one to one mappings issues using IPnat
Hi, I'm using ipnat for one to one mappings in my FreeBSD router using IPnat. I got several interfaces plus Vlans ; rl0 - Local (192.168.0.x), em0, em1, em2, em3 - External (internet), em4, vlan0, vlan1, vlan2, vlan3, vlan4, vlan5, vlan6, vlan7, vlan8, vlan9 - DMZ ( 202.xxx.10.x). my ipnat.rules ; map em3 192.168.0.0/24 <http://192.168.0.0/24> -> 0/32 portmap tcp/udp auto map em3 192.168.0.0/24 <http://192.168.0.0/24> -> 0/32 # Server bimap em3 192.168.0.22/32 <http://192.168.0.22/32> -> 202.xxx.10.7/32 bimap vlan2 192.168.0.22/32 <http://192.168.0.22/32> -> 202.xxx.10.7/32 bimap vlan3 192.168.0.22/32 <http://192.168.0.22/32> -> 202.xxx.10.7/32 bimap vlan4 192.168.0.22/32 <http://192.168.0.22/32> -> 202.xxx.10.7/32 bimap vlan5 192.168.0.22/32 <http://192.168.0.22/32> -> 202.xxx.10.7/32 bimap rl0 192.168.0.22/32 <http://192.168.0.22/32> -> 202.xxx.10.7/32 202.xxx.10.7/32 was included in vlan9, my local already can ping to 202.xxx.10.7 and that's mean it's working at Lan but the problem is I can't ping 202.xxx.10.7 from another same subnet ip eg: 202.xxx.10.10 and it give me this result ; [EMAIL PROTECTED] ~]# ping 202.xxx.10.7 PING 202.xxx.10.7 (202.xxx.10.7) 56(84) bytes of data. >From 202.xxx.10.10 icmp_seq=0 Destination Host Unreachable >From 202.xxx.10.10 icmp_seq=1 Destination Host Unreachable >From 202.xxx.10.10 icmp_seq=2 Destination Host Unreachable Also I can't ping 202.xxx.10.7 from router itself, it's give me this result ; > ping 202.xxx.10.7 PING 202.xxx.10.7 (202.xxx.10.7): 56 data bytes ping: sendto: Host is down ping: sendto: Host is down ping: sendto: Host is down --- 202.xxx.10.7 ping statistics --- 9 packets transmitted, 0 packets received, 100% packet loss There's no problem when I try to ping the server from outside. I just pass all out and pass in all in my ipf.rules so I think there's no problem with ipfilter. Thanks, Nik. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
About wireless D-link DWL-G650 A1card installation.
Try to use the drivers from the http://madwifi.org/ project. Your card has a Wireless LAN chipset from Atheros, that's why it is not supported by prism drivers. Good luck. Nikita ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
configuring if_bridge with stp at boot in /etc/rc.conf
Hi, I'm trying to set up a pair of redundant (firewall) bridges which will allow fail-over using the spanning tree protocol (802.1d). Both hosts have similar hardware, HP NetServer LPr servers with dual pentium IIIs and and 4 interfaces - the onboard card (fxp0), a single port intel pro 1000 (em0) and a dual port intel pro 1000 (em1 and em2). fxp0 will be used used for management of the host (i.e. ssh etc) and has an IP address em0 will be used for pfsync with each host's counterpart via crossover cable em1 will be the "outside" end of the bridge connected to the switch with the gateway on it em2 will be the "inside" end of the bridge connected to the switch with the rest of the hosts on the LAN I'm running the GENERIC + SMP kernel built from 6.1-PRERELEASE from about the 23rd of February on both machines. I've not introduced anything to do with the firewall yet, I'm just trying to get STP working right now, however I'm having trouble in that the bridges don't seem to be set up properly if I try to configure them using directives in /etc/rc.conf. Here is my /etc/rc.conf which does not work: #- start rc.conf --- defaultrouter="192.168.0.1" hostname="hashi-0.example.com" ifconfig_em1="up" ifconfig_em2="up" cloned_interfaces="bridge0" ifconfig_bridge0="addm em1 stp em1 addm em2 stp em2 hellotime 2 maxage 5 fwddelay 6 priority 10 up" ifconfig_fxp0="inet 192.168.0.245 netmask 255.255.255.0" ifconfig_em0="inet 192.168.100.245 netmask 255.255.255.0" ntpdate_enable="YES" ntpdate_flags="au.pool.ntp.org" sshd_enable="YES" usbd_enable="NO" sendmail_enable="NO" #- end rc.conf --- At boot up, everything seems to be configured properly except that one of the members of the bridge stays disabled: hashi-0# ifconfig bridge0 bridge0: flags=8043 mtu 1500 ether ac:de:48:47:13:38 priority 10 hellotime 2 fwddelay 6 maxage 5 member: em2 flags=7 port 4 priority 128 path cost 55 disabled member: em1 flags=7 port 3 priority 128 path cost 55 forwarding hashi-0# ifconfig em2 em2: flags=8943 mtu 1500 options=8 inet6 fe80::204:23ff:fec9:1dc9%em2 prefixlen 64 scopeid 0x4 ether 00:04:23:c9:1d:c9 media: Ethernet autoselect (100baseTX ) status: active On the bright side, I _can_ get it to work if I use a variation on suggestion I saw here from Igor Madera SepĂșlveda: http://lists.freebsd.org/mailman/htdig/freebsd-net/2006-January/009460.html Basically I remove all bridge configuration from /etc/rc.conf and just use a shell script from cron as follows: # start if_bridgeStart.sh - #!