On Tue, Jan 25, 2005 at 06:38:42PM +0100, Jeremie Le Hen wrote:
> Are you thinking about the enc(4) interface [1] [2] provided with OpenBSD ?
Somewhat, although whilst enc(4) provides some of this functionality, its
role as far as I can see is mainly to provide a 'tapping point' for filtering
pack
Brian Reichert wrote:
On Mon, Jan 24, 2005 at 03:21:19PM -0800, Mihai Nitulescu wrote:
In the LAN i have the other machine application.example.com
I have some Public IP`s from my ISP :
193.231.43.25-30
255.255.255.248
I want to assign to application.example.com 193.231.43.27 and to route this
Darcy Buskermolen wrote:
It's been a while since the subject of ng_nat appeared on-list, I'm wondering
if there has been anymore work done on this?
not that I know of.
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo
Gleb Smirnoff wrote:
On Tue, Jan 25, 2005 at 09:09:53AM +0100, Andre Oppermann wrote:
A> Style-wise there is only the space after "(void )..." in ip_fw_pfil.c
A> for the ng_tee case which is too much.
Ok.
A> I don't like the arbitrary back-passing of errors from ng_ipfw. I'm
A> fine with EACCES,
On Mon, Jan 24, 2005 at 03:21:19PM -0800, Mihai Nitulescu wrote:
> In the LAN i have the other machine application.example.com
> I have some Public IP`s from my ISP :
>
> 193.231.43.25-30
> 255.255.255.248
>
> I want to assign to application.example.com 193.231.43.27 and to route this
> ip t
> I forgot to say in my original reply that I was using IPSEC transport
> mode. When I was discussing this with Bill Fenner he pointed out that
> there was no such thing as IPSEC 'interface mode', though there had
> been some discussion during the standards process about the need for
> such a thing
On Tue, Jan 25, 2005 at 06:11:20PM +0100, Jeremie Le Hen wrote:
[...]
> thus consuming too much bandwidth. In fact it appeared that my gif(4)
> interface is totally useless in my setup. I'm going to switch to
> transport mode ASAP and tell my friend he owes me and you all a beer.
I forgot to say
> Please do the following:
>
> ping -r -S 192.168.1.1 192.168.4.13 >/dev/null 2>&1 &
> netstat -I gif0 -w 1
> and see if any packets are counted.
Weirdly, although I get the ICMP echo-reply, the gif0 interface are
not updated.
%%%
yoda:sys# ping -qc 1 -r -S 192.168.1.1 192.168.4.13
PING 192
It's been a while since the subject of ng_nat appeared on-list, I'm wondering
if there has been anymore work done on this?
--
Darcy Buskermolen
Wavefire Technologies Corp.
ph: 250.717.0200
fx: 250.763.1759
http://www.wavefire.com
___
freebsd-net@freeb
Hello,
Since we see ESP traffic directly on the ep0 interface, packets are not
going through gif0 as stated in the routing table. IPsec SPD is
overriding the routing table, can you check (provide us) with setkey
-DP and setkey -D if no SPD is present from your net to 192.168.4.0/24
?
Regards,
> Interesting. It seems gif isn't passing anything back at all. Can you verify
> that the routes for the addresses you're pinging traverse gif0? I'd
> probably also try csjp@'s bpfstat tool to get a closer look at what's
> going on in bpf.
Yes they are (network on the other side of the tunnel is 1
> Please tell me more about your problem: is it that tcpdump cannot
> attach to device, or it shows no packets when you are sure there is
> traffic on the gif(4) interface, or something else? If there is some
> error report - send it here. Please check that you have free bpf
> device :-) . What ver
On Tue, Jan 25, 2005 at 04:02:55PM +0100, Jeremie Le Hen wrote:
> Does any one have other ideas ? It seems the code was partly written
> by sam@, brooks@ and [EMAIL PROTECTED]
Interesting. It seems gif isn't passing anything back at all. Can you verify
that the routes for the addresses you're pin
> Try tcpdump -L -i gif0 on the affected system and post what you get. You
> might need to install the port if the base system tcpdump doesn't
> have the -L option.
>
> If you get a list of encapsulations back, try using them with the -y
> option,,e.g.:
> tcpdump -y null -i gif0
I need inde
On Tue, Jan 25, 2005 at 03:33:27PM +0100, Jeremie Le Hen wrote:
> Well this is a start. But I would really like to make it work on
> RELENG_4. In fact, if bpf.h was not included in if_gif.c, I would not
> mind. But although I'm not (yet ;p) a kernel hacker, I read quickly
> bpf(9) manpage and I
> In a previous existence, I was able to tcpdump on a gif(4) interface;
> the tunnel was being used so that I could IPSEC-encapsulate multicast
> traffic which was necessary to get past some ISP filters (IPIP was
> being dropped at the border).
>
> This was in 5.2.1-RELEASE on a sparc64.
>
> Hope
On Tue, Jan 25, 2005 at 09:29:50AM +0100, Andre Oppermann wrote:
A> > On Tue, Jan 25, 2005 at 09:09:53AM +0100, Andre Oppermann wrote:
A> > A> I don't like the arbitrary back-passing of errors from ng_ipfw. I'm
A> > A> fine with EACCES, ENOMEM and ESRCH (if hook not connected) but nothing
A> > A>
Gleb Smirnoff wrote:
>
> On Tue, Jan 25, 2005 at 09:09:53AM +0100, Andre Oppermann wrote:
> A> I don't like the arbitrary back-passing of errors from ng_ipfw. I'm
> A> fine with EACCES, ENOMEM and ESRCH (if hook not connected) but nothing
> A> else. Getting back any other error is very confusing
On Tue, Jan 25, 2005 at 09:09:53AM +0100, Andre Oppermann wrote:
A> Style-wise there is only the space after "(void )..." in ip_fw_pfil.c
A> for the ng_tee case which is too much.
Ok.
A> I don't like the arbitrary back-passing of errors from ng_ipfw. I'm
A> fine with EACCES, ENOMEM and ESRCH (if
Brooks Davis wrote:
>
> On Sun, Jan 23, 2005 at 11:05:19AM +0500, Boris Kovalenko wrote:
> > And what this changes? Some switches totally ignore 802.1p. We're
> > talking about IEEE standard and should fully support it. Also, may You
> > point me where You have read this?
Chiming in somewhe
Gleb Smirnoff wrote:
>
> Dear collegues,
>
> pls review an updated patch bringing in ng_ipfw node. Differencies against
> previous patch:
>
> - packets coming from netgraph are queued, and later serviced by netisr
> - "ngtee" keyword introduced. A copy of packet is made, and it is sent
> int
Hello!
Is this patch looks ok for You now? Or should I do something more?
--
With respect,
Boris
--- sbin/ifconfig/ifconfig.h.orig Wed Jan 19 10:44:20 2005
+++ sbin/ifconfig/ifconfig.hFri Jan 21 09:11:22 2005
@@ -49,6 +49,8 @@
extern void setvlantag(const char *, int, i
22 matches
Mail list logo
