From owner-freebsd-ipfw@FreeBSD.ORG Sun Nov 14 14:24:27 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 348A016A4D0 for ; Sun, 14 Nov 2004 14:24:27 +0000 (GMT) Received: from iscan1.intra.oki.co.jp (okigate.oki.co.jp [202.226.91.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 313D843D5A for ; Sun, 14 Nov 2004 14:24:25 +0000 (GMT) (envelope-from yamamoto436@oki.com) Received: from aoi.bmc.oki.co.jp (localhost.localdomain [127.0.0.1]) by iscan1.intra.oki.co.jp (8.9.3/8.9.3) with SMTP id XAA13247 for ; Sun, 14 Nov 2004 23:24:23 +0900 Received: (qmail 29490 invoked from network); 14 Nov 2004 23:24:23 +0900 Received: from tulip.bmc.oki.co.jp (172.19.234.100) by aoi.bmc.oki.co.jp with SMTP; 14 Nov 2004 23:24:23 +0900 Received: from localhost (tulip [172.19.234.100]) by tulip.bmc.oki.co.jp (8.13.1/8.12.11) with ESMTP id iAEEON8O015495; Sun, 14 Nov 2004 23:24:23 +0900 (JST) (envelope-from yamamoto436@oki.com) Date: Sun, 14 Nov 2004 23:24:23 +0900 (JST) Message-Id: <20041114.232423.71097254.yamamoto436@oki.com> To: freebsd-stable@freebsd.org, freebsd-ipfw@freebsd.org From: Hideki Yamamoto In-Reply-To: <20041107.061547.71182690.yamamoto436@oki.com> References: <20041104.015341.71171019.yamamoto436@oki.com> <20041107.061547.71182690.yamamoto436@oki.com> X-Mailer: Mew version 3.3 on Emacs 21.2 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re: IPv6 bridge + gif tunnel X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Nov 2004 14:24:27 -0000 Hi, About the combination between bridge function and gif tunnel function, I have tested it on FreeBSD 4.10, but not succeeded. FreeBSD 4.10 box shows the message when we typed 'sysctl net.link.ether.bridge_cfg=rl0,gif0', gif0 is not an ethernet, continue interface gif0 Not found in bridge. I changed operating system from FreeBSD to OpneBSD 3.5, and succeeded. Multicast and unicast UDP packets, ICMP packets are bridged without losing packets. It seems that the bridge function on OpenBSD is better than FreeBSD. Though I will use OpenBSD for a while as a test tool, I hope OpenBSD bridge function will be ported into FreeBSD in the future. Does anyone have a plan to port it? Regards, Hideki Yamamoto. From: Hideki Yamamoto Subject: Re: IPv6 bridge + gif tunnel Date: Sun, 07 Nov 2004 06:15:47 +0900 (JST) Message-ID: <20041107.061547.71182690.yamamoto436@oki.com> > > Hi, > > I would like to make my problems clear. > I have two questions about bridge function in the following figure. > > (1) Can we use bridge function over psuedo devices such as > gif and tun? > > box3# ifconfig bge0 inet 133.149.0.2 netmask 255.255.255.0 > box2# ifconfig create gif0 > box2# gifconfig gif0 inet 133.149.0.2 133.149.1.2 > box2# sysctl net.link.ether.bridge: 1 > box2# sysctl net.link.ether.bridge_cfg: fxp0,gif0 > > box3# ifconfig bge1 inet 133.149.1.2 netmask 255.255.255.0 > box3# ifconfig create gif1 > box3# gifconfig gif1 inet 133.149.1.2 133.149.0.2 > box3# sysctl net.link.ether.bridge: 1 > box3# sysctl net.link.ether.bridge_cfg: gif1,fxp0 > > (2) Can any protocols go through between IPv6 MC router and > IPv6 terminal in this step2 figure? Are there any limitations? > Is IPv6 packet available? > > > <> IPv6 bridge cascaded by gif tunnel > > > > +------box#2------------------+ > > [IPv6 MC router ]-+---------+-(fxp0) IPv6 bridge | > > | | > > | | > > (IPv4)133.149.0.2 +--+-(bge0) IPv6 bridge and