Re: Bridging vlan0 with de0
Hello, > oops. I meant to write eladtam .. bad fingers.. and Dalma says that I > should have said megadtam Oh, I see now. > Thanks.. with his email address I could find the orignal mail :-) Good luck! :) [ Free Software ISOs - ftp://ftp.fsn.hu/pub/CDROM-Images/ ]--- Attila Nagy e-mail: [EMAIL PROTECTED] Free Software Network (FSN.HU)phone @work: +361 210 1415 (194) cell.: +3630 306 6758 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
network traffic analysis with a network switch
Not quite sure how to set this up, or even if it can be setup... I have a windows box, a FreeBSD box (gateway) and a RH box all connected to a 100base-T network switch. The FreeBSD box is then connected to a Cable Modem and a T1 router. I have a program on the RH box that can snoop and analyze some of the network traffic of the windows box, however due to the nature of network switches, it never sees the traffic. Don't ask about the analyzer, I'm rather annoyed that it was written specifically to compile and run only on RH and it's very close Linux relatives. Here is a rough visualization of the setup. +-+ ++ | Cable Modem | | T1 | +-+ ++ \ / +-+ | FreeBSD | +-+ | +--+ | 100base-T Switch | +--+ / | \ +--+ ++ +--+ | Windows1 | | RH | | Windows3 | +--+ ++ +--+ What I would like to be able to do is somehow send copies of network traffic to the RH box without having to move it between the FreeBSD box and the switch. Is this possible and if so, how would I go about setting this up? To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: vlan traffic over ipsec tunnel
Terry Lambert writes: > Bridging doesn't work with the vlanX interface currently in FreeBSD. Why not? I believe you, I've just never used vlans and always assumed that they acted like normal Ethernet interfaces. -Archie __ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: xauth support in ipsec ?
Naga R Narayanaswamy writes: > Probably this mail should be directed at the kame newsgroup. But > anyone know if xauth authorization scheme which is in draft stage > is incorporated in the ipsec protocol in FreeBSD ? FreeBSD itself does not do ISAKMP, that is done by the "racoon" port; you should pose your question to [EMAIL PROTECTED] But I can tell you what the probable response is: "because XAUTH is not a standard". Same thing for mode-config. WHY it's not a standard-- that I have yet to hear explained. -Archie __ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
ethernet card not recognized
I had a windows machine with an SMC1211TX ethernet card.i just installed freebsd 4.5 release on it,removing windows.but it doesnt seem to recognize the card at all and there isnt a eth0 or fxp0 interface recognized.What needs to be done?isnt this card supported.its a pretty common one,lil old though. Thanks in advance, Vinod __ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: vlan traffic over ipsec tunnel
Archie Cobbs writes: | Terry Lambert writes: | > Bridging doesn't work with the vlanX interface currently in FreeBSD. | | Why not? | | I believe you, I've just never used vlans and always assumed | that they acted like normal Ethernet interfaces. Same here: a21p# ngctl list There are 5 total nodes: Name: ngctl53375 Type: socket ID: 0006 Num hooks: 0 Name: an0 Type: ether ID: 0005 Num hooks: 0 Name: vmnet1 Type: ether ID: 0004 Num hooks: 0 Name: vlan0 Type: ether ID: 0003 Num hooks: 0 Name: fxp0Type: ether ID: 0002 Num hooks: 0 a21p# ifconfig vlan0 vlan0: flags=8843 mtu 1500 inet 192.168.33.1 netmask 0xff00 broadcast 192.168.33.255 ether 00:10:a4:91:2e:ce vlan: 34 parent interface: fxp0 a21p# Would imply it should just work to bridge vlan's via netgraph bridging. As Archie said I have not tested this to prove how it does or does not work since I haven't had a need to try it. Doug A. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: vlan traffic over ipsec tunnel
On Fri, 19 Apr 2002, Doug Ambrisko wrote: > Archie Cobbs writes: > | Terry Lambert writes: > | > Bridging doesn't work with the vlanX interface currently in FreeBSD. > | > | Why not? > | > | I believe you, I've just never used vlans and always assumed > | that they acted like normal Ethernet interfaces. > > Same here: > a21p# ngctl list > There are 5 total nodes: > Name: ngctl53375 Type: socket ID: 0006 Num hooks: 0 > Name: an0 Type: ether ID: 0005 Num hooks: 0 > Name: vmnet1 Type: ether ID: 0004 Num hooks: 0 > Name: vlan0 Type: ether ID: 0003 Num hooks: 0 > Name: fxp0Type: ether ID: 0002 Num hooks: 0 > a21p# ifconfig vlan0 > vlan0: flags=8843 mtu 1500 > inet 192.168.33.1 netmask 0xff00 broadcast 192.168.33.255 > ether 00:10:a4:91:2e:ce > vlan: 34 parent interface: fxp0 > a21p# > > Would imply it should just work to bridge vlan's via netgraph bridging. > As Archie said I have not tested this to prove how it does or does not > work since I haven't had a need to try it. I don't know, but it may have problems setting promiscuous mode.. is there such a thing in vlan mode? > > Doug A. > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-hackers" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: vlan traffic over ipsec tunnel
