On Wed, 20 Dec 2023 21:32:45 +0100
Michael Gmelin wrote:
> On Wed, 20 Dec 2023 18:04:36 +0100
> "Patrick M. Hausen" wrote:
>
> > Hi all,
> >
> > as some probably know we provide web hosting services and we use
> > jails for that.
> >
>
ps://reviews.freebsd.org/D43135
As far as I can tell the issue is cosmetic (unless, of course, you have
automation based on libifconfig or the output of the ifconfig command).
Best
Michael
--
Michael Gmelin
> On 21. Jun 2023, at 20:03, bob prohaska wrote:
>
> On Wed, Jun 21, 2023 at 10:45:25AM -0700, Mark Millard wrote:
>>> On Jun 21, 2023, at 10:24, bob prohaska wrote:
>>>
>>> I've got a Pi4 running -current that seems to selectively drop ssh
>>> connections.
>>
>> Only when the ssh has
> On 1. Mar 2023, at 11:35, Yuri wrote:
>
> Windows system connects to FreeBSD through ssh and then this connection dies
> because of WiFi or VPN issues.
>
> FreeBSD still has the sshd process alive for this connection for 30+ minutes.
>
> TCP keepalive is enabled on the FreeBSD host:
>
ick flags S/SA keep state (max-src-conn 100, \
max-src-conn-rate 15/5, overload flush global) \
tagged pass_rate_limit
Using the "pass quick" rule early in your pf.conf will make sure it is
applied instead of other matching rules.
Cheers
Michael
--
Michael Gmelin
> On 15. Aug 2022, at 08:52, Milan Obuch wrote:
>
> Hi,
>
> some time ago I managed to design and implement multi-tenant OpenVPN
> server using vnet jails. This way I am able to use more OpenVPN
> instances on single public IP.
>
> This is made possible using tun/tap interface property
s?
Best
Michael
>
> Thanks a lot to both of you anyway :)
>
>
> Benoît
>
> --- Original Message ---
> On Monday, August 15th, 2022 at 13:01, Michael Gmelin
> wrote:
>
>
> >
> > On Mon, 15 Aug 2022 10:07:54 +
> > Benoit C
t;
> What does happen when the promiscuous mode is enabled? I'm not sure
> to understand what is the issue :/
>
Does giving the interface also an IPv4 address make a
difference, e.g. ifconfig_ql0="inet 10.0.0.1/24"?
Best
Michael
--
Michael Gmelin
It only happens on an RSS-enabled kernel with if hw.ncpu>1.
I wrote a script to reproduce the issue (warning: it messes with
networking and overwrites /etc/pf.conf):
https://people.freebsd.org/~grembo/epair_hang_ping.sh
Best
Michael
--
Michael Gmelin
On Sun, 10 Apr 2022 21:12:56 +0800
moremo...@outlook.com wrote:
> I have tried `ping -4 google.com`, it's failed too.
>
> On 2022/4/10 下午8:24, Michael Gmelin wrote:
> >
> >
> > > On 10. Apr 2022, at 07:27, k simon wrote:
> > >
> > > Hi,
&
> On 10. Apr 2022, at 07:27, k simon wrote:
>
> Hi,
> After kp@'s recently epair patch, I tried enable options RSS with Vnet jail,
> then found in these jail, 'ping 8.8.8.8' works as normal, and 'drill
> google.com' works ok. But 'ping google.com' nor other command fails resolving
> the
On Thu, 17 Mar 2022 13:37:28 +0100
Johan Hendriks wrote:
> On 16/03/2022 11:36, Michael Gmelin wrote:
> >
> > On Wed, 16 Mar 2022 11:10:30 +0100
> > Santiago Martinez wrote:
> >
> >> Guys, do you want me to run a pre/post patch perf test?
> >
for offering your help.
Kristof already did some tests and reported that results look ok[0], but
more testing is always welcome (RSS and non-RSS).
Best
Michael
[0]https://reviews.freebsd.org/D34569#783301
--
Michael Gmelin
On Tue, 15 Mar 2022 10:30:41 -0600
Kristof Provost wrote:
> On 14 Mar 2022, at 18:02, Michael Gmelin wrote:
> > On Mon, 14 Mar 2022 09:09:49 -0600
> > Kristof Provost wrote:
> >
> >> On 14 Mar 2022, at 7:44, Michael Gmelin wrote:
> >>> On Sun
On Tue, 15 Mar 2022 01:02:30 +0100
Michael Gmelin wrote:
> snip .