IPv4 | > > | | (gif0) IPv6 over IPv4 | > > | +-----------------------------+ > > | > > > > | > > | +-------box#3-----------------+ > > (IPv4)133.149.1.2 +--+-(bge1) IPv6 bridge and IPv4 | > > | (gif1) IPv6 over IPv4 | > > | | > > | | > > | | > > +--+-(fxp0) IPv6 bridge | > > | +-----------------------------+ > > | > > | term#2 > > +-----[IPv6 terminal(NDP client)] > > > > Thanks in advance > > Hidei Yamamoto > ----------------------------------------------------------------- Hideki YAMAMOTO | Broadband Media Solutions Department | E-mail: yamamoto436@oki.com Broadband Media Company | Tel: +81-48-420-7012 Oki Electric Industry Co., Ltd. | FAX: +81-48-420-7016 From owner-freebsd-ipfw@FreeBSD.ORG Sun Nov 14 14:25:51 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 72D7316A4D0 for ; Sun, 14 Nov 2004 14:25:51 +0000 (GMT) Received: from ns.nnt.ru (ns.nnt.ru [217.72.1.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 10DBD43D2D for ; Sun, 14 Nov 2004 14:25:51 +0000 (GMT) (envelope-from nobody@ns.nnt.ru) Received: from drweb by ns.nnt.ru with drweb-scanned (Exim 3.36 #1) id 1CTLJd-000LSO-00 for freebsd-ipfw@freebsd.org; Sun, 14 Nov 2004 17:25:17 +0300 Received: from nobody by ns.nnt.ru with local (Exim 3.36 #1) id 1CTLJc-000LS9-00; Sun, 14 Nov 2004 17:25:16 +0300 Received: from mx2.freebsd.org ([216.136.204.119]) by ns.nnt.ru with esmtp (Exim 3.36 #1) id 1CTLJb-000LRy-00 for goblin@nnt.ru; Sun, 14 Nov 2004 17:25:15 +0300 Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id A9BE956FBD; Sun, 14 Nov 2004 14:24:36 +0000 (GMT) (envelope-from owner-freebsd-stable@freebsd.org) Received: from hub.freebsd.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 4ACCB16A4E2; Sun, 14 Nov 2004 14:24:33 +0000 (GMT) Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B23816A4CE for ; Sun, 14 Nov 2004 14:24:27 +0000 (GMT) Received: from iscan1.intra.oki.co.jp (okigate.oki.co.jp [202.226.91.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3056743D3F for ; Sun, 14 Nov 2004 14:24:25 +0000 (GMT) (envelope-from yamamoto436@oki.com) Received: from aoi.bmc.oki.co.jp (localhost.localdomain [127.0.0.1]) by iscan1.intra.oki.co.jp (8.9.3/8.9.3) with SMTP id XAA13248 for ; Sun, 14 Nov 2004 23:24:23 +0900 Received: (qmail 29490 invoked from network); 14 Nov 2004 23:24:23 +0900 Received: from tulip.bmc.oki.co.jp (172.19.234.100) by aoi.bmc.oki.co.jp with SMTP; 14 Nov 2004 23:24:23 +0900 Received: from localhost (tulip [172.19.234.100]) by tulip.bmc.oki.co.jp (8.13.1/8.12.11) with ESMTP id iAEEON8O015495; Sun, 14 Nov 2004 23:24:23 +0900 (JST) (envelope-from yamamoto436@oki.com) Date: Sun, 14 Nov 2004 23:24:23 +0900 (JST) Message-Id: <20041114.232423.71097254.yamamoto436@oki.com> To: freebsd-stable@freebsd.org, freebsd-ipfw@freebsd.org From: Hideki Yamamoto In-Reply-To: <20041107.061547.71182690.yamamoto436@oki.com> References: <20041104.015341.71171019.yamamoto436@oki.com> <20041107.061547.71182690.yamamoto436@oki.com> X-Mailer: Mew version 3.3 on Emacs 21.2 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Errors-To: owner-freebsd-stable@freebsd.org X-bogoflag: true X-2Bogosity: No, tests=bogofilter, spamicity=0.500116, version=0.92.8 Subject: Re: IPv6 bridge + gif tunnel X-BeenThere: freebsd-ipfw@freebsd.org List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Nov 2004 14:25:51 -0000 Hi, About the combination between bridge function