Re: IPv6 CVS
On Tue, 5 Aug 2008 05:28:17 -0700 Jeremy Chadwick <[EMAIL PROTECTED]> wrote: > On Tue, Aug 05, 2008 at 12:04:33PM +0100, Pegasus Mc Cleaft wrote: > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:owner-freebsd- > > > [EMAIL PROTECTED] On Behalf Of Stefan Sperling > > > Sent: 05 August 2008 11:51 > > > To: Maxim Konovalov > > > Cc: freebsd-hackers@freebsd.org; Pegasus Mc Cleaft; Tim Clewlow > > > Subject: Re: IPv6 CVS > > > > > > On Tue, Aug 05, 2008 at 02:16:35PM +0400, Maxim Konovalov wrote: > > > > On Tue, 5 Aug 2008, 19:52+1000, Tim Clewlow wrote: > > > > > > > > > > > > > > > Hi all, > > > > > > > > > > > > Does anyone know if there are any IPv6 CVS servers for > > > > > > FreeBSD? > > > (As > > > > > > in > > > > > > receiving the STABLE and ports branches) I currently use > > > > > > cvs.freebsd.org but > > > > > > it dosent have an record. > > > > > > > > > > > > Ta > > > > > > > > > > > > Peg > > > > > > > > > > > dig cvsup4.freebsd.org > > > > > > > > > cvs != cvsup. Speaking of cvsup -- cvsup4.ru.freebsd.org has > > > > an ipv6 address as well. > > > > > > AFAIK the Modula3 runtime does not support IPv6. > > > > > > Stefan > > > > Thanks everyone, > > > > Looks like Tim is correct where I am able to ping cvsup4, > > but unfortunately the csup utility reports a fail (Connection > > Refused) as it tries to connect to the V6 address. It will quite > > happily connect to the same machine V4. > > csup is written in C; it does not use Modula3/ezm3. cvsup uses > Modula3/ezm3. The problem is cvsupd - since it's written in Modula3 and doesn't support IPv6 you have to use an inetd/netcat hack to accept IPv6 connections on the server. As mentioned in http://lists.freebsd.org/pipermail/freebsd-current/2008-July/086710.html cvsup18.freebsd.org and cvsup4.ru.freebsd.org both accept IPv6 connections. -- Bruce Cran ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: restore of file system into USB key terrible slow
I've had good luck mounting UFS -o async on USB keys for the purposes of doing bulk operations. It still isn't the fastest thing in the world but it seems fast enough. Softupdates does a *lot* of tiny I/O's, try disabling it (I think mounting async disables softupdates automatically but I'm not sure). -Matt Matthew Dillon <[EMAIL PROTECTED]> ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: restore of file system into USB key terrible slow
On Tue, Aug 05, 2008 at 05:06:09PM +0200, Oliver Fromme wrote: > Matthias Apitz wrote: > > [...] > > > I'm trying to restore a DUMP into an USB key; the DUMP was extracted > > > from another USB key which I just want to colne this way; > > Note that dump/restore isn't a very fast method to clone > a file system. Actually, a few years ago it was horribly > slow, but it was improved somewhat. It's better now, but > still not very fast. Additonally some flash devices are horribly slow when it comes to many small random writes, which writing many small files does. Internally they do read modify writes on physically larger blocks. It is often much faster to do the FS work on an image and then dd the image to the USB stick using 64k to 256k transfers. MLC flash devices are typical candidates for being extremly slow with small random writs. If speed is an issue you should take care and invest in the higher price to buy SLC devices. -- B.Walter <[EMAIL PROTECTED]> http://www.bwct.de Modbus/TCP Ethernet I/O Baugruppen, ARM basierte FreeBSD Rechner uvm. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: restore of file system into USB key terrible slow
