Artem Viklenko via freebsd-net wrote:
> >>
> >>> pass in quick on $int_if inet proto tcp from $server to any flags S/SA
> >>> keep
> >>> state allow-opts tag SERVER
> >>
> >> 2.
> >>
> >>> block return-rst out log quick on $mob_if inet proto tcp to any port 25
> >>> tagged SERVER
> >>
> >> You
On 04.04.19 08:22, Artem Viklenko via freebsd-net wrote:
04.04.19 07:30, Victor Sudakov пише:
1.
pass in quick on $int_if inet proto tcp from $server to any flags S/SA keep
state allow-opts tag SERVER
2.
block return-rst out log quick on $mob_if inet proto tcp to any port 25
tagged SERVER
04.04.19 07:30, Victor Sudakov пише:
1.
pass in quick on $int_if inet proto tcp from $server to any flags S/SA keep
state allow-opts tag SERVER
2.
block return-rst out log quick on $mob_if inet proto tcp to any port 25 tagged
SERVER
You have already passed the packet with "quick" in th
Artem Viklenko via freebsd-net wrote:
> >>>
> >>> I'm trying to migrate some firewall rules from ipfw to pf. As pf does
> >>> NAT first and filtering after NAT, I have a problem doing the following:
> >>>
> >>> 1. All 192.168.0.0/16 addresses should be translated to the real IP of
> >>> the externa
Hi!
On 02.04.19 10:03, Victor Sudakov wrote:
Sergey Akhmatov wrote:
I'm trying to migrate some firewall rules from ipfw to pf. As pf does
NAT first and filtering after NAT, I have a problem doing the following:
1. All 192.168.0.0/16 addresses should be translated to the real IP of
the externa
Sergey Akhmatov wrote:
> >
> > I'm trying to migrate some firewall rules from ipfw to pf. As pf does
> > NAT first and filtering after NAT, I have a problem doing the following:
> >
> > 1. All 192.168.0.0/16 addresses should be translated to the real IP of
> > the external interface.
> >
> > 2.
Hello, Victor.
Try using "no nat".
table {8.8.8.8, . }
nat pass on $ext_if from 192.168.3.0/24 to -> $(ext_if)
no nat on ext_if from 192.168.3.0/24 to any
nat pass on $ext_if from 192.168.0.0/16 to any -> $(ext_if)
On 01/04/2019 06:34, Victor Sudakov wrote:
Dear Colleagues,
I'm trying t
Dear Colleagues,
I'm trying to migrate some firewall rules from ipfw to pf. As pf does
NAT first and filtering after NAT, I have a problem doing the following:
1. All 192.168.0.0/16 addresses should be translated to the real IP of
the external interface.
2. A subset of the 192.168.0.0/16, for ex
17.12.2017 17:59, Sami Halabi wrote:
> Hi Eugene,
> I'm looking for a solution for IP traffic. in linux iptables its possible but
> I couldn't find freebsd way yet.
> bkuncr soulution works for tcp only.
Then, you need to realize that for every packet, you need to change (translate)
both of sour
Hi Eugene,
I'm looking for a solution for IP traffic. in linux iptables its possible
but I couldn't find freebsd way yet.
bkuncr soulution works for tcp only.
Thanks for the hint though,
Sami
בתאריך 17 בדצמ׳ 2017 11:29 AM, "Eugene Grosbein" כתב:
> 17.12.2017 14:52, Sami Halabi пишет:
> > hi,
17.12.2017 14:52, Sami Halabi пишет:
> hi,
>
> Can you help in my situation? My goal is so Box in my lan 10.1.1.2 to talk
> to 10.1.1.1 and actually it would be talking to X.X.X.X outside ip using
> one of my public IPs say 1.1.1.1.
If you need this just for single or several tcp ports, easiest w
hi,
Can you help in my situation? My goal is so Box in my lan 10.1.1.2 to talk
to 10.1.1.1 and actually it would be talking to X.X.X.X outside ip using
one of my public IPs say 1.1.1.1.
I'm trying to modify packets to passthrough to a local IP.
I have a box that a specific IP is routed to it.. sa
On 20.11.2017 19:27, Ryan Stone wrote:
> Please try the following patch. It should resolve your issue:
> https://people.freebsd.org/~rstone/patches/e1000-9k.diff
Thank you, I'll try! Really, typically I don't have this problem for
~week after reboot, so results will be later.
