From owner-freebsd-net Sun Feb 21 10:54:20 1999 Delivered-To: freebsd-net@freebsd.org Received: from grizzly.fas.com (wa0253.tnt1.awod.com [208.140.98.253]) by hub.freebsd.org (Postfix) with ESMTP id 8EFB011059 for ; Sun, 21 Feb 1999 10:54:08 -0800 (PST) (envelope-from stanb@awod.com) Received: by grizzly.fas.com ($Revision: 1.37.109.23 $/16.2) id AA210656690; Sun, 21 Feb 1999 12:04:50 -0500 Subject: Can I access Netware 4 filessytesm fom FreeBSD To: freebsd-net@FreeBSD.ORG (FreBSD networking list) Date: Sun, 21 Feb 1999 12:04:49 -0500 (EST) From: "Stan Brown" X-Mailer: ELM [version 2.4 PL24] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 717 Message-Id: <19990221185413.8EFB011059@hub.freebsd.org> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I see lot's ofreferences to IPX/SPX netowrking, and I sort of undersatnd Samba, which I don;t _think_ is the answer here, so can I access Novell Netware 4 file servers from FreeBSD? 3.0 if it matters. A pointer to docs would be good here. Thanks. -- Stan Brown stanb@netcom.com 843-745-3154 Westvaco Charleston SC. -- Windows 98: n. useless extension to a minor patch release for 32-bit extensions and a graphical shell for a 16-bit patch to an 8-bit operating system originally coded for a 4-bit microprocessor, written by a 2-bit company that can't stand for 1 bit of competition. - (c) 1999 Stan Brown. Redistribution via the Microsoft Network is prohibited. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Feb 21 18: 3: 9 1999 Delivered-To: freebsd-net@freebsd.org Received: from lion.butya.kz (butya-gw.butya.kz [194.87.112.252]) by hub.freebsd.org (Postfix) with ESMTP id BDCE010E36 for ; Sun, 21 Feb 1999 18:02:49 -0800 (PST) (envelope-from bp@butya.kz) Received: from bp (helo=localhost) by lion.butya.kz with local-esmtp (Exim 2.12 #1) id 10EkiG-0003y2-00; Mon, 22 Feb 1999 08:03:12 +0600 Date: Mon, 22 Feb 1999 08:03:12 +0600 (ALMT) From: Boris Popov To: Stan Brown Cc: FreBSD networking list Subject: Re: Can I access Netware 4 filessytesm fom FreeBSD In-Reply-To: <19990221185413.8EFB011059@hub.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 21 Feb 1999, Stan Brown wrote: > I see lot's ofreferences to IPX/SPX netowrking, and I sort of > undersatnd Samba, which I don;t _think_ is the answer here, so can I > access Novell Netware 4 file servers from FreeBSD? 3.0 if it matters. Yes, you can, but in bindery mode. Start with http://www.butya.kz/~bp/ -- Boris Popov To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Feb 22 13: 1: 9 1999 Delivered-To: freebsd-net@freebsd.org Received: from roma.coe.ufrj.br (roma.coe.ufrj.br [146.164.53.65]) by hub.freebsd.org (Postfix) with ESMTP id 9293211C9E for ; Mon, 22 Feb 1999 13:01:01 -0800 (PST) (envelope-from jonny@jonny.eng.br) Received: (from jonny@localhost) by roma.coe.ufrj.br (8.8.8/8.8.8) id SAA02125 for net@freebsd.org; Mon, 22 Feb 1999 18:00:58 -0300 (EST) (envelope-from jonny) From: Joao Carlos Mendes Luis Message-Id: <199902222100.SAA02125@roma.coe.ufrj.br> Subject: IP frags from wcarchive ??? To: net@freebsd.org Date: Mon, 22 Feb 1999 18:00:58 -0300 (EST) X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, Does anybody have a hint on what could cause this ? Feb 22 17:49:13 madrid /kernel: ipfw: 20150 Reset TCP 209.155.82.18 146.164.53.65 in via ed0 Fragment = 182 Feb 22 17:49:21 madrid last message repeated 5 times 209.155.82.18 is wcarchive.cdrom.com, 20150 is my ipfw rule that deny every TCP incoming packet for a disallowed (not allowed in a previous rule) port. The problem is why is it getting here fragmented. IIRC, FreeBSD's TCP has path MTU discovery, right ? On my side, every hop is an ethernet or fddi, until the international link, which has a 1500 byte mtu. Jonny -- Joao Carlos Mendes Luis M.Sc. Student jonny@jonny.eng.br Universidade Federal do Rio de Janeiro "This .sig is not meant to be politically correct." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Feb 22 13:12:11 1999 Delivered-To: freebsd-net@freebsd.org Received: from roma.coe.ufrj.br (roma.coe.ufrj.br [146.164.53.65]) by hub.freebsd.org (Postfix) with ESMTP id 942A4110C5 for ; Mon, 22 Feb 1999 13:12:06 -0800 (PST) (envelope-from jonny@jonny.eng.br) Received: (from jonny@localhost) by roma.coe.ufrj.br (8.8.8/8.8.8) id SAA02350; Mon, 22 Feb 1999 18:11:34 -0300 (EST) (envelope-from jonny) From: Joao Carlos Mendes Luis Message-Id: <199902222111.SAA02350@roma.coe.ufrj.br> Subject: Re: ARP is not my friend. In-Reply-To: <36CF8D66.679F8509@compusyssolutions.com> from David Tichbourne at "Feb 20, 1999 11:36:54 pm" To: david@compusyssolutions.com (David Tichbourne) Date: Mon, 22 Feb 1999 18:11:33 -0300 (EST) Cc: freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org #define quoting(David Tichbourne) // Every so often my firewall machine seems to // behave like an arp proxy, which I don't want. arp proxy ? // On my firewall console I get messages // like: // // // .... /kernel: arp: 192.168.0.1 moved from 08:00:07:a6:f7:74 to // 00:00:b4:87:00:98 // // later things seem to "reset" back to // // ..... /kernel: arp: 192.168.0.1 moved from 00:00:b4:87:00:98 to // 08:00:07:a6:f7:74 You probably have another machine on the same IP. Double check every machine. Do you have an ether address list of every machine ? // this also happens to my second machine 192.168.0.3 machine as well // (different ethernet addresses of course) // // 192.168.0.1 and 0.3 are behind my firewall and when arp reconfigures // their ethernet addresses // they obviously can see the outside world through the firewall. Why ? Does your firewall filter by mac address ??? Jonny -- Joao Carlos Mendes Luis M.Sc. Student jonny@jonny.eng.br Universidade Federal do Rio de Janeiro "This .sig is not meant to be politically correct." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Feb 22 13:57:11 1999 Delivered-To: freebsd-net@freebsd.org Received: from milkyway.org (lta-r-1.usit.net [205.241.194.17]) by hub.freebsd.org (Postfix) with ESMTP id 2340010F98 for ; Mon, 22 Feb 1999 13:57:02 -0800 (PST) (envelope-from toby@milkyway.org) Received: from milkyway.org (rigel.milkyway.org [205.241.194.19]) by milkyway.org (8.8.8/8.8.3) with ESMTP id QAA01868; Mon, 22 Feb 1999 16:55:42 -0500 (EST) Message-ID: <36D1D32A.B1463C22@milkyway.org> Date: Mon, 22 Feb 1999 16:59:06 -0500 From: Toby Swanson X-Mailer: Mozilla 4.04 [en] (Win95; I) MIME-Version: 1.0 To: sworkman@nidlink.com Cc: net@FreeBSD.ORG Subject: Re: NET SEND like program for FreeBSD References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm pretty sure the samba suite of programs offers what your after. The latest production version of samba is on the 2.2.8 CD. Toby Shawn Workman wrote: > I do a lot of work on FreeBSD but my co-workers use mostly NT 4.0. Is there a > package or port that will allow me to receive their NET SEND messages from NT > and also allow my to send messages that will pop up on their machines? > > Any help will be greatly appreciated.. > > ---------------------------------- > E-Mail: Shawn Workman > Date: 17-Feb-99 > Time: 21:29:35 > > This message was sent by XFMail > ---------------------------------- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Feb 22 16:15:43 1999 Delivered-To: freebsd-net@freebsd.org Received: from gw.caamora.com.au (jonath5.lnk.telstra.net [139.130.41.237]) by hub.freebsd.org (Postfix) with ESMTP id 9ECEA10EC3 for ; Mon, 22 Feb 1999 16:14:35 -0800 (PST) (envelope-from jon@gw.caamora.com.au) Received: (from jon@localhost) by gw.caamora.com.au (8.8.8/8.8.8) id LAA07072; Tue, 23 Feb 1999 11:15:04 +1100 (EST) (envelope-from jon) Message-ID: <19990223111502.A6930@caamora.com.au> Date: Tue, 23 Feb 1999 11:15:02 +1100 From: jonathan michaels To: freebsd-net@freebsd.org Subject: ethernet segment spliting Mail-Followup-To: freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.91.1i X-Operating-System: FreeBSD gw.caamora.com.au 2.2.7-RELEASE i386 X-Mood: i'm alive, if it counts Organisation: Caamora, PO Box 144, Rosebery NSW 1445 Australia Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org all, hello i've been reading in teh craig hunt book (tcp/ip network administration) that teh best way to 'glue' together a network spread geographically is to employ several 'bridges'. i am setting up a small community netowrk based on one class c addr range and need to incorporate several sites that can only be reached by pots dialup circuits. after preening teh faq and the handbook .. most of which i fonf difficult to read at teh best of times, i've concluded that i need to setup several bridges, but that is as far as it goes. i am not sure how to do this or how to set up teh routing. is their any place i could be able to read up on this ethernet segment spliting technique. any suggestions or book pointers will ne muchly apreciated. regards and with thanks in advance. jonathan. please excuse my poor, english, is not my forst language. -- =============================================================================== Jonathan Michaels PO Box 144, Rosebery, NSW 1445 Australia =========================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Feb 22 16:41:20 1999 Delivered-To: freebsd-net@freebsd.org Received: from snowcrest.net (mtshasta.snowcrest.net [209.232.210.195]) by hub.freebsd.org (Postfix) with ESMTP id 4A64F111EC for ; Mon, 22 Feb 1999 16:41:10 -0800 (PST) (envelope-from djewett@snowcrest.net) Received: from ws2600 (ppp510.snowcrest.net [209.148.37.158]) by snowcrest.net (8.8.5/8.8.5) with SMTP id QAA15785; Mon, 22 Feb 1999 16:40:58 -0800 (PST) Message-ID: <002c01be5ec5$0a5455e0$9e2594d1@ws2600> From: "Derek Jewett" To: "jonathan michaels" , Subject: Re: ethernet segment spliting Date: Mon, 22 Feb 1999 16:39:56 -0800 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2106.4 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Are you refering to CIDR (RFC1878) addressing, where you split one ethernet "network" into multiple "networks" segments...? If so let me know I am quite seasoned at "supernetting" derek -----Original Message----- From: jonathan michaels To: freebsd-net@FreeBSD.ORG Date: Monday, February 22, 1999 4:22 PM Subject: ethernet segment spliting >all, > >hello > >i've been reading in teh craig hunt book (tcp/ip network administration) that >teh best way to 'glue' together a network spread geographically is to employ >several 'bridges'. i am setting up a small community netowrk based on one >class c addr range and need to incorporate several sites that can only be >reached by pots dialup circuits. > >after preening teh faq and the handbook .. most of which i fonf difficult to >read at teh best of times, i've concluded that i need to setup several >bridges, but that is as far as it goes. i am not sure how to do this or how to >set up teh routing. is their any place i could be able to read up on this >ethernet segment spliting technique. > >any suggestions or book pointers will ne muchly apreciated. > >regards and with thanks in advance. > >jonathan. > >please excuse my poor, english, is not my forst language. > >-- >=========================================================================== ==== >Jonathan Michaels >PO Box 144, Rosebery, NSW 1445 Australia >=========================================================== > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Feb 22 17:14:29 1999 Delivered-To: freebsd-net@freebsd.org Received: from xylan.com (postal.xylan.com [208.8.0.248]) by hub.freebsd.org (Postfix) with ESMTP id E6DB610F9F for ; Mon, 22 Feb 1999 17:14:26 -0800 (PST) (envelope-from wes@softweyr.com) Received: from mailhub.xylan.com by xylan.com (8.8.7/SMI-SVR4 (xylan-mgw 2.2 [OUT])) id RAA13149; Mon, 22 Feb 1999 17:13:47 -0800 (PST) Received: from utah.XYLAN.COM by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB])) id RAA02335; Mon, 22 Feb 1999 17:13:43 -0800 Received: from softweyr.com by utah.XYLAN.COM (SMI-8.6/SMI-SVR4 (xylan utah [SPOOL])) id SAA16098; Mon, 22 Feb 1999 18:13:39 -0700 Message-ID: <36D200C1.DEB5473@softweyr.com> Date: Mon, 22 Feb 1999 18:13:37 -0700 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 2.2.7-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: jonathan michaels Cc: freebsd-net@FreeBSD.ORG Subject: Re: ethernet segment spliting References: <002c01be5ec5$0a5455e0$9e2594d1@ws2600> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org jonathan michaels asked: > > i've been reading in teh craig hunt book (tcp/ip network administration) > that teh best way to 'glue' together a network spread geographically is > to employ several 'bridges'. i am setting up a small community netowrk > based on one class c addr range and need to incorporate several sites > that can only be reached by pots dialup circuits. > > after preening teh faq and the handbook .. most of which i fonf difficult > to read at teh best of times, i've concluded that i need to setup several > bridges, but that is as far as it goes. i am not sure how to do this or > how to set up teh routing. is their any place i could be able to read up > on this ethernet segment spliting technique. > > any suggestions or book pointers will ne muchly apreciated. I'm not sure you'll find a book that will be all that helpful. The bridges Mr. Hunt writes about are generally used with leased telecom lines, not with the dial-up lines you want to use. What you need is a dial-up router for your remote networks. Fortunately, the user-mode PPP in FreeBSD is really quite good at this. To avoid using up all your network addresses, I recommend using network address translation at the remote sites. This way, each remote site will require only a single address from your class C allotment. Configure a FreeBSD dial-up router at your site, configured similar to the one I wrote about in "A Remote Chance" in the January 1999 issue of Daemon News: http://www.daemonnews.org/199901/freeras.html . You can start out by providing only a single dial-in line and expand the service as needed. Once you've setup the first, additional lines are much simpler. On the remote end, you will want to configure a FreeBSD dial-up router for the site. The demand-dial entry in the sample user-mode PPP configs should be ample to get you started. You will want to read the PPP docs to determine how to use network address translation mode. Each of the remote sites can use whatever address they want on their local network, since these addresses will never be exposed to the internet. You should pick one of the recommended private network addresses, such as 10.0 or 192.168.xxx.0. Depending on the client base, you may also wish to configure a mail server, an NNTP proxy, and/or a forwarding domain server on this gateway machine as well. This configuration will allow any (small) number of users at each of the remote sites to access the internet via your connection with a minimum of configuration on the client workstations. You'll be concentrating all (or at least most) of the configuration on your router, and on the gateway machine at each of the remote sites. Write if you need any specific help. Sorry it took me so long to reply, I've been buried (again) lately. ;^) -- Where am I, and what am I doing in this handbasket? Wes Peters +1.801.915.2061 Softweyr LLC wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Feb 22 17:24:48 1999 Delivered-To: freebsd-net@freebsd.org Received: from xylan.com (postal.xylan.com [208.8.0.248]) by hub.freebsd.org (Postfix) with ESMTP id DB91D116FF for ; Mon, 22 Feb 1999 17:24:44 -0800 (PST) (envelope-from wes@softweyr.com) Received: from mailhub.xylan.com by xylan.com (8.8.7/SMI-SVR4 (xylan-mgw 2.2 [OUT])) id RAA13201; Mon, 22 Feb 1999 17:24:13 -0800 (PST) Received: from utah.XYLAN.COM by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB])) id RAA02594; Mon, 22 Feb 1999 17:24:12 -0800 Received: from softweyr.com by utah.XYLAN.COM (SMI-8.6/SMI-SVR4 (xylan utah [SPOOL])) id SAA17321; Mon, 22 Feb 1999 18:24:09 -0700 Message-ID: <36D20337.2C1AA00E@softweyr.com> Date: Mon, 22 Feb 1999 18:24:07 -0700 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 2.2.7-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Joao Carlos Mendes Luis Cc: net@FreeBSD.ORG Subject: Re: IP frags from wcarchive ??? References: <199902222100.SAA02125@roma.coe.ufrj.br> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Joao Carlos Mendes Luis wrote: > > Hi, > > Does anybody have a hint on what could cause this ? > > Feb 22 17:49:13 madrid /kernel: ipfw: 20150 Reset TCP 209.155.82.18 146.164.53.65 in via ed0 Fragment = 182 > Feb 22 17:49:21 madrid last message repeated 5 times > > 209.155.82.18 is wcarchive.cdrom.com, 20150 is my ipfw rule that deny > every TCP incoming packet for a disallowed (not allowed in a previous > rule) port. The problem is why is it getting here fragmented. IIRC, > FreeBSD's TCP has path MTU discovery, right ? > > On my side, every hop is an ethernet or fddi, until the international link, > which has a 1500 byte mtu. Unless you have absolute control of the routing path, you're highly likely to encounter one or more routers that are broken with respect to path mtu discovery. -- Where am I, and what am I doing in this handbasket? Wes Peters +1.801.915.2061 Softweyr LLC wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Feb 22 17:29: 4 1999 Delivered-To: freebsd-net@freebsd.org Received: from roma.coe.ufrj.br (roma.coe.ufrj.br [146.164.53.65]) by hub.freebsd.org (Postfix) with ESMTP id C3AA1119CA for ; Mon, 22 Feb 1999 17:28:40 -0800 (PST) (envelope-from jonny@jonny.eng.br) Received: (from jonny@localhost) by roma.coe.ufrj.br (8.8.8/8.8.8) id WAA12363; Mon, 22 Feb 1999 22:28:33 -0300 (EST) (envelope-from jonny) From: Joao Carlos Mendes Luis Message-Id: <199902230128.WAA12363@roma.coe.ufrj.br> Subject: Re: IP frags from wcarchive ??? In-Reply-To: <36D20337.2C1AA00E@softweyr.com> from Wes Peters at "Feb 22, 1999 6:24: 7 pm" To: wes@softweyr.com (Wes Peters) Date: Mon, 22 Feb 1999 22:28:33 -0300 (EST) Cc: jonny@jonny.eng.br, net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org #define quoting(Wes Peters) // Unless you have absolute control of the routing path, you're highly // likely to encounter one or more routers that are broken with respect // to path mtu discovery. What would you suggest to my firewall, then ? Allow TCP fragment packets, even without knowing its port endpoints ? Is this completely safe ? Jonny -- Joao Carlos Mendes Luis M.Sc. Student jonny@jonny.eng.br Universidade Federal do Rio de Janeiro "This .sig is not meant to be politically correct." