From owner-freebsd-isp Sun Dec 9 4:11:12 2001 Delivered-To: freebsd-isp@freebsd.org Received: from femail4.sdc1.sfba.home.com (femail4.sdc1.sfba.home.com [24.0.95.84]) by hub.freebsd.org (Postfix) with ESMTP id 51E3C37B419 for ; Sun, 9 Dec 2001 04:11:00 -0800 (PST) Received: from veager.jwweeks.com ([65.14.122.116]) by femail4.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20011209121055.CNJK18071.femail4.sdc1.sfba.home.com@veager.jwweeks.com>; Sun, 9 Dec 2001 04:10:55 -0800 Date: Sun, 9 Dec 2001 07:10:48 -0500 (EST) From: Jim Weeks X-Sender: jim@veager.jwweeks.com To: Mark Sergeant Cc: freebsd-isp@FreeBSD.ORG Subject: Re: arplookup In-Reply-To: <200112082310.fB8NA8l07351@xyzzy.intranet.snsonline.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Right now it is set to 255.255.255.0. I will try changing it as soon as someone is physically in the NOC. I suggested doing this, but the admin at the ISP insisted 255.255.255.0 was necessary. I guess I should have tried it any way. Thanks, -- Jim Weeks On 8 Dec 2001, Mark Sergeant wrote: > Most likely an easy fix, whats you netmask currentley ? I'd almost bet that > changing it to something generic like 255.255.0.0 would fix the problem, I had > this issue at a hosting centre, doing this fixed the problem for me. > > Cheers, > > Mark > > On Sat, 8 Dec 2001 11:59:50 -0500 (EST), Jim Weeks said: > > > Hey guys, > > > > I know this has been discussed before, but I continue to have this problem > > and simply can't see an end in sight. > > > > arplookup xxx.xxx.xxx.xxx failed: host is not on local network > > > > I am not all that Linux literate, but from what I can tell my FreeBSD > > machinery must be the only machines on this network complaining about > > these requests. I am sure it is caused by router misconfiguration, but > > since the ISP doesn't have to look at my logs, I can't seem to get him > > interested in fixing the problem. > > > > Is there some way I can stop these messages from being logged so I can > > check them occasionally without all the static. > > > > Thanks, > > -- > > Jim Weeks > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > > > -- > Mark Sergeant | url: http://www.snsonline.net/ > Unix Systems Administrator | email: msergeant@snsonline.net > disclaimer: http://www.snsonline.net/disclaimer/ | mobile: +61 4 1271 42631 > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 9 4:45:45 2001 Delivered-To: freebsd-isp@freebsd.org Received: from velvet.sensation.net.au (vn.sensation.net.au [203.20.114.246]) by hub.freebsd.org (Postfix) with ESMTP id E37E137B416 for ; Sun, 9 Dec 2001 04:45:40 -0800 (PST) Received: from localhost (rowan@localhost) by velvet.sensation.net.au (8.9.3/8.9.3) with ESMTP id XAA45417 for ; Sun, 9 Dec 2001 23:45:38 +1100 (EST) (envelope-from rowan@sensation.net.au) X-Authentication-Warning: velvet.sensation.net.au: rowan owned process doing -bs Date: Sun, 9 Dec 2001 23:45:38 +1100 (EST) From: Rowan Crowe To: freebsd-isp@freebsd.org Subject: Re: arplookup In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, 9 Dec 2001, Jim Weeks wrote: > Right now it is set to 255.255.255.0. I will try changing it as soon as > someone is physically in the NOC. I suggested doing this, but the admin > at the ISP insisted 255.255.255.0 was necessary. I guess I should have > tried it any way. Just a warning that this will break connectivity to IPs in that block of 65535 IPs that are *not* on that LAN. For example, if your IP is 1.1.100.3 and your netmask is 255.255.255.0, your LAN has 255 local hosts, and everything else is routed via the gateway. If you change it to 255.255.0.0, then your LAN has 65535 local hosts, and everything else is routed via the gateway. This means that if you try to communicate with (say) 1.1.200.1, it will fail, because your machine assumes it's on the LAN, when it's *really* outside of that network, and can only be reached via the gateway. Coming full circle, setting that hostmask may actually cause similar or identical ARP errors on other machines, because there will be ARP requests coming from your machine for IPs that *are not* on the LAN (but your machine thinks they are) Cheers. -- Rowan Crowe - Melbourne, Australia www.camrecord.com | www.camdiscover.com | www.sensationbot.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 9 8:40:39 2001 Delivered-To: freebsd-isp@freebsd.org Received: from femail4.sdc1.sfba.home.com (femail4.sdc1.sfba.home.com [24.0.95.84]) by hub.freebsd.org (Postfix) with ESMTP id 2548F37B405 for ; Sun, 9 Dec 2001 08:40:37 -0800 (PST) Received: from veager.jwweeks.com ([65.14.122.116]) by femail4.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20011209164031.GAWZ18071.femail4.sdc1.sfba.home.com@veager.jwweeks.com>; Sun, 9 Dec 2001 08:40:31 -0800 Date: Sun, 9 Dec 2001 11:40:25 -0500 (EST) From: Jim Weeks X-Sender: jim@veager.jwweeks.com To: Rowan Crowe Cc: freebsd-isp@FreeBSD.ORG Subject: Re: arplookup In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, 9 Dec 2001, Rowan Crowe wrote: > Just a warning that this will break connectivity to IPs in that block of > 65535 IPs that are *not* on that LAN. > > For example, if your IP is 1.1.100.3 and your netmask is 255.255.255.0, > your LAN has 255 local hosts, and everything else is routed via the > gateway. If you change it to 255.255.0.0, then your LAN has 65535 local > hosts, and everything else is routed via the gateway. > > This means that if you try to communicate with (say) 1.1.200.1, it will > fail, because your machine assumes it's on the LAN, when it's *really* > outside of that network, and can only be reached via the gateway. > > Coming full circle, setting that hostmask may actually cause similar or > identical ARP errors on other machines, because there will be ARP requests > coming from your machine for IPs that *are not* on the LAN (but your > machine thinks they are) Full circle indeed! This brings us back to the original problem, why aren't these requests coming through the gateway in the first place. I haven't had a strait answer to that question yet. Any enlightenment would be appreciated. Thanks, -- Jim Weeks To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 9 9:38:43 2001 Delivered-To: freebsd-isp@freebsd.org Received: from c007.snv.cp.net (c007-h011.c007.snv.cp.net [209.228.33.217]) by hub.freebsd.org (Postfix) with SMTP id 440E437B416 for ; Sun, 9 Dec 2001 09:38:40 -0800 (PST) Received: (cpmta 6650 invoked from network); 9 Dec 2001 09:38:39 -0800 Received: from 216.227.100.85 (HELO vector) by smtp.telocity.com (209.228.33.217) with SMTP; 9 Dec 2001 09:38:39 -0800 X-Sent: 9 Dec 2001 17:38:39 GMT From: "Dustin Puryear" To: Subject: Using DNAT and DNS round-robin Date: Sun, 9 Dec 2001 11:46:34 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I posted earlier concerning using FreeBSD with a web service with one firewall and two web servers, all running FreeBSD 4.4-RELEASE. Basically, we feel that we have two solutions that would work. First, we can setup each web server with a series of interface aliases for each IP-based virtual host. Second, we could maintain a private internal network and assign each web IP address to be used on the firewall's public interface and then use DNAT to send the request to the web servers. I am thinking the second solution is best. Is this how most of you do this? Also, can I configure FreeBSD to use some type of round robin so that we can use multiple web servers? My concern is that when I create the routing tables the IP addresses are used internally, and not symbolic names, so specifying a hostname won't have the desire result even if I have DNS setup to round robin that hostname between several addresses. Any help? BTW, I may post a similar question to freebsd-questions, so you can ignore one of these. :) Regards, Dustin --- Dustin Puryear Information Systems Consultant http://members.telocity.com/~dpuryear In the beginning the Universe was created. This has been widely regarded as a bad move. - Douglas Adams To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 9 9:51:30 2001 Delivered-To: freebsd-isp@freebsd.org Received: from c007.snv.cp.net (c007-h015.c007.snv.cp.net [209.228.33.222]) by hub.freebsd.org (Postfix) with SMTP id 365C737B416 for ; Sun, 9 Dec 2001 09:51:27 -0800 (PST) Received: (cpmta 28000 invoked from network); 9 Dec 2001 09:51:26 -0800 Received: from 216.227.100.85 (HELO vector) by smtp.telocity.com (209.228.33.222) with SMTP; 9 Dec 2001 09:51:26 -0800 X-Sent: 9 Dec 2001 17:51:26 GMT From: "Dustin Puryear" To: Subject: RE: Using DNAT and DNS round-robin Date: Sun, 9 Dec 2001 11:59:21 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I forgot to mention our third option, which also appears quite viable. We are looking into the use of Squid, which has virtual hosting support. Using this method we can forgo DNAT entirely. Any thoughts or experience with this additional method? Regards, Dustin --- Dustin Puryear Information Systems Consultant http://members.telocity.com/~dpuryear In the beginning the Universe was created. This has been widely regarded as a bad move. - Douglas Adams > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Dustin Puryear > Sent: Sunday, December 09, 2001 11:47 AM > To: freebsd-isp@freebsd.org > Subject: Using DNAT and DNS round-robin > > > I posted earlier concerning using FreeBSD with a web service with one > firewall and two web servers, all running FreeBSD 4.4-RELEASE. > Basically, we > feel that we have two solutions that would work. First, we can setup each > web server with a series of interface aliases for each IP-based virtual > host. Second, we could maintain a private internal network and assign each > web IP address to be used on the firewall's public interface and then use > DNAT to send the request to the web servers. I am thinking the second > solution is best. > > Is this how most of you do this? Also, can I configure FreeBSD to use some > type of round robin so that we can use multiple web servers? My concern is > that when I create the routing tables the IP addresses are used > internally, > and not symbolic names, so specifying a hostname won't have the desire > result even if I have DNS setup to round robin that hostname > between several > addresses. > > Any help? > > BTW, I may post a similar question to freebsd-questions, so you can ignore > one of these. :) > > Regards, Dustin > > --- > Dustin Puryear > Information Systems Consultant > http://members.telocity.com/~dpuryear > In the beginning the Universe was created. > This has been widely regarded as a bad move. - Douglas Adams > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 9 10:20:56 2001 Delivered-To: freebsd-isp@freebsd.org Received: from c007.snv.cp.net (c007-h011.c007.snv.cp.net [209.228.33.217]) by hub.freebsd.org (Postfix) with SMTP id 4AE5C37B405 for ; Sun, 9 Dec 2001 10:20:47 -0800 (PST) Received: (cpmta 24302 invoked from network); 9 Dec 2001 10:20:46 -0800 Received: from 216.227.100.85 (HELO vector) by smtp.telocity.com (209.228.33.217) with SMTP; 9 Dec 2001 10:20:46 -0800 X-Sent: 9 Dec 2001 18:20:46 GMT From: "Dustin Puryear" To: "Gabriel Ambuehl" Cc: Subject: RE: Re[2]: Using DNAT and DNS round-robin Date: Sun, 9 Dec 2001 12:28:41 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal In-Reply-To: <112451517177.20011209190758@buz.ch> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Gabriel, let me try to explain this better. We want to setup n web servers behind a firewall, all of which will be running FreeBSD 4.4-RELEASE. The web servers will be setup for IP-based virtual hosting. In order to support virtual hosting we need to do one of the following: setup the firewall to just route all incoming packets for our assigned network internally and have each web server setup an interface aliase for each IP address used by a virtual host (I'm not even sure how this would be done to be honest since we can't have multiple servers using the same IP), setup our firewall with an interface alias for each IP address used by a virtual host and then use DNAT to just route each incoming packet to one of the n web servers to be serviced, or use Squid as a reverse proxy and forgo DNAT or using the public IP addresses internally. The Squid solution seems the best, but I could be wrong. My question was what method is being used by others, and if we choose the second method, if we can still use DNS round robin. (The latter question you have answered.) Regards, Dustin PS I CC'd freebsd-isp for others that may be curious or that may read this thread later on. --- Dustin Puryear Information Systems Consultant http://members.telocity.com/~dpuryear In the beginning the Universe was created. This has been widely regarded as a bad move. - Douglas Adams > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Gabriel Ambuehl > Sent: Sunday, December 09, 2001 12:08 PM > To: questions@freebsd.org > Subject: Re[2]: Using DNAT and DNS round-robin > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hello Dustin, > > Sunday, December 09, 2001, 6:59:21 PM, you wrote: > > > I forgot to mention our third option, which also appears quite > > viable. We are looking into the use of Squid, which has virtual > > hosting support. Using this method we can forgo DNAT entirely. Any > > thoughts or experience with this additional method? > > > I don't fully get what you're trying to achieve. If each machine got > an IP on the firewall, why would you want to use NAT, then (no > routing > beyond the firewall is about the only reason I can think of and in > that case, you should kick your ISP)? > > Round robin DNS for sure does work and it doesn't at all care whether > you got some NAT redirects or not. > > > > Best regards, > Gabriel >  > > -----BEGIN PGP SIGNATURE----- > Version: PGP 6.5i > > iQEVAwUBPBOaXsZa2WpymlDxAQFzaQf/Xl3hzdn0Ufy6ePJo5bFLz5uUR31AX2ll > SX0/07cnHlf3oMRZTdONy/0gRN7BKMSx0BFtrEtteAC9v2cdExSs34NLlzN/nJIx > hbdSQteZX/r0cA8lTU3doBR08sCSHWSCyFvbHPhisv9LWSLgGykrtoERdloiODkc > Mq8AL2/Fo67LxaqTEORIG8rGioZ0yUDBs9MYyfY2OHmeV5iJNO/q+xa++ENHn41f > 4QOcgN8ft/LukBByiPYFGiV9EY3lv+JZ7ma8Yz6pIKOJbJf2TnMo1UUp3In4cpBp > v5GMgW1z5XL5jWbaxWintuir0MUu+k7tnbXQasEXSK9DYeIRUM7n6g== > =UXQ+ > -----END PGP SIGNATURE----- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 9 10:23:47 2001 Delivered-To: freebsd-isp@freebsd.org Received: from gamma.root-servers.ch (gamma.root-servers.ch [195.49.62.126]) by hub.freebsd.org (Postfix) with SMTP id 28C5E37B405 for ; Sun, 9 Dec 2001 10:23:40 -0800 (PST) Received: (qmail 61858 invoked from network); 9 Dec 2001 18:23:39 -0000 Received: from dclient217-162-128-224.hispeed.ch (HELO athlon550) (217.162.128.224) by 0 with SMTP; 9 Dec 2001 18:23:39 -0000 Date: Sun, 9 Dec 2001 19:24:25 +0100 From: Gabriel Ambuehl X-Mailer: The Bat! (v1.53bis) Educational Organization: BUZ Internet Services X-Priority: 3 (Normal) Message-ID: <43452503966.20011209192425@buz.ch> To: "Dustin Puryear" Cc: freebsd-isp@freebsd.org Subject: Re[4]: Using DNAT and DNS round-robin In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hello Dustin, Sunday, December 09, 2001, 7:28:41 PM, you wrote: > Gabriel, let me try to explain this better. > We want to setup n web servers behind a firewall, all of which will > be running FreeBSD 4.4-RELEASE. The web servers will be setup for > IP-based virtual hosting. In order to support virtual hosting we > need to do one of So you actually got one IP for each user. Lucky admin, you are. > the following: setup the firewall to just route all incoming > packets for our assigned network internally and have each web > server setup an interface aliase for each IP address used by a > virtual host (I'm not even sure how this would be done to be honest > since we can't have multiple servers using the same IP), Why would you need too? You actually need the reverse, multiple IPs for one server... > setup our firewall with an interface alias for each IP address > used by a virtual host and then use DNAT to just route each > incoming packet to one of the n web servers to be serviced, or use > Squid as a reverse proxy and forgo DNAT or using the public IP > addresses internally. The Squid solution seems the best, but I > could be wrong. Why not just have the firewall act as classic router like all other people out there do it? > My question was what method is being used by others, and if we > choose the second method, if we can still use DNS round robin. (The > latter question you have answered.) You can always use round robin if you have more than one IP hosting the same data. Whether you want to use it is a wholly different topic... Best regards, Gabriel -----BEGIN PGP SIGNATURE----- Version: PGP 6.5i iQEVAwUBPBOeTMZa2WpymlDxAQEC2Af+J6lstVSZ3nkF1RhYebbWtQQOrr9ZwzeV spI4cnc4DUkNLfEumDLntFU9ppDdQL9Y0+1wyR2rhPtofZpAuzKSPz+aOVXtNApo xWtlbWsJer7tcZlvGyFN+spnri8NnwtkZEBG9z6lQ/nz7Gvv86gC9AMNC+DA2Kx5 +PDwmA8iPzGwJwNWBGReqiRYKPYern20NRlQQYrtBkVu4MBzK6k8g9WCMRUdAjWT XxkjXfRVBfBnUrRBGA/eQrkmyP5jtWE7Mm04OIjfS+XShto/zwzvW/RfbmGvzXob x/pWhUhJHWwK4Wlic3x4eCH5YQjOhIIzbcmdYA0w7RlxKTGq5EetAQ== =4YHb -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 9 10:45:24 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail1.hostonfly.net (services1.sc1.hostonfly.net [216.65.107.14]) by hub.freebsd.org (Postfix) with ESMTP id 5EA8F37B416 for ; Sun, 9 Dec 2001 10:45:20 -0800 (PST) Received: from WS1 (unknown [194.85.102.162]) by mail1.hostonfly.net (Postfix) with ESMTP id 21AAF2350 for ; Sun, 9 Dec 2001 18:45:05 +0000 (GMT) Date: Sun, 9 Dec 2001 21:37:49 +0300 From: Dmitry Koltsov X-Mailer: The Bat! (v1.49) UNREG / CD5BF9353B3B7091 Reply-To: Dmitry Koltsov X-Priority: 3 (Normal) Message-ID: <196254713265.20011209213749@hostonfly.com> To: freebsd-isp@FreeBSD.ORG Subject: Re[2]: Using DNAT and DNS round-robin In-reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Configuring of round-robin under Bind is very simple. You can create as much A records as you want and you'll receive round-robin configuration. To give more exact answer I should ask you: what you are looking for? just load balancing and/or high availability? Also I think that Squid is not very good solution as minimum from your customer's point of view. We are using our own, DNS-based solution and we are happy with it. Real issue with our cluster: http://www.hostonfly.net/mrtg1705/ - no downtime as result Best regards, Dmitry Koltsov Host On Fly S.A. mailto:root@hostonfly.com Sunday, December 09, 2001, you wrote to me: DP> I forgot to mention our third option, which also appears quite viable. We DP> are looking into the use of Squid, which has virtual hosting support. Using DP> this method we can forgo DNAT entirely. Any thoughts or experience with this DP> additional method? DP> Regards, Dustin DP> --- DP> Dustin Puryear DP> Information Systems Consultant DP> http://members.telocity.com/~dpuryear DP> In the beginning the Universe was created. DP> This has been widely regarded as a bad move. - Douglas Adams >> -----Original Message----- >> From: owner-freebsd-isp@FreeBSD.ORG >> [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Dustin Puryear >> Sent: Sunday, December 09, 2001 11:47 AM >> To: freebsd-isp@freebsd.org >> Subject: Using DNAT and DNS round-robin >> >> >> I posted earlier concerning using FreeBSD with a web service with one >> firewall and two web servers, all running FreeBSD 4.4-RELEASE. >> Basically, we >> feel that we have two solutions that would work. First, we can setup each >> web server with a series of interface aliases for each IP-based virtual >> host. Second, we could maintain a private internal network and assign each >> web IP address to be used on the firewall's public interface and then use >> DNAT to send the request to the web servers. I am thinking the second >> solution is best. >> >> Is this how most of you do this? Also, can I configure FreeBSD to use some >> type of round robin so that we can use multiple web servers? My concern is >> that when I create the routing tables the IP addresses are used >> internally, >> and not symbolic names, so specifying a hostname won't have the desire >> result even if I have DNS setup to round robin that hostname >> between several >> addresses. >> >> Any help? >> >> BTW, I may post a similar question to freebsd-questions, so you can ignore >> one of these. :) >> >> Regards, Dustin >> >> --- >> Dustin Puryear >> Information Systems Consultant >> http://members.telocity.com/~dpuryear >> In the beginning the Universe was created. >> This has been widely regarded as a bad move. - Douglas Adams >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-isp" in the body of the message >> DP> To Unsubscribe: send mail to majordomo@FreeBSD.org DP> with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 9 12:43:24 2001 Delivered-To: freebsd-isp@freebsd.org Received: from c007.snv.cp.net (c007-h011.c007.snv.cp.net [209.228.33.217]) by hub.freebsd.org (Postfix) with SMTP id 880E337B416 for ; Sun, 9 Dec 2001 12:43:21 -0800 (PST) Received: (cpmta 7066 invoked from network); 9 Dec 2001 12:43:15 -0800 Received: from 216.227.100.85 (HELO vector) by smtp.telocity.com (209.228.33.217) with SMTP; 9 Dec 2001 12:43:15 -0800 X-Sent: 9 Dec 2001 20:43:15 GMT From: "Dustin Puryear" To: Subject: RE: Re[4]: Using DNAT and DNS round-robin Date: Sun, 9 Dec 2001 14:51:10 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > Gabriel, let me try to explain this better. > > > We want to setup n web servers behind a firewall, all of which will > > be running FreeBSD 4.4-RELEASE. The web servers will be setup for > > IP-based virtual hosting. In order to support virtual hosting we > > need to do one of > > So you actually got one IP for each user. Lucky admin, you are. My client is not a general web hosting service. They have several web sites that they will be offering. However, I cannot rule out the use of name-based virtual hosting in the future. > > the following: setup the firewall to just route all incoming > > packets for our assigned network internally and have each web > > server setup an interface aliase for each IP address used by a > > virtual host (I'm not even sure how this would be done to be honest > > since we can't have multiple servers using the same IP), > > Why would you need too? You actually need the reverse, multiple IPs > for one > server... This part I can see I did not adequately explain. We need some type of load-balancing or (at least for now) load-sharing solution. (Thus, the original DNS round robin question.) If we setup load sharing under the first solution I gave then each and every web server would need an interface alias for each web site. That is what I meant. The obvious problem with that is having multiple interfaces with the same IP address. Something similar to: internet <-> firewall <-> webserver1..n (each with ip addresses 1..n) Where each webserver can serve any of the hosted websites. > > setup our firewall with an interface alias for each IP address > > used by a virtual host and then use DNAT to just route each > > incoming packet to one of the n web servers to be serviced, or use > > Squid as a reverse proxy and forgo DNAT or using the public IP > > addresses internally. The Squid solution seems the best, but I > > could be wrong. > > Why not just have the firewall act as classic router like all other > people out there do it? That is the first solution that I gave. The problem with that is how do I handle having multiple web servers, each of which should be able to serve any one of the websites to the client? Wouldn't this require each one to have interface aliases 1..n for each website? > > My question was what method is being used by others, and if we > > choose the second method, if we can still use DNS round robin. (The > > latter question you have answered.) > > You can always use round robin if you have more than one IP hosting > the same data. Whether you want to use it is a wholly different > topic... True. We may use it for now until we have a load-balancing solution in place. Regards, Dustin --- Dustin Puryear Information Systems Consultant http://members.telocity.com/~dpuryear In the beginning the Universe was created. This has been widely regarded as a bad move. - Douglas Adams To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 9 12:46:52 2001 Delivered-To: freebsd-isp@freebsd.org Received: from c007.snv.cp.net (c007-h012.c007.snv.cp.net [209.228.33.219]) by hub.freebsd.org (Postfix) with SMTP id 6A91F37B416 for ; Sun, 9 Dec 2001 12:46:46 -0800 (PST) Received: (cpmta 12857 invoked from network); 9 Dec 2001 12:46:45 -0800 Received: from 216.227.100.85 (HELO vector) by smtp.telocity.com (209.228.33.219) with SMTP; 9 Dec 2001 12:46:45 -0800 X-Sent: 9 Dec 2001 20:46:45 GMT From: "Dustin Puryear" To: "Dmitry Koltsov" , Subject: RE: Re[2]: Using DNAT and DNS round-robin Date: Sun, 9 Dec 2001 14:54:40 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <91254199064.20011209212915@hostonfly.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Why do you feel that Squid is a bad solution for use as a reverse proxy? Regarding you question about our goal: oour goal is to setup several web services across n webservers that should be available to external users. Regards, Dustin --- Dustin Puryear Information Systems Consultant http://members.telocity.com/~dpuryear In the beginning the Universe was created. This has been widely regarded as a bad move. - Douglas Adams > -----Original Message----- > From: Dmitry Koltsov [mailto:root@hostonfly.com] > Sent: Sunday, December 09, 2001 12:29 PM > To: Dustin Puryear > Cc: freebsd-isp@FreeBSD.ORG > Subject: Re[2]: Using DNAT and DNS round-robin > > > Configuring of round-robin under Bind is very simple. You can > create as much A records as you want and you'll receive round-robin > configuration. > To give more exact answer I should ask you: what you are looking > for? just load balancing and/or > high availability? > Also I think that Squid is not very good solution as minimum from your > customer's point of view. > We are using our own, DNS-based solution and we are happy with it. > Real issue with our cluster: http://www.hostonfly.net/mrtg1705/ - > no downtime as result > > Best regards, > Dmitry Koltsov > Host On Fly S.A. > mailto:root@hostonfly.com > > Sunday, December 09, 2001, you wrote to me: > > DP> I forgot to mention our third option, which also appears > quite viable. We > DP> are looking into the use of Squid, which has virtual hosting > support. Using > DP> this method we can forgo DNAT entirely. Any thoughts or > experience with this > DP> additional method? > > DP> Regards, Dustin > > DP> --- > DP> Dustin Puryear > DP> Information Systems Consultant > DP> http://members.telocity.com/~dpuryear > DP> In the beginning the Universe was created. > DP> This has been widely regarded as a bad move. - Douglas Adams > > > >> -----Original Message----- > >> From: owner-freebsd-isp@FreeBSD.ORG > >> [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Dustin Puryear > >> Sent: Sunday, December 09, 2001 11:47 AM > >> To: freebsd-isp@freebsd.org > >> Subject: Using DNAT and DNS round-robin > >> > >> > >> I posted earlier concerning using FreeBSD with a web service with one > >> firewall and two web servers, all running FreeBSD 4.4-RELEASE. > >> Basically, we > >> feel that we have two solutions that would work. First, we can > setup each > >> web server with a series of interface aliases for each IP-based virtual > >> host. Second, we could maintain a private internal network and > assign each > >> web IP address to be used on the firewall's public interface > and then use > >> DNAT to send the request to the web servers. I am thinking the second > >> solution is best. > >> > >> Is this how most of you do this? Also, can I configure FreeBSD > to use some > >> type of round robin so that we can use multiple web servers? > My concern is > >> that when I create the routing tables the IP addresses are used > >> internally, > >> and not symbolic names, so specifying a hostname won't have the desire > >> result even if I have DNS setup to round robin that hostname > >> between several > >> addresses. > >> > >> Any help? > >> > >> BTW, I may post a similar question to freebsd-questions, so > you can ignore > >> one of these. :) > >> > >> Regards, Dustin > >> > >> --- > >> Dustin Puryear > >> Information Systems Consultant > >> http://members.telocity.com/~dpuryear > >> In the beginning the Universe was created. > >> This has been widely regarded as a bad move. - Douglas Adams > >> > >> > >> > >> To Unsubscribe: send mail to majordomo@FreeBSD.org > >> with "unsubscribe freebsd-isp" in the body of the message > >> > > > DP> To Unsubscribe: send mail to majordomo@FreeBSD.org > DP> with "unsubscribe freebsd-isp" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 9 12:55:54 2001 Delivered-To: freebsd-isp@freebsd.org Received: from workhorse.iMach.com (workhorse.iMach.com [206.127.77.89]) by hub.freebsd.org (Postfix) with ESMTP id A42C937B419 for ; Sun, 9 Dec 2001 12:55:35 -0800 (PST) Received: from localhost (forrestc@localhost) by workhorse.iMach.com (8.9.3/8.9.3) with ESMTP id NAA08849; Sun, 9 Dec 2001 13:48:33 -0700 (MST) Date: Sun, 9 Dec 2001 13:48:32 -0700 (MST) From: "Forrest W. Christian" To: Jim Weeks Cc: Rowan Crowe , freebsd-isp@FreeBSD.ORG Subject: Re: arplookup In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, 9 Dec 2001, Jim Weeks wrote: > Full circle indeed! This brings us back to the original problem, why > aren't these requests coming through the gateway in the first place. I > haven't had a strait answer to that question yet. Any enlightenment would > be appreciated. I'm going to put my $0.02 in here. Let's say you have two nets, call them a and b. We'll say they're subnets of the same "classful c" such as: 192.168.1.64-127 and 192.168.1.128-191. Note these are both 255.255.255.192 subnets. Let's say you have a router which is connected to both subnet a and b, with an address of 192.168.1.65 and 192.168.1.129 for each subnet respectively. The proper configuration would be to set up the hosts on each subnet with an address from that subnet, and set the default router/gateway to the respective router ip, and a netmask of 255.255.255.192. Each host should be able to get to every other host, regardless of the subnet, if this is set up correctly. Now lets assume you have a FreeBSD host on subnet a, which has an ip address of 192.168.1.100 and has a misconfigured netmask of 255.255.255.0. What is going to happen is that it will be able to reach everything on it's subnet, but not those of subnet b. When it tries to reach a host on subnet b, it will look at the address, say 192.168.1.150, and then see if it is in the same subnet as the freebsd box. Since net netmask is 255.255.255.0, it thinks that all of 192.168.1.x is in it's subnet, and as a result, starts sending out arp packets asking for the MAC address of 192.168.1.150. Since .150 isn't on the same wire, NOTHING RESPONDS (unless the router is kind enough to do proxy arp - which it shouldn't do). And then you get the errors you were seeing. - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/ Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 ---------------------------------------------------------------------- Protect your personal freedoms - visit http://www.lp.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 9 13: 0:55 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id 2B11C37B416 for ; Sun, 9 Dec 2001 13:00:54 -0800 (PST) Received: from [144.137.127.185] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id cywdaaaa for ; Mon, 10 Dec 2001 08:01:23 +1100 Message-ID: <3C13D130.6000504@quake.com.au> Date: Mon, 10 Dec 2001 08:01:36 +1100 From: Kal Torak User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.5) Gecko/20011011 X-Accept-Language: en-us MIME-Version: 1.0 To: Dustin Puryear Cc: freebsd-isp@freebsd.org Subject: Re: Using DNAT and DNS round-robin References: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Yeah, I see what your saying you want to do... Looks quite possible to me, only thing Im wondering about is the forwarding with nat... Dose nat actualy do name based forwarding?? I dont see why it wouldnt, I have just never done it... You would also need to run a seperate internal dns server to do the round robin, but that would be no real problem ether... Nope I dont really see any problem with it so long as nat will do name based forwarding... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 9 15:38:32 2001 Delivered-To: freebsd-isp@freebsd.org Received: from femail4.sdc1.sfba.home.com (femail4.sdc1.sfba.home.com [24.0.95.84]) by hub.freebsd.org (Postfix) with ESMTP id 9054B37B417 for ; Sun, 9 Dec 2001 15:38:26 -0800 (PST) Received: from veager.jwweeks.com ([65.14.122.116]) by femail4.