Re: ipfw gateway rerouting

2013-08-19 Thread Michael Sierchio 
# my kernel has
# options ROUTETABLES=16

GATEWAY_0="10.3.255.0"
GATEWAY_1="10.3.255.1"

setfib 0 route add default $GATEWAY_0
setfib 1 route add default $GATEWAY_1

ipfw table 1 add $NET_0 0
ipfw table 1 add $NET_1 0
ipfw table 1 add $NET_2 1
ipfw table 1 add $NET_3 0

ipfw add 00500 setfib tablearg ip from any to any in lookup src-ip 1

rule 500 will cause traffic from NET_2 to go out a different gateway (if
it's not destined for a local net - presumably other rules will handle
those cases)

# man setfib
# man ipfw (see the section on the setfib action)




On Sun, Aug 18, 2013 at 3:15 PM, Jos Chrispijn  wrote:

> Can someone please hint me to to good explanatory site that explains how
> to reroute a network server to different/non standard network gateway(s)
> with ipfw?
>
> thanks,
> Jos Chrispijn
> __**_
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/**mailman/listinfo/freebsd-**questions<http://lists.freebsd.org/mailman/listinfo/freebsd-questions>
> To unsubscribe, send any mail to "freebsd-questions-**
> unsubscr...@freebsd.org "
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

ipfw gateway rerouting

2013-08-18 Thread Jos Chrispijn 
Can someone please hint me to to good explanatory site that explains how 
to reroute a network server to different/non standard network gateway(s) 
with ipfw?


thanks,
Jos Chrispijn
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Gateway on downloads

2013-05-26 Thread Jos Chrispijn 

Hi all,

> netstart -rn (partitially)

Destination    GatewayFlagsRefs  Use Netif Expire
default10.10.10.100   UGS 0   858468 re0

Can you tell me how I can force _any_download from my server not going 
via 10.10.10.100 but to another gateway number 10.10.10.200?
For incoming uploads (ftp) and domain requests (Apache) still to keep 
10.10.10.100 for incoming traffic.


I have NZBGet installed and want to use the 2nd gateway (triple time the 
1st gateway speed) on downloads.
Maybe there is a way on ftp/download requests to redirect certain 
destination IP's to be switch through another network gateway IP?


Thanks,
Jos Chrispijn
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Faking Gateway

2012-11-03 Thread Samuel Martin Moro 

On 11/03/2012 01:35 PM, Jos Chrispijn wrote:

I have two gateway ip's in my network:
G1 = 8/1m and G2=50/10m.
Server1 (S1) is connected to G1 and all network clients are connected 
to G2.
As I sometimes have a lot of ports to download, I thought, let's 
change the gateway address of S1 to G2. That really works regarding 
the FTP part, but regarding my mail it is not (logically I am now 
presenting a domain name that doesn't match its ip address as it is G2 
instead of G1).


Is there a way of switching to the 'fast' gateway with ftp traffic 
only (like port updates and manual outward/inbound ftp requests) and 
have outbound email follow the (standard) G1)?


Kind regards,
Jos Chrispijn

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to 
"freebsd-questions-unsubscr...@freebsd.org"

Hi,

Some 'match out on $netif to $ext_net port smtp route-to ( $netif $gw_1m 
)' should work.


Regards.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Faking Gateway

2012-11-03 Thread Olivier Nicole 
Hi,
On Nov 3, 2012 7:36 PM, "Jos Chrispijn"  wrote:
>
> I have two gateway ip's in my network:
> G1 = 8/1m and G2=50/10m.
> Server1 (S1) is connected to G1 and all network clients are connected to
G2.
> As I sometimes have a lot of ports to download, I thought, let's change
the gateway address of S1 to G2. That really works regarding the FTP part,
but regarding my mail it is not (logically I am now presenting a domain
name that doesn't match its ip address as it is G2 instead of G1).
>
> Is there a way of switching to the 'fast' gateway with ftp traffic only
(like port updates and manual outward/inbound ftp requests) and have
outbound email follow the (standard) G1)?

If your fast gateway has a proxy feature, it is very easy, only have to
declare the env variable HTTP_PROXY and FTP_PROXY to point to that proxy.

Hopee that helps.

Olivier

> Kind regards,
> Jos Chrispijn
>
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
freebsd-questions-unsubscr...@freebsd.org"
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Faking Gateway

2012-11-03 Thread Jos Chrispijn 

I have two gateway ip's in my network:
G1 = 8/1m and G2=50/10m.
Server1 (S1) is connected to G1 and all network clients are connected to G2.
As I sometimes have a lot of ports to download, I thought, let's change 
the gateway address of S1 to G2. That really works regarding the FTP 
part, but regarding my mail it is not (logically I am now presenting a 
domain name that doesn't match its ip address as it is G2 instead of G1).


Is there a way of switching to the 'fast' gateway with ftp traffic only 
(like port updates and manual outward/inbound ftp requests) and have 
outbound email follow the (standard) G1)?


Kind regards,
Jos Chrispijn

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: FreeBSD Gateway, Crossover

2011-12-04 Thread Fbsd8 

APseudoUtopia wrote:

Hello,

I'm trying to setup a small home network, It consists of my FreeBSD
9.0-RC2 box connected to my modem (just a modem, not modem/router) and
two other systems connected directly via ethernet to the freebsd box.
I'm able to connect to the internet with the FreeBSD box. I can get an
IP via DHCP from my ISP. However, I can't seem to figure out how to
setup the gateway routes and the IP addresses for the other system.

I'd like to have the internal network be on 192.168.1.0/24. I have 2x
2-port NICs in the freebsd box.

em0 - Internet - 1.2.3.4
em1 - System1 - 192.168.1.1
em2 - System2 - 192.168.1.2

I'm kindof lost here. I've played with it a bit, trying to set
192.168.1.0/24 on em1 and em2, then setting the specific IP address on
system1 and system2 respectively. I've also tried manually adding
routes from 192.168.1.0/24 to 1.2.3.4 (my external IP) to no avail.
The system1/2 boxes cannot ping the freebsd box, nor vise-versa. That
implies it's not a routing problem, but a problem with the systems
getting a proper IP address.

Anyone have any tips?

Thanks.




www.a1poweruser.com web site has details instructions on how to do it. 
Check it out.



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: FreeBSD Gateway, Crossover

2011-12-04 Thread Robert Bonomi 

> From: APseudoUtopia 
>
> Hello,
>
> I'm trying to setup a small home network, It consists of my FreeBSD
> 9.0-RC2 box connected to my modem (just a modem, not modem/router) and
> two other systems connected directly via ethernet to the freebsd box.
> I'm able to connect to the internet with the FreeBSD box. I can get an
> IP via DHCP from my ISP. However, I can't seem to figure out how to
> setup the gateway routes and the IP addresses for the other system.
>
> I'd like to have the internal network be on 192.168.1.0/24. I have 2x
> 2-port NICs in the freebsd box.
>
> em0 - Internet - 1.2.3.4
> em1 - System1 - 192.168.1.1
> em2 - System2 - 192.168.1.2
>
> I'm kindof lost here. I've played with it a bit, trying to set
> 192.168.1.0/24 on em1 and em2, then setting the specific IP address on
> system1 and system2 respectively. I've also tried manually adding
> routes from 192.168.1.0/24 to 1.2.3.4 (my external IP) to no avail.
> The system1/2 boxes cannot ping the freebsd box, nor vise-versa. That
> implies it's not a routing problem, but a problem with the systems
> getting a proper IP address.
>
> Anyone have any tips?

Other than "don't do it that way", you mean?  

Having two different interfaces with the same 'network' configuration,
Where either address -cannot- reach *every* host on that 'network'

Recommendation: 

IP addresses:
  Assign em1 192.168.1.1/24
  Assign em2 129.168.2.1/24
  Assign System1 192.168.1.2/24 
  Assign System2 192.168.2.2/24   

Routing:
  System1; default route 192.168.1.1
  System2; default route 192.168.2.1

  Server:  default route 1.2.3.4
   (should have auto routes for 192.68.1.0/24 and 192.68.2.0/24)


If you _really_ want everything on the same internal network, the easiest
way is to put in an ethernet hub/switch, and connect everything to that
hub/switch -- only 1 interface per device.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: FreeBSD Gateway, Crossover

2011-12-04 Thread Matthew Seaman 
On 04/12/2011 18:43, Matthias Apitz wrote:
>> I'd like to have the internal network be on 192.168.1.0/24. I have 2x
>> > 2-port NICs in the freebsd box.
>> > 
>> > em0 - Internet - 1.2.3.4
>> > em1 - System1 - 192.168.1.1
>> > em2 - System2 - 192.168.1.2

> if you connect the two other boxes directly to the NICs of FreeBSD you
> must use crossover cables and should assign to each connection a
> separate network; or you connect all three boxes via a HUB or switch in
> only one network;

Or create a bridge spanning em1 and em2 -- this will make your FreeBSD
box act pretty much like a network switch for the two client machines.

You can get away with standard cables if all the NICs involved support
auto-MDIX.  em(4) should, but it depends on your other kit.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.   7 Priory Courtyard
  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matt...@infracaninophile.co.uk   Kent, CT11 9PW



signature.asc
Description: OpenPGP digital signature

Re: FreeBSD Gateway, Crossover

2011-12-04 Thread Matthias Apitz 

Hello,

El día Sunday, December 04, 2011 a las 01:21:58PM -0500, APseudoUtopia escribió:

> Hello,
> 
> I'm trying to setup a small home network, It consists of my FreeBSD
> 9.0-RC2 box connected to my modem (just a modem, not modem/router) and
> two other systems connected directly via ethernet to the freebsd box.
> I'm able to connect to the internet with the FreeBSD box. I can get an
> IP via DHCP from my ISP. However,

Does this mean that you do PPP via the modem? If so, you should have
some interface tunN with the IP assigned by the ISP.

> I can't seem to figure out how to
> setup the gateway routes and the IP addresses for the other system.

you must enable gateway in the rc.conf file with:

gateway_enable="YES"

> 
> I'd like to have the internal network be on 192.168.1.0/24. I have 2x
> 2-port NICs in the freebsd box.
> 
> em0 - Internet - 1.2.3.4
> em1 - System1 - 192.168.1.1
> em2 - System2 - 192.168.1.2

if you connect the two other boxes directly to the NICs of FreeBSD you
must use crossover cables and should assign to each connection a
separate network; or you connect all three boxes via a HUB or switch in
only one network;

the other boxes should have the FreeBSD as default gateway in their
routing and in the FreeBSD you must use IPF and IPNAT to hide your
network(s) behind the tunN interface's IP addr; I do this at home too
having attached by Linux based cellphone via USB networking and this
has access to Internet through the FreeBSD laptop;

HIH
matthias
-- 
Matthias Apitz
e  - w http://www.unixarea.de/
UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370)
UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

FreeBSD Gateway, Crossover

2011-12-04 Thread APseudoUtopia 
Hello,

I'm trying to setup a small home network, It consists of my FreeBSD
9.0-RC2 box connected to my modem (just a modem, not modem/router) and
two other systems connected directly via ethernet to the freebsd box.
I'm able to connect to the internet with the FreeBSD box. I can get an
IP via DHCP from my ISP. However, I can't seem to figure out how to
setup the gateway routes and the IP addresses for the other system.

I'd like to have the internal network be on 192.168.1.0/24. I have 2x
2-port NICs in the freebsd box.

em0 - Internet - 1.2.3.4
em1 - System1 - 192.168.1.1
em2 - System2 - 192.168.1.2

I'm kindof lost here. I've played with it a bit, trying to set
192.168.1.0/24 on em1 and em2, then setting the specific IP address on
system1 and system2 respectively. I've also tried manually adding
routes from 192.168.1.0/24 to 1.2.3.4 (my external IP) to no avail.
The system1/2 boxes cannot ping the freebsd box, nor vise-versa. That
implies it's not a routing problem, but a problem with the systems
getting a proper IP address.

Anyone have any tips?

