Re: Frame Relay in Australia with Telstra
Hi, If you want to use sppp with Frame Relay, you should update your sppp driver. Here you will find not only sppp driver but also cx, ct and cp drivers: http://www.cronyx.ru/pub/cronyx/adapters/cfbsd341.tgz Kurakin Roman Murray Taylor wrote: > I am establishing FreeBSD 4.2 Release (from the CD Roms) on a Compaq A550 > and > I need to setup a connection to a Telstra frame relay interface (which has > yet to be installed) > > (A) Has anyone in .AU done this? > > (B) What interface card did you use? and which driver ( sr, ar, cx, ?? ) > > (C) Which distributor did you get the card from? > > (D) what software i/face are you using, do you recommend (sppp / netgraph / > ?? ) > (I have read the frame_relay item in the netgraph examples, but > otherwise have no > direct experience with netgraph) > > I have recompiled the kernel to add IPFW, NETGRAPH and drop some uneeded net > devices and am > quite OK do do so as needed again. (FreeBSD on my home machine since 2.2.2) > > Note the hostname in the dmesg is a dummy used for internal testing prior to > domain registration > > Murray Taylor > Project Engineer > > Bytecraft P/L +61 3 9587 2555 > +61 3 9580 7690 fax > [EMAIL PROTECTED] > > > > > Current dmesg: > > Copyright (c) 1992-2000 The FreeBSD Project. > Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 > The Regents of the University of California. All rights reserved. > FreeBSD 4.2-RELEASE #0: Mon Feb 19 10:01:04 EST 2001 > [EMAIL PROTECTED]:/usr/src/sys/compile/SPYDER > Timecounter "i8254" frequency 1193182 Hz > Timecounter "TSC" frequency 863933901 Hz > CPU: Pentium III/Pentium III Xeon/Celeron (863.93-MHz 686-class CPU) > Origin = "GenuineIntel" Id = 0x683 Stepping = 3 > > Features=0x383fbff CMOV,PAT,PSE36,MMX,FXSR,SSE> > real memory = 536805376 (524224K bytes) > avail memory = 519200768 (507032K bytes) > Preloaded elf kernel "kernel" at 0xc035. > Preloaded userconfig_script "/boot/kernel.conf" at 0xc035009c. > Pentium Pro MTRR support enabled > md0: Malloc disk > npx0: on motherboard > npx0: INT 16 interface > pcib0: on motherboard > pci0: on pcib0 > pcib1: at device 1.0 on pci0 > pci1: on pcib1 > pci1: at 0.0 irq 11 > pcib2: at device 30.0 on pci0 > pci2: on pcib2 > fxp0: port 0x5400-0x543f mem > 0xefe0-0xefef,0xefd0-0xefd00fff irq 11 at device 2.0 on pci2 > fxp0: Ethernet address 00:50:8b:f1:de:df > ahc0: port 0x5000-0x50ff mem > 0xeff0-0xeff00fff irq 11 at device 7.0 on pci2 > aic7892: Wide Channel A, SCSI Id=7, 32/255 SCBs > pci2: (vendor=0x1274, dev=0x5880) at 11.0 irq 11 > isab0: at device 31.0 on pci0 > isa0: on isab0 > atapci0: port 0x6460-0x646f at device 31.1 on > pci0 > ata0: at 0x1f0 irq 14 on atapci0 > ata1: at 0x170 irq 15 on atapci0 > uhci0: port 0x6440-0x645f irq 11 at > device 31.2 on pci0 > usb0: on uhci0 > usb0: USB revision 1.0 > uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 > uhub0: 2 ports with 2 removable, self powered > pci0: (vendor=0x8086, dev=0x2413) at 31.3 irq 11 > chip1: port > 0x6400-0x643f,0x6000-0x60ff irq 11 at device 31.5 on pci0 > fdc0: at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0 > fdc0: FIFO enabled, 8 bytes threshold > fd0: <1440-KB 3.5" drive> on fdc0 drive 0 > atkbdc0: at port 0x60,0x64 on isa0 > atkbd0: flags 0x1 irq 1 on atkbdc0 > kbd0 at atkbd0 > psm0: irq 12 on atkbdc0 > psm0: model Generic PS/2 mouse, device ID 0 > vga0: at port 0x3c0-0x3df iomem 0xa-0xb on isa0 > sc0: at flags 0x100 on isa0 > sc0: VGA <16 virtual consoles, flags=0x300> > sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 > sio0: type 16550A > sio1 at port 0x2f8-0x2ff irq 3 on isa0 > sio1: type 16550A > ppc0: at port 0x378-0x37f irq 7 on isa0 > ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode > ppc0: FIFO with 16/16/13 bytes threshold > lpt0: on ppbus0 > lpt0: Interrupt-driven port > IP packet filtering initialized, divert disabled, rule-based forwarding > disabled, default to accept, logging limited to 100 packets/entry by default > ata1-slave: ata_command: timeout waiting for intr > ata1-slave: identify failed > acd0: CDROM at ata1-master using PIO4 > Waiting 5 seconds for SCSI devices to settle > Mounting root from ufs:/dev/da0s2a > da0 at ahc0 bus 0 target 0 lun 0 > da0: Fixed Direct Access SCSI-3 device > da0: 160.000MB/s transfers (80.000MHz, offset 127, 16bit), Tagged Queueing > Enabled > da0: 17366MB (35566000 512 byte sectors: 255H 63S/T 2213C) > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Frame Relay in Australia with Telstra
Murray Taylor wrote: > > I am establishing FreeBSD 4.2 Release (from the CD Roms) on a Compaq A550 > and > I need to setup a connection to a Telstra frame relay interface (which has > yet to be installed) > > (A) Has anyone in .AU done this? ummm not in AU but it is a standard right? (I've had it working in europe and USA. > > (B) What interface card did you use? and which driver ( sr, ar, cx, ?? ) proprietary, but several should work. a bug in the 'sr' driver was just fixed that may fix problems I was seeing with this last year in Australia. > > (C) Which distributor did you get the card from? > > (D) what software i/face are you using, do you recommend (sppp / netgraph / > ?? ) > (I have read the frame_relay item in the netgraph examples, but > otherwise have no > direct experience with netgraph) As I wrote netgraph, I recommend it.. I had the frame-relay module passed through the