root"; > }; > > zone "0.0.127.IN-ADDR.ARPA" { > type master; > file "s/named.local.rev"; > }; > > zone "mydomain.com" { > type master; > file "s/mydomain.hosts"; > }; > > zone "2.168.192.in-addr.arpa" { > type master; > file "s/mydomain.rev"; > }; > > I've searched through the BIND faqs and docs located at the ISC site to > no avail. Everything works correctly, It's just 1) annoying and 2) > possibly bothering my ISP(?). > > Any help would be appreciated. > > MO! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Mar 16 23:29: 4 1999 Delivered-To: freebsd-net@freebsd.org Received: from at.dotat.com (zed.dotat.com [203.2.134.254]) by hub.freebsd.org (Postfix) with ESMTP id E482415132 for ; Tue, 16 Mar 1999 23:28:39 -0800 (PST) (envelope-from hart@at.dotat.com) Received: from at.dotat.com (localhost.dotat.com [127.0.0.1]) by at.dotat.com (8.8.8/8.8.8) with ESMTP id RAA20330; Wed, 17 Mar 1999 17:58:19 +1030 (CST) Message-Id: <199903170728.RAA20330@at.dotat.com> To: me Cc: freebsd-net@FreeBSD.ORG Subject: Re: [Fwd: named message since upgrading to 3.1-Stable] In-reply-to: Your message of "Tue, 16 Mar 1999 22:51:00 -0800." <36EF50D4.D3495A0D@jps.net> Date: Wed, 17 Mar 1999 17:58:19 +1030 From: Leigh Hart Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi Me, or Mo, or whatever :-) me wrote: > > I keep getting the following message from named: > > ... named[104]: bind(dfd=24), [{ip addr}].53): Permission denied > > I chown'd the /etc/namedb/s directory to the bind sandbox ID as > instructed. I'm using the following named.conf file: "Permission denied" is not an error message limited to file permissions, what you're seeing is the bind(2) system call failing to bind to port 53 on the ip address specified. This usually means that bind is not being started as root. No process is allowed to bind port 53 unless it runs as root initially. > I've searched through the BIND faqs and docs located at the ISC site to > no avail. Everything works correctly, It's just 1) annoying and 2) > possibly bothering my ISP(?). Well, it's resolving for you correctly, london to a bridge it isn't working as an authoritive source of name data ! Cheers Leigh -- | "By the time they had diminished | Leigh Hart, | | from 50 to 8, the other dwarves | Dotat Communications Pty Ltd | | began to suspect 'Hungry' ..." | GPO Box 487 Adelaide SA 5001 | | -- Gary Larson, "The Far Side" | http://www.dotat.com/hart/ | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Mar 17 4: 4:23 1999 Delivered-To: freebsd-net@freebsd.org Received: from mail.promo.de (mail.Promo.DE [194.45.188.65]) by hub.freebsd.org (Postfix) with ESMTP id 374A6154C6 for ; Wed, 17 Mar 1999 04:04:12 -0800 (PST) (envelope-from stefan.bethke@hanse.de) Received: from d225.promo.de (d225.Promo.DE [194.45.188.225]) by mail.promo.de (8.8.8/8.8.8) with ESMTP id NAA12284; Wed, 17 Mar 1999 13:03:44 +0100 (CET) Date: Wed, 17 Mar 1999 13:03:43 +0100 From: Stefan Bethke To: boards yan Cc: freebsd-net@FreeBSD.ORG Subject: Re: exhausted Message-ID: <652340.3130664623@d225.promo.de> In-Reply-To: <19990317050858.7049.rocketmail@web704.mail.yahoo.com> Originator-Info: login-id=stefan; server=mail X-Mailer: Mulberry (MacOS) [1.4.2, s/n U-301178] MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org boards yan wrote: > I tried to set the tcp socket Option(SO_RCV,TCP_MAXSEG), but failed > all the time. > > The program seems quite normal. > However, the supervision using tcpdump shows that > the option is unchanged. :-( > > Can anybody give me a reason? [ code deleted ] TCP_MAXSEG: Quoting from Steven's TCP/IP Illustrated, Vol. II, pp. 1023: A process can only decrease the MSS. When a TCP socket is created, tcp_newtcpcb initializes t_maxseg to its default of 512. When a SYN is received from the other end with an MSS option, tcp_input calls tcp_mss, and t_maxseg can be set as high as the outgoing interface MTU (minus 40 bytes for the default IP and TCP headers), which is 1460 for an Ethernet. Therefore, after a call to socket but before a connection is established, = a process can only decrease the MSS from its default of 512. After a connection is established, the process can decrease the MSS from whatever value was selected by tcp_mss. What do you expect from SO_RCVBUF? With the following code it does what it should: #include #include #include #include void main(void) { int fd; struct sockaddr_in sin; int nrbuf; if ((fd =3D socket(PF_INET, SOCK_STREAM, 0)) < 0) { perror ("socket"); return; } nrbuf =3D 65536l; if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &nrbuf, sizeof(nrbuf)) < 0) = { perror ("setsockopt(SO_RCVBUF)"); return; } sin.sin_len =3D sizeof(sin); sin.sin_family =3D AF_INET; sin.sin_addr.s_addr =3D htonl(0x7f000001); sin.sin_port =3D htons(23); if (connect(fd, (struct sockaddr *)&sin, sizeof(sin)) < 0) { perror ("connect"); return; } close (fd); } tcpdump output: 12:54:05.561009 localhost.3828 > localhost.telnet: S 3917041307:3917041307(0) win 65535 (DF) Without the setsockopt, tcpdump shows: 12:49:59.008210 localhost.3783 > localhost.telnet: S 3863968019:3863968019(0) win 16384 (DF) Stefan -- M=FChlendamm 12 | Voice +49-40-256848, +49-177-3504009 D-22089 Hamburg | e-mail: stefan.bethke@hanse.de Germany | stb@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Mar 17 15: 7: 7 1999 Delivered-To: freebsd-net@freebsd.org Received: from abused.com (abused.com [204.216.142.63]) by hub.freebsd.org (Postfix) with ESMTP id EB0561555F for ; Wed, 17 Mar 1999 15:07:05 -0800 (PST) (envelope-from gvb@tns.net) Received: from gvb (gvb.tns.net [204.216.245.137]) by abused.com (8.9.3/I feel abused.) with SMTP id PAA54061 for ; Wed, 17 Mar 1999 15:13:23 -0800 (PST) Message-Id: <4.1.19990317150228.00b025d0@abused.com> X-Sender: gvb@abused.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Wed, 17 Mar 1999 15:13:23 -0800 To: freebsd-net@freebsd.org From: GVB Subject: Apache-fp-ssl is bloated! Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Here is my setup.. PII-266 with 256 megs of ram. 2 9 gig UW scsi drives.. 3c905 NIC. Running FBSD 2.2.8 with Apache 1.30 Frontpage 3.0.4.2 Ben-SSL 1.19 I have about 10 front page virtual domains, and about 100 other virtual domains. The only other thing that is running is a basic real server.. but.. it seems that the machine gets down to almost no memory and it seems to choke everything else... cgi's wont exectue because 'there is no system resources' etc.. I expected 256 megs of ram and a PII-266 to go alot farther than 110 virtual domains... is the frontpage extensions killing everything? Or is it the real server? Any ideas on how I can tune this machine to get some better performance out of it? Thanks. GVB To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Mar 17 16: 9:37 1999 Delivered-To: freebsd-net@freebsd.org Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by hub.freebsd.org (Postfix) with ESMTP id 050A015222 for ; Wed, 17 Mar 1999 16:09:01 -0800 (PST) (envelope-from julian@whistle.com) Received: (from daemon@localhost) by alpo.whistle.com (8.8.5/8.8.5) id QAA20034; Wed, 17 Mar 1999 16:06:43 -0800 (PST) Received: from current1.whistle.com(207.76.205.22) via SMTP by alpo.whistle.com, id smtpdz20029; Thu Mar 18 00:06:34 1999 Message-ID: <36F04384.59E2B600@whistle.com> Date: Wed, 17 Mar 1999 16:06:28 -0800 From: Julian Elischer Organization: Whistle Communications X-Mailer: Mozilla 3.0Gold (X11; I; FreeBSD 2.2.8-RELEASE i386) MIME-Version: 1.0 To: GVB Cc: freebsd-net@FreeBSD.org Subject: Re: Apache-fp-ssl is bloated! References: <4.1.19990317150228.00b025d0@abused.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org GVB wrote: firstly FreeBSD-net is probably not the right place.. more likely hackers or questions. (or even isp) Have you detirnmined what resource is short? you may look at the processes using top to see what's happenning in terms of memory usage.. you can also check /proc/[mumble]/map to see where memorie's being used.. if you can use the mprof library it will show you memory leaks... > > Here is my setup.. > PII-266 with 256 megs of ram. > 2 9 gig UW scsi drives.. > 3c905 NIC. > > Running FBSD 2.2.8 with Apache 1.30 Frontpage 3.0.4.2 Ben-SSL 1.19 > > I have about 10 front page virtual domains, and about 100 other virtual > domains. The only other thing that is running is a basic real server.. > but.. it seems that the machine gets down to almost no memory and it seems > to choke everything else... cgi's wont exectue because 'there is no system > resources' etc.. I expected 256 megs of ram and a PII-266 to go alot > farther than 110 virtual domains... is the frontpage extensions killing > everything? Or is it the real server? Any ideas on how I can tune this > machine to get some better performance out of it? > > Thanks. > > GVB > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Mar 17 16:49: 4 1999 Delivered-To: freebsd-net@freebsd.org Received: from abused.com (abused.com [204.216.142.63]) by hub.freebsd.org (Postfix) with ESMTP id 92E1314F78 for ; Wed, 17 Mar 1999 16:49:02 -0800 (PST) (envelope-from gvbmail@tns.net) Received: from gvb (gvb.tns.net [204.216.245.137]) by abused.com (8.9.3/I feel abused.) with SMTP id QAA54157; Wed, 17 Mar 1999 16:55:16 -0800 (PST) Message-Id: <4.1.19990317165433.00b6cce0@abused.com> X-Sender: gvbmail@mail.tns.net (Unverified) X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Wed, 17 Mar 1999 16:55:15 -0800 To: Julian Elischer From: GVB Subject: Re: Apache-fp-ssl is bloated! Cc: freebsd-net@FreeBSD.org In-Reply-To: <36F04384.59E2B600@whistle.com> References: <4.1.19990317150228.00b025d0@abused.