Re: IPFW - Two External Interfaces
your rules don't forward ping to isp2, only port 80 ... try 00400 divert 8869 ip from any to any in via bge1 00450 divert 8868 ip from any to any in via em0 00500 check-state #Check for internal_system port 80 traffic 0600 skipto 900 from $internal_system to $remote_system 80 keep-state #Send Most Traffic out via bge1 00700 divert 8869 ip from $local_net to any in keep-state 00750 divert 8869 ip from $local_net to any out keep-state #Send special traffic out via em0 00900 divert 8868 ip from $local_net to any in 00950 divert 8868 ip from $local_net to any out #policy route to get traffic to the correct ISP 02000 fwd $isp2_gw ip from $isp2_ip to any 02500 fwd $isp1_gw ip from $isp1_ip to any 65000 allow ip from any to any --- the key to this config is line 600, what ever it matches will go to line 700 and get the isp address, then get routed to isp 2. With this config a ping won't match, only a port 80 or http request ... .Andrew On 5/16/06, PFS IT [EMAIL PROTECTED] wrote: I am attempting to use IPFW (and either IPNAT or natd) to do the following: I have two connections to the outside world coming in to my firewall. em0 has a static ip and is going to a bridged DSL connection, then bge1 has a static ip and is going to a a few bonded DS1s. bge0 goes to my internal network. I am attempting to have NAT on both external interfaces, and have most outbound traffic move across bge1, while traffic from/to a particular internal system (We'll call it internal_system for purposes of this message) to/from a particular remote system (This we'll call remote_system) port 80 moves across the DSL line on em0. Here is an attempt at a pretty ascii picture ISP 1 [192.168.2.254] | | [bge1:192.168.2.1] FIREWALL[bge0:10.0.0.1]---[10.0.0.2]internal_system [em0:192.168.1.1] | | [192.168.1.254] ISP 2 Here are the rules I've tried using in congunction with natd: #Send incoming traffic to natd 00400 divert 8869 ip from any to any in via bge1 00450 divert 8868 ip from any to any in via em0 00500 check-state #Check for internal_system port 80 traffic 0600 skipto 900 from $internal_system to $remote_system 80 #Send Most Traffic out via bge1 00700 divert 8869 ip from $local_net to any in 00750 divert 8869 ip from $local_net to any out #Send special traffic out via em0 00900 divert 8868 ip from $internal_system to $remote_system 80 in 00950 divert 8868 ip from $remote_system to $remote_system 80 out #policy route to get traffic to the correct ISP 02000 fwd $isp2_gw ip from $isp2_ip to any 02500 fwd $isp1_gw ip from $isp1_ip to any Two instances of natd are running, one on port 8868 with an alias address of $isp1_ip, the other is on port 8869 with an alias address of $isp2_ip With the above ipfw rules in place, a $ping -S $isp2_ip google.com Should result in a ping across em0 to google, however it acts as though it cannot even reach the $isp2_gw. I have been able to get everything to work exactly as I want it to using pf on FreeBSD, but I've been told that ipfw is preferred within the organization. Any suggestions would be greatly appreciated. Jared Baldridge Systems Administrator PFS ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: problem with aue card
Mine is on 10/100 network, and negotiates 100mb everytime, still functions ok, no issues at all (other than LEDS) Andrew -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Mitchell Sent: 09 October 2003 17:48 To: Alexey Koptsevich Cc: [EMAIL PROTECTED] Subject: Re: problem with aue card On Thu, Oct 09, 2003 at 03:23:15AM -0400, Alexey Koptsevich wrote: Hi, I have a problem with the network card Linksys USB100TX. The hardware itself is known to be working, but not under FreeBSD. Here is dmesg: Oct 8 21:10:39 pyosik kernel: aue0: LINKSYS Inc. LINKSYS USB Adapter, rev 1.10/1.01, addr 2 Oct 8 21:10:40 pyosik kernel: aue0: Ethernet address: 00:e0:98:82:f3:e6 Oct 8 21:10:40 pyosik kernel: miibus1: MII bus on aue0 Oct 8 21:10:40 pyosik kernel: bmtphy0: BCM5201 10/100baseTX PHY on miibus1 Oct 8 21:10:40 pyosik kernel: bmtphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto After loading if_ep the interface