From owner-freebsd-ipfw@FreeBSD.ORG Mon Aug 4 11:06:57 2008 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3AE781065675 for ; Mon, 4 Aug 2008 11:06:57 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 217188FC1E for ; Mon, 4 Aug 2008 11:06:57 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m74B6v0N082097 for ; Mon, 4 Aug 2008 11:06:57 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m74B6ugs082093 for freebsd-ipfw@FreeBSD.org; Mon, 4 Aug 2008 11:06:56 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 4 Aug 2008 11:06:56 GMT Message-Id: <200808041106.m74B6ugs082093@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Aug 2008 11:06:57 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/112708 ipfw [ipfw] ipfw is seems to be broken to limit number of c o kern/117234 ipfw [ipfw] [patch] ipfw send_pkt() and ipfw_tick() don't s o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem o conf/123119 ipfw [patch] rc script for ipfw does not handle IPv6 15 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir s kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o kern/107305 ipfw [ipfw] ipfw fwd doesn't seem to work o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets p kern/113388 ipfw [ipfw][patch] Addition actions with rules within speci o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule o bin/115172 ipfw [patch] ipfw(8) list show some rules with a wrong form p kern/115755 ipfw [ipfw][patch] unify message and add a rule number wher o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/121382 ipfw [dummynet]: 6.3-RELEASE-p1 page fault in dummynet (cor s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip o bin/125370 ipfw [ipfw] [patch] increase a line buffer limit 30 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Tue Aug 5 14:33:10 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2B6C81065674 for ; Tue, 5 Aug 2008 14:33:10 +0000 (UTC) (envelope-from matt@chronos.org.uk) Received: from chronos.org.uk (chronos-pt.tunnel.tserv5.lon1.ipv6.he.net [IPv6:2001:470:1f08:12b::2]) by mx1.freebsd.org (Postfix) with ESMTP id 92D288FC1E for ; Tue, 5 Aug 2008 14:33:09 +0000 (UTC) (envelope-from matt@chronos.org.uk) Received: from workstation1.local.chronos.org.uk (chronos@workstation1.local.chronos.org.uk [IPv6:2001:470:1f09:12b::20]) (authenticated bits=0) by chronos.org.uk (8.14.2/8.14.2) with ESMTP id m75EX5NV047831 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 5 Aug 2008 15:33:05 +0100 (BST) (envelope-from matt@chronos.org.uk) X-DKIM: Sendmail DKIM Filter v2.7.0 chronos.org.uk m75EX5NV047831 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=chronos.org.uk; s=mail; t=1217946788; bh=VuFtulAeVqJVV+rH88PpUAGGWbAvnP92E6qivDt3H9 w=; h=From:To:Subject:Date:MIME-Version:Content-Type: Content-Transfer-Encoding:Message-Id; b=FmulTmHRBL4e+8+S9kis83HFpp Kh83baPjtz82v1VPJyZ1d1M5zYEAPSwJCGX4K7LfuesSLAH3leQkhpxDdzWcUFnz1ck UXpCtTLj586rbVI7DzXLw30xp0eIC5k8Dht5jPnzPCvm/sFhBEwjAFweH8dyHUrDi8R EtgbPQIEzzk= From: Matt Dawson To: freebsd-ipfw@freebsd.org Date: Tue, 5 Aug 2008 15:33:04 +0100 User-Agent: KMail/1.9.7 X-Face: Uq{{&_!oO{M&ydj?-f%{D]bN7/|/]a+utod35[+IyH#R>F~YPffK,=?utf-8?q?=25=60=7D=25=0A?= FTMbmzo,]0X3K:N&{h7],FI{?EkORzB; f:V3"vKXsUNw5Yh`}ef4MZ*a4,=?utf-8?q?ObuJ=5F=26=5B1S=27zP=5CK0wcKZP=0A?= =?utf-8?q?_=60=23L=25=5Dq*OUPQ-4T=3FHZ=7EAKX0=7D3W=25o=3DP?= X-Spam-Status: No, score=-2.3 required=3.0 tests=AWL,BAYES_00,NO_RELAYS autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on central.local.chronos.org.uk X-Virus-Scanned: ClamAV 0.93.3/7943/Tue Aug 5 13:31:37 2008 on central.local.chronos.org.uk X-Virus-Status: Clean X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (chronos.org.uk [IPv6:2001:470:1f09:12b::1]); Tue, 05 Aug 2008 15:33:08 +0100 (BST) Subject: IPv6 tables? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2008 14:33:10 -0000 Just a quick question: What would it take to have similar functionality to the IPv4 tables in ipfw for v6? Is there a specific reason it isn't there (other than the fact that I haven't got my finger out and learnt the neccessary to add it myself ;) )? -- Matt Dawson. matt@chronos.org.uk MTD15-RIPE From owner-freebsd-ipfw@FreeBSD.ORG Tue Aug 5 14:55:04 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 27CB110656CF for ; Tue, 5 Aug 2008 14:55:04 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171]) by mx1.freebsd.org (Postfix) with ESMTP id B0C398FC23 for ; Tue, 5 Aug 2008 14:55:03 +0000 (UTC) (envelope-from max@love2party.net) Received: from vampire.homelinux.org (dslb-088-066-060-103.pools.arcor-ip.net [88.66.60.103]) by mrelayeu.kundenserver.de (node=mrelayeu4) with ESMTP (Nemesis) id 0ML21M-1KQNk22ZUq-0000qO; Tue, 05 Aug 2008 16:42:26 +0200 Received: (qmail 81020 invoked from network); 5 Aug 2008 14:42:26 -0000 Received: from fbsd8.laiers.local (192.168.4.151) by mx.laiers.local with SMTP; 5 Aug 2008 14:42:26 -0000 From: Max Laier Organization: FreeBSD To: freebsd-ipfw@freebsd.org Date: Tue, 5 Aug 2008 16:42:25 +0200 User-Agent: KMail/1.9.52 (FreeBSD/8.0-CURRENT; KDE/4.0.83; i386; ; ) References: <200808051533.05352.matt@chronos.org.uk> In-Reply-To: <200808051533.05352.matt@chronos.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200808051642.25758.max@love2party.net> X-Provags-ID: V01U2FsdGVkX182J6RmfVnpNmLrR5Zow6W0f0AX60q1wKpojZX GRz81nS0dPT4OoaNJ4Tv/C0NhIQTnNyO7pAulni1XG94dxM9R0 vV4gcFaxuN12hB4oGax0A== Cc: Matt Dawson Subject: Re: IPv6 tables? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2008 14:55:04 -0000 On Tuesday 05 August 2008 16:33:04 Matt Dawson wrote: > Just a quick question: What would it take to have similar functionality to > the IPv4 tables in ipfw for v6? Is there a specific reason it isn't there > (other than the fact that I haven't got my finger out and learnt the > neccessary to add it myself ;) )? In FreeBSD 7 and above all three firewall packages included with FreeBSD understand both IPv4 and IPv6. Read the ipfw(8) man page for details on how to setup IPv6 rules. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News From owner-freebsd-ipfw@FreeBSD.ORG Tue Aug 5 14:56:17 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 27C801065676 for ; Tue, 5 Aug 2008 14:56:17 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by mx1.freebsd.org (Postfix) with ESMTP id B03FC8FC26 for ; Tue, 5 Aug 2008 14:56:16 +0000 (UTC) (envelope-from max@love2party.net) Received: from vampire.homelinux.org (dslb-088-066-060-103.pools.arcor-ip.net [88.66.60.103]) by mrelayeu.kundenserver.de (node=mrelayeu4) with ESMTP (Nemesis) id 0ML21M-1KQNlF2lTn-0000xw; Tue, 05 Aug 2008 16:43:41 +0200 Received: (qmail 81026 invoked from network); 5 Aug 2008 14:43:41 -0000 Received: from fbsd8.laiers.local (192.168.4.151) by router.laiers.local with SMTP; 5 Aug 2008 14:43:41 -0000 From: Max Laier Organization: FreeBSD To: freebsd-ipfw@freebsd.org Date: Tue, 5 Aug 2008 16:43:41 +0200 User-Agent: KMail/1.9.52 (FreeBSD/8.0-CURRENT; KDE/4.0.83; i386; ; ) References: <200808051533.05352.matt@chronos.org.uk> <200808051642.25758.max@love2party.net> In-Reply-To: <200808051642.25758.max@love2party.net> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200808051643.41441.max@love2party.net> X-Provags-ID: V01U2FsdGVkX18SeEdqP115F89gk5ZA9mOZ1iuYaMOmsiYkGJ5 X4QLNGF3y04S2iark957CJ9dXnPmEp9vs6TZvJRXEqsd+b3UD3 qoV/GrCiXfUNhIcl20UFQ== Cc: Matt Dawson Subject: Re: IPv6 tables? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2008 14:56:17 -0000 On Tuesday 05 August 2008 16:42:25 Max Laier wrote: > On Tuesday 05 August 2008 16:33:04 Matt Dawson wrote: > > Just a quick question: What would it take to have similar functionality > > to the IPv4 tables in ipfw for v6? Is there a specific reason it isn't > > there (other than the fact that I haven't got my finger out and learnt > > the neccessary to add it myself ;) )? > > In FreeBSD 7 and above all three firewall packages included with FreeBSD > understand both IPv4 and IPv6. Read the ipfw(8) man page for details on > how to setup IPv6 rules. Oh wait ... you asked something different. Yeah, that would be nice to have. pf does it. If you need a reference. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News From owner-freebsd-ipfw@FreeBSD.ORG Tue Aug 5 16:11:57 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 499531065671 for ; Tue, 5 Aug 2008 16:11:57 +0000 (UTC) (envelope-from proks@logos.sky.od.ua) Received: from logos.sky.od.ua (logos.sky.od.ua [81.25.224.11]) by mx1.freebsd.org (Postfix) with ESMTP id ED6718FC17 for ; Tue, 5 Aug 2008 16:11:56 +0000 (UTC) (envelope-from proks@logos.sky.od.ua) Received: from localhost (localhost [127.0.0.1]) by logos.sky.od.ua (Postfix) with ESMTP id 6EE4D102D2B for ; Tue, 5 Aug 2008 19:11:55 +0300 (EEST) Date: Tue, 5 Aug 2008 19:11:55 +0300 (EEST) From: "Prokofiev S.P." To: freebsd-ipfw@freebsd.org Message-ID: <20080805191040.N31591@logos.sky.od.ua> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: ipfw nat/natd X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2008 16:11:57 -0000 I have a problem at the scheme: ( gw ) <-----> ( nat_router ) <-----> ( https ) real.ip0 real.ip1 10.19.90.1 10.19.90.2 If I use ipfw+natd on nat_router then redirect to https server and to nat_router local address 10.19.90.1 is well, but if ipfw+nat - redirect to nat_router local address is fail. This is bug ? ipfw+nat schema - on nat_router - ipfw rules ipfw nat 1 config if vlan2 log redirect_port tcp 10.19.90.1:5000 5000 \ redirect_port tcp 10.19.90.2:443 443 ipfw add 500 nat 1 log ip from any to any via vlan2 // nat - iperf -s -p 5000 - on gw - iperf -p 5000 -c real.ip1 tcpdump -np -i vlan2 host real.ip0 18:36:08.170034 IP real.ip0.60950 > real.ip1.5000: S 3167071663:3167071663(0) win 65535 18:36:08.170093 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 18:36:11.170239 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 18:36:11.208523 IP real.ip0.60950 > real.ip1.5000: S 3167071663:3167071663(0) win 65535 18:36:11.208554 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 18:36:14.208712 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 18:36:14.448772 IP real.ip0.60950 > real.ip1.5000: S 3167071663:3167071663(0) win 65535 18:36:14.448802 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 18:36:17.449225 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 18:36:17.689771 IP real.ip0.60950 > real.ip1.5000: S 3167071663:3167071663(0) win 65535 18:36:17.689801 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 18:36:20.689736 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 18:36:20.944763 IP real.ip0.60950 > real.ip1.5000: S 3167071663:3167071663(0) win 65535 18:36:20.944794 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 18:36:23.945252 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 Thanks all! From owner-freebsd-ipfw@FreeBSD.ORG Tue Aug 5 16:15:27 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7FA5A106567A; Tue, 5 Aug 2008 16:15:27 +0000 (UTC) (envelope-from proks@logos.sky.od.ua) Received: from logos.sky.od.ua (logos.sky.od.ua [81.25.224.11]) by mx1.freebsd.org (Postfix) with ESMTP id 31CF38FC12; Tue, 5 Aug 2008 16:15:27 +0000 (UTC) (envelope-from proks@logos.sky.od.ua) Received: from localhost (localhost [127.0.0.1]) by logos.sky.od.ua (Postfix) with ESMTP id 493F7102CDE; Tue, 5 Aug 2008 18:51:33 +0300 (EEST) Date: Tue, 5 Aug 2008 18:51:33 +0300 (EEST) From: "Prokofiev S.P." To: freebsd-ipfw@freebsd.org Message-ID: <20080805181839.T23842@logos.sky.od.ua> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-net@freebsd.org Subject: ipfw nat/natd X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2008 16:15:27 -0000 I have a problem at the scheme: ( gw ) <-----> ( nat_router ) <-----> ( https ) real.ip0 real.ip1 10.19.90.1 10.19.90.2 If I use ipfw+natd on nat_router then redirect to https server and to nat_router local address 10.19.90.1 is well, but if ipfw+nat - redirect to nat_router local address is fail. This is bug ? ipfw+nat