From owner-freebsd-net Sun Jan 26 20:17:24 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4ED8B37B401 for ; Sun, 26 Jan 2003 20:17:20 -0800 (PST) Received: from brainlink.com (mail.brainlink.com [66.228.0.129]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8429443E4A for ; Sun, 26 Jan 2003 20:17:19 -0800 (PST) (envelope-from anthonyv@brainlink.com) Received: from [24.189.7.159] (account anthonyv HELO brainlink.com) by brainlink.com (CommuniGate Pro SMTP 3.5.3) with ESMTP id 18010510 for net@freebsd.org; Sun, 26 Jan 2003 23:17:13 -0500 Message-ID: <3E34B2C7.2020200@brainlink.com> Date: Sun, 26 Jan 2003 23:17:11 -0500 From: Anthony Volodkin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3b) Gecko/20021224 X-Accept-Language: en-us, en MIME-Version: 1.0 To: net@freebsd.org Subject: MPD and Cisco PIX Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Earlier today, I was attempting to connect a Cisco 515 firewall with a Freebsd 4.7-STABLE machine with PPTP using MPD 3.10. It appears that while the session is established properly, I cannot send/receive any packets. Then the session seems to time out because neither side is able to send/receive LCP echos. Note that turning off mppe encryption on both sides does not solve this problem. Anyone know what could be wrong? Here is my mpd.conf: default: load ciscopptp ciscopptp: new -i ng1 vpn vpn set iface disable on-demand set iface idle 0 set bundle disable multilink set bundle authname "username" set bundle password "password" set link no acfcomp protocomp set link mtu 1460 set link accept chap set link disable pap set ccp yes mppc set ccp yes mpp-e40 mpd.links vpn: set link type pptp set pptp self FREEBSD_PUBLIC_IP set pptp peer CISCO_PUBLIC_IP set pptp enable originate outcall Cisco 515 configuration: vpdn group 1 accept dialin pptp vpdn group 1 ppp authentication mschap vpdn group 1 ppp encryption mppe 40 vpdn group 1 client configuration address local pptp-pool vpdn group 1 pptp echo 60 vpdn group 1 client authentication local Here is my connection attempt: Multi-link PPP for FreeBSD, by Archie L. Cobbs. Based on iij-ppp, by Toshiharu OHNO. mpd: pid 22895, version 3.10 (root@gate.local.non-standard.net 20:33 26-Jan-2003) [vpn] ppp node is "mpd22895-vpn" [vpn] using interface ng1 [vpn:vpn] open [vpn] IFACE: Open event [vpn] IPCP: Open event [vpn] IPCP: state change Initial --> Starting [vpn] IPCP: LayerStart [vpn:vpn] [vpn] bundle: OPEN event in state CLOSED [vpn] opening link "vpn"... [vpn] link: OPEN event [vpn] LCP: Open event [vpn] LCP: state change Initial --> Starting [vpn] LCP: LayerStart [vpn] device: OPEN event in state DOWN pptp0: connecting to CISCO_PUBLIC_IP:1723 [vpn] device is now in state OPENING pptp0: connected to CISCO_PUBLIC_IP:1723 pptp0: attached to connection with CISCO_PUBLIC_IP:1723 pptp0-0: outgoing call connected at 16384000 bps [vpn] PPTP call successful [vpn] device: UP event in state OPENING [vpn] device is now in state UP [vpn] link: UP event [vpn] link: origination is local [vpn] LCP: Up event [vpn] LCP: state change Starting --> Req-Sent [vpn] LCP: phase shift DEAD --> ESTABLISH [vpn] LCP: SendConfigReq #1 MRU 1500 MAGICNUM 7bfb908b [vpn] LCP: rec'd Configure Request #1 link 0 (Req-Sent) AUTHPROTO CHAP MSOFT MAGICNUM 087bc1c9 [vpn] LCP: SendConfigAck #1 AUTHPROTO CHAP MSOFT MAGICNUM 087bc1c9 [vpn] LCP: state change Req-Sent --> Ack-Sent [vpn] LCP: rec'd Configure Reject #1 link 0 (Ack-Sent) MRU 1500 [vpn] LCP: SendConfigReq #2 MAGICNUM 7bfb908b [vpn] LCP: rec'd Configure Ack #2 link 0 (Ack-Sent) MAGICNUM 7bfb908b [vpn] LCP: state change Ack-Sent --> Opened [vpn] LCP: phase shift ESTABLISH --> AUTHENTICATE [vpn] LCP: auth: peer wants CHAP, I want nothing [vpn] LCP: LayerUp [vpn] CHAP: rec'd CHALLENGE #1 Name: "" Using authname "anthony" [vpn] CHAP: sending RESPONSE [vpn] CHAP: rec'd SUCCESS #1 [vpn] LCP: authorization successful [vpn] LCP: phase shift AUTHENTICATE --> NETWORK [vpn] up: 1 link, total bandwidth 64000 bps [vpn] IPCP: Up event [vpn] IPCP: state change Starting --> Req-Sent [vpn] IPCP: SendConfigReq #1 IPADDR FREEBSD_PUBLIC_IP COMPPROTO VJCOMP, 16 comp. channels, no comp-cid [vpn] IPCP: rec'd Configure Request #1 link 0 (Req-Sent) IPADDR CISCO_PUBLIC_IP CISCO_PUBLIC_IP is OK [vpn] IPCP: SendConfigAck #1 IPADDR CISCO_PUBLIC_IP [vpn] IPCP: state change Req-Sent --> Ack-Sent [vpn] IPCP: rec'd Configure Reject #1 link 0 (Ack-Sent) COMPPROTO VJCOMP, 16 comp. channels, no comp-cid [vpn] IPCP: SendConfigReq #2 IPADDR FREEBSD_PUBLIC_IP [vpn] IPCP: rec'd Configure Nak #2 link 0 (Ack-Sent) IPADDR 10.10.6.101 10.10.6.101 is OK [vpn] IPCP: SendConfigReq #3 IPADDR 10.10.6.101 [vpn] IPCP: rec'd Configure Ack #3 link 0 (Ack-Sent) IPADDR 10.10.6.101 [vpn] IPCP: state change Ack-Sent --> Opened [vpn] IPCP: LayerUp 10.10.6.101 -> CISCO_PUBLIC_IP [vpn] IFACE: Up event [vpn] exec: /sbin/ifconfig ng1 10.10.6.101 CISCO_PUBLIC_IP netmask 0xffffffff -link0 [vpn] IFACE: Up event [vpn] error writing len 12 frame to bypass: Resource deadlock avoided [vpn] LCP: no reply to 1 echo request(s) [vpn] error writing len 12 frame to bypass: Resource deadlock avoided [vpn] LCP: no reply to 2 echo request(s) [vpn] LCP: no reply to 3 echo request(s) [vpn] LCP: no reply to 4 echo request(s) [vpn] LCP: no reply to 5 echo request(s) [vpn] LCP: no reply to 6 echo request(s) [vpn] LCP: no reply to 7 echo request(s) [vpn] LCP: peer not responding to echo requests [vpn] LCP: LayerFinish [vpn] LCP: LayerStart [vpn] LCP: state change Opened --> Starting [vpn] LCP: phase shift NETWORK --> DEAD [vpn] up: 0 links, total bandwidth 9600 bps [vpn] IPCP: Down event [vpn] IPCP: state change Opened --> Starting [vpn] IPCP: LayerDown [vpn] IFACE: Down event [vpn] exec: /sbin/ifconfig ng1 down delete -link0 [vpn] LCP: LayerDown [vpn] device: CLOSE event in state UP pptp0-0: clearing call [vpn] device is now in state CLOSING [vpn] device: OPEN event in state CLOSING [vpn] device is now in state CLOSING [vpn] device: DOWN event in state CLOSING [vpn] device is now in state DOWN [vpn] link: DOWN event [vpn] LCP: Down event [vpn] device: OPEN event in state DOWN [vpn] pausing 9 seconds before open [vpn] device is now in state DOWN [vpn] device: OPEN event in state DOWN [vpn] device is now in state DOWN pptp0-0: peer call disconnected res=lost carrier err=none pptp0-0: killing channel pptp0: closing connection with CISCO_PUBLIC_IP:1723 pptp0: got StopCtrlConnRequest: reason=zero? pptp0: killing connection with CISCO_PUBLIC_IP:1723 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Jan 26 23:31:49 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2F31637B401 for ; Sun, 26 Jan 2003 23:31:47 -0800 (PST) Received: from mel-rto6.wanadoo.fr (smtp-out-6.wanadoo.fr [193.252.19.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 23D7843ED8 for ; Sun, 26 Jan 2003 23:31:46 -0800 (PST) (envelope-from vjardin@wanadoo.fr) Received: from mel-rta8.wanadoo.fr (193.252.19.79) by mel-rto6.wanadoo.fr (6.7.015) id 3E0C343F01280070; Mon, 27 Jan 2003 08:31:39 +0100 Received: from there (217.128.206.151) by mel-rta8.wanadoo.fr (6.7.015) id 3E26DA70005E1EC3; Mon, 27 Jan 2003 08:31:39 +0100 Message-ID: <3E26DA70005E1EC3@mel-rta8.wanadoo.fr> (added by postmaster@wanadoo.fr) Content-Type: text/plain; charset="iso-8859-1" From: Vincent Jardin To: Anthony Volodkin , net@freebsd.org Subject: Re: MPD and Cisco PIX Date: Mon, 27 Jan 2003 08:51:44 +0100 X-Mailer: KMail [version 1.3.2] References: <3E34B2C7.2020200@brainlink.com> In-Reply-To: <3E34B2C7.2020200@brainlink.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > pptp0: connecting to CISCO_PUBLIC_IP:1723 > [vpn] device is now in state OPENING > pptp0: connected to CISCO_PUBLIC_IP:1723 > pptp0: attached to connection with CISCO_PUBLIC_IP:1723 > [vpn] exec: /sbin/ifconfig ng1 10.10.6.101 CISCO_PUBLIC_IP netmask > [vpn] error writing len 12 frame to bypass: Resource deadlock avoided > [vpn] LCP: no reply to 1 echo request(s) > [vpn] error writing len 12 frame to bypass: Resource deadlock avoided Here is the problem: a "deadlock avoided" error means that an internal loop has been created within your stack. Usually it is related to a bad routing configuration. In your case, the problem looks to be the IPCP of the Cisco PIX. If I understand your log messages, your have the following configuration: FreeBSD Remote ng1 10.10.6.101 <-> REMOTE_PUBLIC_IP ---------------------------------------------------- PPTP/GRE FREEBSD_PUBLIC_IP <-> REMOTE_PUBLIC_IP Then once ng1 is up, the best path to join REMOTE_PUBLIC_IP is via ng1. Moreover, the bast path to join ng1 is via ng1 too !!! A loop has been created. You should change the pool address of the Remote end in order to avoid getting the same IPv4 address. For example, your Remote Access Router could provide you the address 192.168.x.x FreeBSD Remote ng1 10.10.6.101 <-> 192.168.254.254 ---------------------------------------------------- PPTP/GRE FREEBSD_PUBLIC_IP <-> REMOTE_PUBLIC_IP Regards, Vincent > [vpn] LCP: no reply to 2 echo request(s) > [vpn] LCP: no reply to 3 echo request(s) > [vpn] LCP: no reply to 4 echo request(s) > [vpn] LCP: no reply to 5 echo