On 2/8/08, Kurt Buff <[EMAIL PROTECTED]> wrote:
>
> All,
>
> My company is getting a fractional DS3 in the near future, and I've
> acquired a Sangoma a301 card to handle the interface.
>
> We're retaining one of the T1s we currently have, from a different
> provider, and we're intent on using BGP t
amp; Redundancy. This
patch is for load balancing only.
HSRP has nothing to do with load balancing and is Cisco
proprietary. VRRP has little to do with outbound load balancing
as well.
Nick Rogness <[EMAIL PROTECTED]>
-
How many people here have telekenetic
ation. I don't know if anything has
changed recently concerning this.
Nick Rogness <[EMAIL PROTECTED]>
- Don't mind me...I'm just sniffing your packets
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
t possible to use multiple NICs on
> the same subnet, since the IP stack would not know which interface to
> use to transmit packets, since it could not use its routing table (as
> the network is the same). But my argument would be, of course it
> should use the interface, which was
On Sun, 7 Apr 2002, Crist J. Clark wrote:
> On Sun, Apr 07, 2002 at 08:25:33PM -0500, Nick Rogness wrote:
> >
[SNIP]
> >
> > AFAIK, the route to get from 1 interface to the other is not
> > through the lo0. I'm not sure if the kernel sends these packets
&g
>On Sat, 6 Apr 2002, Crist J. Clark wrote:
>> On Sat, Apr 06, 2002 at 01:57:44PM -0600, Nick Rogness wrote:
>>
>>> On Fri, Apr 05, 2002 at 06:48:09PM -0600 I heard the voice of
>>> On Fri, 5 Apr 2002, Matthew D. Fuller wrote:
>>>
>>> You MIG
On Fri, 5 Apr 2002, Matthew D. Fuller wrote:
> On Fri, Apr 05, 2002 at 06:48:09PM -0600 I heard the voice of
> Nick Rogness, and lo! it spake thus:
> > On Fri, 5 Apr 2002, Alex Rousskov wrote:
> > >
> > > - Is it possible without kernel modifications? How?
> &
to test "transparent proxies" (clients think
> they send requests directly to servers).
>
>
There is probably a better solution than trying to hack the kernel
to do this. From the above paragraph, it sounds like you could
bridge across the 2 interfaces an
eebsd-net.
Nick Rogness <[EMAIL PROTECTED]>
- Don't mind me...I'm just sniffing your packets
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
On Sun, 17 Feb 2002, Zviratko wrote:
>
[SNIP]
>
> I will try that, but I guess default route has precedence over ipfw.
Not in the case of ipfw fwd. The routing decision seems to be
made before ipfw fwd changes the packet.
Nick Rogness <[EMAIL PROTECTED]>
to no socket
26514 dropped due to full socket buffers
0 not for hashed pcb
1870484 delivered
1854002 datagrams output
Any help would be greatly appreciated.
Nick Rogness <[EMAIL PROTECTED]>
- Don't mind me...I'm just sniffing your packets
To Uns
On Wed, 30 Jan 2002, Naga R Narayanaswamy wrote:
> Nick Rogness wrote:
> Which radius server package are you using. Because I know there are
> different
> port packages for radius server.
Radiator.
> After how long (days or hours) did you encounter this problem?
>
On Wed, 30 Jan 2002, Nick Rogness wrote:
>
> Our Radius server seems to stop functioning after a while. netstat
> -an reports:
>
> Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
>
> [SNIP]
> udp
network (5% of mb_map in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines
I tried Increasing net.inet.udp.recvspace with no luck. WHat is going on?
The Radius server receives the UDP packets but never seems to send the
back.
Nick Rogness <[EM
if the patch will help you in that manner
anyway.
Nick Rogness <[EMAIL PROTECTED]>
- Don't mind me...I'm just sniffing your packets
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
frames to do the forwarding between interfaces.
Nick Rogness <[EMAIL PROTECTED]>
- Don't mind me...I'm just sniffing your packets
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
On Fri, 28 Dec 2001, Julian Elischer wrote:
>
>
> On Fri, 28 Dec 2001, Nick Rogness wrote:
>
> > On Fri, 28 Dec 2001, Julian Elischer wrote:
> > >
> >
> > Um, so you can now fwd based on incoming packets? EX:
> >
> > ipfw fwd 1
0.1.2.3 ip from any to 1.1.1.1 out recv ed0 xmit xl0
Nick Rogness <[EMAIL PROTECTED]>
- Don't mind me...I'm just sniffing your packets
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
lility is that you are being filtered elsewhere.
