From owner-freebsd-net Sun Mar 9 1:55:14 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1FBE337B404 for ; Sun, 9 Mar 2003 01:55:11 -0800 (PST) Received: from onderwijssoftware.nl (212-0-254-2.adsl.easynet.nl [212.0.254.2]) by mx1.FreeBSD.org (Postfix) with SMTP id 0A6F243FB1 for ; Sun, 9 Mar 2003 01:55:07 -0800 (PST) (envelope-from hyyu5543s@sprintpcs.com) Received: (qmail 994 invoked from network); 25 Feb 2003 08:56:44 -0000 Received: from pz101.wroclaw.sdi.tpnet.pl (HELO smtp0341.mail.yahoo.com) (212.160.23.101) by 212-0-254-2.adsl.easynet.nl with SMTP; 25 Feb 2003 08:56:44 -0000 Date: Tue, 25 Feb 2003 08:54:17 GMT From: "Acaedia" X-Priority: 3 To: ian.watkinson@ehsbrann.com Cc: freebsd-questions@freebsd.org, freebsd-net@freebsd.org, 2781385@pager.icq.com, tarkhil@webmail.sub.ru, quak@mydiax.ch, majordomo@freebsd.org, dga@pobox.com Subject: **It's Free! No catches! No gimmicks!** Mime-Version: 1.0 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20030309095507.0A6F243FB1@mx1.FreeBSD.org> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org

Save thousands $$$ and ensure the best rates in the mortgage industry today. Let us do the leg work; we'll bring the lenders to you!!!
	It's Free! No catches! No gimmicks!

Only used for list removal. All removal
requests are handled immediately once received.

.Click Here

To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Mar 9 15:46:17 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 73C2437B401; Sun, 9 Mar 2003 15:46:15 -0800 (PST) Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id D745143F75; Sun, 9 Mar 2003 15:46:14 -0800 (PST) (envelope-from crist.clark@attbi.com) Received: from blossom.cjclark.org (12-234-89-252.client.attbi.com[12.234.89.252]) by rwcrmhc51.attbi.com (rwcrmhc51) with ESMTP id <2003030923461405100kke3ke>; Sun, 9 Mar 2003 23:46:14 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.6/8.12.3) with ESMTP id h29NkDeq088701; Sun, 9 Mar 2003 15:46:13 -0800 (PST) (envelope-from crist.clark@attbi.com) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.6/8.12.6/Submit) id h29Nk9Zj088700; Sun, 9 Mar 2003 15:46:09 -0800 (PST) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Sun, 9 Mar 2003 15:46:08 -0800 From: "Crist J. Clark" To: denb Cc: freebsd-net@FreeBSD.ORG, ipfw@FreeBSD.ORG Subject: Re: Why natd don't divert packets? Message-ID: <20030309234608.GA88267@blossom.cjclark.org> Reply-To: "Crist J. Clark" References: <200303070800.h2780hWF058395@www6.mailru.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200303070800.h2780hWF058395@www6.mailru.com> User-Agent: Mutt/1.4i X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Mar 07, 2003 at 11:00:43AM +0300, denb wrote: > Why natd don't divert packets? > > *********screenshot*********************** > > #ipfw add divert 1111 tcp from any to any 7 > #ipfw add divert 1111 tcp from any 7 to any > #natd -v -p 1111 -a 172.16.0.102 -redirect_port tcp 172.16.0.253:7 7 > > In [TCP] [TCP] 172.16.0.104:49169 -> 172.16.0.102:7 aliased to > [TCP] 172.16.0.104:49169 -> 172.16.0.253:7 > > In [TCP] [TCP] 172.16.0.104:49169 -> 172.16.0.102:7 aliased to > [TCP] 172.16.0.104:49169 -> 172.16.0.253:7 > > ^C > *********screenshot*********************** Looks like its working perfectly. > Where is Out[TCP]? Dunno. > Rules after natd running (why second rule has 0 in packets number?): > > *********screenshot*********************** > #ipfw show > 0001 6 180 divert 1111 tcp from any to any dst-port 7 > 0002 0 0 divert 1111 tcp from any 7 to any > *********screenshot*********************** Are you sure 172.16.253 is responding? # ipfw add divert 1111 tcp from any to any 7 # ipfw add count tcp from any 7 to any # ipfw add divert 1111 tcp from any 7 to any -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Mar 10 3:54:59 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 08EBA37B401 for ; Mon, 10 Mar 2003 03:54:58 -0800 (PST) Received: from mail.trident-uk.co.uk (mail.trident-uk.co.uk [81.3.89.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id C77A043F93 for ; Mon, 10 Mar 2003 03:54:56 -0800 (PST) (envelope-from jamie@tridentmicrosystems.co.uk) Received: from localhost (localhost.pe.trident-uk.co.uk [127.0.0.1]) by mail.trident-uk.co.uk (Postfix) with ESMTP id 060A61024 for ; Mon, 10 Mar 2003 11:54:05 +0000 (GMT) Received: from jamieheckford (wrkstn-74.pe.trident-uk.co.uk [192.168.100.74]) by mail.trident-uk.co.uk (Postfix) with ESMTP id 615081021 for ; Mon, 10 Mar 2003 11:54:04 +0000 (GMT) Reply-To: From: "Jamie Heckford" To: Subject: Cisco PIX 501 (3DES) to FreeBSD VPN Gateway Date: Mon, 10 Mar 2003 11:52:09 -0000 Organization: Trident Microsystems Ltd. Message-ID: <014901c2e6fb$7b037880$4a64a8c0@jamieheckford> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi All, I am wondering if it is possible to setup a Cisco PIX 501 (3DES) to talk to a FreeBSD VPN Gateway. The VPN gateway currently runs MPD-Netgraph and Poptop to provide access to all Win XX series clients. What I am wondering is it possible to setup IPSec / racoon combo on the FreeBSD system so the PIX 501 can connect to it ok. The role of the PIX 501 at the remote end will be to send all non-local traffic out to the internet and VPN destined routes over the VPN connection. Has anyone had any experience with this? Any comments or suggestions? Google did not seem to wield to many useful results. Any help greatly appreciated as usual :) Cheers, -- Jamie Heckford Network Manager Trident Microsystems Ltd. jamie@tridentmicrosystems.co.uk t: +44(0)1737-780790 f: +44(0)1737-771908 w: http://www.tridentmicrosystems.co.uk/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Mar 10 22:11:11 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9AE8937B401 for ; Mon, 10 Mar 2003 22:11:09 -0800 (PST) Received: from inton.ninja-assassin.com (ninja-assassin.com [198.78.65.149]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2E6CE43F75 for ; Mon, 10 Mar 2003 22:11:09 -0800 (PST) (envelope-from static@ninja-assassin.com) Received: from localhost (inton [198.78.65.149]) by inton.ninja-assassin.com (Postfix) with ESMTP id 400C346433 for ; Mon, 10 Mar 2003 22:09:13 -0800 (PST) Date: Mon, 10 Mar 2003 22:09:13 -0800 (PST) From: Static To: net@freebsd.org Subject: Weird ipnat behaviour Message-ID: <20030310220509.D60582@inton.Ninja-assassin.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello List, I just recently did a buildworld on my gateway machine and now ipnat appears to not want to cooperate. I'm trying to nat port 80 from my outside interface into an apache server on my network. uname -a FreeBSD PITA.ninja-assassin.com 4.7-STABLE FreeBSD 4.7-STABLE #2: Thu Jan 30 09:54:50 CST 2003 root@PITA.ninja-assassin.com:/usr/src/sys/compile/FIREWALL i386 PITA# For the sake of testing this is my 1st ipf rule in /etc/ipf.rules pass in log quick on tun0 proto tcp from any to any port = 80 here is my /etc/ipnat.rules file map tun0 192.168.1.0/24 -> 0.0.0.0/32 map tun0 0/0 -> 192.168.1.0/24 proxy port ftp ftp/tcp rdr tun0 0/0 port 80 -> 192.168.1.20 port 80 tcp if I put in 192.168.1.20/32 when I run the reload script (included below) it sits and hangs. There is an entry for this IP in /etc/hosts, if for whatever reason it was trying to do a lookup. Here is what I'm currently seeing in my firewall from the "log" option in the above ipf rule Mar 10 07:28:44 PITA ipmon[60]: 07:28:44.038335 tun0 @0:1 p $WORK_HOSTNAME[$WORK_IP],61250 -> $MY_HOSTNAME[$MY_IP],http PR tcp len 20 60 -S 4134496816 0 32120 IN I believe that this is an ipnat issue. The p right before $WORK_HOSTNAME should signify that this rule is passed (IIRC). What strikes me as weird is when I run ipnat -l I receive PITA# ipnat -l List of active MAP/Redirect filters: map tun0 192.168.1.0/0 -> 0.0.0.0/32 map tun0 0.0.0.0/0 -> 192.168.1.0/24 proxy port 21 ftp/ip rdr tun0 0.0.0.0/0 port 0- 16 -> 192.168.1.20 port 80 tcp List of active sessions: PITA# The last line strikes me as weird, particulary the "port 0- 16" section of this. This worked fine before I ran makeworld with the lastest batch of ipf/ipnat code that came down the pipe the other week. Here is the script I'm using to flush and reload my ruleset. PITA# cat /root/ipf /sbin/ipf -Fa -f /etc/ipf.rules && /sbin/ipnat -CF -f /etc/ipnat.rules Any suggestions and/or thoughts as to why this my be occuring would be appreciated. Static To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Mar 11 1:34:19 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 78BC337B401 for ; Tue, 11 Mar 2003 01:34:18 -0800 (PST) Received: from hotmail.com (f139.law15.hotmail.com [64.4.23.139]) by mx1.FreeBSD.org (Postfix) with ESMTP id A991943FAF for ; Tue, 11 Mar 2003 01:34:16 -0800 (PST) (envelope-from soheil_hh@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 11 Mar 2003 01:34:16 -0800 Received: from 213.155.32.133 by lw15fd.law15.hotmail.msn.com with HTTP; Tue, 11 Mar 2003 09:34:16 GMT X-Originating-IP: [213.155.32.133] From: "soheil soheil" To: freebsd-net@freebsd.org Subject: how to send an arp packet on freebsd Date: Tue, 11 Mar 2003 09:34:16 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 11 Mar 2003 09:34:16.0529 (UTC) FILETIME=[625D1410:01C2E7B1] Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dear All I want to how can i send an arp packet through freebsd socket API Thanx Soheil hassas Yeganeh _________________________________________________________________ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Mar 11 2:58:43 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0902037B401 for ; Tue, 11 Mar 2003 02:58:43 -0800 (PST) Received: from skynet.stack.nl (skynet.stack.nl [131.155.140.225]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1801E43F3F for ; Tue, 11 Mar 2003 02:58:42 -0800 (PST) (envelope-from marcolz@stack.nl) Received: by skynet.stack.nl (Postfix, from userid 65534) id 0AFAC3E37; Tue, 11 Mar 2003 11:59:02 +0100 (CET) Received: from turtle.stack.nl (turtle.stack.nl [2001:610:1108:5010::132]) by skynet.stack.nl (Postfix) with ESMTP id BDB143E27; Tue, 11 Mar 2003 11:59:01 +0100 (CET) Received: by turtle.stack.nl (Postfix, from userid 333) id AAEF71CC2C; Tue, 11 Mar 2003 11:58:40 +0100 (CET) Date: Tue, 11 Mar 2003 11:58:40 +0100 From: Marc Olzheim To: soheil soheil Cc: freebsd-net@freebsd.org Subject: Re: how to send an arp packet on freebsd Message-ID: <20030311105840.GA43652@stack.nl> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Operating-System: FreeBSD turtle.stack.nl 5.0-CURRENT FreeBSD 5.0-CURRENT X-URL: http://www.stack.nl/~marcolz/ User-Agent: Mutt/1.5.3i X-Spam-Status: No, hits=-2.9 required=8.0 tests=DEAR_SOMEBODY,IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES, SPAM_PHRASE_00_01,USER_AGENT,USER_AGENT_MUTT version=2.43 X-Spam-Level: Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Mar 11, 2003 at 09:34:16AM +0000, soheil soheil wrote: > Dear All > I want to how can i send an arp packet through freebsd socket API Try ports: net/arping Zlo To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Mar 11 11:52:52 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9272837B401 for ; Tue, 11 Mar 2003 11:52:51 -0800 (PST) Received: from migla.ktu.lt (migla.ktu.lt [193.219.160.134]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB97543F85 for ; Tue, 11 Mar 2003 11:52:50 -0800 (PST) (envelope-from device@migla.ktu.lt) Received: by migla.ktu.lt (Postfix, from userid 2000) id 3106F1148A; Tue, 11 Mar 2003 21:52:47 +0200 (EET) Date: Tue, 11 Mar 2003 21:52:47 +0200 From: Nerijus Bendziunas To: net@freebsd.org Subject: Re: Weird ipnat behaviour Message-ID: <20030311195247.GA16358@migla.ktu.lt> References: <20030310220509.D60582@inton.Ninja-assassin.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030310220509.D60582@inton.Ninja-assassin.com> User-Agent: Mutt/1.4i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Maybe you dont set gateway_enable="YES" in /etc/rc.conf ot sysctl net.inet.ip.forwarding=1 On Mon, Mar 10, 2003 at 10:09:13PM -0800, Static wrote: > PITA# ipnat -l > List of active MAP/Redirect filters: > map tun0 192.168.1.0/0 -> 0.0.0.0/32 > map tun0 0.0.0.0/0 -> 192.168.1.0/24 proxy port 21 ftp/ip > rdr tun0 0.0.0.0/0 port 0- 16 -> 192.168.1.20 port 80 tcp > > List of active sessions: > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Mar 11 13:13:33 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B3E4E37B401 for ; Tue, 11 Mar 2003 13:13:31 -0800 (PST) Received: from h00609772adf0.ne.client2.attbi.com (h00609772adf0.ne.client2.attbi.com [24.61.43.152]) by mx1.FreeBSD.org (Postfix) with ESMTP id E49ED43FA3 for ; Tue, 11 Mar 2003 13:13:29 -0800 (PST) (envelope-from rodrigc@attbi.com) Received: from h00609772adf0.ne.client2.attbi.com (localhost.ne.attbi.com [127.0.0.1]) by h00609772adf0.ne.client2.attbi.com (8.12.7/8.12.7) with ESMTP id h2BLEmrw008605 for ; Tue, 11 Mar 2003 16:14:49 -0500 (EST) (envelope-from rodrigc@h00609772adf0.ne.client2.attbi.com) Received: (from rodrigc@localhost) by h00609772adf0.ne.client2.attbi.com (8.12.7/8.12.7/Submit) id h2BLEleA008604 for freebsd-net@freebsd.org; Tue, 11 Mar 2003 16:14:47 -0500 (EST) Date: Tue, 11 Mar 2003 16:14:46 -0500 From: Craig Rodrigues To: freebsd-net@freebsd.org Subject: 802.1p priorities in FreeBSD? Message-ID: <20030311211446.GA8576@attbi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Is it possible to create 802.1p priority values in FreeBSD? I saw this comment in if_vlan.c: /* * if_vlan.c - pseudo-device driver for IEEE 802.1Q virtual LANs. * Might be extended some day to also handle IEEE 802.1p priority * tagging. Is there another way to do this besides using the vlan driver? I am interested in trying to map IP TOS/Diffserv values to 802.1p priorities. Some of the switch vendors claim to be able to do this. http://www.extremenetworks.com/libraries/techbriefs/Metro_TG_IPEthernetQoS.asp http://www1.avaya.com/enterprise/whitepapers/p133g2-dscp.pdf Is there a similar way to do this in FreeBSD? Thanks. -- Craig Rodrigues http://home.attbi.com/~rodrigc rodrigc@attbi.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Mar 11 13:32:51 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8732437B401 for ; Tue, 11 Mar 2003 13:32:50 -0800 (PST) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id A48F343FEA for ; Tue, 11 Mar 2003 13:32:49 -0800 (PST) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: from khavrinen.lcs.mit.edu (localhost.ipv6.lcs.mit.edu [IPv6:::1]) by khavrinen.lcs.mit.edu (8.12.8/8.12.8) with ESMTP id h2BLWjCd064415 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 11 Mar 2003 16:32:46 -0500 (EST) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.12.8/8.12.8/Submit) id h2BLWjEw064412; Tue, 11 Mar 2003 16:32:45 -0500 (EST) (envelope-from wollman) Date: Tue, 11 Mar 2003 16:32:45 -0500 (EST) From: Garrett Wollman Message-Id: <200303112132.h2BLWjEw064412@khavrinen.lcs.mit.edu> To: Craig Rodrigues Cc: freebsd-net@FreeBSD.ORG Subject: 802.1p priorities in FreeBSD? In-Reply-To: <20030311211446.GA8576@attbi.com> References: <20030311211446.GA8576@attbi.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org < said: > I am interested in trying to map IP TOS/Diffserv values > to 802.1p priorities. Some of the switch vendors claim to be > able to do this. The priority tag is encoded in the same bitfield as the VLAN tag in the encapsulation header. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Mar 12 9:19:11 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8EE3F37B401 for ; Wed, 12 Mar 2003 09:19:10 -0800 (PST) Received: from mailhub.fokus.fraunhofer.de (mailhub.fokus.fraunhofer.de [193.174.154.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4CBD643FAF for ; Wed, 12 Mar 2003 09:19:09 -0800 (PST) (envelope-from brandt@fokus.fraunhofer.de) Received: from beagle (beagle [193.175.132.100]) by mailhub.fokus.fraunhofer.de (8.11.6/8.11.6) with ESMTP id h2CHJ8M20185 for ; Wed, 12 Mar 2003 18:19:08 +0100 (MET) Date: Wed, 12 Mar 2003 18:19:08 +0100 (CET) From: Harti Brandt To: net@freebsd.org Subject: mallocing from if_start Message-ID: <20030312181454.V641@beagle.fokus.fraunhofer.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all, I was under the impression that the if_start function is NOT called from an interrupt context, so I should be able to call uma_zalloc_arg(..., M_WAITOK) there. I get however Mar 12 18:12:49 catssrv kernel: malloc() of "en dma maps" with the following non-sleepablelocks held: Mar 12 18:12:49 catssrv kernel: exclusive sleep mutex netisr lock r = 0 (0xc022d9c0) locked @ /usr/src/sys/net/netisr.c:209 I'm wrong with my assumption? harti -- harti brandt, http://www.fokus.fraunhofer.de/research/cc/cats/employees/hartmut.brandt/private brandt@fokus.fraunhofer.de, harti@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Mar 12 10: 2:28 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABA5137B401 for ; Wed, 12 Mar 2003 10:02:27 -0800 (PST) Received: from mail.flugsvamp.com (ts46-01-qdr3643.mdfrd.or.charter.com [68.118.36.71]) by mx1.FreeBSD.org (Postfix) with ESMTP id CF21C43FCB for ; Wed, 12 Mar 2003 10:02:26 -0800 (PST) (envelope-from jlemon@flugsvamp.com) Received: (from jlemon@localhost) by mail.flugsvamp.com (8.12.6/8.12.6) id h2CI1lmT013659; Wed, 12 Mar 2003 12:01:47 -0600 (CST) (envelope-from jlemon) Date: Wed, 12 Mar 2003 12:01:47 -0600 (CST) From: Jonathan Lemon Message-Id: <200303121801.h2CI1lmT013659@mail.flugsvamp.com> To: brandt@fokus.fraunhofer.de, net@freebsd.org Subject: Re: mallocing from if_start X-Newsgroups: local.mail.freebsd-net In-Reply-To: Organization: Cc: Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In article you write: > >Hi all, > >I was under the impression that the if_start function is NOT called from >an interrupt context, so I should be able to call uma_zalloc_arg(..., >M_WAITOK) there. I get however > >Mar 12 18:12:49 catssrv kernel: malloc() of "en dma maps" with the >following non-sleepablelocks held: >Mar 12 18:12:49 catssrv kernel: exclusive sleep mutex netisr lock r = 0 >(0xc022d9c0) locked @ /usr/src/sys/net/netisr.c:209 > >I'm wrong with my assumption? if_start() can be called from interrupt context from the bridging, fast-forwarding, (and now) direct dispatch codepaths. That being said, the message can be ignored, I'll rework things to use a gate instead of a mutex, although this seems to be catching some hidden bugs. -- Jonathan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Mar 12 11:41:38 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 55CA137B401 for ; Wed, 12 Mar 2003 11:41:37 -0800 (PST) Received: from web21005.mail.yahoo.com (web21005.mail.yahoo.com [216.136.227.59]) by mx1.FreeBSD.org (Postfix) with SMTP id 0489D43F75 for ; Wed, 12 Mar 2003 11:41:37 -0800 (PST) (envelope-from davidmyer800@yahoo.com) Message-ID: <20030312194136.19898.qmail@web21005.mail.yahoo.com> Received: from [65.172.158.93] by web21005.mail.yahoo.com via HTTP; Wed, 12 Mar 2003 11:41:36 PST Date: Wed, 12 Mar 2003 11:41:36 -0800 (PST) From: David Myer Subject: setting multiple IP addresses To: net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Can anyone tell me how to set multiple IP addresses for one interface in UNIX/LINUX ? Thanks Dave __________________________________________________ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Mar 12 11:46:58 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A559A37B401 for ; Wed, 12 Mar 2003 11:46:56 -0800 (PST) Received: from mx2.nersc.gov (mx2.nersc.gov [128.55.6.