Re: FreeBSD as a router
I prefer pfSense. it started as a fork of M0n0wall and has since incorporated a LOT more features. it uses pf as its filter base and is fully expandable using plugins -- From: Derrick Ryalls ryal...@gmail.com Sent: Thursday, June 11, 2009 10:33 AM To: Wojciech Puchar woj...@wojtek.tensor.gdynia.pl Cc: freebsd-questions@freebsd.org; Ivailo Tanusheff i.tanush...@procreditbank.bg; Odhiambo ワシントン odhia...@gmail.com; owner-freebsd-questi...@freebsd.org; Anton an...@sng.by Subject: Re: FreeBSD as a router You might also check out monowall. It is a stripped down version of FreeBSD that can run off a small flash card and has a web interface. On Jun 11, 2009 6:05 AM, Wojciech Puchar woj...@wojtek.tensor.gdynia.pl wrote: powerful. Hmm, PF would be better (not IPF) but I hear ipfw ha smore features . basicly - if you think ipfw can't do something - read manual again ;) exaggerated, but not very much... ___ freebsd-questions@freebsd.org mailing list http://l... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FreeBSD as a router
Hello all, I'm new to FreeBSD and I'm seeking help. For entire time I have been making everything with Windows, but now I'm stumbled upon problem, where only router on FreeBSD + IPFW could help me. I have installed FreeBSD, compiled kernel, found how to launch VPN connection to ISP. But, further, I don't know how to go :-( I could not figure out how to start natd and make routing with next rules: 1) Connection to Internet are made via VPN to ISP, but ISP have some internal resources free of charge, which are accessible without VPN. How to explain natd and ipfw that all users may go to these free resources without pipe and unlimited to all users 2) How to give all users right to go to the Internet by UDP 27015-27050 and TCP 27015-27050 (Steam) with pipe. -- -- Best regards, Antonmailto:an...@sng.by Administrator Feel free to contact me via ICQ 363780596 via Skype dobryak47 via phone +375 29 3320987 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD as a router
For entire time I have been making everything with Windows, but now I'm stumbled upon problem, where only router on FreeBSD + IPFW could help me. I have installed FreeBSD, compiled kernel, found how to launch VPN connection to ISP. But, further, I don't know how to go :-( I could not figure out how to start natd and make routing with next rules: 1) Connection to Internet are made via VPN to ISP, but ISP have some internal resources free of charge, which are accessible without VPN. How to explain natd and ipfw that all users may go to these free resources without pipe and unlimited to all users 2) How to give all users right to go to the Internet by UDP 27015-27050 and TCP 27015-27050 (Steam) with pipe. natd is now part of ipfw (but older userland natd is still available) man ipfw Yes it's complex but DO SPEND FEW HOURS and read in from beginning to end! I did the same some time ago and it's really worth of it. Both point 1 and 2 is just simple thing for that great tool, just make rule for free resources with skipto command, or reverse rule matching queue command. After reading, feel free to post me priv for some help, but i don't think you'll need it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD as a router
Hi, I am not sure that FreeBSD + IPFW is the best option for you as you have not read how to use it yet. So I may suggest you use man ipfw and google a little bit - the answers are simple. Also I may suggest you to use ipf, which is in my point of view far more powerful. Regards, Ivailo Tanusheff Deputy Head of IT Department ProCredit Bank (Bulgaria) AD Anton an...@sng.by Sent by: owner-freebsd-questi...@freebsd.org 11.06.2009 12:01 Please respond to Anton an...@sng.by To freebsd-questions@freebsd.org cc Subject FreeBSD as a router Hello all, I'm new to FreeBSD and I'm seeking help. For entire time I have been making everything with Windows, but now I'm stumbled upon problem, where only router on FreeBSD + IPFW could help me. I have installed FreeBSD, compiled kernel, found how to launch VPN connection to ISP. But, further, I don't know how to go :-( I could not figure out how to start natd and make routing with next rules: 1) Connection to Internet are made via VPN to ISP, but ISP have some internal resources free of charge, which are accessible without VPN. How to explain natd and ipfw that all users may go to these free resources without pipe and unlimited to all users 2) How to give all users right to go to the Internet by UDP 27015-27050 and TCP 27015-27050 (Steam) with pipe. -- -- Best regards, Antonmailto:an...@sng.by Administrator Feel free to contact me via ICQ 363780596 via Skype dobryak47 via phone +375 29 3320987 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD as a router
So I may suggest you use man ipfw and google a little bit - the answers are simple. Also I may suggest you to use ipf, which is in my point of view far more powerful. you are joking or just don't know ipfw. i used both, ipf when i used NetBSD and then in FreeBSD a bit, until i learned how to use ipfw. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD as a router
On Thu, Jun 11, 2009 at 2:55 PM, Ivailo Tanusheff i.tanush...@procreditbank.bg wrote: Hi, I am not sure that FreeBSD + IPFW is the best option for you as you have not read how to use it yet. So I may suggest you use man ipfw and google a little bit - the answers are simple. Also I may suggest you to use ipf, which is in my point of view far more powerful. Hmm, PF would be better (not IPF) but I hear ipfw ha smore features . -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ If you have nothing good to say about someone, just shut up!. -- Lucky Dube ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD as a router
powerful. Hmm, PF would be better (not IPF) but I hear ipfw ha smore features . basicly - if you think ipfw can't do something - read manual again ;) exaggerated, but not very much... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD as a router
You might also check out monowall. It is a stripped down version of FreeBSD that can run off a small flash card and has a web interface. On Jun 11, 2009 6:05 AM, Wojciech Puchar woj...@wojtek.tensor.gdynia.pl wrote: powerful. Hmm, PF would be better (not IPF) but I hear ipfw ha smore features . basicly - if you think ipfw can't do something - read manual again ;) exaggerated, but not very much... ___ freebsd-questions@freebsd.org mailing list http://l... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD as a router