protocol verification labs at MCI and we ended up being very 'complying' :-) > > I have recompiled the kernel to add IPFW, NETGRAPH and drop some uneeded net > devices and am > quite OK do do so as needed again. (FreeBSD on my home machine since 2.2.2) well you'll need the sr or ar driver either way unless you can get some of the other cards that phk has been playing with. LMC? I BELIEVE than sangoma have a card and driver for freebsd/frame too, and I am pretty sure that Emerging technology can do it too. > > Note the hostname in the dmesg is a dummy used for internal testing prior to > domain registration > > Murray Taylor > Project Engineer > > Bytecraft P/L +61 3 9587 2555 > +61 3 9580 7690 fax bummer, eastern states.. otherwise I could help.. > [EMAIL PROTECTED] > > -- __--_|\ Julian Elischer / \ [EMAIL PROTECTED] ( OZ) World tour 2000-2001 ---> X_.---._/ v To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
RE: nat forwarding
Peter,
Some of the questions here (aliasing multiple interfaces individually) were
answered in my other email on your ipfw question. But let's look at the nat
forwarding issue.
My rc.conf contains these lines:
natd_enable="YES"
natd_interface="ed1"
natd_flags="-f /etc/natd.conf"
Now, the trick is that the syntax required in the natd config file is
different from that in rc.conf. In rc.conf the syntax is for a shell script
setting variables to contain certain values, but the natd.conf file will be
read by natd when it starts and must have the syntax expected by natd. This
is explained in the man page for natd, but you need to read it a few times
before it makes any sense (well that was the case with me anyway!) My
/etc/natd.conf looks like this:
redirect_port tcp 10.3.13.131:8080x.x.x.x:8080
redirect_port tcp 10.3.13.131:1494x.x.x.x:1494
redirect_port tcp 10.3.13.131:1604x.x.x.x:1604
The x.x.x.x represents the registered ip on the external interface. These
lines cause all packets arriving at port 8080 (etc) on ip address x.x.x.x to
be redirected to port 8080 on 10.3.13.131 (my citrix server).
This is working just fine for me.
In your case, where you are running nat on multiple interfaces, I expect you
will need nat forwarding configured differently for each interface, so you
will probably want to have a /etc/natd1.conf with one set of redirection
rules, and /etc/natd2.conf with another set, etc. In this case you will
need to add the "-f /etc/natd1.conf" to the natd command in the rc script.
Compare this sample to my earlier email:
oif1=ed1# your first external interface
oif2=ed2# your second external interface
natdport1=8668 # port to use for nat on first interface
natdport2=8669 # port to use for nat on second interface
natd -port ${natdport1} -interface ${oif1} -f /etc/natd1.conf
natd -port ${natdport2} -interface ${oif2} -f /etc/natd2.conf
I hope this work out.
Regards,
Patrick O'Reilly
---
"I do not feel obliged to believe that the same God who has endowed us with
sense, reason, and intellect has intended us to forego their use." --
Galileo Galilei
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Peter Brezny
Sent: 23 February 2001 03:07
To: [EMAIL PROTECTED]
Subject: nat forwarding
After reading through the natd man page, I think I understand what I need
to do to redirect requests to one specified ip to another, however, I
don't understand where I put this config info.
i currently start natd with rc.conf with the following lines:
natd_enable="YES"
#natd_config="/etc/rc.natd"
natd_interface="fpx1"
natd_flags="-dynamic"
as you can see, i've attempted creating a file with natd config options in
it, but things don't seem to jive when i use it and comment out the last
two lines in the example above (specifying them inside rc.natd)
Also, i'd like to have multiple external interfaces with natd aliasing
each one respectively. is this possible? how would i configure that?
TIA
pb
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
RE: ipfw simple question
Peter,
I speak under correction - I am a user, not an author, of natd and ipfw.
I'm sure that someone will correct me if I'm wrong
ipfw does not allow you to specify multiple if names for the incoming or
outgoing packets, although you can specify both the in- and out- if names in
one rule.
ipfw does not allow you to specify multiple ip addresses for the from or to
ip. The only provision made is to use an ip with a subnet mask, but you are
obviously aware of this is your first example uses that syntax (0.0.0.0/8).
as for natd: here is the theory I have seen, but I have never tested it
myself:
The natd_interface entry in rc.conf basically provides a default value for
the -interface argument for natd.
There is an entry for 'divert' in /etc/services which specifies the default
port number to be used for the -port argument for natd. The default value
for this is 8668.
In your case you should be able to start the natd daemon by simply using the
command # natd (this is obviously in your rc scripts already).
My understanding is that you should be able to achieve what you want by
doing something like this in your rc scripts:
oif1=ed1# your first external interface
oif2=ed2# your second external interface
natdport1=8668 # port to use for nat on first interface
natdport2=8669 # port to use for nat on second interface
natd -port ${natdport1} -interface ${oif1}
natd -port ${natdport2} -interface ${oif2}
Now you should have two natd daemons running.
