Re: IPv6 autoconf addresses with changing RAs...

[JINMEI Tatuya / $B?@L@C#:H(B]

> On Sun, 2 Nov 2003 15:03:24 +0100 (CET), 
> Barry Bouwsma <[EMAIL PROTECTED]> said:

> I have one IPv6 machine behind a second, which second machine for
> historical reasons has an IPv6 prefix/address that occasionally changes.
> After this happens, the first host-only machine receives an additional
> autoconf IPv6 address, but it still retains the old (now obsolete) IPv6
> autoconf address it had learned from this same router.  The machines are
> running kernels RELENG_4 from late-September-ish.  Userland varies horribly.

> What I want to happen, is that when the new IPv6 address is autoconf'ed,
> the old one should disappear from the interface.  (I've been too impatient
> to watch if it disappears after time, during which time I cannot reach
> the router's new address or the default route, as the old prefix which
> it had is no longer present thanks to my hacked scripts.  If I manually
> delete the original IPv6 address, it seems that things work.)

Does the following behavior of rtadvd(8) help you?

 Similarly, when an interface direct route is deleted, rtadvd will start
 advertising the prefixes with zero valid and preferred lifetimes to help
 the receiving hosts switch to a new prefix when renumbering.  Note, how-
 ever, that the zero valid lifetime cannot invalidate the autoconfigured
 addresses at a receiving host immediately.  According to the specifica-
 tion, the host will retain the address for a certain period, which will
 typically be two hours.  The zero lifetimes rather intend to make the
 address deprecated, indicating that a new non-deprecated address should
 be used as the source address of a new connection.  This behavior will
 last for two hours.  Then rtadvd will completely remove the prefix from
 the advertising list, and succeeding advertisements will not contain the
 prefix information.

At least rtadvd contained in FreeBSD 4.8R seem to support this
behavior.

JINMEI, Tatuya
Communication Platform Lab.
Corporate R&D Center, Toshiba Corp.
[EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 autoconf addresses with changing RAs...

[JINMEI Tatuya / $B?@L@C#:H(B]

> On Sun, 02 Nov 2003 10:23:22 -0800, 
> "Eugene M. Kim" <[EMAIL PROTECTED]> said:

> One caveat is, though, you can't let rtadvd pick all the prefixes from 
> internal interfaces (i.e. those that don't have rltime#0 specified), 
> because that way rtadvd uses default parameters (maxinterval#30, 
> pltime#86400, vltime#259200) for the prefixes it picked up; this is too 
> long.  Specifying pltime/vltime without an addr directive seems to have 
> no effect (contrary to what the example in rtadvd.conf(5) suggests).  

Please let me check, which example are you talking about?  It is
intentional that specifying pltime/vltime without an addr is NOT
effective.

JINMEI, Tatuya
Communication Platform Lab.
Corporate R&D Center, Toshiba Corp.
[EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 autoconf addresses with changing RAs...

[Eugene M. Kim]

JINMEI Tatuya / çæéå wrote:

On Sun, 02 Nov 2003 10:23:22 -0800, 
"Eugene M. Kim" <[EMAIL PROTECTED]> said:
   

 

One caveat is, though, you can't let rtadvd pick all the prefixes from 
internal interfaces (i.e. those that don't have rltime#0 specified), 
because that way rtadvd uses default parameters (maxinterval#30, 
pltime#86400, vltime#259200) for the prefixes it picked up; this is too 
long.  Specifying pltime/vltime without an addr directive seems to have 
no effect (contrary to what the example in rtadvd.conf(5) suggests).  
   