My bad - I DID mean PF, no idea where the I came from. Sorry about that, maybe because of the mail program I use. I use both PF and IPFW in our organization and PF is much more powerful and resource lighten. Regards, Ivailo Tanusheff Deputy Head of IT Department ProCredit Bank (Bulgaria) AD Odhiambo ワシントン odhia...@gmail.com Sent by: owner-freebsd-questi...@freebsd.org 11.06.2009 15:42 To Ivailo Tanusheff i.tanush...@procreditbank.bg cc owner-freebsd-questi...@freebsd.org, freebsd-questions@freebsd.org, Anton an...@sng.by Subject Re: FreeBSD as a router On Thu, Jun 11, 2009 at 2:55 PM, Ivailo Tanusheff i.tanush...@procreditbank.bg wrote: Hi, I am not sure that FreeBSD + IPFW is the best option for you as you have not read how to use it yet. So I may suggest you use man ipfw and google a little bit - the answers are simple. Also I may suggest you to use ipf, which is in my point of view far more powerful. Hmm, PF would be better (not IPF) but I hear ipfw ha smore features . -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ If you have nothing good to say about someone, just shut up!. -- Lucky Dube ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD as PF/Router/Firewall dying on the vine
Hello Jeremy: On 10/6/08 9:30 PM, Jeremy Chadwick [EMAIL PROTECTED] wrote: On Mon, Oct 06, 2008 at 06:08:50PM -0700, Michael K. Smith - Adhost wrote: Hello All: We have a load balanced pair of PF boxes sitting in front of a whole bunch of server doing all manner of things! It's been working great up until today when it, well, didn't. Here's what I see in top -S. PID USERNAME THR PRI NICE SIZERES STATE C TIME WCPU COMMAND 14 root 1 -44 -163 0K 8K CPU1 0 44:21 88.18% swi1: net 11 root 1 171 52 0K 8K RUN0 24:58 53.32% idle: cpu0 10 root 1 171 52 0K 8K RUN1 17:44 35.50% idle: cpu1 24 root 1 -68 -187 0K 8K *Giant 0 5:30 11.62% irq16: em2 uhci3 23 root 1 -68 -187 0K 8K WAIT 0 1:27 3.08% irq25: em1 25 root 1 -68 -187 0K 8K WAIT 1 1:16 2.64% irq17: em3 This is 6.3 with Intel 1000 Fiber and Copper interfaces, all using the 'em' driver. Also, there are 15 VLAN's configured on one of the NIC's for subnet separation. If anyone has any ideas I'm all ears. My google-fu is coming up empty with the swi1: net Can you explain what the problem is? Sorry it took so long to reply. We actually got the issue resolved, but I wanted to make sure our fix actually worked. Here is what the problem/solution is. The problem was significant packet loss and connectivity issue to and through the PF server. Even pinging the loopback address on the server itself was returning 4 ms times. The problem was a very busy NFS server with clients on the same VLAN, but on a different subnet. So, we had a VLAN interface on em1 that had two address ranges attached, 10.255.0.0/16 and 10.212.6.0/16. The NFS server was on the 10.255 and the clients were on the 10.212. Even though they were on the same VLAN, they weren't directly ARP'able, so all traffic (400 - 600 Mb/sec) between them had to be processed by the server. When we moved the clients on to the same subnet as the server, everything stabilized. I think this was an issue of bad design on my part. Regards, Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD as PF/Router/Firewall dying on the vine
Hello All: We have a load balanced pair of PF boxes sitting in front of a whole bunch of server doing all manner of things! It's been working great up until today when it, well, didn't. Here's what I see in top -S. PID USERNAME THR PRI NICE SIZERES STATE C TIME WCPU COMMAND 14 root 1 -44 -163 0K 8K CPU1 0 44:21 88.18% swi1: net 11 root 1 171 52 0K 8K RUN0 24:58 53.32% idle: cpu0 10 root 1 171 52 0K 8K RUN1 17:44 35.50% idle: cpu1 24 root 1 -68 -187 0K 8K *Giant 0 5:30 11.62% irq16: em2 uhci3 23 root 1 -68 -187 0K 8K WAIT 0 1:27 3.08% irq25: em1 25 root 1 -68 -187 0K 8K WAIT 1 1:16 2.64% irq17: em3 This is 6.3 with Intel 1000 Fiber and Copper interfaces, all using the 'em' driver. Also, there are 15 VLAN's configured on one of the NIC's for subnet separation. If anyone has any ideas I'm all ears. My google-fu is coming up empty with the swi1: net Thank You, Mike PGP.sig Description: PGP signature
Re: FreeBSD as PF/Router/Firewall dying on the vine
On Mon, Oct 06, 2008 at 06:08:50PM -0700, Michael K. Smith - Adhost wrote: Hello All: We have a load balanced pair of PF boxes sitting in front of a whole bunch of server doing all manner of things! It's been working great up until today when it, well, didn't. Here's what I see in top -S. PID USERNAME THR PRI NICE SIZERES STATE C TIME WCPU COMMAND 14 root 1 -44 -163 0K 8K CPU1 0 44:21 88.18% swi1: net 11 root 1 171 52 0K 8K RUN0 24:58 53.32% idle: cpu0 10 root 1 171 52 0K 8K RUN1 17:44 35.50% idle: cpu1 24 root 1 -68 -187 0K 8K *Giant 0 5:30 11.62% irq16: em2 uhci3 23 root 1 -68 -187 0K 8K WAIT 0 1:27 3.08% irq25: em1 25 root 1 -68 -187 0K 8K WAIT 1 1:16 2.64% irq17: em3 This is 6.3 with Intel 1000 Fiber and Copper interfaces, all using the 'em' driver. Also, there are 15 VLAN's configured on one of the NIC's for subnet separation. If anyone has any ideas I'm all ears. My google-fu is coming up empty with the swi1: net Can you explain what the problem is? -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Using FreeBSD as a router
Robert Fitzpatrick wrote: It's time to upgrade my old Cisco 10Mbps router and I am seriously considering using FreeBSD. I have found some solutions and wonder what one would recommend here on the list... Solution 1: http://tomclegg.net/256-router Solution 2: http://m0n0.ch/wall/index.php I want to duplicate my Cisco setup. It has 4 Ethernet ports with the WAN subnet assigned to the WAN port and 3 different subnets assigned to each of the remaining 3 ports leading to their VLANs on the switch. Looking for advise from those who have used the above solutions and their experiences. Thanks in advance! -- Robert ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Monowall is very nice, I have a pentium pro 200 with 256 meg of ram on a 6meg small business circuit with 3 vpn tunnels to remote sites that have a Cisco 831, cisco pix 501, and cisco pix515. The server runs at about 10% average and it took literally about 10 minutes to set all of this up. The problem you may have with monoowall and I need to refresh myself with the documentation again but I believe it only supports 3 network interfaces. If you populate the box with Intel pro 1000 gigabit network cards they do support vlan tagging though. Good luck and let us know what you might end up with. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Using FreeBSD as a router
It's time to upgrade my old Cisco 10Mbps router and I am seriously considering using FreeBSD. I have found some solutions and wonder what one would recommend here on the list... Solution 1: http://tomclegg.net/256-router Solution 2: http://m0n0.ch/wall/index.php I want to duplicate my Cisco setup. It has 4 Ethernet ports with the WAN subnet assigned to the WAN port and 3 different subnets assigned to each of the remaining 3 ports leading to their VLANs on the switch. Looking for advise from those who have used the above solutions and their experiences. Thanks in advance! -- Robert ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Using FreeBSD as a router
Robert Fitzpatrick skrev: It's time to upgrade my old Cisco 10Mbps router and I am seriously considering using FreeBSD. I have found some solutions and wonder what one would recommend here on the list... Solution 1: http://tomclegg.net/256-router Solution 2: http://m0n0.ch/wall/index.php pfSense is also very nice! http://www.pfsense.com/ /Henrik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Using FreeBSD as a router