/bin/sh # Starts the bridge /sbin/ifconfig em1 up /sbin/ifconfig em2 up sleep 1 /sbin/ifconfig bridge0 create sleep 1 /sbin/ifconfig bridge0 addm em1 addm em2 sleep 1 /sbin/ifconfig bridge0 stp em1 stp em2 hellotime 2 maxage 5 fwddelay 6 sleep 1 /sbin/ifconfig bridge0 ifpriority em1 10 ifpathcost em1 10 sleep 1 /sbin/ifconfig bridge0 ifpriority em2 20 ifpathcost em2 20 sleep 1 /sbin/ifconfig bridge0 priority 10 sleep 1 /sbin/ifconfig bridge0 up # end if_bridgeStart.sh - Interestingly, if i replace all the "sleep 1" statements with "sleep 0" I get the same symptoms as with the rc.conf. So it would seem to be some kind of timing issue??? I've also tried switching things around in rc.conf to see if that would help such as the following, but it actually made things worse in that no member interfaces existed in bridge0: #- start rc.conf --- defaultrouter="192.168.0.1" hostname="hashi-0.example.com" ifconfig_em1="up" ifconfig_em2="up" cloned_interfaces="bridge0" ifconfig_bridge0="addm em1 addm em2 up" ifconfig_bridge0="stp em1 stp em2 hellotime 2 maxage 5 fwddelay 6" ifconfig_bridge0="ifpriority em1 10 ifpathcost 10" ifconfig_bridge0="ifpriority em2 20 ifpathcost 20" ifconfig_bridge0="priority 10" ifconfig_bridge0="up" ifconfig_fxp0="inet 192.168.0.245 netmask 255.255.255.0" ifconfig_em0="inet 192.168.100.245 netmask 255.255.255.0" ntpdate_enable="YES" ntpdate_flags="au.pool.ntp.org" sshd_enable="YES" usbd_enable="NO" sendmail_enable="NO" #- end rc.conf --- So, are there some secret rc.conf directives I can use or should I just stick with the cron kludge for the moment? Also, should we be disabling txcsum for em cards at the moment? Thanks in advance, Nik ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: configuring if_bridge with stp at boot in /etc/rc.conf
I've tried rebuilding a kernel with OPTIONS if_bridge but this problem still happens. To re-iterate, when I try to activate the bridge with STP parameters in rc.conf, one of the bridge interfaces goes into forwarding mode, but the other interfaces remains in disabled mode. Here is what I have in rc.conf: #=== ifconfig_em1="up" ifconfig_em2="up" cloned_interfaces="bridge0" ifconfig_bridge0="addm em1 stp em1 addm em2 stp em2 hellotime 2 maxage 5 fwddelay 6 priority 10 up" #=== If I remove these lines and reboot, I can get the STP bridge to work if I just use ifconfig to manually build the bridge. Is this a bug or have I missed some documentation somewhere? Nik ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: configuring if_bridge with stp at boot in /etc/rc.conf
Andrew Thompson wrote: On Mon, Mar 06, 2006 at 07:17:29AM +1100, Nik Lam wrote: I've tried rebuilding a kernel with OPTIONS if_bridge but this problem still happens. To re-iterate, when I try to activate the bridge with STP parameters in rc.conf, one of the bridge interfaces goes into forwarding mode, but the other interfaces remains in disabled mode. Here is what I have in rc.conf: #=== ifconfig_em1="up" ifconfig_em2="up" cloned_interfaces="bridge0" ifconfig_bridge0="addm em1 stp em1 addm em2 stp em2 hellotime 2 maxage 5 fwddelay 6 priority 10 up" #=== Can you post the full output from ifconfig and tell us what version of the OS you are running. Hi Andrew, Thanks for your interest. I've included the ifconfig output, my full rc.conf, the kernel config file as well as dmesg output below. I did a cvsup at 2006-03-03 at about 0200hrs UTC from a local repository (cvsup2.au.freebsd.org) and rebuilt the world and kernel from that. Also, here is a ref to my original post which has some background on the hardware and what I'm trying to acheive. http://lists.freebsd.org/mailman/htdig/freebsd-net/2006-March/009910.html Here's what I see about a minute after booting up. If I run it earlier I get to see the em1 member of bridge0 go through the listening and learning modes, but em2 remains disabled throughout. # +ifconfig output + hashi-0# ifconfig fxp0: flags=8843 mtu 1500 options=8 inet 192.168.0.245 