Matthias Apitz wrote: > [...] > > I'm trying to restore a DUMP into an USB key; the DUMP was extracted > > from another USB key which I just want to colne this way; Note that dump/restore isn't a very fast method to clone a file system. Actually, a few years ago it was horribly slow, but it was improved somewhat. It's better now, but still not very fast. Personally I recommend to try cpdup (from ports/sysutils). You can simply type "cpdup /src /dst" and it will make an exact copy (except for sparse files). A nice feature of cpdup is that it doesn't copy files that already exist in the destination. Another way copy a directory tree is to use find+cpio: cd /src; find -d . | cpdio -dump /dst Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "I made up the term 'object-oriented', and I can tell you I didn't have C++ in mind." -- Alan Kay, OOPSLA '97 ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Q: case studies about scalable, enterprise-class firewall w/ IPFilter
El día Tuesday, August 05, 2008 a las 08:55:38AM -0400, Andrew Duane escribió: > Well, there are always Juniper Networks boxes :-) Exactly this is what I'm not wanting to end up with :-) -- Matthias Apitz w http://www.UnixArea.de/ b http://gurucubano.blogspot.com/ We should all learn from the peoples of The Netherlands, France and Ireland. Aprendamos todos de los pueblos de Holanda, Francia e Irlanda. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Q: case studies about scalable, enterprise-class firewall w/ IPFilter
Well, there are always Juniper Networks boxes :-) -Original Message- From: [EMAIL PROTECTED] on behalf of Matthias Apitz Sent: Tue 8/5/2008 4:05 AM To: freebsd-hackers@freebsd.org Subject: Fwd: Q: case studies about scalable,enterprise-class firewall w/ IPFilter Hello, I've posted the attached mail in the IP Filter mailing list; the only responses have been bad configured vacation replies :-( someone from freebsd-hackers has an idea? thanks in advance matthias - Forwarded message from Matthias Apitz <[EMAIL PROTECTED]> - From: Matthias Apitz <[EMAIL PROTECTED]> Date: Sun, 3 Aug 2008 08:24:15 +0200 To: IP Filter <[EMAIL PROTECTED]> Subject: Q: case studies about scalable, enterprise-class firewall w/ IPFilter Hello, We're currently protecting our network (and as well some FreeBSD laptops standalone) with IPFilter... I'm wondering if there are any case studies about scalable, enterprise-class firewall solutions, redundancy with state-full failover, and application-level inspection, and all that a like, based on IPFilter and FreeBSD; thanks in advance for any pointers matthias -- Matthias Apitz w http://www.UnixArea.de/ b http://gurucubano.blogspot.com/ We should all learn from the peoples of The Netherlands, France and Ireland. Aprendamos todos de los pueblos de Holanda, Francia e Irlanda. - End forwarded message - ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: IPv6 CVS
> -Original Message- > From: Jeremy Chadwick [mailto:[EMAIL PROTECTED] > Sent: 05 August 2008 13:28 > To: Pegasus Mc Cleaft > Cc: 'Stefan Sperling'; 'Maxim Konovalov'; freebsd-hackers@FreeBSD.org; > 'Tim Clewlow' > Subject: Re: IPv6 CVS > > On Tue, Aug 05, 2008 at 12:04:33PM +0100, Pegasus Mc Cleaft wrote: > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:owner-freebsd- > > > [EMAIL PROTECTED] On Behalf Of Stefan Sperling > > > Sent: 05 August 2008 11:51 > > > To: Maxim Konovalov > > > Cc: freebsd-hackers@freebsd.org; Pegasus Mc Cleaft; Tim Clewlow > > > Subject: Re: IPv6 CVS > > > > > > On Tue, Aug 05, 2008 at 02:16:35PM +0400, Maxim Konovalov wrote: > > > > On Tue, 5 Aug 2008, 19:52+1000, Tim Clewlow wrote: > > > > > > > > > > > > > > > Hi all, > > > > > > > > > > > > Does anyone know if there are any IPv6 CVS servers for > FreeBSD? > > > (As > > > > > > in > > > > > > receiving the STABLE and ports branches) I currently use > > > > > > cvs.freebsd.org but > > > > > > it dosent have an record. > > > > > > > > > > > > Ta > > > > > > > > > > > > Peg > > > > > > > > > > > dig cvsup4.freebsd.org > > > > > > > > > cvs != cvsup. Speaking of cvsup -- cvsup4.ru.freebsd.org has an > ipv6 > > > > address as well. > > > > > > AFAIK the Modula3 runtime does not support IPv6. > > > > > > Stefan > > > > Thanks everyone, > > > > Looks like Tim is correct where I am able to ping cvsup4, but > > unfortunately the csup utility reports a fail (Connection Refused) as > it > > tries to connect to the V6 address. It will quite happily connect to > the > > same machine V4. > > csup is written in C; it does