From owner-freebsd-ipfw@FreeBSD.ORG Mon Sep 5 11:02:06 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C171816A438 for ; Mon, 5 Sep 2005 11:02:06 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8EAE543D46 for ; Mon, 5 Sep 2005 11:02:06 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j85B26CO076894 for ; Mon, 5 Sep 2005 11:02:06 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j85B25FC076888 for freebsd-ipfw@freebsd.org; Mon, 5 Sep 2005 11:02:05 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 5 Sep 2005 11:02:05 GMT Message-Id: <200509051102.j85B25FC076888@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Sep 2005 11:02:07 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/04/22] kern/51274 ipfw ipfw2 create dynamic rules with parent nu f [2003/04/24] kern/51341 ipfw ipfw rule 'deny icmp from any to any icmp o [2003/12/11] kern/60154 ipfw ipfw core (crash) o [2004/03/03] kern/63724 ipfw IPFW2 Queues dont t work o [2004/11/13] kern/73910 ipfw [ipfw] serious bug on forwarding of packe o [2004/11/19] kern/74104 ipfw ipfw2/1 conflict not detected or reported f [2004/12/25] kern/75483 ipfw ipfw count does not count o [2005/05/11] bin/80913 ipfw /sbin/ipfw2 silently discards MAC addr ar 8 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2004/10/29] kern/73276 ipfw ipfw2 vulnerability (parser error) o [2005/02/01] kern/76971 ipfw ipfw antispoof incorrectly blocks broadca o [2005/05/05] kern/80642 ipfw [patch] IPFW small patch - new RULE OPTIO o [2005/06/28] kern/82724 ipfw [patch] Add setnexthop and defaultroute f 4 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Sep 5 11:02:56 2005 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3A40C16A420 for ; Mon, 5 Sep 2005 11:02:56 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 094F443D4C for ; Mon, 5 Sep 2005 11:02:56 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j85B2tgV077472 for ; Mon, 5 Sep 2005 11:02:55 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j85B2tXO077466 for ipfw@freebsd.org; Mon, 5 Sep 2005 11:02:55 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 5 Sep 2005 11:02:55 GMT Message-Id: <200509051102.j85B2tXO077466@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Sep 2005 11:02:56 -0000 Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- a [2001/04/13] kern/26534 ipfw Add an option to ipfw to log gid/uid of w o [2002/12/10] kern/46159 ipfw ipfw dynamic rules lifetime feature o [2003/02/11] kern/48172 ipfw ipfw does not log size and flags o [2003/03/10] kern/49086 ipfw [patch] Make ipfw2 log to different syslo o [2003/04/09] bin/50749 ipfw ipfw2 incorrectly parses ports and port r o [2003/08/26] kern/55984 ipfw [patch] time based firewalling support fo o [2003/12/30] kern/60719 ipfw ipfw: Headerless fragments generate cryp o [2004/08/03] kern/69963 ipfw ipfw: install_state warning about already o [2004/09/04] kern/71366 ipfw "ipfw fwd" sometimes rewrites destination 9 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Sep 5 12:43:54 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 30A6F16A41F for ; Mon, 5 Sep 2005 12:43:54 +0000 (GMT) (envelope-from vladone@spaingsm.com) Received: from mail.spaingsm.com (llwb135.servidoresdns.net [217.76.137.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id BE22D43D45 for ; Mon, 5 Sep 2005 12:43:46 +0000 (GMT) (envelope-from vladone@spaingsm.com) Received: from [192.168.0.18] (unknown [84.243.99.132]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.spaingsm.com (Postfix) with ESMTP id 4D0EA24C6ED for ; Mon, 5 Sep 2005 14:27:28 +0200 (CEST) Date: Mon, 5 Sep 2005 15:43:54 +0300 From: vladone X-Mailer: The Bat! (v3.0.1.33) Professional X-Priority: 3 (Normal) Message-ID: <11057988.20050905154354@spaingsm.com> To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: ipfw+altq X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vladone List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Sep 2005 12:43:54 -0000 Hi! I have an frebsd 5.4 release system. I want to use ipfw+altq. I read seome abiut, and i want to tryit. My questions is about altq. How to enable altq? In my kernel configuration i put: options ALTQ options ALTQ_CBQ options ALTQ_RED options ALTQ_RIO options ALTQ_HFSC options ALTQ_PRIQ options ALTQ_NOPCC Need enable and PF with "device pf"? Need some patches for kernel? I try'it with this optins presented (and PF enabled), and when i give "ipfw enable