Thanks.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: openvpn client on pf gateway

2010-11-04 Thread krad 
On 4 November 2010 10:15, Samuel Martín Moro  wrote:

> Hi,
>
>
> I'm using a FreeBSD-8.1 (RELEASE, amd64) as gateway for my local network.
> And pf as firewall.
>
>
> I'm renting a dedicated box, running openvpn.
> My gateway is configured as a client of this VPN.
> I modified my pf.conf to provide internet to my local network.
> I configured iptables on the VPN server (debian-5) to accept everything,
> and
> redirect what I needed to.
>
> Everything seems to work... except...
>
> How can I redirect a port through the VPN?
> I mean...
> The problem does not seem to come from the VPN server, as I can access my
> local gateway from an external server, through the iptables redirection.
> But, when I try to access a host behind that gateway, it won't connect...
>
>
> Here's the pf.conf:
>
> ext_if="bge0"
> int_if="bge1"
> vpn_if="tun0"
>
> lc = $int_if:network
>  vpn="10.253.254.1"
>  emma="10.242.42.200"
> alpha="10.42.42.42"
> delta="10.42.42.44"
>   xi="10.42.142.44"
>
> set skip on lo0
> scrub in on $ext_if all fragment reassemble
> scrub in on $vpn_if all fragment reassemble
> INTERNETZ
> nat  on $ext_if from $lc to any -> ($ext_if)
> nat  on $vpn_if from $lc to any -> ($vpn_if)
> rdr  on $ext_if inet proto tcp  from any to ($ext_if) port 1666 ->
> $alpha port 1666
> rdr  on $vpn_if inet proto tcp  from any to ($vpn_if) port 1666 ->
> $alpha port 1666
> rdr  on $ext_if inet proto tcp  from any to ($ext_if) port 1667 ->
> $delta port   22
> rdr  on $vpn_if inet proto tcp  from any to ($vpn_if) port 1667 ->
> $delta port   22
> rdr  on $ext_if inet proto tcp  from any to ($ext_if) port 1668 ->
> $alpha port   22
> rdr  on $vpn_if inet proto tcp  from any to ($vpn_if) port 1668 ->
> $alpha port   22
> rdr  on $ext_if inet proto tcp  from any to ($ext_if) port 1669 ->
> $xiport   22
> rdr  on $vpn_if inet proto tcp  from any to ($vpn_if) port 1669 ->
> $xiport   22
> rdr  on $ext_if inet proto tcp  from any to ($ext_if) port 9418 ->
> $xiport 9418
> rdr  on $vpn_if inet proto tcp  from any to ($vpn_if) port 9418 ->
> $xiport 9418
> pass  in on $ext_if inet proto tcp  from any to $ext_if   port 1664
> pass  in on $vpn_if inet proto tcp  from any to $vpn_if   port 1664
> pass  in on $int_if inet proto tcp  from any to any
> pass  in on $int_if inet proto udp  from any to any
> block in log on $ext_if inet proto icmp from any to $ext_if
> block in log on $vpn_if inet proto icmp from any to $vpn_if
>
> every rules for $ext_if is working as expected
> so I copied them, replacing my external interface by the vpn one
> ssh from internet to the gateway (1664) works.
> but accessing a ssh server behind the gateway (say alpha, 1668) does not...
>
>
> What am I doing wrong?
>
>
>
> Regards,
>
> --
> Samuel Martín Moro
> {EPITECH.} tek5
> CamTrace S.A.S
>  (+033) 1 41 38 37 60
>  1 Allée de la Venelle
>  92150 Suresnes
>  FRANCE
>
> "Nobody wants to say how this works.
>  Maybe nobody knows ..."
>  Xorg.conf(5)
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscr...@freebsd.org"
>


Im not sure if i understand you correctly but are you trying to forward
ports from your colo rented machine to boxes on your LAN via the openvpn
connection?

If you are and this is where the problem is, you probably need to be natting
on the colo boxes vpn interface (tun0). So you will need some iptables
config. Doing this avoids the asymetric routing and natting issue you will
be getting.

Basically if a packet enters your colo box (dst ip A) from client (B), your
coloe box will forward it down the tunnel to host C on a private ip. This
will respond, and create a packet to goto B. However when this packet will
have a public ip as a destination, so when it hits your pf firewall it will
probably get routed out of the default route, and not the vpn interface. As
its not a tcp syn it will most probably be dropped by pf. However if it isnt
it will be natted to the the public ip of your pf box. This is a problem as
this source address isnt the same as the destination address of the initial
packet generated by the client B. Therefore when it actually get to the
client it will just be dropped

Natting on the colo boxes vpn interface sorts all this out for you
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

openvpn client on pf gateway

2010-11-04 Thread Samuel Martín Moro 
Hi,


I'm using a FreeBSD-8.1 (RELEASE, amd64) as gateway for my local network.
And pf as firewall.


I'm renting a dedicated box, running openvpn.
My gateway is configured as a client of this VPN.
I modified my pf.conf to provide internet to my local network.
I configured iptables on the VPN server (debian-5) to accept everything, and
redirect what I needed to.

Everything seems to work... except...

How can I redirect a port through the VPN?
I mean...
The problem does not seem to come from the VPN server, as I can access my
local gateway from an external server, through the iptables redirection.
But, when I try to access a host behind that gateway, it won't connect...


Here's the pf.conf:

ext_if="bge0"
int_if="bge1"
vpn_if="tun0"

lc = $int_if:network
  vpn="10.253.254.1"
 emma="10.242.42.200"
alpha="10.42.42.42"
delta="10.42.42.44"
   xi="10.42.142.44"

set skip on lo0
scrub in on $ext_if all fragment reassemble
scrub in on $vpn_if all fragment reassemble
INTERNETZ
nat  on $ext_if from $lc to any -> ($ext_if)
nat  on $vpn_if from $lc to any -> ($vpn_if)
rdr  on $ext_if inet proto tcp  from any to ($ext_if) port 1666 ->
$alpha port 1666
rdr  on $vpn_if inet proto tcp  from any to ($vpn_if) port 1666 ->
$alpha port 1666
rdr  on $ext_if inet proto tcp  from any to ($ext_if) port 1667 ->
$delta port   22
rdr  on $vpn_if inet proto tcp  from any to ($vpn_if) port 1667 ->
$delta port   22
rdr  on $ext_if inet proto tcp  from any to ($ext_if) port 1668 ->
$alpha port   22
rdr  on $vpn_if inet proto tcp  from any to ($vpn_if) port 1668 ->
$alpha port   22
rdr  on $ext_if inet proto tcp  from any to ($ext_if) port 1669 ->
$xiport   22
rdr  on $vpn_if inet proto tcp  from any to ($vpn_if) port 1669 ->
$xiport   22
rdr  on $ext_if inet proto tcp  from any to ($ext_if) port 9418 ->
$xiport 9418
rdr  on $vpn_if inet proto tcp  from any to ($vpn_if) port 9418 ->
$xiport 9418
pass  in on $ext_if inet proto tcp  from any to $ext_if   port 1664
pass  in on $vpn_if inet proto tcp  from any to $vpn_if   port 1664
pass  in on $int_if inet proto tcp  from any to any
pass  in on $int_if inet proto udp  from any to any
block in log on $ext_if inet proto icmp from any to $ext_if
block in log on $vpn_if inet proto icmp from any to $vpn_if

every rules for $ext_if is working as expected
so I copied them, replacing my external interface by the vpn one
ssh from internet to the gateway (1664) works.
but accessing a ssh server behind the gateway (say alpha, 1668) does not...


What am I doing wrong?



Regards,

-- 
Samuel Martín Moro
{EPITECH.} tek5
CamTrace S.A.S
  (+033) 1 41 38 37 60
  1 Allée de la Venelle
  92150 Suresnes
  FRANCE

"Nobody wants to say how this works.
  Maybe nobody knows ..."
  Xorg.conf(5)
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

H/w for gateway and backup (OT)

2010-09-26 Thread Sambaiah Kilaru 
Hi All,
  I am looking to buy some gateway which can run FreeBSD or some *nix with 
three ethernet ports.
  I can take any system and make it g/w, but looking any custom h/w (much 
smaller than cobalt server)
  I am also looking some 2-8 TB backup drive. I am looking to buy in US. I am 
out of touch for some time  
  with h/w so requesting through mailing list.

thanks,
Sam
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Gateway 8.1

2010-08-21 Thread Don Dugger 
I recently loaded 8.1 Rel on a box using the same basic configuration as a
7.1 Rel box I was replacing.
Everything works except the box won't work as a gateway now. Is there
something new in 8.1 that would change the basic configuration that I
would need to change.


Thx in advance...

Don

Heres my rc.conf:



# -- sysinstall generated deltas -- # Fri Aug 13 08:23:57 2010
# Created: Fri Aug 13 08:23:57 2010
# Enable network daemons for user convenience.

# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
defaultrouter="74.92.224.230"
hostname="freedom.local.hotlz.com"

gateway_enable="YES"
firewall_client_net="172.27.240.0:255.255.0.0"
firewall_enable="YES"
firewall_type="OPEN"
ifconfig_xl0="inet 172.27.240.33  netmask 255.255.0.0"

ifconfig_xl1="inet 74.92.224.225/24"
ifconfig_msk0="inet 74.92.224.226/32"
#ipv4_addrs_xl1="74.92.224.225-226/8"

#ifconfig_msk0="inet 172.27.140.38  netmask 255.255.248.0"

natd_enable="YES"
natd_interface="xl1"
#firewall_nat_enable="YES"
#firewall_nat_interface="xl1"


named_enable="YES"

inetd_enable="YES"
linux_enable="YES"
local_startup="/usr/local/etc/rc.d"
moused_enable="YES"
nfs_client_enable="YES"

nfs_server_enable="YES"
rpcbind_enable="YES"
sshd_enable="YES"
#usbd_enable="YES"
apache22_enable="YES"
lpd_enable="YES"
slapd_enable="YES"

slapd_flags='-h "ldap://thecampingview.com/";'

postfix_enable="YES"

mysql_dbdir="/data1/mysql"
mysql_enable="YES"


postgresql_enable="YES"
postgresql_data="/usr/local/pgsql/data"
postgresql_flags="-w -s -m fast"
postgresql_initdb_flags="--encoding=utf-8 --lc-collate=C"
postgresql_class="default"


sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

# The Fish generated deltas - Tue Sep  2 10:06:49 2008

timed_enable="YES"

nisdomainname="hotlz-nis"
nis_server_enable="YES"
nis_client_enable="YES"
nis_client_flags="-S hotlz-nis,freedom.local.hotlz.com"

nis_yppasswdd_enable="YES"

courier_imap_imapd_enable="YES"
courier_authdaemond_enable="YES"
courier_imap_imapd_ssl_enable="YES"

# -- sysinstall generated deltas -- # Thu Aug 19 03:27:27 2010

check_quotas="NO"
rpc_statd_enable="YES"

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

MacIP Gateway Solution for FreeBSD?

2010-08-06 Thread Keith Seyffarth 

I'm running FreeBSD 7.2 (FreeBSD janet.weif.net 7.2-RELEASE FreeBSD
7.2-RELEASE #1: Sat Oct 31 16:21:25 MDT 2009
ch...@janet.weif.net:/usr/src/sys/i386/compile/JANET  i386) with
netatalk installed so I can connect my old Macintosh Quadra 605 to the
FreeBSD machine to share files.

I would like to get the Mac internet access, but I need a Macintosh IP
Gateway installed on the network somewhere.

there was a package called macipgw, but that fails to compile on FreeBSD
7.

Does anyone have an updated version of macipgw, or does anyone know of
another port to handle this?

Keith S.




-- 

from my mac to yours...

Keith Seyffarth
mailto:w...@weif.net
http://www.weif.net/ - Home of the First Tank Guide!
http://www.rpgcalendar.net/ - the Montana Role-Playing Calendar

http://www.miscon.org/ - Montana's Longest Running Science Fiction Convention
Talk MisCon: http://www.miscon.org/forums/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: yikes! MAC address of default gateway changed ??

2010-02-11 Thread Matthew Seaman 
On 11/02/2010 14:28, James Smallacombe wrote:
> If it was caused by a malicious arp command on my server, wouldn't a
> reboot have gotten rid of it?  Would it also result in a "NO CARRIER" on
> the interface?  Network did not come back until the Ethernet card was
> swapped.
> 
> The bottom line is whether it is possible for a NIC failure to cause the
> kernel to register an ARP change.

Yes.  Getting 'NO CARRIER' all of a sudden after the NIC has been
behaving weirdly looks very much like hardware spiralling into oblivion
and not enemy action.  Having a corrupted arp cache is also likely a
symptom of hardware going bad.