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20011209233821.MNEW18071.femail4.sdc1.sfba.home.com@veager.jwweeks.com>; Sun, 9 Dec 2001 15:38:21 -0800 Date: Sun, 9 Dec 2001 18:38:14 -0500 (EST) From: Jim Weeks X-Sender: jim@veager.jwweeks.com To: "Forrest W. Christian" Cc: Rowan Crowe , freebsd-isp@FreeBSD.ORG Subject: Re: arplookup In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a very well thought out response, and belive I understand your example. However, this isn't representative of the problem I am having. This particular network is supposed to be set up on class c boundaries. In this case we will say that the ip of my machine is 192.168.2.100 with netmask 255.255.255.0, and my default gateway is 192.168.2.1. I have looked at tcpdumps untill I am blue in the face. While I see a lot of traffic that isn't actually on my wire, most all requests for 192.168.2.100 are tagged to tell 192.168.2.1. Here is where the problem arises. A few requests come from say, 192.168.1.5, 192.168.1.10, etc. These machines aren't on my physical wire, so when my machine answers the request I get the error. My question is this, shouldn't these machines either be asking through 192.168.2.1, or at least show the same mac address as 192.168.2.1? Thanks again, Jim On Sun, 9 Dec 2001, Forrest W. Christian wrote: > Let's say you have two nets, call them a and b. > > We'll say they're subnets of the same "classful c" such as: > > 192.168.1.64-127 and 192.168.1.128-191. Note these are both > 255.255.255.192 subnets. > > Let's say you have a router which is connected to both subnet a and b, > with an address of 192.168.1.65 and 192.168.1.129 for each subnet > respectively. > > The proper configuration would be to set up the hosts on each subnet with > an address from that subnet, and set the default router/gateway to the > respective router ip, and a netmask of 255.255.255.192. > > Each host should be able to get to every other host, regardless of the > subnet, if this is set up correctly. > > Now lets assume you have a FreeBSD host on subnet a, which has an ip > address of 192.168.1.100 and has a misconfigured netmask of > 255.255.255.0. What is going to happen is that it will be able to reach > everything on it's subnet, but not those of subnet b. > > When it tries to reach a host on subnet b, it will look at the address, > say 192.168.1.150, and then see if it is in the same subnet as the freebsd > box. Since net netmask is 255.255.255.0, it thinks that all of > 192.168.1.x is in it's subnet, and as a result, starts sending out arp > packets asking for the MAC address of 192.168.1.150. Since .150 isn't on > the same wire, NOTHING RESPONDS (unless the router is kind enough to do > proxy arp - which it shouldn't do). And then you get the errors you were > seeing. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 9 15:49:45 2001 Delivered-To: freebsd-isp@freebsd.org Received: from fepE.post.tele.dk (fepE.post.tele.dk [195.41.46.137]) by hub.freebsd.org (Postfix) with ESMTP id 12D1F37B416 for ; Sun, 9 Dec 2001 15:49:43 -0800 (PST) Received: from arnold.neland.dk ([62.243.77.140]) by fepE.post.tele.dk (InterMail vM.4.01.03.23 201-229-121-123-20010418) with ESMTP id <20011209234941.SQSF25405.fepE.post.tele.dk@arnold.neland.dk>; Mon, 10 Dec 2001 00:49:41 +0100 Received: from localhost (localhost [127.0.0.1]) by arnold.neland.dk (8.11.6/8.11.6) with ESMTP id fB9Np5Q85239; Mon, 10 Dec 2001 00:51:06 +0100 (CET) (envelope-from leifn@neland.dk) Date: Mon, 10 Dec 2001 00:51:05 +0100 (CET) From: Leif Neland To: Jim King Cc: Subject: Re: ODBC In-Reply-To: <003901c048d4$2869e8b0$524c8486@jking> Message-ID: <20011210005009.R52959-100000@arnold.neland.dk> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 7 Nov 2000, Jim King wrote: > Bob Martin wrote: > > > Anyone know where I can get a good ODBC driver for FreeBSD? I need to > > connect to a MSSQL server. > > /usr/ports/databases/unixODBC > > More info at http://www.unixodbc.org/ > > Jim > It isn't obvious to me: can this be used from PHP4? Leif To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 9 15:57:23 2001 Delivered-To: freebsd-isp@freebsd.org Received: from fepZ.post.tele.dk (fepz.post.tele.dk [195.41.46.133]) by hub.freebsd.org (Postfix) with ESMTP id A686C37B41C for ; Sun, 9 Dec 2001 15:57:20 -0800 (PST) Received: from arnold.neland.dk ([62.243.77.140]) by fepZ.post.tele.dk (InterMail vM.4.01.03.23 201-229-121-123-20010418) with ESMTP id <20011209235719.EKW395.fepZ.post.tele.dk@arnold.neland.dk>; Mon, 10 Dec 2001 00:57:19 +0100 Received: from localhost (localhost [127.0.0.1]) by arnold.neland.dk (8.11.6/8.11.6) with ESMTP id fB9NwhQ86124; Mon, 10 Dec 2001 00:58:44 +0100 (CET) (envelope-from leifn@neland.dk) Date: Mon, 10 Dec 2001 00:58:43 +0100 (CET) From: Leif Neland To: Javier Henderson Cc: Subject: Re: RBL's and tagging email with sendmail In-Reply-To: <15375.40652.719713.111631@grumman.kjsl.com> Message-ID: <20011210005404.K52959-100000@arnold.neland.dk> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 6 Dec 2001, Javier Henderson wrote: > Hi, > > I've had mixed luck with using the various RBL's out there. The rate > of false positives can be high sometimes, resulting in too many > legitimate messages being bounced. > What do you mean by false positives? A: Blocking on servers which aren't open relays anymore? educate the admins to report to the dnsbl when they have fixed their open relays. B: Blocking on mail which is not spam, but from servers which are open relays? Educate the admins, because they WILL be abused someday, even if they haven't yet. Or if this doesn't help, the users will eventually move to a responsible ISP, making inresponsible ISP's to go out of business. Leif To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 9 15:57:47 2001 Delivered-To: freebsd-isp@freebsd.org Received: from velvet.sensation.net.au (vn.sensation.net.au [203.20.114.246]) by hub.freebsd.org (Postfix) with ESMTP id 7064037B41B for ; Sun, 9 Dec 2001 15:57:42 -0800 (PST) Received: from localhost (rowan@localhost) by velvet.sensation.net.au (8.9.3/8.9.3) with ESMTP id KAA47656 for ; Mon, 10 Dec 2001 10:57:43 +1100 (EST) (envelope-from rowan@sensation.net.au) X-Authentication-Warning: velvet.sensation.net.au: rowan owned process doing -bs Date: Mon, 10 Dec 2001 10:57:42 +1100 (EST) From: Rowan Crowe To: freebsd-isp@freebsd.org Subject: Re: arplookup In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, 9 Dec 2001, Jim Weeks wrote: > > On Sun, 9 Dec 2001, Rowan Crowe wrote: > > > Just a warning that this will break connectivity to IPs in that block of > > 65535 IPs that are *not* on that LAN. > > > > For example, if your IP is 1.1.100.3 and your netmask is 255.255.255.0, > > your LAN has 255 local hosts, and everything else is routed via the > > gateway. If you change it to 255.255.0.0, then your LAN has 65535 local > > hosts, and everything else is routed via the gateway. > > > > This means that if you try to communicate with (say) 1.1.200.1, it will > > fail, because your machine assumes it's on the LAN, when it's *really* > > outside of that network, and can only be reached via the gateway. > > > > Coming full circle, setting that hostmask may actually cause similar or > > identical ARP errors on other machines, because there will be ARP requests > > coming from your machine for IPs that *are not* on the LAN (but your > > machine thinks they are) > > Full circle indeed! This brings us back to the original problem, why > aren't these requests coming through the gateway in the first place. I > haven't had a strait answer to that question yet. Any enlightenment would > be appreciated. Probably the same fundamental problem - other machines on the same LAN are communicating directly (ether-ether) with IPs that your machine thinks should be routed via the gateway. Your machine says, "hang on, why am I getting an ARP request for an IP which *isn't* on my LAN?" The simple fix is to make sure that your ethernet interface has an IP address in each subnet that is routed in the LAN (so it knows *every* IP that is communicated with directly), but that can be quite wasteful and impractical. I don't know of a more complicated fix, other than hacking the code to disable the error. :) Cheers. -- Rowan Crowe - Melbourne, Australia www.camrecord.com | www.camdiscover.com | www.sensationbot.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 9 16: 2:54 2001 Delivered-To: freebsd-isp@freebsd.org Received: from inet03.citec.qld.gov.au (inet03.citec.qld.gov.au [203.5.10.10]) by hub.freebsd.org (Postfix) with ESMTP id C83AA37B416 for ; Sun, 9 Dec 2001 16:02:48 -0800 (PST) Received: by inet03.citec.qld.gov.au; id KAA13092; Mon, 10 Dec 2001 10:02:44 +1000 (EST) Received: from citecub.citec.qld.gov.au( 131.242.4.98) by inet03.citec.qld.gov.au via smap (V2.0) id xma012972; Mon, 10 Dec 01 10:02:37 +1000 Received: from guru.citec.qld.gov.au by citecub.citec.qld.gov.au (SMI-8.6/SMI-SVR4) id KAA21292; Mon, 10 Dec 2001 10:02:36 +1000 Received: from localhost (sgcccdc@localhost) by guru.citec.qld.gov.au (8.9.3/8.9.3) with ESMTP id KAA94167; Mon, 10 Dec 2001 10:02:35 +1000 (EST) (envelope-from sgcccdc@citec.qld.gov.au) X-Authentication-Warning: guru.citec.qld.gov.au: sgcccdc owned process doing -bs Date: Mon, 10 Dec 2001 10:02:35 +1000 (EST) From: Colin Campbell To: Jim Weeks Cc: "Forrest W. Christian" , Rowan Crowe , Subject: Re: arplookup In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, On Sun, 9 Dec 2001, Jim Weeks wrote: > This is a very well thought out response, and belive I understand your > example. However, this isn't representative of the problem I am having. > This particular network is supposed to be set up on class c boundaries. > In this case we will say that the ip of my machine is 192.168.2.100 with > netmask 255.255.255.0, and my default gateway is 192.168.2.1. Are you sure that's your netmask? The only way a system will ARP for a machine is if it thinks the destination is on the same network. Without "real" information we can only assume you are checking your config thoroughly. A single digit typo could cause the problem you are describing. I understand your desire top keep addresses "secret" but without the output from: ifconfig -a netstat -rn we really are flying blind. For example, if your networks are your server 192.168.2.100 and router 192.168.2.1, netmask 255.255.254.0 (even though you're "sure" it isn't) and the unreachable hosts are 192.168.3.x and 192.168.3.y then you'll see exactly what you re seeing. There's only two things that can cause what you are seeing 1) your netmask isn't what you think it is 2) you have some NAT going on If it helps, here's my understanding of how "routing" works: o a packet destined for host "X" is created o the IP stack looks at all the machine's interfaces to see if any is on the same network: for each interface get IP address of interface apply netmask to interface result is "network" address apply the current netmask to the destination result is destination "network" address o if the resulting networks are the same, then the destination is directly reachable from that interface consult kernel ARP table for destination MAC address, if not there, send an ARP request to get the MAC address for the destination IP o if no host interfaces match, consult the routing tables and find the most specific matching network, its router and the local intertface consult kernel ARP table for MAC address of router, if noth there, send ARP request for router o by now all the needed information is available for the IP and ethernet frames: source IP - from the interface packet departs source MAC - ditto destination IP - from the original request destination MAC - either from destination machine if on the same wire, or the router MAC address Colin -- Colin Campbell Unix Support/Postmaster/Hostmaster CITEC +61 7 3006 4710 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 9 16: 4:42 2001 Delivered-To: freebsd-isp@freebsd.org Received: from femail35.sdc1.sfba.home.com (femail35.sdc1.sfba.home.com [24.254.60.25]) by hub.freebsd.org (Postfix) with ESMTP id 7627037B405 for ; Sun, 9 Dec 2001 16:04:39 -0800 (PST) Received: from munged ([65.11.251.168]) by femail35.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with SMTP id <20011210000439.BYKG19526.femail35.sdc1.sfba.home.com@munged>; Sun, 9 Dec 2001 16:04:39 -0800 From: "Christopher Meiklejohn" To: "Leif Neland" , "Jim King" Cc: Subject: RE: ODBC Date: Sun, 9 Dec 2001 19:03:15 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20011210005009.R52959-100000@arnold.neland.dk> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Using FreeTDS and DBD::sybase I had success connecting to MSSQL-7 on NT4 from perl: The code looked a little like this: #!/usr/bin/perl use DBI; use CGI qw(:standard); BEGIN { $ENV{SYBASE} = '/usr/local/freetds'; $ENV{DSQUERY} = "NTBOX"; } $dbh = DBI->connect('dbi:Sybase:NTBOX', 'test','test'); --Chris -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Leif Neland Sent: Sunday, December 09, 2001 6:51 PM To: Jim King Cc: freebsd-isp@FreeBSD.ORG Subject: Re: ODBC On Tue, 7 Nov 2000, Jim King wrote: > Bob Martin wrote: > > > Anyone know where I can get a good ODBC driver for FreeBSD? I need to > > connect to a MSSQL server. > > /usr/ports/databases/unixODBC > > More info at http://www.unixodbc.org/ > > Jim > It isn't obvious to me: can this be used from PHP4? Leif To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 9 19:46:38 2001 Delivered-To: freebsd-isp@freebsd.org Received: from c007.snv.cp.net (c007-h000.c007.snv.cp.net [209.228.33.206]) by hub.freebsd.org (Postfix) with SMTP id C195F37B417 for ; Sun, 9 Dec 2001 19:46:35 -0800 (PST) Received: (cpmta 23248 invoked from network); 9 Dec 2001 19:46:35 -0800 Received: from 216.227.100.85 (HELO vector) by smtp.telocity.com (209.228.33.206) with SMTP; 9 Dec 2001 19:46:35 -0800 X-Sent: 10 Dec 2001 03:46:35 GMT From: "Dustin Puryear" To: "Kal Torak" , Subject: RE: Using DNAT and DNS round-robin Date: Sun, 9 Dec 2001 21:54:30 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal In-Reply-To: <3C13D130.6000504@quake.com.au> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Yeah, I see what your saying you want to do... > > Looks quite possible to me, only thing Im wondering about is > the forwarding with nat... Dose nat actualy do name based forwarding?? > I dont see why it wouldnt, I have just never done it... Actually, I would assume it doesn't do it. My assumption is that NAT occurs before the resolver ever comes into play. However, I have yet to test the idea. In the end I think I may use Squid as a reverse proxy. That will give me a good level of control and hopefully do what I need. To you and everyone else. Are there any good books or articles detailing what is being in this thread? I haven't been able to find any, but I would assume they are out there. This should be old hat for most ISP's and all web hosts. Regards, Dustin --- Dustin Puryear Information Systems Consultant http://members.telocity.com/~dpuryear In the beginning the Universe was created. This has been widely regarded as a bad move. - Douglas Adams To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 9 21:16:48 2001 Delivered-To: freebsd-isp@freebsd.org Received: from femail1.sdc1.sfba.home.com (femail1.sdc1.sfba.home.com [24.0.95.81]) by hub.freebsd.org (Postfix) with ESMTP id E224C37B405 for ; Sun, 9 Dec 2001 21:16:46 -0800 (PST) Received: from home.com ([24.1.247.6]) by femail1.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20011210051646.GHLZ10647.femail1.sdc1.sfba.home.com@home.com>; Sun, 9 Dec 2001 21:16:46 -0800 Message-ID: <3C14448C.29CB31FC@home.com> Date: Sun, 09 Dec 2001 22:13:48 -0700 From: Joel Mc Graw X-Mailer: Mozilla 4.73 [en] (X11; I; FreeBSD 4.1-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Dave VanAuken Cc: freebsd-isp@FreeBSD.ORG Subject: Re: FreeBSD as multiple line RAS References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have a nice rackmount running FreeBSD with a cyclades multiport serial card connected to three modems. Works fine, not a single problem. Here's a question for you: how can I get an AS400 to dial into my RAS solution (have had the need several times)... Dave VanAuken wrote: > > Anyone have first hand experience, pitfalls, or comments regarding using a > freebsd box as a simple RAS for multiple remote dialin lines. > > Have a client that needs to provide access to a number of stores, maximum of 8 > at a time. Currently has a two ports available on an NT server, and a number on > an AS400 for inventory management. > > Solution would be throw a coule of cheap FreeBSD boxes in there with 2+ modems > each. What isthe maximum number that you could reasonably pack into a single > FreeBSD box without running into resource problems? > > Easy solution would be to install a Cisco 2509 or something, but that may be > overkill. Thoughts? > > Dave > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 9 21:34: 3 2001 Delivered-To: freebsd-isp@freebsd.org Received: from c007.snv.cp.net (c007-h008.c007.snv.cp.net [209.228.33.214]) by hub.freebsd.org (Postfix) with SMTP id 787A137B416 for ; Sun, 9 Dec 2001 21:34:01 -0800 (PST) Received: (cpmta 26402 invoked from network); 9 Dec 2001 21:34:00 -0800 Received: from 216.227.100.85 (HELO vector) by smtp.telocity.com (209.228.33.214) with SMTP; 9 Dec 2001 21:34:00 -0800 X-Sent: 10 Dec 2001 05:34:00 GMT From: "Dustin Puryear" To: , Subject: RE: Re[4]: Using DNAT and DNS round-robin Date: Sun, 9 Dec 2001 23:41:56 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > Why not just have the firewall act as classic router like all other > > people out there do it? Gabriel, after rereading your message I am now definately curious how you go about this when using multiple webservers for both IP- and name-based virtual hosting. Okay, so I setup my firewall to route any packets destined for network xyz to my internal web servers. These web servers may be using IP- or name-based virtual hosting. Now how do I configure the interfaces on the internal web servers? Since each web server needs to be able to serve any of the websites, how do I handle each web server needing to have an IP alias for one of our IP-based virtual host? I think that is what is confusing me. If it was just named-based virtual hosting there wouldn't be an issue in my mind. Regards, Dustin --- Dustin Puryear Information Systems Consultant http://members.telocity.com/~dpuryear In the beginning the Universe was created. This has been widely regarded as a bad move. - Douglas Adams To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 9 21:59: 5 2001 Delivered-To: freebsd-isp@freebsd.org Received: from inet03.citec.qld.gov.au (inet03.citec.qld.gov.au [203.5.10.10]) by hub.freebsd.org (Postfix) with ESMTP id 394D737B416 for ; Sun, 9 Dec 2001 21:58:58 -0800 (PST) Received: by inet03.citec.qld.gov.au; id PAA14240; Mon, 10 Dec 2001 15:58:55 +1000 (EST) Received: from citecub.citec.qld.gov.au( 131.242.4.98) by inet03.citec.qld.gov.au via smap (V2.0) id xma014027; Mon, 10 Dec 01 15:58:48 +1000 Received: from guru.citec.qld.gov.au by citecub.citec.qld.gov.au (SMI-8.6/SMI-SVR4) id PAA12426; Mon, 10 Dec 2001 15:58:46 +1000 Received: from localhost (sgcccdc@localhost) by guru.citec.qld.gov.au (8.9.3/8.9.3) with ESMTP id PAA95274; Mon, 10 Dec 2001 15:58:41 +1000 (EST) (envelope-from sgcccdc@citec.qld.gov.au) X-Authentication-Warning: guru.citec.qld.gov.au: sgcccdc owned process doing -bs Date: Mon, 10 Dec 2001 15:58:41 +1000 (EST) From: Colin Campbell To: Dustin Puryear Cc: , Subject: RE: Re[4]: Using DNAT and DNS round-robin In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I haven't really been following this so feel free to ignore me, but I suspect what's being proposed is the following: Let's say you have the following web servers Virtual ------- www.v1.com www.v2.com www.v3.com Real ---- www.r1.com www.r2.com www.r3.com and 2 web hosts and you are on net 192.168.1.0 Host 1 should be configured with 4 IP addresses: 192.168.1.1-4 Host 2 would be configured with 4 IP addresses: 192.168.1.5-8 Your web servers would be set up with the virtual servers on each host using one address and assigning a separate address for each "real" server. The DNS setup will make this obvious (I hope). DNS should be set up as follows: www.v1.com = 192.168.1.1, 192.168.1.5 www.v2.com = 192.168.1.1, 192.168.1.5 www.v3.com = 192.168.1.1, 192.168.1.5 www.r1.com = 192.168.1.2, 192.168.1.6 www.r2.com = 192.168.1.3, 192.168.1.7 www.r3.com = 192.168.1.4, 192.168.1.8 DNS round-robin will help "spread the load". Note that most browsers ignore any TTL settings and tend to "permanently" cache a successful name lookup. Hope this helps. On Sun, 9 Dec 2001, Dustin Puryear wrote: > > > Why not just have the firewall act as classic router like all other > > > people out there do it? > > Gabriel, after rereading your message I am now definately curious how you go > about this when using multiple webservers for both IP- and name-based > virtual hosting. Okay, so I setup my firewall to route any packets destined > for network xyz to my internal web servers. These web servers may be using > IP- or name-based virtual hosting. Now how do I configure the interfaces on > the internal web servers? > > Since each web server needs to be able to serve any of the websites, how do > I handle each web server needing to have an IP alias for one of our IP-based > virtual host? I think that is what is confusing me. If it was just > named-based virtual hosting there wouldn't be an issue in my mind. Colin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 10 0: 2: 8 2001 Delivered-To: freebsd-isp@freebsd.org Received: from grumman.kjsl.com (Armada.KJSL.COM [206.55.228.149]) by hub.freebsd.org (Postfix) with ESMTP id 6AF5237B419 for ; Mon, 10 Dec 2001 00:02:06 -0800 (PST) Received: from grumman.kjsl.com (localhost.kjsl.com [127.0.0.1]) by grumman.kjsl.com (8.12.1/8.12.1) with ESMTP id fBA820R6013361; Mon, 10 Dec 2001 00:02:00 -0800 (PST) Received: (from javier@localhost) by grumman.kjsl.com (8.12.1/8.12.1/Submit) id fBA820sT013358; Mon, 10 Dec 2001 00:02:00 -0800 (PST)?g (envelope-from javier) From: Javier Henderson MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15380.27640.83264.112194@grumman.kjsl.com> Date: Mon, 10 Dec 2001 00:02:00 -0800 To: Leif Neland Cc: Javier Henderson , Subject: Re: RBL's and tagging email with sendmail In-Reply-To: <20011210005404.K52959-100000@arnold.neland.dk> References: <15375.40652.719713.111631@grumman.kjsl.com> <20011210005404.K52959-100000@arnold.neland.dk> X-Mailer: VM 6.96 under Emacs 21.1.2 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Leif Neland writes: > > > > I've had mixed luck with using the various RBL's out there. The rate > > of false positives can be high sometimes, resulting in too many > > legitimate messages being bounced. > > What do you mean by false positives? > > A: Blocking on servers which aren't open relays anymore? educate the > admins to report to the dnsbl when they have fixed their open relays. > > B: Blocking on mail which is not spam, but from servers which are open > relays? Educate the admins, because they WILL be abused someday, even if > they haven't yet. Or if this doesn't help, the users will eventually move > to a responsible ISP, making inresponsible ISP's to go out of business. All fine points, but false positives still happen and I'd rather not miss user's email, so tagging rather than outright rejecting is preferrable, at least for me. If you have any ideas as far as how to implement the tagging, I'd love to hear them. -jav To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 10 1:53:48 2001 Delivered-To: freebsd-isp@freebsd.org Received: from gamma.root-servers.ch (gamma.root-servers.ch [195.49.62.126]) by hub.freebsd.org (Postfix) with SMTP id 55C5037B419 for ; Mon, 10 Dec 2001 01:53:38 -0800 (PST) Received: (qmail 87560 invoked from network); 10 Dec 2001 09:53:35 -0000 Received: from dclient217-162-128-224.hispeed.ch (HELO athlon550) (217.162.128.224) by 0 with SMTP; 10 Dec 2001 09:53:35 -0000 Date: Mon, 10 Dec 2001 10:54:13 +0100 From: Gabriel Ambuehl X-Mailer: The Bat! (v1.53bis) Educational Organization: BUZ Internet Services X-Priority: 3 (Normal) Message-ID: <48508292666.20011210105413@buz.ch> To: "Dustin Puryear" Cc: isp@freebsd.org Subject: Re[6]: Using DNAT and DNS round-robin In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hello Dustin, Monday, December 10, 2001, 6:41:56 AM, you wrote: > Gabriel, after rereading your message I am now definately curious > how you go about this when using multiple webservers for both IP- > and name-based virtual hosting. Normal hosting consumers we simply setup as name based, those who pay for SSL we of course give their own IP but since none of these needs load balancing (and load balancing IS a major PITA since you need bullet proof filesystem synchronization for it which I currently can't see how it should be achieved on FreeBSD), we put all on only one server. To protect us against server problems, we mirror the servers every few hours to a twin in order to have a fall back option. > Okay, so I setup my firewall to route any packets destined > for network xyz to my internal web servers. These web servers may > be using IP- or name-based virtual hosting. Now how do I configure > the interfaces on the internal web servers? Simply give it the IPs you want them to respond to. > Since each web server needs to be able to serve any of the > websites, how do I handle each web server needing to have an IP > alias for one of our IP-based How do you go about providing all the data to all servers? I'd very much like to have a real time filesystem replication facility since then I could go for a setup like you want... It's easy with data that you control, since then you can store all volatile data in SQL db, but with hosting consumers, that's obviously not possible. > virtual host? I think that is what is confusing me. If it was just > named-based virtual hosting there wouldn't be an issue in my mind. You simply can't have the same IP based virtual host on two machines. The online thing that can be done there is round robin NAT but for reasons pointed out above, that's major PITA. Best regards, Gabriel ØE%øP+ ”1 -----BEGIN PGP SIGNATURE----- Version: PGP 6.5i iQEVAwUBPBR4QsZa2WpymlDxAQFOpAf/S6aMLgKpt0f6fXzYd7U+63X3gthfs2Go 1UHS/ihV4J9X65CT2e0pqZNqeIEnld389KIAf9RxIc13Y0ddhmd+p+pQ3rOJthlq Ddd79yAbNdXv8JYmhNapuInzteJCGmwIs9qdMBbxxanV1YUQhaKONF8rP/UuFBPl fsm+mvjRrUicw43flGiTj/4dqPQqEBI4cvkiY7hRny667o3E85tokdfItad8VneC AeqLmuDO6jR0c6rURX57C57qoa7ToDraQu+e93jsO+4K52TsI5TYkrFvI2MhD5JK mLxK9zkvDzuIPR/zajOW4n68GAKSPtSfacgpqqS6vwMXzG+iwkqjMw== =TObd -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 10 1:54:56 2001 Delivered-To: freebsd-isp@freebsd.org Received: from gamma.root-servers.ch (gamma.root-servers.ch [195.49.62.126]) by hub.freebsd.org (Postfix) with SMTP id 4826D37B405 for ; Mon, 10 Dec 2001 01:54:51 -0800 (PST) Received: (qmail 87633 invoked from network); 10 Dec 2001 09:54:50 -0000 Received: from dclient217-162-128-224.hispeed.ch (HELO athlon550) (217.162.128.224) by 0 with SMTP; 10 Dec 2001 09:54:50 -0000 Date: Mon, 10 Dec 2001 10:55:41 +0100 From: Gabriel Ambuehl X-Mailer: The Bat! (v1.53bis) Educational Organization: BUZ Internet Services X-Priority: 3 (Normal) Message-ID: <165508379701.20011210105541@buz.ch> To: Colin Campbell Cc: Dustin Puryear , freebsd-isp@FreeBSD.ORG Subject: Re[6]: Using DNAT and DNS round-robin In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hello Colin, Monday, December 10, 2001, 6:58:41 AM, you wrote: > DNS round-robin will help "spread the load". Note that most > browsers ignore any TTL settings and tend to "permanently" cache a > successful name lookup. See my other mail. It won't buy you much despite trouble if you don't solve the replication issues involved with load balancing... Best regards, Gabriel \€¶@Y¸ -----BEGIN PGP SIGNATURE----- Version: PGP 6.5i iQEVAwUBPBR4jsZa2WpymlDxAQFc5QgAxWr/0aNdtE7f32DjlhhvuIdw6GZ3KZWG QZLkvYSansEaRLacYx7okfCUJrmx5B//EiTyxtUyARlK3vD3tU1H8iIHdWK1VyID ZZaKgxkn2PW2H8yv9LzwA7xjwhVAKCUg9ghB7JZcYgTp5+HoRM8AAYur1SkZUvlG FPi3VA3WOKZ5DvdC6fcuaacBwEYUiU+TDNDX34cL/7LOdh/dMMc2Vu+g/2Dw+cRT /vQLQqXHBOpQqP7BvKv8HJbfJZNGYcfmsUZSXEcTAxSeYefZkIRLzMOY2WaDZQHT 2u0I6REbjLAPhlaS2iGRlJ4RuVlbjRL3muS50GaZin7fqu0ZvZQnBQ== =0PXY -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 10 2:36:18 2001 Delivered-To: freebsd-isp@freebsd.org Received: from femail4.sdc1.sfba.home.com (femail4.sdc1.sfba.home.com [24.0.95.84]) by hub.freebsd.org (Postfix) with ESMTP id 3E03C37B405 for ; Mon, 10 Dec 2001 02:36:16 -0800 (PST) Received: from veager.jwweeks.com ([65.14.122.116]) by femail4.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20011210103610.BHOX1739.femail4.sdc1.sfba.home.com@veager.jwweeks.com>; Mon, 10 Dec 2001 02:36:10 -0800 Date: Mon, 10 Dec 2001 05:36:03 -0500 (EST) From: Jim Weeks X-Sender: jim@veager.jwweeks.com To: Javier Henderson Cc: Leif Neland , freebsd-isp@FreeBSD.ORG Subject: Re: RBL's and tagging email with sendmail In-Reply-To: <15380.27640.83264.112194@grumman.kjsl.