schema - on nat_router - ipfw rules ipfw nat 1 config if vlan2 log redirect_port tcp 10.19.90.1:5000 5000 \ redirect_port tcp 10.19.90.2:443 443 ipfw add 500 nat 1 log ip from any to any via vlan2 // nat - iperf -s -p 5000 - on gw - iperf -p 5000 -c real.ip1 tcpdump -np -i vlan2 host real.ip0 18:36:08.170034 IP real.ip0.60950 > real.ip1.5000: S 3167071663:3167071663(0) win 65535 18:36:08.170093 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 18:36:11.170239 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 18:36:11.208523 IP real.ip0.60950 > real.ip1.5000: S 3167071663:3167071663(0) win 65535 18:36:11.208554 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 18:36:14.208712 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 18:36:14.448772 IP real.ip0.60950 > real.ip1.5000: S 3167071663:3167071663(0) win 65535 18:36:14.448802 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 18:36:17.449225 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 18:36:17.689771 IP real.ip0.60950 > real.ip1.5000: S 3167071663:3167071663(0) win 65535 18:36:17.689801 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 18:36:20.689736 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 18:36:20.944763 IP real.ip0.60950 > real.ip1.5000: S 3167071663:3167071663(0) win 65535 18:36:20.944794 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 18:36:23.945252 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 Thanks all! From owner-freebsd-ipfw@FreeBSD.ORG Tue Aug 5 18:28:25 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 708B21065676 for ; Tue, 5 Aug 2008 18:28:25 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outQ.internet-mail-service.net (outq.internet-mail-service.net [216.240.47.240]) by mx1.freebsd.org (Postfix) with ESMTP id 5BFD08FC25 for ; Tue, 5 Aug 2008 18:28:25 +0000 (UTC) (envelope-from julian@elischer.org) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 234D72370; Tue, 5 Aug 2008 11:28:25 -0700 (PDT) Received: from julian-mac.elischer.org (localhost [127.0.0.1]) by idiom.com (Postfix) with ESMTP id B0E552D602E; Tue, 5 Aug 2008 11:28:24 -0700 (PDT) Message-ID: <48989BC9.4070504@elischer.org> Date: Tue, 05 Aug 2008 11:28:25 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.16 (Macintosh/20080707) MIME-Version: 1.0 To: Matt Dawson References: <200808051533.05352.matt@chronos.org.uk> In-Reply-To: <200808051533.05352.matt@chronos.org.uk> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org Subject: Re: IPv6 tables? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2008 18:28:25 -0000 Matt Dawson wrote: > Just a quick question: What would it take to have similar functionality to the > IPv4 tables in ipfw for v6? Is there a specific reason it isn't there (other > than the fact that I haven't got my finger out and learnt the neccessary to > add it myself ;) )? there is no reason except that is hasn't been done :-) From owner-freebsd-ipfw@FreeBSD.ORG Wed Aug 6 14:41:44 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DD4721065671 for ; Wed, 6 Aug 2008 14:41:44 +0000 (UTC) (envelope-from matt@chronos.org.uk) Received: from chronos.org.uk (chronos-pt.tunnel.tserv5.lon1.ipv6.he.net [IPv6:2001:470:1f08:12b::2]) by mx1.freebsd.org (Postfix) with ESMTP id 2B0DB8FC28 for ; Wed, 6 Aug 2008 14:41:43 +0000 (UTC) (envelope-from matt@chronos.org.uk) Received: from workstation2.local.chronos.org.uk (chronos@workstation2.local.chronos.org.uk [IPv6:2001:470:1f09:12b::21]) (authenticated bits=0) by chronos.org.uk (8.14.2/8.14.2) with ESMTP id m76EfeZ5050859 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 6 Aug 2008 15:41:40 +0100 (BST) (envelope-from matt@chronos.org.uk) X-DKIM: Sendmail DKIM Filter v2.7.0 chronos.org.uk m76EfeZ5050859 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=chronos.org.uk; s=mail; t=1218033702; bh=c3MtofVPnxFh3KaMZFNSVRpwidIjR2D4uE0Ovs3lKH s=; h=From:To:Subject:Date:References:In-Reply-To:MIME-Version: Content-Type:Content-Transfer-Encoding:Message-Id; b=h+6Bmd8z2ohTS ZT0/hDgRvFmRGfiAVaZ9DiLFmPKvNNGPEHd/uK41B2kNBR55KzGOXPRZccRwR3tsLDn 79h72xzNL3QBS/VeJiglikYOwNNDunefBWXtH8d60RxCHJEcQClrLlgynZAGeRHb6Y0 NIGY6zoRMyZrDNkO2ov/AN7Y= From: Matt Dawson To: freebsd-ipfw@freebsd.org Date: Wed, 6 Aug 2008 15:41:38 +0100 User-Agent: KMail/1.9.7 References: <20080806120017.1D3921065744@hub.freebsd.org> In-Reply-To: <20080806120017.1D3921065744@hub.freebsd.org> X-Face: Uq{{&_!oO{M&ydj?