Re: SOLVED: Xorg listening on the WAN? (was Xorg listening on the WAN?)
# look like: # XTerminalName:0 foreign # :0 local /usr/local/bin/X -nolisten tcp :0 If there's batter way of doing this, please would someone let me know. this is the right way if you use xdm. similar settings are in kdm and gdm possible. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Xorg listening on the WAN?
FreeBSD 9.0-RELEASE I think Xorg is listening on external addresses: $ sockstat -46 |grep Xorg root Xorg 1573 1 tcp6 *:6000*:* root Xorg 1573 3 tcp4 *:6000*:* $ netstat -a|grep x11 tcp4 0 0 *.x11 *.*LISTEN tcp6 0 0 *.x11 *.*LISTEN I'm new to FreeBSD, but if I interpret this correctly, x11 is listening for connections on port 6000 for connections from any IPv4 or IPv6 address. I don't think I'm in any immediate danger, as I am behind a router which will block incoming connection attempts, which (virtually) all seem to be on the http port (80) anyway. But it would give me a warm fuzzy feeling to stop x11 listening externally at all - I don't think I need it. How can I go about that please? In case it makes a difference, I am using XDM with standard LXDE. I do not use startx to initiate my sessions. Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Xorg listening on the WAN?
El día Monday, June 25, 2012 a las 06:58:25PM +, Walter Hurry escribió: $ netstat -a|grep x11 tcp4 0 0 *.x11 *.*LISTEN tcp6 0 0 *.x11 *.*LISTEN I'm new to FreeBSD, but if I interpret this correctly, x11 is listening for connections on port 6000 for connections from any IPv4 or IPv6 address. I don't think I'm in any immediate danger, as I am behind a router which will block incoming connection attempts, which (virtually) all seem to be on the http port (80) anyway. But it would give me a warm fuzzy feeling to stop x11 listening externally at all - I don't think I need it. How can I go about that please? $ man Xorg | col -b | fgrep -- -nolisten HIH matthias -- Matthias Apitz e g...@unixarea.de - w http://www.unixarea.de/ UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370) UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Xorg listening on the WAN?
On Mon, 25 Jun 2012 21:22:57 +0200, Matthias Apitz wrote: $ man Xorg | col -b | fgrep -- -nolisten Thanks for the pointer. I'm probably being stupid here, and I should have mentioned that I had already tried 'man Xorg' and 'man Xsession'. I appreciate that the answer is probably to put '-nolisten tcp' somewhere, but where? As far as I can see, XDM invokes /usr/local/lib/X11/xdm/Xsession, which seems to do little more than call $HOME/.xsession. This last runs /usr/ local/bin/startlxde, which in turn invokes /usr/local/bin/lxsession (a binary). I have looked at 'man lxsession' and found it of little help. So I'm rather lost. Can you amplify a little? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Xorg listening on the WAN?
El día Monday, June 25, 2012 a las 07:51:02PM +, Walter Hurry escribió: On Mon, 25 Jun 2012 21:22:57 +0200, Matthias Apitz wrote: $ man Xorg | col -b | fgrep -- -nolisten Thanks for the pointer. I'm probably being stupid here, and I should have mentioned that I had already tried 'man Xorg' and 'man Xsession'. I appreciate that the answer is probably to put '-nolisten tcp' somewhere, but where? $ cat ~/.xserverrc exec X -nolisten tcp -retro HIH matthias -- Matthias Apitz e g...@unixarea.de - w http://www.unixarea.de/ UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370) UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Xorg listening on the WAN?
El día Monday, June 25, 2012 a las 09:58:37PM +0200, Matthias Apitz escribió: El día Monday, June 25, 2012 a las 07:51:02PM +, Walter Hurry escribió: On Mon, 25 Jun 2012 21:22:57 +0200, Matthias Apitz wrote: $ man Xorg | col -b | fgrep -- -nolisten Thanks for the pointer. I'm probably being stupid here, and I should have mentioned that I had already tried 'man Xorg' and 'man Xsession'. I appreciate that the answer is probably to put '-nolisten tcp' somewhere, but where? $ cat ~/.xserverrc exec X -nolisten tcp -retro sorry, it took me some time to remember where the pointer is: $ man xinit | col -b | fgrep xserverrc matthias -- Matthias Apitz e g...@unixarea.de - w http://www.unixarea.de/ UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370) UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Xorg listening on the WAN?
On Mon, 25 Jun 2012 22:05:50 +0200, Matthias Apitz wrote: El día Monday, June 25, 2012 a las 09:58:37PM +0200, Matthias Apitz escribió: El día Monday, June 25, 2012 a las 07:51:02PM +, Walter Hurry escribió: On Mon, 25 Jun 2012 21:22:57 +0200, Matthias Apitz wrote: $ man Xorg | col -b | fgrep -- -nolisten Thanks for the pointer. I'm probably being stupid here, and I should have mentioned that I had already tried 'man Xorg' and 'man Xsession'. I appreciate that the answer is probably to put '-nolisten tcp' somewhere, but where? $ cat ~/.xserverrc exec X -nolisten tcp -retro sorry, it took me some time to remember where the pointer is: $ man xinit | col -b | fgrep xserverrc Thanks again for your assistance. I didn't have a $HOME/.xserverrc, so I created one with your contents (permissions 744). It doesn't seem to have made any difference at all, though. After restart, I am still getting the same output from netstat and sockstat. So I'm still in the dark. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
SOLVED: Xorg listening on the WAN? (was Xorg listening on the WAN?)
On Mon, 25 Jun 2012 20:33:15 +, Walter Hurry wrote: On Mon, 25 Jun 2012 22:05:50 +0200, Matthias Apitz wrote: El día Monday, June 25, 2012 a las 09:58:37PM +0200, Matthias Apitz escribió: El día Monday, June 25, 2012 a las 07:51:02PM +, Walter Hurry escribió: On Mon, 25 Jun 2012 21:22:57 +0200, Matthias Apitz wrote: $ man Xorg | col -b | fgrep -- -nolisten Thanks for the pointer. I'm probably being stupid here, and I should have mentioned that I had already tried 'man Xorg' and 'man Xsession'. I appreciate that the answer is probably to put '-nolisten tcp' somewhere, but where? $ cat ~/.xserverrc exec X -nolisten tcp -retro sorry, it took me some time to remember where the pointer is: $ man xinit | col -b | fgrep xserverrc Thanks again for your assistance. I didn't have a $HOME/.xserverrc, so I created one with your contents (permissions 744). It doesn't seem to have made any difference at all, though. After restart, I am still getting the same output from netstat and sockstat. So I'm still in the dark. Of course! Looking back at the output from sockstat in my original post, X is running under root, so no amount of tinkering with files in $HOME is going to change anything. So I looked into XDM's configuration files in /usr/local/lib/X11/xdm, and found what change did the trick: $ cat /usr/local/lib/X11/xdm/Xservers # # Xservers file, workstation prototype # # This file should contain an entry to start the server on the # local display; if you have more than one display (not screen), # you can add entries to the list (one per line). If you also # have some X terminals connected which do not support XDMCP, # you can add them here as well. Each X terminal line should # look like: # XTerminalName:0 foreign # :0 local /usr/local/bin/X -nolisten tcp :0 If there's batter way of doing this, please would someone let me know. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Xorg listening on the WAN?
