On Fri, Sep 8, 2023 at 8:07 PM Daniel Ouellet <dan...@presscom.net> wrote:
>
> Hi,
>
> A few things here.
>
> Comcast DO NOT use 9000 mtu, so don't try to use that.
>
> They sadly ONLY support 1500.
>
> if you force 9000 mtu, you will only create fragments.
>
> You can find it if you search for it as well.
>
> https://forums.xfinity.com/conversations/your-home-network/mtu-size/602db12cc5375f08cd47b1ad
>
> Also if you actually want to use the martian table, make it complete
> also available is you search for the reserved IP's
>
> table <reserved> const { 0/8, 10/8, 100.64/10, 127/8, 169.254/16, \
> 172.16/12, 192/24, 192.0.2/24, 192.168/16, 198.18/15, 198.51.100/24, \
> 203.0.113/24, 224/4, 240/4, 255.255.255.255/32 }
>
> Daniel
Thanks Daniel, I have made the recommended changes. Appreciate your feedback.
-Amarendra
>
>
> On 9/8/23 9:41 PM, Amarendra Godbole wrote:
> > On Fri, Jun 23, 2023 at 6:18 PM David Gwynne <da...@gwynne.id.au> wrote:
> >>
> >> looks good to me after a quick read.
> >>
> >>> On 23 Jun 2023, at 12:15, Amarendra Godbole <amarendra.godb...@gmail.com>
> >>> wrote:
> >>>
> >>> I am planning to experiment with veb on my PC Engines apu2e4 board. It
> >>> has three ports (em0, 1 and 2). Current configuration has em0 hooked
> >>> up to cable modem, while em1 and em2 are internal LAN. I don't have a
> >>> good ability to troubleshoot via a serial console, since the apu board
> >>> sits in the garage on top of a cabinet -- running serial cable to a
> >>> laptop is challenging, though not impossible. So I am looking for
> >>> feedback so as to keep this troubleshooting time minimal.
> > [...]
> >
> > Thanks for the review, David. I finally managed to find a window when
> > my family was away from the internet, so I could experiment. :-) My
> > internet is delivered via Comcast cable modem, hooked to the APU's em0
> > port. A Ruckus wireless AP connects to em1.
> >
> > Here is a fully working configuration:
> >
> > $ cat hostname.em0
> > dhcp description "comcast uplink"
> >
> > $ cat hostname.em1
> > mtu 9000
> > up
> >
> > $ cat hostname.em2
> > mtu 9000
> > up
> >
> > $ cat hostname.veb0
> > add em1
> > add em2
> > add vport0
> > link0
> > up
> >
> > $ cat hostname.vport0
> > inet 192.168.1.1 255.255.255.0 192.168.1.255
> > mtu 9000
> > group internal
> > up
> >
> > $ cat pf.conf
> > table <martians> { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16
> > \
> > 172.16.0.0/12 192.0.0.0/24 192.0.2.0/24
> > 224.0.0.0/3 \
> > 192.168.0.0/16 198.18.0.0/15
> > 198.51.100.0/24 \
> > 203.0.113.0/24 }
> >
> > set block-policy drop
> > set loginterface egress
> > set skip on lo0
> > match in all scrub (no-df random-id max-mss 1440)
> >
> > antispoof quick for egress
> > block in from no-route
> > block in quick from urpf-failed
> >
> > block in quick on egress from <martians> to any
> > block return out quick on egress from any to <martians>
> >
> > block all
> > match out on egress nat-to (egress)
> > pass out quick inet
> > pass in on internal inet
> > block return in quick on internal proto { udp tcp } to ! internal port
> > { domain domain-s }
> >
> > $ cat rc.conf.local
> > dhcpd_flags=vport0
> > unbound_flags=
> > unbound_timeout=240
> >
> > $ ifconfig
> > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
> > index 5 priority 0 llprio 3
> > groups: lo
> > inet6 ::1 prefixlen 128
> > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
> > inet 127.0.0.1 netmask 0xff000000
> >
> > em0: flags=808843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF4> mtu 1500
> > lladdr 00:0d:b9:56:f4:fc
> > index 1 priority 0 llprio 3
> > groups: egress
> > media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
> > status: active
> > inet 98.35.243.87 netmask 0xffffff00 broadcast 98.35.243.255
> >
> > em1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
> > mtu 9000
> > lladdr 00:0d:b9:56:f4:fd
> > index 2 priority 0 llprio 3
> > media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
> > status: active
> >
> > em2: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
> > mtu 9000
> > lladdr 00:0d:b9:56:f4:fe
> > index 3 priority 0 llprio 3
> > media: Ethernet autoselect (none)
> > status: no carrier
> >
> > enc0: flags=0<>
> > index 4 priority 0 llprio 3
> > groups: enc
> > status: active
> >
> > veb0: flags=9843<UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST>
> > index 6 llprio 3
> > groups: veb
> > em1 flags=3<LEARNING,DISCOVER>
> > port 2 ifpriority 0 ifcost 0
> > em2 flags=3<LEARNING,DISCOVER>
> > port 3 ifpriority 0 ifcost 0
> > vport0 flags=3<LEARNING,DISCOVER>
> > port 7 ifpriority 0 ifcost 0
> >
> > vport0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 9000
> > lladdr fe:e1:ba:d0:18:bd
> > index 7 priority 0 llprio 3
> > groups: vport internal
> > inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
> >
> > pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33136
> > index 8 priority 0 llprio 3
> > groups: pflog
> >
> > Thanks.
> >
> > -Amarendra
> >
>
