Wireless PCI or PCIe card recommendations
Hi, Since upgrading my hardware, my old Netgear WG311T PCI card causes the FreeBSD 8 kernel to freeze at boot time. I've also tested FreeBSD 9 beta 1. I'm looking for a replacement card - either PCI, or PCI Express. I need a card that can do Multi-Base Station or Virtual Access Points. Kind regards, Geoff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Can I bridge the same subnet across a VPN?
Hi David and others, Thanks for the feedback. On Thu, 5 May 2011 07:24:13 am David Brodbeck wrote: The problem I've always found with bridged solutions is they don't cope well under heavy traffic loads when the VPN link is slower than the LANs they're bridging between. And the VPN link is usually slower if it's over a WAN. The link tends to get saturated. Was this easy to measure, and how did you measure this - dropped packets on the bridge interface? Kind regards, Geoff -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Can I bridge the same subnet across a VPN?
Hi, Is it possible to join two sites with the same subnet across a VPN? I have two sites that have the same subnet/mask. I need these two separated networks to behave as one across a VPN. All configuration examples I've come across so far assume that each site will have a different subnet. Eg, one site with 192.168.1.0/24 the other with 192.168.2.0/24 I control the firewalls at each end. One will be a pfsense firewall, the other an existing FreeBSD 7.4 system. For example I would want to be able to do the following: Site A Site B -- -- Firewall A 10.1.1.3 - Firewall B 10.1.1.4 | | Subnet: 192.168.20.0/24 Subnet: 192.168.20.0/24 Happy to use either IPSec or OpenVPN to actually encrypt the traffic. Kind regards, Geoff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: zpool won't mount as dataset stuck
Hi, On Sun, 28 Nov 2010 04:30:48 pm Geoff Roberts wrote: Long and short is I can see the tank zpool without a problem, but whenever I try to import it the disk light flashes every second and the datasets won't mount. I can run a history command on tank and that shows the following repeated every second (tgx keeps incrementing by one): 2010-11-28.15:08:33 [internal rollback txg:9645688] dataset = 222 [user root on systemname.com] 2010-11-28.15:08:34 [internal rollback txg:9645689] dataset = 222 [user root on systemname.com] Just for reference, I was able to use the steps below to recover the data of the zpool that was stuck. The steps below were done using virtual machines. The zpool history command was a great help as well. a) Created a FreeBSD 9.0 system and applied a ZFS v28 patch for a few features that looked useful for my problem. i) Ability to mount zpool in readonly ii) Ability to mount zpool with -N (do not mount datasets) iii) Ability to mount zpool with -T to specify a particular transaction set. In the end I didn't need this feature. b) Took an image of one of the mirror partitions housing the zpool using dd and transferred that to a file on a stand UFS2 file system. This was so I could work on a copy and transfer the data on an external hard disk to the FreeBSD 9.0 virtual machine. c) Used mdconfig to mount the file image on the FreeBSD 9.0 system. d) I was able to use zpool import -o readonly=on -N poolname The readonly option in particular seemed to stop the last transaction continually attempting to run in an endless loop. e) I could then see the datasets. From here I was able to mount them and recover all the data. Geoff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
zpool won't mount as dataset stuck
Hi, In a slight panic here as my main ZFS pool tank won't mount. I have two ZFS pools on two different drives - a system pool on a single disk called data and a mirrored pool on two disks called tank. The tank zpool contains all my jails and non-system boot type data. I was wanting to test FreeBSD 8.2-PRERELEASE and therefore took a snapshot of data and tank: zfs snapshot -r d...@pre82 zfs snapshot -r t...@pre82 tank seemed to hang on the above command for ages and I had to Ctrl-C. Long and short is I can see the tank zpool without a problem, but whenever I try to import it the disk light flashes every second and the datasets won't mount. I can run a history command on tank and that shows the following repeated every second (tgx keeps incrementing by one): 2010-11-28.15:08:33 [internal rollback txg:9645688] dataset = 222 [user root on systemname.com] 2010-11-28.15:08:34 [internal rollback txg:9645689] dataset = 222 [user root on systemname.com] The zpool seems to be stuck. What should I do from here? Is there a way to freeze dataset operations so I can at least mount them? Other thoughts and questions I had: a) What would be the best way to take a raw image of the zpool so I can work on a copy of the zpool rather than the original? b) Would it be worth trying to import the zpool on FreeBSD current or OpenSolaris? Any help greatly appreciated. Kind regards, Geoff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Configuring VLANs - Why is IP address require on NIC connected to Trunk?