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id D96D643FB1 for ; Wed, 12 Mar 2003 11:46:55 -0800 (PST) (envelope-from dart@nersc.gov) Received: from mx2.nersc.gov (localhost [127.0.0.1]) by localhost.nersc.gov (Postfix) with ESMTP id 0220D7768; Wed, 12 Mar 2003 11:46:54 -0800 (PST) Received: from gemini.nersc.gov (gemini.nersc.gov [128.55.16.111]) by mx2.nersc.gov (Postfix) with ESMTP id AD50C7767; Wed, 12 Mar 2003 11:46:54 -0800 (PST) Received: from gemini.nersc.gov (localhost [127.0.0.1]) by gemini.nersc.gov (Postfix) with ESMTP id 5AB013B1AE; Wed, 12 Mar 2003 11:46:54 -0800 (PST) X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: David Myer Cc: net@freebsd.org Subject: Re: setting multiple IP addresses In-Reply-To: Message from David Myer of "Wed, 12 Mar 2003 11:41:36 PST." <20030312194136.19898.qmail@web21005.mail.yahoo.com> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_-18494434P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Wed, 12 Mar 2003 11:46:54 -0800 From: Eli Dart Message-Id: <20030312194654.5AB013B1AE@gemini.nersc.gov> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --==_Exmh_-18494434P Content-Type: text/plain; charset=us-ascii Look at the man page for ifconfig, and look at the alias option. --eli In reply to David Myer : > Hi, > Can anyone tell me how to set multiple IP addresses > for one interface in UNIX/LINUX ? > Thanks > Dave > > __________________________________________________ > Do you Yahoo!? > Yahoo! Web Hosting - establish your business online > http://webhosting.yahoo.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message --==_Exmh_-18494434P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: This is a comment. iD8DBQE+b46uLTFEeF+CsrMRAjixAJ9l0Xe0eT96BTcOFu1/YBHFh4AKoQCgx3NL LJtLRmrGMxFQadHSm3F0Opk= =bVLZ -----END PGP SIGNATURE----- --==_Exmh_-18494434P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Mar 12 12: 0: 4 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CF6AE37B401 for ; Wed, 12 Mar 2003 12:00:03 -0800 (PST) Received: from sccrmhc01.attbi.com (sccrmhc01.attbi.com [204.127.202.61]) by mx1.FreeBSD.org (Postfix) with ESMTP id C5FF043F3F for ; Wed, 12 Mar 2003 12:00:01 -0800 (PST) (envelope-from crist.clark@attbi.com) Received: from blossom.cjclark.org (12-234-89-252.client.attbi.com[12.234.89.252]) by sccrmhc01.attbi.com (sccrmhc01) with ESMTP id <2003031220000000100j7d8ie>; Wed, 12 Mar 2003 20:00:00 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.6/8.12.3) with ESMTP id h2CJxweq016875; Wed, 12 Mar 2003 11:59:59 -0800 (PST) (envelope-from crist.clark@attbi.com) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.6/8.12.6/Submit) id h2CJxvO1016874; Wed, 12 Mar 2003 11:59:57 -0800 (PST) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Wed, 12 Mar 2003 11:59:57 -0800 From: "Crist J. Clark" To: Static Cc: net@freebsd.org Subject: Re: Weird ipnat behaviour Message-ID: <20030312195957.GF16143@blossom.cjclark.org> Reply-To: "Crist J. Clark" References: <20030310220509.D60582@inton.Ninja-assassin.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030310220509.D60582@inton.Ninja-assassin.com> User-Agent: Mutt/1.4i X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Mar 10, 2003 at 10:09:13PM -0800, Static wrote: > Hello List, > > I just recently did a buildworld on my gateway machine and now ipnat > appears to not want to cooperate. You also built and installed a new kernel from the same codebase, correct? You will likely have IPFilter problems if the in-kernel firewall code and the userland interface to it get out of sync. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Mar 12 12: 9: 8 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F19F337B401 for ; Wed, 12 Mar 2003 12:09:06 -0800 (PST) Received: from sccrmhc01.attbi.com (sccrmhc01.attbi.com [204.127.202.61]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2509F43FBD for ; Wed, 12 Mar 2003 12:09:06 -0800 (PST) (envelope-from crist.clark@attbi.com) Received: from blossom.cjclark.org (12-234-89-252.client.attbi.com[12.234.89.252]) by sccrmhc01.attbi.com (sccrmhc01) with ESMTP id <2003031220090500100jb2vme>; Wed, 12 Mar 2003 20:09:05 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.6/8.12.3) with ESMTP id h2CK93eq016934; Wed, 12 Mar 2003 12:09:03 -0800 (PST) (envelope-from crist.clark@attbi.com) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.6/8.12.6/Submit) id h2CK93RF016933; Wed, 12 Mar 2003 12:09:03 -0800 (PST) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Wed, 12 Mar 2003 12:09:03 -0800 From: "Crist J. Clark" To: Sten Daniel S?rsdal Cc: freebsd-net@FreeBSD.org Subject: Re: Source ip route lookup on incoming packets? Message-ID: <20030312200903.GG16143@blossom.cjclark.org> Reply-To: "Crist J. Clark" References: <0AF1BBDF1218F14E9B4CCE414744E70F07DE63@exchange.wanglobal.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <0AF1BBDF1218F14E9B4CCE414744E70F07DE63@exchange.wanglobal.net> User-Agent: Mutt/1.4i X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Feb 27, 2003 at 02:02:53PM +0100, Sten Daniel S?rsdal wrote: > > Has anyone made any patches to lookup the source ip for a packet to be routed > so that it comes from the right interface? > I've heard alot of talk from people going to write patches to do this > but no patches have turned up and no help from google. > > What i am looking for is a feature that basically prevents spoofing by looking > the route for the source and match the incoming interface. > A firewall solves the problem but adds alot of administrative overhead and > leaves room for error. > > Is this feature even possible on FreeBSD? For the sake of the email archive (since I know the post's author is already aware of this): Yes this is possible. I just added an option to ipfw(8) to do this. It is called 'verrevpath.' See the thread "Anti-Spoofing Option" on the freebsd-ipfw list. Coming soon to a FreeBSD repository near you. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Mar 12 23:45: 0 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B7A2F37B401 for ; Wed, 12 Mar 2003 23:44:59 -0800 (PST) Received: from mail.1system.ru (ns.1system.ru [62.205.190.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id C43ED43FE0 for ; Wed, 12 Mar 2003 23:44:58 -0800 (PST) (envelope-from null@mail.1system.ru) Received: by mail.1system.ru (Postfix, from userid 1001) id B03D749801; Thu, 13 Mar 2003 10:48:11 +0300 (MSK) Date: Thu, 13 Mar 2003 10:48:11 +0300 From: "Dennis S. Davidoff" To: freebsd-net@freebsd.org Subject: MPD in dynamic Message-ID: <20030313074811.GA96752@mail.1system.ru> Reply-To: null@1system.ru Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline User-Agent: Mutt/1.4i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all. I have a *little* quastion to programmers about mpd. I have alot of _dynamic_ users in FreeRadius (there's alot of users rotations with their ip-addresses). I know there's no dynamic bundles and links in mpd, so have anyone time and insterest to make this feature? I work now on perl script that realizes this one, but this is bad idea I think. Any advices? -- Sincerely, Dennis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 13 1: 2:13 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A429737B401 for ; Thu, 13 Mar 2003 01:02:12 -0800 (PST) Received: from mailhub.fokus.fraunhofer.de (mailhub.fokus.fraunhofer.de [193.174.154.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 780DD43FD7 for ; Thu, 13 Mar 2003 01:02:11 -0800 (PST) (envelope-from brandt@fokus.fraunhofer.de) Received: from beagle (beagle [193.175.132.100]) by mailhub.fokus.fraunhofer.de (8.11.6/8.11.6) with ESMTP id h2D928M23199; Thu, 13 Mar 2003 10:02:08 +0100 (MET) Date: Thu, 13 Mar 2003 10:02:08 +0100 (CET) From: Harti Brandt To: Jonathan Lemon Cc: net@freebsd.org Subject: Re: mallocing from if_start In-Reply-To: <200303121801.h2CI1lmT013659@mail.flugsvamp.com> Message-ID: <20030313100006.J641@beagle.fokus.fraunhofer.de> References: <200303121801.h2CI1lmT013659@mail.flugsvamp.