From owner-freebsd-net@FreeBSD.ORG Mon Jun 27 07:02:40 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5AAE216A41C for ; Mon, 27 Jun 2005 07:02:40 +0000 (GMT) (envelope-from donatas@lrtc.net) Received: from mail.lrtc.lt (pegasus.lrtc.lt [217.9.240.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id D233B43D1F for ; Mon, 27 Jun 2005 07:02:39 +0000 (GMT) (envelope-from donatas@lrtc.net) Received: (qmail 12645 invoked from network); 27 Jun 2005 07:02:06 -0000 Received: from unknown (HELO donatas) (d.gendvilas@[192.168.144.159]) (envelope-sender ) by mail.lrtc.lt (qmail-ldap-1.03) with SMTP for ; 27 Jun 2005 07:02:06 -0000 Message-ID: <013701c57ae6$2f79b7e0$9f90a8c0@DONATAS> From: "Donatas" To: Date: Mon, 27 Jun 2005 10:02:30 +0300 Organization: AB Lietuvos Radijo ir Televizijos Centras MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-4" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Subject: layer7 filtering X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Donatas List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jun 2005 07:02:40 -0000 I wonder if there's any person who did some scripting like=20 application layer analysis with network sniffer (like tcpdump) + = apropriate firewall rule generation(like statefull ipfw rules) ? Because of an abscence of layer7 analysis in bsd firewalls i'm made to = think about such combinations. What could be the perfomance of such machine?May BSD6 save work in this = case and introduce some alternatives? any thoughts are welcome... _________________________________ Donatas Gendvilas SC Lithuanian Radio And Television Center Data Transfers Department - N.O.C. From owner-freebsd-net@FreeBSD.ORG Mon Jun 27 07:20:08 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BC5DB16A41C for ; Mon, 27 Jun 2005 07:20:08 +0000 (GMT) (envelope-from regnauld@catpipe.net) Received: from moof.catpipe.net (moof.catpipe.net [195.249.214.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7132443D1D for ; Mon, 27 Jun 2005 07:20:08 +0000 (GMT) (envelope-from regnauld@catpipe.net) Received: from localhost (localhost [127.0.0.1]) by localhost.catpipe.net (Postfix) with ESMTP id 9C8021B358; Mon, 27 Jun 2005 09:20:05 +0200 (CEST) Received: from moof.catpipe.net ([127.0.0.1]) by localhost (moof.catpipe.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 58926-02; Mon, 27 Jun 2005 09:20:00 +0200 (CEST) Received: from vinyl.catpipe.net (vinyl.catpipe.net [195.249.214.189]) by moof.catpipe.net (Postfix) with ESMTP id E6C7A1B387; Mon, 27 Jun 2005 09:19:59 +0200 (CEST) Received: by vinyl.catpipe.net (Postfix, from userid 1006) id BBCAC3981C; Mon, 27 Jun 2005 09:19:30 +0200 (CEST) Date: Mon, 27 Jun 2005 09:19:30 +0200 From: Phil Regnauld To: Donatas Message-ID: <20050627071929.GA77236@catpipe.net> References: <013701c57ae6$2f79b7e0$9f90a8c0@DONATAS> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <013701c57ae6$2f79b7e0$9f90a8c0@DONATAS> X-Operating-System: FreeBSD 5.3-STABLE i386 Organization: catpipe Systems ApS User-Agent: Mutt/1.5.9i X-Virus-Scanned: amavisd-new at catpipe.net Cc: freebsd-net@freebsd.org Subject: Re: layer7 filtering X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jun 2005 07:20:08 -0000 Donatas (donatas) writes: > I wonder if there's any person who did some scripting like > application layer analysis with network sniffer (like tcpdump) + apropriate firewall rule generation(like statefull ipfw rules) ? You mean this ? http://www.hsc.fr/ressources/outils/nstreams/ Nstreams is a program which analyzes the streams that occur on a network. It displays which streams are generated by the users between several networks, and between the networks and the outside. It can optionally generate the ipchains or ipfw rules that will match these streams, thus only allowing what is required for the users, and nothing more. Nstreams can parse the tcpdump output, or the files generated with the -w option of tcpdump. It can also directly sniff the data that occurs on the network. This product was designed by HSC and coded by Renaud Deraison (deraison@cvs.nessus.org), author of the Nessus software. It is available for free under GNU license. From owner-freebsd-net@FreeBSD.ORG Mon Jun 27 07:28:59 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 41A0D16A41C for ; Mon, 27 Jun 2005 07:28:59 +0000 (GMT) (envelope-from donatas@lrtc.net) Received: from mail.lrtc.lt (pegasus.lrtc.lt [217.9.240.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8BD3A43D1D for ; Mon, 27 Jun 2005 07:28:58 +0000 (GMT) (envelope-from donatas@lrtc.net) Received: (qmail 15647 invoked from network); 27 Jun 2005 07:28:30 -0000 Received: from unknown (HELO donatas) (d.gendvilas@[192.168.144.159]) (envelope-sender ) by mail.lrtc.lt (qmail-ldap-1.03) with SMTP for ; 27 Jun 2005 07:28:30 -0000 Message-ID: <016701c57ae9$df6abc50$9f90a8c0@DONATAS> From: "Donatas" To: References: <013701c57ae6$2f79b7e0$9f90a8c0@DONATAS> <20050627071929.GA77236@catpipe.net> Date: Mon, 27 Jun 2005 10:28:54 +0300 Organization: AB Lietuvos Radijo ir Televizijos Centras MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Subject: Re: layer7 filtering X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Donatas List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jun 2005 07:28:59 -0000 thnx, that's what i've been looking for.... From: "Phil Regnauld" To: "Donatas" Cc: Sent: Monday, June 27, 2005 10:19 AM Subject: Re: layer7 filtering > Donatas (donatas) writes: >> I wonder if there's any person who did some scripting like=20 >> application layer analysis with network sniffer (like tcpdump) + = apropriate firewall rule generation(like statefull ipfw rules) ? >=20 > You mean this ? >=20 > http://www.hsc.fr/ressources/outils/nstreams/ >=20 > Nstreams is a program which analyzes the streams that occur on a > network. It displays which streams are generated by the users between > several networks, and between the networks and the outside. It can > optionally generate the ipchains or ipfw rules that will match these > streams, thus only allowing what is required for the users, and = nothing > more. >=20 > Nstreams can parse the tcpdump output, or the files generated > with the -w option of tcpdump. It can also directly sniff > the data that occurs on the network. >=20 > This product was designed by HSC and coded by Renaud Deraison > (deraison@cvs.nessus.org), author of the Nessus software. > It is available for free under GNU license. >=20 >=20 >=20 > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Mon Jun 27 11:01:53 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 61ADF16A41F for ; Mon, 27 Jun 2005 11:01:53 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 373F543D4C for ; Mon, 27 Jun 2005 11:01:53 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j5RB1rg8043093 for ; Mon, 27 Jun 2005 11:01:53 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j5RB1quv043088 for freebsd-net@freebsd.org; Mon, 27 Jun 2005 11:01:52 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 27 Jun 2005 11:01:52 GMT Message-Id: <200506271101.j5RB1quv043088@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jun 2005 11:01:53 -0000 Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/07/11] kern/54383 net [nfs] [patch] NFS root configurations wit 1 problem total. From owner-freebsd-net@FreeBSD.ORG Mon Jun 27 17:57:31 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CCB5E16A41C for ; Mon, 27 Jun 2005 17:57:31 +0000 (GMT) (envelope-from wagnerrp@email.uc.edu) Received: from mprelay2.uc.edu (newcom.msbb.uc.edu [129.137.5.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9061E43D49 for ; Mon, 27 Jun 2005 17:57:31 +0000 (GMT) (envelope-from wagnerrp@email.uc.edu) Received: from mirapoint.uc.edu (mirapoint.uc.edu [10.23.4.254]) by mprelay2.uc.edu (MOS 3.5.8-GR) with ESMTP id CLO54400; Mon, 27 Jun 2005 13:57:29 -0400 (EDT) Received: from raymond (Untitled.rhod.uc.edu [10.52.6.79]) by mirapoint.uc.edu (MOS 3.4.7-GR) with ESMTP id CNA88994; Mon, 27 Jun 2005 13:57:28 -0400 (EDT) Message-Id: <200506271757.CNA88994@mirapoint.uc.edu> From: "Raymond Wagner" To: Date: Mon, 27 Jun 2005 13:57:04 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcV7QaB6Rrf6CvpqSke5GDRgSiBJFQ== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Subject: Routing path of jail X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jun 2005 17:57:31 -0000 I am setting up a firewall (IPFW and NATD) for use on a DSL line with several public IPs. I have set up one alias on my external interface for each IP I am allotted and am trying to force a program to run on one of the aliased addresses. I am using lynx and the website www.whatismyip.com to determine what IP it is using. Currently, I have been trying to use a jail to achieve this. From what I can tell, the jail uses the first address on the external interface as a gateway. Lynx returns the public IP bound to the first address, and my IPFW logs show the same thing. Now using NATD, I have been able to forward computers inside the firewall to one of the other public IP addresses, but I can't get it to work for jail. If there some setting I need to put into the routing tables? Or is there some weird forwarding scheme I can use with NATD to achieve this? From owner-freebsd-net@FreeBSD.ORG Tue Jun 28 05:08:13 2005 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E1F1216A427 for ; Tue, 28 Jun 2005 05:08:13 +0000 (GMT) (envelope-from julian@elischer.org) Received: from delight.idiom.com (delight.idiom.com [216.240.32.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id EF91143D6E for ; Tue, 28 Jun 2005 05:08:11 +0000 (GMT) (envelope-from julian@elischer.org) Received: from idiom.com (idiom.com [216.240.32.1]) by delight.idiom.com (Postfix) with ESMTP id A710D1F979F for ; Mon, 27 Jun 2005 22:08:11 -0700 (PDT) Received: from [192.168.2.5] (home.elischer.org [216.240.48.38]) by idiom.com (8.12.11/8.12.11) with ESMTP id j5S58B4v030476 for ; Mon, 27 Jun 2005 22:08:11 -0700 (PDT) (envelope-from julian@elischer.org) Message-ID: <42C0DB3B.6000606@elischer.org> Date: Mon, 27 Jun 2005 22:08:11 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050424 X-Accept-Language: en, hu MIME-Version: 1.0 To: net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Julian's netowrking challenge 2005 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2005 05:08:14 -0000 So for reasons that i won't go into, I fin dmyself renumberring an entire company. howeve I have a particular problem I can't figure out how to fix. I have a gateway/firewall machine running 4.x it has 3 interfaces fxp0 goes to the internal trusted network fxp1 goes to the internet via a T1 via a cisco box, but is shared with another section of the company. the compant web service is advertised as coming from an address that is on an address advertised as being on this T1. So are other services. fxp2 also goes to the intenet via a cisco box however nothing is using it at the moment. The one shared T1 is being flooded out by users behind this machine much to the annoyance of the users on the other part of the company. This is supposed to be their T1. For reasons that are beyond the scope of this problem, the advertised DNS addresses for teh services advertised, can not just be switched to be via the other t1. The network attached to fxp0 needs to be NAT'd to use the Internet as it is using illegal numbers. The challenge: figure out a way so that all teh users on the network behind fxp0 hcan use the internet using the T1 attached to the cisco off fxp1 while all the advertised services (about 8 of them, few enough to list by hand in rules etc.) which are also behind fxp0 but acccessed by NAT'd addresses from the addresses on fxp1's net are accessed soly via that T1. [ internet ] | | T1 T1 | | [cisco] [cisco]--------[other part of company] | | [fxp1] [fxp2] [ freebsd 4.x ] [fxp0] | | -----------------------illegal numbere'd net(s) (e.g. 192.168.x.x)----- | | | [server 1 ] [server 2] [lots of users] I can get the 'forward' direction easily.. i.e. incoming packets. It's the reverse direction that doesn't work for me. I considerred running 2 NATDs but I need to run ipfw to identify teh reverse streams to force back via fxp2 and the only way I can do that is by using the 'fwd' command. if I do that I can't divert them and if I divert them to natd first, I can't 'fwd' them afterwards as the NATing is already done for the other (wrong) interface. I almost want to add a route add FROM Server 1 via [fxp2 cisco] which I've seen people request but until now I've never understood why.. for points: it may be possible by making the bsd box actually 3 boxes joined by a 10.x.x.x interface. dscribe how.. Your friend with less and less hair.. julian I sort of need a routing table based From owner-freebsd-net@FreeBSD.ORG Tue Jun 28 05:18:21 2005 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B0B8816A41F for ; Tue, 28 Jun 2005 05:18:21 +0000 (GMT) (envelope-from julian@elischer.org) Received: from delight.idiom.com (delight.idiom.com [216.240.32.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 934FC43D1D for ; Tue, 28 Jun 2005 05:18:21 +0000 (GMT) (envelope-from julian@elischer.org) Received: from idiom.com (idiom.com [216.240.32.1]) by delight.idiom.com (Postfix) with ESMTP id 76C7D1F8980 for ; Mon, 27 Jun 2005 22:18:21 -0700 (PDT) Received: from [192.168.2.5] (home.elischer.org [216.240.48.38]) by idiom.com (8.12.11/8.12.11) with ESMTP id j5S5IJJW045024; Mon, 27 Jun 2005 22:18:19 -0700 (PDT) (envelope-from julian@elischer.org) Message-ID: <42C0DD98.7090504@elischer.org> Date: Mon, 27 Jun 2005 22:18:16 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050424 X-Accept-Language: en, hu MIME-Version: 1.0 To: Julian Elischer References: <42C0DB3B.6000606@elischer.org> In-Reply-To: <42C0DB3B.6000606@elischer.