--
// Lev Serebrya
Please try the following patch. It should resolve your issue:
https://people.freebsd.org/~rstone/patches/e1000-9k.diff
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "free
On 09.11.2017 23:17, Lev Serebryakov wrote:
Looks like I know where it spent all time. I've used 'pmcstat' and got
very suspicious flamegraph. Looks like problem is on codepath which lies
through
igb_refresh_mbufs
m_getjcl
uma_zalloc_arg
[zone_alloc_item]
zone_import
zone_fetch_slab
keg_fetch_s
On 10.11.2017 2:35, Ben RUBSON wrote:
> Sounds like you could be facing what I experienced a few weeks ago.
>
> See this thread :
> https://lists.freebsd.org/pipermail/freebsd-net/2017-August/048621.html
> https://lists.freebsd.org/pipermail/freebsd-net/2017-September/048826.html
>
> Finally you
On 09 Nov 2017 21:34, Lev Serebryakov wrote:
Mea culpa, it is 11-STABLE, r324811, amd64.
Sounds like you could be facing what I experienced a few weeks ago.
See this thread :
https://lists.freebsd.org/pipermail/freebsd-net/2017-August/048621.html
https://lists.freebsd.org/pipermail/freebsd-n
On 09.11.2017 23:23, Michael Sierchio wrote:
Nope.
> Is device polling enabled?
>
> - M
>
> On Thu, Nov 9, 2017 at 12:17 PM, Lev Serebryakov wrote:
>
>>
>> I still have problems with my E-1220v3 server equipped with Intel I210
>> adapter. It can not be loaded more than 100Mbit/s because it
On 09.11.2017 23:21, Sean Bruno wrote:
> Can you dump the sysctl's for igb(sysctl -a | grep igb)? I assume this
> is stable/11
Mea culpa, it is 11-STABLE, r324811, amd64.
Also, here is NO firewalls, NATs and other fancy network features.
(It was not very easy, as server in this state timeout
Is device polling enabled?
- M
On Thu, Nov 9, 2017 at 12:17 PM, Lev Serebryakov wrote:
>
> I still have problems with my E-1220v3 server equipped with Intel I210
> adapter. It can not be loaded more than 100Mbit/s because it is
> connection to internet.
>
> But sometimes four interrupt thread
On 11/09/17 13:17, Lev Serebryakov wrote:
>
> I still have problems with my E-1220v3 server equipped with Intel I210
> adapter. It can not be loaded more than 100Mbit/s because it is
> connection to internet.
>
> But sometimes four interrupt threads "intr{irqXXX: igb0:que Y}" consume
> 100% C
I still have problems with my E-1220v3 server equipped with Intel I210
adapter. It can not be loaded more than 100Mbit/s because it is
connection to internet.
But sometimes four interrupt threads "intr{irqXXX: igb0:que Y}" consume
100% CPU. Interrupt rate is very modest:
% vmstat -i
interrupt
Bezüglich Andrey V. Elsukov's Nachricht vom 12.09.2017 15:38 (localtime):
> On 12.09.2017 16:35, Andrey V. Elsukov wrote:
>>> Either add E1000_DEV_ID_I350_COPPER_NOEE elsewhere, or try without _NOEE
>>> appendix if datasheet suggests.
>>
>> Hi,
>>
>> just defining device id in the header usually do
On 12.09.2017 16:35, Andrey V. Elsukov wrote:
>> Either add E1000_DEV_ID_I350_COPPER_NOEE elsewhere, or try without _NOEE
>> appendix if datasheet suggests.
>
> Hi,
>
> just defining device id in the header usually doesn't automatically add
> support for this device. You need to teach probe funct
On 12.09.2017 16:32, Harry Schmalzbauer wrote:
>> ===
>> --- sys/dev/e1000/e1000_hw.h(Revision 322342)
>> +++ sys/dev/e1000/e1000_hw.h(Arbeitskopie)
>> @@ -168,6 +168,7 @@
>> #define E1000_DEV_ID_82580_COPPER_DUAL 0x15
Bezüglich Harry Schmalzbauer's Nachricht vom 12.09.2017 15:23 (localtime):
> Bezüglich Igor V. Ruzanov's Nachricht vom 12.09.2017 11:00 (localtime):
>> Hello, FreeBSD colleagues!
>> Trying to forward my question to freebsd-net@ group, meybe there is a
>> chance to dig the answer
>>
>> I have mode
Bezüglich Igor V. Ruzanov's Nachricht vom 12.09.2017 11:00 (localtime):
> Hello, FreeBSD colleagues!
> Trying to forward my question to freebsd-net@ group, meybe there is a
> chance to dig the answer
>
> I have modern network card Intel i350T2V2 (peripheral dual gigabit
> port NIC). And as far as
Hello, FreeBSD colleagues!
Trying to forward my question to freebsd-net@ group, meybe there is a
chance to dig the answer
I have modern network card Intel i350T2V2 (peripheral dual gigabit port NIC).
