Willem Jan Withagen (wjw) writes:
>
> Now I'm pretty shure that ipfw does not stretch indefinitely to contain
> perhaps something like 100.000 ip-numbers (would be a nice test. :) )
Actually, it should.
> So I'd
> like to see if there is something to do with divert and some matching on a
Marcelo Gardini do Amaral <[EMAIL PROTECTED]> writes:
>
> I would like to discuss a little bit more about UDP performance. I've
> made some tests and the results may have some value here.
>
> In this test is easy to see that there is something different in the
> FreeBSD 6 branch.
1. Can y
Eric W. Bates (ericx_lists) writes:
>
> Apparently, openbsd's implementation of netstat allows one to view ESP
> 'flows' (I believe that is how they refer to them) by examining the
> family 'encap'
>
> netstat -rnf encap
>
> We have no such equivalent?
There are patches for allowing to
Eric W. Bates (ericx_lists) writes:
> When you establish an esp tunnel, the subnets on the remote end of the
> tunnel do not seem to appear in either "netstat -nr" or 'route get
> xxx.xxx.xxx.xxx'
>
> Is there a way to display those routes other than using setkey to dump
> the SPD's?
No,
Anton (ya007) writes:
> Hi all.
>
> I'm trying to configure resolver under FreeBSD 4.5.1. I have no BIND on the
> local machine. I have specified adresses of DNS servers, but it doesn't
> resolve names to IP adresses.
>
> * Here is the content of /etc/resolv.conf:
>
> domain my.domain
> name
Baldur Gislason (baldur) writes:
> I'd like to set up a load balancing and resiliance system to
> load balance between a bunch of web servers running Apache tomcat (slow java
> stuff).
> Ideally I'd like each client IP to get mapped to a certain server and keep
> that
> mapping throughout the ent
[EMAIL PROTECTED] (eculp) writes:
>
> I assume that you have seen the following:
>
> http://www.howtoforge.com/two_in_one_dns_bind9_views
That is definitely the right way to do it imho.
> I found it interesting although I haven't had time to give it a try
> especially since I'm thinkin
Bjoern A. Zeeb (bzeeb-lists) writes:
>
> You do not "route" IPsec traffic. You define apropriate policies and
> be done. You only need gif(4) if you really want to route and use a
> link-state protocol.
... and want to do egress filtering, prioritization, and other
things you can
Remko Lodder (remko) writes:
>
> Can someone either confirm my above statement that FreeBSD
> is indeed not capable of doing this?
FreeBSD does not yet have an "ipsec" or "enc" interface type
dynamically associated to IPsec tunnels, no. But you can
achieve pretty much the
Brian Candler (B.Candler) writes:
>
> So to make an update, you would have to unmount from box 2, remount RW on
> box 1, make the change, remount RO on box 1, and mount RO again on box 2.
To make it short: if you want a reliable NFS head, you need NetApp.
If you want to make failo
Dmitry Morozovsky (marck) writes:
>
> I suppose pinging pjd@ did not work? ;)
Good question -- why did Pawel not commit them himself if he could ? :)
Phil
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listin
Josef Karthauser (joe) writes:
> Dear current folk, I'm forwarding this thread from the -net list where I
> asked the question, is it possible to have more than one IP address in a
> jail? The answer is yes, with Pawel's patch. The question here is can
> I pursuade anyone to commit this to head a
Brian Candler (B.Candler) writes:
> How wedded are you to FTP? If this was a HTTP 'PUT' then a simple CGI could
> read in 100 bytes, check it is compressed (e.g. with libmagic), then copy
> through the rest of the file. The result from the PUT can be a HTML page
> saying "all OK" or "please compres
Josef Karthauser (joe) writes:
> Hi,
>
> I've got a jail on a machine running some web stuff and I need to add a
> second SSL web site to it. This would mean binding another IP address
> to the jail. Has anyone got a work around for this?
Yes, use Pawel's patches:
http://people
Brett Glass (brett) writes:
>
> I've got an application in which I must block incoming TCP
> connections to a FreeBSD server from a potentially large list of IP
> addresses. Using IPFW is not a very efficient way to accomplish
> this, because it must do a linear search of a list (either one
>
Brian Candler (B.Candler) writes:
>
> Another approach is to capture absolutely everything using libpcap into a
> userland process, and then post-process afterwards.
ports/net/ipfm - been using it for some years now.
> Another approach is to use statistical sampling - pick packets at ra
Norbert Koch (nkoch) writes:
>
> I know I could just use ppp, but the client side will be a windows
> machine and I do not want to have the overhead of a complete
> TCP/IP protocol on the serial line. And I also do not want to
> have to configure IP addresses.
