Re: ipfw divert with layer2 (if_bridge) packets
hi, i have a question about these similar problems with bridging. i use if_bridge on a FreeBSD 6.1 Box. ipfw doesn't support fwd rules via bridge. So that i had to use pf for transparent proxying. but pf doesnt work like fwd. pf makes nat (rdr) on packets, so that proxy software can't find the original destination address. Once up on a time, someone wrote a patch for FreeBSD 4.x, to make fwd action work with Bridge. What about if_bridge? does that patch works on FreeBSD 6.X? If not, can it be ported to 6.x? i think fwd action likes abit to divert action. If divert action works, i think fwd could be work. what you think about this subject? yours sincerely Ozkan KIRIK Luigi Rizzo yazmış: On Wed, May 10, 2006 at 10:07:10AM +0400, Andrey V. Elsukov wrote: Julian Elischer wrote: I have changes that make it work in 4.x but they will not apply to 5.x or later.. Luigi also has some changes that allow it.. I can try porting an older patches which allow this. Is there a chance for including this feature into base system? sorry if i missed the earlier part of the thread... the earlier patches i posted (for 4.x) had a race problem because L2 packets would be processed with the wrong spl mask leading to possible corruption in the socket buffer. A fix for that involves sending divert packets to the ipintrq so they could be reprocessed with the correct masks. Probably 6.x does not have the same problem as the locking there is different. So in that case it might just be a case of adapting the patch to compile. cheers luigi ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: vrf support in FreeBSD
Ray Mihm wrote: Point taken about the globals but layer 3 (IP) and layer 4 (TCP, UDP, etc) aren't modules yet and that shouldn't be a problem right? I'm not trying to trivialize or solve the problem here. But my point is, these shouldn't be show-stoppers when you consider the benefit of having this feature in FreeBSD. They WILL be modules. At least we'd LIKE them to become modules. Hopefully eventually almost everything will be a module. Regards, Ray. On 5/9/06, Julian Elischer <[EMAIL PROTECTED]> wrote: Ray Mihm wrote: > Using ipfw tables is essentially a non-starter, IMHO. How would > routing protocols use ipfw based tables, for example? Marko's work > touches a lot of files, but I don't think it's heavy weight. > > I also think using Marko's idea and Jails would allow create the > notion of a logical system and multiple such logical systems may be > configured on a single FreeBSD system. > > Regards, > > Ray. Don't get me wrong.. I very much like vimage, and it is a great pitty that it (in the form it is in now) is basically incompatible in concept with freeBSD 5+ (where most things are modules)(*). I've even done some small work on prototyping how one MIGHT be able to make it happen, but for what I want (just be able to have some packets use an alternative routing table), having ipfw fwd them according to a table does just fine. (*) The problem is that moving all globals to a structure only works if you know what globals are linked in. If you load a module, you need to expand the structure. This is problematic to say the least. The same problem has been solved with Thread-local-storage using hooks in the compiler and linker but I don't think we can do that in the kernel. (at least not easily). ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: vrf support in FreeBSD
On Wednesday 10 May 2006 01:16, Julian Elischer wrote: > Ray Mihm wrote: > > Using ipfw tables is essentially a non-starter, IMHO. How would > > routing protocols use ipfw based tables, for example? Marko's work > > touches a lot of files, but I don't think it's heavy weight. > > > > I also think using Marko's idea and Jails would allow create the > > notion of a logical system and multiple such logical systems may be > > configured on a single FreeBSD system. > > > > Regards, > > > > Ray. > > Don't get me wrong.. I very much like vimage, and it is a great pitty > that it > (in the form it is in now) > is basically incompatible in concept with freeBSD 5+ (where most things > are modules)(*). > > I've even done some small work on prototyping how one MIGHT be able to > make it happen, but for what I want (just be able to have some packets use > an alternative routing table), having ipfw fwd them according to a table > does just fine. > Could we eventually add a per-process routing table tag inherited by child? Suggested earlier in this thread, it looks like not that hard to be done temporary solution. With some simple management utility (change routing tag, show routing tag for a given process) it could serve many useful purposes. I do like ipfw solution as well, but this one is conceptually much simpler, at least in my somewhat biased and vimage-influenced eyes. Regards, Milan -- Please reply to maling list only. I read it regularly. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: vrf support in FreeBSD
On Wednesday 10 May 2006 03:49, Edward B. DREGER wrote:
> MO> Date: Tue, 9 May 2006 14:39:25 +0200
> MO> From: Milan Obuch
>
> MO> > JE> how do you want to select which table should be used?