Xorg -nolisten tcp to disable at all to disable wan only use firewall On Mon, 25 Jun 2012, Walter Hurry wrote: FreeBSD 9.0-RELEASE I think Xorg is listening on external addresses: $ sockstat -46 |grep Xorg root Xorg 1573 1 tcp6 *:6000*:* root Xorg 1573 3 tcp4 *:6000*:* $ netstat -a|grep x11 tcp4 0 0 *.x11 *.*LISTEN tcp6 0 0 *.x11 *.*LISTEN I'm new to FreeBSD, but if I interpret this correctly, x11 is listening for connections on port 6000 for connections from any IPv4 or IPv6 address. I don't think I'm in any immediate danger, as I am behind a router which will block incoming connection attempts, which (virtually) all seem to be on the http port (80) anyway. But it would give me a warm fuzzy feeling to stop x11 listening externally at all - I don't think I need it. How can I go about that please? In case it makes a difference, I am using XDM with standard LXDE. I do not use startx to initiate my sessions. Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Xorg listening on the WAN?
I'm probably being stupid here, and I should have mentioned that I had already tried 'man Xorg' and 'man Xsession'. I appreciate that the answer is probably to put '-nolisten tcp' somewhere, but where? As far as I can see, XDM invokes /usr/local/lib/X11/xdm/Xsession, which at Xservers file seems to do little more than call $HOME/.xsession. This last runs /usr/ local/bin/startlxde, which in turn invokes /usr/local/bin/lxsession (a binary). I have looked at 'man lxsession' and found it of little help. So I'm rather lost. Can you amplify a little? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Wan
Hello, I am constrained by insufficient information about you to express in full the main objectives of this proposal. However, kindly reach me immediately for details should you agree to its content. I will like to solicit your kindness in assisting me to champion the transfer of some funds from my country to yours for disbursment. The source of this fund will be disclosed to you as soon as your positive response is received to this effect. I am a principal accountant to the office of the accountant general of the federation and the Chairman of Tenders Board in charge of contract award and monitoring. Basically, you would be required to nominate a suitable bank account that will conveniently accommodate the total funds. Account could be a fresh or an already existing one, and could be individual or corporate account. On completion of the transaction, you shall have a benefit of 30% of the funds for your assistance rendered,while 10% is set aside to defray all expenses both you and I shall make at the course of this transaction. Details of this proposal will be sent to you as soon as your response is received. This proposal is strictly confidential, free from any form of risk and does not depend on any particular field of trade to prosecute. It however requires your adequate participation and support to enable its accomplishment on schedule. Thanks in anticipation and God bless. Best regards. Dr.Wan Bufa Chuba. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
remote backup solution over WAN
I am building one backup file server on WAN on FreeBSD, which will backup remote servers data over slow links, (256-512kbps), simply because i have never seen an operating system as stable/robust as FreeBSD ever :-) Now i want to know a technology that can sync only the changed data in a day rather then all the data daily, keep in mind the remote servers data would be Windows, Linux and Apple computers so the technology must be compatible with all ... regards *º¤., ¸¸,.¤º*¨¨¨*¤ Stingray *º¤., ¸¸,.¤º*¨¨*¤ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: remote backup solution over WAN
On 2008.08.17 20:22:00, S t i n g r a y wrote: I am building one backup file server on WAN on FreeBSD, which will backup remote servers data over slow links, (256-512kbps), simply because i have never seen an operating system as stable/robust as FreeBSD ever :-) Now i want to know a technology that can sync only the changed data in a day rather then all the data daily, keep in mind the remote servers data would be Windows, Linux and Apple computers so the technology must be compatible with all ... Rsync should suit your needs. Port:/usr/ports/net/rsync Site:http://samba.anu.edu.au/rsync/ For Windows: http://www.aboutmyip.com/AboutMyXApp/DeltaCopy.jsp (never tried it) Cheers, ~ Jason Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: remote backup solution over WAN
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of S t i n g r a y Sent: August 17, 2008 11:22 PM To: FreeBSD; FreeBSD Subject: remote backup solution over WAN I am building one backup file server on WAN on FreeBSD, which will backup remote servers data over slow links, (256-512kbps), simply because i have never seen an operating system as stable/robust as FreeBSD ever :-) Now i want to know a technology that can sync only the changed data in a day rather then all the data daily, keep in mind the remote servers data would be Windows, Linux and Apple computers so the technology must be compatible with all ... regards *º¤., ¸¸,.¤º*¨¨¨*¤ Stingray *º¤., ¸¸,.¤º*¨¨*¤ For Windows + Unix try: http://www.itefix.no/cwrsync/ However, it doesn't sync open files, you need to use Shadow Copy to sync Windows open files. Tamouh ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: increasing transmit speeds in WAN setting?
- Original Message - From: Moses Leslie [EMAIL PROTECTED] To: Ted Mittelstaedt [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Sent: Friday, October 20, 2006 1:35 AM Subject: Re: increasing transmit speeds in WAN setting? On Thu, 19 Oct 2006, Ted Mittelstaedt wrote: Until you do what I told you to do and properly setup and test under fxp0, I am just not going to waste my time on this anymore. I will leave you with a printout of a test run on a new mailserver I'm building up right now, in fact, using an fxp card, to prove it's a not a stack problem. You can choose to believe it or you can choose to continue wasting your time chasing ghosts in the TP stack when the problem is the driver: I'm setting up test servers now, it's just taking time to get a good test environment up. I'll respond with actual numbers after testing, between autoneg and forced 100/full servers. I admit, the forced 100/full is because of ancient lore, particularly with cisco switches not always playing nice with autonegotiation, we've just always done it that way (until gbit), and never had any problems. Make absolutely sure to download the current catOS/IOS for your switches, older firmware in them had problems with certain network chipsets. Cisco got egg on it's face - the old IOS in the 2950's would not work with the new ethernet chipsets in the 1800/2800/3800 router series when they came out - among other things. The servers in question all do 150-200Mbit in production, no problem, it's just that any one flow can't do more than ~300KB/s cross country. Given that they're over 100Mbit, what ethernet card is recommended if em has problems? Your going to have to experiment, it's a crapshoot. I had a hell of a time with the bge adapter and 6.1 production, I produced a patch that helped, finally the bge author updated the driver with a more comprehensive fix. It works fine now but you must get the driver from CVS, the production 6.1 driver does not work. I also have an em card, but I didn't do significant testing with it after getting the bge fix. Our largest feed is 45Mbt and so I think it's pointless to plug a gigabit ethernet card into the network since a 10/100 card has plenty of capability to saturate our largest feed. None of our switches are gigabit and it is very unlikely that they will be upgraded in the near future. We do not do significant server-to-server data traffic, to be perfectly honest, I don't believe in it. I come from the school of you get 1 really big, powerful, expensive, reliable server that has enough power to do what you need, rather than a bunch of lame ones that are underpowered and try to cluster them. I've never had one of these fail in production, although I've seen a lot of clusters at customer sites that gave their admins a whole lot of grief. I only am dealing now with gigabit ethernet because I have to, since it's coming standard on all the new server hardware. And frankly I think it sucks, since I've seen lots of problems with gigE adapters at customer sites that were plugged into older switches. We haven't been bit by any of this yet - of course, we use 10/100 switches that were top-of-the-line switches during their day - but I've personally engineered 3 customer forklift upgrades to brand new top-of-the-line Cisco switches due to gigabit lan negotiation and throughput problems. Our customers have the dough to buy 80-100 ports of new Cisco switches, (of course they think they don't - but they do) wheres like most ISPs we don't. And, since we don't need it anyay, what's the point? FWIW, I am able to receive full speed on all of these servers. freebsd.org sends at 10Mbit, kernel.org at 20+. It's only sending speed that I have a problem with, and only with freebsd. My take on it is the gigabit ethernet chipset drivers are not completely debugged under FreeBSD at this time. Certainly, the Broadcom chipset is just getting there. The Intel chipsets usually lead the pack in support so you probably will get more traction on complaining to the em developer if you can demonstrate 100Mbt speeds on a fxp card, then 30Mbt speeds on an em card, in the same machine on the same network. FreeBSD tends to lag behind in the hardware support area. I'm sorry about that but you just have to accept it if your going to use FreeBSD. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: increasing transmit speeds in WAN setting?
