From owner-freebsd-net Sun Dec 31 1:43:42 2000 From owner-freebsd-net@FreeBSD.ORG Sun Dec 31 01:43:37 2000 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from herbelot.dyndns.org (s014.dhcp212-24.cybercable.fr [212.198.24.14]) by hub.freebsd.org (Postfix) with ESMTP id 99A3937B402 for ; Sun, 31 Dec 2000 01:43:36 -0800 (PST) Received: from free.fr (multi.herbelot.nom [192.168.1.2]) by herbelot.dyndns.org (8.9.3/8.9.3) with ESMTP id KAA31442; Sun, 31 Dec 2000 10:43:32 +0100 (CET) (envelope-from thierry.herbelot@free.fr) Sender: thierry.herbelot@herbelot.dyndns.org Message-ID: <3A4EFFC4.5909C768@free.fr> Date: Sun, 31 Dec 2000 10:43:32 +0100 From: Thierry Herbelot X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Mike Gruver Cc: freebsd-net@FreeBSD.ORG Subject: Re: Automating rc.firewall update from dhclient.leases References: <000a01c072d6$e6d41380$0200a8c0@digitalavalanche.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org No need to do any shell script : add the following lines in your /etc/rc.conf (the important line is the third "-dynamic") natd_enable="YES" # Enable natd (if firewall_enable == YES). natd_interface="ed1" # Public interface or IPaddress to use. natd_flags="-dynamic" # Additional flags for natd. TfH Mike Gruver wrote: > > > I have a FreeBSD server as a gatewar and firewall for a small LAN. It is > > running NATD for the LAN with non-routable IPs on the secondary adapter, > as > > it is a dual-homed host, it uses DHCP to get an IP from the ISP for the > > primary adapter. This presents a problem occasionally when a new lease is > > given and the rc.firewall file needs to be updated. > > > > Does anyone have a script that parses the dhclient.leases file from the > > rc.firewall at startup? What would be optimum are direct references in > the > > rc.firewall for the IP, subnet mask and router. I am not very strong with > > shell programming (that should be obvious) so I have not been able to > figure > > this out. Seems like it should be straight forward and would be a nice > > addition for most anyone who is running a FreeBSD firewall. > > > > Thanks, > > > > mgruver@carolina.rr.com > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message -- Thierry Herbelot To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Dec 31 12: 7:52 2000 From owner-freebsd-net@FreeBSD.ORG Sun Dec 31 12:07:49 2000 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from freesbee.wheel.dk (freesbee.wheel.dk [193.162.159.97]) by hub.freebsd.org (Postfix) with ESMTP id 66CF737B400; Sun, 31 Dec 2000 12:07:48 -0800 (PST) Received: by freesbee.wheel.dk (Postfix, from userid 1001) id CBB053E4B; Sun, 31 Dec 2000 21:07:46 +0100 (CET) Date: Sun, 31 Dec 2000 21:07:46 +0100 From: Jesper Skriver To: Don Lewis Cc: Kris Kennaway , Poul-Henning Kamp , security-officer@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: Re: what to do now ? Was: cvs commit: src/sys/netinet ip_icmp.c tcp_subr.c tcp_var.h Message-ID: <20001231210746.A81834@skriver.dk> References: <20001218182600.C1856@skriver.dk> <20001219222730.A29741@skriver.dk> <200012201046.CAA19456@salsa.gv.tsc.tdk.com> <20001220155118.N81814@skriver.