> Hi Kristof,
>
> This sounds plausible. I spent a few hours getting familiar with the
> epair code and came up with a patch that seems to fix the issue at
> hand (both with and without RSS
On Mon, 14 Mar 2022 09:09:49 -0600
Kristof Provost wrote:
> On 14 Mar 2022, at 7:44, Michael Gmelin wrote:
> > On Sun, 13 Mar 2022 17:53:44 +
> > "Bjoern A. Zeeb" wrote:
> >
> >> On 13 Mar 2022, at 17:45, Michael Gmelin wrote:
> >>
> On 13. Mar 2022, at 18:16, Bjoern A. Zeeb
> wrote:
>
> On 13 Mar 2022, at 16:33, Michael Gmelin wrote:
>> It's important to point out that this only happens with kern.ncpu>1.
>> With kern.ncpu==1 nothing gets stuck.
>>
>> This perfectly fits
3.185.2: icmp_seq=3 ttl=64 time=0.158 ms
64 bytes from 10.233.185.2: icmp_seq=4 ttl=64 time=0.081 ms
64 bytes from 10.233.185.2: icmp_seq=5 ttl=64 time=0.093 ms
At which point it gets stuck. The exact moment when this happens
differs between runs, but it happens every time on my test host and
always within a couple of seconds.
It's important to point out that this only happens with kern.ncpu>1.
With kern.ncpu==1 nothing gets stuck.
This perfectly fits into the picture, since, as pointed out by Johan,
the first commit that is affected[0] is about multicore support.
Cheers
Michael
[0]
https://cgit.freebsd.org/src/commit/?id=24f0bfbad57b9c3cb9b543a60b2ba00e4812c286
--
Michael Gmelin
> On 13. Mar 2022, at 14:07, Patrick M. Hausen wrote:
>
> Hi all,
>
> i was a bit puzzled by Michael using bhyve trying to reproduce.
> Up until now I thought bhyve uses tap and not epair?
>
In my setup, FreeBSD 14 runs on a bhyve vm, hosting the jails, which use vnet.
Bare metal ->
> On 13. Mar 2022, at 11:27, Johan Hendriks wrote:
>
>
>
> Op zo 13 mrt. 2022 01:17 schreef Michael Gmelin :
>> I also gave it another go (this time with multiple CPUs assigned to the vm),
>> still works just fine - so I think we would need more details about
- Block custom ip's and logs
> block quick proto { tcp, udp } from to $ext_if
>
> # Jail poorten
> pass in quick on { $ext_if } proto tcp from any to 10.233.185.22 port { smtp
> 80 443 993 995 1956 } keep state
> pass in quick on { $ext_if } proto tcp from any to 10.233.185.
/${name}";
> host.hostname = "${name}.${domain}";
>
>
> web01 {
> $ip = 18;
> }
I changed web01 to be the same setup as haproxy (that is, a full jail
based in /storage/jails/${name}), as I didn't really know how it worked
in your setup.
>
> haproxy {
> $ip = 20;
> mount.fstab = "";
> path = "/storage/jails/${name}";
> }
Best
Michael
--
Michael Gmelin
> On 12. Mar 2022, at 01:21, Kristof Provost wrote:
>
> On 11 Mar 2022, at 17:44, Johan Hendriks wrote:
>>> On 09/03/2022 20:55, Johan Hendriks wrote:
>>> The problem:
>>> I have a FreeBSD 14 machine and a FreeBSD 13-stable machine, both running
>>> the same jails just to test the workings.
> On 13. Feb 2022, at 11:45, Andrea Venturoli wrote:
>
>
>> On 2/12/22 13:38, Michael Gmelin wrote:
>> Maybe the switch or something it’s connected to uses vrrp?
>
> The switch has no options about VRRP, AFAICT (unless it can be called by a
> different nam
> On 19. Oct 2021, at 23:16, Mike Karels wrote:
>
> Rod wrote:
>
>>> I plan to do some cleanup of the residual code defining and using the
>>> old Internet network classes (A/B/C), which have been obsolete since
>>> CIDR took hold. This is an outline of what I plan, as it will happen
>>>
On Mon, 12 Apr 2021 19:57:40 +0200
Michael Gmelin wrote:
> On Mon, 12 Apr 2021 17:45:36 +0300
> Özkan KIRIK wrote:
>
> > root@f13:~ # jls -s -j client
> > devfs_ruleset=0 enforce_statfs=2 host=new ip4=inherit ip6=inherit
> > jid=2 name=client osreldate=1300
low.unprivileged_proc_debug children.max=0
> host.domainname="" host.hostid=0 host.hostname=""
> host.hostuuid=----
I can reproduce the issue now, I'll try to dig deeper into it.
