From owner-freebsd-net@FreeBSD.ORG Sun Apr 3 05:06:47 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9148716A4CE for ; Sun, 3 Apr 2005 05:06:47 +0000 (GMT) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3C39043D46 for ; Sun, 3 Apr 2005 05:06:47 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id j3356kX0005918 for ; Sat, 2 Apr 2005 21:06:46 -0800 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id j3356kqW005917 for net@freebsd.org; Sat, 2 Apr 2005 21:06:46 -0800 Date: Sat, 2 Apr 2005 21:06:46 -0800 From: Brooks Davis To: net@freebsd.org Message-ID: <20050403050646.GA5749@odin.ac.hmc.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ZPt4rx8FFjLCG7dd" Content-Disposition: inline User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu Subject: potential double free in ng_fec X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Apr 2005 05:06:47 -0000 --ZPt4rx8FFjLCG7dd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I think I've found a potential (though very very unlikely) double free bug in netgraph/ng_fec.c. Can someone else confirm this is correct? I don't have any way of testing this code. -- Brooks Index: ng_fec.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sys/netgraph/ng_fec.c,v retrieving revision 1.17 diff -u -p -r1.17 ng_fec.c --- ng_fec.c 8 Feb 2005 10:31:55 -0000 1.17 +++ ng_fec.c 3 Apr 2005 05:04:06 -0000 @@ -1114,7 +1114,6 @@ ng_fec_constructor(node_p node) =20 /* Get an interface unit number */ if ((error =3D ng_fec_get_unit(&priv->unit)) !=3D 0) { - FREE(ifp, M_NETGRAPH); FREE(priv, M_NETGRAPH); return (error); } --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --ZPt4rx8FFjLCG7dd Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCT3nmXY6L6fI4GtQRAmCfAJ9mFa313gkQlrlYBdl/1OJobTVawACgw37v 9pewucdubxxKA18ySHRC5og= =IDXu -----END PGP SIGNATURE----- --ZPt4rx8FFjLCG7dd-- From owner-freebsd-net@FreeBSD.ORG Sun Apr 3 06:34:45 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DE42516A4CE for ; Sun, 3 Apr 2005 06:34:45 +0000 (GMT) Received: from lunarlander.maxgigapop.net (128-8-243-144.umd.edu [128.8.243.144]) by mx1.FreeBSD.org (Postfix) with ESMTP id E4B2543D31 for ; Sun, 3 Apr 2005 06:34:44 +0000 (GMT) (envelope-from chris@maxgigapop.net) Received: (qmail 84227 invoked by uid 1000); 3 Apr 2005 06:34:44 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 3 Apr 2005 06:34:44 -0000 Date: Sun, 3 Apr 2005 01:34:44 -0500 (EST) From: Chris Tracy To: freebsd-net@freebsd.org Message-ID: <20050403011248.S72062@lunarlander.maxgigapop.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: can't get linerate TCP iperf between two Intel PRO/1000 82544GC cards X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Apr 2005 06:34:46 -0000 Hi, I have been attempting to get iperf to generate a line-rate TCP flow (~989Mbps) across a GigE link but can only get a maximum of around 912Mbps. The bottleneck appears to be on the sending side, as top shows the CPU for the iperf process at 50% (machine is a dual Xeon 2.4GHz with SMP and HTT enabled) and the WCPU column goes to 99%. Presumably the CPU is busy computing checksums, so I took a look at if_em.c to find out more about what kind of hardware checksum offloading features might be available, and I found this: if (adapter->hw.mac_type >= em_82543) { if (ifp->if_capenable & IFCAP_TXCSUM) ifp->if_hwassist = EM_CHECKSUM_FEATURES; I wasn't sure which chipset I had, so I checked the output of pciconf: # pciconf -v -l |grep 8254 device = '82544GC Gigabit Ethernet Controller (LOM)' I then tried an ifconfig em0, and it indeed shows the rxcsum and txcsum options listed in the output. However, executing something like 'ifconfig em0 txcsum' doesn't seem to help with the CPU issue. I took a look at /usr/src/sys/dev/em/README and didn't see the GC flavor of this card mentioned anywhere, nor any details or known limitations with regard to checksum offloading. I'm assuming GC means Gigabit Copper since these are the 1000bT versions. I also have some 82544EI/GC cards which I haven't gotten around to testing yet because of a jumbo frame issue on one of the layer3 devices in between the hosts with those cards. At this point, all that I can think of doing is to try and add some debug statements to the driver so that I might be able to get a better idea of what's going on with the hardware checksum...maybe it is already offloading correctly and the CPU bottleneck is being caused by something else? I can provide additional details if needed, but please include my email in the reply as I'm not subscribed to the list. Any help would be most appreciated. I've had no problems doing 989Mbps in Linux, but I'd really prefer to run FreeBSD. Thanks, -Chris From owner-freebsd-net@FreeBSD.ORG Sun Apr 3 07:27:58 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A803B16A4CE for ; Sun, 3 Apr 2005 07:27:58 +0000 (GMT) Received: from silver.he.iki.fi (helenius.fi [193.64.42.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id 635D243D7C for ; Sun, 3 Apr 2005 07:27:57 +0000 (GMT) (envelope-from pete@he.iki.fi) Received: from [193.64.42.134] (h86.vuokselantie10.fi [193.64.42.134]) by silver.he.iki.fi (8.13.1/8.11.4) with ESMTP id j337RtKg003474; Sun, 3 Apr 2005 10:27:55 +0300 (EEST) (envelope-from pete@he.iki.fi) Message-ID: <424F9B11.6090403@he.iki.fi> Date: Sun, 03 Apr 2005 10:28:17 +0300 From: Petri Helenius User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Chris Tracy References: <20050403011248.S72062@lunarlander.maxgigapop.net> In-Reply-To: <20050403011248.S72062@lunarlander.maxgigapop.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: can't get linerate TCP iperf between two Intel PRO/1000 82544GC cards X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Apr 2005 07:27:58 -0000 Does somebody have the programming specs for the em chips? Despite of multiple contacts and promises Intel has been unable to produce them. Pete Chris Tracy wrote: > Hi, > > I have been attempting to get iperf to generate a line-rate TCP flow > (~989Mbps) across a GigE link but can only get a maximum of around > 912Mbps. > > The bottleneck appears to be on the sending side, as top shows the CPU > for the iperf process at 50% (machine is a dual Xeon 2.4GHz with SMP > and HTT enabled) and the WCPU column goes to 99%. > > Presumably the CPU is busy computing checksums, so I took a look at > if_em.c to find out more about what kind of hardware checksum > offloading features might be available, and I found this: > > if (adapter->hw.mac_type >= em_82543) { > if (ifp->if_capenable & IFCAP_TXCSUM) > ifp->if_hwassist = EM_CHECKSUM_FEATURES; > > I wasn't sure which chipset I had, so I checked the output of pciconf: > > # pciconf -v -l |grep 8254 > device = '82544GC Gigabit Ethernet Controller (LOM)' > > I then tried an ifconfig em0, and it indeed shows the rxcsum and > txcsum options listed in the output. However, executing something > like 'ifconfig em0 txcsum' doesn't seem to help with the CPU issue. > > I took a look at /usr/src/sys/dev/em/README and didn't see the GC > flavor of this card mentioned anywhere, nor any details or known > limitations with regard to checksum offloading. I'm assuming GC means > Gigabit Copper since these are the 1000bT versions. > > I also have some 82544EI/GC cards which I haven't gotten around to > testing yet because of a jumbo frame issue on one of the layer3 > devices in between the hosts with those cards. > > At this point, all that I can think of doing is to try and add some > debug statements to the driver so that I might be able to get a better > idea of what's going on with the hardware checksum...maybe it is > already offloading correctly and the CPU bottleneck is being caused by > something else? > > I can provide additional details if needed, but please include my > email in the reply as I'm not subscribed to the list. Any help would > be most appreciated. I've had no problems doing 989Mbps in Linux, but > I'd really prefer to run FreeBSD. > > Thanks, > -Chris > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Mon Apr 4 11:01:50 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 94C7E16A4E0 for ; Mon, 4 Apr 2005 11:01:50 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6B26143D4C for ; Mon, 4 Apr 2005 11:01:50 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j34B1o9A012185 for ; Mon, 4 Apr 2005 11:01:50 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j34B1nXJ012180 for freebsd-net@freebsd.org; Mon, 4 Apr 2005 11:01:49 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 4 Apr 2005 11:01:49 GMT Message-Id: <200504041101.j34B1nXJ012180@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Apr 2005 11:01:50 -0000 Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/07/11] kern/54383 net [nfs] [patch] NFS root configurations wit 1 problem total. From owner-freebsd-net@FreeBSD.ORG Mon Apr 4 18:53:07 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7257C16A4CE for ; Mon, 4 Apr 2005 18:53:07 +0000 (GMT) Received: from ns1.interbgc.com (mail.interbgc.com [217.9.224.3]) by mx1.FreeBSD.org (Postfix) with SMTP id 5031C43D55 for ; Mon, 4 Apr 2005 18:53:06 +0000 (GMT) (envelope-from misho@interbgc.com) Received: (qmail 88427 invoked from network); 4 Apr 2005 18:53:04 -0000 Received: from misho@interbgc.com by keeper.interbgc.com by uid 1002 with qmail-scanner-1.14 (uvscan: v4.2.40/v4374. spamassassin: 2.63. Clear:SA:0(-5.9/8.0):. Processed in 3.387554 secs); 04 Apr 2005 18:53:04 -0000 X-Spam-Status: No, hits=-5.9 required=8.0 Received: from joiner.interbgc.com (HELO misho) (217.9.224.8) by mail.interbgc.com with SMTP; 4 Apr 2005 18:53:01 -0000 Message-ID: <069a01c53947$865b7890$08e009d9@misho> From: "Mihail Balikov" To: Date: Mon, 4 Apr 2005 21:53:00 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1478 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478 Subject: route change problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Mihail Balikov List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Apr 2005 18:53:07 -0000 Hello, Calling route change on not existing route modifies default route?!?! system is FreeBSD 4.9-STABLE (same with 4.10) # route -n get default route to: default destination: default mask: default gateway: 217.9.224.1 interface: em0 flags: recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire 0 0 0 0 0 0 1500 0 # route -n get 1.2.3.4 route to: 1.2.3.4 destination: default mask: default gateway: 217.9.224.1 interface: em0 flags: recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire 0 0 0 0 0 0 1500 0 # route change -host 1.2.3.4 217.9.224.12 change host 1.2.3.4: gateway 217.9.224.12 # route -n get default route to: default destination: default mask: default gateway: 217.9.224.12 interface: em0 flags: recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire 0 0 0 0 0 0 1500 0 Even more strange : # route -n get default route to: default destination: default mask: default gateway: 217.9.224.1 interface: em0 flags: recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire 0 0 0 0 0 0 1500 0 # route -n get 1.2.3.4 route to: 1.2.3.4 destination: default mask: default gateway: 217.9.224.1 interface: em0 flags: recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire 0 0 0 0 0 0 1500 0 # route change -host 1.2.3.4 1.2.0.1 route: writing to routing socket: Disc quota exceeded change host 1.2.3.4: gateway 1.2.0.1: gateway uses the same route # route -n get default route to: default destination: default mask: default gateway: 1.2.0.1 interface: em0 flags: recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire 0 0 0 0 0 0 1500 0 From owner-freebsd-net@FreeBSD.ORG Mon Apr 4 19:31:50 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 49C2A16A4CE for ; Mon, 4 Apr 2005 19:31:50 +0000 (GMT) Received: from qhmail2.colt1.inetserver.de (qhmail2.colt1.inetserver.de [195.234.228.78]) by mx1.FreeBSD.org (Postfix) with ESMTP id BB4FE43D54 for ; Mon, 4 Apr 2005 19:31:49 +0000 (GMT) (envelope-from m.oe@x-trader.de) Received: from qhmx2-mailrouter.colt1.inetserver.de (unknown [195.234.228.112]) by qhmail2.colt1.inetserver.de (Postfix) with ESMTP id 9EF6FB1E6 for ; Mon, 4 Apr 2005 21:31:47 +0200 (CEST) Received: from localhost (localhost [127.0.0.1])831113C2AD for ; Mon, 4 Apr 2005 21:31:47 +0200 (CEST) Received: from qhmx2.colt1.inetserver.de ([127.0.0.1])port 10023) with LMTP id 85811-02 for ; Mon, 4 Apr 2005 21:31:47 +0200 (CEST) X-Auth-User: markus@x-trader.de Received: from [192.168.192.150] (unknown [213.83.51.133])35314B4796 for ; Mon, 4 Apr 2005 21:31:47 +0200 (CEST) Message-ID: <425196F0.4020309@x-trader.de> Date: Mon, 04 Apr 2005 21:35:12 +0200 From: Markus Oestreicher User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: de-DE, de, en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at colt1.inetserver.de Subject: FreeVRRPd project status X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Apr 2005 19:31:50 -0000 Good Day, Does anyone know the current status of the FreeVRRPd project? www.b0l.org and cvs.b0l.org seem to be dead. Has anyone checked out the last CVS version before it died? Regards, Markus From owner-freebsd-net@FreeBSD.ORG Mon Apr 4 19:43:20 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 700EF16A4CE for ; Mon, 4 Apr 2005 19:43:20 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.185]) by mx1.FreeBSD.org (Postfix) with ESMTP id EE84C43D3F for ; Mon, 4 Apr 2005 19:43:19 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.161] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1DIXTj-0000is-00; Mon, 04 Apr 2005 21:43:19 +0200 Received: from [217.83.13.102] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1DIXTj-0003dK-00; Mon, 04 Apr 2005 21:43:19 +0200 From: Max Laier To: freebsd-net@freebsd.org Date: Mon, 4 Apr 2005 21:43:01 +0200 User-Agent: KMail/1.8 References: <425196F0.4020309@x-trader.de> In-Reply-To: <425196F0.4020309@x-trader.de> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3566866.j49cZUZy5I"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200504042143.09216.