From owner-freebsd-ipfw@FreeBSD.ORG Sun Sep 9 18:39:04 2007 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8DA4516A418 for ; Sun, 9 Sep 2007 18:39:04 +0000 (UTC) (envelope-from bounces@nabble.com) Received: from kuber.nabble.com (kuber.nabble.com [216.139.236.158]) by mx1.freebsd.org (Postfix) with ESMTP id 5961C13C459 for ; Sun, 9 Sep 2007 18:39:02 +0000 (UTC) (envelope-from bounces@nabble.com) Received: from isper.nabble.com ([192.168.236.156]) by kuber.nabble.com with esmtp (Exim 4.63) (envelope-from ) id 1IURPq-0000c0-8c for freebsd-ipfw@freebsd.org; Sun, 09 Sep 2007 11:21:50 -0700 Message-ID: <12581500.post@talk.nabble.com> Date: Sun, 9 Sep 2007 11:21:50 -0700 (PDT) From: Steffen To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Nabble-From: STEFF@tdc.dk Subject: ipfw, two natd instances and policy based routing.. X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Sep 2007 18:39:04 -0000 Hi! I'm trying to build an internet solution for the few people that live in my building. I'm convinced that I need to run two instances of natd. Tips on how thats best obtained are welcome - I've just copied the /etc/rc.d/natd into natd2 and replaced natd to natd2 where approriate, but thats really an ugly solution I think.. Then I wan't to do source based routing. I'll explain why futher on down if you're interested. My problem is that I'm confused about how to both do source based routing AND nat. When i use either of the fwd or divert commands, the processing of the packet ends, so I can only do one of the two, when I'm really trying to do both to the same packet. I've read a couple of times that packets are run through the filter twice, but I'm unsure how to use this, which order etc. I would guess that I should use fwd on packets inbound and then do nat outbound, but I can't really see how that should be configured - pointers to good thorough documentation would be greatly appreciated, as well as hints on what to do. /Steffen Setup description: I have two dsl lines and two freebsd boxes for redundancy. The one dsl is mine (dsl A) and should only be used by me when the other shared dsl (dsl B) is working, if its down, then the other residents may use my dsl. I should always use my own dsl unless its down. The two dsl lines comes with a public /29 connect on each, and using vlans (vlan6=dslAm vlan7=dslB), each freebsd box has a vlan interface in each of the connect prefixes. This way, even if a freebsd box dies and any dsl line dies things should still work. A cronjob would check if any dsls are down and configure ipfw accordingly. Currently box1 has a default via vlan6 and box2 via vlan7. My clients then use box1 and other residents use box2 for default gateway. In the ultimate setup I'd be running vrrp on all the client lans that all connect to box 1 & 2. Policybased routing would ensure that residents only uses my dsl when the shared one is down, and that I always use my dsl, or the shared if mine is down. Both boxes 1 & 2 are configured for nat out on vlan6 & 7. A cronjob checks if the dsl's are up, and reconfigures source based routing if a change occurs. -- View this message in context: http://www.nabble.com/ipfw%2C-two-natd-instances-and-policy-based-routing..-tf4410268.html#a12581500 Sent from the freebsd-ipfw mailing list archive at Nabble.com. From owner-freebsd-ipfw@FreeBSD.ORG Mon Sep 10 08:47:10 2007 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 83B0016A417 for ; Mon, 10 Sep 2007 08:47:10 +0000 (UTC) (envelope-from p.pisati@oltrelinux.com) Received: from mail.oltrelinux.com (krisma.oltrelinux.com [194.242.226.43]) by mx1.freebsd.org (Postfix) with ESMTP id 27CC513C45A for ; Mon, 10 Sep 2007 08:47:09 +0000 (UTC) (envelope-from p.pisati@oltrelinux.com) Received: from krisma.oltrelinux.com (krisma [127.0.0.1]) by mail.oltrelinux.com (Postfix) with ESMTP id 30AC911AE56; Mon, 10 Sep 2007 10:16:58 +0200 (CEST) Received: from fast.tomato.it ([62.101.64.91]) (SquirrelMail authenticated user flag@oltrelinux.com) by