altq", i receive an error, about unknow option "altq". From owner-freebsd-ipfw@FreeBSD.ORG Tue Sep 6 04:27:59 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DDAC616A41F for ; Tue, 6 Sep 2005 04:27:59 +0000 (GMT) (envelope-from bu7cher@yandex.ru) Received: from mail.rdu.kirov.ru (ns.rdu.kirov.ru [217.9.151.217]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8B6DC43D48 for ; Tue, 6 Sep 2005 04:27:56 +0000 (GMT) (envelope-from bu7cher@yandex.ru) Received: from kirov.so-cdu.ru (kirov [172.21.81.1]) by mail.rdu.kirov.ru (Postfix) with ESMTP id 644DC115653; Tue, 6 Sep 2005 08:27:45 +0400 (MSD) Received: from kirov.so-cdu.ru (localhost [127.0.0.1]) by rdu.kirov.ru (Postfix) with SMTP id 5C82A15C63; Tue, 6 Sep 2005 08:27:45 +0400 (MSD) Received: by rdu.kirov.ru (Postfix, from userid 1014) id 23E3315C79; Tue, 6 Sep 2005 08:27:45 +0400 (MSD) Received: from [172.21.81.52] (elsukov.kirov.so-cdu.ru [172.21.81.52]) by rdu.kirov.ru (Postfix) with ESMTP id F1B3F15C61; Tue, 6 Sep 2005 08:27:44 +0400 (MSD) Message-ID: <431D1AA8.4070308@yandex.ru> Date: Tue, 06 Sep 2005 08:27:20 +0400 From: "Andrey V. Elsukov" User-Agent: Mozilla Thunderbird 1.0.6 (FreeBSD/20050716) X-Accept-Language: ru, en MIME-Version: 1.0 To: vladone References: <11057988.20050905154354@spaingsm.com> In-Reply-To: <11057988.20050905154354@spaingsm.com> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw+altq X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bu7cher@yandex.ru List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Sep 2005 04:28:00 -0000 vladone wrote: > Hi! > I have an frebsd 5.4 release system. I want to use ipfw+altq. I read > I try'it with this optins presented (and PF enabled), and when i give > "ipfw enable altq", i receive an error, about unknow option "altq". You must update your system to RELENG_5. In 5.4-RELEASE ipfw's ALTQ not supported. -- WBR, Andrey V. Elsukov From owner-freebsd-ipfw@FreeBSD.ORG Tue Sep 6 11:41:24 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D3F4716A41F for ; Tue, 6 Sep 2005 11:41:24 +0000 (GMT) (envelope-from vladone@spaingsm.com) Received: from mail.spaingsm.com (llwb135.servidoresdns.net [217.76.137.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id 92D4443D5E for ; Tue, 6 Sep 2005 11:41:20 +0000 (GMT) (envelope-from vladone@spaingsm.com) Received: from [192.168.0.18] (unknown [84.243.99.132]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.spaingsm.com (Postfix) with ESMTP id CBC2124C7CA for ; Tue, 6 Sep 2005 13:24:54 +0200 (CEST) Date: Tue, 6 Sep 2005 14:41:16 +0300 From: vladone X-Mailer: The Bat! (v3.0.1.33) Professional X-Priority: 3 (Normal) Message-ID: <7845381.20050906144116@spaingsm.com> To: freebsd-ipfw@freebsd.org In-Reply-To: <431D1AA8.4070308@yandex.ru> References: <11057988.20050905154354@spaingsm.com> <431D1AA8.4070308@yandex.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re[2]: ipfw+altq X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vladone List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Sep 2005 11:41:24 -0000 Thanks! And what collection file need to update? From owner-freebsd-ipfw@FreeBSD.ORG Sat Sep 10 14:44:31 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 609A216A41F for ; Sat, 10 Sep 2005 14:44:31 +0000 (GMT) (envelope-from prosa@pro.sk) Received: from ns.pro.sk (proxy.pro.sk [212.55.244.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id 68B2643D48 for ; Sat, 10 Sep 2005 14:44:29 +0000 (GMT) (envelope-from prosa@pro.sk) Received: from peter (Peter [192.168.1.53]) by ns.pro.sk (8.13.1/8.13.1) with SMTP id j8AEiS4b005112 for ; Sat, 10 Sep 2005 16:44:28 +0200 (CEST) (envelope-from prosa@pro.sk) Message-ID: <001501c5b616$0fb62c20$3501a8c0@pro.sk> From: "Peter Rosa" To: "FreeBSD IPFW" Date: Sat, 10 Sep 2005 16:43:51 +0200 X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 6.00.2800.1506 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.6 (ns.pro.sk [192.168.1.1]); Sat, 10 Sep 2005 16:44:28 +0200 (CEST) Subject: IPFW2+NAT stateful rules VS. FTP X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Sep 2005 14:44:31 -0000 Hello everybody, please can anybody help me with ipfw rules? My machine is acting as firewall/router/www-proxy/ftp-proxy for small LAN. It does not work as ftp-server. It does NAT for internal LAN. I set my ipfw2 rules exactly as in section "25.6.5.7 An Example NAT and Stateful Ruleset" Ex.2 from handbook. Everything works