appears in the output of ifconfig, but Oct 8 21:18:17 pyosik kernel: aue0: MII read timed out When I then try 'dhclient aue0', I get thousands of messages aue0: usb error on rx: IOERROR Any piece of advice how to make this card work would be appreciated. Are you on a 100Mbps network? Our driver seems to have issues with this device on such networks, although it seems to work fine on 10Mbps connections. Scott -- === Scott Mitchell | PGP Key ID | Eagles may soar, but weasels Cambridge, England | 0x54B171B9 | don't get sucked into jet engines scott at fishballoon.org | 0xAA775B8B | -- Anon ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: 51 getting pcmcia to start before bootnfs
Hi, Is there a way to get the pcmcia card recognized for boot_nfs with diskless booting ? The bootpc module starts just before pccard, although it does start after usb, and seems to work on a usb nic. ? Andrew ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: snort + trunk + cat6500 + vacls
Read http://www.cisco.com/en/US/customer/products/hw/switches/ps700/products_ tech_note09186a008015c612.shtml Basically you hook up your snort interface to the switch, then tell the switch to span out the relevant vlans to that port, as far as I'm aware, these packets will be missing the tag header when they come out the span port, so you will see them as if they were all on your local wire.. Look at snort support groups for more details. .Andrew -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Sent: 10 October 2003 00:38 To: [EMAIL PROTECTED] Subject: snort + trunk + cat6500 + vacls i'm testing out alternatives for using span ports or inline taps and came across a doc on using vlan acls to capture data and send them to a port for sniffing. From what i under stand the sniffer port needs to be a trunk port. What i don't really understand is how freebsd is going to work with the trunk. Do i need a vlan interface for every vlan in the trunk, or do i only need one vlan interface to match the native vlan of the trunk? Also what should i be sniffing? the vlan interface(s) or the real interface? btw i'm no switch engineer so go easy on me :) oh, and one more thing. debug.bpf_bufsize: 4096 - shold this be increased or will snort overide this number? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: problem with aue card
Works fine for me on 5.1, although the LED's don't function Make sure aue and mii are compiled in the kernel. .Andrew -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alexey Koptsevich Sent: 09 October 2003 08:23 To: [EMAIL PROTECTED] Subject: problem with aue card Hi, I have a problem with the network card Linksys USB100TX. The hardware itself is known to be working, but not under FreeBSD. Here is dmesg: Oct 8 21:10:39 pyosik kernel: aue0: LINKSYS Inc. LINKSYS USB Adapter, rev 1.10/1.01, addr 2 Oct 8 21:10:40 pyosik kernel: aue0: Ethernet address: 00:e0:98:82:f3:e6 Oct 8 21:10:40 pyosik kernel: miibus1: MII bus on aue0 Oct 8 21:10:40 pyosik kernel: bmtphy0: BCM5201 10/100baseTX PHY on miibus1 Oct 8 21:10:40 pyosik kernel: bmtphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto After loading if_ep the interface appears in the output of ifconfig, but Oct 8 21:18:17 pyosik kernel: aue0: MII read timed out When I then try 'dhclient aue0', I get thousands of messages aue0: usb error on rx: IOERROR Any piece of advice how to make this card work would be appreciated. Thanks, Alex ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Diskless 4.8
Hi, Wondering if there is someone that can help me with setting up Diskless ? I have got a far as booting the kernel, dhcp gets address, root-path, swap-path and swap-size, then. Adjusted interface xl0 Shutdown interface faith0 Mounted root from nfs: NFS ROOT: 192.168.1.2:/pxeroot NFS SWAP: 192.168.1.2:/netswapvolume/netswap/ And then the system hangs indefinitely (I assume while doing something with /sbin/init) Two other quick questions 1) does diskless work in 5.1 2) can pcmcia be used for diskless (I don't think the card is recognized in time for boot) Thanks in advance ! .Andrew ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
