Re: [6.x patchset] Ipfw nat and libalias modules
I'm having a bit of trouble backporting 7.x to 6.x, 6.2 Release specifically. Before I continue down this road, in the name of not re-inventing the wheel twice, does anyone already have a current patch which will work on 6.2 ? Thank You! AFAIK no. -- bye, P. ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [6.x patchset] Ipfw nat and libalias modules
On Wed, Sep 05, 2007 at 09:41:50PM -0500, Chris Bowman (Home) wrote: I was recently testing the in kernel nat patch, which is an absolutely wonderful addition in my opinion. I have however run into one issue, when for example I do the following : ipfw nat 10 config ip 2.2.2.2 [snip] Where did you get the 6.x patch? Did you find a tarball around or you backported the code from 7.x? In the first case, that patch is old and buggy, and AFAIK the bug you encountered was due to an uninitialized conditional variable. bye, P. I'm having a bit of trouble backporting 7.x to 6.x, 6.2 Release specifically. Before I continue down this road, in the name of not re-inventing the wheel twice, does anyone already have a current patch which will work on 6.2 ? Thank You! Chris Bowman ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [6.x patchset] Ipfw nat and libalias modules
On Wed, Sep 05, 2007 at 09:41:50PM -0500, Chris Bowman (Home) wrote: I was recently testing the in kernel nat patch, which is an absolutely wonderful addition in my opinion. I have however run into one issue, when for example I do the following : ipfw nat 10 config ip 2.2.2.2 [snip] Where did you get the 6.x patch? Did you find a tarball around or you backported the code from 7.x? In the first case, that patch is old and buggy, and AFAIK the bug you encountered was due to an uninitialized conditional variable. bye, P. ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [6.x patchset] Ipfw nat and libalias modules
It was indeed the tarball downloaded from http://ubi8.imc.pi.cnr.it/~flag/libalias/libalias.tgz ... Thank you, I'll give the 7.x code a try. Paolo Pisati wrote: On Wed, Sep 05, 2007 at 09:41:50PM -0500, Chris Bowman (Home) wrote: I was recently testing the in kernel nat patch, which is an absolutely wonderful addition in my opinion. I have however run into one issue, when for example I do the following : ipfw nat 10 config ip 2.2.2.2 [snip] Where did you get the 6.x patch? Did you find a tarball around or you backported the code from 7.x? In the first case, that patch is old and buggy, and AFAIK the bug you encountered was due to an uninitialized conditional variable. bye, P. -- ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [6.x patchset] Ipfw nat and libalias modules
On Mon, Jul 03, 2006 at 01:42:36AM +1000, Vini Engel wrote: Paolo Pisati said the following on 15/05/06 08:05: Released a new revision of my libalias+ipfw work as a patchset for 6.x, get it here: http://mercurio.srv.dsi.unimi.it/~pisati/libalias/libalias-6.x.tgz fixed the checksum corruption occurring to redirected/generated traffic to/by a local interface on the nat box. For more info: http://wikitest.freebsd.org/moin.cgi/PaoloPisati Hi guys, I was wondering how stable this is at the moment? I am very keen on using it on my production box(es) but would like to hear someone else's experience first. i know there're people using it on their productions boxes and i didn't hear anyone complaining, so i assume the code is stable. BTW i just started to cleanup my patch for HEAD, but it'll take a bit before i finish everything, so fell free to use the previous patch. bye -- Paolo Piso's first law: nothing works as expected! ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [6.x patchset] Ipfw nat and libalias modules