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Feb 22 18:27:30 1999 Delivered-To: freebsd-net@freebsd.org Received: from gw.caamora.com.au (jonath5.lnk.telstra.net [139.130.41.237]) by hub.freebsd.org (Postfix) with ESMTP id C79F211E1B for ; Mon, 22 Feb 1999 18:27:24 -0800 (PST) (envelope-from jon@gw.caamora.com.au) Received: (from jon@localhost) by gw.caamora.com.au (8.8.8/8.8.8) id NAA07301; Tue, 23 Feb 1999 13:27:53 +1100 (EST) (envelope-from jon) Message-ID: <19990223132752.B6930@caamora.com.au> Date: Tue, 23 Feb 1999 13:27:52 +1100 From: jonathan michaels To: Derek Jewett , freebsd-net@FreeBSD.ORG Subject: Re: ethernet segment spliting Mail-Followup-To: Derek Jewett , freebsd-net@FreeBSD.ORG References: <002c01be5ec5$0a5455e0$9e2594d1@ws2600> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.91.1i In-Reply-To: <002c01be5ec5$0a5455e0$9e2594d1@ws2600>; from Derek Jewett on Mon, Feb 22, 1999 at 04:39:56PM -0800 X-Operating-System: FreeBSD gw.caamora.com.au 2.2.7-RELEASE i386 X-Mood: i'm alive, if it counts Organisation: Caamora, PO Box 144, Rosebery NSW 1445 Australia Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Feb 22, 1999 at 04:39:56PM -0800, Derek Jewett wrote: > Are you refering to CIDR (RFC1878) addressing, where you split one ethernet > "network" into multiple "networks" segments...? If so let me know I am quite > seasoned at "supernetting" i don;t think so derek, the best way to describe it is that i have one class c addr and i wnat to use this to setup a 'wan' with just this one addr space. problem being that thier are 3 (at teh moment) locations that are gepgraphically disperced and can only be reached by ppp over telephone lines. to tie this together i ned to setup several bridges over which teh remote network segments would communicate. at least this is how i see it from what i've managed to understand about the diferences between ethernet 'bridges' and 'routers'. a class c would loose far too much if it were to be subneted. thought the cdir (rfc1878) seems to have some appeal .. but it 'frightens' me a bit, i suppose because i don;t understand it. regards and thanks for your reply. jonathan -- =============================================================================== Jonathan Michaels PO Box 144, Rosebery, NSW 1445 Australia =========================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Feb 22 18:40:56 1999 Delivered-To: freebsd-net@freebsd.org Received: from phluffy.fks.bt (net25-cust199.pdx.wantweb.net [24.236.25.199]) by hub.freebsd.org (Postfix) with ESMTP id B44881140D for ; Mon, 22 Feb 1999 18:40:52 -0800 (PST) (envelope-from myke@ees.com) Received: from localhost (myke@localhost) by phluffy.fks.bt (8.8.8/8.8.8) with ESMTP id SAA09386; Mon, 22 Feb 1999 18:40:23 -0800 (PST) (envelope-from myke@ees.com) Date: Mon, 22 Feb 1999 18:40:23 -0800 (PST) From: Mike Holling X-Sender: myke@phluffy.fks.bt To: jonathan michaels Cc: Derek Jewett , freebsd-net@FreeBSD.ORG Subject: Re: ethernet segment spliting In-Reply-To: <19990223132752.B6930@caamora.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > i don;t think so derek, the best way to describe it is that i have one class c > addr and i wnat to use this to setup a 'wan' with just this one addr space. > problem being that thier are 3 (at teh moment) locations that are > gepgraphically disperced and can only be reached by ppp over telephone lines. > > to tie this together i ned to setup several bridges over which teh remote > network segments would communicate. at least this is how i see it from what > i've managed to understand about the diferences between ethernet 'bridges' and > 'routers'. a class c would loose far too much if it were to be subneted. This sounds more like a VPN setup. I don't think attempting to "bridge" ethernet over a WAN link would work very well. - Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Feb 22 18:53:54 1999 Delivered-To: freebsd-net@freebsd.org Received: from gw.caamora.com.au (jonath5.lnk.telstra.net [139.130.41.237]) by hub.freebsd.org (Postfix) with ESMTP id 6D03710F88 for ; Mon, 22 Feb 1999 18:53:48 -0800 (PST) (envelope-from jon@gw.caamora.com.au) Received: (from jon@localhost) by gw.caamora.com.au (8.8.8/8.8.8) id NAA07384; Tue, 23 Feb 1999 13:54:12 +1100 (EST) (envelope-from jon) Message-ID: <19990223135411.D6930@caamora.com.au> Date: Tue, 23 Feb 1999 13:54:11 +1100 From: jonathan michaels To: Mike Holling Cc: Derek Jewett , freebsd-net@FreeBSD.ORG Subject: Re: ethernet segment spliting Mail-Followup-To: Mike Holling , Derek Jewett , freebsd-net@FreeBSD.ORG References: <19990223132752.B6930@caamora.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.91.1i In-Reply-To: ; from Mike Holling on Mon, Feb 22, 1999 at 06:40:23PM -0800 X-Operating-System: FreeBSD gw.caamora.com.au 2.2.7-RELEASE i386 X-Mood: i'm alive, if it counts Organisation: Caamora, PO Box 144, Rosebery NSW 1445 Australia Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org mike, On Mon, Feb 22, 1999 at 06:40:23PM -0800, Mike Holling wrote: > > i don;t think so derek, the best way to describe it is that i have one class c > > addr and i wnat to use this to setup a 'wan' with just this one addr space. > > problem being that thier are 3 (at teh moment) locations that are > > gepgraphically disperced and can only be reached by ppp over telephone lines. > > > > to tie this together i ned to setup several bridges over which teh remote > > network segments would communicate. at least this is how i see it from what > > i've managed to understand about the diferences between ethernet 'bridges' and > > 'routers'. a class c would loose far too much if it were to be subneted. > > This sounds more like a VPN setup. I don't think attempting to "bridge" > ethernet over a WAN link would work very well. i have a vague rcollection of what a vpn is, but don;t readily recall how to go about seting up something like that. so far, most have suggested that i setup several routers and use addr translation to service teh clients .. this sounds like the best thing to do, and abiut the easiest to setup. only down side is that i will have to move from kernel ppp to userland ppp, ow well into every life some rain must fall, i'm not neaning to eb cyncial, i much prefer to use kernel ppp, as that is where i see ppp belonging. i suppose i'm just an old dog and this is a new trick ... grin. regards and thank yo for yor responce. cheers jonathan -- =============================================================================== Jonathan Michaels PO Box 144, Rosebery, NSW 1445 Australia =========================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Feb 22 19: 6: 9 1999 Delivered-To: freebsd-net@freebsd.org Received: from gw.caamora.com.au (jonath5.lnk.telstra.net [139.130.41.237]) by hub.freebsd.org (Postfix) with ESMTP id 8106811367 for ; Mon, 22 Feb 1999 19:06:02 -0800 (PST) (envelope-from jon@gw.caamora.com.au) Received: (from jon@localhost) by gw.caamora.com.au (8.8.8/8.8.8) id OAA07423; Tue, 23 Feb 1999 14:05:13 +1100 (EST) (envelope-from jon) Message-ID: <19990223140512.E6930@caamora.com.au> Date: Tue, 23 Feb 1999 14:05:13 +1100 From: jonathan michaels To: Wes Peters Cc: freebsd-net@FreeBSD.ORG Subject: Re: ethernet segment spliting Mail-Followup-To: Wes Peters , freebsd-net@FreeBSD.ORG References: <002c01be5ec5$0a5455e0$9e2594d1@ws2600> <36D200C1.DEB5473@softweyr.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.91.1i In-Reply-To: <36D200C1.DEB5473@softweyr.com>; from Wes Peters on Mon, Feb 22, 1999 at 06:13:37PM -0700 X-Operating-System: FreeBSD gw.caamora.com.au 2.2.7-RELEASE i386 X-Mood: i'm alive, if it counts Organisation: Caamora, PO Box 144, Rosebery NSW 1445 Australia Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org wes, On Mon, Feb 22, 1999 at 06:13:37PM -0700, Wes Peters wrote: > jonathan michaels asked: > > > > i've been reading in teh craig hunt book (tcp/ip network administration) > > that teh best way to 'glue' together a network spread geographically is > > to employ several 'bridges'. i am setting up a small community netowrk > > any suggestions or book pointers will ne muchly apreciated. > > I'm not sure you'll find a book that will be all that helpful. most of teh texts i've comb recenly all recommend jpf organisations like mine to go seek professional help ... ummm. > The bridges Mr. Hunt writes about are generally used with leased telecom > lines, not with the dial-up lines you want to use. What you need is a > dial-up router for your remote networks. Fortunately, the user-mode > PPP in FreeBSD is really quite good at this. i was wanting to stay away from natd .. but needing several ip's for teh link and tehn teh cpu .. teh addr toll gets heavy, so natd looks like teh only real alternative, either that or convince apnic to issue me a class b addr space (GRIN) .. somehow i don't think that is going to happen any time soon. chomped .. stuff to think about > Write if you need any specific help. Sorry it took me so long to reply, > I've been buried (again) lately. ;^) i can relate to that wes, and thx for teh reply. regards jonathan -- =============================================================================== Jonathan Michaels PO Box 144, Rosebery, NSW 1445 Australia =========================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Feb 22 19:15: 1 1999 Delivered-To: freebsd-net@freebsd.org Received: from snowcrest.net (mtshasta.snowcrest.net [209.232.210.195]) by hub.freebsd.org (Postfix) with ESMTP id 7471511219 for ; Mon, 22 Feb 1999 19:14:59 -0800 (PST) (envelope-from djewett@snowcrest.net) Received: from bsharp (ppp361.snowcrest.net [207.201.20.89]) by snowcrest.net (8.8.5/8.8.5) with SMTP id TAA21867; Mon, 22 Feb 1999 19:14:50 -0800 (PST) Message-ID: <001c01be5edb$a5966be0$5914c9cf@bsharp.dubakella.tcoe.k12.ca.us> From: "Derek Jewett" To: "jonathan michaels" , Subject: Re: ethernet segment spliting Date: Mon, 22 Feb 1999 19:21:13 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.1 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Does sound like a ppp connection to the three "outstations" would be best fitting in your case. I belive you could just set up a ppp server on your central segment, and the outstations would be able to dial into the central network and "bridge" packets accross the line(s)... good luck! -----Original Message----- From: jonathan michaels To: Derek Jewett ; freebsd-net@FreeBSD.ORG Date: Monday, February 22, 1999 6:27 PM Subject: Re: ethernet segment spliting >On Mon, Feb 22, 1999 at 04:39:56PM -0800, Derek Jewett wrote: > >> Are you refering to CIDR (RFC1878) addressing, where you split one ethernet >> "network" into multiple "networks" segments...? If so let me know I am quite >> seasoned at "supernetting" > >i don;t think so derek, the best way to describe it is that i have one class c >addr and i wnat to use this to setup a 'wan' with just this one addr space. >problem being that thier are 3 (at teh moment) locations that are >gepgraphically disperced and can only be reached by ppp over telephone lines. > >to tie this together i ned to setup several bridges over which teh remote >network segments would communicate. at least this is how i see it from what >i've managed to understand about the diferences between ethernet 'bridges' and >'routers'. a class c would loose far too much if it were to be subneted. > >thought the cdir (rfc1878) seems to have some appeal .. but it 'frightens' me >a bit, i suppose because i don;t understand it. > >regards and thanks for your reply. > >jonathan > >-- >=========================================================================== ==== >Jonathan Michaels >PO Box 144, Rosebery, NSW 1445 Australia >=========================================================== > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Feb 22 19:25:17 1999 Delivered-To: freebsd-net@freebsd.org Received: from kit.isi.edu (kit.isi.edu [128.9.160.207]) by hub.freebsd.org (Postfix) with ESMTP id 2B63E1102E for ; Mon, 22 Feb 1999 19:24:26 -0800 (PST) (envelope-from eddy@kit.isi.edu) Received: (from eddy@localhost) by kit.isi.edu (8.8.8/8.8.7) id TAA14464; Mon, 22 Feb 1999 19:23:10 -0800 (PST) (envelope-from eddy) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Mon, 22 Feb 1999 19:23:10 -0800 (PST) From: eddy@isi.edu To: jonathan michaels Cc: freebsd-net@FreeBSD.ORG Subject: Re: ethernet segment spliting In-Reply-To: <19990223132752.B6930@caamora.com.au> References: <002c01be5ec5$0a5455e0$9e2594d1@ws2600> <19990223132752.B6930@caamora.com.au> X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs Lucid Message-ID: <14034.5665.522309.576539@kit.isi.edu> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org jonathan michaels states: > On Mon, Feb 22, 1999 at 04:39:56PM -0800, Derek Jewett wrote: > i don;t think so derek, the best way to describe it is that i have one class c > addr and i wnat to use this to setup a 'wan' with just this one addr space. > problem being that thier are 3 (at teh moment) locations that are > gepgraphically disperced and can only be reached by ppp over telephone lines. > this is really straight forward if i understand your needs, where B? are the bridges connected via PPP links. PPP *-B1 ----- B2-* \ / PPP \ / PPP \ / B3 | * assuming your each of your bridges connects directly to atleast one of the other bridges, (i.e. you are _not_ relying on an ISP to get from one bridge to another, (if you were relying on an ISP between bridges then a VPN is needed)). CIDR is irrelavent here. the bridges above will be not be doing any IP routing, just forwarding IP packets based on MAC addresses. you can do this with cisco's and i'd assume most other major bridge/router vendors. of course you may run into serious traffic jams if your bridging ethernet over a much slower line, like a 56k. i'm not sure if this can be done with freebsd however. Luigi's bridge code and ppp would be the place to look (Luigi will probably be able to answer this :). - rusty To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Feb 22 19:54:28 1999 Delivered-To: freebsd-net@freebsd.org Received: from granite.sentex.net (granite.sentex.ca [199.212.134.1]) by hub.freebsd.org (Postfix) with ESMTP id D6D65111E9 for ; Mon, 22 Feb 1999 19:54:23 -0800 (PST) (envelope-from mike@sentex.net) Received: from ospf-wat.sentex.net (ospf-wat.sentex.net [209.167.248.81]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id WAA29046; Mon, 22 Feb 1999 22:53:20 -0500 (EST) From: mike@sentex.net (Mike Tancsa) To: jon@caamora.com.au (jonathan michaels) Cc: freebsd-net@freebsd.org Subject: Re: ethernet segment spliting Date: Tue, 23 Feb 1999 04:01:13 GMT Message-ID: <36d22635.947960475@mail.sentex.net> References: In-Reply-To: X-Mailer: Forte Agent .99e/32.227 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 22 Feb 1999 19:22:57 -0500, in sentex.lists.freebsd.misc you wrote: >after preening teh faq and the handbook .. most of which i fonf difficult to >read at teh best of times, i've concluded that i need to setup several >bridges, but that is as far as it goes. i am not sure how to do this or how to >set up teh routing. is their any place i could be able to read up on this >ethernet segment spliting technique. > >any suggestions or book pointers will ne muchly apreciated. Careful of the term bridging. Its not what you really want to employ. You basically want to setup several subnets, one per location and route between them. For example, if 192.168.1.0/24 is the address space you have, create several subnets to match each location. If you had 4 locations, each with an equal amount of equipment, you would subnet the networks 192.168.1.0/26 192.168.1.64/26 192.168.1.128/26 192.168.1.192/26 Then you would route between the 4 networks using dialup PPP. As for good books on intro routing, I dont recall finding much that was good for a beginner. Really, your best bet is to search around the net for various FAQs, howto's and snippets of this and that. The freebsd site is one place to start, and another great tool is www.dejanews.com which is a fantastic repository of information (and some disinformation ;-)). ---Mike Mike Tancsa (mdtancsa@sentex.net) Sentex Communications Corp, Waterloo, Ontario, Canada To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Feb 22 22:18:16 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id 0D7A1117A2 for ; Mon, 22 Feb 1999 22:18:03 -0800 (PST) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id FAA18698; Tue, 23 Feb 1999 05:04:44 +0100 From: Luigi Rizzo Message-Id: <199902230404.FAA18698@labinfo.iet.unipi.it> Subject: Re: ethernet segment spliting To: eddy@isi.edu Date: Tue, 23 Feb 1999 05:04:43 +0100 (MET) Cc: jon@caamora.com.au, freebsd-net@FreeBSD.ORG In-Reply-To: <14034.5665.522309.576539@kit.isi.edu> from "eddy@isi.edu" at Feb 22, 99 07:22:51 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 861 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > the bridges above will be not be doing any IP routing, just forwarding > IP packets based on MAC addresses. you can do this with cisco's and > i'd assume most other major bridge/router vendors. of course you may > run into serious traffic jams if your bridging ethernet over a much > slower line, like a 56k. in fact as many already said the most obvious solution seems to use routing, not bridging. > i'm not sure if this can be done with freebsd however. Luigi's bridge > code and ppp would be the place to look (Luigi will probably be able > to answer this :). just because i am called... bridging in freebsd only works on ethernet-type networks. Someone already asked me that i also add support for 'tun' interfaces so that solutions like the one above are possible. Shouldn't be that hard to implement, just isn't there right now. cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Feb 22 22:50: 8 1999 Delivered-To: freebsd-net@freebsd.org Received: from bubba.whistle.com (s205m7.whistle.com [207.76.205.7]) by hub.freebsd.org (Postfix) with ESMTP id 1025A1182D for ; Mon, 22 Feb 1999 22:50:05 -0800 (PST) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.2/8.9.2) id WAA53266; Mon, 22 Feb 1999 22:46:55 -0800 (PST) From: Archie Cobbs Message-Id: <199902230646.WAA53266@bubba.whistle.com> Subject: Re: IP frags from wcarchive ??? In-Reply-To: <199902230128.WAA12363@roma.coe.ufrj.br> from Joao Carlos Mendes Luis at "Feb 22, 99 10:28:33 pm" To: jonny@jonny.eng.br (Joao Carlos Mendes Luis) Date: Mon, 22 Feb 1999 22:46:55 -0800 (PST) Cc: wes@softweyr.com, net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Joao Carlos Mendes Luis writes: > What would you suggest to my firewall, then ? Allow TCP fragment > packets, even without knowing its port endpoints ? Is this completely > safe ? It's always safe to allow fragments, as long as you properly filter the first fragment, assuming the target machine doesn't contain som inane bug. Any packet that arrives missing its first fragment will eventually get dropped. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Feb 23 4:24:36 1999 Delivered-To: freebsd-net@freebsd.org Received: from gw.caamora.com.au (jonath5.lnk.telstra.net [139.130.41.237]) by hub.freebsd.org (Postfix) with ESMTP id 5E6BC111CE for ; Tue, 23 Feb 1999 04:24:29 -0800 (PST) (envelope-from jon@gw.caamora.com.au) Received: (from jon@localhost) by gw.caamora.com.au (8.8.8/8.8.8) id XAA08383; Tue, 23 Feb 1999 23:25:03 +1100 (EST) (envelope-from jon) Message-ID: <19990223232502.A8361@caamora.com.au> Date: Tue, 23 Feb 1999 23:25:02 +1100 From: jonathan michaels To: Derek Jewett , freebsd-net@FreeBSD.ORG Subject: Re: ethernet segment spliting Mail-Followup-To: Derek Jewett , freebsd-net@FreeBSD.ORG References: <001c01be5edb$a5966be0$5914c9cf@bsharp.dubakella.tcoe.k12.ca.us> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.91.1i In-Reply-To: <001c01be5edb$a5966be0$5914c9cf@bsharp.dubakella.tcoe.k12.ca.us>; from Derek Jewett on Mon, Feb 22, 1999 at 07:21:13PM -0800 X-Operating-System: FreeBSD gw.caamora.com.au 2.2.7-RELEASE i386 X-Mood: i'm alive, if it counts Organisation: Caamora, PO Box 144, Rosebery NSW 1445 Australia Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org derek, On Mon, Feb 22, 1999 at 07:21:13PM -0800, Derek Jewett wrote: > Does sound like a ppp connection to the three "outstations" would be best > fitting in your case. I belive you could just set up a ppp server on your > central segment, and the outstations would be able to dial into the central > network and "bridge" packets accross the line(s)... good luck! if teh three 'outstations' were just that i'd be home and hosed .. grin, the 'probelm' is that they are not one host dialups. it sorta looks like this .. i'm at the center of a cart wheel, with the spokes being a 'route' to teh stattalite 'outstations', each of those being a cluster of two or three indepemdant hosts on an ethernet segment of some sort. more i think about it, more its looking like an isp type of thingie. i'm going to be reading up on tun and ppp and natd to see how it can be fitted together .. this natd thing has got me perplexed, why go to teh trouble of converting 'fake' ip addrs to real addrs, sure i've got a few to burn and i understand why wes suggested using natd and teh rfc1953 (sory i may have this wrong) addr blocks. just as an aside .. is this sort of common in freebsd, or have i stumbled into a part of network theory that isn't to often traveled ? regards and thx jonathan -- =============================================================================== Jonathan Michaels PO Box 144, Rosebery, NSW 1445 Australia =========================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Feb 23 6:46:26 1999 Delivered-To: freebsd-net@freebsd.org Received: from obie.softweyr.com (unknown [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id E29CC111C5 for ; Tue, 23 Feb 1999 06:46:23 -0800 (PST) (envelope-from wes@softweyr.com) Received: from softweyr.com (zaphod.softweyr.com [204.68.178.35]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id HAA14036; Tue, 23 Feb 1999 07:46:11 -0700 (MST) (envelope-from wes@softweyr.com) Message-ID: <36D2BF32.D73123DD@softweyr.com> Date: Tue, 23 Feb 1999 07:46:10 -0700 From: Wes Peters Organization: Softweyr llc X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.0-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: jonathan michaels Cc: freebsd-net@FreeBSD.ORG Subject: Re: ethernet segment spliting References: <002c01be5ec5$0a5455e0$9e2594d1@ws2600> <36D200C1.DEB5473@softweyr.com> <19990223140512.E6930@caamora.com.au> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org jonathan michaels wrote: > > wes, > > On Mon, Feb 22, 1999 at 06:13:37PM -0700, Wes Peters wrote: > > jonathan michaels asked: > > > > > > i've been reading in teh craig hunt book (tcp/ip network administration) > > > that teh best way to 'glue' together a network spread geographically is > > > to employ several 'bridges'. i am setting up a small community netowrk > > > any suggestions or book pointers will ne muchly apreciated. > > > > I'm not sure you'll find a book that will be all that helpful. > > most of teh texts i've comb recenly all recommend jpf organisations like mine > to go seek professional help ... ummm. > > > The bridges Mr. Hunt writes about are generally used with leased telecom > > lines, not with the dial-up lines you want to use. What you need is a > > dial-up router for your remote networks. Fortunately, the user-mode > > PPP in FreeBSD is really quite good at this. > > i was wanting to stay away from natd .. but needing several ip's for teh link > and tehn teh cpu .. teh addr toll gets heavy, so natd looks like teh only real > alternative, either that or convince apnic to issue me a class b addr space > (GRIN) .. somehow i don't think that is going to happen any time soon. You don't actually have to use natd to do nat; the user-mode PPP will do it for you. But I understand, nat always seems like a cop-out. > chomped .. stuff to think about > > > Write if you need any specific help. Sorry it took me so long to reply, > > I've been buried (again) lately. ;^) > > i can relate to that wes, and thx for teh reply. Actually, the last week and a half has been pretty rough. Diane got sick early last week with a terrible flu, Baily caught it on Thursday, and Diane miscarried our new baby on Friday. It was very early term, probably about 3.5 weeks, but it's still been more of a blow than I expected. I had just started to think about a new baby, and wham... Diane and Bailey are both starting to get better, I am resurfacing now, and will catch up on some other mail I've had pending to you since early last week when I can. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.softweyr.com/~softweyr wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Feb 23 7:15:40 1999 Delivered-To: freebsd-net@freebsd.org Received: from obie.softweyr.com (unknown [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id DCA67117E1 for ; Tue, 23 Feb 1999 07:15:37 -0800 (PST) (envelope-from wes@softweyr.com) Received: from softweyr.com (zaphod.softweyr.com [204.68.178.35]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id IAA14087; Tue, 23 Feb 1999 08:15:15 -0700 (MST) (envelope-from wes@softweyr.com) Message-ID: <36D2C603.6CDF1DA0@softweyr.com> Date: Tue, 23 Feb 1999 08:15:15 -0700 From: Wes Peters Organization: Softweyr llc X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.0-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Archie Cobbs Cc: Joao Carlos Mendes Luis , net@FreeBSD.ORG Subject: Re: IP frags from wcarchive ??? References: <199902230646.WAA53266@bubba.whistle.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Archie Cobbs wrote: > > Joao Carlos Mendes Luis writes: > > What would you suggest to my firewall, then ? Allow TCP fragment > > packets, even without knowing its port endpoints ? Is this completely > > safe ? > > It's always safe to allow fragments, as long as you properly > filter the first fragment, assuming the target machine doesn't > contain som inane bug. Any packet that arrives missing its > first fragment will eventually get dropped. What he said. ;^) -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.softweyr.com/~softweyr wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Feb 23 10:34:26 1999 Delivered-To: freebsd-net@freebsd.org Received: from abused.com (abused.com [204.216.142.63]) by hub.freebsd.org (Postfix) with ESMTP id 6B4F3111C5 for ; Tue, 23 Feb 1999 10:34:23 -0800 (PST) (envelope-from gvbmail@tns.net) Received: from gvb (gvb.tns.net [204.216.245.137]) by abused.com (8.9.3/I feel abused.) with SMTP id KAA00302 for ; Tue, 23 Feb 1999 10:34:44 -0800 (PST) Message-Id: <4.1.19990223102105.00adb730@abused.com> X-Sender: gvbmail@mail.tns.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Tue, 23 Feb 1999 10:23:16 -0800 To: freebsd-net@freebsd.org From: GVB Subject: RADIUS Solutions Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org As I start to completely take over all the NT machines here and replace them with FreeBSD, I am faced with this challenge. I will be running two FreeBSD machines for Radius Authentication. Both using Meritt AAA and /etc/passwd for authentication. What is the best way to synchronize passwd files between the two systems immediatly (or 5 minute incriments) upon user adds and password changes, etc. NIS? rsync? etc.. Thanks! GVB To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Feb 23 10:47:31 1999 Delivered-To: freebsd-net@freebsd.org Received: from carp.gbr.epa.gov (carp.gbr.epa.gov [204.46.159.110]) by hub.freebsd.org (Postfix) with ESMTP id E065F1116B for ; Tue, 23 Feb 1999 10:47:24 -0800 (PST) (envelope-from mjenkins@carp.gbr.epa.gov) Received: (from mjenkins@localhost) by carp.gbr.epa.gov (8.8.8/8.8.8) id MAA26505; Tue, 23 Feb 1999 12:47:18 -0600 (CST) (envelope-from mjenkins) Date: Tue, 23 Feb 1999 12:47:18 -0600 (CST) From: Mike Jenkins Message-Id: <199902231847.MAA26505@carp.gbr.epa.gov> To: jon@caamora.com.au Subject: Re: ethernet segment spliting Cc: freebsd-net@freebsd.org In-Reply-To: <19990223111502.A6930@caamora.com.au> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org LAN 1 IP Net A ========= | [FreeBSD] Hub server with multiport serial card and modems. / | \ / | \ / | \ Dialup PPP links / | \ / | \ [FreeBSD] [FreeBSD] [FreeBSD] | | | ========= ========= ========= LAN 2 LAN 3 LAN 4 IP Net B IP Net C IP Net D Notes: 1. IP Nets A/B/C/D would be subnets of class C. 2. FreeBSD boxes configured as gateways and running some routing protocol. Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Feb 23 13:50:16 1999 Delivered-To: freebsd-net@freebsd.org Received: from mail1.WorldMediaCo.com (unknown [207.252.121.17]) by hub.freebsd.org (Postfix) with ESMTP id 3B9681180C for ; Tue, 23 Feb 1999 13:50:09 -0800 (PST) (envelope-from opsys@omaha.com) Received: from freebsd.omaha.com ([207.252.122.220]) by mail1.WorldMediaCo.com (Post.Office MTA v3.5.3 release 223 ID# 0-55573U2500L250S0V35) with SMTP id com; Tue, 23 Feb 1999 15:42:40 -0600 Date: Tue, 23 Feb 1999 15:50:08 -0600 (CST) From: opsys@omaha.com (opsys) To: freebsd-net@freebsd.org Cc: "Wheeler, Scott" Subject: Useage of 'route' question... Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I wanted to know, if you have a dual homed box. With 2 fxp cards. fxp0 and fxp1. fxp0 is the private side and fxp1 goes to the net. Now fxp0 is attached to a 3com switch which has 3 other 3com switches underneath it cascaded together. On each 3com switch there is a different network attached to each one. Can you add each network to fxp0? i.e: route add -net 192.0 -interface fxp0 route add -net 10.0 -interface fxp0 route add -net 168.0 -interface fxp0 <--internet---|fxp1--FBSD BOX--fxp0|---switch 192.0 |___switch 10.0 |___switch 168.0 -- "Jesus healed the lame, but I sure as f**k can't." Chris cwatson@worldmediaco.com opsys@open-systems.