not use Modula3/ezm3. cvsup uses > Modula3/ezm3. > > cvsup4, despite having a public IPv6 address, does not have the cvsup > server bound to IPv6. Meaning: it's IPV4 only. > > Try a different server. Get a list (in sh/bash): > > for i in `jot 30 1`; do echo "==> cvsup$i" ; (host cvsup$i.freebsd.org) > | grep -i ipv6; done > Jeremy, AH HA! Ok.. Thanks for the bash script. I tried it and ran through all the servers... The only server that seems to have cvsup bound to the V6 stack is cvsup18.freebsd.org (raines.cse.buffalo.edu) That helps a lot. Thank you very much.. Peg ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: restore of file system into USB key terrible slow
El día Tuesday, August 05, 2008 a las 11:40:13AM +0200, Matthias Apitz escribió: > > Hello, > > I'm trying to restore a DUMP into an USB key; the DUMP was extracted > from another USB key which I just want to colne this way; > > the USB key type is: > > Aug 5 10:53:34 rebelion kernel: da0 at umass-sim0 bus 0 target 0 lun 0 > Aug 5 10:53:34 rebelion kernel: da0: < Cn Memory 1100> Removable Direct > Access SCSI-0 device > Aug 5 10:53:34 rebelion kernel: da0: 40.000MB/s transfers > Aug 5 10:53:34 rebelion kernel: da0: 3871MB (7928832 512 byte sectors: 255H > 63S/T 493C) > ... > > the restore is *terrible* slow, aound 200 blocks per second: This must have been an issue of the USB key; I've plug'ed in another one: Aug 5 13:53:12 rebelion kernel: da0 at umass-sim0 bus 0 target 0 lun 0 Aug 5 13:53:12 rebelion kernel: da0: Removable Direct Access SCSI-2 device Aug 5 13:53:12 rebelion kernel: da0: 40.000MB/s transfers Aug 5 13:53:12 rebelion kernel: da0: 2037MB (4171776 512 byte sectors: 255H 63S/T 259C) and the restore of about 600 MByte was done in half hour; sorry for bother the list with this; matthias -- Matthias Apitz Manager Technical Support - OCLC GmbH Gruenwalder Weg 28g - 82041 Oberhaching - Germany t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211 e <[EMAIL PROTECTED]> - w http://www.oclc.org/ http://www.UnixArea.de/ b http://gurucubano.blogspot.com/ We should all learn from the peoples of The Netherlands, France and Ireland. Aprendamos todos de los pueblos de Holanda, Francia e Irlanda. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: IPv6 CVS
On Tue, Aug 05, 2008 at 12:04:33PM +0100, Pegasus Mc Cleaft wrote: > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:owner-freebsd- > > [EMAIL PROTECTED] On Behalf Of Stefan Sperling > > Sent: 05 August 2008 11:51 > > To: Maxim Konovalov > > Cc: freebsd-hackers@freebsd.org; Pegasus Mc Cleaft; Tim Clewlow > > Subject: Re: IPv6 CVS > > > > On Tue, Aug 05, 2008 at 02:16:35PM +0400, Maxim Konovalov wrote: > > > On Tue, 5 Aug 2008, 19:52+1000, Tim Clewlow wrote: > > > > > > > > > > > > Hi all, > > > > > > > > > > Does anyone know if there are any IPv6 CVS servers for FreeBSD? > > (As > > > > > in > > > > > receiving the STABLE and ports branches) I currently use > > > > > cvs.freebsd.org but > > > > > it dosent have an record. > > > > > > > > > > Ta > > > > > > > > > > Peg > > > > > > > > > dig cvsup4.freebsd.org > > > > > > > cvs != cvsup. Speaking of cvsup -- cvsup4.ru.freebsd.org has an ipv6 > > > address as well. > > > > AFAIK the Modula3 runtime does not support IPv6. > > > > Stefan > > Thanks everyone, > > Looks like Tim is correct where I am able to ping cvsup4, but > unfortunately the csup utility reports a fail (Connection Refused) as it > tries to connect to the V6 address. It will quite happily connect to the > same machine V4. csup is written in C; it does not use Modula3/ezm3. cvsup uses Modula3/ezm3. cvsup4, despite having a public IPv6 address, does not have the cvsup server bound to IPv6. Meaning: it's IPV4 only. Try a different server. Get a list (in sh/bash): for i in `jot 30 1`; do echo "==> cvsup$i" ; (host cvsup$i.freebsd.org) | grep -i ipv6; done -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: IPv6 CVS
