While using tcpdump to debug a new VLAN config, I noticed some problems and
wanted to ask whether I was simply doing something wrong.
I have 3 vlan interfaces attached to an fxp. The 3 vlan are bridged, but
the fxp is not included in the group. The fxp has no IP. vlan0 has the IP
for the bridge
> From: Don Bowman [mailto:don@;sandvine.com]
> Take a 4.7 image. Using if_em (if it matters). Turn on
> bridging (em0, em2), add these ipfw rules:
...
Here's the same thing again with -g on.
#0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
#1 0xc01b1783 in boot (howto=260) at /usr/src/s
Take a 4.7 image. Using if_em (if it matters). Turn on
bridging (em0, em2), add these ipfw rules:
ipfw add 305 prob 0.01 drop MAC any 00:04:76:f3:2d:0a setup
ipfw add 310 prob 0.01 reject MAC any 00:04:76:f3:2d:0a setup
ipfw add 320 prob 0.01 unreach host MAC any 00:04:76:f3:2d:0a setup
ipfw ad
On Tue, Oct 22, 2002 at 03:48:13PM -0300, Marc G. Fournier wrote:
> On Tue, 22 Oct 2002, Luigi Rizzo wrote:
...
> > Or if you are just happy to aggregate by IP, one solution i often
> > use is the following (based on dummynet's dynamic pipes):
> >
> > # do not expire pipes even if they have
On Tue, 22 Oct 2002, Luigi Rizzo wrote:
> let me understand, you basically want something that puts flow statistics
> in the bucket identified by the of the first SYN
> packet you see (the assumption being that connections are
> initiated by clients towards a well known port, which appears
> as d
let me understand, you basically want something that puts flow statistics
in the bucket identified by the of the first SYN
packet you see (the assumption being that connections are
initiated by clients towards a well known port, which appears
as dst-port in the first syn packet ?
Or if you are ju
layer-2 forwaed is not supported, and the reason is that forwarding
occurs at a different layer.
One way to implement this feature is the following:
+ in bdg_forward(), when a packet matches a "forward" action,
somehow mark the packet as having a local destination
(e.g. overwrite the MAC
For this kind of thing I usualy use ntop with the cflow connector to output
the flow data as regular CISCO flowd stuff. This data can then be analysed
using tools like rdd and friends.
On Tuesday 22 October 2002 10:47, Marc G. Fournier wrote:
> I've got FreeBSD setup as a firewall to our campus
I've got FreeBSD setup as a firewall to our campus network, and its doing
a great job of it, but we want to be able log statistics on traffic going
in and out ...
I have trafd running on the server, with it dumping its data to a
PostgreSQL database, but for every ~8min "segment", it is logging ~1
On Tue, 22 Oct 2002, Marc G. Fournier wrote:
> Just a quick question ... how does the OS determine the 'source port' when
> connecting to a remote site? is it reasonably safe to assume that the
> lower of the two ports is the dest port? for instance, if I try to telnet
> to a remote site where
On Tue, 22 Oct 2002, Marc G. Fournier wrote:
> Just a quick question ... how does the OS determine the 'source port' when
> connecting to a remote site?
The OS picks one from a pool of ports, unless told to use one
explicitly. These are called ephemeral ports.
> is it reasonably safe to assume t
On Tue, Oct 22, 2002 at 11:34:28AM -0300, Marc G. Fournier wrote:
>
> Just a quick question ... how does the OS determine the 'source port' when
> connecting to a remote site? is it reasonably safe to assume that the
> lower of the two ports is the dest port? for instance, if I try to telnet
> t
Just a quick question ... how does the OS determine the 'source port' when
connecting to a remote site? is it reasonably safe to assume that the
lower of the two ports is the dest port? for instance, if I try to telnet
to a remote site where the remote site is running a service on port 6667,
is
Hi,
I found packet forwarding by 'ipfw fwd' doesn't work for bridged
configuration - linking 2 ethernet cards. I use bridged firewall for
our office network, I tried to configure transparent proxy in the
level of firewall.
I looked the code contains bdg_forward() in sys/, but I found only it
is
On Tue, 22 Oct 2002, Mike Silbersack wrote:
> In trying to figure out why if_xl's mii_tick is such a pig, I think I've
> stumbled upon a bug in -current's MII routines which I'd like confirmation
> on before I go ahead and fix.
> ...
> In the original version (which is still present in -stable), t
15 matches
Mail list logo
