Make BuildWorld options
I was reading this http://lists.freebsd.org/pipermail/freebsd-small/2003-December/000125.html And noticed that it talks about a make.conf for use with buildworld with options like NO_CVS= true# do not build CVS NO_CXX= true# do not build C++ and friends NO_BIND=true# do not build BIND NO_FORTRAN= true# do not build g77 and related libraries NO_GDB= true# do not build GDB Is there a list of these options anywhere that explains what each option does? I am trying to build a very minimal system using buildworld and everytime I try of these options I have to way the hour or so that buildworld takes to see if the option changed anything. I am trying to bring the size of the build down currently it is 172 mb. I would like to get it to 50mb or so. This system is for an embedded router, I am only using racoon, ipsec, ipfw, ssh, 2x ethernet cards on an freesbie type boot cd. Thanks Tom ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: IPENCAP issue
I want to thank everyone for their replies to this. When I first composed this I was trying to get a handle on how to describe the problem let alone fix it. I apologize for not including more details. Here is the layout Wireless cloud network 192.168.0.0/27 192.168.0.1-192.168.0.30(usable addresses) Building A network 10.114.252.0/22 10.114.252.1-10.114.255.254(usable addresses) Building B network 10.114.96.0/24 10.114.96.1-10.114.111.254(usable addresses) Client computer I have been testing from this machine to the Internet via Mozilla Firebird 1.71 Running Mac OS X 10.3.2(also tried a Windows 2000 machine here) IP: 10.114.96.253 DG: 10.114.96.1 Building B FreeBSD 5.1 router LAN IP: 10.114.96.1 DG: 10.114.252.1 External IP: 192.168.0.6/27 Building A FreeBSD 5.1 router External IP: 192.168.0.3/27 DG: 10.114.255.254 LAN IP: 10.114.252.1 Internet router(Cisco 2501) IP: 10.114.255.254 DG: ISP provided Here is my test, I configured the Mac OS X machine to connect to the Building B FreeBSD router and access www.sears.com The machine connects to the site and in the browser displays the HTML title to the site but hangs forever waiting to connect to the site. Note: All these sites work from a machine connected to Building A on the 10.114.252.0/22 network and going out the 10.114.255.254 gateway. I have tried other sides and the sites that appear to work are ones that contain a single A record for their webserver like freebsd.org, ebay.com, cisco.com. When a site has more that 1 A record I get the same behavior as described above examples: sears.com, drudgereport.com, microsoft.com and msnbc.com Here are tcpdumps from 3 places within this test network, I do have the raw files if anyone wants them email me offlist Tcpdump from Building A Description: This tcpdump was done on the FreeBSD router located at 10.114.252.1/192.168.0.3 Frame 1 (62 bytes on wire, 62 bytes captured) Ethernet II, Src: 00:04:75:e8:8b:51, Dst: 00:30:94:e5:bb:23 Internet Protocol, Src Addr: 10.114.96.253 (10.114.96.253), Dst Addr: 129.33.131.219 (129.33.131.219) Transmission Control Protocol, Src Port: 1156 (1156), Dst Port: http (80), Seq: 0, Ack: 0, Len: 0 Frame 2 (62 bytes on wire, 62 bytes captured) Ethernet II, Src: 00:30:94:e5:bb:23, Dst: 00:04:75:e8:8b:51 Internet Protocol, Src Addr: 129.33.131.219 (129.33.131.219), Dst Addr: 10.114.96.253 (10.114.96.253) Transmission Control Protocol, Src Port: http (80), Dst Port: 1156 (1156), Seq: 0, Ack: 1, Len: 0 Frame 3 (54 bytes on wire, 54 bytes captured) Ethernet II, Src: 00:04:75:e8:8b:51, Dst: 00:30:94:e5:bb:23 Internet Protocol, Src Addr: 10.114.96.253 (10.114.96.253), Dst Addr: 129.33.131.219 (129.33.131.219) Transmission Control Protocol, Src Port: 1156 (1156), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0 Frame 4 (798 bytes on wire, 96 bytes captured) Ethernet II, Src: 00:04:75:e8:8b:51, Dst: 00:30:94:e5:bb:23 Internet Protocol, Src Addr: 10.114.96.253 (10.114.96.253), Dst Addr: 129.33.131.219 (129.33.131.219) Transmission Control Protocol, Src Port: 1156 (1156), Dst Port: http (80), Seq: 1, Ack: 1, Len: 744 Hypertext Transfer Protocol Frame 5 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:30:94:e5:bb:23, Dst: 00:04:75:e8:8b:51 Internet