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 Subject: Re: FreeVRRPd project status X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Apr 2005 19:43:20 -0000 --nextPart3566866.j49cZUZy5I Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 04 April 2005 21:35, Markus Oestreicher wrote: > Good Day, > > Does anyone know the current status of the FreeVRRPd project? > > www.b0l.org and cvs.b0l.org seem to be dead. > > Has anyone checked out the last CVS version before it died? Sorry, can't help with that, but if you don't need VRRP but a working=20 redundancy setup, you should look at CARP which is part of 6-CURRENT and=20 5-STABLE since a couple of weeks and will be part of 5.4-RELEASE. http://www.FreeBSD.org/cgi/man.cgi?query=3Dcarp&manpath=3DFreeBSD+6.0-curre= nt =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart3566866.j49cZUZy5I Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCUZjNXyyEoT62BG0RAqqHAJ44b5hkG/jbklUFJtiYU5/iFSSSfgCfaljJ kBUQu+9PdtoIC5gfd4r7WAc= =BBEG -----END PGP SIGNATURE----- --nextPart3566866.j49cZUZy5I-- From owner-freebsd-net@FreeBSD.ORG Mon Apr 4 20:24:23 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 711C916A4CE for ; Mon, 4 Apr 2005 20:24:23 +0000 (GMT) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1E97843D4C for ; Mon, 4 Apr 2005 20:24:23 +0000 (GMT) (envelope-from stoptbsd@gmail.com) Received: by zproxy.gmail.com with SMTP id 40so208978nzk for ; Mon, 04 Apr 2005 13:24:22 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=aOZTWhb58aojc21jiWLoEANF5t9HzRF8twqZVlNASkLTZG3D5YBCWRYUsZydOz3IDwIANAt56tpm4WbFVrSvLp/VLOFilcEtQHrdtstHyNcDc+IGdX3Z4q3MBQnd3ytrkb/OPR5OksmjjTWmtKkNo+1AwJSjaKRlVTJaoKelcWY= Received: by 10.36.41.20 with SMTP id o20mr16586nzo; Mon, 04 Apr 2005 13:24:22 -0700 (PDT) Received: by 10.36.81.8 with HTTP; Mon, 4 Apr 2005 13:24:22 -0700 (PDT) Message-ID: Date: Mon, 4 Apr 2005 20:24:22 +0000 From: Alan To: freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Q: routing, nat X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Alan List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Apr 2005 20:24:23 -0000 Hello, I've got a question that you've probably heard a lot but, I am trying to setup a home network with Internet access for a windows xp machine and freeSBIE workstation and want to use the bsd station to act as a gateway for the windows one. I am having hard time setting the correct routing info. I will really appreciate it if someone could direct me to an article on the net where I can read about it. Thanks. Alan From owner-freebsd-net@FreeBSD.ORG Mon Apr 4 21:02:03 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4588216A4CF for ; Mon, 4 Apr 2005 21:02:03 +0000 (GMT) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.87]) by mx1.FreeBSD.org (Postfix) with ESMTP id F315643D41 for ; Mon, 4 Apr 2005 21:02:02 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from mac.com (smtpin02-en2 [10.13.10.147]) id j34L21wv022194; Mon, 4 Apr 2005 14:02:02 -0700 (PDT) Received: from [192.168.1.6] (pool-68-161-53-96.ny325.east.verizon.net [68.161.53.96]) (authenticated bits=0)j34L1x8U023471; Mon, 4 Apr 2005 14:02:00 -0700 (PDT) In-Reply-To: <425196F0.4020309@x-trader.de> References: <425196F0.4020309@x-trader.de> Mime-Version: 1.0 (Apple Message framework v619.2) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <6731347a839d85db456b1c5a33bcf0b5@mac.com> Content-Transfer-Encoding: 7bit From: Charles Swiger Date: Mon, 4 Apr 2005 17:01:58 -0400 To: Markus Oestreicher X-Mailer: Apple Mail (2.619.2) cc: freebsd-net@freebsd.org Subject: Re: FreeVRRPd project status X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Apr 2005 21:02:03 -0000 On Apr 4, 2005, at 3:35 PM, Markus Oestreicher wrote: > Does anyone know the current status of the FreeVRRPd project? It's dead, I think: Cisco's lawyers started making predatory noises about their "intellectual property". Some people from NetBSD are working on a replacement called CARP, which you might want to check out-- it seems that FreeBSD will be picking up support for this soon, as well. -- -Chuck From owner-freebsd-net@FreeBSD.ORG Mon Apr 4 21:06:11 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF10C16A4CE for ; Mon, 4 Apr 2005 21:06:11 +0000 (GMT) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.72]) by mx1.FreeBSD.org (Postfix) with ESMTP id A06A043D31 for ; Mon, 4 Apr 2005 21:06:11 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from mac.com (smtpin02-en2 [10.13.10.147]) id j34L6BK0005270; Mon, 4 Apr 2005 14:06:11 -0700 (PDT) Received: from [192.168.1.6] (pool-68-161-53-96.ny325.east.verizon.net [68.161.53.96]) (authenticated bits=0)j34L69tt025258; Mon, 4 Apr 2005 14:06:10 -0700 (PDT) In-Reply-To: References: Mime-Version: 1.0 (Apple Message framework v619.2) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Charles Swiger Date: Mon, 4 Apr 2005 17:06:08 -0400 To: Alan X-Mailer: Apple Mail (2.619.2) cc: freebsd-net@freebsd.org Subject: Re: Q: routing, nat X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Apr 2005 21:06:11 -0000 On Apr 4, 2005, at 4:24 PM, Alan wrote: > I am trying to setup a home network with Internet access for a windows > xp machine and freeSBIE workstation and want to use the bsd station to > act as a gateway for the windows one. I am having hard time setting > the correct routing info. > > I will really appreciate it if someone could direct me to an article > on the net where I can read about it. Start with the Handbook: http://www.freebsd.org/doc/en/books/handbook/network-natd.html ...although a Linksys or D-Link broadband router does this job quite well, too. -- -Chuck From owner-freebsd-net@FreeBSD.ORG Mon Apr 4 21:07:00 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B917216A4CE for ; Mon, 4 Apr 2005 21:07:00 +0000 (GMT) Received: from joshua.stabbursmoen.no (joshua.stabbursmoen.no [80.203.220.148]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD7AE43D5E for ; Mon, 4 Apr 2005 21:06:59 +0000 (GMT) (envelope-from eivind@stabbursmoen.no) Received: from webmail.stabbursmoen.no (localhost [127.0.0.1]) A8F6D80C9; Mon, 4 Apr 2005 23:05:51 +0200 (CEST) Received: from 80.203.112.249 (SquirrelMail authenticated user eivind) by webmail.stabbursmoen.no with HTTP; Mon, 4 Apr 2005 23:05:51 +0200 (CEST) Message-ID: <55441.80.203.112.249.1112648751.squirrel@webmail.stabbursmoen.no> In-Reply-To: <200504042143.09216.max@love2party.net> References: <425196F0.4020309@x-trader.de> <200504042143.09216.max@love2party.net> Date: Mon, 4 Apr 2005 23:05:51 +0200 (CEST) From: "Eivind Hestnes" To: "Max Laier" MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Virus-Scanned: by Stabbursmoen skole cc: freebsd-net@freebsd.org Subject: Re: FreeVRRPd project status X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: eivind@stabbursmoen.no List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Apr 2005 21:07:00 -0000 Perhaps offtopic, but could be FYI: I recently configured two FreeBSD 5.3 boxes (patched w/CARP support) to act as one logic router (preemption) between multiple VLANs. The router has now been in production for two weeks (under heavy load, too), and I have not run into any problems what-so-ever. Failover is almost transparent, and the robustness is awesome. The configuration itself is rather minimal as everything is done in rc.conf. If you are looking for a Open Source failover solution, CARP is probably the best choice as it stands today. If you need assistance with the configuration, please reply to the list, and I will try to respond. Best regards, Eivind Hestnes Max Laier sa: > On Monday 04 April 2005 21:35, Markus Oestreicher wrote: >> Good Day, >> >> Does anyone know the current status of the FreeVRRPd project? >> >> www.b0l.org and cvs.b0l.org seem to be dead. >> >> Has anyone checked out the last CVS version before it died? > > Sorry, can't help with that, but if you don't need VRRP but a working > redundancy setup, you should look at CARP which is part of 6-CURRENT and > 5-STABLE since a couple of weeks and will be part of 5.4-RELEASE. > > http://www.FreeBSD.org/cgi/man.cgi?query=carp&manpath=FreeBSD+6.0-current > > -- > /"\ Best regards, | mlaier@freebsd.org > \ / Max Laier | ICQ #67774661 > X http://pf4freebsd.love2party.net/ | mlaier@EFnet > / \ ASCII Ribbon Campaign | Against HTML Mail and News > From owner-freebsd-net@FreeBSD.ORG Tue Apr 5 04:22:07 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BCDA316A4CE; Tue, 5 Apr 2005 04:22:07 +0000 (GMT) Received: from uraltep.com (smtp1.iceu.ru [195.12.82.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6BB6043D5D; Tue, 5 Apr 2005 04:22:06 +0000 (GMT) (envelope-from ed@uraltep.com) Received: from localhost (localhost.uraltep.com [127.0.0.1]) by uraltep.com (Postfix) with ESMTP id 11D55C2F; Tue, 5 Apr 2005 10:22:05 +0600 (YEKST) Received: from uraltep.com ([127.0.0.1]) by localhost (uraltep.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 83732-04; Tue, 5 Apr 2005 10:22:04 +0600 (YEKST) Received: from 515a-ed.icenter.local (ed.iceu.ru [192.168.0.55]) by uraltep.com (Postfix) with ESMTP id 0750DC6; Tue, 5 Apr 2005 10:22:04 +0600 (YEKST) Date: Tue, 5 Apr 2005 10:24:23 +0600 From: Dmitry X-Mailer: The Bat! (v2.10.01) UNREG / CD5BF9353B3B7091 Organization: theorg X-Priority: 3 (Normal) Message-ID: <1973675224.20050405102423@uraltep.com> To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at uraltep.com cc: rwatson@freebsd.org Subject: freebsd 5.3R and ipx routing troubles X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Dmitry List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Apr 2005 04:22:08 -0000 Hello! For about 3 years we had successfully using freebsd 4.x as ipx router (among other tasks). Now we decided to move to freebsd-5 branch. On testing stage we discovered (for ourselves) the problem whith ipx routing. A network scheme is simple(see drawing below): router(freebsd) with its external interface(fxp3) and novell netware-5.1 are in the same unmanagement switch. in this switch also lives 3 more ipx routers running freebsd-4, which routes ipx just great. freebsd box has three more internal interfaces (fxp0,1,2). Two of which(fxp0,1) are serving the internal networks(also on unmanagement switches-one by network), and one is reserved for future network expanding. Only two of 4 interfaces: external and one internal are physically connected. The novell netware`s network is 0xbb00 here goes the scheme: ------------------------------------------------ /works fine/ [freebsd-4] [Netware-5.1 (MEDIA)] \ / [switch] /* fxp3f0 - 0xbb00 \ * fxp0f0 - 0xf216 (fxp3) * fxp1f0 - 0xf218 [ freebsd-5.3 ] */ (fxp0) (fxp1) / ~~~~ phisically not connected on testing stage [switch] [switch] | | ~localnet~ ~localnet~ ------------------------------------------------ Clients are Windows 2000 Professional/SP4 whith ipx client installed and manually configured to use Ethernet_II frame (also tried to use automatic detection of ipx frame type option). Have tried to use microsoft`s ipx client and Novell`s client32 whith the same negative result. Have tried to use ipx whith and whithout if_ef device - all the same. whith freebsd-5.3R branch the visible problem is in no routes to the internal networks, but just one default route to external net (see below for shots) whith freebsd-5 stable the problem persist (see at the end of this letter) Here is the settings on freebsd-5.3R router: [ed@216-218:~] grep -i ipx /usr/src/sys/i386/conf/router options IPX [ed@216-218:~] uname -r 5.3-RELEASE-p5 [ed@216-218:~] cat /boot/loader.conf if_ef_load="YES" (also have tried to compile it in kernel) [ed@216-218:~] grep ipx /etc/rc.conf ifconfig_fxp0f0="ipx 0xf216" ifconfig_fxp1f0="ipx 0xf218" ifconfig_fxp3f0="ipx 0xbb00" ipxrouted_enable="YES" ipxgateway_enable="YES" [ed@216-218:~] sysctl -a | grep ipx net.ipx.ipx.checksum: 0 net.ipx.ipx.ipxprintfs: 0 net.ipx.ipx.ipxforwarding: 1 net.ipx.ipx.ipxsendspace: 16384 net.ipx.ipx.ipxrecvspace: 40960 net.ipx.ipxnetbios: 0 [ed@216-218:~] ps ax | grep ipx 350 ?? Ss 0:00,00 /usr/sbin/IPXrouted -s /var/log/ipxrouted.log (have tried with and whithout `-s' ) [ed@216-218:~] netstat -rnf ipx Routing tables IPX: Destination Gateway Flags Netif Expire default bb00.fea5684b1 U fxp3f0 [ed@216-218:~] ifconfig fxp0: flags=8843 mtu 1500 options=8 inet 192.168.216.1 netmask 0xffffff00 broadcast 192.168.216.255 ether 00:02:b3:38:5c:27 media: Ethernet autoselect (none) status: no carrier fxp1: flags=8843 mtu 1500 options=8 inet 192.168.218.1 netmask 0xffffff00 broadcast 192.168.218.255 ether 00:02:b3:38:8a:00 media: Ethernet autoselect (100baseTX ) status: active fxp2: flags=8802 mtu 1500 options=8 ether 00:d0:b7:55:25:a9 media: Ethernet autoselect (none) status: no carrier fxp3: flags=8843 mtu 1500 options=8 inet 95.12.31.15 netmask 0xffffff00 broadcast 95.12.31..255 ether 00:0f:ea:56:84:b1 media: Ethernet autoselect (100baseTX ) status: active fxp3f0: flags=8843 mtu 1500 ipx bb00.fea5684b1 ether 00:0f:ea:56:84:b1 fxp3f1: flags=8842 mtu 1500 ether 00:0f:ea:56:84:b1 fxp3f2: flags=8842 mtu 1500 ether 00:0f:ea:56:84:b1 fxp3f3: flags=8842 mtu 1500 ether 00:0f:ea:56:84:b1 fxp2f0: flags=8842 mtu 1500 ether 00:d0:b7:55:25:a9 fxp2f1: flags=8842 mtu 1500 fxp3f0: flags=8843 mtu 1500 fxp2f2: flags=8842 mtu 1500 ether 00:d0:b7:55:25:a9 fxp2f3: flags=8842 mtu 1500 ether 00:d0:b7:55:25:a9 fxp1f0: flags=8843 mtu 1500 ipx f218.2b3388a00 ether 00:02:b3:38:8a:00 fxp1f1: flags=8842 mtu 1500 ether 00:02:b3:38:8a:00 fxp1f2: flags=8842 mtu 1500 ether 00:02:b3:38:8a:00 fxp1f3: flags=8842 mtu 1500 ether 00:02:b3:38:8a:00 fxp0f0: flags=8843 mtu 1500 ipx f216.2b3385c27 ether 00:02:b3:38:5c:27 fxp0f1: flags=8842 mtu 1500 ether 00:02:b3:38:5c:27 fxp0f2: flags=8842 mtu 1500 ether 00:02:b3:38:5c:27 fxp0f3: flags=8842 mtu 1500 ether 00:02:b3:38:5c:27 lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 [ed@216-218:~] less /var/log/ipxrouted.log Adding route to interface fxp3f0 action dst 47872#0:0:0:0:0:0, router 47872#0:f:ea:56:84:b1, metric 0, ticks 0, f lags UP state INTERFACE|CHANGED Adding route to interface fxp1f0 action dst 61976#0:0:0:0:0:0, router 61976#0:2:b3:38:8a:0, metric 0, ticks 0, fl ags UP state INTERFACE|CHANGED Adding route to interface fxp0f0 action dst 61974#0:0:0:0:0:0, router 61974#0:2:b3:38:5c:27, metric 0, ticks 0, f lags UP state INTERFACE|CHANGED REQUEST received 61974#0:2:b3:38:5c:27#452: Received a sap REQ packet. REQUEST received 61976#0:2:b3:38:8a:0#452: Received a sap REQ packet. REQUEST received 47872#0:f:ea:56:84:b1#452: Received a sap REQ packet. Got route Got route Got route ------- SAP table dump. ------- HASH 0 HASH 1 ......... HASH 254 HASH 255 Got route Got route ------- SAP table dump. ------- HASH 0 HASH 1 etc....by cycle ///////////////// and here is settings on netware: ------- AUTOEXEC.NCF -------- SET BINDERY CONTEXT = O=FI SET TIME ZONE = PLT-5 FILE SERVER NAME MEDIA SERVERID BD00800 load conlog maximum=100 SEARCH ADD SYS:\JAVA\BIN sys:etc\initsys.ncf MOUNT ALL SEARCH ADD SYS:\JAVA\NWGFX SYS:\SYSTEM\NMA\NMA5.NCF bstart.ncf LOAD NICISDI.XLM s LOAD SASDFM.XLM LOAD SAS.NLM LOAD PKI.NLM LOAD NLDAP.NLM REMOTE -E ******************* RSPX ------------------------ ------- system\BSTART.NCF LOAD NWAIF103 LOAD DSAPI LOAD NWMKDE LOAD BTRIEVE BTRV LINK LOAD NWBSRVCM ---------- -----netinfo.cfg ------ LOAD SNMP LOAD BCALLSRV LOAD PCISRV NAME=PCISRV_1_EII FRAME=ETHERNET_II SLOT=3 LOAD TCPIP BIND IP PCISRV_1_EII ARP=Yes Mask=255.255.255.0 Address=95.12.31.16 LOAD IPXRTR LOAD IPXRTRNM BIND IPX PCISRV_1_EII net=BB00 seq=2 ------ In the central swith also lives 3 more ipx-router boxes running freebsd-4. The dump shows addresses 225-x, 217-x - they are from those networks mac of Novell Netware - 00:c0:df:f7:15:cf if you need a detailed dumps whith complete packets - i can send it to you by email here is ipx dumps on external interface: -------------------- [ cut ]------------------------------ [ed@216-218:~] tcpdump -ni fxp3f0 12:50:22.470146 (NOV-ETHII) 0000bb00.00:0d:88:45:7b:07.0455 > 00000000.ff:ff:ff:ff:ff:ff.0455: ipx-netbios 50 12:50:23.311240 (NOV-ETHII) 0000bb00.00:0d:88:45:7b:07.0455 > 00000000.ff:ff:ff:ff:ff:ff.0455: ipx-netbios 50 12:50:24.044492 (NOV-ETHII) 0000bb00.00:60:52:04:77:82.0453 > 0000bb00.ff:ff:ff:ff:ff:ff.0453:ipx-rip-resp 61975/1.1 61973/1.1 12:50:35.265244 (NOV-ETHII) 0000bb00.00:50:bf:e6:41:4e.0453 > 0000bb00.ff:ff:ff:ff:ff:ff.0453:ipx-rip-resp 2635143579/1.2 12:50:43.955012 (NOV-ETHII) 0000bb00.00:c0:26:e7:07:e9.0453 > 0000bb00.ff:ff:ff:ff:ff:ff.0453:ipx-rip-resp 61972/1.1 61970/1.1 61969/1.1 12:50:47.398718 (NOV-ETHII) 0000bb00.00:c0:26:e6:f9:e8.0452 > 0000bb00.ff:ff:ff:ff:ff:ff.0452:ipx-sap-resp 0640 '225-6' addr 0000f225.00:c0:26:e6:f9:c8 0640 '225-1' addr 0000f225.00:c0:26:e6:fa:66 0640 '225-10' addr 0000f225.00:60:67:65:3b:d7 0640 '225-11' addr 00000000.00:c0:26:e7:00:c6 0640 '225-9' addr 0000f225.00:c0:26:e6:f8:e1 0640 '225-7' addr 0000f225.00:c0:26:e7:04:75 0640 '225-2' addr 0000f225.00:c0:26:e7:06:5d 12:50:47.398855 (NOV-ETHII) 0000bb00.00:c0:26:e6:f9:e8.0452 > 0000bb00.ff:ff:ff:ff:ff:ff.0452:ipx-sap-resp 0640 '225-5' addr 0000f225.00:c0:26:e6:ff:a1 0640 '225-8' addr 0000f225.00:c0:26:e7:0a:87 12:50:48.448549 (NOV-ETHII) 0000bb00.00:c0:df:f7:09:9a.0453 > 0000bb00.ff:ff:ff:ff:ff:ff.0453:ipx-rip-resp 61976/1.1 12:50:49.963554 (NOV-ETHII) 0000bb00.00:c0:df:f7:15:cf.0453 > 0000bb00.ff:ff:ff:ff:ff:ff.0453:ipx-rip-resp 198182912/1.2 12:50:54.042090 (NOV-ETHII) 0000bb00.00:60:52:04:77:82.0452 > 0000bb00.ff:ff:ff:ff:ff:ff.0452:ipx-sap-resp 0640 '217-3' addr 0000f217.00:0d:88:45:99:14 0640 '215-6' addr 0000f215.00:0d:88:45:99:0e 0640 '217-6' addr 0000f217.00:0d:88:45:99:1c 0640 '215-10' addr 0000f215.00:0d:88:45:99:19 0640 '215-11' addr 0000f215.00:0d:88:45:99:1e 0640 '217-11' addr 0000f217.00:0d:88:45:99:23 0640 '217-10' addr 0000f217.00:0d:88:45:99:0c 12:50:54.042505 (NOV-ETHII) 0000bb00.00:60:52:04:77:82.0452 > 0000bb00.ff:ff:ff:ff:ff:ff.0452:ipx-sap-resp 0640 '217-1' addr 0000f217.00:0d:88:45:99:11 0640 '217-12' addr 0000f217.00:0d:88:45:99:21 0640 '215-9' addr 0000f215.00:0d:88:45:99:1f 0640 '217-9' addr 0000f217.00:0d:88:45:99:22 0640 '215-7' addr 0000f215.00:0d:88:45:99:18 0640 '217-7' addr 0000f217.00:0d:88:45:99:0f 0640 '215-2' addr 0000f215.00:0d:88:45:99:1b 12:50:54.101716 (NOV-ETHII) 0000bb00.00:60:52:04:77:82.0452 > 0000bb00.ff:ff:ff:ff:ff:ff.0452:ipx-sap-resp 0640 '217-2' addr 0000f217.00:0d:88:45:99:43 0640 '215-5' addr 0000f215.00:0d:88:45:99:13 0640 '217-5' addr 0000f217.00:0d:88:45:99:42 0640 '215-8' addr 0000f215.00:0d:88:45:99:06 0640 '217-8' addr 0000f217.00:0d:88:45:99:1a 12:50:58.282069 (NOV-ETHII) 0000bb00.00:50:ba:cb:b8:18.4008 > 0000bb00.ff:ff:ff:ff:ff:ff.0452:ipx-sap-resp 0640 'SERVER' addr 0000bb00.00:50:ba:cb:b8:18 12:51:01.955243 (NOV-ETHII) 04530000.bb:00:00:0f:ea:56.84b1 > 362e0000.bb:00:ff:ff:ff:ff.ffff: ipx-#ffff 22 12:51:01.955245 (NOV-ETHII) 04530000.bb:00:00:0f:ea:56.84b1 > 362e0000.bb:00:ff:ff:ff:ff.ffff: ipx-#ffff 22 12:51:17.401306 (NOV-ETHII) 0000bb00.00:c0:26:e6:f9:e8.0453 > 0000bb00.ff:ff:ff:ff:ff:ff.0453:ipx-rip-resp 61989/1.1 12:51:20.007695 (NOV-ETHII) 0000bb00.00:c0:df:f7:15:cf.0452 > 0000bb00.ff:ff:ff:ff:ff:ff.0452:ipx-sap-resp 0278 'RSVPU___________________________KM-^EM-^H@@@@@@@DM-^EPJ' addr 0bd00800.00:00:00:00:00:01 026b 'RSVPU___________________________KM-^EM-^H@@@@@@@DM-^EPJ' addr 0bd00800.00:00:00:00:00:01 0004 'MEDIA' addr 0bd00800.00:00:00:00:00:01 0107 'MEDIA' addr 0bd00800.00:00:00:00:00:01 004b 'MEDIA' addr 0bd00800.00:00:00:00:00:01 004b 'BSER4.00-7.00_0BD008000000000000010000' addr 0bd00800.00:00:00:00:00:01 12:51:24.039054 (NOV-ETHII) 0000bb00.00:60:52:04:77:82.0453 > 0000bb00.ff:ff:ff:ff:ff:ff.0453:ipx-rip-resp 61975/1.1 61973/1.1 12:51:35.266067 (NOV-ETHII) 0000bb00.00:50:bf:e6:41:4e.0453 > 0000bb00.ff:ff:ff:ff:ff:ff.0453:ipx-rip-resp 2635143579/1.2 12:51:39.564022 (NOV-ETHII) 0000bb00.00:50:ba:cb:b8:18.0455 > 00000000.ff:ff:ff:ff:ff:ff.0455: ipx-netbios 50 12:51:40.405148 (NOV-ETHII) 0000bb00.00:50:ba:cb:b8:18.0455 > 00000000.ff:ff:ff:ff:ff:ff.0455: ipx-netbios 50 12:51:41.246221 (NOV-ETHII) 0000bb00.00:50:ba:cb:b8:18.0455 > 00000000.ff:ff:ff:ff:ff:ff.0455: ipx-netbios 50 12:51:42.088419 (NOV-ETHII) 0000bb00.00:50:ba:cb:b8:18.0553 > 00000000.ff:ff:ff:ff:ff:ff.0553: ipx-nwlink-dgm 187 12:51:43.949888 (NOV-ETHII) 0000bb00.00:c0:26:e7:07:e9.0453 > 0000bb00.ff:ff:ff:ff:ff:ff.0453:ipx-rip-resp 61972/1.1 61970/1.1 61969/1.1 12:51:47.403811 (NOV-ETHII) 0000bb00.00:c0:26:e6:f9:e8.0452 > 0000bb00.ff:ff:ff:ff:ff:ff.0452:ipx-sap-resp 0640 '225-6' addr 0000f225.00:c0:26:e6:f9:c8 0640 '225-1' addr 0000f225.00:c0:26:e6:fa:66 0640 '225-10' addr 0000f225.00:60:67:65:3b:d7 0640 '225-11' addr 00000000.00:c0:26:e7:00:c6 0640 '225-9' addr 0000f225.00:c0:26:e6:f8:e1 0640 '225-7' addr 0000f225.00:c0:26:e7:04:75 0640 '225-2' addr 0000f225.00:c0:26:e7:06:5d 12:51:47.403934 (NOV-ETHII) 0000bb00.00:c0:26:e6:f9:e8.0452 > 0000bb00.ff:ff:ff:ff:ff:ff.0452:ipx-sap-resp 0640 '225-5' addr 0000f225.00:c0:26:e6:ff:a1 0640 '225-8' addr 0000f225.00:c0:26:e7:0a:87 12:51:47.944750 (NOV-ETHII) 0000bb00.00:50:ba:cb:b8:18.0455 > 00000000.ff:ff:ff:ff:ff:ff.0455: ipx-netbios 50 12:51:48.442473 (NOV-ETHII) 0000bb00.00:c0:df:f7:09:9a.0453 > 0000bb00.ff:ff:ff:ff:ff:ff.0453:ipx-rip-resp 61976/1.1 12:51:48.785940 (NOV-ETHII) 0000bb00.00:50:ba:cb:b8:18.0455 > 00000000.ff:ff:ff:ff:ff:ff.0455: ipx-netbios 50 12:51:49.626869 (NOV-ETHII) 0000bb00.00:50:ba:cb:b8:18.0455 > 00000000.ff:ff:ff:ff:ff:ff.0455: ipx-netbios 50 12:51:49.941176 (NOV-ETHII) 0000bb00.00:c0:df:f7:15:cf.0453 > 0000bb00.ff:ff:ff:ff:ff:ff.0453:ipx-rip-resp 198182912/1.2 12:51:54.036346 (NOV-ETHII) 0000bb00.00:60:52:04:77:82.0452 > 0000bb00.ff:ff:ff:ff:ff:ff.0452:ipx-sap-resp 0640 '217-3' addr 0000f217.00:0d:88:45:99:14 0640 '215-6' addr 0000f215.00:0d:88:45:99:0e 0640 '217-6' addr 0000f217.00:0d:88:45:99:1c 0640 '215-10' addr 0000f215.00:0d:88:45:99:19 0640 '215-11' addr 0000f215.00:0d:88:45:99:1e 0640 '217-11' addr 0000f217.00:0d:88:45:99:23 0640 '217-10' addr 0000f217.00:0d:88:45:99:0c 12:51:54.036760 (NOV-ETHII) 0000bb00.00:60:52:04:77:82.0452 > 0000bb00.ff:ff:ff:ff:ff:ff.0452:ipx-sap-resp 0640 '217-1' addr 0000f217.00:0d:88:45:99:11 0640 '217-12' addr 0000f217.00:0d:88:45:99:21 0640 '215-9' addr 0000f215.00:0d:88:45:99:1f 0640 '217-9' addr 0000f217.00:0d:88:45:99:22 0640 '215-7' addr 0000f215.00:0d:88:45:99:18 0640 '217-7' addr 0000f217.00:0d:88:45:99:0f 0640 '215-2' addr 0000f215.00:0d:88:45:99:1b 12:51:54.095854 (NOV-ETHII) 0000bb00.00:60:52:04:77:82.0452 > 0000bb00.ff:ff:ff:ff:ff:ff.0452:ipx-sap-resp 0640 '217-2' addr 0000f217.00:0d:88:45:99:43 0640 '215-5' addr 0000f215.00:0d:88:45:99:13 0640 '217-5' addr 0000f217.00:0d:88:45:99:42 0640 '215-8' addr 0000f215.00:0d:88:45:99:06 0640 '217-8' addr 0000f217.00:0d:88:45:99:1a 12:51:58.278314 (NOV-ETHII) 0000bb00.00:50:ba:cb:b8:18.4008 > 0000bb00.ff:ff:ff:ff:ff:ff.0452:ipx-sap-resp 0640 'SERVER' addr 0000bb00.00:50:ba:cb:b8:18 12:52:01.956157 (NOV-ETHII) 04530000.bb:00:00:0f:ea:56.84b1 > 00350000.bb:00:ff:ff:ff:ff.ffff: ipx-#ffff 22 12:52:01.956159 (NOV-ETHII) 04530000.bb:00:00:0f:ea:56.84b1 > 00350000.bb:00:ff:ff:ff:ff.ffff: ipx-#ffff 22 12:52:05.126550 (NOV-ETHII) 0000bb00.00:50:ba:cb:b8:18.0453 > 00000000.ff:ff:ff:ff:ff:ff.0453:ipx-rip-req 198182912/65535.65535 12:52:17.201868 (NOV-ETHII) 0000bb00.00:0d:88:45:7b:07.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:52:17.405740 (NOV-ETHII) 0000bb00.00:c0:26:e6:f9:e8.0453 > 0000bb00.ff:ff:ff:ff:ff:ff.0453:ipx-rip-resp 61989/1.1 12:52:19.985298 (NOV-ETHII) 0000bb00.00:c0:df:f7:15:cf.0452 > 0000bb00.ff:ff:ff:ff:ff:ff.0452:ipx-sap-resp 0278 'RSVPU___________________________KM-^EM-^H@@@@@@@DM-^EPJ' addr 0bd00800.00:00:00:00:00:01 026b 'RSVPU___________________________KM-^EM-^H@@@@@@@DM-^EPJ' addr 0bd00800.00:00:00:00:00:01 0004 'MEDIA' addr 0bd00800.00:00:00:00:00:01 0107 'MEDIA' addr 0bd00800.00:00:00:00:00:01 004b 'MEDIA' addr 0bd00800.00:00:00:00:00:01 004b 'BSER4.00-7.00_0BD008000000000000010000' addr 0bd00800.00:00:00:00:00:01 12:52:24.032773 (NOV-ETHII) 0000bb00.00:60:52:04:77:82.0453 > 0000bb00.ff:ff:ff:ff:ff:ff.0453:ipx-rip-resp 61975/1.1 61973/1.1 ------------------- [cut]--------------------------- and here is dump of ipx on the internal interface at the same time when a client tries to access a netware server (he just typed \\MEDIA ) [ed@216-218:~] tcpdump -ni fxp0f0 ------------------[cut]------------------------- 12:50:21.116250 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-req 0004 12:50:21.837218 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-req 0004 12:50:22.558200 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-req 0004 12:50:23.289111 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.0455 > 00000000.ff:ff:ff:ff:ff:ff.0455: ipx-netbios 50 12:50:24.130253 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.0455 > 00000000.ff:ff:ff:ff:ff:ff.0455: ipx-netbios 50 12:50:24.971382 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.0455 > 00000000.ff:ff:ff:ff:ff:ff.0455: ipx-netbios 50 12:50:48.380331 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:50:49.053509 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:50:49.774467 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:50:50.495447 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:50:51.218002 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:50:51.937327 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:50:52.658310 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:50:53.379266 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:50:54.100218 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:50:54.821181 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:50:55.542220 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-req 0004 12:50:56.263108 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-req 0004 12:50:56.984062 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-req 0004 12:50:57.705040 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-req 0004 12:50:58.435960 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.0455 > 00000000.ff:ff:ff:ff:ff:ff.0455: ipx-netbios 50 12:50:59.277120 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.0455 > 00000000.ff:ff:ff:ff:ff:ff.0455: ipx-netbios 50 12:51:00.118227 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.0455 > 00000000.ff:ff:ff:ff:ff:ff.0455: ipx-netbios 50 12:51:01.955192 (NOV-ETHII) 04530000.f2:16:00:02:b3:38.5c27 > 6c6f0000.f2:16:ff:ff:ff:ff.ffff: ipx-#ffff 22 12:51:01.955196 (NOV-ETHII) 04530000.f2:16:00:02:b3:38.5c27 > 6c6f0000.f2:16:ff:ff:ff:ff.ffff: ipx-#ffff 22 12:51:23.323574 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:51:24.020119 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:51:24.741074 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:51:25.462037 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:51:26.183082 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:51:26.903955 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:51:27.624916 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:51:28.345880 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:51:29.066874 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:51:29.787818 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:51:30.508845 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-req 0004 12:51:31.229729 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-req 0004 12:51:31.950676 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-req 0004 12:51:32.671651 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-req 0004 12:51:33.402582 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.0455 > 00000000.ff:ff:ff:ff:ff:ff.0455: ipx-netbios 50 12:51:34.243749 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.0455 > 00000000.ff:ff:ff:ff:ff:ff.0455: ipx-netbios 50 12:51:35.084872 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.0455 > 00000000.ff:ff:ff:ff:ff:ff.0455: ipx-netbios 50 12:51:44.348407 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:51:45.048151 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:51:45.769097 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:51:46.490053 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:51:47.211270 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:51:47.931987 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:51:48.652951 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:51:49.373911 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:51:50.094874 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:51:50.815850 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-nearest-req 0004 12:51:51.537028 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-req 0004 12:51:52.257767 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-req 0004 12:51:52.978711 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-req 0004 12:51:53.028893 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.0455 > 00000000.ff:ff:ff:ff:ff:ff.0455: ipx-netbios 50 12:51:53.699693 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-req 0004 12:51:53.869905 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.0455 > 00000000.ff:ff:ff:ff:ff:ff.0455: ipx-netbios 50 12:51:54.711088 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.0455 > 00000000.ff:ff:ff:ff:ff:ff.0455: ipx-netbios 50 12:51:55.612243 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.0455 > 00000000.ff:ff:ff:ff:ff:ff.0455: ipx-netbios 50 12:51:56.453359 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.0455 > 00000000.ff:ff:ff:ff:ff:ff.0455: ipx-netbios 50 12:51:57.294479 (NOV-ETHII) 00000000.00:50:bf:e6:41:22.0455 > 00000000.ff:ff:ff:ff:ff:ff.0455: ipx-netbios 50 12:52:01.956113 (NOV-ETHII) 04530000.f2:16:00:02:b3:38.5c27 > 6c6f0000.f2:16:ff:ff:ff:ff.ffff: ipx-#ffff 22 12:52:01.956117 (NOV-ETHII) 04530000.f2:16:00:02:b3:38.5c27 > 6c6f0000.f2:16:ff:ff:ff:ff.ffff: ipx-#ffff 22 ------------------[cut]--------------- whith freebsd-5stable brunch cvsuped on 04.apr.2005 from cvsup.freebsd.org, the routes appears, but they are all default routes and there are dupes: # netstat -nrf ipx Routing tables IPX: Destination Gateway Flags Netif Expire default bb00.fea5684b1 U fxp3f0 default bb00.c0dff715cf UG fxp3f0 default bb00.50bfe6414e UG fxp3f0 default f218.d88458a12 UG fxp3f0 default bb00.c026e707e9 UG fxp3f0 default bb00.c026e707e9 UG fxp3f0 default bb00.c026e707e9 UG fxp3f0 default bb00.6052047782 UG fxp3f0 default bb00.6052047782 UG fxp3f0 default bb00.c0dff7099a UG fxp3f0 I dont know wy there is dupes. ipx configured only on if_ef. there is no ipx address given to fxp interfaces itself (in rc.conf of 5.3-Stable box) Thanx in advance for you help. I`ll be glad to having part in fixing this issue. -+- wbw, Dmitry From owner-freebsd-net@FreeBSD.ORG Tue Apr 5 06:04:19 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 871A216A4CE for ; Tue, 5 Apr 2005 06:04:19 +0000 (GMT) Received: from mail.trueafrican.com (mail.trueafrican.com [212.88.98.