request(s) > [vpn] LCP: no reply to 6 echo request(s) > [vpn] LCP: no reply to 7 echo request(s) > [vpn] LCP: peer not responding to echo requests > [vpn] LCP: LayerFinish > [vpn] LCP: LayerStart > [vpn] LCP: state change Opened --> Starting > [vpn] LCP: phase shift NETWORK --> DEAD > [vpn] up: 0 links, total bandwidth 9600 bps > [vpn] IPCP: Down event > [vpn] IPCP: state change Opened --> Starting > [vpn] IPCP: LayerDown > [vpn] IFACE: Down event > [vpn] exec: /sbin/ifconfig ng1 down delete -link0 > [vpn] LCP: LayerDown > [vpn] device: CLOSE event in state UP > pptp0-0: clearing call > [vpn] device is now in state CLOSING > [vpn] device: OPEN event in state CLOSING > [vpn] device is now in state CLOSING > [vpn] device: DOWN event in state CLOSING > [vpn] device is now in state DOWN > [vpn] link: DOWN event > [vpn] LCP: Down event > [vpn] device: OPEN event in state DOWN > [vpn] pausing 9 seconds before open > [vpn] device is now in state DOWN > [vpn] device: OPEN event in state DOWN > [vpn] device is now in state DOWN > pptp0-0: peer call disconnected res=lost carrier err=none > pptp0-0: killing channel > pptp0: closing connection with CISCO_PUBLIC_IP:1723 > pptp0: got StopCtrlConnRequest: reason=zero? > pptp0: killing connection with CISCO_PUBLIC_IP:1723 > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Jan 27 0:52:48 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 96C5B37B401 for ; Mon, 27 Jan 2003 00:52:46 -0800 (PST) Received: from tank.tomato.it (tank.tomato.it [212.239.44.202]) by mx1.FreeBSD.org (Postfix) with SMTP id ACB9343F18 for ; Mon, 27 Jan 2003 00:52:43 -0800 (PST) (envelope-from list@manuelmartini.it) Received: (qmail 14218 invoked by uid 2520); 27 Jan 2003 09:04:38 -0000 Received: from list@manuelmartini.it by tank.tomato.it by uid 2020 with Tomato-scanner-1.15 (Processed in 0.205753 secs); 27 Jan 2003 09:04:38 -0000 Received: from 213-156-38-107.fastres.net (HELO ?192.168.1.85?) (213.156.38.107) by trevorreilly.dj with SMTP; 27 Jan 2003 09:04:38 -0000 Mime-Version: 1.0 X-Sender: list@mail.manuelmartini.it Message-Id: Date: Mon, 27 Jan 2003 09:52:34 +0100 To: net@freebsd.org From: Martin Subject: Network Card Problem (BroadCom) Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Freebsd Team I' ve problem with an a network card on my new server I bought an IBM Xserve 225 with this configuration: Dula Xeon 2,4Ghetz 1Gbyte Ram DDR SCSI 320 with 36Gbyte Disk BroadCom NetXtreme Gigabit network Card I installed Freebsd 4.7 I recompiled Kernel with BGE and miibus device but the network card doesn't work if i make 'pciconf -l -v' i see >>>>>>>>>> none7@pci3:1:0: class=0x020000 card=0x026f1014 chip=0x16a714e4 rev=0x02 hdr=0x00 vendor = 'Broadcom Corporation' device = 'BCM5703X Gigabit Ethernet' class = network subclass = ethernet <<<<<<<<<< in dmesg i see: >>>>>>> pci3: (vendor=0x14e4, dev=0x16a7) at 1.0 irq 11 <<<<<<< In bios i disabled plug&Play options Why doesnt it work? Kind Regards Martin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Jan 27 5: 8:37 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABD7437B401 for ; Mon, 27 Jan 2003 05:08:35 -0800 (PST) Received: from tank.tomato.it (tank.tomato.it [212.239.44.202]) by mx1.FreeBSD.org (Postfix) with SMTP id B448143F43 for ; Mon, 27 Jan 2003 05:08:33 -0800 (PST) (envelope-from list@manuelmartini.it) Received: (qmail 35290 invoked by uid 2520); 27 Jan 2003 13:20:29 -0000 Received: from list@manuelmartini.it by tank.tomato.it by uid 2020 with Tomato-scanner-1.15 (Processed in 0.548093 secs); 27 Jan 2003 13:20:29 -0000 Received: from 213-156-38-107.fastres.net (HELO ?192.168.1.85?) (213.156.38.107) by trevorreilly.dj with SMTP; 27 Jan 2003 13:20:29 -0000 Mime-Version: 1.0 X-Sender: list@mail.manuelmartini.it Message-Id: Date: Mon, 27 Jan 2003 14:08:23 +0100 To: net@freebsd.org From: Martin Subject: Network Card Problem (BroadCom) Cc: esperti@gufi.org Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Freebsd Team I' ve problem with an a network card on my new server I bought an IBM Xserve 225 with this configuration: Dula Xeon 2,4Ghetz 1Gbyte Ram DDR SCSI 320 with 36Gbyte Disk BroadCom NetXtreme Gigabit network Card I installed Freebsd 4.7 I recompiled Kernel with BGE and miibus device but the network card doesn't work if i make 'pciconf -l -v' i see >>>>>>>>>> none7@pci3:1:0: class=0x020000 card=0x026f1014 chip=0x16a714e4 rev=0x02 hdr=0x00 vendor = 'Broadcom Corporation' device = 'BCM5703X Gigabit Ethernet' class = network subclass = ethernet <<<<<<<<<< in dmesg i see: >>>>>>> pci3: (vendor=0x14e4, dev=0x16a7) at 1.0 irq 11 <<<<<<< In bios i disabled plug&Play options Why doesnt it work? Kind Regards Martin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Jan 27 17:17:44 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C505537B401; Mon, 27 Jan 2003 17:17:43 -0800 (PST) Received: from great4.greatschools.net (great4.greatschools.net [199.4.104.154]) by mx1.FreeBSD.org (Postfix) with ESMTP id 61B7A43F3F; Mon, 27 Jan 2003 17:17:43 -0800 (PST) (envelope-from jdd@greatschools.net) Received: from great4.greatschools.net (localhost [127.0.0.1]) by great4.greatschools.net (8.12.6/8.12.6) with ESMTP id h0S1Hhuc007224; Mon, 27 Jan 2003 17:17:43 -0800 (PST) (envelope-from jdd@greatschools.net) Received: from localhost (jdd@localhost) by great4.greatschools.net (8.12.6/8.12.6/Submit) with ESMTP id h0S1HgvE007221; Mon, 27 Jan 2003 17:17:42 -0800 (PST) X-Authentication-Warning: great4.greatschools.net: jdd owned process doing -bs Date: Mon, 27 Jan 2003 17:17:37 -0800 (PST) From: John David Duncan To: freebsd-current@freebsd.org, freebsd-net@freebsd.org Subject: Direct Server Return and FreeBSD 5 Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org There's a load balancing configuration known as direct server return (DSR), in which packets pass from the client through the load balancer to the server, but then the replies from the server go directly to the client (bypassing the load balancer). The way this works is that the load balancer sends the server an IP packet with the virtual IP address as its destination addr, inside an ethernet frame whose destination is the real MAC addr of the server. The server replies with a normal packet using the VIP as the source addr. The usual way to configure a BSD box to work this way is to bring up the VIP as an alias on the loopback address, like this: ifconfig lo0 add 1.2.3.4 netmask 0xffffff00 As far as I can tell from my testing, this trick just doesn't work on my box running -CURRENT. In tcpdump I see packets coming in but none going out. Does anybody know why, or what I would have to do to change the behavior? - JD To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Jan 27 17:20:19 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 52DC637B401; Mon, 27 Jan 2003 17:20:18 -0800 (PST) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 05EBE43F3F; Mon, 27 Jan 2003 17:20:18 -0800 (PST) (envelope-from ps@mu.org) Received: by elvis.mu.org (Postfix, from userid 1000) id B4214AE27E; Mon, 27 Jan 2003 17:20:14 -0800 (PST) Date: Mon, 27 Jan 2003 17:20:14 -0800 From: Paul Saab To: John David Duncan Cc: freebsd-current@freebsd.org, freebsd-net@freebsd.org Subject: Re: Direct Server Return and FreeBSD 5 Message-ID: <20030128012014.GA30287@elvis.mu.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You need to set net.inet.ip.check_interface=0 John David Duncan (jdd@greatschools.net) wrote: > > There's a load balancing configuration known as direct server return > (DSR), in which packets pass from the client through the load balancer to > the server, but then the replies from the server go directly to the client > (bypassing the load balancer). The way this works is that the load > balancer sends the server an IP packet with the virtual IP address as its > destination addr, inside an ethernet frame whose destination is the real > MAC addr of the server. The server replies with a normal packet using the > VIP as the source addr. > > The usual way to configure a BSD box to work this way is to bring up the > VIP as an alias on the loopback address, like this: > ifconfig lo0 add 1.2.3.4 netmask 0xffffff00 > > As far as I can tell from my testing, this trick just doesn't work on my > box running -CURRENT. In tcpdump I see packets coming in but none > going out. > > Does anybody know why, or what I would have to do to change the behavior? > > - JD > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-current" in the body of the message -- Paul Saab Technical Yahoo ps@mu.org - ps@yahoo-inc.com - ps@freebsd.org Do You .. uhh .. Yahoo!? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Jan 27 17:25: 7 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 03A5937B401; Mon, 27 Jan 2003 17:25:06 -0800 (PST) Received: from bluejay.mail.pas.earthlink.net (bluejay.mail.pas.earthlink.net [207.217.120.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E4C343F43; Mon, 27 Jan 2003 17:25:05 -0800 (PST) (envelope-from tlambert2@mindspring.com) Received: from pool0350.cvx22-bradley.dialup.earthlink.net ([209.179.199.95] helo=mindspring.com) by bluejay.