On 2/8/08, Kurt Buff <[EMAIL PROTECTED]> wrote:
>
> All,
>
> My company is getting a fractional DS3 in the near future, and I've
> acquired a Sangoma a301 card to handle the interface.
>
> We're retaining one of the T1s we currently have, from a different
> provider, and we're intent on using BGP t
it's set
> up right, so, I am wondering if I'm doing something wrong in FreeBSD.
>
> Below I've included the output from ifconfig -a, netstat -rn and netstat
> -in. Any help would be greatly appreciated.
>
Nick Rogness
- Drive defensively. Buy a tank.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
erface option?
> >
Can you ping the inside interface on your FreeBSD machine from
your Win2K box? What does tcpdump show? Change your firewall
rule 65000 to "log" and look at the firewall logs.
Nick Rogness
- Drive defensively. Buy a tank.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
ace, etc,etc the hard way. Maybe
someone has a tool?
Nick Rogness
- Drive defensively. Buy a tank.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
viders. It is one of those things
that if you screw up, the rest of the internet suffers (Which has
happened before).
For a reference ,check out "Internet Routing Architectures" by
Halabi. It is a great book and is pretty much the BIBLE when
talk
e difficult than just
redundant routing.
These answers are all relative to how you are connected and what
your network looks like. Most likely, BGP will be your answer.
Best of luck.
Nick Rogness
- Drive defensively. Buy a tank.
To Unsubscribe: send mail to [EM
unable to make the zone
> transfers...
>
> have i missed something big and zone transfers require more than just port
> 53?
Zone transfer work on port 53 TCP.
Nick Rogness
- Keep on routing in a Free World...
"FreeBSD: The Power to Serve "
To Unsubscr
file "generic_file.db";
}
Am I correct in my assumption?
Nick Rogness
- Keep on routing in a Free World...
"FreeBSD: The Power to Serve "
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
'out via xl0' I start seeing
incoming packets on the 192.168.10.1 host. Do IPFW Forward rules only
apply to outgoing style rules?
Nick Rogness
- Keep on routing in a Free World...
"FreeBSD: The Power to Serve "
To Unsubscribe: send mail to [EMAIL PROTECTED]
with &quo
onnect
interface. Most OS's do the same thing with directly connect
interfaces.
Nick Rogness
- Keep on routing in a Free World...
"FreeBSD: The Power to Serve "
> > -Original Message-
> > From: Mudhar,PS,Parminder,CEG2 R
> > Sent:
.1.1.1
# ifconfig gif0 10.1.1.2 10.1.1.1 netmask 255.255.255.252
# route add -net 192.168.1.0 10.1.1.1 -netmask 255.255.255.0
That should be all you need. Like I mentioned earlier, also make
sure that your firewall is letting it through.
Nick Rogness
- Keep on routing i
orwarded to the address even though they weren't. That was the
confusing part. A little rewording on the man page would help.
Thanks for the clarification.
Nick Rogness
- Keep on routing in a Free World...
"FreeBSD: The Power to Serve "
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
ipfw add 501 allow udp from $ns1 53 to any out via $outside_int
DNS (source port) requests will not necessarily run on port 53.
Nick Rogness
- Keep on routing in a Free World...
"FreeBSD: The Power to Serve "
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
;inet... netmask ... broadcast... media ???"
mediaopt full-duplex
Nick Rogness <[EMAIL PROTECTED]>
- Keep on routing in a Free World...
"FreeBSD: The Power to Serve!"
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
re a tad tricky. Using
a combination of skipto's, natd's, and fwd it seems to work
OK. If anyone would like more detail (config files, etc) please
let me know.
There may be a better solution...anyone?
Nick Rogness <[EMAIL PROTECTED]>
- Keep on routing in a Free World...
"FreeBSD: The Power to Serve!"
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
On Wed, 7 Mar 2001, Andy [TECC NOPS] wrote:
> Can anyone point out the obvious mistake
> I must be making?
In /etc/rc.conf:
firewall_enable="YES"
I can't remember if you need this even if the kernel is compiled
with IPFIREWALL
leset would look like this:
...
ipfw divert 8668 ip from any to any via fxp0
ipfw fwd A.A.A.A ip from external_range_1 to any out via fxp0
ipfw fwd B.B.B.B ip from external_range_2 to any out via fxp0
...
...
Where A.A.A.A is the gateway address of the external_range_1 and B.B.B.B
is the gateway ad
ule is running on...and
even then it is very tricky.