Hi, On Fri, 19 Jun 2009 12:16:18 am Nikos Vassiliadis wrote: Geoff Roberts wrote: I find I have to give the ext0 interface an IP address in order for routing and packet filtering to work on the attached VLANs. a) Is there a way to configure this so that I don't have to give ext0 an IP address? Yes, you just have to up the interface: ifconfig_em0=up Thanks to all who responded. I believe marking the interface as up will be the source of the issue. I'll be able to restart the server in a couple of days and verify everything works after a restart. It has been one of those nagging issues that eventually bubbled to the top of the list. Kind regards, Geoff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Configuring VLANs - Why is IP address require on NIC connected to Trunk?
Hi, I am currently using FreeBSD 7.2 - although the configuration below was originally configured on FreeBSD 7.0. I have a working VLAN configuration - two VLANS on one interface. Let's call the interface ext0 and the VLANS bound to this interface vlan0 and vlan1 The interface ext0 is actually a symbolic name for the real interface (NIC) - done using ifconfig_em0_name=ext0 in rc.conf. I find I have to give the ext0 interface an IP address in order for routing and packet filtering to work on the attached VLANs. a) Is there a way to configure this so that I don't have to give ext0 an IP address? In reality ext0 actually does nothing and has no traffic directed to or from it. I would much rather have ext0 without an IP address, as then I don't have to worry about firewall rules etc. b) If I do have to give the ext0 interface an IP address are there any general standards on IP address and mask to specify? c) Should I also specify firewall rules in pf such as the following or will these rules cause other things to break. block in on ext0 from any to (ext0) block out on ext0 from (ext0) to any Kind regards, Geoff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How can I link two separate internal networks to two separate external networks
Hi Mike,
On Tue, 23 Dec 2008 04:14:51 am you wrote:
I think this will work. Let's assume:
$vlan10_if - macro for your tagged VLAN 10 interface
$vlan20_if - macro for your tagged VLAN 20 interface
$vlan50_if - macro for your tagged VLAN 50 interface
$vlan60_if - macro for your tagged VLAN 60 interface
$vlan50_gw = 10.10.10.9
$vlan60_gw = 10.10.10.13
pass in on $vlan10_if route-to ($vlan50_if $vlan50_gw) from any to any
pass in on $vlan20_if route-to ($vlan60_if $vlan60_gw) from any to any
That would be in conjunction with your NAT's and any RDR's as well.
Spot on! Thanks for that, it worked like a charm.
I have a couple more questions below. Firstly, just for completeness, I've
listed what the NAT and RDRs look like for others that may be interested.
$vlan10_server - macro for IP address of server on vlan10
nat on $vlan50_if proto {tcp udp icmp} from $vlan10_if to any - ($vlan50_if)
rdr on $vlan50_if proto tcp from any to ($vlan50_if) port 80 - $vlan10_server
port 80
pass in on $vlan50_if inet proto tcp from any to $vlan10_server port 80
pass out on $vlan50_if inet proto { tcp udp icmp } from ($vlan50_if) to any
Remaining questions:
a) I found I didn't need a reply-to statement on the redirect for the vlan50
interface above. Could someone elaborate or point to a URL that might help
explain a little more why this wasn't needed and in what circumstance I might
need a reply-to statement.
