Re: unable to qualify my own domain name
Hello Frank, Welcome to FreeBSD and meet the sendmail daemon. What it tells to you is that it cannot qualify your own domain name. Maybe if you haven't left it blank it wouldn't. The reason why may be very complex or very simple. I think the daemon is just a little embarrassed to even think that it's gona have to send mail from a blank host name. The are many ways you can go from here though. You may try to learn how to skip loading sendmail daemon at startup (please don't abuse it). You may try to register a domain name and then learn how to reconfigure this perfectly normal FreeBSD 6.2 release. You also may try to call your provider and ask them to read the domain name they have assigned to you, unless you are having the dial up connection which is constantly changing and changing and changingor else, you may use a little imagination, add some creativity and a little responsibility to use a domain name you'd like your legal copy of sendmail to be proudly telling to the world. "Hello from mybox.iwontmakeupnonames.arpa" #man intro #man hosts #man ifconfig #man rc.conf and the Handbook Sincerely, Nash - Original Message From: Frank <[EMAIL PROTECTED]> To: freebsd-net@freebsd.org Sent: Monday, December 3, 2007 10:37:03 AM Subject: unable to qualify my own domain name I'm new to FreeBSD. Am trying to set up 6.2. Don't understand why Network Configuration requires a domain name. I've never needed one when setting up Windows XP networking--only had to set it to automatically acquire IP address. For FreeBSD 6.2, I left the "Domain" field blank in the "Network Configuration" screen, and every time at startup, I would get the message that it's "unable to qualify my own domain name". Must I make one up? Why is this? Thanks. - Never miss a thing. Make Yahoo your homepage. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]" Be a better pen pal. Text or chat with friends inside Yahoo! Mail. See how. http://overview.mail.yahoo.com/ ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Maximum NIC interrupts
Dear Jordi, In theory, on a Gigabit link you get 1 000 000 000 bits * second. By default you have the MTU set to 1500 bytes which makes ~12 000 bits. 1 000 000 000 / 12 000 = ~ 83 333 packets per second. 83 333 packets per second makes 0.08 packets per microsecond. 1 / 0.08333 = 12.0 microseconds per packet. Thus one can interrupt CPU at a rate of ~83 333 times per second. If you use lower packets sizes you might get even more funny numbers. 8000 is a quiet low number. The driver was developed by guys at Intel. I don't see a reason to worry. By the way they have products with Interrupt Moderation. http://www.intel.com/design/network/applnots/ap450.htm The question is really amazing. Thanks, it have tickled me big time. Sincerely, Nash - Original Message From: Jordi Espasa Clofent <[EMAIL PROTECTED]> To: freebsd-net@freebsd.org Sent: Wednesday, December 26, 2007 12:12:55 PM Subject: Re: Maximum NIC interrupts OK, I'll try to explain in another way. While I've done network performance test I've monitored the IRQ rate, and, for example, it's a 7000/8000 interrupts per second in every NIC (I use 2 NICs in a bridge). The question is ¿how can I know if this irq rate is too high or not? ¿how can I know if I'm closer to device limits, or kernel limits? I want to say that I'm don't know if 8000 irq per second means a high IRQ use or a lower user. I hope I've explained better at this time. -- Thanks, Jordi Espasa Clofent ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]" Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: looking for dual-phy (copper & fiber) NIC
Dear Aaron, i give up on searching for a Dual-phy copper fiber gigabit nic. the search terminates at this 2004 article http://www.thefreelibrary.com/Ixia+Introduces+Dual-PHY+Copper%2FFiber-Optic+Gigabit+Ethernet+Testing...-a0112895579 assumption would be that Allied Telesis have made a successfull hybridus at 100bps and when things went closer to 1000bps vendors have decided to invest into media converters. these are available stand-alone or slide-in (Transition Networks for example). sincerely, nash p.s. please send a note if you ever find one - Original Message From: Aaron Turner <[EMAIL PROTECTED]> To: freebsd-net@freebsd.org Sent: Saturday, January 5, 2008 10:30:43 PM Subject: looking for dual-phy (copper & fiber) NIC Sorry for the slightly OT, but I've run out of ideas... I could of sworn about a month ago or so, I found a half-height gigabit NIC (PCI Express I think) which offered two copper AND two SFP connectors for fiber. The card had only two ethernet controllers (Marvell I think), hence you could only use up to two connectors at any time. Very similar to many switches which give you the choice of copper or fiber but not both (sometimes called "combo ports"). Of course, I didn't bookmark the page, I can't find it in my browser history and Google is failing me horribly. Note: I'm NOT looking for the old SysKonnect or Allied Tellysn cards which are 10/100Mbps. This was a gigabit card! Any hints or pointers to the page, vendor or reseller would be greatly appreciated. Thanks, Aaron -- Aaron Turner http://synfin.net/ http://tcpreplay.synfin.net/ - Pcap editing & replay tools for Unix They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]" Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Sendmail SSL certificates cache?