If you search the archives back a couple of days, I gave an
exmaple of how you would approach a problem like this.
Nick Rogness <[EMAIL PROTECTED]>
- Keep on routing in a Free World...
"FreeBSD: The Po
On Wed, 7 Mar 2001, Nick Rogness wrote:
ACK! Read your message wrong...let me clarify.
> On Wed, 7 Mar 2001, Peter Brezny wrote:
>
> >
> > Let's say I had two internal subnets that i'd like to nat with different
> > external ip's, while also
On Wed, 7 Mar 2001, Nick Rogness wrote:
ACK! I read your email wrong. I responded with the correct
reply...please void the message below.
> >
> > Won't your example below show all outbound traffic from the same
> > external ip, the ip that natd uses?
maybe a ifconfig option?
Nick Rogness <[EMAIL PROTECTED]>
- Keep on routing in a Free World...
"FreeBSD: The Power to Serve!"
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
ecause, when i configure the
> secondaries to use an internal address of the primary dns server
> (which has a keep-state allow all internal rule) in my test
> environment, the updates occur as expected.
yes, it is a firewall issue.
Nick Rogness <[EMAIL PROTECTED]>
- Keep
nk 'duh stupid'.
Anyway, Thanks for the reply...I appreciate it.
[Sorry for the rant].
Nick Rogness <[EMAIL PROTECTED]>
- Keep on routing in a Free World...
"FreeBSD: The Power to Serve!"
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
On Fri, 16 Mar 2001, Jeroen Ruigrok/Asmodai wrote:
> -On [20010310 04:00], Nick Rogness ([EMAIL PROTECTED]) wrote:
> >
> >Is anyone working on route caching functionality within FreeBSD? This
> >would eliminate a lot of problems with using FreeBSD as a router...which
&g
or is there another
way (besides building it with a huge number up front)? Whereas
with nos-tun you just MAKEDEV a new tunnel device and your in
business.
Nick Rogness <[EMAIL PROTECTED]>
- Keep on routing in a Free World...
"FreeBSD: The Power to Serve!"
re running nat in this caseyour hosed.
You can check out route-cache at Cisco's online site. It may help
to clarify as to why you would want to do this.
If you check the -net mailing list this problem re-occurs over and
over and over and over and over. T
On Sat, 17 Mar 2001, Nick Rogness wrote:
More clarification.
>
> > I completely fail to see that you have actually stated a problem yet.
> >
> > What exactly is the problem you think you're trying to solve here?
> >
>
> Consider the followi
On Sat, 17 Mar 2001, Alex Pilosov wrote:
> On Sat, 17 Mar 2001, Nick Rogness wrote:
>
> > There is no way to tell your packet to go back out to ISP #2. That is the
> > point I'm trying to get across. Unless your running a routing
> > daemon. But is that reall
On Sat, 17 Mar 2001, Alex Pilosov wrote:
> On Sat, 17 Mar 2001, Nick Rogness wrote:
>
> > > b) route-cache means fast lookup of destination gateway. Lookup of
> > > destination gateway may be slow (see d), and it makes sense to keep track
> > > of a TCP connecti
7;s, but it is ugly.
After all, this seems to be a common setup with FreeBSD. If you
want to BGP peer with someone, buy a Cisco.
Nick Rogness <[EMAIL PROTECTED]>
- Keep on routing in a Free World...
"FreeBSD: The Power to Serve!"
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
On Sat, 17 Mar 2001, Julian Elischer wrote:
> Alex Pilosov wrote:
> >
> > On Sat, 17 Mar 2001, Nick Rogness wrote:
> >
> > > There is no way to tell your packet to go back out to ISP #2. That is the
> > > point I'm trying to get across. Unless
the BSD folk...which is understandable...because you would be
breaking the rules. I understand.
PS:
This is not a hack for me, Wes, I suggested it after working with
several people having this same problem. There is a workaround
that is pretty ugly so
or some
unkown reason, *expect* a routing daemon to learn a direct route
to this network or indirect gateway (not a good idea).
That's the only reason I can think of off the top of my head...I'm
sure there's other reasons.
Nick Rogness <[EMAIL PR
/dev/cuaa0 ?
You probably don't have com1 turned on or your kernel is not built
with support for `device sio0`.
Nick Rogness <[EMAIL PROTECTED]>
- Keep on Routing in a Free World...
