Re: two ISP connections, three nics, and a NAT
At 11:06 AM 5/12/2005, you wrote: I have two ISP connections, a DSL line and a Cable Modem line. I want to plug both connections into a FreeBSD box that has three nics in it, one nic for each ISP connection and the last nic for my NAT. How can I bind the connections together without any other sort of router? I setup something similar that may be useful We have a small office with a 12/24ths of a T-1 line for an absurd amount of money as our primary connection. Cheap residential cable service became available with quadruple the bandwidth [incoming only] for cheap. I installed an extra NIC the to cable modem and setup the Squid proxy / cache on a f'bsd box that was already running other services. Then used some Squid options and IPFW to get all Squid's traffic running over the cable line. This gets us faster web and ftp downloads, and off-loads the T-1 for other things. -Wayne ___ I have similar network configuration (dual home ISP without routing protocol enabled), and looking for some solution with BSD robust TCP/IP stack. PF came with this solution; http://www.openbsd.org/faq/pf/pools.html but this solution is based on packet filtering anyway, not routing. You no need to specified your default gateway and you will have problem if you have Squid running on your gateway box or have NAT rule, that translate your host public address into private LAN host address, and (maybe) many more... Meanwhile, my gateway box is Linux-2.4.x with iproute2, and can accomplished this matter. But i really want to change this into *BSD, i heard that guys from OpenBSD work on this (http://www.openbsd.org/plus36.html, Permit multiple default route), but not worked in my test. .. what about FreeBSD ? regards .:NewBie:. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
bpf writes on tun device
Hi
I would like to use the BPF device to write packets on a tun device,
which is bpf type DLT_NULL. I'm aware that the man page (for 4.X and
5.X) says that BPF writes are only supported on Ethernet and SLIP links.
I did notice, though, that the tunoutput function in sys/net/if_tun.c
has some BPF code, and the cvs log says that write support was added
back in revision 1.10 of the if_tun.c code 9 odd years ago.
/* BPF write needs to be handled specially */
if (dst->sa_family == AF_UNSPEC) {
dst->sa_family = *(mtod(m0, int *));
m0->m_len -= sizeof(int);
m0->m_pkthdr.len -= sizeof(int);
m0->m_data += sizeof(int);
}
it expects the BPF writer to supply an integer defining the address
family of the packet embedded in the packet we wish to write.
I can successfully write BPF packets up to 1500 bytes in size (1496 IP
bytes without the address family integer). Writes larger than this
return EMSGSIZE.
I presume this is because of the following code in bpfwrite:
if (datlen > ifp->if_mtu) {
m_freem(m);
return (EMSGSIZE);
}
although I haven't figured out how I manage to write 1514 bytes to an
ethernet (1500 IP bytes + 14 for the ethernet header).
I've got my code at http://www.wand.net.nz/~mjl12/bpf_null_tx.c which
forms an ICMP echo request packet.
This is on a FreeBSD 4.10 machine.
I have two questions:
1. Should I be able to send IP MTU sized packets on tun devices, on any
FreeBSD releases?
2. How come the bpf check against the interface MTU succeeds for
ethernet writes of 1514, despite if->if_mtu seemingly being set to 1500
in if_ethersubr.c?