Sendmail ssl server certificates cache where? thanks. Nash - How low will we go? Check out Yahoo! Messengers low PC-to-Phone call rates. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
How do i send mail to certain domain users over external smtp using sendmail?
hi, i just dont see any options to make it work "| /usr/sbin/sendmail -Ac -t" works fine but "| /usr/sbin/sendmail -O ConnectOnlyTo=smtp.external.co... -Ac -t" just wont work: WARNING: RunAsUser for MSP ignored, check group ids (egid=10103, want=25) can not chdir(/var/spool/clientmqueue/... Permission denied Program mode requires special privileges, e.g., root or TrustedUser. 554 5.3.5 Local configuration error I dont want to set up trusted users. Any work-around available? thanks - Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How do i send mail to certain domain users over external smtp using sendmail?
Duane Whitty <[EMAIL PROTECTED]> wrote: Nash Nipples wrote: >hi, i just dont see any options to make it work > > "| /usr/sbin/sendmail -Ac -t" works fine > but "| /usr/sbin/sendmail -O ConnectOnlyTo=smtp.external.co... -Ac -t" just > wont work: > WARNING: RunAsUser for MSP ignored, check group ids (egid=10103, want=25) > can not chdir(/var/spool/clientmqueue/... Permission denied > Program mode requires special privileges, e.g., root or TrustedUser. > 554 5.3.5 Local configuration error > > I dont want to set up trusted users. Any work-around available? > > thanks > > - > Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ > countries) for 2�/min or less. > ___ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > > > > Hi, To clarify for myself, are you asking: given domains abc.com, foo.com, bar.com , and anotherdomain.com how to use your local SMTP to send mail to abc.com and foo.com but use an external SMTP to send mail to bar.com and anotherdomain.com? If so, then you can use the SMART_HOST define and the confCW_FILE define in your /etc/mail/sendmail.mc file and put hosts you want processed via local SMTP in the file defined in confCW_FILE define. If you just have one domain you want handled locally then you might also just put an entry like Cwfoo.com in /etc/mailsendmail.cf. Your file names may vary depending upon you configuration. Hope this helps. Sincerely, Duane Whitty -- [EMAIL PROTECTED] ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]" Umm yea! thanks. its all about SMART_HOST. Nash - Blab-away for as little as 1�/min. Make PC-to-Phone Calls using Yahoo! Messenger with Voice. - Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low rates. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How do i send mail to certain domain users over external smtp using sendmail?
how can i ask sendmail to give up an email to "another" smtp agent when the destination user is considered local but not trusted to run a different submit.cf basicly it could turn into a possible leak attempt unless its defined in a local "but not really local" routing table which "implies not!" (no antonym found) the straightforward design of sendmail (along with the internet structure). somewhat like "why cant i send emale when i physically can and why cant you read it here when you physically can"\n "if i cant send it physically helo, i need a fallback mx" but what to do with "helo i cant read it here can i have a replicator please?" see? or not? nash - How low will we go? Check out Yahoo! Messengers low PC-to-Phone call rates. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How do i send mail to certain domain users over external smtp using sendmail?
Brian Candler <[EMAIL PROTECTED]> wrote: On Wed, May 10, 2006 at 05:47:48AM -0700, Nash Nipples wrote: >hi, i just dont see any options to make it work > > "| /usr/sbin/sendmail -Ac -t" works fine > but "| /usr/sbin/sendmail -O ConnectOnlyTo=smtp.external.co... -Ac -t" just > wont work: > WARNING: RunAsUser for MSP ignored, check group ids (egid=10103, want=25) > can not chdir(/var/spool/clientmqueue/... Permission denied > Program mode requires special privileges, e.g., root or TrustedUser. > 554 5.3.5 Local configuration error > > I dont want to set up trusted users. Any work-around available? Upgrade to exim - *any* mail routing policy you can think of can be implemented in exim. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]" lol thanks! i've read about it and i think its awesome but yet i dont know how do i uninstall sendmail? Nash - Get amazing travel prices for air and hotel in one click on Yahoo! FareChase ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How do i send mail to certain domain users over external smtp using sendmail?