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 12 Mar 2003, Jonathan Lemon wrote: JL>In article you write: JL>> JL>>Hi all, JL>> JL>>I was under the impression that the if_start function is NOT called from JL>>an interrupt context, so I should be able to call uma_zalloc_arg(..., JL>>M_WAITOK) there. I get however JL>> JL>>Mar 12 18:12:49 catssrv kernel: malloc() of "en dma maps" with the JL>>following non-sleepablelocks held: JL>>Mar 12 18:12:49 catssrv kernel: exclusive sleep mutex netisr lock r = 0 JL>>(0xc022d9c0) locked @ /usr/src/sys/net/netisr.c:209 JL>> JL>>I'm wrong with my assumption? JL> JL>if_start() can be called from interrupt context from the bridging, JL>fast-forwarding, (and now) direct dispatch codepaths. That being JL>said, the message can be ignored, I'll rework things to use a gate JL>instead of a mutex, although this seems to be catching some hidden bugs. Is there a fast method to get rid of exactly this one warning until you rework the code? It really makes debugging and testing a driver very hard. I'm working on mutexifying the driver so I need witness. harti -- harti brandt, http://www.fokus.fraunhofer.de/research/cc/cats/employees/hartmut.brandt/private brandt@fokus.fraunhofer.de, harti@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 13 1:33:19 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8A56837B401 for ; Thu, 13 Mar 2003 01:33:18 -0800 (PST) Received: from mail.alkar.net (mumu.alkar.net [195.248.191.95]) by mx1.FreeBSD.org (Postfix) with ESMTP id 264D843F93 for ; Thu, 13 Mar 2003 01:33:15 -0800 (PST) (envelope-from mav@alkar.net) Received: from [212.86.226.11] (HELO alkar.net) by mail.alkar.net (CommuniGate Pro SMTP 3.5.9) with ESMTP id 71998722; Thu, 13 Mar 2003 11:33:12 +0200 Message-ID: <3E705057.3020906@alkar.net> Date: Thu, 13 Mar 2003 11:33:11 +0200 From: Alexander Motin Organization: ISP "Alkar-Teleport" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3b) Gecko/20030228 X-Accept-Language: ru, en MIME-Version: 1.0 To: null@1system.ru Cc: freebsd-net@freebsd.org Subject: Re: MPD in dynamic References: <20030313074811.GA96752@mail.1system.ru> In-Reply-To: <20030313074811.GA96752@mail.1system.ru> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dennis S. Davidoff wrote: > I have a *little* quastion to programmers about mpd. > I have alot of _dynamic_ users in FreeRadius (there's alot of users > rotations with their ip-addresses). I know there's no dynamic bundles > and links in mpd, so have anyone time and insterest to make this feature? > I work now on perl script that realizes this one, but this is bad idea I think. Yes, there are no dynamic bundles and links in mpd. But I think you can use mpd fine without dynamic bundles and links. You can add in config files one link and one bundle for each client connection (for each modem). Then you can use RADIUS for authorization and assigning ip-adresses to clients. Only one thing that you can't do this way is a multilink server. Multilink server really require dynamic link to bundle assignment. And this is really problem now. -- Alexander Motin mav@alkar.net ISP Alkar-Teleport To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 13 1:51: 4 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C8A7637B401 for ; Thu, 13 Mar 2003 01:50:59 -0800 (PST) Received: from consult-scs.com (vpn.consult-scs.com [209.172.126.178]) by mx1.FreeBSD.org (Postfix) with ESMTP id A894343FBF for ; Thu, 13 Mar 2003 01:50:58 -0800 (PST) (envelope-from vulture@consult-scs.com) Received: from consult-scs.com ([192.168.2.2]) (authenticated bits=0) by consult-scs.com (8.12.6/8.12.6) with ESMTP id h2D9ow2I006554; Thu, 13 Mar 2003 01:50:59 -0800 (PST) Message-ID: <3E705482.4000202@consult-scs.com> Date: Thu, 13 Mar 2003 01:50:58 -0800 From: Jonathan Feally User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02 X-Accept-Language: en-us, en MIME-Version: 1.0 To: jamie@tridentmicrosystems.co.uk Cc: freebsd-net@freebsd.org Subject: Re: Cisco PIX 501 (3DES) to FreeBSD VPN Gateway References: <014901c2e6fb$7b037880$4a64a8c0@jamieheckford> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have a similar setup from my home (FreeBSD) to my work (PIX-515) 10/8 is my work 192.168.X.0/24 is my home - this setup will give you 3des encrypt tunnel with a Pre-Shared Key Your PIX will need these config lines(adjust to match your networks): access-list ipsec-ok-list permit ip 10.0.0.0 255.0.0.0 192.168.X.0 255.255.255.0 #This defines what traffic will apply to the ipsec tunnel access-list nat-bypass-list permit ip 10.0.0.0 255.0.0.0 192.168.X.0 255.255.255.0 #You will need this along with the nat (inside) 0 line access-list nat-bypass-list permit ip 10.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0 #Don't know if I need this line global (outside) 1 (PIX Outside Hide IP) nat (inside) 0 access-list nat-bypass # I think I had to add this to not nat connections from inside the PIX to my Home LAN - other direction works fine nat (inside) 1 10.0.0.0 255.0.0.0 0 0 # Don't forget to move the default what gets hidden to after the what dosesn't get hidden # below is the ipsec setup # trans-set is the definition of what kind of encrption we will be doing # ipsec-map is the ipsec tunnel definition # ipsec-ok-list is the traffic ok over the tunnel crypto ipsec transform-set trans-set esp-3des crypto map ipsec-map 20 ipsec-isakmp crypto map ipsec-map 20 match address ipsec-ok-list crypto map ipsec-map 20 set pfs group2 crypto map ipsec-map 20 set peer (BSD Outside IP) crypto map ipsec-map 20 set transform-set trans-set crypto map ipsec-map interface outside isakmp enable outside # keys are 10 alphanums long isakmp key putkeyhere address (BSD Outside IP) netmask 255.255.255.255 isakmp identity address isakmp policy 20 authentication pre-share isakmp policy 20 encryption 3des isakmp policy 20 hash sha isakmp policy 20 group 2 isakmp policy 20 lifetime 3600 IPSEC SPD's using setkey spdadd 192.168.X.0/24 10.0.0.0/8 any -P out ipsec esp/tunnel/(BSD Outside IP)-(PIX Outside IP - not hide IP)/require; spdadd 10.0.0.0/8 192.168.X.0/24 any -P in ipsec esp/tunnel/(PIX Outside IP - not hide IP)-(BSD Outside IP)/require; Racoons configs: # begin racoon.conf path include "/usr/local/etc/racoon" ; path pre_shared_key "/usr/local/etc/racoon/psk.txt" ; path certificate "/etc/ssh" ; padding { maximum_length 20; # maximum padding length. randomize off; # enable randomize length. strict_check off; # enable strict check. exclusive_tail off; # extract last one octet. } listen { isakmp (Outside BSD IP Goes Here); strict_address; } timer { # These value can be changed per remote node. counter 5; # maximum trying count to send. interval 20 sec; # maximum interval to resend. persend 1; # the number of packets per a send. # timer for waiting to complete each phase. phase1 30 sec; phase2 15 sec; } remote (PIX Outside IP Goes Here - not Hide IP) { exchange_mode main; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 2; } } sainfo anonymous { pfs_group 2; encryption_algorithm 3des; authentication_algorithm hmac_sha1,non_auth; #don't think you will need hmac_sha1 compression_algorithm deflate; } # End racoon.conf # begin psk.txt (PIX Outside IP Goes Here - not Hide IP) putkeyhere # end psk.txt IPFW: Put these above any natd diverts - adjust as needed allow ip from 192.168.X.0/24 to 10.0.0.0/8 allow ip from 10.0.0.0/8 to 192.168.X.0/24 Well - Good luck Jamie Heckford wrote: >Hi All, > >I am wondering if it is possible to setup a Cisco PIX 501 (3DES) to talk >to a FreeBSD VPN Gateway. > >The VPN gateway currently runs MPD-Netgraph and Poptop to provide access >to all Win XX series clients. > >What I am wondering is it possible to setup IPSec / racoon combo on the >FreeBSD system so the PIX 501 can connect to it ok. > >The role of the PIX 501 at the remote end will be to send all non-local >traffic out to the internet and VPN destined routes over the VPN >connection. > >Has anyone had any experience with this? Any comments or suggestions? >Google did not seem to wield to many useful results. > >Any help greatly appreciated as usual :) > >Cheers, > >-- >Jamie Heckford >Network Manager >Trident Microsystems Ltd. >jamie@tridentmicrosystems.co.uk > >t: +44(0)1737-780790 >f: +44(0)1737-771908 >w: http://www.tridentmicrosystems.co.uk/ > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-net" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 13 3:15:15 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF0E337B404 for ; Thu, 13 Mar 2003 03:15:13 -0800 (PST) Received: from mg.ihep.su (mg.ihep.su [194.190.161.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id B7EFE43FB1 for ; Thu, 13 Mar 2003 03:15:11 -0800 (PST) (envelope-from Alexandre.Kardanev@ihep.su) Received: by mg.ihep.su (Postfix, from userid 65436) id 7E18CB5031; Thu, 13 Mar 2003 14:15:02 +0300 (MSK) Received: from sirius-b.ihep.su (sirius-b.ihep.su [194.190.161.4]) by mg.ihep.su (Postfix) with ESMTP id 6C70CB5044; Thu, 13 Mar 2003 14:14:47 +0300 (MSK) Received: from Sirius.ihep.su (sirius.ihep.su [194.190.161.68]) by sirius-b.ihep.su (8.10.0/8.10.0) with ESMTP id h2DBEX309453; Thu, 13 Mar 2003 14:14:33 +0300 (MSK) X-Sender: kardanev@sirius.ihep.su Received: from localhost by Sirius.ihep.su (8.9.3/1.1.22.3/03Apr00-0540PM) id OAA0000135972; Thu, 13 Mar 2003 14:14:16 +0300 (MSK) Date: Thu, 13 Mar 2003 14:14:15 +0300 (MSK) From: Alexandre Kardanev To: "Dennis S. Davidoff" Cc: freebsd-net@freebsd.org Subject: Re: MPD in dynamic In-Reply-To: <20030313074811.GA96752@mail.1system.ru> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi! On Thu, 13 Mar 2003, Dennis S. Davidoff wrote: > Hi all. > > I have a *little* quastion to programmers about mpd. > I have alot of _dynamic_ users in FreeRadius (there's alot of users > rotations with their ip-addresses). I know there's no dynamic bundles > and links in mpd, so have anyone time and insterest to make this feature? I work now on perl script that realizes this one, but this is bad idea I think. > > Any advices? > You information is very old. mpd-3.13 & FreeBSD >=4.7 (new libradius only there) have dinamic (from RADIUS) IP assignement. There are 2 restrictions: 1) (as reported here) - mpd can not create more then 254 ng interfaces - so you will have no more then 254 simultaneous connections at a time. 2) as found I - mpd with RADIUS cannot use Microsoft encription (MPPE) > -- > Sincerely, > Dennis > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > ABK2-RIPE ------------------- "With the proper consideration in choice of allies, victory may be guaranteed in any conflict" -B. Arnold To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 13 3:50:16 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0644F37B401 for ; Thu, 13 Mar 2003 03:50:15 -0800 (PST) Received: from mail.alkar.net (mumu.alkar.net [195.248.191.95]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F5F843F75 for ; Thu, 13 Mar 2003 03:50:12 -0800 (PST) (envelope-from mav@alkar.net) Received: from [212.86.226.11] (HELO alkar.net) by mail.alkar.net (CommuniGate Pro SMTP 3.5.9) with ESMTP id 72022237 for freebsd-net@freebsd.org; Thu, 13 Mar 2003 13:50:10 +0200 Message-ID: <3E707070.7060504@alkar.net> Date: Thu, 13 Mar 2003 13:50:08 +0200 From: Alexander Motin User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3b) Gecko/20030228 X-Accept-Language: ru, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: Re: MPD in dynamic References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Alexandre Kardanev wrote: > You information is very old. mpd-3.13 & FreeBSD >=4.7 (new libradius only > there) have dinamic (from RADIUS) IP assignement. There are 2 > restrictions: > 1) (as reported here) - mpd can not create more then 254 ng interfaces - > so you will have no more then 254 simultaneous connections at a time. You are wrong. On my PC mpd successfully can create more then 1000 ng interfaces. There are you only need to increase maximum count of file descriptors in system and change in mpd in file ppp.h constant FD_SETSIZE from 2048 to bigger value. -- Alexander Motin mav@alkar.net ISP Alkar-Teleport To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 13 3:59:14 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 55EAE37B401 for ; Thu, 13 Mar 2003 03:59:13 -0800 (PST) Received: from jawa.at (jawa.at [213.229.17.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9B71043F85 for ; Thu, 13 Mar 2003 03:59:11 -0800 (PST) (envelope-from mbretter@jawa.at) Received: from jawa.at (dings.jawa.at [192.168.200.60]) by jawa.at (8.12.6/8.12.6) with ESMTP id h2DBx81Z062043 for ; Thu, 13 Mar 2003 12:59:08 +0100 (CET) (envelope-from mbretter@jawa.at) Message-ID: <3E707289.3000001@jawa.at> Date: Thu, 13 Mar 2003 12:59:05 +0100 From: Michael Bretterklieber Organization: JAWA Management Software GmbH User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-AT; rv:1.2.1) Gecko/20021130 X-Accept-Language: de, en MIME-Version: 1.0 To: freebsd-net@FreeBSD.ORG Subject: Re: MPD in dynamic References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-milter (http://amavis.org/) X-Spam-Status: No, hits=-2.8 required=5.0 tests=IN_REP_TO,NOSPAM_INC,QUOTED_EMAIL_TEXT,REFERENCES, SPAM_PHRASE_00_01,USER_AGENT,USER_AGENT_MOZILLA_UA, X_ACCEPT_LANG version=2.43 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Alexandre Kardanev schrieb: > Hi! > 1) (as reported here) - mpd can not create more then 254 ng interfaces - > so you will have no more then 254 simultaneous maybe a netgraph limit? connections at a time. > 2) as found I - mpd with RADIUS cannot use Microsoft encription (MPPE) sure it can, there is just a bug in MPD3.13 with the MPPE-Policy negotiation, apply these patches: http://www.bretterklieber.com/freebsd/radius.diff bye, -- ------------------------------- ---------------------------------- Michael Bretterklieber - Michael.Bretterklieber@jawa.at JAWA Management Software GmbH - http://www.jawa.at Liebenauer Hauptstr. 200 -------------- privat ------------ A-8041 GRAZ GSM: ++43-(0)676-84 03 15 712 Tel: ++43-(0)316-403274-12 E-mail: michael@bretterklieber.com Fax: ++43-(0)316-403274-10 http://www.bretterklieber.com ------------------------------- ---------------------------------- "...the number of UNIX installations has grown to 10, with more expected..." - Dennis Ritchie and Ken Thompson, June 1972 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 13 4:48: 1 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B62D137B401 for ; Thu, 13 Mar 2003 04:47:59 -0800 (PST) Received: from mg.ihep.su (mg.ihep.su [194.190.161.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 03A9643FBD for ; Thu, 13 Mar 2003 04:47:58 -0800 (PST) (envelope-from Alexandre.Kardanev@ihep.su) Received: by mg.ihep.su (Postfix, from userid 65436) id 3DEC7B52F5; Thu, 13 Mar 2003 15:47:52 +0300 (MSK) Received: from sirius-b.ihep.su (sirius-b.ihep.su [194.190.161.4]) by mg.ihep.su (Postfix) with ESMTP id D491BB52FB; Thu, 13 Mar 2003 15:47:27 +0300 (MSK) Received: from Sirius.ihep.su (sirius.ihep.su [194.190.161.68]) by sirius-b.ihep.su (8.10.0/8.10.0) with ESMTP id h2DClK309554; Thu, 13 Mar 2003 15:47:20 +0300 (MSK) X-Sender: kardanev@sirius.ihep.su Received: from localhost by Sirius.ihep.su (8.9.3/1.1.22.3/03Apr00-0540PM) id PAA0000137365; Thu, 13 Mar 2003 15:47:01 +0300 (MSK) Date: Thu, 13 Mar 2003 15:47:01 +0300 (MSK) From: Alexandre Kardanev To: Michael Bretterklieber Cc: freebsd-net@FreeBSD.ORG Subject: Re: MPD in dynamic In-Reply-To: <3E707289.3000001@jawa.at> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi! On Thu, 13 Mar 2003, Michael Bretterklieber wrote: > Hi, > > Alexandre Kardanev schrieb: > > Hi! > > 1) (as reported here) - mpd can not create more then 254 ng interfaces - > > so you will have no more then 254 simultaneous > maybe a netgraph limit? > I didn't tried that myself. I just saw that problem in freebsd-net or freebsd-isp no more than manth ago... As for me - it's enough 100-200 interfaces... > connections at a time. > > 2) as found I - mpd with RADIUS cannot use Microsoft encription (MPPE) > sure it can, there is just a bug in MPD3.13 with the MPPE-Policy > negotiation, apply these patches: > > http://www.bretterklieber.com/freebsd/radius.diff Unfortunately, I used that patch first, after mpd-3.13 I compared and found no significant differences. Of cause, maybe I misconfigured my RADIUS server, also in mpd log I found: [pptp12] RADIUS: RadiusGetParams: RAD_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY: 1 (Allowed) [pptp12] RADIUS: RadiusGetParams: RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES: 6 (40 128 bit) but have no luck with W98SE & W2K > bye, > -- > ------------------------------- ---------------------------------- > Michael Bretterklieber - Michael.Bretterklieber@jawa.at > JAWA Management Software GmbH - http://www.jawa.at > Liebenauer Hauptstr. 200 -------------- privat ------------ > A-8041 GRAZ GSM: ++43-(0)676-84 03 15 712 > Tel: ++43-(0)316-403274-12 E-mail: michael@bretterklieber.com > Fax: ++43-(0)316-403274-10 http://www.bretterklieber.com > ------------------------------- ---------------------------------- > "...the number of UNIX installations has grown to 10, with more > expected..." - Dennis Ritchie and Ken Thompson, June 1972 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > ABK2-RIPE ------------------- "With the proper consideration in choice of allies, victory may be guaranteed in any conflict" -B. Arnold To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 13 5:11: 8 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C938F37B401 for ; Thu, 13 Mar 2003 05:11:06 -0800 (PST) Received: from jawa.at (jawa.at [213.229.17.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6942F43F3F for ; Thu, 13 Mar 2003 05:11:05 -0800 (PST) (envelope-from mbretter@jawa.at) Received: from jawa.at (dings.jawa.at [192.168.200.60]) by jawa.at (8.12.6/8.12.6) with ESMTP id h2DDAw1Z062781; Thu, 13 Mar 2003 14:10:58 +0100 (CET) (envelope-from mbretter@jawa.at) Message-ID: <3E70835F.5070702@jawa.at> Date: Thu, 13 Mar 2003 14:10:55 +0100 From: Michael Bretterklieber Organization: JAWA Management Software GmbH User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-AT; rv:1.2.1) Gecko/20021130 X-Accept-Language: de, en MIME-Version: 1.0 To: Alexandre Kardanev Cc: freebsd-net@FreeBSD.ORG Subject: Re: MPD in dynamic References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-milter (http://amavis.org/) X-Spam-Status: No, hits=-2.8 required=5.0 tests=IN_REP_TO,NOSPAM_INC,QUOTED_EMAIL_TEXT,REFERENCES, SPAM_PHRASE_00_01,USER_AGENT,USER_AGENT_MOZILLA_UA, X_ACCEPT_LANG version=2.43 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Alexandre Kardanev schrieb: > Hi! > > > Unfortunately, I used that patch first, after mpd-3.13 I compared and > found no significant differences. Of cause, maybe I misconfigured my > RADIUS server, also in mpd log I found: > [pptp12] RADIUS: RadiusGetParams: RAD_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY: 1 (Allowed) > [pptp12] RADIUS: RadiusGetParams: RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES: 6 (40 128 bit) this just means, that mppe is allowed, with 40 or 128 Bit. > but have no luck with W98SE & W2K > can you please provide the full log? bye, -- ------------------------------- ---------------------------------- Michael Bretterklieber - Michael.Bretterklieber@jawa.at JAWA Management Software GmbH - http://www.jawa.at Liebenauer Hauptstr. 200 -------------- privat ------------ A-8041 GRAZ GSM: ++43-(0)676-84 03 15 712 Tel: ++43-(0)316-403274-12 E-mail: michael@bretterklieber.com Fax: ++43-(0)316-403274-10 http://www.bretterklieber.com ------------------------------- ---------------------------------- "...the number of UNIX installations has grown to 10, with more expected..." - Dennis Ritchie and Ken Thompson, June 1972 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 13 7:24:26 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9A10537B401 for ; Thu, 13 Mar 2003 07:24:25 -0800 (PST) Received: from mail.1system.ru (ns.1system.ru [62.205.190.