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Feb 23 14: 8: 2 1999 Delivered-To: freebsd-net@freebsd.org Received: from snowcrest.net (mtshasta.snowcrest.net [209.232.210.195]) by hub.freebsd.org (Postfix) with ESMTP id A3A80119D9 for ; Tue, 23 Feb 1999 14:07:51 -0800 (PST) (envelope-from djewett@snowcrest.net) Received: from ws2600 (ppp352.snowcrest.net [207.201.20.80]) by snowcrest.net (8.8.5/8.8.5) with SMTP id OAA10656; Tue, 23 Feb 1999 14:06:24 -0800 (PST) Message-ID: <000801be5f78$9cf2e1b0$5014c9cf@ws2600> From: "Derek Jewett" To: "opsys" , Cc: "Wheeler, Scott" Subject: Re: Useage of 'route' question... Date: Tue, 23 Feb 1999 14:05:22 -0800 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2106.4 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I don't see why that wouldn't work, I do something simular, except I used the IP address of the card, but -interface would work just the same. -----Original Message----- From: opsys To: freebsd-net@FreeBSD.ORG Cc: Wheeler, Scott Date: Tuesday, February 23, 1999 1:50 PM Subject: Useage of 'route' question... > > I wanted to know, if you have a dual homed box. >With 2 fxp cards. fxp0 and fxp1. fxp0 is the private side and fxp1 goes to >the net. Now fxp0 is attached to a 3com switch which has 3 other 3com >switches underneath it cascaded together. On each 3com switch there is a >different network attached to each one. Can you add each network to fxp0? > > >i.e: route add -net 192.0 -interface fxp0 > route add -net 10.0 -interface fxp0 > route add -net 168.0 -interface fxp0 > ><--internet---|fxp1--FBSD BOX--fxp0|---switch 192.0 > |___switch 10.0 > |___switch 168.0 > >-- >"Jesus healed the lame, but I sure as f**k can't." > >Chris >cwatson@worldmediaco.com >opsys@open-systems.net > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Feb 23 16:20:55 1999 Delivered-To: freebsd-net@freebsd.org Received: from smtp2.erols.com (smtp2.erols.com [207.172.3.235]) by hub.freebsd.org (Postfix) with ESMTP id 7B2C4113A5 for ; Tue, 23 Feb 1999 16:20:44 -0800 (PST) (envelope-from shmit@natasya.noc.erols.net) Received: from natasya.noc.erols.net (natasya.mrf.va.noc.rcn.net [207.172.25.236]) by smtp2.erols.com (8.8.8/8.8.5) with ESMTP id TAA25451; Tue, 23 Feb 1999 19:23:09 -0500 (EST) Received: (from shmit@localhost) by natasya.noc.erols.net (8.9.2/8.9.1) id TAA53032; Tue, 23 Feb 1999 19:20:32 -0500 (EST) Message-ID: <19990223192031.C50175@kublai.com> Date: Tue, 23 Feb 1999 19:20:31 -0500 From: Brian Cully To: GVB , freebsd-net@FreeBSD.ORG Subject: Re: RADIUS Solutions Reply-To: shmit@kublai.com References: <4.1.19990223102105.00adb730@abused.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <4.1.19990223102105.00adb730@abused.com>; from GVB on Tue, Feb 23, 1999 at 10:23:16AM -0800 X-Sender: If your mailer pays attention to this, it's broken. X-PGP-Info: finger shmit@kublai.com for my public key. Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Feb 23, 1999 at 10:23:16AM -0800, GVB wrote: > As I start to completely take over all the NT machines here and replace > them with FreeBSD, I am faced with this challenge. I will be running two > FreeBSD machines for Radius Authentication. Both using Meritt AAA and > /etc/passwd for authentication. What is the best way to synchronize passwd > files between the two systems immediatly (or 5 minute incriments) upon user > adds and password changes, etc. NIS? rsync? etc.. One of the things we did was distribute a full password list every four hours, but to get real-time authentication, we hacked our daemon to query directly against our provisioning system if the user wasn't in the password file or if his password had been invalidated. It works fairly well, and should be much more scalable than pushing out full password files every five minutes or so, and also better than doing all requests over the network. -- Brian Cully ``I'm not surprised,'' said I. ``You created God in your own image, and when you found out he was no good you abolished him. It's quite a common form of psychological suicide.'' -- Robertson Davies, Fifth Buisiness To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Feb 24 13:25:47 1999 Delivered-To: freebsd-net@freebsd.org Received: from samizdat.uucom.com (samizdat.uucom.com [198.202.217.54]) by hub.freebsd.org (Postfix) with ESMTP id 91179114C8 for ; Wed, 24 Feb 1999 13:22:03 -0800 (PST) (envelope-from cshenton@uucom.com) Received: (from cshenton@localhost) by samizdat.uucom.com (8.9.1/8.9.0) id KAA18213; Wed, 24 Feb 1999 10:36:18 -0500 To: GVB Cc: freebsd-net@FreeBSD.ORG Subject: Re: RADIUS Solutions [synchronizing passwords across systems] References: <4.1.19990223102105.00adb730@abused.com> From: Chris Shenton Date: 24 Feb 1999 10:36:18 -0500 In-Reply-To: GVB's message of Tue, 23 Feb 1999 10:23:16 -0800 Message-ID: <86lnhnu83x.fsf@samizdat.uucom.com> Lines: 31 X-Mailer: Gnus v5.5/Emacs 20.2 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org GVB writes: > I will be running two FreeBSD machines for Radius Authentication. > Both using Meritt AAA and /etc/passwd for authentication. What is > the best way to synchronize passwd files between the two systems > immediatly (or 5 minute incriments) upon user adds and password > changes, etc. NIS? rsync? etc.. I have a somewhat similar situation: FreeBSD passwords on the account-creation system need to be synchronized between the www/ftp box, smtp/pop/imap box, and radius servers. I wrote a script which uses "scp" to copy the master.password and group file into a temporary (secure) place on the target, then invokes makepwdb to convert that into the FreeBSD DB format. I run it from cron only once an hour at this point. I wanted to run the password-pushing script when the user changed their password, but my changing mechanism is a web form calling a CGI which talks to poppassd. This means that the "user" which would be running the pusher is "www" -- so anyone who could reach my web server could invoke the script, not something I'm happy with, lots of room for abuse. That's why I just run it periodically out of root's cron. I'm not entirely happy with this solution, but I wasn't too happy turning on NIS -- after avoiding it for five years. The FreeBSD NIS docs make it sounds like they've taken great care for NIS-sharing password-oriented files, but still... been burned by NIS security problems too many times in the past. I'd welcome other suggestions... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Feb 24 13:33:23 1999 Delivered-To: freebsd-net@freebsd.org Received: from ausmail.austin.ibm.com (ausmail.austin.ibm.com [192.35.232.19]) by hub.freebsd.org (Postfix) with ESMTP id E4EA3117EF for ; Wed, 24 Feb 1999 13:33:09 -0800 (PST) (envelope-from venkats@austin.ibm.com) Received: from netmail2.austin.ibm.com (netmail2.austin.ibm.com [9.53.250.97]) by ausmail.austin.ibm.com (8.9.1/8.8.5) with ESMTP id IAA10166 for ; Wed, 24 Feb 1999 08:20:24 -0600 Received: from ambika.austin.ibm.com (ambika.austin.ibm.com [9.53.150.77]) by netmail2.austin.ibm.com (8.8.5/8.8.5) with ESMTP id JAA38098 for ; Wed, 24 Feb 1999 09:09:53 -0600 Received: from austin.ibm.com (localhost.austin.ibm.com [127.0.0.1]) by ambika.austin.ibm.com (AIX4.3/UCB 8.8.8/8.7-client1.01) with ESMTP id JAA27832 for ; Wed, 24 Feb 1999 09:09:53 -0600 Message-ID: <36D41640.C8E7F83F@austin.ibm.com> Date: Wed, 24 Feb 1999 09:09:52 -0600 From: venkat venkatsubra Organization: IBM X-Mailer: Mozilla 4.06 [en] (X11; I; AIX 4.3) MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: etherchannel support Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Does freebsd have support for Cisco's etherchannel ? That is, can i connect four ethernet/fast ethernet cards on a box running freebsd to a cisco switch that supports etherchannel and configure the four cards as one ether channel ? Venkat To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Feb 24 21:29:15 1999 Delivered-To: freebsd-net@freebsd.org Received: from xylan.com (postal.xylan.com [208.8.0.248]) by hub.freebsd.org (Postfix) with ESMTP id 57DB414F08 for ; Wed, 24 Feb 1999 21:29:12 -0800 (PST) (envelope-from wes@softweyr.com) Received: from mailhub.xylan.com by xylan.com (8.8.7/SMI-SVR4 (xylan-mgw 2.2 [OUT])) id VAA08214; Wed, 24 Feb 1999 21:27:47 -0800 (PST) Received: from utah.XYLAN.COM by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB])) id VAA16498; Wed, 24 Feb 1999 21:27:46 -0800 Received: from softweyr.com by utah.XYLAN.COM (SMI-8.6/SMI-SVR4 (xylan utah [SPOOL])) id WAA23992; Wed, 24 Feb 1999 22:27:42 -0700 Message-ID: <36D4DF47.EF9426F5@softweyr.com> Date: Wed, 24 Feb 1999 22:27:35 -0700 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 2.2.7-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Chris Shenton Cc: GVB , freebsd-net@FreeBSD.ORG Subject: Re: RADIUS Solutions [synchronizing passwords across systems] References: <4.1.19990223102105.00adb730@abused.com> <86lnhnu83x.fsf@samizdat.uucom.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Chris Shenton wrote: > > GVB writes: > > > I will be running two FreeBSD machines for Radius Authentication. > > Both using Meritt AAA and /etc/passwd for authentication. What is > > the best way to synchronize passwd files between the two systems > > immediatly (or 5 minute incriments) upon user adds and password > > changes, etc. NIS? rsync? etc.. > > I have a somewhat similar situation: FreeBSD passwords on the > account-creation system need to be synchronized between the www/ftp > box, smtp/pop/imap box, and radius servers. > > I wrote a script which uses "scp" to copy the master.password and > group file into a temporary (secure) place on the target, then invokes > makepwdb to convert that into the FreeBSD DB format. > I run it from cron only once an hour at this point. > > I wanted to run the password-pushing script when the user changed > their password, but my changing mechanism is a web form calling a CGI > which talks to poppassd. This means that the "user" which would be > running the pusher is "www" -- so anyone who could reach my web server > could invoke the script, not something I'm happy with, lots of room > for abuse. That's why I just run it periodically out of root's cron. > > I'm not entirely happy with this solution, but I wasn't too happy > turning on NIS -- after avoiding it for five years. The FreeBSD NIS > docs make it sounds like they've taken great care for NIS-sharing > password-oriented files, but still... been burned by NIS security > problems too many times in the past. > > I'd welcome other suggestions... Write a little C program that monitors the password files and pushes the changes automagically whenever the file has changed. Stat'ing the file once a minute (or so) shouldn't hurt too much. Alternative: implement a node monitor KLD. As Terry Lambert how to do this; he may have some good ideas. This is something security monitors have been wanting in UNIX for at least a decade. -- Where am I, and what am I doing in this handbasket? Wes Peters +1.801.915.2061 Softweyr LLC wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Feb 24 22:15:30 1999 Delivered-To: freebsd-net@freebsd.org Received: from super-g.inch.com (super-g.com [207.240.140.161]) by hub.freebsd.org (Postfix) with ESMTP id 2F36514CEE for ; Wed, 24 Feb 1999 22:15:27 -0800 (PST) (envelope-from spork@super-g.com) Received: from localhost (localhost [127.0.0.1]) by super-g.inch.com (8.8.8/8.8.5) with SMTP id BAA12898; Thu, 25 Feb 1999 01:14:04 -0500 (EST) Date: Thu, 25 Feb 1999 01:14:04 -0500 (EST) From: spork X-Sender: spork@super-g.inch.com To: Chris Shenton Cc: GVB , freebsd-net@FreeBSD.ORG Subject: Re: RADIUS Solutions [synchronizing passwords across systems] In-Reply-To: <86lnhnu83x.fsf@samizdat.uucom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Merit Radius does allow for crypted passwords in the 'users' file, so it is pretty easy to grab the wanted UIDS (generally based on group), mush them through a script and end up with a usable users file. This way you're not needing to make actual accounts on all of your machines other than for staffers. This has been working really well for us so far on our backup auth server. Charles --- Charles Sprickman spork@super-g.com On 24 Feb 1999, Chris Shenton wrote: > GVB writes: > > > I will be running two FreeBSD machines for Radius Authentication. > > Both using Meritt AAA and /etc/passwd for authentication. What is > > the best way to synchronize passwd files between the two systems > > immediatly (or 5 minute incriments) upon user adds and password > > changes, etc. NIS? rsync? etc.. > > I have a somewhat similar situation: FreeBSD passwords on the > account-creation system need to be synchronized between the www/ftp > box, smtp/pop/imap box, and radius servers. > > I wrote a script which uses "scp" to copy the master.password and > group file into a temporary (secure) place on the target, then invokes > makepwdb to convert that into the FreeBSD DB format. > I run it from cron only once an hour at this point. > > I wanted to run the password-pushing script when the user changed > their password, but my changing mechanism is a web form calling a CGI > which talks to poppassd. This means that the "user" which would be > running the pusher is "www" -- so anyone who could reach my web server > could invoke the script, not something I'm happy with, lots of room > for abuse. That's why I just run it periodically out of root's cron. > > I'm not entirely happy with this solution, but I wasn't too happy > turning on NIS -- after avoiding it for five years. The FreeBSD NIS > docs make it sounds like they've taken great care for NIS-sharing > password-oriented files, but still... been burned by NIS security > problems too many times in the past. > > I'd welcome other suggestions... > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Feb 24 23:40:35 1999 Delivered-To: freebsd-net@freebsd.org Received: from ns1.seidata.com (ns1.seidata.com [208.10.211.2]) by hub.freebsd.org (Postfix) with ESMTP id 6E0CB14BD8 for ; Wed, 24 Feb 1999 23:40:33 -0800 (PST) (envelope-from mike@seidata.com) Received: from localhost (mike@localhost) by ns1.seidata.com (8.8.8/8.8.5) with ESMTP id CAA26529; Thu, 25 Feb 1999 02:40:15 -0500 (EST) Date: Thu, 25 Feb 1999 02:40:13 -0500 (EST) From: To: Brian Cully Cc: GVB , freebsd-net@FreeBSD.ORG Subject: Re: RADIUS Solutions In-Reply-To: <19990223192031.C50175@kublai.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 23 Feb 1999, Brian Cully wrote: > daemon to query directly against our provisioning system if the > user wasn't in the password file or if his password had been > invalidated. Hacked... your radiusd? '...provisioning system'? Is this to say that you, perhaps, have multiple systems, but they all end up being useless if the one, centralized provisioning system is down? I'm probably just misunderstanding... I'm wanting to setup round-robin radius servers myself (just running one now with a 'standby' that has to be administratively enabled *ack*). I want to ensure that when one box dies, the other gets hit without any intervention on my part. That means it will need it's own copy of the password database... something that NIS seems quite suited to handle... although I'm always open to other alternatives. -- Mike Hoskins Systems/Network Administrator SEI Data Network Services, Inc. http://www.seidata.com "In a world where an admin is rendered useless when the ball in his mouse has been taken out, its good to know that I know UNIX." -- toaster.sun4c.