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org It looks like each httpsd process is taking 2 megs of memory. Is this normal? I dont really have any other production web servers to compare this to. GVB At 04:06 PM 3/17/99 -0800, Julian Elischer wrote: >GVB wrote: > >firstly FreeBSD-net is probably not the right place.. >more likely hackers or questions. (or even isp) > >Have you detirnmined what resource is short? > >you may look at the processes using top >to see what's happenning in terms of memory usage.. >you can also check /proc/[mumble]/map >to see where memorie's being used.. > >if you can use the mprof library it will show you memory leaks... > > >> >> Here is my setup.. >> PII-266 with 256 megs of ram. >> 2 9 gig UW scsi drives.. >> 3c905 NIC. >> >> Running FBSD 2.2.8 with Apache 1.30 Frontpage 3.0.4.2 Ben-SSL 1.19 >> >> I have about 10 front page virtual domains, and about 100 other virtual >> domains. The only other thing that is running is a basic real server.. >> but.. it seems that the machine gets down to almost no memory and it seems >> to choke everything else... cgi's wont exectue because 'there is no system >> resources' etc.. I expected 256 megs of ram and a PII-266 to go alot >> farther than 110 virtual domains... is the frontpage extensions killing >> everything? Or is it the real server? Any ideas on how I can tune this >> machine to get some better performance out of it? >> >> Thanks. >> >> GVB >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Mar 17 21: 0:59 1999 Delivered-To: freebsd-net@freebsd.org Received: from repop1.jps.net (repop1.jps.net [209.63.224.238]) by hub.freebsd.org (Postfix) with ESMTP id 8BE6414DBB for ; Wed, 17 Mar 1999 21:00:57 -0800 (PST) (envelope-from onemo@jps.net) Received: from jps.net (209-63-245-66.smf.jps.net [209.63.245.66]) by repop1.jps.net (8.8.5/8.8.5) with ESMTP id VAA10089; Wed, 17 Mar 1999 21:00:22 -0800 (PST) Message-ID: <36F08756.77BC8DA4@jps.net> Date: Wed, 17 Mar 1999 20:55:50 -0800 From: me X-Mailer: Mozilla 4.5 [en] (X11; I; FreeBSD 3.1-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Leigh Hart Cc: freebsd-net@FreeBSD.ORG Subject: Re: [Fwd: named message since upgrading to 3.1-Stable] References: <199903170728.RAA20330@at.dotat.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org OK, I understand the problem... Now, how to fix it. As I noted, I'm running bind with the "sandbox" user/group. Per the note in rc.conf, I've read through the security man page and performed all of the pre-requisite steps needed. Is there anything I obviously missed, or is the sandbox configuration broken? ps. My initials are MO - for Michael Oski, the me was a typo in Netscape's mail setup. Michael. Leigh Hart wrote: > Hi Me, or Mo, or whatever :-) > > me wrote: > > > > I keep getting the following message from named: > > > > ... named[104]: bind(dfd=24), [{ip addr}].53): Permission denied > > > > I chown'd the /etc/namedb/s directory to the bind sandbox ID as > > instructed. I'm using the following named.conf file: > > "Permission denied" is not an error message limited to file permissions, > what you're seeing is the bind(2) system call failing to bind to port 53 > on the ip address specified. > > This usually means that bind is not being started as root. No process > is allowed to bind port 53 unless it runs as root initially. > > > I've searched through the BIND faqs and docs located at the ISC site to > > no avail. Everything works correctly, It's just 1) annoying and 2) > > possibly bothering my ISP(?). > > Well, it's resolving for you correctly, london to a bridge it isn't > working as an authoritive source of name data ! > > Cheers > > Leigh > -- > | "By the time they had diminished | Leigh Hart, | > | from 50 to 8, the other dwarves | Dotat Communications Pty Ltd | > | began to suspect 'Hungry' ..." | GPO Box 487 Adelaide SA 5001 | > | -- Gary Larson, "The Far Side" | http://www.dotat.com/hart/ | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 18 1:49:54 1999 Delivered-To: freebsd-net@freebsd.org Received: from ns10.nokia.com (ns10.nokia.com [131.228.6.229]) by hub.freebsd.org (Postfix) with ESMTP id E257115447 for ; Thu, 18 Mar 1999 01:48:41 -0800 (PST) (envelope-from chunan.li@nokia.com) Received: from msgws01ntc.ntc.nokia.com (msgws01ntc.ntc.nokia.com [131.228.59.181]) by ns10.nokia.com (8.8.8/8.6.9) with ESMTP id LAA03221 for ; Thu, 18 Mar 1999 11:48:19 +0200 (EET) Message-Id: <199903180948.LAA03221@ns10.nokia.com> Received: by msgws01ntc.ntc.nokia.com with Internet Mail Service (5.5.2232.9) id ; Thu, 18 Mar 1999 11:47:05 +0200 From: "Li ChunAn (Nokia/Beijing)" To: "'freebsd-net@FreeBSD.org'" Subject: Help!!! How to recover the kernel ? Date: Thu, 18 Mar 1999 09:10:46 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) Content-Type: text/plain Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello For my carelessness, I overwrote the kernel file in root directory when I compiled FreeBSD source codes by the command: make install. but I found this new kernel don't work properly. Would you tell me how recover the original kernel ? Thank you! Li ChunAn chunan.li@nokia.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 18 5: 0:45 1999 Delivered-To: freebsd-net@freebsd.org Received: from rgate.ricochet.net (rgate1.ricochet.net [204.179.143.6]) by hub.freebsd.org (Postfix) with ESMTP id 8D9C3153F1 for ; Thu, 18 Mar 1999 05:00:29 -0800 (PST) (envelope-from boshea@ricochet.net) Received: from beastie.localdomain (mg136-023.ricochet.net [204.179.136.23]) by rgate.ricochet.net (8.8.8/8.8.8) with ESMTP id HAA25305 for ; Thu, 18 Mar 1999 07:00:06 -0600 (CST) Received: (from brian@localhost) by beastie.localdomain (8.8.8/8.8.7) id FAA02674 for freebsd-net@freebsd.org; Thu, 18 Mar 1999 05:09:14 -0800 (PST) (envelope-from brian) Message-ID: <19990318050914.C1075@localdomain> Date: Thu, 18 Mar 1999 05:09:14 -0800 From: "Brian O'Shea" To: freebsd-net@freebsd.org Subject: Re: Help!!! How to recover the kernel ? References: <199903180948.LAA03221@ns10.nokia.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.1i In-Reply-To: <199903180948.LAA03221@ns10.nokia.com>; from Li ChunAn (Nokia/Beijing) on Thu, Mar 18, 1999 at 09:10:46AM +0200 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello Li. This is probably a more appropriate question for the freebsd-questions, but I realize the urgency. The make install will move your previous kernel to /kernel.old before installing the new kernel. At the boot prompt you can specify the old kernel like this: boot: kernel.old This will boot your previous kernel. The boot prompt may look a little different on FreeBSD 3.1. If I recall, it displays a countdown of the number of seconds that you have to interrupt the boot process. Just hit RETURN and at the prompt, type "kernel.old" like above. Good luck. -brian On Thu, Mar 18, 1999 at 09:10:46AM +0200, Li ChunAn (Nokia/Beijing) wrote: > Hello > For my carelessness, I overwrote the kernel file in root directory when I > compiled FreeBSD source codes by the command: make install. but I found this > new kernel don't work properly. Would you tell me how recover the original > kernel ? > > Thank you! > > Li ChunAn > > chunan.li@nokia.com > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > -- Brian O'Shea boshea@ricochet.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 18 7:26:19 1999 Delivered-To: freebsd-net@freebsd.org Received: from mail.elan-ua.net (mail.elan-ua.net [62.244.24.4]) by hub.freebsd.org (Postfix) with ESMTP id 9E8CD15434 for ; Thu, 18 Mar 1999 07:26:07 -0800 (PST) (envelope-from admin@elan-ua.net) Received: from mail.elan-ua.net (mail.elan-ua.net [62.244.24.4]) by mail.elan-ua.net (8.9.1/8.9.1) with SMTP id RAA28671; Thu, 18 Mar 1999 17:25:27 +0200 (EET) Date: Thu, 18 Mar 1999 17:25:27 +0200 (EET) From: Kirill Mukhoyarov To: Phillip Ryker Cc: freebsd-net@FreeBSD.ORG Subject: Re: IP_Dummynet... In-Reply-To: <36EEF483.50E1623A@skynetweb.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 17 Mar 1999, Phillip Ryker wrote: > Good evening, Hi ! > > I am writting to see if it would be possible to get a > little more insight on setting up dummynet. I have installed freeBSD > v3.1 -STABLE on a box with 2 ethernet cards. I have done a make world > and have recompiled the kernel with the following options: > > OPTION IPFIREWALL > OPTION IPFIREWALL_VERBOSE > OPTION DUMMYNET i'm use ipfw 4 bandwidth managing only. For filtering purposes I setup ipfilter3.2.10. \/\/\/\ from my kernel config file: options IPFIREWALL options IPFIREWALL_DEFAULT_TO_ACCEPT # not use rc.firewall at all! options DUMMYNET my rc.conf include added by myself config option: control_bandwidth={yes|no} and rc.network I add: if [ "x$control_bandwidth" != "xNO" ] then sysctl -w net.inet.ip.fw.one_pass=1 > /dev/null 2>&1 # dummynet(4) . /etc/rc.dummynet # setup & config pipes fi /\/\/\/ it work fine... ------- best regards, Kirill Mukhoyarov ELAN ISP System Administrator phone +380 44 441 2635 fax +380 44 441 2613 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 18 8:13:31 1999 Delivered-To: freebsd-net@freebsd.org Received: from ns1.seidata.com (ns1.seidata.com [208.10.211.2]) by hub.freebsd.org (Postfix) with ESMTP id E2D0B1542C for ; Thu, 18 Mar 1999 08:13:27 -0800 (PST) (envelope-from mike@seidata.com) Received: from localhost (mike@localhost) by ns1.seidata.com (8.8.8/8.8.5) with ESMTP id LAA07940; Thu, 18 Mar 1999 11:12:55 -0500 (EST) Date: Thu, 18 Mar 1999 11:12:55 -0500 (EST) From: To: me Cc: Leigh Hart , freebsd-net@FreeBSD.ORG Subject: Re: [Fwd: named message since upgrading to 3.1-Stable] In-Reply-To: <36F08756.77BC8DA4@jps.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 17 Mar 1999, me wrote: > pre-requisite steps needed. Is there anything I obviously missed, or is the > sandbox configuration broken? http://www.seidata.com/~mike/papers/named.html Note, this isn't perfect... I'm still working out some oddities with named-xfer's behavior, but it does show the exact steps I took to chroot named under FreeBSD 3.0-REL. Later, -Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 18 8:51:55 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id 585F01527B for ; Thu, 18 Mar 1999 08:50:27 -0800 (PST) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id PAA27469; Thu, 18 Mar 1999 15:33:33 +0100 From: Luigi Rizzo Message-Id: <199903181433.PAA27469@labinfo.iet.unipi.it> Subject: Re: IP_Dummynet... To: admin@elan-ua.net (Kirill Mukhoyarov) Date: Thu, 18 Mar 1999 15:33:32 +0100 (MET) Cc: pryker@skynetweb.com, freebsd-net@FreeBSD.ORG In-Reply-To: from "Kirill Mukhoyarov" at Mar 18, 99 05:25:08 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 810 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > my rc.conf include added by myself config option: > control_bandwidth={yes|no} > and > > rc.network I add: > if [ "x$control_bandwidth" != "xNO" ] > then > sysctl -w net.inet.ip.fw.one_pass=1 > /dev/null 2>&1 # dummynet(4) which reminds me that setting net.inet.ip.fw.one_pass to 1 by default could be a better idea (in the sense of a more intuitive behaviour). Comments anyone ? Should i change it ? luigi -----------------------------------+------------------------------------- Luigi RIZZO . EMAIL: luigi@iet.unipi.it . Dip. di Ing. dell'Informazione HTTP://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) -----------------------------------+------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 18 8:54:51 