- Original Message - From: Moses Leslie [EMAIL PROTECTED] To: Ted Mittelstaedt [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Sent: Thursday, October 19, 2006 1:33 AM Subject: Re: increasing transmit speeds in WAN setting? Hi Ted, While I don't totally discount that possibility, I really don't think that's the case. I told you that you wouldn't believe me. We have over 500 servers, most of them running FreeBSD, and we've seen this happen in multiple cases on different hardware. Except all of them gigabit cards, right? So much for different hardware When it's linux, exact same hardware, exact same cables, this doesn't happen. It's an intel card gbit card, using the em driver. They're uplinked to Cisco 2948-getx switches, which are uplinked to 65xx's, which then go to 12xxx borders. There aren't any collision errors on the port at all: 24 totalCollisionCount= 0 25 lateCollisionCount = 0 26 singleCollisionFrames = 0 27 multipleCollisionFrames= 0 28 excessiveCollisionFrames = 0 and no real errors to speak of, period. The port is auto, since it needs to be to get gbit. All of the non-gbit servers we have are forced 100/full, all cisco switches, all intel 100/pro (fxp) drivers, they all show this same problem. Well right there you are doing things wrong. You should always set ethernet cards to auto. The only time you ever force 100/full or force anything, speed/duplex, is when your plugged into a hub that does NOT autoswitch. There's very few of them around that are 100base T, but there are some, and there's a lot more 10baseT stuff that wasn't autoswitching. Any halfway decent 100baseT hub will support nway autonegotiation and when you hard-code post speeds you will cause drops and speed loss. But, please don't take my word for it since you seem to like disbelieving me, just try it out yourself. Go to your fxp servers, login to your switches, set the switch port to the server to autonegotiation, on the server remove all the media options in /etc/rc.conf, shut down the server (you must power it down for the ports to switch into autonegotiation) and bring it up and you will see both sides negotiate to 100base T full, and a lot of your problems in throughput will disappear. Both the switch and the servermust be set to autonegotiation. If they don't autonegotiate to 100baseTfull, then you have a cable problem, simple as that. I've been doing ethernet since the late 80's and doing it professionally for a decade, and I've seen and use more different types of ethernet in my life than you will ever see in the rest of your career. The idea that your supposed to override the autonegotiation and hard code stuff originated from network admins who plugged early 100baseT stuff together then couldn't figure out why it didn't autonegotiate to 100baseT full. What they didn't realze is that the cabling they were using - CAT-3 mostly, or CAT-5 that had been incorrectly terminated with the wrong connectors, or wrong plugs, or wrong wiring pattern, or bad crimps because they were using stranded plugs on solid core wire, or some other such thing, what the real culprit, and the autonegotiation chips were in fact detecting the problem and trying to protect the network. Unfortunately, 90% of network admins out there don't know the first thing about layer-1, they assume the wiring contractors handle all that. The wiring contractors by contrast are mostly minimum-wage goobers who's heads are filled with a lot of rediculous nonsense about how Ethernet really works. If the server is a 4.9 server, I can get ~400KB/s. If it's 6.1, ~300KB/s. Linux 2.6, ~650KB/s, which is about what I'd expect given the latency and the default settings. All on the same hardware, same switches, same cables. The Linux device drivers are simply different than the FreeBSD drivers. I don't know how much more I can tell you this over and over. The em driver has got some problems, granted. But, this has absolutely nothing to do with the FreeBSD version or the TCP/IP stack. Until you do what I told you to do and properly setup and test under fxp0, I am just not going to waste my time on this anymore. I will leave you with a printout of a test run on a new mailserver I'm building up right now, in fact, using an fxp card, to prove it's a not a stack problem. You can choose to believe it or you can choose to continue wasting your time chasing ghosts in the TP stack when the problem is the driver: $ whoami tedm $ $ fetch ftp://ftp.freebsd.org/pub/FreeBSD/ls-lR.gz ls-lR.gz 100% of 18 MB 1057 kBps 00m00s $ $ ping ftp.freebsd.org PING ftp.freebsd.org (62.243.72.50): 56 data bytes 36 bytes from ge2-16.1000M.d5.opa.tdk.net (195.41.33.70): Communication prohibited by filter Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 5400 82f2 0 33 01 6e38 65.75.206.14 62.243.72.50 ^C --- ftp.freebsd.org ping
Re: increasing transmit speeds in WAN setting?
