From owner-freebsd-net@FreeBSD.ORG Sun Nov 2 04:22:20 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C34D416A4CE for ; Sun, 2 Nov 2003 04:22:20 -0800 (PST) Received: from famine.e-raist.com (69-30-69-105.dq1mn.easystreet.com [69.30.69.105]) by mx1.FreeBSD.org (Postfix) with ESMTP id EE49C43FBF for ; Sun, 2 Nov 2003 04:22:19 -0800 (PST) (envelope-from aburke@nullplusone.com) Received: from thebe (12-224-164-145.client.attbi.com [12.224.164.145]) (authenticated bits=0) by famine.e-raist.com (8.12.8/8.12.8) with ESMTP id hA2CMCfL092609 for ; Sun, 2 Nov 2003 04:22:17 -0800 (PST) From: "Aaron Burke" To: Date: Sun, 2 Nov 2003 04:21:54 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Subject: how to run mpd for pptp on Cable and DSL links at the same time? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2003 12:22:20 -0000 Hello, This problem likely requires a command that I am not aware of but let me describe my problem. I have a host with both Cable and DSL links. MPD works on either link just fine. But mpd only listens to a connection on the first unused link. Is there a way to get mpd to listen on both interfaces at the same time? This box is running FreeBSD 4.7-RELEASE, running mpd-3.9 . Cable Modem: dc0, 12.224.x.y/24 DSL: ed0, 199.26.a.b/29 LAN: xl0, 192.168.0.250/24 From owner-freebsd-net@FreeBSD.ORG Sun Nov 2 06:05:30 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 77ECF16A4CE for ; Sun, 2 Nov 2003 06:05:30 -0800 (PST) Received: from dastardly.newsbastards.org.72.27.172.IN-addr.ARPA.NOSPAM.dyndns.dk (does-d9b91910.pool.mediaWays.net [217.185.25.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 174AE43FAF for ; Sun, 2 Nov 2003 06:04:32 -0800 (PST) (envelope-from bounce@NOSPAM.dyndns.dk) Received: from NOSPAM.spam.NOSPAM.spam.NOSPAM.dyndns.dk (NOSPAM.spam.NOSPAM.spam.NOSPAM.dyndns.dk [2002:d9b9:1910:0:200:c0ff:fefc:19aa] (may be forged)) (8.11.6/8.11.6-SPAMMERS-DeLiGHt) with ESMTP id hA2E3qb82879 verified NO) for ; Sun, 2 Nov 2003 15:03:54 +0100 (CET) (envelope-from bounce@NOSPAM.dyndns.dk) Received: (from beer@localhost)hA2E3OE48213; Sun, 2 Nov 2003 15:03:24 +0100 (CET) (envelope-from bounce@NOSPAM.dyndns.dk) Date: Sun, 2 Nov 2003 15:03:24 +0100 (CET) Message-Id: <200311021403.hA2E3OE48213@NOSPAM.spam.NOSPAM.spam.NOSPAM.dyndns.dk> X-Authentication-Warning: NOSPAM.spam.NOSPAM.spam.NOSPAM.dyndns.dk: beer set sender to bounce@NOSPAM.dyndns.dk using -f From: Barry Bouwsma To: FreeBSD Networking Nerds Subject: IPv6 autoconf addresses with changing RAs... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2003 14:05:30 -0000 [Drop hostname part of IPv6-only address above to obtain IPv4-capable e-mail, or just drop me from the recipients and I'll catch up from the archives, since I'm too much offline and replies will probably go astray anyways] Apologies if this has been asked before; I've only zgrep'ed this year's archives for `autoconf' and see nothing comparable -- only something from beginning-October-or-so concerning autoconf IPv6 addresses learned from multiple routers -- a setup which I don't want any so-called `solution' to my query to adversely affect. I have one IPv6 machine behind a second, which second machine for historical reasons has an IPv6 prefix/address that occasionally changes. After this happens, the first host-only machine receives an additional autoconf IPv6 address, but it still retains the old (now obsolete) IPv6 autoconf address it had learned from this same router. The machines are running kernels RELENG_4 from late-September-ish. Userland varies horribly. What I want to happen, is that when the new IPv6 address is autoconf'ed, the old one should disappear from the interface. (I've been too impatient to watch if it disappears after time, during which time I cannot reach the router's new address or the default route, as the old prefix which it had is no longer present thanks to my hacked scripts. If I manually delete the original IPv6 address, it seems that things work.) [Historical reasons background: I receive a different IPv4 address via dial-in PPP each time I go online. From this I derive a 6to4 2002:... prefix that I use for IPv6 network address. The router machine (the ppp machine) is poked to deliver an RA at time of new address configuration. I no longer bother to delete this 6to4 address when going offline, but next time I go online, I get a new IPv6 prefix (deleting the old one), that the host machine learns.] Is there a way of being automagically notified when a RA is heard/a new IPv6 address is autoconf'ed, so I can trigger a script to check and if needed, delete the old IPv6 address? Or must I periodically check the IPv6 addresses for any changes? Or, is it possible for the kernel itself, in my case -- a single router, to be different from the case posted a month ago of two routers on the same net -- to automagically dispose of the old previously-autoconf'ed IPv6 address upon receiving a new RA broadcast? Perhaps to be controlled by a sysctl knob, to allow one to choose between a single changing RA, or RAs from multiple machines where IPv6 address-hopping is unwanted? The advantage of being notified of such an RA change (instead of it just resulting quietly in an IPv6 address change) is that I could at the same time trigger a dynamic DNS update. At present, it seems I need to do both IPv6 address fudging and dynamic DNS updates with periodic polling of the interface status. Thanks, Barry Bouwsma still unclear on the concept From owner-freebsd-net@FreeBSD.ORG Sun Nov 2 06:24:09 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3DA3316A4CE for ; Sun, 2 Nov 2003 06:24:09 -0800 (PST) Received: from jodocus.org (f8103.upc-f.chello.nl [80.56.8.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id 083B143FCB for ; Sun, 2 Nov 2003 06:24:08 -0800 (PST) (envelope-from joost@jodocus.org) Received: from jodocus.org (localhost [127.0.0.1]) by jodocus.org (8.12.8p1/8.12.8) with ESMTP id hA2EO5eE060148 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 2 Nov 2003 15:24:06 +0100 (CET) (envelope-from joost@jodocus.org) Received: (from joost@localhost) by jodocus.org (8.12.8p1/8.12.8/Submit) id hA2EO5TR060147; Sun, 2 Nov 2003 15:24:05 +0100 (CET) Date: Sun, 2 Nov 2003 15:24:05 +0100 From: Joost Bekkers To: Aaron Burke Message-ID: <20031102142405.GA60111@bps.jodocus.org> Mail-Followup-To: Joost Bekkers , Aaron Burke , freebsd-net@freebsd.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i cc: freebsd-net@freebsd.org Subject: Re: how to run mpd for pptp on Cable and DSL links at the same time? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2003 14:24:09 -0000 On Sun, Nov 02, 2003 at 04:21:54AM -0800, Aaron Burke wrote: > > Is there a way to get mpd to listen on both interfaces at the same time? > > This box is running FreeBSD 4.7-RELEASE, running mpd-3.9 . > Cable Modem: dc0, 12.224.x.y/24 > DSL: ed0, 199.26.a.b/29 > LAN: xl0, 192.168.0.250/24 > Try telling it to listen on the any address (0.0.0.0) instead of the ip of a specific interface. -- greetz Joost joost@jodocus.org From owner-freebsd-net@FreeBSD.ORG Sun Nov 2 10:24:14 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8782A16A4CE; Sun, 2 Nov 2003 10:24:14 -0800 (PST) Received: from purple.the-7.net (purple.the-7.net [207.158.28.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id C649943FA3; Sun, 2 Nov 2003 10:24:13 -0800 (PST) (envelope-from ab@astralblue.net) Received: from astralblue.net (adsl-68-123-46-19.dsl.pltn13.pacbell.net [68.123.46.19]) by purple.the-7.net (8.12.9p2/8.12.9) with ESMTP id hA2IO9Ek050278; Sun, 2 Nov 2003 10:24:12 -0800 (PST) (envelope-from ab@astralblue.net) Message-ID: <3FA54B9A.7020007@astralblue.net> Date: Sun, 02 Nov 2003 10:23:22 -0800 From: "Eugene M. Kim" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5b) Gecko/20030926 X-Accept-Language: en-us, en, ko MIME-Version: 1.0 To: Barry Bouwsma References: <200311021403.hA2E3OE48213@NOSPAM.spam.NOSPAM.spam.NOSPAM.dyndns.dk> In-Reply-To: <200311021403.hA2E3OE48213@NOSPAM.spam.NOSPAM.spam.NOSPAM.dyndns.dk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: FreeBSD Networking Nerds cc: ume@freebsd.org Subject: Re: IPv6 autoconf addresses with changing RAs... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2003 18:24:14 -0000 I guess the proper way would be rtadvd's prefix lifetime configuration (maxinterval, pltime and vltime). I set it to maxinterval#20, pltime#90, vltime#130. You *must* also delete old prefixes from the internal interface(s), or rtadvd will continue advertising them because it will think those old prefixes are still valid. One caveat is, though, you can't let rtadvd pick all the prefixes from internal interfaces (i.e. those that don't have rltime#0 specified), because that way rtadvd uses default parameters (maxinterval#30, pltime#86400, vltime#259200) for the prefixes it picked up; this is too long. Specifying pltime/vltime without an addr directive seems to have no effect (contrary to what the example in rtadvd.conf(5) suggests). You have to automatically regenerate rtadvd.conf from the linkup/linkdown scripts to specify/remove the 6to4 prefixes calculated then SIGHUP the rtadvd. I wonder if the latest KAME version of rtadvd has any solution to this problem. /me looks in the general direction of Umemoto-san ^^ Eugene From owner-freebsd-net@FreeBSD.ORG Sun Nov 2 11:36:49 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 85E4116A4CE for ; Sun, 2 Nov 2003 11:36:49 -0800 (PST) Received: from cheer.mahoroba.org (flets19-018.kamome.or.jp [218.45.19.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 17D2243F93 for ; Sun, 2 Nov 2003 11:36:48 -0800 (PST) (envelope-from ume@mahoroba.org) Received: from lyrics.mahoroba.org (IDENT:lLdN1HSvxNmi9LDbVGWLC5glxh9pSyJmvF7/iYDDbsPVdpNO3uQyAZP6ykABYx53@lyrics.mahoroba.org [IPv6:3ffe:501:185b:8010:280:88ff:fe03:4841]) (user=ume mech=CRAM-MD5 bits=0)hA2JZPed013126 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 3 Nov 2003 04:35:26 +0900 (JST) (envelope-from ume@mahoroba.org) Date: Mon, 03 Nov 2003 04:35:26 +0900 Message-ID: From: Hajimu UMEMOTO To: "Eugene M. Kim" In-Reply-To: <3FA54B9A.7020007@astralblue.net> References: <200311021403.hA2E3OE48213@NOSPAM.spam.NOSPAM.spam.NOSPAM.dyndns.dk> <3FA54B9A.7020007@astralblue.net> User-Agent: xcite1.38> Wanderlust/2.11.3 (Wonderwall) SEMI/1.14.5 (Awara-Onsen) FLIM/1.14.5 (Demachiyanagi) APEL/10.6 Emacs/21.3 (i386--freebsd) MULE/5.0 (=?ISO-2022-JP?B?GyRCOC1MWhsoQg==?=) X-Operating-System: FreeBSD 5.1-CURRENT MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen") Content-Type: text/plain; charset=US-ASCII X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60 X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on cheer.mahoroba.org cc: Barry Bouwsma cc: FreeBSD Networking Nerds Subject: Re: IPv6 autoconf addresses with changing RAs... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2003 19:36:49 -0000 Hi, >>>>> On Sun, 02 Nov 2003 10:23:22 -0800 >>>>> "Eugene M. Kim" said: ab> I guess the proper way would be rtadvd's prefix lifetime configuration ab> (maxinterval, pltime and vltime). I set it to maxinterval#20, ab> pltime#90, vltime#130. You *must* also delete old prefixes from the ab> internal interface(s), or rtadvd will continue advertising them because ab> it will think those old prefixes are still valid. Yes, it right. I'm using similar setting in my home network. ab> One caveat is, though, you can't let rtadvd pick all the prefixes from ab> internal interfaces (i.e. those that don't have rltime#0 specified), ab> because that way rtadvd uses default parameters (maxinterval#30, ab> pltime#86400, vltime#259200) for the prefixes it picked up; this is too ab> long. Specifying pltime/vltime without an addr directive seems to have ab> no effect (contrary to what the example in rtadvd.conf(5) suggests). ab> You have to automatically regenerate rtadvd.conf from the ab> linkup/linkdown scripts to specify/remove the 6to4 prefixes calculated ab> then SIGHUP the rtadvd. I wonder if the latest KAME version of rtadvd ab> has any solution to this problem. It may better that rtadvd(8) have global default setting of the values. Unfortunately, rtadvd(8) shipped with FreeBSD 4.9-RELEASE and 5-CURRENT are very similar to KAME's. :) It seems that KAME folks separates static configuration from dynamic configuration. ab> /me looks in the general direction of Umemoto-san ^^ ^^; Sincerely, -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@bisd.hitachi.co.jp ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/ From owner-freebsd-net@FreeBSD.ORG Sun Nov 2 11:47:00 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D1BDF16A4CE for ; Sun, 2 Nov 2003 11:47:00 -0800 (PST) Received: from manganese.bos.dyndns.org (manganese.bos.dyndns.org [63.208.196.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id D3D0C43FBF for ; Sun, 2 Nov 2003 11:46:59 -0800 (PST) (envelope-from twilde@dyndns.org) Received: from manganese.bos.dyndns.org (twilde@localhost [127.0.0.1]) hA2Jkwfx074225 for ; Sun, 2 Nov 2003 14:46:58 -0500 (EST) (envelope-from twilde@dyndns.org) Received: from localhost (twilde@localhost)hA2JkwR1074222 for ; Sun, 2 Nov 2003 14:46:58 -0500 (EST) X-Authentication-Warning: manganese.bos.dyndns.org: twilde owned process doing -bs Date: Sun, 2 Nov 2003 14:46:58 -0500 (EST) From: Tim Wilde X-X-Sender: twilde@manganese.bos.dyndns.org To: freebsd-net@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Status: -5.8 () BAYES_01,USER_AGENT_PINE,X_AUTH_WARNING X-Scanned-By: MIMEDefang 2.36 Subject: Disable Bridge Loop Detection? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2003 19:47:00 -0000 I'm looking for a way to disable the loop detection in the bridging code in FreeBSD 4.x - I'd prefer a sysctl, but I haven't been able to find one. Any suggestions for how to do so would be appreciated. In case anyone's wondering why I'm looking for such a thing, my problem is with the following topology: +----------+ +----------+ | router 1 | | router 2 | +----------+ +----------+ | | 63.208.196.1/25 63.208.196.2/25 | | +---------------+ +---------------+ | FBSD bridge 1 | | FBSD bridge 2 | +---------------+ +---------------+ | | +----------+ +----------+ | switch 1 |-------| switch 2 | +----------+ +----------+ | | various servers, 63.208.196.0/25 The two routers run VRRP for redundancy, with a shared MAC address. Occasionally, router2 is failing to receive packets from router1 (for reasons we're looking into), and decides it should become the master, taking over the 63.208.196.1 IP with the shared MAC. Now my two bridges both see that same MAC address on both of their interfaces, and the loop detection kicks in. This cuts out the various links (and they fight back and forth cutting off - it's not pretty) with the end result of router2 NEVER being able to get the next VRRP packet from router1 (by necessity they have to communicate for failover across the bridges + switches; otherwise they wouldn't be able to detect failures internal to that network). We have to manually down the interface on router2, let things calm down on the FreeBSD boxen, and then bring it back up (it starts in backup mode, and waits at least 30 seconds, plenty of time to hear from router1, before it will take control again). Thanks, Tim -- Tim Wilde twilde@dyndns.org Systems Administrator Dynamic DNS Network Services http://www.dyndns.org/ From owner-freebsd-net@FreeBSD.ORG Mon Nov 3 00:02:47 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B4B6116A4CF; Mon, 3 Nov 2003 00:02:47 -0800 (PST) Received: from gddsn.org.cn (mail.gddsn.org.cn [210.21.6.33]) by mx1.FreeBSD.org (Postfix) with ESMTP id C698F43FD7; Mon, 3 Nov 2003 00:02:46 -0800 (PST) (envelope-from wsk@mail.gddsn.org.cn) Received: from mail.gddsn.org.cn (unknown [192.168.168.17]) by gddsn.org.cn (Postfix) with ESMTP id 1F63338CB99; Mon, 3 Nov 2003 16:02:45 +0800 (CST) Message-ID: <3FA60BA4.5010406@mail.gddsn.org.cn> Date: Mon, 03 Nov 2003 16:02:44 +0800 From: Suken User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; zh-CN; rv:1.3) Gecko/20030424 X-Accept-Language: zh-cn,zh MIME-Version: 1.0 To: stable@freebsd.org, net@freebsd.org, zec@tel.fer.hr Content-Type: text/plain; charset=gb2312 Content-Transfer-Encoding: 7bit Subject: Re:Network stack cloning / virtualization patches for 4.9-RELEASE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2003 08:02:47 -0000 hi,Marko after apply your patch under my FBSD4.9R I make depend failed while rebuilding my kernel.... follow is my error mesgs: ... rm -f .newdep make -V CFILES -V SYSTEM_CFILES -V GEN_CFILES | xargs mkdep -a -f .newdep -O -pipe -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -fformat-extensions -ansi -nostdinc -I- -I. -I../.. -I../../../include -I../../contrib/dev/acpica -I../../contrib/ipfilter -D_KERNEL -include opt_global.h -mpreferred-stack-boundary=2 ../../netinet/tcp_syncache.c:335: macro `SYNCACHE_HASH6' used with only 2 args ../../netinet/tcp_syncache.c:432: macro `SYNCACHE_HASH6' used with only 2 args mkdep: compile failed *** Error code 1 what can i do??? :-( thanx any info :-) From owner-freebsd-net@FreeBSD.ORG Mon Nov 3 02:42:19 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8C13916A4CE for ; Mon, 3 Nov 2003 02:42:19 -0800 (PST) Received: from famine.e-raist.com (69-30-69-105.dq1mn.easystreet.com [69.30.69.105]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5DA0D43FE0 for ; Mon, 3 Nov 2003 02:42:18 -0800 (PST) (envelope-from aburke@nullplusone.com) Received: from thebe (12-224-164-145.client.attbi.com [12.224.164.145]) (authenticated bits=0) by famine.e-raist.com (8.12.8/8.12.8) with ESMTP id hA3AgEfL029671; Mon, 3 Nov 2003 02:42:16 -0800 (PST) From: "Aaron Burke" To: "Joost Bekkers" , Date: Mon, 3 Nov 2003 02:41:50 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <20031102142405.GA60111@bps.jodocus.org> Importance: Normal Subject: RE: how to run mpd for pptp on Cable and DSL links at the same time? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2003 10:42:19 -0000 > -----Original Message----- > From: Joost Bekkers [mailto:joost@jodocus.org] > Sent: Sunday, November 02, 2003 6:24 AM > To: Aaron Burke > Cc: freebsd-net@freebsd.org > Subject: Re: how to run mpd for pptp on Cable and DSL links at the same > time? > > > On Sun, Nov 02, 2003 at 04:21:54AM -0800, Aaron Burke wrote: > > > > Is there a way to get mpd to listen on both interfaces at the same time? > > > > This box is running FreeBSD 4.7-RELEASE, running mpd-3.9 . > > Cable Modem: dc0, 12.224.x.y/24 > > DSL: ed0, 199.26.a.b/29 > > LAN: xl0, 192.168.0.250/24 > > > > Try telling it to listen on the any address (0.0.0.0) instead of > the ip of a > specific interface. That seems to have worked. Allthough I have only tested this from one machine. However, it appears to work from any address from this client. > -- > greetz Joost > joost@jodocus.org Thanks Joost Aaron Burke aburke@nullplusone.com From owner-freebsd-net@FreeBSD.ORG Mon Nov 3 09:05:33 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2BCC416A4CE; Mon, 3 Nov 2003 09:05:33 -0800 (PST) Received: from omoikane.mb.skyweb.ca (209-5-243-50.mb.skyweb.ca [209.5.243.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 388FA43F93; Mon, 3 Nov 2003 09:05:32 -0800 (PST) (envelope-from mark@skyweb.ca) Received: by omoikane.mb.skyweb.ca (Postfix, from userid 1001) id 629B762761; Mon, 3 Nov 2003 11:05:32 -0600 (CST) Date: Mon, 3 Nov 2003 11:05:32 -0600 From: Mark Johnston To: cjclark@alum.mit.edu Message-ID: <20031103170532.GA669@omoikane.mb.skyweb.ca> Mail-Followup-To: cjclark@alum.mit.edu, security@freebsd.org, net@freebsd.org References: <20031030210509.GA667@omoikane.mb.skyweb.ca> <20031030224342.GA32640@blossom.cjclark.org> <20031031154525.GA985@omoikane.mb.skyweb.ca> <20031031191355.GA67124@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031031191355.GA67124@blossom.cjclark.org> User-Agent: Mutt/1.4.1i cc: net@freebsd.org cc: security@freebsd.org Subject: Re: [solved] Using racoon-negotiated IPSec with ipfw and natd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2003 17:05:33 -0000 "Crist J. Clark" wrote: > For packets entering the system from the network, the processing > order is, > > (network) ---> ipfw ---> IPsec ---> (remainder of IP stack) > > And outgoing, > > (system) ---> IPsec ---> ipfw ---> (network) > > (It's actually a bit more hairy that that, incoming IPsec processed > packets actually get reinjected into the stack below ipfw processing, > but skip ipfw on the second pass, unless IPSEC_FILTERGIF is set.) > Notice I didn't explicitly say where natd(8) happens because ipfw(8) > passes packets to natd(8) and that is completely under your control. > > The problem is that the addresses on the packets has been rewritten > before they are being set out the external interface where IPsec > processing would happen. Perfect! Thank you! That's exactly the explanation I needed. > Ouch. Mixing bridging, NAT, and IPsec. (I should talk, my bastion host > at home has one interface with my coax cable connection, another to my > NATed LAN, another to my NATed WLAN which also is all tunneled through > IPsec or PPTP since WEP is broken, and finally some PPP dial-up > interfaces to call into the office. No bridging there, though! Only > bridge on test boxes on the internal LAN.) > > I don't understand is what breaks if you just do, > > 500 divert natd ip from 192.168.15.0/24 to any out via fxp0 > 600 divert natd ip from any to me in via fxp0 > > And lose 700. Is there a reason to NAT stuff between the internal > network and DMZ? There is - I'm not the DMZ's gateway, and NAT means not having to add static routes to all the DMZ boxes. The legacy box that this is replacing (a 3Com SuperStack 3000-series firewall appliance) actually allowed packets to DMZ hosts by responding to ARPs for their IPs on the WAN port, then invisibly proxying packets to them, and doing the same trick for DMZ-WAN traffic. I avoided that fate by bridging, but reconfiguring the remote box that actually is the DMZ gateway wasn't an option. For the archives: Dynamic (roaming) IPsec was not working with racoon on a firewall also running natd. The problem was that natd was rewriting the packets as they came in, because of an ipfw rule matching on the internal interface, and by the time the packets made it to the IPsec layer, they no longer matched the SP. It was fixed by changing the ipfw rule to match only outgoing packets, which will already have been processed by IPsec by the time they get to ipfw on the trip out. Specifically, I've made one tiny change to my ruleset. I replaced this rule: 00500 divert 8669 ip from 192.168.15.0/24 to not me recv txp0 with this: 00500 divert 8669 ip from 192.168.15.0/24 to not me out recv txp0 Adding "out" prevents ipfw from diverting the packet to natd on its way in. On the way out, the packet has been through IPsec and will no longer match the "from 192.168.15.0/24" criterion, saving it from diversion again. If you don't also use a DMZ with bridging, you can do it a lot more easily, as Crist describes above. Thanks a lot for your help, Mark From owner-freebsd-net@FreeBSD.ORG Mon Nov 3 11:01:44 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9FFCB16A4CE for ; Mon, 3 Nov 2003 11:01:44 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8580343FBD for ; Mon, 3 Nov 2003 11:01:28 -0800 (PST) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id hA3J1SFY003755 for ; Mon, 3 Nov 2003 11:01:28 -0800 (PST) (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id hA3J1RI0003749 for freebsd-net@freebsd.org; Mon, 3 Nov 2003 11:01:27 -0800 (PST) (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 3 Nov 2003 11:01:27 -0800 (PST) Message-Id: <200311031901.hA3J1RI0003749@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2003 19:01:44 -0000 Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2002/05/04] kern/37761 net process exits but socket is still ESTABLI 1 problem total. From owner-freebsd-net@FreeBSD.ORG Tue Nov 4 11:43:19 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA37216A4CF for ; Tue, 4 Nov 2003 11:43:19 -0800 (PST) Received: from pandora.cs.kun.nl (pandora.cs.kun.nl [131.174.33.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 19F3843FBF for ; Tue, 4 Nov 2003 11:43:18 -0800 (PST) (envelope-from adridg@cs.kun.nl) Received: from localhost by pandora.cs.kun.nl id hA4Jh0qs022913 (8.12.10/3.58); Tue, 4 Nov 2003 20:43:15 +0100 (MET) From: Adriaan de Groot To: freebsd-net@freebsd.org Date: Tue, 4 Nov 2003 20:43:12 +0100 User-Agent: KMail/1.5.4 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200311042043.12871.adridg@cs.kun.nl> Subject: if_ed(4) & kvtop() X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2003 19:43:19 -0000 [please bear with my relative n00bness; i'm trying to cut my teeth on some driver hackery] The ne2k driver ed(4) is disabled in amd64's kernel because it doesn't even compile. I gather that its use of kvtop() is deprecated as well (from the busdma project page). The pointer size problems with this driver I can deal with - there are some local variables declared int which need to be c(?)addr_t instead. But I have no idea what to do with kvtop(). Some googling yields hits about it being taken out, and about people being confused and the handbook section on the PCI bus containing an outdated section. But nothing about what the function does (well, I can guess virtual-to-physical address translation for kernelspace) or what is supposed to replace it. Barring a cvs log on some driver that's already made the transition to not using kvtop(), is there any documentation available on the issue? Or a hint, at least? From owner-freebsd-net@FreeBSD.ORG Tue Nov 4 23:10:53 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BC61016A4CE for ; Tue, 4 Nov 2003 23:10:53 -0800 (PST) Received: from shuttle.wide.toshiba.co.jp (shuttle.wide.toshiba.co.jp [202.249.10.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id B1D6643FF7 for ; Tue, 4 Nov 2003 23:10:52 -0800 (PST) (envelope-from jinmei@isl.rdc.toshiba.co.jp) Received: from ocean.jinmei.org (unknown [3ffe:501:100f:13ff::6]) by shuttle.wide.toshiba.co.jp (Postfix) with ESMTP id 3D5A91521E; Wed, 5 Nov 2003 16:10:48 +0900 (JST) Date: Wed, 05 Nov 2003 16:10:45 +0900 Message-ID: From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= To: Barry Bouwsma In-Reply-To: <200311021403.hA2E3OE48213@NOSPAM.spam.NOSPAM.spam.NOSPAM.dyndns.dk> References: <200311021403.hA2E3OE48213@NOSPAM.spam.NOSPAM.spam.NOSPAM.dyndns.dk> User-Agent: Wanderlust/2.10.1 (Watching The Wheels) Emacs/21.3 Mule/5.0 (SAKAKI) Organization: Research & Development Center, Toshiba Corp., Kawasaki, Japan. MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen") Content-Type: text/plain; charset=US-ASCII cc: FreeBSD Networking Nerds Subject: Re: IPv6 autoconf addresses with changing RAs... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2003 07:10:53 -0000 X-List-Received-Date: Wed, 05 Nov 2003 07:10:53 -0000 >>>>> On Sun, 2 Nov 2003 15:03:24 +0100 (CET), >>>>> Barry Bouwsma said: > I have one IPv6 machine behind a second, which second machine for > historical reasons has an IPv6 prefix/address that occasionally changes. > After this happens, the first host-only machine receives an additional > autoconf IPv6 address, but it still retains the old (now obsolete) IPv6 > autoconf address it had learned from this same router. The machines are > running kernels RELENG_4 from late-September-ish. Userland varies horribly. > What I want to happen, is that when the new IPv6 address is autoconf'ed, > the old one should disappear from the interface. (I've been too impatient > to watch if it disappears after time, during which time I cannot reach > the router's new address or the default route, as the old prefix which > it had is no longer present thanks to my hacked scripts. If I manually > delete the original IPv6 address, it seems that things work.) Does the following behavior of rtadvd(8) help you? Similarly, when an interface direct route is deleted, rtadvd will start advertising the prefixes with zero valid and preferred lifetimes to help the receiving hosts switch to a new prefix when renumbering. Note, how- ever, that the zero valid lifetime cannot invalidate the autoconfigured addresses at a receiving host immediately. According to the specifica- tion, the host will retain the address for a certain period, which will typically be two hours. The zero lifetimes rather intend to make the address deprecated, indicating that a new non-deprecated address should be used as the source address of a new connection. This behavior will last for two hours. Then rtadvd will completely remove the prefix from the advertising list, and succeeding advertisements will not contain the prefix information. At least rtadvd contained in FreeBSD 4.8R seem to support this behavior. JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp From owner-freebsd-net@FreeBSD.ORG Tue Nov 4 23:11:04 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 59F7B16A4DF; Tue, 4 Nov 2003 23:11:04 -0800 (PST) Received: from shuttle.wide.toshiba.co.jp (shuttle.wide.toshiba.co.jp [202.249.10.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id 663E043FCB; Tue, 4 Nov 2003 23:11:03 -0800 (PST) (envelope-from jinmei@isl.rdc.toshiba.co.jp) Received: from ocean.jinmei.org (unknown [3ffe:501:100f:13ff::6]) by shuttle.wide.toshiba.co.jp (Postfix) with ESMTP id B9B1C15225; Wed, 5 Nov 2003 16:10:58 +0900 (JST) Date: Wed, 05 Nov 2003 16:10:55 +0900 Message-ID: From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= To: "Eugene M. Kim" In-Reply-To: <3FA54B9A.7020007@astralblue.net> References: <200311021403.hA2E3OE48213@NOSPAM.spam.NOSPAM.spam.NOSPAM.dyndns.dk> <3FA54B9A.7020007@astralblue.net> User-Agent: Wanderlust/2.10.1 (Watching The Wheels) Emacs/21.3 Mule/5.0 (SAKAKI) Organization: Research & Development Center, Toshiba Corp., Kawasaki, Japan. MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen") Content-Type: text/plain; charset=US-ASCII cc: Barry Bouwsma cc: FreeBSD Networking Nerds cc: ume@freebsd.org Subject: Re: IPv6 autoconf addresses with changing RAs... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2003 07:11:04 -0000 >>>>> On Sun, 02 Nov 2003 10:23:22 -0800, >>>>> "Eugene M. Kim" said: > One caveat is, though, you can't let rtadvd pick all the prefixes from > internal interfaces (i.e. those that don't have rltime#0 specified), > because that way rtadvd uses default parameters (maxinterval#30, > pltime#86400, vltime#259200) for the prefixes it picked up; this is too > long. Specifying pltime/vltime without an addr directive seems to have > no effect (contrary to what the example in rtadvd.conf(5) suggests). Please let me check, which example are you talking about? It is intentional that specifying pltime/vltime without an addr is NOT effective. JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp From owner-freebsd-net@FreeBSD.ORG Tue Nov 4 23:39:55 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7885916A4CE; Tue, 4 Nov 2003 23:39:55 -0800 (PST) Received: from purple.the-7.net (purple.the-7.net [207.158.28.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7FE5E43F75; Tue, 4 Nov 2003 23:39:54 -0800 (PST) (envelope-from ab@astralblue.net) Received: from astralblue.net (adsl-68-122-6-162.dsl.pltn13.pacbell.net [68.122.6.162]) by purple.the-7.net (8.12.9p2/8.12.9) with ESMTP id hA57dDAa003167; Tue, 4 Nov 2003 23:39:44 -0800 (PST) (envelope-from ab@astralblue.net) Message-ID: <3FA8A922.2050905@astralblue.net> Date: Tue, 04 Nov 2003 23:39:14 -0800 From: "Eugene M. Kim" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6a) Gecko/20031103 X-Accept-Language: en-us, en, ko MIME-Version: 1.0 To: jinmei@isl.rdc.toshiba.co.jp References: <200311021403.hA2E3OE48213@NOSPAM.spam.NOSPAM.spam.NOSPAM.dyndns.dk> <3FA54B9A.7020007@astralblue.net> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, hits=-4.4 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.60 X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on purple.the-7.net cc: Barry Bouwsma cc: FreeBSD Networking Nerds cc: ume@freebsd.org Subject: Re: IPv6 autoconf addresses with changing RAs... