Re: Use of network_interfaces in rc.conf
14.03.2012 13:19, hiren panchasara пишет: > Thanks Chuck for getting back. I have a question inlined: > > On Tue, Mar 13, 2012 at 10:32 PM, Chuck Swiger wrote: > >> On Mar 13, 2012, at 10:18 PM, hiren panchasara wrote: What difference does it make when I have each (separately) in my >> rc.conf: 1) no network_interfaces at all 2) network_interfaces="AUTO" >> >> These two are the same. >> > Okay. So, if my system has 4 interfaces: em0, iwn0, fwp0, wlan0 > > Does the above mean following? > > ifconfig_em0="AUTO" > ifconfig_iwn0="AUTO" > ifconfig_fwp0="AUTO" > ifconfig_wlan0="AUTO" No. network_interfaces is basically historic rudiment used in 2.2.x FreeBSD version and alike. In general, you should not use it in modern version at all. Eugene Grosbein ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: if_bridge stops when running virtualbox 4.1.8
Hi, I also have this problem. My environment is below - FreeBSD-8.2-RELEASE/amd64 and FreeBSD-10-current/i386 - Virtualbox 4.0.14(now I'm compiling new version 4.1.8) - WI-FI HOSTAP mode(if_bridge) I hope to use both function(VirtualBox and if_bridge) at same. Please let us to know the appropriate settings. >I just noticed that when running Virtualbox 4.1.8 with a bridged network >interface, I loose connectivity to another virtual host running in qemu >whose network interface is bridged to my ethernet interface. After >stopping the Virtualbox instance, I regain connection to the virtual >host under qemu. Ifconfig doesn't give a clue. Has anyone seen this >behaviour or, even better, have a solution? --- MIHIRA, Sanpei Yoshiro Tokyo, Japan. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: if_bridge stops when running virtualbox 4.1.8
On 14.03.2012 13:59, MIHIRA Sanpei Yoshiro wrote: Hi, I also have this problem. My environment is below - FreeBSD-8.2-RELEASE/amd64 and FreeBSD-10-current/i386 - Virtualbox 4.0.14(now I'm compiling new version 4.1.8) - WI-FI HOSTAP mode(if_bridge) I hope to use both function(VirtualBox and if_bridge) at same. Please let us to know the appropriate settings. I just noticed that when running Virtualbox 4.1.8 with a bridged network interface, I loose connectivity to another virtual host running in qemu whose network interface is bridged to my ethernet interface. After stopping the Virtualbox instance, I regain connection to the virtual host under qemu. Ifconfig doesn't give a clue. Has anyone seen this behaviour or, even better, have a solution? What i did was create another tap interface add that to the bridge and configure VirtualBox to use the tap interface. Seems to work for me. HTH, Florian ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Zero MAC address
Hello everyone, I assigned a 00:00:00:00:00:00 MAC address to one of my interfaces on a machine and tried to ping the peer machine. The ping did go through fine. I can the see the request and reply packets on the packet capture. I am wondering if that is legitimate and if not, who is supposed to check that. I mean, the stack or the driver on the sending machine or the receiving machine. Basically, I am trying to test a statistics utility which keeps track of packets with invalid MAC addresses. Are the packets with zero MAC addresses be classified as invalid? Thanks a lot Adarsh This message and any attached documents contain information from QLogic Corporation or its wholly-owned subsidiaries that may be confidential. If you are not the intended recipient, you may not read, copy, distribute, or use this information. If you have received this transmission in error, please notify the sender immediately by reply e-mail and then delete this message. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
crash on lagg interface destroy
Hello everyone, I tried to destroy a lagg interface (created using laggproto none) and I see the system crash. Steps to reproduce: Kldload if_lagg Ifconfig lagg0 create ifconfig lagg0 up laggproto none laggport ql0 laggport ql1 192.168.100.1 netmask 255.255.255.0 ifconfig lagg0 destroy uname -a FreeBSD bsd-02 7.4-RELEASE FreeBSD 7.4-RELEASE #0: Wed Mar 7 18:16:06 PST 2012 root@bsd-02:/usr/src/sys/amd64/compile/MYKERNEL amd64 Crash: Tracing command ifconfig pid 1443 tid 100182 td 0xff0023358740 Uart_z8530_class() at 0 Ifc_simple_destroy() at Ifc_simple_destroy+0x2a If_clone_destroyif() at If_clone_destroyif+0xa5 Ifioctl() at ifioctl+0x300 Kern_ioctl() at kern_ioctl+0xa2 Ioctl() at ioctl+0xf9 Syscall() at syscall+0x252 Xfast_syscall() at Xfast_syscall+0xab --- syscall (54, FreeBSD ELF64, ioctl), rip = 0x8008324bc, rsp = 0x7fffe348, rbp = 0x7ee27 --- Hope it helps. Let me know if you need more info. Adarsh This message and any attached documents contain information from QLogic Corporation or its wholly-owned subsidiaries that may be confidential. If you are not the intended recipient, you may not read, copy, distribute, or use this information. If you have received this transmission in error, please notify the sender immediately by reply e-mail and then delete this message. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