NIC failure can have the observed results, and it's quite likely that
on reboot the NIC would fail to work entirely in that situation.

Actually, one thing it's always a good idea to test in these
circumstances is that it's not a broken or loose ethernet cable.  This
can cause all sorts of similar weirdness, but it's a lot easier and
cheaper to fix.  I've seen the like sort of problems just from people
pulling cable ties too tight.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.  7 Priory Courtyard, Flat 3
Black Earth Consulting   Ramsgate
 Kent, CT11 9PW
Free and Open Source Solutions   Tel: +44 (0)1843 580647



signature.asc
Description: OpenPGP digital signature

Re: yikes! MAC address of default gateway changed ??

2010-02-11 Thread James Smallacombe 


Hi: Please reply-all ; I am not subscribed

On Thu, 11 Feb 2010, Vince Hoffman wrote:



On 11/02/2010 11:00, James Smallacombe wrote:

Sorry for replying to myself (AND top-posting!) twice in a row, but this
is become a huge concern.  My first thought is that my provider changed
routers or router Ethernet ports, hence the MAC address change.  They
deny this, plus I find the two MAC addresses:

00:17:e0:4f:b9:c0 to 00:13:e0:4f:b9:c0


On 11/02/2010 11:00, James Smallacombe wrote:


Sorry for replying to myself (AND top-posting!) twice in a row, but
this is become a huge concern.  My first thought is that my provider
changed routers or router Ethernet ports, hence the MAC address
change.  They deny this, plus I find the two MAC addresses:

00:17:e0:4f:b9:c0 to 00:13:e0:4f:b9:c0


However in your case, while 00:17:E0 is reasonable (a cisco mac address)
00:13:E0 is a little worrying as apparently its a Murata
Manufacturing(whoever they are) mac address (see
http://www.coffer.com/mac_find/?string=00%3A13%3Ae0%3A4f%3Ab9%3Ac0)


Well, that rules out anything by the provider.


you can check if its a static entry in your arp tables using
arp -a | grep permanent
The only permanent entries should be your local IPs (whatever you have
configured on your interfaces) unless you have any others you have put
in yourself.
so for my server i have
r...@seaurchin ~]# arp -a | grep permanent
seaurchin.the.namesco.net (85.233.xxx.xxx) at 00:11:43:d8:2c:df on em0
permanent [ethernet]
? (10.20.0.3) at 00:11:43:d8:2c:df on em0 permanent [ethernet]


Obviously the ARP entry is long gone now and I don't recall if it was 
permanent or not.  It just leaves a couple of questions:


If it was caused by a malicious arp command on my server, wouldn't a 
reboot have gotten rid of it?  Would it also result in a "NO CARRIER" on 
the interface?  Network did not come back until the Ethernet card was 
swapped.


The bottom line is whether it is possible for a NIC failure to cause the 
kernel to register an ARP change.


Thanks again to everyone...

James Smallacombe PlantageNet, Inc. CEO and Janitor
u...@3.am   http://3.am
=
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

E-commerce Gateway

2010-01-18 Thread Peter Arshi 
 

E-commerce Payment Gateway Solution:
(E-commerce Gateway Solution for United States and Canadian Merchants)

 

Federated Payments- USA Merchant Accounts

MSI Canada- Canadian Merchant Accounts 

 

 

About Us

Federated Payments / MSI Canada is a credit card payment processor in the 
United 
States and Canadian marketplace.  We have an “A” Industry Rating with the BBB 
(Better Business Bureau) and annually process over 2 billion dollars in credit 
card payment transactions. Established in 1998, Federated Payments recently 
took its place as one of the Top 50 Payment Processors in the Industry and 
is considered the fastest growing Processor according to the Neilson Report.  
We service more than 20,000 merchants across the country and employ 150 sales 
support and technical staff in the United States and Canada. Federated Payments 
operates as Merchant Services Inc. Canada (MSI Canada) as its Canadian 
operations. 


 

Recognizing the Gateway Problem

We are aware of the difficulties web developers experience when adding shopping 
carts to sites and then to face security compliance issues when Payment 
Gateways 
are to be integrated.  In most cases, the client’s bank does not support an 
online payment gateway solution. This begins the clients search to find the 
right bank that will approve or provide a payment gateway that can comply to 
the shopping cart security standards.   After this step is complete, the client 
is left to babysit the bank to ensure correspondence is maintained with the 
web developer until task is complete.  

 

For any developer, dropping the ball at the end is simply bad practice hence 
integrating PayPal saves the client from anguish and despair temporarily. 
PayPal 
charges high credit card processing rates which leads to even more client 
despair 
in the end. Professionalism is lost when the gateway page re-directs the 
customer 
to a process he is not interested in fulfilling.  PayPal should be considered 
an additional feature and not the primary gateway function. Required customer 
sign-ups and account verification processes deter customers from returning 
to PayPal sites. Client loses retention momentum.

 

SafePay Solution 

The SafePay Gateway Program is a solution for merchants to process online in 
a secured manner without giving up large profits for processing. We offer the 
“Lowest Rate Guarantee” to every client that comes on board. Included with 
the SafePay Program is the Backend Gateway which enables clients a backend 
to enter orders manually, to put customers on recurring payments, pull reports, 
customizable fields, download/upload Quick Books file feature , multiple user 
with Admin control features and much more.  A demo will be provided to your 
client for training by our technicians.

 

 

SafePay Payment Gateway Solution Features: 

·    Enables real-time online transaction processing

·    Fully CISP and PCI Certified

·    Free Quick Click Shopping Cart- Or connect with over 80 certified 
shopping carts

·    Recurring Billing- Bill your customers daily, weekly or monthly for 
as many payments as requires

·    Cardholder Authentication Card Programs: Verified by Visa, MasterCard 
SecureCode

·    Virtual Terminal-  With a Level 3 intuitive user interface, you will 
be able to authorize, process and manage credit card transactions manually 
from any computer that has an internet connection. 

·    API Integration- With API Integration solution your merchants will 
utilize the highest level of secure transaction infrastructure available. 

·    Batch Upload Process- With batch upload processing you will be able 
to control and approve transactions manually prior to settlement.  The batch 
processing system automatically allocates the batches in 1/16 bins and reduces 
overall processing time to a fraction of your competitors. 

·    Electronic Check- Electronic Check is a payment solution that enables 
online and traditional merchants to accept and process electronic check 
payments 
directly from their Web site’s storefront or through the Virtual Terminal.  
By accepting electronic checks, you are able to expand the payment options 
available to your customers and thereby increase sales.  

 

 

Solution Option 1 

Federated Payments and MSI Canada offers one of the best Payment Gateway 
programs 
in the industry known as Safepay. To simplify the shopping cart integration 
to our payment gateway, here are some free shopping carts we support:

 

Free Supported Shopping Carts:

 

OsCommerce.com, nopdesign.com, virtuemart.net, zencart.com, precisionweb.net  
 

 

Solution Option 2

Our technicians are equipped to handle any type of shopping cart in the 
marketplace. 
Custom built designs are accepted with additional security compliance testing. 
This means that the majority of shopping carts fall into compliance with our 
payment gateway solution after testing.

 

Simple Process 

·    When an e

E-commerce Gateway

2010-01-12 Thread Peter Arshi 
 

E-commerce Payment Gateway Solution:
(E-commerce Gateway Solution for United States and Canadian Merchants)

 

Federated Payments- USA Merchant Accounts

MSI Canada- Canadian Merchant Accounts 

 

 

About Us

Federated Payments / MSI Canada is a credit card payment processor in the 
United 
States and Canadian marketplace.  We have an “A” Industry Rating with the BBB 
(Better Business Bureau) and annually process over 2 billion dollars in credit 
card payment transactions. Established in 1998, Federated Payments recently 
took its place as one of the Top 50 Payment Processors in the Industry and 
is considered the fastest growing Processor according to the Neilson Report.  
We service more than 20,000 merchants across the country and employ 150 sales 
support and technical staff in the United States and Canada. Federated Payments 
operates as Merchant Services Inc. Canada (MSI Canada) as its Canadian 
operations. 


 

Recognizing the Gateway Problem

We are aware of the difficulties web developers experience when adding shopping 
carts to sites and then to face security compliance issues when Payment 
Gateways 
are to be integrated.  In most cases, the client’s bank does not support an 
online payment gateway solution. This begins the clients search to find the 
right bank that will approve or provide a payment gateway that can comply to 
the shopping cart security standards.   After this step is complete, the client 
is left to babysit the bank to ensure correspondence is maintained with the 
web developer until task is complete.  

 

For any developer, dropping the ball at the end is simply bad practice hence 
integrating PayPal saves the client from anguish and despair temporarily. 
PayPal 
charges high credit card processing rates which leads to even more client 
despair 
in the end. Professionalism is lost when the gateway page re-directs the 
customer 
to a process he is not interested in fulfilling.  PayPal should be considered 
an additional feature and not the primary gateway function. Required customer 
sign-ups and account verification processes deter customers from returning 
to PayPal sites. Client loses retention momentum.

 

SafePay Solution 

The SafePay Gateway Program is a solution for merchants to process online in 
a secured manner without giving up large profits for processing. We offer the 
“Lowest Rate Guarantee” to every client that comes on board. Included with 
the SafePay Program is the Backend Gateway which enables clients a backend 
to enter orders manually, to put customers on recurring payments, pull reports, 
customizable fields, download/upload Quick Books file feature , multiple user 
with Admin control features and much more.  A demo will be provided to your 
client for training by our technicians.

 

 

SafePay Payment Gateway Solution Features: 

·    Enables real-time online transaction processing

·    Fully CISP and PCI Certified

·    Free Quick Click Shopping Cart- Or connect with over 80 certified 
shopping carts

·    Recurring Billing- Bill your customers daily, weekly or monthly for 
as many payments as requires

·    Cardholder Authentication Card Programs: Verified by Visa, MasterCard 
SecureCode

·    Virtual Terminal-  With a Level 3 intuitive user interface, you will 
be able to authorize, process and manage credit card transactions manually 
from any computer that has an internet connection. 

·    API Integration- With API Integration solution your merchants will 
utilize the highest level of secure transaction infrastructure available. 

·    Batch Upload Process- With batch upload processing you will be able 
to control and approve transactions manually prior to settlement.  The batch 
processing system automatically allocates the batches in 1/16 bins and reduces 
overall processing time to a fraction of your competitors. 

·    Electronic Check- Electronic Check is a payment solution that enables 
online and traditional merchants to accept and process electronic check 
payments 
directly from their Web site’s storefront or through the Virtual Terminal.  
By accepting electronic checks, you are able to expand the payment options 
available to your customers and thereby increase sales.  

 

 

Solution Option 1 

Federated Payments and MSI Canada offers one of the best Payment Gateway 
programs 
in the industry known as Safepay. To simplify the shopping cart integration 
to our payment gateway, here are some free shopping carts we support:

 

Free Supported Shopping Carts:

 

OsCommerce.com, nopdesign.com, virtuemart.net, zencart.com, precisionweb.net  
 

 

Solution Option 2

Our technicians are equipped to handle any type of shopping cart in the 
marketplace. 
Custom built designs are accepted with additional security compliance testing. 
This means that the majority of shopping carts fall into compliance with our 
payment gateway solution after testing.

 

Simple Process 

·    When an e

Re: which IP+gateway for Freebsd guest VM in VMware workstation

2009-12-28 Thread Nikos Vassiliadis 

On 12/27/2009 2:36 PM, Len Conrad wrote:

Take a look here:
http://www.freebsd.org/doc/en/books/handbook/config-network-setup.html


thanks, I've been setting up FreeBSD for 10 years, and have multimple FreeBSD 
VMs running in several ESXi hosts.


Sorry, I didn't mean to offend you. I just didn't know your experience
with FreeBSD.

[snip]

The physical Ethernet adapter has a fixed public IP.  I have only one public IP from the ISP.  In 
the VMWare Virtual Network Editor, this i/f is listed as VNnet0, Type Bridged, Connected column is 
"-", and Subnet Address is "-"

[snip]

I'd like to stay with bridged.


You have only one IP address from your ISP, you can't use bridged, since
bridged configuration will connect the guest's ethernet to another
physical ethernet and that's all. You'll have to have another IP address
to assign to the guest. Since you don't, you have to use some form of
NAT to share the host's IP with the guest(s).