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001220155118.N81814@skriver.dk>; from jesper@skriver.dk on Wed, Dec 20, 2000 at 03:51:18PM +0100 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Dec 20, 2000 at 03:51:18PM +0100, Jesper Skriver wrote: > On Wed, Dec 20, 2000 at 02:46:21AM -0800, Don Lewis wrote: > > > } @@ -714,6 +715,15 @@ > > } (lport && inp->inp_lport != lport) || > > } (laddr.s_addr && inp->inp_laddr.s_addr != laddr.s_addr) || > > } (fport && inp->inp_fport != fport)) { > > } + inp = inp->inp_list.le_next; > > } + continue; > > > > Wouldn't it be more cleaner (gets rid of the loop) and more efficient (if > > we're getting blasted with ICMP messages) to use in_pcblookup_hash()? > > I didn't change the loop, but I'll have a look at this code, to see if > we can improve it, but again, to get moving, I'd like to commit this, > and leave this for a later improvement, ok ? I've looked at this, and as far as I can see we cannot use in_pcblookup_hash, as it lookup a single session, and the code can in other cases act on multiple sessions, path MTU discovery is such a case. /Jesper -- Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456 Work: Network manager @ AS3292 (Tele Danmark DataNetworks) Private: Geek @ AS2109 (A much smaller network ;-) One Unix to rule them all, One Resolver to find them, One IP to bring them all and in the zone to bind them. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Dec 31 12:33:45 2000 From owner-freebsd-net@FreeBSD.ORG Sun Dec 31 12:33:43 2000 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id EED7937B400 for ; Sun, 31 Dec 2000 12:33:42 -0800 (PST) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id PAA08488; Sun, 31 Dec 2000 15:33:36 -0500 (EST) (envelope-from wollman) Date: Sun, 31 Dec 2000 15:33:36 -0500 (EST) From: Garrett Wollman Message-Id: <200012312033.PAA08488@khavrinen.lcs.mit.edu> To: "C. Stephen Gunn" Cc: Andrea Franceschini , Ferdinand Goldmann , "freebsd-net@FreeBSD.ORG" Subject: Re: Problems with VLAN and natd. In-Reply-To: <20001230004646.A5433@waterspout.com> References: <3A4CC2E7.DCA1C60C@cs.tin.it> <20001230004646.A5433@waterspout.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > Yes, ifconfig mtu 1500 is what you want. Actually, no, it's not what you want (although the underlying code is broken enough to let it ``work'' anyway). What you want is to fix the parent network interface driver to indicate its readiness to receive 1522-octet frames by setting its if_data.ifi_hdrlen field to 18 rather than 14. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Dec 31 14:58:44 2000 From owner-freebsd-net@FreeBSD.ORG Sun Dec 31 14:58:43 2000 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from tsunami.waterspout.com (tsunami.waterspout.com [208.13.56.11]) by hub.freebsd.org (Postfix) with ESMTP id 8A85137B402 for ; Sun, 31 Dec 2000 14:58:42 -0800 (PST) Received: from waterspout.com (tsunami.fw.waterspout.com [208.13.60.34]) by tsunami.waterspout.com (8.9.3/8.9.3) with ESMTP id RAA53006; Sun, 31 Dec 2000 17:58:35 -0500 (EST) (envelope-from csg@waterspout.com) Message-Id: <200012312258.RAA53006@tsunami.waterspout.com> To: Garrett Wollman Cc: "C. Stephen Gunn" , Andrea Franceschini , Ferdinand Goldmann , "freebsd-net@FreeBSD.ORG" Subject: Re: Problems with VLAN and natd. In-Reply-To: Your message of "Sun, 31 Dec 2000 15:33:36 EST." <200012312033.PAA08488@khavrinen.lcs.mit.edu> From: csg@waterspout.com (C. Stephen Gunn) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <94957.978303793.1@waterspout.com> Date: Sun, 31 Dec 2000 18:03:13 -0500 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 31 Dec 2000 15:33:36 EST, Garrett Wollman wrote: > Actually, no, it's not what you want (although the underlying code is > broken enough to let it ``work'' anyway). What you want is to fix the > parent network interface driver to indicate its readiness to receive > 1522-octet frames by setting its if_data.ifi_hdrlen field to 18 rather > than 14. Garrett is correct. My confirmation was intended to tell you it would work, not that you're in an ideal situation. Then again, you're applying miscellaneous patches to your ethernet drivers to get vlans to work, so