"FreeBSD: The Power to Serve!"
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
have enabled
> router_enabled="YES" and router="gated" (also tried with "routed") the
> network mask is set as above, though the defaultrouter is set to the router
> of the external network (129.94.232.254)
>
What routing protocol do you have
orth (whichever
> is easier).
>
> Here's what I've tried:
>
> 1. ipfw + 2xnatd, doesn't seem to work, since ipfw rules can't randomly
> choose on of two rules (AFAIK)
Check out the probability stuff in ipfw. There has been a battle
ove
ing table setup."
Ok, what about the inner header setup?
And what about the outside destination ip? How do you
configure that to go out gif0 ? With the -iface flag [tried it
didn't work].
Talk to me Goose!!
Nick Rogness <[EMAIL PROTECTED]&g
On Sat, 7 Apr 2001, Nick Rogness wrote:
>
> Multi-Destination gif tunnel
>
> Anybody had any success at setting these things up? I have a couple of
> questions...maybe someone can answer:
Since noone answered the mail, I will post the solution in case
someone
from the
> box it's in. I can manually add a route, but I still can't ping the
> interface itself.
>
> What have I missed?
xl0 and xl1 are part of the same network...that is a no-no unless
you are bridging.
Nick Rogness <[EMAIL PROTECTED]>
- Keep on Ro
login and receive tunnel
endpoints, routing info, updates and such.
I'm sure this won't suffice but I will send it to you for your own
hacking pleasure if you wish. Or hell, I'll even modify it so it
fits your needs.
Nick Rogness <[EMAIL PROTECT
0.16): 56 data bytes
ping: sendto: Input/output error
ping: sendto: Input/output error
Input/output error...? Someone have some ideas?
Nick Rogness <[EMAIL PROTECTED]>
- Keep on Routing in a Free World...
"Fr
DMZ onto it's own ethernet card and switch like so:
Public (Router)
|
fxp0
|
BSD --fxp2---DMZ
|
fxp1
|
Private Net
/ \
should be sufficient.
On another side note, I would seriously look at splitting off your
DMZ to another network...but, of course, it's your ass not mine.
Nick Rogness <[EMAIL PROTECTED]>
- Keep on Routing in a Free World...
"FreeBSD: The Power to Serve!"
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
and gif(4) multi-destination
> mode uses it to determinte outer header).
Which would be fine. It would be nice to have a way to grow these
gif tunnels on the fly, then nos-tun could be strapped as well.
Nick Rogness <[EMAIL PROTECTED]>
- Keep on Routing in a Free World
r the web for more information. See also ipfw man
page.
Of course, there are other ways to do this, but firewalling is
probably best suited for this task.
Nick Rogness <[EMAIL PROTECTED]>
- Keep on Routing in a Free World...
"FreeBSD: The Power to Serve!"
will only work if
your non-diverted traffic is using a different public IPs...which
I'm assuming you are.
Nick Rogness <[EMAIL PROTECTED]>
- Keep on Routing in a Free World...
"FreeBSD: The Power to Serve!"
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
On Tue, 10 Jul 2001, Julian Elischer wrote:
>
>
> On Tue, 10 Jul 2001, Nick Rogness wrote:
> > You need to add another rule:
> >
> > ipfw add divert natd all from $
o the slowdown.
Turn on natd logging when this occurs and see what is
happening. Submit log if necessary.
Nick Rogness <[EMAIL PROTECTED]>
- Keep on Routing in a Free World...
"FreeBSD: The Power to Serve!"
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
tions" (for example, so as to not be any more
> "disruptive" than necessary to the base-OS configs)?
In /etc/rc.conf:
firewall_enable="YES"
gateway_enable="YES"
natd_enable="YES"
natd_interface="ppp0"
N
On Fri, 14 Sep 2001, x x wrote:
> Is it possible to use a signale FreeBSD box to serve as a NAT and IPSEC
> gateway? I can get either to work, but not both. Thanks.
Yes. Don't send the IPSEC packets through nat. Use gif tunnels
instead.
Nick Rogness <[E
On Wed, 19 Sep 2001, Tony Saign wrote:
> Has anyone used LaBrea successfully on a FreeBSD box?
>
Moved to freebsd-questions.
Nick Rogness <[EMAIL PROTECTED]>
- Keep on Routing in a Free World...
"FreeBSD: The Power to Serve!"
To Unsubscribe: send mail to
lility is that you are being filtered elsewhere.
