On 23/4/18 5:55 pm, Julian Elischer wrote:
On 22/4/18 12:52 pm, GPz1100a wrote:
@John
Did you ever get this fully figured out? I'm trying to do what I
think is
the same thing with my fiber internet connection - eliminate the
need to use
the isp provided gateway (or at least reduce its function). I'm
running
*opnsense*. This thread
https://forum.pfsense.org/index.php?topic=111043.msg793292#msg793292
is what
led me here.
Three nics correspond to the following
em0 - ONT (WAN)
xl0 - 3com pci - isp provided residential gateway (RG)
ue0 - usb nic - LAN
Using Julian's code from Jan 06, 2018; 1:39pm,
ngctl mkpeer em0: etf lower downstream
ngctl name em0:lower waneapfilter
ngctl connect waneapfilter: em0: nomatch upper
ngctl mkpeer xl0: etf lower downstream
ngctl name xl0:lower laneapfilter
ngctl connect laneapfilter: xl0: nomatch upper
* ngctl connect waneapfilter laneapfilter eapout eapout*
ngctl msg waneapfilter: 'setfilter { matchhook="eapout"
ethertype=0x888e }'
ngctl msg laneapfilter: 'setfilter { matchhook="eapout"
ethertype=0x888e }'
When I get to the command in bold it comes back with this error:
root@OPNsense:~ # ngctl connect waneapfilter laneapfilter
eapout eapout
ngctl: send msg: No such file or directory
I'm not sure how to proceed from here.
Thanks for any help you (or others) can offer.
--J
I wish I had known the full picture before..
then I could have added the required bits:
So think you need this:
ONT]----em0]lower---downstream[eapfilter:]nomatch----vlan0[VLAN]downstream----upper[em0...
eapout
|
|
|
RG]------em1]lower---------------/
the following line is no longer true of course
ie. use an etf node on each interface.
ngctl mkpeer igb0: etf lower downstream
ngctl name igb0:lower eapfilter
ngctl mkpeer igb0: vlan upper downstream
ngctl name igb0:upper vlanheader
ngctl msg vlanheader: addfilter '{ vlan=0 hook="vlan0" }'
ngctl connect vlanheader: eapfilter: vlan0 nomatch
ngctl connect eapfilter: igb1: eapout lower
ngctl msg waneapfilter: 'setfilter { matchhook="eapout"
ethertype=0x888e }'
however having sent this I realise it may not work.. because the etf
node doesn't take into account vlan labels, because vlan labels are
them selvesm in fact a special case of ethertype.. (0x8100)
so to know if this will work I need to know what a packet at the
netgraph insertion point looks like:
to find this out, attach the nghook program to an inserted ngtee node
(inserted somewhere in your current graph) and see what comes out.
(with -a ).
so we can see what the packets look like.
note the vlan node is inserted "backwards"..
--
Sent from:
http://freebsd.1045724.x6.nabble.com/freebsd-net-f4005075.html
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