And as far as i know all Intel cards should be normally detected by the system.
But with this
able" messages
* many other changes
--
Rozhuk Ivan
> -Original Message-
> From: rozhuk...@gmail.com [mailto:rozhuk...@gmail.com]
> Sent: Saturday, October 15, 2011 4:07 AM
> To: freebsd-net@freebsd.org
> Cc: rozhuk...@gmail.com
> Subject: QinQ support: implement
...
IEEE 802.1ad (802.1QinQ) specifies architecture and bridge protocols to
provide separate instances of the MAC services to multiple independent users
of a Bridged Local Area Network in a manner that does not require
cooperation among the users, and requires a minimum of cooperation between
the
wrote
in :
Ha> To answer my own question :-) These strange link local addresses are
Ha> explained in the developers handbook section 8.1.1.3 and are called
Ha> embedded
Ha> link local addresses. These are not standard IPv6 addresses, but a way
Ha> to encode the interface index (aka zone index)
be
undone by the user program before using these addresses.
harti
-Original Message-
From: owner-freebsd-...@freebsd.org on behalf of hartmut.bra...@dlr.de
Sent: Wed 11/25/2009 1:15 PM
To: freebsd-net@freebsd.org
Subject: Need help on IPv6 prefixes and interface addresses
Hi all,
I
Hi all,
I try to make bsnmpd IPv6 aware and need some help here. I've set up a small
IPv6 network for testing between a couple of VMs.
For IPv6 interface addresses there are two tables: ipAddressPrefix table and
ipAddressTable (containing pointers to the prefix table). Now I see something
on
Dear All ,
After I run the following commands three times,
1 ifconfig gre0 create
2 ifconfig gre0 tunnel 10.101.1.1 10.101.1.2 netmask 255.255.255.255
3 ifconfig gre0 destroy
I found something weird:
1. in /var/log/messages , line 907 , there should be TAILQ_REMOVE because
If you are one of the people that know and love pf, I'd like to speak
to you on one side about testing pf with vimage.. (and making it work
as I'm sure it doesn't).
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/fre
OK I'll do that.
Thanks, I appreciate the very generous offer. :-)
Cheers
Kip Macy <[EMAIL PROTECTED]> wrote:
Sam is really busy right now (I am too :-( ). If someone hasn't gotten
to it in a week ping me again and I will try to fix it. I need to set
up a RELENG_6 install this
On 2/27/07, Vincent Howell <[EMAIL PROTECTED]> wrote:
I'm using MFC'd one for RELENG_6:
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/compat/ndis/subr_ntoskrnl.c?rev=1.71.2.6&content-type=text/x-cvsweb-markup&sortby=date
I was getting more "missing feature" errors before trying the patch a
Re-sent to bring message upfront.
I'm using MFC'd one for RELENG_6:
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/compat/ndis/subr_ntoskrnl.c?rev=1.71.2.6&content-type=text/x-cvsweb-markup&sortby=date
I was getting more "missing feature" errors before trying the patch and
up
I'm using MFC'd one for RELENG_6:
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/compat/ndis/subr_ntoskrnl.c?rev=1.71.2.6&content-type=text/x-cvsweb-markup&sortby=date
I was getting more "missing feature" errors before trying the patch and
upgrading to 6.2-STABLE.
I've tried a half
Sam Leffler recently added a new entry in -CURRENT for the part. I
think the change needs to MFC'd. Perhaps someone (Max?) could do that.
-Kip
On 2/25/07, Vincent Howell <[EMAIL PROTECTED]> wrote:
Hello,
I'm trying to get my Broadcom (BCM43XX-based) WNIC working in FreeBSD 6.2 but
am un
Hello,
I'm trying to get my Broadcom (BCM43XX-based) WNIC working in FreeBSD 6.2 but
am unsuccessful.
I've tried numerous Windows drivers with Ndisgen and none of them generate
working kernel modules. I've tried csuping my install to 6.2-STABLE to get the
latest NDIS patch (produced by someone
Hi,
I hope you give me some advice or explaination about Dummynet.
I've googling/experiment for three a month to get the right answer how
to use WF2Q+ with Dummynet. I've a small internet cafe and after 4
years using FreeBSD+Dummynet with hardlink limiting policy. Here for
WF2Q+ implementation
in
alf Of angelito munez
Sent: Wednesday, January 19, 2005 10:49 AM
To: freebsd-questions@freebsd.org; freebsd-net@freebsd.org
Subject: need help
Hi,..
I just formatted freeBSD4.9. i want it run as a router and a firewall. does
anybody out here can help me out.. and commands do i want.. from compl
Hi,..