There isn't much about reply-to in the pf pdf. Since my default route is on
vlan60 as opposed to vlan50 where the redirect is, you'd think I need a
reply-to at first glance.
Is the single route-to (pass in on $vlan10_if route-to ($vlan50_if $vlan50_gw)
from any to any) covering me here?
If I had a redirect such as:
rdr on $vlan50_if proto tcp from any to ($vlan50_if) port 80 - $vlan20_server
port 80
would I need a reply-to?
b) I've also found I needed to assign IP addresses (doesn't matter what they
are) to the actual interfaces the VLANs sit on within the FreeBSD box (int0
and ext0).
If not, things don't appear work. Should this be necessary, and if so why? If
I shouldn't need IP addresses on the actual interfaces themsleves I've
probably mucked up someting else in the pf rules :)
For example:
ext0 (192.168.1.1)
|
--
||
vlan50 vlan60
Thanks again for your help,
Geoff
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
How can I link two separate internal networks to two separate external networks
Hi, I have a FreeBSD 7.0 box with pf. I have two internal networks (intnet0 and intnet1) and two internal networks (extnet0 and extnet1). extnet0 and extnet1 are two different gateways to the internet. I only have one physical internal (int0) and one physical external (ext0) interface. Traffic from intnet0 needs to go out on extnet0 Traffic from intnet1 needs to go out on extnet1 (consider this a default route for any traffic not going out on extnet0). What are some suggested ways of doing this? Assume addresses are (these are made up, but hopefully help paint the picture): intnet0 - 192.168.50.0/24 extnet0 - 10.10.10.8/30 - extnet0 address 10.10.10.8.10 - default route 10.10.10.9 - broadcast 10.10.10.11 intnet1 - 192.168.60.0/24 extnet1 - 10.10.10.12/30 - extnet1 address 10.10.10.14 - default route 10.10.10.13 - broadcast 10.10.10.15 So far I have created vlans via a switch on each interface to multiplex the connections: vlan10 - 192.168.50.0/24 and vlan20 - 192.168.60.0/24 come in on a single cable to int0. vlan50 - 10.10.10.8/30 and vlan60 - 10.10.10.12/30 come in on a single cable to ext0. However, since I have the defaultroute set for 10.10.10.13 all traffic from intnet0 is going out on vlan60 whereas i want it to go out on vlan50. Am I going about this the wrong way? Thanks, Geoff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
ftp from jails using a proxy
Hi, I am using FreeBSD 7.0. I have a server with a single network interface - ext0. On this server I have a number of jails attached to a pseudo network interface - lo1. lo1 has the following IP address range: 10.1.1.0/24 (ifconfig create lo1) I also have jails attached to the external interface ext0 I would like to be able to ftp from the jails on the pseudo interface (lo1) as well as the external interface (ext). For a range of reasons I want to avoid a pass out all option on the external interface ext0. I therefore tried using ftp-proxy. However, I can never get the redirect to connect to ftp-proxy in the pf rules, no matter which interface or address I place it on. I'm beginning to think that redirects to ftp-proxy will only work when there is incoming traffic on a separate physical interface. Redirecting from a pseudo interface doesn't seem to work. See notes below for configuration. How would you suggest I get this working? Is there are a better way to set this up? I'd prefer to use passive ftp if possible. Notes on ftp-proxy configuration I can verify the fact ftp is not be redirected via the proxy by running the proxy in debug: ftp-proxy -d -D 7 -b (ext0) where (ext0) is the external IP address I never get any connections logged by the proxy. I can't use 127.0.0.1 as jails can't connect to this address. In my pf rules I have nat-anchor ftp-proxy/* rdr-anchor ftp-proxy/* rdr on ext0 proto tcp from any to any port 21 - (ext0) port 8021 rdr on lo1 proto tcp from any to any port 21 - (ext0) port 8021 anchor ftp-proxy/* pass out log proto tcp from any to any port 21 label FTP -- ACCEPT Kind regards, Geoff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