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 18dKUm-0001FE-00; Mon, 27 Jan 2003 17:25:01 -0800 Message-ID: <3E35DB45.4B429192@mindspring.com> Date: Mon, 27 Jan 2003 17:22:13 -0800 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: John David Duncan Cc: freebsd-current@freebsd.org, freebsd-net@freebsd.org Subject: Re: Direct Server Return and FreeBSD 5 References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a4c3a30819a42dc93166106ce2853add8a350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org John David Duncan wrote: > There's a load balancing configuration known as direct server return > (DSR), in which packets pass from the client through the load balancer to > the server, but then the replies from the server go directly to the client > (bypassing the load balancer). The way this works is that the load > balancer sends the server an IP packet with the virtual IP address as its > destination addr, inside an ethernet frame whose destination is the real > MAC addr of the server. The server replies with a normal packet using the > VIP as the source addr. > > The usual way to configure a BSD box to work this way is to bring up the > VIP as an alias on the loopback address, like this: > ifconfig lo0 add 1.2.3.4 netmask 0xffffff00 > > As far as I can tell from my testing, this trick just doesn't work on my > box running -CURRENT. In tcpdump I see packets coming in but none > going out. > > Does anybody know why, or what I would have to do to change the behavior? Rather than actually fixing the routing code, FreeBSD did a hack to save the inbound route for outbound responses, do the response goes out on the same interface the request came in on. It does not check for equivalency, when it does this. See the discussion in the -current list archives, a month or so ago. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Jan 28 11:53:33 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C547F37B401 for ; Tue, 28 Jan 2003 11:53:32 -0800 (PST) Received: from web13406.mail.yahoo.com (web13406.mail.yahoo.com [216.136.175.64]) by mx1.FreeBSD.org (Postfix) with SMTP id 3487A43F79 for ; Tue, 28 Jan 2003 11:53:32 -0800 (PST) (envelope-from giffunip@yahoo.com) Message-ID: <20030128195331.87171.qmail@web13406.mail.yahoo.com> Received: from [200.24.79.40] by web13406.mail.yahoo.com via HTTP; Tue, 28 Jan 2003 20:53:31 CET Date: Tue, 28 Jan 2003 20:53:31 +0100 (CET) From: "=?iso-8859-1?q?Pedro=20F.=20Giffuni?=" Subject: 3C515 Fast EtherLink ISA To: freebsd-net@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi; I have one of these and it's not recognized by FreeBSD 5.0: http://support.3com.com/infodeli/tools/nic/3c515.htm If someone has patches, I'd like to test them, otherwise I am considering donating the card to the project (It would take quite long to arrive though). cheers, Pedro. ______________________________________________________________________ Yahoo! Cellulari: loghi, suonerie, picture message per il tuo telefonino http://it.yahoo.com/mail_it/foot/?http://it.mobile.yahoo.com/index2002.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jan 29 2:24:56 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 16C7937B401; Wed, 29 Jan 2003 02:24:55 -0800 (PST) Received: from angelo.kcl.ac.uk (angelo.kcl.ac.uk [137.73.66.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id E456F43F3F; Wed, 29 Jan 2003 02:24:49 -0800 (PST) (envelope-from dev.dhas@kcl.ac.uk) Received: from ctr-Dev.kcl.ac.uk (EE077.eee.kcl.ac.uk [137.73.10.124]) by angelo.kcl.ac.uk with ESMTP id h0TAFue2027967; Wed, 29 Jan 2003 10:15:59 GMT Message-Id: <5.2.0.9.0.20030129102140.00ae60a0@pop2.kcl.ac.uk> X-Sender: kkqd2740@pop2.kcl.ac.uk X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Wed, 29 Jan 2003 10:23:22 +0000 To: freebsd-hackers@freebsd.org From: Audsin Subject: Changing the Maximum Segment Size (MSS) of Kame MIP6 Free BSD4.4 Cc: freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-MailScanner: Found to be clean Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Respected Sir/ Madam I am Dev, doing my research in Centre for Telecommunications Research, King's college London. My research project involves evaluating the performance of MIP6 TCP in the presence of fragmentation and without fragmentation. I am using Kame MIP6 for Free BSD 4.4 and have configured gif0 interface for ipv6ip tunnel. I wish to change the Maximum segment size of the TCP. Can you please help me , where i should change the MSS of the TCP. Can you tell me where the default size of the MSS mentioned? Eagerly waiting for the reply Best Regards Dev A. Dev pramil Research Student Center for Telecommunications Research University of London, Kings College Strand WC2R 2LS To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jan 29 10:45:47 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 69EDE37B401 for ; Wed, 29 Jan 2003 10:45:46 -0800 (PST) Received: from gielfeldt.dk (213.237.34.8.adsl.suoe.worldonline.dk [213.237.34.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8873143F3F for ; Wed, 29 Jan 2003 10:45:38 -0800 (PST) (envelope-from thomas@gielfeldt.dk) Subject: MPD + NETGRAPH and BRIDGING Date: Wed, 29 Jan 2003 19:45:33 +0100 Message-ID: <52BC02A95BE2CB4C848C59609338A373012625@webserver.gielfeldt.dk> MIME-Version: 1.0 X-MS-Has-Attach: Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 X-MS-TNEF-Correlator: Thread-Topic: MPD + NETGRAPH and BRIDGING thread-index: AcLHxpnNvP08gpwjRgyGYD4QOjONCQ== From: "Thomas Gielfeldt" Content-Class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 To: Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org SGkNCiANCldvdWxkIGl0IGJlIHBvc3NpYmxlIHRvIGltcGxlbWVudCBhIGZlYXR1cmUgaW4gTVBE IHdoaWNoIGFsbG93cyB5b3UgdG8gY3JlYXRlIGEgbm9kZSBvZiB0eXBlIG5nX2V0aGVyIGluc3Rl YWQgb2YgbmdfaWZhY2UgdG8gYWxsb3cgYnJpZGdpbmcgdGhlIGNsaWVudCBvbnRvIHRoZSBuZXR3 b3JrIGluc3RlYWQgb2Ygcm91dGluZyBpdD8NCiANCklmIHNvLCBpcyBhbnlvbmUgdXAgZm9yIGlt cGxlbWVudGluZyBzdWNoIGEgZmVhdHVyZT8gKFBlcmhhcHMgSVBYIGNvdWxkIGJlIGltcGxlbWVu dGVkIHRvbz8pDQogDQpCciwNClRob21hcyBHaWVsZmVsZHQNCiANCiANCg== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jan 29 13:16:29 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3AC3437B405 for ; Wed, 29 Jan 2003 13:16:28 -0800 (PST) Received: from smtp030.tiscali.dk (smtp030.tiscali.dk [212.54.64.105]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4982C43F3F for ; Wed, 29 Jan 2003 13:16:22 -0800 (PST) (envelope-from thomas@gielfeldt.dk) Received: from undercover (213.237.34.52.adsl.suoe.worldonline.dk [213.237.34.52]) by smtp030.tiscali.dk (8.12.5/8.12.5) with SMTP id h0TLGEfd011376 for ; Wed, 29 Jan 2003 22:16:14 +0100 (MET) Message-ID: <000c01c2c7db$ac766240$0301a8c0@undercover> From: "Thomas Gielfeldt" To: Subject: MPD + NETGRAPH and BRIDGING Date: Wed, 29 Jan 2003 22:16:21 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi First of all, sorry for the last mail I sent. And now ... down to business: Would it be possible to implement a feature in MPD which allows you to create a node of type ng_ether instead of ng_iface to allow bridging the client onto the network instead of routing it? If so, is anyone up for implementing such a feature? (Perhaps IPX could be implemented too?) Br, Thomas Gielfeldt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jan 29 13:35:14 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5450437B401 for ; Wed, 29 Jan 2003 13:35:13 -0800 (PST) Received: from marstons.services.quay.plus.net (marstons.services.quay.plus.net [212.159.14.223]) by mx1.FreeBSD.org (Postfix) with SMTP id 1C7D943F93 for ; Wed, 29 Jan 2003 13:35:07 -0800 (PST) (envelope-from trent@limekiln.vcisp.net) Received: (qmail 26381 invoked by uid 10001); 29 Jan 2003 21:35:00 -0000 Received: from limekiln.vcisp.net (212.159.16.110) by marstons.services.quay.plus.net with SMTP; 29 Jan 2003 21:35:00 -0000 Received: by limekiln.vcisp.net (Postfix, from userid 1001) id ED90892; Wed, 29 Jan 2003 21:34:50 +0000 (GMT) Date: Wed, 29 Jan 2003 21:34:50 +0000 From: Trent Nelson To: freebsd-net@freebsd.org Subject: ipfw keep-state problem Message-ID: <20030129213450.GA6421@limekiln.vcisp.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.1i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I'm using ipfw with dynamic rules, and I'm having problems. Consi- der the following rules: ipfw add check-state ipfw add deny tcp from any to any established ipfw add pass ip from me to any ipfw add pass tcp from any to me ssh keep-state setup ipfw add pass tcp from any to me telnet keep-state setup Which is basically from the man page. The problem is that after establishing a successful telnet/ssh session, I have about 90-120 seconds time to have some traffic pass over the session before it dies. Now when I say die, the connection is not dropped initially, it just appears that all traffic I sent is blocked. If I had to take a wild guess, I'd say that the keep-state setup rules added dynamically are expiring too quickly, and thus, subseq- uent traffic is hitting the ``deny tcp from any to any established'' rule. I'm using ipfw v1 and 4.7-STABLE as of a few days ago. Any thoughts? Regards, Trent. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jan 29 14: 7:36 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BDF7137B401 for ; Wed, 29 Jan 2003 14:07:34 -0800 (PST) Received: from white.dogwood.com (white.dogwood.com [63.96.228.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3D2EE43F43 for ; Wed, 29 Jan 2003 14:07:34 -0800 (PST) (envelope-from dave@dogwood.com) Received: from white.dogwood.com (localhost [127.0.0.1]) by white.dogwood.com (8.12.6/8.12.5) with ESMTP id h0TM7XSC094934 for ; Wed, 29 Jan 2003 14:07:33 -0800 (PST) (envelope-from dave@white.dogwood.com) Received: (from dave@localhost) by white.dogwood.com (8.12.6/8.12.6/Submit) id h0TM7XPL094933 for freebsd-net@freebsd.org; Wed, 29 Jan 2003 14:07:33 -0800 (PST) From: Dave Cornejo Message-Id: <200301292207.h0TM7XPL094933@white.dogwood.com> Subject: unique routing problem To: freebsd-net@freebsd.org Date: Wed, 29 Jan 2003 14:07:32 -0800 (PST) X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I've got a unique routing problem: local network is 192.168.1.0/24 192.168.1.4 | | 192.168.1.1 -- ethernet -- 192.168.1.2 / global IP addr -- internet | | 192.168.1.3 now, the rules: 1) .1 may directly exchange packets with .4 and .2 only, it may not exchange packets with .3 directly. 2) .2 may directly exchange packets with any host 3) .2 acts as the gateway to the internet the problem is that I need to be able to set up the routing tables so that if .1 needs to connect to .3 that it goes through .2. If it needs to connect to .4 or .2 it can do that directly. To make things even more fun, any number of hosts may join or leave the network at any point and the lists of which hosts have direct connectivity is dynamic. But I think that if I can solve the above problem that I'll have what I need to solve the rest of it. I have a solution that uses Linux, but I'm reasonably certain that it really uses a flaw in the Linux kernel to work as it's dicey to set up, requires a specific order of steps and requires a reboot when things like the hosts IP address changes. BTW, If anyone that can answer this needs a job or contract please let me know... thanks, dave c -- Dave Cornejo @ Dogwood Media, Fremont, California (also dcornejo@ieee.org) "There aren't any monkeys chasing us..." - Xochi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jan 29 14:12:55 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D6B3E37B401; Wed, 29 Jan 2003 14:12:53 -0800 (PST) Received: from heron.mail.pas.earthlink.net (heron.mail.pas.earthlink.net [207.217.120.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id 739C543FC3; Wed, 29 Jan 2003 14:12:51 -0800 (PST) (envelope-from tlambert2@mindspring.com) Received: from pool0131.cvx22-bradley.dialup.earthlink.net ([209.179.198.131] helo=mindspring.com) by heron.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 18e0Rs-0007ad-00; Wed, 29 Jan 2003 14:12:49 -0800 Message-ID: <3E385188.F3404260@mindspring.com> Date: Wed, 29 Jan 2003 14:11:20 -0800 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Audsin Cc: freebsd-hackers@freebsd.org, freebsd-net@freebsd.org Subject: Re: Changing the Maximum Segment Size (MSS) of Kame MIP6 FreeBSD4.4 References: <5.2.0.9.0.20030129102140.00ae60a0@pop2.kcl.ac.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a47e512cc7f6a22f6bd971795d613311832601a10902912494350badd9bab72f9c350badd9bab72f9c Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Audsin wrote: > I am Dev, doing my research in Centre for Telecommunications Research, > King's college London. My research project involves evaluating the > performance of MIP6 TCP in the presence of fragmentation and without > fragmentation. I am using Kame MIP6 for Free BSD 4.4 and have configured > gif0 interface for ipv6ip tunnel. I wish to change the Maximum segment size > of the TCP. Can you please help me , where i should change the MSS of the > TCP. Can you tell me where the default size of the MSS mentioned? man ifconfig /mtu It sounds like you are trying to do something you don't have an idea of how to do. In general, this isn't a bad thing for a student to do, but you should probably read the source code and the RFC's and understand them well enough that you understand the effect of an intermediate MTU on the MSS, and what the MSS is vs. your trying to throttle it, and how one effects the other. My hunch is that you are wanting to have an intermediate link that is a fragmentation bottleneck, given what you say you are studying. Don't expect a lot of help from these lists until after you are asking questions that indicate you've read the standards and the current code. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jan 29 15:58:50 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C653437B401 for ; Wed, 29 Jan 2003 15:58:48 -0800 (PST) Received: from arthur.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 86A0D43F85 for ; Wed, 29 Jan 2003 15:58:47 -0800 (PST) (envelope-from simon@arthur.nitro.dk) Received: by arthur.nitro.dk (Postfix, from userid 1000) id 6C7D510BFA5; Thu, 30 Jan 2003 00:58:36 +0100 (CET) Date: Thu, 30 Jan 2003 00:58:36 +0100 From: "Simon L. Nielsen" To: Trent Nelson Cc: freebsd-net@freebsd.org Subject: Re: ipfw keep-state problem Message-ID: <20030129235835.GF327@nitro.dk> References: <20030129213450.GA6421@limekiln.vcisp.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="hoZxPH4CaxYzWscb" Content-Disposition: inline In-Reply-To: <20030129213450.GA6421@limekiln.vcisp.net> User-Agent: Mutt/1.5.1i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --hoZxPH4CaxYzWscb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2003.01.29 21:34:50 +0000, Trent Nelson wrote: > If I had to take a wild guess, I'd say that the keep-state setup > rules added dynamically are expiring too quickly, and thus, subseq- > uent traffic is hitting the ``deny tcp from any to any established'' > rule. Yes this happens with ipfw1. You can use ipfw2 (which sends keep-alive for tcp connections) or increase the lifetime of dynamic rules. I'm using ipfw2 and it works fine - I had the same problem with ipfw1. --=20 Simon L. Nielsen --hoZxPH4CaxYzWscb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+OGqr8kocFXgPTRwRAiKzAKCmRofHPG1nIVgx3vFRSbNb7ayA9gCdHGnw hWNzsDA8WmQinjHrbllK/dY= =HTqn -----END PGP SIGNATURE----- --hoZxPH4CaxYzWscb-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jan 29 17:29:39 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A8BB937B401 for ; Wed, 29 Jan 2003 17:29:36 -0800 (PST) Received: from eurus.primus.ca (mail.tor.primus.ca [216.254.136.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id B9B9943FAF for ; Wed, 29 Jan 2003 17:29:35 -0800 (PST) (envelope-from leth@primus.ca) Received: from dialin-154-111.tor.primus.ca ([216.254.154.111]) by eurus.primus.ca with esmtp (Exim 3.36 #3) id 18e3W1-00012b-0A; Wed, 29 Jan 2003 20:29:17 -0500 Date: Wed, 29 Jan 2003 20:29:48 -0500 (EST) From: Jason Hunt X-X-Sender: leth@lethargic.dyndns.org To: Dave Cornejo Cc: freebsd-net@FreeBSD.ORG Subject: Re: unique routing problem In-Reply-To: <200301292207.h0TM7XPL094933@white.dogwood.com> Message-ID: <20030129195711.Y11564-100000@lethargic.dyndns.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 29 Jan 2003, Dave Cornejo wrote: > local network is 192.168.1.0/24 > > 192.168.1.4 > | > | > 192.168.1.1 -- ethernet -- 192.168.1.2 / global IP addr -- internet > | > | > 192.168.1.3 > > now, the rules: > > 1) .1 may directly exchange packets with .4 and .2 only, it may not > exchange packets with .3 directly. > > 2) .2 may directly exchange packets with any host > > 3) .2 acts as the gateway to the internet > > the problem is that I need to be able to set up the routing tables so > that if .1 needs to connect to .3 that it goes through .2. The "cleanest" way to do this would be by subnetting. You could have .2 on two subnets, with one of the subnets having only the .1 host, while the other subnet has the rest of the hosts. However, you would want to tell .1 to route packets for .3 to .2. This can be done with a simple entry in the routing table on .1. If you don't "trust" .1 or can't modify it's routing table, then you would need to setup a transparent firewall. Then you need to tell .2 to redirect packets from .1 to .3. If you want packets from .3 to .1 to go through .2 as well, you would do the same thing, but the other way around (change/reverse the addresses). As for _how_ to do this with FreeBSD, you could use ipfw to redirect the packets. This would be done with the "fwd" keyboard. Check the manpage ipfw(8) for more details. You could also do some kind of layer 2 filtering/rewriting between .3 and the rest of the Ethernet. However, if your goal is to have .2 see all of the packets from .3 to .1, then there's a better way of doing it. If you are using an Ethernet hub, then every host on the LAN will already see every packet that is sent by every host. If you are using an Ethernet switch, you might be able to tell the switch that one of the ports should see every packet sent to the LAN. In the world of cisco, this is known as 'port monitoring'. I'm not sure about other vendors however. > If it > needs to connect to .4 