Paolo Pisati said the following on 15/05/06 08:05: Released a new revision of my libalias+ipfw work as a patchset for 6.x, get it here: http://mercurio.srv.dsi.unimi.it/~pisati/libalias/libalias-6.x.tgz fixed the checksum corruption occurring to redirected/generated traffic to/by a local interface on the nat box. For more info: http://wikitest.freebsd.org/moin.cgi/PaoloPisati Hi guys, I was wondering how stable this is at the moment? I am very keen on using it on my production box(es) but would like to hear someone else's experience first. Thanks, Vini ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to [EMAIL PROTECTED]
[6.x patchset] Ipfw nat and libalias modules
Released a new revision of my libalias+ipfw work as a patchset for 6.x, get it here: http://mercurio.srv.dsi.unimi.it/~pisati/libalias/libalias-6.x.tgz fixed the checksum corruption occurring to redirected/generated traffic to/by a local interface on the nat box. For more info: http://wikitest.freebsd.org/moin.cgi/PaoloPisati -- Paolo le influenze esterne sono troppe, il mondo reale non e' mica quello fatato dei komunisti :-p - Anonymous Lumbard ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [6.x patchset] Ipfw nat and libalias modules
Patrick Tracanelli wrote: Probably you dont have the latest RELENG_6 code or it is not in sync (say, manually modified). I have ipfw nat running on -RC1 and -RC2, i386 and amd64 and with clean src the patch applies perfectly. Yes, I try again. And I get error again! cd /usr/obj rm ALL cd /usr/src make clean make clean make update (files changed by patch) make update (NONE!!!) Apply You patch. And I get the same error. I install previous patch, and my PC with NAT in-kernel work OK. Can You help me? Thanks! How is your code sync'ed? Which RELENG from which date? Try rm -rf sys/modules/libalias sys/modules/ipfw sys/conf/files/ cvsug -g -L2 -h cvsup.freebsd.org /usr/share/examples/cvsup/stable-supfile cd /usr/src/ cp patch . patch -p3 patch Do a world build. I am considering your code is not in sync with recent RELENG_6. If it is -RC2 try only rm -rfing the mentioned subdirectories and cvsup. BTW I have static IPFIREWALL so I added options LIBALIAS to my kernel conf file Yes, I find the problem. The problem was in two new files alias_dummy.c and alias_mod.c. Becouse this files is new cvsup don't delete them and patch append to old file (and append, and append, ...) (I didn't try cvsup -D options) When I edit (left only one source, insted of many) compile is OK. Now, I think that we have to make some ipfw example code for NAT in-kernel with and without keep-state/chack-state . I start in monday with stateful ipfw. Thanks for help me!!! (Now I have FreeBSD 6.1) ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [6.x patchset] Ipfw nat and libalias modules
Now, I think that we have to make some ipfw example code for NAT
in-kernel with and without keep-state/chack-state .
I start in monday with stateful ipfw.
Thanks for help me!!!
(Now I have FreeBSD 6.1)
I haven't tried with keep-state yes (dont even know if keep-state is
ready to maintain nat state, I think it is not). The box which is
taking me to internet right now at my building is ipfw nat, for wired
and wireless networks. Here are the running rules:
([EMAIL PROTECTED])~# ipfw show | grep nat
2 19812654104938057 nat 20 ip from { 10.69.69.0/24 or
172.16.69.0/24 } to any out via sis0
20100 27128929 37927915720 nat 20 ip from any to any in via sis0
([EMAIL PROTECTED])~# ipfw nat 20 show config
ipfw nat 20 config if sis0 log unreg_only redir_port tcp
10.69.69.13:4662 4662 redir_port tcp 10.69.69.39:80 3980 redir_port tcp
10.69.69.39:6969 3969
([EMAIL PROTECTED])~# grep nat /etc/rc.firewall
$fwcmd nat 20 config if sis0 log unreg_only redir_port tcp
10.69.69.13:4662 4662 redir_port tcp 10.69.69.39:80 3980 redir_port tcp
10.69.69.39:6969 3969
$fwcmd add 2 set 20 nat 20 all from $redes to any out via $ife
$fwcmd add 20100 set 20 nat 20 all from any to any in via $ife
I have some more enviroments running NAT in in different IPs with
prob, for testing purposes. I can print configs next week, since I
cant access those boxes on weekends.
I hope it helps as example, I have just rewriten selective divert
which I used before into nat rules.