well except miserable ftp. I just installed ports/jftpgw to be an transparent proxy for internal LAN but still without success. I understand all rules in those example, but I do not know where should I place fwd rule(s). Ftp depends on two ports 20 and 21. So i assume there should be two fwd rules semewhere in the ruleset. Please, where should I place those rules? Or is it better to use /etc/nad.conf to redirect all incomming connections on ports 20 and 21 to localhost? Any help is *very* appreciated :-) Peter Rosa P.S. Please consider adding such rules into mentioned example in handbook. I think a lot of users will welcome such addition. I spent four days on Goooogle before writing here and I did not find anything helpful. From owner-freebsd-ipfw@FreeBSD.ORG Sat Sep 10 15:20:35 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8431816A41F for ; Sat, 10 Sep 2005 15:20:35 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from vms044pub.verizon.net (vms044pub.verizon.net [206.46.252.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id 40D2A43D46 for ; Sat, 10 Sep 2005 15:20:35 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from [192.168.1.3] ([68.161.79.217]) by vms044.mailsrvcs.net (Sun Java System Messaging Server 6.2 HotFix 0.04 (built Dec 24 2004)) with ESMTPA id <0IML00NDMXA82TEM@vms044.mailsrvcs.net> for freebsd-ipfw@freebsd.org; Sat, 10 Sep 2005 10:20:32 -0500 (CDT) Date: Sat, 10 Sep 2005 11:20:35 -0400 From: Chuck Swiger In-reply-to: <001501c5b616$0fb62c20$3501a8c0@pro.sk> To: Peter Rosa Message-id: <4322F9C3.10407@mac.com> Organization: The Courts of Chaos MIME-version: 1.0 Content-type: text/plain; charset=us-ascii; format=flowed Content-transfer-encoding: 7bit X-Accept-Language: en-us, en References: <001501c5b616$0fb62c20$3501a8c0@pro.sk> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.11) Gecko/20050801 Cc: FreeBSD IPFW Subject: Re: IPFW2+NAT stateful rules VS. FTP X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Sep 2005 15:20:35 -0000 Peter Rosa wrote: [ ... ] > Or is it better to use /etc/nad.conf to redirect all incomming connections > on ports 20 and 21 to localhost? > > Any help is *very* appreciated :-) If you use "passive mode" FTP, that ought to work fine. If you use "active mode" FTP, you ought to use the FTP proxying built into NATD (see the -use_sockets and -punch_fw options), which is aware of the FTP data channel. You should not attempt to use port forwarding when you are also using NAT unless you know what you are doing. Without special measures being taken on the machine being forwarded to, it will ignore such traffic because the IP addresses won't match. -- -Chuck From owner-freebsd-ipfw@FreeBSD.ORG Sat Sep 10 19:11:25 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 493A016A41F for ; Sat, 10 Sep 2005 19:11:25 +0000 (GMT) (envelope-from linux@pichler.com.br) Received: from birao.terra.com.br (birao.terra.com.br [200.176.10.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id C901743D48 for ; Sat, 10 Sep 2005 19:11:24 +0000 (GMT) (envelope-from linux@pichler.com.br) Received: from mubende.terra.com.br (mubende.terra.com.br [200.176.10.8]) by birao.terra.com.br (Postfix) with ESMTP id 6278C108C01D for ; Sat, 10 Sep 2005 16:11:23 -0300 (BRT) X-Terra-Karma: -2% X-Terra-Hash: 2423f1542a2b8413e136bac01dfbc5d0 Received-SPF: none (mubende.terra.com.br: 200.176.10.8 is neither permitted nor denied by domain of pichler.com.br) client-ip=200.176.10.8; envelope-from=linux@pichler.com.br; helo=pichler; Received: from pichler (unknown [200.152.0.163]) (authenticated user ricardopichler@terra.com.br) by mubende.terra.com.br (Postfix) with ESMTP id DC1BA24805F for ; Sat, 10 Sep 2005 16:11:22 -0300 (BRT) Message-ID: <004f01c5b63b$6eac04a0$a30098c8@pichler> From: "Ricardo Pichler" To: Date: Sat, 10 Sep 2005 16:11:21 -0300 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.3790.1830 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830 Subject: IPFW, queue and weight X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Sep 2005 19:11:25 -0000 Hello everybody, Please can anybody help me with ipfw, queue and weight? I need to make two distinct access with the same velocity, one with more priority than another! e.g.: one pipe with weight 99 and 128 kbps for upload and download and one pipe with weight 1 and 128 kbps ==> this more fast than other. Thank's in advanced. Ricardo Pichler