From owner-freebsd-ipfw@FreeBSD.ORG Mon Nov 3 11:06:54 2008 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 930021065672 for ; Mon, 3 Nov 2008 11:06:54 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 80E248FC1E for ; Mon, 3 Nov 2008 11:06:54 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id mA3B6sO8010936 for ; Mon, 3 Nov 2008 11:06:54 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id mA3B6sCb010932 for freebsd-ipfw@FreeBSD.org; Mon, 3 Nov 2008 11:06:54 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 3 Nov 2008 11:06:54 GMT Message-Id: <200811031106.mA3B6sCb010932@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2008 11:06:54 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/128260 ipfw [ipfw] [patch] ipfw_divert damages IPv6 packets o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l o kern/127209 ipfw [ipfw] IPFW table become corrupted after many changes o bin/125370 ipfw [ipfw] [patch] increase a line buffer limit o conf/123119 ipfw [patch] rc script for ipfw does not handle IPv6 o kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/121382 ipfw [dummynet]: 6.3-RELEASE-p1 page fault in dummynet (cor o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem o kern/117234 ipfw [ipfw] [patch] ipfw send_pkt() and ipfw_tick() don't s o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from p kern/115755 ipfw [ipfw][patch] unify message and add a rule number wher o bin/115172 ipfw [patch] ipfw(8) list show some rules with a wrong form o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule p kern/113388 ipfw [ipfw][patch] Addition actions with rules within speci o kern/112708 ipfw [ipfw] ipfw is seems to be broken to limit number of c o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets o kern/107305 ipfw [ipfw] ipfw fwd doesn't seem to work o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou s kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 48 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Tue Nov 4 12:47:40 2008 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 406F81065673 for ; Tue, 4 Nov 2008 12:47:40 +0000 (UTC) (envelope-from thavinci@thavinci.za.net) Received: from thavinci.za.net (mail.e-soul.co.za [196.211.117.44]) by mx1.freebsd.org (Postfix) with ESMTP id 20F0B8FC18 for ; Tue, 4 Nov 2008 12:47:39 +0000 (UTC) (envelope-from thavinci@thavinci.za.net) Received: from thavinci.za.net (localhost [127.0.0.1]) by thavinci.za.net (Postfix) with ESMTP id 5FCB39B49B for ; Tue, 4 Nov 2008 14:29:18 +0200 (SAST) Received: by thavinci.za.net (Postfix, from userid 1002) id 459879B497; Tue, 4 Nov 2008 14:29:18 +0200 (SAST) Received: from thavinciPC (unknown [192.168.12.110]) by thavinci.za.net (Postfix) with ESMTP id 389FA9B492 for ; Tue, 4 Nov 2008 14:29:18 +0200 (SAST) From: "Marcel Grandemange" To: Date: Tue, 4 Nov 2008 14:27:52 +0200 Message-ID: <013a01c93e78$c1ff2010$45fd6030$@za.net> MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: Ack+eMHhtaF1vkKMRou67kdVrWjTQA== Content-Language: en-us X-Virus-Scanned: ClamAV using ClamSMTP Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Dual ADSL Load Balancing X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2008 12:47:40 -0000 Ok I have managed to get this working by running two instances of natd, the works. Then by using ipfw fwd "to appropriate gateway" for "appropriate protocol" type of approach. However here is the question. The machine obviously has one of the gateways set as it's main route and only protocols explicitily sent to other gateway using fwd gows through other line. But