BTW (offside note): Next week I will add a TinyBSD image with ipfw nat
(FreeBSD 6.1) on www.tinybsd.org, so if anyone want to try ipfw nat in
their soekris/wrap/whatever boards, hang on untill wednesday.
--
Patrick Tracanelli
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [6.x patchset] Ipfw nat and libalias modules
Paolo Pisati wrote: I just released a new revision of my libalias+ipfw work as a patchset for 6.x, get it here: http://mercurio.srv.dsi.unimi.it/~pisati/libalias/libalias-6.x.tgz To apply it: cp libalias_ipfw.patch /usr/src cd /usr/src patch -p3 libalias_ipfw.patch then you have to recompile install: kernel, sbin/ipfw, sbin/natd, sbin/ppp, lib/libalias, sys/modules/ipfw, sys/modules/libalias or simply do a world. When I do: cd /usr/src make update (2006-05-05) make clean ... and cp libalias_ipfw.patch /usr/src cd /usr/src patch -p3 libalias_ipfw.patch and make kernel I get the error as follows: ... stage 3.1: making dependencies ... === libalias (depend) === libalias/kld-cuseeme (depend) /usr/src/sys/modules/libalias/kld-cuseeme/../../../conf/kmod.mk, line 177: warning: duplicate script for target alias_cuse /usr/src/sys/modules/libalias/kld-cuseeme/../../../conf/kmod.mk, line 182: warning: duplicate script for target alias_cuse /usr/src/sys/modules/libalias/kld-cuseeme/../../../conf/kmod.mk, line 198: warning: duplicate script for target alias_cuse /usr/src/sys/modules/libalias/kld-cuseeme/../../../conf/kmod.mk, line 202: warning: duplicate script for target alias_cuse /usr/src/sys/modules/libalias/kld-cuseeme/../../../conf/kmod.mk, line 209: warning: duplicate script for target alias_cuse /usr/src/sys/modules/libalias/kld-cuseeme/../../../conf/kmod.mk, line 254: warning: duplicate script for target @ ignored /usr/src/sys/modules/libalias/kld-cuseeme/../../../conf/kmod.mk, line 254: warning: duplicate script for target machine i /usr/src/sys/modules/libalias/kld-cuseeme/../../../conf/kmod.mk, line 446: warning: duplicate script for target lint igno @ - /usr/src/sys machine - /usr/src/sys/i386/include rm -f .depend mkdep -f .depend -a -nostdinc -nostdinc -D_KERNEL -DKLD_MODULE -DHAVE_KERNEL_OPTION_HEADERS -D_KERNEL -DKLD_MODULE -I- -I- cc1: error: -I- specified twice mkdep: compile failed *** Error code 1 Stop in /usr/src/sys/modules/libalias/kld-cuseeme. *** Error code 1 Stop in /usr/src/sys/modules/libalias. *** Error code 1 Stop in /usr/src/sys/modules. *** Error code 1 Stop in /usr/obj/usr/src/sys/GENERIC. *** Error code 1 Stop in /usr/src. *** Error code 1 . Also whel I do make buildworld I get: ... stage 4.2: building libraries ... === lib/libalias (all) === lib/libalias/lib-cuseeme (all) /usr/src/share/mk/bsd.lib.mk, line 110: warning: duplicate script for target libalias_cuseeme.a ignored /usr/src/share/mk/bsd.lib.mk, line 111: warning: duplicate script for target libalias_cuseeme.a ignored /usr/src/share/mk/bsd.lib.mk, line 112: warning: duplicate script for target libalias_cuseeme.a ignored /usr/src/share/mk/bsd.lib.mk, line 113: warning: duplicate script for target libalias_cuseeme.a ignored /usr/src/share/mk/bsd.lib.mk, line 138: warning: duplicate script for target libalias_cuseeme.so.4 ignored /usr/src/share/mk/bsd.lib.mk, line 139: warning: duplicate script for target libalias_cuseeme.so.4 ignored /usr/src/share/mk/bsd.lib.mk, line 141: warning: duplicate script for target libalias_cuseeme.so.4 ignored /usr/src/share/mk/bsd.lib.mk, line 145: warning: duplicate