On 06/08/2012 01:31 PM, Eugene M. Zheganin wrote:
Hi.
I have an idea about new networking feature in FreeBSD.
I guess everyone is having ideas from time to time, and lots of these
idea having people think that they just had a decent idea. However,
only ideas that are complemented by a working
Hi List,
I am using FreeBSD 6.3 and ipfilter as the FW. When I receive an out
order fragment
of a UDP packet ipfilter drop its. I have a bimap setup mapping an external
routable address to a private address internal server also running
FreeBSD 6.3.
Is there some way to force FreeBSD to reassem
On 03/19/2011 04:34 AM, Eugene M. Zheganin wrote:
Hi.
On 18.03.2011 23:56, sth...@nethelp.no wrote:
Are you using IA_PD or IA_NA on your DHCPv6 server?
Since I didn't configure anything on a DHCPv6 server about PD, I
assume I'm using NA.
rtadvd can give you the default router.
DHCPv6 IA_N
Attila Nagy wrote:
Hello,
What I'm trying to accomplish is the following:
- there are two machines, connected over the internet (let's call them A
and B)
- when A tries to connect to B:port, or B to A:port (via TCP, port is
just a TCP port, in this case, 3306) the connection should be redirect
Peter wrote:
Hello,
I googled and didn't find an answer on how to clear the interface stats
that are
displayed by
netstat -ibndh
could someone point in the right direction?
Thanks,
Steve
--
"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety."
Hello,
I googled and didn't find an answer on how to clear the interface stats that are
displayed by
netstat -ibndh
could someone point in the right direction?
Thanks,
Steve
--
"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety." (Ben Franklin)
VANHULLEBUS Yvan wrote:
On Fri, Dec 12, 2008 at 06:45:20PM +0200, Artyom Viklenko wrote:
On Thursday 11 December 2008 14:39:58 VANHULLEBUS Yvan wrote:
[]
Actually, you can apply a patch to src/sys and recompile your kernel
with IPSEC_NAT_T options.
Patches are available here:
http://people
David DeSimone wrote:
Stephen Clark <[EMAIL PROTECTED]> wrote:
switch (proto) {
case IPPROTO_GRE:
hlen += sizeof(struct gre_h);
+
+ m->m_flags &= ~(M_DECRYPTED);
+
Are there security implications from removing this flag?
That i
Bjoern A. Zeeb wrote:
On Mon, 17 Nov 2008, Stephen Clark wrote:
Hi,
Bjoern A. Zeeb wrote:
On Fri, 14 Nov 2008, Robert Noland wrote:
Hi,
Also just using gre's without the
underlying ipsec tunnels seems to
work properly.
The reason for this to my knowledge is:
http://www.kame.ne
Bjoern A. Zeeb wrote:
On Fri, 14 Nov 2008, Robert Noland wrote:
Hi,
Also just using gre's without the
underlying ipsec tunnels seems to
work properly.
The reason for this to my knowledge is:
http://www.kame.net/dev/cvsweb2.cgi/kame/freebsd2/sys/netinet/ip_icmp.c#rev1.4
or looking at rece
Bjoern A. Zeeb wrote:
On Fri, 14 Nov 2008, Robert Noland wrote:
Hi,
Also just using gre's without the
underlying ipsec tunnels seems to
work properly.
The reason for this to my knowledge is:
http://www.kame.net/dev/cvsweb2.cgi/kame/freebsd2/sys/netinet/ip_icmp.c#rev1.4
or looking at rece
Julian Elischer wrote:
Stephen Clark wrote:
Stephen Clark wrote:
10.0.129.1 FreeBSD workstation
^
|
| ethernet
|
v
10.0.128.1 Freebsd FW "A"
^
|
| gre / ipsec
|
v
192.168.3.1 FreeBSD FW "B"
^
|
| ethernet
|
v
192.168.3.86 linux workstation
Also just
Stephen Clark wrote:
Robert Noland wrote:
On Thu, 2008-11-13 at 07:48 -0500, Stephen Clark wrote:
Julian Elischer wrote:
Stephen Clark wrote:
Julian Elischer wrote:
you will need to define the setup and question better.
thanks.. cleaning it up a bit more...