I just formatted freeBSD4.9. i want it run as a router and a firewall. does
anybody out here can help me out.. and commands do i want.. from complete to
become a sevver.. thanks..
-
Do you Yahoo!?
Yahoo! Search presents - Jib Jab's 'Secon
Hi
I have the opnet modeler 8.1 only without the library, so when run the simulation of
the NIST models for Ad Hoc, the modeler tell me that there are some files "C files (
.h)" missed. I think these files must be in "include" folder that exist in my opnet
folder.These files like "oms_auto_add
>
> Has anyone made a patch to add ipfw2's verrev functionality
> in ip_input (or similar place) ?
[ ...snip... ]
Problem solved, it all works now. Thanks anyway!
// sten
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/fre
Has anyone made a patch to add ipfw2's verrev functionality in ip_input (or similar
place) ?
I've tried for a few days to write it myself but it keeps panicing on (among other
things) deleting of default route (i suspect that i really ask the route for 0.0.0.0).
I plan to add an ifconfig flag wh
AIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, September 02, 2003 3:36 PM
Subject: Need help with strange routing situation
> I recently switched to a new DSL provider (DSLExtreme), and in doing so,
> decided to opt to buy multiple static IP's. The idea is that I would l
On Tue, 2003-09-02 at 22:45, Philip Kizer wrote:
> Donald Burr of Borg <[EMAIL PROTECTED]> wrote:
> [Description of:]
> >Our gateway machine and server gets its own IP, IP A.
> >My desktop machine is hooked up via ethernet. It should get IP B.
> >Same thing as above for my roomie's de
Donald Burr of Borg <[EMAIL PROTECTED]> wrote:
[Description of:]
>Our gateway machine and server gets its own IP, IP A.
>My desktop machine is hooked up via ethernet. It should get IP B.
>Same thing as above for my roomie's desktop, except it gets IP C.
>[all else] Ideally I'd like t
I recently switched to a new DSL provider (DSLExtreme), and in doing so,
decided to opt to buy multiple static IP's. The idea is that I would like
one static IP for the server, and separate static IP's for our desktop
machines, so that things such as IRC DCC, streaming media, etc. will "just
work"
>
> Ok, I am now armed with quite a bit more info regarding these attacks.
>
> First off, the target looks like this:
>
> Port State Service
> 21/tcp openftp
> 22/tcp openssh
> 25/tcp opensmtp
> 53/tcp opendomain
> 80/tcp open
age.
Use special tools to collect traffic.
I use argus - it is beautiful trafic
auditing tool and costs less cpu.
It behavies better under overload
because of much work done in userland.
Sorry my bad English.
Ask when need help.
--
<*1>
0sw~(1)#ipfw show | wc
4354868 41602
0rw~(1)#i
Alternatively, is getting a much faster CPU (p3 1.6g ?) a "big hammer"
that solves problems related to the number of rules being parsed for each
packet ?
Just curious.
On Sun, 5 Jan 2003, Barney Wolff wrote:
> On Sun, Jan 05, 2003 at 01:31:24PM -0800, Josh Brooks wrote:
> > So, I have 927 ipfw
On Sun, Jan 05, 2003 at 01:31:24PM -0800, Josh Brooks wrote:
> So, I have 927 ipfw tules in place - but I am guessing that about 800 of
> those rules are just "count" rules for me to count bandwidth:
>
> 001 164994 120444282 count ip from any to 10.10.10.10
> 002 158400 16937232 count ip from 10.1
Ok, I am now armed with quite a bit more info regarding these attacks.
First off, the target looks like this:
Port State Service
21/tcp openftp
22/tcp openssh
25/tcp opensmtp
53/tcp opendomain
80/tcp openhttp
110/tcpopen
Hello,
Ok, right now this second, everything is normal, I am not under attack
AFAIK, and everything is working wonderfully - and when I run top I see:
21 processes: 1 running, 20 sleeping
CPU states: 0.0% user, 0.0% nice, 0.0% system, 41.7% interrupt, 58.3%
idle
Mem: 6812K Active, 43M Inact,
On 1/5/2003 1:05 PM, Josh Brooks wrote:
I am running this as my firewall/router:
4.4-RELEASE FreeBSD 4.4-RELEASE #0
And I have no ability to change that anytime soon. Recently I have been
having a lot of trouble with floods/ddos/etc. When these attacks occur,
my firewall is totally unresponsi
Hi.