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Just my .02 here, but SpamBouncer does fine at tagging. http://www.spambouncer.org/ You must have procmail installed. -- Jim Weeks On Mon, 10 Dec 2001, Javier Henderson wrote: > Leif Neland writes: > > > > > > > I've had mixed luck with using the various RBL's out there. The rate > > > of false positives can be high sometimes, resulting in too many > > > legitimate messages being bounced. > > > > What do you mean by false positives? > > > > A: Blocking on servers which aren't open relays anymore? educate the > > admins to report to the dnsbl when they have fixed their open relays. > > > > B: Blocking on mail which is not spam, but from servers which are open > > relays? Educate the admins, because they WILL be abused someday, even if > > they haven't yet. Or if this doesn't help, the users will eventually move > > to a responsible ISP, making inresponsible ISP's to go out of business. > > All fine points, but false positives still happen and I'd rather not > miss user's email, so tagging rather than outright rejecting is > preferrable, at least for me. > > If you have any ideas as far as how to implement the tagging, I'd > love to hear them. > > -jav > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 10 7:49:22 2001 Delivered-To: freebsd-isp@freebsd.org Received: from c007.snv.cp.net (c007-h013.c007.snv.cp.net [209.228.33.220]) by hub.freebsd.org (Postfix) with SMTP id AC10337B405 for ; Mon, 10 Dec 2001 07:49:15 -0800 (PST) Received: (cpmta 3500 invoked from network); 10 Dec 2001 07:49:14 -0800 Received: from 216.227.100.85 (HELO vector) by smtp.telocity.com (209.228.33.220) with SMTP; 10 Dec 2001 07:49:14 -0800 X-Sent: 10 Dec 2001 15:49:14 GMT From: "Dustin Puryear" To: "Gabriel Ambuehl" , Subject: RE: Re[6]: Using DNAT and DNS round-robin Date: Mon, 10 Dec 2001 09:57:08 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <48508292666.20011210105413@buz.ch> Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Hello Dustin, > > Monday, December 10, 2001, 6:41:56 AM, you wrote: > > Gabriel, after rereading your message I am now definately curious > > how you go about this when using multiple webservers for both IP- > > and name-based virtual hosting. > > Normal hosting consumers we simply setup as name based, those who pay > for SSL we of course give their own IP but since none of these needs > load balancing (and load balancing IS a major PITA since you need > bullet proof filesystem synchronization for it which I currently > can't > see how it should be achieved on FreeBSD), we put all on only one > server. To protect us against server problems, we mirror the servers > every few hours to a twin in order to have a fall back option. Our situation is a bit different as my client is not a web hosting provider. Rather, they have their own web services that they will be offering to existing customers. Since this is a high-load application, we want to be able to spread the load across n servers. Also, to ensure best performance I don't want to assign site A to server 1, site B to server 2, site C to server 1, and so on. Rather, I would like to load-share (load-balance later on) across all servers for any client. I guess that is where the initial confusion came from. In order for each webserver to offer the same IP-based virtual hosts as the other n-1 webservers, it appears that I need to setup the same IP alias on each webserver, unless I am missing something. Obviously, that won't work. That is one reason why I was looking at Squid. I may be able to pressure the client into using only named-based virtual hosting, which would clear this up. However, this is something I would like to know how to solve, and I have a bad feeling it would only be a temporary fix anyway. I am surprised this problem isn't more common. I mean, someone out there must be trying to spread several IP-based virtual hosts across n servers. > > Okay, so I setup my firewall to route any packets destined > > for network xyz to my internal web servers. These web servers may > > be using IP- or name-based virtual hosting. Now how do I configure > > the interfaces on the internal web servers? > > Simply give it the IPs you want them to respond to. But then I hit the problem with n webservers all configured to respond to the same IPs. > > Since each web server needs to be able to serve any of the > > websites, how do I handle each web server needing to have an IP > > alias for one of our IP-based > > How do you go about providing all the data to all servers? I'd very > much like to have a real time filesystem replication facility since > then I could go for a setup like you want... It's easy with data that > you control, since then you can store all volatile data in SQL db, > but > with hosting consumers, that's obviously not possible. Well, we are one of those "we control all data" types. :) > > virtual host? I think that is what is confusing me. If it was just > > named-based virtual hosting there wouldn't be an issue in my mind. > > You simply can't have the same IP based virtual host on two machines. > The online thing that can be done there is round robin NAT but for > reasons pointed out above, that's major PITA. That is becoming rather obvious to me at this point. Regards, Dustin --- Dustin Puryear Information Systems Consultant http://members.telocity.com/~dpuryear In the beginning the Universe was created. This has been widely regarded as a bad move. - Douglas Adams To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 10 7:54:48 2001 Delivered-To: freebsd-isp@freebsd.org Received: from c007.snv.cp.net (c007-h013.c007.snv.cp.net [209.228.33.220]) by hub.freebsd.org (Postfix) with SMTP id D09B437B416 for ; Mon, 10 Dec 2001 07:54:45 -0800 (PST) Received: (cpmta 9269 invoked from network); 10 Dec 2001 07:54:45 -0800 Received: from 216.227.100.85 (HELO vector) by smtp.telocity.com (209.228.33.220) with SMTP; 10 Dec 2001 07:54:45 -0800 X-Sent: 10 Dec 2001 15:54:45 GMT From: "Dustin Puryear" To: "Colin Campbell" Cc: , Subject: RE: Re[4]: Using DNAT and DNS round-robin Date: Mon, 10 Dec 2001 10:02:38 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > and 2 web hosts and you are on net 192.168.1.0 Keep in mind that this will be Internet accessible so we have public IP addresses. > Host 1 should be configured with 4 IP addresses: 192.168.1.1-4 > Host 2 would be configured with 4 IP addresses: 192.168.1.5-8 I see where you went with this, but I may be missing something. Does this mean that if we add an additional host then we would need to add four more addresses? If so that wouldn't work since we would require additional public IP addresses. [snip] > DNS round-robin will help "spread the load". Note that most browsers > ignore any TTL settings and tend to "permanently" cache a successful name > lookup. Well, this is another reason I was looking at Squid. That way our clients all hit the Squid server which then takes on the task of delegating client request to one of n webservers using DNS round-robin. Unfortunately, I haven't made much progress with Squid, but I am hoping that if the documentation isn't too misleading that it could solve the problem. Regards, Dustin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 10 7:57:43 2001 Delivered-To: freebsd-isp@freebsd.org Received: from c007.snv.cp.net (c007-h013.c007.snv.cp.net [209.228.33.220]) by hub.freebsd.org (Postfix) with SMTP id 727EC37B419 for ; Mon, 10 Dec 2001 07:57:38 -0800 (PST) Received: (cpmta 12258 invoked from network); 10 Dec 2001 07:57:37 -0800 Received: from 216.227.100.85 (HELO vector) by smtp.telocity.com (209.228.33.220) with SMTP; 10 Dec 2001 07:57:37 -0800 X-Sent: 10 Dec 2001 15:57:37 GMT From: "Dustin Puryear" To: "Gabriel Ambuehl" , "Colin Campbell" Cc: Subject: RE: Re[6]: Using DNAT and DNS round-robin Date: Mon, 10 Dec 2001 10:05:31 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <165508379701.20011210105541@buz.ch> Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Hello Colin, > > Monday, December 10, 2001, 6:58:41 AM, you wrote: > > DNS round-robin will help "spread the load". Note that most > > browsers ignore any TTL settings and tend to "permanently" cache a > > successful name lookup. > > See my other mail. It won't buy you much despite trouble if you don't > solve the replication issues involved with load balancing... Well, one solution to this type of problem is to use remote storage such as NAS. I am working with another client that uses several webservers that hit a few Snap servers for all of their data. Using this method we can load-balance (using LVS and Red Hat's High Availability Services) to our heart's content. But you are correct that there is a problem if you leave the data on the local drive of each server. Regards, Dustin --- Dustin Puryear Information Systems Consultant http://members.telocity.com/~dpuryear In the beginning the Universe was created. This has been widely regarded as a bad move. - Douglas Adams To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 10 10:17:35 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id 18AD237B41C for ; Mon, 10 Dec 2001 10:17:27 -0800 (PST) Received: from [144.137.119.218] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id tdxdaaaa for ; Tue, 11 Dec 2001 05:16:54 +1100 Message-ID: <3C14FC60.3010104@quake.com.au> Date: Tue, 11 Dec 2001 05:18:08 +1100 From: Kal Torak User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.5) Gecko/20011011 X-Accept-Language: en-us MIME-Version: 1.0 To: Dustin Puryear Cc: freebsd-isp@freebsd.org Subject: Re: Using DNAT and DNS round-robin References: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dustin Puryear wrote: > > Our situation is a bit different as my client is not a web hosting provider. > Rather, they have their own web services that they will be offering to > existing customers. Since this is a high-load application, we want to be > able to spread the load across n servers. Also, to ensure best performance I > don't want to assign site A to server 1, site B to server 2, site C to > server 1, and so on. Rather, I would like to load-share (load-balance later > on) across all servers for any client. > > I guess that is where the initial confusion came from. In order for each > webserver to offer the same IP-based virtual hosts as the other n-1 > webservers, it appears that I need to setup the same IP alias on each > webserver, unless I am missing something. Obviously, that won't work. That > is one reason why I was looking at Squid. Yeah, you would have to alise all the real IPs to your gateway and use nat internaly... Now I did a little reading on this and you can actualy use natd to do round robin forwaring... You wouldnt even have to use dns... It would be a simple matter of having all your IPs aliased to the gateways external interface and have natd forward everything to the pool of servers on the internal network... No reason to get extra things like dns round robins or squid or anything like that involved... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 10 13:21:22 2001 Delivered-To: freebsd-isp@freebsd.org Received: from su.ualberta.ca (mail.su.ualberta.ca [129.128.133.14]) by hub.freebsd.org (Postfix) with ESMTP id A862F37B41D for ; Mon, 10 Dec 2001 13:21:16 -0800 (PST) Received: from [129.128.133.6] (HELO localhost) by su.ualberta.ca (CommuniGate Pro SMTP 3.5b9) with ESMTP id 540068 for freebsd-isp@freebsd.org; Mon, 10 Dec 2001 14:21:10 -0700 Date: Mon, 10 Dec 2001 14:21:08 -0700 Mime-Version: 1.0 (Apple Message framework v475) Content-Type: text/plain; charset=ISO-8859-1; format=flowed Subject: updating SSH version From: Colin Harford To: freebsd-isp@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: X-Mailer: Apple Mail (2.475) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Okay, so I have a testing system running FreeBSD 4.4-Stable. It was running SSH version 2.9 that is included with 4.4-Stable, I=20 upgraded that to 3.0.2 What I did was this 1) update ports tree 2) install SSH 3.0.2 from ports 3) in /etc/make.conf put : NO_OPENSSH=3Dtrue 4) in /etc/rc.conf put sshd_enable=3D"YES" path_to_sshd=3D"/usr/local/sbin/sshd" 5) recompiled the sources and kernel and rebooted the machine When i type ssh -V as a normal user I get 2.9 but if I do it as root i=20= get 3.0.2. (the same goes if I do sshd -V) My question is this, what is the best way to upgrade the SSH version. =20= If it is how I did it, then why do I get different responses. Colin Harford =A0=A0=A0 =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 = =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Systems and Network Administrator =A0=A0=A0=A0 Apple Product=20 Professional =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D =A0=A0=A0=A0 Computer and Network Support =A0=A0=A0=A0=A0=A0=A0=A0 =09 University of Alberta Students' Union =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0 =20 http://www.su.ualberta.ca Phone: (780) 492-4241 =A0=A0Fax: =A0(780) 492-4643 Suite 2-900, SUB: 8900-114 St, University of Alberta, Edmonton, Alberta, T6G 2J7 Opinions expressed herein are solely the responsibility of the author, it may not reflect the opinions of others or reality. And the author wouldn't have it any other way. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 10 13:31:31 2001 Delivered-To: freebsd-isp@freebsd.org Received: from seven.Alameda.net (seven.Alameda.net [64.81.63.137]) by hub.freebsd.org (Postfix) with ESMTP id 1F9FF37B417 for ; Mon, 10 Dec 2001 13:31:17 -0800 (PST) Received: by seven.Alameda.net (Postfix, from userid 1000) id 479373A28E; Mon, 10 Dec 2001 13:31:16 -0800 (PST) Date: Mon, 10 Dec 2001 13:31:16 -0800 From: Ulf Zimmermann To: Colin Harford Cc: freebsd-isp@freebsd.org Subject: Re: updating SSH version Message-ID: <20011210133116.P76137@seven.alameda.net> Reply-To: ulf@Alameda.net References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: ; from colin.harford@mail.su.ualberta.ca on Mon, Dec 10, 2001 at 02:21:08PM -0700 Organization: Alameda Networks, Inc. X-Operating-System: FreeBSD 4.4-STABLE Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Dec 10, 2001 at 02:21:08PM -0700, Colin Harford wrote: > Okay, so I have a testing system running FreeBSD 4.4-Stable. > > It was running SSH version 2.9 that is included with 4.4-Stable, I > upgraded that to 3.0.2 > > What I did was this > 1) update ports tree > 2) install SSH 3.0.2 from ports > 3) in /etc/make.conf put : NO_OPENSSH=true > 4) in /etc/rc.conf put > sshd_enable="YES" > path_to_sshd="/usr/local/sbin/sshd" > 5) recompiled the sources and kernel and rebooted the machine Did you remove the ssh/sshd which was on your system ? Just setting > 3) in /etc/make.conf put : NO_OPENSSH=true and > 5) recompiled the sources and kernel and rebooted the machine doesn't remove the previous existing ssh/sshd in /usr/bin and /usr/sbin > > When i type ssh -V as a normal user I get 2.9 but if I do it as root i > get 3.0.2. (the same goes if I do sshd -V) > > My question is this, what is the best way to upgrade the SSH version. > If it is how I did it, then why do I get different responses. > > > Colin Harford     > >                                        > Systems and Network Administrator      Apple Product > Professional > =================================      > Computer and Network Support          > University of Alberta Students' Union                   > http://www.su.ualberta.ca > Phone: (780) 492-4241   Fax:  (780) 492-4643 > > Suite 2-900, SUB: 8900-114 St, > University of Alberta, > Edmonton, Alberta, > T6G 2J7 > > Opinions expressed herein are solely the responsibility of > the author, it may not reflect the opinions of others or reality. > And the author wouldn't have it any other way. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > -- Regards, Ulf. --------------------------------------------------------------------- Ulf Zimmermann, 1525 Pacific Ave., Alameda, CA-94501, #: 510-865-0204 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 10 15: 1: 6 2001 Delivered-To: freebsd-isp@freebsd.org Received: from taz.secure.icr.com.au (fantasy.icr.com.au [203.17.49.120]) by hub.freebsd.org (Postfix) with ESMTP id B05A137B417 for ; Mon, 10 Dec 2001 15:00:59 -0800 (PST) Received: from icr.com.au (localhost.secure.icr.com.au [127.0.0.1]) by taz.secure.icr.com.au (8.11.1/8.11.1) with ESMTP id fBAN24x65361 for ; Tue, 11 Dec 2001 09:02:04 +1000 (EST) (envelope-from dale@icr.com.au) Message-Id: <200112102302.fBAN24x65361@taz.secure.icr.com.au> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 Reply-To: dale@icr.com.au To: freebsd-isp@freebsd.org X-Image-URL: http://www.icr.com.au/~dale/face.gif Subject: Telstra Australia - ADSL Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 11 Dec 2001 09:02:04 +1000 From: Dale Walker Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi All, I don't know if this is Telstra specific or what... Private Net --> FBSD box --->ADSL to Telstra --> World | |--------> Modem to Telstra --> World I have machines on a private network that require NAT when reaching sites out in the world. They are using some sort of SSL cert stuff on their machines.. When the connection was created using a modem to Telstra, everything worked fine with -nat turned on with userland ppp.... the customer site now has an ADSL connection, and want it to function over it. From what I can gather Telstra services the ADSL component and then performs it's own NAT when it gateway's to the world, and this breaks some apps the users try to run from the private net. All generic stuff works fine though, web,email,etc,etc... I tried contacting Telstra, but they suggested contacting a 'user-group' as it is a setup issue on the FreeBSD box. Does anyone have any suggestions or ideas?? or can you point me in the right direction to look further??? -- Dale Walker < dale@icr.com.au > Independent Computer Retailers (ICR) Pty Ltd http://www.icr.com.au/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 10 15: 2: 9 2001 Delivered-To: freebsd-isp@freebsd.org Received: from hawk-systems.com (hawk-systems.com [161.58.152.235]) by hub.freebsd.org (Postfix) with ESMTP id 957D537B405 for ; Mon, 10 Dec 2001 15:02:07 -0800 (PST) Received: from cr159591a (cr159591-a.pr1.on.wave.home.com [24.102.18.54]) by hawk-systems.com (8.11.6) id fBAN26Y18903 for ; Mon, 10 Dec 2001 16:02:06 -0700 (MST) From: dave@hawk-systems.com (Dave) To: Subject: RE: FreeBSD as multiple line RAS < perle pci-ras? Date: Mon, 10 Dec 2001 18:05:30 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Appreciate the responses to date. Probably the best possible solution come across is Perle PCI-RAS 4 and 8 port cards vendor doesn't have a clue about FreeBSD compatibility, however there are Linux drivers... was thinking about trying to run under Linux compat. http://www.perle.com/products/prod_family/modem_cards/pci_ras.html Anyone have experience running one of these on a FreeBSD 4.x box? Essentially 4 and 8 port modem card (not serial card for external modems, actual on-board modems with RJ-11 jacks) using one interrupt per card. Again, looking to use it as a compact RAS solution for a FreeBSD box. Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 10 15:45:22 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pitr.tuxinternet.com (pitr.tuxinternet.com [208.32.175.113]) by hub.freebsd.org (Postfix) with ESMTP id 73A3D37B416 for ; Mon, 10 Dec 2001 15:45:12 -0800 (PST) Received: (from hugme@localhost) by pitr.tuxinternet.com (8.11.0/8.11.0) id fBANnBc45471 for freebsd-isp@freebsd.org; Mon, 10 Dec 2001 18:49:11 -0500 (EST) (envelope-from hugme) Date: Mon, 10 Dec 2001 18:49:10 -0500 From: Hug Me To: freebsd-isp@freebsd.org Subject: Re: updating SSH version Message-ID: <20011210184910.I42304@pitr.tuxinternet.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: ; from colin.harford@mail.su.ualberta.ca on Mon, Dec 10, 2001 at 02:21:08PM -0700 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org OpenSSH is crap, it always has been I have been tring to get them to change it for a while but nobody listens to me. what I have done here is downloaded ssh 2.4.0 from ftp.ssh.com (I am still testing 3.1.0 and haven't completly approved it for my network yet) on just one computer, checked the pgp key, uncompressed it, went into the directory and did a make. I then dropped down a directory and recompressed it. I took this new tar.gz and put it on my own local ftp server. so when I do an install I can do it quickly and easily, even on a 386. (my file server is lodo) fetch ftp://lodo/pub/OSinfo/ssh.tar.gz tar xfvz ssh.tar.gz cd ssh-2.4.0 make install rm /usr/bin/ssh* rm /usr/bin/scp rm /usr/sbin/sshd change rc.conf to: ssh_enable="YES" ssh_program="/usr/local/sbin/sshd" #path_to_ssh? that does it... to do the upgrade you should go back into the SAME directory (ssh-2.4.9) and type "make uninstall" if that doesn't work you can just go and delete ssh manualy: cd /usr/local/bin rm ssh* rm scp* rm sftp* cd /usr/local/sbin rm ssh* then wipe out your man pages: cd /usr/local/man/man1 rm ssh* rm scp* rm sftp* cd ../man5 rm ssh* cd ../man8 rm ssh* after this do your install like normal, happy hunting!! On Mon, Dec 10, 2001 at 02:21:08PM -0700, Colin Harford wrote: > Okay, so I have a testing system running FreeBSD 4.4-Stable. > > It was running SSH version 2.9 that is included with 4.4-Stable, I > upgraded that to 3.0.2 > > What I did was this > 1) update ports tree > 2) install SSH 3.0.2 from ports > 3) in /etc/make.conf put : NO_OPENSSH=true > 4) in /etc/rc.conf put > sshd_enable="YES" > path_to_sshd="/usr/local/sbin/sshd" > 5) recompiled the sources and kernel and rebooted the machine > > When i type ssh -V as a normal user I get 2.9 but if I do it as root i > get 3.0.2. (the same goes if I do sshd -V) > > My question is this, what is the best way to upgrade the SSH version. > If it is how I did it, then why do I get different responses. > > > Colin Harford     > >                                        > Systems and Network Administrator      Apple Product > Professional > =================================      > Computer and Network Support          > University of Alberta Students' Union                   > http://www.su.ualberta.ca > Phone: (780) 492-4241   Fax:  (780) 492-4643 > > Suite 2-900, SUB: 8900-114 St, > University of Alberta, > Edmonton, Alberta, > T6G 2J7 > > Opinions expressed herein are solely the responsibility of > the author, it may not reflect the opinions of others or reality. > And the author wouldn't have it any other way. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message -- ************************************************* hugme hugme@hugme.org http://www.hugme.org http://www.atlantacon.org PGP Public key: http://www.hugme.org/mykey.pgp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 10 20:11:40 2001 Delivered-To: freebsd-isp@freebsd.org Received: from leaf.lumiere.net (leaf.lumiere.net [208.44.192.100]) by hub.freebsd.org (Postfix) with ESMTP id 121D737B416 for ; Mon, 10 Dec 2001 20:11:39 -0800 (PST) Received: by leaf.lumiere.net (Postfix, from userid 1082) id F20D6CD13; Mon, 10 Dec 2001 20:11:38 -0800 (PST) Date: Mon, 10 Dec 2001 20:11:38 -0800 From: Derrick John Klise To: Colin Harford Cc: freebsd-isp@freebsd.org Subject: Re: updating SSH version Message-ID: <20011210201138.A78278@leaf.lumiere.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from colin.harford@mail.su.ualberta.ca on Mon, Dec 10, 2001 at 02:21:08PM -0700 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Dec 10, 2001 at 02:21:08PM -0700, Colin Harford wrote: > When i type ssh -V as a normal user I get 2.9 but if I do it as root i > get 3.0.2. (the same goes if I do sshd -V) > > My question is this, what is the best way to upgrade the SSH version. > If it is how I did it, then why do I get different responses. You're running the old version that's part of the base system (/usr/sbin/sshd) when you run it as the normal user. Try running 'which sshd' under both users to see which one you're running. -- Derrick John Klise "I went into a general store, and they wouldn't sell me anything specific". -- Steven Wright To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 10 20:58:56 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pitr.tuxinternet.com (pitr.tuxinternet.com [208.32.175.113]) by hub.freebsd.org (Postfix) with ESMTP id C96A637B419 for ; Mon, 10 Dec 2001 20:58:54 -0800 (PST) Received: (from hugme@localhost) by pitr.tuxinternet.com (8.11.0/8.11.0) id fBB52nu48349 for freebsd-isp@FreeBSD.ORG; Tue, 11 Dec 2001 00:02:49 -0500 (EST) (envelope-from hugme) Date: Tue, 11 Dec 2001 00:02:49 -0500 From: Hug Me To: freebsd-isp@FreeBSD.ORG Subject: Re: updating SSH version Message-ID: <20011211000249.A48329@pitr.tuxinternet.com> References: <20011210201138.A78278@leaf.lumiere.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011210201138.A78278@leaf.lumiere.net>; from derrick@lumiere.net on Mon, Dec 10, 2001 at 08:11:38PM -0800 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > When i type ssh -V as a normal user I get 2.9 but if I do it as root i > get 3.0.2. (the same goes if I do sshd -V) > > My question is this, what is the best way to upgrade the SSH version. > If it is how I did it, then why do I get different responses. from each user do a `which ssh` and see what pops up then look at the order of your path... you may be running 2 different binaries -- ************************************************* hugme hugme@hugme.org http://www.hugme.org http://www.atlantacon.org PGP Public key: http://www.hugme.org/mykey.pgp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 11 0: 0:41 2001 Delivered-To: freebsd-isp@freebsd.org Received: from misery.sdf.com (misery.sdf.com [207.200.153.226]) by hub.freebsd.org (Postfix) with ESMTP id 04F8837B425 for ; Tue, 11 Dec 2001 00:00:21 -0800 (PST) Received: from tom (helo=localhost) by misery.sdf.com with local-esmtp (Exim 2.12 #1) id 16DhFk-0004Rm-00; Mon, 10 Dec 2001 23:23:00 -0800 Date: Mon, 10 Dec 2001 23:22:59 -0800 (PST) From: Tom Samplonius To: Dave Cc: freebsd-isp@FreeBSD.ORG Subject: RE: FreeBSD as multiple line RAS < perle pci-ras? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 10 Dec 2001, Dave wrote: ... > vendor doesn't have a clue about FreeBSD compatibility, however there > are Linux drivers... was thinking about trying to run under Linux > compat. ... Linux device drivers aren't going to work under FreeBSD. Something that access the hardware directly is going to require low-level access, something a user-mode program can't do easily, or in a portable emulatable sort of way. Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 11 0:44:42 2001 Delivered-To: freebsd-isp@freebsd.org Received: from backup.dagupan.com (www.psysc.org.ph [206.101.69.5]) by hub.freebsd.org (Postfix) with ESMTP id 9E55437B416 for ; Tue, 11 Dec 2001 00:44:38 -0800 (PST) Received: by apmail.dagupan.com with Internet Mail Service (5.5.2653.19) id ; Tue, 11 Dec 2001 16:44:07 +0800 Message-ID: <10F29E27A956D511B0940050DA8D86A9340D1A@apmail.dagupan.com> From: francisv@dagupan.com To: freebsd-isp@freebsd.org Subject: iManager for managing jailed systems? Date: Tue, 11 Dec 2001 16:44:01 +0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I recently came across a product called iManager but I don't know if it's opensource or proprietary. Is there a product that can let users manage their jailed environment (i.e. add users, change passwords, add services, etc.)? --- francis a. vidal [bitstop network services] | http://www.dagupan.com streaming media + web hosting | http://www.keystone.ph v(02)330-2871,(02)330-2872; f(02)330-2873 | http://www.kuro.ph To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 11 1:39:46 2001 Delivered-To: freebsd-isp@freebsd.org Received: from inter.stack.ru (inter.stack.ru [217.106.127.225]) by hub.freebsd.org (Postfix) with ESMTP id 4B87137B43E for ; Tue, 11 Dec 2001 01:39:09 -0800 (PST) Received: from exch2k.stack.ru (exch2k.stack.ru [217.106.127.210]) by inter.stack.ru (8.11.2/8.11.2) with ESMTP id fBB9d2H81541 for ; Tue, 11 Dec 2001 16:39:02 +0700 (KRAT) Subject: Router based on FreeBSD. MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C18227.AAC352A7" Date: Tue, 11 Dec 2001 16:39:02 +0700 content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Router based on FreeBSD. Thread-Index: AcGCJ6rZFT4XfEtvRE2fOXGQH0OF0Q== From: "Tolpanov, Dmitry" To: Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------_=_NextPart_001_01C18227.AAC352A7 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Hi, all. I've got a very complex problem so every advice is appreciated. I've got a router on 4.3-STABLE FreeBSD. It's got hardware (in short): - Intel Pentium III 500 MHz - NIC 3Com 10/100 in 100baseTX - NIC 3Com 10/100 in 100baseTX - NIC 3Com 10/100 in 100baseTX - NIC 3Com 900 Combo 10baseT/UTP - NIC 3Com 900 Combo 10baseT/UTP Sometimes through this router network works slowly and it is natural right thing. Therefore we are going to split router on two. My questions are common for such situations: - How trobleshoot network activity? - How can I find bottlenecks in this situation?=20 - What counters should I examine? - What is the maximum limits for such counters? (As I can examine interrupts but I don't know reasonable limits. I've heard about maximum 4500 interrupts). - What are advices for improving the configuration? (except hardware routers) May be there are web resources for troubleshooting such situations and finding bottlenecks. Thanks in advance. Dmitry. ------_=_NextPart_001_01C18227.AAC352A7 Content-Type: text/html; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Router based on FreeBSD.

Hi, = all.
I've got a very = complex problem so every advice is appreciated.
I've got a router = on 4.3-STABLE FreeBSD. It's got hardware (in short):
- Intel Pentium = III 500 MHz
- NIC 3Com 10/100 = in 100baseTX <full-duplex>
- NIC 3Com 10/100 = in 100baseTX <full-duplex>
- NIC 3Com 10/100 = in 100baseTX <full-duplex>
- NIC 3Com 900 = Combo 10baseT/UTP <full-duplex>
- NIC 3Com 900 = Combo 10baseT/UTP <full-duplex>

Sometimes through = this router network works slowly and it is natural right thing. = Therefore we are going to split router on two.

My questions are = common for such situations:
- How trobleshoot = network activity?
- How can I find = bottlenecks in this situation?
- What counters = should I examine?
- What is the = maximum limits for such counters? (As I can examine interrupts but I = don't know reasonable limits. I've heard about maximum 4500 = interrupts).

- What are advices = for improving the configuration? (except hardware routers)

May be there are = web resources for troubleshooting such situations and finding = bottlenecks.

Thanks in = advance.

Dmitry.


------_=_NextPart_001_01C18227.AAC352A7-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 11 3: 9: 6 2001 Delivered-To: freebsd-isp@freebsd.org Received: from workhorse.iMach.com (workhorse.iMach.com [206.127.77.89]) by hub.freebsd.org (Postfix) with ESMTP id 15BEA37B405 for ; Tue, 11 Dec 2001 03:09:02 -0800 (PST) Received: from localhost (forrestc@localhost) by workhorse.iMach.com (8.9.3/8.9.3) with ESMTP id EAA14516; Tue, 11 Dec 2001 04:01:46 -0700 (MST) Date: Tue, 11 Dec 2001 04:01:46 -0700 (MST) From: "Forrest W. Christian" To: "Tolpanov, Dmitry" Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Router based on FreeBSD. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 11 Dec 2001, Tolpanov, Dmitry wrote: > I've got a very complex problem so every advice is appreciated. > I've got a router on 4.3-STABLE FreeBSD. It's got hardware (in short): > - Intel Pentium III 500 MHz > - NIC 3Com 10/100 in 100baseTX > - NIC 3Com 10/100 in 100baseTX > - NIC 3Com 10/100 in 100baseTX > - NIC 3Com 900 Combo 10baseT/UTP > - NIC 3Com 900 Combo 10baseT/UTP > > Sometimes through this router network works slowly and it is natural > right thing. Therefore we are going to split router on two. Define slowly. Can you see added latency across the router? Personally I'd switch all the cards out for Intel, but that is my preference - and I can't say it would help at all. - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/ Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 ---------------------------------------------------------------------- Protect your personal freedoms - visit http://www.lp.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 11 3:40:58 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id 62F5A37B416 for ; Tue, 11 Dec 2001 03:40:54 -0800 (PST) Received: from [144.137.119.218] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id sjxdaaaa for ; Tue, 11 Dec 2001 22:40:28 +1100 Message-ID: <3C15F0F0.2090209@quake.com.au> Date: Tue, 11 Dec 2001 22:41:36 +1100 From: Kal Torak User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.5) Gecko/20011011 X-Accept-Language: en-us MIME-Version: 1.0 To: "Tolpanov, Dmitry" Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Router based on FreeBSD. References: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Tolpanov, Dmitry wrote: > > >I've got a very complex problem so every advice is appreciated. >I've got a router on 4.3-STABLE FreeBSD. It's got hardware (in short): >- Intel Pentium III 500 MHz >- NIC 3Com 10/100 in 100baseTX >- NIC 3Com 10/100 in 100baseTX >- NIC 3Com 10/100 in 100baseTX >- NIC 3Com 900 Combo 10baseT/UTP >- NIC 3Com 900 Combo 10baseT/UTP > >Sometimes through this router network works slowly and it is natural >right thing. Therefore we are going to split router on two. Hmmm when you say slow, how slow are you talking??? And what kind of load does this router get? I mean its obviously got at least 5 subnets or more, but what kind of loads?? When its going slowly what kind of ping times do you get accross it?? Also are you sure its the router thats the bottle neck here? What kind of network is it attached to? Hubs, Switches, what brands are they?? The reason I ask is because a P3 500 is a lot faster than most of the processors you would find in hardware routers, I dont see how it could be noticably slow.. But I dont really know how much traffic your getting... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 11 3:57:37 2001 Delivered-To: freebsd-isp@freebsd.org Received: from inter.stack.ru (inter.stack.ru [217.106.127.225]) by hub.freebsd.org (Postfix) with ESMTP id C7DDF37B417 for ; Tue, 11 Dec 2001 03:57:31 -0800 (PST) Received: from exch2k.stack.ru (exch2k.stack.ru [217.106.127.210]) by inter.stack.ru (8.11.2/8.11.2) with ESMTP id fBBBvTH91975; Tue, 11 Dec 2001 18:57:29 +0700 (KRAT) Subject: RE: Router based on FreeBSD. MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Date: Tue, 11 Dec 2001 18:57:29 +0700 content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Router based on FreeBSD. Thread-Index: AcGCOLSJt7ZQNV6rTQWYXJyvO8qfmAAAGkaA From: "Tolpanov, Dmitry" To: "Kal Torak" Cc: Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm 99 % sure that the bottleneck is router. As for other hardware, router connected to 3Com 3300 XM which is devided on VLANs. The most loading on two 100 Mb interfaces (backbone interfaces). Network becomes slow when their loading 4 MB/s on each other (about 5500 interrupts on each, is not this very high), other interfaces have stable loading and CPU loading is about 50-30 % idle. As for routing table: root[xxx]:/etc/> netstat -rn | wc -l 638 > Tolpanov, Dmitry wrote: > >=20 > >=20 > >I've got a very complex problem so every advice is appreciated. > >I've got a router on 4.3-STABLE FreeBSD. It's got hardware=20 > (in short): > >- Intel Pentium III 500 MHz > >- NIC 3Com 10/100 in 100baseTX > >- NIC 3Com 10/100 in 100baseTX > >- NIC 3Com 10/100 in 100baseTX > >- NIC 3Com 900 Combo 10baseT/UTP > >- NIC 3Com 900 Combo 10baseT/UTP > > > >Sometimes through this router network works slowly and it is natural > >right thing. Therefore we are going to split router on two. >=20 >=20 > Hmmm when you say slow, how slow are you talking??? And what kind > of load does this router get? I mean its obviously got at least 5 > subnets or more, but what kind of loads?? >=20 > When its going slowly what kind of ping times do you get accross it?? >=20 > Also are you sure its the router thats the bottle neck here? What kind > of network is it attached to? Hubs, Switches, what brands are they?? >=20 > The reason I ask is because a P3 500 is a lot faster than most of the > processors you would find in hardware routers, I dont see how it could > be noticably slow.. But I dont really know how much traffic=20 > your getting... >=20 >=20 >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 11 4:24:53 2001 Delivered-To: freebsd-isp@freebsd.org Received: from workhorse.iMach.com (workhorse.iMach.com [206.127.77.89]) by hub.freebsd.org (Postfix) with ESMTP id 2B23E37B416 for ; Tue, 11 Dec 2001 04:24:44 -0800 (PST) Received: from localhost (forrestc@localhost) by workhorse.iMach.com (8.9.3/8.9.3) with ESMTP id FAA14689; Tue, 11 Dec 2001 05:17:29 -0700 (MST) Date: Tue, 11 Dec 2001 05:17:28 -0700 (MST) From: "Forrest W. Christian" To: "Tolpanov, Dmitry" Cc: Kal Torak , freebsd-isp@FreeBSD.ORG Subject: RE: Router based on FreeBSD. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org What is the PING TIME Across this router? I too am skeptical. I can push 4MB/s through a 486/66 box with ISA cards on occasion if everything is right. On Tue, 11 Dec 2001, Tolpanov, Dmitry wrote: > Date: Tue, 11 Dec 2001 18:57:29 +0700 > From: "Tolpanov, Dmitry" > To: Kal Torak > Cc: freebsd-isp@FreeBSD.ORG > Subject: RE: Router based on FreeBSD. > > I'm 99 % sure that the bottleneck is router. > As for other hardware, router connected to 3Com 3300 XM which is devided > on VLANs. > The most loading on two 100 Mb interfaces (backbone interfaces). Network > becomes slow when their loading 4 MB/s on each other (about 5500 > interrupts on each, is not this very high), other interfaces have stable > loading and CPU loading is about 50-30 % idle. > > As for routing table: > root[xxx]:/etc/> netstat -rn | wc -l > 638 > > > Tolpanov, Dmitry wrote: > > > > > > > > >I've got a very complex problem so every advice is appreciated. > > >I've got a router on 4.3-STABLE FreeBSD. It's got hardware > > (in short): > > >- Intel Pentium III 500 MHz > > >- NIC 3Com 10/100 in 100baseTX > > >- NIC 3Com 10/100 in 100baseTX > > >- NIC 3Com 10/100 in 100baseTX > > >- NIC 3Com 900 Combo 10baseT/UTP > > >- NIC 3Com 900 Combo 10baseT/UTP > > > > > >Sometimes through this router network works slowly and it is natural > > >right thing. Therefore we are going to split router on two. > > > > > > Hmmm when you say slow, how slow are you talking??? And what kind > > of load does this router get? I mean its obviously got at least 5 > > subnets or more, but what kind of loads?? > > > > When its going slowly what kind of ping times do you get accross it?? > > > > Also are you sure its the router thats the bottle neck here? What kind > > of network is it attached to? Hubs, Switches, what brands are they?? > > > > The reason I ask is because a P3 500 is a lot faster than most of the > > processors you would find in hardware routers, I dont see how it could > > be noticably slow.. But I dont really know how much traffic > > your getting... > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/ Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 ---------------------------------------------------------------------- Protect your personal freedoms - visit http://www.lp.