-f%{D]bN7/|/]a+utod35[+IyH#R>F~YPffK,=?iso-8859-1?q?=25=60=7D=25=0A?= FTMbmzo,]0X3K:N&{h7],FI{?EkORzB; f:V3"vKXsUNw5Yh`}ef4MZ*a4,=?iso-8859-1?q?ObuJ=5F=26=5B1S=27zP=5CK0wcKZP=0A?= =?iso-8859-1?q?_=60=23L=25=5Dq*OUPQ-4T=3FHZ=7EAKX0=7D3W=25o=3DP?= X-Spam-Status: No, score=-2.3 required=3.0 tests=AWL,BAYES_00,NO_RELAYS autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on central.local.chronos.org.uk X-Virus-Scanned: ClamAV 0.93.3/7959/Wed Aug 6 14:06:37 2008 on central.local.chronos.org.uk X-Virus-Status: Clean X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (chronos.org.uk [IPv6:2001:470:1f09:12b::1]); Wed, 06 Aug 2008 15:41:42 +0100 (BST) Subject: Re: IPv6 tables? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Aug 2008 14:41:44 -0000 On Wednesday 06 Aug 2008, freebsd-ipfw-request@freebsd.org wrote: > On Tuesday 05 August 2008 16:42:25 Max Laier wrote: > > On Tuesday 05 August 2008 16:33:04 Matt Dawson wrote: > > > Just a quick question: What would it take to have similar functionali= ty > > > to the IPv4 tables in ipfw for v6? Is there a specific reason it isn't > > > there (other than the fact that I haven't got my finger out and learnt > > > the neccessary to add it myself ;) )? > > > > In FreeBSD 7 and above all three firewall packages included with FreeBSD > > understand both IPv4 and IPv6. =A0Read the ipfw(8) man page for details= on > > how to setup IPv6 rules. > > Oh wait ... you asked something different. =A0Yeah, that would be nice to > have. =A0 pf does it. =A0If you need a reference. I did notice pf had tables that can handle both v4 and v6. I hadn't thought= of=20 reading pf's code to see how it's done, although pf's tables seem to handle= =20 handle both versions (without looking at the code, just the manpage). I'm= =20 now wondering which approach would be less resource-hungry: Adding a=20 separate "table6" structure or modifying tables to accept v6. The former, t= o=20 my mind, is more economical with large tables. Thanks to you and Julian for the replies. Looks like I have some code and=20 things to read through. =2D-=20 Matt Dawson. matt@chronos.org.uk MTD15-RIPE From owner-freebsd-ipfw@FreeBSD.ORG Wed Aug 6 17:11:58 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 85F24106564A for ; Wed, 6 Aug 2008 17:11:58 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outA.internet-mail-service.net (outa.internet-mail-service.net [216.240.47.224]) by mx1.freebsd.org (Postfix) with ESMTP id 6FFA18FC15 for ; Wed, 6 Aug 2008 17:11:58 +0000 (UTC) (envelope-from julian@elischer.org) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 53DEB290C; Wed, 6 Aug 2008 10:11:58 -0700 (PDT) Received: from julian-mac.elischer.org (localhost [127.0.0.1]) by idiom.com (Postfix) with ESMTP id E03BD2D6006; Wed, 6 Aug 2008 10:11:57 -0700 (PDT) Message-ID: <4899DB5D.7030902@elischer.org> Date: Wed, 06 Aug 2008 10:11:57 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.16 (Macintosh/20080707) MIME-Version: 1.0 To: Matt Dawson References: <20080806120017.1D3921065744@hub.freebsd.org> <200808061541.39381.matt@chronos.org.uk> In-Reply-To: <200808061541.39381.matt@chronos.org.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org Subject: Re: IPv6 tables? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Aug 2008 17:11:58 -0000 Matt Dawson wrote: > On Wednesday 06 Aug 2008, freebsd-ipfw-request@freebsd.org wrote: >> On Tuesday 05 August 2008 16:42:25 Max Laier wrote: >>> On Tuesday 05 August 2008 16:33:04 Matt Dawson wrote: >>>> Just a quick question: What would it take to have similar functionality >>>> to the IPv4 tables in ipfw for v6? Is there a specific reason it isn't >>>> there (other than the fact that I haven't got my finger out and learnt >>>> the neccessary to add it myself ;) )? >>> In FreeBSD 7 and above all three firewall packages included with FreeBSD >>> understand both IPv4 and IPv6. Read the ipfw(8) man page for details on >>> how to setup IPv6 rules. >> Oh wait ... you asked something different. Yeah, that would be nice to >> have. pf does it. If you need a reference. > > I did notice pf had tables that can handle both v4 and v6. I hadn't thought of > reading pf's code to see how it's done, although pf's tables seem to handle > handle both versions (without looking at the code, just the manpage). I'm > now wondering which approach would be less resource-hungry: Adding a > separate "table6" structure or modifying tables to accept v6. The former, to > my mind, is more economical with large tables. > > Thanks to you and Julian for the replies. Looks like I have some code and > things to read through. I think I'd go for a single table structure, that only instantiates the ipv4 or ipv6 table part of itself when you add anentry of that type.. then when you do a compare, it only looks in the apropriate half.. Since you always know which you have... but it would be note to be able do a test against both types with one ipfw rule. From owner-freebsd-ipfw@FreeBSD.ORG Wed Aug 6 21:20:41 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C9C771065675 for ; Wed, 6 Aug 2008 21:20:41 +0000 (UTC) (envelope-from info@tecodryer.com) Received: from tember.borusantelekom.com (tember.borusantelekom.com [213.194.65.162]) by mx1.freebsd.org (Postfix) with ESMTP id 056F78FC08 for ; Wed, 6 Aug 2008 21:20:40 +0000 (UTC) (envelope-from info@tecodryer.com) Received: (qmail 4202 invoked by uid 89); 6 Aug 2008 21:12:24 -0000 Received: from unknown (HELO erkan-e90bf8060) (78.161.127.33) by 0 with SMTP; 6 Aug 2008 21:12:24 -0000 From: "TECO DRYER" To: freebsd-ipfw@freebsd.org Message-Id: <20080806212041.056F78FC08@mx1.freebsd.org> Date: Wed, 6 Aug 2008 21:20:40 +0000 (UTC) Subject: Teco Industry is in the business of corn, wheat, paddy, and X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Aug 2008 21:20:41 -0000 vegetable dr Sender: "TECO DRYER" Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Date: Thu, 7 Aug 2008 00:12:23 +0300 Message-ID: <20080806211223192.57EB19BE79843444@erkan-e90bf8060> X-Priority: 3 (Normal) Importance: Normal Teco Industry is in the business of corn, wheat, paddy, and vegetable drying machines and the production and marketing of silo & steel construction. Related to the machines that our company produce; Teco Industry has the representatives in Bulgaria, Albania, Ukraine, Tatarstan, Kazakhstan, Russia, Angola and Indonesia. Our partners in these countries are accepted as the leaders in the steel industry. The quality of produced machines is approved by international standards. Teco is guaranteed by CE and ISO 9001-2000 certificates. Teco also contributes to the national economy by creating jobs in designing, project, production, import and export. Teco materializes R&D activities with its professional staff. Quality results are presented to the customers during the production, import and export. Our company takes the leadership of producing and marketing nationally and internationally. For Grain, Oily Seeds, and Pulses: Silos Corn and Soybean Drying Machines Handling Systems like Bucket Elevator, Chain Conveyor and Helix Prop Towers and Catwalks for Handling Systems Unloading Truck Lifts Industrial Foundations, Steel Construction With the expert staff; we take an important target like ‘’Customer Satisfaction and Service Quality’’ and perform service and counseling duties successfully. -------------------------------------------------------------------------------- Contact Us , Teco Dryer Company is ready for a long partnership with you. Sales Engineer Erkan AYMAN eayman@tecodryer.com