I am running this as my firewall/router:
4.4-RELEASE FreeBSD 4.4-RELEASE #0
And I have no ability to change that anytime soon. Recently I have been
having a lot of trouble with floods/ddos/etc. When these attacks occur,
my firewall is totally unresponsive, I cannot ssh in to type a single
On Wed, Jun 05, 2002 at 11:16:06AM -0400, Peter Brezny wrote:
> Discovered this is not a DOS attack, Thanks for your consideration.
>
> Looks like my qmail install is sending things out faster than my network
> card can handle?...
>
> Thanks again,
>
> Peter Brezny
> Skyrunner.net
>
> Jun
It looks like either distributed port scanning via source port 25.
Or maybe a stealth scan, which send spoofed syn packets along with the real sender's
packet in order to confuse the victim that who actually scanned.
Are you using any firewall?
and proper mailing list for such an event is
[EMAIL
, June 05, 2002 10:09 AM
To: [EMAIL PROTECTED]
Subject: currently experiencing some kind of DOS attack? Need help!
I think i'm experiencng some kind of DOS attack and I need some help
pinpointing the bad guys, and cutting them off/reporting them.
I've attached a tcpdump that was captu
I think i'm experiencng some kind of DOS attack and I need some help
pinpointing the bad guys, and cutting them off/reporting them.
I've attached a tcpdump that was captured during the latest initial attack.
They are coming at 10 minute intervals.
The system under attack is 208.133.44.46
The er
gment
retransmissions. That, I believe, indicates a healthy network.
Any other ideas?
Thank you,
Arkadi.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Bill Vermillion
> Sent: Wednesday, April 10, 2002 11:18 PM
> To: [EMAIL PROTECTED]
> Su
On Wed, Apr 10, 2002 at 11:06:09PM +1000, Arkadi Kosmynin spewed forth:
> I really can not explain this. We are stress testing a server. We
> use the following configuration: the server runs on a FreeBSD box
> (or Linux, with a similar effect). A multithreaded tester program
> runs on a Win2K box
Hello people,
I really can not explain this. We are stress testing a server. We use the
following configuration: the server runs on a FreeBSD box (or Linux, with a
similar effect). A multithreaded tester program runs on a Win2K box and
emulates random multiuser activity. The FreeBSD box stops re
Hi,
I have a Winbond based card with an Altima AC104 media interface. No matter
what I do i am not able to recognize the AC104 through the SIO interface. The
BMSR register value stays at zero. I have the datasheets of both the Winbond
and the Altima and everything looks ok.
So far i see the
> The UDP "dropped due to full socket buffers" increases with time
This is on the receiving machine, right? It looks like the application
isn't reading the buffer. Do a 'ps l' on the application and look at the
WCHAN to see if the application is running or waiting for something.
To Unsubscr
On Thu, 31 Jan 2002, Jeffrey Hsu wrote:
> What does netstat -s say?
It looks as if it gets progressively worse over time.
The UDP "dropped due to full socket buffers" increases with time:
[NOTE]: tcpdump on the wire reveals that packets are still being sent
back to the NAS. I have a trace if
What does netstat -s say?
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
On Wed, 30 Jan 2002, Naga R Narayanaswamy wrote:
> Nick Rogness wrote:
> Which radius server package are you using. Because I know there are
> different
> port packages for radius server.
Radiator.
> After how long (days or hours) did you encounter this problem?
>
It's random.
Nick Rogness wrote:
Which radius server package are you using. Because I know there are
different
port packages for radius server.
After how long (days or hours) did you encounter this problem?
Don't you have some sort of logging on the server. I usually turn on
some level of debug, which gives
On Wed, 30 Jan 2002, Nick Rogness wrote:
>
> Our Radius server seems to stop functioning after a while. netstat
> -an reports:
>
> Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
>
> [SNIP]
> udp4 0 0 *.1646
Our Radius server seems to stop functioning after a while. netstat -an
reports:
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address(state)
[SNIP]
udp4 0 0 *.1646 *.*
udp4 32310 0 *.1645
e Internet.
==
- Original Message -
From: Peter Brezny <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, July 11, 2001 9:49 AM
Subject: need help with divert to avoid dual dns..is it
possible?
> I'm trying to come up with a way to avoid having to
run an internal
I'm trying to come up with a way to avoid having to run an internal and an
external dns for our network.
Here's the basic layout.
primary +--private LAN 1
router |
internet --- ipfw with nat --+--private LAN 2
|
... np: Anabolic Frolic - Hubbalo 96 live [40:37]
Please sorry me for poor English!
I have network:
Today:
1. Router with 3 logical interface and no default gateway.
192.168.2/24 - User workstation ( DNS & routing at 192.168.2.1 )
192.168.3/24 - Dedicated admin workstation
77 matches
Mail list logo