You need to divert packets correctly using ipfw, so you will need to add two
rules something like:
oif1=ed1# your first external interface
oif2=ed2# your second external interface
natdport1=8668 # port to use for nat on first interface
natdport2=8669 # port to use for nat on second interface
$fwcmd add 1 divert ${natdport1} all from any to any via ${oif1}
$fwcmd add 1 divert ${natdport2} all from any to any via ${oif2}
Please experiment or check this with another real expert before you put this
into your production environment!
One thing worries me about this - I suspect that if your box routes packets
in and out between these two external interfaces it will nat the packets
just the same is if the packets were from/to internal interfaces. However,
there is an argument for natd called -unregistered_only which will only
perform nat on packets where the source address falls within the correct
ranges of unregistered addresses specified in RFC1918. If you have been a
good boy and used unregistered addresses on your private network then it
should be safe (and correct I think) to add the -unregistered_only argument
to both of the natd commands above.
Please let me know how it goes
Regards,
Patrick O'Reilly
---
"I do not feel obliged to believe that the same God who has endowed us with
sense, reason, and intellect has intended us to forego their use." --
Galileo Galilei
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Peter Brezny
Sent: 23 February 2001 01:07
To: [EMAIL PROTECTED]
Subject: ipfw simple quesiton
Hello,
I've just added a second external interface to a machine. I'd like to not
have to duplicate all the rules that involve outside interfaces.
I've got rules like
$fwcmd add deny all from 0.0.0.0/8 to any in via $oif
is it possible to specify multiple interfaces for one rule by letting
oif= ed0,ed1
?
Similarly, would that work for the ip's of the outside if's?
$fwcmd add allow ip from $oip to any keep-state out via $oif
oip= 10.10.1.1,10.10.1.2
?
And finally, my rc.conf defines the interface for natd like this:
natd_interface="xl0"
is it possible to have natd run on both external interfaces without
causing problems? how would i configure that?
TIA
pb
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
Re: Problem in configuring netgraph
Satyajeet Seth wrote:
>
> Hi
>
> I tried to use ng_ether and ng_bpf as follows:
>
> fxp0(lower) --- (bhook)[bpf](nomatch)(hook1)(upper)fxp0
>[ ]( match )(hook2)not connected
>
> $ ngctl mkpeer fxp0: bpf divert bhook
>
> $ ngctl name fxp0:divert bpf0
>
> $ ngctl
> + msg bpf0: setprogram { thisHook="bhook" ifMatch="hook2"
>ifNotMatch="hook1" bpf_prog_len=1 bpf_prog=[ { code=6 } ] }
>
> Now 'nghook -a bpf0: hook1' shows output while 'nghook -a bpf0: hook2'
> doesn't.
>
> $ ngctl connect fxp0: bpf0: upper hook1
>
> 1. After this I am unable to ping any of the lan machines.
> Could you suggest what I could be doing wrong?
>
> 2. I am writing a BPF program(for filtering packets destined to particular
> MAC addresses) by converting instructions like:
> BPF_STMT(BPF_LD+BPF_H+BPF_ABS,12), BPF_STMT(BPF_RET+BPF_K,0)
> into:
> [ {code=28 jt=0 jf=0 k=0x0c} {code=6 jt=0 jf=0 k=0}]
> After seeing the definitions of BPF_STMT,BPF_LD etc. in /sys/net/bpf.h. Is
> this the correct way?
>
> 3. I noticed a problem that the filter could not be set as :
> ngctl msg bpf0: setprogram {...}
> It gave the message:
> ngctl: send msg: Invalid argument
that's becaue you must escape the arguments so that the shell does not try
to interpret things.
>
> I am using FreeBSD 4.1.
>
> Thanks
> Satya
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-net" in the body of the message
the man page for -current ng_bpf (you can get it from
http://www.freebsd.org/cgi/cvsweb.cgi/src/share/man/man4/ng_bpf.4
shows how to program a bpf node with a good example
(it was not in the 4.x man page)
--
__--_|\ Julian Elischer
/ \ [EMAIL PROTECTED]
( OZ) World tour 2000-2001
---> X_.---._/
v
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
RE: Frame Relay in Australia with Telstra
Thanks for the reply Julian ... and I have a few more questions now.. Telstra are asking ME to tell THEM what protocol and interface we will be using, chosen from the following: Protocols 1) ITU-T (CCITT) Q933 Annex A 2) ANSI T1.617 Annex D Telstra default 3) LMI (FRF Doc#001-208966) Connection method a) X.21bis/V35 b) X.21 c) G.704 Based on the sr(4) page I would tell them X.21 as the connection method, but what do I tell them about the protocol?? BTW, I am using the code from the 4.2 CDROM, do I need to catch up anything w.r.t. the bug comment? I'm chasing up the WANic 405 card using the sr driver. (reading on) very complying is good, I too like elements that match to standards... If you wish to chat, call us at the office as in the sig mjt > -Original Message- > From: Julian Elischer [SMTP:[EMAIL PROTECTED]] > Sent: Tuesday, 27 February 2001 23:11 > To: Murray Taylor > Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' > Subject: Re: Frame Relay in Australia with Telstra > > Murray Taylor wrote: > > > > I am establishing FreeBSD 4.2 Release (from the CD Roms) on a Compaq > A550 > > and > > I need to setup a connection to a Telstra frame relay interface (which > has > > yet to be installed) > > > > (A) Has anyone in .AU done this? > > ummm not in AU > but it is a standard right? (I've had it working in europe and USA. > > > > > (B) What interface card did you use? and which driver ( sr, ar, cx, ?? ) > > proprietary, but several should work. > > a bug in the 'sr' driver was just fixed that may fix problems I was seeing > with > this > last year in Australia. > > > > > (C) Which