Please let me check, which example are you talking about?  It is
intentional that specifying pltime/vltime without an addr is NOT
effective.
	JINMEI, Tatuya
	Communication Platform Lab.
	Corporate R&D Center, Toshiba Corp.
	[EMAIL PROTECTED]
 

It's the last paragraph of the EXAMPLES section that says:

The following example presents the default values in an explicit 
manner.
The configuration is provided just for reference purposes; YOU DO NOT
NEED TO HAVE IT AT ALL.

default:\
:chlim#64:raflags#0:rltime#1800:rtime#0:retrans#0:\
:pinfoflags="la":vltime#2592000:pltime#604800:mtu#0:
ef0:\
:addr="3ffe:501::1000::":prefixlen#64:tc=default
From this, it seems *as if* specifying a different pltime and vltime 
would have some effect.  I guess it should be made clear that changing 
those variables without corresponding addr directives won't do anything.

Cheers,
Eugene
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Support for RealTek RTL 8101L chipset?

[Josef Karthauser]

Does anyone know whether we support the Realtek RTL 8101L chipset?
(-stable and/or -current).

Joe
-- 
Josef Karthauser ([EMAIL PROTECTED])   http://www.josef-k.net/
FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/
Physics Particle Theory (student)   http://www.pact.cpes.sussex.ac.uk/
 An eclectic mix of fact and theory. =


pgp0.pgp
Description: PGP signature

Telecom Italia, ADSL SMART & FreeBSD

[Eric Masson]

Hello,

I have to connect a FreeBSD box to adsl in Italia.

Telecom Italia ships an ADSL SMART solution (fixed ip adress)
which is "Classical IP (RFC1483/1577)" compliant.

I've googled to find such a setup but no way atm (I don't speak nor read
italian :/)

Has anyone such a setup working ?

Regards

Eric Masson

-- 
 RECHERCHE DES INGENIEURS DANS Linformatique IMPORTANT !!
 Envoyez moi vos cV
 -+- in Guide du Neuneu sur Usenet : Linformatique pour les nuls -+-
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Telecom Italia, ADSL SMART & FreeBSD

[Eric Masson]

> "Emss" == Eric Masson <[EMAIL PROTECTED]> writes:

[Follow-up to myself]

 Emss> Telecom Italia ships an ADSL SMART solution (fixed ip adress)
 Emss> which is "Classical IP (RFC1483/1577)" compliant.

Dsl modem is DLink DSL300G+

Eric Masson

-- 
 AC: Et je promet qu'elles seront disponibles avant la bouffe de samedi.
 Ol: Tt tt... Tout développeur faisant des promesses sur des dates de
 disponibilité tend le bazooka à clous pour se faire battre. 
 -+- Ol. in Guide du Macounet Pervers : fcsm : fouet.cuir.sado.maso ? -+-
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Help with squid

[Eicke]

Hi folks I configured a FreeBSD Squid24 Server and I receive the following error in my 
access.log
TCP_DENIED/403
I configure only one machine(192.168.5.9) to access the proxy server (ipfw fwd). I 
guess there is something wrong in my squid.conf, in acl definitions...below folowing a 
piece of my squid.conf:

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70  # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow 192.168.5.9 
http_access deny all
icp_access allow all


Could you help me?
Regards.
Eicke.

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Telecom Italia, ADSL SMART & FreeBSD

[Luigi Rizzo]

i have been using telecom italia for the past 2.5 years.
i and most other people use external adsl-ethernet boxes
(typically alcatel and friends) with netgraph/pppoe on
the freebsd side.

On Wed, Nov 05, 2003 at 05:01:22PM +0100, Eric Masson wrote:
> Hello,
> 
> I have to connect a FreeBSD box to adsl in Italia.
> 
> Telecom Italia ships an ADSL SMART solution (fixed ip adress)
> which is "Classical IP (RFC1483/1577)" compliant.
> 
> I've googled to find such a setup but no way atm (I don't speak nor read
> italian :/)

it wouldn't help anyways, the web site or the tech support have
absolutely no clue on the technical details, all they can say
is ask which version of windows you have and please reboot
your pc.

cheers
luigi
> 
> Regards
> 
> Eric Masson
> 
> -- 
>  RECHERCHE DES INGENIEURS DANS Linformatique IMPORTANT !!
>  Envoyez moi vos cV
>  -+- in Guide du Neuneu sur Usenet : Linformatique pour les nuls -+-
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Telecom Italia, ADSL SMART & FreeBSD