[snip]

ifconfig shows em0 with .98 and correct broadcast IP, but "status: no carrier"


This is interesting, why a virtual ethernet would report "no carrier"?
It probably indicates a "hardware" problem. Or at least a wrong
combination of FreeBSD driver + VMware virtual hardware version.

Could you boot another version of FreeBSD just to check if the em 
interface finds the ethernet's carrier? Assuming that you are trying

to install 8.0 release, try the latest from the 7 branch...

I recall that there were some problems with FreeBSD-8.0-CURRENT 
regarding em network interfaces a few months ago, but I never saw them

myself and I was a heavy user of VMware workstation the months before
8.0 release.

[snip]

I'd like to be able to ssh/ftp into the FreeBSD VM from Internet, so I'd prefer 
to stay away from DHCP for the FreeBSD VM networking.


I am not really sure if you can achieve this, without a second IP
address from your ISP. Can VMware workstation do any other form
of NAT besides translating the host's IP to the guest's IP???

Anyway, investigate a bit more on the "no carrier" problem and
post back to the list. Perhaps, another list that's a good candidate
for such questions is:
http://lists.freebsd.org/mailman/listinfo/freebsd-emulation
Though it mainly is for solutions running *on* FreeBSD, guys and girls
there, tend to be knowledgeable about solutions running on *something*
and having FreeBSD as a guest OS.

HTH, Nikos
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: which IP+gateway for Freebsd guest VM in VMware workstation

2009-12-27 Thread Len Conrad 

>>VMWare has lots of info how to set up the (Windows XP) VMWare Workstation 
>>networking side, but not much on setting up networking in the guest OS.
>>
>>I've tried NAT and bridging, no DHCP, and can't ping anything except the 
>>localhost IPs.
>>
>>XP ipconfig shows the fixed IP, plus 2 192.168.c.d IPs from VMnet1 and VMnet8.
>>
>>I'm sure this is really simple, but my experimentation has come up with zilch.
>
>Take a look here:
>http://www.freebsd.org/doc/en/books/handbook/config-network-setup.html

thanks, I've been setting up FreeBSD for 10 years, and have multimple FreeBSD 
VMs running in several ESXi hosts.

>The guest OS will have an em0 interface

it does.

> which is connected to
>a host interface VMnet1, VMnet8 or similar.

XP ipconfig shows:

Ethernet adapter VMware Network Adapter VMnet8:

Connection-specific DNS Suffix  . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for 
VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.219.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :

Ethernet adapter VMware Network Adapter VMnet1:

Connection-specific DNS Suffix  . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for 
VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.198.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :

The physical Ethernet adapter has a fixed public IP.  I have only one public IP 
from the ISP.  In the VMWare Virtual Network Editor, this i/f is listed as 
VNnet0, Type Bridged, Connected column is "-", and Subnet Address is "-"


> Actually the guest's
>networking configuration is simpler than the host's one.

yeah, right! :)  It's too simple for me. 


> You should
>configure the em interface with an appropriate IP address:
>1) Bridging: WinXP fixed IP and FreeBSD fixed IP
>for example, WinXP 192.168.10.100 and FreeBSD 192.168.10.101

I'd like to stay with bridged.

the XP fixed ip is a.b.c.99, and I set the em0 to a.b.c.98.
/etc/rc.d/netif restart
/etc/rc.d/routing restart

ifconfig shows em0 with .98 and correct broadcast IP, but "status: no carrier"


>2) host to host: WinXP 192.168.c.d and FreeBSD 192.168.c.x
>for example, WinXP 192.168.20.100 and FreeBSD 192.168.20.101
>
>3) NAT: WinXP 192.168.e.d and FreeBSD 192.168.e.x
>for example, WinXP 192.168.30.100 and FreeBSD 192.168.30.101

Just to get something going, I have tried NAT:

from xp ipfconfig above:

xp @ 192.168.219.1

the VMWare Virtual Network Editor shows the NAT network with gateway 
192.168.219.2, so I put that in /etc/rc.conf, and set the FreeBSD rc.conf IP to 
192.168.219.3.

/etc/rc.d/netif restart
/etc/rc.d/routing restart

and always get "status: no carrier"

xp can ping itself at  192.168.219.1, but can't ping .2 or .3

FreeBSD VM can't ping anything but itself.

>Keep in mind that using DHCP is much more easy as you don't have to
>search for the appropriate address yourself, the VMware's DHCP server
>will offer it. Using DHCP from the FreeBSD side is as easy as typing
>"dhclient em0".

I'd like to be able to ssh/ftp into the FreeBSD VM from Internet, so I'd prefer 
to stay away from DHCP for the FreeBSD VM networking.

Len




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: which IP+gateway for Freebsd guest VM in VMware workstation

2009-12-27 Thread Nikos Vassiliadis 

On 12/27/2009 12:10 AM, Len Conrad wrote:


VMWare has lots of info how to set up the (Windows XP) VMWare Workstation 
networking side, but not much on setting up networking in the guest OS.

I've tried NAT and bridging, no DHCP, and can't ping anything except the 
localhost IPs.

XP ipconfig shows the fixed IP, plus 2 192.168.c.d IPs from VMnet1 and VMnet8.

I'm sure this is really simple, but my experimentation has come up with zilch.


Take a look here:
http://www.freebsd.org/doc/en/books/handbook/config-network-setup.html

The guest OS will have an em0 interface which is connected to
a host interface VMnet1, VMnet8 or similar. Actually the guest's
networking configuration is simpler than the host's one. You should
configure the em interface with an appropriate IP address:
1) Bridging: WinXP fixed IP and FreeBSD fixed IP
for example, WinXP 192.168.10.100 and FreeBSD 192.168.10.101

2) host to host: WinXP 192.168.c.d and FreeBSD 192.168.c.x
for example, WinXP 192.168.20.100 and FreeBSD 192.168.20.101

3) NAT: WinXP 192.168.e.d and FreeBSD 192.168.e.x
for example, WinXP 192.168.30.100 and FreeBSD 192.168.30.101

Keep in mind that using DHCP is much more easy as you don't have to
search for the appropriate address yourself, the VMware's DHCP server
will offer it. Using DHCP from the FreeBSD side is as easy as typing
"dhclient em0".

HTH, Nikos
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

which IP+gateway for Freebsd guest VM in VMware workstation

2009-12-26 Thread Len Conrad 

VMWare has lots of info how to set up the (Windows XP) VMWare Workstation 
networking side, but not much on setting up networking in the guest OS.

I've tried NAT and bridging, no DHCP, and can't ping anything except the 
localhost IPs.   

XP ipconfig shows the fixed IP, plus 2 192.168.c.d IPs from VMnet1 and VMnet8.  

I'm sure this is really simple, but my experimentation has come up with zilch.

Len



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: antivirus gateway

2009-08-25 Thread Chris 


On Aug 23, 2009, at 1:47 PM, Yavuz Maşlak wrote:


Hello

I wish to use freebsd7.2 as an antivirus gateway.

is there any document about that?
Could you give an advice ?



snort_inline with if_bridge provides a bit of this functionality.
You drop all incoming off at a socket which you have snort
listening on. It's then logged and reinserted if it passes the
rules that snort.org provides. You can decide if you want
to drop the traffic or not, by default it's just logged. I don't
use it to catch viruses so I don't watch how effective it is.
For me it's a filtering mechanism to match custom rules.

There is a document that can be googled on the net
concerning this. It shows most of the config but says you
can't use it with if_bridge which you can. I don't have a 7.2
instance but it works well on 7.0. Even with horrendous
amounts of traffic it seems to remain reliable.

From memory (may be inaccurate), if you want to filter
bi-directionally, you have to run two instances on different
sockets with two different IPFW rules, one for each interface.

I only have experience using this with IPFW.


Thanks
Bu elektronik posta ve varsa ekleri tamamen gizli ve gönderilen  
kişiler listesine özeldir. Eğer adınız gönderilen kişiler  
listesinde yer almıyorsa, lütfen derhal gönderen kişiyi  
bilgilendiriniz ve içeriğini herhangi başka bir kişiye  
iletmeyiniz, herhangi bir amaç için kullanmayınız, sayısal ve  
basılı ortamlar dahil olmak üzere saklamayınız ve  
kopyalamayınız.



This e-mail and attachments, if any, may contain confidential and/or  
proprietary information. Please be advised that the unauthorized use  
or disclosure of the information is strictly prohibited. If you are  
not the intended recipient, please notify the sender immediately by  
reply e-mail and delete all copies of this message and attachments.  
Thank you.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org 
"




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: antivirus gateway

2009-08-23 Thread Odhiambo ワシントン 
2009/8/23 Yavuz Maşlak 

> Hello
>
> I wish to use freebsd7.2 as an antivirus gateway.


What is an antivirus gateway?

Perhaps you need to filter e-mail viruses before the e-mail goes to the
delivery server?
Please try and make us understand what your situation is and what you want
to do/achieve.



-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"If you have nothing good to say about someone, just shut up!."
  -- Lucky Dube
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

antivirus gateway

2009-08-23 Thread Yavuz Maşlak 

Hello

I wish to use freebsd7.2 as an antivirus gateway.

is there any document about that?
Could you give an advice ?

Thanks
Bu elektronik posta ve varsa ekleri tamamen gizli ve gönderilen kişiler 
listesine özeldir. Eğer adınız gönderilen kişiler listesinde yer almıyorsa, 
lütfen derhal gönderen kişiyi bilgilendiriniz ve içeriğini herhangi başka bir 
kişiye iletmeyiniz, herhangi bir amaç için kullanmayınız, sayısal ve basılı 
ortamlar dahil olmak üzere saklamayınız ve kopyalamayınız.


This e-mail and attachments, if any, may contain confidential and/or 
proprietary information. Please be advised that the unauthorized use or 
disclosure of the information is strictly prohibited. If you are not the 
intended recipient, please notify the sender immediately by reply e-mail and 
delete all copies of this message and attachments. Thank you.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Gateway load balance

2009-06-18 Thread Wojciech Puchar 


use ipfw and fwd command.

for example with output section

add 1 fwd gw1_IP from DSL1_subnet to any via gw1_ethernet
add 10001 fwd gw2_IP from DSL2_subnet to any via gw2_ethernet
add 10002 fwd gw3_IP from DSL3_subnet to any via gw3_ethernet


for my scenario I asume gwX_IP the IP address of my dsl gateways. What would 
be DSLX_subnet and gwX_ethernet?


sorry i thought you are not doing nat in gateways. if you do and cat 
change it - change it, but it's not a requirement.


replace DSL1_subnet with DSL1_outgoing address etc., if all 
gateways are connected by switch replace gw*_ethernet with the same.


you must start with different outgoing addresses (simple in squid) for 
each gateway.



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Gateway load balance

2009-06-18 Thread Raul I. Becette 


I had a proxy server (Squid + Dansguardian) under Slackware on the 
LAN which, via 'ip route' I make it use 3 gateways connected each one 
to an ADSL line and balance the requests.
Unfortunately my server crashed and I took the oportunity to install 
a new one under FreeBSD 7.0-RELEASE. Squid and Dansguardian are 
working fine. My problem is that I don't know how to make the server 
use the other 2 gateways I have left and balance the requests on all 
ADSL lines.



use ipfw and fwd command.

for example with output section

add 1 fwd gw1_IP from DSL1_subnet to any via gw1_ethernet
add 10001 fwd gw2_IP from DSL2_subnet to any via gw2_ethernet
add 10002 fwd gw3_IP from DSL3_subnet to any via gw3_ethernet


for my scenario I asume gwX_IP the IP address of my dsl gateways. What 
would be DSLX_subnet and gwX_ethernet?
The proxy has only 1 NIC. Just to be sure: gateway_enable="YES" must be 
set in /rtc.rc.conf and the kernel must be recompiled with ip forwarding 
capabilities?





please do treat above as an example of course.

Of course use right squid commands so it will select right source IP 
based on the rules you want, but as you already did id under linux i 
assume you have this practiced already.


Under Linux I didn't used squid commands to do the balancing. Only 
defining the 3 gateways with ip route command.