distributor did you get the card from? > > > > > (D) what software i/face are you using, do you recommend (sppp / > netgraph / > > ?? ) > > (I have read the frame_relay item in the netgraph examples, but > > otherwise have no > > direct experience with netgraph) > > > As I wrote netgraph, I recommend it.. > I had the frame-relay module passed through the protocol verification labs > at > MCI and we ended up being very 'complying' :-) > > > > > > I have recompiled the kernel to add IPFW, NETGRAPH and drop some uneeded > net > > devices and am > > quite OK do do so as needed again. (FreeBSD on my home machine since > 2.2.2) > > well you'll need the sr or ar driver either way > unless you can get some of the other cards that phk > has been playing with. LMC? > > I BELIEVE than sangoma have a card and driver for freebsd/frame too, and I > am pretty sure that Emerging technology can do it too. > > > > > Note the hostname in the dmesg is a dummy used for internal testing > prior to > > domain registration > > > > Murray Taylor > > Project Engineer > > > > Bytecraft P/L +61 3 9587 2555 > > +61 3 9580 7690 fax > > bummer, eastern states.. otherwise I could help.. > > > [EMAIL PROTECTED] > > > > > > -- > __--_|\ Julian Elischer > / \ [EMAIL PROTECTED] > ( OZ) World tour 2000-2001 > ---> X_.---._/ > v To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Frame Relay in Australia with Telstra
Murray Taylor wrote: > > Thanks for the reply Julian ... and I have a few more questions now.. > > Telstra are asking ME to tell THEM what protocol and interface we will be > using, > chosen from the following: > > Protocols > 1) ITU-T (CCITT) Q933 Annex A > 2) ANSI T1.617 Annex D Telstra default > 3) LMI (FRF Doc#001-208966) FreeBSD netgraph supports all three and will autodetect which is in use if asked to. telstra SHOULD support ITU by default because it's ISO/ITU/CCITT and we are not in AMerica (ANSI == American National Standards Institute or something, but I guess that's the market forces at work.) LMI-FRF works but is ancient and should not be selected.. > > Connection method > a) X.21bis/V35 > b) X.21 > c) G.704 this is dependent on the card. > > Based on the sr(4) page I would tell them X.21 as the connection method, but > what do I > tell them about the protocol?? > > BTW, I am using the code from the 4.2 CDROM, do I need to catch up anything > w.r.t. > the bug comment? I think that john hay ([EMAIL PROTECTED]) may know better but probably copying the newer sr driver from -current might be a good idea, or at least seeing if the patch he did yesterday to it (it's moved to /sys/dev/sr) can be applied to the old drivers in /sys/i386/isa that 4.2 has. > > I'm chasing up the WANic 405 card using the sr driver. > > (reading on) very complying is good, I too like elements that match to > standards... > > If you wish to chat, call us at the office as in the sig > > mjt > > > -Original Message- > > From: Julian Elischer [SMTP:[EMAIL PROTECTED]] > > Sent: Tuesday, 27 February 2001 23:11 > > To: Murray Taylor > > Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' > > Subject: Re: Frame Relay in Australia with Telstra > > > > Murray Taylor wrote: > > > > > > I am establishing FreeBSD 4.2 Release (from the CD Roms) on a Compaq > > A550 > > > and > > > I need to setup a connection to a Telstra frame relay interface (which > > has > > > yet to be installed) > > > > > > (A) Has anyone in .AU done this? > > > > ummm not in AU > > but it is a standard right? (I've had it working in europe and USA. > > > > > > > > (B) What interface card did you use? and which driver ( sr, ar, cx, ?? ) > > > > proprietary, but several should work. > > > > a bug in the 'sr' driver was just fixed that may fix problems I was seeing > > with > > this > > last year in Australia. > > > > > > > > (C) Which distributor did you get the card from? > > > > > > > > (D) what software i/face are you using, do you recommend (sppp / > > netgraph / > > > ?? ) > > > (I have read the frame_relay item in the netgraph examples, but > > > otherwise have no > > > direct experience with netgraph) > > > > > > As I wrote netgraph, I recommend it.. > > I had the frame-relay module passed through the protocol verification labs > > at > > MCI and we ended up being very 'complying' :-) > > > > > > > > > > I have recompiled the kernel to add IPFW, NETGRAPH and drop some uneeded > > net > > > devices and am > > > quite OK do do so as needed again. (FreeBSD on my home machine since > > 2.2.2) > > > > well you'll need the sr or ar driver either way > > unless you can get some of the other cards that phk > > has been playing with. LMC? > > > > I BELIEVE than sangoma have a card and driver for freebsd/frame too, and I > > am pretty sure that Emerging technology can do it too. > > > > > > > > Note the hostname in the dmesg is a dummy used for internal testing > > prior to > > > domain registration > > > > > > Murray Taylor > > > Project Engineer > > > > > > Bytecraft P/L +61 3 9587 2555 > > > +61 3 9580 7690 fax > > > > bummer, eastern states.. otherwise I could help.. > > > > > [EMAIL PROTECTED] > > > > > > > > > > -- > > __--_|\ Julian Elischer > > / \ [EMAIL PROTECTED] > > ( OZ) World tour 2000-2001 > > ---> X_.---._/ > > v -- __--_|\ Julian Elischer / \ [EMAIL PROTECTED] ( OZ) World tour 2000-2001 ---> X_.---._/ v To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Problem in configuring netgraph
Hi
I tried the example at:
http://www.freebsd.org/cgi/cvsweb.cgi/src/share/man/man4/ng_bpf.4
When I type:
tcpdump -ddd ether dest xx:xx:xx:xx:xx:xx
in a telnet session the command gave the raw BPF instructions, as
expected.