Bill!! you are my superman! lol i dont even know how to thank you. all i had to do is recompile the sendmail!! it is truly flexible and ununinstallable. :) mailertable did the thing. i would like to consider the problem to be solved. if no objections pending? next time i will pay more time to the sendmail documentation prior to writing out the problems. NASH! -ty Bill Vermillion <[EMAIL PROTECTED]> wrote: The door open and in walked trouble - disguised as our our old nemesis Nash Nipples, who uttered, at Thu, May 11, 2006 at 04:27 : > Duane Whitty wrote: Nash Nipples wrote: > >hi, i just dont see any options to make it work > > "| /usr/sbin/sendmail -Ac -t" works fine > > but "| /usr/sbin/sendmail -O ConnectOnlyTo=smtp.external.co... -Ac -t" > > just wont work: > > WARNING: RunAsUser for MSP ignored, check group ids (egid=10103, want=25) > > can not chdir(/var/spool/clientmqueue/... Permission denied > > Program mode requires special privileges, e.g., root or TrustedUser. > > 554 5.3.5 Local configuration error > > > > I dont want to set up trusted users. Any work-around available? > > > > thanks > Hi, > > To clarify for myself, are you asking: > given domains abc.com, foo.com, bar.com , and anotherdomain.com > how to use your local SMTP to send mail to abc.com and foo.com but use > an external SMTP to send mail to bar.com and anotherdomain.com? > If so, then you can use the SMART_HOST define and the confCW_FILE define > in your /etc/mail/sendmail.mc file and put hosts you want processed via > local > SMTP in the file defined in confCW_FILE define. If you just have one domain > you want handled locally then you might also just put an entry like > Cwfoo.com in /etc/mailsendmail.cf. Your file names may vary depending > upon you configuration. > > Hope this helps. > > Sincerely, > > Duane Whitty It's really pretty easy. Look at 'mailertable'. You can set mail to any domain you wish to go through any SMTP server you are permitted to use. Some places won't accept my mail as even though I"m on a STATIC IP and have been the same one for 3 years, they consider all DSL lines as spam sources. So depending on end destination I send some to my providers transport, and others off to another machine I manage. Setup is simple. abc.com smtp: And then just run make in /etc/mail to compile it. Sendmail is very flexible. Bill -- Bill Vermillion - bv @ wjv . com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]" - Love cheap thrills? Enjoy PC-to-Phone calls to 30+ countries for just 2�/min with Yahoo! Messenger with Voice. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: nfsd and CPU/performance problem
Hi Marko, Actually i dont find that load critical. I think those lines well tell that actually the process is running 581m42s and now it utilizes 13.48% of available WCPU which is a long run and hopefully successfull if no nfs failures took place. Im pretty confident that FreeBSD wont let any bad things happen and will allocate the resources where it needs them the most and on time. I've googled for a few minutes and found this: http://mail-index.netbsd.org/netbsd-bugs/1994/09/28/.html which sounds like a "kernel tuning issue" if you have excluded nfsserver out of your kernel config last time u were compiling it. if you didnt just skip this part at this time. please make sure that the following lines do exist options NFSCLIENT # Network Filesystem Client options NFSSERVER # Network Filesystem Server options NFS_ROOT# NFS usable as /, requires NFSCLIENT or it can be this: http://lists.debian.org/debian-user/2002/08/msg02884.html which sounds like umm "daemon aging" issue. is there such thing? if yes, then i hope someone will share a hint on nfs server maintenance during a long run. I dont really think that restarting it on daily basis is a good thing to do can i see some more info on nfsd please? # ps -wux -p `pgrep nfsd` Sincerely, Nash Marko Lerota <[EMAIL PROTECTED]> wrote: Marko Lerota writes: > PID USERNAME THR PRI NICE SIZERES STATE C TIME WCPU COMMAND > 429 root 1 40 1204K 820K - 0 581:42 13.48% nfsd > 430 root 1 40 1204K 820K - 0 10:37 0.00% nfsd > > Here is the config > rc.conf > ### > rpcbind_enable="YES" > portmap_enable="YES" > nfs_server_enable="YES" > nfs_server_flags="-u -t -n 4 -h 10.3.11.43" > mountd_flags="-r" > nfs_client_enable="YES" > ### My friend found the 'problem' but I'm not shure who's problem it is. The clients or the nfs servers. In the handbook section about NFS there is nothing about this. These options are added in rc.conf and server now works