and gif tunnel function, I have tested it on FreeBSD 4.10, but not succeeded. FreeBSD 4.10 box shows the message when we typed 'sysctl net.link.ether.bridge_cfg=rl0,gif0', gif0 is not an ethernet, continue interface gif0 Not found in bridge. I changed operating system from FreeBSD to OpneBSD 3.5, and succeeded. Multicast and unicast UDP packets, ICMP packets are bridged without losing packets. It seems that the bridge function on OpenBSD is better than FreeBSD. Though I will use OpenBSD for a while as a test tool, I hope OpenBSD bridge function will be ported into FreeBSD in the future. Does anyone have a plan to port it? Regards, Hideki Yamamoto. From: Hideki Yamamoto Subject: Re: IPv6 bridge + gif tunnel Date: Sun, 07 Nov 2004 06:15:47 +0900 (JST) Message-ID: <20041107.061547.71182690.yamamoto436@oki.com> > > Hi, > > I would like to make my problems clear. > I have two questions about bridge function in the following figure. > > (1) Can we use bridge function over psuedo devices such as > gif and tun? > > box3# ifconfig bge0 inet 133.149.0.2 netmask 255.255.255.0 > box2# ifconfig create gif0 > box2# gifconfig gif0 inet 133.149.0.2 133.149.1.2 > box2# sysctl net.link.ether.bridge: 1 > box2# sysctl net.link.ether.bridge_cfg: fxp0,gif0 > > box3# ifconfig bge1 inet 133.149.1.2 netmask 255.255.255.0 > box3# ifconfig create gif1 > box3# gifconfig gif1 inet 133.149.1.2 133.149.0.2 > box3# sysctl net.link.ether.bridge: 1 > box3# sysctl net.link.ether.bridge_cfg: gif1,fxp0 > > (2) Can any protocols go through between IPv6 MC router and > IPv6 terminal in this step2 figure? Are there any limitations? > Is IPv6 packet available? > > > <> IPv6 bridge cascaded by gif tunnel > > > > +------box#2------------------+ > > [IPv6 MC router ]-+---------+-(fxp0) IPv6 bridge | > > | | > > | | > > (IPv4)133.149.0.2 +--+-(bge0) IPv6 bridge and IPv4 | > > | | (gif0) IPv6 over IPv4 | > > | +-----------------------------+ > > | > > > > | > > | +-------box#3-----------------+ > > (IPv4)133.149.1.2 +--+-(bge1) IPv6 bridge and IPv4 | > > | (gif1) IPv6 over IPv4 | > > | | > > | | > > | | > > +--+-(fxp0) IPv6 bridge | > > | +-----------------------------+ > > | > > | term#2 > > +-----[IPv6 terminal(NDP client)] > > > > Thanks in advance > > Hidei Yamamoto > ----------------------------------------------------------------- Hideki YAMAMOTO | Broadband Media Solutions Department | E-mail: yamamoto436@oki.com Broadband Media Company | Tel: +81-48-420-7012 Oki Electric Industry Co., Ltd. | FAX: +81-48-420-7016 _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" From owner-freebsd-ipfw@FreeBSD.ORG Mon Nov 15 11:02:39 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0350216A4CE for ; Mon, 15 Nov 2004 11:02:39 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id E88D143D2F for ; Mon, 15 Nov 2004 11:02:38 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id iAFB2c8F075094 for ; Mon, 15 Nov 2004 11:02:38 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id iAFB2coU075088 for ipfw@freebsd.org; Mon, 15 Nov 2004 11:02:38 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 15 Nov 2004 11:02:38 GMT Message-Id: <200411151102.iAFB2coU075088@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: ipfw@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Nov 2004 11:02:39 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/04/22] kern/51274 ipfw