Re: Unable to access certain sites from FreeBSD 6.2 (solved)

2008-08-24 Thread alasdair
Hi Norberto,

It is solved but quite simply! 
But through no skill of mine. Installed tcpmssd, man page said  to re-configure
the kernel before diversion can be done.
So I added this to the GENERIC config file:
options IPFIREWALL
options IPDIVERT
options IPV6FIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL_VERBOSE
options IPV6FIREWALL_VERBOSE 

Verbose just for curiosity!!

Compiled as per handbook. Didn't even configure tcpmssd. Just thought I would
check to see if sites opened ok. They did, but don't know why. Would be great
to know. Unless they just shutdown the bodgy router for a Sunday rebuild.
Will post if situation reverts.

Your experience put me on the right track,thanks now happily I can use FreeBSD
as my main OS.

Regards,

Alasdair
>-- Original Message --
>Date: Sun, 24 Aug 2008 21:30:18 +1000
>From: Norberto Meijome <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Re: Unable to access certain sites from FreeBSD 6.2
>
>
>On Fri, 22 Aug 2008 23:12:01 +1000
>[EMAIL PROTECTED] wrote:
>
>> Makes sense to do it the other way round.  If I could indulge your generosity
>> and knowledge, one thing is puzzling me, why do I not have this problem
>when
>> I am running Win XP on the same machine (dual boot with FreeBSD) using
>all
>> the same hardware.
>
>Hey Alasdair,
>I'm sorry i have to say that i don't know...i don't even know if it IS the
>same
>problem. When we experienced the issue, it was definitely affecting winxp
>workstations, which were behind the fbsd firewall (4.x at the time).
>
>has it solved the issue?
>B
>_
>{Beto|Norberto|Numard} Meijome
>
>"Produce great people, the rest will follow."
>  Elbert Hubbard
>
>I speak for myself, not my employer. Contents may be hot. Slippery when
wet.
>Reading disclaimers makes you go blind. Writing them is worse. You have
been
>Warned.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Unable to access certain sites from FreeBSD 6.2

2008-08-22 Thread alasdair
Thanks Norberto,
Makes sense to do it the other way round.  If I could indulge your generosity
and knowledge, one thing is puzzling me, why do I not have this problem when
I am running Win XP on the same machine (dual boot with FreeBSD) using all
the same hardware. Or when running NetBSD on my desktop machine but with
the same network. Seems strange that FreeBSD, which generally works really
well out of the box, cannot 'just deal' with this problem. I realise that
it is not FreeBSD's problem per se, but a badly configured router somewhere
'out there', just seems that it must be common enough for some part of the
OS to handle it without needing any tweaking. FreeBSD seems great, I am in
the process of migrating from NetBSD so am quite used to configuring as 
necessary,
does FreeBSD 7 encounter this situation?

Regards,

Alasdair


>-- Original Message --
>Date: Fri, 22 Aug 2008 00:19:06 +1000
>From: Norberto Meijome <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Cc: freebsd-questions@freebsd.org
>Subject: Re: Unable to access certain sites from FreeBSD 6.2
>
>
>On Thu, 21 Aug 2008 23:18:26 +1000
>[EMAIL PROTECTED] wrote:
>
>> I realised I am not running ipfw my firewall is run from my Netggear router.
>> So I imagine I would set the divert rule there? (If that is possible).
>> So it would look like this
>>
>> Outside-> Modem -> Router (divert to ) -> tcpmssd on 
>
>i doubt v much u can do that on the netgear... you actually want to push
>traffic the other way around
>
>{your process} -> {your net stack} -> divert tcp/ -> tcpmssd -> original
>destination ...
>
>whether your router will like that, i have no idea. we used to run shdsl
>with the router in bridged mode
>
>B
>
>_
>{Beto|Norberto|Numard} Meijome
>
>He could be a poster child for retroactive birth control.
>
>I speak for myself, not my employer. Contents may be hot. Slippery when
wet.
>Reading disclaimers makes you go blind. Writing them is worse. You have
been
>Warned.
>___
>freebsd-questions@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "[EMAIL PROTECTED]"


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Unable to access certain sites from FreeBSD 6.2

2008-08-21 Thread Norberto Meijome
On Thu, 21 Aug 2008 23:18:26 +1000
[EMAIL PROTECTED] wrote:

> I realised I am not running ipfw my firewall is run from my Netggear router.
> So I imagine I would set the divert rule there? (If that is possible).
> So it would look like this 
> 
> Outside-> Modem -> Router (divert to ) -> tcpmssd on 

i doubt v much u can do that on the netgear... you actually want to push 
traffic the other way around 

{your process} -> {your net stack} -> divert tcp/ -> tcpmssd -> original 
destination ... 

whether your router will like that, i have no idea. we used to run shdsl with 
the router in bridged mode

B

_
{Beto|Norberto|Numard} Meijome

He could be a poster child for retroactive birth control.