[Barney Wolff]

On Wed, Nov 05, 2003 at 05:05:35PM +0100, Eric Masson wrote:
> 
>  Emss> Telecom Italia ships an ADSL SMART solution (fixed ip adress)
>  Emss> which is "Classical IP (RFC1483/1577)" compliant.
> 
> Dsl modem is DLink DSL300G+

D-Link's website seems to have nothing on the above, but does list DSL-302G.
That should be usable from any OS via the Ethernet interface, as they say.
External DSL modems in general hide the RFC1483-ness of the DSL link, and
look like a bridge leading to the ISP's network.  Just set your IP addr and
add a default route to the ISP's router's address (usually .1 on whatever
net you're assigned to).

-- 
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

[no subject]

[Nick Buraglio]

I'm looking for anyone that knows of a bsd project that does something 
similar to to the Linux Layer 7 filter project.  Details found here: 
http://l7-filter.sourceforge.net/  I'm more or less hoping that someone 
has a *BSD project that can classify packets based on application data 
in the connections they belong to.  Is there anything in the works that 
anyone knows of?

nb

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Telecom Italia, ADSL SMART & FreeBSD

[Eric Masson]

> "Luigi" == Luigi Rizzo <[EMAIL PROTECTED]> writes:

Hello,

 Luigi> i have been using telecom italia for the past 2.5 years. i and
 Luigi> most other people use external adsl-ethernet boxes (typically
 Luigi> alcatel and friends) with netgraph/pppoe on the freebsd side.

I use this setup in France too.

When the DLink is configured in pppoe, mpd complains that it can't take
the link up (sorry, I'm not in front of the box, only 1000 kms from it
and can't have access to the logs)

Thanks

Eric Masson

-- 
 c'est qui tous ces gens bizarres ? c'est un cross post involontaire ou
 une invasion extraterrestre ? Y a pas qqun qui est censé faire cesse ce
 genre de c*nneries, genre un moderator ou un truc dans le genre 
 -+- PM in:  - Bien configurer son moderator -+-
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Telecom Italia, ADSL SMART & FreeBSD

[Eric Masson]

> "Barney" == Barney Wolff <[EMAIL PROTECTED]> writes:

 Barney> D-Link's website seems to have nothing on the above,

I've found it only on http://www.DLink.it

 Barney> That should be usable from any OS via the Ethernet interface,
 Barney> as they say. External DSL modems in general hide the
 Barney> RFC1483-ness of the DSL link, and look like a bridge leading to
 Barney> the ISP's network. Just set your IP addr and add a default
 Barney> route to the ISP's router's address (usually .1 on whatever net
 Barney> you're assigned to).

Ok, I'll give this setup a shot.

Thanks

Eric Masson

-- 
 ma reponce tu la sur ton e.mail perso
 pour ne pas poluee ce forum
 (suivi d'une signature de 10 lignes)
 -+-Dx in GNU - Allo, voici un fax pour te rappeler de lire ton Email-+-
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

CARP (Common Address Redundancy Protocol)

[Max Laier]

You might be aware that OpenBSD has introduced a 2-clause BSD-licensed
high availability and load balancing protocol called CARP:
http://marc.theaimsgroup.com/?l=openbsd-misc&m=106642790513590&w=2
http://www.deadly.org/article.php3?sid=20031018101733

I have a working patchset to bring CARP to FreeBSD-Current and would
like to hear you opinon: http://pf4freebsd.love2party.net/carp.html

CARP shows itself as virtual interfaces carpX and works a bit like
vlan interfaces. For comunication between the servers which share a
common address it uses a multicast group.

It supports both IPv4 and IPv6 common addresses and should work on
ETHERNET, FDDI and TOKENRING nets - later two untested, though.