10.0.129.1 FreeBSD workstation
Robert Noland wrote:
On Thu, 2008-11-13 at 07:48 -0500, Stephen Clark wrote:
Julian Elischer wrote:
Stephen Clark wrote:
Julian Elischer wrote:
you will need to define the setup and question better.
thanks.. cleaning it up a bit more...
10.0.129.1 FreeBSD workstation
^
|
| ethernet
Julian Elischer wrote:
Stephen Clark wrote:
Julian Elischer wrote:
you will need to define the setup and question better.
thanks.. cleaning it up a bit more...
10.0.129.1 FreeBSD workstation
^
|
| ethernet
|
v
10.0.128.1 Freebsd FW "A"
^
|
| gre / ipsec
|
v
192.168.3
Robert Noland wrote:
On Wed, 2008-11-12 at 13:17 -0800, Julian Elischer wrote:
Stephen Clark wrote:
Julian Elischer wrote:
you will need to define the setup and question better.
thanks.. cleaning it up a bit more...
10.0.129.1 FreeBSD workstation
^
|
| ethernet
|
v
10.0.128.1
Julian Elischer wrote:
Stephen Clark wrote:
Hi,
When I run traceroute thru a gre it doesn't seem to decrement the
ttl, so I get * * * for that hop. Can this be fixed?
Thanks,
Steve
you will need to define the setup and question better.
TTL is controlled by the IP stack which is unawa
Hi,
When I run traceroute thru a gre it doesn't seem to decrement the
ttl, so I get * * * for that hop. Can this be fixed?
Thanks,
Steve
--
"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety." (Ben Franklin)
"The course of history shows that as
Mike Tancsa wrote:
At 11:21 AM 7/9/2008, [EMAIL PROTECTED] wrote:
I agree it should work. But it's not. With respect to the next two
questions, yes and yes.
Can you post some of the configs you are using for 3 of the sites so we
can perhaps spot the problem(s) you are having ? I have a sim
Hello List,
I am running ospf over a gre/vpn tunnel. When I run tcpdump on the gre interface
ospf stops working.
I see the following errors in the ospfd log.
2008/07/09 10:05:02 OSPF: *** sendmsg in ospf_write failed to 224.0.0.5, id 0,
off 0, len 68, interface gre1, mtu 1412: Network is down
2
[EMAIL PROTECTED] wrote:
Old Synopsis: Port mapping does not work
New Synopsis: FreeBSD 6.1+VPN+ipnat+ipf: port mapping does not work
Responsible-Changed-From-To: gnats-admin->freebsd-net
Responsible-Changed-By: linimon
Responsible-Changed-When: Sun May 18 22:45:21 UTC 2008
Responsible-Changed-W
Hello List,
Has anybody ever tried to use either ipf or ipfw to redirect packets
coming off of a gre interface?
When I try it I get the the packet repeated multiple times on the
destination interface. I have tried it
with both ipf and ipfw/natd with the same results.
I have packets coming i
Stephen Clark wrote:
Chuck Swiger wrote:
On Jan 22, 2008, at 1:44 PM, Stephen Clark wrote:
does anyone have a program that uses the divert socket to duplicate
an incoming packet so it can be
sent to another address.
Well, I assume you could start with the ipfw "tee" directive and
Chuck Swiger wrote:
On Jan 22, 2008, at 1:44 PM, Stephen Clark wrote:
does anyone have a program that uses the divert socket to duplicate
an incoming packet so it can be
sent to another address.
Well, I assume you could start with the ipfw "tee" directive and
/usr/src
Hello List,
does anyone have a program that uses the divert socket to duplicate an
incoming packet so it can be
sent to another address.
Thanks,
Steve
--
"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety." (Ben Franklin)
"The course of hi
Julian Elischer wrote:
Maxime Henrion wrote:
It appears that this patch fixed the problem. My gateway server
now has a nearly two days uptime, whereas previously it would have
probably crashed already. I'm attaching the final version of the
patch here, since the last one had build-time erro
Maxime Henrion wrote:
Replying to myself on this one, sorry about that.
I said in my previous mail that I didn't know yet what process was
holding the lock of the rtentry that the routed process is dealing
with in rt_setgate(), and I just could verify that it is held by
the swi1: net thread.