-m
>
> On Mon, Apr 12, 2021 at 3:39 PM Michael Gmelin
L,0) = 52
> (0x34) select(5,{ 4 },0x0,0x0,0x0) = 1 (0x1)
> recvfrom(4,"l\0\0\0\0\0\0\0\0\0\0\M-K\0\0\0"...,19,0,NULL,0x0) = 19
> (0x13) select(5,{ 4 },0x0,0x0,0x0) = 1 (0x1)
> recvfrom(4,"\^E\a\0\M^]\0\0\0\0\0\0\0\0\0\0"...,203,0,NULL,0x0) = 203
> (0xcb) select(
rg mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
--
Michael Gmelin
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman
v6.
> ifconfig_bge0_ipv6="inet6 xxx"
Putting "up" in there is just fine.
> ifconfig_bge0_aliases="inet6 yyy"
I usually do something like this (as I like to rename interface based
on their architectural role in
On Sat, 27 Feb 2021 21:45:16 +
"Bjoern A. Zeeb" wrote:
> On 27 Feb 2021, at 20:34, Doug Hardie wrote:
>
> >
> >> On Feb 27, 2021, at 11:06, Michael Gmelin wrote:
> >>
> >>
> >>
> >>> On 27. Feb 2021, at 19:
> On 27. Feb 2021, at 19:21, Doug Hardie wrote:
>
>
>>> On 27 February 2021, at 04:37, Michael Gmelin wrote:
>>>
>>>
>>>
>>>> On 27. Feb 2021, at 08:21, Doug Hardie wrote:
>>>
>>> From the Handbook:
>>&g
> On 27. Feb 2021, at 08:21, Doug Hardie wrote:
>
> From the Handbook:
>
> 32.9.2. Configuring IPv6
> To configure a FreeBSD system as an IPv6 client, add these two lines to
> rc.conf:
>
> ifconfig_rl0_ipv6="inet6 accept_rtadv"
> rtsold_enable="YES"
>
> This does not work. I have in
> On 28. Oct 2020, at 18:10, D'Arcy Cain wrote:
>
> On 10/28/20 10:27 AM, Michael Gmelin wrote:
>> Can you (afford to) reboot the machine reliably? If so, schedule a reboot
>> using "shutdown -r +10" and then bring down the the interface to see if it
&
> On 28. Oct 2020, at 12:32, D'Arcy Cain wrote:
>
> On 10/27/20 2:58 PM, Michael Gmelin wrote:
>
> I hope you don't mind but I reverted this conversation back to the list in
> case it gives someone else any ideas.
>
>> Hi,
>> I tried to reproduce the probl
ow your son to enter the credentials (pretty
much like you would do on hotel wifi).
Cheers,
Michael
[0]https://en.wikipedia.org/wiki/Captive_portal
--
Michael Gmelin
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo
> On 8. Sep 2020, at 15:23, Julien Cigar wrote:
>
> On Tue, Sep 01, 2020 at 10:13:23AM +0200, Julien Cigar wrote:
>>> On Mon, Aug 31, 2020 at 01:55:52PM +0200, Michael Gmelin wrote:
>>>
>>>
>>>> On 31. Aug 2020, at 10:37, Julien Cigar wrote
> On 31. Aug 2020, at 10:37, Julien Cigar wrote:
>
> On Fri, Aug 28, 2020 at 04:52:01PM +0200, Julien Cigar wrote:
>> Hello,
>>
>> I have a "highly available" router/firewall with the following
>> configuration (1). Those are plugged in two 2930F (with VSF) using LACP.
>> It works well,
On Tue, 7 Jul 2020 12:08:35 +0200
Michael Gmelin wrote:
> On Mon, 6 Jul 2020 22:58:54 +0200
> Niclas Zeising wrote:
>
> > On 2020-07-06 13:05, Niclas Zeising wrote:
> > > Hi!
> > > Is it possible to specify a link-local address in rc.conf, and get
&
t; as well.
>
> Working configuration (apart from no IPv4)
> ifconfig_vtnet0_ipv6="inet6 fe80::1/64"
> ifconfig_vtnet0_alias0="inet6 2001:6b8::/64""
>
This works:
ifconfig_vtnet0="inet6 -auto_linklocal"
ifconfig_vtnet0_ipv6="up"
if
e-tune things when they run into cases
> like this.
