Hello.
I hope someone can help me with the following problem...
The box runs a 8.3p7/i386 and has three physical ethernet interfaces:
em0, em1 and fxp1.
em0 and em1 are bonded into lagg0, over which carp0 and carp1 run.
fxp0 has three vlans: vlan1, vlan2 and vlan3, over which there are
Hello.
Three days ago I upgraded an amd64 8.3 box to the latest 8.4.
Since then the outside network is misbehaving: large mails are not
sended (although small ones do), svn operations will work for a while,
then come to a sudden stop, etc...
Perhaps the most evident test is wgetting a big
On 04/17/14 23:45, John Nielsen wrote:
Thanks for answering John.
My first thought was TSO as well, since I've seen the symptoms you describe a
few times on systems running 10.0.
Do you use IPFW or any kind of NAT on this system?
Yes, I use ipfw to firewall, to divert packets to natd and
On 04/19/14 19:19, Andrea Venturoli wrote:
Hmmm, sounds a bit complicated... would simply dropping if_em.ko in from
a 8.3 box work?
Ok, I'll answer myself.
I'm now running 8.3's if_em.ko (binary from another system), on an 8.4
kernel.
The behaviour is the same as before.
However, further
Hello.
This has probably come up several times, however...
I've got a server which has two (or more) interfaces with public IPs.
Let's say, as an example (with fictional IPs):
ifconfig_vlan1=inet 1.0.0.2 netmask 255.255.255.248...
ifconfig_vlan2=inet 2.0.0.2 netmask 255.255.255.248...
Of
On 04/28/14 11:18, Andreas Nilsson wrote:
You could put all the services which are on 2.0.0.2 in a separate fib and
there have another default-route.
Thanks, but unfortunately I can't, since some services must be able to
answer on both addresses.
Maybe I could use socket in one fib to
On 04/28/14 11:16, Dominic Froud wrote:
You want source-based routing.
Thanks, that term will help me in my searches.
I have this situation and I used pf(4) to do it with a rule like:
pass out quick route-to ( vlan2 ) from 2.0.0.0/29 to any no state
As a variation you can give an
On 04/28/14 11:16, Dominic Froud wrote:
On 28/04/2014 09:58, Andrea Venturoli wrote:
I've got a server which has two (or more) interfaces with public IPs.
Let's say, as an example (with fictional IPs):
ifconfig_vlan1=inet 1.0.0.2 netmask 255.255.255.248...
ifconfig_vlan2=inet 2.0.0.2 netmask
Hello.
Today I experienced something weird (at least for me) on a 8.4 system:
_ the system had vlan3 interface, with default MTU (1500 bytes);
_ ping -D -s 1400 somehost would work, but ping -D -s 1500 somehost
would yield frag needed and DF set (forgive me if the message is not
exact, I
On 06/24/14 21:03, John Hay wrote:
Do a route get somehost and see what mtu is returned. You might be
able to delete or tweak that route.
Thanks a lot!
I learned something new :)
I'll try this next time I have the chance.
bye
av.
___
On 06/25/14 02:01, Charles Swiger wrote:
Does ifconfig vlan3 down; ifconfig vlan3 up do any good?
Or that run against the physical NIC?
Can't try this now, I'll do when I can play again with this box.
What is the ethernet HW
em0@pci0:6:0:0: class=0x02 card=0x10828086 chip=0x107d8086
On 06/25/14 15:23, Andrea Venturoli wrote:
On 06/25/14 02:01, Charles Swiger wrote:
Does ifconfig vlan3 down; ifconfig vlan3 up do any good?
Or that run against the physical NIC?
None of the two.
John was right about the route.
bye Thanks
av
On 06/24/14 21:03, John Hay wrote:
Do a route get somehost and see what mtu is returned.
You are right, I see a route with the old, lesser MTU.
You might be able to delete or tweak that route.
How do I do this?
I tried route delete, but it doesn't help.
bye Thanks
av.
On 07/02/14 04:53, John-Mark Gurney wrote:
How do I do this?
I tried route delete, but it doesn't help.
route change -mtu XXX routetochange
This does not work: the route is deemed as non-existent.
bye thanks
av.
P.S. I'm writing this more out of curiosity, than of real need; no
Hello.