correctly. rpc_lockd_enable="YES" rpc_statd_enable="YES" But later in the handbook section: Figure 2-54. Network Configuration Lower-level The rpcbind(8), rpc.statd(8), and rpc.lockd(8) utilities are all used for Remote Procedure Calls (RPC). The rpcbind utility manages communication between NFS servers and clients, and is *required* for NFS servers to operate correctly. So I think this should be in the NFS section. Anyone? The clients are RedHatES4 and servers are FreeBSD 6.1 -- One cannot sell the earth upon which the people walk Tacunka Witco ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]" - Feel free to call! Free PC-to-PC calls. Low rates on PC-to-Phone. Get Yahoo! Messenger with Voice ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Trouble booting NFS root
Hi, sorry, im new to this FreeBSD but um, the only quick thing i can think of is to make sure you have this: -rw-r--r-- 1 root wheel diskless_root/etc/rc if yes then you might want to put this string at the top of your diskless_root/etc/rc: /bin/sh #which points your rc file to shell so that you are your own rc! and make it chmod 755 diskless_root/etc/rc now wen your little beastie starts you do the config steps with your own hands and then just correct the rc file. actually when i had those trouble days i used to write custom rc files generating memory disks at boot and so fourth. have fun, it musta work. there is something in the configs Sincerely Nash do it yourself and then hit ctrl-D and hoopla [EMAIL PROTECTED] wrote: I'm trying to set up a small cluster of diskless boxes using FreeBSD 6.1. So Far, PXE loads pxeboot which loads the kernel. But the kernel stops in the middle of booting for no apparent reason. The last thing on the console is "Timecounters tick every 1.000 msec", which usually occurs just before the root partition is mounted. When I do a traffic dump on the NFS server, I see: mount /mnt/local/tinny/root lookup /etc lookup fstab.split (this fails as there is no /etc/fstab.split) mount /mnt/local/tinny/root lookup /etc lookup /etc/fstab.gz.split (also fails) mount /mnt/local/tinny/root lookup /etc lookup /etc/fstab.gz (also fails) mount /mnt/local/tinny/root lookup /etc lookup /etc/fstab (this time it succeeds) read from filehandle (contents of /etc/fstab look correct in packet) second read from the filehandle (returns empty --- I assume this is EOF) /mnt/local/tinny/fstab contains: - New Yahoo! Messenger with Voice. Call regular phones from your PC and save big. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Trouble booting NFS root
Umm... I hope you didnt cut this portion out of your diskless kernel options NFS_ROOT # NFS usable as /, requires NFSCLIENT options NFSCLIENT # Network Filesystem Client options NFSSERVER # Network Filesystem Server You migh also want to re-read FreeBSD Handbook chapter 27.6.2.4 Booting with PXE (just in case) and my /var/run/dmesg.boot has these lines instead ... +Timecounter "TSC" frequency 1997211896 Hz quality 800 Timecounters tick every 1.000 msec +IPv6 packet filtering initialized, unlimited logging +ipfw2 (+ipv6) initialized, divert loadable, rule-based forwarding disabled, default to deny, logging unlimited +ad0: 76319MB at ata0-master UDMA100 +acd0: DVDROM at ata1-master UDMA33 +ad4: 35304MB at ata2-master SATA150 +Trying to mount root from ufs:/dev/ad4s1a +rl0: link state changed to UP so basicaly, may i suggest to ensure that you dont have your firewall cutting off the cord and there is no problems initializing on-board ata devices? Nash [EMAIL PROTECTED] wrote: > make sure you have this: -rw-r--r-- 1 root wheel diskless_root/etc/rc > diskless_root/etc/rc: > /bin/sh #which points your rc file to shell so that you are your own rc! While that is a useful tip, the NFS trace shows that the kernel doesn't even try to read any files. The last thing that gets read by anything is /etc/fstab, however it seems most likely that fstab was read by the bootloader rather than the kernel proper. -- Luke ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]" - Ring'em or ping'em. Make PC-to-phone calls as low as 1¢/min with Yahoo! Messenger with Voice. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Simple LAN IP accounting
