Re: GNU/Linux user wanting to make the switch to OpenBSD for ADSL2+ Router.
On Sat, May 29, 2010 at 01:35:19PM -0500, Andres Genovez wrote: 2010/5/29 Andres Genovez andresgeno...@gmail.com: 2010/5/28 Christiano F. Haesbaert haesba...@haesbaert.org: On 28 May 2010 02:17, LeviaComm Networks NOC n...@leviacomm.net wrote: One thing that I would like to continue to do is filter packets based on type, namely P2P type packets. I want to give them a low priority in the QoS. On Linux, I use Layer7 rules, is there something similar, or the same for OpenBSD? Also, is it possible to block those packets between certain times and at other times, just reduce the priority? Hi, I am interested in this weak point of OpenBSD, so I must say, how can I achieve such a goal? How can I trap this packets and send them to /dev/null for example, a guide somewhere? http://www.openbsd.org/cgi-bin/man.cgi?query=hoststatedapropos=0sektion=0m anpath=OpenBSD+Currentarch=i386format=html I think you mean relayd(8), it has been renamed a long time ago. But yes, the best way to do this is to force all traffic through proxies and drop/slow everything else. Joachim
Re: GNU/Linux user wanting to make the switch to OpenBSD for ADSL2+ Router.
On Sat, May 29, 2010 at 2:40 AM, Stuart Henderson s...@spacehopper.org wrote: Also, I have looked for information on the Multi-port ADSL card for BSD, but have not really found anything. Is this card supported. No. The only reasonably easily available PCI ADSL card likely to work is Traverse's single-port one (viking, I think) which presents as a Realtek NIC. (It's basically a separate router + a nic glued together onto one PCI card). Yes, it's the Viking: http://traverse.kd85.com/ ciao, David
Re: GNU/Linux user wanting to make the switch to OpenBSD for ADSL2+ Router.
2010/5/28 Christiano F. Haesbaert haesba...@haesbaert.org: On 28 May 2010 02:17, LeviaComm Networks NOC n...@leviacomm.net wrote: One thing that I would like to continue to do is filter packets based on type, namely P2P type packets. I want to give them a low priority in the QoS. On Linux, I use Layer7 rules, is there something similar, or the same for OpenBSD? Also, is it possible to block those packets between certain times and at other times, just reduce the priority? Layer 7? I am assuming you mean Layer 5, where protocols like P2P and such live, That's just semantics, above layer 4 it's all application, we all know the OSI model is broken. Parsing application protocol is often referred as layer 7 filtering and not as layer 5 filtering. Hi, I am interested in this weak point of OpenBSD, so I must say, how can I achieve such a goal? How can I trap this packets and send them to /dev/null for example, a guide somewhere? -- Andris Genovez Tobar / Sistemas Elastix ECE - Linux LPI-1 - Novell CLA - Apple ACMT Jabber: bitfr...@asgard.crice.org http://www.crice.org
Re: GNU/Linux user wanting to make the switch to OpenBSD for ADSL2+ Router.
2010/5/29 Andres Genovez andresgeno...@gmail.com: 2010/5/28 Christiano F. Haesbaert haesba...@haesbaert.org: On 28 May 2010 02:17, LeviaComm Networks NOC n...@leviacomm.net wrote: One thing that I would like to continue to do is filter packets based on type, namely P2P type packets. I want to give them a low priority in the QoS. On Linux, I use Layer7 rules, is there something similar, or the same for OpenBSD? Also, is it possible to block those packets between certain times and at other times, just reduce the priority? Layer 7? I am assuming you mean Layer 5, where protocols like P2P and such live, That's just semantics, above layer 4 it's all application, we all know the OSI model is broken. Parsing application protocol is often referred as layer 7 filtering and not as layer 5 filtering. Hi, I am interested in this weak point of OpenBSD, so I must say, how can I achieve such a goal? How can I trap this packets and send them to /dev/null for example, a guide somewhere? -- Andris Genovez Tobar / Sistemas Elastix ECE - Linux LPI-1 - Novell CLA - Apple ACMT Jabber: bitfr...@asgard.crice.org http://www.crice.org O!!! :) http://www.openbsd.org/cgi-bin/man.cgi?query=hoststatedapropos=0sektion=0m anpath=OpenBSD+Currentarch=i386format=html -- Andris Genovez Tobar / Sistemas Elastix ECE - Linux LPI-1 - Novell CLA - Apple ACMT Jabber: bitfr...@asgard.crice.org http://www.crice.org
Re: GNU/Linux user wanting to make the switch to OpenBSD for ADSL2+ Router.
