It'll work fine. I've done this several times before.
However I've also had NAT implementations which didn't work this way but
this one should definitely work.
Baldur
On Fri, Apr 18, 2008 at 09:25:50AM -0400, Steve Bertrand wrote:
> Hi everyone,
>
> I'm trying to configure a GIF IPIP tunnel from
wrote:
> Baldur Gislason wrote:
> >It'll work fine. I've done this several times before.
>
> Hmmm. I still can't seem to get this setup to work. The FreeBSD box is
> in behind a Fortigate 200 unit.
>
> >However I've also had NAT implementations which di
I have a script in my crontab that runs ping to check the state of the
internet connection. The internet connection is PPTP using kernel ppp.
When there's much load on the connection I get an occasional error mail
from crontab saying
ping: sendto: No buffer space available
I have tried increasin
I'm trying to setup a small VPN with IPIP tunnels and using Zebra with OSPF to
do the routing.
However, ospfd doesn't seem to recognise the gif0 interface.
tesla# sho ip osp int
fxp0 is up, line protocol is up
Internet Address 192.168.1.50/24, Area 0.0.0.0
Router ID 192.168.1.50, Network Type
I do have a line like that for gif0, yes.
I'll give Quagga a try I guess.
Baldur
>I'm using Quagga with OpenVPN tunnels, which is a similar situation.
>Do you have a stanza like this in your osfpd.conf describing the gif0
>interface?
>interface tun2
> ip ospf network point-to-point
>-T
>--
I installed quagga, it works right on my 4.11-STABLE box but not on my
5.4-STABLE box. Still doesn't want to work with gif0
Baldur
On Mon, Nov 14, 2005 at 09:07:25AM +0000, Baldur Gislason wrote:
> I do have a line like that for gif0, yes.
> I'll give Quagga a try I guess.
>
Nevermind, just forgot to bring the interface up again... *slaps self*
Baldur
On Mon, Nov 14, 2005 at 02:08:36PM +, Baldur Gislason wrote:
> I installed quagga, it works right on my 4.11-STABLE box but not on my
> 5.4-STABLE box. Still doesn't want to work with gif0
>
> B
A patch cable would help...
Baldur
On Thursday 14 March 2002 22:21, you wrote:
> hi,
>
> i've just added a freebsd 4.3 host to our NAT'd LAN and i'm having trouble
> getting online.
>
> we have an SDSL line running into an ENI Speedstream 5871 router, which
> then runs into our SOHO Watchguard f
My logs are filled with crap like:
arplookup 172.30.101.194 failed: host is not on local network
arplookup 172.30.101.200 failed: host is not on local network
arplookup 172.30.101.194 failed: host is not on local network
arplookup 172.30.101.200 failed: host is not on local network
arplookup 172.
, 3com 905C and Intel
EtherExpress 100
Baldur Gislason
On Saturday 27 April 2002 06:07, you wrote:
> Gary Stanley wrote:
> > Is it possible to split the load of IP traffic with 2 ethernet cards on a
> > 4.x machine? I'm new to "load balancing" in a sense, however,
Problem exists between keyboard and chair.
The reason why ifconfig complains is that you're assigning a point-to-point
address to an ethernet interface and both addresses have the same
point-to-point address.
This is how you add ips to an interface:
ifconfig xl0 192.168.1.1 netmask 255.255.255.
Also, there's a kernel option:
# RANDOM_IP_ID causes the ID field in IP packets to be randomized
# instead of incremented by 1 with each packet generated. This
# option closes a minor information leak which allows remote
# observers to determine the rate of packet generation on the
# machine by w
That's simple, FreeBSD can do policy based routing with ipfw.
you need to compile a kernel with:
options IPFIREWALL
options IPFIREWALL_FORWARD
myself I prefer to have these too but they're not absolutely necessary:
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERB
On Thu, Nov 17, 2005 at 04:27:48PM +, Brian Candler wrote:
> On Thu, Nov 17, 2005 at 04:52:03PM +0100, Jon Otterholm wrote:
> > Scenario#1:
> > -I have a range of ip's, for example 215.10.10.0 - 215.10.10.255.
> > -I want to distrubute theese ip's to my customers via DHCP.
> > -They are all ata
I recently set up IPSEC communications between two hosts I have in different
places.
One is FreeBSD 5.4-STABLE August 22. 2005. The other is 4.11-STABLE April 18th
2005.
I run a gif tunnel between them and routes for networks found on both sides are
negotiated
by quagga using ospf.
the internet
Adding:
If I kill spmd on the 5.4 box, then all works fine but the comms are only
encrypted in one direction.
Baldur
On Tue, Nov 22, 2005 at 09:52:53PM +, Baldur Gislason wrote:
> I recently set up IPSEC communications between two hosts I have in different
> places.
> One is Fr
And another observation, sorry for flooding the list like this.
The 4.11 box is compiled with IPSEC_DEBUG but the 5.4 box isn't.