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id C5C8714C83 for ; Thu, 18 Mar 1999 08:54:04 -0800 (PST) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id PAA27493; Thu, 18 Mar 1999 15:37:35 +0100 From: Luigi Rizzo Message-Id: <199903181437.PAA27493@labinfo.iet.unipi.it> Subject: dummynet arp problem fixed To: net@freebsd.org Date: Thu, 18 Mar 1999 15:37:34 +0100 (MET) X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 913 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Just for those who do not follow the committers list... Thanks to Emmanuel Duros i eventually fixed an annoying problem with dummynet that showed up with a "arp: host is not on local network" type of message. The bug was that I incorrectly handled the 'dst' parameter to if_output. This has now been fixed in -current, -stable and RELENG_2_2 so if you were having that problem please update your version of sys/netinet/ip_output.c to the most recent one (or browse the CVS tree to find the very simple fix...) cheers luigi -----------------------------------+------------------------------------- Luigi RIZZO . EMAIL: luigi@iet.unipi.it . Dip. di Ing. dell'Informazione HTTP://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) -----------------------------------+------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 18 11:22:58 1999 Delivered-To: freebsd-net@freebsd.org Received: from orbit.flnet.com (orbit.flnet.com [205.240.232.32]) by hub.freebsd.org (Postfix) with ESMTP id 9E7AB14E58 for ; Thu, 18 Mar 1999 11:22:51 -0800 (PST) (envelope-from henrich@orbit.flnet.com) Received: (from henrich@localhost) by orbit.flnet.com (8.8.5/8.8.4) id OAA12148 for freebsd-net@freebsd.org; Thu, 18 Mar 1999 14:22:32 -0500 (EST) Date: Thu, 18 Mar 1999 11:22:31 -0800 From: Charles Henrich To: freebsd-net@freebsd.org Subject: SKIP w/ IPFW w/ NAT :) Message-ID: <19990318112231.B12069@orbit.flnet.com> Mail-Followup-To: freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i X-Operating-System: FreeBSD 2.2-BETA_A X-PGP-Fingerprint: 1024/F7 FD C7 3A F5 6A 23 BF 76 C4 B8 C9 6E 41 A4 4F Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Im attempting to build a skip tunnel between two machiens that are tunning IPFW+NAT ... So basically in pictures: 10.x <---> [IPFW+NAT] <---> The Internet <--> [IPFW+NAT] <---> 10.x I want to build a VPN between the two 10 networks... Any suggestions, points hints, RTFM's (which M? :) etc? Thanks! -Crh Charles Henrich Manex Visual Effects henrich@flnet.com http://orbit.flnet.com/~henrich To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 18 12:11:58 1999 Delivered-To: freebsd-net@freebsd.org Received: from xylan.com (postal.xylan.com [208.8.0.248]) by hub.freebsd.org (Postfix) with ESMTP id A553414E2D; Thu, 18 Mar 1999 12:11:44 -0800 (PST) (envelope-from wes@softweyr.com) Received: from mailhub.xylan.com by xylan.com (8.8.7/SMI-SVR4 (xylan-mgw 2.2 [OUT])) id MAA29050; Thu, 18 Mar 1999 12:11:24 -0800 (PST) Received: from utah.XYLAN.COM by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB])) id MAA14950; Thu, 18 Mar 1999 12:11:24 -0800 Received: from softweyr.com by utah.XYLAN.COM (SMI-8.6/SMI-SVR4 (xylan utah [SPOOL])) id NAA11281; Thu, 18 Mar 1999 13:11:17 -0700 Message-ID: <36F15DDB.2996A3C8@softweyr.com> Date: Thu, 18 Mar 1999 13:11:07 -0700 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-stable@freebsd.org, freebsd-net@freebsd.org Subject: [Fwd: fxp driver causing lockup] Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear -STABLE and -NET friends, I and several other users have been having problems with the fxp0 driver under FreeBSD 3.x. Mike Spengler provided me with a code snippet that fixes the problem; the PCI bus code was no longer enabling bus mastering so the driver had to do it. Here is a patch that fixes the problem for my Toshiba Equuium 7000S with on-board EEPro 100+. Please, if any of you have 3.x with an EEPro 100, test this patch even if you don't have the problem and get back to me with your results. Many thanks. Here's the diff vs. 3.1-RELEASE: *** if_fxp.c.orig Wed Mar 17 17:06:51 1999 --- if_fxp.c Wed Mar 17 17:23:09 1999 *************** *** 98,103 **** --- 98,104 ---- #include /* for DELAY */ #include + #include /* for PCIM_CMD_xxx */ #include #include *************** *** 523,528 **** --- 524,530 ---- vm_offset_t pbase; struct ifnet *ifp; int s; + u_long val; sc = malloc(sizeof(struct fxp_softc), M_DEVBUF, M_NOWAIT); if (sc == NULL) *************** *** 531,536 **** --- 533,545 ---- callout_handle_init(&sc->stat_ch); s = splimp(); + + /* + * Enable bus mastering. + */ + val = pci_conf_read(config_id, PCI_COMMAND_STATUS_REG); + val |= (PCIM_CMD_MEMEN|PCIM_CMD_BUSMASTEREN); + pci_conf_write(config_id, PCI_COMMAND_STATUS_REG, val); /* * Map control/status registers. Thanks in advance for any testing you can provide. -- Where am I, and what am I doing in this handbasket? Wes Peters +1.801.915.2061 Softweyr LLC wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 18 14: 5:19 1999 Delivered-To: freebsd-net@freebsd.org Received: from bubba.whistle.com (s205m7.whistle.com [207.76.205.7]) by hub.freebsd.org (Postfix) with ESMTP id 9593315530 for ; Thu, 18 Mar 1999 14:05:17 -0800 (PST) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.2/8.9.2) id OAA94934; Thu, 18 Mar 1999 14:04:27 -0800 (PST) From: Archie Cobbs Message-Id: <199903182204.OAA94934@bubba.whistle.com> Subject: Re: SKIP on 3.1 In-Reply-To: <19990318135512.B15602@orbit.flnet.com> from Charles Henrich at "Mar 18, 99 01:55:12 pm" To: henrich@flnet.com (Charles Henrich) Date: Thu, 18 Mar 1999 14:04:26 -0800 (PST) Cc: freebsd-net@freebsd.org X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Charles Henrich writes: > Im attempting to build a skip tunnel between two machiens that are tunning > IPFW+NAT ... So basically in pictures: > > > 10.x <---> [IPFW+NAT] <---> The Internet <--> [IPFW+NAT] <---> 10.x > > I want to build a VPN between the two 10 networks... Any suggestions, points > hints, RTFM's (which M? :) etc? Thanks! > > ===== > > My problem is I cant see how to create a VPN link between the two 10 networks > without going through the NAT translation, which would totally break the VPN > software. Any ideas? Don't use NAT at all, just do SKIP in tunnel mode and use the -f flag to skiphost to make sure the source address for your packets is the routable address and not the 10.x address. If you *also* want address translation for the 10.x nets to reach the outside world, this is do-able but takes some care (I've never done it myself). See the notes in README.FreeBSD. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 18 14:35:51 1999 Delivered-To: freebsd-net@freebsd.org Received: from nebraska.utcorp.com (nebraska.utcorp.com [146.145.135.14]) by hub.freebsd.org (Postfix) with ESMTP id 0017D14D54 for ; Thu, 18 Mar 1999 14:35:42 -0800 (PST) (envelope-from kseel@utcorp.com) Received: from utcorp.com (x-kspc.utcorp.com [146.145.135.17]) by nebraska.utcorp.com (8.8.5/8.8.5) with ESMTP id WAA23117 for ; Thu, 18 Mar 1999 22:15:12 -0500 (EST) Message-ID: <36F18016.5BA99C21@utcorp.com> Date: Thu, 18 Mar 1999 17:37:10 -0500 From: Kurt Seel X-Mailer: Mozilla 4.5 [en] (X11; I; FreeBSD 2.2.8-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-net@FreeBSD.ORG Subject: Re: SKIP on 3.1 References: <199903182204.OAA94934@bubba.whistle.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Archie Cobbs wrote: > Charles Henrich writes: > > Im attempting to build a skip tunnel between two machiens that are tunning > > IPFW+NAT ... So basically in pictures: > > > > > > 10.x <---> [IPFW+NAT] <---> The Internet <--> [IPFW+NAT] <---> 10.x > > > > I want to build a VPN between the two 10 networks... Any suggestions, points > > hints, RTFM's (which M? :) etc? Thanks! > > > > ===== > > > > My problem is I cant see how to create a VPN link between the two 10 networks > > without going through the NAT translation, which would totally break the VPN > > software. Any ideas? > > Don't use NAT at all, just do SKIP in tunnel mode and use the -f > flag to skiphost to make sure the source address for your packets > is the routable address and not the 10.x address. > > If you *also* want address translation for the 10.x nets to reach > the outside world, this is do-able but takes some care (I've never I used iptunnel (with skip) to accoplish this after it became appearent that the level of 'care' needed was beyond my fuzzy little brain. The only caveat for is that I can't talk to the far 10.x net from one of the routers :-( If you want the configs, contact me off-list. > > done it myself). See the notes in README.FreeBSD. > > -Archie > > ___________________________________________________________________________ > Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message -- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, 1759 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 18 15:27:57 1999 Delivered-To: freebsd-net@freebsd.org Received: from frmug.org (frmug-gw.frmug.org [193.56.58.252]) by hub.freebsd.org (Postfix) with ESMTP id C1DD21548F for ; Thu, 18 Mar 1999 15:27:22 -0800 (PST) (envelope-from roberto@keltia.freenix.fr) Received: (from uucp@localhost) by frmug.org (8.9.1/frmug-2.3/nospam) with UUCP id AAA01798 for freebsd-net@FreeBSD.ORG; Fri, 19 Mar 1999 00:27:02 +0100 (CET) (envelope-from roberto@keltia.freenix.fr) Received: by keltia.freenix.fr (Postfix, from userid 101) id 249A187B6; Fri, 19 Mar 1999 00:11:24 +0100 (CET) Date: Fri, 19 Mar 1999 00:11:24 +0100 From: Ollivier Robert To: freebsd-net@FreeBSD.ORG Subject: Re: SKIP on 3.1 Message-ID: <19990319001124.A6669@keltia.freenix.fr> Mail-Followup-To: freebsd-net@FreeBSD.ORG References: <199903182204.OAA94934@bubba.whistle.com> <36F18016.5BA99C21@utcorp.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii User-Agent: Mutt/0.95.3i In-Reply-To: <36F18016.5BA99C21@utcorp.com>; from Kurt Seel on Thu, Mar 18, 1999 at 05:37:10PM -0500 X-Operating-System: FreeBSD 4.0-CURRENT/ELF ctm#5130 AMD-K6 MMX @ 200 MHz Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org According to Kurt Seel: > The only caveat for is that I can't talk to the far 10.x net from one of > the routers :-( That's why NAT & RFC-1918 address space usage is evil. End-to-end connec- tivity is not garanteed any more and that breaks a lot of things. I know people have problem getting addresses but that should push IPv6 more, not promote hacks such as NAT. No offense to authors of natd intended of course. Sorry for the rant, I know NAT is useful for many people, I just abhorr it. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 4.0-CURRENT #70: Sat Feb 27 09:43:08 CET 1999 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 18 17:12:28 1999 Delivered-To: freebsd-net@freebsd.org Received: from poboxer.pobox.com (unknown [208.149.16.39]) by hub.freebsd.org (Postfix) with ESMTP id 831C714E82; Thu, 18 Mar 1999 17:12:03 -0800 (PST) (envelope-from alk@poboxer.pobox.com) Received: (from alk@localhost) by poboxer.pobox.com (8.9.3/8.9.1) id TAA70755; Thu, 18 Mar 1999 19:09:20 -0600 (CST) (envelope-from alk) From: Anthony Kimball MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Thu, 18 Mar 1999 19:09:20 -0600 (CST) X-Face: \h9Jg:Cuivl4S*UP-)gO.6O=T]]@ncM*tn4zG);)lk#4|lqEx=*talx?.Gk,dMQU2)ptPC17cpBzm(l'M|H8BUF1&]dDCxZ.c~Wy6-j,^V1E(NtX$FpkkdnJixsJHE95JlhO 5\M3jh'YiO7KPCn0~W`Ro44_TB@&JuuqRqgPL'0/{):7rU-%.*@/>q?1&Ed Reply-To: alk@pobox.com To: roberto@keltia.freenix.fr Cc: chat@FreeBSD.ORG Subject: Re: SKIP on 3.1 References: <199903182204.OAA94934@bubba.whistle.com> <36F18016.5BA99C21@utcorp.com> <19990319001124.A6669@keltia.freenix.fr> X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs Lucid Message-ID: <14065.41601.661191.482612@avalon.east> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Quoth Ollivier Robert on Fri, 19 March: : According to Kurt Seel: : > The only caveat for is that I can't talk to the far 10.x net from one of : > the routers :-( : : That's why NAT & RFC-1918 address space usage is evil. Why? Have you determined the cause of the failure, and found that the tunnel/NAT were correctly configured, but protocol constraints prevent any configuration from operating nominally? : End-to-end connec- : tivity is not garanteed any more and that breaks a lot of things. When was end-to-end connectivity ever guaranteed? In a blocks-world, perhaps. : I know : people have problem getting addresses but that should push IPv6 more, not : promote hacks such as NAT. I must confess great skepticism regarding v6. It has been all talk for 10 years now. There is so much v4 equipment installed out there that v6 will remain a ghetto for the next decade -- at least. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 18 18:21: 5 1999 Delivered-To: freebsd-net@freebsd.org Received: from web707.mail.yahoo.com (web707.mail.yahoo.com [128.11.23.27]) by hub.freebsd.org (Postfix) with SMTP id 2D8BC14E4E for ; Thu, 18 Mar 1999 18:20:36 -0800 (PST) (envelope-from boardyan@yahoo.com) Message-ID: <19990319021955.13758.rocketmail@web707.mail.yahoo.com> Received: from [131.228.20.20] by web707.mail.yahoo.com; Thu, 18 Mar 1999 18:19:54 PST Date: Thu, 18 Mar 1999 18:19:54 -0800 (PST) From: boards yan Subject: trpt diagnostic To: freebsd-net@FreeBSD.ORG MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, After setting SO_DEBUG option, root still can see anything from trpt except the error message which is "trpt: /kernel: no namelist". And I can't find other info from the man pages. Any suggestion would be a great help. _________________________________________________________ DO YOU YAHOO!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 18 18:21:16 1999 Delivered-To: freebsd-net@freebsd.org Received: from web705.mail.yahoo.com (web705.mail.yahoo.com [128.11.23.25]) by hub.freebsd.org (Postfix) with SMTP id 4E72E14E82 for ; Thu, 18 Mar 1999 18:20:49 -0800 (PST) (envelope-from boardyan@yahoo.com) Message-ID: <19990319021928.18405.rocketmail@web705.mail.yahoo.com> Received: from [131.228.20.20] by web705.mail.yahoo.com; Thu, 18 Mar 1999 18:19:28 PST Date: Thu, 18 Mar 1999 18:19:28 -0800 (PST) From: boards yan Subject: trpt diagnostic To: freebsd-net@FreeBSD.ORG MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, After setting SO_DEBUG option, root still can see anything from trpt except the error message which is "trpt: /kernel: no namelist". And I can't find other info from the man pages. Any suggestion would be a great help. _________________________________________________________ DO YOU YAHOO!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 18 18:22:35 1999 Delivered-To: freebsd-net@freebsd.org Received: from maxwell.syr.edu (maxwell.syr.edu [128.230.129.5]) by hub.freebsd.org (Postfix) with ESMTP id DF23B14BC9 for ; Thu, 18 Mar 1999 18:22:32 -0800 (PST) (envelope-from cmsedore@maxwell.syr.edu) Received: from exchange.maxwell.syr.edu (exchange.maxwell.syr.edu [128.230.129.241]) by maxwell.syr.edu (8.9.1a/8.9.1) with ESMTP id VAA25740 for ; Thu, 18 Mar 1999 21:10:12 GMT Received: by exchange.maxwell.syr.edu with Internet Mail Service (5.5.1960.3) id ; Thu, 18 Mar 1999 21:22:12 -0500 Message-ID: <262C3DA9BE0CD211971700A0C9B413A1CBD6@exchange.maxwell.syr.edu> From: Christopher Sedore To: "'freebsd-net@freebsd.org'" Subject: clustering/load balancing Date: Thu, 18 Mar 1999 21:22:12 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org OK, so I've worked some more on the IP clustering/load balancing stuff. I've hacked together a clustering daemon, and reworked the way that the kernel stuff is handled (it uses a flag and ipfw rules to do its thing). At this point, I'm looking for some people with a network and a few machines they don't care about, umm I mean would like to volunteer to test it. I'd like to avoid distributing this widely without getting at least one or two other people try it and get it to work. If you have two or three machines (or even 12 or 16 if you're really ambitious) to try it on, please drop me a note and we'll work out getting you the tarball of stuff. -Chris An excerpt of a draft readme which outlines functionality and what you need: Simple clustering for FreeBSD v0.1 ---------------------------------- This is a simple clustering system for FreeBSD. It does load balancing and has basic fault tolerance provisions. How it works: load balancing ---------------------------- The load balancing functionality is achieved by selecting hosts to service based on source IP address. This is done using some slight modifications to the FreeBSD kernel (ARP and IP code) to accomplish two things. First, the ARP code is modified in two ways. The first is that it is told to ignore IP address conflicts detected through ARP for flagged addresses. Second, ARP responses for flagged addresses are handled by looking them up in the system ARP table rather than using the ethernet address of the related card. Second, ip_input was modified to drop the multicast flag on incoming packets. To support the flagging, in.c was modified to allow you to set flags on the addresses. When the IA_SRCSELECT flag is set, it will also enable the reception of (all) multicast packets on that interface. These two modifications allow you to set up the same IP alias address (flagged for source selection) on multiple machines. Additionally, you can publish a multicast ethernet MAC address via each system's ARP table so an ARP lookup will yield a MAC address that will get the packet to each system. IP firewall rules are used to filter which packets are processed at each host. How it works: fault tolerance ----------------------------- I wrote a simple clustering daemon to create fault tolerance. The clustering system is completely distributed, provides automatic failover and rejoining capabilities, and makes a basic attempt at detecting and evicting cluster members that are dying off and then rejoining. The clustering system is quite basic and is based on simple UDP communication between hosts. Repitition is used to try to avoid reliability problems and should be adequate on a local ethernet. The clustering system has virtually no security features built in. It needs firewall protection to prevent external folks from mucking with it. Ideally it would be rewritten to have its own security, but not by me :). What is required? ----------------- The patches are from FreeBSD 3.1-RELEASE, so you'll need a box to which the patches will apply. I'd guess that they will apply to any relatively recent version of FreeBSD without much trouble if you don't have a 3.1 box handy. After applying the patches, you'll need to rebuild, and include IPFW in your kernel (I'd recommend that you use the IPFW option that allows everything by default if you don't have other plans for it--just to make things a little easier). You need interface cards with working multicast code. This eliminates the de cards. fxp (Intel) and ep (3com 3c5x9) cards are known to work. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 18 18:50:29 1999 Delivered-To: freebsd-net@freebsd.org Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by hub.freebsd.org (Postfix) with ESMTP id 4906814F83 for ; Thu, 18 Mar 1999 18:50:23 -0800 (PST) (envelope-from julian@whistle.com) Received: from current1.whistle.com (current1.whistle.com [207.76.205.22]) by alpo.whistle.com (8.9.1a/8.9.1) with SMTP id SAA30410; Thu, 18 Mar 1999 18:46:33 -0800 (PST) Message-ID: <36F1BA88.2F1CF0FB@whistle.com> Date: Thu, 18 Mar 1999 18:46:32 -0800 From: Julian Elischer Organization: Whistle Communications X-Mailer: Mozilla 3.0Gold (X11; I; FreeBSD 2.2.8-RELEASE i386) MIME-Version: 1.0 To: Christopher Sedore Cc: "'freebsd-net@freebsd.org'" Subject: Re: clustering/load balancing References: <262C3DA9BE0CD211971700A0C9B413A1CBD6@exchange.maxwell.syr.