Hi,
Here are two small patches (done on 5.1-RELEASE, but should
be ok for -current also) which add new "ipsec" flag to ipfw2.
Rules with this flag match only packets that have
ipsec history (ie. came from ipsec processing). Rules with
"not ipsec" match only non-ipsec packets. Without
the new keywo
If I execute the following program on a FreeBSD 4.7 system:
int main()
{
for (int i = 0; i < 7; i++)
{
socket(PF_INET, SOCK_STREAM, 0);
}
return 0;
}
the sockets never seem to be freed.
vmstat tells me the memory is still in use:
bash-2.05a$ vmstat -z
ITEM
Hi,
I'm not very old in networking, and I want to migrate to following
configuration:
Local routerRemote router
+---+ +---+
| | |
On Thu, 19 Jun 2003 16:50:17 +0300 (EEST)
Ciprian Badescu <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I'm not very old in networking, and I want to migrate to following
> configuration:
>
>
>
> Local router Remote router
> +---+
Hi!
On Thu, 19 Jun 2003 16:50:17 +0300 (EEST)
Ciprian Badescu <[EMAIL PROTECTED]> wrote:
> I don't know how to configura the routers to use the second link, and
> to keep the first link for redundancy, and if something is happening
> with link2, tha traffic must use automatically link1.
Have a l
Vlad GALU wrote:
I tried channel bonding and it worked pretty good.
how?
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Hendrik Scholz wrote:
Have a look at the ng_one2many module. The manpage comes with a nice
example and offers the needed featuers.
NG_ONE2MANY(4)
TRANSMIT ALGORITHMS
At this time, the only algorithm for determing the outgoing many hook is
a simple round-robin delivery algorithm. Packet
Hi,
> * Ari Suutari:
>
> > Here are two small patches (done on 5.1-RELEASE, but should be ok
> > for -current also) which add new "ipsec" flag to ipfw2.
>
> i did not receive any attachments. will this functionality be
> included into freebsd-5 in the future?
Does the mailing list strip at
On 2003.06.19 21:33:33 +0300, Ari Suutari wrote:
> Hi,
>
> > * Ari Suutari:
> >
> > > Here are two small patches (done on 5.1-RELEASE, but should be ok
> > > for -current also) which add new "ipsec" flag to ipfw2.
> >
> > i did not receive any attachments. will this functionality be
> > include
Hello,
I am currently running a Dell Poweredge 350 with FreeBSD 4.7 as a network
firewall for one of our sites. This site sees about 3 megabits of traffic.
The average firewall ruleset runs around 600-800 rules, running on IPFW.
The PE350 uses dual fxp chips on the machine's single PCI bus.
Could
Tom Daly wrote:
I am currently running a Dell Poweredge 350 with FreeBSD 4.7 as a network
firewall for one of our sites. This site sees about 3 megabits of traffic.
per some unit of time, I presume? ;-) maybe 3Mbit/s?
The average firewall ruleset runs around 600-800 rules, running on IPFW.
That'
Hi,
On Thu, 19 Jun 2003, Michael Sierchio wrote:
> Tom Daly wrote:
>
> > I am currently running a Dell Poweredge 350 with FreeBSD 4.7 as a network
> > firewall for one of our sites. This site sees about 3 megabits of traffic.
>
> per some unit of time, I presume? ;-) maybe 3Mbit/s?
>
Yes, 3Mbit
You could try organizing your rules using skipto to redice the number of
rukles any packet has to travers for example...
100 skipto 1000 ip from 1.0.0.0/4 to my-ip
200 skipto 2000 ip from 128.0.0.0/4 to my ip
1000 deny ip from 24.6.76.8 to any
1001 deny ip from 65.65.26.7 to any
1999 skipto 3000
Tom Daly wrote:
The average firewall ruleset runs around 600-800 rules, running on IPFW.
That's a huge number of rules -- do you have any idea what number
of packets are checked against how many rules before being accepted
or denied? A histogram would be nice
Most of these rules are a simple
I guess this is a simple question, but I have never done something like this
before, so I figure I'll ask. I have been using FBSD for a while, but now I
need to ship a FBSD server half way across america, and have a newbie press
the power button, plug in two network cards, and have it work.
I
basically I think that is right, as long as the provider is
supplying enough addresses for all the clients..
if not then you need to be using NAT on the external interface.
This implies running ipfw, but then, you probably should be doing that
anyhow..
On Thu, 19 Jun 2003, agent dero wrote:
>
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
I am running FreeBSD 5.1-R on a sparc64 machine, and am getting warnings
about mallocing data w/ a lock aquired.
dmesg output:
malloc() of "64" with the following non-sleepablelocks held:
exclusive sleep mutex netisr lock r = 0 (0xc0271890) locked @ net/netisr.c:215
malloc() of "64" with the follo
Could you run with debug.witness_ddb and get a stack trace for the
warning?
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
[EMAIL PROTECTED] Network Associates Laboratories
On Thu, 19 Jun 2003, John-Mark Gurney wrote:
> I am running FreeBSD 5.1-R on a sparc64 machine,
You should probably include some backdoor access in case the ISP DHCP
settings need tweaking, some options:
- Include a modem with your box that you can dial into.
- An internal station with remote control (PCAnywhere) that you can dial
into then hop over to the internal NIC of your box via puTTY s
I agree, the weight parameter is also what I need;)
but I ask again: It isn't possible to solve this at a higher level
(routing) ?
There is the 'metric' option for routes, I can put a bigger metric for the
backup link. Will this link be automatically used when the primary link
with a lower metric
I don't see this on my 4.8 or 5.x systems. Are you running any custom
patches on that machine's kernel?
Alternately, can anyone else with a 4.7 or earlier machine replicate this
problem?
Thanks,
Mike "Silby" Silbersack
On Thu, 19 Jun 2003, Scot Loach wrote:
> If I execute the following progr
Hi Mike,
Its looks like this will make a big difference to us. I will take a look
at setting up a test bed to get IPFW2 going.
Thanks to everyone,
Tom
On Thu, 19 Jun 2003, Michael Sierchio wrote:
> Tom Daly wrote:
>
> >>>The average firewall ruleset runs around 600-800 rules, running on IPFW.
>
23 matches
Mail list logo