I speak for myself, not my employer. Contents may be hot. Slippery when wet. 
Reading disclaimers makes you go blind. Writing them is worse. You have been 
Warned.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Unable to access certain sites from FreeBSD 6.2

2008-08-21 Thread alasdair
G'day,
Thanks for your reply.
I realised I am not running ipfw my firewall is run from my Netggear router.
So I imagine I would set the divert rule there? (If that is possible).
So it would look like this 

Outside-> Modem -> Router (divert to ) -> tcpmssd on 

Correct?

Regards,


Alasdair

>-- Original Message --
>Date: Thu, 21 Aug 2008 12:42:17 +1000
>From: Norberto Meijome <[EMAIL PROTECTED]>
>To: FreeBSD Questions ML 
>Subject: Re: Unable to access certain sites from FreeBSD 6.2
>
>
>On Thu, 21 Aug 2008 10:10:19 +1000
>[EMAIL PROTECTED] wrote:
>
>> Thanks for your reply.
>
>nw
>
>> 
>> How do I "run an ipfw divert rule to
>> >net/tcpmssd process " ? Where do I set this rule?  
>
>I haven't got that repository with the configuration handy... but from memory
>:
>
>1) install net/tcpmssd
>2) RT-tcpmssd-FM for options , and configure it to run on a certain port
>, say, tcp/
>3) write a divert rule in ipfw's startup script to divert (all | some) tcp
>traffic to localhost's tcp/ 
>
>pretty sure tcpmssd has info on how to do it  
>
>good luck,
>B
>_
>{Beto|Norberto|Numard} Meijome
>
>"I'm not afraid of dying, I just don't want to be there when it happens."
>  Woody Allen
>
>I speak for myself, not my employer. Contents may be hot. Slippery when
wet.
>Reading disclaimers makes you go blind. Writing them is worse. You have
been
>Warned.
>___
>freebsd-questions@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "[EMAIL PROTECTED]"

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Unable to access certain sites from FreeBSD 6.2

2008-08-21 Thread Norberto Meijome
On Thu, 21 Aug 2008 10:10:19 +1000
[EMAIL PROTECTED] wrote:

> Thanks for your reply.

nw

> 
> How do I "run an ipfw divert rule to
> >net/tcpmssd process " ? Where do I set this rule?  

I haven't got that repository with the configuration handy... but from memory :

1) install net/tcpmssd
2) RT-tcpmssd-FM for options , and configure it to run on a certain port , say, 
tcp/
3) write a divert rule in ipfw's startup script to divert (all | some) tcp 
traffic to localhost's tcp/ 

pretty sure tcpmssd has info on how to do it  

good luck,
B
_
{Beto|Norberto|Numard} Meijome

"I'm not afraid of dying, I just don't want to be there when it happens."
  Woody Allen

I speak for myself, not my employer. Contents may be hot. Slippery when wet. 
Reading disclaimers makes you go blind. Writing them is worse. You have been 
Warned.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Unable to access certain sites from FreeBSD 6.2

2008-08-20 Thread Norberto Meijome
On Thu, 21 Aug 2008 10:10:19 +1000
[EMAIL PROTECTED] wrote:

> Thanks for your reply.

nw

> 
> How do I "run an ipfw divert rule to
> >net/tcpmssd process " ? Where do I set this rule?  

I haven't got that repository with the configuration handy... but from memory :

1) install net/tcpmssd
2) RT-tcpmssd-FM for options , and configure it to run on a certain port , say, 
tcp/
3) write a divert rule in ipfw's startup script to divert (all | some) tcp 
traffic to localhost's tcp/ 

pretty sure tcpmssd has info on how to do it  

good luck,
B
_
{Beto|Norberto|Numard} Meijome

"I'm not afraid of dying, I just don't want to be there when it happens."
  Woody Allen

I speak for myself, not my employer. Contents may be hot. Slippery when wet. 
Reading disclaimers makes you go blind. Writing them is worse. You have been 
Warned.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Unable to access certain sites from FreeBSD 6.2

2008-08-20 Thread Chuck Swiger

Hi--

On Aug 20, 2008, at 5:10 PM, [EMAIL PROTECTED] wrote:

How do I "run an ipfw divert rule to



net/tcpmssd process " ? Where do I set this rule?