incoming connections is my problem, I need to be able to say in lamence terms If connection comes in on adsl2 send it to gateway2 I think whats happening now is it comes in on adsl2 gows out adsl1 Input!? From owner-freebsd-ipfw@FreeBSD.ORG Tue Nov 4 17:47:23 2008 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0ED521065694 for ; Tue, 4 Nov 2008 17:47:23 +0000 (UTC) (envelope-from dev+lists@humph.com) Received: from ns.ondecorte.net (outgoing.humph.com [78.4.156.158]) by mx1.freebsd.org (Postfix) with ESMTP id B79878FC18 for ; Tue, 4 Nov 2008 17:47:22 +0000 (UTC) (envelope-from dev+lists@humph.com) Received: from nat.taurus80.it ([78.4.156.157] helo=[192.9.200.132]) by ns.ondecorte.net with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.67) (envelope-from ) id K9TKAV-000EN8-P9; Tue, 04 Nov 2008 18:23:19 +0100 Message-Id: <7F815F03-3B0E-41E3-B349-4A957A8C1F08@humph.com> From: Giuliano Gavazzi To: Marcel Grandemange In-Reply-To: <013a01c93e78$c1ff2010$45fd6030$@za.net> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v929.2) Date: Tue, 4 Nov 2008 18:23:19 +0100 References: <013a01c93e78$c1ff2010$45fd6030$@za.net> X-Mailer: Apple Mail (2.929.2) Cc: freebsd-ipfw@FreeBSD.org Subject: Re: Dual ADSL Load Balancing X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2008 17:47:23 -0000 On T 4 Nov, 2008, at 13:27 , Marcel Grandemange wrote: > The machine obviously has one of the gateways set as it's main route > and > only protocols explicitily sent to other gateway using fwd gows > through > other line. > > But incoming connections is my problem, I need to be able to say in > lamence > terms If I understood your problem correctly the solution to the incoming connections is simple. You must use two distinct aliases on your machine, one for each ADSL. If you also do NATing, as you seem to, I would also use a different alias to alias to, although not necessary it separates conveniently natted and not natted traffic. The two different ADSL do not have to be on the same physical or logical network. Suppose you have two logical (and optionally also physically separated) networks: 192.168.1.1/24 for ADSL1 and 192.168.2.1/24 for ADSL2: on your machine you'll use, for instance: 192.168.1.10 for incoming connections to the machine itself 192.168.1.11 natted connections from internal machines 192.168.2.10 for incoming connections to the machine itself 192.168.2.11 natted connections from internal machines of course outgoing connections from either will have to be forwarded to the appropriate gateway (presumably 192.168.1.1 and 192.168.1.2). Giuliano From owner-freebsd-ipfw@FreeBSD.ORG Tue Nov 4 20:05:52 2008 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C84D2106564A for ; Tue, 4 Nov 2008 20:05:52 +0000 (UTC) (envelope-from dev+lists@humph.com) Received: from ns.ondecorte.net (ns.ondecorte.net [78.4.156.158]) by mx1.freebsd.org (Postfix) with ESMTP id 806C38FC17 for ; Tue, 4 Nov 2008 20:05:52 +0000 (UTC) (envelope-from dev+lists@humph.com) Received: from nat.taurus80.it ([78.4.156.157] helo=[192.9.200.132]) by ns.ondecorte.net with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.67) (envelope-from ) id K9TRTP-000MSM-OT; Tue, 04 Nov 2008 21:05:49 +0100 Message-Id: <84782858-B994-462A-8F92-4881842C2A64@humph.com> From: Giuliano Gavazzi To: Marcel Grandemange In-Reply-To: <7F815F03-3B0E-41E3-B349-4A957A8C1F08@humph.