RE: Zero MAC address
Thank you for the quick replies. I am aware of the importance of the second bit. By invalid, I was wondering if that particular address is reserved or if it has any special meaning or purpose. So in theory, I cannot classify it as an invalid MAC address on my packet statistics utility. On a side thought, can an incoming packet be classified as "invalid MAC address" if it has the same MAC address of the host? Thanks again Adarsh -Original Message- From: Chuck Swiger [mailto:cswi...@mac.com] Sent: Wednesday, March 14, 2012 3:57 PM To: Adarsh Joshi Cc: freebsd-net@freebsd.org Subject: Re: Zero MAC address On Mar 14, 2012, at 3:32 PM, Adarsh Joshi wrote: > I assigned a 00:00:00:00:00:00 MAC address to one of my interfaces on a > machine and tried to ping the peer machine. The ping did go through fine. > > I can the see the request and reply packets on the packet capture. I am > wondering if that is legitimate and if not, who is supposed to check that. I > mean, the stack or the driver on the sending machine or the receiving machine. > > Basically, I am trying to test a statistics utility which keeps track of > packets with invalid MAC addresses. Are the packets with zero MAC addresses > be classified as invalid? In theory, no-- 00:00:00 OUI belongs to Xerox, and there is nothing special about an all-zeros MAC. If you see an OUI with the second bit of the first octet set, that would indicate locally managed addresses rather than global or "universally administered" numbering, otherwise you can lookup against OUI data from the IEEE: http://standards.ieee.org/develop/regauth/oui/oui.txt ...and that will let you identify the vendor of the ethernet NIC, SAS/fibre channel controller, etc...or conclude that someone is likely spoofing MAC addresses if you don't find the OUI listed. Maybe that's what you mean by "invalid"? Regards, -- -Chuck This message and any attached documents contain information from QLogic Corporation or its wholly-owned subsidiaries that may be confidential. If you are not the intended recipient, you may not read, copy, distribute, or use this information. If you have received this transmission in error, please notify the sender immediately by reply e-mail and then delete this message. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Use of network_interfaces in rc.conf
On Wed, Mar 14, 2012 at 4:19 AM, Eugene Grosbein wrote: > 14.03.2012 13:19, hiren panchasara пишет: > > Thanks Chuck for getting back. I have a question inlined: > > > > On Tue, Mar 13, 2012 at 10:32 PM, Chuck Swiger wrote: > > > >> On Mar 13, 2012, at 10:18 PM, hiren panchasara wrote: > What difference does it make when I have each (separately) in my > >> rc.conf: > > 1) no network_interfaces at all > 2) network_interfaces="AUTO" > >> > >> These two are the same. > >> > > Okay. So, if my system has 4 interfaces: em0, iwn0, fwp0, wlan0 > > > > Does the above mean following? > > > > ifconfig_em0="AUTO" > > ifconfig_iwn0="AUTO" > > ifconfig_fwp0="AUTO" > > ifconfig_wlan0="AUTO" > > No. > > network_interfaces is basically historic rudiment > used in 2.2.x FreeBSD version and alike. > > In general, you should not use it in modern version at all. > Thanks Eugene. So, the only way to specify boottime configuration (that survives reboots) for an interface in rc.conf is: ifconfig_em0="dhcp" ? Thanks, Hiren ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Zero MAC address