On Thu, 19 Oct 2006, Ted Mittelstaedt wrote: Until you do what I told you to do and properly setup and test under fxp0, I am just not going to waste my time on this anymore. I will leave you with a printout of a test run on a new mailserver I'm building up right now, in fact, using an fxp card, to prove it's a not a stack problem. You can choose to believe it or you can choose to continue wasting your time chasing ghosts in the TP stack when the problem is the driver: I'm setting up test servers now, it's just taking time to get a good test environment up. I'll respond with actual numbers after testing, between autoneg and forced 100/full servers. I admit, the forced 100/full is because of ancient lore, particularly with cisco switches not always playing nice with autonegotiation, we've just always done it that way (until gbit), and never had any problems. The servers in question all do 150-200Mbit in production, no problem, it's just that any one flow can't do more than ~300KB/s cross country. Given that they're over 100Mbit, what ethernet card is recommended if em has problems? FWIW, I am able to receive full speed on all of these servers. freebsd.org sends at 10Mbit, kernel.org at 20+. It's only sending speed that I have a problem with, and only with freebsd. Thanks, Moses ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
monitoring lan-wan
Hello, Is there anything you would *recommend* re monitoring internet usage (LAN to WAN), something that is available in ports? This would have to be something that would allow me to tie it with a router as my FBSD is not a gateway. This function is handled by our Dlink DFL router. Many thanks in advance! -- Zbigniew Szalbot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: monitoring lan-wan
On 10/20/06, Zbigniew Szalbot [EMAIL PROTECTED] wrote: Hello, Is there anything you would *recommend* re monitoring internet usage (LAN to WAN), something that is available in ports? This would have to be something that would allow me to tie it with a router as my FBSD is not a gateway. This function is handled by our Dlink DFL router. Many thanks in advance! -- Zbigniew Szalbot That really depends on the functionality of your router (and I'm not familiar with it, so can't comment on it), the configuration of your internal network and what you mean by 'monitoring internet usage'.. Do you only need to show aggregate traffic flow, to monitor total usage over time? If so, and if the router is SNMP-capable, then cacti (or mrtg, but it's not my preference) or some other some other utility that can get and graph SNMP stats will do what you want. If you wish to characterize the traffic to and from the Internet by protocol and/or user, then you'll have to do something more than simply using SNMP to monitor throughput on the router. In that case, you'll need to have your FreeBSD box actually parse the traffic, or get a netflow from the router (assuming that it can do that.) and ntop is a good start for the software you want, or perhaps etherape. Assuming that netflow isn't available from the router (and I think that's a fairly safe bet) the trick will be making sure that your FreeBSD box will see the traffic, and for that you'll need something like one of the following setups: 1) Put the router and your box on a dumb hub (not a switch) so that all of the traffic going to the router is visible to your box or 2) Have the router (again, assuming it's a multiport router, and capable of this, which is quite doubtful) mirror the traffic to a port to which your box is attached, or 3) Install two NICs in your box and have your router and your box attached to a switch that can mirror all of the traffic to the router - the first NIC will only receive traffic from the switch, the second NIC will have an IP address and be available for monitoring the box, including output from ntop or etherape. or 4) More tricky still, install two NICs in your box and have it act as a transparent bridge between your network and your router. I'm not familiar with this kind of setup, though I like the idea, and will be playing with it in my copious free time. :) or 5) Get a network tap cable, which is essentially a three-headed patch cable that provides receive-only wires for the third head, and that receive-only head is put into a second NIC on your box. Kurt ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: monitoring lan-wan
Hi all, On Fri, 20 Oct 2006, Kurt Buff wrote: If you wish to characterize the traffic to and from the Internet by protocol and/or user, then you'll have to do something more than simply using SNMP to monitor throughput on the router. In that case, you'll need to have your FreeBSD box actually parse the traffic, or get a netflow from the router (assuming that it can do that.) and ntop is a good start for the software you want, or perhaps etherape. Assuming that netflow isn't available from the router (and I think that's a fairly safe bet) the trick will be making sure that your FreeBSD box will see the traffic, and for that you'll need something like one of the following setups: All I can do with the router is to enable logging to a syslog, which means I can connect it to FBSD, can't I? But I understand now that things will be a little more difficult than I thought :). Anyway, thanks for all the pointers! -- Zbigniew Szalbot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: monitoring lan-wan
On 10/20/06, Zbigniew Szalbot [EMAIL PROTECTED] wrote: Hi all, On Fri, 20 Oct 2006, Kurt Buff wrote: If you wish to characterize the traffic to and from the Internet by protocol and/or user, then you'll have to do something more than simply using SNMP to monitor throughput on the router. In that case, you'll need to have your FreeBSD box actually parse the traffic, or get a netflow from the router (assuming that it can do that.) and ntop is a good start for the software you want, or perhaps etherape. Assuming that netflow isn't available from the router (and I think that's a fairly safe bet) the trick will be making sure that your FreeBSD box will see the traffic, and for that you'll need something like one of the following setups: All I can do with the router is to enable logging to a syslog, which means I can connect it to FBSD, can't I? But I understand now that things will be a little more difficult than I thought :). Anyway, thanks for all the pointers! syslog SNMP. Monitoring traffic by parsing syslog messages seems unlikely at best, but you'll want to tak a look at some samplings of your syslog messages to be sure. I'm not aware of any programs that do that, which is not to say that they don't exist, just that I don't know about them. Kurt ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: increasing transmit speeds in WAN setting?
Hi Moses, I know your not going to believe me but you are running into a driver bug of some kind. If you have a really high quality ethernet switch with full management in it you can probably see it - login to the switch and look at the port statistics. Cisco routers are designed to sense for this and you will see it in their logs, they will issue the error message late collissions or any decent hardware network sniffer will show it. The most common problem is the switch and network card aren't properly negotiating duplex. Another area is flow control on full duplex being messed up, this is particularly critical on gigabit E. The reason your getting good throughput on local connections is that the layer 1 is simply continuing to retransmit until the packet goes through, and the retransmissions are happening so fast that you don't realize it. That is also why latency is so heavily affecting it. You can try several things. First, temporarily try switching over to a 10/100 card like an Intel EtherExpress Pro/100 if you have a PCI slot in the server. If that works then your going to have to try replacing your switch. If you have a really good switch you can try hard coding it's ports speed and duplex and try the same on the server, and see if that does anything. You also should be aware that many of the smaller and cheaper gigabit switches do not have the ability to take sustained gigabit ethernet speeds with back-to-back packets, their internal processors aren't fast enough. Once more, this is a problem that won't show up on a local connection since the retransmissions are so fast. Ted - Original Message - From: Moses Leslie [EMAIL PROTECTED] To: freebsd-questions@freebsd.org Sent: Wednesday, October 18, 2006 10:31 PM Subject: increasing transmit speeds in WAN setting? Hi, We're running 6.1-R, and are having difficulty getting decent speeds as latency increases. The server is connected via gbit copper, and is gbit or better to the internet (depending on the path). For everything local, we're able to get what you'd expect (300+MBit without really any tuning). However, when the latency is 60-80ms (IE across the US), we're unable to get better than around 300KB/s. It appears to be possibly related to the tcp.inflight stuff, but disabling it or messing with some of the related sysctls doesn't appear to help much. Downloads often start quickly, but are then throttled back down to 300KB/s within 10 seconds or so. We've changed the hz (100 to 1), the net.inet.tcp.sendspace, kern.ipc.maxsockbuf, and tried different variations on the inflight tunables, but nothing has made a positive difference of more than ~20KB/s at best. If the server is running linux (2.6 kernel with default TCP settings), we can get much better speeds, 600-1000KB/s easily. If we were going for time/distance records, we would try changing around tcp settings on the client, but we're trying to maximize performance for standard surfers who wouldn't know how to do that, so we're looking for anything that is server side only. We've been searching high and low for any tuning ideas but aren't able to find anything that's made a difference. From looking at how the congestion stuff works in the source, it appears that something like: http://www.sigusr1.org/weblog/index.php?/categories/6-Hacks might be happening here, but we're kind of stabbing in the dark. Does anyone have any tuning ideas for 6.1 in a WAN setting? Thanks, Moses ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: increasing transmit speeds in WAN setting?