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2003 07:39:55 -0000 JINMEI Tatuya / 神明達哉 wrote: >>>>>>On Sun, 02 Nov 2003 10:23:22 -0800, >>>>>>"Eugene M. Kim" said: >>>>>> >>>>>> > > > >>One caveat is, though, you can't let rtadvd pick all the prefixes from >>internal interfaces (i.e. those that don't have rltime#0 specified), >>because that way rtadvd uses default parameters (maxinterval#30, >>pltime#86400, vltime#259200) for the prefixes it picked up; this is too >>long. Specifying pltime/vltime without an addr directive seems to have >>no effect (contrary to what the example in rtadvd.conf(5) suggests). >> >> > >Please let me check, which example are you talking about? It is >intentional that specifying pltime/vltime without an addr is NOT >effective. > > JINMEI, Tatuya > Communication Platform Lab. > Corporate R&D Center, Toshiba Corp. > jinmei@isl.rdc.toshiba.co.jp > > It's the last paragraph of the EXAMPLES section that says: The following example presents the default values in an explicit manner. The configuration is provided just for reference purposes; YOU DO NOT NEED TO HAVE IT AT ALL. default:\ :chlim#64:raflags#0:rltime#1800:rtime#0:retrans#0:\ :pinfoflags="la":vltime#2592000:pltime#604800:mtu#0: ef0:\ :addr="3ffe:501:ffff:1000::":prefixlen#64:tc=default From this, it seems *as if* specifying a different pltime and vltime would have some effect. I guess it should be made clear that changing those variables without corresponding addr directives won't do anything. Cheers, Eugene From owner-freebsd-net@FreeBSD.ORG Wed Nov 5 08:00:02 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA4CE16A4CE for ; Wed, 5 Nov 2003 08:00:02 -0800 (PST) Received: from genius.tao.org.uk (genius.tao.org.uk [212.135.162.51]) by mx1.FreeBSD.org (Postfix) with ESMTP id 18E4843FDD for ; Wed, 5 Nov 2003 08:00:02 -0800 (PST) (envelope-from joe@genius.tao.org.uk) Received: by genius.tao.org.uk (Postfix, from userid 100) id 789A5437A; Wed, 5 Nov 2003 15:59:37 +0000 (GMT) Date: Wed, 5 Nov 2003 15:59:37 +0000 From: Josef Karthauser To: net@FreeBSD.org Message-ID: <20031105155937.GA14786@genius.tao.org.uk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="7AUc2qLy4jB3hD7Z" Content-Disposition: inline User-Agent: Mutt/1.5.4i Subject: Support for RealTek RTL 8101L chipset? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2003 16:00:02 -0000 --7AUc2qLy4jB3hD7Z Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Does anyone know whether we support the Realtek RTL 8101L chipset? (-stable and/or -current). Joe --=20 Josef Karthauser (joe@tao.org.uk) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D An eclectic mix of fact an= d theory. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --7AUc2qLy4jB3hD7Z Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iEYEARECAAYFAj+pHmgACgkQXVIcjOaxUBZO+ACdHybRPXk9utDF7xo63Hiws/JY OuQAoKGutLR3lPN/nJej8UWh1/belzoZ =qcqk -----END PGP SIGNATURE----- --7AUc2qLy4jB3hD7Z-- From owner-freebsd-net@FreeBSD.ORG Wed Nov 5 08:01:40 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B8F716A4E4 for ; Wed, 5 Nov 2003 08:01:40 -0800 (PST) Received: from math.teaser.net (math.teaser.net [213.91.2.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2D7F943FA3 for ; Wed, 5 Nov 2003 08:01:39 -0800 (PST) (envelope-from e-masson@kisoft-services.com) Received: from t39bsdems.interne.kisoft-services.com (unknown [195.6.126.253]) by math.teaser.net (Postfix) with ESMTP id 6E9526C843 for ; Wed, 5 Nov 2003 17:01:37 +0100 (CET) Received: by t39bsdems.interne.kisoft-services.com (Postfix, from userid 1001) id 883C95BE4B; Wed, 5 Nov 2003 17:01:22 +0100 (CET) To: Mailing List FreeBSD Network From: Eric Masson X-Operating-System: FreeBSD 4.9-PRERELEASE i386 Date: Wed, 05 Nov 2003 17:01:22 +0100 Message-ID: <86islyyfcd.fsf@t39bsdems.interne.kisoft-services.com> User-Agent: Gnus/5.1003 (Gnus v5.10.3) XEmacs/21.4 (Portable Code, berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Telecom Italia, ADSL SMART & FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2003 16:01:40 -0000 Hello, I have to connect a FreeBSD box to adsl in Italia. Telecom Italia ships an ADSL SMART solution (fixed ip adress) which is "Classical IP (RFC1483/1577)" compliant. I've googled to find such a setup but no way atm (I don't speak nor read italian :/) Has anyone such a setup working ? Regards Eric Masson -- RECHERCHE DES INGENIEURS DANS Linformatique IMPORTANT !! Envoyez moi vos cV -+- in Guide du Neuneu sur Usenet : Linformatique pour les nuls -+- From owner-freebsd-net@FreeBSD.ORG Wed Nov 5 08:05:56 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1624116A4CF for ; Wed, 5 Nov 2003 08:05:56 -0800 (PST) Received: from math.teaser.net (math.teaser.net [213.91.2.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id EBE6D43FEC for ; Wed, 5 Nov 2003 08:05:52 -0800 (PST) (envelope-from e-masson@kisoft-services.com) Received: from t39bsdems.interne.kisoft-services.com (unknown [195.6.126.253]) by math.teaser.net (Postfix) with ESMTP id 03D0C6C803 for ; Wed, 5 Nov 2003 17:05:51 +0100 (CET) Received: by t39bsdems.interne.kisoft-services.com (Postfix, from userid 1001) id 5308F5BE96; Wed, 5 Nov 2003 17:05:35 +0100 (CET) To: Mailing List FreeBSD Network From: Eric Masson In-Reply-To: <86islyyfcd.fsf@t39bsdems.interne.kisoft-services.com> (Eric Masson's message of "Wed, 05 Nov 2003 17:01:22 +0100") References: <86islyyfcd.fsf@t39bsdems.interne.kisoft-services.com> X-Operating-System: FreeBSD 4.9-PRERELEASE i386 Date: Wed, 05 Nov 2003 17:05:35 +0100 Message-ID: <86ekwmyf5c.fsf@t39bsdems.interne.kisoft-services.com> User-Agent: Gnus/5.1003 (Gnus v5.10.3) XEmacs/21.4 (Portable Code, berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: Re: Telecom Italia, ADSL SMART & FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2003 16:05:56 -0000 >>>>> "Emss" == Eric Masson writes: [Follow-up to myself] Emss> Telecom Italia ships an ADSL SMART solution (fixed ip adress) Emss> which is "Classical IP (RFC1483/1577)" compliant. Dsl modem is DLink DSL300G+ Eric Masson -- AC: Et je promet qu'elles seront disponibles avant la bouffe de samedi. Ol: Tt tt... Tout dveloppeur faisant des promesses sur des dates de disponibilit tend le bazooka clous pour se faire battre. -+- Ol. in Guide du Macounet Pervers : fcsm : fouet.cuir.sado.maso ? -+- From owner-freebsd-net@FreeBSD.ORG Wed Nov 5 08:10:40 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2006D16A4CE for ; Wed, 5 Nov 2003 08:10:40 -0800 (PST) Received: from itaqui.terra.com.br (itaqui.terra.com.br [200.176.3.19]) by mx1.FreeBSD.org (Postfix) with ESMTP id 616D643FAF for ; Wed, 5 Nov 2003 08:10:36 -0800 (PST) (envelope-from eick.jac@terra.com.br) Received: from altamira.terra.com.br (altamira.terra.com.br [200.176.3.40]) by itaqui.terra.com.br (Postfix) with ESMTP id 249808105C6 for ; Wed, 5 Nov 2003 14:10:35 -0200 (BRST) Received: from eicke (unknown [200.162.114.126]) (authenticated user eick.jac) by altamira.terra.com.br (Postfix) with ESMTP id E0D953DC179 for ; Wed, 5 Nov 2003 14:10:34 -0200 (BRST) Message-ID: <001b01c3a3b7$03cac970$0905a8c0@alellyxbr.com.br> From: "Eicke" To: "FreeBSD_Net" Date: Wed, 5 Nov 2003 14:08:12 -0200 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Help with squid X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2003 16:10:40 -0000 Hi folks I configured a FreeBSD Squid24 Server and I receive the = following error in my access.log TCP_DENIED/403 I configure only one machine(192.168.5.9) to access the proxy server = (ipfw fwd). I guess there is something wrong in my squid.conf, in acl = definitions...below folowing a piece of my squid.conf: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow 192.168.5.9=20 http_access deny all icp_access allow all Could you help me? Regards. Eicke. From owner-freebsd-net@FreeBSD.ORG Wed Nov 5 08:25:42 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9F72816A4CE for ; Wed, 5 Nov 2003 08:25:42 -0800 (PST) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id DC86143FDF for ; Wed, 5 Nov 2003 08:25:41 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.9p1/8.12.3) with ESMTP id hA5GPfFw000712; Wed, 5 Nov 2003 08:25:41 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.9p1/8.12.3/Submit) id hA5GPfdR000711; Wed, 5 Nov 2003 08:25:41 -0800 (PST) (envelope-from rizzo) Date: Wed, 5 Nov 2003 08:25:41 -0800 From: Luigi Rizzo To: Eric Masson Message-ID: <20031105082541.A633@xorpc.icir.org> References: <86islyyfcd.fsf@t39bsdems.interne.kisoft-services.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <86islyyfcd.fsf@t39bsdems.interne.kisoft-services.com>; from e-masson@kisoft-services.com on Wed, Nov 05, 2003 at 05:01:22PM +0100 cc: Mailing List FreeBSD Network Subject: Re: Telecom Italia, ADSL SMART & FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2003 16:25:42 -0000 X-List-Received-Date: Wed, 05 Nov 2003 16:25:42 -0000 i have been using telecom italia for the past 2.5 years. i and most other people use external adsl-ethernet boxes (typically alcatel and friends) with netgraph/pppoe on the freebsd side. On Wed, Nov 05, 2003 at 05:01:22PM +0100, Eric Masson wrote: > Hello, > > I have to connect a FreeBSD box to adsl in Italia. > > Telecom Italia ships an ADSL SMART solution (fixed ip adress) > which is "Classical IP (RFC1483/1577)" compliant. > > I've googled to find such a setup but no way atm (I don't speak nor read > italian :/) it wouldn't help anyways, the web site or the tech support have absolutely no clue on the technical details, all they can say is ask which version of windows you have and please reboot your pc. cheers luigi > > Regards > > Eric Masson > > -- > RECHERCHE DES INGENIEURS DANS Linformatique IMPORTANT !! > Envoyez moi vos cV > -+- in Guide du Neuneu sur Usenet : Linformatique pour les nuls -+- > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Wed Nov 5 08:27:38 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8913116A4CF for ; Wed, 5 Nov 2003 08:27:38 -0800 (PST) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 01E4F43FE1 for ; Wed, 5 Nov 2003 08:27:37 -0800 (PST) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.9p2/8.12.9) with ESMTP id hA5GRap4050099; Wed, 5 Nov 2003 11:27:36 -0500 (EST) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.9p2/8.12.9/Submit) id hA5GRa5w050098; Wed, 5 Nov 2003 11:27:36 -0500 (EST) (envelope-from barney) Date: Wed, 5 Nov 2003 11:27:36 -0500 From: Barney Wolff To: Eric Masson Message-ID: <20031105162736.GA49945@pit.databus.com> References: <86islyyfcd.fsf@t39bsdems.interne.kisoft-services.com> <86ekwmyf5c.fsf@t39bsdems.interne.kisoft-services.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <86ekwmyf5c.fsf@t39bsdems.interne.kisoft-services.com> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.37 cc: Mailing List FreeBSD Network Subject: Re: Telecom Italia, ADSL SMART & FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2003 16:27:38 -0000 On Wed, Nov 05, 2003 at 05:05:35PM +0100, Eric Masson wrote: > > Emss> Telecom Italia ships an ADSL SMART solution (fixed ip adress) > Emss> which is "Classical IP (RFC1483/1577)" compliant. > > Dsl modem is DLink DSL300G+ D-Link's website seems to have nothing on the above, but does list DSL-302G. That should be usable from any OS via the Ethernet interface, as they say. External DSL modems in general hide the RFC1483-ness of the DSL link, and look like a bridge leading to the ISP's network. Just set your IP addr and add a default route to the ISP's router's address (usually .1 on whatever net you're assigned to). -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Wed Nov 5 08:44:56 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D4DA116A4D2 for ; Wed, 5 Nov 2003 08:44:56 -0800 (PST) Received: from heelflip.ncsa.uiuc.edu (heelflip.ncsa.uiuc.edu [141.142.101.63]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4371043F3F for ; Wed, 5 Nov 2003 08:44:56 -0800 (PST) (envelope-from buraglio@ncsa.uiuc.edu) Received: from [127.0.0.1] (localhost [127.0.0.1]) by heelflip.ncsa.uiuc.edu (Postfix) with ESMTP id 358531ABD36 for ; Wed, 5 Nov 2003 10:44:56 -0600 (CST) Mime-Version: 1.0 (Apple Message framework v606) Content-Transfer-Encoding: 7bit Message-Id: <62A71550-0FAF-11D8-9345-000393B61F2E@ncsa.uiuc.edu> Content-Type: text/plain; charset=US-ASCII; format=flowed To: freebsd-net@freebsd.org From: Nick Buraglio Date: Wed, 5 Nov 2003 10:44:55 -0600 X-Mailer: Apple Mail (2.606) Subject: X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2003 16:44:56 -0000 I'm looking for anyone that knows of a bsd project that does something similar to to the Linux Layer 7 filter project. Details found here: http://l7-filter.sourceforge.net/ I'm more or less hoping that someone has a *BSD project that can classify packets based on application data in the connections they belong to. Is there anything in the works that anyone knows of? nb From owner-freebsd-net@FreeBSD.ORG Wed Nov 5 09:24:06 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2AB1316A4CF for ; Wed, 5 Nov 2003 09:24:06 -0800 (PST) Received: from musique.teaser.net (musique.teaser.net [213.91.2.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 506CA440AB for ; Wed, 5 Nov 2003 09:23:28 -0800 (PST) (envelope-from e-masson@kisoft-services.com) Received: from t39bsdems.interne.kisoft-services.com (unknown [195.6.126.253]) by musique.teaser.net (Postfix) with ESMTP id B3F507256A; Wed, 5 Nov 2003 18:23:25 +0100 (CET) Received: by t39bsdems.interne.kisoft-services.com (Postfix, from userid 1001) id D4D9A5BECF; Wed, 5 Nov 2003 18:22:46 +0100 (CET) To: Luigi Rizzo From: Eric Masson In-Reply-To: <20031105082541.A633@xorpc.icir.org> (Luigi Rizzo's message of "Wed, 5 Nov 2003 08:25:41 -0800") References: <86islyyfcd.fsf@t39bsdems.interne.kisoft-services.com> <20031105082541.A633@xorpc.icir.org> X-Operating-System: FreeBSD 4.9-PRERELEASE i386 Date: Wed, 05 Nov 2003 18:22:46 +0100 Message-ID: <86wuaehgrd.fsf@t39bsdems.interne.kisoft-services.com> User-Agent: Gnus/5.1003 (Gnus v5.10.3) XEmacs/21.4 (Portable Code, berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: Mailing List FreeBSD Network Subject: Re: Telecom Italia, ADSL SMART & FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2003 17:24:06 -0000 X-List-Received-Date: Wed, 05 Nov 2003 17:24:06 -0000 >>>>> "Luigi" == Luigi Rizzo writes: Hello, Luigi> i have been using telecom italia for the past 2.5 years. i and Luigi> most other people use external adsl-ethernet boxes (typically Luigi> alcatel and friends) with netgraph/pppoe on the freebsd side. I use this setup in France too. When the DLink is configured in pppoe, mpd complains that it can't take the link up (sorry, I'm not in front of the box, only 1000 kms from it and can't have access to the logs) Thanks Eric Masson -- c'est qui tous ces gens bizarres ? c'est un cross post involontaire ou une invasion extraterrestre ? Y a pas qqun qui est cens faire cesse ce genre de c*nneries, genre un moderator ou un truc dans le genre .... -+- PM in: - Bien configurer son moderator -+- From owner-freebsd-net@FreeBSD.ORG Wed Nov 5 09:24:06 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5160516A4CF for ; Wed, 5 Nov 2003 09:24:06 -0800 (PST) Received: from musique.teaser.net (musique.teaser.net [213.91.2.