Re: Next-hop based on source address (IPv6)
On Monday 28 July 2003 07:17, Andy Gilligan wrote: > Hi, > > I have three IPv6 /48 networks connected to a FreeBSD 4.8 router, and I > allocate /64 tunnels from each network to client machines. > > Is there any way I can specify the next-hop or outbound interface to use > on the router based on the source address of the client? > > I initially thought of 'ipfw fwd', but ip6fw doesn't seem to have this > ability. > > Any thoughts? > Hello Andy: I wanted to do something similar and when I realized that ip6fw didn't have such option, I asked for it on the Kame mailing list, but they answered me that they didn't see it as a feature demanded by the community so they didn't have any plan to implement it on the short term. (Anyway I think it shouldn't be hard to add such feature, but I'm a bit lazy :) You can ask for it on Kame mailing-list again (because I ask for it a long time ago and it may have been already implemented, I don't know). Also I think that there are implementations of something called "source base routing", but I don't have experience with that. Cheers. > Best regards, > -Andy > > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "[EMAIL PROTECTED]" -- JFRH ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: NAT and PPTP
On Wed, Jul 23, 2003 at 11:37:57PM +0300, Ruslan Ermilov wrote: R> I pretty much agree. Attached are my configuration files R> for mpd/pptp; please let me know (Julian) how this could R> be enhanced to serve more PPTP clients simultaneously R> (with different IP addresses). I'd appreciate it. You can use RADIUS for assigning IP addresses to clients. However, if you want to serve more clients, you still have to add more bundles in your configuration file. I used a shell script for generating mpd.conf and mpd.links for 200 clients. I tried to hack mpd, to make it allocate bundles dynamically, but did not succeded. You can search mail archives, Subj is "mpd in dynamic". -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: NAT and PPTP
On Wed, Jul 23, 2003 at 07:27:38PM -0600, Brett Glass wrote: B> I haven't gotten any hopes up, but it would be nice. It seems as B> if the only alternatives are to un-GNU PoPToP (which requires B> a clean room team; possible but not easy) or to create a FreeBSD B> pptpd that is analogous to pppoed. This would use your work, Archie, IMHO, this is not good idea. Currently I'm running two different types of access points: 1) PPPoE concentrators: pppoed + ppp 2) PPTP server: mpd with huge mpd.conf and mpd.links As I remember, Brett said that mpd allocates a number of nodes for each connection in kernel memory. That's right. But in case of pppoed+ppp or imaginary pptpd+ppp you will have a user-level process and ng_socket for each connection. Not shure that it will take less memory. But it will do a lot of context switching. On my own experience it looks like PPTP (no comperssion, no encryption) access point with mpd is more robust than PPPoE one with pppoed+ppp. Currently I'm planning to look into Alexandr Motin's patches giving PPPoE server support for mpd. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Next-hop based on source address (IPv6) [solved]
On Mon, Jul 28, 2003 at 10:03:53AM BST, Juan Rodriguez Hervella wrote: > On Monday 28 July 2003 07:17, Andy Gilligan wrote: > > Hi, > > > > I have three IPv6 /48 networks connected to a FreeBSD 4.8 router, and I > > allocate /64 tunnels from each network to client machines. > > > > Is there any way I can specify the next-hop or outbound interface to use > > on the router based on the source address of the client? > > > > I initially thought of 'ipfw fwd', but ip6fw doesn't seem to have this > > ability. > > > > Any thoughts? > > > > Hello Andy: > > I wanted to do something similar and when I realized that ip6fw didn't have > such option, I asked for it on the Kame mailing list, but they answered me > that they didn't see it as a feature demanded by the community so they > didn't have any plan to implement it on the short term. > (Anyway I think it shouldn't be hard to add such feature, > but I'm a bit lazy :) > > You can ask for it on Kame mailing-list again (because I ask for it a long > time ago and it may have been already implemented, I don't know). Also