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: net@freebsd.org Subject: Re: Julian's networking challenge 2005 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2005 05:18:21 -0000 This time with fewer typos.. Julian Elischer wrote: > > So for reasons that I won't go into, I find myself renumbering half of a > company. However I have a particular problem I can't figure out how to fix. > > I have a gateway/firewall machine running 4.x > > It has 3 interfaces > > fxp0 goes to the internal trusted network fxp1 goes to the internet via a T1 > via a cisco box, but is shared with another section of the company. the > company web service is advertised as coming from an address that is > advertised as being on this T1. So are other services. > > fxp2 also goes to the intenet via a cisco box however nothing is using it at > the moment. > > The one shared T1 is being flooded out by users behind this machine much to > the annoyance of the users on the other part of the company. This is supposed > to be their T1. > > For reasons that are beyond the scope of this problem, the advertised DNS > addresses for the services advertised, can not just be switched to be via the > other t1. > > The network attached to fxp0 needs to be NAT'd to use the Internet as it is > using illegal numbers. > > The challenge: > > Figure out a way so that all the users on the network behind fxp0 can use the > internet using the T1 attached to the cisco off fxp1 while all the advertised > services (about 8 of them, few enough to list by hand in rules etc.) which > are also behind fxp0 but acccessed by NAT'd addresses from the range on > fxp1's net are accessed soley via that T1. > > [ internet ] > | | > T1 T1 > | | > [cisco] [cisco]--------[other part of company] > | | > [fxp1] [fxp2] > [ freebsd 4.x ] > [fxp0] > | > | > -----------------------illegal numbere'd net(s) (e.g. 192.168.x.x)----- > | | | > [server 1 ] [server 2] [lots of users] > > I can get the 'forward' direction easily.. i.e. incoming packets. > > It's the reverse direction that doesn't work for me. I considered running 2 > NATDs but I need to run ipfw to identify the reverse streams to force back > via fxp2 and the only way I can do that is by using the 'fwd' command. If I > do that I can't divert them and if I divert them to natd first, I can't 'fwd' > them afterwards as the NATing is already done for the other (wrong) > interface. > > I almost want to add a route add FROM Server 1 via [fxp2 cisco] which I've > seen people request but until now I've never understood why.. > > > for points: > It may be possible by making the bsd box actually 3 boxes > joined by a 10.x.x.x interface. describe how.. > > Your friend with less and less hair.. > > julian > > > From owner-freebsd-net@FreeBSD.ORG Tue Jun 28 07:46:30 2005 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9EA5816A41C for ; Tue, 28 Jun 2005 07:46:30 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from postfix4-1.free.fr (postfix4-1.free.fr [213.228.0.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5E30343D53 for ; Tue, 28 Jun 2005 07:46:30 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by postfix4-1.free.fr (Postfix) with ESMTP id 06551317F31; Tue, 28 Jun 2005 09:46:28 +0200 (CEST) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id 9013C405B; Tue, 28 Jun 2005 09:46:41 +0200 (CEST) Date: Tue, 28 Jun 2005 09:46:40 +0200 From: Jeremie Le Hen To: Julian Elischer Message-ID: <20050628074640.GY1283@obiwan.tataz.chchile.org> References: <42C0DB3B.6000606@elischer.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42C0DB3B.6000606@elischer.org> User-Agent: Mutt/1.5.9i Cc: net@freebsd.org Subject: Re: Julian's netowrking challenge 2005 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2005 07:46:30 -0000 Hi Julian, > The challenge: > > figure out a way so that all teh users on the network behind fxp0 > hcan use the internet using the T1 attached to the cisco off fxp1 > while all the advertised services (about 8 of them, few enough to > list by hand in rules etc.) which are also behind fxp0 but acccessed by > NAT'd addresses from the addresses on fxp1's net are accessed soly via that > T1. > > [...] > > I can get the 'forward' direction easily.. i.e. incoming packets. > > It's the reverse direction that doesn't work for me. > I considerred running 2 NATDs > but I need to run ipfw to identify teh reverse streams to force back via > fxp2 > and the only way I can do that is by using the 'fwd' command. > if I do that I can't divert them and if I divert them to natd first, I can't > 'fwd' them afterwards as the NATing is already done for the other (wrong) > interface. You definitely want a non-terminal "fwd" command. Ari Suutari has just implemented the "setnexthop" action that does the trick, I think the patch [1] is waiting to be commited in -CURRENT. I don't think this would be really difficult to backport to RELENG_4. Hope this helps. Regards, [1] http://lists.freebsd.org/pipermail/freebsd-net/2005-June/007710.html PS: I'm seeing more and more requests about routing limitations in FreeBSD everyday, such as lack of multiple routing tables support, lack of source routing (as well as higher level protocol based routing). Are there actually some projects that are being worked on to overcome this ? -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > From owner-freebsd-net@FreeBSD.ORG Tue Jun 28 09:34:17 2005 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 535D616A41C for ; Tue, 28 Jun 2005 09:34:17 +0000 (GMT) (envelope-from samspeedu@mail.ru) Received: from mx3.mail.ru (mx3.mail.ru [194.67.23.149]) by mx1.FreeBSD.org (Postfix) with ESMTP id 112A943D1D for ; Tue, 28 Jun 2005 09:34:17 +0000 (GMT) (envelope-from samspeedu@mail.ru) Received: from [213.129.119.20] (port=57401 helo=192.168.168.7) by mx3.mail.ru with esmtp id 1DnCTu-000JcZ-00 for net@freebsd.org; Tue, 28 Jun 2005 13:34:15 +0400 Date: Tue, 28 Jun 2005 13:33:31 +0400 From: Andrey Smagin X-Mailer: The Bat! (v1.62r) Organization: DiP X-Priority: 3 (Normal) Message-ID: <1343538916.20050628133331@mail.ru> To: net@freebsd.org In-Reply-To: <20050628074640.GY1283@obiwan.tataz.chchile.org> References: <42C0DB3B.6000606@elischer.org> <20050628074640.GY1283@obiwan.tataz.chchile.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: Subject: Satellite internet connenction X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: SAMU List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2005 09:34:17 -0000 Hi. Please help. Need to create connection with internet via satellite for in and modem for out, anybody have success stories about it ? Please tell me you hardware and software configuration. -- Best regards, Andrey mailto:samspeedu@mail.ru From owner-freebsd-net@FreeBSD.ORG Tue Jun 28 09:39:48 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B51516A41C for ; Tue, 28 Jun 2005 09:39:48 +0000 (GMT) (envelope-from net@dino.sk) Received: from bsd.dino.sk (bsd.dino.sk [213.215.72.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id A17E443D1F for ; Tue, 28 Jun 2005 09:39:46 +0000 (GMT) (envelope-from net@dino.sk) Received: from home.dino.sk ([213.215.74.194]) (AUTH: LOGIN milan) by bsd.dino.sk with esmtp; Tue, 28 Jun 2005 11:42:37 +0200 id 00000102.42C11B8D.00016E08 From: Milan Obuch To: freebsd-net@freebsd.org Date: Tue, 28 Jun 2005 11:39:13 +0200 User-Agent: KMail/1.8 References: <42C0DB3B.6000606@elischer.org> <20050628074640.GY1283@obiwan.tataz.chchile.org> In-Reply-To: <20050628074640.GY1283@obiwan.tataz.chchile.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200506281139.17582.net@dino.sk> Subject: Re: Julian's netowrking challenge 2005 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2005 09:39:48 -0000 On Tuesday 28 June 2005 09:46, Jeremie Le Hen wrote: > Hi Julian, > > > The challenge: > > > > figure out a way so that all teh users on the network behind fxp0 > > hcan use the internet using the T1 attached to the cisco off fxp1 > > while all the advertised services (about 8 of them, few enough to > > list by hand in rules etc.) which are also behind fxp0 but acccessed by > > NAT'd addresses from the addresses on fxp1's net are accessed soly via > > that T1. > > > > [...] > > > > I can get the 'forward' direction easily.. i.e. incoming packets. > > > > It's the reverse direction that doesn't work for me. > > I considerred running 2 NATDs > > but I need to run ipfw to identify teh reverse streams to force back via > > fxp2 > > and the only way I can do that is by using the 'fwd' command. > > if I do that I can't divert them and if I divert them to natd first, I > > can't 'fwd' them afterwards as the NATing is already done for the other > > (wrong) interface. > > You definitely want a non-terminal "fwd" command. > Ari Suutari has just implemented the "setnexthop" action that does the > trick, I think the patch [1] is waiting to be commited in -CURRENT. > I don't think this would be really difficult to backport to RELENG_4. > I think this is good solution for him. At least once I needed to solve something similar, no luck then... > Hope this helps. > Regards, > > [1] http://lists.freebsd.org/pipermail/freebsd-net/2005-June/007710.html > > PS: I'm seeing more and more requests about routing limitations in > FreeBSD everyday, such as lack of multiple routing tables support, lack > of source routing (as well as higher level protocol based routing). > Are there actually some projects that are being worked on to overcome > this ? I used Marko Zec's virtualization patch for multiple VPN management and monitoring and it worked great. It does exist for 4-RELEASE, however. I am not ready to do anything like this yet, but if someone would work on sothing similar for newer releases, I would be really willing to try it out and test. I need to solve some multiple VPN problem again and using legacy release is the only option, but something newer would be really better. Regards, Milan From owner-freebsd-net@FreeBSD.ORG Tue Jun 28 09:47:21 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E05D16A41C for ; Tue, 28 Jun 2005 09:47:21 +0000 (GMT) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.183]) by mx1.FreeBSD.org (Postfix) with ESMTP id C2C5743D1F for ; Tue, 28 Jun 2005 09:47:20 +0000 (GMT) (envelope-from max@love2party.net) Received: from p54A3E06D.dip.t-dialin.net [84.163.224.109] (helo=donor.laier.local) by mrelayeu.kundenserver.de with ESMTP (Nemesis), id 0MKwh2-1DnCgU3OKx-0003JY; Tue, 28 Jun 2005 11:47:14 +0200 From: Max Laier To: freebsd-net@freebsd.org Date: Tue, 28 Jun 2005 11:47:05 +0200 User-Agent: KMail/1.8 References: <42C0DB3B.6000606@elischer.org> <20050628074640.GY1283@obiwan.tataz.chchile.org> <200506281139.17582.net@dino.sk> In-Reply-To: <200506281139.17582.net@dino.sk> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1839717.OuTRco7faI"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200506281147.13299.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: Milan Obuch , Julian Elischer Subject: Re: Julian's netowrking challenge 2005 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2005 09:47:21 -0000 --nextPart1839717.OuTRco7faI Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 28 June 2005 11:39, Milan Obuch wrote: > On Tuesday 28 June 2005 09:46, Jeremie Le Hen wrote: > > Hi Julian, > > > > > The challenge: > > > > > > figure out a way so that all teh users on the network behind fxp0 > > > hcan use the internet using the T1 attached to the cisco off fxp1 > > > while all the advertised services (about 8 of them, few enough to > > > list by hand in rules etc.) which are also behind fxp0 but acccessed = by > > > NAT'd addresses from the addresses on fxp1's net are accessed soly via > > > that T1. > > > > > > [...] > > > > > > I can get the 'forward' direction easily.. i.e. incoming packets. > > > > > > It's the reverse direction that doesn't work for me. > > > I considerred running 2 NATDs > > > but I need to run ipfw to identify teh reverse streams to force back > > > via fxp2 > > > and the only way I can do that is by using the 'fwd' command. > > > if I do that I can't divert them and if I divert them to natd first, I > > > can't 'fwd' them afterwards as the NATing is already done for the oth= er > > > (wrong) interface. > > > > You definitely want a non-terminal "fwd" command. > > Ari Suutari has just implemented the "setnexthop" action that does the > > trick, I think the patch [1] is waiting to be commited in -CURRENT. > > I don't think this would be really difficult to backport to RELENG_4. > > I think this is good solution for him. At least once I needed to solve > something similar, no luck then... Wouldn't a more general approach be better. e.g. a way to "tag" a packet=20 before it is sent to divert and a matching tag-lookup that can do further=20 action. This would make it very easy to do all kinds of stuff that needs t= o=20 know the original address instead of the translated one while avoiding code= =20 duplication. pf does something along these lines in case you are looking for references. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1839717.OuTRco7faI Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQBCwRyhXyyEoT62BG0RAsMRAJ4n2phcR4NCJ/S0fPCpRUNRK6y7XQCfRXFJ kCT1cicvxksdv+CZawEYLyM= =t+sQ -----END PGP SIGNATURE----- --nextPart1839717.OuTRco7faI-- From owner-freebsd-net@FreeBSD.ORG Tue Jun 28 10:27:18 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C579416A41C for ; Tue, 28 Jun 2005 10:27:18 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from postfix4-1.free.fr (postfix4-1.free.fr [213.228.0.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 89AF643D53 for ; Tue, 28 Jun 2005 10:27:18 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by postfix4-1.free.fr (Postfix) with ESMTP id 53136318087; Tue, 28 Jun 2005 12:27:16 +0200 (CEST) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id 7B773405B; Tue, 28 Jun 2005 12:27:29 +0200 (CEST) Date: Tue, 28 Jun 2005 12:27:28 +0200 From: Jeremie Le Hen To: Max Laier Message-ID: <20050628102728.GZ1283@obiwan.tataz.chchile.org> References: <42C0DB3B.6000606@elischer.org> <20050628074640.GY1283@obiwan.tataz.chchile.org> <200506281139.17582.net@dino.sk> <200506281147.13299.max@love2party.