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Christopher Sedore wrote: > > OK, so I've worked some more on the IP clustering/load balancing stuff. > I've hacked together a clustering daemon, and reworked the way that the > kernel stuff is handled (it uses a flag and ipfw rules to do its thing). > rather cool but how about the following setup running with no mods at all.. +-------[Machine B] | [internet]-----[ Machine A]-----+-------[Machine C] | +-------[Machine D] Machine A's internet port is on ed0 firewall rules: on Machine A: ipfw add 100 fwd B tcp from 0.1.0.0:0.3.0.0 to A 80 in recv ed0 ipfw add 100 fwd C tcp from 0.2.0.0:0.3.0.0 to A 80 in recv ed0 ipfw add 100 fwd D tcp from 0.3.0.0:0.3.0.0 to A 80 in recv ed0 on machine B: ipfw add 100 fwd localhost tcp from any to A 80 in recv ed0 on machine C: ipfw add 100 fwd localhost tcp from any to A 80 in recv ed0 on machine D: ipfw add 100 fwd localhost tcp from any to A 80 in recv ed0 This shared the load among all 4 machines A, B, C, and D depending on the two bottom bits of the 2nd byte of the source address. I haven't tried this but I think it SHOULD work.. (of course you could use a 5th machine as the load sharer) what do you think? julian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 18 19:11:38 1999 Delivered-To: freebsd-net@freebsd.org Received: from maxwell.syr.edu (maxwell.syr.edu [128.230.129.5]) by hub.freebsd.org (Postfix) with ESMTP id 3072114EE4 for ; Thu, 18 Mar 1999 19:11:34 -0800 (PST) (envelope-from cmsedore@maxwell.syr.edu) Received: from exchange.maxwell.syr.edu (exchange.maxwell.syr.edu [128.230.129.241]) by maxwell.syr.edu (8.9.1a/8.9.1) with ESMTP id VAA26188; Thu, 18 Mar 1999 21:59:13 GMT Received: by exchange.maxwell.syr.edu with Internet Mail Service (5.5.1960.3) id ; Thu, 18 Mar 1999 22:11:14 -0500 Message-ID: <262C3DA9BE0CD211971700A0C9B413A1CBD7@exchange.maxwell.syr.edu> From: Christopher Sedore To: "'Julian Elischer'" Cc: "'freebsd-net@freebsd.org'" Subject: RE: clustering/load balancing Date: Thu, 18 Mar 1999 22:11:04 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > From: Julian Elischer [SMTP:julian@whistle.com] > > Christopher Sedore wrote: > > > > OK, so I've worked some more on the IP clustering/load balancing > stuff. > > I've hacked together a clustering daemon, and reworked the way that > the > > kernel stuff is handled (it uses a flag and ipfw rules to do its > thing). > > > > rather cool but how about the following setup running with no mods > at all.. > +-------[Machine B] > | > [internet]-----[ Machine A]-----+-------[Machine C] > | > +-------[Machine D] > > Machine A's internet port is on ed0 > firewall rules: > > on Machine A: > ipfw add 100 fwd B tcp from 0.1.0.0:0.3.0.0 to A 80 in recv ed0 > ipfw add 100 fwd C tcp from 0.2.0.0:0.3.0.0 to A 80 in recv ed0 > ipfw add 100 fwd D tcp from 0.3.0.0:0.3.0.0 to A 80 in recv ed0 > > on machine B: > ipfw add 100 fwd localhost tcp from any to A 80 in recv ed0 > on machine C: > ipfw add 100 fwd localhost tcp from any to A 80 in recv ed0 > on machine D: > ipfw add 100 fwd localhost tcp from any to A 80 in recv ed0 > > This shared the load among all 4 machines A, B, C, and D > depending on the two bottom bits of the 2nd byte of the source > address. > > I haven't tried this but I think it SHOULD work.. > (of course you could use a 5th machine as the load sharer) > > what do you think? > It should work, though the fwd localhost would have to imply that we should accept A's address as our own (not sure if that is implied or not, or if I'm just missing something). The difference is that you are solely dependant on machine A. If A croaks, you're done. That is, you've got a single machine depenancy--fine for load sharing, but perhaps not optimal for clustering with fault tolerance. If you have to have aliases for A's address, I think that B, C, and D would need separate links back to A to eliminate IP address conflict issues, or you'd need mods similar to mine. You may have additional problems with high load on A. I know that our (admittedly behind the times) PP200 FreeBSD firewall can get a bit busy when we pass the 4000pps (that is 4000pps on the in and the out interfaces simultaneously) mark. This means that you'd need additional metrics to determine how much loading A should get vs the rest, recognizing that you may increase application latency on A as the load on B, C, and D increase. Of course, if you were using FreeBSD for A anyway my methodology would leave excess CPU cycles for waste on that box. (Also, I don't have any code for differential load control either, and it could certainly happen in my scenario though the effects would probably not be as dramatic). -Chris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 18 19:35:24 1999 Delivered-To: freebsd-net@freebsd.org Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by hub.freebsd.org (Postfix) with ESMTP id 858BC14E88 for ; Thu, 18 Mar 1999 19:35:22 -0800 (PST) (envelope-from julian@whistle.com) Received: from current1.whistle.com (current1.whistle.com [207.76.205.22]) by alpo.whistle.com (8.9.1a/8.9.1) with SMTP id TAA31233; Thu, 18 Mar 1999 19:31:08 -0800 (PST) Message-ID: <36F1C4FB.41C67EA6@whistle.com> Date: Thu, 18 Mar 1999 19:31:07 -0800 From: Julian Elischer Organization: Whistle Communications X-Mailer: Mozilla 3.0Gold (X11; I; FreeBSD 2.2.8-RELEASE i386) MIME-Version: 1.0 To: Christopher Sedore Cc: "'freebsd-net@freebsd.org'" Subject: Re: clustering/load balancing References: <262C3DA9BE0CD211971700A0C9B413A1CBD7@exchange.maxwell.syr.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Christopher Sedore wrote: > > > From: Julian Elischer [SMTP:julian@whistle.com] > > > > Christopher Sedore wrote: > > > > > > OK, so I've worked some more on the IP clustering/load balancing > > stuff. > > > I've hacked together a clustering daemon, and reworked the way that > > the > > > kernel stuff is handled (it uses a flag and ipfw rules to do its > > thing). > > > > > > > rather cool but how about the following setup running with no mods > > at all.. > > +-------[Machine B] > > | > > [internet]-----[ Machine A]-----+-------[Machine C] > > | > > +-------[Machine D] > > > > Machine A's internet port is on ed0 > > firewall rules: > > > > on Machine A: > > ipfw add 100 fwd B tcp from 0.1.0.0:0.3.0.0 to A 80 in recv ed0 > > ipfw add 100 fwd C tcp from 0.2.0.0:0.3.0.0 to A 80 in recv ed0 > > ipfw add 100 fwd D tcp from 0.3.0.0:0.3.0.0 to A 80 in recv ed0 > > > > on machine B: > > ipfw add 100 fwd localhost tcp from any to A 80 in recv ed0 > > on machine C: > > ipfw add 100 fwd localhost tcp from any to A 80 in recv ed0 > > on machine D: > > ipfw add 100 fwd localhost tcp from any to A 80 in recv ed0 > > > > This shared the load among all 4 machines A, B, C, and D > > depending on the two bottom bits of the 2nd byte of the source > > address. > > > > I haven't tried this but I think it SHOULD work.. > > (of course you could use a 5th machine as the load sharer) > > > > what do you think? > > > It should work, though the fwd localhost would have to imply that we > should accept A's address as our own (not sure if that is implied or > not, or if I'm just missing something). That's what ipfw fwd does if the fwd address is local. BUT it doesn't cahnge the destination on the packet to be local, rather, it changes the socket to think it's somewhere else.. > The difference is that you are > solely dependant on machine A. If A croaks, you're done. That is, > you've got a single machine depenancy--fine for load sharing, but > perhaps not optimal for clustering with fault tolerance. If you have to > have aliases for A's address, I think that B, C, and D would need > separate links back to A to eliminate IP address conflict issues, or > you'd need mods similar to mine. No that's the thing about IPFW fwd.. The addressed on the packets being sent out of B,C,D will look as if the packets have come from A, but they will have physical layer addresses that will make them be accepted by A and forwarded. There are no IP address conflicts. The socket that catches the packet on B,C,D will actually think it is on A Amazingly this works.. Netstat will even report that you have a foreign socket on your system :-) You'll need an up-to date ip_input.c for this to work.. there's a bug in 3.1-RELEASE. > > You may have additional problems with high load on A. I know that our > (admittedly behind the times) PP200 FreeBSD firewall can get a bit busy > when we pass the 4000pps (that is 4000pps on the in and the out > interfaces simultaneously) mark. Sure then just dedicate one machine to do the diversion and such. > This means that you'd need additional > metrics to determine how much loading A should get vs the rest, > recognizing that you may increase application latency on A as the load > on B, C, and D increase. Of course, if you were using FreeBSD for A > anyway my methodology would leave excess CPU cycles for waste on that > box. (Also, I don't have any code for differential load control either, > and it could certainly happen in my scenario though the effects would > probably not be as dramatic). > > -Chris You should be able to throw a P60 in there as 'A' from the junk heap and get away with it... julian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Mar 19 0:40:59 1999 Delivered-To: freebsd-net@freebsd.org Received: from main.piter.net (main.piter.net [195.201.22.10]) by hub.freebsd.org (Postfix) with ESMTP id 12FA714E1C for ; Fri, 19 Mar 1999 00:40:50 -0800 (PST) (envelope-from cyril@main.piter.net) Received: (from cyril@localhost) by main.piter.net (8.8.7/8.8.7/sply) id LAA20486; Fri, 19 Mar 1999 11:40:03 +0300 (MSK) (envelope-from cyril) Date: Fri, 19 Mar 1999 11:40:03 +0300 (MSK) From: "Cyril A. Vechera" Message-Id: <199903190840.LAA20486@main.piter.net> To: cmsedore@maxwell.syr.edu, freebsd-net@FreeBSD.ORG Subject: Re: clustering/load balancing Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > From owner-freebsd-net@FreeBSD.ORG Fri Mar 19 05:22:59 1999 > From: Christopher Sedore > To: "'freebsd-net@freebsd.org'" > Subject: clustering/load balancing > Date: Thu, 18 Mar 1999 21:22:12 -0500 > > OK, so I've worked some more on the IP clustering/load balancing stuff. > I've hacked together a clustering daemon, and reworked the way that the > kernel stuff is handled (it uses a flag and ipfw rules to do its thing). [skip] > > Simple clustering for FreeBSD v0.1 > ---------------------------------- > > This is a simple clustering system for FreeBSD. It does load balancing > and has basic fault tolerance provisions. > > How it works: load balancing > ---------------------------- > > The load balancing functionality is achieved by selecting hosts to > service > based on source IP address. This is done using some slight > modifications > to the FreeBSD kernel (ARP and IP code) to accomplish two things. > > First, the ARP code is modified in two ways. The first is that it is > told i think that there is another scheme that doesn't require ARP-conflicts - use forwarders. for example, 1) we have 111.111.111.111 as "cluster" ip-address 2) we have cluster dispatcher machine, that haves one external interface and N internal "cluster" interfaces 3) we have N computers been a real cluster parts with ip-addresses 10.0.0.1, 10.0.0.2 ... 10.0.0.N 4) each clusterpart computer (10.0.0.X) sets lo0 alias 111.111.111.111 5) dispatcher forwards packet with dst=111.111.111.111 to one of cluster part 10.0.0.X on source IP based policy. what do you think about it? Sincerely your, Cyril A. Vechera email:cyril@piter.net --------- http://sply.piter.