from:"Sergey Lapin"

Invite from Sergey Lapin ([EMAIL PROTECTED])

2007-06-15 Thread Sergey Lapin

Join Sergey on Quechup

You have been invited to join
SergeyLapin's
friends network

http://quechup.com/ - REGISTER NOW FOR FREE and find out why everyone's
joining

As a member of Quechup you can...
- Start a blog and share your thoughts with private groups, friends or the
world
- Get in touch with old friends.
- Meet new people in your area, or anywhere else in the world.
- Online instant messenger with full video and audio support.
- Socialize with 'friends-of-friends' and mutual acquaintances.
- Increase your social circle
... and so much more!

Become part of Sergey's Quechup.com friends.

New amp; Coming Soon on Quechup

- Games - play Solitaire, Mahjong, Dice, Bubble Up and more online
- Blogs - let people know what you're up to
- Video Posts - use your webcam to record video clips on Quechup
- Member Comments - on photos and blogs

--
You received this because Sergey Lapin ([EMAIL PROTECTED]) knows and
agreed to invite you. You will only receive one invitation from
[EMAIL PROTECTED] Quechup will not spam or sell your email address, see
our privacy policy - http://quechup.com/privacy.php
Go to
http://quechup.com/emailunsubscribe.php/ZW09ZnJlZWJzZC1xdWVzdGlvbnNAZnJlZWJzZC5vcmc%3D
if you do not wish to receive any more emails from Quechup.
--

This e-mail was sent on behalf of SergeyCopyright Quechup.com 2007.
Quechup.com is owned by iDate Ltd
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Broadcom BCM5721 Gigabit Ethernet Controllers

2005-11-14 Thread Sergey Lapin

Hi, all!!!
Are BCM5721's supported?
We'd like to setup router on them - is it a good idea?

Thanks a lot!
S.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Kerberos authentication

2005-08-17 Thread Sergey Lapin

Hi, all!
There is simple Kerberos question.

We have w2k3 PDC here and want to setup one machine
(machine.domain.com) to interoperate with it.
Samba's net ads join works.
kinit works.

but telnet to machine.domain.com from the same machine fails with thw
following debug:
[ Trying mutual KERBEROS5 (host/[EMAIL PROTECTED])... ]
Kerberos V5: mk_req failed (Message stream modified)
[ Trying KERBEROS5 (host/[EMAIL PROTECTED])... ]
Kerberos V5: mk_req failed (Message stream modified)


-bash-2.05b$ klist
Credentials cache: FILE:/tmp/krb5cc_1002
Principal: [EMAIL PROTECTED]

  Issued   Expires  Principal
Aug 17 21:06:40  Aug 18 07:06:40  krbtgt/[EMAIL PROTECTED]


/etc/krb5.conf:
[libdefaults]
  default_realm = DOMAIN.COM
  default_keytab_name = FILE:/etc/krb5.keytab

  dns_lookup_realm = false
  dns_lookup_kdc = true

[domain_realm]
  .domain.com = DOMAIN.COM


[realms]
  DOMAIN.COM = {
  kdc  = tcp/dc.domain.com
  kpasswd_server = dc.domain.com
  admin_server = udp/dc.domain.com
  }
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

kernel debugger

2005-08-10 Thread Sergey Lapin

Hi!
We have some networking problem, with PF and route-to, actually,
system locks and
sends junk to net. But I'm able to enter debugger. Is it possible to
localize problem using it?
I have acess to console and get do debugger prompt. I'd like to make
proper report using debugger to send to freebsd-pf list.

Thanks a lot!

Sergey Lapin
System Administrator
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

pf problems

2005-08-04 Thread Sergey Lapin

 on $dmz_if route-to ($ext_if1 $ext_gw1) proto tcp tagged
DMZ_TO_EXT1 flags S/SA modulate state
pass in quick on $dmz_if route-to ($ext_if1 $ext_gw1) proto { udp,
icmp } tagged DMZ_TO_EXT1 keep state

pass in quick on $dmz_if route-to ($ext_if2 $ext_gw2) proto tcp tagged
DMZ_TO_EXT2 flags S/SA modulate state
pass in quick on $dmz_if route-to ($ext_if2 $ext_gw2) proto { udp,
icmp } tagged DMZ_TO_EXT2 keep state

#  Allow OUT traffic

pass out quick on $ext_if1 route-to ($ext_if2 $ext_gw2) proto tcp
tagged DMZ_TO_EXT2 flags S/SA modulate state
pass out quick on $ext_if1 route-to ($ext_if2 $ext_gw2) proto { udp,
icmp } tagged DMZ_TO_EXT2 keep state

pass out quick on $ext_if2 route-to ($ext_if1 $ext_gw1) proto tcp
tagged DMZ_TO_EXT1 flags S/SA modulate state
pass out quick on $ext_if2 route-to ($ext_if1 $ext_gw1) proto { udp,
icmp } tagged DMZ_TO_EXT1 keep state