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200506281147.13299.max@love2party.net> User-Agent: Mutt/1.5.9i Cc: freebsd-net@freebsd.org, Milan Obuch , Julian Elischer Subject: Re: Julian's netowrking challenge 2005 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2005 10:27:18 -0000 > Wouldn't a more general approach be better. e.g. a way to "tag" a packet > before it is sent to divert and a matching tag-lookup that can do further > action. This would make it very easy to do all kinds of stuff that needs to > know the original address instead of the translated one while avoiding code > duplication. Having the possibility to tag a packet would be worth indeed. But I think that Milan wants to bring network stack virtualization in newer release of FreeBSD IIUC. This would be, IMO, a great improvement of FreeBSD networking, although I'm pretty sure this would make Netgraph people react a bit ;-). > pf does something along these lines in case you are looking for references. Would it be possible to share this tag among pf and ipfw ? Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > From owner-freebsd-net@FreeBSD.ORG Tue Jun 28 10:38:09 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5540916A41C for ; Tue, 28 Jun 2005 10:38:09 +0000 (GMT) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187]) by mx1.FreeBSD.org (Postfix) with ESMTP id DBC9443D1D for ; Tue, 28 Jun 2005 10:38:08 +0000 (GMT) (envelope-from max@love2party.net) Received: from p54A3E06D.dip.t-dialin.net [84.163.224.109] (helo=donor.laier.local) by mrelayeu.kundenserver.de with ESMTP (Nemesis), id 0ML2Dk-1DnDTh3L2I-0005Vr; Tue, 28 Jun 2005 12:38:05 +0200 From: Max Laier To: Jeremie Le Hen Date: Tue, 28 Jun 2005 12:37:56 +0200 User-Agent: KMail/1.8 References: <42C0DB3B.6000606@elischer.org> <200506281147.13299.max@love2party.net> <20050628102728.GZ1283@obiwan.tataz.chchile.org> In-Reply-To: <20050628102728.GZ1283@obiwan.tataz.chchile.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1220710.B1xTd7uyAy"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200506281238.04373.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: freebsd-net@freebsd.org, Milan Obuch , Julian Elischer Subject: Re: Julian's netowrking challenge 2005 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2005 10:38:09 -0000 --nextPart1220710.B1xTd7uyAy Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 28 June 2005 12:27, Jeremie Le Hen wrote: > > Wouldn't a more general approach be better. e.g. a way to "tag" a pack= et > > before it is sent to divert and a matching tag-lookup that can do furth= er > > action. This would make it very easy to do all kinds of stuff that nee= ds > > to know the original address instead of the translated one while avoidi= ng > > code duplication. > > Having the possibility to tag a packet would be worth indeed. But I > think that Milan wants to bring network stack virtualization in > newer release of FreeBSD IIUC. This would be, IMO, a great improvement > of FreeBSD networking, although I'm pretty sure this would make Netgraph > people react a bit ;-). Stack virtualization is independent of this. All I am trying to say here, = is=20 that I think it is better to have a general mechanism to do thing like that= ,=20 instead of a special solution for fwd (i.e. set-nexthop). > > pf does something along these lines in case you are looking for > > references. > > Would it be possible to share this tag among pf and ipfw ? Sure, it's a simple mbuf tag with a (at this point) 16bit cookie. The=20 downside of this approach is that you need to malloc the tag, but on the=20 other hand it's even more complicated for set-nexthop where you need to=20 allocate a route and maybe even hold it for some time and make sure you=20 properly GC it ... tags seem way simpler to me. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1220710.B1xTd7uyAy Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQBCwSiMXyyEoT62BG0RAqauAJ445qA9Rap+1yR7juuKnVc5DaunEQCaAphU +QKllFQ3kvpbHomEnlFqvc4= =Py3w -----END PGP SIGNATURE----- --nextPart1220710.B1xTd7uyAy-- From owner-freebsd-net@FreeBSD.ORG Tue Jun 28 10:52:49 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F02FE16A41C for ; Tue, 28 Jun 2005 10:52:49 +0000 (GMT) (envelope-from net@dino.sk) Received: from bsd.dino.sk (bsd.dino.sk [213.215.72.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6B0C443D1D for ; Tue, 28 Jun 2005 10:52:48 +0000 (GMT) (envelope-from net@dino.sk) Received: from home.dino.sk ([213.215.74.194]) (AUTH: LOGIN milan) by bsd.dino.sk with esmtp; Tue, 28 Jun 2005 12:55:43 +0200 id 000001C9.42C12CB0.000170BD From: Milan Obuch To: freebsd-net@freebsd.org Date: Tue, 28 Jun 2005 12:52:04 +0200 User-Agent: KMail/1.8 References: <42C0DB3B.6000606@elischer.org> <200506281147.13299.max@love2party.net> <20050628102728.GZ1283@obiwan.tataz.chchile.org> In-Reply-To: <20050628102728.GZ1283@obiwan.tataz.chchile.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200506281252.23976.net@dino.sk> Cc: Max Laier , Jeremie Le Hen , Julian Elischer Subject: Re: Julian's netowrking challenge 2005 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2005 10:52:50 -0000 On Tuesday 28 June 2005 12:27, Jeremie Le Hen wrote: > > Wouldn't a more general approach be better. e.g. a way to "tag" a packet > > before it is sent to divert and a matching tag-lookup that can do further > > action. This would make it very easy to do all kinds of stuff that needs > > to know the original address instead of the translated one while avoiding > > code duplication. > > Having the possibility to tag a packet would be worth indeed. But I > think that Milan wants to bring network stack virtualization in > newer release of FreeBSD IIUC. This would be, IMO, a great improvement > of FreeBSD networking, although I'm pretty sure this would make Netgraph > people react a bit ;-). > Yes, yes, no :) Packet tagging and action based on tags are possibilities worth to have. Yes, I would like to have virtualization. Actually this could be seen as generalized packet tagging (similar to MPLS technology, only internal, but could be extended as well...) And I see no reason why netgraph people should react - having both virtual stacks AND netgraph is really powerfull combination. > > pf does something along these lines in case you are looking for > > references. > > Would it be possible to share this tag among pf and ipfw ? > ... and ipf as well :) AFAIR main objections against Marko Zec's patch were its based on 4-RELEASE and not CURRENT/HEAD, and its 'monolithic' non-modular approach. Other than those, virtualization philosophy is great and we should adopt it IMHO. Our lovely daemon gains even more power :) Milan From owner-freebsd-net@FreeBSD.ORG Tue Jun 28 11:10:37 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B4C0516A41C for ; Tue, 28 Jun 2005 11:10:37 +0000 (GMT) (envelope-from net@dino.sk) Received: from bsd.dino.sk (bsd.dino.sk [213.215.72.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3E55B43D1D for ; Tue, 28 Jun 2005 11:10:37 +0000 (GMT) (envelope-from net@dino.sk) Received: from home.dino.sk ([213.215.74.194]) (AUTH: LOGIN milan) by bsd.dino.sk with esmtp; Tue, 28 Jun 2005 13:13:32 +0200 id 000000EB.42C130DC.0001715A From: Milan Obuch To: freebsd-net@freebsd.org Date: Tue, 28 Jun 2005 13:10:10 +0200 User-Agent: KMail/1.8 References: <42C0DB3B.6000606@elischer.org> <20050628102728.GZ1283@obiwan.tataz.chchile.org> <200506281238.04373.max@love2party.net> In-Reply-To: <200506281238.04373.max@love2party.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200506281310.12252.net@dino.sk> Subject: Re: Julian's netowrking challenge 2005 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2005 11:10:37 -0000 On Tuesday 28 June 2005 12:37, Max Laier wrote: > On Tuesday 28 June 2005 12:27, Jeremie Le Hen wrote: > > > Wouldn't a more general approach be better. e.g. a way to "tag" a > > > packet before it is sent to divert and a matching tag-lookup that can > > > do further action. This would make it very easy to do all kinds of > > > stuff that needs to know the original address instead of the translated > > > one while avoiding code duplication. > > > > Having the possibility to tag a packet would be worth indeed. But I > > think that Milan wants to bring network stack virtualization in > > newer release of FreeBSD IIUC. This would be, IMO, a great improvement > > of FreeBSD networking, although I'm pretty sure this would make Netgraph > > people react a bit ;-). > > Stack virtualization is independent of this. All I am trying to say here, > is that I think it is better to have a general mechanism to do thing like > that, instead of a special solution for fwd (i.e. set-nexthop). > We agree on this. Tagging and virtualization are independent and solve different purposes. My reaction was to post mentioning request caused from various limitations/deficiences, namely lack of multiple routing tables support. > > > pf does something along these lines in case you are looking for > > > references. > > > > Would it be possible to share this tag among pf and ipfw ? > > Sure, it's a simple mbuf tag with a (at this point) 16bit cookie. The > downside of this approach is that you need to malloc the tag, but on the > other hand it's even more complicated for set-nexthop where you need to > allocate a route and maybe even hold it for some time and make sure you > properly GC it ... tags seem way simpler to me. Agreed. I am far from being networking code guru, so maybe this question sounds stupid, but could not this cookie be allocated when packet enters system? Maybe optionally... Milan From owner-freebsd-net@FreeBSD.ORG Tue Jun 28 12:09:27 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 180D416A41C for ; Tue, 28 Jun 2005 12:09:27 +0000 (GMT) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.186]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9A86143D48 for ; Tue, 28 Jun 2005 12:09:26 +0000 (GMT) (envelope-from max@love2party.net) Received: from p54A3E06D.dip.t-dialin.net [84.163.224.109] (helo=donor.laier.local) by mrelayeu.kundenserver.de with ESMTP (Nemesis), id 0ML29c-1DnEu51KnN-0007QA; Tue, 28 Jun 2005 14:09:25 +0200 From: Max Laier To: freebsd-net@freebsd.org Date: Tue, 28 Jun 2005 14:09:17 +0200 User-Agent: KMail/1.8 References: <42C0DB3B.6000606@elischer.org> <200506281238.04373.max@love2party.net> <200506281310.12252.net@dino.sk> In-Reply-To: <200506281310.12252.net@dino.sk> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart5162564.44lElaTRla"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200506281409.23885.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: Milan Obuch Subject: Re: Julian's netowrking challenge 2005 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2005 12:09:27 -0000 --nextPart5162564.44lElaTRla Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 28 June 2005 13:10, Milan Obuch wrote: > On Tuesday 28 June 2005 12:37, Max Laier wrote: > > On Tuesday 28 June 2005 12:27, Jeremie Le Hen wrote: > > > > Wouldn't a more general approach be better. e.g. a way to "tag" a > > > > packet before it is sent to divert and a matching tag-lookup that c= an > > > > do further action. This would make it very easy to do all kinds of > > > > stuff that needs to know the original address instead of the > > > > translated one while avoiding code duplication. > > > > > > Having the possibility to tag a packet would be worth indeed. But I > > > think that Milan wants to bring network stack virtualization in > > > newer release of FreeBSD IIUC. This would be, IMO, a great improveme= nt > > > of FreeBSD networking, although I'm pretty sure this would make > > > Netgraph people react a bit ;-). > > > > Stack virtualization is independent of this. All I am trying to say > > here, is that I think it is better to have a general mechanism to do > > thing like that, instead of a special solution for fwd (i.e. > > set-nexthop). > > We agree on this. Tagging and virtualization are independent and solve > different purposes. My reaction was to post mentioning request caused from > various limitations/deficiences, namely lack of multiple routing tables > support. > > > > > pf does something along these lines in case you are looking for > > > > references. > > > > > > Would it be possible to share this tag among pf and ipfw ? > > > > Sure, it's a simple mbuf tag with a (at this point) 16bit cookie. The > > downside of this approach is that you need to malloc the tag, but on the > > other hand it's even more complicated for set-nexthop where you need to > > allocate a route and maybe even hold it for some time and make sure you > > properly GC it ... tags seem way simpler to me. > > Agreed. I am far from being networking code guru, so maybe this question > sounds stupid, but could not this cookie be allocated when packet enters > system? Maybe optionally... We could always extend the pkthdr to hold more information. An additional= =20 bitfield and maybe a 32Bit cookie might be useful, but there are tradoffs t= o=20 consider: Dragonfly did extend the pkthdr to pack all the possible pf mbuf= =20 tags inside it. This adds 12 byte at the moment. As a consequence it=20 decreases the datasize in presence of a pkthdr by 12 byte. With an MSIZE o= f=20 256 this means you can have 219 (32bit pointer/int) / 195 (64bit pointer/in= t)=20 byte in a packet before you need to create an mbuf cluster. With FreeBSD=20 (also using MSIZE of 256) this is 231 / 207 - one has to carefully look at= =20 mean packet sizes to evaluate if this is a tradeoff that is worth paying. = =20 Keep in mind that not everybody does packet filtering and might just need r= aw=20 packet pushing performace (i.e. wants to avoid mbuf clusters for small=20 packets at any cost). On the other hand a zone allocator for mbuf tags might be the right solluti= on=20 here? =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart5162564.44lElaTRla Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQBCwT3zXyyEoT62BG0RAqg/AJ9vEy1H16eVy0rg2xS7j4fgV007/ACfba6D vUSVgMMWMLPaFURYTGEgx2o= =3wD3 -----END PGP SIGNATURE----- --nextPart5162564.44lElaTRla-- From owner-freebsd-net@FreeBSD.ORG Tue Jun 28 12:16:00 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D028C16A41C for ; Tue, 28 Jun 2005 12:16:00 +0000 (GMT) (envelope-from net@dino.sk) Received: from bsd.dino.sk (bsd.dino.sk [213.215.72.