>
> Does anybody know about some qui
Charles Swiger (cswiger) writes:
> >
> >Any suggestions? Is there some pcap option that I need to look at?
>
> If your dumps will fit into a RAM disk, use that, otherwise you're
> presumably [1] going to be limited to how fast you can scribble the
> packets to your disks. Figure out the fast
Florent Thoumie (flz) writes:
>
> Since it may take some time before distfiles are propagated to all ftp
> servers, get the distfiles here [2] and put them in
> ${DISTDIR}/openospfd/
>
> [1] http://people.freebsd.org/~flz/local/openospfd.shar
> [2] http://people.freebsd.org/~flz/distfiles/openosp
[EMAIL PROTECTED] (service_ist) writes:
> Hi,
>
> I've setup a server with 16 jails using 5.4. Right after bringing it up I
> wondered about its bad performance.
We need to know many things here:
- CPU, RAM, disk, disk layout, swap
What does disk I/O look like ? (gstat)
Marcos Bedinelli (bedinelli) writes:
>
> "If your system runs out of CPU (idle times are perpetually 0%) then
> you need to consider upgrading the CPU or moving to an SMP motherboard
> (multiple CPU's), or perhaps you need to revisit the programs that are
> causing the load and try to optimize
Marcos Bedinelli (bedinelli) writes:
> I should've mentioned before that we are trying to save some money
> here, therefore the idea is to add a second 2.4GHz Intel Xeon CPU to
> our current box.
>
> However, if there is consensus that a second processor will buy us
> nothing, we'll need to acq
Oleg Tarasov (subscriber) writes:
>
> net.key.preferred_oldsa=0
>
> I suggest to change the default value of this one to 0 in FreeBSD
> distribution.
This has been suggested for about 5 years now...
Phil
___
freebsd-net@freebsd.org ma
Jeremie Le Hen (jeremie) writes:
>
> I personally find the gif(4)/transport mode setup neater than the
> single tunnel mode - though I am not aware of initial constrains
> when IPSec RFCs were written - especially because one can look after the
> traffic going through the VPN link in a very natura
Douglass, Erik (EDouglass) writes:
> Hello,
>
>
>
> I know this may sound as if I am biting off a bit more than I can chew
> as I don't have much exp with FreeBSD or Unix. I work at a hotel, and
> have been tasked to implement a proxy for all of the guest rooms that
> displays an html legal di
Brian Candler (B.Candler) writes:
> The IPSEC documentation at
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html is
> pretty weird. It suggests that you encapsulate your packets in IP-IP (gif)
> encapsulation and THEN encapsulate that again using IPSEC tunnel mode.
> This is a
spoggle (dcornejo) writes:
> Does this sound feasible? Anyone have any other suggestions on how to
> pull this off?
I've done it with openvpn and bridging a tap device on both ends.
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.or
Nate Nielsen (nielsen-list) writes:
> No. I think each instance of natd (at least last time I looked at it)
> could only use one IP address as it's public address.
One could use probability rules to divert to different natds with
different NAT addresses, and use choparp / aliases t
Mike Jakubik (mikej) writes:
>
> And what is the point of all of this when we have OpenBSD's PF? ipfw and
> libalias is dead.
Hmm, I guess you'll have to convince the thousands of people using
ipfw and dummynet out there. I use both PF and IPFW, and both
have their advant
Garrett Mackey (garrett.mackey) writes:
> Hi there
>
> Anyone got a example of how they set up their freebsd host as a
> caching-only nameserver.
> I have followed the procedure in the handbook but am still having problems.
Which problems ?
> I would be particularly interested in sample
Donatas (donatas) writes:
> I wonder if there's any person who did some scripting like
> application layer analysis with network sniffer (like tcpdump) + apropriate
> firewall rule generation(like statefull ipfw rules) ?
You mean this ?
http://www.hsc.fr/ressources/outils/nstrea
Michal Vanco (vanco) writes:
> On Sunday 19 June 2005 21:54, Sten Daniel Sørsdal wrote:
> > Gleb Smirnoff wrote:
> > > My vote is that we should implement this functionality and make it
> > > switchable via sysctl. I'd leave the default as is.
> > >
> > > What is opinion of other networkers?
> >
>
Luigi Rizzo (rizzo) writes:
> Wait a bit -- next week iam going to review the code and
> MFC (with the structure that is in -current ie. the new code
> in a separate file, kern_poll.c).
Sounds good!
We're using the code here with 5 x fxps in our firewall, and the
load on
Dennis Pedersen (trm) writes:
>
> Uhm, you can also use a email add and a password
> [EMAIL PROTECTED]thekeything
> There are a bit about certificates in a kame newsletter, try looking on the
> site :)
>
> How did you solve the setkey setup if the ip adress is dynamic, do you have
> an e
34 matches
Mail list logo