I > think that there are implementations of something called "source base > routing", but I don't have experience with that. Well, I got it working eventually, after a bit of tinkering with ipf... I must admit, I completely forgot about ipf's 'fastroute' abilities, especially with regard to IPv6 :) --- Summary --- Three tunnels: (fictional ip addrs) gif0 : 2001:111:111::/48 : gw=2001:1000::1 gif1 : 2001:222:222::/48 : gw=2001:2000::1 gif2 : 2001:333:333::/48 : gw=2001:3000::1 The default route is via gif0 (fe80::%gif0) My ipf6.rules: pass in on gif0 to gif1:2001:2000::1 from 2001:222:222::/48 to any pass in on gif0 to gif2:2001:3000::1 from 2001:333:333::/48 to any So far, I haven't noticed any WeirdStuff(tm) happening, so things look promising - all packets leave via the right interface :) Comments welcome if this looks like it may cause problems :) Best regards, -Andy ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Next-hop based on source address (IPv6) [solved]
On Mon, Jul 28, 2003 at 12:48:06PM BST, Andy Gilligan wrote: > pass in on gif0 to gif1:2001:2000::1 from 2001:222:222::/48 to any > pass in on gif0 to gif2:2001:3000::1 from 2001:333:333::/48 to any ^^^ That should of course read 'pass out' :) -Andy ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Current problem reports assigned to you
Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description --- o [2002/05/04] kern/37761 net process exits but socket is still ESTABLI 1 problem total. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: net/1 - net/2 - net/3
On Tuesday 22 July 2003 11:14, Van Vinh Vo wrote: > what is net/1 ? net/2 ? net/3, > what is the current net now ? 1) These questions are NOT suitable for the -net mailing list, which is for discussing development of networking stacks in FreeBSD. If you must ask this sort of drivel, please do so on -chat, which was made for drivel. 2) net/2 and net/3 were code distributions from UC Berkeley. Your favorite UNIX history site will provide you with any details you want. Some of them might even be accurate. -- "Where am I, and what am I doing in this handbasket?" Wes Peters [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RTF_CLONING vs RTF_PRCLONING
I do not understand the purpose of the flag PRCLONING. What is it for ? man rtalloc: RTF_PRCLONING routes are assumed to be managed by the protocol family and no resolution requests are made, but all routes generated by the cloning process retain a reference to the route from which they were generated. I agree, then... Isn't it already the purpose of RTF_CLONING ? When should RTF_PRCLONIG be set ? Thanks, Vincent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RTF_CLONING vs RTF_PRCLONING
< said: > I agree, then... Isn't it already the purpose of RTF_CLONING ? > When should RTF_PRCLONIG be set ? RTF_PRCLONING is set automatically by the protocol to cause host routes to be generated on every unique lookup. RTF_CLONING is set when the route is added (either manually, or automatically for interface routes) to indicate that a more specific route (possibly a host route) needs to be generated on every unique lookup. RTF_XRESOLVE is set when the target of the newly cloned route is not known by the kernel and must be set up by a user process. I'm not sure if anything ever used this, although I guess it could be used to implement ISIS. -GAWollman ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: RTF_CLONING vs RTF_PRCLONING
On Mon, Jul 28, 2003 at 11:45:28PM +0200, Vincent Jardin wrote: > I do not understand the purpose of the flag PRCLONING. What is it for ? Compare the output of netstat -rn with netstat -rna, to see the difference between a cloned and a protocol-cloned route. BMS ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: RTF_CLONING vs RTF_PRCLONING
On Mon, Jul 28, 2003 at 05:51:28PM -0400, Garrett Wollman wrote: > RTF_XRESOLVE is set when the target of the newly cloned route is not > known by the kernel and must be set up by a user process. I'm not > sure if anything ever used this, although I guess it could be used to > implement ISIS. I have a hack in the works to support on-demand routing in a userland daemon which will actually make use of this. BMS ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: 10Ge drivers?