You can easily do the Freebsd firewall just by following the FBSD handbook or go to http://mostgraveconcern.com/freebsd/ and look at the article on Setting up a network gateway -- Brent Bailey CCNA Bmyster LLC Computer Networking and Webhosting Network Sytems Engineer, President [EMAIL PROTECTED] --RIP Brother Dime-- -- Original Message --- From: Robert Fitzpatrick [EMAIL PROTECTED] To: FreeBSD freebsd-questions@freebsd.org Sent: Wed, 20 Sep 2006 12:11:32 -0400 Subject: Using FreeBSD as a router It's time to upgrade my old Cisco 10Mbps router and I am seriously considering using FreeBSD. I have found some solutions and wonder what one would recommend here on the list... Solution 1: http://tomclegg.net/256-router Solution 2: http://m0n0.ch/wall/index.php I want to duplicate my Cisco setup. It has 4 Ethernet ports with the WAN subnet assigned to the WAN port and 3 different subnets assigned to each of the remaining 3 ports leading to their VLANs on the switch. Looking for advise from those who have used the above solutions and their experiences. Thanks in advance! -- Robert ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] --- End of Original Message --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
using freebsd for a router
I dont want to start a flame/war here...but was *just* wondering... I currently use OpenBSD-3.8 for my router (T-1 with many statics) and then use FreeBSD-6.0 for my servers (web/mail/DNS...) I am debating on just standardizing to all FreeBSD. It seems the security is quite the same - but I dont know about performance pros/cons. It seems that the 'pf' that comes with FreeBSD 6.0 is equal to that within OBSD 3.8. So all things considered - is there any advantage to using FreeBSD for a router or just keeping things the way they are? Thanks for any comments or flames (I suppose). -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: using freebsd for a router
JD Bronson wrote: I dont want to start a flame/war here...but was *just* wondering... I currently use OpenBSD-3.8 for my router (T-1 with many statics) and then use FreeBSD-6.0 for my servers (web/mail/DNS...) I am debating on just standardizing to all FreeBSD. It seems the security is quite the same - but I dont know about performance pros/cons. It seems that the 'pf' that comes with FreeBSD 6.0 is equal to that within OBSD 3.8. So all things considered - is there any advantage to using FreeBSD for a router or just keeping things the way they are? Thanks for any comments or flames (I suppose). -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] As a freebsd advocate, my first reponse is yes - go for it. T1 speeds not that huge to be routing anyhow, so performance really shouldn't be the key issue as stability and security... ah, now there's where I like OpenBSD. FreeBSD afaik will perform just as well in your situation (assuming nothing out of the ordinary), but just be sure to disable at startup any and all services you don't want/require (ie: sendmail). That's one thing I do like about OpenBSD, default install doesn't startup things like that, they're disabled by default from the get-go. Not to start any flames of my own, know one can do a custom install and have the same result with FreeBSD - just pointing out the 'simple' default install does enable things you'll probably want to disable if just using the machine as a router and/or packet filter/firewall. -- Nathan Vidican [EMAIL PROTECTED] Windsor Match Plate Tool Ltd. http://www.wmptl.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: using freebsd for a router
At 09:01 AM 11/24/2005, Nathan Vidican wrote: Not to start any flames of my own, know one can do a custom install and have the same result with FreeBSD - just pointing out the 'simple' default install does enable things you'll probably want to disable if just using the machine as a router and/or packet filter/firewall. Thanks for the comments. Yes, I always disable anything not absolutely needed on a router. Also, there are no other accounts on the machine but mine and root. :-) -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: using freebsd for a router
JD Bronson wrote: I dont want to start a flame/war here...but was *just* wondering... I currently use OpenBSD-3.8 for my router (T-1 with many statics) and then use FreeBSD-6.0 for my servers (web/mail/DNS...) I am debating on just standardizing to all FreeBSD. It seems the security is quite the same - but I dont know about performance pros/cons. It seems that the 'pf' that comes with FreeBSD 6.0 is equal to that within OBSD 3.8. So all things considered - is there any advantage to using FreeBSD for a router or just keeping things the way they are? Thanks for any comments or flames (I suppose). -JD If you want to push a serious amount of traffic though FreeBSD as router I recommend you use polling, after doing benchmarks I found polling helped push through many magnitudes more data when going past the 100mbit/sec point. Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD server behind router-NAT; how to configure sendmail?
Harald Schmalzbauer wrote: Am Sonntag, 3. April 2005 17:36 schrieb Rob: There is a FAQ, that explains: If you want all outgoing SMTP connections to use port 2525, you can use this in your .mc file: define(`RELAY_MAILER_ARGS', `TCP $h 2525') define(`ESMTP_MAILER_ARGS', `TCP $h 2525') I have put this in my hostname.mc file, but to no avail. I'm probably not familiar enough with sendmail way of doing things. But then this is such a simple thing, that it should be easy. I suppose that with netstat -a, there should be a line with port 2525, if above works. But that is not there. I'm not sure if I understand your problem correctly, but what you did with these defines is that sendmail contacts every other system at port 2525 instead of 25, it's not listening on 2525, hence you can't see a tcp/2525 with netstat -a. But I think it should do what you want, if I understand your description right. If you want sendmail to listen at a custom port these defines are wrong. I don't have them in my mind right now, I'm sure you'll find the M4 defines at the sendmail FAQ, tell me if I can help. Uh? So are the rules above right or not? I'm still confused. The header of that particular FAQ was: How do I send using an alternate port? and that's what I want, unless my English is badly deteriorating, which I often feel like when reading sendmail manual pages :(. Anyway, let's go back to what I want sendmail to do, which is possibly a little more complicated than just shifting to another outgoing port: 1) for local delivery, i.e. users on the PC, deliver to the local mailboxes (does that need port 25?). 2) for outgoing delivery, do that over an ssh-tunnel port, e.g. over port 2525: ssh -N -f -L 2525:localhost:25 smtp.my.isp I can create the ssh-tunnel easily: telnet localhost 2525 connects me to the remote smtp server. As you may have noticed, I am a very newbie to sendmail configuration. Thanks for your help! Rob. __ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD server behind router-NAT; how to configure sendmail?