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Feb 25 1:17:50 1999 Delivered-To: freebsd-net@freebsd.org Received: from mail.vera.net (mail.vera.net [200.33.116.55]) by hub.freebsd.org (Postfix) with ESMTP id 2909514D01 for ; Thu, 25 Feb 1999 01:17:48 -0800 (PST) (envelope-from mdragon@vera.net) Received: from mail.vera.net (mail.vera.net [200.33.116.55]) by mail.vera.net (8.9.3/8.9.3) with SMTP id DAA36332; Thu, 25 Feb 1999 03:17:16 -0600 (CST) Date: Thu, 25 Feb 1999 09:17:16 +0000 ( ) From: "Victor M. Mondragon A." To: Chris Shenton Cc: GVB , freebsd-net@FreeBSD.ORG Subject: Re: RADIUS Solutions [synchronizing passwords across systems] In-Reply-To: <86lnhnu83x.fsf@samizdat.uucom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > GVB writes: > > > I will be running two FreeBSD machines for Radius Authentication. > > Both using Meritt AAA and /etc/passwd for authentication. What is > > the best way to synchronize passwd files between the two systems > > immediatly (or 5 minute incriments) upon user adds and password > > changes, etc. NIS? rsync? etc.. Our solution is simple and works very fast: I wrote a simple inetd service ([getpw.c] avaliable from _me_ by mail request ~4K sources), which uses the getpwnam(2) function and a custom database #include Add the following line to /etc/services: getpw 1111/tcp #network authentication And this one goes in /etc/inetd.conf: getpw stream tcp nowait root /usr/libexec/tcpd /usr/sbin/getpw Now try it using telnet # kill -HUP your_inetd_process_number #telnet your.host 1111 user987 <-- type the username user987:525:radius:101:Bj95X221nM:FFAAFFF8766Ag <-- you'll get this So this means user987 has uid=525 on group=radius gid=101 encryped_passwd=Bj95X221nM comment=FFAAFFF8766A We use the comment filed as a 'text/hex structure' for the access privileges for each user i.e: What WWW pages are allowed, access phone lines, modem use credit, use the fax-mail, is he/she a group/dept leader, etc. This service can be accessed from C, perl and even shell scripts, so it may be easy to adapt to a radius athentificator (have you seen the one developed in perl, I know it is in the CPAN as well as many other radius stuff) --------------------------------------------------------------------------- Victor Manuel Mondragon mdragon@vera.net --------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Feb 25 8: 2: 0 1999 Delivered-To: freebsd-net@freebsd.org Received: from arthur.axion.bt.co.uk (arthur.axion.bt.co.uk [132.146.5.4]) by hub.freebsd.org (Postfix) with ESMTP id 5B72114E33 for ; Thu, 25 Feb 1999 08:00:53 -0800 (PST) (envelope-from graeme.brown@bt-sys.bt.co.uk) Received: from rambo (actually rambo.futures.bt.co.uk) by arthur (local) with SMTP; Thu, 25 Feb 1999 15:59:37 +0000 Received: from maczebedee (actually macsmtp) by rambo with SMTP (PP); Thu, 25 Feb 1999 16:02:35 +0000 Message-ID: Date: 25 Feb 1999 16:02:03 +0100 From: Graeme Brown Subject: Troubles with BSDATM and PVCs To: "FreeBSD-Net (FreeBSD.Org) List" Cc: Alan ONeill , Arie van Breene , Kenjiro Cho X-Mailer: Mail*Link SMTP for Quarterdeck Mail; Version 4.0.0 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Folks I am running 4 FreeBSD routers under FBSD 2.2.6 with Kenjiro Cho (Sony CSL) ALTQ kernel which includes the BSDATM driver for Adaptec and Efficient Networks Inc. (ENI) 155 Mbits/s PCI bus ATM NICs. I have installed 2 ENI PCI Bus 155 Mbits/s ATM NICs per router. I have 2 ALTQ shadow PVC interfaces (pvcsif) namely pvc0, pvc1 configured per machine. Over a time (say a few days) I find that typicaly one of the pvcsif becomes unserviceable, I cannot ping A->B or B->A from either end of the pvc. ping reports 100 % packet loss. The receive lights on the ATM NICs show as green and therefore seem to be receiving cells ok. I am running GateD 4.06 configured to run RIPv2. When I check the routing tables at A and B with netstat -rn, the point to point route entries seem correct. So don't think its a routing problem. I have returned eight ENI cards (multimode fibre type) to ENI following such problems. ENI tested all eight cards and they tested as OK. I have swapped over to UTP5 cable based cards but the "unserviceable" pvc problem still occurs. Has anyone seen/heard of reliability problems using BSDATM in conjunction with ENI ATM NICs or more specifically using ENI cards with ALTQ pvcsifs ? TIA Graeme Brown BT Labs, UK email: graeme.brown@bt-sys.bt.co.uk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Feb 25 9:34:59 1999 Delivered-To: freebsd-net@freebsd.org Received: from coleridge.kublai.com (coleridge.kublai.com [207.96.1.116]) by hub.freebsd.org (Postfix) with ESMTP id 9C29114C96 for ; Thu, 25 Feb 1999 09:34:56 -0800 (PST) (envelope-from shmit@coleridge.kublai.com) Received: (from shmit@localhost) by coleridge.kublai.com (8.9.2/8.9.1) id MAA17055; Thu, 25 Feb 1999 12:34:27 -0500 (EST) Date: Thu, 25 Feb 1999 12:34:27 -0500 From: Brian Cully To: mike@seidata.com Cc: GVB , freebsd-net@FreeBSD.ORG Subject: Re: RADIUS Solutions Message-ID: <19990225123427.C10052@kublai.com> Reply-To: shmit@kublai.com Mail-Followup-To: mike@seidata.com, GVB , freebsd-net@FreeBSD.ORG References: <19990223192031.C50175@kublai.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.1us In-Reply-To: ; from mike@seidata.com on Thu, Feb 25, 1999 at 02:40:13AM -0500 X-Sender: If your mailer pays attention to this, it's broken. X-PGP-Info: finger shmit@kublai.com for my public key. Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Feb 25, 1999 at 02:40:13AM -0500, mike@seidata.com wrote: > On Tue, 23 Feb 1999, Brian Cully wrote: > > > daemon to query directly against our provisioning system if the > > user wasn't in the password file or if his password had been > > invalidated. > > Hacked... your radiusd? Well, since we have the source, it wasn't too difficult. :-) > '...provisioning system'? Is this to say that you, perhaps, have > multiple systems, but they all end up being useless if the one, > centralized provisioning system is down? Not at all. The provisioning system pushes out new password databases every four hours, and those databases are used in the majority of the cases. However, we wanted instant provisioning as well, so when we don't find an account in our local password database, we check the provisioning system directly. This means that we only rarely hit the network for account validation, and if the provisioning system is down the only thing that fails is new account login. -bjc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Feb 25 9:54:49 1999 Delivered-To: freebsd-net@freebsd.org Received: from widefw.csl.sony.co.jp (widefw.csl.sony.co.jp [133.138.1.1]) by hub.freebsd.org (Postfix) with ESMTP id 312E414DEE for ; Thu, 25 Feb 1999 09:53:51 -0800 (PST) (envelope-from kjc@csl.sony.co.jp) Received: from hotaka.csl.sony.co.jp (root@hotaka.csl.sony.co.jp [43.27.98.57]) by widefw.csl.sony.co.jp (8.8.8/3.6W) with ESMTP id CAA24797; Fri, 26 Feb 1999 02:32:56 +0900 (JST) Received: from localhost (kjc@[127.0.0.1]) by hotaka.csl.sony.co.jp (8.8.8/3.6W/hotaka/98122515) with ESMTP id CAA29017; Fri, 26 Feb 1999 02:32:55 +0900 (JST) Message-Id: <199902251732.CAA29017@hotaka.csl.sony.co.jp> To: Graeme Brown Cc: "FreeBSD-Net (FreeBSD.Org) List" , Alan ONeill , Arie van Breene Subject: Re: Troubles with BSDATM and PVCs In-reply-to: Your message of "25 Feb 1999 16:02:03 +0100." Date: Fri, 26 Feb 1999 02:32:55 +0900 From: Kenjiro Cho Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Graeme, >> Has anyone seen/heard of reliability problems using BSDATM in >> conjunction with ENI ATM NICs or more specifically using ENI cards >> with ALTQ pvcsifs ? Could you try the patch attached below? I fixed a bug back in October but somehow it slipped away when I made altq-1.1.3. I noticed this mistake a couple of days ago. (the fix was also made to 3.0-current.) bug description: When the entire transmit buffer is used, the transmitter thinks that the buffer is empty (WRTX == RDTX) and stops sending. The driver thinks the buffer is full, which leads to a lockup. This happens only when - the sending rate is set to a small value by the hardware shaper (to overload the NIC) - overload the NIC with small UDP packets (specific packet size is required to fit into the total buffer size) If your problem does not go away, - enable DDB in your kernel (options DDB) - when you see the problem, go to DDB by Alt-Cntrl-ESC type "call en_dump(0,1)" (the first argument is the device unit number and the second argument is dump level) send me the output --Kenjiro --- midway.c- Wed Oct 7 20:54:18 1998 +++ midway.c Thu Oct 8 12:24:34 1998 @@ -2237,7 +2237,11 @@ goto dequeue_drop; } - if (launch.need > sc->txslot[chan].bfree) { + /* + * note: don't use the entire buffer space. if WRTX becomes equal + * to RDTX, the transmitter stops assuming the buffer is empty! --kjc + */ + if (launch.need >= sc->txslot[chan].bfree) { EN_COUNT(sc->txoutspace); #ifdef EN_DEBUG printf("%s: tx%d: out of transmit space\n", sc->sc_dev.dv_xname, chan); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Feb 25 12:10:39 1999 Delivered-To: freebsd-net@freebsd.org Received: from arthur.axion.bt.co.uk (arthur.axion.bt.co.uk [132.146.5.4]) by hub.freebsd.org (Postfix) with ESMTP id ED6A0150AA for ; Thu, 25 Feb 1999 12:10:16 -0800 (PST) (envelope-from graeme.brown@bt-sys.bt.co.uk) Received: from rambo (actually rambo.futures.bt.co.uk) by arthur (local) with SMTP; Thu, 25 Feb 1999 16:58:45 +0000 Received: from maczebedee (actually macsmtp) by rambo with SMTP (PP); Thu, 25 Feb 1999 17:03:23 +0000 Message-ID: Date: 25 Feb 1999 17:03:30 +0100 From: Graeme Brown Subject: RE: Troubles with BSDATM and PVCs To: Panos GEVROS Cc: "FreeBSD-Net (FreeBSD.Org) List" X-Mailer: Mail*Link SMTP for Quarterdeck Mail; Version 4.0.0 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Panos thanks for this info. we will upgrade to altq-1.1.3. regards Graeme _______________________________________________________________________________ To: Graeme Brown Cc: P.Gevros@cs.ucl.ac.uk From: Panos GEVROS on Thu, Feb 25, 1999 4:42 pm Subject: Re: Troubles with BSDATM and PVCs RFC Header:Received: by maczebedee with ADMIN;25 Feb 1999 16:42:30 +0100 Received: from arthur.axion.bt.co.uk (actually mailhub) by rambo with SMTP (PP); Thu, 25 Feb 1999 16:45:42 +0000 Received: from bells.cs.ucl.ac.uk by arthur with Internet with SMTP; Thu, 25 Feb 1999 16:38:00 +0000 Received: from sporty.cs.ucl.ac.uk by bells.cs.ucl.ac.uk with local SMTP id ; Thu, 25 Feb 1999 16:37:57 +0000 X-Mailer: exmh version 2.0.2 To: Graeme Brown cc: P.Gevros@cs.ucl.ac.uk Subject: Re: Troubles with BSDATM and PVCs In-reply-to: Your message of "25 Feb 1999 16:02:03 +0100." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 25 Feb 1999 16:37:55 +0100 Message-ID: <6055.919960675@cs.ucl.ac.uk> From: Panos GEVROS Graeme, there is a bug in the ATM driver which causes interfaces to freeze occasionally we used to have this problem and talked to Kenjiro, it is fixed in altq-1.1.3 Panos ---------------------------------------------------------------------- --- midway.c- Wed Oct 7 20:54:18 1998 +++ midway.c Thu Oct 8 12:24:34 1998 @@ -2237,7 +2237,11 @@ goto dequeue_drop; } - if (launch.need > sc->txslot[chan].bfree) { + /* + * note: don't use the entire buffer space. if WRTX becomes equal + * to RDTX, the transmitter stops assuming the buffer is empty! --kjc + */ + if (launch.need >= sc->txslot[chan].bfree) { EN_COUNT(sc->txoutspace); #ifdef EN_DEBUG printf("%s: tx%d: out of transmit space\n", sc->sc_dev.dv_xname, chan); ---------------------------------------------------------------------- | |Over a time (say a few days) I find that typicaly one of the pvcsif |becomes unserviceable, I cannot ping A->B or B->A from either |end of the pvc. ping reports 100 % packet loss. | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Feb 25 13:10:58 1999 Delivered-To: freebsd-net@freebsd.org Received: from samizdat.uucom.com (samizdat.uucom.com [198.202.217.54]) by hub.freebsd.org (Postfix) with ESMTP id D113214D81 for ; Thu, 25 Feb 1999 13:10:56 -0800 (PST) (envelope-from cshenton@uucom.com) Received: (from cshenton@localhost) by samizdat.uucom.com (8.9.1/8.9.0) id QAA01303; Thu, 25 Feb 1999 16:11:01 -0500 To: spork Cc: GVB , freebsd-net@FreeBSD.ORG Subject: Re: RADIUS Solutions [synchronizing passwords across systems] References: From: Chris Shenton Date: 25 Feb 1999 16:11:01 -0500 In-Reply-To: spork's message of Thu, 25 Feb 1999 01:14:04 -0500 (EST) Message-ID: <86emnetcii.fsf@samizdat.uucom.com> Lines: 16 X-Mailer: Gnus v5.5/Emacs 20.2 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org spork writes: > Merit Radius does allow for crypted passwords in the 'users' file, so it > is pretty easy to grab the wanted UIDS (generally based on group), mush > them through a script and end up with a usable users file. This way > you're not needing to make actual accounts on all of your machines other > than for staffers. This has been working really well for us so far on our > backup auth server. In a previous life, I did just this in order to replicate the RADIUS info (was using Ascend's commercial RADIUS, which had undocumented support for crypt()'ed passwords). But I used "rsync" over ssh to do the copying. Ran it out of cron every 5 minutes or so since rsync won't copy unless something changes. Worked well and I was happy with the security via ssh. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Feb 25 13:15:49 1999 Delivered-To: freebsd-net@freebsd.org Received: from samizdat.uucom.com (samizdat.uucom.com [198.202.217.54]) by hub.freebsd.org (Postfix) with ESMTP id 1590114E34 for ; Thu, 25 Feb 1999 13:14:57 -0800 (PST) (envelope-from cshenton@uucom.com) Received: (from cshenton@localhost) by samizdat.uucom.com (8.9.1/8.9.0) id QAA01354; Thu, 25 Feb 1999 16:15:01 -0500 To: shmit@kublai.com Cc: mike@seidata.com, GVB , freebsd-net@FreeBSD.ORG Subject: Re: RADIUS Solutions References: <19990223192031.C50175@kublai.com> <19990225123427.C10052@kublai.com> From: Chris Shenton Date: 25 Feb 1999 16:15:01 -0500 In-Reply-To: Brian Cully's message of Thu, 25 Feb 1999 12:34:27 -0500 Message-ID: <86d82ytcbu.fsf@samizdat.uucom.com> Lines: 19 X-Mailer: Gnus v5.5/Emacs 20.2 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brian Cully writes: > Not at all. The provisioning system pushes out new password databases > every four hours, and those databases are used in the majority of > the cases. However, we wanted instant provisioning as well, so when > we don't find an account in our local password database, we check > the provisioning system directly. This means that we only rarely > hit the network for account validation, and if the provisioning > system is down the only thing that fails is new account login. Won't this lose if the user exists in the cached password file but the password is wrong, e.g., if the user changed it on the master copy? I'd think you'd have synchronization problems.... Or do you push the change out when it occurs, like when the user changes his password? And not push the entire password file? Or something else? Thanks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Feb 25 13:31:14 1999 Delivered-To: freebsd-net@freebsd.org Received: from coleridge.kublai.com (coleridge.kublai.com [207.96.1.116]) by hub.freebsd.org (Postfix) with ESMTP id EE7D614D84 for ; Thu, 25 Feb 1999 13:31:10 -0800 (PST) (envelope-from shmit@coleridge.kublai.com) Received: (from shmit@localhost) by coleridge.kublai.com (8.9.2/8.9.1) id QAA19654; Thu, 25 Feb 1999 16:30:29 -0500 (EST) Date: Thu, 25 Feb 1999 16:30:29 -0500 From: Brian Cully To: Chris Shenton Cc: mike@seidata.com, GVB , freebsd-net@FreeBSD.ORG Subject: Re: RADIUS Solutions Message-ID: <19990225163029.E10052@kublai.com> Reply-To: shmit@kublai.com Mail-Followup-To: Chris Shenton , mike@seidata.com, GVB , freebsd-net@FreeBSD.ORG References: <19990223192031.C50175@kublai.com> <19990225123427.C10052@kublai.com> <86d82ytcbu.fsf@samizdat.uucom.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.1us In-Reply-To: <86d82ytcbu.fsf@samizdat.uucom.com>; from Chris Shenton on Thu, Feb 25, 1999 at 04:15:01PM -0500 X-Sender: If your mailer pays attention to this, it's broken. X-PGP-Info: finger shmit@kublai.com for my public key. Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Feb 25, 1999 at 04:15:01PM -0500, Chris Shenton wrote: > Won't this lose if the user exists in the cached password file but the > password is wrong, e.g., if the user changed it on the master copy? > I'd think you'd have synchronization problems.... > > Or do you push the change out when it occurs, like when the user > changes his password? And not push the entire password file? Or > something else? I was leaving that part out to avoid confusion. :-) When a user changes his password, we send out an invalidation packet to the RADIUS servers that tells them to re-sync this user's password with the one from the master. -bjc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Feb 25 14:15:19 1999 Delivered-To: freebsd-net@freebsd.org Received: from ns1.seidata.com (ns1.seidata.com [208.10.211.2]) by hub.freebsd.org (Postfix) with ESMTP id 370D414DFA for ; Thu, 25 Feb 1999 14:15:16 -0800 (PST) (envelope-from mike@seidata.com) Received: from localhost (mike@localhost) by ns1.seidata.com (8.8.8/8.8.5) with ESMTP id RAA25213; Thu, 25 Feb 1999 17:14:58 -0500 (EST) Date: Thu, 25 Feb 1999 17:14:57 -0500 (EST) From: To: Brian Cully Cc: GVB , freebsd-net@FreeBSD.ORG Subject: Re: RADIUS Solutions In-Reply-To: <19990225123427.C10052@kublai.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 25 Feb 1999, Brian Cully wrote: > Not at all. The provisioning system pushes out new password databases > every four hours, and those databases are used in the majority of [snip] Thanks for the explanation, I figured I was misunderstanding something. > the cases. However, we wanted instant provisioning as well, so when > we don't find an account in our local password database, we check > the provisioning system directly. This means that we only rarely > hit the network for account validation, and if the provisioning > system is down the only thing that fails is new account login. This sounds like a viable alternative... Out of curiosity, however, has anyone done something similar by actually using NIS? I'd be interested in hearing any success or horror stories. -- Mike Hoskins Systems/Network Administrator SEI Data Network Services, Inc. http://www.seidata.com "In a world where an admin is rendered useless when the ball in his mouse has been taken out, its good to know that I know UNIX." -- toaster.sun4c.