From owner-freebsd-ipfw@FreeBSD.ORG Sun Nov 19 20:01:02 2006 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1EE7516A505 for ; Sun, 19 Nov 2006 20:01:02 +0000 (UTC) (envelope-from infofarmer@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6DCF243E46 for ; Sun, 19 Nov 2006 20:00:28 +0000 (GMT) (envelope-from infofarmer@gmail.com) Received: by nf-out-0910.google.com with SMTP id x37so1708743nfc for ; Sun, 19 Nov 2006 12:00:38 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth; b=MvFzSfj/jM/XV6vMZYjD4+hnLKBvOpVElP3G402qSq/IyCEW2M+PZ3GT0sQfqtjPp5qvByiBnQIvjPOicyujTA3yGlR5VJxgftahF28bkFkDYllfehYgDkZDGRFiHh1158SInVDLrlpu1vkm0SRmjGRVOHEM9gvpN5dABV0KZCY= Received: by 10.78.117.10 with SMTP id p10mr4431174huc.1163966437822; Sun, 19 Nov 2006 12:00:37 -0800 (PST) Received: by 10.78.167.16 with HTTP; Sun, 19 Nov 2006 12:00:37 -0800 (PST) Message-ID: Date: Sun, 19 Nov 2006 23:00:37 +0300 From: "Andrew Pantyukhin" Sender: infofarmer@gmail.com To: current@freebsd.org, ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Google-Sender-Auth: a9d62923780f9664 Cc: Subject: ipfw ipsec flag X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Nov 2006 20:01:02 -0000 Does anyone have subj working? I have IPSEC+ESP+ FILTERGIF compiled in kernel on very recent 7-CURRENT/amd64 and 6-STABLE/i386 which fail to "count ipsec" whatever I try. With/without ESP; manually configured with setkey or set via racoon2/ikev2... On 7-CURRENT I have a GENERIC kernel with no extra options than those 3 IPSEC ones. No gifs or tunnels though... From owner-freebsd-ipfw@FreeBSD.ORG Sun Nov 19 20:16:56 2006 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1D66216A4CA; Sun, 19 Nov 2006 20:16:56 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9F6B543D8D; Sun, 19 Nov 2006 20:15:28 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id 2BD46200147; Sun, 19 Nov 2006 21:15:12 +0100 (CET) Received: by transport.cksoft.de (Postfix, from userid 66) id A01681FFE70; Sun, 19 Nov 2006 21:15:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 32712444888; Sun, 19 Nov 2006 20:12:53 +0000 (UTC) Date: Sun, 19 Nov 2006 20:12:53 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Andrew Pantyukhin In-Reply-To: Message-ID: <20061119201222.Y18512@maildrop.int.zabbadoz.net> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de Cc: ipfw@freebsd.org, FreeBSD current mailing list Subject: Re: ipfw ipsec flag X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Nov 2006 20:16:56 -0000 On Sun, 19 Nov 2006, Andrew Pantyukhin wrote: Hi, > Does anyone have subj working? I have IPSEC+ESP+ yes since freebsd 5.x. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT From owner-freebsd-ipfw@FreeBSD.ORG Sun Nov 19 21:16:31 2006 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 834B916A407 for ; Sun, 19 Nov 2006 21:16:31 +0000 (UTC) (envelope-from infofarmer@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.187]) by mx1.FreeBSD.org (Postfix) with ESMTP id 72A4F43D7B for ; Sun, 19 Nov 2006 21:16:04 +0000 (GMT) (envelope-from infofarmer@gmail.com) Received: by nf-out-0910.google.com with SMTP id x37so1728480nfc for ; Sun, 19 Nov 2006 13:16:15 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=udoi0kjczWqkU4OdIaKzhyDvQS1yYHHbMhLizK9UUUC2L+thW3GQVjkgxvMz8vtb3wPxtO/fDGCfPJF5y/UCAJiMKyEHdy3sEsZim4bb9MiUTE3XW15khbMEhEy01hBSlYbbR3awoNKHlt15KJQienJ43L8O9fJFRWysI8/2kM8= Received: by 10.78.204.7 with SMTP id b7mr4482737hug.1163970974689; Sun, 19 Nov 2006 13:16:14 -0800 (PST) Received: by 10.78.167.16 with HTTP; Sun, 19 Nov 2006 13:16:14 -0800 (PST) Message-ID: Date: Mon, 20 Nov 2006 00:16:14 +0300 From: "Andrew Pantyukhin" Sender: infofarmer@gmail.com To: "Bjoern A. Zeeb" In-Reply-To: <20061119205729.D18512@maildrop.int.zabbadoz.