Thanks
Matthew
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
FreeBSD 5.4 - TCP MD5
Hi, I'm trying to configure a 5.4 box with Quagga to support TCP MD5 Passwords. I've achieved this previously with 4.10, but when I try to add the following kernel options, 5.4 doesn't like it: options FAST_IPSEC options crypto options TCP_MD5 config gives: VENUS: unknown option "TCP_MD5" I have this in /etc/ipsec.conf add 192.168.1.1 192.168.1.2 tcp 0x1000 -A tcp-md5 "[password]"; setkey -f /etc/ipsec.conf gives: pfkey_open: Protocol not supported What is the correct way for enabling TCP MD5 signatures on 5.4? Thanks, Regards, Lee. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD 5.4 - TCP MD5
On Thu, May 26, 2005 at 05:22:47PM +0100, Lee Johnston wrote: > Hi, > > I'm trying to configure a 5.4 box with Quagga to support TCP MD5 Passwords. > I've achieved this previously with 4.10, but when I try to add the > following kernel options, 5.4 doesn't like it: > > options FAST_IPSEC > options crypto > options TCP_MD5 > > config gives: > VENUS: unknown option "TCP_MD5" > > > I have this in /etc/ipsec.conf > > add 192.168.1.1 192.168.1.2 tcp 0x1000 -A tcp-md5 "[password]"; > > setkey -f /etc/ipsec.conf gives: > pfkey_open: Protocol not supported > > > What is the correct way for enabling TCP MD5 signatures on 5.4? When in doubt, check the two NOTES files. Kris pgpgeIGIpVrLY.pgp Description: PGP signature
Re: FreeBSD 5.4 - TCP MD5
Hi Kris, Thanks for your reply.. I've checked /usr/src/sys/i386/conf/NOTES but can't see any mention of the options anymore.. Any other ideas? Regards, Lee. At 17:27 26/05/2005, Kris Kennaway wrote: On Thu, May 26, 2005 at 05:22:47PM +0100, Lee Johnston wrote: > Hi, > > I'm trying to configure a 5.4 box with Quagga to support TCP MD5 Passwords. > I've achieved this previously with 4.10, but when I try to add the > following kernel options, 5.4 doesn't like it: > > options FAST_IPSEC > options crypto > options TCP_MD5 > > config gives: > VENUS: unknown option "TCP_MD5" > > > I have this in /etc/ipsec.conf > > add 192.168.1.1 192.168.1.2 tcp 0x1000 -A tcp-md5 "[password]"; > > setkey -f /etc/ipsec.conf gives: > pfkey_open: Protocol not supported > > > What is the correct way for enabling TCP MD5 signatures on 5.4? When in doubt, check the two NOTES files. Kris -- Lee @ Wildcard Internet t: (0845) 165 1510 f: (0845) 165 1511 m: (07795) 423 617 e: [EMAIL PROTECTED] Web Development - Domains - Hosting - Co-location - Dedicated Servers ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
mping
Hi all, I would like to use mping under FreeBSD 5.3. mping seems to be installed in /kame directory but it doesn't work. Do you know why? Or do you know where i can find a version of mping? Thanks, Olivier _ Découvrez le nouveau Yahoo! Mail : 1 Go d'espace de stockage pour vos mails, photos et vidéos ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD 5.4 - TCP MD5
> >When in doubt, check the two NOTES files. > Thanks for your reply.. I've checked /usr/src/sys/i386/conf/NOTES but can't > see any mention of the options anymore.. Any other ideas? /usr/src/sys/conf/NOTES ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
question
Hello , I'm working with netgraph and I'm writting a program to capture information that come to and leave the xl0 interface of my machine. And at each time I'm connecting the ethernet node to a socket node (the upper and the lower). The first iteration of my boucle is running well but for the others it don't accept to connect and it prints to me this message: file exists I can't understand what is the problem and I'm blocked. I need help, Thanks cheers, Samiha, [EMAIL PROTECTED] - Découvrez le nouveau Yahoo! Mail : 1 Go d'espace de stockage pour vos mails, photos et vidéos ! Créez votre Yahoo! Mail ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD 5.4 - TCP MD5
On 05/26/05 11:32, Lee Johnston wrote: At 17:27 26/05/2005, Kris Kennaway wrote: On Thu, May 26, 2005 at 05:22:47PM +0100, Lee Johnston wrote: > Hi, > > I'm trying to configure a 5.4 box with Quagga to support TCP MD5 Passwords. > I've achieved this previously with 4.10, but when I try to add the > following kernel options, 5.4 doesn't like it: > > options FAST_IPSEC > options crypto > options TCP_MD5 > > config gives: > VENUS: unknown option "TCP_MD5" > > > I have this in /etc/ipsec.conf > > add 192.168.1.1 192.168.1.2 tcp 0x1000 -A tcp-md5 "[password]"; > > setkey -f /etc/ipsec.conf gives: > pfkey_open: Protocol not supported > > > What is the correct way for enabling TCP MD5 signatures on 5.4? When in doubt, check the two NOTES files. Thanks for your reply.. I've checked /usr/src/sys/i386/conf/NOTES but can't see any mention of the options anymore.. Any other ideas? So that was one of the NOTES files, what about the other? Kris said to check the *two* NOTES files... $ grep MD5 /sys/i386/conf/NOTES /sys/conf/NOTES /sys/conf/NOTES:# TCP_SIGNATURE adds support for RFC 2385 (TCP-MD5) digests. These are /sys/conf/NOTES:# This is enabled on a per-socket basis using the TCP_MD5SIG socket option. -- Jonathan Noack | [EMAIL PROTECTED] | OpenPGP: 0x991D8195 signature.asc Description: OpenPGP digital signature
Re: FreeBSD 5.4 - TCP MD5
Wasn't aware that file existed sorry. For future reference if anyone else should need to get TCP MD5 Signatures working on 5.x with Quagga the correct kernel lines are: options TCP_SIGNATURE device crypto options FAST_IPSEC Regards, Lee. So that was one of the NOTES files, what about the other? Kris said to check the *two* NOTES files... $ grep MD5 /sys/i386/conf/NOTES /sys/conf/NOTES /sys/conf/NOTES:# TCP_SIGNATURE adds support for RFC 2385 (TCP-MD5) digests. These are /sys/conf/NOTES:# This is enabled on a per-socket basis using the TCP_MD5SIG socket option. -- Jonathan Noack | [EMAIL PROTECTED] | OpenPGP: 0x991D8195 -- Lee @ Wildcard Internet t: (0845) 165 1510 f: (0845) 165 1511 m: (07795) 423 617 e: [EMAIL PROTECTED] Web Development - Domains - Hosting - Co-location - Dedicated Servers ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Pseudo-device driver & select ??