krisma.oltrelinux.com with HTTP; Mon, 10 Sep 2007 10:16:58 +0200 (CEST) Message-ID: <65062.62.101.64.91.1189412218.squirrel@krisma.oltrelinux.com> In-Reply-To: <46E2A20B.8010306@austin.rr.com> References: <46DF68EE.1010905@austin.rr.com> <20070906123417.GA95067@tin.it> <46E0146D.8060508@korcett.com> <46E2A20B.8010306@austin.rr.com> Date: Mon, 10 Sep 2007 10:16:58 +0200 (CEST) From: "Paolo Pisati" To: "Chris Bowman (Home)" User-Agent: SquirrelMail/1.4.4 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at krisma.oltrelinux.com Cc: freebsd-ipfw@freebsd.org, chris@korcett.com Subject: Re: [6.x patchset] Ipfw nat and libalias modules X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Sep 2007 08:47:10 -0000 > > I'm having a bit of trouble backporting 7.x to 6.x, 6.2 Release > specifically. Before I continue down this road, in the name of not > re-inventing the wheel twice, does anyone already have a current patch > which will work on 6.2 ? Thank You! AFAIK no. -- bye, P. From owner-freebsd-ipfw@FreeBSD.ORG Mon Sep 10 11:08:09 2007 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 009CF16A469 for ; Mon, 10 Sep 2007 11:08:09 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id C26BA13C4B5 for ; Mon, 10 Sep 2007 11:08:08 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l8AB88t7017280 for ; Mon, 10 Sep 2007 11:08:08 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l8AB87mv017275 for freebsd-ipfw@FreeBSD.org; Mon, 10 Sep 2007 11:08:07 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 10 Sep 2007 11:08:07 GMT Message-Id: <200709101108.l8AB87mv017275@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Sep 2007 11:08:09 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/95084 ipfw [ipfw] [patch] IPFW2 ignores "recv/xmit/via any" (IPFW o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/103454 ipfw [ipfw] [patch] add a facility to modify DF bit of the o kern/106534 ipfw [ipfw] [panic] ipfw + dummynet o kern/112708 ipfw ipfw is seems to be broken to limit number of connecti o kern/115261 ipfw [ipfw]: incorrect 'ipfw: pullup failed' with IPv6 no-n 14 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau o kern/46159 ipfw [ipfw] [patch] ipfw dynamic rules lifetime feature o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o bin/50749 ipfw [ipfw] [patch] ipfw2 incorrectly parses ports and port o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/73276 ipfw [ipfw] [patch] ipfw2 vulnerability (parser error) o bin/78785 ipfw [ipfw] [patch] ipfw verbosity locks machine if /etc/rc o kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o kern/82724 ipfw [ipfw] [patch] Add setnexthop and defaultroute feature o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/103328 ipfw [ipfw] sugestions about ipfw table o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o kern/107305 ipfw [ipfw] ipfw fwd doesn't seem to work o kern/111713 ipfw [dummynet] Too few dummynet queue slots o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets p kern/113388 ipfw [ipfw][patch] Addition actions with rules within speci o bin/115172 ipfw [patch] ipfw(8) list show some rules with a wrong form o kern/115755 ipfw [ipfw][patch] unify message and add a rule number wher o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from 27 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Wed Sep 12 23:47:27 2007 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4C8C216A417 for ; Wed, 12 Sep 2007 23:47:27 +0000 (UTC) (envelope-from bounces@nabble.com) Received: from kuber.nabble.com (kuber.nabble.com [216.139.236.158]) by mx1.freebsd.org (Postfix) with ESMTP id 357B113C4EA for ; Wed, 12 Sep 2007 23:47:27 +0000 (UTC) (envelope-from bounces@nabble.com) Received: from isper.nabble.com ([192.168.236.156]) by kuber.nabble.com with esmtp (Exim 4.63) (envelope-from ) id 1IVbva-0004Q7-F5 for freebsd-ipfw@freebsd.org; Wed, 12 Sep 2007 16:47:26 -0700 Message-ID: <12646241.post@talk.nabble.com> Date: Wed, 12 Sep 2007 16:47:26 -0700 (PDT) From: Srimanta BSD To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Nabble-From: srimanta_pradhan@yahoo.com Subject: source based forwarding code X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2007 23:47:27 -0000 Hi, Can someone please send me the link to download Source Based Forwarding implementation in FreeBsd 6.2 or other version. Thanks, Srimanta -- View this message in context: http://www.nabble.com/source-based-forwarding-code-tf4432688.html#a12646241 Sent from the freebsd-ipfw mailing list archive at Nabble.com. From owner-freebsd-ipfw@FreeBSD.ORG Thu Sep 13 15:43:40 2007 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 425AA16A41A for ; Thu, 13 Sep 2007 15:43:40 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outO.internet-mail-service.net (outO.internet-mail-service.net [216.240.47.238]) by mx1.freebsd.org (Postfix) with ESMTP id 0319B13C442 for ; Thu, 13 Sep 2007 15:43:39 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.40) with ESMTP; Thu, 13 Sep 2007 08:43:39 -0700 Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id DA010126387; Thu, 13 Sep 2007 08:43:38 -0700 (PDT) Message-ID: <46E95AAF.9080907@elischer.org> Date: Thu, 13 Sep 2007 08:43:43 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.6 (Macintosh/20070728) MIME-Version: 1.0 To: Srimanta BSD References: <12646241.post@talk.nabble.com> In-Reply-To: <12646241.post@talk.nabble.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org Subject: Re: source based forwarding code X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Sep 2007 15:43:40 -0000 Srimanta BSD wrote: > Hi, > > Can someone please send me the link to download Source Based Forwarding > implementation in FreeBsd 6.2 or other version. we use the firewall(s) to do so.. Look in the ipfw man pages for the 'fwd' command for ipfw. For pf there is another command, the name of which I forget right now. > > Thanks, > Srimanta From owner-freebsd-ipfw@FreeBSD.ORG Thu Sep 13 16:24:41 2007 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7FCDC16A418 for ; Thu, 13 Sep 2007 16:24:41 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.183]) by mx1.freebsd.org (Postfix) with ESMTP id C6C9013C468 for ; Thu, 13 Sep 2007 16:24:40 +0000 (UTC) (envelope-from max@love2party.net) Received: from dslb-088-066-021-171.pools.arcor-ip.net [88.66.21.171] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu1) with ESMTP (Nemesis), id 0MKwpI-1IVrIH2zxD-0002AO; Thu, 13 Sep 2007 18:11:57 +0200 From: Max Laier Organization: FreeBSD To: freebsd-ipfw@freebsd.org Date: Thu, 13 Sep 2007 18:11:39 +0200 User-Agent: KMail/1.9.7 References: <12646241.post@talk.nabble.com> <46E95AAF.9080907@elischer.org> In-Reply-To: <46E95AAF.9080907@elischer.org> X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart5129656.PejL646VSu"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200709131811.46486.max@love2party.net> X-Provags-ID: V01U2FsdGVkX19i2LqTIo49PNchb126jJo6NeXGvulIUegs8MP ypguET8mVrHVEOQeveTp0QEW40N8c6buBFP1vSjfv8goADifUh a2Q/szUjFzT29tb7jeb1AC2wBA6nA7O8Inc0BeHgqo= Cc: Julian Elischer , Srimanta BSD Subject: Re: source based forwarding code X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Sep 2007 16:24:41 -0000 --nextPart5129656.PejL646VSu Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 13 September 2007, Julian Elischer wrote: > Srimanta BSD wrote: > > Hi, > > > > Can someone please send me the link to download Source Based > > Forwarding implementation in FreeBsd 6.2 or other version. > > we use the firewall(s) to do so.. > > Look in the ipfw man pages for the 'fwd' command for ipfw. > For pf there is another command, the name of which I forget right now. "route-to" see the "ROUTING" section of the pf.conf(5) man page. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart5129656.PejL646VSu Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBG6WFCXyyEoT62BG0RAqj+AJ904vpwyLQNeLLZYn4gPtjWJHlS1gCdEWfV LvsU5tQXvJkctZtCaOQi8jQ= =0pGc -----END PGP SIGNATURE----- --nextPart5129656.PejL646VSu--