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1AEF6440D0 for ; Wed, 5 Nov 2003 09:23:29 -0800 (PST) (envelope-from e-masson@kisoft-services.com) Received: from t39bsdems.interne.kisoft-services.com (unknown [195.6.126.253]) by musique.teaser.net (Postfix) with ESMTP id B74047256C; Wed, 5 Nov 2003 18:23:25 +0100 (CET) Received: by t39bsdems.interne.kisoft-services.com (Postfix, from userid 1001) id 474DF5B8BB; Wed, 5 Nov 2003 18:17:45 +0100 (CET) To: Barney Wolff From: Eric Masson In-Reply-To: <20031105162736.GA49945@pit.databus.com> (Barney Wolff's message of "Wed, 5 Nov 2003 11:27:36 -0500") References: <86islyyfcd.fsf@t39bsdems.interne.kisoft-services.com> <86ekwmyf5c.fsf@t39bsdems.interne.kisoft-services.com> <20031105162736.GA49945@pit.databus.com> X-Operating-System: FreeBSD 4.9-PRERELEASE i386 Date: Wed, 05 Nov 2003 18:17:44 +0100 Message-ID: <861xsmivk7.fsf@t39bsdems.interne.kisoft-services.com> User-Agent: Gnus/5.1003 (Gnus v5.10.3) XEmacs/21.4 (Portable Code, berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: Mailing List FreeBSD Network Subject: Re: Telecom Italia, ADSL SMART & FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2003 17:24:06 -0000 >>>>> "Barney" == Barney Wolff writes: Barney> D-Link's website seems to have nothing on the above, I've found it only on http://www.DLink.it Barney> That should be usable from any OS via the Ethernet interface, Barney> as they say. External DSL modems in general hide the Barney> RFC1483-ness of the DSL link, and look like a bridge leading to Barney> the ISP's network. Just set your IP addr and add a default Barney> route to the ISP's router's address (usually .1 on whatever net Barney> you're assigned to). Ok, I'll give this setup a shot. Thanks Eric Masson -- ma reponce tu la sur ton e.mail perso pour ne pas poluee ce forum (suivi d'une signature de 10 lignes) -+-Dx in GNU - Allo, voici un fax pour te rappeler de lire ton Email-+- From owner-freebsd-net@FreeBSD.ORG Wed Nov 5 09:50:22 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 250AA16A4CE; Wed, 5 Nov 2003 09:50:22 -0800 (PST) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.183]) by mx1.FreeBSD.org (Postfix) with ESMTP id D335143FE1; Wed, 5 Nov 2003 09:50:20 -0800 (PST) (envelope-from max@love2party.net) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1AHRnQ-0005L1-00; Wed, 05 Nov 2003 18:50:20 +0100 Received: from [217.83.9.158] (helo=max2400) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 1AHRnP-0007nV-00; Wed, 05 Nov 2003 18:50:19 +0100 Date: Wed, 5 Nov 2003 18:50:15 +0100 From: Max Laier X-Mailer: The Bat! (v2.00) UNREG / CD5BF9353B3B7091 Organization: n/a X-Priority: 3 (Normal) Message-ID: <1443355500.20031105185015@love2party.net> To: current@freebsd.org, net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: CARP (Common Address Redundancy Protocol) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Max Laier List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2003 17:50:22 -0000 You might be aware that OpenBSD has introduced a 2-clause BSD-licensed high availability and load balancing protocol called CARP: http://marc.theaimsgroup.com/?l=openbsd-misc&m=106642790513590&w=2 http://www.deadly.org/article.php3?sid=20031018101733 I have a working patchset to bring CARP to FreeBSD-Current and would like to hear you opinon: http://pf4freebsd.love2party.net/carp.html CARP shows itself as virtual interfaces carpX and works a bit like vlan interfaces. For comunication between the servers which share a common address it uses a multicast group. It supports both IPv4 and IPv6 common addresses and should work on ETHERNET, FDDI and TOKENRING nets - later two untested, though. Standing problems: - IPv4: * Server can't access the common address while MASTER for it. OpenBSD has a workaround for this, but we can't add host routes with virtual interfaces as gateway, so we need another fix. - IPv6: * Traffic to the common address on the server is always threated locally, even when in BACKUP state. * in6_ifattach() will error out - this seems to have no ill effects and can easily be fixed by selecting a special if_type for CARP interfaces. - Locking?!? - You tell me! Tests: Very basic tests for IPv4 and IPv6 performed with OpenBSD as a "known good" peer. I have very limited test environment at the moment. Code: http://pf4freebsd.love2party.net/carp.diff Perforce: branch mlaier_carp -- Best regards, Max Laier mailto:max@love2party.net From owner-freebsd-net@FreeBSD.ORG Wed Nov 5 10:37:22 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E2E416A4CE for ; Wed, 5 Nov 2003 10:37:22 -0800 (PST) Received: from rackman.netvulture.com (adsl-63-197-17-60.dsl.snfc21.pacbell.net [63.197.17.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id EBAC743FA3 for ; Wed, 5 Nov 2003 10:37:20 -0800 (PST) (envelope-from vulture@netvulture.com) Received: from netvulture.com (bigv.netvulture.com [192.168.2.130]) hA5IbBFF004042; Wed, 5 Nov 2003 10:37:11 -0800 (PST) Message-ID: <3FA94359.2070003@netvulture.com> Date: Wed, 05 Nov 2003 10:37:13 -0800 From: Jonathan Feally User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Tim Wilde References: In-Reply-To: X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.1 cc: freebsd-net@freebsd.org Subject: Re: Disable Bridge Loop Detection? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2003 18:37:22 -0000 I don't see why do you have 2 FreeBSD Boxes running as bridges. The only reason I could possibly imagine, is that you are using IPFW or IPFilter to do some packet filtering. Now with vrrp, each router would have a unique IP and only one of the routers would have the shared IP at any given time using the shared vrrp mac address. Your problem lies in Layer 2 packets - where vrrp functions. A bridge/switch is a layer 2 device that only passes traffic to the ports that need the traffic and nothing more. The vrrp advertisements will be from the shared MAC to ff:ff:ff:ff:ff:ff. with the IP src being the sending router and the IP dst being a multicast address. Now when the change from router 1 to router 2 takes place, router 1 will go back to it's original mac and router 2 will get the shared mac and start sending advertisements. So now from your picture, Bridge #2 would see that the vrrp mac is coming from the other side, thus causing a loop to be detected. You're best solution is to remove one of the bridges, and add a cheap 10/100 hub and connect like this: ?????????????????????????? Internet Connection | | +-----------+ +-----------+ | router #1 | | router #2 | Internet Connectivity Routers on .2 and .3 with .1 as the shared IP +-----------+ +-----------+ | | +-------------------------+ This will solve your bridge seeing a loop by putting all vrrp traffic on only 1 side. | $10-$15 10/100 Hub | You shouldn't see any major network performance hit from using a hub here. +-------------------------+ .The only way you could possibly see a network performance hit, would be if you had a huge pipe. | NIC A | +------------------+ | FreeBSD Bridge | IPFW or IPFilter At this point - FreeBSD box on .4 +------------------+ | NIC B | +-------------+ +------------+ | Switch #1 |-x-| Switch #2 | Hosts on the network 63.208.196.0/25 - Switches on .5 and .6 - if possible +-------------+ +------------+ | | | | | | | | | | | | | ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Workstations and Servers Machines on .10-.126 or whatever Tim Wilde wrote: >I'm looking for a way to disable the loop detection in the bridging code >in FreeBSD 4.x - I'd prefer a sysctl, but I haven't been able to find one. >Any suggestions for how to do so would be appreciated. > >In case anyone's wondering why I'm looking for such a thing, my problem is >with the following topology: > > +----------+ +----------+ > | router 1 | | router 2 | > +----------+ +----------+ > | | > 63.208.196.1/25 63.208.196.2/25 > | | > +---------------+ +---------------+ > | FBSD bridge 1 | | FBSD bridge 2 | > +---------------+ +---------------+ > | | > +----------+ +----------+ > | switch 1 |-------| switch 2 | > +----------+ +----------+ > | | > various servers, 63.208.196.0/25 > >The two routers run VRRP for redundancy, with a shared MAC address. >Occasionally, router2 is failing to receive packets from router1 (for >reasons we're looking into), and decides it should become the master, >taking over the 63.208.196.1 IP with the shared MAC. Now my two bridges >both see that same MAC address on both of their interfaces, and the loop >detection kicks in. This cuts out the various links (and they fight back >and forth cutting off - it's not pretty) with the end result of router2 >NEVER being able to get the next VRRP packet from router1 (by necessity >they have to communicate for failover across the bridges + switches; >otherwise they wouldn't be able to detect failures internal to that >network). We have to manually down the interface on router2, let things >calm down on the FreeBSD boxen, and then bring it back up (it starts in >backup mode, and waits at least 30 seconds, plenty of time to hear from >router1, before it will take control again). > >Thanks, >Tim > > > From owner-freebsd-net@FreeBSD.ORG Wed Nov 5 13:25:24 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F28E816A4CE for ; Wed, 5 Nov 2003 13:25:23 -0800 (PST) Received: from smtp0.libero.it (smtp0.libero.it [193.70.192.33]) by mx1.FreeBSD.org (Postfix) with ESMTP id 68C0F43FE9 for ; Wed, 5 Nov 2003 13:25:22 -0800 (PST) (envelope-from ml.ventu@flashnet.it) Received: from soth.ventu (151.37.31.224) by smtp0.libero.it (7.0.020-DD01) id 3F6F1CE700EC313E for freebsd-net@freebsd.org; Wed, 5 Nov 2003 22:25:21 +0100 Received: from mailer (xanatar.ventu [10.1.2.6]) by soth.ventu (8.12.6p3/8.12.6) with SMTP id hA5LPJ3w014224 for ; Wed, 5 Nov 2003 22:25:20 +0100 (CET) (envelope-from ml.ventu@flashnet.it) Message-Id: <200311052125.hA5LPJ3w014224@soth.ventu> To: Mailing List FreeBSD Network Priority: Normal X-Mailer: Post Road Mailer for OS/2 (Green Edition Ver 3.0) Date: Wed, 5 Nov 2003 22:25:19 EST From: Andrea Venturoli Subject: Telecom Italia, ADSL SMART & FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andrea Venturoli List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2003 21:25:24 -0000 ** Reply to note from Eric Masson Wed, 05 Nov 2003 17:01:22 +0100 > I have to connect a FreeBSD box to adsl in Italia. Sigh. I feel sorry for you :) (just because up to now I've had six customers with this ISP). Anyway I always managed to get through more or less :). > (I don't speak nor read italian :/) Don't worry, you would only find Telecom pages completely useless, if not confusing. And don't even thing about contacting their tech support. > Telecom Italia ships an ADSL SMART solution (fixed ip adress) > which is "Classical IP (RFC1483/1577)" compliant. > Has anyone such a setup working ? Yes, I've presently two FreeBSD machine working, one using PPPoE with an ethernet modem and two with a IP-level router. In case bridging (as suggested by someone else) doesn't work, try PPPoE (I've always seen this type of connection here). bye av. P.S. Expect some things not to work: it's beyond your control, it's not your setup, but ISP's fault. From owner-freebsd-net@FreeBSD.ORG Wed Nov 5 16:48:52 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1719F16A4CE for ; Wed, 5 Nov 2003 16:48:52 -0800 (PST) Received: from swin.edu.au (c3p0.cc.swin.edu.au [136.186.1.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 44B8043FDD for ; Wed, 5 Nov 2003 16:48:49 -0800 (PST) (envelope-from pvandenbergen@swin.edu.au) Received: from pvdbergen.caia.swin.edu.au (pvdbergen.caia.swin.edu.au [136.186.229.26]) by swin.edu.au (8.9.3p2-20030918/8.9.3) with ESMTP id LAA781537 for ; Thu, 6 Nov 2003 11:48:47 +1100 (EST) From: paul van den bergen To: freebsd-net@freebsd.org Date: Thu, 6 Nov 2003 11:48:46 +1100 User-Agent: KMail/1.5 References: <200310311414.15989.pvandenbergen@swin.edu.au> <200310310520.h9V5KI1j011235@intruder.kitchenlab.org> In-Reply-To: <200310310520.h9V5KI1j011235@intruder.kitchenlab.org> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200311061148.46923.pvandenbergen@swin.edu.au> Subject: Re: IPv6 routing (long) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Nov 2003 00:48:52 -0000 On Fri, 31 Oct 2003 04:20 pm, Bruce A. Mah wrote: > If memory serves me right, paul van den bergen wrote: > > I am attempting to set up some static ipv6 routes on my little network. > > > > example: > > > > box1 - fec0:0:0:1::1 -------- fec0:0:0:1::2 - box 2 (router) - > > fec0:0:0:2::1 -------- fec0:0:0:2::2 - box 3 > > > > I want to reach from box 1 to box 3 > > > > no route6d or anything... this is a really simple network. > > > > sysctl net.inet6.ip6.forwarding=1, net.inet6.ip6.accept_rtadv=0 on box 2 > > (the > > > > router) > > sysctl net.inet6.ip6.forwarding=0, net.inet6.ip6.accept_rtadv=1 on boxes > > 1 an d > > 3 (the hosts). > > > > route add -inet6 -net fec0:0:0:2:: -prefixlen 64 -host fec0:0:0:1::2 > > on box1 > > > > box2 can ping6 to box1 and box3 and vise versa. > > > > why can't box 1 ping6 box 3? What have I missed? > > Did you add a route on box3 so that it can reach box1? Remember that > ping6 requires two-way connectivity. Oh. I just realised that I didn't add a route on box3 to reach box1... thank you, I shall try that. nup, didn't help > You set net.inet6.ip6.accept_rtadv=1 on the end hosts...do you have > rtadvd running on box2 so that they actually acquire the routes? um... if I'm setting up static routes (e.g. no routing software oin box 2), isn't this pointless? see below... static routes. I imagine that if I do; on box1 route add -inet6 -net fec0:0:0:2:: -prefixlen 64 -host fec0:0:0:1::2 on box3 route add -inet6 -net fec0:0:0:1:: -prefixlen 64 -host fec0:0:0:2::1 and on box 2 sysctl net.inet6.ip6.forwarding=1 I shouldn't need anything else or rather, should I need something else? if I do the same experiment but with IPv4, I also do not get connectivity from box 1 to box 3, so obviously something is missing... what am I missing? additional questions: what is rtadvd and what role does it play? does it get activated by other daemons or is it to be explicitly called by the user? if I used routing software on box 2, what _else_ would I need to configure? is there a clash between sysctl settings for net.inet6.ip6.forwarding and net.inet6.ip6.accept_rtadvt? > You haven't really provided enough information to debug the problem. How > about the output of ifconfig(8) and the routing tables on all three > machines? > > Bruce. sorry, I should have done that. partly I didn't really know what was relevent... still don't, but here goes... note: network between box 1-2 = fec0:0:0:229 network between box 2-3 = fec0:0:0:10 netstat -rn output box1: Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 136.186.229.1 UGSc 2 2073 vr0 127.0.0.1 127.0.0.1 UH 2 18 lo0 136.186.229/24 link#1 UC 3 0 vr0 136.186.229.1 link#1 UHLW 1 0 vr0 136.186.229.26 00:08:74:df:70:3e UHLW 1 147 vr0 1108 192.168.2 link#1 UC 1 0 vr0 192.168.2.101 00:40:63:cb:56:e6 UHLW 0 2 vr0 300 Internet6: Destination Gateway Flags Netif Expire ::/96 ::1 UGRSc lo0 ::1 ::1 UH lo0 ::ffff:0.0.0.0/96 ::1 UGRSc lo0 fe80::/10 ::1 UGRSc lo0 fe80::%vr0/64 link#1 UC vr0 fe80::240:63ff:fecb:c3d1%vr0 00:40:63:cb:c3:d1 UHL lo0 fe80::%lo0/64 fe80::1%lo0 Uc lo0 fe80::1%lo0 link#8 UHL lo0 fec0:0:0:229:: 00:40:63:cb:c3:d1 UHL lo0 => fec0:0:0:229::/64 link#1 UC vr0 fec0::229:240:63ff:fecb:c3d1 00:40:63:cb:c3:d1 UHL lo0 ff01::%vr0/32 link#1 UC vr0 ff01::%lo0/32 ::1 UC lo0 ff02::/16 ::1 UGRS lo0 ff02::%vr0/32 link#1 UC vr0 ff02::%lo0/32 ::1 UC lo0 box2: Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire 127.0.0.1 127.0.0.1 UH 1 18 lo0 136.186.229/24 link#1 UC 2 0 vr0 136.186.229.26 00:08:74:df:70:3e UHLW 1 1951 vr0 1175 192.168.1 link#10 UC 1 0 wi0 192.168.1.104 00:09:7c:85:82:74 UHLW 0 36 wi0 543 192.168.2 link#1 UC 1 0 vr0 192.168.2.103 00:40:63:cb:c3:d1 UHLW 0 2 vr0 367 Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UH lo0 fe80::%vr0/64 link#1 UC vr0 fe80::240:63ff:fecb:56e6%vr0 00:40:63:cb:56:e6 UHL lo0 fe80::%lo0/64 fe80::1%lo0 Uc lo0 fe80::1%lo0 link#8 UHL lo0 fe80::%wi0/64 link#10 UC wi0 fe80::230:abff:fe20:a24c%wi0 00:30:ab:20:a2:4c UHL lo0 fec0:0:0:10:: 00:30:ab:20:a2:4c UHL lo0 => fec0:0:0:10::/64 link#10 UC wi0 fec0::10:209:7cff:fe85:8274 00:09:7c:85:82:74 UHLW wi0 fec0::10:230:abff:fe20:a24c 00:30:ab:20:a2:4c UHL lo0 fec0:0:0:229:: 00:40:63:cb:56:e6 UHL lo0 => fec0:0:0:229::/64 link#1 UC vr0 fec0::229:240:63ff:fecb:56e6 00:40:63:cb:56:e6 UHL lo0 ff01::%vr0/32 link#1 UC vr0 ff01::%lo0/32 ::1 UC lo0 ff01::%wi0/32 link#10 UC wi0 ff02::%vr0/32 link#1 UC vr0 ff02::%lo0/32 ::1 UC lo0 ff02::%wi0/32 link#10 UC wi0 box3: Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 136.186.229.1 UGSc 2 2003 vr0 127.0.0.1 127.0.0.1 UH 2 18 lo0 136.186.229/24 link#1 UC 3 0 vr0 136.186.229.1 00:00:0c:07:ac:e5 UHLW 1 0 vr0 1061 136.186.229.26 00:08:74:df:70:3e UHLW 1 947 vr0 962 192.168.1 link#11 UC 1 0 an0 192.168.1.101 00:30:ab:20:a2:4c UHLW 0 27 an0 330 Internet6: Destination Gateway Flags Netif Expire ::/96 ::1 UGRSc lo0 ::1 link#5 UHL lo0 ::ffff:0.0.0.0/96 ::1 UGRSc lo0 fe80::/10 ::1 UGRSc lo0 fe80::%vr0/64 link#1 UC vr0 fe80::240:63ff:fecb:56eb%vr0 00:40:63:cb:56:eb UHL lo0 fe80::%lo0/64 fe80::1%lo0 Uc lo0 fe80::1%lo0 link#5 UHL lo0 fe80::%an0/64 link#11 UC an0 fe80::209:7cff:fe85:8274%an0 00:09:7c:85:82:74 UHL lo0 fec0:0:0:10:: 00:09:7c:85:82:74 UHL lo0 => fec0:0:0:10::/64 link#11 UC an0 fec0::10:209:7cff:fe85:8274 00:09:7c:85:82:74 UHL lo0 