Ari Suutari wrote:
ipfw setnexthop g2.g2.g2.g2 tcp from any to any defaultroute
Looking at code, maybe "defaultroute" option should be named
verdstreach ?
Ari S.
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listi
Luigi Rizzo wrote:
I really believe the "setnexthop" action is the best approach.
I'll start implementing this approach today if other work permits.
I think I'll also add new rule option "defaultroute" which matches if
packet destination has no specific route in routing table. That would
make i
From: Mrad James Deane
>
> hello i want to know how the www user with uid:80 can print
> on a priviliged port like 80 rather the root user im very
> in trouble i did not find a solution yet mac_portacl is one
> but it is very experimental please help. thanks
Most daemons that bind to "priveleged
- Original Message -
From: "Ryan Rathje " <[EMAIL PROTECTED]>
To:
Sent: Wednesday, June 22, 2005 9:33 PM
Subject: Transparent Squid 2.5Stable10 + FreeBSD 5.4
> Fooler,
> Thanks for the suggestion thus far, it did clear some up. When I use
your
> suggestion of:
>
> ipfw add fwd 127.0.
I think that the following sysctls do the trick
[EMAIL PROTECTED] sysctl net|grep reserv
net.inet.ip.portrange.reservedhigh: 1023
net.inet.ip.portrange.reservedlow: 0
marco
According to that, one could lower the reservedhigh value to 79, or
increase the reservedlow to 81, but I don't think
> i don;t understand what is the problem in defining a second action
> 'setnexthop' which behaves as a nonblocking 'forward'. Implementationwise
> you can share most of the code, it is just a matter of putting and
> perhaps a flag in the structure that stores the nexthop depending
> on the action
On Wed, Jun 22, 2005 at 08:34:00PM +0200, Jeremie Le Hen wrote:
> Hi Luigi,
>
> > yes but it is a different action and you may want both types
> > of rules in the same ruleset, so a sysctl is out of discussion.
> > I really believe the "setnexthop" action is the best approach.
>
> IMHO, making th
Hi Luigi,
> yes but it is a different action and you may want both types
> of rules in the same ruleset, so a sysctl is out of discussion.
> I really believe the "setnexthop" action is the best approach.
IMHO, making the "fwd" action non-terminal (as the "count" action)
is the best way to achieve
On Wed, Jun 22, 2005 at 07:19:44PM +0300, Ari Suutari wrote:
> > yes i think you should reuse the tag, just add a new opcode so that
> > the action is attach the mtag to the mbuf if not there yet
> > (maybe override its content if you believe you could match multiple rules of
> > this type) and the
yes i think you should reuse the tag, just add a new opcode so that
the action is attach the mtag to the mbuf if not there yet
(maybe override its content if you believe you could match multiple rules of
this type) and then continue processing as in a 'count' action.
Differences to "ipfw fwd" se
On Wed, 22 Jun 2005 16:14:06 +0100
Bruce M Simpson <[EMAIL PROTECTED]> wrote:
> On Wed, Jun 22, 2005 at 05:01:17PM +0200, Mrad James Deane wrote:
> > hello i want to know how the www user with uid:80 can print on a
> > priviliged port like 80 rather the root user im very in trouble i
> > did not
On Wed, Jun 22, 2005 at 05:01:17PM +0200, Mrad James Deane wrote:
> hello i want to know how the www user with uid:80 can print on a priviliged
> port like 80 rather the root user im very in trouble i did not find a
> solution yet mac_portacl is one but it is very experimental please help.
> tha
hello i want to know how the www user with uid:80 can print on a priviliged
port like 80 rather the root user im very in trouble i did not find a
solution yet mac_portacl is one but it is very experimental please help.
thanks
_
MS
On Wed, Jun 22, 2005 at 02:53:46PM +0200, Andre Oppermann wrote:
...
> > i suggest to implement a new action 'setnexthop' which stores the
> > next hop as an MTAG with the packet (so it is preserved if the
> > packet gets passed to dummynet).
>
> Please don't store routing table pointers. All the
Fooler,
Thanks for the suggestion thus far, it did clear some up. When I use your
suggestion of:
ipfw add fwd 127.0.0.1,3128 tcp from any to any 80 in via em0
1 FreeBSD configured as a gateway with 2 nics
sis0 - outside world nic
em0 - internal network nic
it appears to have some communica
Luigi Rizzo wrote:
>
> On Tue, Jun 21, 2005 at 09:27:30AM +0300, Ari Suutari wrote:
> > Hi,
> >
> > I sent this to ipfw mailing list some time ago, but
> > got no response. I would like to adjust ipfw behaviour
> > with fwd rules to make policy routing easier (ie. make
> > it separete from filteri
On Wed, Jun 22, 2005 at 01:40:35PM +0300, Ari Suutari wrote:
> Hi,
>
> Luigi Rizzo wrote:
> > i suggest to implement a new action 'setnexthop' which stores the
> > next hop as an MTAG with the packet (so it is preserved if the
> > packet gets passed to dummynet).
>
> I took a quick look at
Hi Luigi,
> But perhaps, rather than a specific next hop, maybe you want to
> pass a reference to a different routing table instead ?
How to you achieve this ? I've never heard of multiple routing tables
in FreeBSD, except with the vimage patch [1] from Marco Zec.
Regards,
[1] http://www.tel.f
Hi,
Luigi Rizzo wrote:
i suggest to implement a new action 'setnexthop' which stores the
next hop as an MTAG with the packet (so it is preserved if the
packet gets passed to dummynet).
I took a quick look at how ipfw forward has been implemented.
It seems to use PACKET_TAG_IPFO
19 matches
Mail list logo