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id DA8F143FBF for ; Thu, 13 Mar 2003 07:24:24 -0800 (PST) (envelope-from null@mail.1system.ru) Received: by mail.1system.ru (Postfix, from userid 1001) id 71F0C49807; Thu, 13 Mar 2003 18:27:38 +0300 (MSK) Date: Thu, 13 Mar 2003 18:27:38 +0300 From: "Dennis S. Davidoff" To: freebsd-net@freebsd.org Subject: MPD, FreeRadius, MSCHAPv2 Message-ID: <20030313152738.GA11471@mail.1system.ru> Reply-To: null@1system.ru Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline User-Agent: Mutt/1.4i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello. Has anyone the successful decision of subj? :) P.S. Is there a tool for Windows to test MSCHAPv2? NTRadPing use only CHAP (MSCHAPv1?) -- Sincerely, Dennis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 13 7:25:45 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3D59D37B404 for ; Thu, 13 Mar 2003 07:25:44 -0800 (PST) Received: from cell.sick.ru (cell.sick.ru [195.91.162.238]) by mx1.FreeBSD.org (Postfix) with ESMTP id A8E2E43FBD for ; Thu, 13 Mar 2003 07:25:42 -0800 (PST) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.6/8.12.6) with ESMTP id h2DFPed3035582 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Thu, 13 Mar 2003 18:25:40 +0300 (MSK) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.6/8.12.6/Submit) id h2DFPdNt035581; Thu, 13 Mar 2003 18:25:39 +0300 (MSK) Date: Thu, 13 Mar 2003 18:25:39 +0300 From: Gleb Smirnoff To: Alexandre Kardanev Cc: Michael Bretterklieber , freebsd-net@FreeBSD.ORG Subject: Re: MPD in dynamic Message-ID: <20030313152539.GA35529@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Alexandre Kardanev , Michael Bretterklieber , freebsd-net@FreeBSD.ORG References: <3E707289.3000001@jawa.at> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.1i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org A> > http://www.bretterklieber.com/freebsd/radius.diff A> A> Unfortunately, I used that patch first, after mpd-3.13 I compared and A> found no significant differences. Of cause, maybe I misconfigured my A> RADIUS server, also in mpd log I found: A> [pptp12] RADIUS: RadiusGetParams: RAD_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY: 1 (Allowed) A> [pptp12] RADIUS: RadiusGetParams: RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES: 6 (40 128 bit) A> but have no luck with W98SE & W2K What RADIUS server are you using? Not all radiuses support MS-CHAP/MS-CHAPv2. MPPE requires MS-CHAPv2 as authentication protocol. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 13 7:32:52 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 91F9B37B401 for ; Thu, 13 Mar 2003 07:32:50 -0800 (PST) Received: from jawa.at (jawa.at [213.229.17.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id 476CF43F3F for ; Thu, 13 Mar 2003 07:32:49 -0800 (PST) (envelope-from mbretter@jawa.at) Received: from jawa.at (dings.jawa.at [192.168.200.60]) by jawa.at (8.12.6/8.12.6) with ESMTP id h2DFWh1Z068397; Thu, 13 Mar 2003 16:32:43 +0100 (CET) (envelope-from mbretter@jawa.at) Message-ID: <3E70A498.8020302@jawa.at> Date: Thu, 13 Mar 2003 16:32:40 +0100 From: Michael Bretterklieber Organization: JAWA Management Software GmbH User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-AT; rv:1.2.1) Gecko/20021130 X-Accept-Language: de, en MIME-Version: 1.0 To: null@1system.ru Cc: freebsd-net@FreeBSD.ORG Subject: Re: MPD, FreeRadius, MSCHAPv2 References: <20030313152738.GA11471@mail.1system.ru> In-Reply-To: <20030313152738.GA11471@mail.1system.ru> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-milter (http://amavis.org/) X-Spam-Status: No, hits=-2.8 required=5.0 tests=IN_REP_TO,NOSPAM_INC,QUOTED_EMAIL_TEXT,REFERENCES, SPAM_PHRASE_00_01,USER_AGENT,USER_AGENT_MOZILLA_UA, X_ACCEPT_LANG version=2.43 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Dennis S. Davidoff schrieb: > Hello. > > Has anyone the successful decision of subj? :) > > P.S. Is there a tool for Windows to test MSCHAPv2? NTRadPing use only > CHAP (MSCHAPv1?) - Install php 4.3.1, - donwload the php-radius extension from http://www.bretterklieber.com/php/radius-builds/win32-i386/4.3/php_radius-1.2.zip and copy the dll under /extensions - download http://pear.php.net/get/radius-1.2.tgz - and let the examples/radius-auth.php run, after changing the params in this script. bye, -- ------------------------------- ---------------------------------- Michael Bretterklieber - Michael.Bretterklieber@jawa.at JAWA Management Software GmbH - http://www.jawa.at Liebenauer Hauptstr. 200 -------------- privat ------------ A-8041 GRAZ GSM: ++43-(0)676-84 03 15 712 Tel: ++43-(0)316-403274-12 E-mail: michael@bretterklieber.com Fax: ++43-(0)316-403274-10 http://www.bretterklieber.com ------------------------------- ---------------------------------- "...the number of UNIX installations has grown to 10, with more expected..." - Dennis Ritchie and Ken Thompson, June 1972 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Mar 13 12:34:27 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EE1C737B401 for ; Thu, 13 Mar 2003 12:34:24 -0800 (PST) Received: from kcmso2.proxy.att.com (kcmso2.att.com [192.128.134.71]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5CFF343F3F for ; Thu, 13 Mar 2003 12:34:23 -0800 (PST) (envelope-from jwb@hera.homer.att.com) Received: from ulysses.homer.att.com ([135.205.193.8]) by kcmso2.proxy.att.com (AT&T IPNS/MSO-4.0) with ESMTP id h2DKYJFl020200; Thu, 13 Mar 2003 14:34:19 -0600 (CST) Received: from hera.homer.att.com (hera.homer.att.com [135.205.193.102]) by ulysses.homer.att.com (8.9.3/8.9.3) with ESMTP id PAA06546; Thu, 13 Mar 2003 15:34:18 -0500 (EST) Received: from hera.homer.att.com (localhost [127.0.0.1]) by hera.homer.att.com (8.9.3/8.9.3) with ESMTP id PAA04880; Thu, 13 Mar 2003 15:34:18 -0500 (EST) Message-Id: <200303132034.PAA04880@hera.homer.att.com> To: Iasen Kostov Cc: Kevin_Stevens@pursued-with.net, freebsd-net@FreeBSD.ORG Subject: Re: route pointing to a gateway that's not on net In-Reply-To: <20030307065558.W52594-100000@shadowhand.OTEL.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <4877.1047587657.1@hera.homer.att.com> Date: Thu, 13 Mar 2003 15:34:18 -0500 From: "J. W. Ballantine" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu Mar 6 23:56:51 2003, ikostov@otel.net suggested: > Use : > route add -net 10.17.47.37/32 -cloning -iface xl0 > that sould work. I've tried several variations of this with limited success: Script started on Thu Mar 13 12:26:27 2003 # ifconfig xl0 inet 209.122.66.XXX netmask 255.255.255.0 # route add -net 10.0.0.0 -iface -interface xl0 # add net 10.0.0.0: gateway xl0 # route add -net default -iface -interface xl0 # add net default: gateway xl0 # netstat -nrW Routing tables Internet: Destination Gateway Flags Refs Use Mtu Netif Expire default link#1 UCSc 0 0 1500 xl0 10 link#1 UCSc 0 0 1500 xl0 127.0.0.1 127.0.0.1 UH 0 0 16384 lo0 209.122.66 link#1 UC 0 0 1500 xl0 # ping 10.17.47.37 <<; Fri, 14 Mar 2003 01:51:06 -0800 (PST) Received: from mailhub.fokus.fraunhofer.de (mailhub.fokus.fraunhofer.de [193.174.154.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id BAA1E43F75 for ; Fri, 14 Mar 2003 01:51:04 -0800 (PST) (envelope-from brandt@fokus.fraunhofer.de) Received: from beagle (beagle [193.175.132.100]) by mailhub.fokus.fraunhofer.de (8.11.6/8.11.6) with ESMTP id h2E9p3M29604 for ; Fri, 14 Mar 2003 10:51:03 +0100 (MET) Date: Fri, 14 Mar 2003 10:51:01 +0100 (CET) From: Harti Brandt To: net@freebsd.org Subject: locking in network if attach again Message-ID: <20030314104019.T65266@beagle.fokus.fraunhofer.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all, the following problem occured just to me. Suppose the last lines in my attach() function look something like: if_attach(...) bus_setup_intr(...) Last time we had the locking discussion it was more or less the concensus, that no locking is needed in attach() and that the last thing I do is setting up the interrupt. It seems to me, however, that the following may happen here: 1. After if_attach but before setup_intr() a process on another processor calls if_ioctl to make the interface UP and if_start() to start output. 2. while the attach routine is blocked (perhaps while an interrupt is serverd) if_start initiates output. 3. The device tries to interrupt but cannot do that (setup_intr() has not been called yet). 4. The device gets stuck, because the interrupt is lost. 5. setup_intr() is called but that does not help. Is this a possible scenario? I must admit, that such a scenarion has a rather low probability, but according to Murphy's Law, it will happen. Maybe if_attach and bus_setup_intr can be reversed. In this case the interrupt routine must be careful to not call into the network system, because the network system doesn't know anything about the interface until if_attach(). Another solution would be to lock softc before if_attach, but this would probably provoke an LOR (as I remember). Regards, harti -- harti brandt, http://www.fokus.fraunhofer.de/research/cc/cats/employees/hartmut.brandt/private brandt@fokus.fraunhofer.de, harti@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Mar 14 2:24:36 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0BA2837B401 for ; Fri, 14 Mar 2003 02:24:35 -0800 (PST) Received: from gvr.gvr.org (gvr.gvr.org [212.61.40.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id DB47B43FCB for ; Fri, 14 Mar 2003 02:24:32 -0800 (PST) (envelope-from guido@gvr.org) Received: by gvr.gvr.org (Postfix, from userid 657) id 585BC1A; Fri, 14 Mar 2003 11:24:31 +0100 (CET) Date: Fri, 14 Mar 2003 11:24:31 +0100 From: Guido van Rooij To: "J. W. Ballantine" Cc: Iasen Kostov , Kevin_Stevens@pursued-with.net, freebsd-net@FreeBSD.ORG Subject: Re: route pointing to a gateway that's not on net Message-ID: <20030314102431.GA97899@gvr.gvr.org> References: <20030307065558.W52594-100000@shadowhand.OTEL.net> <200303132034.PAA04880@hera.homer.att.