Standing problems:
 - IPv4:
   * Server can't access the common address while MASTER for it.
 OpenBSD has a workaround for this, but we can't add host routes
 with virtual interfaces as gateway, so we need another fix.
 - IPv6:
   * Traffic to the common address on the server is always threated
 locally, even when in BACKUP state.
   * in6_ifattach() will error out - this seems to have no ill
 effects and can easily be fixed by selecting a special if_type
 for CARP interfaces.
 - Locking?!?
 - You tell me!

Tests:
 Very basic tests for IPv4 and IPv6 performed with OpenBSD as a "known
 good" peer. I have very limited test environment at the moment.
 
Code:
 http://pf4freebsd.love2party.net/carp.diff
 Perforce: branch mlaier_carp

-- 
Best regards,
 Max Laiermailto:[EMAIL PROTECTED]

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Disable Bridge Loop Detection?

[Jonathan Feally]

I don't see why do you have 2 FreeBSD Boxes running as bridges. The only 
reason I could possibly imagine, is that you are using IPFW or IPFilter 
to do some packet filtering.

Now with vrrp, each router would have a unique IP and only one of the 
routers would have the shared IP at any given time using the shared vrrp 
mac address.
Your problem lies in Layer 2 packets - where vrrp functions. A 
bridge/switch is a layer 2 device that only passes traffic to the ports 
that need the traffic and nothing more. The vrrp advertisements will be 
from the shared MAC to ff:ff:ff:ff:ff:ff. with the IP src being the 
sending router and the IP dst being a multicast address. Now when the 
change from router 1 to router 2 takes place, router 1 will go back to 
it's original mac and router 2 will get the shared mac and start sending 
advertisements. So now from your picture, Bridge #2 would see that the 
vrrp mac is coming from the other side, thus causing a loop to be detected.

You're best solution is to remove one of the bridges, and add a cheap 
10/100 hub and connect like this:

??   Internet Connection
||
+---+   +---+
|  router #1   ||  router #2  |  Internet Connectivity  Routers 
on .2 and .3 with .1 as the shared IP
+---+   +---+
||
+-+This will solve your bridge seeing a loop 
by putting all vrrp traffic on only 1 side.
|   $10-$15 10/100 Hub|You shouldn't see any major network 
performance hit from using a hub here.
+-+   .The only way you could possibly see a 
network performance hit, would be if you had a huge pipe.
|
 NIC A
|
+--+  
|  FreeBSD Bridge  |   IPFW or IPFilter At this point - FreeBSD box on .4
+--+
 |
NIC B
 |
+-+   ++
|   Switch #1   |-x-|  Switch #2   |   Hosts on the network 
63.208.196.0/25 - Switches on .5 and .6 - if possible
+-+   ++
 |   |   ||   |  ||  |  |  | |   |   |
'''
Workstations and ServersMachines on .10-.126 or whatever

Tim Wilde wrote:

I'm looking for a way to disable the loop detection in the bridging code
in FreeBSD 4.x - I'd prefer a sysctl, but I haven't been able to find one.
Any suggestions for how to do so would be appreciated.
In case anyone's wondering why I'm looking for such a thing, my problem is
with the following topology:
+--+   +--+
| router 1 |   | router 2 |
+--+   +--+
 |  |
63.208.196.1/2563.208.196.2/25
 |  |
+---+  +---+
| FBSD bridge 1 |  | FBSD bridge 2 |
+---+  +---+
 |  |
+--+   +--+
| switch 1 |---| switch 2 |
+--+   +--+
 |  |
 various servers, 63.208.196.0/25
The two routers run VRRP for redundancy, with a shared MAC address.
Occasionally, router2 is failing to receive packets from router1 (for
reasons we're looking into), and decides it should become the master,
taking over the 63.208.196.1 IP with the shared MAC.  Now my two bridges
both see that same MAC address on both of their interfaces, and the loop
detection kicks in.  This cuts out the various links (and they fight back
and forth cutting off - it's not pretty) with the end result of router2
NEVER being able to get the next VRRP packet from router1 (by necessity
they have to communicate for failover across the bridges + switches;
otherwise they wouldn't be able to detect failures internal to that
network).  We have to manually down the interface on router2, let things
calm down on the FreeBSD boxen, and then bring it back up (it starts in
backup mode, and waits at least 30 seconds, plenty of time to hear from
router1, before it will take control again).
Thanks,
Tim
 

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Telecom Italia, ADSL SMART & FreeBSD

[Andrea Venturoli]

** Reply to note from Eric Masson <[EMAIL PROTECTED]> Wed, 05 Nov 2003 17:01:22 +0100


> I have to connect a FreeBSD box to adsl in Italia. 