failing that, I have just had "contributed" some code that produces an actual "vlan" netgraph node. You attach it to the ethernet node.. I'm still reading it to work out what it does.. On Fri, 19 Apr 2002, Doug Ambrisko wrote: > Archie Cobbs writes: > | Terry Lambert writes: > | > Bridging doesn't work with the vlanX interface currently in FreeBSD. > | > | Why not? > | > | I believe you, I've just never used vlans and always assumed > | that they acted like normal Ethernet interfaces. > > Same here: > a21p# ngctl list > There are 5 total nodes: > Name: ngctl53375 Type: socket ID: 0006 Num hooks: 0 > Name: an0 Type: ether ID: 0005 Num hooks: 0 > Name: vmnet1 Type: ether ID: 0004 Num hooks: 0 > Name: vlan0 Type: ether ID: 0003 Num hooks: 0 > Name: fxp0Type: ether ID: 0002 Num hooks: 0 > a21p# ifconfig vlan0 > vlan0: flags=8843 mtu 1500 > inet 192.168.33.1 netmask 0xff00 broadcast 192.168.33.255 > ether 00:10:a4:91:2e:ce > vlan: 34 parent interface: fxp0 > a21p# > > Would imply it should just work to bridge vlan's via netgraph bridging. > As Archie said I have not tested this to prove how it does or does not > work since I haven't had a need to try it. > > Doug A. > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-hackers" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: vlan traffic over ipsec tunnel
Archie Cobbs wrote: > Terry Lambert writes: > > Bridging doesn't work with the vlanX interface currently in FreeBSD. > > Why not? > > I believe you, I've just never used vlans and always assumed > that they acted like normal Ethernet interfaces. According to people in -questions on 18 Dec of last year, it's not possible. I imagine it's because the vlan interfaces don't push their packets through ether_input, like real interfaces do. Julian's approach would put the vlan's on ng_ether, which would push through the code that does the bridging. Last December 20 on -net, he said the caode for a VLAN netgraph node was being donated by "this French committer" (sorry, I don't remember the exact words he used; I only scanned the posting in passing, 4 months ago, when VLAN's weren't important to me). -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: vlan traffic over ipsec tunnel
i recently (late february) made some commits that among other things enabled the native bridging in FreeBSD to work on vlans. Both on -stable and -current. cheers luigi On Fri, Apr 19, 2002 at 01:44:19PM -0700, Terry Lambert wrote: > Archie Cobbs wrote: > > Terry Lambert writes: > > > Bridging doesn't work with the vlanX interface currently in FreeBSD. > > > > Why not? > > > > I believe you, I've just never used vlans and always assumed > > that they acted like normal Ethernet interfaces. > > According to people in -questions on 18 Dec of last year, it's > not possible. > > I imagine it's because the vlan interfaces don't push their > packets through ether_input, like real interfaces do. > > Julian's approach would put the vlan's on ng_ether, which > would push through the code that does the bridging. Last > December 20 on -net, he said the caode for a VLAN netgraph > node was being donated by "this French committer" (sorry, I > don't remember the exact words he used; I only scanned the > posting in passing, 4 months ago, when VLAN's weren't > important to me). > > -- Terry > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: vlan traffic over ipsec tunnel
Julian Elischer wrote: > > Would imply it should just work to bridge vlan's via netgraph bridging. > > As Archie said I have not tested this to prove how it does or does not > > work since I haven't had a need to try it. > > I don't know, but it may have problems setting promiscuous mode.. > is there such a thing in vlan mode? It might work with the Netgraph bridging. It's not going to work with the packet fast forwarding. The new netgraph version goes through ether_input, so it should not be a problem. Promiscuous mode isn't really necessary (IMO), at least on the interface to which it's trunked. It *might* be an issue for the VLAN itself, though, if it's supposed to bridge to a non-VLAN. My impression of bridging in theis context was that you would use it to create a virtual LAN at otherwise physically disjoint locations, so that bridging should be automatic, at least that way. That implied (to me) that the bridging was e.g. to allow a box to be on the local net with an ethernet interface, and act as a bridge between that net and another local net, using the VLAN as a transport, over something else (e.g. a point-to-point IPSEC link between the "bridges"). >From old DEC days, I'd say it was the moral equivalent of a DELNI, where you have half a bridge, a quarter mile of optical fiber, and the other half of the bridge, and everything on either side just sees a bridge. I imagine that the primary use would be for VPN's, where there were N nodes at one site and M nodes at another, where N > 1 && M > 1. Unfortunately, I don't have a Cisco Catalyst 2900 or other toys necessary to play with VLAN interoperability at the moment, I can only play with FreeBSD<->FreeBSD VLAN stuff, and then draw conclusions based on the RFCs and Cisco and other documentation. Sorry to be so vague. 8-(. Maybe someone with a larger "toy" budget than I have could contribute something to the conversation? I know Bill Paul has done a lot of work with VLAN code (he wrote the FreeBSD FEC code), and I expect Jon Lemon would be quite knowledgable, too, being a Cisco employee (plus have access to toys we haven't even heard of, yet ;^)). -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: vlan traffic over ipsec tunnel