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 622E643D58 for ; Tue, 28 Jun 2005 12:15:59 +0000 (GMT) (envelope-from net@dino.sk) Received: from home.dino.sk ([213.215.74.194]) (AUTH: LOGIN milan) by bsd.dino.sk with esmtp; Tue, 28 Jun 2005 14:18:55 +0200 id 000000EB.42C1402F.000173AE From: Milan Obuch To: freebsd-net@freebsd.org Date: Tue, 28 Jun 2005 14:15:34 +0200 User-Agent: KMail/1.8 References: <42C0DB3B.6000606@elischer.org> <200506281310.12252.net@dino.sk> <200506281409.23885.max@love2party.net> In-Reply-To: <200506281409.23885.max@love2party.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200506281415.36453.net@dino.sk> Subject: Re: Julian's netowrking challenge 2005 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2005 12:16:00 -0000 On Tuesday 28 June 2005 14:09, Max Laier wrote: ... > > > > > pf does something along these lines in case you are looking for > > > > > references. > > > > > > > > Would it be possible to share this tag among pf and ipfw ? > > > > > > Sure, it's a simple mbuf tag with a (at this point) 16bit cookie. The > > > downside of this approach is that you need to malloc the tag, but on > > > the other hand it's even more complicated for set-nexthop where you > > > need to allocate a route and maybe even hold it for some time and make > > > sure you properly GC it ... tags seem way simpler to me. > > > > Agreed. I am far from being networking code guru, so maybe this question > > sounds stupid, but could not this cookie be allocated when packet enters > > system? Maybe optionally... > > We could always extend the pkthdr to hold more information. An additional > bitfield and maybe a 32Bit cookie might be useful, but there are tradoffs > to consider: Dragonfly did extend the pkthdr to pack all the possible pf > mbuf tags inside it. This adds 12 byte at the moment. As a consequence it > decreases the datasize in presence of a pkthdr by 12 byte. With an MSIZE > of 256 this means you can have 219 (32bit pointer/int) / 195 (64bit > pointer/int) byte in a packet before you need to create an mbuf cluster. > With FreeBSD (also using MSIZE of 256) this is 231 / 207 - one has to > carefully look at mean packet sizes to evaluate if this is a tradeoff that > is worth paying. Keep in mind that not everybody does packet filtering and > might just need raw packet pushing performace (i.e. wants to avoid mbuf > clusters for small packets at any cost). > Well, that's why I said optionally. The question remains how this option should be turned on. We need some evaluation on this option - now it is just a guess. After some benchmarking on both approaches we could build an educated guess :) > On the other hand a zone allocator for mbuf tags might be the right > sollution here? [This space left for those understanding this issue at least a bit :)] Milan From owner-freebsd-net@FreeBSD.ORG Tue Jun 28 12:23:59 2005 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F1A2316A41C for ; Tue, 28 Jun 2005 12:23:58 +0000 (GMT) (envelope-from bv@bilver.wjv.com) Received: from wjv.com (fl-65-40-24-38.sta.sprint-hsd.net [65.40.24.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 80F0D43D55 for ; Tue, 28 Jun 2005 12:23:58 +0000 (GMT) (envelope-from bv@bilver.wjv.com) Received: from bilver.wjv.com (localhost.wjv.com [127.0.0.1]) by wjv.com (8.12.11/8.13.1) with ESMTP id j5SCNi0C067799; Tue, 28 Jun 2005 08:23:44 -0400 (EDT) (envelope-from bv@bilver.wjv.com) Received: (from bv@localhost) by bilver.wjv.com (8.12.11/8.13.1/Submit) id j5SCNhQ8067798; Tue, 28 Jun 2005 08:23:43 -0400 (EDT) (envelope-from bv) Date: Tue, 28 Jun 2005 08:23:43 -0400 From: Bill Vermillion To: Julian Elischer Message-ID: <20050628122343.GA67724@wjv.com> References: <42C0DB3B.6000606@elischer.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42C0DB3B.6000606@elischer.org> Organization: W.J.Vermillion / Orlando - Winter Park ReplyTo: bv@wjv.com User-Agent: Mutt/1.5.6i X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED autolearn=failed version=3.0.3 X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on bilver.wjv.com Cc: net@freebsd.org Subject: Re: Julian's netowrking challenge 2005 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bv@wjv.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2005 12:23:59 -0000 Putting quill to paper and scribbling furiously on Mon, Jun 27, 2005 at 22:08 , Julian Elischer missed achieving immortality when he said: > So for reasons that i won't go into, I fin dmyself renumberring an entire > company. > howeve I have a particular problem I can't figure out how to fix. > I have a gateway/firewall machine running 4.x > it has 3 interfaces > fxp0 goes to the internal trusted network > fxp1 goes to the internet via a T1 via a cisco box, > but is shared with another section of the company. > the compant web service is advertised as coming from an address > that is on an address advertised as being on this T1. So are > other services. > fxp2 also goes to the intenet via a cisco box however nothing is using > it at the moment. > The one shared T1 is being flooded out by users behind this machine > much to the annoyance of the users on the other part of the company. > This is supposed to be their T1. > For reasons that are beyond the scope of this problem, the advertised > DNS addresses for teh services advertised, can not just be switched > to be via the other t1. > The network attached to fxp0 needs to be NAT'd to use the Internet > as it is using illegal numbers. > The challenge: > figure out a way so that all teh users on the network behind fxp0 > hcan use the internet using the T1 attached to the cisco off fxp1 > while all the advertised services (about 8 of them, few enough to > list by hand in rules etc.) which are also behind fxp0 but acccessed by > NAT'd addresses from the addresses on fxp1's net are accessed soly via that > T1. > [ internet ] > | | > T1 T1 > | | > [cisco] [cisco]--------[other part of company] > | | > [fxp1] [fxp2] > [ freebsd 4.x ] > [fxp0] > | > | > -----------------------illegal numbere'd net(s) (e.g. 192.168.x.x)----- > | | | > [server 1 ] [server 2] [lots of users] > > I can get the 'forward' direction easily.. i.e. incoming packets. > > It's the reverse direction that doesn't work for me. > I considerred running 2 NATDs > but I need to run ipfw to identify teh reverse streams to force back via > fxp2 > and the only way I can do that is by using the 'fwd' command. ... You didn't indicate the model of Cicso's but I've used both NAT and PAT in Cisco routers. I'm wondering if you did the NATing in the routers if this wouldn't help? Bill -- Bill Vermillion - bv @ wjv . com From owner-freebsd-net@FreeBSD.ORG Tue Jun 28 12:37:16 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5475316A41C for ; Tue, 28 Jun 2005 12:37:16 +0000 (GMT) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177]) by mx1.FreeBSD.org (Postfix) with ESMTP id CFD0F43D1D for ; Tue, 28 Jun 2005 12:37:15 +0000 (GMT) (envelope-from max@love2party.net) Received: from p54A3E06D.dip.t-dialin.net [84.163.224.109] (helo=donor.laier.local) by mrelayeu.kundenserver.de with ESMTP (Nemesis), id 0MKxQS-1DnFKz0htP-00036J; Tue, 28 Jun 2005 14:37:13 +0200 From: Max Laier To: freebsd-net@freebsd.org Date: Tue, 28 Jun 2005 14:37:05 +0200 User-Agent: KMail/1.8 References: <42C0DB3B.6000606@elischer.org> <200506281409.23885.max@love2party.net> <200506281415.36453.net@dino.sk> In-Reply-To: <200506281415.36453.net@dino.sk> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart4196071.KaRSGDIm1S"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200506281437.11835.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: Milan Obuch Subject: Re: Julian's netowrking challenge 2005 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2005 12:37:16 -0000 --nextPart4196071.KaRSGDIm1S Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 28 June 2005 14:15, Milan Obuch wrote: > On Tuesday 28 June 2005 14:09, Max Laier wrote: > ... > > > > > > > pf does something along these lines in case you are looking for > > > > > > references. > > > > > > > > > > Would it be possible to share this tag among pf and ipfw ? > > > > > > > > Sure, it's a simple mbuf tag with a (at this point) 16bit cookie.=20 > > > > The downside of this approach is that you need to malloc the tag, b= ut > > > > on the other hand it's even more complicated for set-nexthop where > > > > you need to allocate a route and maybe even hold it for some time a= nd > > > > make sure you properly GC it ... tags seem way simpler to me. > > > > > > Agreed. I am far from being networking code guru, so maybe this > > > question sounds stupid, but could not this cookie be allocated when > > > packet enters system? Maybe optionally... > > > > We could always extend the pkthdr to hold more information. An > > additional bitfield and maybe a 32Bit cookie might be useful, but there > > are tradoffs to consider: Dragonfly did extend the pkthdr to pack all > > the possible pf mbuf tags inside it. This adds 12 byte at the moment.= =20 > > As a consequence it decreases the datasize in presence of a pkthdr by 12 > > byte. With an MSIZE of 256 this means you can have 219 (32bit > > pointer/int) / 195 (64bit pointer/int) byte in a packet before you need > > to create an mbuf cluster. With FreeBSD (also using MSIZE of 256) this = is > > 231 / 207 - one has to carefully look at mean packet sizes to evaluate = if > > this is a tradeoff that is worth paying. Keep in mind that not everybody > > does packet filtering and might just need raw packet pushing performace > > (i.e. wants to avoid mbuf clusters for small packets at any cost). > > Well, that's why I said optionally. The question remains how this option > should be turned on. We need some evaluation on this option - now it is > just a guess. After some benchmarking on both approaches we could build an > educated guess :) The problem here is that this has to be a static thing (otherwise you need = an=20 additional malloc and your possible performance gain is lost). If you chan= ge=20 MSIZE or sizeof(struct pkthdr) on a kernel option, you will have to recompi= le=20 all network device drivers and everything else that touches mbufs. This wi= ll=20 effectively prevent the use of 3rd party drivers. So it has to be one size= =20 fits all, which is - most likely - the minimal version pkthdr and additiona= l=20 mallocs when needed. > > On the other hand a zone allocator for mbuf tags might be the right > > sollution here? > > [This space left for those understanding this issue at least a bit :)] See zone(9) for details. Basically we would have a cache of mbuf tags that= =20 get reused, thus taking of pressure off the rest of the memory management=20 system. Again we have to evaluate carefully if that is actually a=20 performance gain or hit - though I certainly suspect a gain. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart4196071.KaRSGDIm1S Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQBCwUR3XyyEoT62BG0RApT+AJ41UAdIIUbh4v6RsO37yzXmDhKq6wCfbwI1 AzqvdrBQ6RwhUSVkaV9Y9SQ= =pTEM -----END PGP SIGNATURE----- --nextPart4196071.KaRSGDIm1S-- From owner-freebsd-net@FreeBSD.ORG Tue Jun 28 16:16:16 2005 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D5B7216A41C for ; Tue, 28 Jun 2005 16:16:16 +0000 (GMT) (envelope-from andywhite@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.192]) by mx1.FreeBSD.org (Postfix) with ESMTP id 970C143D48 for ; Tue, 28 Jun 2005 16:16:16 +0000 (GMT) (envelope-from andywhite@gmail.com) Received: by zproxy.gmail.com with SMTP id p8so344303nzb for ; Tue, 28 Jun 2005 09:16:15 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=HQh8SBgd+cGCwEAYoKbTLYzxie+9mzxbVBjEVd793F0jUCANrX3owh6T/4KkykVtWXFbUzCFNa7ViiRbskzq38p6d+FjvqhmFvfIx07zzDffazn6PspfGrC3tzuIEkv46S6/TzzADuJri1qc9tpPrdMYjf2tZvzj6CuYeF75sgg= Received: by 10.36.222.29 with SMTP id u29mr5581782nzg; Tue, 28 Jun 2005 09:15:44 -0700 (PDT) Received: by 10.36.9.19 with HTTP; Tue, 28 Jun 2005 09:15:44 -0700 (PDT) Message-ID: Date: Tue, 28 Jun 2005 17:15:44 +0100 From: Andrew White To: Julian Elischer In-Reply-To: <42C0DB3B.6000606@elischer.org> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <42C0DB3B.6000606@elischer.org> Cc: net@freebsd.org Subject: Re: Julian's netowrking challenge 2005 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Andrew White List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2005 16:16:17 -0000 I got FreeBSD to load balance two ISPs in version 4 a while ago, using ipfw FWD rule, it had the same challenges that you are facing so try this out, the routing is done on probability to cause load balance, but you could do it on source ip http://lists.freebsd.org/pipermail/freebsd-ipfw/2003-August/000399.html I did modify rulesets after that post as there was some unneeded rules, but nothing major, the rules in the post work fine... I got a better CPU and the cpu issue went away... tks Andrew On 6/28/05, Julian Elischer wrote: >=20 > So for reasons that i won't go into, I fin dmyself renumberring an entire= company. > howeve I have a particular problem I can't figure out how to fix. >=20 > I have a gateway/firewall machine running 4.x >=20 > it has 3 interfaces >=20 > fxp0 goes to the internal trusted network > fxp1 goes to the internet via a T1 via a cisco box, > but is shared with another section of the company. > the compant web service is advertised as coming from an address > that is on an address advertised as being on this T1. So are > other services. >=20 > fxp2 also goes to the intenet via a cisco box however nothing is using > it at the moment. >=20 > The one shared T1 is being flooded out by users behind this machine > much to the annoyance of the users on the other part of the company. > This is supposed to be their T1. >=20 > For reasons that are beyond the scope of this problem, the advertised > DNS addresses for teh services advertised, can not just be switched > to be via the other t1. >=20 > The network attached to fxp0 needs to be NAT'd to use the Internet > as it is using illegal numbers. >=20 > The challenge: >=20 > figure out a way so that all teh users on the network behind fxp0 > hcan use the internet using the T1 attached to the cisco off fxp1 > while all the advertised services (about 8 of them, few enough to > list by hand in rules etc.) which are also behind fxp0 but acccessed by N= AT'd > addresses from the addresses on fxp1's net are accessed soly via that T1. >=20 >=20 > [ internet ] > | | > T1 T1 > | | > [cisco] [cisco]--------[other part of company] > | | > [fxp1] [fxp2] > [ freebsd 4.x ] > [fxp0] > | > | > -----------------------illegal numbere'd net(s) (e.g. 192.168.x.x)----- > | | | > [server 1 ] [server 2] [lots of users] >=20 > I can get the 'forward' direction easily.. i.e. incoming packets. >=20 > It's the reverse direction that doesn't work for me. > I considerred running 2 NATDs > but I need to run ipfw to identify teh reverse streams to force back via = fxp2 > and the only way I can do that is by using the 'fwd' command. > if I do that I can't divert them and if I divert them to natd first, I ca= n't > 'fwd' them afterwards as the NATing is already done for the other (wrong) > interface. >=20 > I almost want to add a > route add FROM Server 1 via [fxp2 cisco] which I've seen people request > but until now I've never understood why.. >=20 >=20 > for points: > it may be possible by making the bsd box actually 3 boxes > joined by a 10.x.x.x interface. dscribe how.. >=20 > Your friend with less and less hair.. >=20 > julian >=20 >=20 > I sort of need a routing table based > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Tue Jun 28 17:34:59 2005 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B491916A41C for ; Tue, 28 Jun 2005 17:34:59 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7DC5B43D4C for ; Tue, 28 Jun 2005 17:34:57 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id C777D5E45; Tue, 28 Jun 2005 13:34:56 -0400 (EDT) Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22508-03; Tue, 28 Jun 2005 13:34:47 -0400 (EDT) Received: from [192.168.1.3] (pool-68-161-54-113.ny325.east.verizon.net [68.161.54.113]) by pi.codefab.com (Postfix) with ESMTP id 7936F5C43; Tue, 28 Jun 2005 13:34:46 -0400 (EDT) Message-ID: <42C18A37.7060109@mac.com> Date: Tue, 28 Jun 2005 13:34:47 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jeremie Le Hen References: <42C0DB3B.6000606@elischer.org> <20050628074640.GY1283@obiwan.tataz.chchile.org> In-Reply-To: <20050628074640.GY1283@obiwan.tataz.chchile.