Protocol, Src Addr: 129.33.131.219 (129.33.131.219), Dst Addr: 10.114.96.253 (10.114.96.253) Transmission Control Protocol, Src Port: http (80), Dst Port: 1156 (1156), Seq: 1, Ack: 745, Len: 0 Frame 6 (646 bytes on wire, 96 bytes captured) Ethernet II, Src: 00:30:94:e5:bb:23, Dst: 00:04:75:e8:8b:51 Internet Protocol, Src Addr: 129.33.131.219 (129.33.131.219), Dst Addr: 10.114.96.253 (10.114.96.253) Transmission Control Protocol, Src Port: http (80), Dst Port: 1156 (1156), Seq: 1, Ack: 745, Len: 592 Hypertext Transfer Protocol Frame 7 (255 bytes on wire, 96 bytes captured) Ethernet II, Src: 00:30:94:e5:bb:23, Dst: 00:04:75:e8:8b:51 Internet Protocol, Src Addr: 129.33.131.219 (129.33.131.219), Dst Addr: 10.114.96.253 (10.114.96.253) Transmission Control Protocol, Src Port: http (80), Dst Port: 1156 (1156), Seq: 593, Ack: 745, Len: 201 Hypertext Transfer Protocol Frame 8 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:30:94:e5:bb:23, Dst: 00:04:75:e8:8b:51 Internet Protocol, Src Addr: 129.33.131.219 (129.33.131.219), Dst Addr: 10.114.96.253 (10.114.96.253) Transmission Control Protocol, Src Port: http (80), Dst Port: 1156 (1156), Seq: 794, Ack: 745, Len: 0 Frame 9 (54 bytes on wire, 54 bytes captured) Ethernet II, Src: 00:04:75:e8:8b:51, Dst: 00:30:94:e5:bb:23 Internet Protocol, Src Addr: 10.114.96.253 (10.114.96.253), Dst Addr: 129.33.131.219 (129.33.131.219) Transmission Control Protocol, Src Port: 1156 (1156), Dst Port: http (80), Seq: 745, Ack: 794, Len: 0 Frame 10 (54 bytes on wire, 54 bytes captured) Ethernet II, Src: 00:04:75:e8:8b:51, Dst: 00:30:94:e5:bb:23 Internet Protocol, Src Addr: 10.114.96.253 (10.114.96.253), Dst Addr: 129.33.131.219 (129.33.131.219) Transmission
RE: IPENCAP issue
I want to thank everyone for their replies to this. When I first composed this I was trying to get a handle on how to describe the problem let alone fix it. I apologize for not including more details. Here is the layout Wireless cloud network 192.168.0.0/27 192.168.0.1-192.168.0.30(usable addresses) Building A network 10.114.252.0/22 10.114.252.1-10.114.255.254(usable addresses) Building B network 10.114.96.0/24 10.114.96.1-10.114.111.254(usable addresses) Client computer I have been testing from this machine to the Internet via Mozilla Firebird 1.71 Running Mac OS X 10.3.2(also tried a Windows 2000 machine here) IP: 10.114.96.253 DG: 10.114.96.1 Building B FreeBSD 5.1 router LAN IP: 10.114.96.1 DG: 10.114.252.1 External IP: 192.168.0.6/27 Building A FreeBSD 5.1 router External IP: 192.168.0.3/27 DG: 10.114.255.254 LAN IP: 10.114.252.1 Internet router(Cisco 2501) IP: 10.114.255.254 DG: ISP provided Here is my test, I configured the Mac OS X machine to connect to the Building B FreeBSD router and access www.sears.com The machine connects to the site and in the browser displays the HTML title to the site but hangs forever waiting to connect to the site. Note: All these sites work from a machine connected to Building A on the 10.114.252.0/22 network and going out the 10.114.255.254 gateway. I have tried other sides and the sites that appear to work are ones that contain a single A record for their webserver like freebsd.org, ebay.com, cisco.com. When a site has more that 1 A record I get the same behavior as described above examples: sears.com, drudgereport.com, microsoft.com and msnbc.com Here are tcpdumps from 3 places within this test network, I do have the raw files if anyone wants them email me offlist Tcpdump from Building A Description: This tcpdump was done on the FreeBSD router located at 10.114.252.1/192.168.0.3 Frame 1 (62 bytes on wire, 62 bytes captured) Ethernet II, Src: 00:04:75:e8:8b:51, Dst: 00:30:94:e5:bb:23 Internet Protocol, Src Addr: 10.114.96.253 (10.114.96.253), Dst Addr: 129.33.131.219 (129.33.131.219) Transmission Control Protocol, Src Port: 1156 (1156), Dst Port: http (80), Seq: 0, Ack: 0, Len: 0 Frame 2 (62 bytes on wire, 62 bytes captured) Ethernet II, Src: 00:30:94:e5:bb:23, Dst: 00:04:75:e8:8b:51 Internet Protocol, Src Addr: 129.33.131.219 (129.33.131.219), Dst Addr: 10.114.96.253 (10.114.96.253) Transmission Control Protocol, Src Port: http (80), Dst Port: 1156 (1156), Seq: 0, Ack: 1, Len: 0 Frame 3 (54 