On Wed, 12 Dec 2007, Randy Bush wrote:
did you start off with?
# ifconfig bridge create
when your ifconfig -a should then also show:
bridge0: flags=8802BROADCAST,SIMPLEX,MULTICAST metric 0 mtu 1500
(etc)
though it looks like 'cloned_interfaces=bridge0' is
On Tue, 11 Dec 2007, Peter Jeremy wrote:
On Tue, Dec 11, 2007 at 12:31:00PM +0400, rihad wrote:
Peter Jeremy wrote:
On Tue, Dec 11, 2007 at 09:21:17AM +0400, rihad wrote:
And if I _only_ want to shape IP traffic to given speed, without
prioritizing anything, do I still need queues?
On Wed, 12 Dec 2007, Bruce M. Simpson wrote:
My shot from the hip, although I'm pretty much away from this stuff at
the moment.
Randy Bush wrote:
# ifconfig bridge0 addm ath0 addm vr1 up
ifconfig: BRDGADD ath0: Invalid argument
ath0 is IFT_ETHER, so it should be OK to
On Wed, 12 Dec 2007, Chris Dillon wrote:
Quoting Julian Elischer [EMAIL PROTECTED]:
I need a word to use to describe the network view one is currently on..
e.g. if you are usinghe second routing table, you could say I've set xxx
to 1
(0 based)..
current;y in my code I'm
On Thu, 13 Dec 2007, Randy Bush wrote:
ok, i have bridging working (kernel/userland version skew likely culprit,
thanks max),
except that ath0 does not seem to completely bridge. bms may have warned me
in saying
although you won't get the 802.11 frames bridged.
I'm wondering just
On Sun, 16 Dec 2007, Randy Bush wrote:
ifconfig_ath0=channel 4 ssid rgnet-aden wep wepkey 13-characters
mediaopt hostap up
doh! thank you.
Now I'm confused. Isn't that what you already had?
also needed to tell winxp that it was private security not enterprise.
Ahah.
On Sun, 16 Dec 2007, Randy Bush wrote:
Ian Smith wrote:
ifconfig_ath0=channel 4 ssid rgnet-aden wep wepkey 13-characters
mediaopt hostap up
doh! thank you.
^deftxkey 1
'k
On Sun, 2 Mar 2008, Peter Jeremy wrote:
On Fri, Feb 29, 2008 at 02:28:04PM -0800, Juri Mianovich wrote:
after 30 minutes of maxed dummynet rule, add X mbps
to the rule for every active TCP session, with a max
ceiling of Y mbps
and:
after 30 minutes of less than max usage,
On Thu, 3 Apr 2008, Julian Elischer wrote:
Ivan Voras wrote:
Erik Trulsson wrote:
On Fri, Apr 04, 2008 at 01:34:07AM +0200, Ivan Voras wrote:
In which case would an ipfw ruleset like this:
00100 114872026 40487887607 allow ip from any to any via lo0
00200 0
On Thu, 3 Apr 2008, Julian Elischer wrote:
Ian Smith wrote:
On Thu, 3 Apr 2008, Julian Elischer wrote:
Ivan Voras wrote:
Erik Trulsson wrote:
On Fri, Apr 04, 2008 at 01:34:07AM +0200, Ivan Voras wrote:
In which case would an ipfw ruleset like this:
00100
On Fri, 4 Apr 2008, Julian Elischer wrote:
Ian Smith wrote:
On Thu, 3 Apr 2008, Julian Elischer wrote:
Not that I have known... keep-state does not (and never has) include
an implicit check-state.
Sorry (and surprised!) to have to differ, but you MADE me read the code
On Thu, 24 Apr 2008, [windows-1252] Nejc koberne wrote:
what netmask does ifconfig show for this IP?
Host:
rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500
options=8VLAN_MTU
ether 00:40:f4:27:7e:a8
inet 192.168.15.198 netmask
On Thu, 24 Apr 2008, [windows-1252] Nejc koberne wrote:
I can't help wondering what would happen if you assigned the single jail
IP to be the subnet's broadcast address, in this case 192.168.15.255 ?
You mean if I did this:
jail_samba_ip=192.168.15.255
? I can't even ssh to
Hello net crew,
We're new to bridges; please be gentle. 4.8-RELEASE box, 2 ed NICs,
test rig with 10-base coax. Bridging itself is working nicely.
Aim is for the box to bridge a 192.168.0.1 gateway (satellite down /
ISDN back proxy server black box) to a /24 of about a dozen mostly winXP
On Tue, 23 Dec 2003, Michael W. Oliver wrote:
On Wed, Dec 24, 2003 at 04:38:32AM +1100, Ian Smith wrote:
[...]