>
> How should I do to let them work together? (gated or routed???)
It depends if you are trying to achieve redundancy with these 2
providers. if so, you will need to run BGP.
And another thing, questions like this sh
0.1.2.3 ip from any to 1.1.1.1 out recv ed0 xmit xl0
Nick Rogness <[EMAIL PROTECTED]>
- Don't mind me...I'm just sniffing your packets
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
On Fri, 28 Dec 2001, Julian Elischer wrote:
>
>
> On Fri, 28 Dec 2001, Nick Rogness wrote:
>
> > On Fri, 28 Dec 2001, Julian Elischer wrote:
> > >
> >
> > Um, so you can now fwd based on incoming packets? EX:
> >
> > ipfw fwd 1
frames to do the forwarding between interfaces.
Nick Rogness <[EMAIL PROTECTED]>
- Don't mind me...I'm just sniffing your packets
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
if the patch will help you in that manner
anyway.
Nick Rogness <[EMAIL PROTECTED]>
- Don't mind me...I'm just sniffing your packets
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
network (5% of mb_map in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines
I tried Increasing net.inet.udp.recvspace with no luck. WHat is going on?
The Radius server receives the UDP packets but never seems to send the
back.
Nick Rogness <[EM
On Wed, 30 Jan 2002, Nick Rogness wrote:
>
> Our Radius server seems to stop functioning after a while. netstat
> -an reports:
>
> Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
>
> [SNIP]
> udp
On Wed, 30 Jan 2002, Naga R Narayanaswamy wrote:
> Nick Rogness wrote:
> Which radius server package are you using. Because I know there are
> different
> port packages for radius server.
Radiator.
> After how long (days or hours) did you encounter this problem?
>
to no socket
26514 dropped due to full socket buffers
0 not for hashed pcb
1870484 delivered
1854002 datagrams output
Any help would be greatly appreciated.
Nick Rogness <[EMAIL PROTECTED]>
- Don't mind me...I'm just sniffing your packets
To Uns
On Sun, 17 Feb 2002, Zviratko wrote:
>
[SNIP]
>
> I will try that, but I guess default route has precedence over ipfw.
Not in the case of ipfw fwd. The routing decision seems to be
made before ipfw fwd changes the packet.
Nick Rogness <[EMAIL PROTECTED]>
eebsd-net.
Nick Rogness <[EMAIL PROTECTED]>
- Don't mind me...I'm just sniffing your packets
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
to test "transparent proxies" (clients think
> they send requests directly to servers).
>
>
There is probably a better solution than trying to hack the kernel
to do this. From the above paragraph, it sounds like you could
bridge across the 2 interfaces an
On Fri, 5 Apr 2002, Matthew D. Fuller wrote:
> On Fri, Apr 05, 2002 at 06:48:09PM -0600 I heard the voice of
> Nick Rogness, and lo! it spake thus:
> > On Fri, 5 Apr 2002, Alex Rousskov wrote:
> > >
> > > - Is it possible without kernel modifications? How?
> &
>On Sat, 6 Apr 2002, Crist J. Clark wrote:
>> On Sat, Apr 06, 2002 at 01:57:44PM -0600, Nick Rogness wrote:
>>
>>> On Fri, Apr 05, 2002 at 06:48:09PM -0600 I heard the voice of
>>> On Fri, 5 Apr 2002, Matthew D. Fuller wrote:
>>>
>>> You MIG
On Sun, 7 Apr 2002, Crist J. Clark wrote:
> On Sun, Apr 07, 2002 at 08:25:33PM -0500, Nick Rogness wrote:
> >
[SNIP]
> >
> > AFAIK, the route to get from 1 interface to the other is not
> > through the lo0. I'm not sure if the kernel sends these packets
&g
t possible to use multiple NICs on
> the same subnet, since the IP stack would not know which interface to
> use to transmit packets, since it could not use its routing table (as
> the network is the same). But my argument would be, of course it
> should use the interface, which was
ation. I don't know if anything has
changed recently concerning this.
Nick Rogness <[EMAIL PROTECTED]>
- Don't mind me...I'm just sniffing your packets
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
amp; Redundancy. This
patch is for load balancing only.
HSRP has nothing to do with load balancing and is Cisco
proprietary. VRRP has little to do with outbound load balancing
as well.
Nick Rogness <[EMAIL PROTECTED]>
-
How many people here have telekenetic
69 matches
Mail list logo