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20061119201222.Y18512@maildrop.int.zabbadoz.net> <20061119205729.D18512@maildrop.int.zabbadoz.net> X-Google-Sender-Auth: 8c192e0d3a81dd83 Cc: ipfw@freebsd.org, current@freebsd.org Subject: Re: ipfw ipsec flag X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Nov 2006 21:16:31 -0000 On 11/20/06, Bjoern A. Zeeb wrote: > On Sun, 19 Nov 2006, Andrew Pantyukhin wrote: > > Hi, > > > On 11/19/06, Bjoern A. Zeeb wrote: > >> On Sun, 19 Nov 2006, Andrew Pantyukhin wrote: > >> > >> Hi, > >> > >> > Does anyone have subj working? I have IPSEC+ESP+ > >> > >> yes since freebsd 5.x > > > > You mean it's working fine for you? > > > > Do you have any idea what might be wrong in my > > case? Do you use gif and/or tunnel mode? > > yes working fine. > no gif. > tunnel mode. I changed from transport to tunnel and it works. The problem is I don't really need tunnel... > Might be that it doesn't work together with count? It doesn't work with allow in transport mode, either. I wonder if I should file a PR... Thanks! From owner-freebsd-ipfw@FreeBSD.ORG Mon Nov 20 05:03:31 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 835F716A417 for ; Mon, 20 Nov 2006 05:03:31 +0000 (UTC) (envelope-from apply@paginternet.com) Received: from ip-236.net-81-220-79.rev.numericable.fr (ip-236.net-81-220-79.rev.numericable.fr [81.220.79.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id C62FB43D6B for ; Mon, 20 Nov 2006 05:02:47 +0000 (GMT) (envelope-from apply@paginternet.com) Message-ID: <000701c70c61$25ccd390$00000000@Celeron600> From: "Bounce Naruto" To: freebsd-ipfw@freebsd.org Date: Mon, 20 Nov 2006 06:02:58 +0100 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0003_01C70C69.878E2E50" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: provides Irata World Google X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Nov 2006 05:03:31 -0000 ------=_NextPart_000_0003_01C70C69.878E2E50 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Linkshow connect Tvout of am Tvhow am Videospc we. Objective Consulting = of job. Way stores is near in Come. Best West Endthe definitive guide Londons one. One feature a Touring country coming venue am funny. Bf Welcome in = online home in things Book Sense is. Wish in worry much messing backed easily restored meaning everyone. = Norating Cockroach Avery. Bd index bulletin board average vote Imdb or language. Definitive guide = am Londons a one feature. Indian or Snatch Flklypa Grand Prix in Lagaan Upon. Popup in Updating Send feedback. Martin ice Dragon Interview Renowned = fantasy! Practice there now likely of. Good or seats am still Dallaglio! Hsn Isabella Bird! Practice there now = likely of. Gig cds poundfree delivery Musical favourite. Barcode customer ticket is = current When moves next phase in. Video more am than. Are shown above is if you your video more! Fun across network too does mean a answers. Ftsvideo rf Coax Tvsvideo Products Linkshow is connect. Rat Pack = Glasgows Hogmanay rod Stewart. Dont tab so a cant let use a menu = displays cameras. Objective Consulting of job. Oacplease or email us first in any = questions write question subject a. Rocky Boards Movie Showtimes Office = Trailers Imdbprocom Publicity? Things Book in Sense including of fast way stores near. Rocky Boards = Movie Showtimes Office Trailers Imdbprocom Publicity? Tour tshirts gig = cds poundfree of delivery