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at codefab.com Cc: Julian Elischer , net@freebsd.org Subject: Re: Julian's netowrking challenge 2005 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2005 17:34:59 -0000 Jeremie Le Hen wrote: [ ... ] > PS: I'm seeing more and more requests about routing limitations in > FreeBSD everyday, such as lack of multiple routing tables support, lack > of source routing (as well as higher level protocol based routing). > Are there actually some projects that are being worked on to overcome > this ? Sure. You can use IPFW to forward packets out via any interface you please, based on any of the matching critera that IPFW's rulesets permit. You can also run BGP/EGP sessions, OSPF, or other advanced routing protocols via routing daemons like zebra/quagga/gated/whatever in the ports collection. [ Most people don't understand Internet routing very well, they don't understand subnetting or supernetting, they don't understand CIDR, and they encounter problems which arise because they don't know how to set up a network topology which is appropriate for the actual task they want to perform. ] For the current problem, if you've got two servers which offer services to the Internet, and have public IPs assigned to them, putting these boxes behind NAT is causing problems because the topology doesn't match what the machines are actually doing. Set up what E. Zwicky calls a "screened subnet architecture" by moving these boxes into a seperate DMZ subnet, set up a local route for the rest of the clients on the firewall which indicate that these boxes can be reached via fxp0 rather than fxp1, so that traffic from the clients on the LAN stays local rather than going out through one T1 and back in via the other. -- -Chuck From owner-freebsd-net@FreeBSD.ORG Tue Jun 28 18:14:53 2005 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5D67716A455; Tue, 28 Jun 2005 18:14:49 +0000 (GMT) (envelope-from jhb@FreeBSD.org) Received: from mv.twc.weather.com (mv.twc.weather.com [65.212.71.225]) by mx1.FreeBSD.org (Postfix) with ESMTP id D1E7943D4C; Tue, 28 Jun 2005 18:14:48 +0000 (GMT) (envelope-from jhb@FreeBSD.org) Received: from [10.50.41.231] (Not Verified[65.202.103.25]) by mv.twc.weather.com with NetIQ MailMarshal (v6, 0, 3, 8) id ; Tue, 28 Jun 2005 14:28:31 -0400 From: John Baldwin To: freebsd-net@FreeBSD.org User-Agent: KMail/1.8 MIME-Version: 1.0 Content-Disposition: inline Date: Tue, 28 Jun 2005 13:38:13 -0400 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200506281338.14511.jhb@FreeBSD.org> Cc: des@FreeBSD.org Subject: Bug in libfetch handling of FTP urls.. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2005 18:14:54 -0000 Ran into this at work. Suppose I am fetching a file over ftp for a user foo whose home dir is /home/foo' and I want to retrieve the 'bar/baz' file out of his home directory. According to my understanding of RFC 1378 (http://www.faqs.org/rfcs/rfc1738.html, specifically section 3.2.2), this URL should work: fetch ftp://foo@someserver/bar/baz However, we find that we have to specify the full path: fetch ftp://foo@someserver/home/foo/bar/baz It seems that fetch is including the '/' as part of the url-path and doing 'CWD /bar ; RETR baz' rather than treating it as a separator and doing 'CWD bar; RETR baz'. I verified this by doing 'fetch -vv' and seeing that it does one big CWD (instead of the multiple CWD's the RFC says should happen) and that it includes the leading '/' when it should not. Also, it seems that fetch ignores the ';type=X' optional part of the url-path and always uses TYPE I. -- John Baldwin <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve" = http://www.FreeBSD.org From owner-freebsd-net@FreeBSD.ORG Tue Jun 28 18:31:57 2005 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 10D4416A41C for ; Tue, 28 Jun 2005 18:31:57 +0000 (GMT) (envelope-from babolo@cicuta.babolo.ru) Received: from ints.mail.pike.ru (ints.mail.pike.ru [195.9.45.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0527543D1D for ; Tue, 28 Jun 2005 18:31:54 +0000 (GMT) (envelope-from babolo@cicuta.babolo.ru) Received: (qmail 75217 invoked from network); 28 Jun 2005 18:31:53 -0000 Received: from cicuta.babolo.ru (194.135.49.133) by ints.mail.pike.ru with SMTP; 28 Jun 2005 18:31:53 -0000 Received: (nullmailer pid 21182 invoked by uid 136); Tue, 28 Jun 2005 18:33:58 -0000 X-ELM-OSV: (Our standard violations) hdr-charset=KOI8-R; no-hdr-encoding=1 In-Reply-To: <20050628074640.GY1283@obiwan.tataz.chchile.org> To: Jeremie Le Hen Date: Tue, 28 Jun 2005 22:33:58 +0400 (MSD) From: .@babolo.ru X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Message-Id: <1119983638.984940.21181.nullmailer@cicuta.babolo.ru> Cc: Julian Elischer , net@freebsd.org Subject: Re: Julian's netowrking challenge 2005 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2005 18:31:57 -0000 > Hi Julian, > > > The challenge: > > > > figure out a way so that all teh users on the network behind fxp0 > > hcan use the internet using the T1 attached to the cisco off fxp1 > > while all the advertised services (about 8 of them, few enough to > > list by hand in rules etc.) which are also behind fxp0 but acccessed by > > NAT'd addresses from the addresses on fxp1's net are accessed soly via that > > T1. > > > > [...] > > > > I can get the 'forward' direction easily.. i.e. incoming packets. > > > > It's the reverse direction that doesn't work for me. > > I considerred running 2 NATDs > > but I need to run ipfw to identify teh reverse streams to force back via > > fxp2 > > and the only way I can do that is by using the 'fwd' command. > > if I do that I can't divert them and if I divert them to natd first, I can't > > 'fwd' them afterwards as the NATing is already done for the other (wrong) > > interface. > > You definitely want a non-terminal "fwd" command. > Ari Suutari has just implemented the "setnexthop" action that does the > trick, ... or non-terminal "divert" command. net.inet.ip.fw.one_pass=1 natd -i PORTI1 -o PORTO1 -a NAT1ADDR natd -i PORTI2 -o PORTO2 -a NAT2ADDR divert PORTO1 ip from server to any out fxp1 divert PORTO1 ip from server2 to any out fxp1 ... fwd ... ip from NAT1ADDR to any out fxp1 divert PORTO2 ip from 192.168... to any out fxp1 From owner-freebsd-net@FreeBSD.ORG Tue Jun 28 18:40:18 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A824516A41C for ; Tue, 28 Jun 2005 18:40:18 +0000 (GMT) (envelope-from julian@elischer.org) Received: from postoffice.vicor-nb.com (www.vicor.com [12.155.182.151]) by mx1.FreeBSD.org (Postfix) with ESMTP id 713B643D1D for ; Tue, 28 Jun 2005 18:40:18 +0000 (GMT) (envelope-from julian@elischer.org) Received: from localhost (localhost [127.0.0.1]) by postoffice.vicor-nb.com (Postfix) with ESMTP id 171EC4CE9CD; Tue, 28 Jun 2005 11:40:18 -0700 (PDT) Received: from postoffice.vicor-nb.com ([127.0.0.1]) by localhost (postoffice.vicor-nb.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 59306-01; Tue, 28 Jun 2005 11:40:17 -0700 (PDT) Received: from bigwoop.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by postoffice.vicor-nb.com (Postfix) with ESMTP id 7CD634CE9CC; Tue, 28 Jun 2005 11:40:17 -0700 (PDT) Received: from [208.206.78.97] (julian.vicor-nb.com [208.206.78.97]) by bigwoop.vicor-nb.com (Postfix) with ESMTP id 36F747A403; Tue, 28 Jun 2005 11:40:17 -0700 (PDT) Message-ID: <42C199C0.1040704@elischer.org> Date: Tue, 28 Jun 2005 11:41:04 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050423 X-Accept-Language: en, hu MIME-Version: 1.0 To: Jeremie Le Hen References: <42C0DB3B.6000606@elischer.org> <20050628074640.GY1283@obiwan.tataz.chchile.org> <200506281139.17582.net@dino.sk> <200506281147.13299.max@love2party.net> <20050628102728.GZ1283@obiwan.tataz.chchile.org> In-Reply-To: <20050628102728.GZ1283@obiwan.tataz.chchile.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at postoffice.vicor.com Cc: Max Laier , Milan Obuch , freebsd-net@freebsd.org Subject: Re: Julian's netowrking challenge 2005 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2005 18:40:18 -0000 Jeremie Le Hen wrote: >>Wouldn't a more general approach be better. e.g. a way to "tag" a packet >>before it is sent to divert and a matching tag-lookup that can do further >>action. This would make it very easy to do all kinds of stuff that needs to >>know the original address instead of the translated one while avoiding code >>duplication. >> >> > >Having the possibility to tag a packet would be worth indeed. But I >think that Milan wants to bring network stack virtualization in >newer release of FreeBSD IIUC. This would be, IMO, a great improvement >of FreeBSD networking, although I'm pretty sure this would make Netgraph >people react a bit ;-). > > why? I think they are orthogonal. > > >>pf does something along these lines in case you are looking for references. >> >> > >Would it be possible to share this tag among pf and ipfw ? > >Regards, > > From owner-freebsd-net@FreeBSD.ORG Tue Jun 28 19:04:40 2005 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 14DDA16A41C for ; Tue, 28 Jun 2005 19:04:40 +0000 (GMT) (envelope-from julian@elischer.org) Received: from postoffice.vicor-nb.com (www.vicor.com [12.155.182.151]) by mx1.FreeBSD.org (Postfix) with ESMTP id D92D243D55 for ; Tue, 28 Jun 2005 19:04:37 +0000 (GMT) (envelope-from julian@elischer.org) Received: from localhost (localhost [127.0.0.1]) by postoffice.vicor-nb.com (Postfix) with ESMTP id A45CB4CE945; Tue, 28 Jun 2005 12:04:37 -0700 (PDT) Received: from postoffice.vicor-nb.com ([127.0.0.1]) by localhost (postoffice.vicor-nb.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 60119-09; Tue, 28 Jun 2005 12:04:37 -0700 (PDT) Received: from bigwoop.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by postoffice.vicor-nb.com (Postfix) with ESMTP id 451B04CE965; Tue, 28 Jun 2005 12:04:37 -0700 (PDT) Received: from [208.206.78.97] (julian.vicor-nb.com [208.206.78.97]) by bigwoop.vicor-nb.com (Postfix) with ESMTP id 012ED7A403; Tue, 28 Jun 2005 12:04:36 -0700 (PDT) Message-ID: <42C19F74.9000900@elischer.org> Date: Tue, 28 Jun 2005 12:05:24 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050423 X-Accept-Language: en, hu MIME-Version: 1.0 To: bv@wjv.com References: <42C0DB3B.6000606@elischer.org> <20050628122343.GA67724@wjv.com> In-Reply-To: <20050628122343.GA67724@wjv.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at postoffice.vicor.com Cc: net@freebsd.org Subject: Re: Julian's netowrking challenge 2005 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2005 19:04:40 -0000 Bill Vermillion wrote: > >... > >You didn't indicate the model of Cicso's but I've used both >NAT and PAT in Cisco routers. > >I'm wondering if you did the NATing in the routers if this wouldn't >help? > > we don't control one of the ciscos.. so we have to do the NATing. >Bill > > > From owner-freebsd-net@FreeBSD.ORG Tue Jun 28 19:15:34 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F3C716A41C for ; Tue, 28 Jun 2005 19:15:34 +0000 (GMT) (envelope-from julian@elischer.org) Received: from postoffice.vicor-nb.com (www.vicor.com [12.155.182.151]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3677C43D49 for ; Tue, 28 Jun 2005 19:15:34 +0000 (GMT) (envelope-from julian@elischer.org) Received: from localhost (localhost [127.0.0.1]) by postoffice.vicor-nb.com (Postfix) with ESMTP id E186A4CE931; Tue, 28 Jun 2005 12:15:33 -0700 (PDT) Received: from postoffice.vicor-nb.com ([127.0.0.1]) by localhost (postoffice.vicor-nb.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 60594-09; Tue, 28 Jun 2005 12:15:33 -0700 (PDT) Received: from bigwoop.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by postoffice.vicor-nb.com (Postfix) with ESMTP id 5433C4CE918; Tue, 28 Jun 2005 12:15:33 -0700 (PDT) Received: from [208.206.78.97] (julian.vicor-nb.com [208.206.78.97]) by bigwoop.vicor-nb.com (Postfix) with ESMTP id 0AF8F7A403; Tue, 28 Jun 2005 12:15:33 -0700 (PDT) Message-ID: <42C1A204.1040504@elischer.org> Date: Tue, 28 Jun 2005 12:16:20 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050423 X-Accept-Language: en, hu MIME-Version: 1.0 To: Max Laier References: <42C0DB3B.6000606@elischer.org> <200506281409.23885.max@love2party.net> <200506281415.36453.net@dino.sk> <200506281437.11835.max@love2party.net> In-Reply-To: <200506281437.11835.max@love2party.