ipfw add 5 skipto 500 ip from 192.168.110.1 to any out via tun0 ipfw add 10 skipto 500 ip from any to 192.168.110.1 to any in via tun0 ipfw add .. skipto 500 ip from 192.168.110... to any out via tun0 ... ipfw add 500 divert from any to any in via tun0 #back to normal rules ipfw show 5 274943 64986791 ip from 192.168.110.1 to any out via tun0 00010 274943 64986791 ip from any to 192.168.110.1 in via tun0 thats pretty stupid but works. and you need a program to proccess the output thats what im working on time to time :) it doesnt overload the filter cuz a matching rule is passed once at a time and the unmatched skipped to normal rules. if you get out of ipfw rules limits you might consider to split.. lol anyone else? nash "Roger T. Harvey" <[EMAIL PROTECTED]> wrote: Ok, I've done research, and found this example to track bytes per ip on LAN: $IPFW pipe 1 config mask src-ip 0x buckets 512 $IPFW pipe 2 config mask dst-ip 0x buckets 512 $IPFW add 32001 pipe 1 src-ip 192.168.110.0/24 bridged $IPFW add 32002 pipe 2 dst-ip 192.168.110.0/24 bridged Now that's all well and good, and I saw the output as well. However, im not running bridged. or does that make a difference in this instance? Also, is there any scripts, etc to format the pipe info into a nice readable format (pref html) Doesn't need graphs, etc. Just Daily and Monthly totals would be nice. (I am running MySQL so it can store the data) Concidered to this list, you can call me a newbie for sure. as I only know how to Do a handful of things and that's about it. which is why im asking here. TIA to everyone ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]" - Do you Yahoo!? Next-gen email? Have it all with the all-new Yahoo! Mail Beta. - Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail Beta. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Simple LAN IP accounting
Oh come on guys, are we talking about accounting or packets sniffing? if so, i believe that tcpdump should be rewritten into tcpacc with no ability to see packets. and make it more flexible. i believe there are number of reasons why guys at FreeBSD do not document the traffic accounting process. They not just 'missed out' the matter for so many years. That could be because 1. Its Free, so if you want to make profit you better invest into commercial applications. 2. There is no standard approach to satisfy everyone's needs and security considerations for automated hijacking of resources as soon as standard is derived. 3. at this point you should really be able to make it what you want it to be. Ofcourse we can end up blaming all the ports because the authors shared what they did and left the sources for people who need them different. I also believe that a custom accounting program would be a big deal of programming experience handling strings, streams, various types of data and pretty formatted output with no limits but time against needs and talk against deeds. nash p.s. i like to write this crap lol! Brian Candler <[EMAIL PROTECTED]> wrote: On Sun, Jun 18, 2006 at 07:26:44AM -0700, Nash Nipples wrote: >ipfw add 5 skipto 500 ip from 192.168.110.1 to any out via tun0 > ipfw add 10 skipto 500 ip from any to 192.168.110.1 to any in via tun0 > ipfw add .. skipto 500 ip from 192.168.110... to any out via tun0 > ... > ipfw add 500 divert from any to any in via tun0 #back to normal rules > > ipfw show > 5 274943 64986791 ip from 192.168.110.1 to any out via tun0 > 00010 274943 64986791 ip from any to 192.168.110.1 in via tun0 > > thats pretty stupid but works. and you need a program to proccess the output > thats what im working on time to time :) > > it doesnt overload the filter cuz a matching rule is passed once at a time > and the unmatched skipped to normal rules. if you get out of ipfw rules > limits you might consider to split.. lol > > anyone else? Another approach is to capture absolutely everything using libpcap into a userland process, and then post-process afterwards. This is how 'ntop' works. At a very simplistic level you could just use tcpdump -w to capture the packets (or packet headers) into a file, and then tcpdump -r to pipe them into a script to analyse them, such as totalising the sizes of all packets to/from a particular IP address. Another approach is to use statistical sampling - pick packets at random, so that overall you capture, say, 1 packet in 128, and analyse those. This is the approach used by sflow. If you have an sflow-capable switch, this is a very efficient way of doing this analysis. You can turn the sflow data into simple CSV records using 'sflowtool', or ntop has an sflow module. This assumes that taking the sampled data and multiplying it by 128 will be sufficiently accurate for your purposes, of course. Regards, Brian. - Yahoo! Groups gets better. Check out the new email design. Plus theres much more to come. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Multiple routes to the same destination