S
Luigi Rizzo wrote:
On Mon, Dec 10, 2007 at 11:22:33AM -0800, Chuck Swiger wrote:
On Dec 10, 2007, at 8:56 AM, rihad wrote:
Hi,
I'm having a hard time to understand what pipe queues are with
respect to bandwidth limitation. ipfw(8) and dummynet(4) manuals
didn't help me much.
Peter Jeremy wrote:
On Wed, Oct 24, 2007 at 02:17:37PM -0400, Stephen Clark wrote:
I must be doing something wrong. I can't seem to get proxy arp to work. Is
there some magic.
I've been using proxy ARP on FreeBSD between 4.x and 6.2 without problems
(though I think I s
Stephen Clark wrote:
Hello List,
I must be doing something wrong. I can't seem to get proxy arp to work.
Is there some
magic.
I have the following setup isp router 205.x.x.1 <-> 205.x.x.100/25 rl1
freebsd vr0 205.x.x.129/25
<-> 205.x.x.193/25
arp -an
(205.x.x.1) at 00:
Hello List,
I must be doing something wrong. I can't seem to get proxy arp to work.
Is there some
magic.
I have the following setup isp router 205.x.x.1 <-> 205.x.x.100/25 rl1
freebsd vr0 205.x.x.129/25
<-> 205.x.x.193/25
arp -an
(205.x.x.1) at 00:13:7f:5a:b5:50 on rl1 [ethernet]
(205.x.x.19
Netan wrote:
Hello
I am using the CURRENT release. I wish to dump the kernel routing table. I
think there was a sysctl interface in 4.x FreeBSD release to print it from
userspace. Is there a way to do it now ?..
Sunny
___
freebsd-net@freebsd.org mail
Hi List,
Our in house network configuration is using FreeBSD for our firewall. We
currently have it setup with
3 interfaces a public, private and DMZ. We our moving to a new facility
and our network engineer
says nobody is using DMZs any more and wants to just do NAT redirects
from our FreeBSD
Pyun YongHyeon wrote:
On Tue, Sep 11, 2007 at 03:01:53PM -0400, Robert Wojciechowski wrote:
> Hello,
>
>
>
> I'm the FreeBSD nfe driver from
> http://www.f.csce.kyushu-u.ac.jp/~shigeaki/software/freebsd-nfe.html
> with FreeBSD 6-stable with good results for the most part. The only
> issue
Artyom Viklenko wrote:
Artem Belevich wrote:
Here's one example where MTU!=MRU would be useful.
Think of asymmetric bandwith-limited ADSL links. Lower MTU would allow
lower TX latency for high priority packets when upstream is saturated,
yet large MRU on the downstream would be great for do
Eli Dart wrote:
see below...
Julian Elischer wrote:
Eli Dart wrote:
Stephen Clark wrote:
So was any decision reached on this issue - will FreeBSD changed
to accept a packet on an interface that is larger than the mtu on
that interface?
If possible, I'd like t
Mike Karels wrote:
A related change that should probably be discussed if we want to think more
about asymmetry in maximum transmission unit is this one:
revision 1.98
date: 2006/06/26 17:54:53; author: andre; state: Exp; lines: +2 -0
In syncache
Wes Peters wrote:
On 7/16/07, Sten Daniel Soersdal <[EMAIL PROTECTED]> wrote:
I guess it wouldn't hurt for the operating system to accept larger
frames, as long as only the correctly sized frames are transmitted.
There are alot of people, including myself, that assume a host can't
receive a
Sten Daniel Soersdal wrote:
Stephen Clark wrote:
Sten Daniel Soersdal wrote:
Stephen Clark wrote:
Hello,
Did something change in 6.2? If my mtu size on rl0 is 1280 it won't
accept a larger incomming packet.
kernel: rl0: discard oversize frame (ether type 800 flags
Chuck Swiger wrote:
On Jul 13, 2007, at 12:27 PM, Bill Moran wrote:
I agree with others that MTU means "limit what I transmit". It
does not
mean "limit what someone else can transmit to me."