fec0::10:230:abff:fe20:a24c 00:30:ab:20:a2:4c UHLW an0 ff01::%vr0/32 link#1 UC vr0 ff01::%lo0/32 ::1 UC lo0 ff01::%an0/32 link#11 UC an0 ff02::/16 ::1 UGRS lo0 ff02::%vr0/32 link#1 UC vr0 ff02::%lo0/32 ::1 UC lo0 ff02::%an0/32 link#11 UC an0 ifconfig output. box1: vr0: flags=8843 mtu 1500 inet 136.186.229.57 netmask 0xffffff00 broadcast 136.186.229.255 inet6 fe80::240:63ff:fecb:c3d1%vr0 prefixlen 64 scopeid 0x1 inet6 fec0::229:240:63ff:fecb:c3d1 prefixlen 64 inet6 fec0:0:0:229:: prefixlen 64 anycast inet 192.168.2.103 netmask 0xffffff00 broadcast 192.168.2.255 ether 00:40:63:cb:c3:d1 media: Ethernet autoselect (100baseTX ) status: active lp0: flags=8810 mtu 1500 sl0: flags=c010 mtu 552 faith0: flags=8002 mtu 1500 gif0: flags=c010 mtu 1280 pflog0: flags=0<> mtu 33216 pfsync0: flags=0<> mtu 1896 lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 ppp0: flags=8010 mtu 1500 box2 vr0: flags=8843 mtu 1500 inet 136.186.229.55 netmask 0xffffff00 broadcast 136.186.229.255 inet6 fe80::240:63ff:fecb:56e6%vr0 prefixlen 64 scopeid 0x1 inet6 fec0::229:240:63ff:fecb:56e6 prefixlen 64 inet6 fec0:0:0:229:: prefixlen 64 anycast inet 192.168.2.101 netmask 0xffffff00 broadcast 192.168.2.255 ether 00:40:63:cb:56:e6 media: Ethernet autoselect (100baseTX ) status: active lp0: flags=8810 mtu 1500 sl0: flags=c010 mtu 552 faith0: flags=8002 mtu 1500 gif0: flags=c010 mtu 1280 pflog0: flags=0<> mtu 33216 pfsync0: flags=0<> mtu 1896 lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 ppp0: flags=8010 mtu 1500 wi0: flags=8843 mtu 1500 inet6 fe80::230:abff:fe20:a24c%wi0 prefixlen 64 scopeid 0xa inet6 fec0:0:0:10:: prefixlen 64 anycast inet6 fec0::10:230:abff:fe20:a24c prefixlen 64 inet 192.168.1.101 netmask 0xffffff00 broadcast 192.168.1.255 ether 00:30:ab:20:a2:4c media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps) status: associated ssid MAGIC 1:MAGIC stationname HomeNet channel 1 authmode OPEN powersavemode OFF powersavesleep 100 wepmode OFF weptxkey 1 box3 vr0: flags=8843 mtu 1500 inet 136.186.229.58 netmask 0xffffff00 broadcast 136.186.229.255 inet6 fe80::240:63ff:fecb:56eb%vr0 prefixlen 64 scopeid 0x1 ether 00:40:63:cb:56:eb media: Ethernet autoselect (100baseTX ) status: active lp0: flags=8810 mtu 1500 pflog0: flags=0<> mtu 33216 pfsync0: flags=0<> mtu 1896 lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 ppp0: flags=8010 mtu 1500 sl0: flags=c010 mtu 552 hif0: flags=8800 mtu 1280 faith0: flags=8002 mtu 1500 gif0: flags=c010 mtu 1280 an0: flags=8843 mtu 1500 inet6 fec0:0:0:10:: prefixlen 64 anycast inet6 fe80::209:7cff:fe85:8274%an0 prefixlen 64 scopeid 0xb inet6 fec0::10:209:7cff:fe85:8274 prefixlen 64 inet 192.168.1.104 netmask 0xffffff00 broadcast 192.168.1.255 ether 00:09:7c:85:82:74 media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps) status: associated ssid MAGIC 1:MAGIC stationname MobileNode channel 1 authmode OPEN powersavemode OFF powersavesleep 200 wepmode OFF weptxkey 1 note that there is an AP (linksys WAP 11 ver 2.2) connecting the two wifi cards. I can get the same connectivity using adhoc mode. sysctl settings... (culled to most interesting... or not clearly irrelevent anyway.) box1 net.inet.ip.forwarding: 0 net.inet.ip.redirect: 1 net.inet.ip.sourceroute: 0 net.inet.ip.accept_sourceroute: 0 net.inet.ip.fastforwarding: 0 net.inet.ip.keepfaith: 0 net.inet.ip.subnets_are_local: 0 net.inet.ip.sendsourcequench: 0 net.inet.ip.check_interface: 0 net.inet6.ip6.forwarding: 0 net.inet6.ip6.redirect: 1 net.inet6.ip6.accept_rtadv: 0 net.inet6.ip6.keepfaith: 0 net.inet6.ip6.dad_count: 1 net.inet6.ip6.use_deprecated: 1 net.inet6.ip6.rr_prune: 5 net.inet6.ip6.v6only: 0 net.inet6.ip6.use_tempaddr: 0 net.inet6.ip6.auto_linklocal: 1 net.inet6.ip6.prefer_tempaddr: 0 net.inet6.ip6.use_defaultzone: 0 box2 net.inet.ip.forwarding: 1 net.inet.ip.redirect: 1 net.inet.ip.sourceroute: 0 net.inet.ip.accept_sourceroute: 0 net.inet.ip.fastforwarding: 0 net.inet.ip.keepfaith: 0 net.inet.ip.subnets_are_local: 0 net.inet.ip.sendsourcequench: 0 net.inet.ip.check_interface: 0 net.inet6.ip6.forwarding: 1 net.inet6.ip6.redirect: 1 net.inet6.ip6.accept_rtadv: 0 net.inet6.ip6.keepfaith: 0 net.inet6.ip6.dad_count: 1 net.inet6.ip6.use_deprecated: 1 net.inet6.ip6.rr_prune: 5 net.inet6.ip6.v6only: 0 net.inet6.ip6.use_tempaddr: 0 net.inet6.ip6.auto_linklocal: 1 net.inet6.ip6.prefer_tempaddr: 0 net.inet6.ip6.use_defaultzone: 0 box3 net.inet.ip.forwarding: 0 net.inet.ip.redirect: 1 net.inet.ip.sourceroute: 0 net.inet.ip.accept_sourceroute: 0 net.inet.ip.fastforwarding: 0 net.inet.ip.keepfaith: 0 net.inet.ip.subnets_are_local: 0 net.inet.ip.sendsourcequench: 0 net.inet.ip.check_interface: 0 net.inet6.ip6.forwarding: 0 net.inet6.ip6.redirect: 1 net.inet6.ip6.accept_rtadv: 0 net.inet6.ip6.keepfaith: 0 net.inet6.ip6.dad_count: 1 net.inet6.ip6.use_deprecated: 1 net.inet6.ip6.rr_prune: 5 net.inet6.ip6.v6only: 0 net.inet6.ip6.use_tempaddr: 0 net.inet6.ip6.auto_linklocal: 1 net.inet6.ip6.prefer_tempaddr: 0 net.inet6.ip6.use_defaultzone: 0 kldstat outputs something like Id Refs Address Size Name 1 3 0xc0100000 4b1480 kernel 2 1 0xc140b000 7000 linprocfs.ko 3 1 0xc1497000 15000 linux.ko on all the boxes... i.e. no bridging. network maps: IPv6: box1 | vr0 | fec0::229:240:63ff:fecb:c3d1 | | fec0:0:0:229::/64 | | fec0::229:240:63ff:fecb:56e6 | vr0 | box2 | wi0 | fec0::10:230:abff:fe20:a24c | | fec0:0:0:10::/64 | | fec0::10:209:7cff:fe85:8274 | an0 | box3 IPv4: box1 | vr0 | 192.168.2.103 | | 192.168.2.0/24 | | 192.168.2.101 | vr0 | box2 | wi0 | 192.168.1.101 | | 192.168.1.0/24 | | 192.168.1.104 | an0 | box3 ping behaviour: box2.wi0 -> box3.an0 IPv4: ping 192.168.1.104 PING 192.168.1.104 (192.168.1.104): 56 data bytes 64 bytes from 192.168.1.104: icmp_seq=0 ttl=64 time=4.178 ms 64 bytes from 192.168.1.104: icmp_seq=1 ttl=64 time=4.201 ms 64 bytes from 192.168.1.104: icmp_seq=2 ttl=64 time=3.669 ms ^C --- 192.168.1.104 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 3.669/4.016/4.201/0.246 ms box2.vr0 -> box1.vr0 IPv4: ping 192.168.2.103 PING 192.168.2.103 (192.168.2.103): 56 data bytes 64 bytes from 192.168.2.103: icmp_seq=0 ttl=64 time=0.364 ms 64 bytes from 192.168.2.103: icmp_seq=1 ttl=64 time=0.157 ms 64 bytes from 192.168.2.103: icmp_seq=2 ttl=64 time=0.133 ms ^C --- 192.168.2.103 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.133/0.218/0.364/0.104 ms box1.vr0 -> box3.an0 ping 192.168.1.104 PING 192.168.1.104 (192.168.1.104): 56 data bytes ^C --- 192.168.1.104 ping statistics --- 3 packets transmitted, 0 packets received, 100% packet loss IPv6: box2.wi0 -> box3.an0 ping6 fec0::10:209:7cff:fe85:8274 PING6(56=40+8+8 bytes) fec0::10:230:abff:fe20:a24c --> fec0::10:209:7cff:fe85:8274 16 bytes from fec0::10:209:7cff:fe85:8274, icmp_seq=0 hlim=64 time=3.546 ms 16 bytes from fec0::10:209:7cff:fe85:8274, icmp_seq=1 hlim=64 time=3.785 ms 16 bytes from fec0::10:209:7cff:fe85:8274, icmp_seq=2 hlim=64 time=4.368 ms ^C --- fec0::10:209:7cff:fe85:8274 ping6 statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 3.546/3.900/4.368/0.345 ms box2.vr0 -> box1.vr0 ping6 fec0::229:240:63ff:fecb:c3d1 PING6(56=40+8+8 bytes) fec0::229:240:63ff:fecb:56e6 --> fec0::229:240:63ff:fecb:c3d1 16 bytes from fec0::229:240:63ff:fecb:c3d1, icmp_seq=0 hlim=64 time=0.528 ms 16 bytes from fec0::229:240:63ff:fecb:c3d1, icmp_seq=1 hlim=64 time=0.228 ms 16 bytes from fec0::229:240:63ff:fecb:c3d1, icmp_seq=2 hlim=64 time=0.216 ms ^C --- fec0::229:240:63ff:fecb:c3d1 ping6 statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.216/0.324/0.528/0.144 ms box1.vr0 -> box3.an0 ping6 fec0::10:209:7cff:fe85:8274 ping6: UDP connect: No route to host AP setup screen (from lynx) SETUP This screen contains all of the AP's basic setup functions. Most users will be able to use the AP's default settings without making any changes. If you require help during configuration, please see the user guide. Firmware Version: 1.009 AP Name: MAGIC home AP_______ LAN IP Address: (MAC Address: 00-06-25-54-23-8E ) ( ) Obtain an IP Address Automatically (*) Specify an IP Address 192 . 168 . 1__ . 254 Subnet Mask: 255 . 255 . 255 . 0__ Gateway: 0__ . 0__ . 0__ . 0__ Wireless: (MAC Address: 00-06-25-53-3F-8C ) SSID: MAGIC_______________ Channel: [1_] (Domain: USA ) WEP: ( ) Mandatory (*) Disable [BUTTON] AP Mode: (*) Access Point ( ) Access Point Client Remote AP MAC Address _____________ ( ) Wireless Bridge Remote Bridge MAC Address _____________ ( ) Wireless Bridge - Point to MultiPoint When set to "Access Point Client", "Wireless Bridge" or "Wireless Bridge - Point to MultiPoint" mode, the device will only communicate with another WAP 11 ver. 2.2 or WAP 11. dstumbler view of the AP [ 1] MAGIC (00:06:25:54:23:8e) bn019:046:027 SSID: MAGIC BSSID:00:06:25:54:23:8e Mfg: N/A Channel: 1 11.0/100 Signal/Noise: 19/46/27 First Seen: 0:14:40 Last Seen: 0:15:24 022:049:027 ----------+++++++++ 021:048:027 ----------++++++++ 022:049:027 ----------+++++++++ 019:046:027 ----------+++++++ 022:049:027 ----------+++++++++ 021:048:027 ----------++++++++ 021:048:027 ----------++++++++ 021:048:027 ----------++++++++ 020:047:027 ----------++++++++ 021:048:027 ----------++++++++ 021:048:027 ----------++++++++ 020:047:027 ----------++++++++ 019:046:027 ----------+++++++ 021:048:027 ----------++++++++ 020:047:027 ----------++++++++ 021:048:027 ----------++++++++ 021:048:027 ----------++++++++ 021:048:027 ----------++++++++ 020:047:027 ----------++++++++ 022:049:027 ----------+++++++++ 022:049:027 ----------+++++++++ 019:046:027 ----------+++++++ 022:049:027 ----------+++++++++ 019:046:027 ----------+++++++ have tested this in adhoc mode and works just as described above, so that is not the problem... -- Dr Paul van den Bergen Centre for Advanced Internet Architectures caia.swin.edu.au pvandenbergen@swin.edu.au IM:bulwynkl2002 "And some run up hill and down dale, knapping the chucky stones to pieces wi' hammers, like so many road makers run daft. They say it is to see how the world was made." Sir Walter Scott, St. Ronan's Well 1824 From owner-freebsd-net@FreeBSD.ORG Wed Nov 5 18:12:16 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABC2E16A4CE for ; Wed, 5 Nov 2003 18:12:16 -0800 (PST) Received: from relay.transip.nl (relay.transip.nl [80.69.66.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7858043FD7 for ; Wed, 5 Nov 2003 18:12:15 -0800 (PST) (envelope-from freebsd@walter.transip.nl) Received: from blue.calx.nl (blue.calx.nl [213.84.201.224]) by relay.transip.nl (Postfix) with ESMTP id 8853234A62C for ; Thu, 6 Nov 2003 03:12:12 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by blue.calx.nl (Postfix) with ESMTP id C81CAA931 for ; Thu, 6 Nov 2003 03:12:12 +0100 (CET) Received: from kai.calx.nl (kai.calx.nl [172.23.7.10]) by blue.calx.nl (Postfix) with ESMTP id E7316A930 for ; Thu, 6 Nov 2003 03:12:01 +0100 (CET) Date: Thu, 6 Nov 2003 03:12:02 +0100 From: Walter Hop X-Mailer: The Bat! (v2.00.6) Business X-Priority: 3 (Normal) Message-ID: <167116793500.20031106031202@blue.calx.nl> To: FreeBSD Net MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by blue.calx.nl Subject: Connect two LANs over an IPv4 tunnel? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Nov 2003 02:12:16 -0000 Hi all, I have a networking problem that I am trying to solve with FreeBSD. I would like to connect two networks (home and work), so that I can set up my home workstations in the same subnet as the work LAN. Out of this /24, I would like to use a /29 at home. On both LANs I have a FreeBSD box; workbox is 5.1R and homebox is 4-STABLE. Both boxes can reach eachother over the IPv4 internet. (attempt 1) The OpenBSD man page mentioned bridge and gif in one sentence, so I was hoping that setting up a layer 2 bridge would be as easy as configuring a gif tunnel and bridging over it, but as I feared, gif is no ethernet device and this did not work: Nov 6 00:17:04 home /kernel: gif1 is not an ethernet, continue So that plan is foiled. (attempt 2) The gif tunnel worked and the boxes can ping eachother over it, so I assigned private addresses to the gif endpoints. Then I tried adding some home IP aliases to the work box's ethernet interface and using forwarding and "route delete/add" in the hope that packets would be routed to the gateway in private-space across gif1. Routing to the home IP's works LOCALLY from workbox, but when other machines in the work subnet ping a home address, they receive a reply from the workbox itself. I do not know of another way to have workbox answer ARP for the home IP's. (I considered setting the interface in promiscuous mode in the hopes of having the kernel accept and forward the packet anyway, but the ethernet is switched so nobody will know where to send it.) Unfortunately, at work I have no control over the default gateway, so I cannot set up static routes with workbox as the next-hop. I am now wondering what I can do to create a setup like this. Is this even possible, or am I thinking in the wrong direction? Any advice would be appreciated. I am not looking for bridging of Ethernet frames per se; I am only interested in IP packets. Both networks use RFC1918 private addresses. How would one approach a situation like this? Is there actually a solution? Thanks for reading :) walter From owner-freebsd-net@FreeBSD.ORG Wed Nov 5 18:47:59 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DB82B16A4CE for ; Wed, 5 Nov 2003 18:47:59 -0800 (PST) Received: from swin.edu.au (c3p0.cc.swin.edu.au [136.186.1.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 648B243FEA for ; Wed, 5 Nov 2003 18:47:58 -0800 (PST) (envelope-from pvandenbergen@swin.edu.au) Received: from pvdbergen.caia.swin.edu.au (pvdbergen.caia.swin.edu.au [136.186.229.26]) by swin.edu.au (8.9.3p2-20030918/8.9.3) with ESMTP id NAA802243 for ; Thu, 6 Nov 2003 13:47:56 +1100 (EST) From: paul van den bergen To: freebsd-net@freebsd.org Date: Thu, 6 Nov 2003 13:47:56 +1100 User-Agent: KMail/1.5 References: <200310311414.15989.pvandenbergen@swin.edu.au> <200310310520.h9V5KI1j011235@intruder.kitchenlab.org> <200311061148.46923.pvandenbergen@swin.edu.au> In-Reply-To: <200311061148.46923.pvandenbergen@swin.edu.au> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200311061347.56665.pvandenbergen@swin.edu.au> Subject: Re: IPv6 routing (long) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Nov 2003 02:48:00 -0000 On Thu, 6 Nov 2003 11:48 am, paul van den bergen wrote: > static routes. > > I imagine that if I do; > > on box1 > route add -inet6 -net fec0:0:0:2:: -prefixlen 64 -host fec0:0:0:1::2 > > on box3 > route add -inet6 -net fec0:0:0:1:: -prefixlen 64 -host fec0:0:0:2::1 > > and on box 2 > sysctl net.inet6.ip6.forwarding=1 > > I shouldn't need anything else > > or rather, should I need something else? > > if I do the same experiment but with IPv4, I also do not get connectivity > from box 1 to box 3, so obviously something is missing... > > what am I missing? I know it is rather Naff replying to your own post, but I tried something and wanted to share... if I set up static routes on the 2 end machines athat are host to host routes, the routing works in both ipv4 and ipv6. if I set up network routes, it does not. e.g. on box1: route add -inet6 -host fec0:0:0:2::2 -host fec0:0:0:1::2 and on box3: route add -inet6 -host fec0:0:0:1::1 -host fec0:0:0:2::1 ping6 gets me connectivity all hosts on the local netowrk and the specific host on the neighbouring network. so it seems to me that the problem arises with the network address??? perhaps a clash with anycast? still does not explain the ipv4 failure... question: the only reason I have an anycast address is to force the ipv6 address assignment. on startup, each interface gets a ipv6 address of the form fe80: (link local) etc. if I want a fec0: address (site local), sometimes doing ifconfig vr0 inet6 fec0:0:0:10::/64 eui64 alias works, some times not. Mostly not. I especially notice failure when configuring from a boot script for pccard based cards, e.g. wi0, an0. if I do an ifconfig vr0 inet6 fec0:0:0:10::/64 anycast alias ifconfig vr0 inet6 fec0:0:0:10::/64 eui64 alias works every time someone want to enlighten me to a better way? -- Dr Paul van den Bergen Centre for Advanced Internet Architectures caia.swin.edu.au pvandenbergen@swin.edu.au IM:bulwynkl2002 "And some run up hill and down dale, knapping the chucky stones to pieces wi' hammers, like so many road makers run daft. They say it is to see how the world was made." Sir Walter Scott, St. Ronan's Well 1824 From owner-freebsd-net@FreeBSD.ORG Wed Nov 5 18:55:03 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B97D16A4CE for ; Wed, 5 Nov 2003 18:55:03 -0800 (PST) Received: from swin.edu.au (c3p0.cc.swin.edu.au [136.186.1.