Emanuel Strobl wrote:\ If you don't have /etc/mail/yourhostname.domain.mc then you should cd to /etc/mail and type make, after you edited the file make all install restart Thanks for your help. I generated the files with this make command, and all just worked out of the box. I can send email, without needing to tell sendmail about my hostname. So far so good. However, next what I need, is using another port for sending emails out. I have googled and read the sendmail FAQs, but I am completely at a loss here. There is a FAQ, that explains: If you want all outgoing SMTP connections to use port 2525, you can use this in your .mc file: define(`RELAY_MAILER_ARGS', `TCP $h 2525') define(`ESMTP_MAILER_ARGS', `TCP $h 2525') I have put this in my hostname.mc file, but to no avail. I'm probably not familiar enough with sendmail way of doing things. But then this is such a simple thing, that it should be easy. I suppose that with netstat -a, there should be a line with port 2525, if above works. But that is not there. Do you have any suggestions how to solve this? Thanks, Rob. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD server behind router-NAT; how to configure sendmail?
Am Sonntag, 3. April 2005 17:36 schrieb Rob: Emanuel Strobl wrote:\ If you don't have /etc/mail/yourhostname.domain.mc then you should cd to /etc/mail and type make, after you edited the file make all install restart Thanks for your help. I generated the files with this make command, and all just worked out of the box. I can send email, without needing to tell sendmail about my hostname. So far so good. However, next what I need, is using another port for sending emails out. I have googled and read the sendmail FAQs, but I am completely at a loss here. There is a FAQ, that explains: If you want all outgoing SMTP connections to use port 2525, you can use this in your .mc file: define(`RELAY_MAILER_ARGS', `TCP $h 2525') define(`ESMTP_MAILER_ARGS', `TCP $h 2525') I have put this in my hostname.mc file, but to no avail. I'm probably not familiar enough with sendmail way of doing things. But then this is such a simple thing, that it should be easy. I suppose that with netstat -a, there should be a line with port 2525, if above works. But that is not there. I'm not sure if I understand your problem correctly, but what you did with these defines is that sendmail contacts every other system at port 2525 insetad of 25, it's not listening on 2525, hence you can't see a tcp/2525 with netstat -a. But I think it should do what you want, if I understand your description right. If you want sendmail to listen at a custom port these defines are wrong. I don't have them in my mind right now, I'm sure you'll find the M4 defines at the sendmail FAQ, tell me if I can help. -Harry Do you have any suggestions how to solve this? Thanks, Rob. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com pgpHRUoD537Aw.pgp Description: PGP signature
FreeBSD server behind router-NAT; how to configure sendmail?
Hi, My ISP provides me with a fixed IP address and a registered hostname. I use a Sitecom DC-207 that serves as a plain router, NAT and 4-port switch, to connect three Windows PCs and one FreeBSD PC simultaneously to the internet. The router gets the fixed IP address, whereas my FreeBSD system gets IP 192.168.123.1 with a fake hostname. The router is configured to redirect the usual TCP/IP server ports to the FreeBSD PC (e.g. ports 22, 25, 80 etc.), which makes the FreeBSD PC a kind of virtual server for my fixed IP address. One of the problems I encounter is this: Sendmail on the FreeBSD PC cannot deliver email, because there seems to be a DNS issue, because the FreeBSD PC does not have an official IP hostname. How do I configure my FreeBSD PC so, that sendmail thinks the PC has the official IP address/hostname provided by my ISP, which is actually used by the router? Or should I follow a different configuration scheme for achieving these goals? Thanks, Rob. __ Do you Yahoo!? Yahoo! Personals - Better first dates. More second dates. http://personals.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD server behind router-NAT; how to configure sendmail?
Am Samstag, 2. April 2005 18:07 schrieb Rob: Hi, My ISP provides me with a fixed IP address and a registered hostname. I use a Sitecom DC-207 that serves as a plain router, NAT and 4-port switch, to connect three Windows PCs and one FreeBSD PC simultaneously to the internet. The router gets the fixed IP address, whereas my FreeBSD system gets IP 192.168.123.1 with a fake hostname. The router is configured to redirect the usual TCP/IP server ports to the FreeBSD PC (e.g. ports 22, 25, 80 etc.), which makes the FreeBSD PC a kind of virtual server for my fixed IP address. One of the problems I encounter is this: Sendmail on the FreeBSD PC cannot deliver email, because there seems to be a DNS issue, because the FreeBSD PC does not have an official IP hostname. You can set the following ine /etc/mail/yourhostname.domain.mc define(`confDOMAIN_NAME', `host.name.fq')dnl host.name.fq is what ever your provider registred for your IP. Make sure there's also a correct A record for that hostname, eg. if it is spam.refuse.org then `host spam.refuse.org` must return your IP and `host IP` must return spam.refuse.org. If you don't have /etc/mail/yourhostname.domain.mc then you should cd to /etc/mail and type make, after you edited the file make all install restart You also may want to define masquerading, like: MASQUERADE_AS(`yourdomain.org') MASQUERADE_DOMAIN(`internal.domain.sth')dnl FEATURE(limited_masquerade)dnl FEATURE(`masquerade_entire_domain') FEATURE(`masquerade_envelope') -Harry How do I configure my FreeBSD PC so, that sendmail thinks the PC has the official IP address/hostname provided by my ISP, which is actually used by the router? Or should I follow a different configuration scheme for achieving these goals? Thanks, Rob. __ Do you Yahoo!? Yahoo! Personals - Better first dates. More second dates. http://personals.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] pgp4rvJ465864.pgp Description: PGP signature
configuring freebsd dhcp server/router to listen on device
Hello, Im trying to move away from my linksys wireless router and move onto an old Pentium 200 Mhz I have. It will be the gateway between my modem and my network. I installed isc-dhcp3 on the box and took the sample dhcp.conf file in the freebsd handbook. I edited this file to suite my needs but I did not see any mention of how to configure dhcpd to listen on a specified device. I searched through freebsd-questions and on google but it turned up nothing. Also I have the book The Complete FreeBSD 4th edition, but it does not mention how to do this configuration either. When I start dhcpd it complains that its not listening on any devices. Basically I just want to know how to set it to listen to my 2nd ethernet card xl0. Thanks in advance for the help. I hope I have provided enough information. Anthony Philipp ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: configuring freebsd dhcp server/router to listen on device
cd /usr/local/etc/ ee rc.isc-dhcpd.conf dhcpd_options=-q # command option(s) dhcpd_ifaces=dc0 # ethernet interface(s) The -q option will turn off the copyright banner that displays during the FBSD boot up and in the DHCP log every time broadcast is issued by the DHCP daemon or when a request is received from a workstation DHCP client. The dc0 is to be replaced with the interface name of the LAN Nic cards you want DHCP service on from your gateway/firewall FBSD system. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Anthony Philipp Sent: Thursday, April 08, 2004 3:42 PM To: [EMAIL PROTECTED] Subject: configuring freebsd dhcp server/router to listen on device Hello, Im trying to move away from my linksys wireless router and move onto an old Pentium 200 Mhz I have. It will be the gateway between my modem and my network. I installed isc-dhcp3 on the box and took the sample dhcp.conf file in the freebsd handbook. I edited this file to suite my needs but I did not see any mention of how to configure dhcpd to listen on a specified device. I searched through freebsd-questions and on google but it turned up nothing. Also I have the book The Complete FreeBSD 4th edition, but it does not mention how to do this configuration either. When I start dhcpd it complains that its not listening on any devices. Basically I just want to know how to set it to listen to my 2nd ethernet card xl0. Thanks in advance for the help. I hope I have provided enough information. Anthony Philipp ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
SNMP FreeBSD as a router.