Is it possible to do the same with ipfw as you mentioned above?




i had 5+2 Polish Telecom links connected to one server - worked fine.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to 
"freebsd-questions-unsubscr...@freebsd.org"





___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Gateway load balance

2009-06-18 Thread Gelsema, P (Patrick) 
On Thu, June 18, 2009 15:16, Raul I. Becette wrote:
> Gary Gatten escribió:
>> Adding 2 more default routes with same weight to each dsl line won't
>> work?
>>
> I have another problem which I realized just now.
> I configured via rc.conf the ip and netmask below but when I do ifconfig
> the netmask appears as /24
>
> calamardo# cat /etc/rc.conf | grep ifconfig
> ifconfig_nfe0="192.168.10.9 255.255.0.0"

If I am not mistaken, it should be
ifconfig_nfe0="192.168.10.9 netmask 255.255.0.0" or
ifconfig_nfe0="192.168.10.9/16"

see #man rc.conf

> calamardo# ifconfig nfe0
> nfe0: flags=8843 metric 0 mtu 1500
> options=8
> ether 00:1d:60:7e:38:7e
> inet 192.168.10.9 netmask 0xff00 broadcast 255.255.0.0
> media: Ethernet autoselect (100baseTX )
> status: active
>
> This makes impossible to use 192.168.30.100 and 192.168.30.1 since they
> are on different networks and are unreachable (according to ifconfig).
>
>
> - Original Message -
>> From: owner-freebsd-questi...@freebsd.org
>> 
>> To: FreeBSD Users 
>> Sent: Wed Jun 17 12:18:07 2009
>> Subject: Gateway load balance
>>
>> Hi all
>>
>> First time posting.
>>
>> I am a long time Linux user (desktop and server) and started with
>> FreeBSD a year ago.
>> Thanks to the book Absolute FreeBSD 2nd Edition I learned a lot about
>> the OS and how to configure different services I used in Linux
>> (Slackware).
>>
>> My post is regarding something I couldn't find information on how to
>> implement it. Here's the situation:
>>
>> I had a proxy server (Squid + Dansguardian) under Slackware on the LAN
>> which, via 'ip route' I make it use 3 gateways connected each one to an
>> ADSL line and balance the requests.
>> Unfortunately my server crashed and I took the oportunity to install a
>> new one under FreeBSD 7.0-RELEASE. Squid and Dansguardian are working
>> fine. My problem is that I don't know how to make the server use the
>> other 2 gateways I have left and balance the requests on all ADSL lines.
>>
>> 192.168.10.9/16  proxy
>> 192.168.10.2/16  1st gateway (1 NIC to LAN - 2 NIC
>> to ADSL modem)
>> 192.168.30.100/16 2nd gateway
>> 192.168.30.1/16  3rd gateway
>>
>> I found it could be done with PF (also read most of The Book of PF) but
>> I am quite lost about how to do it.
>>
>> Any information would be greatly appreciated.
>>
>> Thanks in advance
>>
>> Raúl I. Becette
>> ___
>> freebsd-questions@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to
>> "freebsd-questions-unsubscr...@freebsd.org"
>>
>>
>>
>>
>>
>> 
>> 
>> 
>> "This email is intended to be reviewed by only the intended recipient
>>  and may contain information that is privileged and/or confidential.
>>  If you are not the intended recipient, you are hereby notified that
>>  any review, use, dissemination, disclosure or copying of this email
>>  and its attachments, if any, is strictly prohibited.  If you have
>>  received this email in error, please immediately notify the sender by
>>  return email and delete this email from your system."
>> 
>>
>>
>> 
>>
>> ___
>> freebsd-questions@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to
>> "freebsd-questions-unsubscr...@freebsd.org"
>
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscr...@freebsd.org"
>

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Gateway load balance

2009-06-18 Thread Nikos Vassiliadis 

Raul I. Becette wrote:

ifconfig_nfe0="192.168.10.9 255.255.0.0"


If I recall correctly the correct syntax would be:
ifconfig_nfe0="192.168.10.9 netmask 255.255.0.0"
or (the syntax I prefer)
ifconfig_nfe0="192.168.10.9/16"

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Gateway load balance

2009-06-18 Thread Raul I. Becette 

Nikos Vassiliadis escribió:

Raul I. Becette wrote:

ifconfig_nfe0="192.168.10.9 255.255.0.0"


If I recall correctly the correct syntax would be:
ifconfig_nfe0="192.168.10.9 netmask 255.255.0.0"
or (the syntax I prefer)
ifconfig_nfe0="192.168.10.9/16"




Yes. that was the problem. Forgot the "netmask" part
I forgot the basics of ifconfig command... =o)

Thanks

Raúl
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Gateway load balance

2009-06-18 Thread Raul I. Becette 

Wojciech Puchar escribio':


I am a long time Linux user (desktop and server) and started with 
FreeBSD a year ago.
Thanks to the book Absolute FreeBSD 2nd Edition I learned a lot about 
the OS and how to configure different services I used in Linux 
(Slackware).


very rare case today - someone that read books FIRST :)))

We always said that when everything fails, go to the books =o)
Like I said previously... a lot of idle time in my former job.






I had a proxy server (Squid + Dansguardian) under Slackware on the 
LAN which, via 'ip route' I make it use 3 gateways connected each one 
to an ADSL line and balance the requests.
Unfortunately my server crashed and I took the oportunity to install 
a new one under FreeBSD 7.0-RELEASE. Squid and Dansguardian are 
working fine. My problem is that I don't know how to make the server 
use the other 2 gateways I have left and balance the requests on all 
ADSL lines.



use ipfw and fwd command.
for example with output section

add 1 fwd gw1_IP from DSL1_subnet to any via gw1_ethernet
add 10001 fwd gw2_IP from DSL2_subnet to any via gw2_ethernet
add 10002 fwd gw3_IP from DSL3_subnet to any via gw3_ethernet

please do treat above as an example of course.

Of course... more reading to do about ipfw


Of course use right squid commands so it will select right source IP 
based on the rules you want, but as you already did id under linux i 
assume you have this practiced already.
Last configurarion was a transparent proxy with request coming from the 
firewall LAN interface (actual LAN gateway). It is working that way now 
and I intend to take it away and make the proxy the default gateway of 
the LAN and do the balance..


i had 5+2 Polish Telecom links connected to one server - worked fine.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to 
"freebsd-questions-unsubscr...@freebsd.org"






___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Gateway load balance

2009-06-18 Thread Raul I. Becette 

Gary Gatten escribió:

Adding 2 more default routes with same weight to each dsl line won't work?
  

I have another problem which I realized just now.
I configured via rc.conf the ip and netmask below but when I do ifconfig 
the netmask appears as /24


calamardo# cat /etc/rc.conf | grep ifconfig
ifconfig_nfe0="192.168.10.9 255.255.0.0"
calamardo# ifconfig nfe0
nfe0: flags=8843 metric 0 mtu 1500
   options=8
   ether 00:1d:60:7e:38:7e
   inet 192.168.10.9 netmask 0xff00 broadcast 255.255.0.0
   media: Ethernet autoselect (100baseTX )
   status: active

This makes impossible to use 192.168.30.100 and 192.168.30.1 since they 
are on different networks and are unreachable (according to ifconfig).



- Original Message -

From: owner-freebsd-questi...@freebsd.org 
To: FreeBSD Users 
Sent: Wed Jun 17 12:18:07 2009
Subject: Gateway load balance

Hi all

First time posting.

I am a long time Linux user (desktop and server) and started with 
FreeBSD a year ago.
Thanks to the book Absolute FreeBSD 2nd Edition I learned a lot about 
the OS and how to configure different services I used in Linux (Slackware).


My post is regarding something I couldn't find information on how to 
implement it. Here's the situation:


I had a proxy server (Squid + Dansguardian) under Slackware on the LAN 
which, via 'ip route' I make it use 3 gateways connected each one to an 
ADSL line and balance the requests.
Unfortunately my server crashed and I took the oportunity to install a 
new one under FreeBSD 7.0-RELEASE. Squid and Dansguardian are working 
fine. My problem is that I don't know how to make the server use the 
other 2 gateways I have left and balance the requests on all ADSL lines.


192.168.10.9/16  proxy
192.168.10.2/16  1st gateway (1 NIC to LAN - 2 NIC 
to ADSL modem)

192.168.30.100/16 2nd gateway
192.168.30.1/16  3rd gateway

I found it could be done with PF (also read most of The Book of PF) but 
I am quite lost about how to do it.


Any information would be greatly appreciated.

Thanks in advance

Raúl I. Becette
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"








"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."


  



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Gateway load balance

2009-06-18 Thread Raul I. Becette 

Gary Gatten escribió:

PS: kudos for actually reading all that stuff!
  

A lot of time free in my former user support job...

- Original Message -
From: owner-freebsd-questi...@freebsd.org 
To: FreeBSD Users 
Sent: Wed Jun 17 12:18:07 2009
Subject: Gateway load balance

Hi all

First time posting.

I am a long time Linux user (desktop and server) and started with 
FreeBSD a year ago.
Thanks to the book Absolute FreeBSD 2nd Edition I learned a lot about 
the OS and how to configure different services I used in Linux (Slackware).


My post is regarding something I couldn't find information on how to 
implement it. Here's the situation:


I had a proxy server (Squid + Dansguardian) under Slackware on the LAN 
which, via 'ip route' I make it use 3 gateways connected each one to an 
ADSL line and balance the requests.
Unfortunately my server crashed and I took the oportunity to install a 
new one under FreeBSD 7.0-RELEASE. Squid and Dansguardian are working 
fine. My problem is that I don't know how to make the server use the 
other 2 gateways I have left and balance the requests on all ADSL lines.


192.168.10.9/16  proxy
192.168.10.2/16      1st gateway (1 NIC to LAN - 2 NIC 
to ADSL modem)

192.168.30.100/16     2nd gateway
192.168.30.1/16      3rd gateway

I found it could be done with PF (also read most of The Book of PF) but 
I am quite lost about how to do it.


Any information would be greatly appreciated.

Thanks in advance

Raúl I. Becette
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"








"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."


  



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Gateway load balance

2009-06-18 Thread Wojciech Puchar 

I've not yet had the luck with assigning more than one default gateway
in BSD,


simply use ipfw.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Gateway load balance

2009-06-17 Thread Tim Judd 
I've not yet had the luck with assigning more than one default gateway
in BSD, compared to Windows and my crash course with Linux (which my
opinion still stands as it was when I first used it).

See my thread I started earlier..
http://lists.freebsd.org/pipermail/freebsd-questions/2009-May/199653.html

The thread is broken because the replier wrote to me personally for
clarification, after which he sent his answer to the list.


I just recently tried the setfib way, and it still didn't work.  Was
getting errors but I can't recall them at the moment.  So a firewall's
"routing table" that's based on source/destination has to be
redirected.  I've seen the pf firewall do that.


OpenBSD's FAQ on pf (the creator of pf) is very good, consult it if
you have questions.
http://www.openbsd.org/faq/pf


On 6/17/09, Nikos Vassiliadis  wrote:
> Gary Gatten wrote:
>> I meant, the original source flows are nat'd to whatever outbound
>> interface ip they are RRLB to. That way any internal flow can use any isp
>> connection.  Most of my interesting routing, NAT, etc I do with Ci$co so
>> not all that up on BSD's options.
>
> Yes, works with ci$co, doesn't with FreeBSD ;)
>
> You cannot add more than one next hop for any given prefix.
> Well, you can achieve almost the same result, but only with
> the help of a packet filter which can bypass the routing table
> lookup and forward to the next hop of preference. But that's
> hardly the same with ECMP which many vendors support...
>
> Yet, that's about to change. There is ECMP support in 8.0:)
>
>
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Gateway load balance

2009-06-17 Thread Nikos Vassiliadis 

Gary Gatten wrote:

I meant, the original source flows are nat'd to whatever outbound interface ip 
they are RRLB to. That way any internal flow can use any isp connection.  Most 
of my interesting routing, NAT, etc I do with Ci$co so not all that up on BSD's 
options.


Yes, works with ci$co, doesn't with FreeBSD ;)

You cannot add more than one next hop for any given prefix.
Well, you can achieve almost the same result, but only with
the help of a packet filter which can bypass the routing table
lookup and forward to the next hop of preference. But that's
hardly the same with ECMP which many vendors support...

Yet, that's about to change. There is ECMP support in 8.0:)


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Gateway load balance

2009-06-17 Thread Gary Gatten 
I meant, the original source flows are nat'd to whatever outbound interface ip 
they are RRLB to. That way any internal flow can use any isp connection.  Most 
of my interesting routing, NAT, etc I do with Ci$co so not all that up on BSD's 
options.