Musical. ------=_NextPart_000_0003_01C70C69.878E2E50-- From owner-freebsd-ipfw@FreeBSD.ORG Mon Nov 20 11:09:03 2006 Return-Path: X-Original-To: freebsd-ipfw@FreeBSD.org Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A82B816A407 for ; Mon, 20 Nov 2006 11:09:03 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id AAD0043D9B for ; Mon, 20 Nov 2006 11:08:00 +0000 (GMT) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id kAKB8ChP001486 for ; Mon, 20 Nov 2006 11:08:12 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id kAKB8BwY001482 for freebsd-ipfw@FreeBSD.org; Mon, 20 Nov 2006 11:08:11 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 20 Nov 2006 11:08:11 GMT Message-Id: <200611201108.kAKB8BwY001482@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: linimon set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Nov 2006 11:09:03 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent f kern/51341 ipfw [ipfw] [patch] ipfw rule 'deny icmp from any to any ic o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o conf/78762 ipfw [ipfw] [patch] /etc/rc.d/ipfw should excecute $firewal o bin/80913 ipfw [patch] /sbin/ipfw2 silently discards MAC addr arg wit o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/93300 ipfw ipfw pipe lost packets o kern/95084 ipfw [ipfw] [patch] IPFW2 ignores "recv/xmit/via any" (IPFW o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/103454 ipfw [ipfw] [patch] add a facility to modify DF bit of the 14 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau o kern/46159 ipfw [ipfw] [patch] ipfw dynamic rules lifetime feature o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o bin/50749 ipfw [ipfw] [patch] ipfw2 incorrectly parses ports and port o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/73276 ipfw [ipfw] [patch] ipfw2 vulnerability (parser error) o bin/78785 ipfw [ipfw] [patch] ipfw verbosity locks machine if /etc/rc o kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o kern/82724 ipfw [ipfw] [patch] Add setnexthop and defaultroute feature o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/103328 ipfw sugestions about ipfw table p kern/103967 ipfw [ipfw] [patch] ipfw2 limit src-addr logging is not suf o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q 21 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Nov 20 11:31:04 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C38EC16A403 for ; Mon, 20 Nov 2006 11:31:04 +0000 (UTC) (envelope-from cichas@post.cz) Received: from mxm.seznam.cz (mxmn.seznam.cz [212.80.76.45]) by mx1.FreeBSD.org (Postfix) with SMTP id 632CB43D67 for ; Mon, 20 Nov 2006 11:30:47 +0000 (GMT) (envelope-from cichas@post.cz) Received: (qmail 22272 invoked by uid 0); 20 Nov 2006 11:14:21 -0000 To: freebsd-ipfw@freebsd.org Date: Mon, 20 Nov 2006 12:14:17 +0100 (CET) From: =?us-ascii?Q?Ja=20Cichas?= Received: from [195.122.204.154] by email.seznam.cz with HTTP for cichas@post.cz; Mon, 20 Nov 2006 12:10:24 +0100 (CET) Mime-Version: 1.0 Message-Id: <695.1644-28402-1926237411-1164021257@post.cz> Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii" X-Abuse: helpdesk@seznam.cz X-Seznam-User: cichas@post.cz Subject: ipfw: ouch!, skip past end of rules, denying packet X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Nov 2006 11:31:04 -0000 Hello, after upgrade from FreeBSD 4.11 to 6.1-RELEASE-p10 we are getting lots of $SUBJ messages in log. It is triggered by "ipfw -f flush" command when firewall is reloaded. Other info: HZ=1000 dummynet pipes (without them no $SUBJ) net.inet.ip.fw.one_pass: 0 (need for traffic counting after pipe) no skipto