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 11 4:26:22 2001 Delivered-To: freebsd-isp@freebsd.org Received: from workhorse.iMach.com (workhorse.iMach.com [206.127.77.89]) by hub.freebsd.org (Postfix) with ESMTP id 9FC3D37B405 for ; Tue, 11 Dec 2001 04:26:15 -0800 (PST) Received: from localhost (forrestc@localhost) by workhorse.iMach.com (8.9.3/8.9.3) with ESMTP id FAA14699; Tue, 11 Dec 2001 05:18:59 -0700 (MST) Date: Tue, 11 Dec 2001 05:18:59 -0700 (MST) From: "Forrest W. Christian" To: "Tolpanov, Dmitry" Cc: Kal Torak , freebsd-isp@FreeBSD.ORG Subject: RE: Router based on FreeBSD. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org One more thing. Are you sure you have everything set to the same duplex setting? This can also cause the problem. On Tue, 11 Dec 2001, Forrest W. Christian wrote: > Date: Tue, 11 Dec 2001 05:17:28 -0700 (MST) > From: Forrest W. Christian > To: "Tolpanov, Dmitry" > Cc: Kal Torak , freebsd-isp@FreeBSD.ORG > Subject: RE: Router based on FreeBSD. > > What is the PING TIME Across this router? > > I too am skeptical. I can push 4MB/s through a 486/66 box with ISA cards > on occasion if everything is right. > > On Tue, 11 Dec 2001, Tolpanov, Dmitry wrote: > > > Date: Tue, 11 Dec 2001 18:57:29 +0700 > > From: "Tolpanov, Dmitry" > > To: Kal Torak > > Cc: freebsd-isp@FreeBSD.ORG > > Subject: RE: Router based on FreeBSD. > > > > I'm 99 % sure that the bottleneck is router. > > As for other hardware, router connected to 3Com 3300 XM which is devided > > on VLANs. > > The most loading on two 100 Mb interfaces (backbone interfaces). Network > > becomes slow when their loading 4 MB/s on each other (about 5500 > > interrupts on each, is not this very high), other interfaces have stable > > loading and CPU loading is about 50-30 % idle. > > > > As for routing table: > > root[xxx]:/etc/> netstat -rn | wc -l > > 638 > > > > > Tolpanov, Dmitry wrote: > > > > > > > > > > > >I've got a very complex problem so every advice is appreciated. > > > >I've got a router on 4.3-STABLE FreeBSD. It's got hardware > > > (in short): > > > >- Intel Pentium III 500 MHz > > > >- NIC 3Com 10/100 in 100baseTX > > > >- NIC 3Com 10/100 in 100baseTX > > > >- NIC 3Com 10/100 in 100baseTX > > > >- NIC 3Com 900 Combo 10baseT/UTP > > > >- NIC 3Com 900 Combo 10baseT/UTP > > > > > > > >Sometimes through this router network works slowly and it is natural > > > >right thing. Therefore we are going to split router on two. > > > > > > > > > Hmmm when you say slow, how slow are you talking??? And what kind > > > of load does this router get? I mean its obviously got at least 5 > > > subnets or more, but what kind of loads?? > > > > > > When its going slowly what kind of ping times do you get accross it?? > > > > > > Also are you sure its the router thats the bottle neck here? What kind > > > of network is it attached to? Hubs, Switches, what brands are they?? > > > > > > The reason I ask is because a P3 500 is a lot faster than most of the > > > processors you would find in hardware routers, I dont see how it could > > > be noticably slow.. But I dont really know how much traffic > > > your getting... > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > - Forrest W. Christian (forrestc@imach.com) AC7DE > ---------------------------------------------------------------------- > The Innovation Machine Ltd. P.O. Box 5749 > http://www.imach.com/ Helena, MT 59604 > Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 > ---------------------------------------------------------------------- > Protect your personal freedoms - visit http://www.lp.org/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/ Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 ---------------------------------------------------------------------- Protect your personal freedoms - visit http://www.lp.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 11 5: 8:50 2001 Delivered-To: freebsd-isp@freebsd.org Received: from hawk-systems.com (hawk-systems.com [161.58.152.235]) by hub.freebsd.org (Postfix) with ESMTP id 60D8637B416 for ; Tue, 11 Dec 2001 05:08:46 -0800 (PST) Received: from cr159591a (cr159591-a.pr1.on.wave.home.com [24.102.18.54]) by hawk-systems.com (8.11.6) id fBBD8fk20944; Tue, 11 Dec 2001 06:08:41 -0700 (MST) From: dave@hawk-systems.com (Dave) To: , Subject: RE: iManager for managing jailed systems? Date: Tue, 11 Dec 2001 08:12:10 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <10F29E27A956D511B0940050DA8D86A9340D1A@apmail.dagupan.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I memory serves, this is a custom solution from iServer/Verio/ViaVerio (or whatever thyey are calling themselves these days) and not a portable package. Could be wrong though. Dave >-----Original Message----- >From: owner-freebsd-isp@FreeBSD.ORG >[mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of francisv@dagupan.com >Sent: Tuesday, December 11, 2001 3:44 AM >To: freebsd-isp@FreeBSD.ORG >Subject: iManager for managing jailed systems? > > >Hi, > >I recently came across a product called iManager but I don't know if it's >opensource or proprietary. Is there a product that can let users manage >their jailed environment (i.e. add users, change passwords, add services, >etc.)? > >--- > francis a. vidal [bitstop network services] | http://www.dagupan.com > streaming media + web hosting | http://www.keystone.ph > v(02)330-2871,(02)330-2872; f(02)330-2873 | http://www.kuro.ph > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 11 5:34:30 2001 Delivered-To: freebsd-isp@freebsd.org Received: from bilver.wjv.com (spdsl-033.wanlogistics.net [63.209.115.33]) by hub.freebsd.org (Postfix) with ESMTP id 4BD7B37B419 for ; Tue, 11 Dec 2001 05:34:27 -0800 (PST) Received: (from bv@localhost) by bilver.wjv.com (8.11.6/8.11.6) id fBBDYKf81056 for freebsd-isp@freebsd.org; Tue, 11 Dec 2001 08:34:20 -0500 (EST) (envelope-from bv) Date: Tue, 11 Dec 2001 08:34:20 -0500 From: Bill Vermillion To: freebsd-isp@freebsd.org Subject: Re: Router based on FreeBSD. Message-ID: <20011211083420.A80896@wjv.com> Reply-To: bv@wjv.com References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from forrestc@imach.com on Tue, Dec 11, 2001 at 04:01:46AM -0700 Organization: W.J.Vermillion / Orlando - Winter Park Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Dec 11, 2001 at 04:01:46AM -0700, Forrest W. Christian thus spoke: > On Tue, 11 Dec 2001, Tolpanov, Dmitry wrote: > > > I've got a very complex problem so every advice is appreciated. > > I've got a router on 4.3-STABLE FreeBSD. It's got hardware (in short): > > - Intel Pentium III 500 MHz > > - NIC 3Com 10/100 in 100baseTX > > - NIC 3Com 10/100 in 100baseTX > > - NIC 3Com 10/100 in 100baseTX > > - NIC 3Com 900 Combo 10baseT/UTP > > - NIC 3Com 900 Combo 10baseT/UTP > > > > Sometimes through this router network works slowly and it is natural > > right thing. Therefore we are going to split router on two. > Define slowly. Can you see added latency across the router? > Personally I'd switch all the cards out for Intel, but that is my > preference - and I can't say it would help at all. I prefer them too. However I wonder just what model numbers the above 3com cards are. Model number might have a bearing on this. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 11 6:13: 8 2001 Delivered-To: freebsd-isp@freebsd.org Received: from kleo.zond.ru (kleo.zond.ru [213.168.128.3]) by hub.freebsd.org (Postfix) with ESMTP id 25DFD37B417 for ; Tue, 11 Dec 2001 06:12:36 -0800 (PST) Received: from ns.iptelecom.ru (gate-fa0-cisco.iptelecom.ru [62.105.149.190] (may be forged)) by kleo.zond.ru (8.11.6/8.11.6) with ESMTP id fBBECSf79941 for ; Tue, 11 Dec 2001 17:12:38 +0300 (MSK) (envelope-from ash@kgb.ru) Received: from ash (ash.iptelecom.ru [62.105.149.163]) by ns.iptelecom.ru (8.11.6/8.11.6) with ESMTP id fB7KL4j38954; Fri, 7 Dec 2001 23:21:15 +0300 (MSK) (envelope-from ash@kgb.ru) From: "Alexander Naumochkin" To: "'Dave VanAuken'" , Subject: RE: FreeBSD as multiple line RAS Date: Fri, 7 Dec 2001 23:18:03 +0300 Message-ID: <001501c17f5c$4d3d3420$a395693e@iptelecom.ru> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3311 In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Dave, I have such experience. I'm using iP5-133 box with Cronyx Omega multiport card (http://www.cronyx.ru/hardware/omega.html), pppd (out of FreeBSD box), mgetty (from ports) and eight USRobotics Courier modems. System works fine since 1996, currently on 4.4-STABLE -- Alexander Naumochkin IPTel Inc. > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG] On Behalf Of Dave VanAuken > Sent: Friday, December 07, 2001 6:41 PM > To: freebsd-isp@FreeBSD.ORG > Subject: FreeBSD as multiple line RAS > > > Anyone have first hand experience, pitfalls, or comments > regarding using a > freebsd box as a simple RAS for multiple remote dialin lines. > > Have a client that needs to provide access to a number of > stores, maximum of 8 > at a time. Currently has a two ports available on an NT > server, and a number on > an AS400 for inventory management. > > Solution would be throw a coule of cheap FreeBSD boxes in > there with 2+ modems > each. What isthe maximum number that you could reasonably > pack into a single > FreeBSD box without running into resource problems? > > Easy solution would be to install a Cisco 2509 or something, > but that may be > overkill. Thoughts? > > Dave > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 11 6:45:18 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id A4C0237B416 for ; Tue, 11 Dec 2001 06:45:14 -0800 (PST) Received: from [144.137.118.43] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id ykxdaaaa for ; Wed, 12 Dec 2001 01:44:44 +1100 Message-ID: <3C161C1F.8080601@quake.com.au> Date: Wed, 12 Dec 2001 01:45:51 +1100 From: Kal Torak User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.5) Gecko/20011011 X-Accept-Language: en-us MIME-Version: 1.0 To: bv@wjv.com Cc: freebsd-isp@freebsd.org Subject: Re: Router based on FreeBSD. References: <20011211083420.A80896@wjv.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Bill Vermillion wrote: > >>Personally I'd switch all the cards out for Intel, but that is my >>preference - and I can't say it would help at all. >> > > I prefer them too. However I wonder just what model numbers > the above 3com cards are. Model number might have a bearing on > this. Hes using a 3com 3300 XM switch, so its probably best to stick withe the 3com cards as well... Things made by the same company usualy work best together :) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 11 7:23:15 2001 Delivered-To: freebsd-isp@freebsd.org Received: from bilver.wjv.com (spdsl-033.wanlogistics.net [63.209.115.33]) by hub.freebsd.org (Postfix) with ESMTP id 5AC2137B416 for ; Tue, 11 Dec 2001 07:23:10 -0800 (PST) Received: (from bv@localhost) by bilver.wjv.com (8.11.6/8.11.6) id fBBFN4T81758 for freebsd-isp@freebsd.org; Tue, 11 Dec 2001 10:23:04 -0500 (EST) (envelope-from bv) Date: Tue, 11 Dec 2001 10:23:04 -0500 From: Bill Vermillion To: freebsd-isp@freebsd.org Subject: Re: Router based on FreeBSD. Message-ID: <20011211102304.C81658@wjv.com> Reply-To: bv@wjv.com References: <20011211083420.A80896@wjv.com> <3C161C1F.8080601@quake.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3C161C1F.8080601@quake.com.au>; from kaltorak@quake.com.au on Wed, Dec 12, 2001 at 01:45:51AM +1100 Organization: W.J.Vermillion / Orlando - Winter Park Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Dec 12, 2001 at 01:45:51AM +1100, Kal Torak thus spoke: > Bill Vermillion wrote: > > >>Personally I'd switch all the cards out for Intel, but that is my > >>preference - and I can't say it would help at all. > > I prefer them too. However I wonder just what model numbers > > the above 3com cards are. Model number might have a bearing on > > this. > Hes using a 3com 3300 XM switch, so its probably best to stick > withe the 3com cards as well... Things made by the same company > usualy work best together :) That may be true in some areas but shouldn't be true in TCP/IP and/or ethernet functions. I've run so many different routers, switches, etc that most probalby weren't being made by the same. I was more wondering about the cards and the rev's on the cards as some models don't works as well as other models from the same company. The first iNTEL NIC's were a bit weird for some OSes and the B model was the one to get. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 11 7:47:51 2001 Delivered-To: freebsd-isp@freebsd.org Received: from taka.swcp.com (taka.swcp.com [198.59.115.12]) by hub.freebsd.org (Postfix) with ESMTP id 14B4137B405 for ; Tue, 11 Dec 2001 07:47:46 -0800 (PST) Received: from inago.swcp.com (inago.swcp.com [198.59.115.17]) by taka.swcp.com (8.10.0.Beta12/8.10.0.Beta12) with ESMTP id fBBFpW791222 for ; Tue, 11 Dec 2001 08:51:33 -0700 (MST) Received: from localhost (deichert@localhost) by inago.swcp.com (8.8.7/8.8.7) with ESMTP id IAA14896 for ; Tue, 11 Dec 2001 08:47:42 -0700 (MST) X-Authentication-Warning: inago.swcp.com: deichert owned process doing -bs Date: Tue, 11 Dec 2001 08:47:42 -0700 (MST) From: Diana Eichert X-Sender: deichert@inago.swcp.com To: freebsd-isp@FreeBSD.ORG Subject: Re: Router based on FreeBSD. In-Reply-To: <20011211102304.C81658@wjv.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > On Wed, Dec 12, 2001 at 01:45:51AM +1100, Kal Torak thus spoke: > > Bill Vermillion wrote: > > > > > >>Personally I'd switch all the cards out for Intel, but that is my > > >>preference - and I can't say it would help at all. > > > > I prefer them too. However I wonder just what model numbers > > > the above 3com cards are. Model number might have a bearing on > > > this. > > > Hes using a 3com 3300 XM switch, so its probably best to stick > > withe the 3com cards as well... Things made by the same company > > usualy work best together :) Whoa, now that's a leap of faith, many times a vendor has purchased entire companies and re-badged those products as their own. Also, there can and most likely will be totally unrelated design teams supporting NIC's and routers/switches. So there are no guarantee's by staying vendor specific. When I worked for Intel twenty years ago, the systems group would not use Intel DRAM. We thought it was crap, which it was, as no one else bought it either. diana To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 11 7:56:17 2001 Delivered-To: freebsd-isp@freebsd.org Received: from gamma.root-servers.ch (gamma.root-servers.ch [195.49.62.126]) by hub.freebsd.org (Postfix) with SMTP id 8F0E637B405 for ; Tue, 11 Dec 2001 07:56:09 -0800 (PST) Received: (qmail 59525 invoked from network); 11 Dec 2001 15:56:07 -0000 Received: from dclient217-162-128-224.hispeed.ch (HELO athlon550) (217.162.128.224) by 0 with SMTP; 11 Dec 2001 15:56:07 -0000 Date: Tue, 11 Dec 2001 16:57:00 +0100 From: Gabriel Ambuehl X-Mailer: The Bat! (v1.53bis) Educational Organization: BUZ Internet Services X-Priority: 3 (Normal) Message-ID: <164616459602.20011211165700@buz.ch> To: "Dustin Puryear" Cc: isp@freebsd.org Subject: Re[8]: Using DNAT and DNS round-robin In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hello Dustin, Monday, December 10, 2001, 5:05:31 PM, you wrote: > Well, one solution to this type of problem is to use remote storage > such as NAS. NAS has got the big problem of being a single point of failure. But if you can live with that, it's a great solution to achieve consistency of the load balanced data. Watch out, though, cause FreeBSD 4.X nfsclient doesn't currently support file locking! > I am working with another client that uses several webservers that > hit a few Snap servers for all of their data. Using this method we > can load-balance (using LVS and Red Hat's High Availability > Services) to our heart's content. But you are correct that there is > a problem if you leave the data on the local drive of each server. I'm working on something like FVS and despite the currently non existent VS fail over and FS replication parts, it's working pretty well (save for that fact that ipnat currently doesn't provide any other load balancing than round robin but OTOH, the system is capable to skip NAT altogether and use DNS round robin or whatever else which isn't possible with LVS, IIRC). I'm currently trying to port it to Linux (for a consulting client) but since Linux won't support bidirectional popen(), I'm somewhat stuck until I manage to get a custom version of it to work... Best regards, Gabriel -----BEGIN PGP SIGNATURE----- Version: PGP 6.5i iQEVAwUBPBYewMZa2WpymlDxAQEAfwf/cY2yx9Jav7da73M7VHV7xKLaDRTdAnVD NMape/GRjxV7PobChhstAqlx4QTfEKOrRefFNzvxxwThc/q3xr0RE5W74Frs7KGe S2xAdPwcmAQp16Q5VWV1FnUq8vVoy9vW9+EYppjeCuC6Yv5iq+7Xb18Owga3AhNI grkDxEzVe49GYcCldwVDPX6omn4qbdx+sW9GJA/NCOKIzQOXIAHJLRxveWfnHtkD 2ZDGGSV6kAuNowxD0a4qzk0tD/9MUvKDEPyTlw1TQ7pj4OwuUcrP0M7LSqIkGvuZ eS59u2T48am2AobjOQhN3rwfMyvqiihlkh02vyPjUToHWxS9OnoBDA== =v9jH -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 11 8: 0:23 2001 Delivered-To: freebsd-isp@freebsd.org Received: from gamma.root-servers.ch (gamma.root-servers.ch [195.49.62.126]) by hub.freebsd.org (Postfix) with SMTP id 947EA37B419 for ; Tue, 11 Dec 2001 08:00:14 -0800 (PST) Received: (qmail 59686 invoked from network); 11 Dec 2001 16:00:13 -0000 Received: from dclient217-162-128-224.hispeed.ch (HELO athlon550) (217.162.128.224) by 0 with SMTP; 11 Dec 2001 16:00:13 -0000 Date: Tue, 11 Dec 2001 17:01:03 +0100 From: Gabriel Ambuehl X-Mailer: The Bat! (v1.53bis) Educational Organization: BUZ Internet Services X-Priority: 3 (Normal) Message-ID: <73616702571.20011211170103@buz.ch> To: "Dustin Puryear" Cc: freebsd-isp@freebsd.org Subject: Re[8]: Using DNAT and DNS round-robin In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hello Dustin, Monday, December 10, 2001, 4:57:08 PM, you wrote: > I guess that is where the initial confusion came from. In order for > each webserver to offer the same IP-based virtual hosts as the > other n-1 webservers, it appears that I need to setup the same IP > alias on each webserver, unless I am missing something. Obviously, > that won't work. That is one reason why I was looking at Squid. Ah now I get it. If you bind the virtual hosts to the IP, you have no other option than having the IPs assigned to the firewall and either run statical NAT or some proxy (like squid or apache mod_proxy) on the firewall. > I am surprised this problem isn't more common. I mean, someone out > there must be trying to spread several IP-based virtual hosts > across n servers. Most people probably won't care for IP based or not. That only matters for SSL, anyway. >> with hosting consumers, that's obviously not possible. > Well, we are one of those "we control all data" types. :) That's nice. I wished I were in the same situation... >> You simply can't have the same IP based virtual host on two >> machines. The online thing that can be done there is round robin >> NAT but for reasons pointed out above, that's major PITA. > That is becoming rather obvious to me at this point. Given you can solve the fs inconsistency issues, round robin NAT actually would be the by far fastest solution to do what you want. Squid should do the job too, more flexibly, but probably slower. Best regards, Gabriel ÜyœòÔÄŠ& Ä -----BEGIN PGP SIGNATURE----- Version: PGP 6.5i iQEVAwUBPBYftsZa2WpymlDxAQHJ+wf/WDJRAA3cXZflbe4BOafbRdwX05WJphek k6pkgYl/StE5Qap8ke2rEjsngnYqiuNyBXyMvxRh1OtlK/ECflkDeVMUY8R5XGgP z4xQEY2G4pKuSwSMUC8UwXJV2hPrO7UDxZtpmN2XLlWf/zd892pQEsqBtiJ8IOOg 9LLfnAcE5086hRu5BABGNlc76vZZaD0H9sHQLS0RjVQyBMbxTeMfSdofCXZuD6je fq6E7EofZtlNqBli2b3m10ixW3s9eNsG+lKRNcqcxVVfzy6qbGzTk6cesWVxQdIF edreIjgxiWTDzLGiauaMaWLguvLBcWXT875nURR6oczRUIZSBtTd+A== =4Nvx -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 11 8:52:34 2001 Delivered-To: freebsd-isp@freebsd.org Received: from c007.snv.cp.net (c007-h013.c007.snv.cp.net [209.228.33.220]) by hub.freebsd.org (Postfix) with SMTP id 0DA5337B417 for ; Tue, 11 Dec 2001 08:52:29 -0800 (PST) Received: (cpmta 23224 invoked from network); 11 Dec 2001 08:52:13 -0800 Received: from 216.227.100.85 (HELO vector) by smtp.telocity.com (209.228.33.220) with SMTP; 11 Dec 2001 08:52:13 -0800 X-Sent: 11 Dec 2001 16:52:13 GMT From: "Dustin Puryear" To: "Gabriel Ambuehl" Cc: Subject: RE: Re[8]: Using DNAT and DNS round-robin Date: Tue, 11 Dec 2001 11:00:10 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <164616459602.20011211165700@buz.ch> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > Well, one solution to this type of problem is to use remote storage > > such as NAS. > > NAS has got the big problem of being a single point of failure. But Not necessarily. There are a few NAS HA solutions out there. I know that NetApps has one. In fact, I doubt the whole NAS industry would get far without it. > > I am working with another client that uses several webservers that > > hit a few Snap servers for all of their data. Using this method we > > can load-balance (using LVS and Red Hat's High Availability > > Services) to our heart's content. But you are correct that there is > > a problem if you leave the data on the local drive of each server. > > I'm working on something like FVS and despite the currently non > existent VS fail over and FS replication parts, it's working pretty > well (save for that fact that ipnat currently doesn't provide any > other load balancing than round robin but OTOH, the system is capable > to skip NAT altogether and use DNS round robin or whatever else which > isn't possible with LVS, IIRC). I'm not familiar with FVS. What is it? > I'm currently trying to port it to Linux (for a consulting client) > but > since Linux won't support bidirectional popen(), I'm somewhat stuck > until I manage to get a custom version of it to work... Sounds like you have a fun week ahead of you. Good luck. Regards, Dustin --- Dustin Puryear Information Systems Consultant http://members.telocity.com/~dpuryear In the beginning the Universe was created. This has been widely regarded as a bad move. - Douglas Adams To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 11 9:26:58 2001 Delivered-To: freebsd-isp@freebsd.org Received: from gamma.root-servers.ch (gamma.root-servers.ch [195.49.62.126]) by hub.freebsd.org (Postfix) with SMTP id 0A41B37BFB6 for ; Tue, 11 Dec 2001 09:19:21 -0800 (PST) Received: (qmail 62897 invoked from network); 11 Dec 2001 17:11:36 -0000 Received: from dclient217-162-128-224.hispeed.ch (HELO athlon550) (217.162.128.224) by 0 with SMTP; 11 Dec 2001 17:11:36 -0000 Date: Tue, 11 Dec 2001 18:12:28 +0100 From: Gabriel Ambuehl X-Mailer: The Bat! (v1.53bis) Educational Organization: BUZ Internet Services X-Priority: 3 (Normal) Message-ID: <68620987432.20011211181228@buz.ch> To: "Dustin Puryear" Cc: isp@freebsd.org Subject: Re[10]: Using DNAT and DNS round-robin In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hello Dustin, Tuesday, December 11, 2001, 6:00:10 PM, you wrote: >> NAS has got the big problem of being a single point of failure. >> But > Not necessarily. There are a few NAS HA solutions out there. I know > that NetApps has one. In fact, I doubt the whole NAS industry would > get far without it. Well.... There are NetApps that can mirror themselves to another one, AFAIK, but I can't comment on either their reliability or their speed. >> other load balancing than round robin but OTOH, the system is >> capable to skip NAT altogether and use DNS round robin or whatever >> else which isn't possible with LVS, IIRC). > I'm not familiar with FVS. What is it? My own private analogy to LVS. If LVS is Linux Virtual Server, then FVS is FreeBSD Virtual Server ;-) >> since Linux won't support bidirectional popen(), I'm somewhat >> stuck until I manage to get a custom version of it to work... > Sounds like you have a fun week ahead of you. Good luck. Uhm yeah. Or I simply sell them a FreeBSD box where the whole thing works just charmingly... Their RedHat 7.0 doesn't even appear to dump core or notify me of segfaults anyway. Broken OS, if you ask me. Best regards, Gabriel -----BEGIN PGP SIGNATURE----- Version: PGP 6.5i iQEVAwUBPBYwcMZa2WpymlDxAQFnkQgAh6Kgdxnl0gaq43ZmcZG0jNbU4IvaOnS9 DLXbdMnUR52nIIi+6UREMevrkki9iPDzV9v3emXA3Fi/InE6FAEXSVgqaa3vciE3 lo/I4cMX865/404UV+ZDqPMhbhTijNQamYXW/SvRQ9U4kXw3mY034I1WFFxhYQrS Lk5OgKJJThxVs1FmkHIBYvpVCjqyrxX7AdN4L1FT4dWzpGtnmKYLm9lMIdBISOCj Q+vYsBHkL9LjxMwxkVJuCEUIG9xpg+zp3O5VGvuXH/XylCT78ZsrOr4wr4FmQU+/ QX7c/mYh0NwYPw9HyxENQBwt3GIU4Dk1HThxDfPyDBBISC7qSzBtVA== =qMJx -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 11 9:30:28 2001 Delivered-To: freebsd-isp@freebsd.org Received: from c007.snv.cp.net (c007-h012.c007.snv.cp.net [209.228.33.219]) by hub.freebsd.org (Postfix) with SMTP id C739937B85C for ; Tue, 11 Dec 2001 09:25:18 -0800 (PST) Received: (cpmta 15178 invoked from network); 11 Dec 2001 09:21:37 -0800 Received: from 216.227.100.85 (HELO vector) by smtp.telocity.com (209.228.33.219) with SMTP; 11 Dec 2001 09:21:37 -0800 X-Sent: 11 Dec 2001 17:21:37 GMT From: "Dustin Puryear" To: "Gabriel Ambuehl" Cc: Subject: RE: Re[8]: Using DNAT and DNS round-robin Date: Tue, 11 Dec 2001 11:29:35 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <73616702571.20011211170103@buz.ch> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > alias on each webserver, unless I am missing something. Obviously, > > that won't work. That is one reason why I was looking at Squid. > > Ah now I get it. > > If you bind the virtual hosts to the IP, you have no other option > than > having the IPs assigned to the firewall and either run statical NAT > or > some proxy (like squid or apache mod_proxy) on the firewall. Yes, that is what I eventually found out. Apparently, unless you have some type of special gear, you cannot do IP-based virtual hosting in a load-sharing or -balancing environment. Now, doing HA might not be too much work depending on what your requirements for switch over time are. > >> with hosting consumers, that's obviously not possible. > > Well, we are one of those "we control all data" types. :) > > That's nice. I wished I were in the same situation... Yes, it is nice. I have yet to do work for a company providing web hosting to consumers, but I can see how it would have some real challenges. But it seems to me there are several solutions to the whole file system synchronization issue. NAS being one. A second is using a few "shell" servers that automatically get replicated to your web servers seems to be another. > >> You simply can't have the same IP based virtual host on two > >> machines. The online thing that can be done there is round robin > >> NAT but for reasons pointed out above, that's major PITA. > > That is becoming rather obvious to me at this point. > > Given you can solve the fs inconsistency issues, round robin NAT > actually would be the by far fastest solution to do what you want. > > Squid should do the job too, more flexibly, but probably slower. I played with Squid and it works nicely. Indeed, I liked the fact that with Squid I can make my web cluster disappear from outsiders and use Squid as a reverse proxy. However, since we dropped the requirement for IP-based virtual hosting the point is moot. We will be using just a standard configuration where we will DNS round-robin between web servers. Regards, Dustin --- Dustin Puryear Information Systems Consultant http://members.telocity.com/~dpuryear In the beginning the Universe was created. This has been widely regarded as a bad move. - Douglas Adams To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 11 10:14:25 2001 Delivered-To: freebsd-isp@freebsd.org Received: from gamma.root-servers.ch (gamma.root-servers.ch [195.49.62.126]) by hub.freebsd.org (Postfix) with SMTP id 99AD637B419 for ; Tue, 11 Dec 2001 10:14:14 -0800 (PST) Received: (qmail 65889 invoked from network); 11 Dec 2001 18:14:12 -0000 Received: from dclient217-162-128-224.hispeed.ch (HELO athlon550) (217.162.128.224) by 0 with SMTP; 11 Dec 2001 18:14:12 -0000 Date: Tue, 11 Dec 2001 19:15:06 +0100 From: Gabriel Ambuehl X-Mailer: The Bat! (v1.53bis) Educational Organization: BUZ Internet Services X-Priority: 3 (Normal) Message-ID: <107624744755.20011211191506@buz.ch> To: "Dustin Puryear" Cc: isp@freebsd.org Subject: Re[10]: Using DNAT and DNS round-robin In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hello Dustin, Tuesday, December 11, 2001, 6:29:35 PM, you wrote: > Yes, that is what I eventually found out. Apparently, unless you > have some type of special gear, you cannot do IP-based virtual > hosting in a > load-sharing or -balancing environment. Now, doing HA might not be > too much work depending on what your requirements for switch over > time are. <10s is doable with standard gear. <1s is quite a bit harder but perhaps still doable. >> That's nice. I wished I were in the same situation... > Yes, it is nice. I have yet to do work for a company providing web > hosting to consumers, but I can see how it would have some real > challenges. But it It certainly has. > synchronization issue. NAS being one. A second is using a few > "shell" servers that automatically get replicated to your web > servers seems to be another. I've been thinking about that approach too, but it doesn't buy you much since there are still that morons that use the FS as DB... >> Squid should do the job too, more flexibly, but probably slower. > I played with Squid and it works nicely. Indeed, I liked the fact > that with Squid I can make my web cluster disappear from outsiders > and use Squid as a reverse proxy. However, since we dropped the > requirement for IP-based virtual hosting the point is moot. We will > be using just a standard configuration where we will DNS > round-robin between web servers. That's the easiest approach, of course. OTOH, I haven't got a very high opinion of DNS round robin since it essentially still lets the remote client fuck it up... Best regards, Gabriel -----BEGIN PGP SIGNATURE----- Version: PGP 6.5i iQEVAwUBPBY/HcZa2WpymlDxAQFoUQgAuCZrFy8u5EILeyiLBgjtLuRVcLhX8ItT 3LfKOnw2ve513rx4F6gT9nVNrapH4jWYtidrBla4Z8xtH3N6Yem9r53To6xCqYpd GMxv8RZdxuZtXCV92CnDxeKGIZ89nPBPFAsC6sQkDPX3jThf9+t6jI59J9rroqq+ rwP63//vR8Pq63//Q7Lc7/TgAE6jJHs0nAXadiq1mUSwFZVF+nUgPYU3BnN9iyud 7CLLxYnArXguGZRx2wfdskPiZ7ZCSl5mC78kUimTDHLXrV2VofyzjIJWBcWyMzNA d9fo9b9OtDKRj3Hnvj5MpDjJySaxDBsyY15NaecYlAVazQIWuRMUyQ== =5dpk -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 11 15:43: 3 2001 Delivered-To: freebsd-isp@freebsd.org Received: from imo-r05.mx.aol.com (imo-r05.mx.aol.com [152.163.225.101]) by hub.freebsd.org (Postfix) with ESMTP id 7CCCA37B417 for ; Tue, 11 Dec 2001 15:42:59 -0800 (PST) Received: from CL1787@aol.com by imo-r05.mx.aol.com (mail_out_v31_r1.9.) id c.87.148e2405 (3965); Tue, 11 Dec 2001 18:42:41 -0500 (EST) From: CL1787@aol.com Message-ID: <87.148e2405.2947f3f1@aol.com> Date: Tue, 11 Dec 2001 18:42:41 EST Subject: Re: Router based on FreeBSD. To: tdn@stack.ru Cc: isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 5.0 for Windows sub 139 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In a message dated 12/11/2001 6:57:50 AM Eastern Standard Time, tdn@stack.ru writes: > I'm 99 % sure that the bottleneck is router. > As for other hardware, router connected to 3Com 3300 XM which is devided > on VLANs. > The most loading on two 100 Mb interfaces (backbone interfaces). Network > becomes slow when their loading 4 MB/s on each other (about 5500 > interrupts on each, is not this very high), other interfaces have stable > loading and CPU loading is about 50-30 % idle. > > As for routing table: > root[xxx]:/etc/> netstat -rn | wc -l > 638 > > > Tolpanov, Dmitry wrote: > > > > > > > > >I've got a very complex problem so every advice is appreciated. > > >I've got a router on 4.3-STABLE FreeBSD. It's got hardware > > (in short): > > >- Intel Pentium III 500 MHz > > >- NIC 3Com 10/100 in 100baseTX > > >- NIC 3Com 10/100 in 100baseTX > > >- NIC 3Com 10/100 in 100baseTX > > >- NIC 3Com 900 Combo 10baseT/UTP > > >- NIC 3Com 900 Combo 10baseT/UTP > First of all, 3coms are the wrong choice in FreeBSD. One issue is that you have 5 devices on your bus (which will seriously slow the bus by creating bus contention), and there are also serious problems with the 3COM driver. At minimum you'll want to disable "stats"...with a lot of traffic the stats counters overflow regularly and cause serious overhead. At high speeds it will actually take over the machine...comment out the line that sets XL_CMD_STATS_ENABLE and see what happens. You dont need them...STATS is a "neat" feature that has no place in a serious router. Also, the 900 is less efficient than the 900B...but I dont know by how much. DB To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 11 19:38:39 2001 Delivered-To: freebsd-isp@freebsd.org Received: from backup.dagupan.com (www.psysc.org.ph [206.101.69.5]) by hub.freebsd.org (Postfix) with ESMTP id 0C5A537B405 for ; Tue, 11 Dec 2001 19:38:37 -0800 (PST) Received: by apmail.dagupan.com with Internet Mail Service (5.5.2653.19) id ; Wed, 12 Dec 2001 11:38:06 +0800 Message-ID: <10F29E27A956D511B0940050DA8D86A9340D22@apmail.dagupan.com> From: francisv@dagupan.com To: freebsd-isp@freebsd.org Subject: Backup solutions Date: Wed, 12 Dec 2001 11:38:05 +0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I'm shopping for ideas regarding backup solutions, anything in mind? I'd like to backup 2-5 FreeBSD servers to one tape server. I've looked at Amanda but it too complicated to setup. I've also tried flexbackup but then it lacks the automation of Amanda. --- francis a. vidal [bitstop network services] | http://www.dagupan.com streaming media + web hosting | http://www.keystone.ph v(02)330-2871,(02)330-2872; f(02)330-2873 | http://www.kuro.ph To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 11 19:41:43 2001 Delivered-To: freebsd-isp@freebsd.org Received: from aviion.alfred.cx (ade-firewall.matcom.com.au [150.101.234.157]) by hub.freebsd.org (Postfix) with ESMTP id 3B3AC37B419 for ; Tue, 11 Dec 2001 19:41:39 -0800 (PST) Received: (from andrew@localhost) by aviion.alfred.cx (8.11.3/8.11.3) id fBC3fUj01682; Wed, 12 Dec 2001 14:11:30 +1030 (CST) (envelope-from andrew) Date: Wed, 12 Dec 2001 14:11:30 +1030 From: Andrew Reid To: francisv@dagupan.com Cc: freebsd-isp@freebsd.org Subject: Re: Backup solutions Message-ID: <20011212141130.A1618@aviion.alfred.cx> References: <10F29E27A956D511B0940050DA8D86A9340D22@apmail.dagupan.