ipfw2 create dynamic rules with parent nu f [2003/04/24] kern/51341 ipfw ipfw rule 'deny icmp from any to any icmp o [2003/12/11] kern/60154 ipfw ipfw core (crash) o [2004/03/03] kern/63724 ipfw IPFW2 Queues dont t work f [2004/03/25] kern/64694 ipfw [ipfw] UID/GID matching in ipfw non-funct 5 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- a [2001/04/13] kern/26534 ipfw Add an option to ipfw to log gid/uid of w o [2002/12/10] kern/46159 ipfw ipfw dynamic rules lifetime feature o [2003/02/11] kern/48172 ipfw ipfw does not log size and flags o [2003/03/10] kern/49086 ipfw [patch] Make ipfw2 log to different syslo o [2003/04/09] bin/50749 ipfw ipfw2 incorrectly parses ports and port r o [2003/08/26] kern/55984 ipfw [patch] time based firewalling support fo o [2003/12/30] kern/60719 ipfw ipfw: Headerless fragments generate cryp o [2004/08/03] kern/69963 ipfw ipfw: install_state warning about already o [2004/09/04] kern/71366 ipfw "ipfw fwd" sometimes rewrites destination 9 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Tue Nov 16 14:06:49 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D01E216A4CE for ; Tue, 16 Nov 2004 14:06:49 +0000 (GMT) Received: from mcoref01.st2.lyceu.net (mcoref01.st2.lyceu.net [212.78.204.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8033C43D1D for ; Tue, 16 Nov 2004 14:06:49 +0000 (GMT) (envelope-from hobi@sport.com) Received: from wmphpf12.st2.lyceu.net (wmphpf12.st2.lyceu.net [212.78.204.72]) by mcoref01.st2.lyceu.net (Postfix) with SMTP id 0D6BD9CBB8 for ; Tue, 16 Nov 2004 15:06:48 +0100 (CET) Received: (nullmailer pid 11000 invoked by uid 103962887); Tue, 16 Nov 2004 14:06:42 -0000 To: freebsd-ipfw@freebsd.org Received: from phpmailer by localhost.localdomain with local (PHPMailer); Tue, 16 Nov 2004 15:06:39 +0100 Date: Tue, 16 Nov 2004 15:06:39 +0100 From: Yourname Message-ID: <69a7bb208d739c43ab11d089a8b62117@localhost.localdomain> X-Priority: 3 X-Mailer: PHPMailer [version 1.71] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="iso-8859-1" X-MM-Mail-From-Script: /authenticos/maillist/admin.php X-Complains-To: abuse@lycos.co.uk X-MM-Mail-From-IP: 80.80.139.155 Errors-To: authenticos@lycos.co.uk Subject: bg X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Nov 2004 14:06:49 -0000 bg From owner-freebsd-ipfw@FreeBSD.ORG Tue Nov 16 14:07:46 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4718B16A4CE for ; Tue, 16 Nov 2004 14:07:46 +0000 (GMT) Received: from mcoref01.st2.lyceu.net (mcoref01.st2.lyceu.net [212.78.204.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id CC19F43D31 for ; Tue, 16 Nov 2004 14:07:45 +0000 (GMT) (envelope-from authenticos@lycos.co.uk) Received: from wmphpf05.st2.lyceu.net (wmphpf05.st2.lyceu.net [212.78.204.65]) by mcoref01.st2.lyceu.net (Postfix) with ESMTP id 2228A9CBC5 for ; Tue, 16 Nov 2004 15:07:45 +0100 (CET) Received: by wmphpf05.st2.lyceu.net (Postfix, from userid 103962887) id 1C14A3A48; Tue, 16 Nov 2004 15:07:45 +0100 (CET) To: freebsd-ipfw@freebsd.org Received: from phpmailer by localhost.localdomain with local (PHPMailer); Tue, 16 Nov 2004 15:07:42 +0100 Date: Tue, 16 Nov 2004 15:07:42 +0100 From: Yourname Message-ID: X-Priority: 3 X-Mailer: PHPMailer [version 1.71] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="iso-8859-1" X-MM-Mail-From-Script: /authenticos/maillist/admin.php X-Complains-To: abuse@lycos.co.uk X-MM-Mail-From-IP: 80.80.139.155 Errors-To: authenticos@lycos.co.uk Subject: bg X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Nov 2004 14:07:46 -0000 bg From owner-freebsd-ipfw@FreeBSD.ORG Tue Nov 16 14:12:28 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 08C8516A4CE for ; Tue, 16 Nov 2004 14:12:28 +0000 (GMT) Received: from mcoref01.st2.lyceu.net (mcoref01.st2.lyceu.net [212.78.204.