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at postoffice.vicor.com Cc: freebsd-net@freebsd.org, Milan Obuch Subject: Re: Julian's netowrking challenge 2005 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2005 19:15:34 -0000 Max Laier wrote: >On Tuesday 28 June 2005 14:15, Milan Obuch wrote: > > > >The problem here is that this has to be a static thing (otherwise you need an >additional malloc and your possible performance gain is lost). If you change >MSIZE or sizeof(struct pkthdr) on a kernel option, you will have to recompile >all network device drivers and everything else that touches mbufs. This will >effectively prevent the use of 3rd party drivers. So it has to be one size >fits all, which is - most likely - the minimal version pkthdr and additional >mallocs when needed. > > > We already chaned the mbuf from 128 to 256 bytes a while ago, so having more in the header is not necessarily a bad thing.. it generally wasn't a problem when it was only capable of holding 100 or so bytes of data. Even with an expanded header we are still talking of holding up to 200 or so bytes of data in the mbuf. I'd like to propose an expandable format for mbufs... Pitty I'm about 25 years too late. [header1][total headerlength] [offset to first tag] [more header info] m_data-------\ [tag1] [tag1 len] | [tag1 data] | [tag2] [tag2 len] | [tag2 data] | [end of header] | ... | packet data <-------------------/ ... [end of mbuf >>>On the other hand a zone allocator for mbuf tags might be the right >>>sollution here? >>> >>> >> >> > >See zone(9) for details. Basically we would have a cache of mbuf tags that >get reused, thus taking of pressure off the rest of the memory management >system. Again we have to evaluate carefully if that is actually a >performance gain or hit - though I certainly suspect a gain. > > but tags can be variable length. From owner-freebsd-net@FreeBSD.ORG Tue Jun 28 19:28:06 2005 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0D44916A41C for ; Tue, 28 Jun 2005 19:28:06 +0000 (GMT) (envelope-from julian@elischer.org) Received: from postoffice.vicor-nb.com (www.vicor.com [12.155.182.151]) by mx1.FreeBSD.org (Postfix) with ESMTP id C545143D53 for ; Tue, 28 Jun 2005 19:28:05 +0000 (GMT) (envelope-from julian@elischer.org) Received: from localhost (localhost [127.0.0.1]) by postoffice.vicor-nb.com (Postfix) with ESMTP id 568B64CE931; Tue, 28 Jun 2005 12:28:05 -0700 (PDT) Received: from postoffice.vicor-nb.com ([127.0.0.1]) by localhost (postoffice.vicor-nb.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 61193-10; Tue, 28 Jun 2005 12:28:04 -0700 (PDT) Received: from bigwoop.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by postoffice.vicor-nb.com (Postfix) with ESMTP id B225D4CE918; Tue, 28 Jun 2005 12:28:04 -0700 (PDT) Received: from [208.206.78.97] (julian.vicor-nb.com [208.206.78.97]) by bigwoop.vicor-nb.com (Postfix) with ESMTP id 44E887A403; Tue, 28 Jun 2005 12:28:04 -0700 (PDT) Message-ID: <42C1A4F3.2010403@elischer.org> Date: Tue, 28 Jun 2005 12:28:51 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050423 X-Accept-Language: en, hu MIME-Version: 1.0 To: Chuck Swiger References: <42C0DB3B.6000606@elischer.org> <20050628074640.GY1283@obiwan.tataz.chchile.org> <42C18A37.7060109@mac.com> In-Reply-To: <42C18A37.7060109@mac.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at postoffice.vicor.com Cc: Jeremie Le Hen , net@freebsd.org Subject: Re: Julian's netowrking challenge 2005 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2005 19:28:06 -0000 Chuck Swiger wrote: > Jeremie Le Hen wrote: > [ ... ] > >> PS: I'm seeing more and more requests about routing limitations in >> FreeBSD everyday, such as lack of multiple routing tables support, lack >> of source routing (as well as higher level protocol based routing). >> Are there actually some projects that are being worked on to overcome >> this ? > > > Sure. You can use IPFW to forward packets out via any interface you > please, based on any of the matching critera that IPFW's rulesets > permit. You can also run BGP/EGP sessions, OSPF, or other advanced > routing protocols via routing daemons like zebra/quagga/gated/whatever > in the ports collection. > > [ Most people don't understand Internet routing very well, they don't > understand subnetting or supernetting, they don't understand CIDR, and > they encounter problems which arise because they don't know how to set > up a network topology which is appropriate for the actual task they > want to perform. ] > > For the current problem, if you've got two servers which offer > services to the Internet, and have public IPs assigned to them, > putting these boxes behind NAT is causing problems because the > topology doesn't match what the machines are actually doing. Well of course! however the topology WAS ok before all the IPS got reassigned to soemone else.. (don't ask). I'm trying to simulate a production environment with what I have on had, which is a handful of IP addresses. All while not stopping production or making changes that will be a bigger pain when the new IPs arrive. > Set up what E. Zwicky calls a "screened subnet architecture" by moving > these boxes into a seperate DMZ subnet, set up a local route for the > rest of the clients on the firewall which indicate that these boxes > can be reached via fxp0 rather than fxp1, so that traffic from the > clients on the LAN stays local rather than going out through one T1 > and back in via the other. doesn't really solve the problem I'm having butthanks for taking the trouble to think about it. From owner-freebsd-net@FreeBSD.ORG Wed Jun 29 05:35:39 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 55A9316A422 for ; Wed, 29 Jun 2005 05:35:39 +0000 (GMT) (envelope-from ari@suutari.iki.fi) Received: from espresso2.syncrontech.com (sync-old.syncrontech.com [213.28.98.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id A665A43D53 for ; Wed, 29 Jun 2005 05:35:35 +0000 (GMT) (envelope-from ari@suutari.iki.fi) Received: from guinness.syncrontech.com (guinness.syncrontech.com [62.71.8.57]) by espresso2.syncrontech.com (8.12.11/8.12.11) with ESMTP id j5T5ZVV0030600; Wed, 29 Jun 2005 08:35:31 +0300 (EEST) (envelope-from ari@suutari.iki.fi) Received: from [62.71.8.37] (coffee.syncrontech.com [62.71.8.37]) by guinness.syncrontech.com (8.12.11/8.12.11) with ESMTP id j5T5ZPV9089419; Wed, 29 Jun 2005 08:35:25 +0300 (EEST) (envelope-from ari@suutari.iki.fi) Message-ID: <42C23317.8070000@suutari.iki.fi> Date: Wed, 29 Jun 2005 08:35:19 +0300 From: Ari Suutari User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Luigi Rizzo References: <42B7B352.8040806@suutari.iki.fi> <42BA6A22.6030506@suutari.iki.fi> <20050623010618.B7580@xorpc.icir.org> <42BA8CA0.3070501@suutari.iki.fi> <20050623033028.A18762@xorpc.icir.org> In-Reply-To: <20050623033028.A18762@xorpc.icir.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2005 05:35:39 -0000 Hi, Luigi Rizzo wrote: > ok. > Seen the patch, looks good. It's always nice to see how easy it is to > add new options to ipfw2 :) Patch has been filed as PR# 82724. I'm putting it to production machines today. Ari S. From owner-freebsd-net@FreeBSD.ORG Wed Jun 29 05:40:54 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0C09D16A41C for ; Wed, 29 Jun 2005 05:40:54 +0000 (GMT) (envelope-from cnugoud@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4A80C43D55 for ; Wed, 29 Jun 2005 05:40:51 +0000 (GMT) (envelope-from cnugoud@gmail.com) Received: by wproxy.gmail.com with SMTP id i21so734033wra for ; Tue, 28 Jun 2005 22:40:50 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=sGXppkzyJjLbn3iX1yadXGUPuVQrQs3ZELilwuRf18xEgLfHZEHweo+HqJtMeiunUAkFT2PN7c95xbFMwtiJe6DfvKxbSYfnXdM37SiQw+/2yUgRN5snq7tOWE7u3Wm10dUPV+6Cx3Mtfex+PrbgTjl/W+aMSlddzlXADJ4GcZg= Received: by 10.54.143.4 with SMTP id q4mr38879wrd; Tue, 28 Jun 2005 22:40:50 -0700 (PDT) Received: by 10.54.101.15 with HTTP; Tue, 28 Jun 2005 22:40:50 -0700 (PDT) Message-ID: Date: Wed, 29 Jun 2005 11:10:50 +0530 From: Srinivas Goud To: freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Subject: IPv6 Extension Headers X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Srinivas Goud List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2005 05:40:54 -0000 Hello All,=20 I am new bee to this group. =20 I am working on IPv6 Extension headers. I am confused with freeBSD implementation and RFC2460 specification for Destination options. My interpretation from RFC2460 is that, If a packet consists of hop-by-hop and destination extension headers, destination header should be inserted inside AH. i.e., hop + AH + dst. But freeBSD implementation is the other way, i.e., hop + dst + AH. which is the correct way of implementation according to RFC2460? Please let me know, if my interpretation is wrong. Also, let me know AH insertion place in the following cases. 1. hop + dst=20 2. hop + dst + route 3. hop + dst + route + dst 4. hop + dst + dst 5. hop + dst + dst + route + route 6. hop + dst + dst + route + route + dst + dst 7. hop + dst + dst + route + dst + route + dst + dst Any help/suggestion is greatly appreciated. Thanks, Srinivas. --=20 Srinivas Goud "Everything is Nicer when shared with a Friend" From owner-freebsd-net@FreeBSD.ORG Wed Jun 29 05:47:59 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1444716A41C for ; Wed, 29 Jun 2005 05:47:59 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id BB36143D48 for ; Wed, 29 Jun 2005 05:47:58 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id j5T5lwrA021321; Tue, 28 Jun 2005 22:47:58 -0700 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id j5T5lw36021319; Tue, 28 Jun 2005 22:47:58 -0700 Date: Tue, 28 Jun 2005 22:47:58 -0700 From: Brooks Davis To: Srinivas Goud Message-ID: <20050629054758.GA20421@odin.ac.hmc.edu> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="9amGYk9869ThD9tj" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu Cc: freebsd-net@freebsd.org Subject: Re: IPv6 Extension Headers X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2005 05:47:59 -0000 --9amGYk9869ThD9tj Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 29, 2005 at 11:10:50AM +0530, Srinivas Goud wrote: > Hello All,=20 > I am new bee to this group. =20 > I am working on IPv6 Extension headers. I am confused with freeBSD > implementation and RFC2460 specification for Destination options. >=20 > My interpretation from RFC2460 is that, If a packet consists of > hop-by-hop and destination extension headers, destination header > should be inserted inside AH. > i.e., hop + AH + dst. >=20 > But freeBSD implementation is the other way, > i.e., hop + dst + AH. >=20 > which is the correct way of implementation according to RFC2460? Please > let me know, if my interpretation is wrong. >=20 > Also, let me know AH insertion place in the following cases. > 1. hop + dst=20 > 2. hop + dst + route > 3. hop + dst + route + dst > 4. hop + dst + dst > 5. hop + dst + dst + route + route > 6. hop + dst + dst + route + route + dst + dst > 7. hop + dst + dst + route + dst + route + dst + dst >=20 > Any help/suggestion is greatly appreciated. The FreeBSD IPv6 implementation largly provided by the KAME project (www.kame.net), you might have better luck addressing your question to them. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --9amGYk9869ThD9tj Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCwjYNXY6L6fI4GtQRApXsAJ9wOOqakBVPWaWYqrsgm1jmxCl0agCg3FG2 5PGXHR+XFePhNjTZFbxRGJQ= =yplM -----END PGP SIGNATURE----- --9amGYk9869ThD9tj-- From owner-freebsd-net@FreeBSD.ORG Wed Jun 29 06:46:23 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2847316A433 for ; Wed, 29 Jun 2005 06:46:23 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from postfix3-2.free.fr (postfix3-2.free.fr [213.228.0.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id DF82D43D1D for ; Wed, 29 Jun 2005 06:46:20 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by postfix3-2.free.fr (Postfix) with ESMTP id 48C22C0D4; Wed, 29 Jun 2005 08:46:19 +0200 (CEST) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id 22807405B; Wed, 29 Jun 2005 08:46:30 +0200 (CEST) Date: Wed, 29 Jun 2005 08:46:30 +0200 From: Jeremie Le Hen To: Julian Elischer Message-ID: <20050629064630.GA48704@obiwan.tataz.chchile.org> References: <42C0DB3B.6000606@elischer.org> <20050628074640.GY1283@obiwan.tataz.chchile.org> <200506281139.17582.net@dino.sk> <200506281147.13299.max@love2party.net> <20050628102728.GZ1283@obiwan.tataz.chchile.org> <42C199C0.1040704@elischer.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42C199C0.1040704@elischer.org> User-Agent: Mutt/1.5.9i Cc: freebsd-net@freebsd.org, Milan Obuch , Jeremie Le Hen Subject: Re: Julian's netowrking challenge 2005 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2005 06:46:23 -0000 > >Having the possibility to tag a packet would be worth indeed. But I > >think that Milan wants to bring network stack virtualization in > >newer release of FreeBSD IIUC. This would be, IMO, a great improvement > >of FreeBSD networking, although I'm pretty sure this would make Netgraph > >people react a bit ;-). > > why? > I think they are orthogonal. I was just kidding, because new features sometimes trigger a netgraph praise saying it is already possible with this framework. But this worthless. -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > From owner-freebsd-net@FreeBSD.ORG Wed Jun 29 08:04:03 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5236316A41C for ; Wed, 29 Jun 2005 08:04:03 +0000 (GMT) (envelope-from dnr@freemail.lt) Received: from relay.erdves.lt (relay.erdves.lt [217.9.240.106]) by mx1.FreeBSD.org (Postfix) with ESMTP id 138BC43D1D for ; Wed, 29 Jun 2005 08:04:02 +0000 (GMT) (envelope-from dnr@freemail.lt) Received: from donatas (p2p-241-242-ird.vln0.lrtc.net [217.9.241.242]) by relay.erdves.lt (Postfix) with ESMTP id 08B79598584 for ; Wed, 29 Jun 2005 11:04:10 +0300 (EEST) Message-ID: <03ce01c57c81$1b980460$9f90a8c0@DONATAS> From: "dnr" To: Date: Wed, 29 Jun 2005 11:04:00 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-4" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Subject: ipfw2 question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2005 08:04:03 -0000 hello, i'm solving such a problem: router with 3 eth i-faces: em0(vlan10) (vlan1000)fxp0 em1(vlan11) I need to split traffic into two pipes pipe1 from vlan10 to vlan1000 pipe2 from vlan11 to vlan1000 fxp side supplys traffic to many different subnets em0 is trunk to the world networks em1 is trunk to the national networks so I cannot write these rules in IP level.... doing it in the following way doesn't works... ipfw add pipe1 pass all from any to any via vlan10 in recv vlan1000 ipfw add pipe1 pass all from any to any via vlan10 out xmit vlan1000 From owner-freebsd-net@FreeBSD.ORG Wed Jun 29 08:51:08 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7FFEB16A41C for ; Wed, 29 Jun 2005 08:51:08 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from postfix4-1.free.fr (postfix4-1.free.fr [213.228.0.