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id BDD4943D1D for ; Tue, 5 Apr 2005 06:04:17 +0000 (GMT) (envelope-from ziggy@trueafrican.com) Received: from mail.trueafrican.com ([127.0.0.1]) by localhost (mail.trueafrican.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11328-10; Tue, 5 Apr 2005 09:03:58 +0300 (EAT) Received: from trueafrican.com (localhost.trueafrican.com [127.0.0.1]) by mail.trueafrican.com (Postfix) with ESMTP id B777A25F0DC; Tue, 5 Apr 2005 09:03:56 +0300 (EAT) From: "Ziggy David Lubowa" To: Alan , freebsd-net@freebsd.org Date: Tue, 5 Apr 2005 10:03:55 +0400 Message-Id: <20050405060025.M62517@trueafrican.com> In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 X-Virus-Scanned: by amavisd-new at trueafrican.com Subject: Re: Q: routing, nat X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Apr 2005 06:04:19 -0000 > > I will really appreciate it if someone could direct me to an article > on the net where I can read about it. ++ what you looking for is ipnat + ipfilter configurations !! please look at the link below , hope it helps. http://www.bsdguides.org/guides/freebsd/networking/ipfilter.php > > Thanks. > > Alan > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" Regards David Ziggy Lubowa From owner-freebsd-net@FreeBSD.ORG Tue Apr 5 06:10:23 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2DA6516A4CE for ; Tue, 5 Apr 2005 06:10:23 +0000 (GMT) Received: from Neo-Vortex.net (203-217-87-46.dyn.iinet.net.au [203.217.87.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0973F43D1D for ; Tue, 5 Apr 2005 06:10:20 +0000 (GMT) (envelope-from root@Neo-Vortex.net) Received: from localhost.Neo-Vortex.got-root.cc (Neo-Vortex@localhost.Neo-Vortex.got-root.cc [127.0.0.1]) by Neo-Vortex.net (8.13.1/8.12.10) with ESMTP id j356AHeF024596; Tue, 5 Apr 2005 16:10:17 +1000 (EST) (envelope-from root@Neo-Vortex.net) Date: Tue, 5 Apr 2005 16:10:17 +1000 (EST) From: Neo-Vortex To: Charles Swiger In-Reply-To: Message-ID: <20050405160737.J24150@Neo-Vortex.net> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org cc: Alan Subject: Re: Q: routing, nat X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Apr 2005 06:10:23 -0000 On Mon, 4 Apr 2005, Charles Swiger wrote: > On Apr 4, 2005, at 4:24 PM, Alan wrote: > > I am trying to setup a home network with Internet access for a windows > > xp machine and freeSBIE workstation and want to use the bsd station to > > act as a gateway for the windows one. I am having hard time setting > > the correct routing info. > > > > I will really appreciate it if someone could direct me to an article > > on the net where I can read about it. > > Start with the Handbook: > > http://www.freebsd.org/doc/en/books/handbook/network-natd.html > > ...although a Linksys or D-Link broadband router does this job quite > well, too. Not meaning to start any flames... but i can strongly suggest _AGAINST_ D-Link Broaband Routers... (Especially the 504...). I personally have had bad experiences with them, and so has many other people i know of who have one. My 504 is in Bridge mode (acts like a normal modem with a switch) and FreeBSD acts as the router because it hanging (literally) 1-2 times a day randomly plus if you ever try to use any features of MSN Messenger that create a direct connection among other things (including Torrent clients/etc) isn't acceptable for me... > -- > -Chuck > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Tue Apr 5 19:02:25 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A6EA916A4CE for ; Tue, 5 Apr 2005 19:02:25 +0000 (GMT) Received: from neon.webfusion.co.uk (neon.webfusion.co.uk [212.67.202.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2286643D3F for ; Tue, 5 Apr 2005 19:02:25 +0000 (GMT) (envelope-from michael.hopkins@hopkins-research.com) Received: from 83-216-132-201.markch725.adsl.metronet.co.uk ([83.216.132.201] helo=[192.168.0.5]) by neon.webfusion.co.uk with asmtp (Exim 3.36 #1) id 1DItJe-0000b3-00 for freebsd-net@freebsd.org; Tue, 05 Apr 2005 20:02:22 +0100 User-Agent: Microsoft-Entourage/10.1.1.2418 Date: Tue, 05 Apr 2005 20:02:21 +0100 From: Michael Hopkins To: Message-ID: Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Subject: Question regarding ssh login message X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Apr 2005 19:02:25 -0000 Hi all When I login using ssh to a FreeBSD box (Athlon) running amd64 5.3 from an OS X laptop on the local network, I always get this message: reverse mapping checking getaddrinfo for athlon failed - POSSIBLE BREAKIN ATTEMPT! ...but then everything works fine afterwards. People have suggested a mis-configured named setup, so now that is switched off and all hostnames are stored in /etc/hosts. The local network is small (3 machines) and all external access is via the combined network router/ADSL modem which links everything together. The IP for this router is the only entry in /etc/resolv.conf at each end. I'm not sure if the ssh setup at one or both ends is to blame or if it's somewhere in the network setup. Does anyone have any suggestions on where to look for the problem or diagnostic tools/logs that will help point to the solution? TIA Michael _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ _/ _/ _/_/_/ Hopkins Research Ltd _/ _/ _/ _/ _/_/_/_/ _/_/_/ http://www.hopkins-research.com/ _/ _/ _/ _/ _/ _/ _/ _/ 'touch the future' _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ From owner-freebsd-net@FreeBSD.ORG Wed Apr 6 02:23:26 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9FBA816A4CE for ; Wed, 6 Apr 2005 02:23:26 +0000 (GMT) Received: from mail.omniti.com (longsword.omniti.com [66.80.117.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0151443D1D for ; Wed, 6 Apr 2005 02:23:26 +0000 (GMT) (envelope-from jesus@omniti.com) DomainKey-Status: good X-DomainKeys: Ecelerity dk_sign implementing draft-delany-domainkeys-base-01 DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws; s=test; d=omniti.com; h=Received:In-Reply-To:References:Mime-Version:Content-Type:Message-Id:Content-Transfer-Encoding:Cc:From:Subject:Date:To:X-Mailer; b=kvEgoyX4H9pV1GQAe8A84IcpQyp0AMKsFwY3Pg4MVEyoUwuoSKqTOgIXHaqFbDQ8 W9h0Rrbn+c8SsE0MoIRW+wEtTc/pnAnqkw9XuMPtbdEEOM9G2UeHFIp1TtBgX5Iy Received: from ([68.55.212.69:64526] helo=[192.168.218.138]) by mail.omniti.com (ecelerity HEAD r(4355M)) with SMTP id 16/66-18861-D0843524 for ; Tue, 05 Apr 2005 22:23:14 -0400 In-Reply-To: <55441.80.203.112.249.1112648751.squirrel@webmail.stabbursmoen.no> References: <425196F0.4020309@x-trader.de> <200504042143.09216.max@love2party.net> <55441.80.203.112.249.1112648751.squirrel@webmail.stabbursmoen.no> Mime-Version: 1.0 (Apple Message framework v619.2) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <6c90f549a55284d8a5f0abf0ac5bc329@omniti.com> Content-Transfer-Encoding: 7bit From: Theo Schlossnagle Date: Tue, 5 Apr 2005 22:23:09 -0400 To: eivind@stabbursmoen.no X-Mailer: Apple Mail (2.619.2) cc: Max Laier cc: Theo Schlossnagle cc: freebsd-net@freebsd.org Subject: Re: FreeVRRPd project status X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2005 02:23:26 -0000 On Apr 4, 2005, at 5:05 PM, Eivind Hestnes wrote: > If you are looking for a Open Source failover solution, CARP is > probably > the best choice as it stands today. > > If you need assistance with the configuration, please reply to the > list, > and I will try to respond. While it requires a serious paradigm shift, Wackamole (http://www.backhand.org/wackamole/) provides N:M IP redundancy on *BSD + linux/windows/solaris. Down sides: not quite as transparent, no MAC stealing, but uses grat. ARPing to announce failures. Upsides: you have have more than two machines (N) and you can offer services over more than one IP (M). We run it on some static image server clusters as well as some relatively high throughput FreeBSD 4-stable routers running normal IP forwarding, natd and endpointing many IPSEC VPN tunnels. It's a pretty different solution than CARP. More useful in some places, less appropriate in others. // Theo Schlossnagle // Principal Engineer -- http://www.omniti.com/~jesus/ // OmniTI Computer Consulting, Inc. -- http://www.omniti.com/ // Ecelerity: fastest MTA on Earth From owner-freebsd-net@FreeBSD.ORG Wed Apr 6 02:35:31 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F0EE516A4CE for ; Wed, 6 Apr 2005 02:35:30 +0000 (GMT) Received: from smtp101.rog.mail.re2.yahoo.com (smtp101.rog.mail.re2.yahoo.com [206.190.36.79]) by mx1.FreeBSD.org (Postfix) with SMTP id 5792D43D2D for ; Wed, 6 Apr 2005 02:35:30 +0000 (GMT) (envelope-from mikej@rogers.com) Received: from unknown (HELO 172.16.0.1) (mikej@69.193.222.195 with login) by smtp101.rog.mail.re2.yahoo.com with SMTP; 6 Apr 2005 02:35:29 -0000 Received: from 172.16.0.199 (SquirrelMail authenticated user mikej) by wettoast.dyndns.org with HTTP; Tue, 5 Apr 2005 22:35:24 -0400 (EDT) Message-ID: <1860.172.16.0.199.1112754924.squirrel@wettoast.dyndns.org> In-Reply-To: <6c90f549a55284d8a5f0abf0ac5bc329@omniti.com> References: <425196F0.4020309@x-trader.de> <200504042143.09216.max@love2party.net> <55441.80.203.112.249.1112648751.squirrel@webmail.stabbursmoen.no> <6c90f549a55284d8a5f0abf0ac5bc329@omniti.com> Date: Tue, 5 Apr 2005 22:35:24 -0400 (EDT) From: "Mike Jakubik" To: "Theo Schlossnagle" User-Agent: SquirrelMail/1.5.1 [CVS] MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: freebsd-net@freebsd.org cc: eivind@stabbursmoen.no Subject: Re: FreeVRRPd project status X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2005 02:35:31 -0000 On Tue, April 5, 2005 10:23 pm, Theo Schlossnagle said: > On Apr 4, 2005, at 5:05 PM, Eivind Hestnes wrote: > >> If you are looking for a Open Source failover solution, CARP is >> probably the best choice as it stands today. >> >> If you need assistance with the configuration, please reply to the >> list, and I will try to respond. > > While it requires a serious paradigm shift, Wackamole > (http://www.backhand.org/wackamole/) provides N:M IP redundancy on *BSD > + linux/windows/solaris. > > > Down sides: not quite as transparent, no MAC stealing, but uses grat. > ARPing to announce failures. And its unmaintanied and does not compile on FreeBSD 5.x. From owner-freebsd-net@FreeBSD.ORG Wed Apr 6 02:46:56 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E506B16A4CE for ; Wed, 6 Apr 2005 02:46:56 +0000 (GMT) Received: from mail.omniti.com (longsword.omniti.com [66.80.117.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4A6E243D1D for ; Wed, 6 Apr 2005 02:46:56 +0000 (GMT) (envelope-from jesus@omniti.com) DomainKey-Status: good X-DomainKeys: Ecelerity dk_sign implementing draft-delany-domainkeys-base-01 DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws; s=test; d=omniti.com; h=Received:In-Reply-To:References:Mime-Version:Content-Type:Message-Id:Content-Transfer-Encoding:Cc:From:Subject:Date:To:X-Mailer; b=E0GMEGjiFlnQey//pKmOT6XEoTCFAfR20zikkYiGHbWmmRJTyAh/IhmN17bJ7B9E 2b+zD2YLypCvIyUg/IEFItz4v0aCqUg4dFQf0qE6LR5dwngV9FnPzq5ekNp5GJKE Received: from ([68.55.212.69:61565] helo=[192.168.218.138]) by mail.omniti.com (ecelerity HEAD r(4355M)) with SMTP id BC/66-18861-F8D43524 for ; Tue, 05 Apr 2005 22:46:44 -0400 In-Reply-To: <1860.172.16.0.199.1112754924.squirrel@wettoast.dyndns.org> References: <425196F0.4020309@x-trader.de> <200504042143.09216.max@love2party.net> <55441.80.203.112.249.1112648751.squirrel@webmail.stabbursmoen.no> <6c90f549a55284d8a5f0abf0ac5bc329@omniti.com> <1860.172.16.0.199.1112754924.squirrel@wettoast.dyndns.org> Mime-Version: 1.0 (Apple Message framework v619.2) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Theo Schlossnagle Date: Tue, 5 Apr 2005 22:46:39 -0400 To: "Mike Jakubik" X-Mailer: Apple Mail (2.619.2) cc: freebsd-net@freebsd.org cc: eivind@stabbursmoen.no cc: Theo Schlossnagle Subject: Re: FreeVRRPd project status X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2005 02:46:57 -0000 On Apr 5, 2005, at 10:35 PM, Mike Jakubik wrote: > On Tue, April 5, 2005 10:23 pm, Theo Schlossnagle said: >> On Apr 4, 2005, at 5:05 PM, Eivind Hestnes wrote: >> >>> If you are looking for a Open Source failover solution, CARP is >>> probably the best choice as it stands today. >>> >>> If you need assistance with the configuration, please reply to the >>> list, and I will try to respond. >> >> While it requires a serious paradigm shift, Wackamole >> (http://www.backhand.org/wackamole/) provides N:M IP redundancy on >> *BSD >> + linux/windows/solaris. >> >> >> Down sides: not quite as transparent, no MAC stealing, but uses grat. >> ARPing to announce failures. > > And its unmaintanied and does not compile on FreeBSD 5.x. It isn't unmaintained... what makes you think it is unmaintained? Compiles fine on my boxen. (4.11, 4-stable, 5.2.1, 5.3-RELEASE-p5) It has a dependency on Spread (which I think is in ports somewhere). It's running in production on a few 5.3 boxes that I know of, likely many more that I don't. // Theo Schlossnagle // Principal Engineer -- http://www.omniti.com/~jesus/ // OmniTI Computer Consulting, Inc. -- http://www.omniti.com/ // Ecelerity: fastest MTA on Earth From owner-freebsd-net@FreeBSD.ORG Wed Apr 6 05:21:52 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AE7DE16A4CE for ; Wed, 6 Apr 2005 05:21:52 +0000 (GMT) Received: from smtp104.rog.mail.re2.yahoo.com (smtp104.rog.mail.re2.yahoo.com [206.190.36.82]) by mx1.FreeBSD.org (Postfix) with SMTP id E884C43D45 for ; Wed, 6 Apr 2005 05:21:51 +0000 (GMT) (envelope-from mikej@rogers.com) Received: from unknown (HELO 172.16.0.1) (mikej@69.193.222.195 with login) by smtp104.rog.mail.re2.yahoo.com with SMTP; 6 Apr 2005 05:21:51 -0000 Received: from 172.16.0.199 (SquirrelMail authenticated user mikej) by wettoast.dyndns.org with HTTP; Wed, 6 Apr 2005 01:21:45 -0400 (EDT) Message-ID: <2257.172.16.0.199.1112764905.squirrel@wettoast.dyndns.org> In-Reply-To: References: <425196F0.4020309@x-trader.de> <200504042143.09216.max@love2party.net> <55441.80.203.112.249.1112648751.squirrel@webmail.stabbursmoen.no> <6c90f549a55284d8a5f0abf0ac5bc329@omniti.com> <1860.172.16.0.199.1112754924.squirrel@wettoast.dyndns.org> Date: Wed, 6 Apr 2005 01:21:45 -0400 (EDT) From: "Mike Jakubik" To: "Theo Schlossnagle" User-Agent: SquirrelMail/1.5.1 [CVS] MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: freebsd-net@freebsd.org cc: eivind@stabbursmoen.no cc: Theo Schlossnagle Subject: Re: FreeVRRPd project status X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2005 05:21:52 -0000 On Tue, April 5, 2005 10:46 pm, Theo Schlossnagle said: > It isn't unmaintained... what makes you think it is unmaintained? wackamole version 2.1.1 was released on July 28th, 2004 (08.31.2004). > Compiles fine on my boxen. (4.11, 4-stable, 5.2.1, 5.3-RELEASE-p5) Really? Ive never been able to compile it on any 5.x box. gcc -g -O2 -Wall -I. -I. -I/usr/local/include -DDONT_USE_THREADS -DETCDIR=\"/usr/local/etc\" -D_PATH_WACKAMOLE_PIDDIR=\"/var/run\" -DBUNDLEEXT=\"so\" -DHAVE_CONFIG_H -c alarm.c flex -Pwack config_gram.l bison -y -p wack -d config_gram.y config_gram.y:91.10: parse error, unexpected ":", expecting ";" or "|" config_gram.y:191.10: parse error, unexpected ":", expecting ";" or "|" config_gram.y:210.4-212.22: invalid $ value config_gram.y:217.4-219.22: invalid $ value *** Error code 1 Stop in /tmp/wackamole-2.1.1. From owner-freebsd-net@FreeBSD.ORG Wed Apr 6 06:52:53 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F04FD16A4CE for ; Wed, 6 Apr 2005 06:52:53 +0000 (GMT) Received: from mail-svr1.cs.utah.edu (brahma.cs.utah.edu [155.98.64.