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v929.2) Date: Tue, 4 Nov 2008 21:05:48 +0100 References: <013a01c93e78$c1ff2010$45fd6030$@za.net> <7F815F03-3B0E-41E3-B349-4A957A8C1F08@humph.com> X-Mailer: Apple Mail (2.929.2) Cc: freebsd-ipfw@FreeBSD.org Subject: Re: Dual ADSL Load Balancing X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2008 20:05:52 -0000 On T 4 Nov, 2008, at 18:23 , Giuliano Gavazzi wrote: > 192.168.1.10 for incoming connections to the machine itself > 192.168.1.11 natted connections from internal machines > > > 192.168.2.10 for incoming connections to the machine itself > 192.168.2.11 natted connections from internal machines > > of course outgoing connections from either will have to be forwarded > to the appropriate gateway (presumably 192.168.1.1 and 192.168.1.2). clearly this should have been 192.168.1.1 and 192.168.2.1! g From owner-freebsd-ipfw@FreeBSD.ORG Wed Nov 5 10:14:14 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A92E41065675 for ; Wed, 5 Nov 2008 10:14:14 +0000 (UTC) (envelope-from bounces@nabble.com) Received: from kuber.nabble.com (kuber.nabble.com [216.139.236.158]) by mx1.freebsd.org (Postfix) with ESMTP id 82AEA8FC14 for ; Wed, 5 Nov 2008 10:14:14 +0000 (UTC) (envelope-from bounces@nabble.com) Received: from isper.nabble.com ([192.168.236.156]) by kuber.nabble.com with esmtp (Exim 4.63) (envelope-from ) id 1KxfOv-00040o-8x for freebsd-ipfw@freebsd.org; Wed, 05 Nov 2008 02:14:13 -0800 Message-ID: <20339037.post@talk.nabble.com> Date: Wed, 5 Nov 2008 02:14:13 -0800 (PST) From: ruzzetto To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Nabble-From: fabio982@yahoo.it Subject: Squid not working with IPFW and NATD X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2008 10:14:14 -0000 Hi, i've a server with FreeBSd 7.0 installed on. I also installed squid and ipfw to build a little proxy. If i try to surfe on web without ifpw that's ok. When i start ipfw i can't surfe and i can't found the problem. Is there any particular configuratio for ipfw or squid??? Thanks. Fabio -- View this message in context: http://www.nabble.com/Squid-not-working-with-IPFW-and-NATD-tp20339037p20339037.html Sent from the freebsd-ipfw mailing list archive at Nabble.com. From owner-freebsd-ipfw@FreeBSD.ORG Wed Nov 5 11:16:53 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E8A461065679 for ; Wed, 5 Nov 2008 11:16:53 +0000 (UTC) (envelope-from fabio982@yahoo.it) Received: from web26005.mail.ukl.yahoo.com (web26005.mail.ukl.yahoo.com [217.12.10.216]) by mx1.freebsd.org (Postfix) with SMTP id 73ED78FC13 for ; Wed, 5 Nov 2008 11:16:53 +0000 (UTC) (envelope-from fabio982@yahoo.it) Received: (qmail 79284 invoked by uid 60001); 5 Nov 2008 10:50:12 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.it; h=X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Message-ID; b=qNm5AiPwdijpmwpY1TPFjoFDOv5b3cR7xW1pov7flS0B7TJnqlXOWFy5xxV5Q1Up+CMTiVrUMXtJiIFo3xTHuEkrt1zkC/Q3OSEK/rvxWAJmZJ9CWS3N1MfMSmCjt/OK78WQaqEjLQ3/Vi3AF6a037X9TtX810uidYFEdcODN5w=; X-YMail-OSG: 0ZcsCpMVM1myOlWai4sC9.wcfjpL8Nos.Tiv5NI5r0ksyi8wjRRHclRuexSht7sHtPttTRivqUmRJMpoXm6yRfIbqxbaSsPkJrOoDhKCCSFQI9.KNqoE9TDxTXqWgXBDjnfiu8jOJT53ZzieJspDfXq_5j20uQ_zUPZqXF36dmSUZIrSkTuqiBQheOc- Received: from [80.84.99.6] by web26005.mail.ukl.yahoo.com via HTTP; Wed, 05 Nov 2008 10:50:11 GMT X-Mailer: YahooMailRC/1155.20 YahooMailWebService/0.7.260.1 Date: Wed, 5 Nov 2008 10:50:11 +0000 (GMT) From: Fabio To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Message-ID: <973475.78335.qm@web26005.mail.ukl.yahoo.com> X-Mailman-Approved-At: Wed, 05 Nov 2008 12:24:06 +0000 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Squid problem with IPFW enabled X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2008 11:16:54 -0000 Hi, =0Ai've a server with FreeBSd 7.0 installed on. I also installed squid = and ipfw to build a little proxy. =0AIf i try to surfe on web without ifpw = that's ok. When i start ipfw i can't surfe and i can't found the problem. = =0A=0AIs there any particular configuratio for ipfw or squid??? =0A=0AThank= s. =0A=0AFabio=0A=0A=0A=0A Unisciti alla community di Io fotografo e v= ideo, il nuovo corso di fotografia di Gazzetta dello sport:=0Ahttp://www.fl= ickr.com/groups/iofotografoevideo From owner-freebsd-ipfw@FreeBSD.ORG Wed Nov 5 19:50:18 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 374171065689 for ; Wed, 5 Nov 2008 19:50:18 +0000 (UTC) (envelope-from rik@inse.ru) Received: from mail.inse.ru (mail.inse.ru [144.206.128.1]) by mx1.freebsd.org (Postfix) with ESMTP id E456F8FC17 for ; Wed, 5 Nov 2008 19:50:17 +0000 (UTC) (envelope-from rik@inse.ru) Received: from www.inse.ru (www.inse.ru [144.206.128.1]) by mail.inse.ru (Postfix) with ESMTPSA id BE1E733C74; Wed, 5 Nov 2008 22:50:16 +0300 (MSK) Message-ID: <4911F833.4090009@localhost.inse.ru> Date: Wed, 05 Nov 2008 22:46:59 +0300 From: Roman Kurakin User-Agent: Thunderbird 2.0.0.16 (X11/20080723) MIME-Version: 1.0 To: ruzzetto References: <20339037.post@talk.nabble.com> In-Reply-To: <20339037.post@talk.nabble.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org Subject: Re: Squid not working with IPFW and NATD X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2008 19:50:18 -0000 Could you provide your configuration settings. rik ruzzetto wrote: > Hi, > i've a server with FreeBSd 7.0 installed on. I also installed squid and ipfw > to build a little proxy. > If i try to surfe on web without ifpw that's ok. When i start ipfw i can't > surfe and i can't found the problem. > > Is there any particular configuratio for ipfw or squid??? > > Thanks. > > Fabio > From owner-freebsd-ipfw@FreeBSD.ORG Thu Nov 6 10:25:07 2008 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8AEAB106567F for ; Thu, 6 Nov 2008 10:25:07 +0000 (UTC) (envelope-from thavinci@thavinci.za.net) Received: from thavinci.za.net (mail.e-soul.co.za [196.211.117.44]) by mx1.freebsd.org (Postfix) with ESMTP id 886028FC0A for ; Thu, 6 Nov 2008 10:25:00 +0000 (UTC) (envelope-from thavinci@thavinci.za.net) Received: from thavinci.za.net (localhost [127.0.0.1]) by thavinci.za.net (Postfix) with ESMTP id B75F29B4B8 for ; Thu, 6 Nov 2008 12:24:54 +0200 (SAST) Received: by thavinci.za.net (Postfix, from userid 1002) id 9B8809B4B3; Thu, 6 Nov 2008 12:24:54 +0200 (SAST) Received: from thavinciPC (unknown [192.168.12.110]) by thavinci.za.net (Postfix) with ESMTP id 8E8809B492 for ; Thu, 6 Nov 2008 12:24:54 +0200 (SAST) From: "Marcel Grandemange" To: Date: Thu, 6 Nov 2008 12:24:31 +0200 Message-ID: <03a101c93ff9$db7e64b0$927b2e10$@za.net> MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: Ack/+ds3/Hd25xKUTQib8ATG1kxPSQ== Content-Language: en-us X-Virus-Scanned: ClamAV using ClamSMTP Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: TOS/DSCP X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Nov 2008 10:25:07 -0000 Good day, It would be great if someone could show me an example of how to make ipfw rules based on TOS. I have a external box that marks all p2p packets and gives them the TOS of 8. What Id like to do is build rules on the bsd machine that can match those packets with TOS 8.. Examples anyone? From owner-freebsd-ipfw@FreeBSD.ORG Thu Nov 6 11:18:13 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 25461106568E for ; Thu, 6 Nov 2008 11:18:13 +0000 (UTC) (envelope-from