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Feb 25 19: 0:52 1999 Delivered-To: freebsd-net@freebsd.org Received: from mainframe.compusyssolutions.com (cr45115-a.slnt1.on.wave.home.com [24.112.87.97]) by hub.freebsd.org (Postfix) with ESMTP id AFB1114D57 for ; Thu, 25 Feb 1999 19:00:48 -0800 (PST) (envelope-from david@compusyssolutions.com) Received: from compusyssolutions.com (bsd.compusyssolutions.com [192.168.0.3]) by mainframe.compusyssolutions.com (8.8.8/8.8.8) with ESMTP id WAA14363; Thu, 25 Feb 1999 22:00:13 -0500 (EST) (envelope-from david@compusyssolutions.com) Message-ID: <36D60E13.2BE08018@compusyssolutions.com> Date: Thu, 25 Feb 1999 21:59:31 -0500 From: David Tichbourne Organization: CompuSys Solutions Inc. X-Mailer: Mozilla 4.5 [en] (X11; I; FreeBSD 2.2.8-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Joao Carlos Mendes Luis Cc: freebsd-net@FreeBSD.ORG Subject: Re: ARP is not my friend. References: <199902222111.SAA02350@roma.coe.ufrj.br> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Thanks for the info! I suspect something is not configured properly in my firewall! I have a list of the ether address of all machines and a log of all the times that this arp problem happens. The ethernet address are not on my network hehe... I did an arp -a when arp was reset and it looked like it was coming from a tci.56k....com machine down in th the states. I am on "the wave" - cable modem up in Canada. Perhaps there is another poor fellow out there with similar problems as me... Joao Carlos Mendes Luis wrote: > #define quoting(David Tichbourne) > // Every so often my firewall machine seems to > // behave like an arp proxy, which I don't want. > > arp proxy ? In the O'reilly book TCP/IP Network Admin. book by Craig Hunt, there is some discussion about ARP_PROXYALL options in the basic BSD kernel config. ...on page 114 "Proxy ARP is a variant on the standard protocol in which a server answers the ARP request for its clients. Here's how it works. Host A sends out an ARP request for the Ethernet address of host B. The proxy ARP server, C, hears the request and sends an ARP response back to A claiming that C's Ethernet address is the address of host B. A then sends traffic intended for B to C because it uses C's Ethernet address. C is therefore responsible for forwarding the traffic on to B. The proxy ARP server is usually a router and proxy ARP is used as a means of forwarding traffic between systems that cannot use normal routing for that traffic" I am not sure I understand all that but this is the only reference I found similar to the type of problem I am having. The possibility of my firewall not being configured properly sure comes to mind... > > > // On my firewall console I get messages > // like: > // > // > // .... /kernel: arp: 192.168.0.1 moved from 08:00:07:a6:f7:74 to > // 00:00:b4:87:00:98 > // > // later things seem to "reset" back to > // > // ..... /kernel: arp: 192.168.0.1 moved from 00:00:b4:87:00:98 to > // 08:00:07:a6:f7:74 > > You probably have another machine on the same IP. Double check every > machine. Do you have an ether address list of every machine ? Yes here is a log of the problems.... this is coming off my firewall which faces the internet with one NIC and the other NIC faces my basement LAN the inside NIC's IP address is 192.168.0.4 and my other computers on my private LAN are 192.168.0.1, 2 and 3 192.168.0.3 is the ...:64 address 192.168.0.1 is the ...:98 address day 1 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.1 moved from 00:00:b4:87:00:98 to 00:e0:29:31:28:27 > arp: 192.168.0.1 moved from 00:e0:29:31:28:27 to 00:00:b4:87:00:98 > arp: 192.168.0.1 moved from 00:00:b4:87:00:98 to 00:e0:29:31:28:27 > arp: 192.168.0.1 moved from 00:e0:29:31:28:27 to 00:00:b4:87:00:98 > arp: 192.168.0.1 moved from 00:00:b4:87:00:98 to 00:e0:29:31:28:27 > arp: 192.168.0.1 moved from 00:e0:29:31:28:27 to 00:00:b4:87:00:98 > arp: 192.168.0.1 moved from 00:00:b4:87:00:98 to 00:e0:29:31:28:27 > arp: 192.168.0.1 moved from 00:e0:29:31:28:27 to 00:00:b4:87:00:98 day2 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 day 3 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.1 moved from 00:00:b4:87:00:98 to 00:aa:00:14:b0:a4 > arp: 192.168.0.1 moved from 00:aa:00:14:b0:a4 to 00:00:b4:87:00:98 another Day 3 (I cant count past 3) > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.4 moved from 00:80:c8:3a:5b:d4 to 00:20:e0:0f:8c:40 > arp: 192.168.0.1 moved from 08:00:07:a6:f7:74 to 00:80:c8:3a:5b:d4 > arp: 192.168.0.1 moved from 00:80:c8:3a:5b:d4 to 08:00:07:a6:f7:74 > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:80:c8:3a:5b:d4 > arp: 192.168.0.3 moved from 00:80:c8:3a:5b:d4 to 00:00:21:66:5d:8d > arp: 192.168.0.4 moved from 00:20:e0:0f:8c:40 to 00:80:c8:3a:5b:d4 > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.4 moved from 00:80:c8:3a:5b:d4 to 00:20:e0:0f:8c:40 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.4 moved from 00:20:e0:0f:8c:40 to 00:80:c8:3a:5b:d4 > arp: 192.168.0.1 moved from 00:00:b4:87:00:98 to 00:00:21:6a:a9:5d > arp: 192.168.0.1 moved from 00:00:21:6a:a9:5d to 08:00:07:a6:f7:74 > arp: 192.168.0.1 moved from 00:00:b4:87:00:98 to 00:00:21:6a:a9:5d > arp: 192.168.0.1 moved from 00:00:21:6a:a9:5d to 00:00:b4:87:00:98 > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.4 moved from 00:80:c8:3a:5b:d4 to 00:00:21:6a:a9:5d > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.4 moved from 00:00:21:6a:a9:5d to 00:80:c8:3a:5b:d4 > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.1 moved from 08:00:07:a6:f7:74 to 00:00:21:6a:a9:5d > arp: 192.168.0.1 moved from 00:00:21:6a:a9:5d to 00:00:b4:87:00:98 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.1 moved from 00:00:b4:87:00:98 to 08:00:07:a6:f7:74 > arp: 192.168.0.1 moved from 00:00:b4:87:00:98 to 08:00:07:a6:f7:74 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.2 moved from 00:00:c0:f4:33:b4 to 00:80:c8:3a:0b:55 > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > > > // this also happens to my second machine 192.168.0.3 machine as well > // (different ethernet addresses of course) > // > // 192.168.0.1 and 0.3 are behind my firewall and when arp reconfigures > // their ethernet addresses > // they obviously can see the outside world through the firewall. > I MEANT TO SAY they obviously can't see the outside world through the firewall. > Why ? Does your firewall filter by mac address ??? I will follow up with trying to identify the proper ipfw rule that prevents arp request from coming into my private network across the firewall. THANKS again for the advice and for taking the time to think about this!! Dave. > > > Jonny > > -- > Joao Carlos Mendes Luis M.Sc. Student > jonny@jonny.eng.br Universidade Federal do Rio de Janeiro > "This .sig is not meant to be politically correct." > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Feb 25 22:33:53 1999 Delivered-To: freebsd-net@freebsd.org Received: from implode.root.com (root.com [208.221.12.98]) by hub.freebsd.org (Postfix) with ESMTP id 2D0C614EE0 for ; Thu, 25 Feb 1999 22:33:50 -0800 (PST) (envelope-from root@implode.root.com) Received: from implode.root.com (localhost [127.0.0.1]) by implode.root.com (8.8.8/8.8.5) with ESMTP id WAA06390; Thu, 25 Feb 1999 22:30:23 -0800 (PST) Message-Id: <199902260630.WAA06390@implode.root.com> To: Joao Carlos Mendes Luis Cc: net@FreeBSD.ORG Subject: Re: IP frags from wcarchive ??? In-reply-to: Your message of "Mon, 22 Feb 1999 18:00:58 -0300." <199902222100.SAA02125@roma.coe.ufrj.br> From: David Greenman Reply-To: dg@root.com Date: Thu, 25 Feb 1999 22:30:23 -0800 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Path MTU Discovery is disabled on wcarchive. -DG David Greenman Co-founder/Principal Architect, The FreeBSD Project >Hi, > > Does anybody have a hint on what could cause this ? > >Feb 22 17:49:13 madrid /kernel: ipfw: 20150 Reset TCP 209.155.82.18 146.164.53.65 in via ed0 Fragment = 182 >Feb 22 17:49:21 madrid last message repeated 5 times > >209.155.82.18 is wcarchive.cdrom.com, 20150 is my ipfw rule that deny >every TCP incoming packet for a disallowed (not allowed in a previous >rule) port. The problem is why is it getting here fragmented. IIRC, >FreeBSD's TCP has path MTU discovery, right ? > >On my side, every hop is an ethernet or fddi, until the international link, >which has a 1500 byte mtu. > > Jonny > >-- >Joao Carlos Mendes Luis M.Sc. Student >jonny@jonny.eng.br Universidade Federal do Rio de Janeiro >"This .sig is not meant to be politically correct." > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Feb 25 22:37:47 1999 Delivered-To: freebsd-net@freebsd.org Received: from bubba.whistle.com (s205m7.whistle.com [207.76.205.7]) by hub.freebsd.org (Postfix) with ESMTP id 50D8914EDF for ; Thu, 25 Feb 1999 22:37:44 -0800 (PST) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.2/8.9.2) id WAA82573; Thu, 25 Feb 1999 22:36:56 -0800 (PST) From: Archie Cobbs Message-Id: <199902260636.WAA82573@bubba.whistle.com> Subject: Re: etherchannel support In-Reply-To: <36D41640.C8E7F83F@austin.ibm.com> from venkat venkatsubra at "Feb 24, 99 09:09:52 am" To: venkats@austin.ibm.com (venkat venkatsubra) Date: Thu, 25 Feb 1999 22:36:56 -0800 (PST) Cc: freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org venkat venkatsubra writes: > Does freebsd have support for Cisco's etherchannel ? > That is, can i connect four ethernet/fast ethernet cards > on a box running freebsd to a cisco switch that supports > etherchannel and configure the four cards as one ether channel ? Not currently implemented, but this wouldn't be too hard to do using netgraph (if you know the protocol). Just make a node that gloms the four Ethernets into a single stream. Julian has already come up with patches to netgraphify any Ethernet device. ftp://ftp.whistle.com/pub/archie/netgraph/index.html -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Feb 25 23: 2:53 1999 Delivered-To: freebsd-net@freebsd.org Received: from bubba.whistle.com (s205m7.whistle.com [207.76.205.7]) by hub.freebsd.org (Postfix) with ESMTP id 4C9A014ECF; Thu, 25 Feb 1999 23:02:51 -0800 (PST) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.2/8.9.2) id XAA82677; Thu, 25 Feb 1999 23:02:35 -0800 (PST) From: Archie Cobbs Message-Id: <199902260702.XAA82677@bubba.whistle.com> Subject: New mpd release available To: freebsd-net@freebsd.org, freebsd-current@freebsd.org Date: Thu, 25 Feb 1999 23:02:35 -0800 (PST) X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org FYI, A new release of mpd is available in ports/net/mpd, or at: ftp://ftp.whistle.com/pub/archie/mpd New features: - Support for netgraph: PPP over synchronous lines, frame relay, etc. - Includes much more complete chat script (eg, auto-programs your Bitsurfr, incoming ring dial-back, etc) - Complete user/reference manual included Next step: using netgraph ppp and interface nodes instead of /dev/tun* so IP packets never leave the kernel (developers welcome!) -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 26 1: 5:30 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id 4607114F28 for ; Fri, 26 Feb 1999 01:05:00 -0800 (PST) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id HAA24889; Fri, 26 Feb 1999 07:54:56 +0100 From: Luigi Rizzo Message-Id: <199902260654.HAA24889@labinfo.iet.unipi.it> Subject: Re: etherchannel support To: archie@whistle.com (Archie Cobbs) Date: Fri, 26 Feb 1999 07:54:56 +0100 (MET) Cc: venkats@austin.ibm.com, freebsd-net@FreeBSD.ORG In-Reply-To: <199902260636.WAA82573@bubba.whistle.com> from "Archie Cobbs" at Feb 25, 99 10:36:37 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 607 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > Does freebsd have support for Cisco's etherchannel ? > > That is, can i connect four ethernet/fast ethernet cards > > on a box running freebsd to a cisco switch that supports > > etherchannel and configure the four cards as one ether channel ? > > Not currently implemented, but this wouldn't be too hard to do > using netgraph (if you know the protocol). Just make a node > that gloms the four Ethernets into a single stream. Julian hmm... i see it easy for incoming path, but what about the outgoing ? How do you chose which interface to use for output, what about load balancing, etc ? luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 26 1:54: 9 1999 Delivered-To: freebsd-net@freebsd.org Received: from leaf.lumiere.net (leaf.lumiere.net [207.218.152.15]) by hub.freebsd.org (Postfix) with ESMTP id E46E014F3F; Fri, 26 Feb 1999 01:54:06 -0800 (PST) (envelope-from j@leaf.lumiere.net) Received: (from j@localhost) by leaf.lumiere.net (8.9.2/8.9.1) id BAA66947; Fri, 26 Feb 1999 01:53:50 -0800 (PST) Date: Fri, 26 Feb 1999 01:53:50 -0800 (PST) From: Jesse To: freebsd-questions@freebsd.org, freebsd-net@freebsd.org Subject: routing based on source address Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I have a box hooked up to a network with access to two seperate lines going to two seperate networks (206.x.x.x for link #1 and 207.x.x.x for link #2). The machine has IP addresses on both IP ranges. The default gateway is 207.x.x.1. I'm running a server which is bound to a 206.x.x.x IP. However, since my default gateway is 207.x.x.1, it sends all data out on link #2 but receives incoming data over link #1. This means that if either link #1 or link #2 is down, I'm effectively dead in the water. Is there any way to tell my box that for all data going out of it with a /source/ address of 206.x.x.x should be sent through the 206.x.x.1 gateway? I know I can do this based on destination, but I have no clue how to do it based on source (and unfortunately I can't predict the addresses of all the clients I'll be communicating with). Hope someone has some ideas. Thanks in advance. --- Jesse http://www.lumiere.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 26 1:56:37 1999 Delivered-To: freebsd-net@freebsd.org Received: from leaf.lumiere.net (leaf.lumiere.net [207.218.152.15]) by hub.freebsd.org (Postfix) with ESMTP id 438E414ED8; Fri, 26 Feb 1999 01:56:35 -0800 (PST) (envelope-from j@leaf.lumiere.net) Received: (from j@localhost) by leaf.lumiere.net (8.9.2/8.9.1) id BAA66961; Fri, 26 Feb 1999 01:56:19 -0800 (PST) Date: Fri, 26 Feb 1999 01:56:19 -0800 (PST) From: Jesse To: freebsd-questions@freebsd.org, freebsd-net@freebsd.org Subject: natd: failed to write packet back Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I have a box doing natd between two ethernet interfaces (one with public IPs, one with reserved IPs). It works great for the most part, however I get lots of the following messages in the logfiles intermittantly. Feb 26 01:09:09 mail natd: failed to write packet back (Host is down) Feb 26 01:09:26 mail last message repeated 13 times Any idea what's going on? Is this just a mild warning, or is something serious happening? If it's just a mild warning, is there a way of turning this off? (short of editing the source code) Thanks, --- Jesse http://www.lumiere.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 26 5:50:32 1999 Delivered-To: freebsd-net@freebsd.org Received: from relay2.kpn-telecom.nl (relay2.kpn-telecom.nl [145.7.200.7]) by hub.freebsd.org (Postfix) with ESMTP id D54DA14BD6 for ; Fri, 26 Feb 1999 05:50:27 -0800 (PST) (envelope-from sch@hdxf02.unix.telecom.ptt.nl) Received: (from uucp@localhost) by relay2.kpn-telecom.nl (8.9.0/8.9.0) with UUCP id OAA06434 for freebsd-net@freebsd.org; Fri, 26 Feb 1999 14:50:10 +0100 Received: from hdxf02.unix.telecom.ptt.nl (hdxf02.unix.telecom.ptt.nl [145.7.194.5]) by sat-relay2.pc.telecom.ptt.nl (8.9.0/8.9.0) with SMTP id OAA11430; Fri, 26 Feb 1999 14:47:07 +0100 Message-Id: <199902261347.OAA11430@sat-relay2.pc.telecom.ptt.nl> X-Authentication-Warning: sat-relay2.pc.telecom.ptt.nl: hdxf02.unix.telecom.ptt.nl [145.7.194.5] didn't use HELO protocol To: freebsd-net@freebsd.org Cc: sch@kpn.com Subject: TCP/IP stack question Reply-To: j.schripsema@kpn.com Date: Fri, 26 Feb 1999 14:47:06 +0100 From: Jakob Schripsema Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, Recently we ran into 2 TCP/IP-stack related problems with our 2.2.2-RELEASE based Firewall: 1. An ARP related problem described in detail below 2. A (minor) problem with IPFW and IP-fragmentation: we forgot to include rules for IP-fragments. These problems resulted in a number of arguments between FreeBSD lovers (me) and Linux lovers. (Comparable with the Z80 vs 6800 arguments from the old days ..). We have found 2 differences between the Linux stack and the 2.2.2 stack: 1. Linux expects a per-interface arp cache, while 2.2.2. has a global arp cache. 