One thing that I would like to continue to do is filter packets based on type, namely P2P type packets. I want to give them a low priority in the QoS. On Linux, I use Layer7 rules, is there something similar, or the same for OpenBSD? Also, is it possible to block those packets between certain times and at other times, just reduce the priority? Layer 7? I am assuming you mean Layer 5, where protocols like P2P and such live, if you happen to know the port numbers, you can do so with pf's queuing function I am not aware of actual time-based system, but you could create different configs for the different times and just use PFCTL(8) and CRON(8) to do it. I have done a similar thing at work to prioritize server traffic after hours for syncing with secondary datacenters and cut internet access for employees to a total of 10 mbps.
Re: GNU/Linux user wanting to make the switch to OpenBSD for ADSL2+ Router.
On Thu, 27 May 2010 22:17:52 -0700, LeviaComm Networks NOC wrote: I am not aware of actual time-based system, but you could create different configs for the different times and just use PFCTL(8) and CRON(8) to do it. I have done a similar thing at work to prioritize server traffic after hours for syncing with secondary datacenters and cut internet access for employees to a total of 10 mbps. That's a drastic cut. Down to one byte every 13 minutes or so. That will generate some agro. ;-) *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.
Re: GNU/Linux user wanting to make the switch to OpenBSD for ADSL2+ Router.
Thanks for your replies. I will investigate the freebsd link. I did read that pf was behind in freebsd, which is why I wanted to use OpenBSD. :) Apparently the lspci in embedded linux is quite lacking in features. This is the most it will give me: 00:0e.0 Class 0203 10ee 0300 solos as you can see by this output: ~# lspci --help BusyBox v1.16.1 (2010-05-12 14:50:22 BST) multi-call binary. Usage: lspci [-mk] List all PCI devices -m Parseable output -k Show driver Maybe I should install a full version of pci utils. Thanks for your help. I can help out if anyone is writing a driver for this card. Jon
Re: GNU/Linux user wanting to make the switch to OpenBSD for ADSL2+ Router.
On 28 May 2010 02:17, LeviaComm Networks NOC n...@leviacomm.net wrote: One thing that I would like to continue to do is filter packets based on type, namely P2P type packets. I want to give them a low priority in the QoS. On Linux, I use Layer7 rules, is there something similar, or the same for OpenBSD? Also, is it possible to block those packets between certain times and at other times, just reduce the priority? Layer 7? I am assuming you mean Layer 5, where protocols like P2P and such live, That's just semantics, above layer 4 it's all application, we all know the OSI model is broken. Parsing application protocol is often referred as layer 7 filtering and not as layer 5 filtering.
Re: GNU/Linux user wanting to make the switch to OpenBSD for ADSL2+ Router.