bytes on wire, 54 bytes captured) Ethernet II, Src: 00:04:75:e8:8b:51, Dst: 00:30:94:e5:bb:23 Internet Protocol, Src Addr: 10.114.96.253 (10.114.96.253), Dst Addr: 129.33.131.219 (129.33.131.219) Transmission Control Protocol, Src Port: 1156 (1156), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0 Frame 4 (798 bytes on wire, 96 bytes captured) Ethernet II, Src: 00:04:75:e8:8b:51, Dst: 00:30:94:e5:bb:23 Internet Protocol, Src Addr: 10.114.96.253 (10.114.96.253), Dst Addr: 129.33.131.219 (129.33.131.219) Transmission Control Protocol, Src Port: 1156 (1156), Dst Port: http (80), Seq: 1, Ack: 1, Len: 744 Hypertext Transfer Protocol Frame 5 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:30:94:e5:bb:23, Dst: 00:04:75:e8:8b:51 Internet Protocol, Src Addr: 129.33.131.219 (129.33.131.219), Dst Addr: 10.114.96.253 (10.114.96.253) Transmission Control Protocol, Src Port: http (80), Dst Port: 1156 (1156), Seq: 1, Ack: 745, Len: 0 Frame 6 (646 bytes on wire, 96 bytes captured) Ethernet II, Src: 00:30:94:e5:bb:23, Dst: 00:04:75:e8:8b:51 Internet Protocol, Src Addr: 129.33.131.219 (129.33.131.219), Dst Addr: 10.114.96.253 (10.114.96.253) Transmission Control Protocol, Src Port: http (80), Dst Port: 1156 (1156), Seq: 1, Ack: 745, Len: 592 Hypertext Transfer Protocol Frame 7 (255 bytes on wire, 96 bytes captured) Ethernet II, Src: 00:30:94:e5:bb:23, Dst: 00:04:75:e8:8b:51 Internet Protocol, Src Addr: 129.33.131.219 (129.33.131.219), Dst Addr: 10.114.96.253 (10.114.96.253) Transmission Control Protocol, Src Port: http (80), Dst Port: 1156 (1156), Seq: 593, Ack: 745, Len: 201 Hypertext Transfer Protocol Frame 8 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:30:94:e5:bb:23, Dst: 00:04:75:e8:8b:51 Internet Protocol, Src Addr: 129.33.131.219 (129.33.131.219), Dst Addr: 10.114.96.253 (10.114.96.253) Transmission Control Protocol, Src Port: http (80), Dst Port: 1156 (1156), Seq: 794, Ack: 745, Len: 0 Frame 9 (54 bytes on wire, 54 bytes captured) Ethernet II, Src: 00:04:75:e8:8b:51, Dst: 00:30:94:e5:bb:23 Internet Protocol, Src Addr: 10.114.96.253 (10.114.96.253), Dst Addr: 129.33.131.219 (129.33.131.219) Transmission Control Protocol, Src Port: 1156 (1156), Dst Port: http (80), Seq: 745, Ack: 794, Len: 0 Frame 10 (54 bytes on wire, 54 bytes captured) Ethernet II, Src: 00:04:75:e8:8b:51, Dst: 00:30:94:e5:bb:23 Internet Protocol, Src Addr: 10.114.96.253 (10.114.96.253), Dst Addr: 129.33.131.219 (129.33.131.219) Transmission
IPENCAP issue
The problem I have 5 buildings that are connected via point-to-point wireless. The cost of dedicated lines within this town were so high that wireless was an excellent option. The wireless is in place and working however we are going back to secure the wireless cloud so that it cannot be used by unauthorized people. The internet connection for all buildings is located at Building A so all machines need to route across the wireless to the internet. The solution 5 PCs running FreeBSD 5.1-Release using 2 network cards apiece and running IP-ENCAP between nodes with the tunnel being encrypted with IPSEC. Routing on each gateway that sends its traffic to the headend at Building A I have all this working except for this problem The PROBLEM Certain websites are not accessible sears.com msnbc.com microsoft.com drudgereport.com Other websites will work normally freebsd.org slashdot.org ebay.com What seems to be the problem Each of the websites that I listed have round-robin DNS enabled and have multiple A records for the website What I have done Recompile kernel back to GENERIC with options IPSEC options IPSEC_ESP options IPFIREWALL Disable IPSEC rc.conf ipsec_enable=NO Open IPFW rules wide open firewall_enable=YES firewall_type=OPEN Summary I have slimed this configuration back to 2 machines(Building A and Building B) Building A External IP: 192.168.0.3/27 Internal IP: 10.114.252.1/22 Building B External IP: 192.168.0.6/27 Internal IP: 10.114.96.1/20 Removed IPSEC tunneling between machines now IP-ENCAP is the only thing that travels between machines. Opened the ruleset on both machines IPFW installation to OPEN Does anyone have any suggestions? Thanks Tom ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]