araujobsdport@gmail.com) Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.26]) by mx1.freebsd.org (Postfix) with ESMTP id CAD788FC1F for ; Thu, 6 Nov 2008 11:18:12 +0000 (UTC) (envelope-from araujobsdport@gmail.com) Received: by qw-out-2122.google.com with SMTP id 9so342160qwb.7 for ; Thu, 06 Nov 2008 03:18:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:received:date:to:cc:subject :message-id:references:mime-version:content-type:content-disposition :in-reply-to:user-agent:from; bh=a3Bole7SHMV3qhfY1FyGMvHJh+NDXMYmbjL/wYIpx2U=; b=YDGueuM+ZUrLQafcLI9p1FqpRuTS/uVlomcXYEmTyQKaJHafXHVZBbGZMPgBxGX/M0 mJKPOiFr7Ui3dGhDYEDe/QhkJP+ih7pLA9T6MtYQMw6ikrMtoi9bcXKWfUxe+l5H8xRE Pc/RhuvwaE7ecvw6Be530XTs5Y1gzA1TQC8y4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:to:cc:subject:message-id:references:mime-version:content-type :content-disposition:in-reply-to:user-agent:from; b=ulCr8sV7WhevM8w5UuxZoOG0KCiB5mA8FS4/6sEGPxZESCy6INlLCDjc3JZYAe0b3X 7VNLWFjJyd8Bmh2mkqSITS0KFEqB/9xJAbmLBYO41ncLsGPpiIdk44eltc5nsMx9Tkr6 KCVVxVPv9mq5Uikqvdt3Fdx4fXUo4TffERpxI= Received: by 10.214.148.10 with SMTP id v10mr1997953qad.287.1225968479153; Thu, 06 Nov 2008 02:47:59 -0800 (PST) Received: from ponderosa.intelbras.com.br ([200.247.114.7]) by mx.google.com with ESMTPS id 5sm3092287yxt.1.2008.11.06.02.47.55 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 06 Nov 2008 02:47:57 -0800 (PST) Received: by ponderosa.intelbras.com.br (sSMTP sendmail emulation); Thu, 6 Nov 2008 16:47:58 -0200 Date: Thu, 6 Nov 2008 16:47:58 -0200 To: Marcel Grandemange Message-ID: <20081106184758.GA1514@ponderosa.intelbras.com.br> References: <03a101c93ff9$db7e64b0$927b2e10$@za.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ikeVEW9yuYc//A+q" Content-Disposition: inline In-Reply-To: <03a101c93ff9$db7e64b0$927b2e10$@za.net> User-Agent: Mutt/1.5.17 (2007-11-01) From: Marcelo Araujo Cc: freebsd-ipfw@FreeBSD.org Subject: Re: TOS/DSCP X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Nov 2008 11:18:13 -0000 --ikeVEW9yuYc//A+q Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Nov 06, 2008 at 12:24:31PM +0200, Marcel Grandemange wrote: > Good day, >=20 > It would be great if someone could show me an example of how to make ipfw > rules based on TOS. > I have a external box that marks all p2p packets and gives them the TOS of > 8. > What Id like to do is build rules on the bsd machine that can match those > packets with TOS 8.. >=20 > Examples anyone? >=20 Hello dear Marcel, Some time ago I did a research about FreeBSD and QoS. With this research I started to developing and organize some patchs for IPFW, but these aren't finished, however you can use that. About ToS and IPFW: http://code.google.com/p/exports/wiki/ToSWorkAround About DSCP and IPFW: http://code.google.com/p/exports/wiki/DSCPWorkAround It was started also a new user function called *modip* that indeed just together some tools to provide a QoS implementation. Patch of MODIP: http://people.freebsd.org/~araujo/logs/ipfw-modip20080324.diff How you can use that: ipfw add 10 modip tos:lowdelay ip from any to any ipfw add 11 modip dscp:af14 ip from any to any ipfw add 12 modip ippre:flash ip from any to any Bye for now, Best Regards, --=20 Marcelo Araujo araujo@FreeBSD.org http://www.FreeBSD.org The first myth of management is that it exists the second myth of management is that success equals skill. --ikeVEW9yuYc//A+q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFJEzveovxJd1Pkz6gRAs9JAJ91R90Xmm+dx4bdjdpC85oGKMHg0QCePFwQ /xTIaxv4cqQIHhPuelciY/0= =FIss -----END PGP SIGNATURE----- --ikeVEW9yuYc//A+q--