Hi Ted, While I don't totally discount that possibility, I really don't think that's the case. We have over 500 servers, most of them running FreeBSD, and we've seen this happen in multiple cases on different hardware. When it's linux, exact same hardware, exact same cables, this doesn't happen. It's an intel card gbit card, using the em driver. They're uplinked to Cisco 2948-getx switches, which are uplinked to 65xx's, which then go to 12xxx borders. There aren't any collision errors on the port at all: 24 totalCollisionCount= 0 25 lateCollisionCount = 0 26 singleCollisionFrames = 0 27 multipleCollisionFrames= 0 28 excessiveCollisionFrames = 0 and no real errors to speak of, period. The port is auto, since it needs to be to get gbit. All of the non-gbit servers we have are forced 100/full, all cisco switches, all intel 100/pro (fxp) drivers, they all show this same problem. If the server is a 4.9 server, I can get ~400KB/s. If it's 6.1, ~300KB/s. Linux 2.6, ~650KB/s, which is about what I'd expect given the latency and the default settings. All on the same hardware, same switches, same cables. The only error that increments at all is txQueueNotAvailable, which is to be expected as the BDP is figured out. I'm pretty sure that FreeBSD is throttling itself back when it shouldn't be. Thanks for the reply, Moses On Wed, 18 Oct 2006, Ted Mittelstaedt wrote: Hi Moses, I know your not going to believe me but you are running into a driver bug of some kind. If you have a really high quality ethernet switch with full management in it you can probably see it - login to the switch and look at the port statistics. Cisco routers are designed to sense for this and you will see it in their logs, they will issue the error message late collissions or any decent hardware network sniffer will show it. The most common problem is the switch and network card aren't properly negotiating duplex. Another area is flow control on full duplex being messed up, this is particularly critical on gigabit E. The reason your getting good throughput on local connections is that the layer 1 is simply continuing to retransmit until the packet goes through, and the retransmissions are happening so fast that you don't realize it. That is also why latency is so heavily affecting it. You can try several things. First, temporarily try switching over to a 10/100 card like an Intel EtherExpress Pro/100 if you have a PCI slot in the server. If that works then your going to have to try replacing your switch. If you have a really good switch you can try hard coding it's ports speed and duplex and try the same on the server, and see if that does anything. You also should be aware that many of the smaller and cheaper gigabit switches do not have the ability to take sustained gigabit ethernet speeds with back-to-back packets, their internal processors aren't fast enough. Once more, this is a problem that won't show up on a local connection since the retransmissions are so fast. Ted - Original Message - From: Moses Leslie [EMAIL PROTECTED] To: freebsd-questions@freebsd.org Sent: Wednesday, October 18, 2006 10:31 PM Subject: increasing transmit speeds in WAN setting? Hi, We're running 6.1-R, and are having difficulty getting decent speeds as latency increases. The server is connected via gbit copper, and is gbit or better to the internet (depending on the path). For everything local, we're able to get what you'd expect (300+MBit without really any tuning). However, when the latency is 60-80ms (IE across the US), we're unable to get better than around 300KB/s. It appears to be possibly related to the tcp.inflight stuff, but disabling it or messing with some of the related sysctls doesn't appear to help much. Downloads often start quickly, but are then throttled back down to 300KB/s within 10 seconds or so. We've changed the hz (100 to 1), the net.inet.tcp.sendspace, kern.ipc.maxsockbuf, and tried different variations on the inflight tunables, but nothing has made a positive difference of more than ~20KB/s at best. If the server is running linux (2.6 kernel with default TCP settings), we can get much better speeds, 600-1000KB/s easily. If we were going for time/distance records, we would try changing around tcp settings on the client, but we're trying to maximize performance for standard surfers who wouldn't know how to do that, so we're looking for anything that is server side only. We've been searching high and low for any tuning ideas but aren't able to find anything that's made a difference. From looking at how the congestion stuff works in the source, it appears that something like: http://www.sigusr1.org/weblog/index.php?/categories/6-Hacks might be happening here, but we're kind of stabbing in the dark. Does anyone have any tuning ideas for 6.1 in a WAN setting? Thanks
Re: increasing transmit speeds in WAN setting?
One other point of data is tha that this is a per-flow limit. If we do 10 wget's or whatever, it will be approximately 10x the data rate, IE 30MBit vs 3Mbit. Thanks, Moses On Wed, 18 Oct 2006, Moses Leslie wrote: Hi, We're running 6.1-R, and are having difficulty getting decent speeds as latency increases. The server is connected via gbit copper, and is gbit or better to the internet (depending on the path). For everything local, we're able to get what you'd expect (300+MBit without really any tuning). However, when the latency is 60-80ms (IE across the US), we're unable to get better than around 300KB/s. It appears to be possibly related to the tcp.inflight stuff, but disabling it or messing with some of the related sysctls doesn't appear to help much. Downloads often start quickly, but are then throttled back down to 300KB/s within 10 seconds or so. We've changed the hz (100 to 1), the net.inet.tcp.sendspace, kern.ipc.maxsockbuf, and tried different variations on the inflight tunables, but nothing has made a positive difference of more than ~20KB/s at best. If the server is running linux (2.6 kernel with default TCP settings), we can get much better speeds, 600-1000KB/s easily. If we were going for time/distance records, we would try changing around tcp settings on the client, but we're trying to maximize performance for standard surfers who wouldn't know how to do that, so we're looking for anything that is server side only. We've been searching high and low for any tuning ideas but aren't able to find anything that's made a difference. From looking at how the congestion stuff works in the source, it appears that something like: http://www.sigusr1.org/weblog/index.php?/categories/6-Hacks might be happening here, but we're kind of stabbing in the dark. Does anyone have any tuning ideas for 6.1 in a WAN setting? Thanks, Moses ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
increasing transmit speeds in WAN setting?