However, at the system console the same command gave the message:
fxp0: promiscuous mode enabled
tcpdump: syntax error
xp0: promiscuous mode disabled
Could you suggest what could be wrong?
I also tried the following:
1. reboot
2. ping -f &
3. nghook -a fxp0: lower
Now I get identical packets.
4. ngctl mkpeer fxp0: bpf divert bhook
5. ngctl name fxp0:divert bpf0
6. ngctl msg bpf0: setprogram { thisHook="bhook" ifMatch="hook2"
ifNotMatch="hook1" bpf_prog_len=1 bpf_prog=[ { code=6 } ] }
Now all the packets are sent to hook1.
7. nghook -a bpf0: hook1
gives packets differing from point 3.
8. ping to any machine on the lan does not work.
By default the upper and lower hooks of fxp0 are effectively connected. Our setup also
does the
same.
Could you suggest why the ping does not work?
Thanks
Satya
> > I tried to use ng_ether and ng_bpf as follows:
> >
> > fxp0(lower) --- (bhook)[bpf](nomatch)(hook1)(upper)fxp0
> >[ ]( match )(hook2)not connected
> >
> > $ ngctl mkpeer fxp0: bpf divert bhook
> >
> > $ ngctl name fxp0:divert bpf0
> >
> > $ ngctl
> > + msg bpf0: setprogram { thisHook="bhook" ifMatch="hook2"
> >ifNotMatch="hook1" bpf_prog_len=1 bpf_prog=[ { code=6 } ] }
> >
> > Now 'nghook -a bpf0: hook1' shows output while 'nghook -a bpf0: hook2'
> > doesn't.
> >
> > $ ngctl connect fxp0: bpf0: upper hook1
> >
> > After this I am unable to ping any of the lan machines.
> > Could you suggest what I could be doing wrong?
> >
> > I am using FreeBSD 4.1.
>
> the man page for -current ng_bpf (you can get it from
> http://www.freebsd.org/cgi/cvsweb.cgi/src/share/man/man4/ng_bpf.4
>
> shows how to program a bpf node with a good example
> (it was not in the 4.x man page)
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
Re: Problem in configuring netgraph
Satyajeet Seth wrote:
>
> Hi
>
> I tried the example at:
> http://www.freebsd.org/cgi/cvsweb.cgi/src/share/man/man4/ng_bpf.4
>
> When I type:
>
> tcpdump -ddd ether dest xx:xx:xx:xx:xx:xx
>
> in a telnet session the command gave the raw BPF instructions, as
> expected.
>
> However, at the system console the same command gave the message:
>
> fxp0: promiscuous mode enabled
> tcpdump: syntax error
> xp0: promiscuous mode disabled
>
> Could you suggest what could be wrong?
>
> I also tried the following:
>
> 1. reboot
> 2. ping -f &
> 3. nghook -a fxp0: lower
> Now I get identical packets.
>
> 4. ngctl mkpeer fxp0: bpf divert bhook
>
> 5. ngctl name fxp0:divert bpf0
>
> 6. ngctl msg bpf0: setprogram { thisHook="bhook" ifMatch="hook2"
> ifNotMatch="hook1" bpf_prog_len=1 bpf_prog=[ { code=6 } ] }
>
> Now all the packets are sent to hook1.
> 7. nghook -a bpf0: hook1
> gives packets differing from point 3.
how different?
>
> 8. ping to any machine on the lan does not work.
> By default the upper and lower hooks of fxp0 are effectively connected. Our setup
>also does the
> same.
>
> Could you suggest why the ping does not work?
because the incoming packets are still being diverted to the bpf node.
>
> Thanks
> Satya
>
--
__--_|\ Julian Elischer
/ \ [EMAIL PROTECTED]
( OZ) World tour 2000-2001
---> X_.---._/
v
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
RE: Quick question about IP aliasing
yeah and thats the reason for the 'or' in that sentance... On Mon, 26 Feb 2001, Jonathan Graehl wrote: > > do 'netmask 255.255.255.255' instead or 'netmask 0x' since this is > > an alias... for some reason otherwise services may not bind to the ip > > correctly > > Why would this be? The two are numerically equivalent. > > -Jon > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Quick question about IP aliasing
On Tue, 27 Feb 2001, Rogier R. Mulhuijzen wrote: > At 01:06 27-2-01 +0100, Tobias Fredriksson wrote: > > > >On Mon, 26 Feb 2001, Drew J. Weaver wrote: > > > > > Say I have a main server Ip address of (This is completely made up) > > > 209.190.53.51, and I have 32 IP addresses blocked to it on 209.51.193.32-64 > > > (or whatever, this is an example) would this alias line still be valid for > > > that? I've never done a server where the MAIN IP and the aliased IPs > > were on > > > different IP classes. > > > > > > ifconfig_fxp0_alias0="inet 209.51.193.32 netmask 255.255.255.0" (is an > > > example of what im using for the aliases.) > > > >do 'netmask 255.255.255.255' instead or 'netmask 0x' since this is > >an alias... for some reason otherwise services may not bind to the ip > >correctly > > Not if the alias is in a different subnet though. Or am I missing something? > > DocWilco > no not if its on another subnet To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Freenet6, IPv6 tunnels, and rc.conf