Today a box of mine (8.4p16/amd64) stopped working as a router; I don't
have a clear picture, but the internal nets were working perfectly,
while the external interfaces lagged, dropped connections or stopped
packets from passing.
The box is running pf (for handling multiple Internet
On 09/29/14 20:21, Ermal Luçi wrote:
Probably is better you ask this on freebsd-pf@.
Thanks, I see you have already cc:ed it.
Though this sounds like state limit reached.
Can this happen even if all my pf rules have no state?
bye Thanks
av.
Hello.
I'm using 7.4p6/i386 and this is (a part of) my configuration
cloned_interfaces=lagg0 vlan1 vlan2 vlan3 carp0 carp1 carp6 carp7 carp9 carp10
ifconfig_em0=up
ifconfig_em1=up
ifconfig_lagg0=laggproto lacp laggport em0 laggport em1 192.168.101.1 netmask
255.255.255.0
ifconfig_carp0=vhid 1
Hello.
Just to say today I upgraded from 8.1 to 8.2 and xl0 stopped working.
It is detected:
xl0: 3Com 3c900B-COMBO Etherlink XL port 0xd800-0xd87f mem
0xfdefe000-0xfdefe07f irq 17 at device 7.0 on pci1
xl0: selecting 10baseT transceiver, half duplex
xl0: Ethernet address: 00:50:04:22:a9:c0
On 11/23/11 19:05, Brian Seklecki (Mobile) wrote:
Send us:
grep ifconfig /etc/rc.conf
ifconfig -a
ifconfig -m
netstat -i
netstat -rn
netstat -i
arp -an
___
freebsd-net@freebsd.org mailing list
On 11/23/11 19:05, Brian Seklecki (Mobile) wrote:
Send us:
grep ifconfig /etc/rc.conf
ifconfig -a
ifconfig -m
netstat -i
netstat -rn
netstat -i
arp -an
For both the working and non-working cards to compare.
Sorry for the noise...
I accidentally removed the media option from rc.conf and the
Hello.
I recently installed 8.2 with the following card:
dmesg
...
fxp0: Intel 82550 Pro/100 Ethernet port 0xdc00-0xdc3f mem
0xfebfb000-0xfebfbfff,0xfebc-0xfebd irq 20 at device 5.0 on pci4
...
pciconv -lv
...
fxp0@pci0:4:5:0:class=0x02 card=0x00408086
On 12/14/11 20:59, YongHyeon PYUN wrote:
AFAIK the firmware of controller has no known TSO issue so it
indicates a bug in driver.
What makes me wonder is ICMP ECHO packet should not be affected by
TSO and I have no clue at this moment.
I wasn't talking about ICMP ECHO.
What happened was:
a)
On 12/14/11 22:32, YongHyeon PYUN wrote:
Wireshark showed some wrong checksums (I believe on the ICMP packet, but
I might remember wrong).
You can check whether you received bad checksummed frames with
netstat(1).
I tried netstat -ind, but it shows no Ierrs/Idrop/Oerrs/Odrop.
Is
On 12/15/11 23:13, YongHyeon PYUN wrote:
I tried netstat -ind, but it shows no Ierrs/Idrop/Oerrs/Odrop.
Use -s option which will show statistics for each network
protocols. Search 'discarded for bad checksums' from the output.
Still all bad counters at zero.
You'll see tso.dump and
On 12/16/11, Eugene Grosbein wrote:
(Sorry Eugene, I didn't get your message until I searched the web).
Do you use NAT? man ipfw clearly states:
ipfw nat is not compatible with
the TCP segmentation offloading (TSO). Thus, to reliably nat
your net-
work traffic, please
Hello.
A box of mine has an interface configured with two IPs on two different
nets:
# ifconfig
xl0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
options=9RXCSUM,VLAN_MTU
inet 192.168.2.2 netmask 0xff00 broadcast 192.168.2.255
inet 192.168.0.2
Hello.
I've got a new box which features two gigabit ports and I though I'd try
lagg with LACP.
On the box I put the following in /etc/rc.conf:
ifconfig_em0=up
ifconfig_em1=up
ifconfig_lagg0=laggproto lacp laggport em0 laggport em1 192.168.100.101
netmask 255.255.255.0
Then I aggregated
Gary Palmer ha scritto:
Does the switch have spanning tree enabled?