Hi, We're running 6.1-R, and are having difficulty getting decent speeds as latency increases. The server is connected via gbit copper, and is gbit or better to the internet (depending on the path). For everything local, we're able to get what you'd expect (300+MBit without really any tuning). However, when the latency is 60-80ms (IE across the US), we're unable to get better than around 300KB/s. It appears to be possibly related to the tcp.inflight stuff, but disabling it or messing with some of the related sysctls doesn't appear to help much. Downloads often start quickly, but are then throttled back down to 300KB/s within 10 seconds or so. We've changed the hz (100 to 1), the net.inet.tcp.sendspace, kern.ipc.maxsockbuf, and tried different variations on the inflight tunables, but nothing has made a positive difference of more than ~20KB/s at best. If the server is running linux (2.6 kernel with default TCP settings), we can get much better speeds, 600-1000KB/s easily. If we were going for time/distance records, we would try changing around tcp settings on the client, but we're trying to maximize performance for standard surfers who wouldn't know how to do that, so we're looking for anything that is server side only. We've been searching high and low for any tuning ideas but aren't able to find anything that's made a difference. From looking at how the congestion stuff works in the source, it appears that something like: http://www.sigusr1.org/weblog/index.php?/categories/6-Hacks might be happening here, but we're kind of stabbing in the dark. Does anyone have any tuning ideas for 6.1 in a WAN setting? Thanks, Moses ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
MONOWALL WAN
Hi, I have a client who would like to share a DSL connection with a neighboring office. I would like to put my clients network (they only need to share Internet) on a separate IP network behind a monowall. My question is, will monowall allow a private address (the LAN IP of router) to be its WAN address? Thanks Laurie ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: MONOWALL WAN
On Tuesday 29 August 2006 16:19, Laurie Zimmerman wrote: Hi, I have a client who would like to share a DSL connection with a neighboring office. I would like to put my clients network (they only need to share Internet) on a separate IP network behind a monowall. My question is, will monowall allow a private address (the LAN IP of router) to be its WAN address? Thanks Laurie my firewall is pfSense, which is based on monowall. on pfSense, in order to use a private address on the wan interface, you have to uncheck a box that says block private networks (it even says 'for the purposes of putting the wan interface on a private lan). i would assume due the lineage of pfSense, that monowall likely has a similar feature. hth, jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: MONOWALL WAN
I have a client who would like to share a DSL connection with a neighboring office. I would like to put my clients network (they only need to share Internet) on a separate IP network behind a monowall. My question is, will monowall allow a private address (the LAN IP of router) to be its WAN address? Thanks Laurie Hi Laurie, I'm not sure about monowall, but I know for sure that an OpenBSD or FreeBSD machine running OpenBSD's packet filter will do the trick very nicely. Check out pf(4) and pf.conf(5) or the FreeBSD Handbook on the subject. You can also grab a copy of Jacek Artymiak's book Building Firewalls with OpenBSD and PF, 2nd edition which covers pf(4) very well. Some URL on the subject: - FreeBSD Handbook Section 26.4 The OpenBSD Packet Filter (PF) and ALTQ http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-pf.html - pf(4) http://www.freebsd.org/cgi/man.cgi?query=pfapropos=0sektion=0manpath=FreeBSD+6.1-RELEASEformat=html - pfctl(8) http://www.freebsd.org/cgi/man.cgi?query=pfctlsektion=8apropos=0manpath=FreeBSD+6.1-RELEASE - pf.conf(5) http://www.freebsd.org/cgi/man.cgi?query=pf.confsektion=5apropos=0manpath=FreeBSD+6.1-RELEASE - Jacek Artymiak's book Building Firewalls with OpenBSD and PF, 2nd edition http://www.artymiak.com/books/index.html Have fun, David -- David Robillard UNIX systems administrator Oracle DBA CISSP, RHCE Sun Certified Security Administrator Montreal: +1 514 966 0122 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Need help with getting transparent proxy working across WAN
I have a FreeBSD transparent proxy working on local lan. Where the workstation's NIC has its gateway set to the proxy server's internal ip address. Everything works fine. Problem is when I move my workstation from the local lan where the proxy server resides, on to the 10.4.0.0 network, this is across a WAN link, Transparent proxy stops working it appears no web traffic is getting to the proxy, and I'm not able to get to ant web site. I am able to ping the proxy server, and use the proxy if I utilize a pac file, and drop the IPFW rules. I should also note that I have transparent proxy running under Debian using iptables, across the WAN link, but want to move to FreeBSD. So I feel my routers are setup correctly. I suspect the problem is with my IPFW rules or NAT configuration but I'm not sure. FreeBSD 6.1 Kernel was recompiled with: options IPFIREWALL options IPFIREWALL_FORWARD options IPFIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT RC.CONF contains gateway_enable=YES ifconfig_xl0=inet x.x.x.x. netmask 255.255.255.0 ifconfig_xl1=inet x.x.x.x netmask 255.255.255.0 firewall_enable=YES firewall_type=OPEN natd_enable=YES natd_interface=xl1 natd_flags= CISCO router has the following configured access-list 199 permit tcp 10.4.0.0 0.0.255.255 any eq www access-list 199 deny ip any any route-map redirect-proxy permit 10 match ip address 199 set ip next-hop proxy server internal ip My IPFW rules: ipfw -q flush ipfw add divert natd all from not me to any via outside interface ipfw add fwd 127.0.0.1:8000 tcp from any to any 80 squid complied with SQUID_CONFIGURE_ARGS+=--enable-pf-transparent SQUID.CONF httpd_accel_host virtual httpd_accel_port 0 httpd_accel_with_proxy on httpd_accel_uses_host_header on header_access Via deny all header_access X-Forwarded-For deny all Thank you for taking the time to look. Any advice or troubleshooting tips are welcome. _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
WAN setup help.
Hello Gurus, I have a Head Office, and have 2 Restaurants in diffrent areas, I have been told that i can link them all together, WAN. them. Can please someone explain to me how to do that? all to be as a one network. I understand that I need router in each branch, including the HQ but, what is the router? can FreeBSD configured to be this router? how to link all of them Together? Thank you for your support. Marwn Sultan. _ FREE pop-up blocking with the new MSN Toolbar - get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: WAN setup help.
This is kind of like the people that post to the automotive newsgroups questions like: I have a 2002 Dodge and I've been told that the transmission is shot, and that I can rebuild it on my kitchen table, can someone explain how to do this You would be better off using products like the Netgear FVS338 and getting support from Netgear on how to setup an intermeshed VPN. Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Marwan Sultan Sent: Wednesday, April 12, 2006 12:08 AM To: [EMAIL PROTECTED] Subject: WAN setup help. Hello Gurus, I have a Head Office, and have 2 Restaurants in diffrent areas, I have been told that i can link them all together, WAN. them. Can please someone explain to me how to do that? all to be as a one network. I understand that I need router in each branch, including the HQ but, what is the router? can FreeBSD configured to be this router? how to link all of them Together? Thank you for your support. Marwn Sultan. _ FREE pop-up blocking with the new MSN Toolbar - get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.4.1/307 - Release Date: 4/10/2006 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: WAN setup help.
On Wed, April 12, 2006 8:08 am, Marwan Sultan wrote: Hello Gurus, I have a Head Office, and have 2 Restaurants in diffrent areas, I have been told that i can link them all together, WAN. them. Can please someone explain to me how to do that? all to be as a one network. I understand that I need router in each branch, including the HQ but, what is the router? can FreeBSD configured to be this router? how to link all of them Together? Thank you for your support. Marwn Sultan. _ FREE pop-up blocking with the new MSN Toolbar - get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] http://searchexchange.techtarget.com/originalContent/0,289142,sid43_gci1069414,00.html?bucket=NEWS Google. Amazing isn't it. -- Richard Collyer [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: WAN setup help.
On Wednesday 12 April 2006 03:08, Marwan Sultan wrote: Hello Gurus, I have a Head Office, and have 2 Restaurants in diffrent areas, I have been told that i can link them all together, WAN. them. Can please someone explain to me how to do that? all to be as a one network. I understand that I need router in each branch, including the HQ but, what is the router? can FreeBSD configured to be this router? how to link all of them Together? There are many ways to do this, some that include using FreeBSD and even more that don't. I personally find that OpenVPN is easy to set up and configure and works quite well. It will run on FreeBSD, Windows, or other operating systems. It makes the most sense to use it if you already have PC's acting as routers in each location. Otherwise, it will likely be less expensive (both up-front and in the long run (power savings, etc) to buy standalone devices capable of creating VPN links. If you decide on a specific plan that involves FreeBSD, feel free to ask for more help getting it going. JN ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: WAN setup help.