script for target libalias_cuseeme.so.4 ignored /usr/src/share/mk/bsd.lib.mk, line 181: warning: duplicate script for target _EXTRADEPEND ignored cc -O2 -fno-strict-aliasing -pipe -march=pentium-mmx -Werror -Werror -c /usr/src/lib/libalias/lib-cuseeme/../../../sys/neti net/libalias/alias_cuseeme.c building static alias_cuseeme library ranlib libalias_cuseeme.a cc -fpic -DPIC -O2 -fno-strict-aliasing -pipe -march=pentium-mmx -Werror -Werror -c /usr/src/lib/libalias/lib-cuseeme/../.. /../sys/netinet/libalias/alias_cuseeme.c -o alias_cuseeme.So building shared library libalias_cuseeme.so.4 === lib/libalias/lib-dummy (all) /usr/src/share/mk/bsd.lib.mk, line 110: warning: duplicate script for target libalias_dummy.a ignored /usr/src/share/mk/bsd.lib.mk, line 111: warning: duplicate script for target libalias_dummy.a ignored /usr/src/share/mk/bsd.lib.mk, line 112: warning: duplicate script for target libalias_dummy.a ignored /usr/src/share/mk/bsd.lib.mk, line 113: warning: duplicate script for target libalias_dummy.a ignored /usr/src/share/mk/bsd.lib.mk, line 138: warning: duplicate script for target libalias_dummy.so.4 ignored /usr/src/share/mk/bsd.lib.mk, line 139: warning: duplicate script for target libalias_dummy.so.4 ignored /usr/src/share/mk/bsd.lib.mk, line 141: warning: duplicate script for target libalias_dummy.so.4 ignored /usr/src/share/mk/bsd.lib.mk, line 145: warning: duplicate script for target libalias_dummy.so.4 ignored /usr/src/share/mk/bsd.lib.mk, line 181: warning: duplicate script for target _EXTRADEPEND ignored cc -O2 -fno-strict-aliasing -pipe -march=pentium-mmx -Werror -Werror -c /usr/src/lib/libalias/lib-dummy/../../../sys/netine t/libalias/alias_dummy.c /usr/src/lib/libalias/lib-dummy/../../../sys/netinet/libalias/alias_dummy.c:235:
Re: [6.x patchset] Ipfw nat and libalias modules
Nenad Gavrilovic wrote: Paolo Pisati wrote: I just released a new revision of my libalias+ipfw work as a patchset for 6.x, get it here: http://mercurio.srv.dsi.unimi.it/~pisati/libalias/libalias-6.x.tgz To apply it: cp libalias_ipfw.patch /usr/src cd /usr/src patch -p3 libalias_ipfw.patch then you have to recompile install: kernel, sbin/ipfw, sbin/natd, sbin/ppp, lib/libalias, sys/modules/ipfw, sys/modules/libalias or simply do a world. When I do: cd /usr/src make update (2006-05-05) make clean ... and cp libalias_ipfw.patch /usr/src cd /usr/src patch -p3 libalias_ipfw.patch strange... is your src tree clean? cd /usrc/src find . -name *.rej lets's see if some patch didn't apply. P. ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [6.x patchset] Ipfw nat and libalias modules
Nenad Gavrilovic wrote: Paolo Pisati wrote: I just released a new revision of my libalias+ipfw work as a patchset for 6.x, get it here: http://mercurio.srv.dsi.unimi.it/~pisati/libalias/libalias-6.x.tgz To apply it: cp libalias_ipfw.patch /usr/src cd /usr/src patch -p3 libalias_ipfw.patch then you have to recompile install: kernel, sbin/ipfw, sbin/natd, sbin/ppp, lib/libalias, sys/modules/ipfw, sys/modules/libalias or simply do a world. When I do: cd /usr/src make update (2006-05-05) make clean ... and cp libalias_ipfw.patch /usr/src cd /usr/src patch -p3 libalias_ipfw.patch and make kernel I get the error as follows: Probably you dont have the latest RELENG_6 code or it is not in sync (say, manually modified). I have ipfw nat running on -RC1 and -RC2, i386 and amd64 and with clean src the patch applies perfectly. -- Patrick Tracanelli FreeBSD Brasil LTDA. (31) 3281-9633 / 3281-3547 [EMAIL PROTECTED] http://www.freebsdbrasil.com.br Long live Hanin Elias, Kim Deal! ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [6.x patchset] Ipfw nat and libalias modules