Yes.
Should it be?
bye Thanks
av.
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL
Hello.
Fast question: are the two above compatible?
Can I use CARP over a lagg interface?
bye Thanks
av.
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to
Hello.
I have a setup with two FreeBSD 6.3 domain controllers using samba +
openldap + nss_ldap.
The company might be switching to Active Directory soon (not my choice,
before you ask :-), so I might need to reconfigure the two FreeBSD boxes
to become AD members (with winbindd, nss,
Hello.
I'm curios about something which happened during a test in one of my
networks.
Two FreeBSD 6.3 boxes (one i386, one amd64) share some IP through CARP.
Now, as soon as I plugged a wi-fi bridging access point on the net
(which took it's IP from DHCP only for management), I started to
Some years ago, I checked to see whether I would be able to let a single
snort process listen on more than one NIC.
At the time it was only possible in Linux.
Now, I searched a bit, but nothing new came up.
Did anything improve since then? Do we still need multiple snort
processes to listen
Hello.
I've got a 6.3 box in which I needed to use debug.mpsafenet=0 in order
to avoid deadlocks with ipfw uid rules.
I'm thinking of upgrading this to 7.2 and I see the above variable has
gone away. Does this mean it is now safe to use such ipfw rules?
The last things I could find wrt this
Hello.
A customer of mine was connecting to a remote WatchGuard box through
their Mobile VPN client.
Now I'd like the server to take over that and le the whole network connect.
Did anyone ever succeded in this? Is it possible?
Should be IPSEC, but anyone has an how-to?
bye Thanks
Hello.
I've a couple of 7.2p7 servers (one i386, the other amd64) which are
working in parallel using CARP.
Recently I bonded two interfaces on the former and CARP stopped working.
Here's the relevant part from rc.conf on the first box:
ifconfig_em0=up
ifconfig_em1=up
ifconfig_lagg0=laggproto
Hello.
For quite a while, I've been seeing in the logs a lot of messages like
the following:
snort: (snort_decoder) WARNING: IP dgm len IP Hdr len!
I'm not sure about this, but I suspect they started when I upgraded from
6.3 to 7.2.
Today, while investigating another problem, I decided I
Hello.
I'm having problems with 8.0/amd64 with the following card:
a...@pci0:1:0:0:class=0x02 card=0x83041043 chip=0x10261969
rev=0xb0 hdr=0x00
vendor = 'Attansic (Now owned by Atheros)'
device = 'PCI-E ETHERNET CONTROLLER (AR8121/AR8113 )'
class =
Il 07/02/10 00:41, Pyun YongHyeon ha scritto:
Hello.
I'm having problems with 8.0/amd64 with the following card:
a...@pci0:1:0:0:class=0x02 card=0x83041043 chip=0x10261969
rev=0xb0 hdr=0x00
vendor = 'Attansic (Now owned by Atheros)'
device = 'PCI-E ETHERNET
Hello.
On a couple of 7.2 systems, I've got some carp interfaces build upon a
physical interface (em0 or igb0) and everything works fine.
On both box I've tried aggregating two interfaces (resp. em0+em1 and
igb0+igb1) into a lagg0 interface, using LACP.
However, in this case CARP will stop
Hello.
I've got a firewall which has public IP xxx.xxx.xxx.2 on its first NIC.
This is bridged with a second NIC which holds xxx.xxx.xxx.0/24.
(I also have a third and fourth NIC which runs two private IP networks,
which are NATted, but I don't think this matters).
Everything is ok, but now
Hello.
A 6.1p13/i386 firewall of mine, although a bit rusty wrt hardware, is
working wonderfully and is allowing us to fully exploit our Internet
connections (1Mb/s).
Today it suddenly dropped to a bare few b/s. I checked the ISP line by
attaching another machine in place of this and it
Bruce M. Simpson wrote:
Now the question is: in case this happens again, how do I find out
what's wrong?
CPU usage was under 2% and so was swap usage... what else could I check?
What tools should I use?
Points for further investigation:
How long was the machine up for?
A couple of days.
Hello.
I've got the following problem...