Stefan Sperling wrote: On Tue, Aug 05, 2008 at 02:16:35PM +0400, Maxim Konovalov wrote: On Tue, 5 Aug 2008, 19:52+1000, Tim Clewlow wrote: Hi all, Does anyone know if there are any IPv6 CVS servers for FreeBSD? (As in receiving the STABLE and ports branches) I currently use cvs.freebsd.org but it dosent have an record. Ta Peg dig cvsup4.freebsd.org cvs != cvsup. Speaking of cvsup -- cvsup4.ru.freebsd.org has an ipv6 address as well. AFAIK the Modula3 runtime does not support IPv6. Yeah, you have to use an IPv6 to IPv4 proxy like stone. (ports: net/stone, http://www.gcd.org/sengoku/stone/) Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
RE: IPv6 CVS
> -Original Message- > From: [EMAIL PROTECTED] [mailto:owner-freebsd- > [EMAIL PROTECTED] On Behalf Of Stefan Sperling > Sent: 05 August 2008 11:51 > To: Maxim Konovalov > Cc: freebsd-hackers@freebsd.org; Pegasus Mc Cleaft; Tim Clewlow > Subject: Re: IPv6 CVS > > On Tue, Aug 05, 2008 at 02:16:35PM +0400, Maxim Konovalov wrote: > > On Tue, 5 Aug 2008, 19:52+1000, Tim Clewlow wrote: > > > > > > > > > Hi all, > > > > > > > > Does anyone know if there are any IPv6 CVS servers for FreeBSD? > (As > > > > in > > > > receiving the STABLE and ports branches) I currently use > > > > cvs.freebsd.org but > > > > it dosent have an record. > > > > > > > > Ta > > > > > > > > Peg > > > > > > > dig cvsup4.freebsd.org > > > > > cvs != cvsup. Speaking of cvsup -- cvsup4.ru.freebsd.org has an ipv6 > > address as well. > > AFAIK the Modula3 runtime does not support IPv6. > > Stefan Thanks everyone, Looks like Tim is correct where I am able to ping cvsup4, but unfortunately the csup utility reports a fail (Connection Refused) as it tries to connect to the V6 address. It will quite happily connect to the same machine V4. Stefan's explanation may be the reason for this.. Dono.. Peg ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: IPv6 CVS
On Tue, Aug 05, 2008 at 02:16:35PM +0400, Maxim Konovalov wrote: > On Tue, 5 Aug 2008, 19:52+1000, Tim Clewlow wrote: > > > > > > Hi all, > > > > > > Does anyone know if there are any IPv6 CVS servers for FreeBSD? (As > > > in > > > receiving the STABLE and ports branches) I currently use > > > cvs.freebsd.org but > > > it dosent have an record. > > > > > > Ta > > > > > > Peg > > > > > dig cvsup4.freebsd.org > > > cvs != cvsup. Speaking of cvsup -- cvsup4.ru.freebsd.org has an ipv6 > address as well. AFAIK the Modula3 runtime does not support IPv6. Stefan ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: IPv6 CVS
On Tue, 5 Aug 2008, 19:52+1000, Tim Clewlow wrote: > > > Hi all, > > > > Does anyone know if there are any IPv6 CVS servers for FreeBSD? (As > > in > > receiving the STABLE and ports branches) I currently use > > cvs.freebsd.org but > > it dosent have an record. > > > > Ta > > > > Peg > > > dig cvsup4.freebsd.org > cvs != cvsup. Speaking of cvsup -- cvsup4.ru.freebsd.org has an ipv6 address as well. -- Maxim Konovalov ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Fwd: Q: case studies about scalable, enterprise-class firewall w/ IPFilter
Hello Matthias, On Tuesday 05 August 2008 10:05:20 Matthias Apitz wrote: > We're currently protecting our network (and as well some FreeBSD laptops > standalone) with IPFilter... I'm wondering if there are any case studies > about scalable, enterprise-class firewall solutions, redundancy with > state-full failover, and application-level inspection, and all that a > like, based on IPFilter and FreeBSD; > > thanks in advance for any pointers if IPFilter isn't the primary selection criteria, you might want to take a look at www.pfsense.org. Application-level inspection is just in the making, but all your other feature requests get a check mark. -- /"\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: IPv6 CVS
> Hi all, > > Does anyone know if there are any IPv6 CVS servers for FreeBSD? (As > in > receiving the STABLE and ports branches) I currently use > cvs.freebsd.org but > it dosent have an record. > > Ta > > Peg > dig cvsup4.freebsd.org ; <<>> DiG 9.4.2 <<>> cvsup4.freebsd.org ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34684 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 6, ADDITIONAL: 0 ;; QUESTION SECTION: ;cvsup4.freebsd.org.IN ;; ANSWER SECTION: cvsup4.freebsd.org. 3600IN CNAME freebsd.isc.org. freebsd.isc.org.3600IN 2001:4f8:0:2::e ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