Hello, FreeBSD gurus! I have a FreeBSD 5.2.1 box that I'm using as a router and I would like to watch how its interfaces are being used. I would like to use MRTG in another FreeBSD box to graph the use of the interfaces, but I do not how to make my router an SNMP agent. How do I do that? Any pointers will be appreciated. Thanks in advance. Eduardo. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SNMP FreeBSD as a router.
I believe that there's an SNMP daemon shipping with FreeBSD. At least, I have one on my FreeBSD 5.2.1 Box and I never installed anything regarding SNMP. /usr/local/sbin/snmpd Cheers, Jorn On Friday 26 March 2004 15:00, Eduardo Viruena Silva wrote: Hello, FreeBSD gurus! I have a FreeBSD 5.2.1 box that I'm using as a router and I would like to watch how its interfaces are being used. I would like to use MRTG in another FreeBSD box to graph the use of the interfaces, but I do not how to make my router an SNMP agent. How do I do that? Any pointers will be appreciated. Thanks in advance. Eduardo. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SNMP FreeBSD as a router.
El 26/26/2004 09:50AM, Jorn Argelo escribio: I believe that there's an SNMP daemon shipping with FreeBSD. At least, I have one on my FreeBSD 5.2.1 Box and I never installed anything regarding SNMP. /usr/local/sbin/snmpd FreeBSD doesnt ship an SNMP daemon with the base system, if it did it would've been placed in /usr/sbin, you can test which port that binary came from using: % pkg_which /usr/local/sbin/snmpd The package you'd want to use for SNMP is net-snmp. -- Breno ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SNMP FreeBSD as a router.
On Friday 26 March 2004 16:09, Breno Colom wrote: El 26/26/2004 09:50AM, Jorn Argelo escribio: I believe that there's an SNMP daemon shipping with FreeBSD. At least, I have one on my FreeBSD 5.2.1 Box and I never installed anything regarding SNMP. /usr/local/sbin/snmpd FreeBSD doesnt ship an SNMP daemon with the base system, if it did it would've been placed in /usr/sbin, you can test which port that binary came from using: % pkg_which /usr/local/sbin/snmpd The package you'd want to use for SNMP is net-snmp. I have net-snmp installed as well, but I can't recall that I ever installed it. I suppose that it is an dependency from something. Thanks for the info Breno. Cheers, Jorn. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SNMP FreeBSD as a router.
El 26/26/2004 09:50AM, Jorn Argelo escribio: I believe that there's an SNMP daemon shipping with FreeBSD. At least, I have one on my FreeBSD 5.2.1 Box and I never installed anything regarding SNMP. /usr/local/sbin/snmpd FreeBSD doesnt ship an SNMP daemon with the base system, if it did it would've been placed in /usr/sbin, you can test which port that binary came from using: % pkg_which /usr/local/sbin/snmpd The package you'd want to use for SNMP is net-snmp. -- Breno ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: SNMP FreeBSD as a router.
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eduardo Viruena Silva Sent: Friday, March 26, 2004 8:00 AM To: [EMAIL PROTECTED] Subject: SNMP FreeBSD as a router. Hello, FreeBSD gurus! I have a FreeBSD 5.2.1 box that I'm using as a router and I would like to watch how its interfaces are being used. I would like to use MRTG in another FreeBSD box to graph the use of the interfaces, but I do not how to make my router an SNMP agent. How do I do that? Any pointers will be appreciated. Thanks in advance. Eduardo. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Eduardo, cd /usr/ports/net/net-snmp make install clean snmpconf -i /etc/rc.conf : snmpd_enable=YES /usr/local/etc/rc.d/snmpd.sh start Andras Kende http://www.kende.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: SNMP FreeBSD as a router.
On Fri, 26 Mar 2004, Andras Kende wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eduardo Viruena Silva Sent: Friday, March 26, 2004 8:00 AM To: [EMAIL PROTECTED] Subject: SNMP FreeBSD as a router. Hello, FreeBSD gurus! I have a FreeBSD 5.2.1 box that I'm using as a router and I would like to watch how its interfaces are being used. I would like to use MRTG in another FreeBSD box to graph the use of the interfaces, but I do not how to make my router an SNMP agent. How do I do that? Any pointers will be appreciated. Thanks in advance. Eduardo. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Eduardo, cd /usr/ports/net/net-snmp make install clean snmpconf -i /etc/rc.conf : snmpd_enable=YES /usr/local/etc/rc.d/snmpd.sh start thank you very much Andras! Andras Kende http://www.kende.com - __ _ * / /###\ / \ __ /\ /\ * / ./ \ * \__|_/ | | / \/ \ | b#| *_ | __ | | __ =.. \ \ \_\#/ / \| / \ | | /\_\/ = \_|* \___\###/ *\_/\_/\__/\__\/_/\__/ = \__/ _ | | ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SNMP FreeBSD as a router.
On Fri, 26 Mar 2004, Breno Colom wrote: El 26/26/2004 09:50AM, Jorn Argelo escribio: I believe that there's an SNMP daemon shipping with FreeBSD. At least, I have one on my FreeBSD 5.2.1 Box and I never installed anything regarding SNMP. /usr/local/sbin/snmpd FreeBSD doesnt ship an SNMP daemon with the base system, if it did it would've been placed in /usr/sbin, you can test which port that binary came from using: % pkg_which /usr/local/sbin/snmpd The package you'd want to use for SNMP is net-snmp. thank you guys! I found it in /usr/ports/net/net-snmp -- Breno - __ _ * / /###\ / \ __ /\ /\ * / ./ \ * \__|_/ | | / \/ \ | b#| *_ | __ | | __ =.. \ \ \_\#/ / \| / \ | | /\_\/ = \_|* \___\###/ *\_/\_/\__/\__\/_/\__/ = \__/ _ | | ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SNMP FreeBSD as a router.