2. Linux has the ability to do ip-reassembly before the firewall code is used. Are there changes between 2.2.2 and the more recent versions of FBSD regarding these items ?? The problem with the IP-fragmentation is minor, but the arp-problem is a real pain in the ass. Regards, Jakob Schripsema ARP problem: Network topology: Production backbone --------+----------------------------+------------- | ---> 1 | | <-- 2 | mac1 | ---> 3 mac2 | ip1 | ip2 | .------------. .-------------. | | | | | FW | | MHH | | | `-------------' | | mac4 | ip3 | | ip4 | mac3 | |----------------------+-------- | | <--- 4 Maintenance backbone `------------' ---> 5 | <--- 6 | | | FW: FreeBSD 2.2.2-RELEASE .------------. MHH: Linux RedHAT 5.x | | | PC | | | `------------' The firewall FW routes 'forward' traffic from PC to the ip2 via the production backbone. The Multi-Homed-Host MHH routes the return traffic via the maintenance backbone. The FW reports changes in MAC address for the production interface of the MHH, ip2. Running tcpdump on FW reveals the following scenario: 1. PC tries to connect to ip2 (HTTP request 2. FW issues an arp-request (asking for mac2) on the production backbone: packet 1 3. MHH replies with an arp-reply: packet 2 4. FW sends first IP packet to MHH: packet 3 5. MHH issues an arp-request (asking for mac4) on the maintenance backbone: packet 4 6. FW replies with an arp-reply: packet 5 7. MHH sends first IP return packet to FW: packet 6. This should work but the arp-request from MHH, packet 4, contains unexpected information: source hardware addres = mac3 source protocol address = ip2 (I expected ip3) destination hardawre addres = NULL destination protocal addres = ip4 This packet forces the FW to change its arp-cache: the mac addres for ip2 is set to mac3. This effectively blocks all traffic between PC end MHH Jakob ----- Jakob Schripsema Phone:+31 50 5855537 E-mail:j.schripsema@kpn.com DISCLAIMER: This statement is not an official statement from, nor does it represent an official position of, KPN Telecom BV. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 26 6:51:30 1999 Delivered-To: freebsd-net@freebsd.org Received: from mailhub.scl.ameslab.gov (mailhub.scl.ameslab.gov [147.155.137.127]) by hub.freebsd.org (Postfix) with ESMTP id 3D98114F50 for ; Fri, 26 Feb 1999 06:51:02 -0800 (PST) (envelope-from ghelmer@scl.ameslab.gov) Received: from demios.ether.scl.ameslab.gov ([147.155.137.54]) by mailhub.scl.ameslab.gov with esmtp (Exim 1.90 #1) for freebsd-net@freebsd.org id 10GObq-0006K2-00; Fri, 26 Feb 1999 08:51:22 -0600 Date: Fri, 26 Feb 1999 08:50:45 -0600 From: Guy Helmer To: freebsd-net@freebsd.org Subject: 3c515 driver Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've created a modified version of if_vx.c to drive the 3Com 3C515 Fast EtherLink 10/100BASE-TX ISA NIC. I've been using it for a couple of weeks on a 486-based firewall running FreeBSD 2.2.8 and it is working well enough to advertise for other testers. There are a couple of quirks, including that the card must be set to either 10BASE-T or 100BASE-TX mode using the DOS configuration program and the ISA interface has to be configured with the "pnp" command at boot time. The first few large packets through the card seem to fail (I have *no* idea why this happens!), but after a little while and a "ping -s 1500" it starts working fine. Testing it with NetPIPE between the 486DX2/66 and a Pentium II 400 w/ a 3C905B NIC at 100Mbps, it shows a fairly steady peak performance of 8.6 to 8.7 Mbps (including going through a few ipfw rules on the 486), which seems pretty good for an ISA-bus card. If you would like to test the driver, drop me a note and I can send it to you. A few minor changes would need to be made to make it work under FreeBSD 3.x or 4.0-current. Guy Guy Helmer, Ph.D. Candidate, Iowa State University Dept. of Computer Science Research Assistant, Ames Laboratory --- ghelmer@scl.ameslab.gov Research Assistant, Dept. of Computer Science --- ghelmer@cs.iastate.edu http://www.cs.iastate.edu/~ghelmer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 26 7:33:40 1999 Delivered-To: freebsd-net@freebsd.org Received: from obie.softweyr.com (unknown [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id 5573014FD1 for ; Fri, 26 Feb 1999 07:33:36 -0800 (PST) (envelope-from wes@softweyr.com) Received: from softweyr.com (zaphod.softweyr.com [204.68.178.35]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id IAA12126; Fri, 26 Feb 1999 08:31:45 -0700 (MST) (envelope-from wes@softweyr.com) Message-ID: <36D6BE61.E64A2CEE@softweyr.com> Date: Fri, 26 Feb 1999 08:31:45 -0700 From: Wes Peters Organization: Softweyr llc X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.0-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: j.schripsema@kpn.com Cc: freebsd-net@FreeBSD.ORG, sch@kpn.com Subject: Re: TCP/IP stack question References: <199902261347.OAA11430@sat-relay2.pc.telecom.ptt.nl> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jakob Schripsema wrote: > > Hi, > > Recently we ran into 2 TCP/IP-stack related problems with our > 2.2.2-RELEASE based Firewall: > > 1. An ARP related problem described in detail below > > 2. A (minor) problem with IPFW and IP-fragmentation: we forgot to include > rules for IP-fragments. You don't need rules for IP-fragments. If you block the first frag, the rest of the fragments will be dropped by the host. Unless it has bugs, which are a separate problem. FreeBSD doesn't appear to. ;^) > These problems resulted in a number of arguments between FreeBSD lovers (me) > and Linux lovers. (Comparable with the Z80 vs 6800 arguments from the old > days ..). We have found 2 differences between the Linux stack and > the 2.2.2 stack: > > 1. Linux expects a per-interface arp cache, while 2.2.2. has a global > arp cache. Neither is necessarily wrong. > 2. Linux has the ability to do ip-reassembly before the firewall > code is used. And the point of this would be? IP packets aren't worms; if you cut off the head, the rest of the packet dies. ;^) > This should work but the arp-request from MHH, packet 4, contains unexpected > information: > > source hardware addres = mac3 > source protocol address = ip2 (I expected ip3) This is a bug in the Linux arp response code. Get them to fix it. > destination hardawre addres = NULL > destination protocal addres = ip4 > > This packet forces the FW to change its arp-cache: the mac addres for ip2 > is set to mac3. This effectively blocks all traffic between PC end MHH Replace Linux with FreeBSD? Run whatever applications it's carrying in compatiblity mode? ;^) -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.softweyr.com/~softweyr wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 26 8:18: 1 1999 Delivered-To: freebsd-net@freebsd.org Received: from carp.gbr.epa.gov (carp.gbr.epa.gov [204.46.159.110]) by hub.freebsd.org (Postfix) with ESMTP id 3868C14F9B for ; Fri, 26 Feb 1999 08:17:55 -0800 (PST) (envelope-from mjenkins@carp.gbr.epa.gov) Received: (from mjenkins@localhost) by carp.gbr.epa.gov (8.8.8/8.8.8) id KAA01232; Fri, 26 Feb 1999 10:17:24 -0600 (CST) (envelope-from mjenkins) Date: Fri, 26 Feb 1999 10:17:24 -0600 (CST) From: Mike Jenkins Message-Id: <199902261617.KAA01232@carp.gbr.epa.gov> To: david@compusyssolutions.com Subject: Re: ARP is not my friend. Cc: freebsd-net@freebsd.org In-Reply-To: <36D60E13.2BE08018@compusyssolutions.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > down in th the states. I am on "the wave" - cable modem up in Canada. Ah ha. The cable side looks like an ethernet and people have machines with private IP addresses that match your internal ones and it is confusing FreeBSD. You might try hardcoding your ARP table (at boot time?) with the arp command (man 8 arp). > In the O'reilly book TCP/IP Network Admin. book by Craig Hunt, there is some > discussion about ARP_PROXYALL options in > the basic BSD kernel config. ...on page 114 "Proxy ARP is a variant on the FreeBSD supports this if you have arpproxy_all="YES" in /etc/rc.conf at boot time which /etc/rc.network uses to "sysctl -w net.link.ether.inet.proxyall=1". I doubt that you have this on but you might check. If it is on, turn it off otherwise you'll cause problems for folks on the cable side. They'll ARP looking for 192.168.0.X and your host will answer. > I am not sure I understand all that but this is the only reference I found Proxy ARP helps hosts reach other hosts that they think are on the same ethernet but are really behind a router. I believe it was created because some older hosts didn't understand subnet masks. People split their single ethernet into multiple ethernets separated by a router and using IP subnets. The old hosts couldn't reach the other subnets because they thought everyone was on one ethernet. Thus Proxy ARP was born. A good reference on Proxy ARP and more is "Introduction to Administration of an Internet-based Local Network" by Charles L. Hedrick. It can be found at ftp://athos.rutgers.edu/runet/tcp-ip-admin.doc. Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 26 10: 9:55 1999 Delivered-To: freebsd-net@freebsd.org Received: from pedigree.cs.ubc.ca (pedigree.cs.ubc.ca [142.103.6.50]) by hub.freebsd.org (Postfix) with ESMTP id AC3D814F9E for ; Fri, 26 Feb 1999 10:09:53 -0800 (PST) (envelope-from mjmccut@cs.ubc.ca) Received: (from ean@localhost) by pedigree.cs.ubc.ca (8.8.8/8.6.9) id KAA02716 for freebsd-net@FreeBSD.ORG; Fri, 26 Feb 1999 10:09:36 -0800 (PST) X400-Received: by /PRMD=ca/ADMD=telecom.canada/C=ca/; Relayed; Fri, 26 Feb 1999 10:09:35 UTC-0800 Date: Fri, 26 Feb 1999 10:09:35 UTC-0800 X400-Originator: mjmccut@cs.ubc.ca X400-Recipients: non-disclosure:; X400-Content-Type: P2-1984 (2) X400-MTS-Identifier: [/PRMD=ca/ADMD=telecom.canada/C=ca/;990226100935] Content-Identifier: 15018 From: Mark McCutcheon To: freebsd-net@FreeBSD.ORG In-Reply-To: Message-ID: <"15018*mjmccut@cs.ubc.ca"@MHS> Subject: Re: natd: failed to write packet back MIME-Version: 1.0 (Generated by Ean X.400 to MIME gateway) Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jesse wrote: > I have a box doing natd between two ethernet interfaces (one with public > IPs, one with reserved IPs). It works great for the most part, however I > get lots of the following messages in the logfiles intermittantly. > > Feb 26 01:09:09 mail natd: failed to write packet back (Host is down) > Feb 26 01:09:26 mail last message repeated 13 times > > Any idea what's going on? Is this just a mild warning, or is something > serious happening? If it's just a mild warning, is there a way of turning > this off? (short of editing the source code) Are you connected to a network on the public address side which uses RFC1918 private addresses for some of its routers, etc.? My home network is connected to Rogers@Home's cable net, which makes extensive use of such addresses. If your /etc/rc.natd contains only the restriction: unregistered_only yes my understanding is that natd will look at packets on your outside interface, sourced from machines using these unregistered addresses, and, quite rightly fail to "write them back" since they didn't come from inside in the first place. I don't know whether you can eliminate this problem using the redirect_address specification in /etc/rc.natd (you might try) - in my case, since I'm using packet filtering beyond divert anyhow, the easiest solution was to make sure that the rule for denying private addresses on the outside interface comes before the divert rule. Above FWIW - I haven't looked at the NAT code, these observations are the result of experimentation. Regards, Mark To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 26 10:43:37 1999 Delivered-To: freebsd-net@freebsd.org Received: from bubba.whistle.com (s205m7.whistle.com [207.76.205.7]) by hub.freebsd.org (Postfix) with ESMTP id B1D1A15225 for ; Fri, 26 Feb 1999 10:43:24 -0800 (PST) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.2/8.9.2) id KAA84519; Fri, 26 Feb 1999 10:42:00 -0800 (PST) From: Archie Cobbs Message-Id: <199902261842.KAA84519@bubba.whistle.com> Subject: Re: etherchannel support In-Reply-To: <199902260654.HAA24889@labinfo.iet.unipi.it> from Luigi Rizzo at "Feb 26, 99 07:54:56 am" To: luigi@labinfo.iet.unipi.it (Luigi Rizzo) Date: Fri, 26 Feb 1999 10:42:00 -0800 (PST) Cc: venkats@austin.ibm.com, freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Luigi Rizzo writes: > > > Does freebsd have support for Cisco's etherchannel ? > > > That is, can i connect four ethernet/fast ethernet cards > > > on a box running freebsd to a cisco switch that supports > > > etherchannel and configure the four cards as one ether channel ? > > > > Not currently implemented, but this wouldn't be too hard to do > > using netgraph (if you know the protocol). Just make a node > > that gloms the four Ethernets into a single stream. Julian > > hmm... i see it easy for incoming path, but what about the outgoing ? > How do you chose which interface to use for output, what about load > balancing, etc ? Well, what does Cisco do? -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 26 10:50:48 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id 1CB4F15369 for ; Fri, 26 Feb 1999 10:50:44 -0800 (PST) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id RAA25760; Fri, 26 Feb 1999 17:41:06 +0100 From: Luigi Rizzo Message-Id: <199902261641.RAA25760@labinfo.iet.unipi.it> Subject: Re: etherchannel support To: archie@whistle.com (Archie Cobbs) Date: Fri, 26 Feb 1999 17:41:06 +0100 (MET) Cc: venkats@austin.ibm.com, freebsd-net@FreeBSD.ORG In-Reply-To: <199902261842.KAA84519@bubba.whistle.com> from "Archie Cobbs" at Feb 26, 99 10:41:41 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 320 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Luigi Rizzo writes: > > > > Does freebsd have support for Cisco's etherchannel ? ... > > hmm... i see it easy for incoming path, but what about the outgoing ? > > How do you chose which interface to use for output, what about load > > balancing, etc ? > Well, what does Cisco do? hey, i asked first! cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 26 11: 4:19 1999 Delivered-To: freebsd-net@freebsd.org Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by hub.freebsd.org (Postfix) with ESMTP id D2B0414FC6 for ; Fri, 26 Feb 1999 11:04:03 -0800 (PST) (envelope-from julian@whistle.com) Received: (from daemon@localhost) by alpo.whistle.com (8.8.5/8.8.5) id LAA13668; Fri, 26 Feb 1999 11:02:46 -0800 (PST) Received: from current1.whistle.com(207.76.205.22) via SMTP by alpo.whistle.com, id smtpdg13651; Fri Feb 26 19:02:35 1999 Date: Fri, 26 Feb 1999 11:02:23 -0800 (PST) From: Julian Elischer To: Luigi Rizzo Cc: Archie Cobbs , venkats@austin.ibm.com, freebsd-net@FreeBSD.ORG Subject: Re: etherchannel support In-Reply-To: <199902261641.RAA25760@labinfo.iet.unipi.it> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 26 Feb 1999, Luigi Rizzo wrote: > > Luigi Rizzo writes: > > > > > Does freebsd have support for Cisco's etherchannel ? > ... > > > hmm... i see it easy for incoming path, but what about the outgoing ? > > > How do you chose which interface to use for output, what about load > > > balancing, etc ? > > Well, what does Cisco do? > > hey, i asked first! The answer is that we could easily do whatever is required in a small single module.. The reason I can't say more is because I don't actually know the details of etherchannel aggregative routing. > > cheers > luigi > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 26 11:24: 7 1999 Delivered-To: freebsd-net@freebsd.org Received: from silver.sms.fi (silver.sms.fi [194.111.122.17]) by hub.freebsd.org (Postfix) with SMTP id 0560815098 for ; Fri, 26 Feb 1999 11:23:52 -0800 (PST) (envelope-from pete@sms.fi) Received: from sms.fi (localhost.sms.fi [127.0.0.1]) by silver.sms.fi (8.9.2/8.9.2) with ESMTP id VAA93546; Fri, 26 Feb 1999 21:22:08 +0200 (EET) (envelope-from pete@sms.fi) Message-ID: <36D6F45F.F898DD12@sms.fi> Date: Fri, 26 Feb 1999 21:22:08 +0200 From: Petri Helenius X-Mailer: Mozilla 4.5 [en] (X11; I; FreeBSD 3.0-STABLE i386) X-Accept-Language: en,fi MIME-Version: 1.0 To: Luigi Rizzo Cc: Archie Cobbs , venkats@austin.ibm.com, freebsd-net@FreeBSD.ORG Subject: Re: etherchannel support References: <199902261641.RAA25760@labinfo.iet.unipi.it> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Luigi Rizzo wrote: > > > Luigi Rizzo writes: > > > > > Does freebsd have support for Cisco's etherchannel ? > ... > > > hmm... i see it easy for incoming path, but what about the outgoing ? > > > How do you chose which interface to use for output, what about load > > > balancing, etc ? > > Well, what does Cisco do? > > hey, i asked first! > > cheers > luigi > They XOR the low byte of the source and destination mac addresses and use 1-3 low order bits to determine the link to transmit on. (etherchannel supports at least up to 8 links between two devices) Pete To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 26 11:47:21 1999 Delivered-To: freebsd-net@freebsd.org Received: from bubba.whistle.com (s205m7.whistle.com [207.76.205.7]) by hub.freebsd.org (Postfix) with ESMTP id C582F14FF5; Fri, 26 Feb 1999 11:47:18 -0800 (PST) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.2/8.9.2) id LAA85035; Fri, 26 Feb 1999 11:46:28 -0800 (PST) From: Archie Cobbs Message-Id: <199902261946.LAA85035@bubba.whistle.com> Subject: Re: routing based on source address In-Reply-To: from Jesse at "Feb 26, 99 01:53:50 am" To: j@lumiere.net (Jesse) Date: Fri, 26 Feb 1999 11:46:28 -0800 (PST) Cc: freebsd-questions@FreeBSD.ORG, freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jesse writes: > I have a box hooked up to a network with access to two seperate lines > going to two seperate networks (206.x.x.x for link #1 and 207.x.x.x for > link #2). The machine has IP addresses on both IP ranges. The default > gateway is 207.x.x.1. > > I'm running a server which is bound to a 206.x.x.x IP. However, since my > default gateway is 207.x.x.1, it sends all data out on link #2 but > receives incoming data over link #1. This means that if either link #1 or > link #2 is down, I'm effectively dead in the water. > > Is there any way to tell my box that for all data going out of it with a > /source/ address of 206.x.x.x should be sent through the 206.x.x.1 > gateway? I know I can do this based on destination, but I have no clue how > to do it based on source (and unfortunately I can't predict the addresses > of all the clients I'll be communicating with). I don't know of any way to do this without hacking the kernel code.. :-( -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 26 12:10:10 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id 510251505B for ; Fri, 26 Feb 1999 12:09:59 -0800 (PST) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id TAA26142; Fri, 26 Feb 1999 19:00:13 +0100 From: Luigi Rizzo Message-Id: <199902261800.TAA26142@labinfo.iet.unipi.it> Subject: Re: etherchannel support To: pete@sms.fi (Petri Helenius) Date: Fri, 26 Feb 1999 19:00:13 +0100 (MET) Cc: archie@whistle.com, venkats@austin.ibm.com, freebsd-net@FreeBSD.ORG In-Reply-To: <36D6F45F.F898DD12@sms.fi> from "Petri Helenius" at Feb 26, 99 09:21:49 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 1123 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > > > > > Does freebsd have support for Cisco's etherchannel ? > > ... > > > > hmm... i see it easy for incoming path, but what about the outgoing ? > > > > How do you chose which interface to use for output, what about load > > > > balancing, etc ? > > > Well, what does Cisco do? > > > > hey, i asked first! > > > > cheers > > luigi > > > They XOR the low byte of the source and destination mac addresses and use > 1-3 low order bits to determine the link to transmit on. (etherchannel > supports > at least up to 8 links between two devices) hmm... so if all your cards use the same mac address (which could be useful to simplify life when doing ARP-related stuff etc) you effectively only use one link ? luigi -----------------------------------+------------------------------------- Luigi RIZZO . EMAIL: luigi@iet.unipi.it . Dip. di Ing. dell'Informazione HTTP://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) -----------------------------------+------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 26 12:16:29 1999 Delivered-To: freebsd-net@freebsd.org Received: from ausmail1.austin.ibm.com (ausmail1.austin.ibm.com [192.35.232.12]) by hub.freebsd.org (Postfix) with ESMTP id 6C09E15171 for ; Fri, 26 Feb 1999 12:16:23 -0800 (PST) (envelope-from venkats@austin.ibm.com) Received: from netmail1.austin.ibm.com (netmail1.austin.ibm.com [9.53.250.96]) by ausmail1.austin.ibm.com (8.9.1/8.8.5) with ESMTP id OAA09072; Fri, 26 Feb 1999 14:10:26 -0600 Received: from ambika.austin.ibm.com (ambika.austin.ibm.com [9.53.150.77]) by netmail1.austin.ibm.com (8.8.5/8.8.5) with ESMTP id OAA43610; Fri, 26 Feb 1999 14:15:59 -0600 Received: from austin.ibm.com (localhost.austin.ibm.com [127.0.0.1]) by ambika.austin.ibm.com (AIX4.3/UCB 8.8.8/8.7-client1.01) with ESMTP id OAA40054; Fri, 26 Feb 1999 14:15:58 -0600 Message-ID: <36D700FD.CE31C946@austin.ibm.com> Date: Fri, 26 Feb 1999 14:15:57 -0600 From: venkat venkatsubra Organization: IBM X-Mailer: Mozilla 4.06 [en] (X11; I; AIX 4.3) MIME-Version: 1.0 To: Luigi Rizzo Cc: Petri Helenius , archie@whistle.com, freebsd-net@FreeBSD.ORG Subject: Re: etherchannel support References: <199902261800.TAA26142@labinfo.iet.unipi.it> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Using the src/dst MAC addresses doesn't work well for destinations across a router because the destination MAC address is always going to be that of the router. I think they have an option of using the src/dst IP addresses for IP traffic. I am not sure about which Cisco switches support this.. Venkat Luigi Rizzo wrote: > > > > > > > Does freebsd have support for Cisco's etherchannel ? > > > ... > > > > > hmm... i see it easy for incoming path, but what about the outgoing ? > > > > > How do you chose which interface to use for output, what about load > > > > > balancing, etc ? > > > > Well, what does Cisco do? > > > > > > hey, i asked first! > > > > > > cheers > > > luigi > > > > > They XOR the low byte of the source and destination mac addresses and use > > 1-3 low order bits to determine the link to transmit on. (etherchannel > > supports > > at least up to 8 links between two devices) > > hmm... so if all your cards use the same mac address (which could > be useful to simplify life when doing ARP-related stuff etc) you > effectively only use one link ? > > luigi > -----------------------------------+------------------------------------- > Luigi RIZZO . > EMAIL: luigi@iet.unipi.it . Dip. di Ing. dell'Informazione > HTTP://www.iet.unipi.it/~luigi/ . Universita` di Pisa > TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) > -----------------------------------+------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 26 12:21:37 1999 Delivered-To: freebsd-net@freebsd.org Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by hub.freebsd.org (Postfix) with ESMTP id 76AF315171; Fri, 26 Feb 1999 12:21:34 -0800 (PST) (envelope-from julian@whistle.com) Received: (from daemon@localhost) by alpo.whistle.com (8.8.5/8.8.5) id MAA16626; Fri, 26 Feb 1999 12:18:41 -0800 (PST) Received: from current1.whistle.com(207.76.205.22) via SMTP by alpo.whistle.com, id smtpdP16623; Fri Feb 26 20:18:37 1999 Date: Fri, 26 Feb 1999 12:18:33 -0800 (PST) From: Julian Elischer To: Archie Cobbs Cc: Jesse , freebsd-questions@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: Re: routing based on source address In-Reply-To: <199902261946.LAA85035@bubba.whistle.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org you can use the IPFW FWD operation. make ipfw match on the appropriate source address, and then fwd to the desired next hop. julian On Fri, 26 Feb 1999, Archie Cobbs wrote: > Jesse writes: > > I have a box hooked up to a network with access to two seperate lines > > going to two seperate networks (206.x.x.x for link #1 and 207.x.x.x for > > link #2). The machine has IP addresses on both IP ranges. The default > > gateway is 207.x.x.1. > > > > I'm running a server which is bound to a 206.x.x.x IP. However, since my > > default gateway is 207.x.x.1, it sends all data out on link #2 but > > receives incoming data over link #1. This means that if either link #1 or > > link #2 is down, I'm effectively dead in the water. > > > > Is there any way to tell my box that for all data going out of it with a > > /source/ address of 206.x.x.x should be sent through the 206.x.x.1 > > gateway? I know I can do this based on destination, but I have no clue how > > to do it based on source (and unfortunately I can't predict the addresses > > of all the clients I'll be communicating with). > > I don't know of any way to do this without hacking the kernel code.. :-( > > -Archie > > ___________________________________________________________________________ > Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 26 13:14:50 1999 Delivered-To: freebsd-net@freebsd.org Received: from silver.sms.fi (silver.sms.fi [194.111.122.17]) by hub.freebsd.org (Postfix) with SMTP id CF50014BED for ; Fri, 26 Feb 1999 13:14:47 -0800 (PST) (envelope-from pete@sms.fi) Received: from sms.fi (localhost.sms.fi [127.0.0.1]) by silver.sms.fi (8.9.2/8.9.2) with ESMTP id XAA93822; Fri, 26 Feb 1999 23:13:18 +0200 (EET) (envelope-from pete@sms.fi) Message-ID: <36D70E6E.1D38995E@sms.fi> Date: Fri, 26 Feb 1999 23:13:18 +0200 From: Petri Helenius X-Mailer: Mozilla 4.5 [en] (X11; I; FreeBSD 3.0-STABLE i386) X-Accept-Language: en,fi MIME-Version: 1.0 To: Luigi Rizzo Cc: archie@whistle.com, venkats@austin.ibm.com, freebsd-net@FreeBSD.ORG Subject: Re: etherchannel support References: <199902261800.TAA26142@labinfo.iet.unipi.it> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Luigi Rizzo wrote: > > > > > > > > Does freebsd have support for Cisco's etherchannel ? > > > ... > > > > > hmm... i see it easy for incoming path, but what about the outgoing ? > > > > > How do you chose which interface to use for output, what about load > > > > > balancing, etc ? > > > > Well, what does Cisco do? > > > > > > hey, i asked first! > > > > > > cheers > > > luigi > > > > > They XOR the low byte of the source and destination mac addresses and use > > 1-3 low order bits to determine the link to transmit on. (etherchannel > > supports > > at least up to 8 links between two devices) > > hmm... so if all your cards use the same mac address (which could > be useful to simplify life when doing ARP-related stuff etc) you > effectively only use one link ? > That would be true only if you talk only to one host on the same VLAN. Pete To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 26 16:50:44 1999 Delivered-To: freebsd-net@freebsd.org Received: from at.dotat.com (zed.dotat.com [203.38.154.39]) by hub.freebsd.org (Postfix) with ESMTP id 29A3414FE3 for ; Fri, 26 Feb 1999 16:50:35 -0800 (PST) (envelope-from hart@at.dotat.com) Received: from at.dotat.com (localhost.dotat.com [127.0.0.1]) by at.dotat.com (8.8.8/8.8.8) with ESMTP id LAA28713; Sat, 27 Feb 1999 11:19:17 +1030 (CST) Message-Id: <199902270049.LAA28713@at.dotat.com> To: Luigi Rizzo Cc: pete@sms.fi (Petri Helenius), archie@whistle.com, venkats@austin.ibm.com, freebsd-net@FreeBSD.ORG Subject: Re: etherchannel support In-reply-to: Your message of "Fri, 26 Feb 1999 19:00:13 BST." <199902261800.TAA26142@labinfo.iet.unipi.it> Date: Sat, 27 Feb 1999 11:19:17 +1030 From: Leigh Hart Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ... > > > > > How do you chose which interface to use for output, what > > > > > about load balancing, etc ? > > > > > > > > Well, what does Cisco do? > > > > They XOR the low byte of the source and destination mac addresses > > and use 1-3 low order bits to determine the link to transmit on. > > (etherchannel supports at least up to 8 links between two devices) > > hmm... so if all your cards use the same mac address (which could > be useful to simplify life when doing ARP-related stuff etc) you > effectively only use one link ? That would depend on the *destination* address too, wouldn't it? Cheers Leigh -- | "By the time they had diminished | Leigh Hart, | | from 50 to 8, the other dwarves | Dotat Communications Pty Ltd | | began to suspect 'Hungry' ..." | GPO Box 487 Adelaide SA 5001 | | -- Gary Larson, "The Far Side" | http://www.dotat.com/hart/ | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 26 18:49:34 1999 Delivered-To: freebsd-net@freebsd.org Received: from gjp.erols.com (alex-va-n008c079.moon.jic.com [206.156.18.89]) by hub.freebsd.org (Postfix) with ESMTP id AA2C41508E for ; Fri, 26 Feb 1999 18:49:32 -0800 (PST) (envelope-from gjp@gjp.erols.com) Received: from gjp.erols.com (localhost.erols.com [127.0.0.1]) by gjp.erols.com (8.9.1/8.8.7) with ESMTP id VAA36661; Fri, 26 Feb 1999 21:49:12 -0500 (EST) (envelope-from gjp@gjp.erols.com) X-Mailer: exmh version 2.0.1 12/23/97 To: Chris Shenton Cc: freebsd-net@FreeBSD.ORG From: "Gary Palmer" Subject: Re: RADIUS Solutions In-reply-to: Your message of "25 Feb 1999 16:15:01 EST." <86d82ytcbu.fsf@samizdat.uucom.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 26 Feb 1999 21:49:12 -0500 Message-ID: <36657.920083752@gjp.erols.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Chris Shenton wrote in message ID <86d82ytcbu.fsf@samizdat.uucom.com>: > Won't this lose if the user exists in the cached password file but the > password is wrong, e.g., if the user changed it on the master copy? > I'd think you'd have synchronization problems.... Why? There is only one canonical source of password information. None of the other systems are allowed to make local changes to the database. If they do, they'll be wiped out in < 4 hours. > Or do you push the change out when it occurs, like when the user > changes his password? And not push the entire password file? Or > something else? It wouldn't be much more work to fall through on password failures either. Or you could just put ``changes may take 4 hours to be accepted'' the web page when the user changes their password... Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 26 19: 6:30 1999 Delivered-To: freebsd-net@freebsd.org Received: from gjp.erols.com (alex-va-n008c079.moon.jic.com [206.156.18.89]) by hub.freebsd.org (Postfix) with ESMTP id 8089814EBD; Fri, 26 Feb 1999 19:06:28 -0800 (PST) (envelope-from gjp@gjp.erols.com) Received: from gjp.erols.com (localhost.erols.com [127.0.0.1]) by gjp.erols.com (8.9.1/8.8.7) with ESMTP id WAA36942; Fri, 26 Feb 1999 22:06:04 -0500 (EST) (envelope-from gjp@gjp.erols.com) X-Mailer: exmh version 2.0.1 12/23/97 To: Jesse Cc: freebsd-questions@FreeBSD.ORG, freebsd-net@FreeBSD.ORG From: "Gary Palmer" Subject: Re: natd: failed to write packet back In-reply-to: Your message of "Fri, 26 Feb 1999 01:56:19 PST." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 26 Feb 1999 22:06:03 -0500 Message-ID: <36938.920084763@gjp.erols.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jesse wrote in message ID : > Feb 26 01:09:09 mail natd: failed to write packet back (Host is down) > Feb 26 01:09:26 mail last message repeated 13 times I see this at home. Typically, it means my great cablemodem provider has screwed up again and I cannot resolve through ARP the MAC address of the upstream router. My guess is that is what is happening with you also. Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Feb 27 4:14:27 1999 Delivered-To: freebsd-net@freebsd.org Received: from smtp1.vnet.net (smtp1.vnet.net [166.82.1.31]) by hub.freebsd.org (Postfix) with ESMTP id 7CD8114F2F; Sat, 27 Feb 1999 04:14:23 -0800 (PST) (envelope-from rivers@dignus.com) Received: from dignus.com (ponds.vnet.net [166.82.177.48]) by smtp1.vnet.net (8.9.1a/8.9.1) with ESMTP id HAA29908; Sat, 27 Feb 1999 07:14:04 -0500 (EST) Received: from lakes.dignus.com (lakes.dignus.com [10.0.0.3]) by dignus.com (8.9.1/8.8.5) with ESMTP id HAA09426; Sat, 27 Feb 1999 07:14:03 -0500 (EST) Received: (from rivers@localhost) by lakes.dignus.com (8.9.1/8.6.9) id HAA20177; Sat, 27 Feb 1999 07:14:02 -0500 (EST) Date: Sat, 27 Feb 1999 07:14:02 -0500 (EST) From: Thomas David Rivers Message-Id: <199902271214.HAA20177@lakes.dignus.com> To: gpalmer@FreeBSD.ORG, j@lumiere.net Subject: Re: natd: failed to write packet back Cc: freebsd-net@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG In-Reply-To: <36938.920084763@gjp.erols.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > Jesse wrote in message ID > : > > Feb 26 01:09:09 mail natd: failed to write packet back (Host is down) > > Feb 26 01:09:26 mail last message repeated 13 times > > I see this at home. Typically, it means my great cablemodem > provider has screwed up again and I cannot resolve through ARP the MAC address > of the upstream router. My guess is that is what is happening with you also. > > Gary You'll also see this message if you're running nat with a dynamic connection (e.g. a dialup PPP or SL/IP line.) When the modem is down the network is still up ... but, because the modem is down, the packets can't be written... - Dave R. - To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message