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id C032F43D5C for ; Tue, 16 Nov 2004 14:12:27 +0000 (GMT) (envelope-from authenticos@lycos.co.uk) Received: from wmphpf07.st2.lyceu.net (wmphpf07.st2.lyceu.net [212.78.204.67]) by mcoref01.st2.lyceu.net (Postfix) with ESMTP id 1D7019CBAD for ; Tue, 16 Nov 2004 15:12:27 +0100 (CET) Received: by wmphpf07.st2.lyceu.net (Postfix, from userid 103962887) id 1420852ED; Tue, 16 Nov 2004 15:12:27 +0100 (CET) To: freebsd-ipfw@freebsd.org Received: from phpmailer by localhost.localdomain with local (PHPMailer); Tue, 16 Nov 2004 15:12:24 +0100 Date: Tue, 16 Nov 2004 15:12:24 +0100 From: Yourname Message-ID: <02acd9583843ea019395e06ec30a8faa@localhost.localdomain> X-Priority: 3 X-Mailer: PHPMailer [version 1.71] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="iso-8859-1" X-MM-Mail-From-Script: /authenticos/maillist/admin.php X-Complains-To: abuse@lycos.co.uk X-MM-Mail-From-IP: 80.80.139.155 Errors-To: authenticos@lycos.co.uk Subject: bg X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Nov 2004 14:12:28 -0000 bg From owner-freebsd-ipfw@FreeBSD.ORG Wed Nov 17 18:57:40 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 91AF916A4CE for ; Wed, 17 Nov 2004 18:57:40 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 30F5143D49 for ; Wed, 17 Nov 2004 18:57:40 +0000 (GMT) (envelope-from chrcoluk@gmail.com) Received: by rproxy.gmail.com with SMTP id b11so949848rne for ; Wed, 17 Nov 2004 10:57:13 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=cyofXHoQOqSdj64uZwS3L/GeyrQkIZfcJ8tLUnwmONLtvQgzWYvdpjbP1gcGOrYl4eZAgQN7kRZiZyqWzX60JWSZLgc6a/jwf9letGDB2sxuaLyXO1CRTjhKLBFIDG6KEJwc1XuPYiUWMdsWKbrBCs0DDVKR5Rimt/p14qEhF3Q= Received: by 10.38.59.43 with SMTP id h43mr672627rna; Wed, 17 Nov 2004 10:56:37 -0800 (PST) Received: by 10.39.1.21 with HTTP; Wed, 17 Nov 2004 10:56:31 -0800 (PST) Message-ID: <3aaaa3a041117105628434380@mail.gmail.com> Date: Wed, 17 Nov 2004 18:56:31 +0000 From: Chris To: freebsd-ipfw@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: logging in ipfw X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Chris List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Nov 2004 18:57:40 -0000 Hi, can ipfw be made to log the packet size, as this can be useful in diagnosing type's of attacks against the server. From owner-freebsd-ipfw@FreeBSD.ORG Thu Nov 18 00:34:19 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 98DAC16A4CE for ; Thu, 18 Nov 2004 00:34:19 +0000 (GMT) Received: from smtp15.wxs.nl (smtp15.wxs.nl [195.121.6.