I hope this is the right place to ask; if not, a gentle nudge in the right direction would be most appreciated. I registered for an IPv6 tunnel from www.freenet6.net, and they send me the following Perl script (modified to work behind a NAT router according to the "IPv6-behind-NAT" instructions at http://www.daemonnews.org/29/ipv6.html>): ---8<- $if='gif0'; # Via ifconfig | grep # Somes informations about tunnels values print "This script will create a tunnel between this computer\n"; print "and the Freenet6 server (tunnels server)\n"; print "Your IPv6 address (your tunnel end point) is 3ffe:b00:c18:1fff:0:0:0:461 \n"; print "We establish a tunnel to the Freenet6 server at 3ffe:b00:c18:1fff:0:0:0:460 \n"; print "Your IPv4 address is : 216.224.193.50 \n"; print "The IPv4 address of the Freenet6 server is : 206.123.31.102 \n"; # Setup the tunnel with values from Freenet6 system(`gifconfig $if 10.0.0.2 206.123.31.102`); system(`ifconfig $if inet6 3ffe:b00:c18:1fff:0:0:0:461 3ffe:b00:c18:1fff:0:0:0:460 prefixlen 128 alias`); system(`ifconfig $if up`); system(`route add -inet6 default 3ffe:b00:c18:1fff:0:0:0:461`); ---8<- This works well; I can ping6 the world to my heart's content. The next step I want to try, though is integrating this IPv6-over-4 tunnel into my rc.conf (4.2-STABLE, BTW). Frankly, I'm completely bewildered by the IPv6 section of that file. What values do I plug in, and where? I want this machine to be a IPv6 gateway for the other machines on my LAN, too. Any help appreciated! -- Kirk Strauser To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Quick question about IP aliasing
On Tue, Feb 27, 2001 at 07:16:14AM +0100, Rogier R. Mulhuijzen wrote: > > >The point is that you need to use a netmask of 255.255.255.255 for aliased > >IPs on FreeBSD, regardless of the alias of the primary (non-alias) IP. > > Everybody is saying use 255.255.255.255 for an alias. Noone is giving > reasons why. I don't understand this either. To my mind it's a bug if it doesn't work with the full netmask for an IP alias address. Joe PGP signature
Re: Quick question about IP aliasing
> I don't understand this either. To my mind it's a bug if it doesn't > work with the full netmask for an IP alias address. you're right. submit patch. randy To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Quick question about IP aliasing
> On Tue, Feb 27, 2001 at 07:16:14AM +0100, Rogier R. Mulhuijzen wrote: > > > > >The point is that you need to use a netmask of 255.255.255.255 for aliased > > >IPs on FreeBSD, regardless of the alias of the primary (non-alias) IP. no this is incorrect. you just have to make sure that the aliased IP&mask do not generate info which is already in the routing table. E.g. if your primary addr is 1.2.3.4/24 , an alias of 1.2.3.5/24 will give a warning, but an alias of 1.2.4.4/24 will not, and most likely even 1.2.3.5/25 will not. > > > > Everybody is saying use 255.255.255.255 for an alias. Noone is giving > > reasons why. > > I don't understand this either. To my mind it's a bug if it doesn't > work with the full netmask for an IP alias address. it does work, you just have tomake sure that you use the correct parameters. cheers luigi To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Problem in configuring netgraph
Hi
Please read my comments below:
> > I tried the example at:
> > http://www.freebsd.org/cgi/cvsweb.cgi/src/share/man/man4/ng_bpf.4
> >
> > When I type:
> >
> > tcpdump -ddd ether dest xx:xx:xx:xx:xx:xx
> >
> > in a telnet session the command gave the raw BPF instructions, as
> > expected.
> >
> > However, at the system console the same command gave the message:
> >
> > fxp0: promiscuous mode enabled
> > tcpdump: syntax error
> > xp0: promiscuous mode disabled
> >
> > Could you suggest what could be wrong?
> >
> > I also tried the following:
> >
> > 1. reboot
> > 2. ping -f &
> > 3. nghook -a fxp0: lower
> > Now I get identical packets.
> >
> > 4. ngctl mkpeer fxp0: bpf divert bhook
> >
> > 5. ngctl name fxp0:divert bpf0
> >
> > 6. ngctl msg bpf0: setprogram { thisHook="bhook" ifMatch="hook2"
> > ifNotMatch="hook1" bpf_prog_len=1 bpf_prog=[ { code=6 } ] }
> >
> > Now all the packets are sent to hook1.
>
> > 7. nghook -a bpf0: hook1
> > gives packets differing from step 3.
>
> how different?
I experimented again and found that the packets printed by nghook
are same in step 3 and 7.
(i)For a few seconds, the first six bytes contained the MAC address of the
machine and the next six bytes contained the MAC address of the machine being
pinged.
(ii)After the few seconds the first six bytes contain all f's. The
next six bytes contain varying MAC addresses.
I compared (i) for step 3 with (ii) for step 7 earlier.
> >
> > 8. ping to any machine on the lan does not work.
> > By default the upper and lower hooks of fxp0 are effectively connected. Our setup
>also does the
> > same.
> >
> > Could you suggest why the ping does not work?
>
> because the incoming packets are still being diverted to the bpf node.
I mentioned in my previous mail but forgot to mention in this one that,
ngctl connect bpf0: fxp0: hook1 upper
was used before the ping in step 8.