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Mar 19 9:42: 1 1999 Delivered-To: freebsd-net@freebsd.org Received: from marcos.networkcs.com (marcos.networkcs.com [137.66.16.1]) by hub.freebsd.org (Postfix) with ESMTP id 147D914D02 for ; Fri, 19 Mar 1999 09:41:57 -0800 (PST) (envelope-from mks@us.networkcs.com) Received: from us.networkcs.com (us.networkcs.com [137.66.11.15]) by marcos.networkcs.com (8.9.0.Beta5/8.9.0.Beta5) with ESMTP id LAA19863; Fri, 19 Mar 1999 11:41:38 -0600 (CST) Received: (from mks@localhost) by us.networkcs.com (8.8.7/8.8.7) id LAA25987; Fri, 19 Mar 1999 11:41:37 -0600 (CST) From: Mike Spengler Message-Id: <199903191741.LAA25987@us.networkcs.com> Subject: Re: trpt diagnostic In-Reply-To: <19990319021955.13758.rocketmail@web707.mail.yahoo.com> from boards yan at "Mar 18, 99 06:19:54 pm" To: boardyan@yahoo.com (boards yan) Date: Fri, 19 Mar 1999 11:41:37 -0600 (CST) Cc: freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org boards yan said: > Hi, > After setting SO_DEBUG option, root still can see anything from trpt > except the error message which is > "trpt: /kernel: no namelist". > And I can't find other info from the man pages. > Any suggestion would be a great help. > You must also build and install a kernel with: options TCPDEBUG -- Mike Spengler Network Computing Services, Inc. Email: mks@networkcs.com 1200 Washington Ave. So. Phone: +1 612 337 3557 Minneapolis MN 55415 FAX: +1 612 337 3400 (aka Minnesota Supercomputer Center) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Mar 19 10:47:41 1999 Delivered-To: freebsd-net@freebsd.org Received: from bladerunner.skynetweb.com (bladerunner.skynetweb.com [208.239.240.41]) by hub.freebsd.org (Postfix) with ESMTP id 9903C14EF0 for ; Fri, 19 Mar 1999 10:47:20 -0800 (PST) (envelope-from pryker@skynetweb.com) Received: from skynetweb.com (host80.skynetweb.com [208.231.1.80] (may be forged)) by bladerunner.skynetweb.com (8.8.8/8.8.8) with ESMTP id NAA01855 for ; Fri, 19 Mar 1999 13:46:57 -0500 (EST) (envelope-from pryker@skynetweb.com) Message-ID: <36F253B8.4DC7225D@skynetweb.com> Date: Fri, 19 Mar 1999 13:40:08 +0000 From: Phillip Ryker Organization: SkyNetWEB Ltd. X-Mailer: Mozilla 4.5 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: IPFW - DUMMYNET Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Good Evening! I am running FreeBSD v3.1 STABLE. I have just done a 'make world' and recompiled the kernel with the following options: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_DEFAULT_TO_ACCEPT options DUMMYNET I have put this into rc.network: # IP DUMMYNET if [ "x$control_bandwidth" != "xNO" ] ; then sysctl -w net.inet.ip.fw.one_pass=1 > /dev/null 2>&1 # dummynet fi And my entire rc.firewall looks like this: # -------------------------------------------------- # Molasses Firewall-Dummynet Setup # -------------------------------------------------- # OK, Let's first flush all rules ipfw -f flush # Bandwidth Limiter Pipes ipfw pipe 1 config bw 512Kbit/s # Packet Selection Pipes ipfw add pipe 1 ip from any to any # -------------------------------------------------- All I want to do is to limit bandwidth in and out of the box. But this setup is not working. I am using MRTG to measure bandwidth. MRTG is available at: http://ee-staff.ethz.ch/~oetiker/webtools/mrtg/mrtg.html When I do a 'ipfw -a list I get: 00100 4746974 189878960 pipe 1 ip from any to any 65535 0 0 allow ip from any to any Which tells me that everything is going through the pipe, so why is it not working? I am lost... I have been working on this for over a week now and have no where else to turn. Any help would be appreciated. Thank you -- Phillip Ryker ------------------------------ | SkyNetWEB Ltd. | | 1301 S. Baylis Street | | Baltimore Maryland 21226 | | Phone: 410.563.6384 | | Fax: 410.563.5457 | ------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Mar 19 11: 2: 1 1999 Delivered-To: freebsd-net@freebsd.org Received: from bladerunner.skynetweb.com (bladerunner.skynetweb.com [208.239.240.41]) by hub.freebsd.org (Postfix) with ESMTP id A57AD152B2 for ; Fri, 19 Mar 1999 11:01:51 -0800 (PST) (envelope-from pryker@skynetweb.com) Received: from skynetweb.com (host80.skynetweb.com [208.231.1.80] (may be forged)) by bladerunner.skynetweb.com (8.8.8/8.8.8) with ESMTP id OAA01962 for ; Fri, 19 Mar 1999 14:01:29 -0500 (EST) (envelope-from pryker@skynetweb.com) Message-ID: <36F25720.3FD9E113@skynetweb.com> Date: Fri, 19 Mar 1999 13:54:40 +0000 From: Phillip Ryker Organization: SkyNetWEB Ltd. X-Mailer: Mozilla 4.5 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: [Fwd: IPFW - DUMMYNET] Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Friends, I forgot to mention below that the box is a gateway and has two ethernet cards in it. xl0 and xl1. I am just trying to limit the bandwidth going in each direction. Thank you > > Good Evening! > > I am running FreeBSD v3.1 STABLE. I have just done a 'make world' and > recompiled the kernel with the following options: > > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPFIREWALL_DEFAULT_TO_ACCEPT > options DUMMYNET > > I have put this into rc.network: > > # IP DUMMYNET > if [ "x$control_bandwidth" != "xNO" ] ; then > sysctl -w net.inet.ip.fw.one_pass=1 > /dev/null 2>&1 # > dummynet > fi > > And my entire rc.firewall looks like this: > > # -------------------------------------------------- > # Molasses Firewall-Dummynet Setup > # -------------------------------------------------- > # OK, Let's first flush all rules > > ipfw -f flush > > # Bandwidth Limiter Pipes > > ipfw pipe 1 config bw 512Kbit/s > > # Packet Selection Pipes > > ipfw add pipe 1 ip from any to any > > # -------------------------------------------------- > > All I want to do is to limit bandwidth in and out of the box. But this > setup is not working. I am using MRTG to measure bandwidth. MRTG is > available at: > > http://ee-staff.ethz.ch/~oetiker/webtools/mrtg/mrtg.html > > When I do a 'ipfw -a list I get: > > 00100 4746974 189878960 pipe 1 ip from any to any > 65535 0 0 allow ip from any to any > > Which tells me that everything is going through the pipe, so why is it > not working? I am lost... I have been working on this for over a week > now and have no where else to turn. > > Any help would be appreciated. > > Thank you > -- > Phillip Ryker > ------------------------------ > | SkyNetWEB Ltd. | > | 1301 S. Baylis Street | > | Baltimore Maryland 21226 | > | Phone: 410.563.6384 | > | Fax: 410.563.5457 | > ------------------------------ -- Phillip Ryker ------------------------------ | SkyNetWEB Ltd. | | 1301 S. Baylis Street | | Baltimore Maryland 21226 | | Phone: 410.563.6384 | | Fax: 410.563.5457 | ------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Mar 19 12:43:59 1999 Delivered-To: freebsd-net@freebsd.org Received: from tenor.codegen.com (tenor.CodeGen.COM [207.44.182.19]) by hub.freebsd.org (Postfix) with ESMTP id 4E80E14D86 for ; Fri, 19 Mar 1999 12:43:57 -0800 (PST) (envelope-from tjm@codegen.com) Received: from tenor.codegen.com (tjm@localhost.CodeGen.COM [127.0.0.1]) by tenor.codegen.com (8.8.7/8.8.7) with ESMTP id MAA05519 for ; Fri, 19 Mar 1999 12:43:38 -0800 (PST) (envelope-from tjm@tenor.codegen.com) Message-Id: <199903192043.MAA05519@tenor.codegen.com> To: net@freebsd.org Subject: Firewall configuration problem Organization: CodeGen, Inc., San Francisco, CA Date: Fri, 19 Mar 1999 12:43:37 -0800 From: "Thomas J. Merritt" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm configuring a firewall and have run into a bit of a configuration problem. The network map looks as follows. +----------+ +----------+ | inside LAN | |outside | | | | |LAN | | | ----| DSL modem|--------------|fxp1 fxp0|------------------| | | xx.xx.xx.225| |xx.xx.xx.230/29 | | | | Firewall | | +----------+ +----------+ | | | +----------+ | | | | | Inside | | | Host |------------------| | |xx.xx.xx.226/29 | | | | +----------+ | The interfaces on the firewall machine are configured as follows. fxp0: flags=8943 mtu 1500 inet xx.xx.xx.230 netmask 0xfffffff8 broadcast xx.xx.xx.231 fxp1: flags=8943 mtu 1500 inet xx.xx.xx.225 netmask 0xffffff00 broadcast xx.xx.xx.255 Packet forwarding is enabled. $ sysctl net.inet.ip.forwarding net.inet.ip.forwarding: 1 On the inside if I ping an outside machine. I can see the packet route to the firewall and then route out the DSL link. The ping reply comes back but doesn't make it to the firewall since there is no ARP response to the who has query. To attempt to fix the above problem I added a proxy arp on the firewall for xx.xx.xx.226. $ arp -s xx.xx.xx.226 auto pub With this entry the firewall will respond on the outside interface to the who has query and the the packet will be received on fxp0. The problem at this point is that the packet gets sent back out fxp0 rather than out fxp1 to the .226 machine. Anyone have any recommendations on how to make this configuration work? On previous firewall setups that I have done the inside subnet has been completely routed by the ISP's router to the outside interface. In the DSL case though the subnet is just a chunk of addresses on the outside interface without any routing. It seems like this is going to be an increasingly common configuration problem with the advent of DSL and cable modems. Any help would be greatly appreciated, TJ Merritt tjm@codegen.