On Fri, May 27, 2022 at 04:18:54PM +0300, Michael Pounov wrote:
> Hello Charles Mott
>
> I wrote this mail about my work with IPFW firewall.
> I am started my work over IPFW Sync driver and protocol similar like in PF
> firewall.
> My primery goal is to do sync on NAT states in firewall router cl
On Wed, Jul 20, 2022 at 12:14:36PM -0700, Neel Chauhan wrote:
> FreeBSD doesn't have an effective software-based router, lacks MPLS, mpd5
> lacks native IPv6 without many shell script hacks, etc.
mpd5 does provide IPv6 out of the box. May you contact me in private to
discuss this a bit more in de
On Mon, Aug 29, 2022 at 06:36:26PM +, tt78347 wrote:
> ipfw -q nat 1 config if $extif unreg_only reset \
> redirect_port udp 192.168.21.4:500 500 \
> redirect_port udp 192.168.21.4:4500 4500
> $add 450 nat 1 udp from any to any 500,4500 in via $extif
> $add 451 nat 1 udp from any to any 50
On Tue, Nov 08, 2022 at 12:38:54AM -0500, Chris Ross wrote:
> Tl;dr; I have two FreeBSD systems attached to a Cisco switch, there should be
> multi-gigabit connectivity, but only seeing 1Gpbs. Each system is trunked,
> vlan interfaces on the underlying interface.
I can add another data point:
On Tue, Nov 08, 2022 at 04:44:38PM +0300, Özkan KIRIK wrote:
> Topology is below:
> [switch1 - lacp] <---> [ freebsd bridge ] <---> [switch2 - lacp]
>
> Is there a way to pass LACP PDUs ?
LACP packets are more layer1 than layer2, they must not be forwarded at
layer2 to different endpoints.
Does
On Thu, Nov 10, 2022 at 04:28:50PM +0300, Özkan KIRIK wrote:
> I'm trying to filter traffic through an uplink cable between two
> switches. (similar to virtual wire behaviour).
> So all broadcast & multicast packages should pass to the other port.
> But pf or ipfw should work for L3+ packages.
So
> In my production environment there are many schedulers and pipes &
> queues belongs to this scheds.
> dummynet uses %90-100 percent of single cpu. (ie. 20 scheds, 30 pipes,
> 35 queues total. Each pipe has max 30-100Mbps)
If the perfomance issue is urgent, you may give netgraph (ng_car, ng_pipe)
ading, and you point me to a good
direction.
I'll investigate and report back.
Lutz Donnerhacke
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
> I’d start by checking netstat -s -p icmp6 and netstat -s -p ip6 for
> any suspicious counter updates.
Great idea. It points me tot he most stupid error I could make.
Instead of
ifconfig_lagg140_aliases="inet6 2a01:75c0:1000:140::/64 anycast"
I wrote
ifconfig_vlan140_aliases="inet6 2a01:75
Victor Sudakov wrote:
> Paul Mather wrote:
> > Why could it be that a FreeBSD 12.2 host does not reply to ICMPv6
> > Neighbor Solicitations from the router?
>
> Well, Neighbor Solicitations (ICMPv6 type 135) and Neighbor
> Advertisements (ICMPv6 type 136) are not exactly routing messages
> > May you be able to capture the icmp6 traffic of this interface with
> > respect to ND? I'm really interested in seeing, that the box does
> > not respond to a given NS query.
>
> Here you are http://admin.sibptus.ru/~vas/nd1.pcapng
The device, where the capture was taken does not respond tot
> $ ifconfig re1
> re1: flags=8843 metric 0 mtu 1500
>
options=8209b
> ether c4:12:f5:33:c9:7c
> inet 192.168.170.5/24 broadcast 192.168.170.255
> inet6 fe80::c612:f5ff:fe33:c97c%re1/64 scopeid 0x2
> inet6 2001:470:ecba:3::5/64
> media: Ethernet autoselect (1
On Tue, Feb 02, 2021 at 10:05:15AM -0500, petru garstea wrote:
> Hi,
>
> I need help to unify 2 netgraphs
>
> 1st ng_bridge netgraph
>
> ngctl mkpeer fxp0: bridge lower link0
> ngctl connect fxp0: em0:lower upper link1
> ngctl name fxp0:lower em0Bridge
> ngctl mkpeer fxp0:lower eiface link3 ether
On Tue, Feb 02, 2021 at 09:16:49PM +0100, Lutz Donnerhacke wrote:
> fxp0.lower -- iface0.netgraph.out0 -- link1.bridge.link2 -- upper.fxp0
> \.link3 -- ether.eiface
The strange thing is, that both fxp0 and eiface provide an interface to the
On Sat, Feb 06, 2021 at 11:10:29AM -0500, petru garstea wrote:
> Greetings,
>
> I have come up with a graph with no use of ng_tee, ng_hub or ng_one2many.