Breno Colom [EMAIL PROTECTED] writes: FreeBSD doesnt ship an SNMP daemon with the base system, if it did it would've It looks to me like it does, but names it basic or Berkeley (?) SNMP deamon: /usr/sbin/bsnmpd I know little of SNMP, and haven't install such a SNMP-related port, but I did this on my 5.2+: $ whereis snmpd snmpd: /usr/src/contrib/bsnmp/snmpd In that dir, I noticed bsnmpd.1, and man bsnmpd gave a snmpd manpage. The OP should have tried studying a locate snmp output, too. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SNMP FreeBSD as a router.
03/26/2004 01:04PM, Gary W. Swearingen wrote: FreeBSD doesnt ship an SNMP daemon with the base system, if it did it would've It looks to me like it does, but names it basic or Berkeley (?) SNMP deamon: /usr/sbin/bsnmpd Ah, yes, crosschecked in a 5.2.1 box, digging a little it seems it's a minimal SNMP implementation coded by Harti Brandt and that has just recently been included in the base system, it's not in 4.9/5.0. More info about bsnmp in: http://people.freebsd.org/~harti/bsnmp/index.html -- Breno ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD box as router adding latency
On Thu, 26 Feb 2004, Aloha Guy wrote: Already tried that and it did improve things a little. I tried setting the HZ to 1000 and it didn't make much of a difference. Is there a larger number that actually works well? You can try higher HZ numbers, but you might run into other problems. Experiment and see. Others have experimented with higher HZ numbers so you might want to check the list archives. Anyway, is a 1ms delay really that bad? -- Chris Dillon - cdillon(at)wolves.k12.mo.us FreeBSD: The fastest, most open, and most stable OS on the planet - Available for IA32, IA64, AMD64, PC98, Alpha, and UltraSPARC architectures - PowerPC, ARM, MIPS, and S/390 under development - http://www.freebsd.org Q: Because it reverses the logical flow of conversation. A: Why is putting a reply at the top of the message frowned upon? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD box as router adding latency
Chris Dillon [EMAIL PROTECTED] wrote: On Thu, 26 Feb 2004, Aloha Guy wrote: Already tried that and it did improve things a little. I tried setting the HZ to 1000 and it didn't make much of a difference. Is there a larger number that actually works well? You can try higher HZ numbers, but you might run into other problems. Experiment and see. Others have experimented with higher HZ numbers so you might want to check the list archives. Anyway, is a 1ms delay really that bad? The 1ms delay isn't that bad if it was 1ms but we're talking about 3-4ms atleast. As for HZ numbers, what should I search for in the archives and on which list since it seems like HZ is also in the dmesg output for the clock generator so it's one of those terms that are used widely. Thanks, John - Do you Yahoo!? Get better spam protection with Yahoo! Mail ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD box as router adding latency
On Feb 26, 2004, at 4:53 PM, Aloha Guy wrote:
Here is the HZ setting:
kern.clockrate: { hz = 100, tick = 1, profhz = 1024, stathz = 128 }
There's your issue right there: if you care about the millisecond level
granularity of network traffic going by this router, you ought to set
HZ to 1000 as documented in man dummynet.
--
-Chuck
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD box as router adding latency
Charles Swiger [EMAIL PROTECTED] wrote: On Feb 26, 2004, at 4:53 PM, Aloha Guy wrote:
Here is the HZ setting:
kern.clockrate: { hz = 100, tick = 1, profhz = 1024, stathz = 128 }
There's your issue right there: if you care about the millisecond level
granularity of network traffic going by this router, you ought to set
HZ to 1000 as documented in man dummynet.
--
-Chuck
Knew I forgot to read something. I guess I forgot all about dummynet is the one doing
the traffic shaping as I never used traffic shaping on the other boxes when they were
used as both Ethernet and T1 routers. I've always had NMBCLUSERS set to 32768 which I
assume is fine. Also, is there a way to use two NICs like a xl0 and a fxp0 and bond
them together with just one IP?
John
-
Do you Yahoo!?
Get better spam protection with Yahoo! Mail
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD box as router adding latency
On Feb 26, 2004, at 5:59 PM, Aloha Guy wrote: Charles Swiger [EMAIL PROTECTED] wrote: There's your issue right there: if you care about the millisecond level granularity of network traffic going by this router, you ought to set HZ to 1000 as documented in man dummynet. [ ... ] Knew I forgot to read something. I guess I forgot all about dummynet is the one doing the traffic shaping as I never used traffic shaping on the other boxes when they were used as both Ethernet and T1 routers. I've always had NMBCLUSERS set to 32768 which I assume is fine. Thats a lot of NMBCLUSTERS, but if you've got the memory you should be okay. Also, is there a way to use two NICs like a xl0 and a fxp0 and bond them together with just one IP? Yes, netgraph. See man ng_one2many -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD box as router adding latency
Charles Swiger [EMAIL PROTECTED] wrote: On Feb 26, 2004, at 5:59 PM, Aloha Guy wrote: Charles Swiger wrote: There's your issue right there: if you care about the millisecond level granularity of network traffic going by this router, you ought to set HZ to 1000 as documented in man dummynet. [ ... ] Knew I forgot to read something. I guess I forgot all about dummynet is the one doing the traffic shaping as I never used traffic shaping on the other boxes when they were used as both Ethernet and T1 routers. I've always had NMBCLUSERS set to 32768 which I assume is fine. Thats a lot of NMBCLUSTERS, but if you've got the memory you should be okay. Also, is there a way to use two NICs like a xl0 and a fxp0 and bond them together with just one IP? Yes, netgraph. See man ng_one2many I actually had the NMBCLUSTERS set that way even with 128MB boxes without issues but the box in question has 2GB of ram so it's not much of a big deal. I tried the ng_one2many and it did help bring things closer to 80Mbps from 60Mbps. I guess the HD is the bottleneck as it's only a notebook and even with the 7200rpm 60GB 2.5 drive, the sustained transfer rate is limited. Tried the HZ 1000 setting and recompiled a new kernel but it didn't really seem to do anything at all. I'm wondering what's the highest setting it will work with.Thanks,John - Do you Yahoo!? Get better spam protection with Yahoo! Mail ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD box as router adding latency
Chris Dillon [EMAIL PROTECTED] wrote:
On Wed, 25 Feb 2004, Aloha Guy wrote:
You're right that additional delay while adding a hop is to be
expected, which is less than 0.1ms to the FreeBSD box but everything
past the FreeBSD machine is adding atleast 5ms up to 300ms in the
traceroutes when the normal is no more than 20ms for the same
traceroute. I've already checked the NICs and they are all
configured at their full rated speeds and full duplex. I even try
using a Cardbus PCMCIA fxp0 Intel Pro/100S card on the FreeBSD box
and it still had the same problem. I am using a September 2003
-CURRENT so I don't know if it's a issue with the current networking
code back then or not.