On 2010-05-27, Jon Scruggs j.scru...@gmail.com wrote: I have been a user of GNU/Linux for a long time. I recently built my own custom router with the following components: RouterBoard R52N WiFi miniPCI card with the AR9220 Chipset: http://www.routerboard.com/index.php?showProduct=72 Soekris net5501 Traverse Solos Multi-Port ADSL2+ PCI Modem: http://www.traverse.com.au/productview.php?product_id=116 I did some research and found the OpenSoekris project, so I know there is compatibility with that. However, I am having trouble finding out if the other hardware is compatible with OpenBSD 4.7. How well is Wireless N supported with the Athn driver? Can WPA2 be done with that without it stop responding after a while. I have this issue with the current Linux drivers where I think it's hostapd will just stop responding and disconnect everyone on wireless. How reliable is the Wireless N with that chipset here? -current has only very recently added initial Host AP bits for athn(4) so you probably won't get a lot of feedback on that yet... Also, I have looked for information on the Multi-port ADSL card for BSD, but have not really found anything. Is this card supported. No. The only reasonably easily available PCI ADSL card likely to work is Traverse's single-port one (viking, I think) which presents as a Realtek NIC. (It's basically a separate router + a nic glued together onto one PCI card). I need to be able to do multi-wan with two ADSL2+ connections. You can do that with two of the 1-port cards, or some combination with external routers, using PF route-to or multipath routing. One of the main reasons for wanting to switch is PF. I am having some very major performance issues with iptables. I've read a lot of great things about PF when I did search on replacement firewalls. There's also other reasons for wanting to switch, as well. One thing that I would like to continue to do is filter packets based on type, namely P2P type packets. I want to give them a low priority in the QoS. On Linux, I use Layer7 rules, is there something similar, or the same for OpenBSD? Also, is it possible to block those packets between certain times and at other times, just reduce the priority? Deep packet inspection + QOS + ATM protocol. Not sure exactly what Solos runs on the host cpu, maybe some of ADSL protocol too. I think you are asking rather a lot of a low-power geode-based system...
GNU/Linux user wanting to make the switch to OpenBSD for ADSL2+ Router.
Hey all, I have been a user of GNU/Linux for a long time. I recently built my own custom router with the following components: RouterBoard R52N WiFi miniPCI card with the AR9220 Chipset: http://www.routerboard.com/index.php?showProduct=72 Soekris net5501 Traverse Solos Multi-Port ADSL2+ PCI Modem: http://www.traverse.com.au/productview.php?product_id=116 I did some research and found the OpenSoekris project, so I know there is compatibility with that. However, I am having trouble finding out if the other hardware is compatible with OpenBSD 4.7. How well is Wireless N supported with the Athn driver? Can WPA2 be done with that without it stop responding after a while. I have this issue with the current Linux drivers where I think it's hostapd will just stop responding and disconnect everyone on wireless. How reliable is the Wireless N with that chipset here? Also, I have looked for information on the Multi-port ADSL card for BSD, but have not really found anything. Is this card supported. The retailer said something about the San driver. Is this correct and if so how do I use it? The command on Linux is: pppd plugin pppoatm.so 0.0.38 user username password password noauth This card requires extra information to be sent to pppd to designate the port. The first port is 0.VCI.VPI, so the second one is 1.VCI.VPI. I need to be able to do multi-wan with two ADSL2+ connections. One of the main reasons for wanting to switch is PF. I am having some very major performance issues with iptables. I've read a lot of great things about PF when I did search on replacement firewalls. There's also other reasons for wanting to switch, as well. One thing that I would like to continue to do is filter packets based on type, namely P2P type packets. I want to give them a low priority in the QoS. On Linux, I use Layer7 rules, is there something similar, or the same for OpenBSD? Also, is it possible to block those packets between certain times and at other times, just reduce the priority? These are all the questions I can think of at the moment. The big thing that I need to know before I switch, is if the hardware is compatible. I can't take the router off line just to check since there are people using it. I would need to build the image with all settings first, and then test via bootp or something like that. Thanks, Jon
Re: GNU/Linux user wanting to make the switch to OpenBSD for ADSL2+ Router.