Julian Elischer wrote: > > failing that, I have just had "contributed" > some code that produces an actual "vlan" netgraph node. > You attach it to the ethernet node.. I'm still > reading it to work out what it does.. Is this the "VLAN implemented in Netgraph" thing you were talking about last December, or is it the just glue code? -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: vlan traffic over ipsec tunnel
Luigi Rizzo wrote: > i recently (late february) made some commits that among other > things enabled the native bridging in FreeBSD to work on vlans. > Both on -stable and -current. OK, then I'm out of date. Does this work with ip.fastforwarding? -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: vlan traffic over ipsec tunnel
On Fri, Apr 19, 2002 at 02:01:49PM -0700, Terry Lambert wrote: > Luigi Rizzo wrote: > > i recently (late february) made some commits that among other > > things enabled the native bridging in FreeBSD to work on vlans. > > Both on -stable and -current. > > OK, then I'm out of date. > > Does this work with ip.fastforwarding? well, i don't understand the question given that bridging is below IP and is done within ether_input() -- so technically yes, bridged packets are processed to completion irrespective of the settin of ip.fastforwarding cheers luigi To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: vlan traffic over ipsec tunnel
On Fri, 19 Apr 2002, Terry Lambert wrote: > > Julian's approach would put the vlan's on ng_ether, which > would push through the code that does the bridging. Last > December 20 on -net, he said the caode for a VLAN netgraph > node was being donated by "this French committer" (sorry, I > don't remember the exact words he used; I only scanned the > posting in passing, 4 months ago, when VLAN's weren't > important to me). I have the netgraph vlan code now.. I'm reading it to try understand what it does.. > > -- Terry > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: vlan traffic over ipsec tunnel
apparently, though I am still trying to understand it.. On Fri, 19 Apr 2002, Terry Lambert wrote: > Julian Elischer wrote: > > > > failing that, I have just had "contributed" > > some code that produces an actual "vlan" netgraph node. > > You attach it to the ethernet node.. I'm still > > reading it to work out what it does.. > > Is this the "VLAN implemented in Netgraph" thing you were > talking about last December, or is it the just glue code? > > -- Terry > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: vlan traffic over ipsec tunnel
< said: > I don't know, but it may have problems setting promiscuous mode.. > is there such a thing in vlan mode? Certainly -- but the other VLANs configured on the same interface have to be prepared to appropriately ignore the traffic they receive that isn't addressed to them. -GAWollman To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
pxeboot and realtek 8139
Using 4.5-stable, I can get an Intel fxp0 card to work fine using pxeboot in a diskless configuration, but if I try the onboard RealTek 8139 it hangs when loading the kernel. I tried "BOOTP_WIRED_TO=rl0" but that didnt make a difference. Motherboard is a shuttle fv-24, with builtin RealTek 8139. About the only thing I can configure is the amount of memory for the network boot on the 8139, either 8, 16, 32, 64, or 128 -- changing this makes no difference. I'd rather just use the built-in 8139 so I dont have to buy an Intel card for all these machines... Any suggestions? Thanks, --Lee [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: network traffic analysis with a network switch
On Fri, Apr 19, 2002 at 08:14:54AM -0500, Michael Smith wrote: > Not quite sure how to set this up, or even if it can be setup... > I have a windows box, a FreeBSD box (gateway) and a RH box all > connected to a 100base-T network switch. The FreeBSD box > is then connected to a Cable Modem and a T1 router. > > I have a program on the RH box that can snoop and analyze some of > the network traffic of the windows box, however due to the nature > of network switches, it never sees the traffic. Don't ask about > the analyzer, I'm rather annoyed that it was written specifically > to compile and run only on RH and it's very close Linux relatives. > > Here is a rough visualization of the setup. > >+-+ ++ >| Cable Modem | | T1 | >+-+ ++ >\ / > +-+ > | FreeBSD | > +-+ > | > +--+ > | 100base-T Switch | > +--+ > / | \ > +--+ ++ +--+ > | Windows1 | | RH | | Windows3 | > +--+ ++ +--+ > > What I would like to be able to do is somehow send copies of > network traffic to the RH box without having to move it > between the FreeBSD box and the switch. Is this possible > and if so, how would I go about setting this up? Tell the Windows box that RH's IP is its gateway. Turn on IP forwarding on RH. -- Crist J. Clark | [EMAIL PROTECTED] | [EMAIL PROTECTED] http://people.freebsd.org/~cjc/| [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: ethernet card not recognized
On Fri, Apr 19, 2002 at 11:34:16AM -0700, Vinod wrote: > I had a windows machine with an SMC1211TX ethernet > card.i just installed freebsd 4.5 release on > it,removing windows.but it doesnt seem to recognize > the card at all and there isnt a eth0 or fxp0 > interface recognized.What needs to be done?isnt this > card supported.its a pretty common one,lil old though. I believe you need the rl driver for that card. -- Simon Dick [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