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id CDED244015 for ; Wed, 5 Nov 2003 18:54:59 -0800 (PST) (envelope-from pvandenbergen@swin.edu.au) Received: from pvdbergen.caia.swin.edu.au (pvdbergen.caia.swin.edu.au [136.186.229.26]) by swin.edu.au (8.9.3p2-20030918/8.9.3) with ESMTP id NAA803051 for ; Thu, 6 Nov 2003 13:54:58 +1100 (EST) From: paul van den bergen To: freebsd-net@freebsd.org Date: Thu, 6 Nov 2003 13:54:58 +1100 User-Agent: KMail/1.5 References: <200310311414.15989.pvandenbergen@swin.edu.au> <200311061148.46923.pvandenbergen@swin.edu.au> <200311061347.56665.pvandenbergen@swin.edu.au> In-Reply-To: <200311061347.56665.pvandenbergen@swin.edu.au> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200311061354.58507.pvandenbergen@swin.edu.au> Subject: Re: IPv6 routing (long) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Nov 2003 02:55:03 -0000 On Thu, 6 Nov 2003 01:47 pm, paul van den bergen wrote: > > I know it is rather Naff replying to your own post, but I tried something > and wanted to share... and now super-naff... I made a mistake... this only works with route6d running on the central box... turn route6d off and no ping... -- Dr Paul van den Bergen Centre for Advanced Internet Architectures caia.swin.edu.au pvandenbergen@swin.edu.au IM:bulwynkl2002 "And some run up hill and down dale, knapping the chucky stones to pieces wi' hammers, like so many road makers run daft. They say it is to see how the world was made." Sir Walter Scott, St. Ronan's Well 1824 From owner-freebsd-net@FreeBSD.ORG Wed Nov 5 21:06:27 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 94DB916A4CF for ; Wed, 5 Nov 2003 21:06:27 -0800 (PST) Received: from firecrest.mail.pas.earthlink.net (firecrest.mail.pas.earthlink.net [207.217.121.247]) by mx1.FreeBSD.org (Postfix) with ESMTP id C2BA043FE9 for ; Wed, 5 Nov 2003 21:06:26 -0800 (PST) (envelope-from valiantsoul@earthlink.net) Received: from user-0cdv0r3.cable.mindspring.com ([24.223.131.99] helo=earthlink.net) by firecrest.mail.pas.earthlink.net with asmtp (Exim 3.33 #1) id 1AHcLg-0003kK-00 for freebsd-net@freebsd.org; Wed, 05 Nov 2003 21:06:24 -0800 Message-ID: <410-220031146561390@earthlink.net> X-Priority: 3 X-Mailer: EarthLink MailBox 2004.0.129.0 (Windows) From: "Craig StJean" To: freebsd-net@freebsd.org Date: Thu, 6 Nov 2003 00:06:01 -0500 MIME-Version: 1.0 X-ELNK-Trace: 0b6360d620a7c653791ceade7a3fce3a9ef193a6bfc3dd48564107cf3467e64995eb190caca973c1d81f49743ecfecf5350badd9bab72f9c350badd9bab72f9c Content-Type: text/plain; charset=US-ASCII X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Port Forwarding X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: valiantsoul@earthlink.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Nov 2003 05:06:27 -0000 Hello, If I use my FreeBSD box as a gateway for another machine, how can I enable port forwarding on ports 80 and 21 so that if the FreeBSD box has the real IP and someone tries to connect to one of those ports the FreeBSD box routes the requests to the other machine so I can access my other computers webserver and ftp server? (The FreeBSD box will be using 5.1-STABLE and the other is Windows 2000 Professional). Thanks! Craig StJean valiantsoul@earthlink.net From owner-freebsd-net@FreeBSD.ORG Thu Nov 6 00:39:54 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A266F16A4CE for ; Thu, 6 Nov 2003 00:39:54 -0800 (PST) Received: from brisefer.cediti.be (porquepix.cediti.be [213.189.188.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 220C443FF7 for ; Thu, 6 Nov 2003 00:39:51 -0800 (PST) (envelope-from Olivier.Cherrier@cediti.be) Received: by brisefer.nat.cediti.be with Internet Mail Service (5.5.2653.19) id <4FVJ5ZBH>; Thu, 6 Nov 2003 09:39:12 +0100 Message-ID: From: Olivier Cherrier To: "'valiantsoul@earthlink.net'" , freebsd-net@freebsd.org Date: Thu, 6 Nov 2003 09:39:11 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Subject: RE: Port Forwarding X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Nov 2003 08:39:54 -0000 >Hello, >If I use my FreeBSD box as a gateway for another machine, how >can I enable port forwarding on ports 80 and 21 so that if the >FreeBSD box has the real IP and someone tries to connect to >one of those ports the FreeBSD box routes the requests to the >other machine so I can access my other computers webserver and >ftp server? Hello, Read the documentation. From owner-freebsd-net@FreeBSD.ORG Thu Nov 6 02:11:39 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 59BC916A4CE for ; Thu, 6 Nov 2003 02:11:39 -0800 (PST) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C34D43FEC for ; Thu, 6 Nov 2003 02:11:38 -0800 (PST) (envelope-from brueffer@phoenix-systems.de) Received: from [212.227.126.206] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1AHh73-0005VJ-00 for freebsd-net@freebsd.org; Thu, 06 Nov 2003 11:11:37 +0100 Received: from [212.202.204.71] (helo=ramses.kicks-ass.net) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 1AHh73-0005SM-00 for freebsd-net@freebsd.org; Thu, 06 Nov 2003 11:11:37 +0100 Received: from cheops.phoenix (cheops.phoenix [192.168.1.3]) by ramses.kicks-ass.net (Postfix) with ESMTP id 704B91CC21; Thu, 6 Nov 2003 11:11:34 +0100 (CET) From: Markus Brueffer To: valiantsoul@earthlink.net, freebsd-net@freebsd.org Date: Thu, 6 Nov 2003 11:11:37 +0100 User-Agent: KMail/1.5.4 References: <410-220031146561390@earthlink.net> In-Reply-To: <410-220031146561390@earthlink.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200311061111.39441.brueffer@phoenix-systems.de> Subject: Re: Port Forwarding X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Nov 2003 10:11:39 -0000 On Thursday 06 November 2003 06:06, Craig StJean wrote: > Hello, > If I use my FreeBSD box as a gateway for another machine, how can I enable > port forwarding on ports 80 and 21 so that if the FreeBSD box has the real > IP and someone tries to connect to one of those ports the FreeBSD box > routes the requests to the other machine so I can access my other computers > webserver and ftp server? > > (The FreeBSD box will be using 5.1-STABLE and the other is Windows 2000 > Professional). The FreeBSD Handbook has an answer for you: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html Markus From owner-freebsd-net@FreeBSD.ORG Thu Nov 6 06:05:40 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1ADC916A4CE for ; Thu, 6 Nov 2003 06:05:40 -0800 (PST) Received: from mizar.origin-it.net (mizar.origin-it.net [194.8.96.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id 62B324400D for ; Thu, 6 Nov 2003 06:05:38 -0800 (PST) (envelope-from helge.oldach@atosorigin.com) Received: from matar.hbg.de.int.atosorigin.com (dehsfw3e.origin-it.net [194.8.96.68])hA6E5aUQ031575 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 6 Nov 2003 15:05:36 +0100 (CET) (envelope-from helge.oldach@atosorigin.com) Received: from galaxy.hbg.de.ao-srv.com (galaxy.hbg.de.ao-srv.com [161.89.20.4])ESMTP id hA6E5Z35030873; Thu, 6 Nov 2003 15:05:35 +0100 (CET) (envelope-from helge.oldach@atosorigin.com) Received: (from hmo@localhost) by galaxy.hbg.de.ao-srv.com (8.9.3p2/8.9.3/hmo30mar03) id PAA15335; Thu, 6 Nov 2003 15:05:34 +0100 (MET) Message-Id: <200311061405.PAA15335@galaxy.hbg.de.ao-srv.com> In-Reply-To: <167116793500.20031106031202@blue.calx.nl> from Walter Hop at "Nov 6, 2003 3:12: 2 am" To: freebsd@walter.transip.nl (Walter Hop) Date: Thu, 6 Nov 2003 15:05:34 +0100 (MET) From: Helge Oldach X-Address: Atos Origin GmbH, Friesenstrae 13, D-20097 Hamburg, Germany X-Phone: +49 40 7886 7464, Fax: +49 40 7886 9464, Mobile: +49 160 4782517 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Connect two LANs over an IPv4 tunnel? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Nov 2003 14:05:40 -0000 Walter Hop: >I would like to connect two networks (home and work), so that I can set >up my home workstations in the same subnet as the work LAN. Out of this >/24, I would like to use a /29 at home. > >(attempt 2) > >The gif tunnel worked and the boxes can ping eachother over it, so I >assigned private addresses to the gif endpoints. Then I tried adding some >home IP aliases to the work box's ethernet interface and using forwarding >and "route delete/add" in the hope that packets would be routed to the >gateway in private-space across gif1. You do not need IP aliases (I presume you mean static ARP entries), but just need to get the routes right. Proxy ARP will do the rest for you: sysctl net.link.ether.inter.proxyall=1 Be sure that you have IP forwarding enabled on both boxes, otherwise it will definitely not work. Helge From owner-freebsd-net@FreeBSD.ORG Thu Nov 6 10:15:03 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ECE2116A4CE for ; Thu, 6 Nov 2003 10:15:03 -0800 (PST) Received: from blacklamb.mykitchentable.net (207-173-254-228.bras01.elk.ca.frontiernet.net [207.173.254.228]) by mx1.FreeBSD.org (Postfix) with ESMTP id 44B7043FFB for ; Thu, 6 Nov 2003 10:15:01 -0800 (PST) (envelope-from drew@mykitchentable.net) Received: from l035522 (unknown [165.107.42.110]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by blacklamb.mykitchentable.net (Postfix) with ESMTP id 1AFE63BF395 for ; Thu, 6 Nov 2003 10:15:00 -0800 (PST) Message-ID: <022501c3a491$e46bf780$6e2a6ba5@lc.ca.gov> From: "Drew Tomlinson" To: Date: Thu, 6 Nov 2003 10:14:47 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Routing With Two ISPs? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Nov 2003 18:15:04 -0000 I have a 4.8 box serving as a gateway with two connections to the Internet. Is there some way to set the box up so that packets are routed out through the same interface from which they arrived? For example, if a connection is initiated on port 80 from a packet arriving on one interface, is there a way to make the outgoing packets from my web server use that same interface as a gateway instead of the default interface? Any suggestions appreciated. Thanks, Drew From owner-freebsd-net@FreeBSD.ORG Thu Nov 6 14:51:06 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B91716A4CF; Thu, 6 Nov 2003 14:51:06 -0800 (PST) Received: from stoat.clara.net (du-028-0167.claranet.co.uk [195.8.84.167]) by mx1.FreeBSD.org (Postfix) with ESMTP id B7C1F43F93; Thu, 6 Nov 2003 14:51:02 -0800 (PST) (envelope-from david@carter-hitchin.clara.co.uk) Received: from stoat.clara.net (localhost [127.0.0.1]) by stoat.clara.net (8.12.8p2/8.12.9) with ESMTP id hA6Mp0sP000208; Thu, 6 Nov 2003 22:51:01 GMT (envelope-from david@carter-hitchin.clara.co.uk) Received: from localhost (david@localhost)hA6Mowlo000205; Thu, 6 Nov 2003 22:50:59 GMT (envelope-from david@carter-hitchin.clara.co.uk) X-Authentication-Warning: stoat.clara.net: david owned process doing -bs Date: Thu, 6 Nov 2003 22:50:58 +0000 (GMT) From: David Carter-Hitchin X-Sender: david@stoat.clara.net To: freebsd-questions@freebsd.org, doc@freebsd.org In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: ppp link always dials when started with -auto? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Nov 2003 22:51:06 -0000 Hi, With lots of help from John Chung I eventually fixed this problem - it was because ipv6 was configured. I've disabled that in the kernel (I survived without it for years, so no reason to have it as part of my upgrade). I clocked up about 15 hours trying to debug this problem - that would have been cut down to about 30 mins had this been in the FAQ. Can someone please add this side effect of ipv6 on ppp to FAQ 14.17 or alternatively I am happy to volunteer to do it myself? There again if someone knows a cunning way to make ppp and ipv6 sit happily together that might be a better way forward... Thanks, David. On Sun, 26 Oct 2003, David Carter-Hitchin wrote: > Hi FreeBSD'ers, > > I've just upgraded to 4.9-RC (from 4.2) and I'm really happy with > everything except ppp. > > Whenever I start ppp (with ppp -auto pmdemand) it immediately starts to > dial - after connecting it briefly sends and receives a minimal amount of > data then sits there idly. > > One other problem I've got with my upgrade is that I'm getting pam errors: > > Oct 26 20:26:25 stoat login: no modules loaded for `login' service > Oct 26 20:26:25 stoat login: pam_open_session: Permission denied > > (related?) > > I've read the ppp faq and this question is covered and it says sendmail is > the often the culprit. This rang loud bells as I saw that the more recent > version of sendmail has depreciated the 'nodns' feature. So I tried > rebooting without sendmail running, but still the same problem. I tried > killing off a few daemons including inetd, lpd, usbd.. but no joy. > > I added "log All +tcp/ip" to get the full output, but I don't know enough > about this stuff to go further. I initially get the following lines in > the log: > > Oct 26 21:17:32 stoat ppp[466]: tun0: TCP/IP: OUT > <0>: fe80::240:95ff:fe44:3e11 ---> ff02::1:ff44:3e11 (72) > > Oct 26 21:17:32 stoat ppp[466]: tun0: TCP/IP: OUT ICMP: :::135 ---> > ff02::1:ff44:3e11 (16/64) > > I've uploaded the rest of the conversation to: > > http://www.carter-hitchin.clara.co.uk/logs/ppp.log.gz > > My setup is an isolated workstation (no LAN, occasional dialup). Here are > some outputs: > > [516]->uname -a > FreeBSD stoat.clara.net 4.9-RC FreeBSD 4.9-RC #0: Sat Oct 18 13:56:46 BST > 2003 david@stoat.clara.net:/usr/obj/usr/src/sys/STOAT i386 > > [517]->cat /etc/ppp/ppp.conf > default: > #set log Phase Chat LCP IPCP CCP tun command > set log All > ident user-ppp VERSION (built COMPILATIONDATE) > set device /dev/cuaa0 > set speed 115200 > set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \ > \"\" ATM1 OK \\dATDT\\T TIMEOUT 40 CONNECT" > enable dns > > pmdemand: > set timeout 300 # 3 mintue idle timer (the > default) > set phone XXXXXXXXXXXXXXX > set authname XXXXX > set authkey XXXXXX > add default HISADDR # Add a (sticky) default route > set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.255 > > > [68]->cat /etc/resolv.conf > domain=stoat > nameserver 195.8.69.7 > nameserver 195.8.69.12 > > [69]->cat /etc/hosts > ::1 localhost localhost.clara.net > 127.0.0.1 localhost localhost.clara.net stoat.clara.net > 127.0.0.1 stoat stoat.clara.net > 127.0.0.1 carter-hitchin.clara.co.uk > > > I'd really appreciate some help here - I'm stuck in being able to > identify precisely what is using the link. > > Many thanks, > David. > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > From owner-freebsd-net@FreeBSD.ORG Thu Nov 6 21:15:34 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5257116A4CE for ; Thu, 6 Nov 2003 21:15:34 -0800 (PST) Received: from xmxpita.excite.com (nn2.excitenetwork.com [207.159.120.56]) by mx1.FreeBSD.org (Postfix) with ESMTP id A1ECC43FFD for ; Thu, 6 Nov 2003 21:15:33 -0800 (PST) (envelope-from skb_bhat@excite.com) Received: by xmxpita.excite.com (Postfix, from userid 110) id D2BABBF78; Fri, 7 Nov 2003 00:15:27 -0500 (EST) To: freebsd-net@freebsd.org Received: from [203.200.177.199] by xprdmailfe13.nwk.excite.com via HTTP; Fri, 07 Nov 2003 00:15:27 EST X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: ID = 5c3e0474b596237c52a34490e08e6c6e From: "skb" MIME-Version: 1.0 X-Sender: skb_bhat@excite.com X-Mailer: PHP Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Cc: Message-Id: <20031107051527.D2BABBF78@xmxpita.excite.com> Date: Fri, 7 Nov 2003 00:15:27 -0500 (EST) Subject: login with ldap and sasl/gssapi X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: skb_bhat@excite.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Nov 2003 05:15:34 -0000 Hi, Can someone please tell me how to configure login on the FreeBSD-5.1-RELEASE box to use ldap authentication (using SASL/GSSAPI), pam_krb5, pam_ldap and nss_ldap modules repectively. I have successfully configured openldap21-2.1.20_1 with heimdal-0.5.1. I can execute ldapsearch, ldapadd etc using SASL/GSSAPI mechanism without any problems at all on the local box. On /usr/local/etc/openldap/slapd.conf I've added the following extra stuff: require SASL sasl-realm MYDOMAIN.COM sasl-host test.mydomain.com sasl-secprop noplain,noanonymous,minssf=56 sasl-regex uid=(.