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id C608743D1D for ; Wed, 6 Apr 2005 06:52:53 +0000 (GMT) (envelope-from swami@cs.utah.edu) Received: from localhost (localhost [127.0.0.1]) by mail-svr1.cs.utah.edu (Postfix) with ESMTP id 89810346ED for ; Wed, 6 Apr 2005 00:52:53 -0600 (MDT) Received: from mail-svr1.cs.utah.edu ([127.0.0.1]) by localhost (mail-svr1.cs.utah.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 21356-09 for ; Wed, 6 Apr 2005 00:52:53 -0600 (MDT) Received: from gradofc8.cs.utah.edu (gradofc8.cs.utah.edu [155.98.66.68]) by mail-svr1.cs.utah.edu (Postfix) with ESMTP id 49F65346D9 for ; Wed, 6 Apr 2005 00:52:53 -0600 (MDT) Received: by gradofc8.cs.utah.edu (Postfix, from userid 4970) id 2743AAD9E6; Wed, 6 Apr 2005 00:52:53 -0600 (MDT) Received: from localhost (localhost [127.0.0.1]) by gradofc8.cs.utah.edu (Postfix) with ESMTP id 16460AD9E5 for ; Wed, 6 Apr 2005 00:52:53 -0600 (MDT) Date: Wed, 6 Apr 2005 00:52:53 -0600 (MDT) From: Swami Pichumani To: freebsd-net@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: amavisd-new at cs.utah.edu Subject: URGENT: using cryptographic function X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2005 06:52:54 -0000 Hi all can someone help me with info on how to use the cryptograhic functions (provided by libcrypto) from the tcp code? I wish to make rsa function calls from tcp code. But the kernel crypto implementation only a few hash functions. Can someone guide me on how to use the libcrypto from tcp... thanks in advance -sw From owner-freebsd-net@FreeBSD.ORG Wed Apr 6 17:06:16 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5B4C316A4CE for ; Wed, 6 Apr 2005 17:06:16 +0000 (GMT) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id E934843D1F for ; Wed, 6 Apr 2005 17:06:15 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id j36H6EU8030806; Wed, 6 Apr 2005 10:06:14 -0700 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id j36H6Doj030805; Wed, 6 Apr 2005 10:06:13 -0700 Date: Wed, 6 Apr 2005 10:06:13 -0700 From: Brooks Davis To: Swami Pichumani Message-ID: <20050406170613.GC20890@odin.ac.hmc.edu> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="E/DnYTRukya0zdZ1" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu cc: freebsd-net@freebsd.org Subject: Re: URGENT: using cryptographic function X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2005 17:06:16 -0000 --E/DnYTRukya0zdZ1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Apr 06, 2005 at 12:52:53AM -0600, Swami Pichumani wrote: > Hi all > can someone help me with info on how to use the cryptograhic functions=20 > (provided by libcrypto) from the tcp code? > I wish to make rsa function calls from tcp code. But the kernel crypto=20 > implementation only a few hash functions. Can someone guide me on how to= =20 > use the libcrypto from tcp... You can't user userland libraries in the kernel. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --E/DnYTRukya0zdZ1 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCVBcDXY6L6fI4GtQRAoe4AKDloK6NFr1WreTedtKHkriCPab+fgCfZyVA JNqgPXrYeEBvIR7DiW1ypko= =34W4 -----END PGP SIGNATURE----- --E/DnYTRukya0zdZ1-- From owner-freebsd-net@FreeBSD.ORG Thu Apr 7 15:11:19 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 88E9A16A4CE for ; Thu, 7 Apr 2005 15:11:19 +0000 (GMT) Received: from bgo1smout1.broadpark.no (bgo1smout1.broadpark.no [217.13.4.94]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0EA4243D1F for ; Thu, 7 Apr 2005 15:11:19 +0000 (GMT) (envelope-from des@des.no) Received: from bgo1sminn1.broadpark.no ([217.13.4.93]) by bgo1smout1.broadpark.no (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTP id <0IEL008H10LIXZB0@bgo1smout1.broadpark.no> for freebsd-net@freebsd.org; Thu, 07 Apr 2005 17:05:42 +0200 (CEST) Received: from dsa.des.no ([80.203.228.37]) by bgo1sminn1.broadpark.no (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTP id <0IEL002KP0X439E0@bgo1sminn1.broadpark.no> for freebsd-net@freebsd.org; Thu, 07 Apr 2005 17:12:40 +0200 (CEST) Received: by dsa.des.no (Pony Express, from userid 666) id 9B096EBC15; Thu, 07 Apr 2005 17:11:17 +0200 (CEST) Received: from xps.des.no (xps.des.no [10.0.0.12]) by dsa.des.no (Pony Express) with ESMTP id 10F84EBC08; Thu, 07 Apr 2005 17:11:13 +0200 (CEST) Received: by xps.des.no (Postfix, from userid 1001) id 05D5F33C5A; Thu, 07 Apr 2005 17:11:13 +0200 (CEST) Date: Thu, 07 Apr 2005 17:11:12 +0200 From: des@des.no (=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?=) In-reply-to: <6731347a839d85db456b1c5a33bcf0b5@mac.com> To: Charles Swiger Message-id: <864qeibp0v.fsf@xps.des.no> MIME-version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: quoted-printable X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on dsa.des.no References: <425196F0.4020309@x-trader.de> <6731347a839d85db456b1c5a33bcf0b5@mac.com> User-Agent: Gnus/5.110002 (No Gnus v0.2) Emacs/21.3 (berkeley-unix) X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED,AWL autolearn=disabled version=3.0.2 X-Spam-Level: cc: freebsd-net@freebsd.org Subject: Re: FreeVRRPd project status X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2005 15:11:19 -0000 Charles Swiger writes: > It's dead, I think: Cisco's lawyers started making predatory noises > about their "intellectual property". Some people from NetBSD are > working on a replacement called CARP, which you might want to check > out-- it seems that FreeBSD will be picking up support for this soon, > as well. CARP comes from OpenBSD, not NetBSD, and is already in FreeBSD. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no From owner-freebsd-net@FreeBSD.ORG Thu Apr 7 15:12:09 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4635916A4CE for ; Thu, 7 Apr 2005 15:12:09 +0000 (GMT) Received: from bgo1smout1.broadpark.no (bgo1smout1.broadpark.no [217.13.4.94]) by mx1.FreeBSD.org (Postfix) with ESMTP id DACC943D53 for ; Thu, 7 Apr 2005 15:12:08 +0000 (GMT) (envelope-from des@des.no) Received: from bgo1sminn1.broadpark.no ([217.13.4.93]) by bgo1smout1.broadpark.no (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTP id <0IEL008I40MWXZB0@bgo1smout1.broadpark.no> for freebsd-net@freebsd.org; Thu, 07 Apr 2005 17:06:32 +0200 (CEST) Received: from dsa.des.no ([80.203.228.37]) by bgo1sminn1.broadpark.no (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTP id <0IEL002NE0YI39E0@bgo1sminn1.broadpark.no> for freebsd-net@freebsd.org; Thu, 07 Apr 2005 17:13:30 +0200 (CEST) Received: by dsa.des.no (Pony Express, from userid 666) id CE7BFEBC15; Thu, 07 Apr 2005 17:12:07 +0200 (CEST) Received: from xps.des.no (xps.des.no [10.0.0.12]) by dsa.des.no (Pony Express) with ESMTP id 29F22EBE55; Thu, 07 Apr 2005 17:12:03 +0200 (CEST) Received: by xps.des.no (Postfix, from userid 1001) id EE76F33C5A; Thu, 07 Apr 2005 17:12:02 +0200 (CEST) Date: Thu, 07 Apr 2005 17:12:02 +0200 From: des@des.no (=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?=) In-reply-to: <2257.172.16.0.199.1112764905.squirrel@wettoast.dyndns.org> To: Mike Jakubik Message-id: <86zmwaaaf1.fsf@xps.des.no> MIME-version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: quoted-printable X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on dsa.des.no References: <425196F0.4020309@x-trader.de> <200504042143.09216.max@love2party.net> <55441.80.203.112.249.1112648751.squirrel@webmail.stabbursmoen.no> <6c90f549a55284d8a5f0abf0ac5bc329@omniti.com> <1860.172.16.0.199.1112754924.squirrel@wettoast.dyndns.org> <2257.172.16.0.199.1112764905.squirrel@wettoast.dyndns.org> User-Agent: Gnus/5.110002 (No Gnus v0.2) Emacs/21.3 (berkeley-unix) X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED,AWL autolearn=disabled version=3.0.2 X-Spam-Level: cc: freebsd-net@freebsd.org cc: eivind@stabbursmoen.no cc: Theo Schlossnagle Subject: Re: FreeVRRPd project status X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2005 15:12:09 -0000 "Mike Jakubik" writes: > Really? Ive never been able to compile it on any 5.x box. > [...] > bison -y -p wack -d config_gram.y > config_gram.y:91.10: parse error, unexpected ":", expecting ";" or "|" > config_gram.y:191.10: parse error, unexpected ":", expecting ";" or "|" > config_gram.y:210.4-212.22: invalid $ value > config_gram.y:217.4-219.22: invalid $ value > *** Error code 1 You're probably using the wrong version of bison. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no From owner-freebsd-net@FreeBSD.ORG Thu Apr 7 16:15:07 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4C0FA16A4CE for ; Thu, 7 Apr 2005 16:15:07 +0000 (GMT) Received: from cwb.pacific.net.hk (cwb.pacific.net.hk [202.14.67.92]) by mx1.FreeBSD.org (Postfix) with ESMTP id 69A3F43D45 for ; Thu, 7 Apr 2005 16:15:06 +0000 (GMT) (envelope-from jmok@attglobal.net) Received: from [192.168.16.50] (154.159.17.210.fixed.pacific.net.hk [210.17.159.154]) by cwb.pacific.net.hk with ESMTP id j37GF4Ou007519 for ; Fri, 8 Apr 2005 00:15:05 +0800 (CST) Message-ID: <42555C87.7030700@attglobal.net> Date: Fri, 08 Apr 2005 00:15:03 +0800 From: John Mok User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: FreeBSD Firewall + NAT Traversal + IPsec X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2005 16:15:07 -0000 Hi, I'm new to FreeBSD. Is it possible make a FreeBSD box with firewall + NAT, such that client PC(s) from the NATed internal network could connect to a VPN gateway on the Internet :- client PC ----- FreeBSD Firewall + NAT ---- Internet ---- IPsec VPN gateway 192.168.x.x/16 (e.g. Checkpoint FW-1) (VPN client) I hope someone could help to advise what software is required on the FreeBSD box to NAT traversal work and where to get the HOWTO(s)? Thanks a lot. John Mok From owner-freebsd-net@FreeBSD.ORG Thu Apr 7 16:25:14 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7DE5616A4CE for ; Thu, 7 Apr 2005 16:25:14 +0000 (GMT) Received: from thor-new.fsklaw.com (adsl-64-174-116-34.dsl.lsan03.pacbell.net [64.174.116.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id E8B3D43D48 for ; Thu, 7 Apr 2005 16:25:13 +0000 (GMT) (envelope-from tms3@fsklaw.com) Received: from [192.168.62.181] by thor-new.fsklaw.com via SMTP (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.7.6)); Thu, 7 Apr 2005 09:26:16 -0700 Message-ID: <425550E6.3080005@fsklaw.com> Date: Thu, 07 Apr 2005 08:25:26 -0700 From: Tom Skeren User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.5) Gecko/20041217 X-Accept-Language: en-us, en MIME-Version: 1.0 To: John Mok References: <42555C87.7030700@attglobal.net> In-Reply-To: <42555C87.7030700@attglobal.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-ArGoMail-Authenticated: tms3 cc: freebsd-net@freebsd.org Subject: Re: FreeBSD Firewall + NAT Traversal + IPsec X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2005 16:25:14 -0000 John Mok wrote: > Hi, > > I'm new to FreeBSD. Is it possible make a FreeBSD box with firewall + > NAT, such that client PC(s) from the NATed internal network could > connect to a VPN gateway on the Internet :- > > client PC ----- FreeBSD Firewall + NAT ---- Internet ---- IPsec VPN > gateway > 192.168.x.x/16 (e.g. > Checkpoint FW-1) > (VPN client) > > I hope someone could help to advise what software is required on the > FreeBSD box to NAT traversal work and where to get the HOWTO(s)? Should be no problem. > > Thanks a lot. > > John Mok > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Thu Apr 7 17:19:01 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EEADA16A4CE for ; Thu, 7 Apr 2005 17:19:01 +0000 (GMT) Received: from cwb.pacific.net.hk (cwb.pacific.net.hk [202.14.67.92]) by mx1.FreeBSD.org (Postfix) with ESMTP id 355E943D1D for ; Thu, 7 Apr 2005 17:19:01 +0000 (GMT) (envelope-from jmok@attglobal.net) Received: from [192.168.16.50] (154.159.17.210.fixed.pacific.net.hk [210.17.159.154]) by cwb.pacific.net.hk with ESMTP id j37HItOu003649; Fri, 8 Apr 2005 01:18:59 +0800 (CST) Message-ID: <42556B7E.5030703@attglobal.net> Date: Fri, 08 Apr 2005 01:18:54 +0800 From: John Mok User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: tms3@fsklaw.com References: <42555C87.7030700@attglobal.net> <425550E6.3080005@fsklaw.com> In-Reply-To: <425550E6.3080005@fsklaw.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: FreeBSD Firewall + NAT Traversal + IPsec X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2005 17:19:02 -0000 Dear Tom, Thank you for your quick reply. I would like to know more on the issue. To my understanding, since the source address of the IP packet from the client would be modified on the NAT, normally it would fail AH check on the IPsec VPN gateway, or the FreeBSD NAT has built-in compliance with RFC3947? Thank you, John Mok Tom Skeren wrote: > John Mok wrote: > >> Hi, >> >> I'm new to FreeBSD. Is it possible make a FreeBSD box with firewall + >> NAT, such that client PC(s) from the NATed internal network could >> connect to a VPN gateway on the Internet :- >> >> client PC ----- FreeBSD Firewall + NAT ---- Internet ---- IPsec VPN >> gateway >> 192.168.x.x/16 (e.g. >> Checkpoint FW-1) >> (VPN client) >> >> I hope someone could help to advise what software is required on the >> FreeBSD box to NAT traversal work and where to get the HOWTO(s)? > > > Should be no problem. > > > > >> >> Thanks a lot. >> >> John Mok >> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Thu Apr 7 17:35:10 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6D7B616A4CE for ; Thu, 7 Apr 2005 17:35:10 +0000 (GMT) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8058B43D39 for ; Thu, 7 Apr 2005 17:35:09 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id 503951FF9AB; Thu, 7 Apr 2005 19:35:07 +0200 (CEST) Received: by transport.cksoft.de (Postfix, from userid 66) id 44A4D1FF9A8; Thu, 7 Apr 2005 19:35:05 +0200 (CEST) Received: by mail.int.zabbadoz.net (Postfix, from userid 1060) id 2855815384; Thu, 7 Apr 2005 17:31:39 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.int.zabbadoz.net (Postfix) with ESMTP id 2608815329; Thu, 7 Apr 2005 17:31:39 +0000 (UTC) Date: Thu, 7 Apr 2005 17:31:39 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net To: John Mok In-Reply-To: <42556B7E.5030703@attglobal.net> Message-ID: References: <42555C87.7030700@attglobal.net> <425550E6.3080005@fsklaw.com> <42556B7E.5030703@attglobal.