In short, ifconfig appears unwilling to have two NICs covering the same
/24. Can this be set up? I'm also at a bit of a loss with the routing,
so inside packets
On Thu, 25 Dec 2003, Bruce A. Mah wrote:
If memory serves me right, Ian Smith wrote:
In short, ifconfig appears unwilling to have two NICs covering the same
/24. Can this be set up? I'm also at a bit of a loss with the routing,
so inside packets to the bridge box (ie unbridged
On Thu, 25 Dec 2003, Bruce A. Mah sent me a useful Christmas present:
In 4-STABLE, there's a bug that prevents ARP from working correctly on
unnumbered bridge interfaces when bridging is enabled using the
bridge.ko module. Basically, there are some checks in the ARP code
that decide when
On Tue, 6 Jan 2004, Maxim Konovalov wrote:
On Tue, 6 Jan 2004, 06:33+0100, Bjorn Eikeland wrote:
P? Tue, 6 Jan 2004 07:41:26 +0300 (MSK), skrev Maxim Konovalov
[EMAIL PROTECTED]:
Try sysctl net.inet.ip.check_interface=0.
Well that did the trick!
Thank you very
On Mon, 19 Sep 2005, Brett Glass wrote:
At 10:20 AM 9/19/2005, Luigi Rizzo wrote:
original
ipfw add 1000 dosomething cond1 cond2 cond3 cond4 cond5 ... condN
negated:
ipfw add 1000 skipto 1001 cond1 cond2 cond3 cond4 cond5 ... condN
ipfw add 1000
On Fri, 19 May 2006 at 11:06:48 -0400, Mike Tancsa wrote:
I am looking for a way to improve the reliability of a lossy link
(dialup from remote sites). I am going to try multilink PPP but was
wondering if something like ng_one2many might work as well ? Does
anyone have any suggestions
On Fri, 19 May 2006 at 12:38:31 -0400, Mike Tancsa wrote:
At 12:06 PM 19/05/2006, Ian Smith wrote:
Assuming that V.42 error correction is working properly - forced if need
be - there shouldn't =be= any data loss, however slow getting through,
this side of protocol timeouts of course
On Sun, 21 May 2006 at 11:09:23 -0400, Mike Tancsa wrote:
At 05:26 AM 21/05/2006, Brian Candler wrote:
On Fri, May 19, 2006 at 12:38:31PM -0400, Mike Tancsa wrote:
Thanks for the reply. Even at 28.8 I am seeing loss with
the connection dropping and seeing dropped packets (e.g.
Hi Mike,
On Sun, 21 May 2006 at 16:03:39 -0400, Mike Tancsa wrote:
Correct. Its always dialing into a terminal server that is connected
via PRIs. Usually Lucent PM3, sometimes Cisco 5800s depending on the
location they dial from.
I guess you won't want to be messing with their configs,
I've been watching this thread with great interest, having recently been
introduced to the possibilities of OLSR (net/olsrd) for local (and
beyond) P2P wi-mesh networks, and wondering if/how zeroconf fits in.
Some refs: My discovery point, a great (online) book found from a review
by Geoff Huston
On Wed, 11 Oct 2006, Yar Tikhiy wrote:
Is there a well-known way for a UDP application to tell to the
system that it doesn't want to receive broadcast datagrams? E.g.,
it would be very good for TFTP as required by RFC 1123. In general,
accepting broadcast UDP is a security flaw unless
On Wed, 11 Oct 2006, Yar Tikhiy wrote:
On Wed, Oct 11, 2006 at 11:07:36PM +1000, Ian Smith wrote:
On Wed, 11 Oct 2006, Yar Tikhiy wrote:
Is there a well-known way for a UDP application to tell to the
system that it doesn't want to receive broadcast datagrams? E.g
On Tue, 24 Feb 2004, Andrea Venturoli wrote:
4.8-RELEASE-p15:
ipfw1?
In /var/log/all.log I get a lot of:
snort: [1:528:4] BAD-TRAFFIC loopback traffic [Classification:
Potentially Bad Traffic] [Priority: 2]: {TCP}
127.0.0.1:80 - xx.xx.xx.xx:1055
(src port is always 80, dst
These packets never reach IPFW as we can see.
Only point of interest being that the old 2.2.6+ IPFW sees them fine, ie
they're being picked up by 'deny ip from 127.0.0.0/8 to any' here.