>
> How should I do to let them work together? (gated or routed???)
It depends if you are trying to achieve redundancy with these 2
providers. if so, you will need to run BGP.
And another thing, questions like this sh
On Wed, 19 Sep 2001, Tony Saign wrote:
> Has anyone used LaBrea successfully on a FreeBSD box?
>
Moved to freebsd-questions.
Nick Rogness <[EMAIL PROTECTED]>
- Keep on Routing in a Free World...
"FreeBSD: The Power to Serve!"
To Unsubscribe: send mail to
On Fri, 14 Sep 2001, x x wrote:
> Is it possible to use a signale FreeBSD box to serve as a NAT and IPSEC
> gateway? I can get either to work, but not both. Thanks.
Yes. Don't send the IPSEC packets through nat. Use gif tunnels
instead.
Nick Rogness <[E
tions" (for example, so as to not be any more
> "disruptive" than necessary to the base-OS configs)?
In /etc/rc.conf:
firewall_enable="YES"
gateway_enable="YES"
natd_enable="YES"
natd_interface="ppp0"
N
o the slowdown.
Turn on natd logging when this occurs and see what is
happening. Submit log if necessary.
Nick Rogness <[EMAIL PROTECTED]>
- Keep on Routing in a Free World...
"FreeBSD: The Power to Serve!"
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
On Tue, 10 Jul 2001, Julian Elischer wrote:
>
>
> On Tue, 10 Jul 2001, Nick Rogness wrote:
> > You need to add another rule:
> >
> > ipfw add divert natd all from $
will only work if
your non-diverted traffic is using a different public IPs...which
I'm assuming you are.
Nick Rogness <[EMAIL PROTECTED]>
- Keep on Routing in a Free World...
"FreeBSD: The Power to Serve!"
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
r the web for more information. See also ipfw man
page.
Of course, there are other ways to do this, but firewalling is
probably best suited for this task.
Nick Rogness <[EMAIL PROTECTED]>
- Keep on Routing in a Free World...
"FreeBSD: The Power to Serve!"
and gif(4) multi-destination
> mode uses it to determinte outer header).
Which would be fine. It would be nice to have a way to grow these
gif tunnels on the fly, then nos-tun could be strapped as well.
Nick Rogness <[EMAIL PROTECTED]>
- Keep on Routing in a Free World
should be sufficient.
On another side note, I would seriously look at splitting off your
DMZ to another network...but, of course, it's your ass not mine.
Nick Rogness <[EMAIL PROTECTED]>
- Keep on Routing in a Free World...
"FreeBSD: The Power to Serve!"
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
DMZ onto it's own ethernet card and switch like so:
Public (Router)
|
fxp0
|
BSD --fxp2---DMZ
|
fxp1
|
Private Net
/ \
0.16): 56 data bytes
ping: sendto: Input/output error
ping: sendto: Input/output error
Input/output error...? Someone have some ideas?
Nick Rogness <[EMAIL PROTECTED]>
- Keep on Routing in a Free World...
"Fr
login and receive tunnel
endpoints, routing info, updates and such.
I'm sure this won't suffice but I will send it to you for your own
hacking pleasure if you wish. Or hell, I'll even modify it so it
fits your needs.
Nick Rogness <[EMAIL PROTECT
from the
> box it's in. I can manually add a route, but I still can't ping the
> interface itself.
>
> What have I missed?
xl0 and xl1 are part of the same network...that is a no-no unless
you are bridging.
Nick Rogness <[EMAIL PROTECTED]>
- Keep on Ro
On Sat, 7 Apr 2001, Nick Rogness wrote:
>
> Multi-Destination gif tunnel
>
> Anybody had any success at setting these things up? I have a couple of
> questions...maybe someone can answer:
Since noone answered the mail, I will post the solution in case
someone
ing table setup."
Ok, what about the inner header setup?
And what about the outside destination ip? How do you
configure that to go out gif0 ? With the -iface flag [tried it
didn't work].
Talk to me Goose!!
Nick Rogness <[EMAIL PROTECTED]&g
orth (whichever
> is easier).