Interesting viewpoint. I disagree with it, but I can't quote any
standard
or otherwise
Bill Moran wrote:
In response to Stephen Clark <[EMAIL PROTECTED]>:
Bill Moran wrote:
In response to Stephen Clark <[EMAIL PROTECTED]>:
Sten Daniel Soersdal wrote:
Stephen Clark wrote:
Hello,
Did something change in 6.2? If my mtu si
Bill Moran wrote:
In response to Stephen Clark <[EMAIL PROTECTED]>:
Sten Daniel Soersdal wrote:
Stephen Clark wrote:
Hello,
Did something change in 6.2? If my mtu size on rl0 is 1280 it won't
accept a larger incomming packet.
kernel: rl0: discard oversize f
Sten Daniel Soersdal wrote:
Stephen Clark wrote:
Hello,
Did something change in 6.2? If my mtu size on rl0 is 1280 it won't
accept a larger incomming packet.
kernel: rl0: discard oversize frame (ether type 800 flags 3 len 1514 > max
1294)
That is what to be expected.
Hello,
Did something change in 6.2? If my mtu size on rl0 is 1280 it won't
accept a larger incomming packet.
kernel: rl0: discard oversize frame (ether type 800 flags 3 len 1514 > max
1294)
I don't think it worked this way in the past.
Won't this affect pmtud?
man page for ifconfig says mtu l
Jeremie Le Hen wrote:
Hi,
I'm running a quite recent -CURRENT.
I don't understand what's happening. According to tcpdump(1) it seems
the two peers both keep acknowledging the same segment for ever.
(See the file attached.)
The peer is a Linksys router that have worked correctly for a while.
Tom Judge wrote:
Stephen Clark wrote:
Hello List,
We have a setup that looks like the following.
pc <-ethernet-> freebsd 4.9 <-pppoe-> internet <-ethernet-> freebsd 6.1
on the freebsd box we have a gre tunnel with a mtu of 1420 feeding into a
gif vpn tunnel with a mt
Alexander Motin wrote:
Stephen Clark wrote:
if the pc sends a packet of 1460 bytes with the DF bit set shouldn't the
freebsd 4.9 system
send back an icmp dest unreachable - fragmentation needed and DF bit
set?
Are you blocking icmp with a firewall filter?
Good que
Eli Dart wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Stephen Clark wrote:
if the pc sends a packet of 1460 bytes with the DF bit set shouldn't the
freebsd 4.9 system
send back an icmp dest unreachable - fragmentation needed and DF bit set?
Are you blocking icmp w
Hello List,
We have a setup that looks like the following.
pc <-ethernet-> freebsd 4.9 <-pppoe-> internet <-ethernet-> freebsd 6.1
on the freebsd box we have a gre tunnel with a mtu of 1420 feeding into a
gif vpn tunnel with a mtu of 1280 ( I know this dumb but it the default
value when you cr
Miroslav Lachman wrote:
Stephen Clark wrote:
Hello List,
We have a monitoring app that receives udp packets from units in the
field. We are in
the process of increasing the number of units we have reporting and are
seeing some
performance issues with our current hardware. I would like
Hello List,
We have a monitoring app that receives udp packets from units in the
field. We are in
the process of increasing the number of units we have reporting and are
seeing some
performance issues with our current hardware. I would like be able to
somehow route a
copy of each packet to ano
Bruce M Simpson wrote:
On Sun, May 14, 2006 at 03:00:44PM +0100, Bruce M Simpson wrote:
So I will be updating the patch in the next 24 hours. Given that it
seems stable for values 2047 <= n <= 4095 with SOCK_DGRAM I am inclined
to commit with the maximum raised to 4095 and lazy allocation in
Bruce M Simpson wrote:
Hello,
On Fri, May 12, 2006 at 02:12:27PM +0100, Bruce M Simpson wrote:
Therefore, joining the same group 20 times on different interfaces
would exceed IP_MAX_MEMBERSHIPS.
Fixing this in any way would still break the ip_mroute_kmod ABI and
as such is a HEAD change.
Robert Watson wrote:
On Tue, 9 May 2006, Bruce M Simpson wrote:
On Tue, May 09, 2006 at 01:28:01PM +0100, Bruce M Simpson wrote:
A user recently reported a problem with running into IP_MAX_MEMBERSHIPS
on a system running FreeBSD with IPv4 forwarding enabled, and running
the OSPF routi
Hi,
I am experiencing a problem on FreeBSD 4.9, yes I know this is ancient
history but I am stuck
with it for the time being, that exhibits itself as the ipintrq.ifq_len
slowly growing until it finally
reaches ipintrq.ifq_maxlen and the network stop responding because there
is no place
to put
55 matches
Mail list logo