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Mar 19 13: 3:58 1999 Delivered-To: freebsd-net@freebsd.org Received: from maxwell.syr.edu (maxwell.syr.edu [128.230.129.5]) by hub.freebsd.org (Postfix) with ESMTP id 1297614CF2 for ; Fri, 19 Mar 1999 13:03:53 -0800 (PST) (envelope-from cmsedore@maxwell.syr.edu) Received: from exchange.maxwell.syr.edu (exchange.maxwell.syr.edu [128.230.129.241]) by maxwell.syr.edu (8.9.1a/8.9.1) with ESMTP id PAA07750 for ; Fri, 19 Mar 1999 15:51:24 GMT Received: by exchange.maxwell.syr.edu with Internet Mail Service (5.5.1960.3) id ; Fri, 19 Mar 1999 16:03:29 -0500 Message-ID: <262C3DA9BE0CD211971700A0C9B413A1CBDA@exchange.maxwell.syr.edu> From: Christopher Sedore To: "'freebsd-net@freebsd.org'" Subject: RE: clustering/load balancing Date: Fri, 19 Mar 1999 16:03:29 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > From: Julian Elischer [SMTP:julian@whistle.com] > > Christopher Sedore wrote: > > [...] > > > > > It should work, though the fwd localhost would have to imply that we > > should accept A's address as our own (not sure if that is implied or > > not, or if I'm just missing something). > > That's what ipfw fwd does if the fwd address is local. > BUT it doesn't cahnge the destination on the packet to be local, > rather, > it changes the socket to think it's somewhere else.. > > > The difference is that you are > > solely dependant on machine A. If A croaks, you're done. That is, > > you've got a single machine depenancy--fine for load sharing, but > > perhaps not optimal for clustering with fault tolerance. If you > have to > > have aliases for A's address, I think that B, C, and D would need > > separate links back to A to eliminate IP address conflict issues, or > > you'd need mods similar to mine. > > No that's the thing about IPFW fwd.. > The addressed on the packets being sent out of B,C,D will look as if > the > packets > have come from A, but they will have physical layer addresses that > will > make them > be accepted by A and forwarded. > > > There are no IP address conflicts. > > The socket that catches the packet on B,C,D will actually think it is > on > A > > Amazingly this works.. Netstat will even report that you have a > foreign socket on your system :-) > That is quite cool. I didn't notice the glue for that when messing with ip_input. I'm going to have a look at it. > You'll need an up-to date ip_input.c for this to work.. there's a bug > in > 3.1-RELEASE. > > > > You may have additional problems with high load on A. I know that > our > > (admittedly behind the times) PP200 FreeBSD firewall can get a bit > busy > > when we pass the 4000pps (that is 4000pps on the in and the out > > interfaces simultaneously) mark. > > Sure then just dedicate one machine to do the diversion and such. > > > This means that you'd need additional > > metrics to determine how much loading A should get vs the rest, > > recognizing that you may increase application latency on A as the > load > > on B, C, and D increase. Of course, if you were using FreeBSD for A > > anyway my methodology would leave excess CPU cycles for waste on > that > > box. (Also, I don't have any code for differential load control > either, > > and it could certainly happen in my scenario though the effects > would > > probably not be as dramatic). > > > > -Chris > > You should be able to throw a P60 in there as 'A' > from the junk heap and get away with it... > Not if you're doing 100mbit links. I had a P90 in for our firewall (probably more rules than you'd need for a dispatch though) and it couldn't handle more than 3000 or so packets per second passing through it. For small configurations it should be fine. All of the above still does not resolve the single machine dependancy of this scheme, which is a non-trivial fault IMHO. I may think about writing a daemon to do monitorig and distribution for the above scheme, though. -Chris > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Mar 19 16:29:30 1999 Delivered-To: freebsd-net@freebsd.org Received: from etinc.com (et-gw.etinc.com [207.252.1.2]) by hub.freebsd.org (Postfix) with ESMTP id 73FC514EFD for ; Fri, 19 Mar 1999 16:29:27 -0800 (PST) (envelope-from dennis@etinc.com) Received: from dbsys (dbsys.etinc.com [207.252.1.18]) by etinc.com (8.8.8/8.6.9) with SMTP id TAA07066; Fri, 19 Mar 1999 19:27:41 -0500 (EST) Message-Id: <199903200027.TAA07066@etinc.com> X-Sender: dennis@etinc.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0 Date: Fri, 19 Mar 1999 19:24:00 -0500 To: Luigi Rizzo , net@FreeBSD.ORG From: Dennis Subject: Bridge HOW-TO? In-Reply-To: <199809011535.RAA09416@labinfo.iet.unipi.it> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've been poking around some docs and havent found a definitive step-by-step how-to on how to make a simple bridge with freebsd. Can the box be accesses via telnet? The goal is to connect multiple ethernet with only a few IP addresses (and where subnetting would be inappropriate)... but to still use the FreeBSD box as a wan router. Basically a high speed wan link to multiple fast ethernets. any pointers would be appreciated. Dennis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Mar 19 17:21:11 1999 Delivered-To: freebsd-net@freebsd.org Received: from friley-185-206.res.iastate.edu (friley-185-206.res.iastate.edu [129.186.185.206]) by hub.freebsd.org (Postfix) with ESMTP id 696FE150AA for ; Fri, 19 Mar 1999 17:21:06 -0800 (PST) (envelope-from cc@137.org) Received: from friley-185-205.res.iastate.edu (friley-185-205.res.iastate.edu [129.186.185.205]) by friley-185-206.res.iastate.edu (Postfix) with ESMTP id 193D567 for ; Fri, 19 Mar 1999 19:20:46 -0600 (CST) Received: from friley-185-205.res.iastate.edu (localhost [127.0.0.1]) by friley-185-205.res.iastate.edu (Postfix) with ESMTP id 01210B9 for ; Fri, 19 Mar 1999 19:20:45 -0600 (CST) X-Mailer: exmh version 2.0.2 2/24/98 To: freebsd-net@freebsd.org Subject: Integrating the NetBSD PFIL hooks.. Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 19 Mar 1999 19:20:45 -0600 From: Chris Csanady Message-Id: <19990320012046.01210B9@friley-185-205.res.iastate.edu> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org What would it take for us to intergrate NetBSD's PFIL hooks? It is hard to do much work in the current network stack with so much of the mess that currently exists. At the very least, ip_input.c and ip_output.c would be much cleaner with this mechanism. I'm just wondering what needs to be done, and if it is possible. Ipfilter would already support this, but how about ipfw, dummynet, divert and such? Would the authors of the respective code be willing to help out with the necessary changes? Chris Csanady To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Mar 19 17:41: 7 1999 Delivered-To: freebsd-net@freebsd.org Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by hub.freebsd.org (Postfix) with ESMTP id 4CF78152E0 for ; Fri, 19 Mar 1999 17:40:50 -0800 (PST) (envelope-from julian@whistle.com) Received: from current1.whistle.com (current1.whistle.com [207.76.205.22]) by alpo.whistle.com (8.9.1a/8.9.1) with SMTP id RAA70615; Fri, 19 Mar 1999 17:36:30 -0800 (PST) Message-ID: <36F2FB9D.2C67412E@whistle.com> Date: Fri, 19 Mar 1999 17:36:29 -0800 From: Julian Elischer Organization: Whistle Communications X-Mailer: Mozilla 3.0Gold (X11; I; FreeBSD 2.2.8-RELEASE i386) MIME-Version: 1.0 To: Chris Csanady Cc: freebsd-net@FreeBSD.ORG Subject: Re: Integrating the NetBSD PFIL hooks.. References: <19990320012046.01210B9@friley-185-205.res.iastate.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Chris Csanady wrote: > > What would it take for us to intergrate NetBSD's PFIL hooks? It is > hard to do much work in the current network stack with so much of > the mess that currently exists. At the very least, ip_input.c and > ip_output.c would be much cleaner with this mechanism. > > I'm just wondering what needs to be done, and if it is possible. > Ipfilter would already support this, but how about ipfw, dummynet, > divert and such? Would the authors of the respective code be > willing to help out with the necessary changes? > > Chris Csanady > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message Certainly though I haven't looked.. It certainly looks like it could use some cleaning.. It's suffering from 'evolutionary changes'. We at whistle have to take a lot of the blame. We implemented 'divert' sockets after a suggestion from one of the CSRG guys. (forget his name.. the Kieth that was not a Bostic) The divert functionality adds a lot of possibilities but it has its tentacles all over the place. The 'fwd' option of ipfw has a few tentacles reaching as far as tcp_input. The dummynet stuff I can't comment on so much.. julian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Mar 20 0:29:26 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id A42D515045 for ; Sat, 20 Mar 1999 00:28:56 -0800 (PST) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id HAA01522; Sat, 20 Mar 1999 07:12:39 +0100 From: Luigi Rizzo Message-Id: <199903200612.HAA01522@labinfo.iet.unipi.it> Subject: Re: Integrating the NetBSD PFIL hooks.. To: cc@137.org (Chris Csanady) Date: Sat, 20 Mar 1999 07:12:39 +0100 (MET) Cc: freebsd-net@FreeBSD.ORG In-Reply-To: <19990320012046.01210B9@friley-185-205.res.iastate.edu> from "Chris Csanady" at Mar 19, 99 07:20:26 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 568 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > What would it take for us to intergrate NetBSD's PFIL hooks? It is > hard to do much work in the current network stack with so much of > the mess that currently exists. At the very least, ip_input.c and > ip_output.c would be much cleaner with this mechanism. > > I'm just wondering what needs to be done, and if it is possible. > Ipfilter would already support this, but how about ipfw, dummynet, > divert and such? Would the authors of the respective code be > willing to help out with the necessary changes? i'd be certainly willing to work on this. luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Mar 20 1: 2:34 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id D5E2614D3E for ; Sat, 20 Mar 1999 01:02:31 -0800 (PST) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id HAA01628; Sat, 20 Mar 1999 07:46:20 +0100 From: Luigi Rizzo Message-Id: <199903200646.HAA01628@labinfo.iet.unipi.it> Subject: Re: Bridge HOW-TO? To: dennis@etinc.com (Dennis) Date: Sat, 20 Mar 1999 07:46:20 +0100 (MET) Cc: net@FreeBSD.ORG In-Reply-To: <199903200027.TAA07066@etinc.com> from "Dennis" at Mar 19, 99 07:23:41 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 2361 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I've been poking around some docs and havent found a definitive step-by-step > how-to on how to make a simple bridge with freebsd. there is a manpage (at least in 3.1) bridge(4) and almost nothing to configure (it's a learning bridge!). The source (sys/net/bridge.