#
#  Clasify traffic from Internet to DMZ   
 #
#

# WHISKEY
pass in on vlan0 proto tcp from any to 1.1.1.144/32 port = 22 flags
S/SA keep state tag EXT1_TO_DMZ
pass in on vlan1 proto tcp from any to 2.2.2.2/32 port = 22 flags S/SA
keep state tag EXT2_TO_DMZ

#
#  Allow classified traffic from Internet to DMZ  
 #
#

#  Pass to DMZ traffic already approved by earlier rules
#  and route replies to corresponding interface

#  EXT1
pass out quick on $dmz_if reply-to ($ext_if1 $ext_gw1) proto tcp
tagged EXT1_TO_DMZ flags S/SA keep state
pass out quick on $dmz_if reply-to ($ext_if1 $ext_gw1) tagged
EXT1_TO_DMZ keep state

#  EXT2
pass out quick on $dmz_if reply-to ($ext_if2 $ext_gw2) proto tcp
tagged EXT2_TO_DMZ flags S/SA keep state
pass out quick on $dmz_if reply-to ($ext_if2 $ext_gw2) tagged
EXT2_TO_DMZ keep state


#
#  Other traffic  
 #
#

#  general pass out rules for external interfaces
pass out on { $ext_if1, $ext_if2, $dmz_if } proto tcp from any to any
flags S/SA modulate state
pass out on { $ext_if1, $ext_if2, $dmz_if } proto { udp, icmp } from
any to any keep state

#  Zebra uses IGMP so let it work on DMZ interface
pass out on $dmz_if proto igmp from any to any allow-opts

Test case:
(done from Linix machine from 1.1.1.128/25)

tcpreplay -e 1.1.1.133:255.255.255.255 -i eth0 packet
(where packet is random captured UDP packet using tcpdump -peni)

or

tcpreplay -e 1.1.1.133:10.2.2.2 -i eth0 packet
(where packet is random captured UDP packet)

kills machine.
Machine hangs and doesn't react on keyboard, whatever.
Only reset helps.
Directly blocking addresses in pf.conf help and normal connections
with UDP disabled
work well.
Any ideas?
Thanks a lot!

Sergey Lapin
System Administrator
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: dummynet problems

2005-04-06 Thread Sergey Lapin

 I don't use dummynet myself, but surely it would be easier to help you
 if you described what the actual problem is?
 
Well, actual problem description:
FreeBSD-5.3 router;
rl0 - internal interface
rl1 - external.
rl1 is connected to ADSL modem from provider;
The link bandwidth is 64kbps.

${fwcmd} -f flush
${fwcmd} -f pipe flush
${fwcmd} pipe 1 config bw 64Kbit/s queue 10KBytes
${fwcmd} queue 4 config pipe 1 weight 1 mask dst-ip 0x buckets
10 queue 9 gred 0.002/7/21/0.1
${fwcmd} add 780 queue 4 log logamount 10 tcp from any to
192.168.0.30/32 out via rl0
${fwcmd} queue 10 config pipe 1 weight 100 mask dst-ip 0x
queue 9 gred 0.002/7/21/0.1
${fwcmd} add 790 queue 10 log logamount 10 tcp from any to
192.168.0.99/32 out via rl0
${fwcmd} queue 25 config pipe 1 weight 30 mask dst-ip 0x
buckets 15 queue 10 gred 0.002/7/21/0.1
${fwcmd} queue 20 config pipe 1 weight 100 mask dst-ip 0x
buckets 100 queue 9 gred 0.002/7/21/0.1
${fwcmd} queue 30 config pipe 1 weight 20 mask dst-ip 0x
buckets 100 queue 9 gred 0.002/7/21/0.1
${fwcmd} queue 40 config pipe 1 weight 10 mask dst-ip 0x
buckets 100 queue 9 gred 0.002/7/21/0.1
${fwcmd} add 891 queue 20 log logamount 10 tcp from any 5190 to
192.168.0.1/25  out via rl0
${fwcmd} add 892 queue 25 log logamount 10 tcp from any to 192.168.0.6
out via rl0
${fwcmd} add 893 queue 25 log logamount 10 tcp from any to
192.168.0.29 out via rl0
${fwcmd} add 894 queue 25 log logamount 10 tcp from any to
192.168.0.62 out via rl0
${fwcmd} add 895 queue 25 log logamount 10 tcp from any to
192.168.0.27 out via rl0
${fwcmd} add 898 queue 30 log logamount 10 tcp from any
25,110,43,53,119,123,143,953 to
192.168.0.1/25{1-3,5,7-26,28,31-61,63-98,100}  out via rl0
${fwcmd} add 897 queue 40 log logamount 10 tcp from any
80,443,3128,21,20 to 192.168.0.1/25{1-3,5,7-26,28,31-61,63-98,100} 
out via rl0

ipfw pipe show:

1:  99.000 Kbit/s0 ms  10 KB 0 queues (1 buckets) droptail
mask: 0x00 0x/0x - 0x/0x
q4: weight 1 pipe 19 sl. 1 queues (10 buckets)
  GRED w_q 0.001999 min_th 7 max_th 21 max_p 0.01
mask: 0x00 0x/0x - 0x/0x
BKT Prot ___Source IP/port Dest. IP/port Tot_pkt/bytes Pkt/Byte Drp
  2 ip   0.0.0.0/0192.168.0.30/0 2198  1821083  00  43
q00010: weight 100 pipe 19 sl. 1 queues (64 buckets)
  GRED w_q 0.001999 min_th 7 max_th 21 max_p 0.01
mask: 0x00 0x/0x - 0x/0x
BKT Prot ___Source IP/port Dest. IP/port Tot_pkt/bytes Pkt/Byte Drp
 51 ip   0.0.0.0/0192.168.0.99/09  813  00   0
q00020: weight 100 pipe 19 sl. 13 queues (100 buckets)
  GRED w_q 0.001999 min_th 7 max_th 21 max_p 0.01
mask: 0x00 0x/0x - 0x/0x
BKT Prot ___Source IP/port Dest. IP/port Tot_pkt/bytes Pkt/Byte Drp
  2 ip   0.0.0.0/0192.168.0.30/0   42 6662  00   0
  5 ip   0.0.0.0/0 192.168.0.1/0   36 6054  00   0
 13 ip   0.0.0.0/0 192.168.0.9/0   37 5021  00   0
 15 ip   0.0.0.0/0192.168.0.11/0   6116333  00   0
 25 ip   0.0.0.0/0192.168.0.53/0   23 3463  00   0
 29 ip   0.0.0.0/0192.168.0.85/0  20123807  00   0
 33 ip   0.0.0.0/0192.168.0.61/0   65 6704  00   0
 34 ip   0.0.0.0/0192.168.0.62/0  16639971  00   0
 38 ip   0.0.0.0/0192.168.0.94/0   36 7726  00   0
 39 ip   0.0.0.0/0192.168.0.35/0  15162681  00   0
 47 ip   0.0.0.0/0192.168.0.71/0  20717475  00   0
 88 ip   0.0.0.0/0192.168.0.16/0   25 4751  00   0
 98 ip   0.0.0.0/0192.168.0.26/0   44 8235  00   0
q00025: weight 30 pipe 1   10 sl. 2 queues (15 buckets)
  GRED w_q 0.001999 min_th 7 max_th 21 max_p 0.01
mask: 0x00 0x/0x - 0x/0x
BKT Prot ___Source IP/port Dest. IP/port Tot_pkt/bytes Pkt/Byte Drp
  5 ip   0.0.0.0/0 192.168.0.6/0 1093   518028  00  51
 14 ip   0.0.0.0/0192.168.0.62/0 3604  2254945  4 3098  50
q00030: weight 20 pipe 19 sl. 8 queues (100 buckets)
  GRED w_q 0.001999 min_th 7 max_th 21 max_p 0.01
mask: 0x00 0x/0x - 0x/0x
BKT Prot ___Source IP/port Dest. IP/port Tot_pkt/bytes Pkt/Byte Drp
 15 ip   0.0.0.0/0192.168.0.11/0   20 1081  00   0
 33 ip   0.0.0.0/0192.168.0.61/0  14224203  00   0
 38 ip   0.0.0.0/0192.168.0.94/0   21 1008  00   0
 39 ip   0.0.0.0/0192.168.0.35/0   21 3090  00   0
 53 ip   0.0.0.0/0192.168.0.77/0  848

dummynet problems

2005-04-04 Thread Sergey Lapin

Hi, all! 
Here I have a problem with dummynet. System is FreeBSD-5.3-STABLE month ago. 
we have very small bandwidth from LAN. 
rl0 is internal interface. 

ipfw rukes are (fwcmd=/sbin/ipfw): 
${fwcmd} pipe 1 config bw 60Kbit/s 
${fwcmd} add 778 pipe 1 tcp from any
25,43,53,80,110,119,123,143,953,5190 to 192.168.0.0/25 out via rl0

${fwcmd} queue 1 config pipe 1 weight 100 mask dst-ip 0x queue 5 
${fwcmd} add 790 queue 1 log logamount 10 tcp from any to 192.168.0.99
out via rl0


${fwcmd} queue 2 config pipe 1 weight 100 mask dst-ip 0x0fff
buckets 150 queue 10
${fwcmd} queue 3 config pipe 1 weight 30 mask dst-ip 0x0fff
buckets 150 queue 10
${fwcmd} queue 4 config pipe 1 weight 70 mask dst-ip 0x0fff
buckets 150 queue 10
${fwcmd} add 791 queue 2 log logamount 10 tcp from any 5190 to
192.168.0.0/25  out via rl0
${fwcmd} add 795 queue 3 log logamount 10 tcp from any 80,3128,21,20
to 192.168.0.0/25  out via rl0
${fwcmd} add 792 queue 4 log logamount 10 tcp from any
25,110,43,53,119,123,143,953 to 192.168.0.0/25  out via rl0

Thanks a lot! 

S.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Invite from Sergey Lapin ([EMAIL PROTECTED])

Broadcom BCM5721 Gigabit Ethernet Controllers

Kerberos authentication

kernel debugger

pf problems

Re: dummynet problems

dummynet problems

7 matches

Site Navigation

Mail list logo

Footer information