From owner-freebsd-ipfw@FreeBSD.ORG Mon Apr 25 05:42:45 2005 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 42CC516A4CE for ; Mon, 25 Apr 2005 05:42:45 +0000 (GMT) Received: from web31515.mail.mud.yahoo.com (web31515.mail.mud.yahoo.com [68.142.198.144]) by mx1.FreeBSD.org (Postfix) with SMTP id 1F90343D49 for ; Mon, 25 Apr 2005 05:42:44 +0000 (GMT) (envelope-from cbose_007@yahoo.com) Received: (qmail 51275 invoked by uid 60001); 25 Apr 2005 05:42:43 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=6BqknePFByetu67HmsEy7RcNt7GCtid8nM2ZzsJfafhd8V4RN6qADXPvJAoSDAZpGE7SdVaya85sJBJhYnjn0j+AIn/1JnQD/B0pPsyLJiP+bindiIxZL6WUTUIDU7IpaZq5mS9Vl5VsydPeGDdKK9uOL7245y9/uEzugbD74Kg= ; Message-ID: <20050425054243.51273.qmail@web31515.mail.mud.yahoo.com> Received: from [208.54.32.207] by web31515.mail.mud.yahoo.com via HTTP; Sun, 24 Apr 2005 22:42:43 PDT Date: Sun, 24 Apr 2005 22:42:43 -0700 (PDT) From: Chris Bose To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Problem with: OSPF thru GIF tunnels or Netgraph tunnels, Multicast X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Apr 2005 05:42:45 -0000 Hi All, I’m trying to setup a network between two locations over a WAN and I’m running into a wall when I try to get OSPF to talk over my WAN tunnel. I’ve realized that I’m not smart enough and need your help. The problem is as follows: My network consists of the following: Site A connects together with a few quagga routers on freebsd 4.8 Site A: Router 1: FXP0 (10.1.1.1/24) Router 1: FXP0 (10.1.2.1/24) Router 1: FXP0 (10.1.3.1/24) Router 1: GIF0 (10.1.4.1 -> 10.2.4.1) Site B connects to site A by using the GIF interface over the public network SiteB: Router 2: FXP0 (10.2.1.1/24) Router 2: FXP0 (10.2.2.1/24) Router 2: FXP0 (10.2.3.1/24) Router 2: GIF0 (10.2.4.1 -> 10.1.4.1) I run OSPFv2 (quagga) at Site A and at Site B. There is no problem connecting site A & B together via OSPF over the GIF0 tunnel. Essential OSPF multicasts its route advertisements thru the GIF tunnel to the other side. This works fine because the OSPF router and the GIF tunnel are both on the same freebsd computer Now here is what I’m trying to do to setup site C. At site C I need to separate this into two computers. Once computer will terminate the GIF tunnel and the other computer runs the OSPF router. So the setup between A and B looks like this: SiteA:Computer 1 SiteB:Computer 2 (OSPF + GIF0) ============== (GIF0 + OSPF) And setup between Site B and C looks like this: SiteB:Computer 2 SiteC:Computer 3 SiteC:computer 4 (OSPF + GIF1) ============== (GIF1) ---------(OSPF) === denotes GIF tunnel --- denotes normal Ethernet connection Computer 3 has two ethernet interfaces The problem that I have is I can’t get Computer 4 to communicate to computer 2 thru the GIF. The computers can ping each other, but the OSPF multicast packets don’t go thru. I have tried IPFW fwd commands on computer 3 >Ifpw fwd computer 2 ip from computer 4 to any But that didn’t work I’ve tried Ethernet bridging… but bridging doesn’t work on a Gif interface. I’ve tried to replace the gif tunnel with Netgraph UDP tunnel, but I can’t use that in the bridge either. I used the sample in /src/examples/netgraph/bridge. I have not tried L2TPv3… So my question is how to get the above configuration working. I think this should be really simple to do, it’s a typical configuration as far as I can tell. Please show your ingenuity with your reply. I really appreciate it. I tried to make the example generic without any configuration files because there is nothing specific about my configuration. Please post your own configuration for the above if applicable. You can assume that I have a virgin computer and I can configure it any which way I want. If you need me to give you any configuration please let me know. If you want me to post a better network diagram please let me know as well. Many thanks, Chris. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From owner-freebsd-ipfw@FreeBSD.ORG Mon Apr 25 11:02:47 2005 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1EF3416A4CE for ; Mon, 25 Apr 2005 11:02:47 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 06C4E43D5F for ; Mon, 25 Apr 2005 11:02:47 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j3PB2kr3061908 for ; Mon, 25 Apr 2005 11:02:46 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j3PB2k7w061902 for ipfw@freebsd.org; Mon, 25 Apr 2005 11:02:46 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 25 Apr 2005 11:02:46 GMT Message-Id: <200504251102.j3PB2k7w061902@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: ipfw@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Apr 2005 11:02:47 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/04/22] kern/51274 ipfw ipfw2 create dynamic rules with parent nu f [2003/04/24] kern/51341 ipfw ipfw rule 'deny icmp from any to any icmp o [2003/12/11] kern/60154 ipfw ipfw core (crash) o [2004/03/03] kern/63724 ipfw IPFW2 Queues dont t work f [2004/03/25] kern/64694 ipfw [ipfw] UID/GID matching in ipfw non-funct o [2004/11/13] kern/73910 ipfw [ipfw] serious bug on forwarding of packe o [2004/11/19] kern/74104 ipfw ipfw2/1 conflict not detected or reported o [2004/12/25] i386/75483 ipfw ipfw count does not count 8 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- a [2001/04/13] kern/26534 ipfw Add an option to ipfw to log gid/uid of w o [2002/12/10] kern/46159 ipfw ipfw dynamic rules lifetime feature o [2003/02/11] kern/48172 ipfw ipfw does not log size and flags o [2003/03/10] kern/49086 ipfw [patch] Make ipfw2 log to different syslo o [2003/04/09] bin/50749 ipfw ipfw2 incorrectly parses ports and port r o [2003/08/26] kern/55984 ipfw [patch] time based firewalling support fo o [2003/12/30] kern/60719 ipfw ipfw: Headerless fragments generate cryp o [2004/08/03] kern/69963 ipfw ipfw: install_state warning about already o [2004/09/04] kern/71366 ipfw "ipfw fwd" sometimes rewrites destination 9 problems total.