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 254F643D49 for ; Wed, 29 Jun 2005 08:51:07 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by postfix4-1.free.fr (Postfix) with ESMTP id 1C4BD31812D; Wed, 29 Jun 2005 10:51:05 +0200 (CEST) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id 836D1405B; Wed, 29 Jun 2005 10:51:18 +0200 (CEST) Date: Wed, 29 Jun 2005 10:51:18 +0200 From: Jeremie Le Hen To: Julian Elischer Message-ID: <20050629085118.GD48704@obiwan.tataz.chchile.org> References: <42C0DB3B.6000606@elischer.org> <200506281409.23885.max@love2party.net> <200506281415.36453.net@dino.sk> <200506281437.11835.max@love2party.net> <42C1A204.1040504@elischer.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42C1A204.1040504@elischer.org> User-Agent: Mutt/1.5.9i Cc: Max Laier , Milan Obuch , freebsd-net@freebsd.org Subject: Re: Julian's netowrking challenge 2005 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2005 08:51:08 -0000 Hi Julian, > We already chaned the mbuf from 128 to 256 bytes a while ago, so having > more in the > header is not necessarily a bad thing.. it generally wasn't a problem > when it was only > capable of holding 100 or so bytes of data. Even with an expanded header > we are still > talking of holding up to 200 or so bytes of data in the mbuf. > > I'd like to propose an expandable format for mbufs... > Pitty I'm about 25 years too late. > > [header1][total headerlength] > [offset to first tag] > [more header info] m_data-------\ > [tag1] [tag1 len] | > [tag1 data] | > [tag2] [tag2 len] | > [tag2 data] | > [end of header] | > ... | > packet data <-------------------/ > ... > [end of mbuf] I think I understand what you are proposing here, but what do you have in mind that would require such a system ? If there is no really good reason, I think it is wise to keep it simple. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > From owner-freebsd-net@FreeBSD.ORG Wed Jun 29 12:19:34 2005 Return-Path: X-Original-To: freebsd-net@hub.freebsd.org Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2093A16A41C; Wed, 29 Jun 2005 12:19:34 +0000 (GMT) (envelope-from arved@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id ECF1243D1F; Wed, 29 Jun 2005 12:19:33 +0000 (GMT) (envelope-from arved@FreeBSD.org) Received: from freefall.freebsd.org (arved@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j5TCJXcX036861; Wed, 29 Jun 2005 12:19:33 GMT (envelope-from arved@freefall.freebsd.org) Received: (from arved@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j5TCJXbX036857; Wed, 29 Jun 2005 12:19:33 GMT (envelope-from arved) Date: Wed, 29 Jun 2005 12:19:33 GMT From: Tilman Linneweh Message-Id: <200506291219.j5TCJXbX036857@freefall.freebsd.org> To: arved@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-net@FreeBSD.org Cc: Subject: Re: kern/82470: FreeBSD advertises wrong window scale in some situations X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2005 12:19:34 -0000 Synopsis: FreeBSD advertises wrong window scale in some situations Responsible-Changed-From-To: freebsd-bugs->freebsd-net Responsible-Changed-By: arved Responsible-Changed-When: Wed Jun 29 12:18:53 GMT 2005 Responsible-Changed-Why: over to Networking experts http://www.freebsd.org/cgi/query-pr.cgi?pr=82470 From owner-freebsd-net@FreeBSD.ORG Wed Jun 29 22:34:31 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8DD5316A41C for ; Wed, 29 Jun 2005 22:34:31 +0000 (GMT) (envelope-from babolo@cicuta.babolo.ru) Received: from ints.mail.pike.ru (ints.mail.pike.ru [195.9.45.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id B683443D53 for ; Wed, 29 Jun 2005 22:34:30 +0000 (GMT) (envelope-from babolo@cicuta.babolo.ru) Received: (qmail 88371 invoked from network); 29 Jun 2005 22:34:28 -0000 Received: from cicuta.babolo.ru (194.135.49.133) by ints.mail.pike.ru with SMTP; 29 Jun 2005 22:34:28 -0000 Received: (nullmailer pid 23456 invoked by uid 136); Wed, 29 Jun 2005 22:36:39 -0000 X-ELM-OSV: (Our standard violations) hdr-charset=KOI8-R; no-hdr-encoding=1 In-Reply-To: <03ce01c57c81$1b980460$9f90a8c0@DONATAS> To: dnr Date: Thu, 30 Jun 2005 02:36:39 +0400 (MSD) From: .@babolo.ru X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Message-Id: <1120084599.354789.23455.nullmailer@cicuta.babolo.ru> Cc: freebsd-net@freebsd.org Subject: Re: ipfw2 question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2005 22:34:31 -0000 [ Charset ISO-8859-4 unsupported, converting... ] > hello, > i'm solving such a problem: > router with 3 eth i-faces: > > em0(vlan10) > (vlan1000)fxp0 > em1(vlan11) > > I need to split traffic into two pipes > pipe1 from vlan10 to vlan1000 > pipe2 from vlan11 to vlan1000 > > fxp side supplys traffic to many different subnets > em0 is trunk to the world networks > em1 is trunk to the national networks > so I cannot write these rules in IP level.... > > doing it in the following way doesn't works... > ipfw add pipe1 pass all from any to any via vlan10 in recv vlan1000 > ipfw add pipe1 pass all from any to any via vlan10 out xmit vlan1000 ipfw add pipe 1 ip from any to any out recv vlan10 xmit vlan1000 ipfw add pipe 2 ip from any to any out recv vlan11 xmit vlan1000 or may be better (not exact your ask) ipfw add pipe 1 ip from any to any in recv vlan10 ipfw add pipe 2 ip from any to any in recv vlan11 From owner-freebsd-net@FreeBSD.ORG Thu Jun 30 07:44:07 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C4B216A41C for ; Thu, 30 Jun 2005 07:44:07 +0000 (GMT) (envelope-from arusan@gmx.net) Received: from mail.gmx.net (mail.gmx.de [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id C9AB643D48 for ; Thu, 30 Jun 2005 07:44:06 +0000 (GMT) (envelope-from arusan@gmx.net) Received: (qmail invoked by alias); 30 Jun 2005 07:44:04 -0000 Received: from unknown (EHLO maximus) [85.186.64.88] by mail.gmx.net (mp005) with SMTP; 30 Jun 2005 09:44:04 +0200 X-Authenticated: #7967892 Message-ID: <002101c57d47$86285f70$6400a8c0@maximus> From: "ANdrei" To: Date: Thu, 30 Jun 2005 10:44:17 +0300 Organization: Intellicon MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2527 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 X-Y-GMX-Trusted: 0 Subject: working 11g adapter pci X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jun 2005 07:44:07 -0000 have rebuild world yesterday and got my TrendNet TEW-423PI 802.11g PCI Adapter to work. performs flawlessly, from what I can tell from the testing until now. Based on TI ACX111, using the ndisulator. If there is some list I can add it to so that others know it's reported working, could you please let me know? As some other adapters that use the acx111 (like D-Link 520+ I also own) have problems with FreeBSD... please CC me on answers, as I am not subscribed to this list. tks, ANdrei --- The problem with our world is stupidity. I'm not saying there should be a capital punishment for stupidity, but why don't we just take the safety labels off of everything and let the problem solve itself? From owner-freebsd-net@FreeBSD.ORG Thu Jun 30 08:38:32 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4E79316A41F for ; Thu, 30 Jun 2005 08:38:32 +0000 (GMT) (envelope-from dnr@freemail.lt) Received: from relay.erdves.lt (relay.erdves.lt [217.9.240.106]) by mx1.FreeBSD.org (Postfix) with ESMTP id E176F43D4C for ; Thu, 30 Jun 2005 08:38:31 +0000 (GMT) (envelope-from dnr@freemail.lt) Received: from donatas (p2p-241-242-ird.vln0.lrtc.net [217.9.241.242]) by relay.erdves.lt (Postfix) with ESMTP id 8C2FB598577; Thu, 30 Jun 2005 11:38:37 +0300 (EEST) Message-ID: <068101c57d4f$15a4d6e0$9f90a8c0@DONATAS> From: "dnr" To: <.@babolo.ru> References: <1120084599.354789.23455.nullmailer@cicuta.babolo.ru> Date: Thu, 30 Jun 2005 11:38:26 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Cc: freebsd-net@freebsd.org Subject: Re: ipfw2 question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jun 2005 08:38:32 -0000 sad, but ipfw add pipe 1 ip from any to any out recv vlan10 xmit vlan1000 ipfw add pipe 2 ip from any to any out recv vlan11 xmit vlan1000 doesn't seems to work :( i've noticed if in one ipfw rule i describe directions on two interfaces = - rule doesn't work... example: simplified test machine: remote icmp 8--------fxp0[vlan10]---rl0----------remote icmp2 "log ip from any to any" shows: accept icmp:8.0 10.10.10.2 192.168.144.254 in via vlan10 accept icmp:8.0 10.10.10.2 192.168.144.254 out via rl0 accept icmp:2.0 192.168.144.254 10.10.10.2 in via rl0 accept icmp:2.0 192.168.144.254 10.10.10.2 out via vlan10 so, 2 rules should be enough ipfw add pass all from any to any in via vlan10 out via rl0 ipfw add pass all from any to any in via rl0 out via vlan10 packets do not pass through these rules... of course "via" can be changed to "recv" or "xmit" accordingly, but i = don't think i makes any sense for creating a pipe between vlan10 and rl0 i cannot base on something = working like: ipfw add pipe 1 all from any to any via vlan10, because it is not = suitable in my case... >[ Charset ISO-8859-4 unsupported, converting... ] >> hello, >> i'm solving such a problem: >> router with 3 eth i-faces: >>=20 >> em0(vlan10) >> (vlan1000)fxp0 >> em1(vlan11) >>=20 >> I need to split traffic into two pipes >> pipe1 from vlan10 to vlan1000 >> pipe2 from vlan11 to vlan1000 >>=20 >> fxp side supplys traffic to many different subnets >> em0 is trunk to the world networks >> em1 is trunk to the national networks >> so I cannot write these rules in IP level.... >>=20 >> doing it in the following way doesn't works... >> ipfw add pipe1 pass all from any to any via vlan10 in recv vlan1000 >> ipfw add pipe1 pass all from any to any via vlan10 out xmit vlan1000 > ipfw add pipe 1 ip from any to any out recv vlan10 xmit vlan1000 > ipfw add pipe 2 ip from any to any out recv vlan11 xmit vlan1000 >=20 > or may be better (not exact your ask) >=20 > ipfw add pipe 1 ip from any to any in recv vlan10 > ipfw add pipe 2 ip from any to any in recv vlan11 >=20 > From owner-freebsd-net@FreeBSD.ORG Fri Jul 1 03:38:05 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 95E4516A41C for ; Fri, 1 Jul 2005 03:38:05 +0000 (GMT) (envelope-from smithi@nimnet.asn.au) Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143]) by mx1.FreeBSD.org (Postfix) with ESMTP id 34FC643D1D for ; Fri, 1 Jul 2005 03:38:03 +0000 (GMT) (envelope-from smithi@nimnet.asn.au) Received: from localhost (smithi@localhost) by gaia.nimnet.asn.au (8.8.8/8.8.8R1.4) with SMTP id NAA08975; Fri, 1 Jul 2005 13:37:45 +1000 (EST) (envelope-from smithi@nimnet.asn.au) Date: Fri, 1 Jul 2005 13:37:44 +1000 (EST) From: Ian Smith To: dnr In-Reply-To: <068101c57d4f$15a4d6e0$9f90a8c0@DONATAS> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-net@freebsd.org Subject: Re: ipfw2 question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jul 2005 03:38:05 -0000 On Thu, 30 Jun 2005, dnr wrote: > sad, but > ipfw add pipe 1 ip from any to any out recv vlan10 xmit vlan1000 > ipfw add pipe 2 ip from any to any out recv vlan11 xmit vlan1000 > doesn't seems to work :( > > i've noticed if in one ipfw rule i describe directions on two interfaces - rule doesn't work... > example: > simplified test machine: > remote icmp 8--------fxp0[vlan10]---rl0----------remote icmp2 > > "log ip from any to any" shows: > accept icmp:8.0 10.10.10.2 192.168.144.254 in via vlan10 > accept icmp:8.0 10.10.10.2 192.168.144.254 out via rl0 > accept icmp:2.0 192.168.144.254 10.10.10.2 in via rl0 > accept icmp:2.0 192.168.144.254 10.10.10.2 out via vlan10 > > > so, 2 rules should be enough > ipfw add pass all from any to any in via vlan10 out via rl0 > ipfw add pass all from any to any in via rl0 out via vlan10 > packets do not pass through these rules... > of course "via" can be changed to "recv" or "xmit" accordingly, but i don't think i makes any sense ipfw(8): The via keyword causes the interface to always be checked. If recv or xmit is used instead of via, then only the receive or transmit interface (respectively) is checked. By specifying both, it is possible to match packets based on both receive and transmit interface, e.g.: ipfw add 100 deny ip from any to any out recv ed0 xmit ed1 The recv interface can be tested on either incoming or outgoing packets, while the xmit interface can only be tested on outgoing packets. So out is required (and in is invalid) whenever xmit is used. Specifying via together with xmit or recv is invalid. Cheers, Ian From owner-freebsd-net@FreeBSD.ORG Fri Jul 1 09:16:21 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C33A816A41C for ; Fri, 1 Jul 2005 09:16:21 +0000 (GMT) (envelope-from ozkan@mersin.edu.tr) Received: from mail.mersin.edu.tr (mail.mersin.edu.tr [193.255.128.