Hi, regarding wireless you can check here http://www.openbsd.org/faq/faq6.html#Wireless especially read caveats section here http://www.openbsd.org/cgi-bin/man.cgi?query=athnsektion=4 (no n-version yet) Regarding modem I can't find it here http://www.openbsd.org/cgi-bin/man.cgi?query=pcisektion=4arch=i386apropos=0manpath=OpenBSD+Current . Do you have some outputs available from Linux like some detection from dmesg, scanpci, lspci ? In-kernel version of ppp http://www.openbsd.org/cgi-bin/man.cgi?query=pppdapropos=0sektion=0manpath=OpenBSD+Currentarch=i386format=html In-userland version of ppp http://www.openbsd.org/cgi-bin/man.cgi?query=pppapropos=0sektion=0manpath=OpenBSD+Currentarch=i386format=html pf(4) doesn't work on Layer 7. Anyway all info needed is here http://www.openbsd.org/faq/pf/index.html and of course in man pages. I'm not sure right now, but there may be some apps in packages/ports which provide that functionality. So it looks like OpenBSD is however not right solution for you right now. On Thu, May 27, 2010 at 7:45 PM, Jon Scruggs j.scru...@gmail.com wrote: Hey all, I have been a user of GNU/Linux for a long time. I recently built my own custom router with the following components: RouterBoard R52N WiFi miniPCI card with the AR9220 Chipset: http://www.routerboard.com/index.php?showProduct=72 Soekris net5501 Traverse Solos Multi-Port ADSL2+ PCI Modem: http://www.traverse.com.au/productview.php?product_id=116 I did some research and found the OpenSoekris project, so I know there is compatibility with that. However, I am having trouble finding out if the other hardware is compatible with OpenBSD 4.7. How well is Wireless N supported with the Athn driver? Can WPA2 be done with that without it stop responding after a while. I have this issue with the current Linux drivers where I think it's hostapd will just stop responding and disconnect everyone on wireless. How reliable is the Wireless N with that chipset here? Also, I have looked for information on the Multi-port ADSL card for BSD, but have not really found anything. Is this card supported. The retailer said something about the San driver. Is this correct and if so how do I use it? The command on Linux is: pppd plugin pppoatm.so 0.0.38 user username password password noauth This card requires extra information to be sent to pppd to designate the port. The first port is 0.VCI.VPI, so the second one is 1.VCI.VPI. I need to be able to do multi-wan with two ADSL2+ connections. One of the main reasons for wanting to switch is PF. I am having some very major performance issues with iptables. I've read a lot of great things about PF when I did search on replacement firewalls. There's also other reasons for wanting to switch, as well. One thing that I would like to continue to do is filter packets based on type, namely P2P type packets. I want to give them a low priority in the QoS. On Linux, I use Layer7 rules, is there something similar, or the same for OpenBSD? Also, is it possible to block those packets between certain times and at other times, just reduce the priority? These are all the questions I can think of at the moment. The big thing that I need to know before I switch, is if the hardware is compatible. I can't take the router off line just to check since there are people using it. I would need to build the image with all settings first, and then test via bootp or something like that. Thanks, Jon
Re: GNU/Linux user wanting to make the switch to OpenBSD for ADSL2+ Router.
Jon Scruggs wrote: How reliable is the Wireless N with that chipset here? To my knowledge, there is no 802.11N support in OpenBSD. Read the last paragraph: http://www.openbsd.org/cgi-bin/man.cgi?query=athnsektion=4apropos=0manpath=OpenBSD+Currentarch=i386 Brad
Re: GNU/Linux user wanting to make the switch to OpenBSD for ADSL2+ Router.
On Thu, May 27, 2010 at 06:45:48PM +0100, Jon Scruggs wrote: I have been a user of GNU/Linux for a long time. I recently built my own custom router with the following components: RouterBoard R52N WiFi miniPCI card with the AR9220 Chipset: http://www.routerboard.com/index.php?showProduct=72 Soekris net5501 Traverse Solos Multi-Port ADSL2+ PCI Modem: http://www.traverse.com.au/productview.php?product_id=116 That modem isn't going to work, sorry. I think you'll need an ueagle(4) (http://www.openbsd.org/cgi-bin/man.cgi?query=ueagleapropos=0sektion=0manpath=OpenBSD+Currentarch=i386format=html) modem for OpenBSD. You'll also have problems with the wireless card: it's supported, but not in 802.11n mode (OpenBSD doesn't do 802.11n at the moment) and not as an access point. The somewhat similar ath(4) cards can be used as access points. One thing that I would like to continue to do is filter packets based on type, namely P2P type packets. I want to give them a low priority in the QoS. On Linux, I use Layer7 rules, is there something similar, or the same for OpenBSD? Also, is it possible to block those packets between certain times and at other times, just reduce the priority? If you still want to know, post back. (Short version: not really, but you can fake it well enough.) As to your Linux problems: they are off-topic and I don't know enough about Linux to help you, but have you tried a Linux list? Joachim