On Mar 14, 2012, at 3:32 PM, Adarsh Joshi wrote: > I assigned a 00:00:00:00:00:00 MAC address to one of my interfaces on a > machine and tried to ping the peer machine. The ping did go through fine. > > I can the see the request and reply packets on the packet capture. I am > wondering if that is legitimate and if not, who is supposed to check that. I > mean, the stack or the driver on the sending machine or the receiving machine. > > Basically, I am trying to test a statistics utility which keeps track of > packets with invalid MAC addresses. Are the packets with zero MAC addresses > be classified as invalid? In theory, no-- 00:00:00 OUI belongs to Xerox, and there is nothing special about an all-zeros MAC. If you see an OUI with the second bit of the first octet set, that would indicate locally managed addresses rather than global or "universally administered" numbering, otherwise you can lookup against OUI data from the IEEE: http://standards.ieee.org/develop/regauth/oui/oui.txt ...and that will let you identify the vendor of the ethernet NIC, SAS/fibre channel controller, etc...or conclude that someone is likely spoofing MAC addresses if you don't find the OUI listed. Maybe that's what you mean by "invalid"? Regards, -- -Chuck ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Zero MAC address
On Mar 14, 2012, at 4:05 PM, Adarsh Joshi wrote: > Thank you for the quick replies. > > I am aware of the importance of the second bit. By invalid, I was wondering > if that particular address is reserved or if it has any special meaning or > purpose. There isn't a special meaning for all-zeros MAC to my knowledge, although all-ones MAC is subnet-local broadcast. > So in theory, I cannot classify it as an invalid MAC address on my packet > statistics utility. Yes, as far as theory goes. In practice, all-zeros MACs tend to indicate that an ethernet driver failed to read the burned-in MAC assigned to the NIC. :-) > On a side thought, can an incoming packet be classified as "invalid MAC > address" if it has the same MAC address of the host? Tentatively, yes-- MACs are supposed to be unique, and any collision is bad...just be careful that you aren't seeing packets which your local host had sent (perhaps because of a L2 switching loop). Regards, -- -Chuck ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: firewall stuck
thanks Kevin, this is my "ipfw show" : 00100 4352617 2413620288 allow ip from any to any via lo0 002000 0 deny ip from any to 127.0.0.0/8 003000 0 deny ip from 127.0.0.0/8 to any 004000 0 deny ip from any to ::1 005000 0 deny ip from ::1 to any 0060054387 5454184 allow icmp from any to any 00700 3142231 1681082246 allow ip from 10.1.1.28 to 10.1.1.0/26 00800 4659459 4478397111 allow ip from 10.1.1.0/26 to 10.1.1.28 009000 0 check-state 01000 13799789083135 allow tcp from 10.1.1.28 to any setup keep-state 011000 0 allow tcp from 10.16.10.84 to any setup keep-state 01150 401205 276677828 allow tcp from any to 10.1.1.28 dst-port 22 setup keep-state 01200 24571844249729 allow udp from 10.1.1.28 to any keep-state 01300 5876930 239194755 allow tcp from any to any established 014000 0 allow tcp from any to 10.1.1.28 dst-port 389 setup keep-state 01500 26341187 22030370786 allow tcp from any to 10.1.1.28 dst-port 80 setup keep-state 016008094561013964 allow tcp from any to 10.1.1.28 dst-port 443 setup keep-state 017000 0 allow tcp from 10.1.1.2 to 10.1.1.28 dst-port 22 setup keep-state 01800 14964297939477 allow tcp from any to 10.1.1.28 dst-port 25 setup keep-state 01900 1407501 allow tcp from 10.1.0.0/16 to 10.1.1.28 dst-port 110 setup keep-state 02000 167798289212845 allow tcp from any to 10.1.1.28 dst-port 110 setup keep-state 02100 8996 432096 deny tcp from any to any setup 02200 24411124117256 allow udp from any to 10.1.1.28 dst-port 53 keep-state 023000 0 allow udp from any to 10.1.1.12 dst-port 53 keep-state 65535 4610 1422974 deny ip from any to any I use FreeBSD 8.2 : FreeBSD 8.2-RELEASE (GENERIC) #0: Fri Feb 18 02:24:46 UTC 2011 the problem start after I add rule 01150 On Wed, Mar 14, 2012 at 1:12 PM, Kevin Oberman wrote: > On Tue, Mar 13, 2012 at 7:27 PM, nyoman.b...@gmail.com > wrote: > > dear guru, > > > > every time I open my firewall to allow SSH connection from Internet > > after few days my firewall always stuck. Stuck in here meaning > > that it deny all request (deny any from any). > > And after I "ipfw disable firewall" and then "ipfw enable firewall" > > everything works fine > > > > when I checked /var/log/messages I found lots of attempts > > people try to connect to my machine. > > why my machine get stuck when lots of people try to SSH to my machine? > > We need a bit more information, especially your ipfw configuration. Is > it a statefull firewall? It sounds a lot like your state table might > be filling for some reason. Of course, if it is not a statefull > firewall, that idea is probably wrong, though it could be a > misconfiguration of some statefull rule that is inadvertently catching > the SSH attempts. > > Have you done an 'ipfw show' to see what rules are being matched? it > may or may not provide a clue. > -- > R. Kevin Oberman, Network Engineer > E-mail: kob6...@gmail.com > -- --- Bogi Aditya Sisfo - IMTelkom http://bogi.blog.imtelkom.ac.id ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: firewall stuck