or .2 it can do that directly. To make things > even more fun, any number of hosts may join or leave the network at > any point and the lists of which hosts have direct connectivity is > dynamic. But I think that if I can solve the above problem that I'll > have what I need to solve the rest of it. To be quite honest, I think you need to read up a bit more on how TCP/IP and Ethernet work. In general (and this is not 100% true, since there are other rules), all hosts on a LAN (well, subnet) will have "direct connectivity" to each other. There is no process for hosts to "join" an IP/Ethernet network, they simply just start sending and receiving packets. > > I have a solution that uses Linux, but I'm reasonably certain that it > really uses a flaw in the Linux kernel to work as it's dicey to set > up, requires a specific order of steps and requires a reboot when > things like the hosts IP address changes. > Do you know what this is called? Or can you atleast describe this method in more detail? I might even have the completely wrong idea about what you're trying to accomplish. Hope this helps, and I hope I didn't confuse you. :) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jan 29 19:30: 4 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C455837B401 for ; Wed, 29 Jan 2003 19:30:00 -0800 (PST) Received: from white.dogwood.com (white.dogwood.com [63.96.228.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 195CF43F43 for ; Wed, 29 Jan 2003 19:30:00 -0800 (PST) (envelope-from dave@dogwood.com) Received: from white.dogwood.com (localhost [127.0.0.1]) by white.dogwood.com (8.12.6/8.12.5) with ESMTP id h0U3TuSC003643; Wed, 29 Jan 2003 19:29:57 -0800 (PST) (envelope-from dave@white.dogwood.com) Received: (from dave@localhost) by white.dogwood.com (8.12.6/8.12.6/Submit) id h0U3TkP4003640; Wed, 29 Jan 2003 19:29:46 -0800 (PST) From: Dave Cornejo Message-Id: <200301300329.h0U3TkP4003640@white.dogwood.com> Subject: Re: unique routing problem In-Reply-To: <20030129195711.Y11564-100000@lethargic.dyndns.org> To: Jason Hunt Date: Wed, 29 Jan 2003 19:29:46 -0800 (PST) Cc: Dave Cornejo , freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org you wrote: > On Wed, 29 Jan 2003, Dave Cornejo wrote: > > > local network is 192.168.1.0/24 > > > > 192.168.1.4 > > | > > | > > 192.168.1.1 -- ethernet -- 192.168.1.2 / global IP addr -- internet > > | > > | > > 192.168.1.3 > > > > now, the rules: > > > > 1) .1 may directly exchange packets with .4 and .2 only, it may not > > exchange packets with .3 directly. > > > > 2) .2 may directly exchange packets with any host > > > > 3) .2 acts as the gateway to the internet > > > > the problem is that I need to be able to set up the routing tables so > > that if .1 needs to connect to .3 that it goes through .2. > > The "cleanest" way to do this would be by subnetting. You could have .2 > on two subnets, with one of the subnets having only the .1 host, while the > other subnet has the rest of the hosts. I over-simplified the problem - I'm not talking about 4 hosts on pure Ethernet here, I'm really talking about hundreds to thousands with some portions running over radio. The rules change dynamically and pretty frequently (like potentially on the order of seconds) - I have a routing daemon that knows how the rules are changing and I need to get this into a routing table. Subnetting on this scale won't work, and since some hosts will need to participate in multiple subnets, you run into the problem of dynamically managing subnets and aliasing the interface (easy enough at small scale) We have this running on Linux, but it's my belief that we're actually exploiting a bug or flaw in the Linux routing. The closest I've gotten is to set add a route like this on .1: .1 has a netmask of 0xffffffff route add 192.168.1.2 -interface fxp0 (hope I'm remembering this right) which yields the packets getting transmitted with but with the MAC address of .1, so .2 never recognizes the packet. > However, you would want to tell .1 to route packets for .3 to .2. This > can be done with a simple entry in the routing table on .1. If you don't > "trust" .1 or can't modify it's routing table, then you would need to > setup a transparent firewall. Then you need to tell .2 to redirect > packets from .1 to .3. If you want packets from .3 to .1 to go through .2 > as well, you would do the same thing, but the other way around > (change/reverse the addresses). As for _how_ to do this with FreeBSD, you > could use ipfw to redirect the packets. This would be done with the "fwd" > keyboard. Check the manpage ipfw(8) for more details. ipfw is an interesting suggestion, I'll have to look at that. > You could also do some kind of layer 2 filtering/rewriting between .3 and > the rest of the Ethernet. > > However, if your goal is to have .2 see all of the packets from .3 to .1, > then there's a better way of doing it. If you are using an Ethernet hub, > then every host on the LAN will already see every packet that is sent by > every host. If you are using an Ethernet switch, you might be able to > tell the switch that one of the ports should see every packet sent to the > LAN. In the world of cisco, this is known as 'port monitoring'. I'm not > sure about other vendors however. Can't rely on that because as I noted above we're using some wireless links in here and (having worked on the IOS code) port monitoring is often busted anyway. > > If it > > needs to connect to .4 or .2 it can do that directly. To make things > > even more fun, any number of hosts may join or leave the network at > > any point and the lists of which hosts have direct connectivity is > > dynamic. But I think that if I can solve the above problem that I'll > > have what I need to solve the rest of it. > > To be quite honest, I think you need to read up a bit more on how TCP/IP > and Ethernet work. In general (and this is not 100% true, since there > are other rules), all hosts on a LAN (well, subnet) will have "direct > connectivity" to each other. There is no process for hosts to "join" an > IP/Ethernet network, they simply just start sending and receiving > > packets. In a pure Etherenet environment yes, but the problem I'm trying to solve is that I can't rely on the network connection being reliable or static. I've gotten the problem down to dealing with the FreeBSD routing and interface driver code, but I don't quite have my brain around the whole concept of BSD routing - I'm going through the 4.4BSD internals book, but time is short and I'm being lazy here... > > I have a solution that uses Linux, but I'm reasonably certain that it > > really uses a flaw in the Linux kernel to work as it's dicey to set > > up, requires a specific order of steps and requires a reboot when > > things like the hosts IP address changes. > > > > Do you know what this is called? Or can you atleast describe this method > in more detail? I might even have the completely wrong idea about what > you're trying to accomplish. Unfortunately, I've only witnessed it and it requires some voodoo - you set the interface netmask to 0xffffffff and then there's something with an entry to the subnet I think it may have been setting the default route to the subnet (i.e. 192.168.1.0) but that doesn't sound right. Then add the route to the device with something like "route add 192.168.1.2 -dev eth0" But this is flakey > Hope this helps, and I hope I didn't confuse you. :) No, the ipfw is an interesting idea - thanks for your reply... dave c -- Dave Cornejo @ Dogwood Media, Fremont, California (also dcornejo@ieee.org) "There aren't any monkeys chasing us..." - Xochi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jan 29 20:13: 6 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9826B37B401 for ; Wed, 29 Jan 2003 20:13:04 -0800 (PST) Received: from mailhost.darkart.com (dsl081-070-149.sfo1.dsl.speakeasy.net [64.81.70.149]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4786F43E4A for ; Wed, 29 Jan 2003 20:11:56 -0800 (PST) (envelope-from freebsd@ghosthound.net) Received: by mailhost.darkart.com (Postfix, from userid 1001) id 462A4E52F; Wed, 29 Jan 2003 20:11:35 -0800 (PST) Date: Wed, 29 Jan 2003 20:11:34 -0800 From: Eric Hall To: Dave Cornejo Cc: freebsd-net@freebsd.org Subject: Re: unique routing problem Message-ID: <20030130041134.GC1754@darkart.com> References: <200301292207.h0TM7XPL094933@white.dogwood.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200301292207.h0TM7XPL094933@white.dogwood.