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de cc: freebsd-net@freebsd.org cc: tms3@fsklaw.com Subject: Re: FreeBSD Firewall + NAT Traversal + IPsec X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2005 17:35:10 -0000 On Fri, 8 Apr 2005, John Mok wrote: Hi, > Thank you for your quick reply. > > I would like to know more on the issue. To my understanding, since the > source address of the IP packet from the client would be modified on the > NAT, normally it would fail AH check on the IPsec VPN gateway, or the > FreeBSD NAT has built-in compliance with RFC3947? NAT-T is not supported by FreeBSD. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT From owner-freebsd-net@FreeBSD.ORG Thu Apr 7 17:44:50 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1F83816A4CE for ; Thu, 7 Apr 2005 17:44:50 +0000 (GMT) Received: from thor-new.fsklaw.com (adsl-64-174-116-34.dsl.lsan03.pacbell.net [64.174.116.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id BBB9F43D31 for ; Thu, 7 Apr 2005 17:44:49 +0000 (GMT) (envelope-from tms3@fsklaw.com) Received: from [192.168.62.181] by thor-new.fsklaw.com via SMTP (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.7.6)); Thu, 7 Apr 2005 10:45:50 -0700 Message-ID: <42557193.9090509@fsklaw.com> Date: Thu, 07 Apr 2005 10:44:51 -0700 From: Tom Skeren User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.5) Gecko/20041217 X-Accept-Language: en-us, en MIME-Version: 1.0 To: John Mok References: <42555C87.7030700@attglobal.net> <425550E6.3080005@fsklaw.com> <42556B7E.5030703@attglobal.net> In-Reply-To: <42556B7E.5030703@attglobal.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-ArGoMail-Authenticated: tms3 cc: freebsd-net@freebsd.org Subject: Re: FreeBSD Firewall + NAT Traversal + IPsec X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2005 17:44:50 -0000 John Mok wrote: > Dear Tom, > > Thank you for your quick reply. > > I would like to know more on the issue. To my understanding, since the > source address of the IP packet from the client would be modified on > the NAT, normally it would fail AH check on the IPsec VPN gateway, or > the FreeBSD NAT has built-in compliance with RFC3947? Yeah, that's correct, and I don't think traversal is supported in FBSD. However, you might be able to use ipsec and racoon to tunnel the NAT to the vpn. I don't know what device is at the other end of the tunnel. I have a 7 office wan tunneled with FreeBSD gateways. Works real spiffy. You might look into that option. > > Thank you, John Mok > > > Tom Skeren wrote: > >> John Mok wrote: >> >>> Hi, >>> >>> I'm new to FreeBSD. Is it possible make a FreeBSD box with firewall >>> + NAT, such that client PC(s) from the NATed internal network could >>> connect to a VPN gateway on the Internet :- >>> >>> client PC ----- FreeBSD Firewall + NAT ---- Internet ---- IPsec VPN >>> gateway >>> 192.168.x.x/16 (e.g. >>> Checkpoint FW-1) >>> (VPN client) >>> >>> I hope someone could help to advise what software is required on the >>> FreeBSD box to NAT traversal work and where to get the HOWTO(s)? >> >> >> >> Should be no problem. >> >> >> >> >>> >>> Thanks a lot. >>> >>> John Mok >>> >>> _______________________________________________ >>> freebsd-net@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-net >>> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >>> >> >> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Thu Apr 7 17:56:24 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9BE5F16A4CE for ; Thu, 7 Apr 2005 17:56:24 +0000 (GMT) Received: from hanghau.pacific.net.hk (hanghau.pacific.net.hk [202.64.33.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id E828B43D54 for ; Thu, 7 Apr 2005 17:56:23 +0000 (GMT) (envelope-from jmok@attglobal.net) Received: from [192.168.16.50] (154.159.17.210.fixed.pacific.net.hk [210.17.159.154]) by hanghau.pacific.net.hk with ESMTP id j37HuLHf023720; Fri, 8 Apr 2005 01:56:22 +0800 (CST) Message-ID: <42557445.6040402@attglobal.net> Date: Fri, 08 Apr 2005 01:56:21 +0800 From: John Mok User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Tom Skeren , freebsd-net@freebsd.org References: <42555C87.7030700@attglobal.net> <425550E6.3080005@fsklaw.com> <42556B7E.5030703@attglobal.net> <42557193.9090509@fsklaw.com> In-Reply-To: <42557193.9090509@fsklaw.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: FreeBSD Firewall + NAT Traversal + IPsec X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2005 17:56:24 -0000 The problem is that some visitors might need to connect to the home VPN gateway(s) from my work office. Thus, we could not decide which VPN gateway solution they use. On the other hand, what is the status of FreeBSD on the support of NAT-T? Would it be supported in FreeBSD in later issues, e.g. FreeBSD 5.4 or 6? Regards, John Mok Tom Skeren wrote: > John Mok wrote: > >> Dear Tom, >> >> Thank you for your quick reply. >> >> I would like to know more on the issue. To my understanding, since >> the source address of the IP packet from the client would be modified >> on the NAT, normally it would fail AH check on the IPsec VPN gateway, >> or the FreeBSD NAT has built-in compliance with RFC3947? > > > Yeah, that's correct, and I don't think traversal is supported in > FBSD. However, you might be able to use ipsec and racoon to tunnel > the NAT to the vpn. I don't know what device is at the other end of > the tunnel. I have a 7 office wan tunneled with FreeBSD gateways. > Works real spiffy. You might look into that option. > >> >> Thank you, John Mok >> >> >> Tom Skeren wrote: >> >>> John Mok wrote: >>> >>>> Hi, >>>> >>>> I'm new to FreeBSD. Is it possible make a FreeBSD box with firewall >>>> + NAT, such that client PC(s) from the NATed internal network could >>>> connect to a VPN gateway on the Internet :- >>>> >>>> client PC ----- FreeBSD Firewall + NAT ---- Internet ---- IPsec >>>> VPN gateway >>>> 192.168.x.x/16 (e.g. >>>> Checkpoint FW-1) >>>> (VPN client) >>>> >>>> I hope someone could help to advise what software is required on >>>> the FreeBSD box to NAT traversal work and where to get the HOWTO(s)? >>> >>> >>> Should be no problem. >>> >>> >>> >>> >>>> >>>> Thanks a lot. >>>> >>>> John Mok >>> >>> From owner-freebsd-net@FreeBSD.ORG Thu Apr 7 18:26:21 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 676C416A4CE for ; Thu, 7 Apr 2005 18:26:21 +0000 (GMT) Received: from smtp103.rog.mail.re2.yahoo.com (smtp103.rog.mail.re2.yahoo.com [206.190.36.81]) by mx1.FreeBSD.org (Postfix) with SMTP id D6B9343D2D for ; Thu, 7 Apr 2005 18:26:20 +0000 (GMT) (envelope-from mikej@rogers.com) Received: from unknown (HELO 172.16.0.1) (mikej@69.193.222.195 with login) by smtp103.rog.mail.re2.yahoo.com with SMTP; 7 Apr 2005 18:26:20 -0000 Received: from 172.16.0.199 (SquirrelMail authenticated user mikej) by 172.16.0.1 with HTTP; Thu, 7 Apr 2005 14:26:11 -0400 (EDT) Message-ID: <4107.172.16.0.199.1112898371.squirrel@172.16.0.1> In-Reply-To: <86zmwaaaf1.fsf@xps.des.no> References: <425196F0.4020309@x-trader.de> <200504042143.09216.max@love2party.net> <55441.80.203.112.249.1112648751.squirrel@webmail.stabbursmoen.no> <6c90f549a55284d8a5f0abf0ac5bc329@omniti.com> <1860.172.16.0.199.1112754924.squirrel@wettoast.dyndns.org> <2257.172.16.0.199.1112764905.squirrel@wettoast.dyndns.org> <86zmwaaaf1.fsf@xps.des.no> Date: Thu, 7 Apr 2005 14:26:11 -0400 (EDT) From: "Mike Jakubik" To: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= User-Agent: SquirrelMail/1.5.1 [CVS] MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: freebsd-net@freebsd.org cc: eivind@stabbursmoen.no cc: Theo Schlossnagle Subject: Re: FreeVRRPd project status X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2005 18:26:21 -0000 On Thu, April 7, 2005 11:12 am, Dag-Erling Smørgrav said: > You're probably using the wrong version of bison. Yes, Theo Schlossnagle already mentioned this to me. The compile process was using the port version of bison, removing it solved the problem. Thanks. From owner-freebsd-net@FreeBSD.ORG Thu Apr 7 19:43:27 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8439516A4CF for ; Thu, 7 Apr 2005 19:43:27 +0000 (GMT) Received: from mail.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2E55443D2D for ; Thu, 7 Apr 2005 19:43:27 +0000 (GMT) (envelope-from julian@elischer.org) Received: from [208.206.78.97] (julian.vicor-nb.com [208.206.78.97]) by mail.vicor-nb.com (Postfix) with ESMTP id BEAA57A403; Thu, 7 Apr 2005 12:43:26 -0700 (PDT) Message-ID: <42558D5E.1080704@elischer.org> Date: Thu, 07 Apr 2005 12:43:26 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20050218 X-Accept-Language: en, hu MIME-Version: 1.0 To: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= References: <425196F0.4020309@x-trader.de> <200504042143.09216.max@love2party.net> <55441.80.203.112.249.1112648751.squirrel@webmail.stabbursmoen.no> <6c90f549a55284d8a5f0abf0ac5bc329@omniti.com> <1860.172.16.0.199.1112754924.squirrel@wettoast.dyndns.org> <2257.172.16.0.199.1112764905.squirrel@wettoast.dyndns.org> <86zmwaaaf1.fsf@xps.des.no> In-Reply-To: <86zmwaaaf1.fsf@xps.des.no> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit cc: Mike Jakubik cc: eivind@stabbursmoen.no cc: Theo Schlossnagle cc: freebsd-net@freebsd.org Subject: Re: FreeVRRPd project status X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2005 19:43:27 -0000 Dag-Erling Smørgrav wrote: >"Mike Jakubik" writes: > > >>Really? Ive never been able to compile it on any 5.x box. >>[...] >>bison -y -p wack -d config_gram.y >>config_gram.y:91.10: parse error, unexpected ":", expecting ";" or "|" >>config_gram.y:191.10: parse error, unexpected ":", expecting ";" or "|" >>config_gram.y:210.4-212.22: invalid $ value >>config_gram.y:217.4-219.22: invalid $ value >>*** Error code 1 >> >> > >You're probably using the wrong version of bison. > > FreeVRRP probably requires the lower planes Bison where CARP for example being from OpenBSD and hance Canada requires the Great Northern Bison.. >DES > > From owner-freebsd-net@FreeBSD.ORG Thu Apr 7 19:51:19 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 73AF816A4CE for ; Thu, 7 Apr 2005 19:51:19 +0000 (GMT) Received: from mta1.lbl.gov (mta1.lbl.gov [128.3.41.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4575B43D2F for ; Thu, 7 Apr 2005 19:51:19 +0000 (GMT) (envelope-from dart@nersc.gov) Received: from mta1.lbl.gov (localhost [127.0.0.1]) by mta1.lbl.gov (8.12.10/8.12.10) with ESMTP id j37JpGn3025588 for ; Thu, 7 Apr 2005 12:51:17 -0700 (PDT) Received: from [127.0.0.1] (dhcp163-8.nersc.gov [128.55.8.163]) by mta1.lbl.gov (8.12.10/8.12.10) with ESMTP id j37JpGP9025585; Thu, 7 Apr 2005 12:51:16 -0700 (PDT) Message-ID: <42558F33.5090109@nersc.gov> Date: Thu, 07 Apr 2005 12:51:15 -0700 From: Eli Dart Organization: NERSC Center, LBNL User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org X-Enigmail-Version: 0.90.1.1 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Disable NFS client cache (or other traffic reduction methods) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: dart@nersc.gov List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2005 19:51:19 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi List, We've just deployed a new syslog server infrastructure consisting of two hosts -- one NFS server that has a large disk array attached via fibre channel and one NFS client that receives syslog messages, mounts the server's disk, and writes to the NFS exported filesystem. Statistics grinding is done on the server so as to avoid impacting collection of syslog messages. The NFS server and client are connected to each other via a private back-to-back GigE. The problem is that NFS is causing a 10x to 15x packet amplification on the link that carries the NFS traffic. By this I mean that for each syslog message received by the collector, there are somewhere between 10 and 15 (sometimes less, sometimes more) packets on the private NFS link. About half of these are full-MTU packets. When the client receives a syslog message, the sequence of operations on the NFS link appears to be: client -> server: write server -> client: ok client -> server: commit server -> client: ok client -> server: access server -> client: ok client -> server: read server -> client: ok + 4k-16k worth of data Looking at the packet contents, it appears to be fetching back the last few blocks of the log file. My guess is that this is the client keeping its NFS cache fresh. The client is never, ever, ever going to read that file (or any file on that filesystem) other than the bare minimum required to open it for writing and rotate the log files. Is there a way to disable client-side caching? I've looked, and can't seem to find one. Or, do I have this wrong and there is something else that is causing this? Any insight would be very much appreciated.... Thanks! --eli -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCVY8yLTFEeF+CsrMRApq9AJ4jK24kcKejo14/epibZX14IUeIngCfRMJQ HZ+pOKtoyLdpzWUGtrKG6RA= =t4Oo -----END PGP SIGNATURE----- From owner-freebsd-net@FreeBSD.ORG Thu Apr 7 20:10:01 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DD50416A4CE for ; Thu, 7 Apr 2005 20:10:01 +0000 (GMT) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.86]) by mx1.FreeBSD.org (Postfix) with ESMTP id A8D2043D1D for ; Thu, 7 Apr 2005 20:10:01 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from mac.com (smtpin08-en2 [10.13.10.153]) id j37KA1Cj017953; Thu, 7 Apr 2005 13:10:01 -0700 (PDT) Received: from [10.1.1.245] (nfw2.codefab.com [199.103.21.225] (may be forged)) (authenticated bits=0)j37K9xKq023093; Thu, 7 Apr 2005 13:10:00 -0700 (PDT) In-Reply-To: <42558F33.5090109@nersc.gov> References: <42558F33.5090109@nersc.gov> Mime-Version: 1.0 (Apple Message framework v619.2) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Charles Swiger Date: Thu, 7 Apr 2005 16:09:58 -0400 To: dart@nersc.gov X-Mailer: Apple Mail (2.619.2) cc: freebsd-net@freebsd.org Subject: Re: Disable NFS client cache (or other traffic reduction methods) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2005 20:10:02 -0000 On Apr 7, 2005, at 3:51 PM, Eli Dart wrote: > Looking at the packet contents, it appears to be fetching back the > last few blocks of the log file. > > My guess is that this is the client keeping its NFS cache fresh. > The client is never, ever, ever going to read that file (or any file > on that filesystem) other than the bare minimum required to open it > for writing and rotate the log files. > > Is there a way to disable client-side caching? I've looked, and > can't seem to find one. Or, do I have this wrong and there is > something else that is causing this? Take a look through "man mount_nfs" for: -a Set the read-ahead count to the specified value. This may be in the range of 0 - 4, and determines how many blocks will be read ahead when a large file is being read sequentially. Trying a value greater than 1 for this is suggested for mounts with a large bandwidth * delay product. ...and the -o ac*** options. Although you may be right-- I was a bit surprised not to see a "-o noac", myself. Solaris has one: noac Suppress data and attribute caching. :-) -- -Chuck From owner-freebsd-net@FreeBSD.ORG Thu Apr 7 20:20:35 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 088FA16A4CE for ; Thu, 7 Apr 2005 20:20:35 +0000 (GMT) Received: from mta1.lbl.gov (mta1.lbl.gov [128.3.41.