Hi all, I am trying to implement a small kld pseudo-device driver on FreeBSD 5.3 that behaves just like a socket with regards to the select system call. Currently, I am using the sample echo pseudo-device driver from http://www.freebsd.org/doc/en_US.ISO8859-1/books/arch-handbook/driverbasics-char.html as an example. However, whenever I call select on the file descriptor of "/dev/echo" it always returns even when there is no data to be read. I looked at the socket code and it looks like I need to provide my own "fo_select" function in the fileops data structure. Am i right ? How do I do that ? The sample echo pseudo-device driver above uses "struct cdevsw" instead... Thanks -aziz ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pppd pty equivilent in FBSD
what's on the other end? Rob Zietlow wrote: On Monday 23 May 2005 08:18 am, Tim Pushor wrote: hmm, Thanks for the response, Tim. I wouldn't personally recommend vpn over ssh for anyone either, but i'm kind of stuck with it. I'm the sole bsd user at my company, and the ppp over ssh was implemented years before I came and has worked fine for them. They're not really willing to change it at the moment and it's on a system I have zero control over within our organization. If I had the option to set this up like you have below it would have been put in place a long while ago. Tim, I thank you for your scripts and time. " ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pppd pty equivilent in FBSD
Tim Pushor wrote: Rob, I had a cursory look through your scripts, and seems like you handle most of the logic. I don't know anything about pppd for Linux (is it based on the same code?). I let pppd manage retries & setting routes. It will also drop and dry to reconnect if either side can't talk to the other (via lqr). It looks simple, but with rsa only authentication on the sshd, it has proven to be solid and reasonably secure. I think there may be a possibility that you could use mpd. it has a lot of flexibility about what it can tunnel over. even more if yuo include the ability to use netgraph as a tunnelling front end which makes teh options almost unlimitted. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pppd pty equivilent in FBSD
On Thursday 26 May 2005 05:10 pm, Julian Elischer wrote: > what's on the other end? My apologies, I only responded to Nikos. His suggestion of upgrading to the newer pppd23 worked. And I've now had the joyous task of rolling it out onto a couple machines. I did figure Julian would know :-) The other end is a RH box, I'm not sure of the specifics right now. But it's up and running and I can access the network. Thank you everyone for all of your help. Rob > Rob Zietlow wrote: > >On Monday 23 May 2005 08:18 am, Tim Pushor wrote: > > > >hmm, Thanks for the response, Tim. > > > >I wouldn't personally recommend vpn over ssh for anyone either, but i'm > > kind of stuck with it. I'm the sole bsd user at my company, and the ppp > > over ssh was implemented years before I came and has worked fine for > > them. They're not really willing to change it at the moment and it's on > > a system I have zero control over within our organization. > > > >If I had the option to set this up like you have below it would have been > > put in place a long while ago. Tim, I thank you for your scripts and > > time. > > > > > > > >" > > ___ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: SIOCGIFMEDIA problems
Sebastien Petit writes: | Hi -net hackers, | | A little question about SIOCGIFMEDIA ioctl: | Somebody reports me that some interfaces (bge / em but anothers perhaps) | seem to discard packet(s) during SIOCGIFMEDIA ioctl, Is it true and why ? Doing status checks will cause input/output errors to be reported. I assume that means those packets are lost. Doug A. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Pseudo-device driver & select ??