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5C52E43D49 for ; Thu, 18 Nov 2004 00:34:19 +0000 (GMT) (envelope-from freebsd@akruijff.dds.nl) Received: from kruij557.speed.planet.nl (ipd50a97ba.speed.planet.nl [213.10.151.186]) by smtp15.wxs.nl (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0I7C00H1NMTO0W@smtp15.wxs.nl> for freebsd-ipfw@freebsd.org; Thu, 18 Nov 2004 01:32:13 +0100 (CET) Received: from Alex.lan (localhost [127.0.0.1]) by kruij557.speed.planet.nl (8.13.1/8.13.1) with ESMTP id iAI0WAQ9097385; Thu, 18 Nov 2004 01:32:10 +0100 Received: (from akruijff@localhost) by Alex.lan (8.13.1/8.13.1/Submit) id iAI0W9XR097384; Thu, 18 Nov 2004 01:32:09 +0100 Content-return: prohibited Date: Thu, 18 Nov 2004 01:32:09 +0100 From: Alex de Kruijff In-reply-to: To: LD Message-id: <20041118003209.GB1062@Alex.lan> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Content-disposition: inline User-Agent: Mutt/1.4.2.1i References: <200411081938.56359.akhthar@carmatec.com> X-Authentication-warning: Alex.lan: akruijff set sender to freebsd@akruijff.dds.nl using -f cc: FreeBSD-IPFW Subject: Re: Stop firewall service X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Nov 2004 00:34:19 -0000 On Tue, Nov 09, 2004 at 03:53:48AM +1100, LD wrote: > `ipfw -f flush' A flush either denies all traffic or passes all traffic depending on you (kernel) setup. -- Alex Please copy the original recipients, otherwise I may not read your reply. WWW: http://www.kruijff.org/alex/FreeBSD/ From owner-freebsd-ipfw@FreeBSD.ORG Thu Nov 18 00:43:18 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C7FC16A4D1 for ; Thu, 18 Nov 2004 00:43:18 +0000 (GMT) Received: from smtp19.wxs.nl (smtp19.wxs.nl [195.121.6.15]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2391C43D5A for ; Thu, 18 Nov 2004 00:43:18 +0000 (GMT) (envelope-from freebsd@akruijff.dds.nl) Received: from kruij557.speed.planet.nl (ipd50a97ba.speed.planet.nl [213.10.151.186]) by smtp19.wxs.nl (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTP id <0I7C00L35NA3IS@smtp19.wxs.nl> for freebsd-ipfw@freebsd.org; Thu, 18 Nov 2004 01:42:03 +0100 (CET) Received: from Alex.lan (localhost [127.0.0.1]) by kruij557.speed.planet.nl (8.13.1/8.13.1) with ESMTP id iAI0g0Go097431; Thu, 18 Nov 2004 01:42:00 +0100 Received: (from akruijff@localhost) by Alex.lan (8.13.1/8.13.1/Submit) id iAI0fxcH097430; Thu, 18 Nov 2004 01:41:59 +0100 Content-return: prohibited Date: Thu, 18 Nov 2004 01:41:59 +0100 From: Alex de Kruijff In-reply-to: <418766FE.50702@sofia.itdnet.net> To: Evgeny Ivanov Message-id: <20041118004159.GC1062@Alex.lan> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Content-disposition: inline User-Agent: Mutt/1.4.2.1i References: <418766FE.50702@sofia.itdnet.net> X-Authentication-warning: Alex.lan: akruijff set sender to freebsd@akruijff.dds.nl using -f cc: freebsd-ipfw@freebsd.org Subject: Re: bandwidth limitations X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Nov 2004 00:43:18 -0000 On Tue, Nov 02, 2004 at 12:52:46PM +0200, Evgeny Ivanov wrote: > > > HI all, > > > I have a problem/question. This is something that I cannot explain to > myself why it is happening. > > The machine was originaly installed on 4.9 Stable and was upgrated to > 4.10. The IPFW is version 2 - because i needed to use the lookup tables > and the autonic step change. I use the lookup tables to split the > trafffic ( received from IPS for the 3 nets ) into 2 flows - a local > one and international. I am doing that by describing the networks into > table and then using skipto for sending it to different pipes. I dont > use queue becaus it is not working quite well with ipfw2. The rules are > like that: I've had a problem in the pas with Queus on 5.2, but this is now resolved. I have no problem. > > 00005 180161 262752066 skipto 