>
> Also I validated the flows on a collector
>
> In case anybody has the same use case I am sharing the graph
>
> mkpeer re0: netflow lower ifac
On Thu, Feb 11, 2021 at 10:27:44AM -0300, Cristian Cardoso wrote:
> I would like to clarify a doubt, if someone has this scenario in the
> use of CARP for the use of virtual ips in interfaces in FreeBSD.
> I have an interface where I have the 10.19.254.2/24 network and I am
> placing the virtual IP
On Sat, Feb 27, 2021 at 12:34:56PM -0800, Doug Hardie wrote:
> Ahh. The handbook is needing a note about that. There should be something
> similar to what was done for IPv4 where it shows adding additional addresses
> using:
>
> Ifconfig_bge0_alias0 ...
> Ifconfig_bge0_alias1 ...
>
> That wou
On Mon, Mar 15, 2021 at 05:29:55PM -0700, Doug Hardie wrote:
> I reduced the configuration to the host settings:
> ifconfig_bge0_ipv6="inet6 accept_rtadv"
>
> The router to:
> ifconfig_ue0_ipv6="up"
>
> Ran tcpdump on the router (obviously not acting as a router) and restarted
> the host. Got t
On Sun, May 16, 2021 at 09:18:55PM +1000, Peter Jeremy via freebsd-net wrote:
> This is getting outside my expertise but my understanding is that
> the idea behind using IPv4-mapped addressed is to simplify building
> dual-stack applications, particularly during the early introduction
> of IPv6. T
Hi everybody,
instead of adding some people, who will already do a lot of cooperative work
for others, to each of the reviews, I'd ask with a single message to the
list for some of your valuable time.
The whole project is about a better performance in natting (libalias).
Because there is a larger
https://lists.isc.org/pipermail/dhcp-users/2021-June/022495.html
ISC would like to end maintenance of the ISC DHCP *client and relay* by the
end of 2021. We plan to continue maintaining the DHCP *server*, and any
code that is common between the server, client and relay for a couple more
years at
On Tue, Jun 29, 2021 at 12:23:21AM +, Rick Macklem wrote:
> I don't understand how multiple TCP connections to the same
> server IP address will distribute the load across multiple network
> interfaces?
Sounds like a bandwith-latency-product issue. TCP is prone to stalling at
the end of a buff
On Fri, Nov 19, 2021 at 11:17:42AM -0800, Neel Chauhan wrote:
> * Is porting OpenBSD MPLS to FreeBSD feasible, or are we better off doing
> a from-scratch implementation based on netgraph?
I'd prefer a netgraph approach, if possible.
It helps to concentrate on the important things.
> * Would s
On Sun, Dec 05, 2021 at 08:20:08PM +0200, John Hay wrote:
> Something I have observed is that if you use FreeBSD 13 as a router with 2
> subnets on the same interface, it will generate redirects when hosts send
> packets to the other subnet via the FreeBSD router. I think it is wrong.
No, it's cor
On Mon, Dec 06, 2021 at 11:41:27PM +0300, Lev Serebryakov wrote:
> On 19.11.2021 23:16, Lutz Donnerhacke wrote:
>>> * Is porting OpenBSD MPLS to FreeBSD feasible, or are we better off doing
>>> a from-scratch implementation based on netgraph?
>>
>> I'd p
On Wed, Dec 08, 2021 at 11:08:38AM +0300, Lev Serebryakov wrote:
> On 07.12.2021 17:28, Lutz Donnerhacke wrote:
>> I do use netgraph for carrier-grade stuff.
>> Yes, ng_bridge was limited, but this is fixed.
> Doesn't it take separate lock for each packet passed though ho
On Wed, Feb 23, 2022 at 01:46:32PM +, Scheffenegger, Richard wrote:
> As far as I know, an IPv6 host initially tries to perform Duplicate
> Address Detection, as well as Neighbor Discovery / Neighbor Solicitation.
> All of this typically works on Ethernet, by mapping into a well-known
> Etherne
On Wed, Mar 02, 2022 at 04:40:38PM +0100, tue...@freebsd.org wrote:
> Is that what is expected? When using the above command I would expect
> that 100MBit/sec is used, not that the card negotiates with the peer
> something else. But my expectations might be wrong...
Negotation of a given subset is
On Mon, Mar 07, 2022 at 11:09:14AM -0800, Neel Chauhan wrote:
> I'm thinking about setting up a dual-stack L2TP server for VPN purposes,
> and found that mpd5 lacks good dual-stack support outside of IPv6CP, so we
> have to do a makeshift approach.
We do use mpd5 for years as PPPoE/L2TP terminat
On Thu, Apr 21, 2022 at 02:11:54PM +0200, Patrick M. Hausen wrote:
> > Am 21.04.2022 um 11:29 schrieb Benoit Chesneau :
> > I have an interface on which multiple vlans are connected. I would like to
> > bridge the vlan 100 and 200 but also have a bridge for the "native" vlan 1.
> > I Can setup a
30 matches
Mail list logo