rule Any solution, please? From owner-freebsd-ipfw@FreeBSD.ORG Mon Nov 20 14:03:55 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 256D516A47C for ; Mon, 20 Nov 2006 14:03:55 +0000 (UTC) (envelope-from reinhard.haller@interactive-net.de) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 001BA43E9E for ; Mon, 20 Nov 2006 13:59:30 +0000 (GMT) (envelope-from reinhard.haller@interactive-net.de) Received: from [84.153.5.135] (helo=interactive.dnsalias.net) by mrelayeu.kundenserver.de (node=mrelayeu6) with ESMTP (Nemesis), id 0ML29c-1Gm9gN25xW-00008y; Mon, 20 Nov 2006 14:59:36 +0100 Received: from fs-inter.interactive.de ([192.168.0.1]) by interactive.dnsalias.net with smtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gm9g6-0005Rb-KN for freebsd-ipfw@freebsd.org; Mon, 20 Nov 2006 14:59:18 +0100 Received: from dom-inter-Message_Server by fs-inter.interactive.de with Novell_GroupWise; Mon, 20 Nov 2006 14:59:18 +0100 Message-Id: X-Mailer: Novell GroupWise 5.5.5 Date: Mon, 20 Nov 2006 14:58:36 +0100 From: "Reinhard Haller" To: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline X-ACL-rcpt: freebsd-ipfw@freebsd.org X-ACL-Send: reinhard.haller@interactive-net.de X-Provags-ID: kundenserver.de abuse@kundenserver.de login:826490dd1e74a3d8dbafa5d2e0d2dc05 Subject: dynamic address lists X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Nov 2006 14:03:55 -0000 Hi, I'm using address lists to enable update services like razor, cvs, clamav etc. The odd thing is the need to check the DNS resolution against the configured address lists. Is there a way to define address lists/tables based on DNS? Thanks Reinhard From owner-freebsd-ipfw@FreeBSD.ORG Mon Nov 20 15:14:20 2006 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 82AF416A407; Mon, 20 Nov 2006 15:14:20 +0000 (UTC) (envelope-from maxim@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6AA6443DD1; Mon, 20 Nov 2006 15:13:44 +0000 (GMT) (envelope-from maxim@FreeBSD.org) Received: from freefall.freebsd.org (maxim@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id kAKFDuFX026633; Mon, 20 Nov 2006 15:13:56 GMT (envelope-from maxim@freefall.freebsd.org) Received: (from maxim@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id kAKFDtfI026629; Mon, 20 Nov 2006 15:13:55 GMT (envelope-from maxim) Date: Mon, 20 Nov 2006 15:13:55 GMT From: Maxim Konovalov Message-Id: <200611201513.kAKFDtfI026629@freefall.freebsd.org> To: barzog@telecom.by, maxim@FreeBSD.org, freebsd-ipfw@FreeBSD.org Cc: Subject: Re: kern/103967: [ipfw] [patch] ipfw2 limit src-addr logging is not sufficient for debug X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Nov 2006 15:14:20 -0000 Synopsis: [ipfw] [patch] ipfw2 limit src-addr logging is not sufficient for debug State-Changed-From-To: patched->closed State-Changed-By: maxim State-Changed-When: Mon Nov 20 15:13:39 UTC 2006 State-Changed-Why: Merged to RELENG_6. http://www.freebsd.org/cgi/query-pr.cgi?pr=103967 From owner-freebsd-ipfw@FreeBSD.ORG Mon Nov 20 16:45:10 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4EDD116A4AB for ; Mon, 20 Nov 2006 16:45:10 +0000 (UTC) (envelope-from www@auriga.webchance-net.de) Received: from auriga.webchance-net.de (auriga.webchance-net.de [194.6.194.