>
> Here's what I've tried:
>
> 1. ipfw + 2xnatd, doesn't seem to work, since ipfw rules can't randomly
> choose on of two rules (AFAIK)
Check out the probability stuff in ipfw. There has been a battle
ove
have enabled
> router_enabled="YES" and router="gated" (also tried with "routed") the
> network mask is set as above, though the defaultrouter is set to the router
> of the external network (129.94.232.254)
>
What routing protocol do you have
/dev/cuaa0 ?
You probably don't have com1 turned on or your kernel is not built
with support for `device sio0`.
Nick Rogness <[EMAIL PROTECTED]>
- Keep on Routing in a Free World...
"FreeBSD: The Power to Serve!"
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
or some
unkown reason, *expect* a routing daemon to learn a direct route
to this network or indirect gateway (not a good idea).
That's the only reason I can think of off the top of my head...I'm
sure there's other reasons.
Nick Rogness <[EMAIL PR
the BSD folk...which is understandable...because you would be
breaking the rules. I understand.
PS:
This is not a hack for me, Wes, I suggested it after working with
several people having this same problem. There is a workaround
that is pretty ugly so
On Sat, 17 Mar 2001, Julian Elischer wrote:
> Alex Pilosov wrote:
> >
> > On Sat, 17 Mar 2001, Nick Rogness wrote:
> >
> > > There is no way to tell your packet to go back out to ISP #2. That is the
> > > point I'm trying to get across. Unless
7;s, but it is ugly.
After all, this seems to be a common setup with FreeBSD. If you
want to BGP peer with someone, buy a Cisco.
Nick Rogness <[EMAIL PROTECTED]>
- Keep on routing in a Free World...
"FreeBSD: The Power to Serve!"
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
On Sat, 17 Mar 2001, Alex Pilosov wrote:
> On Sat, 17 Mar 2001, Nick Rogness wrote:
>
> > > b) route-cache means fast lookup of destination gateway. Lookup of
> > > destination gateway may be slow (see d), and it makes sense to keep track
> > > of a TCP connecti
On Sat, 17 Mar 2001, Alex Pilosov wrote:
> On Sat, 17 Mar 2001, Nick Rogness wrote:
>
> > There is no way to tell your packet to go back out to ISP #2. That is the
> > point I'm trying to get across. Unless your running a routing
> > daemon. But is that reall
On Sat, 17 Mar 2001, Nick Rogness wrote:
More clarification.
>
> > I completely fail to see that you have actually stated a problem yet.
> >
> > What exactly is the problem you think you're trying to solve here?
> >
>
> Consider the followi
re running nat in this caseyour hosed.
You can check out route-cache at Cisco's online site. It may help
to clarify as to why you would want to do this.
If you check the -net mailing list this problem re-occurs over and
over and over and over and over. T
or is there another
way (besides building it with a huge number up front)? Whereas
with nos-tun you just MAKEDEV a new tunnel device and your in
business.
Nick Rogness <[EMAIL PROTECTED]>
- Keep on routing in a Free World...
"FreeBSD: The Power to Serve!"
On Fri, 16 Mar 2001, Jeroen Ruigrok/Asmodai wrote:
> -On [20010310 04:00], Nick Rogness ([EMAIL PROTECTED]) wrote:
> >
> >Is anyone working on route caching functionality within FreeBSD? This
> >would eliminate a lot of problems with using FreeBSD as a router...which
&g
nk 'duh stupid'.
Anyway, Thanks for the reply...I appreciate it.
[Sorry for the rant].
Nick Rogness <[EMAIL PROTECTED]>
- Keep on routing in a Free World...
"FreeBSD: The Power to Serve!"
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
ecause, when i configure the
> secondaries to use an internal address of the primary dns server
> (which has a keep-state allow all internal rule) in my test
> environment, the updates occur as expected.
yes, it is a firewall issue.
Nick Rogness <[EMAIL PROTECTED]>
- Keep
maybe a ifconfig option?
Nick Rogness <[EMAIL PROTECTED]>
- Keep on routing in a Free World...
"FreeBSD: The Power to Serve!"
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
On Wed, 7 Mar 2001, Nick Rogness wrote:
ACK! I read your email wrong. I responded with the correct
reply...please void the message below.
> >
> > Won't your example below show all outbound traffic from the same
> > external ip, the ip that natd uses?
On Wed, 7 Mar 2001, Nick Rogness wrote:
ACK! Read your message wrong...let me clarify.
> On Wed, 7 Mar 2001, Peter Brezny wrote:
>
> >
> > Let's say I had two internal subnets that i'd like to nat with different
> > external ip's, while also
ule is running on...and
even then it is very tricky.