The idea is that you have to run tcpmssd on a port, and then do:

  ipfw add divert _port_ all from any to any via _interface_

If you are already running a firewall and/or natd, then look at /etc/ 
rc.firewall and add another divert rule there.  Otherwise, starting up  
tcpmssd & the ipfw rule can be added into /etc/rc.local or a rc.d  
script


See "man tcpmssd" (or "nroff -man /usr/ports/net/tcpmssd/src/tcpmssd. 
8", if you haven't installed the port yet) for a starting point.


Regards,
--
-Chuck

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Unable to access certain sites from FreeBSD 6.2

2008-08-20 Thread alasdair
G'day Norberto,

Thanks for your reply.

How do I "run an ipfw divert rule to
>net/tcpmssd process " ? Where do I set this rule?

My technical level is probably best described as better than the average
computer user, but well below any competency you would expect for a networking
expert.

Regards,

Alasdair

Regards,
>-- Original Message --
>Date: Wed, 20 Aug 2008 16:51:56 +1000
>From: Norberto Meijome <[EMAIL PROTECTED]>
>To: freebsd-questions@freebsd.org
>Subject: Re: Unable to access certain sites from FreeBSD 6.2
>
>
>On Wed, 20 Aug 2008 11:55:45 +1000
>[EMAIL PROTECTED] wrote:
>
>> Hi, I am having a problem accessing some sites from Freebsd 6.2 in either
>> firefox or Opera. I looked around for some advice on this on the net,
found
>> some pages mentioning this as a problem when Freebsd was running on the
>machine
>> 
>> acting as the gateway  and the machines trying to access the sites were
>Windows
>> or Mac. But my case is this
>> 
>> my set up:   Laptop(FreeBSD 6.2) -> netgearFVS318 router-> ADSL modem
(set
>> up as  bridge)
>
>gday :)
>i'm on FBSD7, ipfw local firewall , dlink router, iinet, Sydney - no problems
>getting to commbank.
>
>We used to have similar issues when running a 6.x gateway behind a SHDSL
>line.
>The issue was the MSS was too high - i had to run an ipfw divert rule to
>net/tcpmssd process to fix this. It was affecting mainly traffic coming
from
>IIS hosts (no idea why :P ).
>
>HIH,
>B
>_
>{Beto|Norberto|Numard} Meijome
>
>I used to hate weddings; all the Grandmas would poke me and
>say, "You're next sonny!" They stopped doing that when i
>started to do it to them at funerals.
>
>I speak for myself, not my employer. Contents may be hot. Slippery when
wet.
>Reading disclaimers makes you go blind. Writing them is worse. You have
been
>Warned.
>___
>freebsd-questions@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "[EMAIL PROTECTED]"

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Unable to access certain sites from FreeBSD 6.2

2008-08-19 Thread Norberto Meijome
On Wed, 20 Aug 2008 11:55:45 +1000
[EMAIL PROTECTED] wrote:

> Hi, I am having a problem accessing some sites from Freebsd 6.2 in either
> firefox or Opera. I looked around for some advice on this on the net, found
> some pages mentioning this as a problem when Freebsd was running on the 
> machine
> 
> acting as the gateway  and the machines trying to access the sites were 
> Windows
> or Mac. But my case is this
> 
> my set up:   Laptop(FreeBSD 6.2) -> netgearFVS318 router-> ADSL modem (set
> up as  bridge)

gday :)
i'm on FBSD7, ipfw local firewall , dlink router, iinet, Sydney - no problems
getting to commbank.

We used to have similar issues when running a 6.x gateway behind a SHDSL line.
The issue was the MSS was too high - i had to run an ipfw divert rule to
net/tcpmssd process to fix this. It was affecting mainly traffic coming from
IIS hosts (no idea why :P ).

HIH,
B
_
{Beto|Norberto|Numard} Meijome

I used to hate weddings; all the Grandmas would poke me and
say, "You're next sonny!" They stopped doing that when i
started to do it to them at funerals.

I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"