Sigh. I feel sorry for you :) (just because up to now I've had six customers with this 
ISP).
Anyway I always managed to get through more or less :).



> (I don't speak nor read italian :/) 

Don't worry, you would only find Telecom pages completely useless, if not confusing. 
And don't even thing about
contacting their tech support.



> Telecom Italia ships an ADSL SMART solution (fixed ip adress) 
> which is "Classical IP (RFC1483/1577)" compliant. 
> Has anyone such a setup working ?

Yes, I've presently two FreeBSD machine working, one using PPPoE with an ethernet 
modem and two with a IP-level
router.
In case bridging (as suggested by someone else) doesn't work, try PPPoE (I've always 
seen this type of connection here).

 bye
av.

P.S. Expect some things not to work: it's beyond your control, it's not your setup, 
but ISP's fault.


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 routing (long)

[paul van den bergen]

On Fri, 31 Oct 2003 04:20 pm, Bruce A. Mah wrote:
> If memory serves me right, paul van den bergen wrote:
> > I am attempting to set up some static ipv6 routes on my little network.
> >
> > example:
> >
> > box1 - fec0:0:0:1::1  fec0:0:0:1::2 - box 2 (router) -
> > fec0:0:0:2::1   fec0:0:0:2::2 - box 3
> >
> > I want to reach from box 1 to box 3
> >
> > no route6d or anything... this is a really simple network.
> >
> > sysctl net.inet6.ip6.forwarding=1, net.inet6.ip6.accept_rtadv=0 on box 2
> > (the
> >
> > router)
> > sysctl net.inet6.ip6.forwarding=0, net.inet6.ip6.accept_rtadv=1 on boxes
> > 1 an d
> > 3 (the hosts).
> >
> > route add -inet6 -net fec0:0:0:2:: -prefixlen 64 -host fec0:0:0:1::2
> > on box1
> >
> > box2 can ping6 to box1 and box3 and vise versa.
> >
> > why can't box 1 ping6 box 3? What have I missed?
>
> Did you add a route on box3 so that it can reach box1?  Remember that
> ping6 requires two-way connectivity.


Oh. I just realised that I didn't add a route on box3 to reach box1...
thank you, I shall try that.

nup, didn't help

> You set net.inet6.ip6.accept_rtadv=1 on the end hosts...do you have
> rtadvd running on box2 so that they actually acquire the routes?

um... if I'm setting up static routes (e.g. no routing software oin box 2), 
isn't this pointless? see below...

static routes.

I imagine that if I do;

on box1
route add -inet6 -net fec0:0:0:2:: -prefixlen 64 -host fec0:0:0:1::2

on box3
route add -inet6 -net fec0:0:0:1:: -prefixlen 64 -host fec0:0:0:2::1

and on box 2
sysctl net.inet6.ip6.forwarding=1

I shouldn't need anything else

or rather, should I need something else?

if I do the same experiment but with IPv4, I also do not get connectivity from 
box 1 to box 3, so obviously something is missing...

what am I missing?

additional questions:

what is rtadvd and what role does it play? does it get activated by other 
daemons or is it to be explicitly called by the user?

if I used routing software on box 2, what _else_ would I need to configure?

is there a clash between sysctl settings for net.inet6.ip6.forwarding and 
net.inet6.ip6.accept_rtadvt?