What do you have HZ set to (see sysctl kern.clockrate)? I think I
remember your original message showing you using pipes and queues and
the HZ setting can affect those. Also see if your latency improves if
you remove all pipe and queue rules (other ipfw rules are OK).
Here is the HZ setting:
kern.clockrate: { hz = 100, tick = 1, profhz = 1024, stathz = 128 }
I'm not sure how to remove the pipe since I don't think the pipe works until the queue
is defined. When I removed the queues that are configured for the pipe, the latency
is back to normal though.
Thanks,
John
-
Do you Yahoo!?
Get better spam protection with Yahoo! Mail
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD box as router adding latency
On Thu, 26 Feb 2004, Aloha Guy wrote:
What do you have HZ set to (see sysctl kern.clockrate)? I think I
remember your original message showing you using pipes and queues
and the HZ setting can affect those. Also see if your latency
improves if you remove all pipe and queue rules (other ipfw rules
are OK).
Here is the HZ setting:
kern.clockrate: { hz = 100, tick = 1, profhz = 1024, stathz = 128 }
I'm not sure how to remove the pipe since I don't think the pipe
works until the queue is defined. When I removed the queues that
are configured for the pipe, the latency is back to normal though.
Like I said, remove both pipes and queues to test. However, pipes
_can_ be used without queues, but that is irrelevant here. Try
setting HZ to 1000 in your kernel config, recompile, reboot, and test
again. You should see something between a slight improvement to a
ten-fold improvement.
--
Chris Dillon - cdillon(at)wolves.k12.mo.us
FreeBSD: The fastest, most open, and most stable OS on the planet
- Available for IA32, IA64, AMD64, PC98, Alpha, and UltraSPARC architectures
- PowerPC, ARM, MIPS, and S/390 under development
- http://www.freebsd.org
Q: Because it reverses the logical flow of conversation.
A: Why is putting a reply at the top of the message frowned upon?
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD box as router adding latency
On Wed, 25 Feb 2004, Aloha Guy wrote: You're right that additional delay while adding a hop is to be expected, which is less than 0.1ms to the FreeBSD box but everything past the FreeBSD machine is adding atleast 5ms up to 300ms in the traceroutes when the normal is no more than 20ms for the same traceroute. I've already checked the NICs and they are all configured at their full rated speeds and full duplex. I even try using a Cardbus PCMCIA fxp0 Intel Pro/100S card on the FreeBSD box and it still had the same problem. I am using a September 2003 -CURRENT so I don't know if it's a issue with the current networking code back then or not. What do you have HZ set to (see sysctl kern.clockrate)? I think I remember your original message showing you using pipes and queues and the HZ setting can affect those. Also see if your latency improves if you remove all pipe and queue rules (other ipfw rules are OK). -- Chris Dillon - cdillon(at)wolves.k12.mo.us FreeBSD: The fastest, most open, and most stable OS on the planet - Available for IA32, IA64, AMD64, PC98, Alpha, and UltraSPARC architectures - PowerPC, ARM, MIPS, and S/390 under development - http://www.freebsd.org Q: Because it reverses the logical flow of conversation. A: Why is putting a reply at the top of the message frowned upon? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD box as router adding latency
Chris Dillon [EMAIL PROTECTED] wrote: On Thu, 26 Feb 2004, Aloha Guy wrote:
What do you have HZ set to (see sysctl kern.clockrate)? I think I
remember your original message showing you using pipes and queues
and the HZ setting can affect those. Also see if your latency
improves if you remove all pipe and queue rules (other ipfw rules
are OK).
Here is the HZ setting:
kern.clockrate: { hz = 100, tick = 1, profhz = 1024, stathz = 128 }
I'm not sure how to remove the pipe since I don't think the pipe
works until the queue is defined. When I removed the queues that
are configured for the pipe, the latency is back to normal though.
Like I said, remove both pipes and queues to test. However, pipes
_can_ be used without queues, but that is irrelevant here. Try
setting HZ to 1000 in your kernel config, recompile, reboot, and test
again. You should see something between a slight improvement to a
ten-fold improvement.
Already tried that and it did improve things a little. I tried setting the HZ to 1000
and it didn't make much of a difference. Is there a larger number that actually works
well?
Thanks,
John
-
Do you Yahoo!?
Get better spam protection with Yahoo! Mail
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD box as router adding latency
Greetings everyone:
I'm using a FreeBSD based notebook (P4-M2.6Ghz, 2GB RAM) on the built in 3COM 920c
(905c compatible) using the xl0 driver with the firewall enabled and set to open and
rc.conf basically has:
xl0 configured as 208.204.x.224 netmask 255.255.255.0 with the alias 192.168.0.1
netmask 255.255.0.0.
natd is enabled with the natd interface as 208.204.x.224
tcp_extensions/RFC1323 is enabled
log_in_vain is set to 1
tcp_keepalive is set to YES
tcp_drop_synfin=NO
icmp_drop_redirect=NO
icmp_log_redirect=NO
defaultrouter=208.201.x.1
gateway_enable=YES
forward_sourceroute=YES
accept_sourceroute=YES
I also have the following set:
# Don't respond to smurf-type icmp requests
/sbin/sysctl -w net.inet.icmp.bmcastecho=0
# Enhance Performance
/sbin/sysctl -w kern.maxfiles=65536
/sbin/sysctl -w kern.maxfilesperproc=32768
/sbin/sysctl -w kern.ipc.somaxconn=1024
/sbin/sysctl -w net.inet.ip.redirect=1
/sbin/sysctl -w net.inet6.ip6.redirect=1
/sbin/sysctl -w net.link.ether.inet.max_age=1200
The NIC is connected to a HP 2848 Managed 48 port Gigabit switch.