Paolo Pisati wrote: Nenad Gavrilovic wrote: Paolo Pisati wrote: I just released a new revision of my libalias+ipfw work as a patchset for 6.x, get it here: http://mercurio.srv.dsi.unimi.it/~pisati/libalias/libalias-6.x.tgz To apply it: cp libalias_ipfw.patch /usr/src cd /usr/src patch -p3 libalias_ipfw.patch then you have to recompile install: kernel, sbin/ipfw, sbin/natd, sbin/ppp, lib/libalias, sys/modules/ipfw, sys/modules/libalias or simply do a world. When I do: cd /usr/src make update (2006-05-05) make clean ... and cp libalias_ipfw.patch /usr/src cd /usr/src patch -p3 libalias_ipfw.patch strange... is your src tree clean? YES!!! When I get error in first time I do: cd /usr/obj rm ALL cd /usr/src make clean make clean make update and apply You patch. Again I get same error. cd /usrc/src find . -name *.rej NONE!!! lets's see if some patch didn't apply. P. ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to [EMAIL PROTECTED]
[6.x patchset] Ipfw nat and libalias modules
I just released a new revision of my libalias+ipfw work as a patchset for 6.x, get it here: http://mercurio.srv.dsi.unimi.it/~pisati/libalias/libalias-6.x.tgz To apply it: cp libalias_ipfw.patch /usr/src cd /usr/src patch -p3 libalias_ipfw.patch then you have to recompile install: kernel, sbin/ipfw, sbin/natd, sbin/ppp, lib/libalias, sys/modules/ipfw, sys/modules/libalias or simply do a world. With this patch you get: -ipfw nat + redirect + LSNAT support -libalias modules (both in user and kernel land) -for kernel land, all the libalias modules are installed in /boot/kernel as alias_*.ko. -for user land (natd ppp), modules are shared lib loaded according to /etc/libalias.conf. To reload modules for a known process, just 'kill -HUP $PID' it. -natd ppp are patched to use libalias modules If your natd/ppp/ipfw behaves strangely after you applied my patch (i.e. active ftp stops working), remember to check libalias modules. Some ipfw examples: ipfw add nat 666 all from any to any via $IF ipfw nat 666 confg ip 192.168.0.1 # nat with a fixed address ipfw nat 666 confg if $IF log # dynamic if addr nat and logging ipfw nat 666 confg if $IF redir_port ...# redirect support with ipfw nat 666 confg if $IF redir_addr ...# linkspec natd syntax, ipfw nat 666 confg if $IF redir_proto ... # LSNAT works too. # different ipfw rules can be redirected to use # the same nat instance ipfw add nat 666 all from $IP1 to any via $IF1 ipfw add nat 666 all from any to any via $IF2 out ipfw add nat 666 all from $IP2 to $IP3 ipfw nat show # see logs ipfw nat show config# nat configuration To load/unload a libalias module (kernel): kldload alias_ftp # active ftp work ok now kldunload alias_ftp To load/unload a libalias module (user): [edit /etc/libalias.conf and add/cut needed modules] kill -HUP $PID For more info see the readme inside the archive. TODO: Not tested on SMP !i386, logging ability should be improved(right now it's the same as original libalias), documentation should be man-pagified, patchset for 7.x, etcetc bye -- Paolo le influenze esterne sono troppe, il mondo reale non e' mica quello fatato dei komunisti :-p - Anonymous Lumbard ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to [EMAIL PROTECTED]
