Re: IGMP queries
If it is true, how can I filter it to stop resetting the idle-timeout? I'm on flat rate now, but even so I don't want to be online 24h/day... Add this to your ppp profile: set filter alive N deny igmp Leif -- Brian [EMAIL PROTECTED]brian@[uk.]FreeBSD.org http://www.Awfulhak.org brian@[uk.]OpenBSD.org Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: IGMP queries
"Louis A. Mamakos" wrote: EGP hasn't been in wide use for probably 7 or 8 years now. I think the real problem with this dynamic link issue and keeping the connection up is that the default policy is wrong. You ought to specify what sort of traffic is "important" and should cause a dynamic link to be established (and kept up), rather than trying to exclude things. For example, you'd probably not want to have NTP establish or keep your link up; perhaps not DNS, either. Probabably you'd want TCP/SSH or TCP/HTTPD though. Most SSH and HTTP traffic is preceeded by a DNS lookup; if you don't allow the DNS traffic, the SSH or HTTP traffic will never occur. Trying to predict how these things happen is a non-obvious exercise that requires careful study or you will break things horribly. We tune our default firewall configuration by practicing on our real, live internet connection at work, just to make sure we're not cutting off our customers heads. It can be quite irritating at times, but fits with the "eat your own dog food" philosophy. -- Where am I, and what am I doing in this handbasket? Wes Peters [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: IGMP queries
From: "Gerhard Sittig" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, December 30, 2000 9:52 PM On Sat, Dec 30, 2000 at 18:32 +0100, Leif Neland wrote: My isp's router is sending me IGMP queries. 18:25:07.850008 212.242.151.2 224.0.0.1: 212.242.151.2 224.0.0.1: igmp v2 query [intvl 10]igmp query [ttl 1] Ask your provider to not do it. :) Do you run any multicast enabled applications, anyhow? If not, all of the 224.0.0.0/4 stuff is not needed ... I think it keeps my user-ppp connection open, even if I have this rule in my firewall: $fwcmd add 65432 deny ip from 212.242.151.2 to any If it is true, how can I filter it to stop resetting the idle-timeout? If you use ppp(8) -- you don't state what your uplink looks like, whether it's an analog modem / ISDN / DSL / plain ethernet / whatever -- there are four filter lists: those packets allowed to pass in, those to pass out, those to trigger dialing and those to keep the session alive. All the lists can be positive or negativ, but are somewhat limited in their length and flexibility. Maybe this feature will help you, although all of the above is what I got from reading "man 8 ppp" and not from personal experience. :( I use isdn4bsd. rtfm: I'll try if "set filter alive 0 deny igmp" does not help. Tnx To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: IGMP queries
Btw, can I use IGMP to something useful/interesting/funny? AFAIK it's some kind of dynamic route establishment (learning about topology by listening to what your neighbour knows about the network). Home users and small LANs won't need it IMHO, maybe WAN links will benefit? But I'm definitely not keen on having "the world" tell me where to send my packets to. I just hand the traffic to my provider's dialin port. : IGMP is the protocol used between a multicast router, and end-hosts on a subnetwork; much like ICMP is used between a router and an end-host to help manage unicast traffic. So, when your hosts joins a multicast group, it sends (to a multicast group) an IGMP message announcing this. This is supposed to cause a multicast router on the subnetwork to begin forwarding the traffic onto the subnet. The multicast router will also periodically send IGMP group membership queries onto the subnetwork to see if there are any hosts still interested/subscribed to a group. If it gets no replies after a while, it will stop forwarding unsubscribed groups onto that subnetwork. So that's why you're seeing IGMP queries; the multicast router is trying to see if you've joined any multicast groups so it can try to send you traffic. It's got nothing to do with "having the world tell you where to send your packets to." louie To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: IGMP queries
On Sun, Dec 31, 2000 at 05:49 -0500, Louis A. Mamakos wrote: IGMP is the protocol used between a multicast router, and end-hosts on a subnetwork; much like ICMP is used between a router and an end-host to help manage unicast traffic. I realize now that I have confused IGMP with EGP friends. Looking at /etc/protocols could have saved me from this. :) igmp 2 IGMP # internet group management protocol egp 8 EGP# exterior gateway protocol So that's why you're seeing IGMP queries; the multicast router is trying to see if you've joined any multicast groups so it can try to send you traffic. It's got nothing to do with "having the world tell you where to send your packets to." The bad feelings I have with these is when reading Linux mailing lists (far behind in the past:) where people always wondered "why does my ISP connection always go up / keep up?" when they thought running routed(8) would be a Bright Idea (TM). Thinking about routing in a LAN with four machines and doing it manually must be very demanding. : And again see my above confusion with EGP. OK, there's sooo much yet to learn for me ... Keep buzzing when I do something wrong, I'm very *happy* with getting corrected. :) virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" [EMAIL PROTECTED] -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: IGMP queries
EGP hasn't been in wide use for probably 7 or 8 years now. I think the real problem with this dynamic link issue and keeping the connection up is that the default policy is wrong. You ought to specify what sort of traffic is "important" and should cause a dynamic link to be established (and kept up), rather than trying to exclude things. For example, you'd probably not want to have NTP establish or keep your link up; perhaps not DNS, either. Probabably you'd want TCP/SSH or TCP/HTTPD though. louie To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
IGMP queries
My isp's router is sending me IGMP queries. 18:25:07.850008 212.242.151.2 224.0.0.1: 212.242.151.2 224.0.0.1: igmp v2 query [intvl 10]igmp query [ttl 1] I think it keeps my user-ppp connection open, even if I have this rule in my firewall: $fwcmd add 65432 deny ip from 212.242.151.2 to any If it is true, how can I filter it to stop resetting the idle-timeout? I'm on flat rate now, but even so I don't want to be online 24h/day... Btw, can I use IGMP to something useful/interesting/funny? Leif To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: IGMP queries
On Sat, Dec 30, 2000 at 18:32 +0100, Leif Neland wrote: My isp's router is sending me IGMP queries. 18:25:07.850008 212.242.151.2 224.0.0.1: 212.242.151.2 224.0.0.1: igmp v2 query [intvl 10]igmp query [ttl 1] Ask your provider to not do it. :) Do you run any multicast enabled applications, anyhow? If not, all of the 224.0.0.0/4 stuff is not needed ... I think it keeps my user-ppp connection open, even if I have this rule in my firewall: $fwcmd add 65432 deny ip from 212.242.151.2 to any If it is true, how can I filter it to stop resetting the idle-timeout? If you use ppp(8) -- you don't state what your uplink looks like, whether it's an analog modem / ISDN / DSL / plain ethernet / whatever -- there are four filter lists: those packets allowed to pass in, those to pass out, those to trigger dialing and those to keep the session alive. All the lists can be positive or negativ, but are somewhat limited in their length and flexibility. Maybe this feature will help you, although all of the above is what I got from reading "man 8 ppp" and not from personal experience. :( Btw, can I use IGMP to something useful/interesting/funny? AFAIK it's some kind of dynamic route establishment (learning about topology by listening to what your neighbour knows about the network). Home users and small LANs won't need it IMHO, maybe WAN links will benefit? But I'm definitely not keen on having "the world" tell me where to send my packets to. I just hand the traffic to my provider's dialin port. : virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" [EMAIL PROTECTED] -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