My rc.firewall basically has the following which is for traffic shaping as well:
setup_loopback () {
${fwcmd} add 48 skipto 100 ip from 208.201.x.224/29 to any
${fwcmd} add 49 skipto 100 ip from any to 208.201.x.224/29
${fwcmd} add 50 divert natd all from any to any via ${natd_interface}
${fwcmd} add 100 pass all from any to any via lo0
${fwcmd} add 200 deny all from any to 127.0.0.0/8
${fwcmd} add 300 deny ip from 127.0.0.0/8 to any
${fwcmd} enable one_pass
${fwcmd} pipe 1 config bw 608Kbit/s
${fwcmd} queue 1 config pipe 1 weight 30
${fwcmd} queue 2 config pipe 1 weight 29
${fwcmd} queue 3 config pipe 1 weight 28
${fwcmd} queue 4 config pipe 1 weight 27
${fwcmd} add 63000 allow all from any to 10.0.0.0/8 out
${fwcmd} add 63001 allow all from any to 172.16.0.0/12 out
${fwcmd} add 63002 allow all from any to 192.168.0.0/16 out
${fwcmd} add 63003 allow all from any to 208.201.x.224/29 out
${fwcmd} add 63004 set 0 queue 1 tcp from any to any tcpflags ack iplen 0-80 out xmit
xl0
${fwcmd} add 63005 set 0 queue 2 tcp from any to any 22,23 out xmit xl0
${fwcmd} add 63006 set 0 queue 2 udp from any to any not 80,443 out xmit xl0
${fwcmd} add 63007 set 0 queue 3 all from any to any 80,443 out xmit xl0
${fwcmd} add 63008 set 0 queue 4 all from any to any out xmit xl0
${fwcmd} add 65000 pass all from any to any
and I guess FreeBSD adds the following rule by default:
${fwcmd} add 65535 deny ip from any to any
So anyways, here is the problem, if I traceroute from the FreeBSD machine:
traceroute to yahoo.com (66.218.71.198), 64 hops max, 40 byte packets
1 adsl-208-201-x-1.sonic.net (208.201.x.1) 7.274 ms 8.060 ms 7.384 ms
2 fast1-0-0.border.sr.sonic.net (208.201.224.194) 8.900 ms 8.921 ms 9.584 ms
3 fast0-0.gw.equinix-sj.sonic.net (64.142.0.14) 15.327 ms 14.889 ms 13.765 ms
4 exchange-cust1.sjo.equinix.net (206.223.116.16) 33.692 ms 34.501 ms 33.398 ms
5 ae0-p907.pat1.pao.yahoo.com (216.115.100.17) 19.431 ms 15.831 ms 14.858 ms
6 vlan26.bas1.scd.yahoo.com (216.115.101.34) 15.178 ms 20.284 ms
vlan29.bas2.scd.yahoo.com (216.115.101.38) 15.301 ms
7 UNKNOWN-66-218-82-234.yahoo.com (66.218.82.234) 15.442 ms
UNKNOWN-66-218-82-238.yahoo.com (66.218.82.238) 18.271 ms
UNKNOWN-66-218-82-234.yahoo.com (66.218.82.234) 17.795 ms
8 alteon4.68.scd.yahoo.com (66.218.68.13) 17.168 ms 23.280 ms 19.143 ms
However, if I do the same traceroute from 208.201.x.225 (Intel PRO/1000CT CSA NIC
connected to the same HP switch) or 208.201.x.226 (3Com 920c (905 compatible connected
to the same HP switch), it seems to add some latency and timeout between hop 1 and two
and beyond which is the FreeBSD box and other side of the DSL link as shown below:
Tracing route to yahoo.com [66.218.71.198] over a maximum of 30 hops:
1 1 ms 1 ms 1 ms adsl-208-201-x-224.sonic.net [208.201.x.224]
2 19 ms * 8 ms adsl-208-201-x-1.sonic.net [208.201.x.1]
3 9 ms 18 ms 10 ms fast1-0-0.border.sr.sonic.net [208.201.224.194]
4 17 ms 14 ms 15 ms fast0-0.gw.equinix-sj.sonic.net [64.142.0.14]
5 40 ms 34 ms 38 ms exchange-cust1.sjo.equinix.net [206.223.116.16]
6 15 ms 16 ms 23 ms ae0-p907.pat1.pao.yahoo.com [216.115.100.17]
7 17 ms 17 ms 18 ms vlan29.bas2.scd.yahoo.com [216.115.101.38]
8 16 ms 18 ms 16 ms UNKNOWN-66-218-82-234.yahoo.com [66.218.82.234]
9 18 ms 17 ms 23 ms w1.rc.vip.scd.yahoo.com [66.218.71.198]
Trace complete.
Any ideas what is causing this? Is it the xl0 driver because I've used FreeBSD
machines as ethernet routers before with a similar setup except there was no NAT
involved and used the fxp drivers and it never had this problem. Thanks for your help
in advance!
John
-
Do you Yahoo!?
Yahoo! Mail SpamGuard - Read only the mail you want.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To
Re: FreeBSD box as router adding latency
On Wed, 25 Feb 2004, Aloha Guy wrote: Any ideas what is causing this? Is it the xl0 driver because I've used FreeBSD machines as ethernet routers before with a similar setup except there was no NAT involved and used the fxp drivers and it never had this problem. Thanks for your help in advance! Additional delay while adding a hop is to be expected, no matter how fast your network or router is. You only added about 1ms on average, which is about right. The lost packet in the second traceroute might be due to a full/half-duplex mismatch between one of the NICs and the switch. -- Chris Dillon - cdillon(at)wolves.k12.mo.us FreeBSD: The fastest, most open, and most stable OS on the planet - Available for IA32, IA64, AMD64, PC98, Alpha, and UltraSPARC architectures - PowerPC, ARM, MIPS, and S/390 under development - http://www.freebsd.org Q: Because it reverses the logical flow of conversation. A: Why is putting a reply at the top of the message frowned upon? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD box as router adding latency
Chris Dillon [EMAIL PROTECTED] wrote: On Wed, 25 Feb 2004, Aloha Guy wrote: Any ideas what is causing this? Is it the xl0 driver because I've used FreeBSD machines as ethernet routers before with a similar setup except there was no NAT involved and used the fxp drivers and it never had this problem. Thanks for your help in advance! Additional delay while adding a hop is to be expected, no matter how fast your network or router is. You only added about 1ms on average, which is about right. The lost packet in the second traceroute might be due to a full/half-duplex mismatch between one of the NICs and the switch. You're right that additional delay while adding a hop is to be expected, which is less than 0.1ms to the FreeBSD box but everything past the FreeBSD machine is adding atleast 5ms up to 300ms in the traceroutes when the normal is no more than 20ms for the same traceroute. I've already checked the NICs and they are all configured at their full rated speeds and full duplex. I even try using a Cardbus PCMCIA fxp0 Intel Pro/100S card on the FreeBSD box and it still had the same problem. I am using a September 2003 -CURRENT so I don't know if it's a issue with the current networking code back then or not. John - Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