You need to first figure out how you will connect these locations. You can connect them peer-to-peer using leased lines (T-1's or fractional T-1's), or use standard broadband internet connections (DSL, or cable) and create VPN connections between the locations. You need to figure out connectivity first. -Derek At 02:08 AM 4/12/2006, Marwan Sultan wrote: Hello Gurus, I have a Head Office, and have 2 Restaurants in diffrent areas, I have been told that i can link them all together, WAN. them. Can please someone explain to me how to do that? all to be as a one network. I understand that I need router in each branch, including the HQ but, what is the router? can FreeBSD configured to be this router? how to link all of them Together? Thank you for your support. Marwn Sultan. _ FREE pop-up blocking with the new MSN Toolbar - get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: WAN setup help.
Marwan Sultan wrote: Hello Gurus, I have a Head Office, and have 2 Restaurants in diffrent areas, I have been told that i can link them all together, WAN. them. Can please someone explain to me how to do that? all to be as a one network. I understand that I need router in each branch, including the HQ but, what is the router? can FreeBSD configured to be this router? how to link all of them Together? Thank you for your support. Marwn Sultan. Hi, I have recently configured a simple VPN to connect mobile users to a central office. With this experience behind me, my advice to you is to get a professional in your local area to do this for you. This may cost you a little more upfront but in the long run it will save you time, money, and a lot of headaches. From your question I believe it will take you a long time to accomplish what you want, you will spend money on equip- ment that you either don't need or doesn't do the job adequately if at all. And in the end you will have a configuration you may not be really satisfied with in terms of security and performance. I don't mean to sound unkind here or overly negative about what you can accomplish on your own given the time and money. But there are a lot of issues to take into consideration which you may not think are important now or which you may not even know exist that will have a big impact on what you need to do. I wish you the best of luck and I also want to assure you that what you want to do has been done many times and a professional should have no problems doing this for you. If he appears unsure of how to proceed then he probably hasn't done it before and is figuring it out as he goes. Sincerely, Duane Whitty -- [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Looking for freebsd/openbsd Open Source project for multi-WAN load-sharing/failover firewall/internet gateway
Take a look at m0n0wall on steroids: http://www.pfsense.com/ On 11/20/05, Sanjay Arora [EMAIL PROTECTED] wrote: I am looking for any open source project that can help me build manage, preferably through a GUI, a multi WAN firewall gateway to the internet, with DMZ, load-sharing, traffic bifurcation on priority/port and auto-ISP failover on any WAN link with IDS/IPS, NAT VPN features. I am not necessarily looking for a firewall distro...but various components that come together (on a minimal OS install) to build a GUI based firewall internet gateway appliance, having the multiple WAN capability. I basically want a minimalist design, which is open source, free and offers the above features. Some examples are the IPcop, m0n0wall (plus multiple WAN links) Sonicwall, Watchguard, Fortigate etc., minus their additional applications like mail anti-virus, mail servers, web-servers (except for whatever is minimal need for GUI) etc. Hope someone can suggest a good solution. With regards. Sanjay. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Joao Barros ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Looking for freebsd/openbsd Open Source project for multi-WAN load-sharing/failover firewall/internet gateway
I am looking for any open source project that can help me build manage, preferably through a GUI, a multi WAN firewall gateway to the internet, with DMZ, load-sharing, traffic bifurcation on priority/port and auto-ISP failover on any WAN link with IDS/IPS, NAT VPN features. I am not necessarily looking for a firewall distro...but various components that come together (on a minimal OS install) to build a GUI based firewall internet gateway appliance, having the multiple WAN capability. I basically want a minimalist design, which is open source, free and offers the above features. Some examples are the IPcop, m0n0wall (plus multiple WAN links) Sonicwall, Watchguard, Fortigate etc., minus their additional applications like mail anti-virus, mail servers, web-servers (except for whatever is minimal need for GUI) etc. Hope someone can suggest a good solution. With regards. Sanjay. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Setting up routes correctly for FBSD box to access WAN
Hello, I am currently trying to use a network bridge via my Mac for my FreeBSD machine and Windows machine to access the outside world because I have not purchased a wireless PCI card for my FreeBSD box and the only means to connect is via wireless. So my network topology looks like this: | FBSD | - | Mac | - | Outside world | What I want to do is setup the routes correctly such that all packets are forwarded from the Mac to the FreeBSD machine, and vice versa. I got this working last night but I fubared my routing tables and had to restart my machine, such that I thought I failed. So my question is, how do I properly set the value for gateway for the FBSD machine or use the route command to create a static route for all IP values not 192.168.1.0/20? Thanks, -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up routes correctly for FBSD box to access WAN
On Sun, Sep 18, 2005 at 11:24:36AM -0700, Garrett Cooper wrote: So my question is, how do I properly set the value for gateway for the FBSD machine or use the route command to create a static route for all IP values not 192.168.1.0/20? You need set the default router in /etc/rc.conf : defaultrouter=NO # Set to default gateway (or NO). See rc.conf(5) -- Kelly D. Grills [EMAIL PROTECTED] pgpIadPkkeq3j.pgp Description: PGP signature
Re: Setting up routes correctly for FBSD box to access WAN
On Sep 18, 2005, at 3:14 PM, Kelly D. Grills wrote: On Sun, Sep 18, 2005 at 11:24:36AM -0700, Garrett Cooper wrote: So my question is, how do I properly set the value for gateway for the FBSD machine or use the route command to create a static route for all IP values not 192.168.1.0/20? You need set the default router in /etc/rc.conf : defaultrouter=NO # Set to default gateway (or NO). See rc.conf(5) -- Kelly D. Grills [EMAIL PROTECTED] Excellent, that's just what I needed. Thanks! -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: hostname on LAN with WAN