Thanks
Satya
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
Re: Quick question about IP aliasing
> > On Tue, Feb 27, 2001 at 07:16:14AM +0100, Rogier R. Mulhuijzen wrote: > > > > > > > [ Matt Emmerton wrote: ] > > > >The point is that you need to use a netmask of 255.255.255.255 for aliased > > > >IPs on FreeBSD, regardless of the alias of the primary (non-alias) IP. > > no this is incorrect. you just have to make sure that the aliased > IP&mask do not generate info which is already in the routing table. > E.g. if your primary addr is 1.2.3.4/24 , an alias of 1.2.3.5/24 will > give a warning, but an alias of 1.2.4.4/24 will not, and most likely even > 1.2.3.5/25 will not. I'm just reiterating what I was told 1.5 years ago when I complained that the following setup wouldn't work: Primary IP: 192.168.0.1/255.255.255.0 Aliased IP: 192.168.0.10/255.255.255.0 With this setup, I could not ping, traceroute or connect to the aliased IP. In order to make the aliased IP functional, I had to use a netmask of 255.255.255.255 -- a fact which I find totally confusing and counter-intuitive, but one that seems to work. > > > Everybody is saying use 255.255.255.255 for an alias. Noone is giving > > > reasons why. Exactly. I never got a good answer to this when I first stumbled upon it, and I still haven't. All I know is that this is the way it needs to be done in order for things to work properly. -- Matt Emmerton To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Quick question about IP aliasing
[Charset iso-8859-1 unsupported, filtering to ASCII...] > > > On Tue, Feb 27, 2001 at 07:16:14AM +0100, Rogier R. Mulhuijzen wrote: > > > > > > > > > [ Matt Emmerton wrote: ] > > > > >The point is that you need to use a netmask of 255.255.255.255 for > aliased > > > > >IPs on FreeBSD, regardless of the alias of the primary (non-alias) > IP. > > > > no this is incorrect. you just have to make sure that the aliased > > IP&mask do not generate info which is already in the routing table. > > E.g. if your primary addr is 1.2.3.4/24 , an alias of 1.2.3.5/24 will > > give a warning, but an alias of 1.2.4.4/24 will not, and most likely even > > 1.2.3.5/25 will not. > > I'm just reiterating what I was told 1.5 years ago when I complained that > the following setup wouldn't work: > > Primary IP: 192.168.0.1/255.255.255.0 > Aliased IP: 192.168.0.10/255.255.255.0 > > With this setup, I could not ping, traceroute or connect to the aliased IP. > In order to make the aliased IP functional, I had to use a netmask of > 255.255.255.255 -- a fact which I find totally confusing and > counter-intuitive, but one that seems to work. the source of confusion is just the fact that when you ifconfig an interface, you really give two distinct pieces of information: 1. an ip address that the machine recognises as its own 2. an address for a subnet connected to that interface. With aliases you can assign multiple instances of 1 and 2, as long as they are distinct. In your example the subnet address that you try to set with the alias is the same as the one you have already set with the primary ip, so the info is already there and you get the warning/error. > > > > Everybody is saying use 255.255.255.255 for an alias. Noone is giving > > > > reasons why. > > Exactly. I never got a good answer to this when I first stumbled upon it, > and I still haven't. All I know is that this is the way it needs to be done > in order for things to work properly. the reason is above. cheers luigi --+- Luigi RIZZO, [EMAIL PROTECTED] . ACIRI/ICSI (on leave from Univ. di Pisa) http://www.iet.unipi.it/~luigi/ . 1947 Center St, Berkeley CA 94704 Phone (510) 666 2927 . --+- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Quick question about IP aliasing
On Wed, 28 Feb 2001, Luigi Rizzo wrote: > the source of confusion is just the fact that when you ifconfig an > interface, you really give two distinct pieces of information: > 1. an ip address that the machine recognises as its own > 2. an address for a subnet connected to that interface. > With aliases you can assign multiple instances of 1 and 2, as long > as they are distinct. In your example the subnet address that > you try to set with the alias is the same as the one you have > already set with the primary ip, so the info is already there and > you get the warning/error. Luigi, Can you be more specific please? Is it just a harmless warning message or a true error? In other words, will anything break if I use a.b.c.2/24 alias on the interface with the a.b.c.1/24 primary address? I hate to admit, but this thread is very confusing to me -- several people are claiming opposite things with confidence. Unfortunately, I cannot simply ignore the discussion. For benchmarking purposes, we routinely use thousands of IP aliases that belong to the same subnet on one interface without any known problems. I want to know if we are doing something wrong. I do not care about the ifconfig warning by itself. We do not even use ifconfig to manage aliases. I care about the actual run-time code that handles the addresses. Could you please clarify whether there is anything wrong with using, say, 10.0.0-3.1-250/16 aliases on the same interface? Thanks a lot, Alex. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Quick question about IP aliasing
On Tue, 27 Feb 2001, Alex Rousskov wrote: > On Wed, 28 Feb 2001, Luigi Rizzo wrote: > > > the source of confusion is just the fact that when you ifconfig an > > interface, you really give two distinct pieces of information: > > 1. an ip address that the machine recognises as its own > > 2. an address for a subnet connected to that interface. > > With aliases you can assign multiple instances of 1 and 2, as long > > as they are distinct. In your example the subnet address that > > you try to set with the alias is the same as the one you have > > already set with the primary ip, so the info is already there and > > you get the warning/error. > > Luigi, > > Can you be more specific please? Is it just a harmless warning > message or a true error? In other words, will anything break if I use > a.b.c.2/24 alias on the interface with the a.b.c.1/24 primary address? No you will be able to bind normaly to a.b.c.1, but i have had the problems where if i specify anything to bind a.b.c.2 and it has bound on all ip's aliased on the computer. > I hate to admit, but this thread is very confusing to me -- > several people are claiming opposite things with confidence. > Unfortunately, I cannot simply ignore the discussion. For benchmarking > purposes, we routinely use thousands of IP aliases that belong to the > same subnet on one interface without any known problems. I want to > know if we are doing something wrong. > > I do not care about the ifconfig warning by itself. We do not > even use ifconfig to manage aliases. I care about the actual run-time > code that handles the addresses. Could you please clarify whether > there is anything wrong with using, say, 10.0.0-3.1-250/16 aliases on > the same interface? > > Thanks a lot, > > Alex. > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Quick question about IP aliasing