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 44ECA43FB4 for ; Mon, 20 Nov 2006 16:34:06 +0000 (GMT) (envelope-from www@auriga.webchance-net.de) Received: from www by auriga.webchance-net.de with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GmC5u-0000Ml-4b for freebsd-ipfw@freebsd.org; Mon, 20 Nov 2006 17:34:06 +0100 To: freebsd-ipfw@freebsd.org From: eBay Content-Transfer-Encoding: 8bit Message-Id: Sender: World Wide Web Owner Date: Mon, 20 Nov 2006 17:34:06 +0100 MIME-Version: 1.0 Content-Type: text/plain X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Message From eBay Member X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: deborah_desire@yahoo.com List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Nov 2006 16:45:10 -0000 eBay [ltCurve.gif] Question about Item -- Respond Now [rtCurve.gif] [s.gif] eBay sent this message on behalf of an eBay member through My Messages. Responses sent using email will go to the eBay member directly and will include your email address. [s.gif] [s.gif] [s.gif] [s.gif] Question from 715nick [s.gif] [1]715nick( [2]33 [iconYellowStar_25x25.gif] ) [s.gif] Positive feedback: 100% [s.gif] Member since: Nov-10-04 [s.gif] Location: ND, United States [s.gif] Registered on: www.ebay.com [s.gif] This message was sent while the listing was active. 715nick is a potential buyer. [s.gif] Hi, Is the item still available for sale? , Let me know because or I'm online and I can pay you right now. Respond to this question [s.gif] [3]Respond Now [s.gif] Responses in My Messages will not include your email address. Thank you, eBay [s.gif] Details for item number: 290046672352 Item URL: [4]http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=290046672352&ssp agename=ADME:B:AAQ:US:1 End date: Nov-10 -06 05:47:31 PDT [s.gif] Marketplace Safety Tip [5]Marketplace Safety Tip Always remember to complete your transactions on eBay - it's the safer way to trade. Is this message an offer to buy your item directly through email without winning the item on eBay? If so, please help make the eBay marketplace safer by reporting it to us. These "outside of eBay" transactions may be unsafe and are against eBay policy. [6]Learn more about trading safely. [s.gif] [s.gif] Is this email inappropriate? Does it violate [7]eBay policy? Help protect the Community by [8]reporting it. [s.gif] [s.gif] [s.gif] [s.gif] Learn how you can protect yourself from spoof (fake) emails at: [9]http://pages.ebay.com/education/spooftutorial This eBay notice was sent to you on behalf of another eBay member through the eBay platform and in accordance with our Privacy Policy. If you would like to receive this email in text format, change your [10]notification preferences. See our Privacy Policy and User Agreement if you have questions about eBay's communication policies. Privacy Policy: [11]http://pages.ebay.com/help/policies/privacy-policy.html User Agreement: [12]http://pages.ebay.com/help/policies/user-agreement.html Copyright © 2006 eBay, Inc. All Rights Reserved. Designated trademarks and brands are the property of their respective owners. eBay and the eBay logo are registered trademarks or trademarks of eBay, Inc. eBay is located at 2145 Hamilton Avenue, San Jose, CA 95125. [home;tile=1;sz=1x1;ord=538968386?] References 1. http://feedback.ebay.com/ws/eBayISAPI.dll?ViewFeedback&userid=715nick&sspagename=ADME:B:AAQ:US:2 2. http://feedback.ebay.com/ws/eBayISAPI.dll?ViewFeedback&userid=715nick 3. ftp://guest:guest@211.22.92.202/signin.ebay.com.ws.eBayISAPI.dllSignIn&co_partnerId=2&pUserId=&siteid=0&pageType=&pa1=&i1=&bshowgif=&UsingSSL.html 4. ftp://guest:guest@211.22.92.202/signin.ebay.com.ws.eBayISAPI.dllSignIn&co_partnerId=2&pUserId=&siteid=0&pageType=&pa1=&i1=&bshowgif=&UsingSSL.html 5. http://pages.ebay.com/securitycenter 6. http://pages.ebay.com/securitycenter/selling_safely.html 7. http://pages.ebay.com/help/policies/rfe-unwelcome-email-misuse.html 