Constantine, I believe you can just add an entry to /etc/hosts to specify the hostname for your box. Something like: 192.168.0.2 constantine constantine.domainname.com. Just make sure your sytstem is searching the hosts file before DNS (in /etc/host.conf, hosts is above bind). man hosts man host.conf Joey From: Constantine [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: hostname on LAN with WAN Date: Sat, 02 Aug 2003 21:09:24 -0400 MIME-Version: 1.0 Received: from mx2.freebsd.org ([216.136.204.119]) by mc2-f26.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Sat, 2 Aug 2003 18:11:20 -0700 Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18])by mx2.freebsd.org (Postfix) with ESMTPid 62A4A561F9; Sat, 2 Aug 2003 18:10:06 -0700 (PDT)(envelope-from [EMAIL PROTECTED]) Received: from hub.freebsd.org (localhost [127.0.0.1])by hub.freebsd.org (Postfix) with ESMTPid 4867D37B401; Sat, 2 Aug 2003 18:10:06 -0700 (PDT) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])by hub.freebsd.org (Postfix) with ESMTP id 1E58237B401for [EMAIL PROTECTED];Sat, 2 Aug 2003 18:09:58 -0700 (PDT) Received: from swan.mail.pas.earthlink.net (swan.mail.pas.earthlink.net[207.217.120.123])by mx1.FreeBSD.org (Postfix) with ESMTP id B3AC443FD7for [EMAIL PROTECTED];Sat, 2 Aug 2003 18:09:57 -0700 (PDT) (envelope-from [EMAIL PROTECTED]) Received: from user14.net550.nc.sprint-hsd.net ([65.40.235.14]helo=rbcmail.ru)by swan.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)id 19j7Nl-0003np-00; Sat, 02 Aug 2003 18:09:57 -0700 X-Message-Info: JGTYoYF78jEHjJx36Oi8+YDSEg8qKPPD Delivered-To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB;rv:1.4) Gecko/20030624 X-Accept-Language: en-gb, ru, en-us, en X-BeenThere: [EMAIL PROTECTED] X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions freebsd-questions.freebsd.org List-Unsubscribe: http://lists.freebsd.org/mailman/listinfo/freebsd-questions,mailto:[EMAIL PROTECTED] List-Archive: http://lists.freebsd.org/pipermail/freebsd-questions List-Post: mailto:[EMAIL PROTECTED] List-Help: mailto:[EMAIL PROTECTED] List-Subscribe: http://lists.freebsd.org/mailman/listinfo/freebsd-questions,mailto:[EMAIL PROTECTED] Sender: [EMAIL PROTECTED] Errors-To: [EMAIL PROTECTED] Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 03 Aug 2003 01:11:20.0366 (UTC) FILETIME=[25DDC4E0:01C3595C] Hello! I am using my FreeBSD 4.8 in a local network, I do not have any routable IPs assigned to the box, so what am I supposed to use as a hostname for that FreeBSD box? I have an internet connection (DSL modem with NAT), and I am using the sendmail on the box, and the problem I have, is that during the boot time I need to wait 2 minutes for the DNS-timeout. I wanted to ask, how the hostname is meant to be set in my case. Cheers, Constantine. maillog: Aug 1 14:52:57 cnst sm-msp-queue[101]: My unqualified host name (cnst) unknown; sleeping for retry Aug 1 14:53:57 cnst sm-msp-queue[101]: unable to qualify my own domain name (cnst) -- using short name Aug 1 14:53:57 cnst sm-msp-queue[103]: starting daemon (8.12.8p1): [EMAIL PROTECTED]:30:00 Aug 2 14:41:22 cnst sm-mta[99]: My unqualified host name (cnst) unknown; sleeping for retry Aug 2 14:42:22 cnst sm-mta[99]: unable to qualify my own domain name (cnst) -- using short name Aug 2 14:42:22 cnst sm-mta[100]: starting daemon (8.12.8p1): [EMAIL PROTECTED]:30:00 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] _ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
hostname on LAN with WAN
Hello! I am using my FreeBSD 4.8 in a local network, I do not have any routable IPs assigned to the box, so what am I supposed to use as a hostname for that FreeBSD box? I have an internet connection (DSL modem with NAT), and I am using the sendmail on the box, and the problem I have, is that during the boot time I need to wait 2 minutes for the DNS-timeout. I wanted to ask, how the hostname is meant to be set in my case. Cheers, Constantine. maillog: Aug 1 14:52:57 cnst sm-msp-queue[101]: My unqualified host name (cnst) unknown; sleeping for retry Aug 1 14:53:57 cnst sm-msp-queue[101]: unable to qualify my own domain name (cnst) -- using short name Aug 1 14:53:57 cnst sm-msp-queue[103]: starting daemon (8.12.8p1): [EMAIL PROTECTED]:30:00 Aug 2 14:41:22 cnst sm-mta[99]: My unqualified host name (cnst) unknown; sleeping for retry Aug 2 14:42:22 cnst sm-mta[99]: unable to qualify my own domain name (cnst) -- using short name Aug 2 14:42:22 cnst sm-mta[100]: starting daemon (8.12.8p1): [EMAIL PROTECTED]:30:00 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
slow telnet login over (lan and wan)
hello im running FreeBSD 4.7 Release on amd athlon 1.6ghz with 512mb of ram. This machine has a very light cpu load. it mostly sits there idle and handles email for a small office. for some reason however, telnet logins are very slow over the sdsl 512/512 connection as well as the 100mbps lan. When I try to telnet to that box, i make an immediate connection but don't get a login prompt for almost 30-40 seconds. Its not a major problem. Just very annoying. Does anyone have a clue about how to resolve this problem. any hints would help. __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: slow telnet login over (lan and wan)
On Tue, Feb 18, 2003 at 09:24:23AM -0800, jay tigre wrote: im running FreeBSD 4.7 Release on amd athlon 1.6ghz with 512mb of ram. This machine has a very light cpu load. it mostly sits there idle and handles email for a small office. for some reason however, telnet logins are very slow over the sdsl 512/512 connection as well as the 100mbps lan. When I try to telnet to that box, i make an immediate connection but don't get a login prompt for almost 30-40 seconds. Its not a major problem. Just very annoying. Does anyone have a clue about how to resolve this problem. any hints would help. It probably has to do with reverse DNS resolution for the client IP address failing. (The telnet daemon attempts to get a hostname for the telnet client before prompting for login.) Jim -- Jim Trigg, Lord High Everything Else O- /\ \ / ASCII RIBBON CAMPAIGN Hostmaster, Huie Kin family websiteXHELP CURE HTML MAIL Verger, All Saints Church - Sharon Chapel / \ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: slow telnet login over (lan and wan)
On Tue, Feb 18, 2003 at 09:24:23AM -0800, jay tigre wrote: hello im running FreeBSD 4.7 Release on amd athlon 1.6ghz with 512mb of ram. This machine has a very light cpu load. it mostly sits there idle and handles email for a small office. for some reason however, telnet logins are very slow over the sdsl 512/512 connection as well as the 100mbps lan. When I try to telnet to that box, i make an immediate connection but don't get a login prompt for almost 30-40 seconds. Its not a major problem. Just very annoying. Does anyone have a clue about how to resolve this problem. any hints would help. Likely, this relates to the telnetd trying to reverse map the connecting IP address. Check that it will reverse map, and if no other way if available maybe put an entry for the host in /etc/hosts. This is a common problem with sshd, so I'm just guessing that telnetd might behave the save? In any case, if nothing else is in the way, you might consider using ssh instead of telnet. Nathan -- GPG Public Key ID: 0x4250A04C gpg --keyserver pgp.mit.edu --recv-keys 4250A04C http://63.105.21.156/gpg_nkinkade_4250A04C.asc msg19750/pgp0.pgp Description: PGP signature
Re: slow telnet login over (lan and wan)
At 09:24 AM 02/18/03 -0800, jay tigre wrote: im running FreeBSD 4.7 Release on amd athlon 1.6ghz with 512mb of ram. This machine has a very light cpu load. it mostly sits there idle and handles email for a small office. for some reason however, telnet logins are very slow over the sdsl 512/512 connection as well as the 100mbps lan. When I try to telnet to that box, i make an immediate connection but don't get a login prompt for almost 30-40 seconds. Its not a major problem. Just very annoying. Does anyone have a clue about how to resolve this problem. any hints would help. It is probably because for some reason it does a reverse lookup on your IP and if there is no answer it times out. A work-around is to add your IP to the hosts table. Someday I hope to be able to burrow into that code and find a way to turn that off... Marc To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Dialup WAN link using FreeBSD
Hi all, I'm facing the interesting task of creating a (auto)dialup link using old fashioned analogue modems between two FreeBSD machines. I never even touched the subject before and feel a bit hesitant over where to start. Would very much appriciate pointers to docs beyond the Handbook. Thanks, Per olof To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message