netmask 0xff00 broadcast 192.168.0.255 ether 00:d0:b7:c8:61:6a media: Ethernet autoselect (100baseTX ) status: active em0: flags=8843 mtu 1500 options=8 inet 192.168.100.245 netmask 0xff00 broadcast 192.168.100.255 ether 00:0e:0c:aa:d5:b7 media: Ethernet autoselect status: no carrier em1: flags=8943 mtu 1500 options=8 ether 00:04:23:c9:1d:c8 media: Ethernet autoselect (100baseTX ) status: active em2: flags=8943 mtu 1500 options=8 ether 00:04:23:c9:1d:c9 media: Ethernet autoselect (100baseTX ) status: active plip0: flags=108810 mtu 1500 pfsync0: flags=0<> mtu 2020 pflog0: flags=0<> mtu 33208 lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff00 bridge0: flags=8043 mtu 1500 ether ac:de:48:b3:56:79 priority 32768 hellotime 2 fwddelay 15 maxage 20 member: em2 flags=7 port 4 priority 20 path cost 55 disabled member: em1 flags=7 port 3 priority 10 path cost 10 forwarding hashi-0# #+ #+rc.conf+ defaultrouter="192.168.0.1" hostname="hashi-0.sublimeip.net" ifconfig_em1="-txcsum up" ifconfig_em2="-txcsum up" cloned_interfaces="bridge0" ifconfig_bridge0="addm em1 stp em1 addm em2 stp em2 ifpriority em1 10 ifpriority em2 20 ifpathcost em1 10 ifpathcost 20 hellotime 2 maxage 5 fwddelay 6 priorit y 10 up" ifconfig_fxp0="inet 192.168.0.245 netmask 255.255.255.0" ifconfig_em0="inet 192.168.100.245 -txcsum netmask 255.255.255.0" #pf_enable="NO" # Enable PF (load module if required) #pf_rules="/etc/pf.conf" # rules definition file for PF #pf_flags="" # additional flags for pfctl startup #pflog_enable="YES" # start pflogd(8) #pflog_logfile="/var/log/pflog" # where pflogd should store the logfile #pflog_flags="" # additional flags for pflogd startup #pfsync_enable="YES" #pfsync_syncdev="em0" ntpdate_enable="YES" ntpdate_flags="au.pool.ntp.org" sshd_enable="YES" usbd_enable="NO" sendmail_enable="NO" #+ #+kernel config file+ # # machinei386 cpuI686_CPU identHASHISUBLIME00 makeoptionsDEBUG=-g# Build kernel with gdb(1) debug symbols optionsSMP #options SCHED_ULE# ULE scheduler options SCHED_4BSD# 4BSD scheduler options PREEMPTION# Enable kernel thread preemption options INET# InterNETworking #options INET6# IPv6 communications protocols options FFS# Berkeley Fast Filesystem options SOFTUPDATES# Enable FFS soft updates support options UFS_ACL# Support for access control lists options UFS_DIRHASH# Improve performance on big directories options MD_ROOT# MD is a potential root device options NFSCLIENT# Network Filesystem Client options NFSSERVER# Network Filesystem Server options NFS_ROOT# NFS usable as /, requires NFSCLIENT options MSDOSFS# MSDOS Filesystem options
Re: configuring if_bridge with stp at boot in /etc/rc.conf
Andrew Thompson wrote: Can you post the full output from ifconfig and tell us what version of the OS you are running. Just to add one detail I left out in my reply earlier; I'm tracking 6-STABLE. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: configuring if_bridge with stp at boot in /etc/rc.conf
Andrew Thompson wrote: On Mon, Mar 06, 2006 at 09:29:24AM +1100, Nik Lam wrote: Andrew Thompson wrote: On Mon, Mar 06, 2006 at 07:17:29AM +1100, Nik Lam wrote: To re-iterate, when I try to activate the bridge with STP parameters in rc.conf, one of the bridge interfaces goes into forwarding mode, but the other interfaces remains in disabled mode. Can you post the full output from ifconfig and tell us what version of the OS you are running. Here's what I see about a minute after booting up. If I run it earlier I get to see the em1 member of bridge0 go through the listening and learning modes, but em2 remains disabled throughout. It may be possible that the link-up notification is not happening for em2 or we are somehow missing the first one. Can you try this patch and see if stp on em2 kicks into life. Can you also test unplugging/plugging the network cable for em2 and see if you get link change messages in your dmesg. Andrew Thanks Andrew. Firstly, I tried unplugging/plugging em2 and yes - that causes link state changes to be logged as well as getting STP working correctly - the em2 member goes into listening and then learning and then forwarding. I'll apply your patch now. I'm assuming there is no shortcut to rebuilding the kernel in which case it will probably be quite late before I get back with results. Nik ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: configuring if_bridge with stp at boot in /etc/rc.conf