- Original Message -
From: owner-freebsd-questi...@freebsd.org 
To: Gary Gatten
Cc: freebsd-questions@freebsd.org ; 
raulbece...@unp.edu.ar 
Sent: Wed Jun 17 13:13:59 2009
Subject: Re: Gateway load balance

> Adding 2 more default routes with same weight to each dsl line won't work?

No, because you have to route things beginning from connection 1 subnet 
through connection 1, connection 2 subnet through connection 2 etc.

Your idea will result in routing all outgoing traffic randomly through 3 
lines. At least with polish telecom it will not work. If you have 
connection with say 12.34.56.72/29 subnet, you have to send packets from 
that subnet.

And that's proper behaviour, as it blocks spoofing.

>
> - Original Message -
> From: owner-freebsd-questi...@freebsd.org 
> 
> To: FreeBSD Users 
> Sent: Wed Jun 17 12:18:07 2009
> Subject: Gateway load balance
>
> Hi all
>
> First time posting.
>
> I am a long time Linux user (desktop and server) and started with
> FreeBSD a year ago.
> Thanks to the book Absolute FreeBSD 2nd Edition I learned a lot about
> the OS and how to configure different services I used in Linux (Slackware).
>
> My post is regarding something I couldn't find information on how to
> implement it. Here's the situation:
>
> I had a proxy server (Squid + Dansguardian) under Slackware on the LAN
> which, via 'ip route' I make it use 3 gateways connected each one to an
> ADSL line and balance the requests.
> Unfortunately my server crashed and I took the oportunity to install a
> new one under FreeBSD 7.0-RELEASE. Squid and Dansguardian are working
> fine. My problem is that I don't know how to make the server use the
> other 2 gateways I have left and balance the requests on all ADSL lines.
>
> 192.168.10.9/16  proxy
> 192.168.10.2/16  1st gateway (1 NIC to LAN - 2 NIC
> to ADSL modem)
> 192.168.30.100/16 2nd gateway
> 192.168.30.1/16  3rd gateway
>
> I found it could be done with PF (also read most of The Book of PF) but
> I am quite lost about how to do it.
>
> Any information would be greatly appreciated.
>
> Thanks in advance
>
> Raúl I. Becette
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
>
>
>
>
>
> 
> 
> 
> "This email is intended to be reviewed by only the intended recipient
> and may contain information that is privileged and/or confidential.
> If you are not the intended recipient, you are hereby notified that
> any review, use, dissemination, disclosure or copying of this email
> and its attachments, if any, is strictly prohibited.  If you have
> received this email in error, please immediately notify the sender by
> return email and delete this email from your system."
> 








"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Gateway load balance

2009-06-17 Thread Wojciech Puchar 

Adding 2 more default routes with same weight to each dsl line won't work?


No, because you have to route things beginning from connection 1 subnet 
through connection 1, connection 2 subnet through connection 2 etc.


Your idea will result in routing all outgoing traffic randomly through 3 
lines. At least with polish telecom it will not work. If you have 
connection with say 12.34.56.72/29 subnet, you have to send packets from 
that subnet.


And that's proper behaviour, as it blocks spoofing.



- Original Message -
From: owner-freebsd-questi...@freebsd.org 
To: FreeBSD Users 
Sent: Wed Jun 17 12:18:07 2009
Subject: Gateway load balance

Hi all

First time posting.

I am a long time Linux user (desktop and server) and started with
FreeBSD a year ago.
Thanks to the book Absolute FreeBSD 2nd Edition I learned a lot about
the OS and how to configure different services I used in Linux (Slackware).

My post is regarding something I couldn't find information on how to
implement it. Here's the situation:

I had a proxy server (Squid + Dansguardian) under Slackware on the LAN
which, via 'ip route' I make it use 3 gateways connected each one to an
ADSL line and balance the requests.
Unfortunately my server crashed and I took the oportunity to install a
new one under FreeBSD 7.0-RELEASE. Squid and Dansguardian are working
fine. My problem is that I don't know how to make the server use the
other 2 gateways I have left and balance the requests on all ADSL lines.

192.168.10.9/16  proxy
192.168.10.2/16  1st gateway (1 NIC to LAN - 2 NIC
to ADSL modem)
192.168.30.100/16 2nd gateway
192.168.30.1/16  3rd gateway

I found it could be done with PF (also read most of The Book of PF) but
I am quite lost about how to do it.

Any information would be greatly appreciated.

Thanks in advance

Raúl I. Becette
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"








"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited.  If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Gateway load balance

2009-06-17 Thread Wojciech Puchar 


I am a long time Linux user (desktop and server) and started with FreeBSD a 
year ago.
Thanks to the book Absolute FreeBSD 2nd Edition I learned a lot about the OS 
and how to configure different services I used in Linux (Slackware).


very rare case today - someone that read books FIRST :)))



I had a proxy server (Squid + Dansguardian) under Slackware on the LAN which, 
via 'ip route' I make it use 3 gateways connected each one to an ADSL line 
and balance the requests.
Unfortunately my server crashed and I took the oportunity to install a new 
one under FreeBSD 7.0-RELEASE. Squid and Dansguardian are working fine. My 
problem is that I don't know how to make the server use the other 2 gateways 
I have left and balance the requests on all ADSL lines.



use ipfw and fwd command.

for example with output section

add 1 fwd gw1_IP from DSL1_subnet to any via gw1_ethernet
add 10001 fwd gw2_IP from DSL2_subnet to any via gw2_ethernet
add 10002 fwd gw3_IP from DSL3_subnet to any via gw3_ethernet

please do treat above as an example of course.

Of course use right squid commands so it will select right source IP based 
on the rules you want, but as you already did id under linux i assume you 
have this practiced already.


i had 5+2 Polish Telecom links connected to one server - worked fine.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Gateway load balance

2009-06-17 Thread Gary Gatten 
PS: kudos for actually reading all that stuff!

- Original Message -
From: owner-freebsd-questi...@freebsd.org 
To: FreeBSD Users 
Sent: Wed Jun 17 12:18:07 2009
Subject: Gateway load balance

Hi all

First time posting.

I am a long time Linux user (desktop and server) and started with 
FreeBSD a year ago.
Thanks to the book Absolute FreeBSD 2nd Edition I learned a lot about 
the OS and how to configure different services I used in Linux (Slackware).

My post is regarding something I couldn't find information on how to 
implement it. Here's the situation:

I had a proxy server (Squid + Dansguardian) under Slackware on the LAN 
which, via 'ip route' I make it use 3 gateways connected each one to an 
ADSL line and balance the requests.
Unfortunately my server crashed and I took the oportunity to install a 
new one under FreeBSD 7.0-RELEASE. Squid and Dansguardian are working 
fine. My problem is that I don't know how to make the server use the 
other 2 gateways I have left and balance the requests on all ADSL lines.

192.168.10.9/16  proxy
192.168.10.2/16      1st gateway (1 NIC to LAN - 2 NIC 
to ADSL modem)
192.168.30.100/16     2nd gateway
192.168.30.1/16      3rd gateway

I found it could be done with PF (also read most of The Book of PF) but 
I am quite lost about how to do it.

Any information would be greatly appreciated.

Thanks in advance

Raúl I. Becette
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"








"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Gateway load balance

2009-06-17 Thread Gary Gatten 
Adding 2 more default routes with same weight to each dsl line won't work?

- Original Message -
From: owner-freebsd-questi...@freebsd.org 
To: FreeBSD Users 
Sent: Wed Jun 17 12:18:07 2009
Subject: Gateway load balance

Hi all

First time posting.

I am a long time Linux user (desktop and server) and started with 
FreeBSD a year ago.
Thanks to the book Absolute FreeBSD 2nd Edition I learned a lot about 
the OS and how to configure different services I used in Linux (Slackware).

My post is regarding something I couldn't find information on how to 
implement it. Here's the situation:

I had a proxy server (Squid + Dansguardian) under Slackware on the LAN 
which, via 'ip route' I make it use 3 gateways connected each one to an 
ADSL line and balance the requests.
Unfortunately my server crashed and I took the oportunity to install a 
new one under FreeBSD 7.0-RELEASE. Squid and Dansguardian are working 
fine. My problem is that I don't know how to make the server use the 
other 2 gateways I have left and balance the requests on all ADSL lines.

192.168.10.9/16  proxy
192.168.10.2/16      1st gateway (1 NIC to LAN - 2 NIC 
to ADSL modem)
192.168.30.100/16 2nd gateway
192.168.30.1/16      3rd gateway

I found it could be done with PF (also read most of The Book of PF) but 
I am quite lost about how to do it.

Any information would be greatly appreciated.

Thanks in advance

Raúl I. Becette
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"








"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Gateway load balance

2009-06-17 Thread Raul I. Becette 

Hi all

First time posting.

I am a long time Linux user (desktop and server) and started with 
FreeBSD a year ago.
Thanks to the book Absolute FreeBSD 2nd Edition I learned a lot about 
the OS and how to configure different services I used in Linux (Slackware).


My post is regarding something I couldn't find information on how to 
implement it. Here's the situation:


I had a proxy server (Squid + Dansguardian) under Slackware on the LAN 
which, via 'ip route' I make it use 3 gateways connected each one to an 
ADSL line and balance the requests.
Unfortunately my server crashed and I took the oportunity to install a 
new one under FreeBSD 7.0-RELEASE. Squid and Dansguardian are working 
fine. My problem is that I don't know how to make the server use the 
other 2 gateways I have left and balance the requests on all ADSL lines.


192.168.10.9/16  proxy
192.168.10.2/16      1st gateway (1 NIC to LAN - 2 NIC 
to ADSL modem)

192.168.30.100/16     2nd gateway
192.168.30.1/16      3rd gateway

I found it could be done with PF (also read most of The Book of PF) but 
I am quite lost about how to do it.


Any information would be greatly appreciated.

Thanks in advance

Raúl I. Becette
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: general question about setting up gateway

2008-12-20 Thread Roger Olofsson 



Richard Yang skrev:

hi,
i am trying to use freebsd as my home network gateway to the internet.
any good reference i should know besides what's in the handbook?
thanks

rich
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"





No virus found in this incoming message.
Checked by AVG - http://www.avg.com 
Version: 8.0.176 / Virus Database: 270.9.19/1857 - Release Date: 2008-12-19 10:09




Hello Richard,

The first step is really easy - assuming you have a FreeBSD with two 
nics in it - edit /etc/rc.conf and comment out the line that starts with 
'defaultrouter=' and then add a line saying 'gateway_enable="YES".


The second step is a bit more complicated - you will have to decide on a 
firewall and a NAT mechanism. Depending on your choice here you will 
have to do various things to implement it.


The handbook is a good start when chosing firewall  - 
http://www.freebsd.org/doc/en/books/handbook/firewalls.html .


There are alot of other additional information spread out on the 
(w)internet - here's a couple:


ipfilter
http://freebsd.peon.net/tutorials/21/

ipfilter and pf resources
http://www.obfuscation.org/ipf/

pf
http://web.irtnog.org/howtos-orig/freebsd-firewall

I hope this will help you get started.

Greetings
/Roger


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: general question about setting up gateway

2008-12-19 Thread Fbsd1 

Richard Yang wrote:

hi,
i am trying to use freebsd as my home network gateway to the internet.
any good reference i should know besides what's in the handbook?
thanks

rich
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"





The Freebsd Install guide   www.a1poweruser.com


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

general question about setting up gateway

2008-12-19 Thread Richard Yang 
hi,
i am trying to use freebsd as my home network gateway to the internet.
any good reference i should know besides what's in the handbook?
thanks

rich
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: gateway NAT settings lost

2008-09-27 Thread Mel 
On Saturday 27 September 2008 11:56:16 Colin Brace wrote:
> Mel-15 wrote:
> > The obvious a file in /, possibly a core dump.
> > The less obvious, an open but deleted file.
> > Even less obvious, a file in /tmp created in single user mode, without
> > /tmp
> > mounted.
> > My money is on option 2:
> > fstat -f / |sort -rnk 8|head
>
> OK, here is what that returns:
>
> $ sudo fstat -f / |sort -rnk 8|head
> root init   1 text / 16492 -r-xr-xr-x  599320  r
> root devd 618 text / 16467 -r-xr-xr-x  334060  r
> root dhclient1192 text / 16469 -r-xr-xr-x   74172  r
> _dhcpdhclient1231 text / 16469 -r-xr-xr-x   74172  r
> root fstat  787685 / 49687 -rw---   40960  r
> root pflogd   478 text / 16527 -r-xr-xr-x   18716  r
> _pflogd  pflogd   481 text / 16527 -r-xr-xr-x   18716  r
> root adjkerntz136 text / 16457 -r-xr-xr-x7244  r
> www  php-cgi69281 root / 2 drwxr-xr-x 512  r
> www  php-cgi 1122 root / 2 drwxr-xr-x 512  r
>
> Do you see anything that looks unusual?