you're probably aware you're in the weeds. I'm not sure that the solution is simply a fix to the parent ethernet device driver, since it's legitimate (but perhaps not advisable) to have tagged and untagged frames on the same wire. Setting the ifi_hdrlen for the entire physical interface seems incomplete also. The current VLAN (and Ethernet) implementaiton in FreeBSD needs work. FreeBSD should should handle multiple ethernet encapsulations on the same physical interface, and relay packets to/from some subordinate interface. This support would factor-out the need for current work-arounds like if_vlan, and if_ef, and perhaps even if_tap. - Steve -- C. Stephen Gunn URL: http://www.waterspout.com/ WaterSpout Communications, Inc. Email: csg@waterspout.com 427 North 6th Street Phone: +1 765.742.6628 Lafayette, IN 47901 Fax: +1 765.742.0646 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Dec 31 19:55:44 2000 From owner-freebsd-net@FreeBSD.ORG Sun Dec 31 19:55:41 2000 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mail.interware.hu (mail.interware.hu [195.70.32.130]) by hub.freebsd.org (Postfix) with ESMTP id 07E3437B400 for ; Sun, 31 Dec 2000 19:55:41 -0800 (PST) Received: from bissau-27.budapest.interware.hu ([195.70.53.155] helo=elischer.org) by mail.interware.hu with esmtp (Exim 3.16 #1 (Debian)) id 14Cw4I-0007Oo-00; Mon, 01 Jan 2001 04:55:30 +0100 Sender: julian@FreeBSD.ORG Message-ID: <3A4FFF6B.F8C20C5@elischer.org> Date: Sun, 31 Dec 2000 19:54:19 -0800 From: Julian Elischer X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 5.0-CURRENT i386) X-Accept-Language: en, hu MIME-Version: 1.0 To: "C. Stephen Gunn" Cc: Garrett Wollman , Andrea Franceschini , Ferdinand Goldmann , "freebsd-net@FreeBSD.ORG" Subject: Re: Problems with VLAN and natd. References: <200012312258.RAA53006@tsunami.waterspout.com> Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "C. Stephen Gunn" wrote: > > On Sun, 31 Dec 2000 15:33:36 EST, Garrett Wollman wrote: > > > Actually, no, it's not what you want (although the underlying code is > > broken enough to let it ``work'' anyway). What you want is to fix the > > parent network interface driver to indicate its readiness to receive > > 1522-octet frames by setting its if_data.ifi_hdrlen field to 18 rather > > than 14. > > Garrett is correct. My confirmation was intended to tell you it > would work, not that you're in an ideal situation. Then again, you're > applying miscellaneous patches to your ethernet drivers to get vlans > to work, so you're probably aware you're in the weeds. > > I'm not sure that the solution is simply a fix to the parent ethernet > device driver, since it's legitimate (but perhaps not advisable) > to have tagged and untagged frames on the same wire. Setting the > ifi_hdrlen for the entire physical interface seems incomplete also. > > The current VLAN (and Ethernet) implementaiton in FreeBSD needs work. > FreeBSD should should handle multiple ethernet encapsulations on > the same physical interface, and relay packets to/from some subordinate > interface. This support would factor-out the need for current > work-arounds like if_vlan, and if_ef, and perhaps even if_tap. sounds like a perfect use for netgraph.. > > - Steve > > -- > C. Stephen Gunn URL: http://www.waterspout.com/ > WaterSpout Communications, Inc. Email: csg@waterspout.com > 427 North 6th Street Phone: +1 765.742.6628 > Lafayette, IN 47901 Fax: +1 765.742.0646 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message -- __--_|\ Julian Elischer / \ julian@elischer.org ( OZ ) World tour 2000 ---> X_.---._/ from Perth, presently in: Budapest v To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message