*),cn=MYDOMAIN.COM,cn=gssapi,cn=auth uid=$1,ou=People,dc=mydomain,dc=com The pam_krb5, nss_ldap, pam_ldap modules are working fine since login is working fine with anonymous LDAP bind. But everything stops when I am disabling anonymous bind. My /etc/pam.d/login file is as follows: auth required pam_nologin.so no_warn auth sufficient pam_self.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient pam_krb5.so no_warn try_first_pass auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass nullok # account account required pam_krb5.so account sufficient /usr/local/lib/pam_ldap.so account required pam_login_access.so account required pam_securetty.so account required pam_unix.so # session #session optional pam_ssh.so session required pam_lastlog.so no_fail # password password sufficient pam_krb5.so no_warn try_first_pass password sufficient /usr/local/lib/pam_ldap.so password required pam_unix.so no_warn try_first_pass Any help will be greatly appreciated. Thanks in advance, skb _______________________________________________ Join Excite! - http://www.excite.com The most personalized portal on the Web! From owner-freebsd-net@FreeBSD.ORG Thu Nov 6 23:59:48 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E06FD16A4CE for ; Thu, 6 Nov 2003 23:59:48 -0800 (PST) Received: from mizar.origin-it.net (mizar.origin-it.net [194.8.96.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4B65243FBF for ; Thu, 6 Nov 2003 23:59:47 -0800 (PST) (envelope-from helge.oldach@atosorigin.com) Received: from matar.hbg.de.int.atosorigin.com (dehsfw3e.origin-it.net [194.8.96.68])hA77xjUQ070887 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 7 Nov 2003 08:59:45 +0100 (CET) (envelope-from helge.oldach@atosorigin.com) Received: from galaxy.hbg.de.ao-srv.com (galaxy.hbg.de.ao-srv.com [161.89.20.4])ESMTP id hA77xj35068656; Fri, 7 Nov 2003 08:59:45 +0100 (CET) (envelope-from helge.oldach@atosorigin.com) Received: (from hmo@localhost) by galaxy.hbg.de.ao-srv.com (8.9.3p2/8.9.3/hmo30mar03) id IAA19949; Fri, 7 Nov 2003 08:59:38 +0100 (MET) Message-Id: <200311070759.IAA19949@galaxy.hbg.de.ao-srv.com> In-Reply-To: <022501c3a491$e46bf780$6e2a6ba5@lc.ca.gov> from Drew Tomlinson at "Nov 6, 2003 7:14:47 pm" To: drew@mykitchentable.net (Drew Tomlinson) Date: Fri, 7 Nov 2003 08:59:38 +0100 (MET) From: Helge Oldach X-Address: Atos Origin GmbH, Friesenstrae 13, D-20097 Hamburg, Germany X-Phone: +49 40 7886 7464, Fax: +49 40 7886 9464, Mobile: +49 160 4782517 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Routing With Two ISPs? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Nov 2003 07:59:49 -0000 Drew Tomlinson: >I have a 4.8 box serving as a gateway with two connections to the >Internet. Is there some way to set the box up so that packets are >routed out through the same interface from which they arrived? For >example, if a connection is initiated on port 80 from a packet arriving >on one interface, is there a way to make the outgoing packets from my >web server use that same interface as a gateway instead of the default >interface? Unfortunately not. While your application (multi-homing, aka "strong ES" model of RFC 1122) would appear simpler, a general solution would target at true policy-based routing. The latest information I have seen is http://www.mail-archive.com/freebsd-net@freebsd.org/msg07737.html. Helge From owner-freebsd-net@FreeBSD.ORG Fri Nov 7 03:11:49 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA3C316A4CE for ; Fri, 7 Nov 2003 03:11:49 -0800 (PST) Received: from smtp.uc3m.es (smtp01.uc3m.es [163.117.136.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C07E43F3F for ; Fri, 7 Nov 2003 03:11:48 -0800 (PST) (envelope-from jrh@it.uc3m.es) Received: from smtp01.uc3m.es (localhost [127.0.0.1]) by smtp.uc3m.es (Postfix) with ESMTP id 53352434B5 for ; Fri, 7 Nov 2003 12:11:47 +0100 (CET) Received: from cimborrio (cimborrio.it.uc3m.es [163.117.139.95]) by smtp01.uc3m.es (Postfix) with ESMTP id CA8B399F6D for ; Fri, 7 Nov 2003 12:11:46 +0100 (CET) From: Juan Rodriguez Hervella Organization: UC3M To: freebsd-net@freebsd.org Date: Fri, 7 Nov 2003 12:11:42 +0100 User-Agent: KMail/1.5.4 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200311071211.44015.jrh@it.uc3m.es> Subject: Information about IPv6 Path MTU discovery implementation X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Nov 2003 11:11:49 -0000 Hello, I would like to get information about the implementation of Path MTU discovery for IPv6 (RFC-1981). Is there any documentation about how this has been made ? -- ****** JFRH ****** Labor, n.: One of the processes by which A acquires property for B. -- Ambrose Bierce, "The Devil's Dictionary" From owner-freebsd-net@FreeBSD.ORG Fri Nov 7 06:09:50 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D645416A4CE for ; Fri, 7 Nov 2003 06:09:50 -0800 (PST) Received: from blacklamb.mykitchentable.net (207-173-254-228.bras01.elk.ca.frontiernet.net [207.173.254.228]) by mx1.FreeBSD.org (Postfix) with ESMTP id 20EFF43FA3 for ; Fri, 7 Nov 2003 06:09:50 -0800 (PST) (envelope-from drew@mykitchentable.net) Received: from bigdaddy (unknown [192.168.1.3]) by blacklamb.mykitchentable.net (Postfix) with SMTP id 48FE93BF3B3; Fri, 7 Nov 2003 06:09:39 -0800 (PST) Message-ID: <010801c3a538$ce5e8b40$0301a8c0@bigdaddy> From: "Drew Tomlinson" To: "Helge Oldach" References: <200311070759.IAA19949@galaxy.hbg.de.ao-srv.com> Date: Fri, 7 Nov 2003 06:09:38 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300 cc: freebsd-net@freebsd.org Subject: Re: Routing With Two ISPs? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Nov 2003 14:09:50 -0000 ----- Original Message ----- From: "Helge Oldach" Sent: Thursday, November 06, 2003 11:59 PM > Drew Tomlinson: > >I have a 4.8 box serving as a gateway with two connections to the > >Internet. Is there some way to set the box up so that packets are > >routed out through the same interface from which they arrived? For > >example, if a connection is initiated on port 80 from a packet arriving > >on one interface, is there a way to make the outgoing packets from my > >web server use that same interface as a gateway instead of the default > >interface? > > Unfortunately not. While your application (multi-homing, aka "strong ES" > model of RFC 1122) would appear simpler, a general solution would target > at true policy-based routing. > > The latest information I have seen is > http://www.mail-archive.com/freebsd-net@freebsd.org/msg07737.html. Thank you for your reply. I can understand that it's more difficult than it appears. I get easily confused when thinking about routing. :) Now that I know what "terms" I'm looking for (like "strong ES") I can search this in the threads and see if/when it gets implemented. Cheers, Drew From owner-freebsd-net@FreeBSD.ORG Fri Nov 7 06:52:00 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B04B16A4CF for ; Fri, 7 Nov 2003 06:52:00 -0800 (PST) Received: from blacklamb.mykitchentable.net (207-173-254-228.bras01.elk.ca.frontiernet.net [207.173.254.228]) by mx1.FreeBSD.org (Postfix) with ESMTP id 910FC43F75 for ; Fri, 7 Nov 2003 06:51:57 -0800 (PST) (envelope-from drew@mykitchentable.net) Received: from bigdaddy (unknown [192.168.1.3]) by blacklamb.mykitchentable.net (Postfix) with SMTP id BB7BB3BF39E; Fri, 7 Nov 2003 06:51:56 -0800 (PST) Message-ID: <011601c3a53e$b0d3c5d0$0301a8c0@bigdaddy> From: "Drew Tomlinson" To: "Milan Obuch" References: <022501c3a491$e46bf780$6e2a6ba5@lc.ca.gov> <200311070833.36482.milan.obuch@bluegrass.sk> Date: Fri, 7 Nov 2003 06:51:56 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300 cc: freebsd-net@freebsd.org Subject: Re: Routing With Two ISPs? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Nov 2003 14:52:00 -0000 ----- Original Message ----- From: "Milan Obuch" Sent: Thursday, November 06, 2003 11:33 PM > On Thursday 06 November 2003 19:14, Drew Tomlinson wrote: > > I have a 4.8 box serving as a gateway with two connections to the > > Internet. Is there some way to set the box up so that packets are > > routed out through the same interface from which they arrived? For > > example, if a connection is initiated on port 80 from a packet arriving > > on one interface, is there a way to make the outgoing packets from my > > web server use that same interface as a gateway instead of the default > > interface? > > > > Hi, Drew, > there is no standard way to do this, hovewer, if your box is just a multihomed > host, then it is possible with ipfw. Anyway, one connection is preferred > being default gateway, the second one could be routed with > > ipfw add fwd ip from to any > > which works this way: > My second connection is from world to my ip, and if packet is locally > generated with my ip, send it to the other side regardless whether routing > table shows there or not. Thank you for your reply. I have tried using the 'fwd' option of ipfw but it doesn't work in my situation. I suspect it has something to do with NAT. Maybe you can see what I'm missing or a better way to do it? My situation is this: I have a DSL connection to my home and my neighbor has a cable connection in his. His cable modem is connected to a Linksys Wireless AP/Router and he has graciously allowed me to use his link. So here is a diagram of our networks: Internet | Public IP | ADSL Modem/Router 192.168.10.1 | dc0 192.168.10.2 | FBSD 4.8 --------- rl0 | 192.168.100.2 dc1 | | 192.168.100.1 192.168.1.2 Neighbor's AP | | Internal LAN Public IP | Internet A limitation of the Linksys AP NAT implementation is that it will only forward packets to nodes on it's own subnet. So in this case it will only forward packets from the Internet to 192.168.100.0/24. However I would like to have packets forwarded to nodes on 192.168.1.0/24, specifically traffic on port 8080 forwarded to 192.168.1.3. So I tell the Linksys AP to forward to 192.168.100.2. At first I tried a 'ipfw fwd' rule to then forward that traffic to 192.168.1.3. The rule worked but the traffic arrived with a destination address of 192.168.100.2 and thus the 192.168.1.3 node ignored the traffic. Next, I started natd with a 'redirect' rule on 192.168.100.2. This rewrites the destination address to 192.168.1.3 and initiates the connection. However, the connection doesn't complete because the default route on the FBSD gateway is 192.168.10.1 (my DSL connection) so the acks never reached the client. To solve this, I tried adding a 'ipfw fwd' rule to send the traffic out 192.168.100.1 but that didn't work. I could see the packets going out 192.168.100.2 but I have no way to know what the Linksys did with them. I suspect this has to do with NAT being performed twice, once on my gateway and again on the Linksys? I tried forwarding the packet to 192.168.100.2 but that didn't work either. As a further test, if I define the IP address (1.2.3.4 for example) of the machine requesting service on port 8080 to the route table (route add 1.2.3.4 192.168.100.1), then the connection gets established and traffic flows between the machines. Unfortunately it is not practical to make static routes for each machine that may connect, especially with dynamic IPs. > Nut I know no way how to distiguish packets coming from internal net if they > should go one way or the other, if requests can come from both links. If you > know exactly netblocks which could send request one or the other side, then > you can just use routing entries, but I feel this to be cumbersome to > maintain if possible ever to track changes... Agreed. So do you have any ideas on how I could get things working the way I'd like? Thanks, Drew From owner-freebsd-net@FreeBSD.ORG Fri Nov 7 07:15:36 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4508216A4CE for ; Fri, 7 Nov 2003 07:15:36 -0800 (PST) Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 84EBC43FE5 for ; Fri, 7 Nov 2003 07:15:35 -0800 (PST) (envelope-from larse@ISI.EDU) Received: from isi.edu (ca-herbch-cuda2-c3c-49.stmnca.adelphia.net [67.20.211.49]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id hA7FFVa28771; Fri, 7 Nov 2003 07:15:31 -0800 (PST) Message-ID: <3FABB712.7050905@isi.edu> Date: Fri, 07 Nov 2003 07:15:30 -0800 From: Lars Eggert Organization: USC Information Sciences Institute User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6a) Gecko/20031030 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Helge Oldach References: <200311070759.IAA19949@galaxy.hbg.de.ao-srv.com> In-Reply-To: <200311070759.IAA19949@galaxy.hbg.de.ao-srv.com> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms020205070907020407010906" cc: Drew Tomlinson cc: freebsd-net@freebsd.org Subject: Re: Routing With Two ISPs? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Nov 2003 15:15:36 -0000 This is a cryptographically signed message in MIME format. --------------ms020205070907020407010906 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Helge Oldach wrote: > Drew Tomlinson: > >>I have a 4.8 box serving as a gateway with two connections to the >>Internet. Is there some way to set the box up so that packets are >>routed out through the same interface from which they arrived? For >>example, if a connection is initiated on port 80 from a packet arriving >>on one interface, is there a way to make the outgoing packets from my >>web server use that same interface as a gateway instead of the default >>interface? > > > Unfortunately not. While your application (multi-homing, aka "strong ES" > model of RFC 1122) would appear simpler, a general solution would target > at true policy-based routing. For some simple setups, you can use ipfw fwd rules to forward on something other than destination address. But I agree that for more complex things you need some implementation of policy routing. Lars -- Lars Eggert USC Information Sciences Institute --------------ms020205070907020407010906 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJtjCC AzgwggKhoAMCAQICEGZFcrfMdPXPY3ZFhNAukQEwDQYJKoZIhvcNAQEEBQAwgdExCzAJBgNV BAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgG A1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vydmlj ZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkG CSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMDA4MzAwMDAw MDBaFw0wNDA4MjcyMzU5NTlaMIGSMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBD YXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xDzANBgNVBAoTBlRoYXd0ZTEdMBsGA1UECxMUQ2Vy dGlmaWNhdGUgU2VydmljZXMxKDAmBgNVBAMTH1BlcnNvbmFsIEZyZWVtYWlsIFJTQSAyMDAw LjguMzAwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN4zMqZjxwklRT7SbngnZ4HF2ogZ gpcO40QpimM1Km1wPPrcrvfudG8wvDOQf/k0caCjbZjxw0+iZdsN+kvx1t1hpfmFzVWaNRqd knWoJ67Ycvm6AvbXsJHeHOmr4BgDqHxDQlBRh4M88Dm0m1SKE4f/s5udSWYALQmJ7JRr6aFp AgMBAAGjTjBMMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFQcml2YXRlTGFiZWwxLTI5NzAS BgNVHRMBAf8ECDAGAQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQQFAAOBgQAxsUtH XfkBceX1U2xdedY9mMAmE2KBIqcS+CKV6BtJtyd7BDm6/ObyJOuR+r3sDSo491BVqGz3Da1M G7wD9LXrokefbKIMWI0xQgkRbLAaadErErJAXWr5edDqLiXdiuT82w0fnQLzWtvKPPZE6iZp h39Ins6ln+eE2MliYq0FxjCCAzkwggKioAMCAQICAwp2bzANBgkqhkiG9w0BAQQFADCBkjEL MAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du MQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsTFENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYD VQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0EgMjAwMC44LjMwMB4XDTAzMDgwMTE3MjkyOVoX DTA0MDczMTE3MjkyOVowVDEPMA0GA1UEBBMGRWdnZXJ0MQ0wCwYDVQQqEwRMYXJzMRQwEgYD VQQDEwtMYXJzIEVnZ2VydDEcMBoGCSqGSIb3DQEJARYNbGFyc2VAaXNpLmVkdTCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMb7PuLXnwV+45vwlkgogdSijd5HVqUB14bWvoK0 MjWPnkLPMDMDEezdsMG1BPiZyNeqXlJJtEgdAK8H2Mc9/qLeJUq3CoAeD6Wrjq4QaxJBXgdS KcGDeQAZSDgwUJS9vx9+cXJVfLyOYxJ+CLBcO/eu8PvSi17lk6oeAbrskSGDu/Xi1o2SC4Qm l69k8xcZQEMQDodkIk/U5SJmsCRGGYdy7opHZb58yXI8eiIGp5MlgryFmmgrp1pg3OYzPOR9 zJjn7Pu1vsd97LM5hLnKrmNuYt02jLNSjr8HmpLyWCDZq4Jlfq1YgNYZZ4KOSxipia7Bxjcs nMOsxEWiolkVVT8CAwEAAaNWMFQwKgYFK2UBBAEEITAfAgEAMBowGAIBBAQTTDJ1TXlmZkJO