1100 ip from table(1) to net2 out via fxp2 > 01000 8121 5276242 pipe 1000 ip from any to net2 out via fxp2 > 01100 180161 262752066 pipe 1100 ip from any to net2 out via fxp2 > 65535 88428442 64567418299 allow ip from any to any > > Same is for each other 2 nets. The router/shaper ISP-NIC has no any > limitations. All NICs are fxp's. > > The problem is that I have is that when I load the ipfw rules I cannot > use more than 30Mbps received from ISP-NIC. When I flush the rules the > speed goes up to 80Mbps. > > Can anyone give an advice why is that? What should I do to use at least > 80Mbps after applying the rules? I'm guessing you are using natd. You could check with top to see if natd taked up much CPU power. If this is the case then you need to pass less packets thougth natd. -- Alex Please copy the original recipients, otherwise I may not read your reply. WWW: http://www.kruijff.org/alex/FreeBSD/ From owner-freebsd-ipfw@FreeBSD.ORG Fri Nov 19 11:18:57 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C10D216A4CE; Fri, 19 Nov 2004 11:18:57 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9C78B43D1F; Fri, 19 Nov 2004 11:18:57 +0000 (GMT) (envelope-from arved@FreeBSD.org) Received: from freefall.freebsd.org (arved@localhost [127.0.0.1]) iAJBIv9m058338; Fri, 19 Nov 2004 11:18:57 GMT (envelope-from arved@freefall.freebsd.org) Received: (from arved@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id iAJBIv2i058334; Fri, 19 Nov 2004 11:18:57 GMT (envelope-from arved) Date: Fri, 19 Nov 2004 11:18:57 GMT From: Tilman Linneweh Message-Id: <200411191118.iAJBIv2i058334@freefall.freebsd.org> To: arved@FreeBSD.org, freebsd-bugs@FreeBSD.org, ipfw@FreeBSD.org Subject: Re: kern/74104: ipfw2/1 conflict not detected or reported, manpage unclear X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Nov 2004 11:18:57 -0000 Synopsis: ipfw2/1 conflict not detected or reported, manpage unclear Responsible-Changed-From-To: freebsd-bugs->ipfw Responsible-Changed-By: arved Responsible-Changed-When: Fri Nov 19 11:18:38 GMT 2004 Responsible-Changed-Why: Over to ipfw mailinglist http://www.freebsd.org/cgi/query-pr.cgi?pr=74104 From owner-freebsd-ipfw@FreeBSD.ORG Fri Nov 19 11:21:45 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 16FE116A4CE; Fri, 19 Nov 2004 11:21:45 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id E5C0143D5A; Fri, 19 Nov 2004 11:21:44 +0000 (GMT) (envelope-from arved@FreeBSD.org) Received: from freefall.freebsd.org (arved@localhost [127.0.0.1]) iAJBLiuJ058574; Fri, 19 Nov 2004 11:21:44 GMT (envelope-from arved@freefall.freebsd.org) Received: (from arved@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id iAJBLiP1058570; Fri, 19 Nov 2004 11:21:44 GMT (envelope-from arved) Date: Fri, 19 Nov 2004 11:21:44 GMT From: Tilman Linneweh Message-Id: <200411191121.iAJBLiP1058570@freefall.freebsd.org> To: arved@FreeBSD.org, freebsd-bugs@FreeBSD.org, ipfw@FreeBSD.org Subject: Re: kern/73910: [ipfw] serious bug on forwarding of packets after NAT X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Nov 2004 11:21:45 -0000 Synopsis: [ipfw] serious bug on forwarding of packets after NAT Responsible-Changed-From-To: freebsd-bugs->ipfw Responsible-Changed-By: arved Responsible-Changed-When: Fri Nov 19 11:21:24 GMT 2004 Responsible-Changed-Why: over to ipfw mailinglist http://www.freebsd.org/cgi/query-pr.cgi?pr=73910