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200303132034.PAA04880@hera.homer.att.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Mar 13, 2003 at 03:34:18PM -0500, J. W. Ballantine wrote: > round-trip min/avg/max/stddev = 3.022/3.428/5.029/0.801 ms > # ping 207.172.3.8 <<< one of isp's name server > PING 207.172.3.8 (207.172.3.8): 56 data bytes > ping: sendto: Host is down > ping: sendto: Host is down > ping: sendto: Host is down > ping: sendto: Host is down > > So this method allows my system to get to the > modem/dhcp server/gateway, but no further. (when I ping > from windows I get a response, so the system isn't down.) That is because 207.172.3.8 is not directly connected. By speficying a route entry with -iface you specify it is directly connected. That is the reason you can now reach the 10.*hosts. The problem with the 207.172.3.* hosts exists because your routing table expects the 207.172.3.* range to be directly connected. So either you have to make them apear directly connected, or you must say that they are not directly connected. The first can be doe by having your gateway do proxy arp, or by manually setting arp entries on your host (for all 207.172.3.* hosts, do arp -s host MAC, where MAC is the mac address of your gateway). I don't know how to do the second one, except for adding single host routes for each host, i.e.: route add host-ip-address gateway-ip-address. -Guido To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Mar 14 6:51:53 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3068337B401 for ; Fri, 14 Mar 2003 06:51:51 -0800 (PST) Received: from almso2.proxy.att.com (almso2.att.com [192.128.166.71]) by mx1.FreeBSD.org (Postfix) with ESMTP id C688D43FAF for ; Fri, 14 Mar 2003 06:51:49 -0800 (PST) (envelope-from jwb@homer.att.com) Received: from ulysses.homer.att.com ([135.205.193.8]) by almso2.proxy.att.com (AT&T IPNS/MSO-4.0) with ESMTP id h2EEpmWx001921; Fri, 14 Mar 2003 09:51:48 -0500 (EST) Received: from akiva.homer.att.com (akiva.homer.att.com [135.205.212.39]) by ulysses.homer.att.com (8.9.3/8.9.3) with ESMTP id JAA21284; Fri, 14 Mar 2003 09:51:47 -0500 (EST) Received: from akiva.homer.att.com (localhost [127.0.0.1]) by akiva.homer.att.com (8.11.6+Sun/8.9.3) with ESMTP id h2EEpkQ19585; Fri, 14 Mar 2003 09:51:46 -0500 (EST) Message-Id: <200303141451.h2EEpkQ19585@akiva.homer.att.com> To: Guido van Rooij Cc: freebsd-net@FreeBSD.ORG Subject: Re: route pointing to a gateway that's not on net In-reply-to: Your message of "Fri, 14 Mar 2003 11:24:31 +0100." <20030314102431.GA97899@gvr.gvr.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <19582.1047653505.1@akiva.homer.att.com> Date: Fri, 14 Mar 2003 09:51:46 -0500 From: "J. W. Ballantine" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org So what you are saying is that with the: route add -net default -iface -interface xl0 command the system thinks there is a direct connect. Doesn't this then send all packets out, since there is no address supplied with the route command, or is this a function the the 10.*.*.* addresses are private network addresses. If it sends all packets out, I would expect the 10.17.47.37 to receive it and forward it, since it is the gateway/modem. Having taken a quick look at the arp man page, it seems that one needs to arp each address/host rather than globally. Again, what I'm trying to do is get the system to pass all packets to the gateway/modem for forwarding over the net. Thanks Jim ---------- In Response to your message ------------- > Date: Fri, 14 Mar 2003 11:24:31 +0100 > To: "J. W. Ballantine" > From: Guido van Rooij > Subject: Re: route pointing to a gateway that's not on net > Sender: owner-freebsd-net@FreeBSD.ORG > > On Thu, Mar 13, 2003 at 03:34:18PM -0500, J. W. Ballantine wrote: > > round-trip min/avg/max/stddev = 3.022/3.428/5.029/0.801 ms > > # ping 207.172.3.8 <<< one of isp's name ser ver > > PING 207.172.3.8 (207.172.3.8): 56 data bytes > > ping: sendto: Host is down > > ping: sendto: Host is down > > ping: sendto: Host is down > > ping: sendto: Host is down > > > > So this method allows my system to get to the > > modem/dhcp server/gateway, but no further. (when I ping > > from windows I get a response, so the system isn't down.) > > That is because 207.172.3.8 is not directly connected. By speficying a > route entry with -iface you specify it is directly connected. That > is the reason you can now reach the 10.*hosts. > > The problem with the 207.172.3.* hosts exists because your routing > table expects the 207.172.3.* range to be directly connected. > > So either you have to make them apear directly connected, or you must say th at > they are not directly connected. The first can be doe by having your gateway > do proxy arp, or by manually setting arp entries on your host > (for all 207.172.3.* hosts, do arp -s host MAC, where MAC is the mac address > of your gateway). > I don't know how to do the second one, except for adding single host routes > for each host, i.e.: route add host-ip-address gateway-ip-address. > > -Guido > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Mar 14 10:11:45 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 84F6937B401 for ; Fri, 14 Mar 2003 10:11:44 -0800 (PST) Received: from gvr.gvr.org (gvr.gvr.org [212.61.40.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id D7F8B43FA3 for ; Fri, 14 Mar 2003 10:11:42 -0800 (PST) (envelope-from guido@gvr.org) Received: by gvr.gvr.org (Postfix, from userid 657) id 019071A; Fri, 14 Mar 2003 19:11:40 +0100 (CET) Date: Fri, 14 Mar 2003 19:11:40 +0100 From: Guido van Rooij To: "J. W. Ballantine" Cc: freebsd-net@FreeBSD.ORG Subject: Re: route pointing to a gateway that's not on net Message-ID: <20030314181140.GA3323@gvr.gvr.org> References: <20030314102431.GA97899@gvr.gvr.org> <200303141451.h2EEpkQ19585@akiva.homer.att.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200303141451.h2EEpkQ19585@akiva.homer.att.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Mar 14, 2003 at 09:51:46AM -0500, J. W. Ballantine wrote: > So what you are saying is that with the: > route add -net default -iface -interface xl0 > command the system thinks there is a direct connect. Doesn't this > then send all packets out, since there is no address supplied with > the route command, or is this a function the the 10.*.*.* addresses > are private network addresses. In order to send packets out directly they need to be directly connected, i.e. respond to arp requests whihc is only done on the same LAN. I hope you understand that this will not work with a default route. > > If it sends all packets out, I would expect the 10.17.47.37 to receive it > and forward it, since it is the gateway/modem. And how do you think the packets arive at 10.17.47.37? Suppose you want to send a packet to 1.2.3.4 with the above mentioned route. Then the system will arp for 1.2.3.4. Clearly noone will answer so this will fail. > > Having taken a quick look at the arp man page, it seems that one needs to > arp each address/host rather than globally. > > Again, what I'm trying to do is get the system to pass all packets to > the gateway/modem for forwarding over the net. Why dont you actually try what I advised you to do? Sorry to be blunt, but with the comments you make it is very clear that you have no clue on how IP traffic interacts with link level traffic. So either read a book or just try what people tell you. -Guido To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Mar 14 12: 7:36 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0AE0137B401 for ; Fri, 14 Mar 2003 12:07:34 -0800 (PST) Received: from kcmso2.proxy.att.com (kcmso2.att.com [192.128.134.71]) by mx1.FreeBSD.org (Postfix) with ESMTP id AFB4043F93 for ; Fri, 14 Mar 2003 12:07:32 -0800 (PST) (envelope-from jwb@homer.att.com) Received: from ulysses.homer.att.com ([135.205.193.8]) by kcmso2.proxy.att.com (AT&T IPNS/MSO-4.0) with ESMTP id h2EK7SFl010810; Fri, 14 Mar 2003 14:07:28 -0600 (CST) Received: from akiva.homer.att.com (akiva.homer.att.com [135.205.212.39]) by ulysses.homer.att.com (8.9.3/8.9.3) with ESMTP id PAA29864; Fri, 14 Mar 2003 15:07:28 -0500 (EST) Received: from akiva.homer.att.com (localhost [127.0.0.1]) by akiva.homer.att.com (8.11.6+Sun/8.9.3) with ESMTP id h2EK7Rl20970; Fri, 14 Mar 2003 15:07:27 -0500 (EST) Message-Id: <200303142007.h2EK7Rl20970@akiva.homer.att.com> X-Mailer: exmh version 2.6.2 03/12/2003 with nmh-1.0.4 To: Guido van Rooij Cc: freebsd-net@FreeBSD.ORG Subject: Re: route pointing to a gateway that's not on net In-reply-to: Your message of "Fri, 14 Mar 2003 19:11:40 +0100." <20030314181140.GA3323@gvr.gvr.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 14 Mar 2003 15:07:26 -0500 From: "J. W. Ballantine" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ---------- In Response to your message ------------- > Date: Fri, 14 Mar 2003 19:11:40 +0100 > To: "J. W. Ballantine" > From: Guido van Rooij > Subject: Re: route pointing to a gateway that's not on net > Sender: owner-freebsd-net@FreeBSD.ORG > > On Fri, Mar 14, 2003 at 09:51:46AM -0500, J. W. Ballantine wrote: > > So what you are saying is that with the: > > route add -net default -iface -interface xl0 > > command the system thinks there is a direct connect. Doesn't this > > then send all packets out, since there is no address supplied with > > the route command, or is this a function the the 10.*.*.