Nope, and of course not, since it persists over reboot. It must be a directory 
you're not searching, maybe a dot directory.
Best run *in single user mode*, with only / mounted:
cd /
du -h -d1 .

> There is a tutorial here
> .php> which explains how to do this using dump and restore. Just curious:
> why is this preferable to using plain old cp?

Because cp:
- will copy foo/bar to dest/oops/bar if dest/foo is a symlink to dest/oops.
- does not copy hard links, but both 'files'
- cannot make consistent snapshots of a partition
-- 
Mel

Problem with today's modular software: they start with the modules
and never get to the software part.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: gateway NAT settings lost

2008-09-27 Thread Colin Brace 


Mel-15 wrote:
> 
> The obvious a file in /, possibly a core dump.
> The less obvious, an open but deleted file.
> Even less obvious, a file in /tmp created in single user mode, without
> /tmp 
> mounted. 
> My money is on option 2:
> fstat -f / |sort -rnk 8|head
> 

OK, here is what that returns:

$ sudo fstat -f / |sort -rnk 8|head
root init   1 text / 16492 -r-xr-xr-x  599320  r
root devd 618 text / 16467 -r-xr-xr-x  334060  r
root dhclient1192 text / 16469 -r-xr-xr-x   74172  r
_dhcpdhclient1231 text / 16469 -r-xr-xr-x   74172  r
root fstat  787685 / 49687 -rw---   40960  r
root pflogd   478 text / 16527 -r-xr-xr-x   18716  r
_pflogd  pflogd   481 text / 16527 -r-xr-xr-x   18716  r
root adjkerntz136 text / 16457 -r-xr-xr-x7244  r
www  php-cgi69281 root / 2 drwxr-xr-x 512  r
www  php-cgi 1122 root / 2 drwxr-xr-x 512  r

Do you see anything that looks unusual?

I also ran: 

$ sudo find / -iname "*.core"

and it turned up a few .core files, but nothing in the root tree.

At this point, I am thinking I might as well move the OS to an drive with
bigger partitions. There is a tutorial here
<http://www.tutorialhero.com/click-42879-moving_freebsd_to_a_new_hard_drive.php>
which explains how to do this using dump and restore. Just curious: why is
this preferable to using plain old cp?



-
  Colin Brace
  Amsterdam
  http://lim.nl
-- 
View this message in context: 
http://www.nabble.com/gateway-NAT-settings-lost-tp19685563p19701345.html
Sent from the freebsd-questions mailing list archive at Nabble.com.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: gateway NAT settings lost

2008-09-26 Thread Mel 
On Friday 26 September 2008 15:14:21 Colin Brace wrote:
> Thanks Mel,  "gateway_enable" was what I was missing.

You're very welcome.


> For totals:
>
> $ sudo du -hc -depth=1 boot cdrom home lib libexec rescue sbin bin
> compat dist etc lib proc root
>  91Mboot
> 2.0Kcdrom
>   0Bhome
> 5.4Mlib
> 170Klibexec
> 3.6Mrescue
> 5.0Msbin
> 986Kbin
>   0Bcompat
> 2.0Kdist
> 2.1Metc
> 5.4Mlib
> 2.0Kproc
>  52Kroot
> 114Mtotal
>
> It looks as though there is 375MB "hidden" somewhere... but where?

The obvious a file in /, possibly a core dump.
The less obvious, an open but deleted file.
Even less obvious, a file in /tmp created in single user mode, without /tmp 
mounted.

My money is on option 2:
fstat -f / |sort -rnk 8|head

will show you the largest open files on the root partition.

-- 
Mel

Problem with today's modular software: they start with the modules
and never get to the software part.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: gateway NAT settings lost

2008-09-26 Thread Colin Brace 

Thanks Mel,  "gateway_enable" was what I was missing.

I usually use sudo for eding system files, but in this particular 
instant I was lazy and had set the permissions so I could edit rc.conf 
without it. :(


As I mentioned, I got into this fix because my root partition is full. 
This is how my 30G drive is partitioned:


$df -h

/dev/ad0s1a496M493M-37M   108%/
devfs  1.0K1.0K  0B   100%/dev
/dev/ad0s1e496M3.2M453M 1%/tmp
/dev/ad0s1f 24G6.1G 16G28%/usr
/dev/ad0s1d1.4G659M690M49%/var
fdescfs1.0K1.0K  0B   100%/dev/fd

But for the life of me, I can't figure out what is taking up all the 
space on root. See:


$ sudo du -hs boot cdrom home lib libexec rescue sbin bin compat dist 
etc lib proc root

91Mboot
2.0Kcdrom
 0Bhome
5.4Mlib
170Klibexec
3.6Mrescue
5.0Msbin
986Kbin
 0Bcompat
2.0Kdist
2.1Metc
5.4Mlib
2.0Kproc
52Kroot

For totals:

$ sudo du -hc -depth=1 boot cdrom home lib libexec rescue sbin bin 
compat dist etc lib proc root

91Mboot
2.0Kcdrom
 0Bhome
5.4Mlib
170Klibexec
3.6Mrescue
5.0Msbin
986Kbin
 0Bcompat
2.0Kdist
2.1Metc
5.4Mlib
2.0Kproc
52Kroot
114Mtotal

It looks as though there is 375MB "hidden" somewhere... but where?

--
 Colin Brace
 Amsterdam
 http://www.lim.nl

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: gateway NAT settings lost

2008-09-26 Thread Mel 
On Friday 26 September 2008 11:41:41 Colin Brace wrote:

> I recently ran out of diskspace on the root partition of my FreeBSD 7 box,
> which serves as a home server/gateway. As a result, when I went to edit my
> rc.conf file with nano earlier this moth, it couldn't save the changes and
> the file was written zero-length. Alas, my nightly backup subsequently
> archived this, and I've now lost the original.

This is one reason I use sudoedit for configuration files, even if I'm su'd to 
root. Also, incremental backups are a good thing.


> Here is my rc.conf now:
>
> check_quotas="NO"
> cron_enable="YES"
> hostname="venus"
> inetd_enable="NO"
> linux_enable="YES"
> moused_enable="YES"
> sshd_enable="YES"
> usbd_enable="YES"
> lighttpd_enable="YES"
> postfix_enable="YES"
> sendmail_enable="NO"
> sendmail_submit_enable="NO"
> sendmail_outbound_enable="NO"
> sendmail_msp_queue_enable="NO"
> dovecot_enable="YES"
> rpcbind_enable="YES"
> nfs_server_enable="YES"
> mountd_flags="-r"
>
> # WLAN interface
> ifconfig_fxp0="DHCP"
>
> # LAN interface
> ifconfig_rl0="inet 192.168.1.1  netmask 255.255.255.0"
>
> # WIFI interface
> ifconfig_ath0=""
>
> smartd_enable="YES"
> pf_enable="YES"
> pflog_enable="YES"
> dhcpd_enable="YES"
>
> /usr/local/sbin/dnrd -s 208.67.222.222
>
> postgresql_enable="YES"
> obspamd_enable="YES"
> obspamdlog_enable="YES"
> dovecot_enable="YES"
> rsyncd_enable="YES"
> rtadvd_enable="YES"
>
> I am using PF for NAT, and have the following rule:
>
> [...]
> ext_if = "fxp0"
> [...]
> nat on $ext_if from !($ext_if) to any -> ($ext_if)
> [...]
>
> I must be missing something obvious, but what?

gateway_enable="YES" perhaps. Either that or pf is not started, because it 
cannot resolve a hostname in a table.
Setting rc_debug="YES" will show some possibilities.

-- 
Mel

Problem with today's modular software: they start with the modules
and never get to the software part.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

gateway NAT settings lost

2008-09-26 Thread Colin Brace 

Hi all,

I recently ran out of diskspace on the root partition of my FreeBSD 7 box,
which serves as a home server/gateway. As a result, when I went to edit my
rc.conf file with nano earlier this moth, it couldn't save the changes and
the file was written zero-length. Alas, my nightly backup subsequently
archived this, and I've now lost the original. 

I only realized this when I needed to reboot last night. I have now been
trying to rebuild my rc.conf settings from scratch. Most things work again
now, except I still can't access the web from my LAN clients.

1.) I can get a dhcp lease from the server.

2.) DNS works, ie, $ dig cern.ch returns a DNS record

3.) but $ lynx cern.ch doesn't work.

Here is my rc.conf now:

check_quotas="NO"
cron_enable="YES"
hostname="venus"
inetd_enable="NO"
linux_enable="YES"
moused_enable="YES"
sshd_enable="YES"
usbd_enable="YES"
lighttpd_enable="YES"
postfix_enable="YES"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
dovecot_enable="YES"
rpcbind_enable="YES"
nfs_server_enable="YES"
mountd_flags="-r"

# WLAN interface
ifconfig_fxp0="DHCP"

# LAN interface
ifconfig_rl0="inet 192.168.1.1  netmask 255.255.255.0"

# WIFI interface
ifconfig_ath0=""

smartd_enable="YES"
pf_enable="YES"
pflog_enable="YES"
dhcpd_enable="YES"

/usr/local/sbin/dnrd -s 208.67.222.222

postgresql_enable="YES"
obspamd_enable="YES"
obspamdlog_enable="YES"
dovecot_enable="YES"
rsyncd_enable="YES"
rtadvd_enable="YES"

I am using PF for NAT, and have the following rule:

[...]
ext_if = "fxp0"
[...]
nat on $ext_if from !($ext_if) to any -> ($ext_if)
[...]

I must be missing something obvious, but what?

TIA

-- 
  Colin Brace
  Amsterdam
  http://lim.nl

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Best SMTP Gateway Program and Reporting Tools

2008-08-19 Thread CyberLeo Kitsana 
Robby Balona wrote:
> Postfix is also ok but never found a good virtual mail interface for it.

vPostMaster (http://www.tummy.com/Products/vpostmaster/) is a decent
virtual mailbox interface for Postfix, if you can get past the
dual-licensing and linux-centric installer. It's written in Python for
Postgres, with a PHP web-configuration interface, but I've developed a
shim which allows it to run suitably well with MySQL on FreeBSD.

-- 
Fuzzy love,
-CyberLeo
Technical Administrator
CyberLeo.Net Webhosting
http://www.CyberLeo.Net
<[EMAIL PROTECTED]>

Furry Peace! - http://.fur.com/peace/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Best SMTP Gateway Program and Reporting Tools

2008-08-19 Thread John Almberg 


On Aug 19, 2008, at 8:44 AM, Robby Balona wrote:


John Almberg wrote:

On Aug 12, 2008, at 4:22 PM, Josh Kidd wrote:

I just wanted to pose this question to the list on people's  
opinions as
to what the best SMTP Gateway program (ie. Sendmail, Postfix,  
etc) is

and what the best log analysis tool for that SMTP program is.


I use qmail. Its touted to be very secure, which was my #1 goal.  
Proving that is above my pay grade, but I can say I have had no  
problems, which is a big improvement over my last server which ran  
Linux and sendmail.


It also logs a lot of information about what it's doing, and has a  
bunch of command line tools to help you analyze it.


-- John

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions- 
[EMAIL PROTECTED]"
I love qmail also.. but didn't do well under heavy smtp load in my  
environment. I put qmail +vpopmail + qmailadmin +clamav+dovecot 
+spamassasin + assap +squirrelmail together.


I have a similar setup, but do black-list filtering with PF that  
eliminates tons of spam at the packet level. I know this probably  
wouldn't work for some servers... if you need to get email from North  
Korea, for instance. But my clients (small US businesses, mainly)  
don't. The difference in server load is significant.