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <10F29E27A956D511B0940050DA8D86A9340D22@apmail.dagupan.com>; from francisv@dagupan.com on Wed, Dec 12, 2001 at 11:38:05AM +0800 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Dec 12, 2001 at 11:38:05AM +0800, francisv@dagupan.com wrote: > I'm shopping for ideas regarding backup solutions, anything in mind? I'd > like to backup 2-5 FreeBSD servers to one tape server. I've looked at Amanda > but it too complicated to setup. I've also tried flexbackup but then it > lacks the automation of Amanda. Try persevering with Amanda -- it's quite nice once you know what you're doing with it. - andrew -- Andrew J. Reid "Catapultam habeo. Nisi pecuniam omnem andrew.reid@plug.cx mihi dabis, ad caput tuum saxum immane +61 401 946 813 mittam" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 11 19:47:16 2001 Delivered-To: freebsd-isp@freebsd.org Received: from thud.tbe.net (thud.tbe.net [209.123.109.174]) by hub.freebsd.org (Postfix) with ESMTP id 9031337B416 for ; Tue, 11 Dec 2001 19:47:14 -0800 (PST) Received: by thud.tbe.net (Postfix, from userid 1001) id A0D4D1C942E; Tue, 11 Dec 2001 22:44:36 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by thud.tbe.net (Postfix) with ESMTP id 9DBC4DCE83; Tue, 11 Dec 2001 22:44:36 -0500 (EST) Date: Tue, 11 Dec 2001 22:44:36 -0500 (EST) From: "Gary D. Margiotta" To: Andrew Reid Cc: francisv@dagupan.com, freebsd-isp@freebsd.org Subject: Re: Backup solutions In-Reply-To: <20011212141130.A1618@aviion.alfred.cx> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'll second the Amanda suggestion. It takes a little practice and determination, but once it's set up it runs quite beautifully. We've got a mix of 25+ Sun/FreeBSD servers backing up to a single FreeBSD box with a DDS-4 (great compression), and it never complains. We've even gotten it working with a Sun StorEdge L1000 using the loader mechanism, and it's wonderful compared to the $10k+ Veritas solution our vendor wanted... ;) -Gary "Complexity breeds bugs. Bugs prevent adoption, lack of adoption results in death. Death not good." On Wed, 12 Dec 2001, Andrew Reid wrote: > On Wed, Dec 12, 2001 at 11:38:05AM +0800, francisv@dagupan.com wrote: > > > I'm shopping for ideas regarding backup solutions, anything in mind? I'd > > like to backup 2-5 FreeBSD servers to one tape server. I've looked at Amanda > > but it too complicated to setup. I've also tried flexbackup but then it > > lacks the automation of Amanda. > > Try persevering with Amanda -- it's quite nice once you know what > you're doing with it. > > - andrew > > -- > Andrew J. Reid "Catapultam habeo. Nisi pecuniam omnem > andrew.reid@plug.cx mihi dabis, ad caput tuum saxum immane > +61 401 946 813 mittam" > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 11 19:50: 6 2001 Delivered-To: freebsd-isp@freebsd.org Received: from backup.dagupan.com (www.psysc.org.ph [206.101.69.5]) by hub.freebsd.org (Postfix) with ESMTP id A542837B405 for ; Tue, 11 Dec 2001 19:50:01 -0800 (PST) Received: by apmail.dagupan.com with Internet Mail Service (5.5.2653.19) id ; Wed, 12 Dec 2001 11:49:29 +0800 Message-ID: <10F29E27A956D511B0940050DA8D86A9340D24@apmail.dagupan.com> From: francisv@dagupan.com To: freebsd-isp@freebsd.org Subject: RE: Backup solutions Date: Wed, 12 Dec 2001 11:49:29 +0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thank you for the suggestions, I'll try to persevere with Amanda. -----Original Message----- From: Gary D. Margiotta [mailto:gary@tbe.net] Sent: Wednesday, December 12, 2001 11:45 AM To: Andrew Reid Cc: francisv@dagupan.com; freebsd-isp@freebsd.org Subject: Re: Backup solutions I'll second the Amanda suggestion. It takes a little practice and determination, but once it's set up it runs quite beautifully. We've got a mix of 25+ Sun/FreeBSD servers backing up to a single FreeBSD box with a DDS-4 (great compression), and it never complains. We've even gotten it working with a Sun StorEdge L1000 using the loader mechanism, and it's wonderful compared to the $10k+ Veritas solution our vendor wanted... ;) -Gary "Complexity breeds bugs. Bugs prevent adoption, lack of adoption results in death. Death not good." On Wed, 12 Dec 2001, Andrew Reid wrote: > On Wed, Dec 12, 2001 at 11:38:05AM +0800, francisv@dagupan.com wrote: > > > I'm shopping for ideas regarding backup solutions, anything in mind? I'd > > like to backup 2-5 FreeBSD servers to one tape server. I've looked at Amanda > > but it too complicated to setup. I've also tried flexbackup but then it > > lacks the automation of Amanda. > > Try persevering with Amanda -- it's quite nice once you know what > you're doing with it. > > - andrew > > -- > Andrew J. Reid "Catapultam habeo. Nisi pecuniam omnem > andrew.reid@plug.cx mihi dabis, ad caput tuum saxum immane > +61 401 946 813 mittam" > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 11 20:59:51 2001 Delivered-To: freebsd-isp@freebsd.org Received: from cage.simianscience.com (cage.simianscience.com [64.7.134.1]) by hub.freebsd.org (Postfix) with ESMTP id 7393E37B417 for ; Tue, 11 Dec 2001 20:59:48 -0800 (PST) Received: (from root@localhost) by cage.simianscience.com (8.11.6/8.11.6) id fBC4xls00230 for freebsd-isp@freebsd.org; Tue, 11 Dec 2001 23:59:47 -0500 (EST) (envelope-from mike@sentex.net) Received: from chimp.sentex.net (fcage [192.168.0.2]) by cage.simianscience.com (8.11.6/8.11.6av) with ESMTP id fBC4xik00222 for ; Tue, 11 Dec 2001 23:59:45 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <5.1.0.14.0.20011211235821.04368e48@192.168.0.12> X-Sender: mdtancsa@192.168.0.12 X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 11 Dec 2001 23:59:43 -0500 To: freebsd-isp@freebsd.org From: Mike Tancsa Subject: Streaming servers ? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by AMaViS perl-10 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org What are people using for streaming servers on FreeBSD (audio and video). I had a look at the ones listed in the ports, but they are either marked broken, or the authors state they are still in development and are unstable. Are there any stable ones out there ? ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Dec 12 0:14:43 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id 2F45237B416 for ; Wed, 12 Dec 2001 00:14:40 -0800 (PST) Received: from [144.137.118.43] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id sqxdaaaa for ; Wed, 12 Dec 2001 19:14:14 +1100 Message-ID: <3C17120C.4070401@quake.com.au> Date: Wed, 12 Dec 2001 19:15:08 +1100 From: Kal Torak User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.5) Gecko/20011011 X-Accept-Language: en-us MIME-Version: 1.0 To: Diana Eichert Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Router based on FreeBSD. References: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Diana Eichert wrote: > >>>Hes using a 3com 3300 XM switch, so its probably best to stick >>>withe the 3com cards as well... Things made by the same company >>>usualy work best together :) >>> > > Whoa, now that's a leap of faith, many times a vendor has purchased entire > companies and re-badged those products as their own. Also, there can and > most likely will be totally unrelated design teams supporting NIC's and > routers/switches. So there are no guarantee's by staying vendor specific. True enough... I just recall a few years ago a certain set of SMC cards that refused to work with just about anything else... Personaly Iv had some bad experiances with 3com cards as well, like them dissapearing from the system after a reboot and other things... What I really meant was it seems they have all 3com gear, so it was probably all got at the same time so it "should" work ok together.. I dont think that replacing them with Intel cards will solve the problem, but hey it might :) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Dec 12 7:27:39 2001 Delivered-To: freebsd-isp@freebsd.org Received: from infiniteloop.ca (infiniteloop.ca [216.126.86.53]) by hub.freebsd.org (Postfix) with ESMTP id C3EBA37B41E for ; Wed, 12 Dec 2001 07:27:32 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by infiniteloop.ca (Postfix) with ESMTP id A63D2210 for ; Wed, 12 Dec 2001 10:27:31 -0500 (EST) Received: from blake (CPE0050DA7C7E5D.cpe.net.cable.rogers.com [24.101.32.246]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by infiniteloop.ca (Postfix) with ESMTP id E8BA41C8 for ; Wed, 12 Dec 2001 10:27:30 -0500 (EST) From: "Blake Crosby" To: Subject: Who is using swap? Date: Wed, 12 Dec 2001 10:25:25 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Virus-Scanned: by AMaViS snapshot-20010714 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I would like to see which processes are using the swap file (FreeBSD4.4). Is there a port, or command I can run? Both fstat and lsof dont seem to report who is using swap. Blake To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Dec 12 7:29:46 2001 Delivered-To: freebsd-isp@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id 06B1D37B417 for ; Wed, 12 Dec 2001 07:29:42 -0800 (PST) Received: by peitho.fxp.org (Postfix, from userid 1501) id 83AC113651; Wed, 12 Dec 2001 10:29:40 -0500 (EST) Date: Wed, 12 Dec 2001 10:29:40 -0500 From: Chris Faulhaber To: Blake Crosby Cc: freebsd-isp@freebsd.org Subject: Re: Who is using swap? Message-ID: <20011212102940.A97975@peitho.fxp.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: User-Agent: Mutt/1.3.20i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Dec 12, 2001 at 10:25:25AM -0500, Blake Crosby wrote: >=20 >=20 > I would like to see which processes are using the swap file (FreeBSD4.4).= Is > there a port, or command I can run? Both fstat and lsof dont seem to repo= rt > who is using swap. >=20 ps(1) has a few ways to show swapped-out processes. --=20 Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Dec 12 7:34: 2 2001 Delivered-To: freebsd-isp@freebsd.org Received: from infiniteloop.ca (infiniteloop.ca [216.126.86.53]) by hub.freebsd.org (Postfix) with ESMTP id 1BB5037B405 for ; Wed, 12 Dec 2001 07:34:00 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by infiniteloop.ca (Postfix) with ESMTP id A6DC5210 for ; Wed, 12 Dec 2001 10:33:59 -0500 (EST) Received: from blake (CPE0050DA7C7E5D.cpe.net.cable.rogers.com [24.101.32.246]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by infiniteloop.ca (Postfix) with ESMTP id EF27E1C8 for ; Wed, 12 Dec 2001 10:33:58 -0500 (EST) From: "Blake Crosby" To: Subject: Who is using swap? Date: Wed, 12 Dec 2001 10:31:53 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Virus-Scanned: by AMaViS snapshot-20010714 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I would like to see which processes are using the swap file (FreeBSD4.4). Is there a port, or command I can run? Both fstat and lsof dont seem to report who is using swap. Blake To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Dec 12 7:42:18 2001 Delivered-To: freebsd-isp@freebsd.org Received: from infiniteloop.ca (infiniteloop.ca [216.126.86.53]) by hub.freebsd.org (Postfix) with ESMTP id C7E6C37B419 for ; Wed, 12 Dec 2001 07:42:11 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by infiniteloop.ca (Postfix) with ESMTP id 3DCE0213; Wed, 12 Dec 2001 10:42:11 -0500 (EST) Received: from blake (CPE0050DA7C7E5D.cpe.net.cable.rogers.com [24.101.32.246]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by infiniteloop.ca (Postfix) with ESMTP id A1A071C8; Wed, 12 Dec 2001 10:42:10 -0500 (EST) From: "Blake Crosby" To: "Chris Faulhaber" Cc: Subject: RE: Who is using swap? Date: Wed, 12 Dec 2001 10:40:05 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <20011212102940.A97975@peitho.fxp.org> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Virus-Scanned: by AMaViS snapshot-20010714 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I always forget about ps the "W" flag indicates that its been swapped out. I wonder what is freebsd's intention of swapping something: infiniteloop-/usr/ports/sysutils> ps auwx | grep W root 30 0.0 0.0 208 0 ?? IWs - 0:00.00 adjkerntz -i root 473 0.0 0.0 944 0 v0 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv0 root 474 0.0 0.0 944 0 v1 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv1 root 475 0.0 0.0 944 0 v2 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv2 root 476 0.0 0.0 944 0 v3 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv3 root 477 0.0 0.0 944 0 v4 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv4 root 478 0.0 0.0 944 0 v5 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv5 root 479 0.0 0.0 944 0 v6 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv6 root 480 0.0 0.0 944 0 v7 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv7 root 639 0.0 0.0 944 0 d0 IWs+ - 0:00.00 /usr/libexec/getty std.9600 ttyd0 bcrosby 650 0.0 0.0 1444 0 p1 IWs - 0:00.00 /usr/local/bin/tcsh bcrosby 664 0.0 0.0 1444 0 p2 IWs - 0:00.00 /usr/local/bin/tcsh Is there a reason why getty is put in swap, and not memory? > -----Original Message----- > From: Chris Faulhaber [mailto:jedgar@fxp.org] > Sent: December 12, 2001 10:30 AM > To: Blake Crosby > Cc: freebsd-isp@freebsd.org > Subject: Re: Who is using swap? > > > On Wed, Dec 12, 2001 at 10:25:25AM -0500, Blake Crosby wrote: > > > > > > I would like to see which processes are using the swap file > (FreeBSD4.4). Is > > there a port, or command I can run? Both fstat and lsof dont > seem to report > > who is using swap. > > > > ps(1) has a few ways to show swapped-out processes. > > -- > Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org > -------------------------------------------------------- > FreeBSD: The Power To Serve - http://www.FreeBSD.org > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Dec 12 7:46:37 2001 Delivered-To: freebsd-isp@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id 28EAB37B417 for ; Wed, 12 Dec 2001 07:46:35 -0800 (PST) Received: by peitho.fxp.org (Postfix, from userid 1000) id 6B4EF13651; Wed, 12 Dec 2001 10:46:34 -0500 (EST) Date: Wed, 12 Dec 2001 10:46:34 -0500 From: Chris Faulhaber To: Blake Crosby Cc: freebsd-isp@freebsd.org Subject: Re: Who is using swap? Message-ID: <20011212104634.A70011@peitho.fxp.org> References: <20011212102940.A97975@peitho.fxp.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.20i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Dec 12, 2001 at 10:40:05AM -0500, Blake Crosby wrote: > I always forget about ps > > the "W" flag indicates that its been swapped out. I wonder what is freebsd's > intention of swapping something: > > infiniteloop-/usr/ports/sysutils> ps auwx | grep W > root 30 0.0 0.0 208 0 ?? IWs - 0:00.00 adjkerntz -i > root 473 0.0 0.0 944 0 v0 IWs+ - 0:00.00 > /usr/libexec/getty Pc ttyv0 > root 474 0.0 0.0 944 0 v1 IWs+ - 0:00.00 > /usr/libexec/getty Pc ttyv1 ... > > Is there a reason why getty is put in swap, and not memory? > Because they haven't been used for some period of time? Seems reasonable to put processes that are not active to be swapped- out... -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Dec 12 17:54:17 2001 Delivered-To: freebsd-isp@freebsd.org Received: from backup.dagupan.com (www.psysc.org.ph [206.101.69.5]) by hub.freebsd.org (Postfix) with ESMTP id 6360937B405 for ; Wed, 12 Dec 2001 17:54:10 -0800 (PST) Received: by apmail.dagupan.com with Internet Mail Service (5.5.2653.19) id ; Thu, 13 Dec 2001 09:53:35 +0800 Message-ID: <10F29E27A956D511B0940050DA8D86A9340D37@apmail.dagupan.com> From: francisv@dagupan.com To: freebsd-isp@freebsd.org Subject: Linux compatibility inside jail system Date: Thu, 13 Dec 2001 09:53:34 +0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all, Has anyone implemented Linux compatibility inside a jail system? I'm running 4.4-STABLE. --- francis a. vidal [bitstop network services] | http://www.dagupan.com streaming media + web hosting | http://www.keystone.ph v(02)330-2871,(02)330-2872; f(02)330-2873 | http://www.kuro.ph To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Dec 12 19:15:34 2001 Delivered-To: freebsd-isp@freebsd.org Received: from november.debolaz.com (november.debolaz.com [193.71.19.191]) by hub.freebsd.org (Postfix) with ESMTP id B578037B41B for ; Wed, 12 Dec 2001 19:15:32 -0800 (PST) Received: from amphibic.com (november [193.71.19.191]) by november.debolaz.com (Postfix) with SMTP id CA69E136031; Thu, 13 Dec 2001 04:15:26 +0100 (CET) Received: from 62.179.128.205 (proxying for unknown) (SquirrelMail authenticated user debolaz) by www.debolaz.com with HTTP; Thu, 13 Dec 2001 04:15:26 +0100 (CET) Message-ID: <40607.62.179.128.205.1008213326.squirrel@www.debolaz.com> Date: Thu, 13 Dec 2001 04:15:26 +0100 (CET) Subject: Re: Linux compatibility inside jail system From: "Anders Nor Berle" To: In-Reply-To: <10F29E27A956D511B0940050DA8D86A9340D37@apmail.dagupan.com> References: <10F29E27A956D511B0940050DA8D86A9340D37@apmail.dagupan.com> X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal Cc: X-Mailer: SquirrelMail (version 1.2.0 [cvs]) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Yes, and it works wonderfully. :) Its as straight forward as doing it on a nonjail system. > Hi all, > > Has anyone implemented Linux compatibility inside a jail system? I'm running > 4.4-STABLE. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Dec 12 19:29:10 2001 Delivered-To: freebsd-isp@freebsd.org Received: from inter.stack.ru (inter.stack.ru [217.106.127.225]) by hub.freebsd.org (Postfix) with ESMTP id EBCA037B419 for ; Wed, 12 Dec 2001 19:29:03 -0800 (PST) Received: from exch2k.stack.ru (exch2k.stack.ru [217.106.127.210]) by inter.stack.ru (8.11.2/8.11.2) with ESMTP id fBD3SxH58026; Thu, 13 Dec 2001 10:28:59 +0700 (KRAT) Subject: RE: Router based on FreeBSD. MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Date: Thu, 13 Dec 2001 10:28:59 +0700 content-class: urn:content-classes:message Message-ID: X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0 X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Router based on FreeBSD. Thread-Index: AcGCPwVAdVIrhjnPQX+EFOvDirpiMQBRdxaQ From: "Tolpanov, Dmitry" To: "Forrest W. Christian" Cc: Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Duplex modes are the same on NICs and switch ports. As for PING time I can't definitly talk about it. It seems to me that PING time is suitable (but Netsaint send PING ALERT and PING RECOVERY). But transfer speed is very slow in periods of high loading. I'm in confusion: PING time seems to be good but something strange is happening. One the one hand 4 MB/s is not so high loading. On the other hand 3 100 Mb NICs and 2 10 Mb NICs on station may be too many becausee of hardware limits (for exampl=D5, PCI Bus). So the MAIN questions: - What utilities can I use for troubleshooting? (such as systat) - What counters shoud I examine and what does their maximums? When I will now answers I can find bottlenecks? Thanks to allof you for your help. Dmitry. >=20 > One more thing. >=20 > Are you sure you have everything set to the same duplex=20 > setting? This can > also cause the problem. >=20 > On Tue, 11 Dec 2001, Forrest W. Christian wrote: >=20 > > Date: Tue, 11 Dec 2001 05:17:28 -0700 (MST) > > From: Forrest W. Christian > > To: "Tolpanov, Dmitry" > > Cc: Kal Torak , freebsd-isp@FreeBSD.ORG > > Subject: RE: Router based on FreeBSD. > >=20 > > What is the PING TIME Across this router? > >=20 > > I too am skeptical. I can push 4MB/s through a 486/66 box=20 > with ISA cards > > on occasion if everything is right. > >=20 > > On Tue, 11 Dec 2001, Tolpanov, Dmitry wrote: > >=20 > > > Date: Tue, 11 Dec 2001 18:57:29 +0700 > > > From: "Tolpanov, Dmitry" > > > To: Kal Torak > > > Cc: freebsd-isp@FreeBSD.ORG > > > Subject: RE: Router based on FreeBSD. > > >=20 > > > I'm 99 % sure that the bottleneck is router. > > > As for other hardware, router connected to 3Com 3300 XM=20 > which is devided > > > on VLANs. > > > The most loading on two 100 Mb interfaces (backbone=20 > interfaces). Network > > > becomes slow when their loading 4 MB/s on each other (about 5500 > > > interrupts on each, is not this very high), other=20 > interfaces have stable > > > loading and CPU loading is about 50-30 % idle. > > >=20 > > > As for routing table: > > > root[xxx]:/etc/> netstat -rn | wc -l > > > 638 > > >=20 > > > > Tolpanov, Dmitry wrote: > > > > >=20 > > > > >=20 > > > > >I've got a very complex problem so every advice is appreciated. > > > > >I've got a router on 4.3-STABLE FreeBSD. It's got hardware=20 > > > > (in short): > > > > >- Intel Pentium III 500 MHz > > > > >- NIC 3Com 10/100 in 100baseTX > > > > >- NIC 3Com 10/100 in 100baseTX > > > > >- NIC 3Com 10/100 in 100baseTX > > > > >- NIC 3Com 900 Combo 10baseT/UTP > > > > >- NIC 3Com 900 Combo 10baseT/UTP > > > > > > > > > >Sometimes through this router network works slowly and=20 > it is natural > > > > >right thing. Therefore we are going to split router on two. > > > >=20 > > > >=20 > > > > Hmmm when you say slow, how slow are you talking??? And=20 > what kind > > > > of load does this router get? I mean its obviously got=20 > at least 5 > > > > subnets or more, but what kind of loads?? > > > >=20 > > > > When its going slowly what kind of ping times do you=20 > get accross it?? > > > >=20 > > > > Also are you sure its the router thats the bottle neck=20 > here? What kind > > > > of network is it attached to? Hubs, Switches, what=20 > brands are they?? > > > >=20 > > > > The reason I ask is because a P3 500 is a lot faster=20 > than most of the > > > > processors you would find in hardware routers, I dont=20 > see how it could > > > > be noticably slow.. But I dont really know how much traffic=20 > > > > your getting... > > > >=20 > > > >=20 > > > >=20 > > >=20 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-isp" in the body of the message > > >=20 > >=20 > > - Forrest W. Christian (forrestc@imach.com) AC7DE > >=20 > ---------------------------------------------------------------------- > > The Innovation Machine Ltd. =20 > P.O. Box 5749 > > http://www.imach.com/ =20 > Helena, MT 59604 > > Home of PacketFlux Technogies and BackupDNS.com =20 > (406)-442-6648 > >=20 > ---------------------------------------------------------------------- > > Protect your personal freedoms - visit http://www.lp.org/ > >=20 > >=20 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > >=20 >=20 > - Forrest W. Christian (forrestc@imach.com) AC7DE > ---------------------------------------------------------------------- > The Innovation Machine Ltd. P.O. Box 5749 > http://www.imach.com/ Helena, MT 59604 > Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 > ---------------------------------------------------------------------- > Protect your personal freedoms - visit http://www.lp.org/ >=20 >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Dec 12 19:29:16 2001 Delivered-To: freebsd-isp@freebsd.org Received: from november.debolaz.com (november.debolaz.com [193.71.19.191]) by hub.freebsd.org (Postfix) with ESMTP id 3C49B37B419 for ; Wed, 12 Dec 2001 19:29:14 -0800 (PST) Received: from amphibic.com (november [193.71.19.191]) by november.debolaz.com (Postfix) with SMTP id 3C68B136031; Thu, 13 Dec 2001 04:29:13 +0100 (CET) Received: from 62.179.128.205 (proxying for unknown) (SquirrelMail authenticated user debolaz) by www.debolaz.com with HTTP; Thu, 13 Dec 2001 04:29:13 +0100 (CET) Message-ID: <41371.62.179.128.205.1008214153.squirrel@www.debolaz.com> Date: Thu, 13 Dec 2001 04:29:13 +0100 (CET) Subject: RE: Linux compatibility inside jail system From: "Anders Nor Berle" To: In-Reply-To: <10F29E27A956D511B0940050DA8D86A9340D3A@apmail.dagupan.com> References: <10F29E27A956D511B0940050DA8D86A9340D3A@apmail.dagupan.com> X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal Cc: X-Mailer: SquirrelMail (version 1.2.0 [cvs]) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Install the linux_compat module, in the nonjail part of the system, then simply install the port emulators/linux_base-7 (or another if you prefer an older version) inside your jail, and if I recall correctly, that should be about it. > How did you do it? Can you give me the steps? > > Yes, and it works wonderfully. :) Its as straight forward as doing it on a nonjail > system. > >> Hi all, >> >> Has anyone implemented Linux compatibility inside a jail system? I'm >> running 4.4-STABLE. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Dec 12 19:31:25 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pericles.IPAustralia.gov.au (pericles.IPAustralia.gov.au [202.14.186.30]) by hub.freebsd.org (Postfix) with ESMTP id 3E02B37B434 for ; Wed, 12 Dec 2001 19:31:08 -0800 (PST) Received: (from smap@localhost) by pericles.IPAustralia.gov.au (8.11.3/8.11.1) id fBD3V6X63714 for ; Thu, 13 Dec 2001 14:31:06 +1100 (EST) (envelope-from Stanley.Hopcroft@IPAustralia.gov.au) Received: from pc09011.aipo.gov.au(10.0.3.110) by pericles.IPAustralia.gov.au via smap (V2.1) id xma063699; Thu, 13 Dec 01 14:30:48 +1100 Received: (from anwsmh@localhost) by pc09011.aipo.gov.au (8.11.3/8.11.1) id fBD3Umr48609 for isp@FreeBSD.ORG; Thu, 13 Dec 2001 14:30:48 +1100 (EST) (envelope-from anwsmh) Date: Thu, 13 Dec 2001 14:30:48 +1100 From: Stanley Hopcroft To: isp@FreeBSD.ORG Subject: Router based on FreeBSD vs Cisco Router Message-ID: <20011213143046.L48332@IPAustralia.Gov.AU> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dear Ladies and Gentlemen, I am writing with some remarks about the relative merits of a PC (FreeBSD based) router and a hardware/Cisco router. From my limited experience of routers in a medium size government business, it seems to me that one should look very hard at PC based routers rather than hardware, if one wants a very stable and manageable routing platform with a modest number of interfaces. Cisco routers win in my view with exotic/non IETF protocols and (b)leeding edge stuff; they lose as far as stability/maintainability - no user repairable parts (replace the box or at least the main board) and value for money. Measurement/deliverable PC Cisco Notes Flexibility . interfaces + More avail from Cisco . protocols + This is pretty close . integration + eg Snort, argus or ntop . Serial interfaces + Must source 3rd party cards and get them going. Not too bad. Performance NA NA No clear winner (from a non-ISP point of view) Expandability No clear winner. - PC from ethernet mem point of view Value for money + Stability + When Ciscos develop mem problems they reboot; hard to fix. Ease of use . OSPF + Pretty marginal . NAT + . Exotic stuff + ISDN/ATM/OSPF over ISDN . ACL + Again, very close. If you want a modest number of 10/100 ethernet ports - say up to 20 - then you could save both bucks and sweat with a PC based product. Likewise perhaps another good application of a PC router is for redundant internal default gateways (running VRRP) or likewise at the border (with BGP) and a couple of serial cards. If however you want a layer 3 switch, then it seems there is no PC based substitute. Is this generally favourable experience with FreeBSD based PC routers shared by others ? Thank you, Yours sincerely. -- ------------------------------------------------------------------------ Stanley Hopcroft Network Specialist ------------------------------------------------------------------------ '...No man is an island, entire of itself; every man is a piece of the continent, a part of the main. If a clod be washed away by the sea, Europe is the less, as well as if a promontory were, as well as if a manor of thy friend's or of thine own were. Any man's death diminishes me, because I am involved in mankind; and therefore never send to know for whom the bell tolls; it tolls for thee...' from Meditation 17, J Donne. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Dec 12 19:52:26 2001 Delivered-To: freebsd-isp@freebsd.org Received: from november.debolaz.com (november.debolaz.com [193.71.19.191]) by hub.freebsd.org (Postfix) with ESMTP id 5F14437B417 for ; Wed, 12 Dec 2001 19:52:21 -0800 (PST) Received: from amphibic.com (november [193.71.19.191]) by november.debolaz.com (Postfix) with SMTP id 6029F136031; Thu, 13 Dec 2001 04:52:20 +0100 (CET) Received: from 62.179.128.205 (proxying for unknown) (SquirrelMail authenticated user debolaz) by www.debolaz.com with HTTP; Thu, 13 Dec 2001 04:52:20 +0100 (CET) Message-ID: <42555.62.179.128.205.1008215540.squirrel@www.debolaz.com> Date: Thu, 13 Dec 2001 04:52:20 +0100 (CET) Subject: RE: Linux compatibility inside jail system From: "Anders Nor Berle" To: In-Reply-To: <10F29E27A956D511B0940050DA8D86A9340D3C@apmail.dagupan.com> References: <10F29E27A956D511B0940050DA8D86A9340D3C@apmail.dagupan.com> X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal Cc: X-Mailer: SquirrelMail (version 1.2.0 [cvs]) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Yes, when you say that, I recall a little hack is neccesary. Basically, the port wants to do 2 things which cannot be done inside a jail. (1) Set the sysctl "kern.fallback_elf_brand" to 3 (LINUX_ELF) (2) Make a a /dev/null device inside the linux chrooted environment. The first is obvious to accomplish, simply set it outside the jail. Sysctls are global. So to do this, you'd simply write: sysctl -w kern.fallback_elf_brand=3 Then, you comment out this code in the linux_base-7 Makefile, which I believe is located at line 136 and 150. The second is slightly more tricky, but shouldnt be any problem. make a directory called /compat/linux/dev inside the jail, chdir to it and write: mknod null c 2 2 Then, comment out this too in your Makefile (Line 130). Then, try installing it again and tell me how it works. :) > I think I already have linux_compat -- how do I install it from inside the jail? I've > tried it but it complained about mknod not being able to access something... > >> Install the linux_compat module, in the nonjail part of the system, then simply >> install the port emulators/linux_base-7 (or another if you prefer an older version) >> inside your jail, and if I recall correctly, that should be about it. >> >>> How did you do it? Can you give me the steps? >>> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Dec 12 22:30:55 2001 Delivered-To: freebsd-isp@freebsd.org Received: from merlin.bogen.org (adsl-216-103-84-120.dsl.snfc21.pacbell.net [216.103.84.120]) by hub.freebsd.org (Postfix) with ESMTP id 332EE37B416 for ; Wed, 12 Dec 2001 22:30:53 -0800 (PST) Received: from bogen.org (jewelcave.bogen.org [172.16.1.2]) by merlin.bogen.org (8.11.5/8.11.2) with ESMTP id fBD6Ukj04669; Wed, 12 Dec 2001 22:30:46 -0800 (PST) (envelope-from db@bogen.org) Message-ID: <3C184B15.3040906@bogen.org> Date: Wed, 12 Dec 2001 22:30:45 -0800 From: David Bogen User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.4) Gecko/20011009 X-Accept-Language: en-us MIME-Version: 1.0 To: Mike Tancsa Cc: freebsd-isp@freebsd.org Subject: Re: Streaming servers ? References: <5.1.0.14.0.20011211235821.04368e48@192.168.0.12> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org When I worked at a streaming media company, we used the Darwin Streaming Server from Apple in some test environments. While the server compiled easily and worked well, the quicktime codecs and encoders (all of which were non-FreeBSD based) left something to be desired. Mike Tancsa wrote: > What are people using for streaming servers on FreeBSD (audio and > video). I had a look at the ones listed in the ports, but they are > either marked broken, or the authors state they are still in development > and are unstable. Are there any stable ones out there ? > > ---Mike > -------------------------------------------------------------------- > Mike Tancsa, tel +1 519 651 3400 > Sentex Communications, mike@sentex.net > Providing Internet since 1994 www.sentex.net > Cambridge, Ontario Canada www.sentex.net/mike > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Dec 12 22:40:38 2001 Delivered-To: freebsd-isp@freebsd.org Received: from backup.dagupan.com (www.psysc.org.ph [206.101.69.5]) by hub.freebsd.org (Postfix) with ESMTP id F3C5C37B416 for ; Wed, 12 Dec 2001 22:40:34 -0800 (PST) Received: by apmail.dagupan.com with Internet Mail Service (5.5.2653.19) id ; Thu, 13 Dec 2001 14:40:38 +0800 Message-ID: <10F29E27A956D511B0940050DA8D86A9340D46@apmail.dagupan.com> From: francisv@dagupan.com To: debolaz@debolaz.com Cc: freebsd-isp@freebsd.org Subject: RE: Linux compatibility inside jail system Date: Thu, 13 Dec 2001 14:40:38 +0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'll try it out later. Thanks Anders! -----Original Message----- From: Anders Nor Berle [mailto:debolaz@debolaz.com] Sent: Thursday, December 13, 2001 11:52 AM To: francisv@dagupan.com Cc: freebsd-isp@freebsd.org Subject: RE: Linux compatibility inside jail system Yes, when you say that, I recall a little hack is neccesary. Basically, the port wants to do 2 things which cannot be done inside a jail. (1) Set the sysctl "kern.fallback_elf_brand" to 3 (LINUX_ELF) (2) Make a a /dev/null device inside the linux chrooted environment. The first is obvious to accomplish, simply set it outside the jail. Sysctls are global. So to do this, you'd simply write: sysctl -w kern.fallback_elf_brand=3 Then, you comment out this code in the linux_base-7 Makefile, which I believe is located at line 136 and 150. The second is slightly more tricky, but shouldnt be any problem. make a directory called /compat/linux/dev inside the jail, chdir to it and write: mknod null c 2 2 Then, comment out this too in your Makefile (Line 130). Then, try installing it again and tell me how it works. :) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Dec 13 0:58:20 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.riic.uni-linz.ac.at (mail.riic.uni-linz.ac.at [140.78.161.130]) by hub.freebsd.org (Postfix) with ESMTP id 19D0937B416 for ; Thu, 13 Dec 2001 00:58:15 -0800 (PST) Received: from hawkings.riic.uni-linz.ac.at (hawkings.riic.uni-linz.ac.at [140.78.161.239]) by mail.riic.uni-linz.ac.at (8.9.3/8.9.3) with ESMTP id JAA16765; Thu, 13 Dec 2001 09:48:41 +0100 Message-Id: <5.1.0.14.0.20011213093847.00aba420@postoffice.riic.at> X-Sender: hueber@postoffice.riic.at X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 13 Dec 2001 09:49:06 +0100 To: CL1787@aol.com From: Gernot Hueber Subject: Re: Router based on FreeBSD. Cc: isp@FreeBSD.ORG In-Reply-To: <87.148e2405.2947f3f1@aol.com> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, You claim the 3Coms are no good choice for FBSD. I have always been very= satisfied with 3Com905B devices. And a quick search did not reveal any major problems with the 3com cards. Pls, can you explain the problem in more detail or direct me to more= detailed information (how to avoid impacts with STATS ...) Thank you Gernot Hueber At 18:42 11.12.2001 -0500, CL1787@aol.com wrote: >In a message dated 12/11/2001 6:57:50 AM Eastern Standard Time,= tdn@stack.ru=20 >writes: > >> I'm 99 % sure that the bottleneck is router. >> As for other hardware, router connected to 3Com 3300 XM which is devided >> on VLANs. >> The most loading on two 100 Mb interfaces (backbone interfaces). Network >> becomes slow when their loading 4 MB/s on each other (about 5500 >> interrupts on each, is not this very high), other interfaces have stable >> loading and CPU loading is about 50-30 % idle. >> =20 >> As for routing table: >> root[xxx]:/etc/> netstat -rn | wc -l >> 638 >> =20 >> > Tolpanov, Dmitry wrote: >> > >=20 >> > >=20 >> > >I've got a very complex problem so every advice is appreciated. >> > >I've got a router on 4.3-STABLE FreeBSD. It's got hardware=20 >> > (in short): >> > >- Intel Pentium III 500 MHz >> > >- NIC 3Com 10/100 in 100baseTX >> > >- NIC 3Com 10/100 in 100baseTX >> > >- NIC 3Com 10/100 in 100baseTX >> > >- NIC 3Com 900 Combo 10baseT/UTP >> > >- NIC 3Com 900 Combo 10baseT/UTP >> =20 > >First of all, 3coms are the wrong choice in FreeBSD. One issue is that you= =20 >have 5 devices on your bus (which will seriously slow the bus by creating= bus=20 >contention), and there are also serious problems with the 3COM driver. At= =20 >minimum you'll want to disable "stats"...with a lot of traffic the stats=20 >counters overflow regularly and cause serious overhead. At high speeds it= =20 >will actually take over the machine...comment out the line that sets=20 >XL_CMD_STATS_ENABLE and see what happens. You dont need them...STATS is a= =20 >"neat" feature that has no place in a serious router. > >Also, the 900 is less efficient than the 900B...but I dont know by how= much. > >DB > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message Dipl.-Ing. Gernot Hueber Institut f=FCr Integrierte Schaltungen Freist=E4dter Strasse 315/2 A-4040 Linz Tel: +43 732 2468-7118, Fax: -7126 E-mail: hueber@riic.at To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Dec 13 7:30: 6 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pitr.tuxinternet.com (pitr.tuxinternet.com [208.32.175.113]) by hub.freebsd.org (Postfix) with ESMTP id 02C0737B417 for ; Thu, 13 Dec 2001 07:29:56 -0800 (PST) Received: (from hugme@localhost) by pitr.tuxinternet.com (8.11.0/8.11.0) id fBDFYAn63969 for freebsd-isp@freebsd.org; Thu, 13 Dec 2001 10:34:10 -0500 (EST) (envelope-from hugme) Date: Thu, 13 Dec 2001 10:34:10 -0500 From: Hug Me To: freebsd-isp@freebsd.org Subject: Re: Router based on FreeBSD. Message-ID: <20011213103341.O54507@pitr.tuxinternet.com> References: <87.148e2405.2947f3f1@aol.com> <5.1.0.14.0.20011213093847.00aba420@postoffice.riic.at> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <5.1.0.14.0.20011213093847.00aba420@postoffice.riic.at>; from hueber@riic.at on Thu, Dec 13, 2001 at 09:49:06AM +0100 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I was having pretty much the same problem with my router... turned out the main problem was the pci controler in the motherboard couldn't handle the bandwidth. it was running on a 486-120 and I moved it up to a K6-2-400 but the big difference was the motherboard. also I have had problems when plugging 10/100 full duplex cards into anything that is only 10. my transfer rates drop to less than if I was using a modem when I put any pressure on the card. that is just what I discovered on my own netoerk. On Thu, Dec 13, 2001 at 09:49:06AM +0100, Gernot Hueber wrote: > Hi, > > You claim the 3Coms are no good choice for FBSD. I have always been very satisfied > with 3Com905B devices. > And a quick search did not reveal any major problems with the 3com cards. > > Pls, can you explain the problem in more detail or direct me to more detailed > information (how to avoid impacts with STATS ...) > > Thank you > > Gernot Hueber > > At 18:42 11.12.2001 -0500, CL1787@aol.com wrote: > >In a message dated 12/11/2001 6:57:50 AM Eastern Standard Time, tdn@stack.ru > >writes: > > > >> I'm 99 % sure that the bottleneck is router. > >> As for other hardware, router connected to 3Com 3300 XM which is devided > >> on VLANs. > >> The most loading on two 100 Mb interfaces (backbone interfaces). Network > >> becomes slow when their loading 4 MB/s on each other (about 5500 > >> interrupts on each, is not this very high), other interfaces have stable > >> loading and CPU loading is about 50-30 % idle. > >> > >> As for routing table: > >> root[xxx]:/etc/> netstat -rn | wc -l > >> 638 > >> > >> > Tolpanov, Dmitry wrote: > >> > > > >> > > > >> > >I've got a very complex problem so every advice is appreciated. > >> > >I've got a router on 4.3-STABLE FreeBSD. It's got hardware > >> > (in short): > >> > >- Intel Pentium III 500 MHz > >> > >- NIC 3Com 10/100 in 100baseTX > >> > >- NIC 3Com 10/100 in 100baseTX > >> > >- NIC 3Com 10/100 in 100baseTX > >> > >- NIC 3Com 900 Combo 10baseT/UTP > >> > >- NIC 3Com 900 Combo 10baseT/UTP > >> > > > >First of all, 3coms are the wrong choice in FreeBSD. One issue is that you > >have 5 devices on your bus (which will seriously slow the bus by creating bus > >contention), and there are also serious problems with the 3COM driver. At > >minimum you'll want to disable "stats"...with a lot of traffic the stats > >counters overflow regularly and cause serious overhead. At high speeds it > >will actually take over the machine...comment out the line that sets > >XL_CMD_STATS_ENABLE and see what happens. You dont need them...STATS is a > >"neat" feature that has no place in a serious router. > > > >Also, the 900 is less efficient than the 900B...but I dont know by how much. > > > >DB > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-isp" in the body of the message > > Dipl.-Ing. Gernot Hueber > Institut für Integrierte Schaltungen > Freistädter Strasse 315/2 > A-4040 Linz > > Tel: +43 732 2468-7118, Fax: -7126 > E-mail: hueber@riic.at > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message -- ************************************************* hugme hugme@hugme.org http://www.hugme.org http://www.atlantacon.org PGP Public key: http://www.hugme.org/mykey.pgp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Dec 13 7:50:21 2001 Delivered-To: freebsd-isp@freebsd.org Received: from norad.inetu.net (norad.inetu.net [209.235.223.59]) by hub.freebsd.org (Postfix) with ESMTP id CB68637B405 for ; Thu, 13 Dec 2001 07:50:15 -0800 (PST) Received: from localhost (maxiter@localhost) by norad.inetu.net (8.9.3/8.9.3) with ESMTP id KAA20597 for ; Thu, 13 Dec 2001 10:50:14 -0500 (EST) Date: Thu, 13 Dec 2001 10:50:14 -0500 (EST) From: Mark To: freebsd-isp@freebsd.org Subject: network issue Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Although this is not directly a FreeBSD issue, I pose this question here knowing this group has run across lots of unique issues. We have a pair of 7200 routers connected to a Catalyst 6509. To the Cat are connected about a dozen Bay/Nortel switches (303, 310, 350s). The issue we have looks most like an arp-related (poison, or flood?) issue. It has occured without warning twice in one day (about 18 hours apart). None of the devices on our nework showed traffic spikes or other suspicous activity. Best as I can tell, all devices connected to the same switch can still reach each other, but connectivity between switches is not consistant. Some devices may be able to reach all other devices. For example: Server A is on switch 1, server B and C are on switch 2. When the problem occurs, B and C can still talk, but A can only talk to B, NOT C. However, a fourth server D on another switch, can continue to reach all devices (???). Both times the problem has come up, the connectivity issues appearted to be exactly the same (???), but this is based on a smaller sampling of data. Resetting the ethernet module on the cat (which the Bays are connected to) resolves the problem. None of our servers or monitoring boxes have reported suspicious ARP activity (such as moving or changing ARPs). Unfortunately, I don't know to much about what has happened, so I can't be more specific. However, any suggestions to tools (already using snort, just setup argus) I can use to monitor or suggestions as to potential cause would be greatly appreciated. I'll entertain any option. TIA! --------------------------------------------------- Mark Rekai - INetU, Inc.(tm) - http://www.INetU.net Electronic commerce - Web development - Web hosting Mark@INetU.net - Phone: (610) 266-7441 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Dec 13 8: 6:58 2001 Delivered-To: freebsd-isp@freebsd.org Received: from web20108.mail.yahoo.com (web20108.mail.yahoo.com [216.136.226.45]) by hub.freebsd.org (Postfix) with SMTP id C4E3337B405 for ; Thu, 13 Dec 2001 08:06:54 -0800 (PST) Message-ID: <20011213160654.81416.qmail@web20108.mail.yahoo.com> Received: from [195.223.20.71] by web20108.mail.yahoo.com via HTTP; Thu, 13 Dec 2001 17:06:54 CET Date: Thu, 13 Dec 2001 17:06:54 +0100 (CET) From: =?iso-8859-1?q?Fabrizio=20Ravazzini?= Subject: Ipf & Bridging ??? To: freebsd-isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello all I've done a bridge between Internet and my DMZ: Internet | | Cisco Router | | |rl0 FreeBSD 4.3 Bridge |rl1 | HUB----DMZ The bridge works very well,for example from the DMZ the servers in it can "see" Internet and from internet I can "see" the servers in the DMZ(Public Ip's). The problem is with ipf. If for example we put a simple rule in /etc/ipf.rules like this: block in quick on rl0 in order to block all the traffic going to the DMZ it happens that packets originated from internet they by-pass my bridge/firewall! If you ping for example the bridge they are blocked but if you ping a machine in the dmz it responds! arghhh.. I tried to put the rules for the bridge founded in the Ipfilter based firewalls howto but they didn't work. Any Idea? Isn't ipfilter supported under freebsd? Have I to use ipfw? Many thanks all bye ______________________________________________________________________ Iscriviti al Meglio della Settimana, la newsletter di Yahoo! Per saperne di più vai alla pagina: http://buongiorno.yahoo.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Dec 13 8:26:35 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.day-light.net (dle.day-light.net [64.37.72.2]) by hub.freebsd.org (Postfix) with ESMTP id 4BCDA37B416 for ; Thu, 13 Dec 2001 08:26:29 -0800 (PST) Received: from w1 (118-203.bestdsl.net [216.162.118.203]) by mail.day-light.net (Postfix) with SMTP id 20DE543E52 for ; Thu, 13 Dec 2001 10:26:27 -0600 (CST) Reply-To: From: "John Brooks" To: Subject: RE: Ipf & Bridging ??? Date: Thu, 13 Dec 2001 10:25:15 -0600 Message-ID: <000801c183f2$c1a317e0$1505010a@daylight.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <20011213160654.81416.qmail@web20108.mail.yahoo.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Did you reload the ruleset and flush out the old rules? the default setting is to pass all. ipf -Fa -f /path/to/rules/ipf.rules -E Another thing to check would be if you enabled ipf with a kernel recompile, it's not turned on in the default kernel. Then check if you enabled ipf in /etc/rc.conf? ipfilter_enable="YES" Also remember that in ipf the LAST matching rule wins, so if your blocking rule is at the end of the ruleset and you have a pass rule with the "quick" keyword before it that matches the packet will never reach the blocking rule. HTH -- John Brooks Email: john@stlbsd.org -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Fabrizio Ravazzini Sent: Thursday, December 13, 2001 10:07 AM To: freebsd-isp@freebsd.org Subject: Ipf & Bridging ??? Hello all I've done a bridge between Internet and my DMZ: Internet | | Cisco Router | | |rl0 FreeBSD 4.3 Bridge |rl1 | HUB----DMZ The bridge works very well,for example from the DMZ the servers in it can "see" Internet and from internet I can "see" the servers in the DMZ(Public Ip's). The problem is with ipf. If for example we put a simple rule in /etc/ipf.rules like this: block in quick on rl0 in order to block all the traffic going to the DMZ it happens that packets originated from internet they by-pass my bridge/firewall! If you ping for example the bridge they are blocked but if you ping a machine in the dmz it responds! arghhh.. I tried to put the rules for the bridge founded in the Ipfilter based firewalls howto but they didn't work. Any Idea? Isn't ipfilter supported under freebsd? Have I to use ipfw? Many thanks all bye To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Dec 13 8:48: 6 2001 Delivered-To: freebsd-isp@freebsd.org Received: from web20102.mail.yahoo.com (web20102.mail.yahoo.com [216.136.226.39]) by hub.freebsd.org (Postfix) with SMTP id 1100237B405 for ; Thu, 13 Dec 2001 08:48:01 -0800 (PST) Message-ID: <20011213164800.67963.qmail@web20102.mail.yahoo.com> Received: from [195.223.20.71] by web20102.mail.yahoo.com via HTTP; Thu, 13 Dec 2001 17:48:00 CET Date: Thu, 13 Dec 2001 17:48:00 +0100 (CET) From: =?iso-8859-1?q?Fabrizio=20Ravazzini?= Subject: RE: Ipf & Bridging ??? To: john@day-light.com Cc: freebsd-isp@freebsd.org In-Reply-To: <000501c183f2$4c5ef3a0$1505010a@daylight.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org hello thanks for the help, ipf is installed in the kernel i compiled, options IPFILTER options IPFILTER_LOG There's also the ipfiletr_enable="YES" in my rc.conf in /etc/ipf.rules: pass in all pass out all block in quick on rl0 from any to any then if I digit: ipf -Fa -f /path/to/rules/ipf.rules -E I have the output: IP Filter:already initialized IP Filter:already initialized But there is still the problem, can you help me? --- John Brooks ha scritto: > Did you reload the ruleset and flush out the old > rules? the default > setting is to pass all. > > ipf -Fa -f /path/to/rules/ipf.rules -E > > Another thing to check would be if you enabled ipf > with a kernel > recompile, it's not turned on in the default kernel. > > Then check if you enabled ipf in /etc/rc.conf? > > ipfilter_enable="YES" > > Also remember that in ipf the LAST matching rule > wins, so if your > blocking rule is at the end of the ruleset and you > have a pass rule with > the "quick" keyword before it that matches the > packet will never reach > the blocking rule. > > HTH > > -- > John Brooks > Email: john@stlbsd.org > > > > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of > Fabrizio Ravazzini > Sent: Thursday, December 13, 2001 10:07 AM > To: freebsd-isp@freebsd.org > Subject: Ipf & Bridging ??? > > > Hello all I've done a bridge between Internet and my > DMZ: > Internet > | > | > Cisco Router > | > | > |rl0 > FreeBSD 4.3 > Bridge > |rl1 > | > HUB----DMZ > > The bridge works very well,for example from the DMZ > the servers in it can "see" Internet and from > internet > I can "see" the servers in the DMZ(Public Ip's). > The problem is with ipf. > If for example we put a simple rule in > /etc/ipf.rules > like this: > block in quick on rl0 > > in order to block all the traffic going to the DMZ > it > happens that packets originated from internet they > by-pass my bridge/firewall! > If you ping for example the bridge they are blocked > but if you ping a machine in the dmz it responds! > arghhh.. > I tried to put the rules for the bridge founded in > the > Ipfilter based firewalls howto but they didn't work. > Any Idea? > Isn't ipfilter supported under freebsd? > Have I to use ipfw? > Many thanks all > bye > > > ______________________________________________________________________ > ______________________________________________________________________ Iscriviti al Meglio della Settimana, la newsletter di Yahoo! Per saperne di più vai alla pagina: http://buongiorno.yahoo.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Dec 13 9: 1:45 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.isppro.net (mail.isppro.net [196.40.37.88]) by hub.freebsd.org (Postfix) with ESMTP id 864A137B509 for ; Thu, 13 Dec 2001 09:01:16 -0800 (PST) Received: (from root@localhost) by mail.isppro.net (8.11.6/8.11.5) id fBDH4KI10620; Thu, 13 Dec 2001 11:04:20 -0600 (CST) Received: from localhost (jimmy@localhost) by mail.isppro.net (8.11.6/8.11.5av) with ESMTP id fBDH4D910612; Thu, 13 Dec 2001 11:04:15 -0600 (CST) X-Authentication-Warning: mail.isppro.net: jimmy owned process doing -bs Date: Thu, 13 Dec 2001 11:04:13 -0600 (CST) From: Jimmy To: Andrew Reid , , Subject: Re: Backup solutions In-Reply-To: Message-ID: <20011213102519.B9907-100000@mail.isppro.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 11 Dec 2001, Gary D. Margiotta wrote: > I'll second the Amanda suggestion. It takes a little practice and > determination, but once it's set up it runs quite beautifully. We've got > a mix of 25+ Sun/FreeBSD servers backing up to a single FreeBSD box with a > DDS-4 (great compression), and it never complains. We've even gotten it > working with a Sun StorEdge L1000 using the loader mechanism, and it's > wonderful compared to the $10k+ Veritas solution our vendor wanted... ;) > I am sorry for my ignorance on this, but I am curious of Amanda. I have a Tape Backup Unit which is a SCSI "Python 03812-XXX" de Sun Microsystems. Till now I make manual backup of 4 servers on that single tape wich is atached to a PC - FreeBSD System. The question is, can I make backups on that single Tape of all the 4 servers? Can Amanda make tasks queues? I am giving a look to the web page of that project and I see it works on systems with more than one single tape. Well, may be what I am asking makes not sense ... I am sorry. --JImmy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Dec 13 9:18:51 2001 Delivered-To: freebsd-isp@freebsd.org Received: from thud.tbe.net (thud.tbe.net [209.123.109.174]) by hub.freebsd.org (Postfix) with ESMTP id 9EEA937B419 for ; Thu, 13 Dec 2001 09:18:26 -0800 (PST) Received: by thud.tbe.net (Postfix, from userid 1001) id DEEBF1C942E; Thu, 13 Dec 2001 12:15:26 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by thud.tbe.net (Postfix) with ESMTP id D6F8CDCE83; Thu, 13 Dec 2001 12:15:26 -0500 (EST) Date: Thu, 13 Dec 2001 12:15:26 -0500 (EST) From: "Gary D. Margiotta" To: Jimmy Cc: Andrew Reid , francisv@dagupan.com, freebsd-isp@freebsd.org Subject: Re: Backup solutions In-Reply-To: <20011213102519.B9907-100000@mail.isppro.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm not sure what you mean by tasks queues, but as for the all machines questions, as long as the tape is large anough to hold the data you are backing up, then yes. We do full level 0 dumps of each machine on our network every night. Yeah, you could argue the full dumps aren't necessary, but it's easier for us to get everything all at once. Amanda can back up entire disk partitions from any machine you choose, and if you list all the partitions from each of the machines, then you will have all of them on tape. Amanda can run in parallel mode, it tells the machines to send their data, and whatever data comes in that cannot yet get written to tape (either the drive is busy with another backup already, or all the partitions aren't there yet), it gets written to the holding disk, and then gets put onto tape when ready, so I hope that addresses your question about queues. -Gary "Complexity breeds bugs. Bugs prevent adoption, lack of adoption results in death. Death not good." On Thu, 13 Dec 2001, Jimmy wrote: > On Tue, 11 Dec 2001, Gary D. Margiotta wrote: > > > I'll second the Amanda suggestion. It takes a little practice and > > determination, but once it's set up it runs quite beautifully. We've got > > a mix of 25+ Sun/FreeBSD servers backing up to a single FreeBSD box with a > > DDS-4 (great compression), and it never complains. We've even gotten it > > working with a Sun StorEdge L1000 using the loader mechanism, and it's > > wonderful compared to the $10k+ Veritas solution our vendor wanted... ;) > > > > I am sorry for my ignorance on this, but I am curious of Amanda. I have a > Tape Backup Unit which is a SCSI "Python 03812-XXX" de Sun Microsystems. > Till now I make manual backup of 4 servers on that single tape wich is > atached to a PC - FreeBSD System. The question is, can I make backups on > that single Tape of all the 4 servers? Can Amanda make tasks queues? > I am giving a look to the web page of that project and I see it works on > systems with more than one single tape. > > Well, may be what I am asking makes not sense ... I am sorry. > > --JImmy > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Dec 13 9:30:56 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.day-light.net (dle.day-light.net [64.37.72.2]) by hub.freebsd.org (Postfix) with ESMTP id 61B3E37B405 for ; Thu, 13 Dec 2001 09:30:53 -0800 (PST) Received: from w1 (118-203.bestdsl.net [216.162.118.203]) by mail.day-light.net (Postfix) with SMTP id A097743E52; Thu, 13 Dec 2001 11:30:52 -0600 (CST) Reply-To: From: "John Brooks" To: "'Fabrizio Ravazzini'" Cc: Subject: RE: Ipf & Bridging ??? Date: Thu, 13 Dec 2001 11:28:16 -0600 Message-ID: <000901c183fb$9108fd80$1505010a@daylight.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <20011213164800.67963.qmail@web20102.mail.yahoo.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Some items to check Are you positive that rl0 is on the internet side? Is that your entire ruleset? it would help to see all the rules and their order Did you also flush out the state table? there may be previously allowed connections bypassing the new rules - run: ipf -FS What does /var/log/ipflog show? (assuming default location) Add the keyword "log" to all rules then run: ipf -Fa -f /path/to/rules/ipf.rules -E tail -f /path/to/logfile/ipflog You should be able to see each new log entry as it occurs Run: dmesg | grep "IP Filter" (you should get a response) Run: ipfstat -hion (shows activity per rule) Run: ifconfig -a (confirm your nics) Is this a new box? Is this box currently in use? Have you ever had ipf running on this box before? So many questions... -- John Brooks Email: john@stlbsd.org -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Fabrizio Ravazzini Sent: Thursday, December 13, 2001 10:48 AM To: john@day-light.com Cc: freebsd-isp@freebsd.org Subject: RE: Ipf & Bridging ??? hello thanks for the help, ipf is installed in the kernel i compiled, options IPFILTER options IPFILTER_LOG There's also the ipfiletr_enable="YES" in my rc.conf in /etc/ipf.rules: pass in all pass out all block in quick on rl0 from any to any then if I digit: ipf -Fa -f /path/to/rules/ipf.rules -E I have the output: IP Filter:already initialized IP Filter:already initialized But there is still the problem, can you help me? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Dec 13 10:14:59 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.isppro.net (mail.isppro.net [196.40.37.88]) by hub.freebsd.org (Postfix) with ESMTP id E697237B405 for ; Thu, 13 Dec 2001 10:14:52 -0800 (PST) Received: (from root@localhost) by mail.isppro.net (8.11.6/8.11.5) id fBDII2W11391; Thu, 13 Dec 2001 12:18:02 -0600 (CST) Received: from localhost (jimmy@localhost) by mail.isppro.net (8.11.6/8.11.5av) with ESMTP id fBDII1611383; Thu, 13 Dec 2001 12:18:01 -0600 (CST) X-Authentication-Warning: mail.isppro.net: jimmy owned process doing -bs Date: Thu, 13 Dec 2001 12:18:01 -0600 (CST) From: Jimmy To: "Gary D. Margiotta" Cc: Subject: Re: Backup solutions In-Reply-To: Message-ID: <20011213121515.C9907-100000@mail.isppro.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org [ ... ] > Amanda can run in parallel mode, it tells the machines to send their > data, and whatever data comes in that cannot yet get written to tape > (either the drive is busy with another backup already, or all the > partitions aren't there yet), it gets written to the holding disk, and > then gets put onto tape when ready, so I hope that addresses your question > about queues. > Yes, Gary this is the info that I was needing. Thank You very much for your clear answer. I will see Amanda in more detail to see if I can get that works also for me :). --JImmy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Dec 13 18: 1:32 2001 Delivered-To: freebsd-isp@freebsd.org Received: from backup.dagupan.com (www.psysc.org.ph [206.101.69.5]) by hub.freebsd.org (Postfix) with ESMTP id B670637B417 for ; Thu, 13 Dec 2001 18:01:27 -0800 (PST) Received: by apmail.dagupan.com with Internet Mail Service (5.5.2653.19) id ; Fri, 14 Dec 2001 10:01:23 +0800 Message-ID: <10F29E27A956D511B0940050DA8D86A9340D5C@apmail.dagupan.com> From: francisv@dagupan.com To: freebsd-isp@freebsd.org Subject: tcp-wrapper applications Date: Fri, 14 Dec 2001 10:01:22 +0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all, Do I still need /etc/inetd.conf to run tcp-wrapped applications in order to use /etc/hosts.allow? --- francis a. vidal [bitstop network services] | http://www.dagupan.com streaming media + web hosting | http://www.keystone.ph v(02)330-2871,(02)330-2872; f(02)330-2873 | http://www.kuro.ph To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Dec 13 18:17:10 2001 Delivered-To: freebsd-isp@freebsd.org Received: from leaf.lumiere.net (leaf.lumiere.net [208.44.192.100]) by hub.freebsd.org (Postfix) with ESMTP id 4017A37B419 for ; Thu, 13 Dec 2001 18:17:08 -0800 (PST) Received: by leaf.lumiere.net (Postfix, from userid 1082) id 19127CD13; Thu, 13 Dec 2001 18:17:08 -0800 (PST) Date: Thu, 13 Dec 2001 18:17:08 -0800 From: Derrick John Klise To: francisv@dagupan.com Cc: freebsd-isp@freebsd.org Subject: Re: tcp-wrapper applications Message-ID: <20011213181708.A39897@leaf.lumiere.net> References: <10F29E27A956D511B0940050DA8D86A9340D5C@apmail.dagupan.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <10F29E27A956D511B0940050DA8D86A9340D5C@apmail.dagupan.com>; from francisv@dagupan.com on Fri, Dec 14, 2001 at 10:01:22AM +0800 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Dec 14, 2001 at 10:01:22AM +0800, francisv@dagupan.com wrote: > Hi all, > > Do I still need /etc/inetd.conf to run tcp-wrapped applications in order to > use /etc/hosts.allow? Do an `ldd program` on the program that you want to use, if it reports that it's using "libwrap.so.3" or something of the like, it will use the tcp wrappers library (and hosts.allow). -- Derrick John Klise "I went into a general store, and they wouldn't sell me anything specific". -- Steven Wright To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Dec 13 18:25: 7 2001 Delivered-To: freebsd-isp@freebsd.org Received: from leaf.lumiere.net (leaf.lumiere.net [208.44.192.100]) by hub.freebsd.org (Postfix) with ESMTP id 0C5AB37B41C for ; Thu, 13 Dec 2001 18:25:05 -0800 (PST) Received: by leaf.lumiere.net (Postfix, from userid 1082) id DC7CBCD1B; Thu, 13 Dec 2001 18:25:04 -0800 (PST) Date: Thu, 13 Dec 2001 18:25:04 -0800 From: Derrick John Klise To: Fabrizio Ravazzini Cc: freebsd-isp@freebsd.org Subject: Re: Ipf & Bridging ??? Message-ID: <20011213182504.B39897@leaf.lumiere.net> References: <20011213160654.81416.qmail@web20108.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <20011213160654.81416.qmail@web20108.mail.yahoo.com>; from freefabri@yahoo.it on Thu, Dec 13, 2001 at 05:06:54PM +0100 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org From the FreeBSD section of the IPF FAQ: (http://coombs.anu.edu.au/ipfilter/faq/IPFfreebsd.html#1) Q. I'm having problems with bridging and FreeBSD. A. IPF does not yet support Bridging on FreeBSD, only OpenBSD... however Darren [Reed] plans on implementing this soon. On Thu, Dec 13, 2001 at 05:06:54PM +0100, Fabrizio Ravazzini wrote: > Hello all I've done a bridge between Internet and my > DMZ: > Internet > | > | > Cisco Router > | > | > |rl0 > FreeBSD 4.3 > Bridge > |rl1 > | > HUB----DMZ > > The bridge works very well,for example from the DMZ > the servers in it can "see" Internet and from internet > I can "see" the servers in the DMZ(Public Ip's). > The problem is with ipf. > If for example we put a simple rule in /etc/ipf.rules > like this: > block in quick on rl0 > > in order to block all the traffic going to the DMZ it > happens that packets originated from internet they > by-pass my bridge/firewall! > If you ping for example the bridge they are blocked > but if you ping a machine in the dmz it responds! > arghhh.. > I tried to put the rules for the bridge founded in the > Ipfilter based firewalls howto but they didn't work. > Any Idea? > Isn't ipfilter supported under freebsd? > Have I to use ipfw? > Many thanks all > bye > > > ______________________________________________________________________ > > Iscriviti al Meglio della Settimana, la newsletter di Yahoo! > Per saperne di più vai alla pagina: http://buongiorno.yahoo.it > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message -- Derrick John Klise "I went into a general store, and they wouldn't sell me anything specific". -- Steven Wright To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Dec 14 1:53:52 2001 Delivered-To: freebsd-isp@freebsd.org Received: from web20108.mail.yahoo.com (web20108.mail.yahoo.com [216.136.226.45]) by hub.freebsd.org (Postfix) with SMTP id 2FF9637B416 for ; Fri, 14 Dec 2001 01:53:47 -0800 (PST) Message-ID: <20011214095346.81911.qmail@web20108.mail.yahoo.com> Received: from [195.223.20.71] by web20108.mail.yahoo.com via HTTP; Fri, 14 Dec 2001 10:53:46 CET Date: Fri, 14 Dec 2001 10:53:46 +0100 (CET) From: =?iso-8859-1?q?Fabrizio=20Ravazzini?= Subject: RE: Ipf & Bridging ??? To: john@day-light.com Cc: freebsd-isp@freebsd.org In-Reply-To: <000901c183fb$9108fd80$1505010a@daylight.