My host is configured like this:
fxp0: internal interface, requires NAT
rl1: public interface, with static IP
xl0: bridged to rl1, with some public IP behind
ipfw diverts any traffic through rl1 to natd, i.e. I have in ipfw
50 divert 8668 ip from any to
Bruce A. Mah wrote:
You didn't say which bridging driver or version of FreeBSD you're using,
but it sounds to me like you're using bridge(4), right?
Yes.
This is a
fairly well known problem, which I wrote a little bit about here:
Hello.
I posted the following message to questions and Kris (which I thank)
kindly suggested I should ask here wether someone is working on this.
I'll also forward it for inclusion on the list at
http://sources.zabbadoz.net/freebsd/lor.html.
BTW, I don't think the hangs I'm experiencing
Bruce A. Mah wrote:
If you can, try switching to using if_bridge(4). You (probably) want to
assign the public NAT address to the bridge0 interface, and leave the
physical interfaces making up the bridges (xl0 and rl1 in your case)
unnumbered. I've had good experiences with this type of
Robert Watson wrote:
What versions of ip_fw2.c and ip_divert.c were in use?
From i386/6.2-RELEASE-p1, i.e.:
src/sys/netinet/ip_fw2.c,v 1.106.2.21 2006/10/10 18:39:38 bz
src/sys/netinet/ip_divert.c,v 1.113.2.2 2006/05/16 07:27:48 ps
Also, could you let me know if you use any
uid/gid rules
Bjoern A. Zeeb wrote:
I am unsure but this should still be true for at least RELENG_6. I
can only remember that there was work in progress but cannot remmember
things were patched and where or not...
%man ipfw | col -b | grep -5 'Rules which use uid' | tail -7 | head -5
Rules which use
Andrea Venturoli wrote:
I'm currently having:
_ 1 SMP box *with* one uid rule which occasionally hangs (running
INVARIANTSCo and from which my report was taken);
_ 1 SMP box *without* uid rules which occasionally hangs (running
INVARIANTSCo);
_ 1 UP box *with* one uid rule which frequently
Hello.
I've got two servers configured as follows:
a)
/etc/rc.conf:
ifconfig_xl0=inet 192.168.0.2 netmask 255.255.255.0
ifconfig_fxp0=inet 192.168.101.4 netmask 255.255.255.0
cloned_interfaces=carp0 carp1 carp2 carp3
ifconfig_carp0=vhid 1 advskew 100 pass 192.168.101.10
ifconfig_carp1=vhid
Stefan Lambrev wrote:
man carp:
net.inet.carp.preempt Allow virtual hosts to preempt each other. It
is also used to failover carp interfaces as a
group. When the option is enabled and one of
the
Jordan Gordeev wrote:
The only load balancing that CARP supports, to my knowledge, is ARP
level load balancing. From carp(4):
The ARP load balancing has some limitations. First, ARP balancing only
works on the local network segment. It cannot balance traffic that
crosses a router,
Hello.
I have a setup where a FreeBSD box is connected to two ADSL routers:
default gateway is set to the first and, in case of failure, is moved to
the other one. This works perfectly for outgoing connections: in the
event of the switch, I'll have to reconnect, but that's acceptable.
The
Artyom Viklenko ha scritto:
You have to enforce simmetrical routing on your FreeBSD box.
You can use, for example, PF firewall Using such options and features
as labels and route-to/reply-to statemens.
Also it is possible with ipfw, but I prefer PF. :)
Thanks, this is interesting. However I
Eric F Crist ha scritto:
The biggest problem one would have with this sort of setup, is the
upstream provider support. I don't know of any ISP's that are going to
be willing or even able to propagate routes for your static IPs through
their DSL systems. If you want that sort of redundancy
Artyom Viklenko ha scritto:
Very brief example (just to show main idea).
Assume you have thre interfaces in router fxp0 - lan, fxp1 - adsl1, fxp2
- adsl2.
fxp0 - 192.168.0.1, fxp1 - 192.168.1.2, fxp2 - 192.168.2.2
adsl1 - 192.168.1.1, adsl2 - 192.168.2.1
$server=192.168.0.2
After portupgrading two samba servers, I cannot connect any more to them
through mount_smbfs. Connecting from Windows works fine.
Am I the only one who is experiencing this problem?
bye Thanks
av.
___
freebsd-net@freebsd.org mailing list
Hello.