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6C9D043D1D for ; Fri, 1 Jul 2005 09:16:21 +0000 (GMT) (envelope-from ozkan@mersin.edu.tr) Received: from localhost (localhost.mersin.edu.tr [127.0.0.1]) by mail.mersin.edu.tr (Postfix) with ESMTP id 440914524D; Fri, 1 Jul 2005 12:16:25 +0300 (EEST) Received: from mail.mersin.edu.tr ([127.0.0.1]) by localhost (mail.mersin.edu.tr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 33742-34; Fri, 1 Jul 2005 12:16:20 +0300 (EEST) Received: from localhost (localhost.mersin.edu.tr [127.0.0.1]) by mail.mersin.edu.tr (Postfix) with SMTP id 7C5AF45254; Fri, 1 Jul 2005 12:16:20 +0300 (EEST) To: From: Ozkan KIRIK Date: Fri, 1 Jul 2005 12:16:20 +0300 Errors-To: Ozkan KIRIK X-Priority: 3 (Normal) X-Originating-Ip: [10.0.2.1] X-Mailer: NOCC v0.9.5 Content-Type: text/plain; charset="ISO-8859-9" Content-Transfer-Encoding: 8bit Message-Id: <20050701091620.7C5AF45254@mail.mersin.edu.tr> X-Virus-Scanned: by amavisd-new at mersin.edu.tr Subject: Adding pfil hook to only one interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Ozkan KIRIK List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jul 2005 09:16:21 -0000 hi, Does pfil_hooks support adding hook to only one interface? If it is not possible, how can i check, the packet belongs to which interface? thanks From owner-freebsd-net@FreeBSD.ORG Fri Jul 1 09:47:29 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CBF9216A41C for ; Fri, 1 Jul 2005 09:47:29 +0000 (GMT) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.186]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6248C43D1D for ; Fri, 1 Jul 2005 09:47:29 +0000 (GMT) (envelope-from max@love2party.net) Received: from p54A3EBB4.dip.t-dialin.net [84.163.235.180] (helo=donor.laier.local) by mrelayeu.kundenserver.de with ESMTP (Nemesis), id 0MKwtQ-1DoI7J23Wm-0000nm; Fri, 01 Jul 2005 11:47:25 +0200 From: Max Laier To: freebsd-net@freebsd.org, Ozkan KIRIK Date: Fri, 1 Jul 2005 11:47:16 +0200 User-Agent: KMail/1.8 References: <20050701091620.7C5AF45254@mail.mersin.edu.tr> In-Reply-To: <20050701091620.7C5AF45254@mail.mersin.edu.tr> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1781629.jlE1YdYrUG"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200507011147.22935.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: Subject: Re: Adding pfil hook to only one interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jul 2005 09:47:29 -0000 --nextPart1781629.jlE1YdYrUG Content-Type: text/plain; charset="iso-8859-9" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 01 July 2005 11:16, Ozkan KIRIK wrote: > Does pfil_hooks support adding hook to only one interface? > If it is not possible, how can i check, the packet belongs to which > interface? No, it's not possible to add a pfil hook to just one interface. The hook function has a struct ifnet pointer as third argument. This is wh= ere=20 the receiving/sending interface is passed. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1781629.jlE1YdYrUG Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQBCxREqXyyEoT62BG0RAhXBAJ9AMpHWyVcVNJ7VIclCiYDpJ2aXBwCeJdEo oe9QQVvUkQEOHzLZUYYeDYQ= =TH8i -----END PGP SIGNATURE----- --nextPart1781629.jlE1YdYrUG-- From owner-freebsd-net@FreeBSD.ORG Fri Jul 1 09:57:35 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2246216A41C for ; Fri, 1 Jul 2005 09:57:35 +0000 (GMT) (envelope-from babolo@cicuta.babolo.ru) Received: from ints.mail.pike.ru (ints.mail.pike.ru [195.9.45.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5144B43D1D for ; Fri, 1 Jul 2005 09:57:33 +0000 (GMT) (envelope-from babolo@cicuta.babolo.ru) Received: (qmail 41083 invoked from network); 1 Jul 2005 09:57:32 -0000 Received: from cicuta.babolo.ru (194.135.49.133) by ints.mail.pike.ru with SMTP; 1 Jul 2005 09:57:32 -0000 Received: (nullmailer pid 26142 invoked by uid 136); Fri, 01 Jul 2005 09:59:50 -0000 X-ELM-OSV: (Our standard violations) hdr-charset=KOI8-R; no-hdr-encoding=1 In-Reply-To: <068101c57d4f$15a4d6e0$9f90a8c0@DONATAS> To: dnr Date: Fri, 1 Jul 2005 13:59:50 +0400 (MSD) From: .@babolo.ru X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Message-Id: <1120211990.011397.26141.nullmailer@cicuta.babolo.ru> Cc: freebsd-net@freebsd.org Subject: Re: ipfw2 question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jul 2005 09:57:35 -0000 [ Charset ISO-8859-1 unsupported, converting... ] > sad, but > ipfw add pipe 1 ip from any to any out recv vlan10 xmit vlan1000 > ipfw add pipe 2 ip from any to any out recv vlan11 xmit vlan1000 > doesn't seems to work :( > > i've noticed if in one ipfw rule i describe directions on two interfaces - rule doesn't work... > example: > simplified test machine: > remote icmp 8--------fxp0[vlan10]---rl0----------remote icmp2 > > "log ip from any to any" shows: > accept icmp:8.0 10.10.10.2 192.168.144.254 in via vlan10 > accept icmp:8.0 10.10.10.2 192.168.144.254 out via rl0 > accept icmp:2.0 192.168.144.254 10.10.10.2 in via rl0 > accept icmp:2.0 192.168.144.254 10.10.10.2 out via vlan10 > > > so, 2 rules should be enough > ipfw add pass all from any to any in via vlan10 out via rl0 > ipfw add pass all from any to any in via rl0 out via vlan10 > packets do not pass through these rules... > of course "via" can be changed to "recv" or "xmit" accordingly, but i don't think i makes any sense You are mistaken. Do I wrote you literally except interface names. > for creating a pipe between vlan10 and rl0 i cannot base on something working like: > ipfw add pipe 1 all from any to any via vlan10, because it is not suitable in my case... > > ipfw add pipe 1 ip from any to any out recv vlan10 xmit vlan1000 > > ipfw add pipe 2 ip from any to any out recv vlan11 xmit vlan1000 > > > > or may be better (not exact your ask) > > > > ipfw add pipe 1 ip from any to any in recv vlan10 > > ipfw add pipe 2 ip from any to any in recv vlan11 From owner-freebsd-net@FreeBSD.ORG Fri Jul 1 11:26:29 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 228B116A41C for ; Fri, 1 Jul 2005 11:26:29 +0000 (GMT) (envelope-from Mathias@TeleCity.com) Received: from mail134.messagelabs.com (mail134.messagelabs.com [85.158.137.35]) by mx1.FreeBSD.org (Postfix) with SMTP id 7CF8943D1D for ; Fri, 1 Jul 2005 11:26:27 +0000 (GMT) (envelope-from Mathias@TeleCity.com) X-VirusChecked: Checked X-Env-Sender: Mathias@TeleCity.com X-Msg-Ref: server-4.tower-134.messagelabs.com!1120217186!3618025!1 X-StarScan-Version: 5.4.15; banners=telecity.com,-,- X-Originating-IP: [217.20.38.102] Received: (qmail 18025 invoked from network); 1 Jul 2005 11:26:26 -0000 Received: from lon3.telecity.net (HELO LON3.tcy.prv) (217.20.38.102) by server-4.tower-134.messagelabs.com with SMTP; 1 Jul 2005 11:26:26 -0000 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Date: Fri, 1 Jul 2005 12:26:25 +0100 Message-ID: <7DA012A4E4DA934FA17318A11F7547F5B942D5@LON3.tcy.prv> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Free memory Thread-Index: AcV+L7dn8SQEMPyeQnqD5oea3vRQGA== From: To: Subject: Free memory X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jul 2005 11:26:29 -0000 Hi=20Guys, I=20am=20trying=20to=20find=20out=20what=20mib=20value=20I=20can=20use=20t= o=20get=20the=20free=20memory. I=20am=20running=20FreeBSd5.4=20on=20a=20pc=20compatible=20machine=20(Free= BSD=205.4-RELEASE i386=20GENERIC).=20MIB-2=20gives=20me=20the=20total=20memory.=20I=20can=20= get=20the=20free memory=20from=20a=20sun=20box=20using=20sun's=20mib(.1.3.6.1.4.1.2021.4.6.= 0)=20which does=20not=20work=20with=20standard=20pc=20box.=20Could=20anyone=20point=20= me=20to=20the=20right direction=20please? Regards Mathias, ______________________________________________________________________ DISCLAIMER This=20e-mail=20is=20intended=20only=20for=20the=20use=20of=20the=20addres= sees=20named=20above=20and=20may=20be=20confidential.=20If=20you=20are=20n= ot=20an=20addressee=20you=20must=20not=20use=20any=20information=20contain= ed=20in=20nor=20copy=20it=20nor=20inform=20any=20person=20other=20than=20T= eleCity=20or=20the=20addressees=20of=20its=20existence=20or=20contents.=20= If=20you=20have=20received=20this=20e-mail=20in=20error,=20please=20contac= t=20the=20TeleCity=20IT=20department=20on=20+44=20(0)=20161=20232=203220=20= or=20by=20email=20at=20techsupport@telecity.com.=20Internet=20communicatio= ns=20cannot=20be=20guaranteed=20100%=20secure,=20you=20should=20therefore=20= take=20this=20potential=20lack=20of=20security=20into=20consideration=20wh= en=20emailing=20us=20as=20we=20do=20not=20accept=20legal=20responsibility=20= for=20the=20security=20of=20the=20contents=20of=20this=20or=20other=20emai= ls.=20Whilst=20TeleCity=20take=20measures=20to=20prevent=20any=20virus=20c= ontamination=20of=20our=20computer=20systems,=20recipients=20of=20emails=20= should=20always=20ensure=20that=20they=20take=20their=20own=20precautions=20= to=20avoid=20virus=20contamination. ______________________________________________________________________ From owner-freebsd-net@FreeBSD.ORG Fri Jul 1 12:32:22 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7AB8F16A41C for ; Fri, 1 Jul 2005 12:32:22 +0000 (GMT) (envelope-from shiner_chen@yahoo.com.cn) Received: from web15507.mail.cnb.yahoo.com (web15507.mail.cnb.yahoo.com [202.165.102.36]) by mx1.FreeBSD.org (Postfix) with SMTP id 3BB4743D1D for ; Fri, 1 Jul 2005 12:32:19 +0000 (GMT) (envelope-from shiner_chen@yahoo.com.cn) Received: (qmail 24952 invoked by uid 60001); 1 Jul 2005 12:32:17 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com.cn; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=AG8cNKUm7DvQVRlyePQG0+haSl+kUfOpu9P8gICAwkhJPcXYSEaftrgU5I3V8QLduTJ/QhIacIZJJIVYJZyH9vXaVTgoeKTX/qBX3wk/Pl5gB8vIjChbjZJsKtWYAPZ3puptMalNMF5K+F3h04CWOKE5Gln5NRKAXFmCUv5xmQs= ; Message-ID: <20050701123216.24950.qmail@web15507.mail.cnb.yahoo.com> Received: from [61.187.16.2] by web15507.mail.cnb.yahoo.com via HTTP; Fri, 01 Jul 2005 20:32:16 CST Date: Fri, 1 Jul 2005 20:32:16 +0800 (CST) From: shiner chen To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=gb2312 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: how to ignore the arp request for alias ip X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jul 2005 12:32:22 -0000 I want only to ignore the arp request for alias ip ,at the same time I don't want disable the arp function of the interface ? How do ? thanks! __________________________________________________ ¸Ï¿ì×¢²áÑÅ»¢³¬´óÈÝÁ¿Ãâ·ÑÓÊÏä? http://cn.mail.yahoo.com From owner-freebsd-net@FreeBSD.ORG Fri Jul 1 15:29:02 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 432A516A41C for ; Fri, 1 Jul 2005 15:29:02 +0000 (GMT) (envelope-from jhary@unsane.co.uk) Received: from unsane.co.uk (unsane.co.uk [62.140.220.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id B2DD043D1F for ; Fri, 1 Jul 2005 15:29:01 +0000 (GMT) (envelope-from jhary@unsane.co.uk) Received: from [172.16.101.25] ([62.140.195.35]) (authenticated bits=0) by unsane.co.uk (8.13.4/8.13.3) with ESMTP id j61FSwiB030971; Fri, 1 Jul 2005 16:28:59 +0100 (BST) (envelope-from jhary@unsane.co.uk) Message-ID: <42C56135.4000605@unsane.co.uk> Date: Fri, 01 Jul 2005 16:28:53 +0100 From: vince User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050510) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Mathias@TeleCity.com References: <7DA012A4E4DA934FA17318A11F7547F5B942D5@LON3.tcy.prv> In-Reply-To: <7DA012A4E4DA934FA17318A11F7547F5B942D5@LON3.tcy.prv> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: Free memory X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jul 2005 15:29:02 -0000 Mathias@TeleCity.com wrote: >Hi Guys, > >I am trying to find out what mib value I can use to get the free memory. >I am running FreeBSd5.4 on a pc compatible machine (FreeBSD 5.4-RELEASE >i386 GENERIC). MIB-2 gives me the total memory. I can get the free >memory from a sun box using sun's mib(.1.3.6.1.4.1.2021.4.6.0) which >does not work with standard pc box. Could anyone point me to the right >direction please? > > > If you are using net-snmp try this from http://net-snmp.sourceforge.net/tutorial/tutorial-4/mrtg/ .1.3.6.1.4.1.2021.4.11.0 >Regards >Mathias, > > >______________________________________________________________________ >DISCLAIMER >This e-mail is intended only for the use of the addressees named above and may be confidential. If you are not an addressee you must not use any information contained in nor copy it nor inform any person other than TeleCity or the addressees of its existence or contents. If you have received this e-mail in error, please contact the TeleCity IT department on +44 (0) 161 232 3220 or by email at techsupport@telecity.com. Internet communications cannot be guaranteed 100% secure, you should therefore take this potential lack of security into consideration when emailing us as we do not accept legal responsibility for the security of the contents of this or other emails. Whilst TeleCity take measures to prevent any virus contamination of our computer systems, recipients of emails should always ensure that they take their own precautions to avoid virus contamination. >______________________________________________________________________ >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Fri Jul 1 18:10:21 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6204916A41F for ; Fri, 1 Jul 2005 18:10:21 +0000 (GMT) (envelope-from babolo@cicuta.babolo.ru) Received: from ints.mail.pike.ru (ints.mail.pike.ru [195.9.45.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5AAA843D5C for ; Fri, 1 Jul 2005 18:10:09 +0000 (GMT) (envelope-from babolo@cicuta.babolo.ru) Received: (qmail 85626 invoked from network); 1 Jul 2005 18:10:09 -0000 Received: from cicuta.babolo.ru (194.135.49.133) by ints.mail.pike.ru with SMTP; 1 Jul 2005 18:10:09 -0000 Received: (nullmailer pid 27524 invoked by uid 136); Fri, 01 Jul 2005 18:12:27 -0000 X-ELM-OSV: (Our standard violations) hdr-charset=KOI8-R; no-hdr-encoding=1 In-Reply-To: <20050701123216.24950.qmail@web15507.mail.cnb.yahoo.com> To: shiner chen Date: Fri, 1 Jul 2005 22:12:27 +0400 (MSD) From: .@babolo.ru X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Message-Id: <1120241547.935862.27523.nullmailer@cicuta.babolo.ru> Cc: freebsd-net@freebsd.org Subject: Re: how to ignore the arp request for alias ip X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jul 2005 18:10:21 -0000 [ Charset GB2312 unsupported, skipping... ] > I want only to ignore the arp request for alias ip ,at the same time I d= > on't want disable the arp function of the interface ? How do ? thanks!=20 Do alias on lo0 instead of alias on ethernet and sysctl net.link.ether.inet.proxyall=0