On Wed, 28 Feb 2001, Tobias Fredriksson wrote: > No you will be able to bind normaly to a.b.c.1, but i have had the > problems where if i specify anything to bind a.b.c.2 and it has bound on > all ip's aliased on the computer. Tobias, I know that I can bind to any (and all) of the 1000+ aliases without any visible problems. We are running thousands of simulated HTTP clients and servers that way, each sending from or listening on its own alias... That is exactly why I am asking for a definitive answer based on how things are implemented in the kernel rather than case studies. Thanks, Alex. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Quick question about IP aliasing
Alex, > Can you be more specific please? Is it just a harmless warning > message or a true error? In other words, will anything break if I use > a.b.c.2/24 alias on the interface with the a.b.c.1/24 primary address? technically i think it is a real error to use a /24 alias, but i am not 100% sure about the amt of problems it causes. > Unfortunately, I cannot simply ignore the discussion. For benchmarking > purposes, we routinely use thousands of IP aliases that belong to the > same subnet on one interface without any known problems. I want to > know if we are doing something wrong. > > I do not care about the ifconfig warning by itself. We do not > even use ifconfig to manage aliases. I care about the actual run-time > code that handles the addresses. Could you please clarify whether if you do care about this, you may want to restructure the data structure used to store/match interface addresses. At the moment it is a linear list, so the matching of incoming packets is probably Very Time Comsuming! cheers luigi --+- Luigi RIZZO, [EMAIL PROTECTED] . ACIRI/ICSI (on leave from Univ. di Pisa) http://www.iet.unipi.it/~luigi/ . 1947 Center St, Berkeley CA 94704 Phone (510) 666 2927 . --+- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Quick question about IP aliasing
Josef Karthauser wrote: > > On Tue, Feb 27, 2001 at 07:16:14AM +0100, Rogier R. Mulhuijzen wrote: > > > > >The point is that you need to use a netmask of 255.255.255.255 for aliased > > >IPs on FreeBSD, regardless of the alias of the primary (non-alias) IP. > > > > Everybody is saying use 255.255.255.255 for an alias. Noone is giving > > reasons why. > > I don't understand this either. To my mind it's a bug if it doesn't > work with the full netmask for an IP alias address. Because if you don't, it won't work. ifconfig(8) may not be telling the entire truth here: alias Establish an additional network address for this interface. This is sometimes useful when changing network numbers, and one wishes to accept packets addressed to the old interface. If the address is on the same subnet as the first network address for this in- terface, a netmask of 0x has to be specified. Somebody should look to see if the man page is true, or if you have to use a netmask of 0x for all aliases. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC [EMAIL PROTECTED] http://softweyr.com/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Quick question about IP aliasing
> Josef Karthauser wrote: > > > > On Tue, Feb 27, 2001 at 07:16:14AM +0100, Rogier R. Mulhuijzen wrote: > > > > > > >The point is that you need to use a netmask of 255.255.255.255 for aliased > > > >IPs on FreeBSD, regardless of the alias of the primary (non-alias) IP. > > > > > > Everybody is saying use 255.255.255.255 for an alias. Noone is giving > > > reasons why. > > > > I don't understand this either. To my mind it's a bug if it doesn't > > work with the full netmask for an IP alias address. > > Because if you don't, it won't work. ifconfig(8) may not be telling the > entire truth here: > > alias Establish an additional network address for this interface. This > is sometimes useful when changing network numbers, and one wishes > to accept packets addressed to the old interface. If the address > is on the same subnet as the first network address for this in- > terface, a netmask of 0x has to be specified. > > Somebody should look to see if the man page is true, or if you have to use > a netmask of 0x for all aliases. I just had a short off-line conversation with Luigi Rizzo about this, and the manpage is true. (You must use a netmask of 0x for aliases on the same subnet as the primary IP, otherwise you use the appropriate netmask for the alias IP.) Since the more intuitive method is to use the 'appropriate' netmask all the time (and is what AIX and SCO do), I'm looking into seeing what it would take to add this functionality to FreeBSD. -- Matt Emmerton To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: cvs commit: src/sys/netinet ip_input.c
On Feb 27, 11:43am, Jonathan Lemon wrote: } Subject: cvs commit: src/sys/netinet ip_input.c } jlemon 2001/02/27 11:43:14 PST } } Modified files: } sys/netinet ip_input.c } Log: } When iterating over our list of interface addresses in order to determine } if an arriving packet belongs to us, also check that the packet arrived } through the correct interface. Skip this check if the packet was locally } generated. } } Revision ChangesPath } 1.156 +19 -15src/sys/netinet/ip_input.c } }-- End of excerpt from Jonathan Lemon This (at least the non-IPFIREWALL_FORWARD case) doesn't look right to me. If I have a server dual homed on two networks with the IP addresses 192.168.1.1 and 192.168.2.1, and a client on the 192.168.1.0 network sends a packet to the 192.168.2.1 address to the 192.168.1.1 interface, it looks like the "ours" test will fail. I suspect this will cause the server to attempt to forward this packet out to the 192.168.2.0 network, if it has IP forwarding enabled. On the other hand, it looks like the server will accept a packet received on the 192.168.1.1 interface with the destination address 192.168.2.255. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Quick question about IP aliasing
> > > > Everybody is saying use 255.255.255.255 for an alias. Noone is giving > > > > reasons why. > >Exactly. I never got a good answer to this when I first stumbled upon it, >and I still haven't. All I know is that this is the way it needs to be done >in order for things to work properly. Ok, I meant everyone is saying use 255.255.255.255 for an alias even if it's on a different subnet. I've been preaching to use the real subnet when the alias is on a different subnet from the start of this thread =) DocWilco To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