I'd like to share some thought on what happened to me: I had an external ADSL modem
from
Alcatel connected (with a straight cable, since the device has a reversed ethernet
port) to
a RealTek card on a FreeBSD 4.1-RELEASE box.
I used the simple line in rc.conf:
** Reply to note from Clark Gaylord [EMAIL PROTECTED] Thu, 8 Feb 2001 12:46:06 -0500
It used to be the case that mediaopt half-duplex worked. It stopped
working at some point (I don't recall exactly when ... somewhere
between 4.0 and 4.2 I think),
So this IS a bug.
but it
Is it possible to have two DHCP servers on the same net?
If so, how do you keep them in sync?
bye Thanks
av.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-net in the body of the message
Hello.
I set up a machine to accept dial-in modem connections according to the suggestions in
the Handbook:
_ I set up my modem so as to lock its speed, don't echo commands, don't give any reply
code and auto-answer;
_ I modified rc.serial so as to set-up /dev/ttyd0 as a modem at 57600 bps;
_
** Reply to note from Lefteris Tsintjelis [EMAIL PROTECTED] Tue, 05 Nov 2002
14:42:44 +0200
Hi,
Thanks a lot, this solved it, at least for now. However I'm quite sure that this will
happen again, so I'd like to
go through it all in order to solve it for good sooner or later.
Same
** Reply to note from Lefteris Tsintjelis [EMAIL PROTECTED] Wed, 06 Nov 2002
20:04:07 +0200
Let's deal with the serial port: it's initialized at boot time by rc.serial, so a
reboot should have set it up right.
In any case wouldn't sh /etc/rc.serial be enough to solve the matter in case for
Hello.
I'm trying to set up vrrp on two machines and while it seems to work on one, it
does not on the other.
Here's my config:
# This is a simple configuration file for freevrrpd
# Please read the documentation before modifying these parameters
# I recommend to not set addr to the unique and
** Reply to note from Sebastien Petit [EMAIL PROTECTED] Sun, 6 Jul 2003 21:07:49
+0200
As I can see on your configuration, you must uncomment the line #[VRID] of the
second section if you want to activate the second vrid. I think that it's the
problem.
Thanks for pointing it out,
Hello.
I have a 3C905 PCI 10Mb/s Ethernet Card, which i configure with:
ifconfig_xl0=inet 10.1.2.15 netmask 255.255.255.0
in /etc/rc.conf.
ifconfig shows:
xl0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
options=3rxcsum,txcsum
inet 10.1.2.15 netmask
Hello.
I've got a production server which keeps crashing if I use bpfs to much.
I usually only use bpf0 for dhcp server, but if I start e.g. snort and ntop, the
machine will soon reboot. The same
happens if I run tcpdump.
uname -a gives:
FreeBSD x..zz 4.7-RELEASE-p9 FreeBSD
** Reply to note from Olivier Nicole [EMAIL PROTECTED] Mon, 21 Jul 2003 16:56:30
+0700 (ICT)
since it is connected to a full-duplex switch.
Is the port set to full-duplex? Or to auto configuration?
There is no such options: it's always using Auto-Negotiation.
If the last, the default is to
** Reply to note from Sreekanth [EMAIL PROTECTED] Tue, 29 Jul 2003 09:53:05 -0700
Ok, so I tried:
ifconfig xl0 mediaopt autoselect
but I get:
ifconfig: SIOCSIFMEDIA: Device not configured
Try
ifconfig xl0 media auto
Ditto. I get the same message.
bye Thanks
** Reply to note from [EMAIL PROTECTED] (Bill Paul) Tue, 29 Jul 2003 12:18:33 -0700
(PDT)
If your switch is not managed and doesn't allow you to manually
configure the port settings, then you're out of luck. You'll just
have to live with half duplex mode.
Sigh: this is the case. :(
Well,
** Reply to note from Bryce Edwards [EMAIL PROTECTED] Thu, 31 Jul 2003 11:59:14
-0500
I'm trying to run freevrrpd on a server with two interfaces for redundancy.
I want them both to act as one IP in a master/slave setup. Here's the
errors I'm getting:
Jul 31 11:07:34 ns
** Reply to note from Eric Masson [EMAIL PROTECTED] Wed, 05 Nov 2003 17:01:22 +0100
I have to connect a FreeBSD box to adsl in Italia.