>
> Aziz Kezzou wrote:
> > Hi all,
> > I am trying to implement a small kld pseudo-device driver on FreeBSD 5.3
> > that
> > behaves just like a socket with regards to the select system call.
> >
> > Currently, I am using the sample echo pseudo-device driver from
> > http://www.freebsd.org/doc/en_US.ISO8859-1/books/arch-handbook/driverbasics-char.html
> > as an example. However, whenever I call select on the file
> > descriptor of "/dev/echo" it always returns even when there is no data
> > to be read.
> >
> > I looked at the socket code and it looks like I need to provide my own
> > "fo_select" function in the fileops data structure. Am i right ? How
> > do I do that ? The sample echo pseudo-device driver above uses
> > "struct cdevsw" instead...
> >
> > Thanks
> > -aziz
> > ___
> > freebsd-net@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-net
> > To unsubscribe, send any mail to "[EMAIL PROTECTED]"
> >
> >
> look at spec_poll()
> I beleive that when your device is opened the fileops{} will
> point to the spec ops and you're code will be entered via
> spec_poll() - now you just need to implement the poll/select notion
> for your device.
>
Thanks,
Actually, il turned out to be very simple.
I needed only to provide a "d_poll" function as part of the structure
cdevsw, as follows :
/* Character device entry points */
static struct cdevsw echo_cdevsw = {
.d_version = D_VERSION,
.d_open = echo_open,
.d_close = echo_close,
.d_read = echo_read,
.d_write = echo_write,
.d_poll = echo_poll,
.d_name = "echo",
};
with echo_poll :
static int
echo_poll(struct cdev *dev, int events, struct thread *td)
{
uprintf( "echo_poll called : data_available = %d!\n", data_available );
if(data_available == 0)
return 0;
data_available = 0;
return 1;
}
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Pseudo-device driver & select ??
> >
> > Aziz Kezzou wrote:
> > > Hi all,
> > > I am trying to implement a small kld pseudo-device driver on FreeBSD 5.3
> > > that
> > > behaves just like a socket with regards to the select system call.
> > >
> > > Currently, I am using the sample echo pseudo-device driver from
> > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/arch-handbook/driverbasics-char.html
> > > as an example. However, whenever I call select on the file
> > > descriptor of "/dev/echo" it always returns even when there is no data
> > > to be read.
> > >
> > > I looked at the socket code and it looks like I need to provide my own
> > > "fo_select" function in the fileops data structure. Am i right ? How
> > > do I do that ? The sample echo pseudo-device driver above uses
> > > "struct cdevsw" instead...
> > >
> > > Thanks
> > > -aziz
> > > ___
> > > freebsd-net@freebsd.org mailing list
> > > http://lists.freebsd.org/mailman/listinfo/freebsd-net
> > > To unsubscribe, send any mail to "[EMAIL PROTECTED]"
> > >
> > >
> > look at spec_poll()
> > I beleive that when your device is opened the fileops{} will
> > point to the spec ops and you're code will be entered via
> > spec_poll() - now you just need to implement the poll/select notion
> > for your device.
> >
>
> Thanks,
> Actually, il turned out to be very simple.
> I needed only to provide a "d_poll" function as part of the structure
> cdevsw, as follows :
>
> /* Character device entry points */
> static struct cdevsw echo_cdevsw = {
> .d_version = D_VERSION,
> .d_open = echo_open,
> .d_close = echo_close,
> .d_read = echo_read,
> .d_write = echo_write,
> .d_poll = echo_poll,
> .d_name = "echo",
> };
>
> with echo_poll :
> static int
> echo_poll(struct cdev *dev, int events, struct thread *td)
> {
>
> uprintf( "echo_poll called : data_available = %d!\n", data_available );
> if(data_available == 0)
> return 0;
> data_available = 0;
> return 1;
> }
>
Now the question is, if I don't have any data available when select
(i.e d_poll ) is called, how do I notify select when data arrives ?
looks like "d_poll" is called only once (the name is a bit misleading
here ;-) , isn't it ?
Any hints ?
Thanks.
-aziz
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