Cheers, Ian
On Sun, Feb 29, 2004 at 01:28:23AM +1100, Ian Smith wrote:
On Sat, 28 Feb 2004, Tony
[-current out of ccs, I'm not subscribed]
On Tue, 2 Mar 2004, Andre Oppermann wrote to Wes Peters:
Wowsers. I can't wait to hear more. When do you expect to have a design
for the ARP stuff and TCP buffer sizing, since they are underway?
The ARP stuff is pretty simple and is a hash
On Wed, 19 May 2004, Bernd Walter wrote:
On Tue, May 18, 2004 at 09:05:52PM +0800, wsk wrote:
hi,folks:
It seems that the ttyd0 isn't the dialin line to login , and
the cuaa0 like is both the dialin/out device!under 4.9 above
and 5.X .but the ttyd0 work well under 4.8.
here is my
On Fri, 3 Dec 2004, Max Laier wrote:
On Thursday 02 December 2004 19:45, Petr Holub wrote:
Hi all,
I wonder if it is possible to use the new pf firewall together with
bridging as it is possible to use it with ipf and ipfw.
Unfortunately the PFIL_HOOKS in bridge.c don't work too
On Sat, 4 Dec 2004, Chuck Swiger wrote:
Ian Smith wrote:
[ ... ]
Read those ones for interest, but it leaves me wondering: can you use
stateful filtering in ipfw, then? (here ipfw1 on a 4.8-RELEASE box with
BRIDGE in kernel so far, but I imagine this would apply also to ipfw2
On Fri, 31 Oct 2014 18:30:00 +0330, Hooman Fazaeli wrote:
On 10/31/2014 5:30 PM, Mark Felder wrote:
I'm not sure if this is what you're looking for, but perhaps the
solution is in net/samplicator ?
From the project's website:
This simple program listens for UDP datagrams on
On Fri, 31 Oct 2014 18:28:28 -0700, Freddie Cash wrote:
On Oct 31, 2014 12:12 PM, John-Mark Gurney j...@funkthat.com wrote:
Can any one think of a good reason not to enable IPDIVERT sockets in
the ipfw module?
Yes, two. Nowadays people are just as or perhaps more likely to use
On Sat, 1 Nov 2014 15:38:33 +0330, Hooman Fazaeli wrote:
On 10/31/2014 8:30 PM, Ian Smith wrote:
[..]
: ipfw add 10 fwd localhost,7000 udp from any to any recv em1
Given these are local packets and that ipfw(8) /fwd states:
The fwd action does not change the contents
In a conversation on questions@ re natd(8), Gary said he was about to
upgrade to 9.3 from some (embarrassingly :) old version, and I said:
Strangely, there's no man page for ep nor if_ep on 8.x or 9.x?
To which Gary replied:
ugh. That will be interesting when my upgrade starts in a few
On Tue, 11 Nov 2014 13:15:30 -0800, John-Mark Gurney wrote:
Ian Smith wrote this message on Tue, Nov 11, 2014 at 21:31 +1100:
[..]
So can anyone confirm that ep(4) is present on 9.3-R, even if only i386?
Yeh, it looks like ep is in GENERIC on i386.. We also compile ep on
amd64 too
On Thu, 4 Dec 2014 06:01:06 +0100, Martin Hanson wrote:
(Warren Block wrote:)
I would use three of these sections, one with the serial number of each
interface. So:
action ifconfig $device-name name wan inet ...
action ifconfig $device-name name dmz inet ...
action ifconfig $device-name
On Tue, 3 Feb 2015 13:23:38 +0300, Lev Serebryakov wrote:
On 03.02.2015 13:04, Ian Smith wrote:
Now to make stateful firewall with NAT you need to make some not
very readable tricks to record state (allow) of outbound
connection before NAT, but pass packet to NAT after that. I know
On Mon, 2 Feb 2015 22:17:25 +0300, Lev Serebryakov wrote:
Now to make stateful firewall with NAT you need to make some not very
readable tricks to record state (allow) of outbound connection
before NAT, but pass packet to NAT after that. I know two:
(a) skipto-nat-allow pattern from
On Tue, 10 Feb 2015 14:26:52 +0100, Andre Albsmeier wrote:
On Tue, 10-Feb-2015 at 13:49:23 +0300, Lev Serebryakov wrote:
On 10.02.2015 00:21, Andre Albsmeier wrote:
The ipfw man page says:
Usually a simple rule like:
# reassemble incoming fragments ipfw add reass all
On Fri, 30 Jan 2015 16:57:28 -0800, Kevin Oberman wrote:
On Wed, Jan 28, 2015 at 9:13 AM, Lev Serebryakov l...@freebsd.org wrote:
I could not resolve names with DNSSEC (for example, in freebsd.org
domain) on two of my installations, one with FreeBSD 11 and other with
FreeBSD 9.3.
