Well, the recent commit to CURRENT is much better than the previous patches
against STABLE. It associates in almost 100% of my attempts. I can't run "cvsup
test" to admit the original problem is really resolved.
I can associate, but AP just doesn't pass my traffic since some point in
RELENG_6. I
[ Charset ISO-8859-1 unsupported, converting... ]
> Hello,
> I have setup a new firewall and I'm having trouble with it. Perhaps the
> bge is to blame, perhaps its something else.
> I'll explain my setup, problem and the workaround to get it going.
>
> Box connects to 2 Internal Lans and 2 Extern
> Julian Elischer wrote:
> > [EMAIL PROTECTED] wrote:
> >> I think I should give some 'real world' examples.
> >>
> >> /etc/rc.firewall:
> >>
> >> [Ss][Hh][Aa][Pp][Ee][Rr])
> >> setup_loopback
> >>
> >> . /etc/rc.shaper
> >>
> >> ${fwcmd} add 65000 pass all from any to any
> >> ;;
> >>
> >>
> >> /e
Hello List
Is FreeBSD 5.x or 6.x supporting nat-t? I checked the archive but
didn't find any useful information. It looks some people are working
on it but the message was pretty old. Any status update?
Cheers,
Thomas
___
freebsd-net@freebsd.or
On Wed, May 03, 2006 at 10:45:30AM +0200, Thomas Vogt wrote:
> Hello List
Hi.
> Is FreeBSD 5.x or 6.x supporting nat-t? I checked the archive but
> didn't find any useful information. It looks some people are working
> on it but the message was pretty old. Any status update?
Patch for NAT-
On Tue, 2006-05-02 at 12:04 -0400, Scott Ullrich wrote:
> On 5/2/06, Iasen Kostov <[EMAIL PROTECTED]> wrote:
> [snip]
> > Btw what is the status of the multi-session to the same
> > point PPTP NAT (e.g call ID tracking) ?
>
> PF's NAT has the same problem. We have this come up quite often on
> p
On Tue, 2006-05-02 at 18:24 +0200, Paolo Pisati wrote:
> On Tue, May 02, 2006 at 02:38:35PM +0300, Iasen Kostov wrote:
> > Have you done any performace comparisons with pf's NAT ? I realy would
> > prefer libalias based kernel NAT than pf because libalias works better
> > with ftp, irc dcc and thin
This is for the archives: problem was identified as a bad
motherboard/onboard NIC and has been replaced (thanks Silicon
Mechanics!). Everything is going smoothly now!
-- Robert
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:owner-freebsd-
> [EMAIL PROTECTED] On Behalf Of Robert Wo
Good to know about the mtu, however I'm still having the same problem
with a Pro/1000 em0. I have only tagged vlans running on em0 and the
admin vlan (1) running untagged on bge0. The only 2 networks in play are
900 and 902. I'm not even working on packets from the lans passing
through yet. Jus
> Could you try this latest version. It incorporates Oleg
> change sort-of. It was a good hint. The issue is that
> we can't move the detection after the "reset" dance. Since
> it needs to know if ASF is active. What we can do is just
> do the bge_reset, look for ASF and then do the dance. Th
Very good. You're right!
I inserted a rule to match all non-layer2 packets on the top of the
ruleset and interrupts dropped 10~20% immediately.
Given that, I went to apply Julian's idea of grouping 'in' and 'out'
pipe rules to reduce the searching on the firewall and that gave me a
little bit m
Think I've found the problem!!
The vlans are created with the same mac as the parent interface. So even
though the rule is being hit, the src mac never changes, so the packet
then leaves the default interface. It sort of makes sense in my mind,
but definatly seems like we are matching packets t
[EMAIL PROTECTED] wrote this message on Wed, May 03, 2006 at 22:40 -0300:
> Anyway, I am very curious about the result of test 2. Why do the pipes
> have influence on system performance if there is nothing passing through
> them?
It looks like each tick all the pipes are scanned... In dummynet:
Robert Wojciechowski writes:
| > Could you try this latest version. It incorporates Oleg
| > change sort-of. It was a good hint. The issue is that
| > we can't move the detection after the "reset" dance. Since
| > it needs to know if ASF is active. What we can do is just
| > do the bge_reset,
> | I tried your patch (as well as one from you on 1/13/2006) on FreeBSD
> | 6.1-RC2 but experienced hard lockups. It happens during startup
right
> | after setting the hostname, right before it would normally bring up
the
> | interface I believe.
>
> Could you try:
> http://www.ambrisko.com
hi,
Just jumping in here. The Soekris 1401 offers only limited
performance enhancements. If you read the specs, it is only useful
(and used?) for certain encryption algorithms. Its also deprecated
and would imagine that Soren regrets even releasing it in the first
place.
None the les
Hi,
No on the SSH. Look at the specs, I think the 1401 cards will be
helpful only on older IPSec circuits.
I am not 100% sure here, I haven't looked at any of this in a few
years, this is just from recollection.
Michael F. DeMan
Director of Technology
OpenAccess Network Services
Bellingh
17 matches
Mail list logo