Sigh. I feel sorry for you :) (just because up to now I've had six customers with this
ISP).
Anyway I always managed to get through more or less :).
(I
Hello.
I have a server with two ISP connections: a flat ADSL with an ISP and pay-per-traffic
HDSL with another.
I'd like to use ADSL whenever possible, but switch to HDSL in case the first line
drops.
Any pointer?
bye Thanks
av.
___
** Reply to note from Barney Wolff [EMAIL PROTECTED] Wed, 10 Dec 2003 11:39:00 -0500
I don't know of anything published that does this, but it's easy to
write a perl or shell script that pings the router at the adsl isp
and does the necessary things when it disappears and reappears.
Mmh,
** Reply to note from Don Bowman [EMAIL PROTECTED] Wed, 10 Dec 2003 20:00:10 -0500
see the lft port (layer 4 traceroute) http://www.mainnerve.com/lft/
Thanks.
[you can't really block icmp would fragment
Let's say you shouln't really.
it would break PMTU].
Is this what you are
** Reply to note from Barney Wolff [EMAIL PROTECTED] Wed, 10 Dec 2003 20:39:28 -0500
Things started from /usr/local/etc/rc.d get a hup signal when rc is finished
with all the startup scripts - I think. Anyway, if you don't use nohup,
or a more-conventional way to daemonize what you've
Ok, I asked already asked something similar to this in the past, but it's not the same
thing... maybe it's a trivial
question...
If I had two lines to the Internet: how would I use both?
Could I just provide two default routes? How?
What algorithm would be used to choose among the two?
What if
Hello.
I'm trying to get freevrrpd working on an AMD64 6.0p4 box with an xl0
and em0 machine.
Here is the config file:
[VRID]
serverid = 1
interface = xl0
priority = 254
addr = 192.168.0.4/32
password = x
vridsdep = 3
[VRID]
serverid = 2
interface = xl0
priority = 255
addr =
spe wrote:
FreeVRRPd project is halted and not supported anymore. You can take a
look at carp for doing the same job efficiently.
Sorry to hear about that :(
Unfortunately I cannot switch to carp, since one of the two machines is
running 4.11. Or am I wrong and carp can be installed there
Vlad GALU wrote:
Unfortunately I cannot switch to carp, since one of the two machines is
running 4.11. Or am I wrong and carp can be installed there too?
Try ucarp then (www.ucarp.org). While it's not as flexible as the
kernel implementation, it could do your job.
Thank you very much, I
Hello.
I've just installed 6.0/AMD64 on an Asus A8V, which features a vr interface.
I'm getting tons of vr0: rx packet lost kernel messages as soon as I
start transfering some files on my LAN. Needless to say, network
performance is VERY poor (ranging from 100KB/s to 1MB/s *).
I've looked in
tony sarendal wrote:
There are cases where equipment don't get along and
autoneg doesn't work. Try setting your end to 10M/half duplex
and see if you still have the problem.
Did that. I still have the same problem.
bye Thanks
av.
___
Hi.
I have a Windows machine using a watchguard VPN client and no control
over the other end.
Is there anything I can do in FreeBSD to replace that? Does anyone know
what protocols it uses?
bye Thanks
av.
___
freebsd-net@freebsd.org
Hello.
4.8-RELEASE-p15:
In /var/log/all.log I get a lot of:
snort: [1:528:4] BAD-TRAFFIC loopback traffic [Classification: Potentially Bad
Traffic] [Priority: 2]: {TCP}
127.0.0.1:80 - xx.xx.xx.xx:1055
(src port is always 80, dst port changes, xx.xx.xx.xx is my tun0 IP.)
ifconfig -a gives:
** Reply to note from Barney Wolff [EMAIL PROTECTED] Tue, 24 Feb 2004 12:30:23 -0500
IMHO opinion wrong packets are arriving
from the upstream router (for which it
would be useless to ask for a fix),
Your first three rules, before anything else, should be:
allow ip from any to any via lo0
** Reply to note from Ian Smith [EMAIL PROTECTED] Wed, 25 Feb 2004 06:41:08 +1100
(EST)
... still dribbling in I see. Yawn. But they're being denied ok here.
But it is not so here! And also someone else reported the same problem...