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thanks again for help, so, I tried with only that rule to see if the firewall blocks everithing, then I'll make all the other rules. The rl0 is on the outside,connected to the router, I'll try with the commands you gave me, but I've also read this: From the FreeBSD section of the IPF FAQ: (http://coombs.anu.edu.au/ipfilter/faq/IPFfreebsd.html#1) in it it's written that ipf & Bridging it's not enabled in FreeBSD, aargggggh, is that right? Did you ever used ipf & bridging? I think I must switch to ipfw, argg. What do you think? Thanks, bye --- John Brooks ha scritto: > Some items to check > > Are you positive that rl0 is on the internet side? > Is that your entire ruleset? it would help to see > all the rules and > their order > Did you also flush out the state table? there may be > previously allowed > connections bypassing the new rules - run: > ipf -FS > > What does /var/log/ipflog show? (assuming default > location) > Add the keyword "log" to all rules then run: > ipf -Fa -f /path/to/rules/ipf.rules -E > tail -f /path/to/logfile/ipflog > You should be able to see each new log entry as it > occurs > > Run: > dmesg | grep "IP Filter" (you should get a > response) > > Run: > ipfstat -hion (shows activity per rule) > > Run: > ifconfig -a (confirm your nics) > > Is this a new box? > Is this box currently in use? > Have you ever had ipf running on this box before? > So many questions... > > -- > John Brooks > Email: john@stlbsd.org > > > > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of > Fabrizio Ravazzini > Sent: Thursday, December 13, 2001 10:48 AM > To: john@day-light.com > Cc: freebsd-isp@freebsd.org > Subject: RE: Ipf & Bridging ??? > > > hello thanks for the help, ipf is installed in the > kernel i compiled, > options IPFILTER > options IPFILTER_LOG > > > There's also the ipfiletr_enable="YES" in my rc.conf > > in /etc/ipf.rules: > pass in all > pass out all > block in quick on rl0 from any to any > > then if I digit: > ipf -Fa -f /path/to/rules/ipf.rules -E > I have the output: > IP Filter:already initialized > IP Filter:already initialized > > But there is still the problem, can you help me? > > ______________________________________________________________________ Iscriviti al Meglio della Settimana, la newsletter di Yahoo! Per saperne di più vai alla pagina: http://buongiorno.yahoo.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Dec 14 3:22:10 2001 Delivered-To: freebsd-isp@freebsd.org Received: from kermit.netivity.nl (wc-68.r-195-85-144.essentkabel.com [195.85.144.68]) by hub.freebsd.org (Postfix) with ESMTP id 56C8F37B419 for ; Fri, 14 Dec 2001 03:22:06 -0800 (PST) Received: by KERMIT with Internet Mail Service (5.5.2653.19) id ; Fri, 14 Dec 2001 12:22:00 +0100 Message-ID: <510EAC2065C0D311929200A02472526237A69B@NETIVITY-FS> From: Enriko Groen To: "'freebsd-isp@freebsd.org'" Subject: Bandwidth Date: Fri, 14 Dec 2001 12:21:59 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Next week I'll be building a machine which is supposed to do some bandwidth limiting and measurement; next to being the firewall. DUMMYNET seems to be the bandwidth limit solution, but is it also useable together with IPFilter (which i favor over IPFW)? Or are there other possibilities? And what are the (software) suggestions for measuring bandwidth? I would like to measure the amount of traffic per service (www, ftp, dns, smtp, pop), per server (or rather per ip) and per domainname (virtual website). Would this be possible? -- Enriko Groen, Hosting manager -------------------------------------------------------- netivity bv www.netivity.nl enriko.groen@netivity.nl 038 - 850 1000 van nagellstraat 4 8011 eb zwolle -------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Dec 14 7: 7:41 2001 Delivered-To: freebsd-isp@freebsd.org Received: from imo-m07.mx.aol.com (imo-m07.mx.aol.com [64.12.136.162]) by hub.freebsd.org (Postfix) with ESMTP id A1CDA37B417; Fri, 14 Dec 2001 07:07:36 -0800 (PST) Received: from CB1001@aol.com by imo-m07.mx.aol.com (mail_out_v31_r1.9.) id c.6d.1f1ac6d0 (3973); Fri, 14 Dec 2001 10:07:21 -0500 (EST) From: CB1001@aol.com Message-ID: <6d.1f1ac6d0.294b6fa9@aol.com> Date: Fri, 14 Dec 2001 10:07:21 EST Subject: RE: 3com card problems To: hueber@riic.at Cc: hackers@freebsd.org, isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 5.0 for Windows sub 138 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, You claim the 3Coms are no good choice for FBSD. I have always been very satisfied with 3Com905B devices. And a quick search did not reveal any major problems with the 3com cards. Pls, can you explain the problem in more detail or direct me to more detailed information (how to avoid impacts with STATS ...) Thank you Gernot Hueber To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Dec 14 7:17:34 2001 Delivered-To: freebsd-isp@freebsd.org Received: from imo-m08.mx.aol.com (imo-m08.mx.aol.com [64.12.136.163]) by hub.freebsd.org (Postfix) with ESMTP id F212A37B417; Fri, 14 Dec 2001 07:17:28 -0800 (PST) Received: from CB1001@aol.com by imo-m08.mx.aol.com (mail_out_v31_r1.9.) id c.15d.5ca814f (3973); Fri, 14 Dec 2001 10:17:20 -0500 (EST) From: CB1001@aol.com Message-ID: <15d.5ca814f.294b71ff@aol.com> Date: Fri, 14 Dec 2001 10:17:19 EST Subject: Re: (no subject) To: hueber@riic.at Cc: hackers@freebsd.org, isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 5.0 for Windows sub 138 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In a message dated 12/14/01 10:09:20 AM Eastern Standard Time, CB1001 writes: > Hi, > > You claim the 3Coms are no good choice for FBSD. I have always been very > satisfied > with 3Com905B devices. > And a quick search did not reveal any major problems with the 3com cards. A "quick search" of what? Get some perspective. The "hackers" are only interested in cards that they use, and they all use intel for high end stuff. Bill paul is too busy writing drivers for some new gigabit card to worry about old stuff. (note that most of his drivers are optimised for the Alpha and not i386...like what pct of people are using Alpha?) And there is apparantly no interest in fixing anything or finding out whats wrong because some guy at freebsd with a 2 inch weener keeps knocking me off the list...they dont like criticism. I've already fixed it, so all im trying to do is save you a lot of time doing work thats already been done. > > Pls, can you explain the problem in more detail or direct me to more > detailed > information (how to avoid impacts with STATS ...) I did in my last post. Im sure one of the hackers can explain it to you. Or you can look at the linux driver and see what they've done about it. Maybe if someone who cares is listening it will make it into the tree. db To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Dec 14 9:51:42 2001 Delivered-To: freebsd-isp@freebsd.org Received: from leaf.lumiere.net (leaf.lumiere.net [208.44.192.100]) by hub.freebsd.org (Postfix) with ESMTP id 6AA1937B405 for ; Fri, 14 Dec 2001 09:51:38 -0800 (PST) Received: by leaf.lumiere.net (Postfix, from userid 1082) id 452DACD13; Fri, 14 Dec 2001 09:51:33 -0800 (PST) Date: Fri, 14 Dec 2001 09:51:33 -0800 From: Derrick John Klise To: Enriko Groen Cc: freebsd-isp@freebsd.org Subject: Re: Bandwidth Message-ID: <20011214095133.A42659@leaf.lumiere.net> References: <510EAC2065C0D311929200A02472526237A69B@NETIVITY-FS> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <510EAC2065C0D311929200A02472526237A69B@NETIVITY-FS>; from enriko.groen@netivity.nl on Fri, Dec 14, 2001 at 12:21:59PM +0100 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Dec 14, 2001 at 12:21:59PM +0100, Enriko Groen wrote: > Hi, > > Next week I'll be building a machine which is supposed to do some bandwidth > limiting and measurement; next to being the firewall. > > DUMMYNET seems to be the bandwidth limit solution, but is it also useable > together with IPFilter (which i favor over IPFW)? > Or are there other possibilities? Yes, you can use ipfw (dummynet) with ipfilter. > And what are the (software) suggestions for measuring bandwidth? > I would like to measure the amount of traffic per service (www, ftp, dns, > smtp, pop), per server (or rather per ip) and per domainname (virtual > website). Would this be possible? Ipfilter has a "count" action that you can put in your rules file which will keep accounting of the traffic. Not so sure about measuring via domainname, but you can using something like count in from any to a.b.c.d port = 80 count out from a.b.c.d to any port = 80 will keep accounting for anything going to/coming from a.b.c.d, port 80. ipfstat -aio will then show you the accounting statistics gathered. `man 5 ipf` and search for 'count' for more information. -- Derrick John Klise "I went into a general store, and they wouldn't sell me anything specific". -- Steven Wright To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Dec 14 10:58:25 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail12.speakeasy.net (mail12.speakeasy.net [216.254.0.212]) by hub.freebsd.org (Postfix) with ESMTP id 13B2437B41C for ; Fri, 14 Dec 2001 10:58:16 -0800 (PST) Received: (qmail 326 invoked from network); 14 Dec 2001 18:58:15 -0000 Received: from unknown (HELO laptop.baldwin.cx) ([64.81.54.73]) (envelope-sender ) by mail12.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 14 Dec 2001 18:58:15 -0000 Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <15d.5ca814f.294b71ff@aol.com> Date: Fri, 14 Dec 2001 10:58:06 -0800 (PST) From: John Baldwin To: CB1001@aol.com Subject: Re: (no subject) Cc: isp@freebsd.org, hackers@freebsd.org, hueber@riic.at Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 14-Dec-01 CB1001@aol.com wrote: > In a message dated 12/14/01 10:09:20 AM Eastern Standard Time, CB1001 writes: > >> Hi, >> >> You claim the 3Coms are no good choice for FBSD. I have always been very >> satisfied >> with 3Com905B devices. >> And a quick search did not reveal any major problems with the 3com cards. > > A "quick search" of what? Get some perspective. The "hackers" are only > interested in cards that they use, and they all use intel for high end stuff. > Bill paul is too busy writing drivers for some new gigabit card to worry > about old stuff. (note that most of his drivers are optimised for the Alpha > and not i386...like what pct of people are using Alpha?) And there is > apparantly no interest in fixing anything or finding out whats wrong because > some guy at freebsd with a 2 inch weener keeps knocking me off the > list...they dont like criticism. I've already fixed it, so all im trying to > do is save you a lot of time doing work thats already been done. Actually, the cards are very much optimized for the i386. See the lack of using bus_dma for example, which is required for these cards to work on things like sparc64. Grow up and realize that not all the world is an i386. Ports like sparc64, powerpc, ia64, and x86-64 are being added and they are not exactly like the i386. I've used 3com cards (xl(4)) without any problems. They are rather nice cards and Bill Paul prefers those to Intel cards since Intel is so nazi with its docco. :) To Guret: Please don't listen to Dennis. He is feeding you lies so that you will go buy his "better" ethernet drivers. He is very obnoxious and thus has been banned from the lists several times. This is just another one of his silly aliases. -- John Baldwin <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Dec 14 11:30:16 2001 Delivered-To: freebsd-isp@freebsd.org Received: from nts.umd.edu (nts.umd.edu [128.8.5.5]) by hub.freebsd.org (Postfix) with ESMTP id 2F5A437B43D for ; Fri, 14 Dec 2001 11:29:55 -0800 (PST) Received: from localhost (missing@localhost) by nts.umd.edu (8.11.3/8.11.3) with ESMTP id fBEJTrA05685 for ; Fri, 14 Dec 2001 14:29:54 -0500 (EST) (envelope-from missing@nts.umd.edu) Date: Fri, 14 Dec 2001 14:29:53 -0500 (EST) From: Tony To: Subject: OT: network management Message-ID: <20011214142203.K5086-100000@nts.umd.edu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Would anyone care to share network management software solutions? I'm doing an investigation for commercial and non-commercial offerings and I'd like to know what folks have had success with. Basically we've been an home grown shop but I'd like to know a bit more about what software others are using. mrtg ? billing software? cricket? rddtool? netcool? ov? problems polling non cisco gear w/ cisco works 2000 ? hpov , thoughts? integration/mapping of customer and network data ( as it relates to fault management ) This an information gathering attempt on my part so I'm deliberately casting a big/broad net. ------------------------------------------------------------------- Tony Link Networking & Telecommunications Services nts.umd.edu/~missing/pgp Office of Information Technology +|F3:C3:04:E2:E4:AC:67:2E University of Maryland +|32:6F:AF:21:A0:16:03:B2 College Park, Maryland 20742-4911 +|4C:83:1C:1B Office: 301.405.2988 Fax 301.405.2988 ------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Dec 14 11:50:15 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mr01.conversent.com (mr01.conversent.net [216.41.101.18]) by hub.freebsd.org (Postfix) with ESMTP id 2B3D637B405 for ; Fri, 14 Dec 2001 11:50:08 -0800 (PST) Received: from munged (nttech.ids.net [155.212.1.219]) by mr01.conversent.com (8.11.6/8.11.6) with SMTP id fBEJmx514592; Fri, 14 Dec 2001 14:48:59 -0500 (EST) Reply-To: From: "Christopher Meiklejohn" To: "Tony" Cc: Subject: RE: network management Date: Fri, 14 Dec 2001 14:49:50 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: <20011214142203.K5086-100000@nts.umd.edu> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have had alot of success with MRTG and NOCOL. I use nocol for the network monitering and mrtg for graphing anything I need that has a MIB that supports it! I have had alot more success with NOCOL over WhatsUp ( running on Windows, which we were using before ) becuase WhatsUp just has a very low threshold for monitering things. NOCOL can handle much much more. -=Chris -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Tony Sent: Friday, December 14, 2001 2:30 PM To: isp@FreeBSD.ORG Subject: OT: network management Would anyone care to share network management software solutions? I'm doing an investigation for commercial and non-commercial offerings and I'd like to know what folks have had success with. Basically we've been an home grown shop but I'd like to know a bit more about what software others are using. mrtg ? billing software? cricket? rddtool? netcool? ov? problems polling non cisco gear w/ cisco works 2000 ? hpov , thoughts? integration/mapping of customer and network data ( as it relates to fault management ) This an information gathering attempt on my part so I'm deliberately casting a big/broad net. ------------------------------------------------------------------- Tony Link Networking & Telecommunications Services nts.umd.edu/~missing/pgp Office of Information Technology +|F3:C3:04:E2:E4:AC:67:2E University of Maryland +|32:6F:AF:21:A0:16:03:B2 College Park, Maryland 20742-4911 +|4C:83:1C:1B Office: 301.405.2988 Fax 301.405.2988 ------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Dec 14 13:14:21 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pericles.IPAustralia.gov.au (pericles.IPAustralia.gov.au [202.14.186.30]) by hub.freebsd.org (Postfix) with ESMTP id 91BE937B405 for ; Fri, 14 Dec 2001 13:14:14 -0800 (PST) Received: (from smap@localhost) by pericles.IPAustralia.gov.au (8.11.3/8.11.1) id fBELECQ20183 for ; Sat, 15 Dec 2001 08:14:12 +1100 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) Received: from wf-153.aipo.gov.au(192.168.1.153) by pericles.IPAustralia.gov.au via smap (V2.1) id xma020177; Sat, 15 Dec 01 08:14:05 +1100 Received: (from anwsmh@localhost) by stan.aipo.gov.au (8.11.1/8.11.1) id fBELE6M00418 for freebsd-isp@FreeBSD.ORG; Sat, 15 Dec 2001 08:14:06 +1100 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) X-Authentication-Warning: stan.aipo.gov.au: anwsmh set sender to anwsmh@IPAustralia.Gov.AU using -f Date: Sat, 15 Dec 2001 08:14:05 +1100 From: Stanley Hopcroft To: freebsd-isp@FreeBSD.ORG Subject: Re: network management Message-ID: <20011215081404.A388@IPAustralia.Gov.AU> References: <20011214142203.K5086-100000@nts.umd.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from cmeiklejohn@conversent.com on Fri, Dec 14, 2001 at 02:49:50PM -0500 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dear Ladies and Gentlemen, On Fri, Dec 14, 2001 at 02:49:50PM -0500, Christopher Meiklejohn wrote: > I have had alot of success with MRTG and NOCOL. > You may want to look at Netsaint (http://www.Netsaint.ORG) rather than NOCOL. AFAIK, Netsaint is . actively developed . easier to write service checks for . supports various approaches for remote and distributed monitoring . has a fair to good story for monitoring M$ boxen. . has I think better logging and availability reporting > I use nocol for the network monitering and mrtg for graphing anything I need > that has a MIB that > supports it! > > I have had alot more success with NOCOL over WhatsUp ( running on Windows, > which we were using before ) becuase WhatsUp just has a very low threshold > for monitering things. NOCOL can handle much much more. > > -=Chris > Netsaint is a FreeBSD package. Thank you, Yours sincerely. -- ------------------------------------------------------------------------ Stanley Hopcroft Network Specialist ------------------------------------------------------------------------ '...No man is an island, entire of itself; every man is a piece of the continent, a part of the main. If a clod be washed away by the sea, Europe is the less, as well as if a promontory were, as well as if a manor of thy friend's or of thine own were. Any man's death diminishes me, because I am involved in mankind; and therefore never send to know for whom the bell tolls; it tolls for thee...' from Meditation 17, J Donne. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Dec 14 13:28:21 2001 Delivered-To: freebsd-isp@freebsd.org Received: from nts.umd.edu (nts.umd.edu [128.8.5.5]) by hub.freebsd.org (Postfix) with ESMTP id 0562F37B416 for ; Fri, 14 Dec 2001 13:28:16 -0800 (PST) Received: from localhost (missing@localhost) by nts.umd.edu (8.11.3/8.11.3) with ESMTP id fBELRwx08492; Fri, 14 Dec 2001 16:28:07 -0500 (EST) (envelope-from missing@nts.umd.edu) Date: Fri, 14 Dec 2001 16:27:57 -0500 (EST) From: Tony To: Stanley Hopcroft Cc: Subject: Re: network management In-Reply-To: <20011215081404.A388@IPAustralia.Gov.AU> Message-ID: <20011214162102.B5086-100000@nts.umd.edu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, 15 Dec 2001, Stanley Hopcroft wrote: > Dear Ladies and Gentlemen, > > On Fri, Dec 14, 2001 at 02:49:50PM -0500, Christopher Meiklejohn wrote: > > I have had alot of success with MRTG and NOCOL. > You may want to look at Netsaint (http://www.Netsaint.ORG) rather than > NOCOL. But NetSaint is not advertised as an snmp monitor. http://www.netsaint.org/docs/0_0_6/about.html#whatis Also, from what I understand, Netcool can do application monitoring. > > AFAIK, Netsaint is > > . actively developed > > . easier to write service checks for > > . supports various approaches for remote and distributed monitoring > > . has a fair to good story for monitoring M$ boxen. > > . has I think better logging and availability reporting How does Netsaint scale ? I may just have to go check the source myself. -Tony To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Dec 14 14: 4:20 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pericles.IPAustralia.gov.au (pericles.IPAustralia.gov.au [202.14.186.30]) by hub.freebsd.org (Postfix) with ESMTP id 512DF37B417 for ; Fri, 14 Dec 2001 14:04:14 -0800 (PST) Received: (from smap@localhost) by pericles.IPAustralia.gov.au (8.11.3/8.11.1) id fBEM4DR20558 for ; Sat, 15 Dec 2001 09:04:13 +1100 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) Received: from wf-153.aipo.gov.au(192.168.1.153) by pericles.IPAustralia.gov.au via smap (V2.1) id xma020552; Sat, 15 Dec 01 09:03:59 +1100 Received: (from anwsmh@localhost) by stan.aipo.gov.au (8.11.1/8.11.1) id fBEM40s00473 for freebsd-isp@FreeBSD.ORG; Sat, 15 Dec 2001 09:04:00 +1100 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) X-Authentication-Warning: stan.aipo.gov.au: anwsmh set sender to anwsmh@IPAustralia.Gov.AU using -f Date: Sat, 15 Dec 2001 09:03:59 +1100 From: Stanley Hopcroft To: freebsd-isp@FreeBSD.ORG Subject: Re: network management Message-ID: <20011215090358.C388@IPAustralia.Gov.AU> References: <20011215081404.A388@IPAustralia.Gov.AU> <20011214162102.B5086-100000@nts.umd.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011214162102.B5086-100000@nts.umd.edu>; from missing@nts.umd.edu on Fri, Dec 14, 2001 at 04:27:57PM -0500 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Deear Sir, On Fri, Dec 14, 2001 at 04:27:57PM -0500, Tony wrote: > > > But NetSaint is not advertised as an snmp monitor. > http://www.netsaint.org/docs/0_0_6/about.html#whatis > Also, from what I understand, Netcool can do application monitoring. Do not know about __Netcool__; if by application monitoring you mean the simulated use of the application and checking the output for 'normal' (below some application dependedent critical threshold) responses, then Netsaint can do that by scheduling your check of that service. It comes with simpler 'plugins' that do things such as checks of RADIUS, TCP connections - including banner checks -, HTTP responses match a regex, DNS queries, RTA and PLR (ie ping stats below thresholds), and a framework for making SNMP queries but if the supplied plugins are not sufficient, almost anyone can write their own. > How does Netsaint scale ? I may just have to go check the source myself. Netsaint does nothing more than schedule service checks; each check is execed in a forked copy. Netsaint has support for . (early) an embedded Perl interpreter (like mod_apache) to avoid forking and loading Perl for checks written in Perl. . (early) for configuration in Database, and host/service status written to DB (mysql and postgres I think) . distributed monitoring My employer is using it to monitor 133 hosts (mainly on the one switched LAN but also on a small WAN) and nearly 300 services. People use it for up to a 1000 hosts I think. > > -Tony > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message Thank you, Yours sincerely. -- ------------------------------------------------------------------------ Stanley Hopcroft Network Specialist ------------------------------------------------------------------------ '...No man is an island, entire of itself; every man is a piece of the continent, a part of the main. If a clod be washed away by the sea, Europe is the less, as well as if a promontory were, as well as if a manor of thy friend's or of thine own were. Any man's death diminishes me, because I am involved in mankind; and therefore never send to know for whom the bell tolls; it tolls for thee...' from Meditation 17, J Donne. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Dec 14 14:31:33 2001 Delivered-To: freebsd-isp@freebsd.org Received: from imo-m10.mx.aol.com (imo-m10.mx.aol.com [64.12.136.165]) by hub.freebsd.org (Postfix) with ESMTP id 6321837B405; Fri, 14 Dec 2001 14:31:27 -0800 (PST) Received: from HP889@aol.com by imo-m10.mx.aol.com (mail_out_v31_r1.9.) id n.176.cf4901 (4411); Fri, 14 Dec 2001 17:31:24 -0500 (EST) From: HP889@aol.com Message-ID: <176.cf4901.294bd7bc@aol.com> Date: Fri, 14 Dec 2001 17:31:24 EST Subject: RE: 3Com driver problems To: hackers@freebsd.org Cc: isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 5.0 for Windows sub 139 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >> with 3Com905B devices. >> And a quick search did not reveal any major problems with the 3com cards. > > A "quick search" of what? Get some perspective. The "hackers" are only > interested in cards that they use, and they all use intel for high end stuff. > Bill paul is too busy writing drivers for some new gigabit card to worry > about old stuff. (note that most of his drivers are optimised for the Alpha > and not i386...like what pct of people are using Alpha?) And there is > apparantly no interest in fixing anything or finding out whats wrong because > some guy at freebsd with a 2 inch weener keeps knocking me off the > list...they dont like criticism. I've already fixed it, so all im trying to > do is save you a lot of time doing work thats already been done. >Actually, the cards are very much optimized for the i386. See the lack of >using bus_dma for example, which is required for these cards to work on things >ike sparc64. Grow up and realize that not all the world is an i386. Ports >like sparc64, powerpc, ia64, and x86-64 are being added and they are not >exactly like the i386. I've used 3com cards (xl(4)) without any problems. >They are rather nice cards and Bill Paul prefers those to Intel cards since >Intel is so nazi with its docco. :) >To Guret: >Please don't listen to Dennis. He is feeding you lies so that you will go buy? >his "better" ethernet drivers. He is very obnoxious and thus has been banned >from the lists several times. This is just another one of his silly aliases. We dont sell ethernet drivers, and Im not trying to "hide". Why does linux have specific code to disable the stats under load if Im making this up? Why can you lock up a FreeBSD 4.4 system with a 3com card at 20Kpps due to counter overflow interrupts in about 3 seconds? Its too bad that pointing out bugs is deemed as being obnoxious. Maybe its why they were complaining that linux outperforms Freebsd last week? Guret, I apologize for trying to help. Im sure these fellows at freebsd.org will work painstakingly to help you find your problem. But since they are in denial about there being anything wrong with it, you most likely are sunk. Try to front end your machine with a switch...the 5 cards is most likely your problem. With each device you increase your bus contention (ie worsen the worst case bus master scenario)...either that or get a 4 port card that is more efficient than 5 individual cards. DB To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Dec 14 14:33:25 2001 Delivered-To: freebsd-isp@freebsd.org Received: from sr3.terra.com.br (sr3.terra.com.br [200.176.3.18]) by hub.freebsd.org (Postfix) with ESMTP id 9EE0037B405; Fri, 14 Dec 2001 14:33:20 -0800 (PST) Received: from srv16-sao.terra.com.br (srv16-sao.terra.com.br [200.176.3.39]) by sr3.terra.com.br (Postfix) with ESMTP id CD93315AAF7; Fri, 14 Dec 2001 20:33:10 -0200 (GMT+2) Received: from rodrigo (dl-rip-C8B1EDEA.mii.terra.com.br [200.177.237.234]) by srv16-sao.terra.com.br (Postfix) with ESMTP id AF4EA2BB37; Fri, 14 Dec 2001 20:33:08 -0200 (GMT+2) Message-ID: <008d01c184ef$52c6e060$eaedb1c8@rodrigo> From: =?iso-8859-1?Q?Jo=E3o_Silvestre?= To: Cc: Subject: HELP!!! Date: Fri, 14 Dec 2001 20:33:12 -0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi All, I need to receive GRE packets from CISCO... I have patched the kernel with the gre.c (from squid) and add OPTIONS GRE too. The tcpdump shows that CISCO is sending GRE packets to FreeBSD, but the FreeBSD isn't decapsulating packets. I need to redirect these packets to proxy... What's is wrong in my system? Thanks! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Dec 14 15:35:31 2001 Delivered-To: freebsd-isp@freebsd.org Received: from aaz.links.ru (aaz.links.ru [193.125.152.37]) by hub.freebsd.org (Postfix) with ESMTP id 9029B37B417; Fri, 14 Dec 2001 15:35:23 -0800 (PST) Received: (from babolo@localhost) by aaz.links.ru (8.9.3/8.9.3) id CAA27872; Sat, 15 Dec 2001 02:41:47 +0300 (MSK) Message-Id: <200112142341.CAA27872@aaz.links.ru> Subject: Re: 3Com driver problems In-Reply-To: <176.cf4901.294bd7bc@aol.com> from "HP889@aol.com" at "Dec 14, 1 05:31:24 pm" To: HP889@aol.com Date: Sat, 15 Dec 2001 02:41:47 +0300 (MSK) Cc: hackers@FreeBSD.ORG, isp@FreeBSD.ORG From: "."@babolo.ru MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org HP889@aol.com writes: > Try to front end your machine with a switch...the 5 cards is most likely your > problem. With each device you increase your bus contention (ie worsen the > worst case bus master scenario)...either that or get a 4 port card that is > more efficient than 5 individual cards. I have some opposite expierence. This is my biggest router: 0gw~(1)>uname -a FreeBSD gw.pike 4.4-STABLE FreeBSD 4.4-STABLE #0: Wed Sep 19 06:29:38 MSD 2001 babolo@shikster.pike.ru:/tmp/babolo/usr/src/sys/gw i386 0gw~(2)>ifconfig -a dc0: flags=8843 mtu 1500 dc1: flags=8802 mtu 1500 dc2: flags=8843 mtu 1500 dc3: flags=8843 mtu 1500 xl0: flags=8843 mtu 1500 xl1: flags=8843 mtu 1500 xl2: flags=8843 mtu 1500 6 used 100 M ethernet interfaces among others. dc0..dc3 is one card. xl0 cards are workaround for the fact that processor spent MUCH more time in interrupt state with dc driver than with xl driver with the same load. Yes, I try find xl x 4 card but no success -- @BABOLO http://links.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Dec 14 15:47:15 2001 Delivered-To: freebsd-isp@freebsd.org Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by hub.freebsd.org (Postfix) with ESMTP id 85F9837B41B; Fri, 14 Dec 2001 15:47:09 -0800 (PST) Received: from peter3.wemm.org ([12.232.27.13]) by rwcrmhc52.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20011214234709.ENKA403.rwcrmhc52.attbi.com@peter3.wemm.org>; Fri, 14 Dec 2001 23:47:09 +0000 Received: from overcee.netplex.com.au (overcee.wemm.org [10.0.0.3]) by peter3.wemm.org (8.11.0/8.11.0) with ESMTP id fBENl9s53799; Fri, 14 Dec 2001 15:47:09 -0800 (PST) (envelope-from peter@wemm.org) Received: from wemm.org (localhost [127.0.0.1]) by overcee.netplex.com.au (Postfix) with ESMTP id E9FB33808; Fri, 14 Dec 2001 15:47:08 -0800 (PST) (envelope-from peter@wemm.org) X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: hackers@FreeBSD.ORG, isp@FreeBSD.ORG Subject: Re: 3Com driver problems In-Reply-To: <176.cf4901.294bd7bc@aol.com> Date: Fri, 14 Dec 2001 15:47:08 -0800 From: Peter Wemm Message-Id: <20011214234708.E9FB33808@overcee.netplex.com.au> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org FYI, this is another dennis@etinc.com clone. HP889@aol.com wrote: > >> with 3Com905B devices. > >> And a quick search did not reveal any major problems with the 3com cards. > > > > A "quick search" of what? Get some perspective. The "hackers" are only > > interested in cards that they use, and they all use intel for high end > stuff. > > Bill paul is too busy writing drivers for some new gigabit card to worry > > about old stuff. (note that most of his drivers are optimised for the Alpha > > and not i386...like what pct of people are using Alpha?) And there is > > apparantly no interest in fixing anything or finding out whats wrong > because > > some guy at freebsd with a 2 inch weener keeps knocking me off the > > list...they dont like criticism. I've already fixed it, so all im trying to > > do is save you a lot of time doing work thats already been done. > > >Actually, the cards are very much optimized for the i386. See the lack of > >using bus_dma for example, which is required for these cards to work on > things > >ike sparc64. Grow up and realize that not all the world is an i386. Ports > >like sparc64, powerpc, ia64, and x86-64 are being added and they are not > >exactly like the i386. I've used 3com cards (xl(4)) without any problems. > > >They are rather nice cards and Bill Paul prefers those to Intel cards since > >Intel is so nazi with its docco. :) > > >To Guret: > > >Please don't listen to Dennis. He is feeding you lies so that you will go > buy? > >his "better" ethernet drivers. He is very obnoxious and thus has been banne d > >from the lists several times. This is just another one of his silly aliases . > > We dont sell ethernet drivers, and Im not trying to "hide". Why does linux > have specific code to disable the stats under load if Im making this up? Why > can you lock up a FreeBSD 4.4 system with a 3com card at 20Kpps due to > counter overflow interrupts in about 3 seconds? > > Its too bad that pointing out bugs is deemed as being obnoxious. Maybe its > why they were complaining that linux outperforms Freebsd last week? > > Guret, I apologize for trying to help. Im sure these fellows at freebsd.org > will work painstakingly to help you find your problem. But since they are in > denial about there being anything wrong with it, you most likely are sunk. > > Try to front end your machine with a switch...the 5 cards is most likely your > problem. With each device you increase your bus contention (ie worsen the > worst case bus master scenario)...either that or get a 4 port card that is > more efficient than 5 individual cards. > > DB > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > > Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Dec 14 15:48: 4 2001 Delivered-To: freebsd-isp@freebsd.org Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38]) by hub.freebsd.org (Postfix) with ESMTP id 5F18337B417; Fri, 14 Dec 2001 15:48:00 -0800 (PST) Received: from peter3.wemm.org ([12.232.27.13]) by rwcrmhc51.