[ch]) is heavily commented so it should be reasonably clear what it does. All the rest is the same as an ordinary freebsd machine. > Can the box be accesses via telnet? The goal is to connect multiple ethernet sure -- assuming one of the interface has an IP address (you don't need it for a bridge). > with only a few IP addresses (and where subnetting would be inappropriate)... > but to still use the FreeBSD box as a wan router. Basically a high speed > wan link to multiple fast ethernets. you can do this remembering the following: + bridging only works between ethernet interfaces (10/100 it makes no difference); + you only need to set the IP on one of the ethernets when using bridging; + if net.inet.ip.forwarding is set to 1, the machine will still do routing between interfaces (including non-ethernets); + if you set the IP on more than one ethernet, the machine will do both bridging and routing between them So basically if your wan interface is not an ethernet you are just fine: set one IP on the WAN if, one IP on one of the ethernets, enable bridging and forwarding, and you are set. (and you can obviously telnet to the bridge machine). If your WAN interface is an ethernet, the above might still work but with some leaks (e.g. arp will go through...) which might/might not cause trouble. In my private source (and in the picobsd image on my web page http://www.iet.unipi.it/~luigi/ip_dummynet/) i do have a mechanism to define clusters of interfaces so that each cluster acts as a standalone bridge, and you can still do routing through interfaces. These might go into the source tree at some point when i have the time to test them on 4.x/3.x . cheers luigi -----------------------------------+------------------------------------- Luigi RIZZO . EMAIL: luigi@iet.unipi.it . Dip. di Ing. dell'Informazione HTTP://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) -----------------------------------+------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Mar 20 10:36:23 1999 Delivered-To: freebsd-net@freebsd.org Received: from redbox.venux.net (redbox.venux.net [216.47.238.10]) by hub.freebsd.org (Postfix) with ESMTP id 6D0D915152 for ; Sat, 20 Mar 1999 10:36:22 -0800 (PST) (envelope-from matthew@venux.net) Received: from thunder (net177138.hcv.com [209.153.177.138]) by redbox.venux.net (Postfix) with SMTP for id 92AA22E20A; Sat, 20 Mar 1999 13:37:09 -0500 (EST) Message-Id: <4.1.19990320133441.00a322e0@mail.venux.net> X-Sender: mhagerty@mail.venux.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Sat, 20 Mar 1999 13:36:23 -0500 To: freebsd-net@freebsd.org From: Matthew Hagerty Subject: Proxy, NATd, what's the dirrerence? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Greetings, Sorry if this is a little off topic, but can someone explain to me the difference between a proxy server and a NATd server? I am having a hard time finding a clear explanation. Thank you, Matthew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Mar 20 12:37:37 1999 Delivered-To: freebsd-net@freebsd.org Received: from rose.niw.com.au (app3022-2.gw.connect.com.au [203.63.119.4]) by hub.freebsd.org (Postfix) with ESMTP id 7066914C10 for ; Sat, 20 Mar 1999 12:37:33 -0800 (PST) (envelope-from ian@apdata.com.au) Received: from apdata.com.au (localhost [127.0.0.1]) by rose.niw.com.au (Postfix) with ESMTP id 303ACA3203; Sun, 21 Mar 1999 07:07:13 +1030 (CST) Message-ID: <36F406F9.92476A04@apdata.com.au> Date: Sun, 21 Mar 1999 07:07:13 +1030 From: Ian West Organization: Applied Data Control X-Mailer: Mozilla 4.5 [en] (X11; I; FreeBSD 4.0-CURRENT i386) X-Accept-Language: en MIME-Version: 1.0 To: Matthew Hagerty Cc: freebsd-net@freebsd.org Subject: Re: Proxy, NATd, what's the dirrerence? References: <4.1.19990320133441.00a322e0@mail.venux.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Matthew Hagerty wrote: > > Greetings, > > Sorry if this is a little off topic, but can someone explain to me the > difference between a proxy server and a NATd server? I am having a hard > time finding a clear explanation. > > Thank you, > Matthew > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message In real basic terms, a proxy reads data, and retransmits it on a seperate conenction, nat just rewrites the header info with the translated addresses, so it is possible to pass evil options through, even though the addresses are not visible from 'outside'. A proxy is generally (although not necessarily) an independant program dedicated to filtering the particular type of data it is applied to. This can be generalised a bit for tcp streams, but udp, icmp, and ftp need to be handled a bit more carefully. (ftp because of the data connection is independant of the control connection). Often proxys will do quite a lot more filtering as well, such as checking line lengths for smtp for example. (Or url's for http etc etc..) Hope this helps, Regards, Ian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Mar 20 13:54:34 1999 Delivered-To: freebsd-net@freebsd.org Received: from mailrelay.ywcn.or.id (ip51-globalinfo.indosat.net.id [202.155.5.51]) by hub.freebsd.org (Postfix) with ESMTP id F06CE14FF0 for ; Sat, 20 Mar 1999 13:54:26 -0800 (PST) (envelope-from roy@its-sby.edu) Received: from its-sby.edu (ns2.its-sby.edu [167.205.169.82]) by mailrelay.ywcn.or.id (8.8.8/8.8.8) with ESMTP id FAA27575 for ; Sun, 21 Mar 1999 05:59:10 +0700 (JAVT) (envelope-from roy@its-sby.edu) Received: from localhost (roy@localhost) by its-sby.edu (8.8.8/8.8.8) with SMTP id WAA10029 for ; Sat, 20 Mar 1999 22:04:35 GMT (envelope-from roy@its-sby.edu) Date: Sun, 21 Mar 1999 05:04:35 +0700 (JAVT) From: "Royyana M. Ijtihadie" To: freebsd-net@freebsd.org Subject: natd and ipmasq Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org sorry.. maybe little out of topic here.. what's the difference between NATD dan ipmasquerading on LInux ? i thought that was the same.. is that true ? /* Roy */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Mar 20 14:59: 1 1999 Delivered-To: freebsd-net@freebsd.org Received: from hp9000.chc-chimes.com (hp9000.chc-chimes.com [206.67.97.84]) by hub.freebsd.org (Postfix) with ESMTP id B2D3514FAC for ; Sat, 20 Mar 1999 14:58:55 -0800 (PST) (envelope-from billf@chc-chimes.com) Received: from localhost by hp9000.chc-chimes.com with SMTP (1.39.111.2/16.2) id AA204798643; Sat, 20 Mar 1999 17:24:03 -0500 Date: Sat, 20 Mar 1999 17:24:03 -0500 (EST) From: Bill Fumerola To: "Royyana M. Ijtihadie" Cc: freebsd-net@FreeBSD.ORG Subject: Re: natd and ipmasq In-Reply-To: Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 21 Mar 1999, Royyana M. Ijtihadie wrote: > what's the difference between NATD dan ipmasquerading on LInux ? > i thought that was the same.. is that true ? NAT is the official name that the IETF uses to refer to the concept of network address translation. FreeBSD and everyone else refers to it as NAT, while natd is the daemon that performs the translation in FreeBSD. IP Masquerading is some silly term that the Linux people came up with to be different. Though I believe it works the same way as the rest of the free world's implementation. - bill fumerola - billf@chc-chimes.com - BF1560 - computer horizons corp - - ph:(800) 252-2421 - bfumerol@computerhorizons.com - billf@FreeBSD.org - To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Mar 20 16:19:29 1999 Delivered-To: freebsd-net@freebsd.org Received: from inner.net (avarice.inner.net [199.33.248.2]) by hub.freebsd.org (Postfix) with ESMTP id C29E614E0B for ; Sat, 20 Mar 1999 16:18:52 -0800 (PST) (envelope-from cmetz@inner.net) Received: from inner.net (cmetz.cstone.net [205.197.102.217]) by inner.net (8.9.1/8.9.1) with ESMTP id AAA00909; Sun, 21 Mar 1999 00:18:06 GMT Message-Id: <199903210018.AAA00909@inner.net> To: Bill Fumerola Cc: freebsd-net@FreeBSD.ORG Subject: Re: natd and ipmasq In-reply-to: Your message of "Sat, 20 Mar 1999 17:24:03 EST." X-Copyright: Copyright 1999, Craig Metz, All Rights Reserved. X-Reposting: With explicit permission only Date: Sat, 20 Mar 1999 19:17:33 -0500 From: Craig Metz Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message , yo u write: >> what's the difference between NATD dan ipmasquerading on LInux ? >> i thought that was the same.. is that true ? > >NAT is the official name that the IETF uses to refer to the concept of >network address translation. FreeBSD and everyone else refers to it as >NAT, while natd is the daemon that performs the translation in FreeBSD. > >IP Masquerading is some silly term that the Linux people came up with to >be different. Though I believe it works the same way as the rest of the >free world's implementation. NAT means "Network Address Translation" which is a 1-to-1 mapping done to make renumbering less painful. Not long after NAT came the x-to-y (e.g., many-to-one) mappings where ports are used to allow "connections" to be mapped rather than just addresses (which is all not so hard to do once you're mucking with transport/application layers to twiddle the addresses), which is done to conserve address space (e.g., when your ISP only gives you one). These are incorrectly also called NAT, but that incorrect usage appears to now be common and in no danger of being corrected. Linux has both NAT and the not-really-NAT mapping modes; the former is called NAT and the latter is called IP Masquerading. Linux's NAT only does the 1-to-1 case and IP Masquerade only does the many-to-one case. Linux's labelling the latter "IP Masquerading" approximately predates the common misuse of the term "NAT" for this purpose. FreeBSD's natd probably does 1-to-1 and many-to-one, which are the two common cases. Both systems do approximately the same things in this problem space. -Craig To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Mar 20 16:29:37 1999 Delivered-To: freebsd-net@freebsd.org Received: from obie.softweyr.com (unknown [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id BE34014F8A for ; Sat, 20 Mar 1999 16:29:31 -0800 (PST) (envelope-from wes@softweyr.com) Received: from softweyr.com (wes@zaphod.softweyr.com [204.68.178.35]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id RAA27040; Sat, 20 Mar 1999 17:26:33 -0700 (MST) (envelope-from wes@softweyr.com) Message-ID: <36F43CB8.C7EB73DD@softweyr.com> Date: Sat, 20 Mar 1999 17:26:32 -0700 From: Wes Peters Organization: Softweyr llc X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Bill Fumerola Cc: "Royyana M. Ijtihadie" , freebsd-net@FreeBSD.ORG Subject: Re: natd and ipmasq References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Bill Fumerola wrote: > > On Sun, 21 Mar 1999, Royyana M. Ijtihadie wrote: > > > what's the difference between NATD dan ipmasquerading on LInux ? > > i thought that was the same.. is that true ? > > NAT is the official name that the IETF uses to refer to the concept of > network address translation. FreeBSD and everyone else refers to it as > NAT, while natd is the daemon that performs the translation in FreeBSD. > > IP Masquerading is some silly term that the Linux people came up with to > be different. Though I believe it works the same way as the rest of the > free world's implementation. The phrase "IP masquerading" is often used to describe stealing another's IP address for nefarious purposes. This should give you a good strong clue as to the differences between FreeBSD and Linux. ;^) -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.softweyr.com/~softweyr wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message