> MO> > Ingress interface.
> MO>
> MO> Sounds reasonable, one important point missing - packets locally
> MO> originated/'destinated'.
> MO> Other than that, fully acceptable.
>
> IMNSHO, I'd rather have a { default | manually-specified } table for
> locally-sourced packets.
>
My point is I need two processes, say apache, running with two different
routing tables (typically only default route in there, but this does not
conceptually matters). That's whole point why I was using Marko's vimages
for. (With more processes, but this does not matter here)
Regards,
Milan
--
Please reply to maling list only. I read it regularly.
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
[patch] ipfw packet tagging
Hi, All! I have written a small patch for a packets tagging with ipfw. The description of OpenBSD packet tagging is here: http://www.openbsd.org/faq/pf/tagging.html An IPFW tags is not compatible with PF tags. This feature can be usable with some netgraph modules. We can create a netgraph node that marks packets with some tags and use this node with other nodes. IPFW can detect and filter packets with tags. Also we can mark packets before NAT and detect tagged packets after translation. NAT based on divert sockets do not allow this, but i think ng_nat can.. Patches can be found here: http://butcher.heavennet.ru/patches/kernel/ipfw_tags/ -- WBR, Andrey V. Elsukov ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
How do i send mail to certain domain users over external smtp using sendmail?
hi, i just dont see any options to make it work "| /usr/sbin/sendmail -Ac -t" works fine but "| /usr/sbin/sendmail -O ConnectOnlyTo=smtp.external.co... -Ac -t" just wont work: WARNING: RunAsUser for MSP ignored, check group ids (egid=10103, want=25) can not chdir(/var/spool/clientmqueue/... Permission denied Program mode requires special privileges, e.g., root or TrustedUser. 554 5.3.5 Local configuration error I dont want to set up trusted users. Any work-around available? thanks - Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How do i send mail to certain domain users over external smtp using sendmail?
Nash Nipples wrote: hi, i just dont see any options to make it work "| /usr/sbin/sendmail -Ac -t" works fine but "| /usr/sbin/sendmail -O ConnectOnlyTo=smtp.external.co... -Ac -t" just wont work: WARNING: RunAsUser for MSP ignored, check group ids (egid=10103, want=25) can not chdir(/var/spool/clientmqueue/... Permission denied Program mode requires special privileges, e.g., root or TrustedUser. 554 5.3.5 Local configuration error I dont want to set up trusted users. Any work-around available? thanks - Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]" Hi, To clarify for myself, are you asking: given domains abc.com, foo.com, bar.com , and anotherdomain.com how to use your local SMTP to send mail to abc.com and foo.com but use an external SMTP to send mail to bar.com and anotherdomain.com? If so, then you can use the SMART_HOST define and the confCW_FILE define in your /etc/mail/sendmail.mc file and put hosts you want processed via local SMTP in the file defined in confCW_FILE define. If you just have one domain you want handled locally then you might also just put an entry like Cwfoo.com in /etc/mailsendmail.cf. Your file names may vary depending upon you configuration. Hope this helps. Sincerely, Duane Whitty -- [EMAIL PROTECTED] ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: kern/93220: [inet6] nd6_lookup: failed to add route for a neighbor
Synopsis: [inet6] nd6_lookup: failed to add route for a neighbor State-Changed-From-To: feedback->analyzed State-Changed-By: arved State-Changed-When: Wed May 10 17:00:57 UTC 2006 State-Changed-Why: Ed Schouten proposed a patch, http://lists.freebsd.org/pipermail/freebsd-net/2006-May/010540.html http://www.freebsd.org/cgi/query-pr.cgi?pr=93220 ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