Yeah, you'd hope so huh. When I asked them I got a "we can neither confirm nor deny that we may someday release drivers" reply. I took that to mean that yeah, someday we may see them - but don't hold your breath. Oh well, I guess I'll stress it more once I actually get one in to mess with. > > Is anyone working on a driver for the Intel 10Ge card (I think they're > > the only one actually shipping...)? I was looking to give one a try on > > something other than linux :) > > > Since intel provided the 1Ge driver, I would suspect them to come up with > the 10Ge one. The 10Ge part does not seem to have too much new stuff > compared to the more advanced em parts. > > Pete > -- >-=-=-=-=-=-=-<>-=-=-=-=-=-<>-=-=-=-=-=-<>-=-=-=-=-=-<>-=-=-=-=-=-=-< Ryan Mooney [EMAIL PROTECTED] <-=-=-=-=-=-=-><-=-=-=-=-=-><-=-=-=-=-=-><-=-=-=-=-=-><-=-=-=-=-=-=-> ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Differences between netgraph nodes in 4.x and 5.x
As the subject says, i developed a netgraph node (it's classifier node) using a 5.x box but tonight, i had a bad surprise: it seems the netgraph implemntation in 4.x and 5.x are different, so now. Could someone shed some light on the differences, please? Thanks. -- Paolo GUFI: http://www.gufi.org ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Setting up a NAT Router that will route between 3 networks
I was wondering how to modify the appropriate files to setup a FreeBSD computer to act as a NAT Router, that would do the following: One NIC card is connected to a private network, with an IP address of 192.168.0.50. This will act as the gateway to all the computers in the technology center, to connect to the internet (Nic Card 2, Provided by Cox) and to the SDSU connection (Nic Card 3). We need the NAT Router to act as follows: 1) When computers of the private network access the general internet, we need the NAT to translate to the Cox.Net IP, except for all addresses beginning with 130.191.X.X or 146.244.X.X, or all traffic on port 1214 (KaZaa), which we need to go the SDSU Connection. 2) When the IP Address the data is going to begins with 146.244.X.X or 130.191.X.X, or any IP address using port 1214, we need the data to route through the SDSU IP Address. NIC Card Info: Nic Card 1 (Private Network): IP: 192.168.0.1 Subnet: 255.255.255.0 Gateway: 192.168.0.1 DNS: 192.168.0.2 Nic Card 2 (Cox Network): IP: 68.15.25.98 Subnet: 255.255.252.0 Gateway: 68.15.25.65 DNS: 209.242.128.107 DNS2: 209.242.128.101 NIC Card 3 (SDSU TNS Network): IP: 130.191.73.13 Subnet: 255.255.255.0 Gateway: 130.191.73.254 DNS: 130.191.1.1 DNS2: 130.191.200.1 If someone could give us step-by-step instructions to configure this, it would be appreciated. Stephen mail2web - Check your email from the web at http://mail2web.com/ . ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Differences between netgraph nodes in 4.x and 5.x
Netgraph in 5.0 had to be alterred to support SMP locking. at teh same time some 'simplificatiosn were made, however changing a driver from one, to work witht he orther is relatively simple.. Major changes: Instead of passing separate message and o-o-band data, both are attached to a single 'item' which is passed. You need to keep track of, and free if neccesary, the 'item'. You can extract the message and oob data from the 'item' simply, using the macro's supplied.. In 4.x the functions take teh message and oob data separatly as arguments. Ther eis no "item" so you don't need tr keep track of it. In 5.x you can send a control message to whoever is on the other end of a link. In 4.x you need to get the address and send it there. If you want to send me the node you have writen I can make the diffs and send it back :-) The init functions have very subtly changed Instead of your init routine calling teh common code, it is called by teh framework first so that it is already called bty teh time your code is called. Examine the two "ng_sample.c" source files and examine the differences.. On Tue, 29 Jul 2003, Paolo Pisati wrote: > > As the subject says, > i developed a netgraph node (it's classifier node) > using a 5.x box but tonight, i had a bad > surprise: > > it seems the netgraph implemntation in 4.x and 5.x > are different, so now. > > Could someone shed some light on the differences, please? > > Thanks. > > -- > > Paolo > > GUFI: http://www.gufi.org > > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Setting up a NAT Router that will route between 3 networks
On Mon, Jul 28, 2003 at 06:14:29PM -0400, [EMAIL PROTECTED] wrote: > I was wondering how to modify the appropriate files to setup a FreeBSD > computer to act as a NAT Router, that would do the following: > Check the natd(8) man page, it should give you a good start. Chapter 19.12 in the handbook might be helpful as well. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: RTF_CLONING vs RTF_PRCLONING
On Mon, Jul 28, 2003 at 05:51:28PM -0400, Garrett Wollman wrote: > < said: > > > I agree, then... Isn't it already the purpose of RTF_CLONING ? > > When should RTF_PRCLONIG be set ? > > RTF_PRCLONING is set automatically by the protocol to cause host > routes to be generated on every unique lookup. > > RTF_CLONING is set when the route is added (either manually, or > automatically for interface routes) to indicate that a more specific > route (possibly a host route) needs to be generated on every unique > lookup. > Yes, RTF_CLONING routes also accept the netmask (RTA_GENMASK). I don't remember if it also applies to RTF_PRCLONING routes, but I suspect so. Cheers, -- Ruslan Ermilov Sysadmin and DBA, [EMAIL PROTECTED] Sunbay Software Ltd, [EMAIL PROTECTED] FreeBSD committer pgp0.pgp Description: PGP signature