1. how did you uninstall routed? 2. why not alter routes in a script, you are not going to send packets belonging to the same session in multiple routes would ya? Christopher Martin <[EMAIL PROTECTED]> wrote: > -Original Message- > From: Baldur Gislason [mailto:[EMAIL PROTECTED] > Sent: Friday, 23 June 2006 10:02 PM > To: Christopher Martin > Cc: FreeBSD Net Mailing list > Subject: Re: Multiple routes to the same destination > > Well, round robin is really not what you want with IP packets. > And how are you going to detect that a route is good without a routing > protocol? > Actually, round robin is exactly what I want. And I am not saying I don't use a routing protocol, in fact I do, but I want packets to be able to use two or more diverse paths of equivalent cost. It would seem that you are assuming that I want to load balance two internet connections which are NATed, in which case round robin might have issues with lost TCP sessions and weird reactions from servers as the apparent source address changes from packet to packet, but in a routed internal network the source address will not be changed by the router, thus negating that issue. It did seem at some stage someone was going to include it in OpenBSD: http://undeadly.org/cgi?action=article&sid=20040425183024&mode=expanded To quote: "...OSPF also supports multipath equal cost routing". It's more of a case where we would like to use BSD as a router/packet filtering firewall for sites with multiple WAN links between each site, of equal size, and not have one site idle until the other fails over. Round robin is better than what we have: nothing. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]" - How low will we go? Check out Yahoo! Messengers low PC-to-Phone call rates. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Netconfig
netconfig looks like a new bill gates out of FreeBSD box. u dont need it. chill Julian Elischer <[EMAIL PROTECTED]> wrote: what the [EMAIL PROTECTED] is a Netconfig database and why do I suddenly need one? no such animal in 4.x etc. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]" - How low will we go? Check out Yahoo! Messenger�s low PC-to-Phone call rates. - Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Packet Construction and Protocol Testing...
Okay, why not make it in C on the day 2 if not on the day 1 because u will still want to do that on day x.? plus the core point about constructing dirty packets is to gain understanding of the process. i mean its very important to understand how do u form a binary stream with a set of consequent decimals and read it back in. saying (in 1 bit octals) 324 303 262 241 002 000 004 000 000 000 000 000 000 000 000 000 may mean nothing to u, but NOT to the interface driver or whichever thing handles the socket writes (which on my opinion could be just a hook in a driver event table, but yea, i dont know what process handles the socket(2) write(2) system call) because somehow its a cut off in the manual. "DESCRIPTION The socket() system call creates an endpoint for communication and returns a descriptor." what to? is this a bug in freedom of information design? if not that is a good challenge and i accept it but creating tools people "do not know how" but "let me try" is like giving an icecream to a dog. dont let it lose on the carpet right? Just thought to give u a few ideas. thats it Nash [EMAIL PROTECTED] wrote: At Thu, 20 Jul 2006 10:40:41 -0400, Chuck Swiger wrote: > This strikes me as a pretty cool thing, thank you for putting the source out > there...given a bit of free time, I'd like to at least test this, if not > contribute. [1] :-) Thanks :-) > The port is missing a dependency on net/py-pcap, BTW, which makes most of the > tests fail if one simply downloads the shar file and tries to run them: > For now I wanted to make them separate though the documentation points out that you can't use the PCAP connector without py-pypcap. I may add the dependency in a future release. Thanks, for the patch! > [1]: If I could only get net/py-pcap to build, I might be able to do a little > more... :-) You only need net/py-pypcap, but if that's what you meant please let me know what the build problem is. Later, George ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]" - See the all-new, redesigned Yahoo.com. Check it out. - Do you Yahoo!? Next-gen email? Have it all with the all-new Yahoo! Mail Beta. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