VWJOSkpjZFoyczAYBgNVHREEETAPgQ1sYXJzZUBpc2kuZWR1MAwGA1UdEwEB/wQCMAAwDQYJ KoZIhvcNAQEEBQADgYEANRaPsUtrdJzTW0AMj/EQamqxOkZnzwnPWGryqskMKIf+OKa+eaXp zlBv8CHdffv9hrYpvzWUxk0WW+YJ2LRdd4fFiVGXZCGU60eYeZGf7Z8ORoexylJpvUuKZCE4 aPGY2/QZXDfOs1NE82Bhgltx59dpWfH2K0dxbpHslO8/IbowggM5MIICoqADAgECAgMKdm8w DQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUx EjAQBgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZp Y2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4z MDAeFw0wMzA4MDExNzI5MjlaFw0wNDA3MzExNzI5MjlaMFQxDzANBgNVBAQTBkVnZ2VydDEN MAsGA1UEKhMETGFyczEUMBIGA1UEAxMLTGFycyBFZ2dlcnQxHDAaBgkqhkiG9w0BCQEWDWxh cnNlQGlzaS5lZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG+z7i158FfuOb 8JZIKIHUoo3eR1alAdeG1r6CtDI1j55CzzAzAxHs3bDBtQT4mcjXql5SSbRIHQCvB9jHPf6i 3iVKtwqAHg+lq46uEGsSQV4HUinBg3kAGUg4MFCUvb8ffnFyVXy8jmMSfgiwXDv3rvD70ote 5ZOqHgG67JEhg7v14taNkguEJpevZPMXGUBDEA6HZCJP1OUiZrAkRhmHcu6KR2W+fMlyPHoi BqeTJYK8hZpoK6daYNzmMzzkfcyY5+z7tb7HfeyzOYS5yq5jbmLdNoyzUo6/B5qS8lgg2auC ZX6tWIDWGWeCjksYqYmuwcY3LJzDrMRFoqJZFVU/AgMBAAGjVjBUMCoGBStlAQQBBCEwHwIB ADAaMBgCAQQEE0wydU15ZmZCTlViTkpKY2RaMnMwGAYDVR0RBBEwD4ENbGFyc2VAaXNpLmVk dTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBADUWj7FLa3Sc01tADI/xEGpqsTpG Z88Jz1hq8qrJDCiH/jimvnml6c5Qb/Ah3X37/Ya2Kb81lMZNFlvmCdi0XXeHxYlRl2QhlOtH mHmRn+2fDkaHscpSab1LimQhOGjxmNv0GVw3zrNTRPNgYYJbcefXaVnx9itHcW6R7JTvPyG6 MYID1TCCA9ECAQEwgZowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUx EjAQBgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZp Y2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4z MAIDCnZvMAkGBSsOAwIaBQCgggIPMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI hvcNAQkFMQ8XDTAzMTEwNzE1MTUzMFowIwYJKoZIhvcNAQkEMRYEFEo8ZUyHppPqp/EIYeaX AbtvIoKwMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0G CCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGrBgkrBgEEAYI3EAQxgZ0w gZowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNh cGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNl czEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMAIDCnZvMIGtBgsq hkiG9w0BCRACCzGBnaCBmjCBkjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2Fw ZTESMBAGA1UEBxMJQ2FwZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsTFENlcnRp ZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0EgMjAwMC44 LjMwAgMKdm8wDQYJKoZIhvcNAQEBBQAEggEAuKRRfSGkwkL44aguMMNq6S3JOlhj3q/P9sqW bN7RBtfc/k4xsmXEJhGYqtncsLZm0unB5PA7308lhisAFExnbFn1eCbPjXne1rLabFN3cnAa lPw/cJfILuHU6RraABHpTKvqqQM4uxSGiPXK19pHQ8uAys62L12MSKcJklqxxfYlcmbiDryu aMHpbTwCnhIsauPd0U5yDb61kTPXFpV7OzTfdf9ScsCE4TKqOk53eP8avw/bAxSzw5JLjXUg i/NLSgqQgeMkmu4/eiqAi6Volqg/GizwKlW4S41+BGMEAIXVIAOCdl4qTKPmMj9cx/rzWmBQ ph6GzMWr4cI891M5lwAAAAAAAA== --------------ms020205070907020407010906-- From owner-freebsd-net@FreeBSD.ORG Fri Nov 7 10:47:44 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F7A416A4CE for ; Fri, 7 Nov 2003 10:47:44 -0800 (PST) Received: from relay.transip.nl (relay.transip.nl [80.69.66.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4718643FBF for ; Fri, 7 Nov 2003 10:47:43 -0800 (PST) (envelope-from freebsd@walter.transip.nl) Received: from blue.calx.nl (blue.calx.nl [213.84.201.224]) by relay.transip.nl (Postfix) with ESMTP id F340E34A4C3; Fri, 7 Nov 2003 19:47:40 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by blue.calx.nl (Postfix) with ESMTP id 19531A931; Fri, 7 Nov 2003 19:47:41 +0100 (CET) Received: from kai.calx.nl (kai.calx.nl [172.23.7.10]) by blue.calx.nl (Postfix) with ESMTP id 3A9A3A930; Fri, 7 Nov 2003 19:47:30 +0100 (CET) Date: Fri, 7 Nov 2003 19:47:37 +0100 From: Walter Hop X-Mailer: The Bat! (v2.00.6) Business X-Priority: 3 (Normal) Message-ID: <864138000.20031107194737@blue.calx.nl> To: Helge Oldach In-Reply-To: <200311061405.PAA15335@galaxy.hbg.de.ao-srv.com> References: <167116793500.20031106031202@blue.calx.nl> from Walter Hop at "Nov 6, 2003 3:12: 2 am" <200311061405.PAA15335@galaxy.hbg.de.ao-srv.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by blue.calx.nl cc: freebsd-net@freebsd.org Subject: Re[2]: Connect two LANs over an IPv4 tunnel? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Nov 2003 18:47:44 -0000 [in reply to helge.oldach@atosorigin.com, 6-11-2003] >>I would like to connect two networks (home and work), so that I can set >>up my home workstations in the same subnet as the work LAN. Out of this >>/24, I would like to use a /29 at home. >> >>(attempt 2) >> >>The gif tunnel worked and the boxes can ping eachother over it, so I >>assigned private addresses to the gif endpoints. Then I tried adding some >>home IP aliases to the work box's ethernet interface and using forwarding >>and "route delete/add" in the hope that packets would be routed to the >>gateway in private-space across gif1. > > You do not need IP aliases (I presume you mean static ARP entries), but > just need to get the routes right. Proxy ARP will do the rest for you: > > sysctl net.link.ether.inter.proxyall=1 Helge, I am eternally grateful. This simple sysctl made it all work. :) Thank you! cheers, walter From owner-freebsd-net@FreeBSD.ORG Fri Nov 7 12:06:11 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ADE1116A4CE for ; Fri, 7 Nov 2003 12:06:11 -0800 (PST) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id E094943FE3 for ; Fri, 7 Nov 2003 12:06:10 -0800 (PST) (envelope-from ahoff@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2657.72) id ; Fri, 7 Nov 2003 15:06:10 -0500 Message-ID: From: Alex Hoff To: "'freebsd-net@freebsd.org'" Date: Fri, 7 Nov 2003 15:06:09 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="iso-8859-1" Subject: 64 bit packet counters X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Nov 2003 20:06:11 -0000 Hi, We are attempting to implement the IF-MIB, which requires the use of 64 bit packet counters and the differentiation between multicast and broadcast pkts. Since changing the if_data (by adding new counters and changing the existing to u_int64) is a bad idea, does anyone have any good ideas on how to do this? I was thinking of tacking on a new struct (lets call it ifx_data) on at the end of the current if_net struct with the appropriate counters (i/opacket, i/obyte, i/obcast, i/omcast). Apart from having to do a little double counting is there any obvious pitfals with this approach? Does anyone have an better ideas? Is there currently any plans to update the network stack to handle this properly? Thanks, Alex Hoff From owner-freebsd-net@FreeBSD.ORG Fri Nov 7 16:38:33 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E341316A4CE for ; Fri, 7 Nov 2003 16:38:33 -0800 (PST) Received: from ints.mail.pike.ru (ints.mail.pike.ru [195.9.45.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4288743FF2 for ; Fri, 7 Nov 2003 16:38:32 -0800 (PST) (envelope-from babolo@cicuta.babolo.ru) Received: (qmail 50240 invoked from network); 8 Nov 2003 00:52:09 -0000 Received: from babolo.ru (HELO cicuta.babolo.ru) (194.58.226.160) by ints.mail.pike.ru with SMTP; 8 Nov 2003 00:52:09 -0000 Received: (nullmailer pid 89844 invoked by uid 136); Sat, 08 Nov 2003 00:40:22 -0000 X-ELM-OSV: (Our standard violations) hdr-charset=KOI8-R; no-hdr-encoding=1 In-Reply-To: <022501c3a491$e46bf780$6e2a6ba5@lc.ca.gov> To: Drew Tomlinson Date: Sat, 8 Nov 2003 03:40:22 +0300 (MSK) From: "."@babolo.ru X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Message-Id: <1068252022.523087.89843.nullmailer@cicuta.babolo.ru> cc: freebsd-net@freebsd.org Subject: Re: Routing With Two ISPs? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Nov 2003 00:38:34 -0000 [ Charset windows-1252 unsupported, converting... ] > I have a 4.8 box serving as a gateway with two connections to the > Internet. Is there some way to set the box up so that packets are > routed out through the same interface from which they arrived? For > example, if a connection is initiated on port 80 from a packet arriving > on one interface, is there a way to make the outgoing packets from my > web server use that same interface as a gateway instead of the default > interface? > > Any suggestions appreciated. It's easy IMHO Each external iface with it's own natd, each forwards 80 port incoming to two http servers with different IP or port. outgoing traffic can be forwarded to appropriate natd via ipfw rules depending on src IP or port From owner-freebsd-net@FreeBSD.ORG Sat Nov 8 01:13:54 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 028B516A4CE for ; Sat, 8 Nov 2003 01:13:53 -0800 (PST) Received: from mailhub.fokus.fraunhofer.de (mailhub.fokus.fraunhofer.de [193.174.154.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8250843F75 for ; Sat, 8 Nov 2003 01:13:52 -0800 (PST) (envelope-from brandt@fokus.fraunhofer.de) Received: from beagle (beagle [193.175.132.100])hA89DmU01446; Sat, 8 Nov 2003 10:13:48 +0100 (MET) Date: Sat, 8 Nov 2003 10:13:48 +0100 (CET) From: Harti Brandt To: Alex Hoff In-Reply-To: Message-ID: <20031108100926.M78050@beagle.fokus.fraunhofer.de> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: "'freebsd-net@freebsd.org'" Subject: Re: 64 bit packet counters X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Nov 2003 09:13:54 -0000 On Fri, 7 Nov 2003, Alex Hoff wrote: AH>Hi, AH> AH>We are attempting to implement the IF-MIB, which requires the use of 64 bit AH>packet counters and the differentiation between multicast and broadcast AH>pkts. Since changing the if_data (by adding new counters and changing the AH>existing to u_int64) is a bad idea, does anyone have any good ideas on how AH>to do this? I was thinking of tacking on a new struct (lets call it AH>ifx_data) on at the end of the current if_net struct with the appropriate AH>counters (i/opacket, i/obyte, i/obcast, i/omcast). Apart from having to do a AH>little double counting is there any obvious pitfals with this approach? Does AH>anyone have an better ideas? Is there currently any plans to update the AH>network stack to handle this properly? You may lookup the discussions in the mailing lists. As far as I remember the problem with 64 bit counting was that this needs locks because not on all architectures you have atomic 64bit add operations. A simple method that does not involve kernel changes (and that I plan to implement in my snmp daemon) is to periodically monitor the counters (depending on the interface speed) and detect wraps in the daemon. harti -- harti brandt, http://www.fokus.fraunhofer.de/research/cc/cats/employees/hartmut.brandt/private brandt@fokus.fraunhofer.de, harti@freebsd.org From owner-freebsd-net@FreeBSD.ORG Sat Nov 8 13:32:56 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B640E16A4CE for ; Sat, 8 Nov 2003 13:32:56 -0800 (PST) Received: from smtp1.knology.net (smtp1.knology.net [24.214.63.226]) by mx1.FreeBSD.org (Postfix) with SMTP id D090543FF5 for ; Sat, 8 Nov 2003 13:32:55 -0800 (PST) (envelope-from jamnt@knology.net) Received: (qmail 25040 invoked from network); 8 Nov 2003 21:32:55 -0000 Received: from unknown (HELO knology.net) (69.1.1.32) by smtp1.knology.net with SMTP; 8 Nov 2003 21:32:55 -0000 Message-ID: <3FAD6103.1010407@knology.net> Date: Sat, 08 Nov 2003 16:32:51 -0500 From: Michal User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5b) Gecko/20030919 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: problems caused by net.inet.tcp.blackhole=2 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Nov 2003 21:32:56 -0000 Hello, maybe someone will be able to help me with the problem. Namely setting net.inet.tcp.blackhole=2 make samba to start very slow (90sec). Also smbclient is slow. After samba starts there is no delay to connect from the another machine with persistant local problems (smbclient). Additionally the sysctl setting has veird impact on mozilla: trying to write to web forms causes freezing of mozilla. Now setting net.inet.tcp.blackhole=0 reverts all the problemsr: samba starts fast and no problems with writing to the web forms. my system: FreeBSD 5.1-CURRENT #0: Thu Oct 30 17:49:13 EST 2003 ports updated 11-08-03 I appreciate any suggestions From owner-freebsd-net@FreeBSD.ORG Sat Nov 8 15:25:32 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC61E16A4CE for ; Sat, 8 Nov 2003 15:25:32 -0800 (PST) Received: from gw.catspoiler.org (217-ip-163.nccn.net [209.79.217.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2A30043FBF for ; Sat, 8 Nov 2003 15:25:32 -0800 (PST) (envelope-from truckman@FreeBSD.org) Received: from FreeBSD.org (mousie.catspoiler.org [192.168.101.2]) by gw.catspoiler.org (8.12.9p2/8.12.9) with ESMTP id hA8NPIeF062364; Sat, 8 Nov 2003 15:25:25 -0800 (PST) (envelope-from truckman@FreeBSD.org) Message-Id: <200311082325.hA8NPIeF062364@gw.catspoiler.org> Date: Sat, 8 Nov 2003 15:25:18 -0800 (PST) From: Don Lewis To: jamnt@knology.net In-Reply-To: <3FAD6103.1010407@knology.net> MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii cc: freebsd-net@FreeBSD.org Subject: Re: problems caused by net.inet.tcp.blackhole=2 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Nov 2003 23:25:33 -0000 On 8 Nov, Michal wrote: > Hello, > maybe someone will be able to help me with the problem. Namely setting > net.inet.tcp.blackhole=2 make samba to start very slow (90sec). Also > smbclient is slow. After samba starts there is no delay to connect from > the another machine with persistant local problems (smbclient). > Additionally the sysctl setting has veird impact on mozilla: trying to > write to web forms causes freezing of mozilla. Now setting > net.inet.tcp.blackhole=0 reverts all the problemsr: samba starts fast > and no problems with writing to the web forms. > my system: > FreeBSD 5.1-CURRENT #0: Thu Oct 30 17:49:13 EST 2003 > ports updated 11-08-03 > > I appreciate any suggestions I looked at a similar problem that someone was having a while back. It appears that the problem is that this sysctl setting is suppressing the sending of TCP RST packets which are needed to tear down dead connections, and if one end of the connection thinks the connection is still established, it is not possible to create a new connection between the hosts that reuses the same addresses and ports as the old connection. Since the whole point of net.inet.tcp.blackhole=2 is to block the RST packets that could allow the host to be scanned, I suspect you are stuck. From owner-freebsd-net@FreeBSD.ORG Sat Nov 8 17:51:36 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA5C516A4D0 for ; Sat, 8 Nov 2003 17:51:36 -0800 (PST) Received: from ints.mail.pike.ru (ints.mail.pike.ru [195.9.45.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 50FD543FAF for ; Sat, 8 Nov 2003 17:51:34 -0800 (PST) (envelope-from babolo@cicuta.babolo.ru) Received: (qmail 89773 invoked from network); 9 Nov 2003 02:05:16 -0000 Received: from babolo.ru (HELO cicuta.babolo.ru) (194.58.226.160) by ints.mail.pike.ru with SMTP; 9 Nov 2003 02:05:16 -0000 Received: (nullmailer pid 98774 invoked by uid 136); Sun, 09 Nov 2003 01:53:28 -0000 X-ELM-OSV: (Our standard violations) hdr-charset=KOI8-R; no-hdr-encoding=1 In-Reply-To: <1068252022.523087.89843.nullmailer@cicuta.babolo.ru> To: "."@babolo.ru Date: Sun, 9 Nov 2003 04:53:27 +0300 (MSK) From: "."@babolo.ru X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Message-Id: <1068342808.056984.98773.nullmailer@cicuta.babolo.ru> cc: Drew Tomlinson cc: freebsd-net@freebsd.org Subject: Re: Routing With Two ISPs? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Nov 2003 01:51:36 -0000 > [ Charset windows-1252 unsupported, converting... ] > > I have a 4.8 box serving as a gateway with two connections to the > > Internet. Is there some way to set the box up so that packets are > > routed out through the same interface from which they arrived? For > > example, if a connection is initiated on port 80 from a packet arriving > > on one interface, is there a way to make the outgoing packets from my > > web server use that same interface as a gateway instead of the default > > interface? > > > > Any suggestions appreciated. > It's easy IMHO > > Each external iface with it's own natd, > each forwards 80 port incoming to two > http servers with different IP or port. > > outgoing traffic can be forwarded to appropriate > natd via ipfw rules depending on src IP or port both servers share the same content. Sorry, my English is bad