Baldur
On Tue, Nov 22, 2005 at 09:57:24PM +0000, Baldur Gislason wrote:
> Adding:
> If I kill spmd on the 5.4 box, then all works fine but the com
You know you can do policy routing with IPFW.
ipfw add fwd 172.20.0.1 ip from 172.20.0.0/24 to not 172.20.0.0/24
for example.
Baldur
On Thu, Dec 08, 2005 at 01:15:04PM +0200, Ivo Vachkov wrote:
> > Normally it's the other way around.
>
> So be it :)
>
> My definition of Policy-Based Routing (PB
Following an unrelated discussion about "interface grouping" in OpenBSD,
I'd like to know if there are any known or planned implementations of LACP
(802.3ad)
interface teaming in FreeBSD?
FreeBSD currently has etherchannel support, but to my knowledge that will only
work for a link to a single swi
/31 is common practice today. You don't need broadcast on a point-to-point link.
The only broadcast you need is ARP and that's on layer 2.
Baldur
On Tue, May 16, 2006 at 05:55:46PM -0700, John-Mark Gurney wrote:
> Unix-Solutions - Steven wrote this message on Wed, May 17, 2006 at 02:10
> +0200:
Well, round robin is really not what you want with IP packets.
And how are you going to detect that a route is good without a routing
protocol?
Baldur
On Fri, Jun 23, 2006 at 08:40:09PM +1000, Christopher Martin wrote:
> There is probably some good reason for this, but there is just one thing
> t
Problem with packet based round robin is you can mess the order of packets.
Thats why there are protocols like LACP and PAgP for ethernet aggregation.
Baldur
On Fri, Jun 23, 2006 at 10:19:06PM +1000, Christopher Martin wrote:
>
>
> > -Original Message-
> > From: Baldu
try sysctl net.inet.icmp.bmcastecho=1
Baldur
On Wed, Jul 19, 2006 at 02:39:36PM +0100, freebsd nettest wrote:
> Hi all,
>
> I was trying to test the Multicast support of bge and fxp driver using the
> following user level program.
>
> #include
> #include
> #include
> #includ
I'm having some problems receiving multicast traffic on my FreeBSD 6.1-STABLE
workstation with VLC.
I get the streams but I seem to get plenty of packetloss on the freebsd box but
on other
boxes on the same network I don't see such problems. I haven't noticed any
packetloss
with unicast.
Any th
No, and I tried booting a GENERIC kernel also to rule out ipfw.
Baldur
On Tue, Aug 22, 2006 at 12:16:07PM -0700, Xander wrote:
> On Mon, Aug 21, 2006 at 04:54:01PM +0000, Baldur Gislason wrote:
>
> > I'm having some problems receiving multicast traffic on my FreeBSD
> >
I'd like to set up a load balancing and resiliance system to
load balance between a bunch of web servers running Apache tomcat (slow java
stuff).
Ideally I'd like each client IP to get mapped to a certain server and keep that
mapping throughout the entire session. I'd also like to have some means
In that situation I have used IPFW for filtering and IPF for doing NAT.
But NAT is in it's nature a very processor and memory intensive process,
I wouldn't recommend to anyone to run NAT if they have more than
10Mb bandwidth and more than 100 nodes on their network.
Baldur
On Sat, Oct 21, 2006 at
Get a faster network.
Baldur
On Thu, Dec 14, 2006 at 12:41:41PM -0500, Benjamin Adams wrote:
> employees are killing the network with torrents. anyone know a company where
> I can get a box to monitor traffic and kill torrents. Thanks
>
> PS Not looking to build a firewall this time.
> _
Most of the torrent clients do encrypted sessions nowadays so they really
are impossible to detect by simply parsing the packets.
Baldur
On Fri, Dec 15, 2006 at 02:08:41AM +0200, Ivo Vachkov wrote:
> I'm not familiar with bittorrent protocol but I guess you can always
> implement simple L7 filter
The solution is simple.
Compile your kernel with:
options IPFW2
options IPFIREWALL
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL_FORWARD
Then, sysctl net.inet.ip.sourceroute=1
Finally:
ipfw add fwd 69.1.78.1 ip from 69.1.78.8 to not 69.1.78.8
and you should have a working route from 69.1
I forgot to mention...
echo "IPFW2=TRUE" >> /etc/make.conf
cd /usr/src/lib/libalias/
make
make install
make clean
cd /usr/src/sbin/ipfw
make
make install
make clean
Then add the correct fwd rule.
Baldur
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of
ipfw allows you to catch the connections, but it doesn't enable your
application to spoof the proxied connection as if it was coming straight from
the client.
Baldur
On Monday 28 October 2002 15:01, you wrote:
> From: sepehr sohrabi [mailto:sepehr_soh@;hotmail.com]
>
> > Hi list
> > Anyone has
I have a home network with FreeBSD machines and a laptop running FreeBSD.
The laptop connects to various networks but I'd like to access my home
machines from the laptop, the home machines are behind a freebsd nat
firewall.
I've been using mpd for quite a while, doing a PPTP link from my laptop t
33 matches
Mail list logo