Please don't top post. It makes following the thread very difficult. (Yes, I know too many MUAs make this difficult.) > On Wed, Mar 14, 2012 at 1:12 PM, Kevin Oberman wrote: >> >> On Tue, Mar 13, 2012 at 7:27 PM, nyoman.b...@gmail.com >> wrote: >> > dear guru, >> > >> > every time I open my firewall to allow SSH connection from Internet >> > after few days my firewall always stuck. Stuck in here meaning >> > that it deny all request (deny any from any). >> > And after I "ipfw disable firewall" and then "ipfw enable firewall" >> > everything works fine >> > >> > when I checked /var/log/messages I found lots of attempts >> > people try to connect to my machine. >> > why my machine get stuck when lots of people try to SSH to my machine? >> >> We need a bit more information, especially your ipfw configuration. Is >> it a statefull firewall? It sounds a lot like your state table might >> be filling for some reason. Of course, if it is not a statefull >> firewall, that idea is probably wrong, though it could be a >> misconfiguration of some statefull rule that is inadvertently catching >> the SSH attempts. >> >> Have you done an 'ipfw show' to see what rules are being matched? it >> may or may not provide a clue. >> -- >> R. Kevin Oberman, Network Engineer >> E-mail: kob6...@gmail.com On Wed, Mar 14, 2012 at 6:04 PM, nyoman.b...@gmail.com wrote: > thanks Kevin, > this is my "ipfw show" : > > 00100 4352617 2413620288 allow ip from any to any via lo0 > 002000 0 deny ip from any to 127.0.0.0/8 > 003000 0 deny ip from 127.0.0.0/8 to any > 004000 0 deny ip from any to ::1 > 005000 0 deny ip from ::1 to any > 0060054387 5454184 allow icmp from any to any > 00700 3142231 1681082246 allow ip from 10.1.1.28 to 10.1.1.0/26 > 00800 4659459 4478397111 allow ip from 10.1.1.0/26 to 10.1.1.28 > 009000 0 check-state > 01000 13799789083135 allow tcp from 10.1.1.28 to any setup keep-state > 011000 0 allow tcp from 10.16.10.84 to any setup > keep-state > 01150 401205 276677828 allow tcp from any to 10.1.1.28 dst-port 22 setup > keep-state > 01200 24571844249729 allow udp from 10.1.1.28 to any keep-state > 01300 5876930 239194755 allow tcp from any to any established > 014000 0 allow tcp from any to 10.1.1.28 dst-port 389 > setup keep-state > 01500 26341187 22030370786 allow tcp from any to 10.1.1.28 dst-port 80 setup > keep-state > 016008094561013964 allow tcp from any to 10.1.1.28 dst-port 443 > setup keep-state > 017000 0 allow tcp from 10.1.1.2 to 10.1.1.28 dst-port 22 > setup keep-state > 01800 14964297939477 allow tcp from any to 10.1.1.28 dst-port 25 setup > keep-state > 01900 1407501 allow tcp from 10.1.0.0/16 to 10.1.1.28 dst-port > 110 setup keep-state > 02000 167798289212845 allow tcp from any to 10.1.1.28 dst-port 110 > setup keep-state > 02100 8996 432096 deny tcp from any to any setup > 02200 24411124117256 allow udp from any to 10.1.1.28 dst-port 53 > keep-state > 023000 0 allow udp from any to 10.1.1.12 dst-port 53 > keep-state > 65535 4610 1422974 deny ip from any to any > > I use FreeBSD 8.2 : > FreeBSD 8.2-RELEASE (GENERIC) #0: Fri Feb 18 02:24:46 UTC 2011 > > the problem start after I add rule 01150 so you do have a stateful rule for ssh. Putting stateful rules on services is risky because you always open yourself to DOS, ether intentionally or by accident. Every stateful access requires resources from a limited pool. You can look at this pool information with: sysctl net.inet.ip.fw | grep dyn man ipfw describes them in the "SYSCTL VARIABLES" section. I am wondering why you want a stateful rule for this. It's very risky and it looks like you are getting bitten, either by accident or a deliberate effort to DOS you. I suspect the former. -- R. Kevin Oberman, Network Engineer E-mail: kob6...@gmail.com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Use of network_interfaces in rc.conf
15.03.2012 06:33, hiren panchasara пишет: > network_interfaces is basically historic rudiment > used in 2.2.x FreeBSD version and alike. > > In general, you should not use it in modern version at all. > > > Thanks Eugene. > > So, the only way to specify boottime configuration (that survives reboots) > for an interface in rc.conf is: > ifconfig_em0="dhcp" ? Yes, thats what man rc.conf says. Eugene Grosbein ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