On Tue, 10 Feb 2015 19:34:20 +0100, Andre Albsmeier wrote:
On Wed, 11-Feb-2015 at 04:33:15 +1100, Ian Smith wrote:
On Tue, 10 Feb 2015 14:26:52 +0100, Andre Albsmeier wrote:
On Tue, 10-Feb-2015 at 13:49:23 +0300, Lev Serebryakov wrote:
On 10.02.2015 00:21, Andre Albsmeier wrote
On Thu, 5 Feb 2015 02:14:41 +0300, Lev Serebryakov wrote:
On 05.02.2015 01:16, Lev Serebryakov wrote:
I have such rules in my firewall:
nat 9 config redirect_port tcp 192.168.134.2:16881 16881
redirect_port udp 192.158.134.2:16881 16881 redirect_port tcp
192.168.134.2:22 2
On Wed, 25 Feb 2015 14:59:18 +, Gary Palmer wrote:
On Wed, Feb 25, 2015 at 09:30:49PM +1100, Ian Smith wrote:
This snippet is from an old linux 2.4 router/firewall/proxy box, usually
clockwork. Clipped this while monitoring one night, saved it, forgot,
but still find it curious
This snippet is from an old linux 2.4 router/firewall/proxy box, usually
clockwork. Clipped this while monitoring one night, saved it, forgot,
but still find it curious and haven't seen anything similar before or
since. 31.13.70.1 173.252.102.24 are facebook, our guy 192.168.9.21
25/9/2014
On Fri, 30 Jan 2015 12:05:07 +0300, Lev Serebryakov wrote:
On 30.01.2015 05:33, Julian Elischer wrote:
12700 skipto 12900 ip from any to any keep-state 12800 deny ip
from any to any 12900 nat 1 ip from any to any out 12999 allow ip
from any to any
And rules for inbound ones
On Mon, 4 May 2015 15:29:13 +, Barney Cordoba via freebsd-net wrote:
It's not faster than wedging into the if_input()s. It simply can't
be. Your getting packets at interrupt time as soon as their processed
and you there's no network stack involved, and your able to receive
and
On Sat, 4 Apr 2015 18:11:55 +0100, Robert N. M. Watson wrote:
On 4 Apr 2015, at 16:59, Hans Petter Selasky h...@selasky.org wrote:
Thankyou Robert for this most interesting dissertation.
And thanks Hans for the provocation to draw it forth ..
cheers from the peanut gallery,
Ian
On Wed, 8 Apr 2015 00:10:51 +0200, Marek Salwerowicz wrote:
Hi list,
I am trying to find correct setup of sysctl's for following machines (VMs
under Vmware Workstation 8) to test large TCP window size:
There are 2 boxes, each of them has following setup:
- % uname -a
FreeBSD
On Fri, 12 Jun 2015 08:59:40 +0200, Guido Falsi wrote:
looks correct, assuming xl0 is your internal interface (better put it in
a variable and use the variable in your rules imho)
Forgot one thing, working around this block is as easy as changing the
machine IP, teenager can learn
On Thu, 11 Jun 2015 19:49:06 -0700, John Reynolds wrote:
Hello all, I've read in sections 30.4.4 and 30.4.3 of the handbook about
using IPFW and I've got some clarification questions.
1) When you're using any sort of firewall rules outside the
open/client/simple/closed, etc. pre-canned
On Fri, 12 Jun 2015 10:24:05 +0200, Guido Falsi wrote:
On 06/12/15 10:07, Ian Smith wrote:
On Fri, 12 Jun 2015 08:59:40 +0200, Guido Falsi wrote:
looks correct, assuming xl0 is your internal interface (better put it
in
a variable and use the variable in your rules imho
On Sun, 23 Aug 2015 08:44:53 +0900, Hiroki Sato wrote:
Don Lewis truck...@freebsd.org wrote
in 201508222103.t7ml3gax000...@gw.catspoiler.org:
tr The example /etc/rc.firewall has provisions to use either in-kernel NAT
tr or natd for the open and client firewall types, but the simple
On Thu, 6 Aug 2015 01:13:31 +1000, Kubilay Kocak wrote:
On 6/08/2015 1:02 AM, Sean Bruno wrote:
On 08/04/15 16:13, grenville armitage wrote:
de-lurk
I'm curious about the uptick of bugzilla chatter turning up in
freebsd-net@ the last few days.