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id CD3B443D3F for ; Thu, 7 Apr 2005 20:20:34 +0000 (GMT) (envelope-from dart@nersc.gov) Received: from mta1.lbl.gov (localhost [127.0.0.1]) by mta1.lbl.gov (8.12.10/8.12.10) with ESMTP id j37KKVn3003487 for ; Thu, 7 Apr 2005 13:20:32 -0700 (PDT) Received: from [127.0.0.1] (dhcp163-8.nersc.gov [128.55.8.163]) by mta1.lbl.gov (8.12.10/8.12.10) with ESMTP id j37KKVP9003478; Thu, 7 Apr 2005 13:20:31 -0700 (PDT) Message-ID: <4255960F.2010004@nersc.gov> Date: Thu, 07 Apr 2005 13:20:31 -0700 From: Eli Dart Organization: NERSC Center, LBNL User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Charles Swiger References: <42558F33.5090109@nersc.gov> In-Reply-To: X-Enigmail-Version: 0.90.1.1 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Disable NFS client cache (or other traffic reduction methods) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: dart@nersc.gov List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2005 20:20:35 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> Is there a way to disable client-side caching? I've looked, and >> can't seem to find one. Or, do I have this wrong and there is >> something else that is causing this? > > > Take a look through "man mount_nfs" for: > > -a Set the read-ahead count to the specified value. This may > be in > the range of 0 - 4, and determines how many blocks will be > read > ahead when a large file is being read sequentially. Trying a > value greater than 1 for this is suggested for mounts with a > large bandwidth * delay product. I did see this. Since the client is not reading any files (I think all the reads are being done by the NFS layer, not by any userland processes with open files) I had ignored -a. > > ...and the -o ac*** options. Although you may be right-- I was a bit > surprised not to see a "-o noac", myself. Solaris has one: Hmmmm.....any NFS gurus know whether setting the ac* options to 0 will disable client caching? Or, will setting these to 0 result in the client NFS layer fetching the data from the server and then immediately expiring it? Thanks, --eli > > noac Suppress data and attribute caching. > > :-) > - -- - ------------------------------------------------------------------- Eli Dart Office: (510) 495-2999 NERSC Center Networking and Security Group Cell: (510) 703-4508 Lawrence Berkeley National Laboratory Fax: (510) 486-4316 PGP Fingerprint = C970 F8D3 CFDD 8FFF 5486 343A 2D31 4478 5F82 B2B3 - ------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD4DBQFCVZYOLTFEeF+CsrMRAlReAKDMxrs97SSkZJRhaEVxRRpO51XrsACXX983 grAaYcgINLwiLtzoz3nLhQ== =GAZ7 -----END PGP SIGNATURE----- From owner-freebsd-net@FreeBSD.ORG Thu Apr 7 20:46:19 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A0D0416A4CE for ; Thu, 7 Apr 2005 20:46:19 +0000 (GMT) Received: from mailhost.mlnet.net (ns5.mlnet.net [80.82.142.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 473A643D46 for ; Thu, 7 Apr 2005 20:46:18 +0000 (GMT) (envelope-from m@mlnet.net) Received: (from postie@localhost) by mailhost.mlnet.net (8.8.8/8.8.8) id UAA27647; Thu, 7 Apr 2005 20:45:28 GMT X-Envelope-From: m@mlnet.net Received: from dsl82-163-171-224.as15444.net (82.163.171.224) by mailhost.mlnet.net via nsmtpd (13.0.2.a.1.MLNET.W.SMTP) id sma27589x1; Thu, 07 Apr 2005 20:44:50 GMT X-NSMTPD-Envelope-From: Message-ID: <42559BC2.4070202@mlnet.net> Date: Thu, 07 Apr 2005 21:44:50 +0100 From: Matthew Smith User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Julian Elischer References: <425196F0.4020309@x-trader.de> <200504042143.09216.max@love2party.net> <55441.80.203.112.249.1112648751.squirrel@webmail.stabbursmoen.no> <6c90f549a55284d8a5f0abf0ac5bc329@omniti.com> <1860.172.16.0.199.1112754924.squirrel@wettoast.dyndns.org> <2257.172.16.0.199.1112764905.squirrel@wettoast.dyndns.org> <86zmwaaaf1.fsf@xps.des.no> <42558D5E.1080704@elischer.org> In-Reply-To: <42558D5E.1080704@elischer.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable cc: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= cc: freebsd-net@freebsd.org cc: eivind@stabbursmoen.no cc: Theo Schlossnagle cc: Mike Jakubik Subject: Re: FreeVRRPd project status X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: m@mlnet.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2005 20:46:19 -0000 Julian Elischer wrote: >=20 >=20 > Dag-Erling Sm=F8rgrav wrote: >=20 >> "Mike Jakubik" writes: >> =20 >> >>> Really? Ive never been able to compile it on any 5.x box. >>> [...] >>> bison -y -p wack -d config_gram.y >>> config_gram.y:91.10: parse error, unexpected ":", expecting ";" or "|= " >>> config_gram.y:191.10: parse error, unexpected ":", expecting ";" or "= |" >>> config_gram.y:210.4-212.22: invalid $ value >>> config_gram.y:217.4-219.22: invalid $ value >>> *** Error code 1 >>> =20 >> >> >> You're probably using the wrong version of bison. >> =20 >> > FreeVRRP probably requires the lower planes Bison where > CARP for example being from OpenBSD and hance Canada > requires the Great Northern Bison.. The wood bison of Northern Canada as opposed to the Great Plains Bison surely? M >=20 >> DES >> =20 >> > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >=20 >=20 From owner-freebsd-net@FreeBSD.ORG Thu Apr 7 21:46:45 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD53116A4CE for ; Thu, 7 Apr 2005 21:46:45 +0000 (GMT) Received: from web80604.mail.yahoo.com (web80604.mail.yahoo.com [66.218.79.93]) by mx1.FreeBSD.org (Postfix) with SMTP id 70D0543D2F for ; Thu, 7 Apr 2005 21:46:45 +0000 (GMT) (envelope-from mohan_srinivasan@yahoo.com) Message-ID: <20050407214645.65599.qmail@web80604.mail.yahoo.com> Received: from [207.126.239.39] by web80604.mail.yahoo.com via HTTP; Thu, 07 Apr 2005 14:46:45 PDT Date: Thu, 7 Apr 2005 14:46:45 -0700 (PDT) From: Mohan Srinivasan To: dart@nersc.gov, Charles Swiger In-Reply-To: 6667 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-net@freebsd.org Subject: Re: Disable NFS client cache (or other traffic reduction methods) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2005 21:46:46 -0000 Hi, Unfortunately, there's no way in the FreeBSD NFS client to disable data caching. Setting the ac* values to 0 will have the effect of disabling the attribute cache, which means that you'll never fetch attributes from the cache, but force an over-the-wire getattr call each time. But this does not disable data caching. For reference, take a look at nfs_loadattrcache() and nfs_getattrcache(). The real reason for tweaking the ac* values is to improve on the consistency of the cached data (for applications with data shared across multiple clients). By setting the ac* values to 0 and bypassing attr caching completely, you force much more frequent mtime checks giving you much better consistency of the cached data. I added Direct IO support for the NFS client for exactly this reason - to bypass data caching. But I tickled a bug in the -current NFS server when I use Direct IO on the client and I have left it disabled until I get a chance to fix that bug. Direct IO support works fine when used against a FreeBSD 4.x NFS server or a NetApp filer. mohan --- Eli Dart wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > >> Is there a way to disable client-side caching? I've looked, and > >> can't seem to find one. Or, do I have this wrong and there is > >> something else that is causing this? > > > > > > Take a look through "man mount_nfs" for: > > > > -a Set the read-ahead count to the specified value. This may > > be in > > the range of 0 - 4, and determines how many blocks will be > > read > > ahead when a large file is being read sequentially. Trying a > > value greater than 1 for this is suggested for mounts with a > > large bandwidth * delay product. > > I did see this. Since the client is not reading any files (I think > all the reads are being done by the NFS layer, not by any userland > processes with open files) I had ignored -a. > > > > > ...and the -o ac*** options. Although you may be right-- I was a bit > > surprised not to see a "-o noac", myself. Solaris has one: > > Hmmmm.....any NFS gurus know whether setting the ac* options to 0 > will disable client caching? Or, will setting these to 0 result in > the client NFS layer fetching the data from the server and then > immediately expiring it? > > Thanks, > > --eli > > > > > > > noac Suppress data and attribute caching. > > > > :-) > > > > - -- > > - ------------------------------------------------------------------- > Eli Dart Office: (510) 495-2999 > NERSC Center Networking and Security Group Cell: (510) 703-4508 > Lawrence Berkeley National Laboratory Fax: (510) 486-4316 > PGP Fingerprint = C970 F8D3 CFDD 8FFF 5486 343A 2D31 4478 5F82 B2B3 > - ------------------------------------------------------------------- > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.0 (MingW32) > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org > > iD4DBQFCVZYOLTFEeF+CsrMRAlReAKDMxrs97SSkZJRhaEVxRRpO51XrsACXX983 > grAaYcgINLwiLtzoz3nLhQ== > =GAZ7 > -----END PGP SIGNATURE----- > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Fri Apr 8 06:03:23 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9CA1C16A4CE for ; Fri, 8 Apr 2005 06:03:23 +0000 (GMT) Received: from relay.nvnpp.vrn.ru (relay.nvnpp.vrn.ru [195.98.93.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id B7DA343D41 for ; Fri, 8 Apr 2005 06:03:17 +0000 (GMT) (envelope-from gpr@nvnpp.vrn.ru) Received: from gpr by relay.nvnpp.vrn.ru with local (Exim 4.50 (FreeBSD)) id 1DJmaF-0006ql-NS; Fri, 08 Apr 2005 10:03:11 +0400 Date: Fri, 8 Apr 2005 10:03:11 +0400 From: Gennady Proskurin To: freebsd-net@freebsd.org Message-ID: <20050408060311.GA22987@relay.nvnpp.vrn.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.9i Subject: bge hardware vlan X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Apr 2005 06:03:23 -0000 Does anyone have bge(4) network card with working hardware vlan support? I have one, and it works with vlans only with the following patch. This is fresh FreeBSD-6-CURRENT, HP workstation xw4100, built-in network card. --- /usr/src/sys/dev/bge/if_bge.c Fri Mar 18 09:14:18 2005 +++ if_bge.c Fri Apr 8 09:38:52 2005 @@ -2393,7 +2393,7 @@ IFQ_SET_READY(&ifp->if_snd); ifp->if_hwassist = BGE_CSUM_FEATURES; /* NB: the code for RX csum offload is disabled for now */ - ifp->if_capabilities = IFCAP_TXCSUM | IFCAP_VLAN_HWTAGGING | + ifp->if_capabilities = IFCAP_TXCSUM | IFCAP_VLAN_MTU; ifp->if_capenable = ifp->if_capabilities; pci5: on pcib2 bge0: mem 0xf8400000-0xf840ffff irq 17 at device 2.0 on pci5 miibus0: on bge0 brgphy0: on miibus0 brgphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseTX, 1000baseTX-FDX, auto bge0: Ethernet address: 00:30:6e:b1:e7:d3 -- Gennady From owner-freebsd-net@FreeBSD.ORG Fri Apr 8 07:13:31 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8E26E16A4CE for ; Fri, 8 Apr 2005 07:13:31 +0000 (GMT) Received: from borgtech.ca (borgtech.ca [216.187.106.216]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F7E243D41 for ; Fri, 8 Apr 2005 07:13:31 +0000 (GMT) (envelope-from asegu_fbsdnet@borgtech.ca) Received: from localhost (localhost.borgtech.ca [127.0.0.1]) by borgtech.ca (Postfix) with ESMTP id 5883D54E2 for ; Fri, 8 Apr 2005 07:13:30 +0000 (GMT) Received: from borgtech.ca ([127.0.0.1])port 10024) with ESMTP id 12339-10 for ; Fri, 8 Apr 2005 07:13:24 +0000 (GMT) Received: from borgtech.ca (localhost.borgtech.ca [127.0.0.1]) by borgtech.ca (Postfix) with ESMTP id 0336454DF for ; Fri, 8 Apr 2005 07:13:22 +0000 (GMT) Received: from 161.53.212.4 (proxying for 127.0.0.1) (SquirrelMail authenticated user asegu.borgtech.ca) by borgtech.ca with HTTP; Fri, 8 Apr 2005 09:13:23 +0200 (CEST) Message-ID: <2402.161.53.212.4.1112944403.squirrel@borgtech.ca> Date: Fri, 8 Apr 2005 09:13:23 +0200 (CEST) From: "Andrew Seguin" To: freebsd-net@freebsd.org User-Agent: SquirrelMail/1.5.1 [CVS] MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Virus-Scanned: amavisd-new at borgtech.ca Subject: Freebsd NAT/Router design question/issue X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Apr 2005 07:13:31 -0000 Good day, I've built up a freebsd router (no problems there) using 5.4-STABLE built after a cvsup 3 days ago. The router has three network cards (all fxp), and it routes mainly between a variety of subnets (using vlans) on fxp1, to a seperate subnet on fxp0. fxp2 has a private address (192.168.0.1/24) and it shall be our "public area" connection. (the main router, sitting at .1, routes to .14 for anything other then .0/28) So, in short it looks like this: default gateway: .1 fxp0: .14/28 (servers) fxp1 - vlan 3 - .17/28 (network printers) ... fxp1 - vlan 6 - .129/25 (bulk) fxp2: 192.168.0.1/24 I enabled dhcpd with a subnet for fxp2 .. no problem here as well. However, when I enable NAT... I am facing a design issue. I can run natd just fine at the moment, but I got it to work in what seems to me in a not so great fashion... I'm hopeing that somebody might have a recommendation for me1 Current setup: natd.conf: alias_address ---.---.---.14 unregistered only ipfw rule (early on): divert natd ip from any to any via fxp0 Problem: traffic for other subnets go through natd? It seems like this would force natd to work much harder then it needs to, not my ideal situation. Attempted setups (variants of the following): ifconfig fxp0 inet ---.---.---.13 netmask 0xffffffff +alias natd.conf: alias_address ---.---.---.13 ipfw rule (early on): # incomming traffic of the public network gets translated. divert natd ip from 192.168.0.0/24 to any via fxp2 # incomming traffic for the public network gets translated. divert natd ip from any to ---.---.---.13 Problem(s): - can't see any traffic "host ---.---.