Andrew Thompson wrote: It may be possible that the link-up notification is not happening for em2 or we are somehow missing the first one. Can you try this patch and see if stp on em2 kicks into life. Can you also test unplugging/plugging the network cable for em2 and see if you get link change messages in your dmesg. Andrew That patch has done the job Andrew. Thanks. Under the patched kernel, if I log in straight away after boot up, at first I see em1 listening and em2 disabled. About 5 or 10 seconds later em2 goes into listening state and some time after that forwarding across the bridge starts. As an aside in case anyone notices, I just got a sinking feeling that I'd given you a red herring - I realised that there was an error in my rc.conf: ifconfig_bridge0="addm em1 stp em1 addm em2 stp em2 ifpriority em1 10 ifpriority em2 20 ifpathcost em1 10 ifpathcost 20 hellotime 2 maxage 5 fwddelay 6 priority 10 up" I left out the "em2" in defining the path cost for that member interface. However, I was able to reproduce the problem even after I corrected the rc.conf and booted using the unpatched kernel. Using the patched kernel it works either way. Regards, Nik ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
if_bridge steals IP address of non-member interface
I'm not sure if what I'm seeing is an artefact of me doing something unusual with my design or if there is a bug in if_bridge. I'm dividing my LAN into two parts using a pair of intel pro 1000 (em) interfaces in an if_bridge bridge. I've configured this bridge with STP (802.1d) although I don't think this should be the cause of the problem. On the same host which is doing the bridging, I've got another interface (fxp0) which is configured "normally", i.e. it has an IP address on the subnet which the bridge divides. Generally this setup works fine, however every now and then I find that the bridge is answering ARP who-has queries for the IP address assigned to fxp0. Here's a simplified example: My LAN is 192.168.0.0/24. The bridge host has 3 interfaces, fxp0, em0 and em1. em0 and em1 are members of the bridge fxp0 is configured with 192.168.0.10 netmask 255.255.255.0 for managing the host. em0 is plugged into switch A em1 is plugged into switch B fxp0 is plugged into switch A There are other hosts plugged into both switches and the bridge behaves as expected in transiting traffic between switch A and switch B. However, sometimes when a host on switch A tries to contact the bridge host itself using 192.168.0.10, rather than getting the mac address for fxp0, it gets the mac address for em0. I've tried putting arp -S statements to permanently fix the fxp0 MAC address to its IP address in my rc.local of the bridge host in case that is taken notice of, but this doesn't seem to affect things in any positive way. Regards, Nik ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: if_bridge steals IP address of non-member interface
Andrew Thompson wrote: On Tue, Mar 07, 2006 at 01:11:42PM +1100, Nik Lam wrote: I'm not sure if what I'm seeing is an artefact of me doing something unusual with my design or if there is a bug in if_bridge. I'm dividing my LAN into two parts using a pair of intel pro 1000 (em) interfaces in an if_bridge bridge. I've configured this bridge with STP (802.1d) although I don't think this should be the cause of the problem. On the same host which is doing the bridging, I've got another interface (fxp0) which is configured "normally", i.e. it has an IP address on the subnet which the bridge divides. Generally this setup works fine, however every now and then I find that the bridge is answering ARP who-has queries for the IP address assigned to fxp0. Can you try this patch. cheers, Andrew Hi Andrew, Your patch seems to have done the job. I have two identical (for all intents and purposes) machines, one patched the other not. I did a tcpdump for arp packets on both em0 and fxp0 of each host and initiated some arp who-has queries for the IP addresses attached to the fx0 interface on each host. On the patched machine only the fxp0 interface sent an arp-reply. On the unpatched machine not only did fxp0 reply but the em0 interface sent both it's mac as well as the mac of em1, the other side of the bridge. I've done this five times in a row and consistently got the same result. Thanks, Nik ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