IPv6 CVS
Hi all, Does anyone know if there are any IPv6 CVS servers for FreeBSD? (As in receiving the STABLE and ports branches) I currently use cvs.freebsd.org but it dosent have an record. Ta Peg ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
restore of file system into USB key terrible slow
Hello, I'm trying to restore a DUMP into an USB key; the DUMP was extracted from another USB key which I just want to colne this way; the USB key type is: Aug 5 10:53:34 rebelion kernel: da0 at umass-sim0 bus 0 target 0 lun 0 Aug 5 10:53:34 rebelion kernel: da0: < Cn Memory 1100> Removable Direct Access SCSI-0 device Aug 5 10:53:34 rebelion kernel: da0: 40.000MB/s transfers Aug 5 10:53:34 rebelion kernel: da0: 3871MB (7928832 512 byte sectors: 255H 63S/T 493C) and I've created a partition (only one covering the full ~4 GByte) and a file system as: # newfs -m 0 -o space /dev/da0s1a /dev/da0s1a: 3867.2MB (7919964 sectors) block size 16384, fragment size 2048 using 22 cylinder groups of 183.77MB, 11761 blks, 23552 inodes. super-block backups (for fsck -b #) at: 160, 376512, 752864, 1129216, 1505568, 1881920, 2258272, 2634624, 3010976, 3387328, 3763680, 4140032, 4516384, 4892736, 5269088, 5645440, 6021792, 6398144, 6774496, 7150848, 7527200, 7903552 # mount /dev/da0s1a /mnt # cd /mnt # restore -rv -f /home/guru/myThings/FreeBSD/tinyUsb.dmp Verify tape and initialize maps Tape block size is 32 Header with wrong dumpdate. Dump date: Tue Aug 5 09:50:36 2008 Dumped from: the epoch Level 0 dump of /mnt on rebelion.Sisis.de:/dev/da0s1a Label: none Begin level 0 restore Initialize symbol table. Extract directories from tape Calculate extraction list. warning: ./.snap: File exists Make node ./var Make node ./var/account Make node ./var/at Make node ./var/at/jobs Make node ./var/at/spool Make node ./var/audit the restore is *terrible* slow, aound 200 blocks per second: $ df -k /mnt ; sleep 60 ; df -k /mnt Filesystem 1024-blocks Used Avail Capacity Mounted on /dev/da0s1a 3829660 454 3829206 0%/mnt Filesystem 1024-blocks Used Avail Capacity Mounted on /dev/da0s1a 3829660 642 3829018 0%/mnt Am I doing something wrong? What means 'Header with wrong dumpdate'? matthias -- Matthias Apitz Manager Technical Support - OCLC GmbH Gruenwalder Weg 28g - 82041 Oberhaching - Germany t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211 e <[EMAIL PROTECTED]> - w http://www.oclc.org/ http://www.UnixArea.de/ b http://gurucubano.blogspot.com/ We should all learn from the peoples of The Netherlands, France and Ireland. Aprendamos todos de los pueblos de Holanda, Francia e Irlanda. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Fwd: Q: case studies about scalable, enterprise-class firewall w/ IPFilter
> > Hello, > > I've posted the attached mail in the IP Filter mailing list; the > only > responses have been bad configured vacation replies :-( > > someone from freebsd-hackers has an idea? thanks in advance > > matthias > > - Forwarded message from Matthias Apitz <[EMAIL PROTECTED]> - > > From: Matthias Apitz <[EMAIL PROTECTED]> > Date: Sun, 3 Aug 2008 08:24:15 +0200 > To: IP Filter <[EMAIL PROTECTED]> > Subject: Q: case studies about scalable, enterprise-class firewall > w/ IPFilter > > > Hello, > > We're currently protecting our network (and as well some FreeBSD > laptops > standalone) with IPFilter... I'm wondering if there are any case > studies > about scalable, enterprise-class firewall solutions, redundancy with > state-full failover, and application-level inspection, and all that > a > like, based on IPFilter and FreeBSD; > > thanks in advance for any pointers > > matthias > -- Hi there, I have never used ipfilter, but I do use pf, and it can do state-full failover, or firewall redundancy, with CARP (the Common Address Redundancy Protocol) and pfsync. If there is an equivalent