---.13" via fxp0 - With a computer connected to fxp2 (address from dhcp), I can ping 192.168.0.1, the other IPs of the router box, but pings to other equipment time out. natd.conf with reverse? crashes, looks like the bug "natd coredumps with -reverse due to bug in libalias" (http://www.freebsd.org/cgi/query-pr.cgi?pr=76839) hasn't been patched in 5.4-STABLE? If anybody has any suggestions for this where I don't end up with all the traffic going through natd, I'd greatly appreciate them! From owner-freebsd-net@FreeBSD.ORG Sat Apr 9 11:51:42 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6ACC216A4CE for ; Sat, 9 Apr 2005 11:51:42 +0000 (GMT) Received: from exsmtp1.ntu.edu.sg (exsmtp1.ntu.edu.sg [155.69.5.207]) by mx1.FreeBSD.org (Postfix) with ESMTP id AA10143D48 for ; Sat, 9 Apr 2005 11:51:41 +0000 (GMT) (envelope-from P146199053@ntu.edu.sg) Received: from mail01.student.main.ntu.edu.sg ([155.69.5.165]) by exsmtp1.ntu.edu.sg with Microsoft SMTPSVC(6.0.3790.211); Sat, 9 Apr 2005 19:51:38 +0800 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Date: Sat, 9 Apr 2005 19:51:26 +0800 Message-ID: <34C4FA35021357469685D8102806A1C01EAFD6@mail01.student.main.ntu.edu.sg> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: error to use kmem_free() function Thread-Index: AcU8+nW0Uiwq3SZjTfCtZNCJEz5FvQ== From: "#ZHANG CHUNLEI#" To: X-OriginalArrivalTime: 09 Apr 2005 11:51:39.0178 (UTC) FILETIME=[7D4F80A0:01C53CFA] Subject: error to use kmem_free() function X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Apr 2005 11:51:42 -0000 I have modified tcp_subr.c function , in which i make use of = kmem_free(kmem_map, , ) function. However, the compiling error says:=20 wanrning: implicit declaration of kmem_free() function and kmem_map = undeclared.=20 do i miss including some header file or other reasons? thanks in advance.=20 chunlei From owner-freebsd-net@FreeBSD.ORG Sat Apr 9 11:54:27 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8056C16A4CE for ; Sat, 9 Apr 2005 11:54:27 +0000 (GMT) Received: from exsmtp2.ntu.edu.sg (exsmtp2.ntu.edu.sg [155.69.5.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id B97C643D45 for ; Sat, 9 Apr 2005 11:54:26 +0000 (GMT) (envelope-from P146199053@ntu.edu.sg) Received: from mail01.student.main.ntu.edu.sg ([155.69.5.165]) by exsmtp2.ntu.edu.sg with Microsoft SMTPSVC(6.0.3790.211); Sat, 9 Apr 2005 19:54:22 +0800 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Date: Sat, 9 Apr 2005 19:54:11 +0800 Message-ID: <34C4FA35021357469685D8102806A1C01EAFD7@mail01.student.main.ntu.edu.sg> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: how to do kernel debug? Thread-Index: AcU8+tgw00giG8V3QiayT6ojp2Mg5A== From: "#ZHANG CHUNLEI#" To: X-OriginalArrivalTime: 09 Apr 2005 11:54:23.0047 (UTC) FILETIME=[DEFBED70:01C53CFA] Subject: how to do kernel debug? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Apr 2005 11:54:27 -0000 Dear all: i have modifiy some part of TCP code, while after compiling and reboot, = shows me fatal 12 page fault. I want to ask nomally how to do kernel = debug ? what are the steps.=20 thanks. chunlei From owner-freebsd-net@FreeBSD.ORG Sat Apr 9 13:30:48 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 84D3716A4CE; Sat, 9 Apr 2005 13:30:48 +0000 (GMT) Received: from mail-relay1.yahoo.com (mail-relay1.yahoo.com [216.145.48.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3B57543D2D; Sat, 9 Apr 2005 13:30:48 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy7.corp.yahoo.com [216.145.48.98])j39DUjF1016125; Sat, 9 Apr 2005 06:30:46 -0700 (PDT) Date: Sat, 09 Apr 2005 22:30:45 +0900 Message-ID: From: gnn@freebsd.org To: snap-users@kame.net User-Agent: Wanderlust/2.12.0 (Your Wildest Dreams) SEMI/1.14.6 (Maruoka) FLIM/1.14.6 (Marutamachi) APEL/10.6 Emacs/21.3.50 (powerpc-apple-darwin7.7.0) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII cc: freebsd-net@freebsd.org cc: rwatson@freebsd.org cc: sam Subject: Please review this diff... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Apr 2005 13:30:48 -0000 Hi, I would like to check in the following diff against FreeBSD-CURRENT and to get feedback from the Kame folks on the general usefulness of these fixes. All changes are against icmp6.c. The first part of the diff removes dead code as I suspect MCLBYTES, the size of a cluster, will never be less than 48, which is the size of maxlen set above those lines. The second part checks for error returns from the duplication of the packets before starting to copy things around. Thanks, George Index: icmp6.c =================================================================== RCS file: /Volumes/exported/FreeBSD-CVS/src/sys/netinet6/icmp6.c,v retrieving revision 1.60 diff -u -r1.60 icmp6.c --- icmp6.c 2 Mar 2005 05:14:15 -0000 1.60 +++ icmp6.c 7 Apr 2005 15:26:28 -0000 @@ -524,15 +524,6 @@ const int maxlen = sizeof(*nip6) + sizeof(*nicmp6); int n0len; - /* - * Prepare an internal mbuf. m_pullup() doesn't - * always copy the length we specified. - */ - if (maxlen >= MCLBYTES) { - /* Give up remote */ - m_freem(n0); - break; - } MGETHDR(n, M_DONTWAIT, n0->m_type); n0len = n0->m_pkthdr.len; /* save for use below */ if (n) @@ -1943,9 +1934,14 @@ m->m_len <= MHLEN) { MGET(n, M_DONTWAIT, m->m_type); if (n != NULL) { - m_dup_pkthdr(n, m, M_NOWAIT); - bcopy(m->m_data, n->m_data, m->m_len); - n->m_len = m->m_len; + if (m_dup_pkthdr(n, m, M_NOWAIT)) { + bcopy(m->m_data, n->m_data, + m->m_len); + n->m_len = m->m_len; + } else { + m_free(n); + n = NULL; + } } } if (n != NULL || @@ -1983,12 +1979,16 @@ MGET(n, M_DONTWAIT, m->m_type); if (n != NULL) { - m_dup_pkthdr(n, m, M_NOWAIT); - bcopy(m->m_data, n->m_data, m->m_len); - n->m_len = m->m_len; - - m_freem(m); - m = n; + if (m_dup_pkthdr(n, m, M_NOWAIT)) { + bcopy(m->m_data, n->m_data, m->m_len); + n->m_len = m->m_len; + + m_freem(m); + m = n; + } else { + m_freem(n); + n = NULL; + } } } if (sbappendaddr(&last->in6p_socket->so_rcv, From owner-freebsd-net@FreeBSD.ORG Sat Apr 9 13:37:50 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE72716A4CE for ; Sat, 9 Apr 2005 13:37:50 +0000 (GMT) Received: from unsane.co.uk (unsane.co.uk [62.140.220.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id E7F0943D4C for ; Sat, 9 Apr 2005 13:37:48 +0000 (GMT) (envelope-from jhary@unsane.co.uk) Received: from canth ([10.0.0.10]) (authenticated bits=0) by unsane.co.uk (8.13.3/8.13.3) with ESMTP id j39Db6wv028638; Sat, 9 Apr 2005 14:37:06 +0100 (BST) (envelope-from jhary@unsane.co.uk) Message-Id: <200504091337.j39Db6wv028638@unsane.co.uk> From: "Vince" To: "'John Mok'" , Date: Sat, 9 Apr 2005 14:37:24 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcU7jPffzzeD/di2QsyOE/Mhj+YNCABeqXgA X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 In-Reply-To: <42555C87.7030700@attglobal.net> Subject: RE: FreeBSD Firewall + NAT Traversal + IPsec X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Apr 2005 13:37:50 -0000 I do this with the cisco VPN client (to PIX), I am firewalling with pf. Client --- FreeBSD firewall+NAT using pf --- internet - PIX The only problem I had was that isakmp needs to come from port 500 as well as go to port 500 so I needed to add a rule To stop pf changing the source port. My nat rules are: nat on $ext_if inet proto { tcp, udp } from $int_net port = 500 \ to any -> ($ext_if:0) port 500 nat on $ext_if from $int_net to any -> $ext_addr1 Havent tried checkpoint though. Vince > -----Original Message----- > From: owner-freebsd-net@freebsd.org > [mailto:owner-freebsd-net@freebsd.org] On Behalf Of John Mok > Sent: 07 April 2005 17:15 > To: freebsd-net@freebsd.org > Subject: FreeBSD Firewall + NAT Traversal + IPsec > > Hi, > > I'm new to FreeBSD. Is it possible make a FreeBSD box with > firewall + NAT, such that client PC(s) from the NATed > internal network could connect to a VPN gateway on the Internet :- > > client PC ----- FreeBSD Firewall + NAT ---- Internet ---- > IPsec VPN gateway > 192.168.x.x/16 (e.g. > Checkpoint FW-1) > (VPN client) > > I hope someone could help to advise what software is required > on the FreeBSD box to NAT traversal work and where to get the > HOWTO(s)? > > Thanks a lot. > > John Mok > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Sat Apr 9 15:20:11 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 61B0716A4CE for ; Sat, 9 Apr 2005 15:20:11 +0000 (GMT) Received: from cwb.pacific.net.hk (cwb.pacific.net.hk [202.14.67.92]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9001F43D31 for ; Sat, 9 Apr 2005 15:20:10 +0000 (GMT) (envelope-from jmok@attglobal.net) Received: from [192.168.16.50] (154.159.17.210.fixed.pacific.net.hk [210.17.159.154]) by cwb.pacific.net.hk with ESMTP id j39FK3Ou011576; Sat, 9 Apr 2005 23:20:08 +0800 (CST) Message-ID: <4257F2A1.2060603@attglobal.net> Date: Sat, 09 Apr 2005 23:20:01 +0800 From: John Mok User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Vince References: <200504091337.j39Db6wv028638@unsane.co.uk> In-Reply-To: <200504091337.j39Db6wv028638@unsane.co.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: FreeBSD Firewall + NAT Traversal + IPsec X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Apr 2005 15:20:11 -0000 To my understanding, the mechanism of how NAT works is that, the client connections from the intranet are mapped to separate ports on the NAT with one single IP address by means of a mapping table, such that the reply packet from the outside to the NAT could be reversely mapped to the respective client connections. If there are more than one VPN clients being NATed to the VPN gateway, and all client isakmp connections to port 500 are mapped to port 500 on the external interface of the NAT, then how the NAT could reversely mapped the isakmp replies to the clients unambigously? John Mok Vince wrote: >I do this with the cisco VPN client (to PIX), >I am firewalling with pf. > >Client --- FreeBSD firewall+NAT using pf --- internet - PIX > >The only problem I had was that isakmp needs to come from >port 500 as well as go to port 500 so I needed to add a rule >To stop pf changing the source port. My nat rules are: >nat on $ext_if inet proto { tcp, udp } from $int_net port = 500 \ > to any -> ($ext_if:0) port 500 >nat on $ext_if from $int_net to any -> $ext_addr1 > >Havent tried checkpoint though. > >Vince > > > > >>-----Original Message----- >>From: owner-freebsd-net@freebsd.org >>[mailto:owner-freebsd-net@freebsd.org] On Behalf Of John Mok >>Sent: 07 April 2005 17:15 >>To: freebsd-net@freebsd.org >>Subject: FreeBSD Firewall + NAT Traversal + IPsec >> >>Hi, >> >>I'm new to FreeBSD. Is it possible make a FreeBSD box with >>firewall + NAT, such that client PC(s) from the NATed >>internal network could connect to a VPN gateway on the Internet :- >> >> client PC ----- FreeBSD Firewall + NAT ---- Internet ---- >>IPsec VPN gateway >>192.168.x.x/16 (e.g. >>Checkpoint FW-1) >>(VPN client) >> >>I hope someone could help to advise what software is required >>on the FreeBSD box to NAT traversal work and where to get the >>HOWTO(s)? >> >>Thanks a lot. >> >>John Mok >> >>_______________________________________________ >>freebsd-net@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-net >>To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> >> >> > >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > From owner-freebsd-net@FreeBSD.ORG Sat Apr 9 16:59:27 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BEB3016A4CF for ; Sat, 9 Apr 2005 16:59:27 +0000 (GMT) Received: from unsane.co.uk (unsane.co.uk [62.140.220.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8152B43D1D for ; Sat, 9 Apr 2005 16:59:26 +0000 (GMT) (envelope-from jhary@unsane.co.uk) Received: from unsane.co.uk (localhost [127.0.0.1]) by unsane.co.uk (8.13.3/8.13.3) with ESMTP id j39Gx4ev036160 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 9 Apr 2005 17:59:05 +0100 (BST) (envelope-from jhary@unsane.co.uk) Received: from localhost (jhary@localhost) by unsane.co.uk (8.13.3/8.13.3/Submit) with ESMTP id j39Gx3fj036157; Sat, 9 Apr 2005 17:59:04 +0100 (BST) (envelope-from jhary@unsane.co.uk) Date: Sat, 9 Apr 2005 17:59:03 +0100 (BST) From: Vince Hoffman To: John Mok In-Reply-To: <4257F2A1.2060603@attglobal.net> Message-ID: <20050409174841.L35796@unsane.co.uk> References: <200504091337.j39Db6wv028638@unsane.co.uk> <4257F2A1.2060603@attglobal.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-net@freebsd.org Subject: Re: FreeBSD Firewall + NAT Traversal + IPsec X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Apr 2005 16:59:28 -0000 On Sat, 9 Apr 2005, John Mok wrote: > > To my understanding, the mechanism of how NAT works is that, the client > connections from the intranet are mapped to separate ports on the NAT with > one single IP address by means of a mapping table, such that the reply packet > from the outside to the NAT could be reversely mapped to the respective > client connections. If there are more than one VPN clients being NATed to the > VPN gateway, and all client isakmp connections to port 500 are mapped to port > 500 on the external interface of the NAT, then how the NAT could reversely > mapped the isakmp replies to the clients unambigously? > Sorry the one Caveat i forgot is that I can only have one VPN session at a time, If you are likely to have multiple users using the vpn at one time then it wont work. if you have multiple VPN users accessing the same checkpoint then have a look at making a lan to lan tunnel, see: http://www.freebsd.org/doc/en/articles/checkpoint/ its a little old and you need to do some config on the checkpoint, but its a good starting point. Vince > John Mok > > > Vince wrote: > >> I do this with the cisco VPN client (to PIX), I am firewalling with pf. >> Client --- FreeBSD firewall+NAT using pf --- internet - PIX >> >> The only problem I had was that isakmp needs to come from port 500 as well >> as go to port 500 so I needed to add a rule To stop pf changing the source >> port. My nat rules are: nat on $ext_if inet proto { tcp, udp } from >> $int_net port = 500 \ to any -> ($ext_if:0) port 500 >> nat on $ext_if from $int_net to any -> $ext_addr1 >> >> Havent tried checkpoint though. >> >> Vince >> >> >> >>> -----Original Message----- >>> From: owner-freebsd-net@freebsd.org [mailto:owner-freebsd-net@freebsd.org] >>> On Behalf Of John Mok >>> Sent: 07 April 2005 17:15 >>> To: freebsd-net@freebsd.org >>> Subject: FreeBSD Firewall + NAT Traversal + IPsec >>> >>> Hi, >>> >>> I'm new to FreeBSD. Is it possible make a FreeBSD box with firewall + NAT, >>> such that client PC(s) from the NATed internal network could connect to a >>> VPN gateway on the Internet :- >>> >>> client PC ----- FreeBSD Firewall + NAT ---- Internet ---- IPsec VPN >>> gateway >>> 192.168.x.x/16 (e.g. >>> Checkpoint FW-1) >>> (VPN client) >>> >>> I hope someone could help to advise what software is required on the >>> FreeBSD box to NAT traversal work and where to get the HOWTO(s)? >>> >>> Thanks a lot. >>> >>> John Mok >>> >>> _______________________________________________ >>> freebsd-net@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-net >>> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >>> >>> >> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> >> >