> You haven't really provided enough information to debug the problem. How
> about the output of ifconfig(8) and the routing tables on all three
> machines?
>
> Bruce.

sorry, I should have done that.  partly I didn't really know what was 
relevent... still don't, but here goes...
note:
network between box 1-2 = fec0:0:0:229
network between box 2-3 = fec0:0:0:10

netstat -rn output
box1:
Routing tables
Internet:
DestinationGatewayFlagsRefs  Use  Netif Expire
default136.186.229.1  UGSc2 2073vr0
127.0.0.1  127.0.0.1  UH  2   18lo0
136.186.229/24 link#1 UC  30vr0
136.186.229.1  link#1 UHLW10vr0
136.186.229.26 00:08:74:df:70:3e  UHLW1  147vr0   1108
192.168.2  link#1 UC  10vr0
192.168.2.101  00:40:63:cb:56:e6  UHLW02vr0300
Internet6:
Destination Gateway   Flags  Netif Expire
::/96::1   UGRSc   lo0
::1  ::1   UH  lo0
:::0.0.0.0/96::1   UGRSc   lo0
fe80::/10::1   UGRSc   lo0
fe80::%vr0/64link#1UC  vr0
fe80::240:63ff:fecb:c3d1%vr0   00:40:63:cb:c3:d1 UHL lo0
fe80::%lo0/64  fe80::1%lo0   Uc  lo0
fe80::1%lo0link#8UHL lo0
fec0:0:0:229::  00:40:63:cb:c3:d1 UHL lo0 =>
fec0:0:0:229::/64link#1UC  vr0
fec0::229:240:63ff:fecb:c3d1  00:40:63:cb:c3:d1 UHL lo0
ff01::%vr0/32 link#1UC  vr0
ff01::%lo0/32 ::1   UC  lo0
ff02::/16 ::1   UGRSlo0
ff02::%vr0/32 link#1UC  vr0
ff02::%lo0/32 ::1   UC  lo0

box2:
Routing tables
Internet:
DestinationGatewayFlagsRefs  Use  Netif Expire
127.0.0.1  127.0.0.1  UH  1   18lo0
136.186.229/24 link#1 UC  20vr0
136.186.229.26 00:08:74:df:70:3e  UHLW1 1951vr0   1175
192.168.1  link#10UC  10wi0
192.168.1.104  00:09:7c:85:82:74  UHLW0   36wi0543
192.168.2  link#1 UC  10vr0
192.168.2.103  00:40:63:cb:c3:d1  UHLW 

Connect two LANs over an IPv4 tunnel?

[Walter Hop]

Hi all,

I have a networking problem that I am trying to solve with FreeBSD.

I would like to connect two networks (home and work), so that I can set
up my home workstations in the same subnet as the work LAN. Out of this
/24, I would like to use a /29 at home.

On both LANs I have a FreeBSD box; workbox is 5.1R and homebox is
4-STABLE. Both boxes can reach eachother over the IPv4 internet.

(attempt 1)

The OpenBSD man page mentioned bridge and gif in one sentence, so I was
hoping that setting up a layer 2 bridge would be as easy as configuring a
gif tunnel and bridging over it, but as I feared, gif is no ethernet
device and this did not work:
Nov  6 00:17:04 home /kernel: gif1 is not an ethernet, continue

So that plan is foiled.

(attempt 2)

The gif tunnel worked and the boxes can ping eachother over it, so I
assigned private addresses to the gif endpoints. Then I tried adding some
home IP aliases to the work box's ethernet interface and using forwarding
and "route delete/add" in the hope that packets would be routed to the
gateway in private-space across gif1.

Routing to the home IP's works LOCALLY from workbox, but when other
machines in the work subnet ping a home address, they receive a reply
from the workbox itself.

I do not know of another way to have workbox answer ARP for the home
IP's. (I considered setting the interface in promiscuous mode in the
hopes of having the kernel accept and forward the packet anyway, but the
ethernet is switched so nobody will know where to send it.)


Unfortunately, at work I have no control over the default gateway, so I
cannot set up static routes with workbox as the next-hop.