syncing program, eg ipfiltersync then you could use that with CARP to allow an ipfilter firewall to fail-over with full state tables intact. Also, you can inspect all manner of status info and tables for a running firewall with pfctl, there must be an equivalent for ipfilter. If you are looking for general info about building a firewall, eg tcp and ip headers, plus icmp and voip and other protocols, then I would recommend the following tutorial, it has a huge amount of information - it is a lot more than just a tutorial on iptables. http://iptables-tutorial.frozentux.net/iptables-tutorial.html Lastly, the "OpenBSD PF Packet Filter Book" has been very useful for me, but I use pf where possible - I think it is the easiest, and paradoxically the most powerful of all packet filters, but that is my personal opinion, YMMV. Cheers, Tim. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Q: case studies about scalable, enterprise-class firewall w/ IPFilter
Hi, On Tue, Aug 5, 2008 at 10:05 AM, Matthias Apitz <[EMAIL PROTECTED]> wrote: > > Hello, > > I've posted the attached mail in the IP Filter mailing list; the only > responses have been bad configured vacation replies :-( > > someone from freebsd-hackers has an idea? thanks in advance > >matthias > > - Forwarded message from Matthias Apitz <[EMAIL PROTECTED]> - > > From: Matthias Apitz <[EMAIL PROTECTED]> > Date: Sun, 3 Aug 2008 08:24:15 +0200 > To: IP Filter <[EMAIL PROTECTED]> > Subject: Q: case studies about scalable, enterprise-class firewall w/ IPFilter > > > Hello, > > We're currently protecting our network (and as well some FreeBSD laptops > standalone) with IPFilter... I'm wondering if there are any case studies > about scalable, enterprise-class firewall solutions, redundancy with > state-full failover, and application-level inspection, and all that a > like, based on IPFilter and FreeBSD; Hmm, none that I know of, but I would be interested to (get) involved in such a project (on behalf of the emerging EntepriseBSD project and/or business consulting). I have been working with IPFilter in the past, even built a pretty complex setup for the university where I've been studying (might be still running) with statefull tables (kept across reboots) and the associated scaling problems. Besides sporadic issues (with lost sessions due to overflowing the session tables until I fine-tuned the IPF state timeouts) it was quite a success. Nowadays I believe the trend is to use pf(4) instead of ipf(4) as it offers quite the same functionality under a presumably better license (although I sometimes miss the hierarchical structuring available through group/head in IPFilter). Let me know if I can be of help. Regards, Adrian Penisoara EnterpriseBSD project / ROFUG Ady (@enterprisebsd.info, @bsdconsultants.com) ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Fwd: Q: case studies about scalable, enterprise-class firewall w/ IPFilter
Hello, I've posted the attached mail in the IP Filter mailing list; the only responses have been bad configured vacation replies :-( someone from freebsd-hackers has an idea? thanks in advance matthias - Forwarded message from Matthias Apitz <[EMAIL PROTECTED]> - From: Matthias Apitz <[EMAIL PROTECTED]> Date: Sun, 3 Aug 2008 08:24:15 +0200 To: IP Filter <[EMAIL PROTECTED]> Subject: Q: case studies about scalable, enterprise-class firewall w/ IPFilter Hello, We're currently protecting our network (and as well some FreeBSD laptops standalone) with IPFilter... I'm wondering if there are any case studies about scalable, enterprise-class firewall solutions, redundancy with state-full failover, and application-level inspection, and all that a like, based on IPFilter and FreeBSD; thanks in advance for any pointers matthias -- Matthias Apitz w http://www.UnixArea.de/ b http://gurucubano.blogspot.com/ We should all learn from the peoples of The Netherlands, France and Ireland. Aprendamos todos de los pueblos de Holanda, Francia e Irlanda. - End forwarded message - ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"