* addresses > > are private network addresses. > > In order to send packets out directly they need to be directly connected, > i.e. respond to arp requests which is only done on the same LAN. > I hope you understand that this will not work with a default route. > > > > > If it sends all packets out, I would expect the 10.17.47.37 to receive it > > and forward it, since it is the gateway/modem. > > And how do you think the packets arive at 10.17.47.37? > Suppose you want to send a packet to 1.2.3.4 with the above mentioned route. > Then the system will arp for 1.2.3.4. Clearly noone will answer so this > will fail. > > > > > Having taken a quick look at the arp man page, it seems that one needs to > > arp each address/host rather than globally. > > > > Again, what I'm trying to do is get the system to pass all packets to > > the gateway/modem for forwarding over the net. > > Why dont you actually try what I advised you to do? > Sorry to be blunt, but with the comments you make it is very clear that > you have no clue on how IP traffic interacts with link level traffic. > So either read a book or just try what people tell you. Quite frankly, blunt is not a problem, one needs to call them as one sees them. However, responding to a question with a condesending, superior attitude(IMHO), while ignoring the question is. As for "just try what people tell you", if it doesn't appear resolve the larger problem, but just the example, than it isn't the correct resolution to the issue and trying to get clarification shouldn't be scorned, after all there is always someone out there who knows more. > > -Guido > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Mar 14 12:29:47 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC32237B401 for ; Fri, 14 Mar 2003 12:29:46 -0800 (PST) Received: from gvr.gvr.org (gvr.gvr.org [212.61.40.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9479943FAF for ; Fri, 14 Mar 2003 12:29:45 -0800 (PST) (envelope-from guido@gvr.org) Received: by gvr.gvr.org (Postfix, from userid 657) id 68F911A; Fri, 14 Mar 2003 21:29:44 +0100 (CET) Date: Fri, 14 Mar 2003 21:29:44 +0100 From: Guido van Rooij To: "J. W. Ballantine" Cc: freebsd-net@FreeBSD.ORG Subject: Re: route pointing to a gateway that's not on net Message-ID: <20030314202944.GA5071@gvr.gvr.org> References: <20030314181140.GA3323@gvr.gvr.org> <200303142007.h2EK7Rl20970@akiva.homer.att.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200303142007.h2EK7Rl20970@akiva.homer.att.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Mar 14, 2003 at 03:07:26PM -0500, J. W. Ballantine wrote: > Quite frankly, blunt is not a problem, one needs to call them as one sees > them. However, responding to a question with a condesending, superior > attitude(IMHO), while ignoring the question is. As for "just try what > people tell you", if it doesn't appear resolve the larger problem, but just > the example, than it isn't the correct resolution to the issue and trying > to get clarification shouldn't be scorned, after all there is always someone > out there who knows more. I did answer your question. You should either add host routes or turn on proxy arp at the gateway. In stead of telling us if that worked out you come with different questions. Have you actually tried the 3 different possibilities mentioned in my mail with message-id 20030314102431.GA97899@gvr.gvr.org ? -Guido To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Mar 14 13:17:51 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8D74237B401 for ; Fri, 14 Mar 2003 13:17:49 -0800 (PST) Received: from kcmso2.proxy.att.com (kcmso2.att.com [192.128.134.71]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4227643F85 for ; Fri, 14 Mar 2003 13:17:48 -0800 (PST) (envelope-from jwb@homer.att.com) Received: from ulysses.homer.att.com ([135.205.193.8]) by kcmso2.proxy.att.com (AT&T IPNS/MSO-4.0) with ESMTP id h2ELHeFl021594; Fri, 14 Mar 2003 15:17:41 -0600 (CST) Received: from akiva.homer.att.com (akiva.homer.att.com [135.205.212.39]) by ulysses.homer.att.com (8.9.3/8.9.3) with ESMTP id QAA01821; Fri, 14 Mar 2003 16:17:40 -0500 (EST) Received: from akiva.homer.att.com (localhost [127.0.0.1]) by akiva.homer.att.com (8.11.6+Sun/8.9.3) with ESMTP id h2ELHdl21193; Fri, 14 Mar 2003 16:17:39 -0500 (EST) Message-Id: <200303142117.h2ELHdl21193@akiva.homer.att.com> X-Mailer: exmh version 2.6.2 03/12/2003 with nmh-1.0.4 To: Guido van Rooij Cc: freebsd-net@FreeBSD.ORG Subject: Re: route pointing to a gateway that's not on net In-reply-to: Your message of "Fri, 14 Mar 2003 21:29:44 +0100." <20030314202944.GA5071@gvr.gvr.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 14 Mar 2003 16:17:39 -0500 From: "J. W. Ballantine" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ---------- In Response to your message ------------- > Date: Fri, 14 Mar 2003 21:29:44 +0100 > To: "J. W. Ballantine" > From: Guido van Rooij > Subject: Re: route pointing to a gateway that's not on net > > On Fri, Mar 14, 2003 at 03:07:26PM -0500, J. W. Ballantine wrote: > > Quite frankly, blunt is not a problem, one needs to call them as one sees > > them. However, responding to a question with a condesending, superior > > attitude(IMHO), while ignoring the question is. As for "just try what > > people tell you", if it doesn't appear resolve the larger problem, but jus t > > the example, than it isn't the correct resolution to the issue and trying > > to get clarification shouldn't be scorned, after all there is always someo ne > > out there who knows more. > > I did answer your question. You should either add host routes or turn > on proxy arp at the gateway. In stead of telling us if that worked > out you come with different questions. > > Have you actually tried the 3 different possibilities mentioned in > my mail with message-id 20030314102431.GA97899@gvr.gvr.org ? > > -Guido > Of the 3 different possibilities mentioned: I did try route add -net without -iface, and the result was no route to host. I didn't try to arp to 207.172.3.* hosts because that sounded like a fix for only one small network and I asked for clarification. The other single host routes for each host again doesn't resolve the larger issue of basic network access. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Mar 15 13:42:44 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABE4437B401 for ; Sat, 15 Mar 2003 13:42:43 -0800 (PST) Received: from gvr.gvr.org (gvr.gvr.org [212.61.40.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id 38A0343F93 for ; Sat, 15 Mar 2003 13:42:42 -0800 (PST) (envelope-from guido@gvr.org) Received: by gvr.gvr.org (Postfix, from userid 657) id 0764C1A; Sat, 15 Mar 2003 22:42:39 +0100 (CET) Date: Sat, 15 Mar 2003 22:42:39 +0100 From: Guido van Rooij To: "J. W. Ballantine" Cc: freebsd-net@FreeBSD.ORG Subject: Re: route pointing to a gateway that's not on net Message-ID: <20030315214239.GA23489@gvr.gvr.org> References: <20030314202944.GA5071@gvr.gvr.org> <200303142117.h2ELHdl21193@akiva.homer.att.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200303142117.h2ELHdl21193@akiva.homer.att.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Mar 14, 2003 at 04:17:39PM -0500, J. W. Ballantine wrote: > > Of the 3 different possibilities mentioned: > > I did try route add -net without -iface, and the result was > no route to host. > > I didn't try to arp to 207.172.3.* hosts because that sounded like > a fix for only one small network and I asked for clarification. > > The other single host routes for each host again doesn't resolve the > larger issue of basic network access. > You already mentioned that adding the -iface route to 10.* in combination with a default route to your gateway worked for everything except 207.172.3.*. What I suggested would _add_ reachability of those hosts. -Guido To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Mar 15 14:20: 3 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9366937B401 for ; Sat, 15 Mar 2003 14:20:02 -0800 (PST) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id A7C6A43F3F for ; Sat, 15 Mar 2003 14:20:01 -0800 (PST) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.8/8.12.8) with ESMTP id h2FMK0pH040824; Sat, 15 Mar 2003 17:20:00 -0500 (EST) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.8/8.12.8/Submit) id h2FMK0Xn040823; Sat, 15 Mar 2003 17:20:00 -0500 (EST) (envelope-from barney) Date: Sat, 15 Mar 2003 17:20:00 -0500 From: Barney Wolff To: Guido van Rooij Cc: "J. W. Ballantine" , freebsd-net@FreeBSD.ORG Subject: Re: route pointing to a gateway that's not on net Message-ID: <20030315222000.GA40787@pit.databus.com> References: <20030314202944.GA5071@gvr.gvr.org> <200303142117.h2ELHdl21193@akiva.homer.att.com> <20030315214239.GA23489@gvr.gvr.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030315214239.GA23489@gvr.gvr.org> User-Agent: Mutt/1.4i X-Scanned-By: MIMEDefang 2.30 (www . roaringpenguin . com / mimedefang) Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Mar 15, 2003 at 10:42:39PM +0100, Guido van Rooij wrote: > > You already mentioned that adding the -iface route to 10.* in combination > with a default route to your gateway worked for everything except 207.172.3.*. Actually, I don't think that's what he wrote. Rather, that net is an example of not being able to reach anything via the default. The problem is that the link to the ISP is ethernet but is not being used as a subnet, as an ethernet conventionally is. I would make up an address for the default router that's on your subnet, declare that to be the default route, and put a permanent entry into the arp table with the gateway's actual mac address. That ought to work. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message