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Jan 29, 2003 at 02:07:32PM -0800, Dave Cornejo wrote: > Hi, > > I've got a unique routing problem: > > local network is 192.168.1.0/24 > > 192.168.1.4 > | > | > 192.168.1.1 -- ethernet -- 192.168.1.2 / global IP addr -- internet > | > | > 192.168.1.3 > > now, the rules: > > 1) .1 may directly exchange packets with .4 and .2 only, it may not > exchange packets with .3 directly. > > 2) .2 may directly exchange packets with any host > > 3) .2 acts as the gateway to the internet > > the problem is that I need to be able to set up the routing tables so > that if .1 needs to connect to .3 that it goes through .2. If it > needs to connect to .4 or .2 it can do that directly. To make things > even more fun, any number of hosts may join or leave the network at > any point and the lists of which hosts have direct connectivity is > dynamic. But I think that if I can solve the above problem that I'll > have what I need to solve the rest of it. > I don't think that routing is going to solve your problem (at least from my take of your description). Filtering, most likely IP level filtering, is where I think you'll need to work. If you have a filtering (IP level) ethernet switch/router that you can easily control (SNMP will work, but I wouldn't recommend it), that might solve your problem. Segregating the various host types into different networks, preferrably physically (ie not using VLANs), and using a filtering router (or a bridge as you've outlined the network above) should work well. A more detailed description of the problem you're trying to solve, in particular the physical and logical topology of the network involved (and how much you can change it to meet the goals) will help in developing a solution. -eric To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jan 29 20:44:38 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E1D4A37B401 for ; Wed, 29 Jan 2003 20:44:35 -0800 (PST) Received: from web21402.mail.yahoo.com (web21402.mail.yahoo.com [216.136.232.72]) by mx1.FreeBSD.org (Postfix) with SMTP id A184143F85 for ; Wed, 29 Jan 2003 20:44:35 -0800 (PST) (envelope-from zopewiz@yahoo.com) Message-ID: <20030130044435.60552.qmail@web21402.mail.yahoo.com> Received: from [63.170.174.190] by web21402.mail.yahoo.com via HTTP; Wed, 29 Jan 2003 20:44:35 PST Date: Wed, 29 Jan 2003 20:44:35 -0800 (PST) From: Carlos Carnero Subject: Incoming PPP connections OK, but no traffic To: freebsd-net@FreeBSD.ORG MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I've been toying with my test FreeBSD server (4.7-RELEASE-p3) to try to set up a plain old PPP server. I'm at a point where the modem answers, the connection goes up (i.e. the caller gets an IP number) but there's no traffic. Below you can find the files I changed in order to get that setup working, but I don't know what am I missing (and I am under the impression that's something so simple that's embarrasing.) BTW, I'm using mgetty+sendfax to answer the phone and no PAP nor CHAP, just passwd authentication. /etc/ppp/ppp.conf: default: set log Phase Chat LCP IPCP CCP tun command ident user-ppp VERSION (built COMPILATIONDATE) set device /dev/cuaa0 set speed 115200 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \ \"\" AT OK-AT-OK ATE1Q0 OK \ \\dATDT\\T TIMEOUT 40 CONNECT" set timeout 180# 3 minute idle timer (the default) enable dns# request DNS info (for resolv.conf) enable proxy set ifaddr 192.168.250.254 ---> cont'd 192.168.250.250-192.168.250.253 cuaa0: allow users texel tony set ifaddr 192.168.250.254 192.168.250.253 enable proxy enable passwdauth accept dns set dns 192.168.250.1 set nbns 192.168.250.20 set mppe /usr/local/etc/mgetty+sendfax/mgetty.config: port cuaa0 debug 4 fax-id 00 00 000000 speed 115000 direct NO blocking NO port-owner uucp port-group dialer port-mode 0660 toggle-dtr YES toggle-dtr-waittime 500 data-only YES fax-only NO modem-type auto init-chat "" ATS0=0V1E1Q0&D3&C1&H3&N0 OK modem-check-time 3600 rings 1 answer-chat "" ATA CONNECT \c \r answer-chat-timeout 80 autobauding NO ringback NO ringback-time 30 ignore-carrier false issue-file /etc/issue prompt-waittime 500 login-prompt @!login: login-time 240 diskspace 1024 notify faxadmin fax-owner uucp fax-group modem fax-mode 0660 /usr/local/etc/mgetty+sendfax/login.config: /AutoPPP/ - - /etc/ppp/ppp-incoming and finally, /etc/ppp/ppp-incoming: #!/bin/sh exec /usr/sbin/ppp -direct $IDENT What am I doing wrong? Best regards, and thanks for yer time, Carlos. __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jan 29 21:12: 4 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 040E837B401 for ; Wed, 29 Jan 2003 21:12:03 -0800 (PST) Received: from ints.mail.pike.ru (ints.mail.pike.ru [195.9.45.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 573D543F85 for ; Wed, 29 Jan 2003 21:12:01 -0800 (PST) (envelope-from babolo@cicuta.babolo.ru) Received: (qmail 85016 invoked from network); 30 Jan 2003 05:26:38 -0000 Received: from babolo.ru (HELO cicuta.babolo.ru) (194.58.226.160) by ints.mail.pike.ru with SMTP; 30 Jan 2003 05:26:38 -0000 Received: (nullmailer pid 72200 invoked by uid 136); Thu, 30 Jan 2003 05:13:29 -0000 Subject: Re: unique routing problem X-ELM-OSV: (Our standard violations) hdr-charset=KOI8-R; no-hdr-encoding=1 In-Reply-To: <200301300329.h0U3TkP4003640@white.dogwood.com> To: Dave Cornejo Date: Thu, 30 Jan 2003 08:13:29 +0300 (MSK) From: "."@babolo.ru Cc: Jason Hunt , freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Message-Id: <1043903609.121285.72199.nullmailer@cicuta.babolo.ru> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > I over-simplified the problem - I'm not talking about 4 hosts on pure > Ethernet here, I'm really talking about hundreds to thousands with > some portions running over radio. The rules change dynamically and > pretty frequently (like potentially on the order of seconds) - I have > a routing daemon that knows how the rules are changing and I need to > get this into a routing table. > > Subnetting on this scale won't work, and since some hosts will need to > participate in multiple subnets, you run into the problem of > dynamically managing subnets and aliasing the interface (easy enough > at small scale) > > We have this running on Linux, but it's my belief that we're actually > exploiting a bug or flaw in the Linux routing. The closest I've > gotten is to set add a route like this on .1: > > .1 has a netmask of 0xffffffff > > route add 192.168.1.2 -interface fxp0 > > (hope I'm remembering this right) which yields the packets getting > transmitted with but with the MAC address of .1, so .2 never > recognizes the packet. If it resolves your problem, when any traffic goes through 192.168.1.2, then swich net.link.ether.inet.proxyall=1 net.inet.ip.redirect=0 net.inet.icmp.drop_redirect=1 and use netmask /32 on other host as described As far as I understand they are mostly Windows? > ipfw is an interesting suggestion, I'll have to look at that. If all other hosts are in nets of 192.168.1.2 then you are not need ipfw to redirect trafic beetween hosts. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jan 30 0:57:33 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 774CC37B401 for ; Thu, 30 Jan 2003 00:57:28 -0800 (PST) Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 878AD43F43 for ; Thu, 30 Jan 2003 00:57:23 -0800 (PST) (envelope-from ru@whale.sunbay.crimea.ua) Received: from whale.sunbay.crimea.ua (root@localhost) by whale.sunbay.crimea.ua (8.12.6/8.12.6/Sunbay) with SMTP id h0U8vJuu029568 for ; Thu, 30 Jan 2003 10:57:19 +0200 (EET) (envelope-from ru@whale.sunbay.crimea.ua) Received: from whale.sunbay.crimea.ua (ru@localhost [127.0.0.1]) by whale.sunbay.crimea.ua (8.12.6/8.12.6/Sunbay) with ESMTP id h0U8vJ4N029546 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Thu, 30 Jan 2003 10:57:19 +0200 (EET) (envelope-from ru@whale.sunbay.crimea.ua) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.12.6/8.12.6/Submit) id h0U8vGqN029537; Thu, 30 Jan 2003 10:57:16 +0200 (EET) Date: Thu, 30 Jan 2003 10:57:16 +0200 From: Ruslan Ermilov To: Dave Cornejo Cc: net@freebsd.org Subject: Re: unique routing problem Message-ID: <20030130085716.GC22684@sunbay.com> References: <200301292207.h0TM7XPL094933@white.dogwood.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="V88s5gaDVPzZ0KCq" Content-Disposition: inline In-Reply-To: <200301292207.h0TM7XPL094933@white.dogwood.com> User-Agent: Mutt/1.5.1i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --V88s5gaDVPzZ0KCq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jan 29, 2003 at 02:07:32PM -0800, Dave Cornejo wrote: > Hi, >=20 > I've got a unique routing problem: >=20 > local network is 192.168.1.0/24 >=20 > 192.168.1.4 > | > | > 192.168.1.1 -- ethernet -- 192.168.1.2 / global IP addr -- internet > | > | > 192.168.1.3 >=20 > now, the rules: >=20 > 1) .1 may directly exchange packets with .4 and .2 only, it may not > exchange packets with .3 directly. >=20 > 2) .2 may directly exchange packets with any host >=20 > 3) .2 acts as the gateway to the internet >=20 > the problem is that I need to be able to set up the routing tables so > that if .1 needs to connect to .3 that it goes through .2. If it > needs to connect to .4 or .2 it can do that directly. To make things > even more fun, any number of hosts may join or leave the network at > any point and the lists of which hosts have direct connectivity is > dynamic. But I think that if I can solve the above problem that I'll > have what I need to solve the rest of it. >=20 I'd love to say that this is easy, but it's not, though possible. Let's assume that 192.168.1 is 192.168.4 (I have that network), and .1 is .115 and .2 is .65. So, we now have the picture like this: > 192.168.4.4 > | > | > 192.168.4.115 -- ethernet -- 192.168.4.65 / global IP addr -- internet > | > | > 192.168.4.3 Then, on .115, the initial config is as follows: : allmouth# ifconfig -a inet : rl0: flags=3D8843 mtu 1500 : inet 192.168.4.115 netmask 0xffffff00 broadcast 192.168.4.255 : lo0: flags=3D8049 mtu 16384 : inet 127.0.0.1 netmask 0xff000000 : allmouth# netstat -arn -finet : Routing tables :=20 : Internet: : Destination Gateway Flags Refs Use Netif Expire : default 192.168.4.65 UGSc 2 88 rl0 : 127.0.0.1 127.0.0.1 UH 1 6956 lo0 : 192.168.4 link#1 UC 1 0 rl0 : 192.168.4.65 00:d0:b7:16:9c:c6 UHLW 1 22 rl0 1187 The idea is to set up the static ARP entries for only 4.65 and probably some more, like 192.168.1.4 in your case, and have the rest services through the "default". Let's try: : allmouth# route delete -net 192.168.4 : delete net 192.168.4 : allmouth# netstat -arn -finet : Routing tables :=20 : Internet: : Destination Gateway Flags Refs Use Netif Expire : default 192.168.4.65 UGSc 2 88 rl0 : 127.0.0.1 127.0.0.1 UH 1 6956 lo0 : allmouth# arp -s 192.168.4.65 00:d0:b7:16:9c:c6 : cannot intuit interface index and type for 192.168.4.65 Bah! This is the known and purposedly made limitation in arp(8). Fortunately, we have the power of route(8), but it's a bit tricky: : allmouth# route add -host 192.168.4.65 -link rl0:00:d0:b7:16:9c:c6 -iface : add host 192.168.4.65: gateway rl0:00:d0:b7:16:9c:c6 : allmouth# netstat -arn : Routing tables :=20 : Internet: : Destination Gateway Flags Refs Use Netif Expire : default 192.168.4.65 UGSc 4 600 rl0 : 127.0.0.1 127.0.0.1 UH 1 6956 lo0 : 192.168.4.65 00:d0:b7:16:9c:c6 UHLS 0 0 rl0 The key here is -iface which marks this route as "direct". Now you can ping 192.168.4.65. Everything else will be accessed through 192.168.4.65. If you later say ping 192.168.4.111, you'll see: : allmouth# traceroute -q1 -n 192.168.4.111 : traceroute to 192.168.4.111 (192.168.4.111), 64 hops max, 44 byte packets : 1 192.168.4.65 0.304 ms : 2 192.168.4.111 0.314 ms : allmouth# netstat -arn : Routing tables :=20 : Internet: : Destination Gateway Flags Refs Use Netif Expire : default 192.168.4.65 UGSc 5 1384 rl0 : 127.0.0.1 127.0.0.1 UH 1 6956 lo0 : 192.168.4.65 00:d0:b7:16:9c:c6 UHLS 2 4 rl0 : 192.168.4.111 192.168.4.65 UGHW 0 0 rl0 : 192.168.4.255 192.168.4.65 UGHW3b 0 1 rl0 3419 You will probably also want to set net.inet.ip.redirect=3D0 on 192.168.4.65, like is the case here, in my situation, but it is used to overcome some routing issues with IPSec, that's a different story. But notice that the reply packets from 192.168.4.111 to 192.168.4.115 will go directly. To overcome this, the next magic should be done: On 192.168.4.115, you configure the interface (rl0 here) with -noarp (ifconfig rl0 -noarp). You set up the ARP proxy entry for 192.168.4.115 on 192.168.4.65, and add the static ARP entry on 192.168.4.65 for 192.168.4.115 (in this case, this can be done with plain arp(8)). Hope this helps! > BTW, If anyone that can answer this needs a job or contract please let > me know... >=20 I do. P.S. That was a really entertaining question, thankyou! :-) Cheers, --=20 Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age --V88s5gaDVPzZ0KCq Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+OOjsUkv4P6juNwoRAuXjAJ0dzHHRWLihzznxh2v6IhSzPgAuPACfQjTq BvTcaF0VC9rXsQr34mkP0Uw= =i/cF -----END PGP SIGNATURE----- --V88s5gaDVPzZ0KCq-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jan 30 2:12: 6 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1BE3937B401 for ; Thu, 30 Jan 2003 02:12:05 -0800 (PST) Received: from mail.otel.net (gw3.OTEL.net [212.36.8.151]) by mx1.FreeBSD.org (Postfix) with ESMTP id 75B1443F3F for ; Thu, 30 Jan 2003 02:12:03 -0800 (PST) (envelope-from ikostov@otel.net) Received: from judicator.otel.net ([212.36.9.113]) by mail.otel.net with esmtp (Exim 3.36 #1) id 18eBf9-000DIG-00; Thu, 30 Jan 2003 12:11:15 +0200 Date: Thu, 30 Jan 2003 12:11:15 +0200 (EET) From: Iasen Kostov To: Dave Cornejo Cc: Jason Hunt , Subject: Re: unique routing problem In-Reply-To: <200301300329.h0U3TkP4003640@white.dogwood.com> Message-ID: <20030130120936.B85437-100000@shadowhand.OTEL.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 29 Jan 2003, Dave Cornejo wrote: > We have this running on Linux, but it's my belief that we're actually > exploiting a bug or flaw in the Linux routing. The closest I've > gotten is to set add a route like this on .1: > > .1 has a netmask of 0xffffffff > > route add 192.168.1.2 -interface fxp0 should be : route add 192.168.1.2/32 -cloning -iface fxp0 or will never get arp address To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jan 30 10:46:42 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 81A3A37B401 for ; Thu, 30 Jan 2003 10:46:41 -0800 (PST) Received: from kurush.osdn.org.ua (external.osdn.org.ua [212.40.34.156]) by mx1.FreeBSD.org (Postfix) with ESMTP id B629143FA3 for ; Thu, 30 Jan 2003 10:46:38 -0800 (PST) (envelope-from never@kurush.osdn.org.ua) Received: from kurush.osdn.org.ua (never@localhost [127.0.0.1]) by kurush.osdn.org.ua (8.12.6/8.12.6) with ESMTP id h0UIkTWK030549 for ; Thu, 30 Jan 2003 20:46:30 +0200 (EET) (envelope-from never@kurush.osdn.org.ua) Received: (from never@localhost) by kurush.osdn.org.ua (8.12.6/8.12.6/Submit) id h0UIkTCc030548 for freebsd-net@FreeBSD.org; Thu, 30 Jan 2003 20:46:29 +0200 (EET) Date: Thu, 30 Jan 2003 20:46:29 +0200 From: Alexandr Kovalenko To: freebsd-net@FreeBSD.org Subject: any guru to port if_stge from NetBSD to FreeBSD? Message-ID: <20030130184628.GC30276@nevermind.kiev.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline User-Agent: Mutt/1.5.1i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I've got GigE network card with vendor_id=0x13f0 and device_id=0x1021. It is a "Sundance TC9021 Gigabit Ethernet" according to NetBSD's sys/dev/pci/if_stge.c Anyone willing to port it to FreeBSD? I can help testing! Thank you! -- NEVE-RIPE, will build world for food Ukrainian FreeBSD User Group http://uafug.org.ua/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jan 30 12:16:44 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4381C37B401 for ; Thu, 30 Jan 2003 12:16:43 -0800 (PST) Received: from white.dogwood.com (white.dogwood.com [63.96.228.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id C71EA43E4A for ; Thu, 30 Jan 2003 12:16:42 -0800 (PST) (envelope-from dave@dogwood.com) Received: from white.dogwood.com (localhost [127.0.0.1]) by white.dogwood.com (8.12.6/8.12.5) with ESMTP id h0UKGYSC072812; Thu, 30 Jan 2003 12:16:35 -0800 (PST) (envelope-from dave@white.dogwood.com) Received: (from dave@localhost) by white.dogwood.com (8.12.6/8.12.6/Submit) id h0UKGXrS072811; Thu, 30 Jan 2003 12:16:33 -0800 (PST) From: Dave Cornejo Message-Id: <200301302016.h0UKGXrS072811@white.dogwood.com> Subject: Re: unique routing problem To: Iasen Kostov Date: Thu, 30 Jan 2003 12:16:33 -0800 (PST) Cc: Dave Cornejo , Jason Hunt , freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Brilliant, you are a genius! I need to do a little more testing on my code, but this looks really good! Many thanks to you and to all who took my question seriously, dave c you wrote: > On Wed, 29 Jan 2003, Dave Cornejo wrote: > > > We have this running on Linux, but it's my belief that we're actually > > exploiting a bug or flaw in the Linux routing. The closest I've > > gotten is to set add a route like this on .1: > > > > .1 has a netmask of 0xffffffff > > > > route add 192.168.1.2 -interface fxp0 > should be : > > route add 192.168.1.2/32 -cloning -iface fxp0 > > or will never get arp address > -- Dave Cornejo @ Dogwood Media, Fremont, California (also dcornejo@ieee.org) "There aren't any monkeys chasing us..." - Xochi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jan 30 15: 8:59 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 20C8137B401; Thu, 30 Jan 2003 15:08:58 -0800 (PST) Received: from mail.imp.ch (mail.imp.ch [157.161.1.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id EA7E343F3F; Thu, 30 Jan 2003 15:08:56 -0800 (PST) (envelope-from mb@imp.ch) Received: from levais.imp.ch (levais.imp.ch [157.161.4.66]) by mail.imp.ch (8.12.6/8.12.3) with ESMTP id h0UN8tOq026496; Fri, 31 Jan 2003 00:08:56 +0100 (CET) (envelope-from Martin.Blapp@imp.ch) Date: Fri, 31 Jan 2003 00:08:51 +0100 (CET) From: Martin Blapp To: stable@freebsd.org Cc: net@freebsd.org Subject: Please test, big if_sis MFC for STABLE Message-ID: <20030131000538.O20166@levais.imp.ch> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all, I plan to MFC this patch soon if there aren't any problem. I'm very happy to get feed back if it doesn't work for your card, please let me know. I just own one if_sis card, and the feedback for the CURRENT version has been positive. http://people.freebsd.org/~mbr/patches/if_sis_stable.diff Martin Martin Blapp, ------------------------------------------------------------------ ImproWare AG, UNIXSP & ISP, Zurlindenstrasse 29, 4133 Pratteln, CH Phone: +41 61 826 93 00 Fax: +41 61 826 93 01 PGP: PGP Fingerprint: B434 53FC C87C FE7B 0A18 B84C 8686 EF22 D300 551E ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jan 31 1:16:47 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 68FBD37B401 for ; Fri, 31 Jan 2003 01:16:46 -0800 (PST) Received: from fubar.adept.org (fubar.adept.org [63.147.172.