If you search the archives back a couple of days, I gave an
exmaple of how you would approach a problem like this.
Nick Rogness <[EMAIL PROTECTED]>
- Keep on routing in a Free World...
"FreeBSD: The Po
leset would look like this:
...
ipfw divert 8668 ip from any to any via fxp0
ipfw fwd A.A.A.A ip from external_range_1 to any out via fxp0
ipfw fwd B.B.B.B ip from external_range_2 to any out via fxp0
...
...
Where A.A.A.A is the gateway address of the external_range_1 and B.B.B.B
is the gateway ad
On Wed, 7 Mar 2001, Andy [TECC NOPS] wrote:
> Can anyone point out the obvious mistake
> I must be making?
In /etc/rc.conf:
firewall_enable="YES"
I can't remember if you need this even if the kernel is compiled
with IPFIREWALL
re a tad tricky. Using
a combination of skipto's, natd's, and fwd it seems to work
OK. If anyone would like more detail (config files, etc) please
let me know.
There may be a better solution...anyone?
Nick Rogness <[EMAIL PROTECTED]>
- Keep on routing in a Free World...
"FreeBSD: The Power to Serve!"
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
;inet... netmask ... broadcast... media ???"
mediaopt full-duplex
Nick Rogness <[EMAIL PROTECTED]>
- Keep on routing in a Free World...
"FreeBSD: The Power to Serve!"
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
ipfw add 501 allow udp from $ns1 53 to any out via $outside_int
DNS (source port) requests will not necessarily run on port 53.
Nick Rogness
- Keep on routing in a Free World...
"FreeBSD: The Power to Serve "
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
orwarded to the address even though they weren't. That was the
confusing part. A little rewording on the man page would help.
Thanks for the clarification.
Nick Rogness
- Keep on routing in a Free World...
"FreeBSD: The Power to Serve "
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
.1.1.1
# ifconfig gif0 10.1.1.2 10.1.1.1 netmask 255.255.255.252
# route add -net 192.168.1.0 10.1.1.1 -netmask 255.255.255.0
That should be all you need. Like I mentioned earlier, also make
sure that your firewall is letting it through.
Nick Rogness
- Keep on routing i
onnect
interface. Most OS's do the same thing with directly connect
interfaces.
Nick Rogness
- Keep on routing in a Free World...
"FreeBSD: The Power to Serve "
> > -Original Message-
> > From: Mudhar,PS,Parminder,CEG2 R
> > Sent:
'out via xl0' I start seeing
incoming packets on the 192.168.10.1 host. Do IPFW Forward rules only
apply to outgoing style rules?
Nick Rogness
- Keep on routing in a Free World...
"FreeBSD: The Power to Serve "
To Unsubscribe: send mail to [EMAIL PROTECTED]
with &quo
file "generic_file.db";
}
Am I correct in my assumption?
Nick Rogness
- Keep on routing in a Free World...
"FreeBSD: The Power to Serve "
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
unable to make the zone
> transfers...
>
> have i missed something big and zone transfers require more than just port
> 53?
Zone transfer work on port 53 TCP.
Nick Rogness
- Keep on routing in a Free World...
"FreeBSD: The Power to Serve "
To Unsubscr
e difficult than just
redundant routing.
These answers are all relative to how you are connected and what
your network looks like. Most likely, BGP will be your answer.
Best of luck.
Nick Rogness
- Drive defensively. Buy a tank.
To Unsubscribe: send mail to [EM
viders. It is one of those things
that if you screw up, the rest of the internet suffers (Which has
happened before).
For a reference ,check out "Internet Routing Architectures" by
Halabi. It is a great book and is pretty much the BIBLE when
talk
ace, etc,etc the hard way. Maybe
someone has a tool?
Nick Rogness
- Drive defensively. Buy a tank.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
erface option?
> >
Can you ping the inside interface on your FreeBSD machine from
your Win2K box? What does tcpdump show? Change your firewall
rule 65000 to "log" and look at the firewall logs.
Nick Rogness
- Drive defensively. Buy a tank.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
it's set
> up right, so, I am wondering if I'm doing something wrong in FreeBSD.
>
> Below I've included the output from ifconfig -a, netstat -rn and netstat
> -in. Any help would be greatly appreciated.
>
Nick Rogness
- Drive defensively. Buy a tank.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
69 matches
Mail list logo