Try just 'deny log ip from 127.0.0.0/8 to any' (and as
** Reply to note from Iasen Kostov [EMAIL PROTECTED] Wed, 25 Feb 2004 14:37:25 +0200
netstat -s -p ip
..
..
..
3575124 datagrams with bad address in header
Could it be this that drops bad packets before they enter the IPFW ?
Nice, it could be, but I'm not so expert as to tell for
** Reply to note from Gleb Smirnoff [EMAIL PROTECTED] Wed, 25 Feb 2004 17:21:34 +0300
P.S. This is really off-topic already. We should move to -isp@ may be.
I don't really think so, why would it be?
It's concerning ipfw, netstat, traffic and the IP stack in general, I believe.
N.B. I'm
Hello,
I've got a problem I cannot understand and hope someone can help me.
I've got a machine which must firewall a whole class C subnet.
The upstream router (100Mb/s fiber connection) is configured as xxx.xxx.xxx.254, so
I've chosen xxx.xxx.xxx.1 for my
box and bridge with the other
** Reply to note from Chris Dionissopoulos[freemail] [EMAIL PROTECTED] Tue, 31 Aug
2004 07:01:11 +0300
Andrea,
Try something like this as alternative configuration:
Thank you very much for the answer. Unfortunately I didn't want to mess remotely with
this kind of configuration, so I
Hello.
A box of mine, which acts as firewall/bridge, is experiencing frequent
panics.
As said in the subject line, it's a 4.10-RELEASE-p4 with ipfw2 enabled
in the kernel.
I've run through post mortem kernel analisys and found out that the
crashes are always related to ipfw2; specifically I get:
Hello.
I noticed that when I issue sh /etc/rc.firewall to reload firewall
rules from a remote console, I get disconnected (as I would expect) and
locked out!
The problems seems to be that ipfw -f prints: command is /usr/local/
This is in /usr/src/sbin/ipfw/ipfw2.c:
fprintf(stderr, command
Hello.
I have two FreeBSD 4.11 boxes which have been using freevrrpd for a long
time. Today I upgraded from 0.8.7 to 0.9.3 and since then I started
having some problems.
Specifically I started to see this messages on both boxes:
freevrrpd[822]: ip ttl of vrrp packet isn't set to 255.
Hello.
This might be a strange idea, but does such a thing exist?
I mean: is there any tool that can show in real-time which dynamic rules
are active, their timers, etc... like top does for processes?
bye Thanks
av.
___
Hello.
I'm having some troubles with dynamic rules and keep-alives...
Let's say a client connect to a TCP port on my server and a keep-state
rules allows the connection; the connection is setup correctly and some
data exchanged.
Then there is some minutes of silence and the rule expires.
Hello.
I've been using CARP for years and I'm only getting troubles since a
week or so.
My setup is as follows:
|re0=10.1.2.13/10.1.2.127 fw1 fxp0=192.168.124.3|
|client re0=10.1.2.18| ---
--- |192.168.124.1 router
On 03/30/17 09:46, Victor Sudakov wrote:
Will "ipfw fwd" do the trick? I could "ipfw fwd" the packets into the
tun0 interface, but will OpenVPN understand that?
Never tried this, sorry.
bye
av.
___
freebsd-net@freebsd.org mailing list
On 03/30/17 05:22, Victor Sudakov wrote:
Dear Colleagues,
Anyone experienced with OpenVPN on FreeBSD?
What would be the best way to policy route a network into OpenVPN? A
routing decision must be based on the src IP address, not the dst IP
address.
Imagine an OpenVPN client with 3 interfaces:
Hello.
I'm using "ipfw nat" on several 10.3 boxes, but I have some questions.
Let's start with a simple one: how do I list configured NATs and their
details?
I know I can configure a NAT with "ipfw nat 1 config ...", but how do I
show what I did?
Second question:
_ if I issue "ipfw nat
On 03/08/17 18:03, Freddie Cash wrote:
It's listed in the EXAMPLES section of the ipfw(8) man page.
ipfw nat show config <-- view config for all nat instances
ipfw nat 123 show config <-- view config for nat 123
ipfw nat 111-999 show<-- view logs for nat 111-999
Oops!!!
Been working
1 - 100 of 134 matches
Mail list logo