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1689143F3F for ; Fri, 31 Jan 2003 01:16:46 -0800 (PST) (envelope-from mike@adept.org) Received: by fubar.adept.org (Postfix, from userid 1001) id 8813215341; Fri, 31 Jan 2003 01:15:25 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by fubar.adept.org (Postfix) with ESMTP id 85C6415315 for ; Fri, 31 Jan 2003 01:15:25 -0800 (PST) Date: Fri, 31 Jan 2003 01:15:25 -0800 (PST) From: Mike Hoskins To: freebsd-net@freebsd.org Subject: freebsd/kame - linux s/wan Message-ID: <20030131010305.W38150-100000@fubar.adept.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I've got a client wanting to establish IPSEC tunnel / VPN between two offices. One end running FreeBSD/IPSEC (KAME), the other end Linux FreeS/WAN. The problem I'm having is most interoperability docs I've found on the 'Net are dated back to 2000 or so - has anything changed? This is my first time playing with this. I wish they'd just use FreeBSD on both ends, then the handbook entry (which is clear and understandable at first read) would be all I'd need. I guess that's not what they pay me for. They only want/need to do shared secrets - do I still need to use racoon? At present I believe so, because according to gif(4) there are inteoperability issues that would keep the usual bsd-bsd configuration from working in this case. I was primarily hoping for some sort of verification that information like the following is still accurate so I don't waste time copying configs that no longer work. Itojun should certainly be an authoritative source, but it is dated 2000: http://www.sandelman.ottawa.on.ca/linux-ipsec/html/2000/09/msg00511.html To anyone that has this working now, did you follow similar advice or find a solution yourself? I'm curious to see examples, including any tweaks you've had to make over time. I'm sure there's more than one way to skin this . At this point both the FreeBSD and Linux boxes sit in a DMZ without NAT. The client has expressed a desire to move both of these boxes behind the local firewalls (PIX) "once everything else is working". From my PPTP experience NAT makes my skin crawl, but does IPSEC have similar issues? Would the tunnel be affected by an intermediate NAT device? This would be true 1-to-1/static NAT (static commands on the PIX) and not something like port address translation. Oh, and I did try to get them to just connect FreeS/WAN to the remote PIX as an IPSEC peer. That would work, but the PIX does not have a 3DES license so I would like to use an alternative with better encryption. (I saw the FreeS/WAN DES patch, but that seems somewhat backwards.) Thanks for any insight, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jan 31 6:52:53 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9982F37B401 for ; Fri, 31 Jan 2003 06:52:52 -0800 (PST) Received: from scsx01.sc.ehu.es (scsx01.sc.ehu.es [158.227.150.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0B95143F3F for ; Fri, 31 Jan 2003 06:52:37 -0800 (PST) (envelope-from acbgocaa@scsx03.sc.ehu.es) Received: from scsx03.sc.ehu.es (scsx03.sc.ehu.es [158.227.150.13]) by scsx01.sc.ehu.es (8.9.3/8.9.1) with ESMTP id PAA28965 for ; Fri, 31 Jan 2003 15:52:25 +0100 (MET) Received: from localhost (acbgocaa@localhost) by scsx03.sc.ehu.es (8.10.0/8.10.0) with ESMTP id h0VEqNf28177 for ; Fri, 31 Jan 2003 15:52:24 +0100 (MET) Date: Fri, 31 Jan 2003 15:52:23 +0100 (MET) From: Antonio Gonzalez Castro To: freebsd-net@freebsd.org Subject: A question about 6to4... Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi... I've recently configured a 6to4 router. I have compiled the kernel with stf device support, modified the rc.conf and configured the rtadvd. But the others hosts can not access the IPv6 net if I don't add a ipv6_prefix_fxp0="2002:aaaa:bbbb:0000" to the rc.conf of the router... Is this normal? As far as I known, to operate with routers they only need the local-link address... C.C. me as I not in the list, please. Thanks... P.D. Sorry about my english, I'm not a native english speaker... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jan 31 9:30:41 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5037837B401 for ; Fri, 31 Jan 2003 09:30:40 -0800 (PST) Received: from mel-rto4.wanadoo.fr (smtp-out-4.wanadoo.fr [193.252.19.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id 703DB43F43 for ; Fri, 31 Jan 2003 09:30:39 -0800 (PST) (envelope-from vjardin@wanadoo.fr) Received: from mel-rta9.wanadoo.fr (193.252.19.69) by mel-rto4.wanadoo.fr (6.7.015) id 3E0C33FD0161CE4A; Fri, 31 Jan 2003 18:30:38 +0100 Received: from there (193.253.220.122) by mel-rta9.wanadoo.fr (6.7.015) id 3E26DA8D0090A581; Fri, 31 Jan 2003 18:30:38 +0100 Message-ID: <3E26DA8D0090A581@mel-rta9.wanadoo.fr> (added by postmaster@wanadoo.fr) Content-Type: text/plain; charset="iso-8859-1" From: Vincent Jardin To: Antonio Gonzalez Castro , freebsd-net@freebsd.org Subject: Re: A question about 6to4... Date: Fri, 31 Jan 2003 18:50:50 +0100 X-Mailer: KMail [version 1.3.2] References: In-Reply-To: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Le Vendredi 31 Janvier 2003 15:52, Antonio Gonzalez Castro a écrit : > Hi... > > I've recently configured a 6to4 router. I have compiled the kernel > with stf device support, modified the rc.conf and configured the rtadvd. > But the others hosts can not access the IPv6 net if I don't add a > ipv6_prefix_fxp0="2002:aaaa:bbbb:0000" to the rc.conf of the router... > > Is this normal? Yes, it is. Or you can set this address inside your local network. A typical usecase of 6to4 for a LAN could be: ^ | a.b.c.d public address +-----+ RA* | CPE | | +-----+ 2002:a.b.c.d::eui/64 | | V +-----------+- | | H1 Hn (*) the CPE advertises the 2002:a.b.c.d::/64 prefix or any prefix within 2002:a.b.c.d::/48 to the hosts. > As far as I known, to operate with routers they > only need the local-link address... C.C. me as I not in the list, please. The link-local address cannot be used beyond one hop, then you need an address with a global scope in order to access to the IPv6 Internet. Regards, Vincent To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Feb 1 15:49:28 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 983A737B401 for ; Sat, 1 Feb 2003 15:49:26 -0800 (PST) Received: from loops.nilpotent.org (loops.nilpotent.org [12.17.163.70]) by mx1.FreeBSD.org (Postfix) with SMTP id F320E43F3F for ; Sat, 1 Feb 2003 15:49:25 -0800 (PST) (envelope-from silence@nilpotent.org) Received: (qmail 83337 invoked by uid 200); 1 Feb 2003 23:49:23 -0000 Date: Sat, 1 Feb 2003 15:49:23 -0800 From: Faried Nawaz To: freebsd-isp@freebsd.org Cc: freebsd-net@freebsd.org Subject: pseudo-device gre and wccp/squid Message-ID: <20030201234923.GA83216@nilpotent.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.25i Organization: Integral Domains Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, Is anyone using the gre pseudo-device with squid for WCCP? Try as I might I can't get it to work for me. I'm using FreeBSD 4.7-STABLE, using ipfilter's ipnat to redirect packets. I've done ifconfig gre0 create ifconfig gre0 aaa.bbb.ccc.ddd fff.ggg.hhh.iii netmask 255.255.255.255 link0 up ifconfig gre0 tunnel aaa.bbb.ccc.ddd fff.ggg.hhh.iii aaa.bbb.ccc.ddd is the web proxy's ip, fff.ggg.hhh.iii is the router's. ipnat.rules has rdr gre0 0.0.0.0/0 port 80 aaa.bbb.ccc.ddd port 8080 tcp ipfilter is set to pass through all traffic, and there are no firewall rules defined. tcpdump on my ethernet interface shows gre packets coming in. 04:07:39.093205 fff.ggg.hhh.iii > aaa.bbb.ccc.ddd: gre gre-proto-0x883E tcpdump on my gre0 interface shows incoming connections from the users, and ipnat -l shows lots of redirects. proxy1# ipnat -l | head List of active MAP/Redirect filters: rdr gre0 0.0.0.0/0 port 80 -> aaa.bbb.ccc.ddd port 8080 tcp List of active sessions: RDR aaa.bbb.ccc.ddd 8080 <- -> 207.44.178.61 80 [203.215.178.61 4122] RDR aaa.bbb.ccc.ddd 8080 <- -> 205.188.250.25 80 [203.215.178.19 1612] RDR aaa.bbb.ccc.ddd 8080 <- -> 66.51.99.157 80 [66.206.32.180 3769] RDR aaa.bbb.ccc.ddd 8080 <- -> 64.94.89.238 80 [203.215.177.248 1172] RDR aaa.bbb.ccc.ddd 8080 <- -> 207.46.104.20 80 [66.206.33.7 1601] proxy1# However, none of them get to squid. Everything worked fine before the upgrade, but I was using the gre patch from squid's web site to do the work. The new pseudo-device appears to have WCCP-specific code in it, but it's not working. Does anyone have this working? Anyone at all? I'm willing to break down and switch to ipfw if that'll help, but I can't upgrade my machines to 4.7 (and higher) properly without a fix. Surely someone has used this since the code was commited. (A hack would be to comment out all code related to the pseudo-device so I can use the wccp-specific gre.c.) Faried. -- The Great GNU has arrived, infidels, behold his wrath ! "If a MOO runs on a port no one accesses, does it run?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message