I am now wondering what I can do to create a setup like this. Is this
even possible, or am I thinking in the wrong direction? Any advice would
be appreciated.

I am not looking for bridging of Ethernet frames per se; I am only
interested in IP packets. Both networks use RFC1918 private addresses.

How would one approach a situation like this? Is there actually a
solution?

Thanks for reading :)
walter

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 routing (long)

[paul van den bergen]

On Thu, 6 Nov 2003 11:48 am, paul van den bergen wrote:
> static routes.
>
> I imagine that if I do;
>
> on box1
> route add -inet6 -net fec0:0:0:2:: -prefixlen 64 -host fec0:0:0:1::2
>
> on box3
> route add -inet6 -net fec0:0:0:1:: -prefixlen 64 -host fec0:0:0:2::1
>
> and on box 2
> sysctl net.inet6.ip6.forwarding=1
>
> I shouldn't need anything else
>
> or rather, should I need something else?
>
> if I do the same experiment but with IPv4, I also do not get connectivity
> from box 1 to box 3, so obviously something is missing...
>
> what am I missing?

I know it is rather Naff replying to your own post, but I tried something and 
wanted to share...

if I set up static routes on the 2 end machines athat are host to host routes, 
the routing works in both ipv4 and ipv6.

if I set up network routes, it does not.

e.g.

on box1:
route add -inet6 -host fec0:0:0:2::2 -host fec0:0:0:1::2
and on box3:
route add -inet6 -host fec0:0:0:1::1 -host fec0:0:0:2::1

ping6 gets me connectivity all hosts on the local netowrk and the specific 
host on the neighbouring network.

so it seems to me that the problem arises with the network address???  perhaps 
a clash with anycast?  still does not explain the ipv4 failure...

question:
the only reason I have an anycast address is to force the ipv6 address 
assignment.

on startup, each interface gets a ipv6 address of the form fe80: (link local) 
etc.

if I want a fec0: address (site local), sometimes doing
ifconfig vr0 inet6 fec0:0:0:10::/64 eui64 alias
works, some times not. Mostly not.

I especially notice failure when configuring from a boot script for pccard 
based cards, e.g. wi0, an0.

if I do an
ifconfig vr0 inet6 fec0:0:0:10::/64 anycast alias
ifconfig vr0 inet6 fec0:0:0:10::/64 eui64 alias
works every time

someone want to enlighten me to a better way?



-- 
Dr Paul van den Bergen
Centre for Advanced Internet Architectures
caia.swin.edu.au
[EMAIL PROTECTED]
IM:bulwynkl2002
"And some run up hill and down dale, knapping the chucky stones 
to pieces wi' hammers, like so many road makers run daft. 
They say it is to see how the world was made."
Sir Walter Scott, St. Ronan's Well 1824 

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 routing (long)

[paul van den bergen]

On Thu, 6 Nov 2003 01:47 pm, paul van den bergen wrote:
>
> I know it is rather Naff replying to your own post, but I tried something
> and wanted to share...

and now super-naff...

I made a mistake...

this only works with route6d running on the central box...

turn route6d off and no ping...

-- 
Dr Paul van den Bergen
Centre for Advanced Internet Architectures
caia.swin.edu.au
[EMAIL PROTECTED]
IM:bulwynkl2002
"And some run up hill and down dale, knapping the chucky stones 
to pieces wi' hammers, like so many road makers run daft. 
They say it is to see how the world was made."
Sir Walter Scott, St. Ronan's Well 1824 

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Port Forwarding

[Craig StJean]

Hello,
If I use my FreeBSD box as a gateway for another machine, how can I enable port 
forwarding on ports 80 and 21 so that if the FreeBSD box has the real IP and someone 
tries to connect to one of those ports the FreeBSD box routes the requests to the 
other machine so I can access my other computers webserver and ftp server?

(The FreeBSD box will be using 5.1-STABLE and the other is Windows 2000 Professional).

Thanks!


Craig StJean
[EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"