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20011214234800.DLSW5010.rwcrmhc51.attbi.com@peter3.wemm.org>; Fri, 14 Dec 2001 23:48:00 +0000 Received: from overcee.netplex.com.au (overcee.wemm.org [10.0.0.3]) by peter3.wemm.org (8.11.0/8.11.0) with ESMTP id fBENlxs53808; Fri, 14 Dec 2001 15:47:59 -0800 (PST) (envelope-from peter@wemm.org) Received: from wemm.org (localhost [127.0.0.1]) by overcee.netplex.com.au (Postfix) with ESMTP id CB6E83808; Fri, 14 Dec 2001 15:47:59 -0800 (PST) (envelope-from peter@wemm.org) X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: hackers@FreeBSD.ORG, isp@FreeBSD.ORG Subject: Re: 3com card problems In-Reply-To: <6d.1f1ac6d0.294b6fa9@aol.com> Date: Fri, 14 Dec 2001 15:47:59 -0800 From: Peter Wemm Message-Id: <20011214234759.CB6E83808@overcee.netplex.com.au> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org FYI: This is another dennis@etinc.com clone. CB1001@aol.com wrote: > Hi, > > You claim the 3Coms are no good choice for FBSD. I have always been very > satisfied > with 3Com905B devices. > And a quick search did not reveal any major problems with the 3com cards. > > Pls, can you explain the problem in more detail or direct me to more detailed > information (how to avoid impacts with STATS ...) > > Thank you > > Gernot Hueber > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > > Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Dec 15 3:52:50 2001 Delivered-To: freebsd-isp@freebsd.org Received: from vnet2.trinite.co.uk (vnet2.trinite.co.uk [195.38.64.9]) by hub.freebsd.org (Postfix) with ESMTP id BDFE837B421 for ; Sat, 15 Dec 2001 03:52:38 -0800 (PST) Received: from nildram.net ([195.38.80.99]) by vnet2.trinite.co.uk (8.10.0/8.10.0) with ESMTP id fBFBqW017378 for ; Sat, 15 Dec 2001 11:52:32 GMT Received: from localhost by VMAILW2K46 with ESMTP; Sat, 15 Dec 2001 11:49:43 Received: FROM VMAILW2K45B BY vmailw2k45b.trinitevisp.co.uk ; Sat Dec 15 11:49:29 2001 0000 Received: from exchange2.nildram.co.uk [195.149.26.228] by VMAILW2K45B with ESMTP; Sat, 15 Dec 2001 11:49:28 Received: by exchange2.nildram.co.uk with Internet Mail Service (5.5.2650.21) id ; Sat, 15 Dec 2001 11:49:44 -0000 Message-ID: <41D348CD8E13D411973100A0CC58AA90989878@exchange2.nildram.co.uk> From: Gordon McDowall To: "'Tony'" , Stanley Hopcroft Cc: freebsd-isp@FreeBSD.ORG Subject: RE: network management Date: Sat, 15 Dec 2001 11:49:37 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have been messing around with netsaint for a while now and find that it is a great network monitor, it has a net-snmp plugin that means it can request snmp info the same as an snmp server can. Regards Gordon -----Original Message----- From: Tony [mailto:missing@nts.umd.edu] Sent: 14 December 2001 21:28 To: Stanley Hopcroft Cc: freebsd-isp@FreeBSD.ORG Subject: Re: network management On Sat, 15 Dec 2001, Stanley Hopcroft wrote: > Dear Ladies and Gentlemen, > > On Fri, Dec 14, 2001 at 02:49:50PM -0500, Christopher Meiklejohn wrote: > > I have had alot of success with MRTG and NOCOL. > You may want to look at Netsaint (http://www.Netsaint.ORG) rather than > NOCOL. But NetSaint is not advertised as an snmp monitor. http://www.netsaint.org/docs/0_0_6/about.html#whatis Also, from what I understand, Netcool can do application monitoring. > > AFAIK, Netsaint is > > . actively developed > > . easier to write service checks for > > . supports various approaches for remote and distributed monitoring > > . has a fair to good story for monitoring M$ boxen. > > . has I think better logging and availability reporting How does Netsaint scale ? I may just have to go check the source myself. -Tony To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Dec 15 4:56:44 2001 Delivered-To: freebsd-isp@freebsd.org Received: from sanyu1.sanyutel.com (sanyu1.sanyutel.com [216.250.215.14]) by hub.freebsd.org (Postfix) with ESMTP id 566AD37B416 for ; Sat, 15 Dec 2001 04:56:38 -0800 (PST) Received: from localhost (ksemat@localhost) by sanyu1.sanyutel.com (8.11.3/) with ESMTP id fBFCwsR02416; Sat, 15 Dec 2001 15:58:55 +0300 X-Authentication-Warning: sanyu1.sanyutel.com: ksemat owned process doing -bs Date: Sat, 15 Dec 2001 15:58:54 +0300 (EAT) From: X-X-Sender: To: Tony Cc: Subject: Re: OT: network management In-Reply-To: <20011214142203.K5086-100000@nts.umd.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > mrtg ? yes + ntop > billing software? billmax and freeside > cricket? yes > rddtool? yes > netcool? no > ov? add webrt for the help desk big brother snort with demarc. Noah. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Dec 15 10:42:36 2001 Delivered-To: freebsd-isp@freebsd.org Received: from hotmail.com (oe44.pav1.hotmail.com [64.4.30.16]) by hub.freebsd.org (Postfix) with ESMTP id 8ACE037B417 for ; Sat, 15 Dec 2001 10:42:33 -0800 (PST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sat, 15 Dec 2001 10:42:33 -0800 X-Originating-IP: [66.185.84.77] From: "jack xiao" To: Subject: Fw: radiusclients questions Date: Sat, 15 Dec 2001 13:44:39 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_005D_01C1856E.A4B97980" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: X-OriginalArrivalTime: 15 Dec 2001 18:42:33.0503 (UTC) FILETIME=[422FB2F0:01C18598] Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_005D_01C1856E.A4B97980 Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: base64 DQpIaSwNCg0KTm93IEkgd2FudCB0byB1c2UgcmFkaXVzY2xpZW50ICggdmVyc2lvbiAwLjMuMSAp IHVuZGVyIEZyZWVCU0QgcG9ydHMgYW5kIHVzZSByYWRsb2dpbiB0byBzdWJzdGl0dXRlIG5vcm1h bCBsb2dpbiBmb3IgUFBQIGxvZ2luIHVzZXIuIEkgaGF2ZSBwb3J0ZWQgcmFkaXVzY2xpZW50IGFu ZCByYWRsb2dpbiB3b3JrcyB3ZWxsLCBidXQgSSBkb24ndCBrbm93IGhvdyB0byB1c2UgcmFkbG9n aW4gaW5zdGVhZCBvZiBsb2dpbi4gQW55IGlkZWFzIHdpbGwgYmUgYXBwcmVjaWF0ZWQuDQoNClRo YW5rcyENCg0KSmFjaw0KDQoNCg0KDQo= ------=_NextPart_000_005D_01C1856E.A4B97980 Content-Type: text/html; charset="gb2312" Content-Transfer-Encoding: base64 PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVu dD0idGV4dC9odG1sOyBjaGFyc2V0PWdiMjMxMiI+DQo8TUVUQSBjb250ZW50PSJNU0hUTUwgNi4w MC4yNjAwLjAiIG5hbWU9R0VORVJBVE9SPg0KPFNUWUxFPjwvU1RZTEU+DQo8L0hFQUQ+DQo8Qk9E WSBiZ0NvbG9yPSNmZmZmZmY+DQo8RElWPjxGT05UIGZhY2U9QXJpYWwgc2l6ZT0yPjwvRk9OVD4m bmJzcDs8L0RJVj4NCjxESVYgc3R5bGU9IkZPTlQ6IDEwcHQgYXJpYWwiPjxGT05UIGZhY2U9QXJp YWwgc2l6ZT0yPkhpLDwvRk9OVD48L0RJVj4NCjxESVY+PEZPTlQgZmFjZT1BcmlhbCBzaXplPTI+ PC9GT05UPiZuYnNwOzwvRElWPg0KPERJVj48Rk9OVCBmYWNlPUFyaWFsIHNpemU9Mj5Ob3cgSSB3 YW50IHRvIHVzZSByYWRpdXNjbGllbnQgKCB2ZXJzaW9uIDAuMy4xIA0KKSZuYnNwO3VuZGVyIEZy ZWVCU0QgcG9ydHMgYW5kJm5ic3A7dXNlIHJhZGxvZ2luIHRvIHN1YnN0aXR1dGUgbm9ybWFsIGxv Z2luIA0KZm9yJm5ic3A7UFBQIGxvZ2luIHVzZXIuJm5ic3A7SSBoYXZlIHBvcnRlZCByYWRpdXNj bGllbnQgYW5kIHJhZGxvZ2luJm5ic3A7d29ya3MgDQp3ZWxsLCBidXQgSSBkb24ndCBrbm93IGhv dyB0byB1c2UgcmFkbG9naW4gaW5zdGVhZCBvZiBsb2dpbi4mbmJzcDtBbnkgaWRlYXMgd2lsbCAN CmJlIGFwcHJlY2lhdGVkLjwvRk9OVD48L0RJVj4NCjxESVY+PEZPTlQgZmFjZT1BcmlhbCBzaXpl PTI+PC9GT05UPiZuYnNwOzwvRElWPg0KPERJVj48Rk9OVCBmYWNlPUFyaWFsIHNpemU9Mj5UaGFu a3MhPC9GT05UPjwvRElWPg0KPERJVj48Rk9OVCBmYWNlPUFyaWFsIHNpemU9Mj48L0ZPTlQ+Jm5i c3A7PC9ESVY+DQo8RElWPjxGT05UIGZhY2U9QXJpYWwgc2l6ZT0yPkphY2s8L0ZPTlQ+PC9ESVY+ DQo8RElWPjxGT05UIGZhY2U9QXJpYWwgc2l6ZT0yPjwvRk9OVD4mbmJzcDs8L0RJVj4NCjxESVY+ PEZPTlQgZmFjZT1BcmlhbCBzaXplPTI+PC9GT05UPiZuYnNwOzwvRElWPg0KPERJVj48Rk9OVCBm YWNlPUFyaWFsIHNpemU9Mj48L0ZPTlQ+Jm5ic3A7PC9ESVY+DQo8RElWPjxGT05UIGZhY2U9QXJp YWwgc2l6ZT0yPjwvRk9OVD4mbmJzcDs8L0RJVj48L0JPRFk+PC9IVE1MPg0K ------=_NextPart_000_005D_01C1856E.A4B97980-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Dec 15 10:50:10 2001 Delivered-To: freebsd-isp@freebsd.org Received: from imo-r09.mx.aol.com (imo-r09.mx.aol.com [152.163.225.105]) by hub.freebsd.org (Postfix) with ESMTP id 1F11A37B405; Sat, 15 Dec 2001 10:49:54 -0800 (PST) Received: from TD790@aol.com by imo-r09.mx.aol.com (mail_out_v31_r1.9.) id n.9d.200f9846 (3310); Sat, 15 Dec 2001 13:49:49 -0500 (EST) From: TD790@aol.com Message-ID: <9d.200f9846.294cf54d@aol.com> Date: Sat, 15 Dec 2001 13:49:49 EST Subject: Re: 3Com driver problems To: hackers@freebsd.org Cc: isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 5.0 for Windows sub 139 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In a message dated 12/15/2001 1:07:28 PM Eastern Standard Time, "."@babalo.ru writes: > At 06:41 PM 12/14/2001, you wrote: > >HP889@aol.com writes: > > > Try to front end your machine with a switch...the 5 cards is most > > likely your > > > problem. With each device you increase your bus contention (ie worsen > the > > > worst case bus master scenario)...either that or get a 4 port card that > is > > > more efficient than 5 individual cards. > >I have some opposite expierence. > >This is my biggest router: > >0gw~(1)>uname -a > >FreeBSD gw.pike 4.4-STABLE FreeBSD 4.4-STABLE #0: Wed Sep 19 06:29:38 MSD > >2001 babolo@shikster.pike.ru:/tmp/babolo/usr/src/sys/gw i386 > >0gw~(2)>ifconfig -a > >dc0: flags=8843 mtu 1500 > >dc1: flags=8802 mtu 1500 > >dc2: flags=8843 mtu 1500 > >dc3: flags=8843 mtu 1500 > >xl0: flags=8843 mtu 1500 > >xl1: flags=8843 mtu 1500 > >xl2: flags=8843 mtu 1500 > >6 used 100 M ethernet interfaces among others. > >dc0..dc3 is one card. > >xl0 cards are workaround for the fact that processor > sty > >spent MUCH more time in interrupt state with dc driver > >than with xl driver with the same load. > >Yes, I try find xl x 4 card but no success Interrupt state and bus contention are 2 different problems...the problem with referencing the dc driver is that there are lots of different cards with different results. btw, the if_dc driver is one of the drivers optimized for the alpha (note the m_devget calls)..and can use a bit of tuning. my experience with dlink quad cards and xl is that they are similar in performance if you account for the fact that the quad cards are going through a pci bridge chip...and the reduction in bus contention versus using 4 cards. One issue is that you (and alot of others) dont understand the physical limits of your machine. putting 6 or more 100Mb/s ethernets on one 32bit bus is simply asking for problems. You are dealing with a bus that BURSTs to a bit more than a Gb and probably no more sustained throughput capability than 500Mb/s (with 2 cards you'll get some errors at 400Mb/s and down from there as you add cards)...so how do you expect to handle worst case DMA requirements of 600-800Mb/s in half duplex or twice that if you run 100Mb/s full duplex? Its just not physically possible. DB To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Dec 15 10:51:23 2001 Delivered-To: freebsd-isp@freebsd.org Received: from imo-m05.mx.aol.com (imo-m05.mx.aol.com [64.12.136.8]) by hub.freebsd.org (Postfix) with ESMTP id 4535F37B41D; Sat, 15 Dec 2001 10:50:52 -0800 (PST) Received: from TD790@aol.com by imo-m05.mx.aol.com (mail_out_v31_r1.9.) id n.e4.1f926a1e (3310); Sat, 15 Dec 2001 13:50:46 -0500 (EST) From: TD790@aol.com Message-ID: Date: Sat, 15 Dec 2001 13:50:46 EST Subject: re: Sherlock Wemm reports.... To: hackers@freebsd.org Cc: isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 5.0 for Windows sub 139 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Sherlock Wemm writes.... >FYI, this is another dennis@etinc.com clone. and your point is? I dont see any of you helping this guy out; you apparently are a lot better at tracking me down than problems with ethernet drivers, which dont ever seem to get addressed unless some company that one of you is working for needs it. Some of you grumble that I dont donate code, but you dont agree that there are problems, so its a bit difficult to contribute something that noone thinks is needed. Im doing bandwidth management on full gigabit streams with FBSD 4.4..and I've come to a full understand of all of the bottlenecks regarding ethernet drivers. Frankly i couldnt give a rats ass if you like me or not or if you perceive that Im making money off of your work or whatever, but if you think that I dont know what im doing then you are either paying attention to the wrong set of issues or you are just plain stupid. DB To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Dec 15 16:49:38 2001 Delivered-To: freebsd-isp@freebsd.org Received: from aaz.links.ru (aaz.links.ru [193.125.152.37]) by hub.freebsd.org (Postfix) with ESMTP id B2FFB37B405; Sat, 15 Dec 2001 16:49:31 -0800 (PST) Received: (from babolo@localhost) by aaz.links.ru (8.9.3/8.9.3) id DAA09823; Sun, 16 Dec 2001 03:56:02 +0300 (MSK) Message-Id: <200112160056.DAA09823@aaz.links.ru> Subject: Re: 3Com driver problems In-Reply-To: <9d.200f9846.294cf54d@aol.com> from "TD790@aol.com" at "Dec 15, 1 01:49:49 pm" To: TD790@aol.com Date: Sun, 16 Dec 2001 03:56:02 +0300 (MSK) Cc: hackers@FreeBSD.ORG, isp@FreeBSD.ORG From: "."@babolo.ru MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org TD790@aol.com writes: > In a message dated 12/15/2001 1:07:28 PM Eastern Standard Time, "."@babalo.ru > writes: > > > At 06:41 PM 12/14/2001, you wrote: > > >HP889@aol.com writes: > > > > Try to front end your machine with a switch...the 5 cards is most > > > likely your > > > > problem. With each device you increase your bus contention (ie worsen > > the > > > > worst case bus master scenario)...either that or get a 4 port card > that > > is > > > > more efficient than 5 individual cards. > > >I have some opposite expierence. > > >This is my biggest router: > > >0gw~(1)>uname -a > > >FreeBSD gw.pike 4.4-STABLE FreeBSD 4.4-STABLE #0: Wed Sep 19 06:29:38 MSD > > >2001 babolo@shikster.pike.ru:/tmp/babolo/usr/src/sys/gw i386 > > >0gw~(2)>ifconfig -a > > >dc0: flags=8843 mtu 1500 > > >dc1: flags=8802 mtu 1500 > > >dc2: flags=8843 mtu 1500 > > >dc3: flags=8843 mtu 1500 > > >xl0: flags=8843 mtu 1500 > > >xl1: flags=8843 mtu 1500 > > >xl2: flags=8843 mtu 1500 > > >6 used 100 M ethernet interfaces among others. > > >dc0..dc3 is one card. > > >xl0 cards are workaround for the fact that processor > > sty > > > >spent MUCH more time in interrupt state with dc driver > > >than with xl driver with the same load. > > >Yes, I try find xl x 4 card but no success > > Interrupt state and bus contention are 2 different problems...the problem > with referencing the dc driver is that there are lots of different cards with > different results. btw, the if_dc driver is one of the drivers optimized for > the alpha (note the m_devget calls)..and can use a bit of tuning. my > experience with dlink quad cards and xl is that they are similar in > performance if you account for the fact that the quad cards are going through > a pci bridge chip...and the reduction in bus contention versus using 4 cards. Mine 4 port card was bought as D-link... What is "a bit of tuning"? Yes, I played with shared and non-shared interrupts to assign non-shared to most loaded ports > One issue is that you (and alot of others) dont understand the physical I come to FreeBSD after I was a hardware developper. Hardware constraints are the things I understand well. I do not connect all high load interfaces to one router and this example has 3 relatively high load interfaces. > limits of your machine. putting 6 or more 100Mb/s ethernets on one 32bit bus > is simply asking for problems. You are dealing with a bus that BURSTs to a > bit more than a Gb and probably no more sustained throughput capability than > 500Mb/s (with 2 cards you'll get some errors at 400Mb/s and down from there > as you add cards)...so how do you expect to handle worst case DMA > requirements of 600-800Mb/s in half duplex or twice that if you run 100Mb/s > full duplex? Its just not physically possible. I have no problem with this router now. There is a home network, so no one want to pay more if quality is sufficient. The worst interface has about 1:10000 loss - it's OK. Average packet rate for last 67 days is 860 pkt/sec only, burst rate is about 5 times more for 2 min intervals. Yes, I have no direct data about real (short) bursts, but total packet loss is sufficiently low. The real restriction is IP rule complexity. -- @BABOLO http://links.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Dec 15 17:56:39 2001 Delivered-To: freebsd-isp@freebsd.org Received: from iguana.aciri.org (iguana.aciri.org [192.150.187.36]) by hub.freebsd.org (Postfix) with ESMTP id B5BEF37B405; Sat, 15 Dec 2001 17:56:37 -0800 (PST) Received: (from rizzo@localhost) by iguana.aciri.org (8.11.3/8.11.1) id fBG1uLs65225; Sat, 15 Dec 2001 17:56:21 -0800 (PST) (envelope-from rizzo) Date: Sat, 15 Dec 2001 17:56:21 -0800 From: Luigi Rizzo To: "."@babolo.ru Cc: TD790@aol.com, hackers@FreeBSD.ORG, isp@FreeBSD.ORG Subject: Re: 3Com driver problems Message-ID: <20011215175620.A64769@iguana.aciri.org> References: <9d.200f9846.294cf54d@aol.com> <200112160056.DAA09823@aaz.links.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200112160056.DAA09823@aaz.links.ru> User-Agent: Mutt/1.3.23i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, Dec 16, 2001 at 03:56:02AM +0300, "."@babolo.ru wrote: >> different results. btw, the if_dc driver is one of the drivers optimized for >> the alpha (note the m_devget calls)..and can use a bit of tuning. my this has been fixed recently in both stable and current. luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Dec 15 20:46: 5 2001 Delivered-To: freebsd-isp@freebsd.org Received: from smtp.popsite.net (smtp.popsite.net [216.126.128.17]) by hub.freebsd.org (Postfix) with ESMTP id AB10C37B419 for ; Sat, 15 Dec 2001 20:46:02 -0800 (PST) Received: from nobaloney.net (c17-108.015.popsite.net [64.24.197.108]) by smtp.popsite.net (Postfix) with ESMTP id 6EED95086F; Sat, 15 Dec 2001 22:45:46 -0600 (CST) Message-ID: <3C1C270F.164076BA@nobaloney.net> Date: Sat, 15 Dec 2001 20:46:07 -0800 From: Jeff Lasman Organization: nobaloney.net X-Mailer: Mozilla 4.72 [en] (Win98; U) X-Accept-Language: en,en-US MIME-Version: 1.0 To: Dmitry Koltsov , freebsd-isp@freebsd.org Subject: Re: Using DNAT and DNS round-robin References: <196254713265.20011209213749@hostonfly.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dmitry Koltsov wrote: > Configuring of round-robin under Bind is very simple. You can create > as much A records as you want and you'll receive round-robin > configuration. Are you sure? I've been looking for a definitive answer in my DNS & Bind book for about an hour now, and I'm still not certain . Any page references welcome . > To give more exact answer I should ask you: what you are looking for? > just load balancing and/or high availability? And how about failure rollover? We'd like to offer clients geographically dispersed hosting; there's a call for it since September 11th showed everyone of the hazards of hosting at only one location. But I don't think we can rely on short TTL; too many large ISPs seem to ignore it . Is there a way to handle high-availability strictly in DNS? Thanks. Jeff -- Jeff Lasman Linux and Cobalt/Sun/RaQ Consulting nobaloney.net P. O. Box 52672, Riverside, CA 92517 voice: (909) 778-9980 * fax: (702) 548-9484 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Dec 15 22:57:26 2001 Delivered-To: freebsd-isp@freebsd.org Received: from tsunami.acidpit.org (tsunami.acidpit.org [206.190.163.234]) by hub.freebsd.org (Postfix) with ESMTP id 6C18837B417 for ; Sat, 15 Dec 2001 22:57:22 -0800 (PST) Received: (from rch@localhost) by tsunami.acidpit.org (8.11.3/8.11.3) id fBG6vFA40636; Sun, 16 Dec 2001 01:57:15 -0500 (EST) (envelope-from rch@acidpit.org) Date: Sun, 16 Dec 2001 01:57:15 -0500 From: Robert Hough To: Tony Cc: isp@FreeBSD.ORG Subject: Re: OT: network management Message-ID: <20011216015715.A39495@acidpit.org> References: <20011214142203.K5086-100000@nts.umd.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011214142203.K5086-100000@nts.umd.edu>; from missing@nts.umd.edu on Fri, Dec 14, 2001 at 14:29:53 -0500 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Dec 14, 2001, Tony wrote: > > Would anyone care to share network management software solutions? Lets us not forget freeipdb, and flowtools. Those two can seriously save you a lot of time, effort and money. I think other people have made mention of most of the other "common" tools. Most peoples needs are easily met with pre-written utilities. I'd say collect them all, and figure out what works best for _your_ network. Sometimes, a pre-written tool can save you a lot of time, other times they seem to always fall short of your needs and expectations. Be prepared to write your own tools, there are/will be times when that is the only way to get something done. http://www.freeipdb.org/ http://www.splintered.net/sw/flow-tools/ -- Robert Hough (rch@acidpit.org) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Dec 15 23: 5:12 2001 Delivered-To: freebsd-isp@freebsd.org Received: from c007.snv.cp.net (c007-h008.c007.snv.cp.net [209.228.33.214]) by hub.freebsd.org (Postfix) with SMTP id 4229A37B416 for ; Sat, 15 Dec 2001 23:05:06 -0800 (PST) Received: (cpmta 5542 invoked from network); 15 Dec 2001 23:05:05 -0800 Received: from 216.227.100.85 (HELO vector) by smtp.telocity.com (209.228.33.214) with SMTP; 15 Dec 2001 23:05:05 -0800 X-Sent: 16 Dec 2001 07:05:05 GMT From: "Dustin Puryear" To: Subject: Public DNS server and FreeBSD firewall Date: Sun, 16 Dec 2001 01:13:14 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <107624744755.20011211191506@buz.ch> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I am setting up a public DNS server and having a bit of a problem figuring out why it cannot query outside of our network. I am using FreeBSD 4.4-RELEASE on both the DNS server and firewall. Basically, when I try to resolve a host outside of my network the local named times out: Server: XXXXX.com Address: 10.0.0.5 *** XXXXXX.com can't find www.cdrom.com: Non-existent host/domain > www.google.com Server: XXXXX.com Address: 10.0.0.5 *** XXXX.com can't find www.google.com: Non-existent host/domain > I can't figure out why, and darn if I am not getting any denied packet log entries in /var/log/security on the firewall. I am using static NAT, with my DNS server having the internal address 10.0.0.5, but an external address of aa.bb.cc.dd. The ipfw entries that appear relevant are: # internal DNS.. 03000 allow udp from ww.xx.yy.zz to any 53 keep-state 03100 allow tcp from ww.xx.yy.zz to any 53 keep-state # this is the public DNS server.. 03200 allow udp from aa.bb.cc.dd to any 53 keep-state 03300 allow tcp from aa.bb.cc.dd to any 53 keep-state This should allow my name servers to access any outside name servers right? I even get dynamic rules that indicate some type of connection is being attempted: 03200 0 0 (T 29, # 91) ty 0 udp, aa.bb.cc.dd 1196 <-> 66.135.0.10 53 Despite this entry the local named still times out. The wierd thing is that the named running on the firewall, ww.xx.yy.zz (internal 10.0.0.1), works. But the named running on aa.bb.cc.dd (10.0.0.5) doesn't. Note, the entire ruleset follows if you need more information: 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 allow ip from any to any via nge0 00500 deny ip from 10.0.0.0/24 to any in recv rl0 00600 deny ip from public-network-XXX/26 to any in recv nge0 00700 deny ip from any to 10.0.0.0/8 via rl0 00800 deny ip from any to 172.16.0.0/12 via rl0 00900 deny ip from any to 192.168.0.0/16 via rl0 01000 deny ip from any to 0.0.0.0/8 via rl0 01100 deny ip from any to 169.254.0.0/16 via rl0 01200 deny ip from any to 192.0.2.0/24 via rl0 01300 deny ip from any to 224.0.0.0/4 via rl0 01400 deny ip from any to 240.0.0.0/4 via rl0 01500 divert 8668 ip from any to any via rl0 01600 deny ip from 10.0.0.0/8 to any via rl0 01700 deny ip from 172.16.0.0/12 to any via rl0 01800 deny ip from 192.168.0.0/16 to any via rl0 01900 deny ip from 0.0.0.0/8 to any via rl0 02000 deny ip from 169.254.0.0/16 to any via rl0 02100 deny ip from 192.0.2.0/24 to any via rl0 02200 deny ip from 224.0.0.0/4 to any via rl0 02300 deny ip from 240.0.0.0/4 to any via rl0 02400 allow tcp from any to any established 02500 allow ip from any to any frag 02800 allow tcp from any to any 22 keep-state 02900 allow icmp from any to any keep-state 03000 deny log logamount 10 tcp from any to any in recv rl0 setup 03100 allow tcp from any to any setup 03200 allow udp from ww.xx.yy.zz to any 53 keep-state 03300 allow tcp from ww.xx.yy.zz to any 53 keep-state 03400 allow udp from aa.bb.cc.dd to any 53 keep-state 03500 allow tcp from aa.bb.cc.dd to any 53 keep-state 65535 deny ip from any to any Regards, Dustin --- Dustin Puryear Information Systems Consultant http://members.telocity.com/~dpuryear In the beginning the Universe was created. This has been widely regarded as a bad move. - Douglas Adams > -----Original Message----- > From: Gabriel Ambuehl [mailto:gabriel_ambuehl@buz.ch] > Sent: Tuesday, December 11, 2001 12:15 PM > To: Dustin Puryear > Cc: isp@freebsd.org > Subject: Re[10]: Using DNAT and DNS round-robin > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hello Dustin, > > Tuesday, December 11, 2001, 6:29:35 PM, you wrote: > > Yes, that is what I eventually found out. Apparently, unless you > > have some type of special gear, you cannot do IP-based virtual > > hosting in a > > load-sharing or -balancing environment. Now, doing HA might not be > > too much work depending on what your requirements for switch over > > time are. > > <10s is doable with standard gear. <1s is quite a bit harder but > perhaps still doable. > > >> That's nice. I wished I were in the same situation... > > Yes, it is nice. I have yet to do work for a company providing web > > hosting to consumers, but I can see how it would have some real > > challenges. But it > > It certainly has. > > > synchronization issue. NAS being one. A second is using a few > > "shell" servers that automatically get replicated to your web > > servers seems to be another. > > I've been thinking about that approach too, but it doesn't buy you > much since there are still that morons that use the FS as DB... > > >> Squid should do the job too, more flexibly, but probably slower. > > I played with Squid and it works nicely. Indeed, I liked the fact > > that with Squid I can make my web cluster disappear from outsiders > > and use Squid as a reverse proxy. However, since we dropped the > > requirement for IP-based virtual hosting the point is moot. We will > > be using just a standard configuration where we will DNS > > round-robin between web servers. > > That's the easiest approach, of course. OTOH, I haven't got a very > high opinion of DNS round robin since it essentially still lets the > remote client fuck it up... > > > > > Best regards, > Gabriel > > -----BEGIN PGP SIGNATURE----- > Version: PGP 6.5i > > iQEVAwUBPBY/HcZa2WpymlDxAQFoUQgAuCZrFy8u5EILeyiLBgjtLuRVcLhX8ItT > 3LfKOnw2ve513rx4F6gT9nVNrapH4jWYtidrBla4Z8xtH3N6Yem9r53To6xCqYpd > GMxv8RZdxuZtXCV92CnDxeKGIZ89nPBPFAsC6sQkDPX3jThf9+t6jI59J9rroqq+ > rwP63//vR8Pq63//Q7Lc7/TgAE6jJHs0nAXadiq1mUSwFZVF+nUgPYU3BnN9iyud > 7CLLxYnArXguGZRx2wfdskPiZ7ZCSl5mC78kUimTDHLXrV2VofyzjIJWBcWyMzNA > d9fo9b9OtDKRj3Hnvj5MpDjJySaxDBsyY15NaecYlAVazQIWuRMUyQ== > =5dpk > -----END PGP SIGNATURE----- > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Dec 15 23:51: 5 2001 Delivered-To: freebsd-isp@freebsd.org Received: from workhorse.iMach.com (workhorse.iMach.com [206.127.77.89]) by hub.freebsd.org (Postfix) with ESMTP id 3159F37B405 for ; Sat, 15 Dec 2001 23:50:59 -0800 (PST) Received: from localhost (forrestc@localhost) by workhorse.iMach.com (8.9.3/8.9.3) with ESMTP id AAA04532; Sun, 16 Dec 2001 00:42:49 -0700 (MST) Date: Sun, 16 Dec 2001 00:42:49 -0700 (MST) From: "Forrest W. Christian" To: Dustin Puryear Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Public DNS server and FreeBSD firewall In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org What is your nat configured as? The problem is probably in your natd.conf file. On Sun, 16 Dec 2001, Dustin Puryear wrote: > Date: Sun, 16 Dec 2001 01:13:14 -0600 > From: Dustin Puryear > To: freebsd-isp@FreeBSD.ORG > Subject: Public DNS server and FreeBSD firewall > > I am setting up a public DNS server and having a bit of a problem figuring > out why it cannot query outside of our network. I am using FreeBSD > 4.4-RELEASE on both the DNS server and firewall. Basically, when I try to > resolve a host outside of my network the local named times out: > > Server: XXXXX.com > Address: 10.0.0.5 > > *** XXXXXX.com can't find www.cdrom.com: Non-existent host/domain > > www.google.com > Server: XXXXX.com > Address: 10.0.0.5 > > *** XXXX.com can't find www.google.com: Non-existent host/domain > > > > I can't figure out why, and darn if I am not getting any denied packet log > entries in /var/log/security on the firewall. I am using static NAT, with my > DNS server having the internal address 10.0.0.5, but an external address of > aa.bb.cc.dd. The ipfw entries that appear relevant are: > > # internal DNS.. > 03000 allow udp from ww.xx.yy.zz to any 53 keep-state > 03100 allow tcp from ww.xx.yy.zz to any 53 keep-state > # this is the public DNS server.. > 03200 allow udp from aa.bb.cc.dd to any 53 keep-state > 03300 allow tcp from aa.bb.cc.dd to any 53 keep-state > > This should allow my name servers to access any outside name servers right? > I even get dynamic rules that indicate some type of connection is being > attempted: > > 03200 0 0 (T 29, # 91) ty 0 udp, aa.bb.cc.dd 1196 <-> 66.135.0.10 53 > > Despite this entry the local named still times out. The wierd thing is that > the named running on the firewall, ww.xx.yy.zz (internal 10.0.0.1), works. > But the named running on aa.bb.cc.dd (10.0.0.5) doesn't. > > Note, the entire ruleset follows if you need more information: > > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 00300 deny ip from 127.0.0.0/8 to any > 00400 allow ip from any to any via nge0 > 00500 deny ip from 10.0.0.0/24 to any in recv rl0 > 00600 deny ip from public-network-XXX/26 to any in recv nge0 > 00700 deny ip from any to 10.0.0.0/8 via rl0 > 00800 deny ip from any to 172.16.0.0/12 via rl0 > 00900 deny ip from any to 192.168.0.0/16 via rl0 > 01000 deny ip from any to 0.0.0.0/8 via rl0 > 01100 deny ip from any to 169.254.0.0/16 via rl0 > 01200 deny ip from any to 192.0.2.0/24 via rl0 > 01300 deny ip from any to 224.0.0.0/4 via rl0 > 01400 deny ip from any to 240.0.0.0/4 via rl0 > 01500 divert 8668 ip from any to any via rl0 > 01600 deny ip from 10.0.0.0/8 to any via rl0 > 01700 deny ip from 172.16.0.0/12 to any via rl0 > 01800 deny ip from 192.168.0.0/16 to any via rl0 > 01900 deny ip from 0.0.0.0/8 to any via rl0 > 02000 deny ip from 169.254.0.0/16 to any via rl0 > 02100 deny ip from 192.0.2.0/24 to any via rl0 > 02200 deny ip from 224.0.0.0/4 to any via rl0 > 02300 deny ip from 240.0.0.0/4 to any via rl0 > 02400 allow tcp from any to any established > 02500 allow ip from any to any frag > 02800 allow tcp from any to any 22 keep-state > 02900 allow icmp from any to any keep-state > 03000 deny log logamount 10 tcp from any to any in recv rl0 setup > 03100 allow tcp from any to any setup > 03200 allow udp from ww.xx.yy.zz to any 53 keep-state > 03300 allow tcp from ww.xx.yy.zz to any 53 keep-state > 03400 allow udp from aa.bb.cc.dd to any 53 keep-state > 03500 allow tcp from aa.bb.cc.dd to any 53 keep-state > 65535 deny ip from any to any > > Regards, Dustin > > --- > Dustin Puryear > Information Systems Consultant > http://members.telocity.com/~dpuryear > In the beginning the Universe was created. > This has been widely regarded as a bad move. - Douglas Adams > > > > -----Original Message----- > > From: Gabriel Ambuehl [mailto:gabriel_ambuehl@buz.ch] > > Sent: Tuesday, December 11, 2001 12:15 PM > > To: Dustin Puryear > > Cc: isp@freebsd.org > > Subject: Re[10]: Using DNAT and DNS round-robin > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > Hello Dustin, > > > > Tuesday, December 11, 2001, 6:29:35 PM, you wrote: > > > Yes, that is what I eventually found out. Apparently, unless you > > > have some type of special gear, you cannot do IP-based virtual > > > hosting in a > > > load-sharing or -balancing environment. Now, doing HA might not be > > > too much work depending on what your requirements for switch over > > > time are. > > > > <10s is doable with standard gear. <1s is quite a bit harder but > > perhaps still doable. > > > > >> That's nice. I wished I were in the same situation... > > > Yes, it is nice. I have yet to do work for a company providing web > > > hosting to consumers, but I can see how it would have some real > > > challenges. But it > > > > It certainly has. > > > > > synchronization issue. NAS being one. A second is using a few > > > "shell" servers that automatically get replicated to your web > > > servers seems to be another. > > > > I've been thinking about that approach too, but it doesn't buy you > > much since there are still that morons that use the FS as DB... > > > > >> Squid should do the job too, more flexibly, but probably slower. > > > I played with Squid and it works nicely. Indeed, I liked the fact > > > that with Squid I can make my web cluster disappear from outsiders > > > and use Squid as a reverse proxy. However, since we dropped the > > > requirement for IP-based virtual hosting the point is moot. We will > > > be using just a standard configuration where we will DNS > > > round-robin between web servers. > > > > That's the easiest approach, of course. OTOH, I haven't got a very > > high opinion of DNS round robin since it essentially still lets the > > remote client fuck it up... > > > > > > > > > > Best regards, > > Gabriel > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP 6.5i > > > > iQEVAwUBPBY/HcZa2WpymlDxAQFoUQgAuCZrFy8u5EILeyiLBgjtLuRVcLhX8ItT > > 3LfKOnw2ve513rx4F6gT9nVNrapH4jWYtidrBla4Z8xtH3N6Yem9r53To6xCqYpd > > GMxv8RZdxuZtXCV92CnDxeKGIZ89nPBPFAsC6sQkDPX3jThf9+t6jI59J9rroqq+ > > rwP63//vR8Pq63//Q7Lc7/TgAE6jJHs0nAXadiq1mUSwFZVF+nUgPYU3BnN9iyud > > 7CLLxYnArXguGZRx2wfdskPiZ7ZCSl5mC78kUimTDHLXrV2VofyzjIJWBcWyMzNA > > d9fo9b9OtDKRj3Hnvj5MpDjJySaxDBsyY15NaecYlAVazQIWuRMUyQ== > > =5dpk > > -----END PGP SIGNATURE----- > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/ Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 ---------------------------------------------------------------------- Protect your personal freedoms - visit http://www.lp.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message