8. http://cgi1.ebay.com/aw-cgi/eBayISAPI.dll?ReportEmailAbuseshow&reporteruserid=randybru&reporteduserid=715nick&emaildate=2006/07/25:15:15:37&emailtype=0&emailtext=Hey+Randy+I+was+also+wondering+how+to+buy+it+now+and+if+you+would+accept+paypal+or+possilbly+meet+and+I+would+take+the+bike+off+your+hands+for+%243500+cash+in+hand+Thanks+Again+Nick&trackId=2655020174 9. http://pages.ebay.com/education/spooftutorial 10. http://cgi4.ebay.com/ws/eBayISAPI.dll?OptinLoginShow 11. http://pages.ebay.com/help/policies/privacy-policy.html 12. http://pages.ebay.com/help/policies/user-agreement.html From owner-freebsd-ipfw@FreeBSD.ORG Wed Nov 22 19:20:49 2006 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D640016A53B for ; Wed, 22 Nov 2006 19:20:49 +0000 (UTC) (envelope-from vladone@spaingsm.com) Received: from pandora.routing.ro (thunder.lsstelecom.ro [194.117.236.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id 34C46440A8 for ; Wed, 22 Nov 2006 19:18:28 +0000 (GMT) (envelope-from vladone@spaingsm.com) Received: (qmail 19722 invoked by uid 1010); 22 Nov 2006 21:16:32 +0200 Received: from 88.158.112.6 by pandora (envelope-from , uid 1007) with qmail-scanner-LSS (clamdscan: 0.88/1337. spamassassin: 3.1.1. perlscan: 1.25-st-qms. Clear:RC:1(88.158.112.6):. Processed in 2.46099 secs); 22 Nov 2006 19:16:32 -0000 LSS-Antivirus-Mail-From: vladone@spaingsm.com via pandora LSS-Antivirus: LSS (Clear:RC:1(88.158.112.6):. Processed in 2.46099 secs Process 19714/19683) Received: from 6.112.158.88.radiocom.ro (HELO ?10.0.0.10?) (vladone@spaingsm.com@88.158.112.6) by mail.lsstelecom.ro with SMTP; 22 Nov 2006 21:16:30 +0200 Date: Wed, 22 Nov 2006 21:17:49 +0200 From: Fratiman Vladut X-Mailer: The Bat! (v3.80.03) Professional Organization: home X-Priority: 3 (Normal) Message-ID: <816891059.20061122211749@spaingsm.com> To: ipfw@freebsd.org In-Reply-To: <695.1644-28402-1926237411-1164021257@post.cz> References: <695.1644-28402-1926237411-1164021257@post.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: Subject: Re: ipfw: ouch!, skip past end of rules, denying packet X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Fratiman Vladut List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Nov 2006 19:20:50 -0000 Hello Ja, Monday, November 20, 2006, 1:14:17 PM, you wrote: > Hello, > after upgrade from FreeBSD 4.11 to 6.1-RELEASE-p10 we are getting lots of $SUBJ messages in log. > It is triggered by "ipfw -f flush" command when firewall is reloaded. > Other info: > HZ=1000 > dummynet pipes (without them no $SUBJ) > net.inet.ip.fw.one_pass: 0 (need for traffic counting after pipe) > no skipto rule > Any solution, please? > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to > "freebsd-ipfw-unsubscribe@freebsd.org" This message is given by packets that exist in pipe queue's after flush ipfw rules. -- Best regards, Fratiman mailto:vladone@spaingsm.com From owner-freebsd-ipfw@FreeBSD.ORG Fri Nov 24 05:16:28 2006 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9CB1216A412 for ; Fri, 24 Nov 2006 05:16:28 +0000 (UTC) (envelope-from nilton.volpato@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.186]) by mx1.FreeBSD.org (Postfix) with ESMTP id 795B243D45 for ; Fri, 24 Nov 2006 05:15:48 +0000 (GMT) (envelope-from nilton.volpato@gmail.com) Received: by nf-out-0910.google.com with SMTP id x37so1057077nfc for ; Thu, 23 Nov 2006 21:16:25 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=NzNo73KR3JtHiKHC+hgdLE+IpFG2wDjw/5fbPuCejhPFfsDrDMIQ5vUcnxJeWLwJe3q71MlldHLCSt5xIySBmNrD+FMQjFjljGPb7m1dpuX1I0N7xN2oUXxF9MO3NGnXpz4RNqXjvaqhAk0IbB24WrESVQ80ZdZ3SQHS1Kfs6Zc= Received: by 10.78.201.2 with SMTP id y2mr9947024huf.1164345385248; Thu, 23 Nov 2006 21:16:25 -0800 (PST) Received: by 10.78.126.15 with HTTP; Thu, 23 Nov 2006 21:16:25 -0800 (PST) Message-ID: <27fef5640611232116o6e26cbcbx230d13981270bb89@mail.gmail.com> Date: Fri, 24 Nov 2006 02:16:25 -0300 From: "Nilton Volpato" To: freebsd-questions@freebsd.org, ipfw@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: Cc: Subject: Re: port redirection with natd and ipfw X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Nov 2006 05:16:28 -0000 [Fratiman Vladut] > This is because u try to access an ip that have same ip like your > gateway, but from internal lan, so packets are sends to gateway but > cannot be redirected back to the http server according with redirect > rules. > To resolve this situation, configure a simple dns server on your > gateway, and make a zone with your domain pointed to the internal ip. > Then configure the computers clients to ask your dns server. This is > easily done via dhcp. > Your dns server need to be configured to forward request's for unknow > domains to the autoritarive public dns servers. > -- > Best regards, > Fratiman [Russell Wood] > I had a similar setup once and used Split DNS with BIND. So, if you > requested example.com on 192.168.0.0/24 then you'd get the internal IP, > otherwise you got the external IP. > > Regards, > Russell Wood Thanks guys, But Split DNS does not work in my case. Because I have different services on different machines, and the dns will map one name (and all ports associated to it) to one machine. Is there any solution that will work without using split dns? Thanks, -- Nilton From owner-freebsd-ipfw@FreeBSD.ORG Sat Nov 25 09:56:24 2006 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 03A1D16A47B for ; Sat, 25 Nov 2006 09:56:24 +0000 (UTC) (envelope-from vladone@spaingsm.com) Received: from pandora.routing.ro (thunder.lsstelecom.ro [194.117.236.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4B4B643D60 for ; Sat, 25 Nov 2006 09:55:34 +0000 (GMT) (envelope-from vladone@spaingsm.com) Received: (qmail 20863 invoked by uid 1010); 25 Nov 2006 11:54:37 +0200 Received: from 88.158.112.6 by pandora (envelope-from , uid 1007) with qmail-scanner-LSS (clamdscan: 0.88/1337. spamassassin: 3.1.1. perlscan: 1.25-st-qms. Clear:RC:1(88.158.112.6):. Processed in 2.354668 secs); 25 Nov 2006 09:54:37 -0000 LSS-Antivirus-Mail-From: vladone@spaingsm.com via pandora LSS-Antivirus: LSS (Clear:RC:1(88.158.112.6):. Processed in 2.354668 secs Process 20857/20839) Received: from 6.112.158.88.radiocom.ro (HELO ?10.0.0.10?) (vladone@spaingsm.com@88.158.112.6) by mail.lsstelecom.ro with SMTP; 25 Nov 2006 11:54:35 +0200 Date: Sat, 25 Nov 2006 11:56:03 +0200 From: Fratiman Vladut X-Mailer: The Bat! (v3.80.03) Professional Organization: home X-Priority: 3 (Normal) Message-ID: <2452595.20061125115603@spaingsm.com> To: ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: Subject: semnification for hashsize, buckets and max_chain_len in dummynet X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Fratiman Vladut List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Nov 2006 09:56:24 -0000 Hi! Can someone explain how is configured and organized the flows in dummynet, and what is the role of hashsize, buckets and max_chain_len. My interest is about setting this parameters in case of an great number of flows. For example, if i have an pipe and 1000 queue connected to that pipe. What is value for hashsize and buckets in this case? -- Best regards, Fratiman mailto:vladone@spaingsm.com