Whilst I can filter it
On Sat, 7 Nov 2015 01:51:29 +, Rasool Al-Saadi wrote:
> On Saturday, 7 November 2015 2:05 AM, Hans Petter Selasky wrote:
> > On 11/06/15 11:08, Luigi Rizzo wrote:
> > > On Fri, Nov 6, 2015 at 10:52 AM, Hans Petter Selasky
> > wrote:
> > >> On 11/06/15 09:50, Luigi
On Wed, 7 Oct 2015 08:57:42 -0500, Mark Felder wrote:
> Hi all,
>
> I've only used IPFW in the past for the most basic of tasks. I'd like to
> use it with in-kernel NAT protecting both v4 and v6 and add
> dummynet/pipe later, but I have to get the basic working first. I'm
> either
On Thu, 15 Oct 2015 17:03:55 +0800, Julian Elischer wrote:
> On 10/10/15 10:59 PM, Luigi Rizzo wrote:
> > the nice folks at cloudflare implemented a nice feature
> > in netmap that puts some queues of the NIC in netmap mode
> > leaving others attached to the host stack
> >
> >
On Mon, 19 Oct 2015 21:47:36 -0700, Kevin Oberman wrote:
> > I suspect it might not touch the c states, but better check. The safest is
> > disable them in the bios.
> >
>
> To disable C-States:
> sysctl dev.cpu.0.cx_lowest=C1
Actually, you want to set hw.acpi.cpu.cx_lowest=C1 instead.
On Tue, 15 Sep 2015 07:51:11 -0600 (MDT), Warren Block wrote:
> On Tue, 15 Sep 2015, Ian Smith wrote:
>
O. Hartmann wrote:
> > > But that is an other issue and it is most likely
> > > due to the outdated documentation (that doc still uses port 37 for NTP
&g
On Tue, 15 Sep 2015 09:47:57 +0200, O. Hartmann wrote:
> On Tue, 15 Sep 2015 10:21:21 +0300
> Kimmo Paasiala wrote:
>
> > On Tue, Sep 15, 2015 at 10:06 AM, O. Hartmann
> > wrote:
> > > Hopefully, I'm right on this list. if not, please
On Tue, 15 Dec 2015 23:47:39 +0100, bcs wrote:
[..]
> I use ipfw but "ipfw -q -f flush" didn't solve the issue. Here are my
[..]
> /boot/loader.conf:
> ipfw_load="YES"
> net.inet.ip.fw.default_to_accept=1
ipfw(8):
Tunables can be set in loader(8) prompt, loader.conf(5) or kenv(1) before
On Sun, 21 Feb 2016 16:32:53 -0800, Julian Elischer wrote:
> On 20/02/2016 6:22 PM, Valeri Galtsev wrote:
> > Dear Experts,
> >
> > I'm one of Linux refugees who several years ago migrated majority of
> > servers from Linux to FreeBSD and is happy since. When recently I needed
> > to set up
On Sun, 24 Jan 2016 17:41:17 -0700, Russell L. Carter wrote:
> Hi,
>
> I am making myself learn better how ipfw works. I am curious about
> the optimal location of the NAT rule definition code. My immediate
> application is a generic NATing gateway with an outside iface armored
> up and
On Wed, 9 Mar 2016 14:40:16 +0100, el...@sentor.se wrote:
> On Wed, 9 Mar 2016, Jan Bramkamp wrote:
[..]
> > I would avoid policies based on IP addresses and prefer to define policies
> > based on (pseudo-) interfaces e.g. route (and nat?) traffic from vlan123
> > through the VPN tunnel.
>
On Thu, 7 Apr 2016 17:08:38 +0100, Dr Josef Karthauser wrote:
[ AppleMail msgs fail to quote properly in pine, so a partial quote: ]
> Looks like the first packet is being retransmitted, which means that
> the nat is probably misconfigured and the TCP connection is broken in
> some strange
On Fri, 29 Apr 2016 00:32:05 -0300, lpa lpa wrote:
> On Thu, Apr 28, 2016 at 4:06 PM, Nikolay Denev wrote:
>> Hi,
>>
>> Have you looked at the natd(8) source code?
> yes but it's a complete application, it does a lot of stuff and I am
> not able to "clean" it up to
On Wed, 8 Mar 2017 16:52:36 +0100, Andrea Venturoli wrote:
Just on one point:
> Second question:
> _ if I issue "ipfw nat 2 config if re0", I'll see the output "ipfw nat 2
> config if re0";
> _ if I issue "ipfw nat 2 config ip 192.168.0.1", I'll see the output "ipfw
> nat 2 config ip
101 - 168 of 168 matches
Mail list logo