Exactly my thoughts for a while now. There are more examples like this
(e.g., you run a service and host the database in the same
jail/on the same machine, you want to have a dependency on the database
being up, et
On Thu, 2 Nov 2017 16:21:01 +0100
Marko Cupać <marko.cu...@mimar.rs> wrote:
> On Thu, 2 Nov 2017 15:42:55 +0100
> Michael Gmelin <gre...@freebsd.org> wrote:
>
> > On Thu, 2 Nov 2017 13:19:31 +0100
> > Marko Cupać <marko.cu...@mimar.rs> wrote:
> >
On Thu, 2 Nov 2017 13:19:31 +0100
Marko Cupać <marko.cu...@mimar.rs> wrote:
> On Mon, 30 Oct 2017 22:46:35 +0100
> Michael Gmelin <gre...@freebsd.org> wrote:
>
> > You can use fibs with net.add_addr_allfibs=0 to get separate routing
> > tables (comes with it
> On 30. Oct 2017, at 22:26, Eugene Grosbein wrote:
>
> 31.10.2017 4:08, Farhan Khan пишет:
>> Hi all,
>>
>> I am trying to experiment with setting up two jails on different VLANs, but
>> have not been able to segment traffic.
>>
>> My configuration was to create vlan1
:00 temp
[root@ ~]# ifconfig bge0 alias 10.1.1.2/32
[root@ ~]# arp 10.1.1.2
? (10.1.1.2) at 14:18:77:00:00:00 on bge0 expires in 1178 seconds
[root@ ~]# # ifconfig bge0 alias 10.1.1.2/32
? (10.1.1.2) at 14:18:77:4d:10:61 on bge0 permanent [ethernet]
- Michael
--
Michael Gmelin
& syntax of getting it setup, just settling for the
> way we do 'because it works' - not ideal I guess, so I'd be
> interested to see if there's another way of spec'ing the config in
> rc.conf
>
Could you post the output of ifconfig after boot and while/after
running tcpdump?
--
> On 23 Jun 2016, at 14:14, Karl Pielorz wrote:
>
>
> --On 23 June 2016 11:53 +0100 Karl Pielorz wrote:
>
>> This gets increasingly weird if I run tcpdump on the 10.3 box. The act of
>> running 'tcpdump -i lagg1.30 -n' actually fixes the
ing the IP address configured
not creating a permanent entry in the local ARP table for its own
interface.
- Michael
--
Michael Gmelin
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any ma
ction is something like this:
sysctl net.add_addr_allfibs=0
vlan1: fib 1
vlan2: fib 2
route add -host 10.1.1.33 -interface vlan2 -fib 1
route add -host 10.2.1.32 -interface vlan1 -fib 2
...
--
Michael Gmelin
___
freebsd-net@freebsd.org mailing
The following reply was made to PR kern/179901; it has been noted by GNATS.
From: Michael Gmelin free...@grem.de
To: Mikolaj Golub troc...@freebsd.org
Cc: bug-follo...@freebsd.org
Subject: Re: kern/179901: [netinet] [patch] Multicast SO_REUSEADDR handled
incorrectly
Date: Wed, 26 Jun 2013 15:03
The following reply was made to PR kern/179901; it has been noted by GNATS.
From: Michael Gmelin free...@grem.de
To: Mikolaj Golub troc...@freebsd.org
Cc: bug-follo...@freebsd.org
Subject: Re: kern/179901: [netinet] [patch] Multicast SO_REUSEADDR handled
incorrectly
Date: Tue, 25 Jun 2013 13:39
The problem you're referring to was fixed in 7.1 (we had the same issues
in 7.0 i386), so I don't think this is the problem Len is facing.
Balázs Mátéffy wrote:
Hi,
I had a similar error with 7.0, and found reference that there was
problem(as far as I can remember there was an issue with
Aragon Gouveia wrote:
Hi,
Is it just me, or does the iwn driver in -CURRENT not play well with
hardware RF switches on notebooks? For me the only resemblence of an
event I see is when I switch off RF - the kernel sends a log to syslog.
wpa_supplicant doesn't pick it up, and neither does
Sam Wun wrote:
Hi,
With FreeBSD 7.2Stable,
I have done this many times before.
After about a month left the jail behind, now when I done a
/etc/rc.d/jail start and ssh into it, I ended up login to the host
system.
Here is the network configuraiton of the host system and the jail system:
54 matches
Mail list logo