-- John


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Best SMTP Gateway Program and Reporting Tools

2008-08-19 Thread Robby Balona 

Steve Bertrand wrote:

Robby Balona wrote:

I love qmail also.. but didn't do well under heavy smtp load in my 
environment. I put qmail +vpopmail + qmailadmin 
+clamav+dovecot+spamassasin + assap +squirrelmail together. 


I use Qmail on almost all of our SMTP servers. On the ones that only 
house a couple hundred email addresses, your setup works flawlessly in 
our environment.


On the boxes with 10k+ email accounts, I do away with all of the 
filtering stuff, and front-end the Qmail/Vpopmail boxes with third 
party appliances.


From what I can tell, it's the filtering processes that are the 
bottleneck under heavy load. Take them out of the equation and load is 
no longer an issue.


Just my .02.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to 
"[EMAIL PROTECTED]"
Yep you are right , spamassasin's perl munched up processors and created 
havoc .


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Best SMTP Gateway Program and Reporting Tools

2008-08-19 Thread Steve Bertrand 

Robby Balona wrote:

I love qmail also.. but didn't do well under heavy smtp load in my 
environment. I put qmail +vpopmail + qmailadmin 
+clamav+dovecot+spamassasin + assap +squirrelmail together. 


I use Qmail on almost all of our SMTP servers. On the ones that only 
house a couple hundred email addresses, your setup works flawlessly in 
our environment.


On the boxes with 10k+ email accounts, I do away with all of the 
filtering stuff, and front-end the Qmail/Vpopmail boxes with third party 
appliances.


From what I can tell, it's the filtering processes that are the 
bottleneck under heavy load. Take them out of the equation and load is 
no longer an issue.


Just my .02.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Best SMTP Gateway Program and Reporting Tools

2008-08-19 Thread Robby Balona 

John Almberg wrote:

On Aug 12, 2008, at 4:22 PM, Josh Kidd wrote:


I just wanted to pose this question to the list on people's opinions as
to what the best SMTP Gateway program (ie. Sendmail, Postfix, etc) is
and what the best log analysis tool for that SMTP program is.


I use qmail. Its touted to be very secure, which was my #1 goal. 
Proving that is above my pay grade, but I can say I have had no 
problems, which is a big improvement over my last server which ran 
Linux and sendmail.


It also logs a lot of information about what it's doing, and has a 
bunch of command line tools to help you analyze it.


-- John

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to 
"[EMAIL PROTECTED]"
I love qmail also.. but didn't do well under heavy smtp load in my 
environment. I put qmail +vpopmail + qmailadmin 
+clamav+dovecot+spamassasin + assap +squirrelmail together. Exim is 
great if you can get past the asinine language of the config file. 
Postfix is also ok but never found a good virtual mail interface for it.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Best SMTP Gateway Program and Reporting Tools

2008-08-19 Thread John Almberg 

On Aug 12, 2008, at 4:22 PM, Josh Kidd wrote:

I just wanted to pose this question to the list on people's  
opinions as

to what the best SMTP Gateway program (ie. Sendmail, Postfix, etc) is
and what the best log analysis tool for that SMTP program is.


I use qmail. Its touted to be very secure, which was my #1 goal.  
Proving that is above my pay grade, but I can say I have had no  
problems, which is a big improvement over my last server which ran  
Linux and sendmail.


It also logs a lot of information about what it's doing, and has a  
bunch of command line tools to help you analyze it.


-- John

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Best SMTP Gateway Program and Reporting Tools

2008-08-14 Thread Paul Chvostek 
Hi Josh,

On Tue, Aug 12, 2008 at 03:22:55PM -0500, Josh Kidd wrote:
> 
> I just wanted to pose this question to the list on people's opinions as
> to what the best SMTP Gateway program (ie. Sendmail, Postfix, etc) is
> and what the best log analysis tool for that SMTP program is. 

All the advice from other messages stands.  Each package has its
benefits.  Everbody knows and supports sendmail, but it's annoying to
configure.  Postfix is great, easy to configure, and now with "milter"
support can do almost anything that Sendmail can.  Smail and Exim users
swear by their products, and I'm sure they're great (though I've never
used either).  Zmailer scales beautifully, though if you actually have
enough traffic to take advantage of its scaling, you should buy another
five mail servers.

As for the best log analysis tool ... it's not free, but I absolutely
adore Sawmill (http://www.sawmill.net/).  It will support any and all
log formats -- I currently use it with both Sendmail and Postfix logs.

Highly recommended.  And not very expensive.

> is our main requirement is to have a way to view the logs on a web based
> interface that will allow our system administrators when a customer
> complains they didn't receive an email to be able to go into the logs
> and search by date/time and view the activity for that period to
> determine if the mail went through our system or if it was blocked and
> if so why. 

Grep is your friend.  Innovative use of grep, even.  And if you use
sendmail, here's a tool I wrote many many years ago that's had regular
use over the years: http://www.it.ca/~paul/mailqgrep

I haven't yet adapted it to Postfix logs.  Trickier to parse.

> I've heard of and read about a few different programs like SMA and
> Anteater and pflogstats, but I don't know if these will have the
> functionality I need to allow admins to search logs for a specific
> date/time and/or specific phrase/address on a web based interface.

Yup.  The most detailed view of your log data is a direct one that you
can get using grep.  I don't know those other packages, but I do love
Sawmill's web UI.

(Hear that, Greg?  I'm marketing for ya! ;] )

p

-- 
  Paul Chvostek <[EMAIL PROTECTED]>

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Best SMTP Gateway Program and Reporting Tools

2008-08-13 Thread Zbigniew Szalbot 

hi,

Mike M:

If you need to stay with open source, my opinion is that you should
choose an excellent open source MTA (I tend towards Postfix).  Your
requirement for searching the logs is incidental to your main concern
- reliable email delivery.

You can then solve the problem above with some simple scripting
solutions.


Like
$ grep [EMAIL PROTECTED] /var/log/maillog or the like. Really easy, 
especially for admins. I am not one, but even I managed to learn it :)



--
Zbigniew Szalbot
www.LCWords.com


smime.p7s
Description: S/MIME Cryptographic Signature

Re: Best SMTP Gateway Program and Reporting Tools

2008-08-13 Thread Mike M 
On 8/12/2008 at 3:22 PM Josh Kidd wrote:

|I just wanted to pose this question to the list on people's opinions as
|to what the best SMTP Gateway program (ie. Sendmail, Postfix, etc) is
|and what the best log analysis tool for that SMTP program is.
|
|
|
|We are currently using Symantec Mail Security for our  outgoing SMTP
|Gateway but want to employ an open-source solution instead. My problem
|is our main requirement is to have a way to view the logs on a web based
|interface that will allow our system administrators when a customer
|complains they didn't receive an email to be able to go into the logs
|and search by date/time and view the activity for that period to
|determine if the mail went through our system or if it was blocked and
|if so why.
 =

If you need to stay with open source, my opinion is that you should choose an 
excellent open source MTA (I tend towards Postfix).  Your requirement for 
searching the logs is incidental to your main concern - reliable email delivery.

You can then solve the problem above with some simple scripting solutions.

But keep in mind that your first priority is to install a solid MTA.  If you 
don't, then no amount of web-based log file searching will make your life easy.



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Best SMTP Gateway Program and Reporting Tools

2008-08-12 Thread Brie Gordon 
On Tue, Aug 12, 2008 at 9:03 PM, Jeffrey Goldberg <[EMAIL PROTECTED]> wrote:
> On Aug 12, 2008, at 3:22 PM, Josh Kidd wrote:
>
>> I just wanted to pose this question to the list on people's opinions as
>> to what the best SMTP Gateway program (ie. Sendmail, Postfix, etc) [...]
>
> Depending on the nature of the site and needs, my preferences tend to run
> exim, then postfix, then sendmail.  But opinions will vary greatly.  Many
> very smart people for whom I have a great deal of respect do not share my
> particular preferences.
>
>> is and what the best log analysis tool for that SMTP program is.
>
> If I wanted to be a bit unhelpful just to make a point, I would say perl (or
> grep depending on taste).  It depends on needs.
>
>> We are currently using Symantec Mail Security for our  outgoing SMTP
>> Gateway but want to employ an open-source solution instead. My problem
>> is our main requirement is to have a way to view the logs on a web based
>> interface that will allow our system administrators when a customer
>> complains they didn't receive an email to be able to go into the logs
>> and search by date/time and view the activity for that period to
>> determine if the mail went through our system or if it was blocked and
>> if so why.
>
> It should be very easy to roll your own.  I know that exim comes with a
> number of GUI useful monitoring tools, but I don't know if this
> functionality is there.  But I do think that several of the tools come
> close.  They aren't web based, but X11 tools.  Also (if your privacy policy
> allows it) there's a configuration setting for logging subjects.
>
>> I've heard of and read about a few different programs like SMA and
>> Anteater and pflogstats, but I don't know if these will have the
>> functionality I need to allow admins to search logs for a specific
>> date/time and/or specific phrase/address on a web based interface.
>
> Maybe someone has already done this, but it really wouldn't be a difficult
> thing to develop your own tool for doing this.
>
> -j
>
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
>
Hi!

I'm unsure but it sounds like ESVA *might* be worth looking into.

The web interface is really nice and allows you to look for specific
messages and such.
Do you want it to be a FreeBSD solution? (If so, ESVA is CentOS).

Anyway, the URL is http://www.global-domination.org (Seriously.)

HTH.
-- 
Regards,

Brie A. Gordon
A Linux Chica and a BSDiva

http://granite.sru.edu/~bag6849/index.html
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Best SMTP Gateway Program and Reporting Tools

2008-08-12 Thread Jeffrey Goldberg 

On Aug 12, 2008, at 3:22 PM, Josh Kidd wrote:

I just wanted to pose this question to the list on people's opinions  
as
to what the best SMTP Gateway program (ie. Sendmail, Postfix, etc)  
[...]


Depending on the nature of the site and needs, my preferences tend to  
run exim, then postfix, then sendmail.  But opinions will vary  
greatly.  Many very smart people for whom I have a great deal of  
respect do not share my particular preferences.



is and what the best log analysis tool for that SMTP program is.


If I wanted to be a bit unhelpful just to make a point, I would say  
perl (or grep depending on taste).  It depends on needs.



We are currently using Symantec Mail Security for our  outgoing SMTP
Gateway but want to employ an open-source solution instead. My problem
is our main requirement is to have a way to view the logs on a web  
based

interface that will allow our system administrators when a customer
complains they didn't receive an email to be able to go into the logs
and search by date/time and view the activity for that period to
determine if the mail went through our system or if it was blocked and
if so why.


It should be very easy to roll your own.  I know that exim comes with  
a number of GUI useful monitoring tools, but I don't know if this  
functionality is there.  But I do think that several of the tools come  
close.  They aren't web based, but X11 tools.  Also (if your privacy  
policy allows it) there's a configuration setting for logging subjects.



I've heard of and read about a few different programs like SMA and
Anteater and pflogstats, but I don't know if these will have the
functionality I need to allow admins to search logs for a specific
date/time and/or specific phrase/address on a web based interface.


Maybe someone has already done this, but it really wouldn't be a  
difficult thing to develop your own tool for doing this.


-j

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Best SMTP Gateway Program and Reporting Tools

2008-08-12 Thread Derek Ragona 

At 03:22 PM 8/12/2008, Josh Kidd wrote:

I just wanted to pose this question to the list on people's opinions as
to what the best SMTP Gateway program (ie. Sendmail, Postfix, etc) is
and what the best log analysis tool for that SMTP program is.



We are currently using Symantec Mail Security for our  outgoing SMTP
Gateway but want to employ an open-source solution instead. My problem
is our main requirement is to have a way to view the logs on a web based
interface that will allow our system administrators when a customer
complains they didn't receive an email to be able to go into the logs
and search by date/time and view the activity for that period to
determine if the mail went through our system or if it was blocked and
if so why.



I've heard of and read about a few different programs like SMA and
Anteater and pflogstats, but I don't know if these will have the
functionality I need to allow admins to search logs for a specific
date/time and/or specific phrase/address on a web based interface.



I appreciate any help, advice in making this decision.



Josh


Josh,

I use sendmail and sma.  But I don't these fit your needs.  In fact, I 
doubt you will find an opensource solution that does.  For those types of 
features you need to  spend some money and buy a commercial product.


-Derek

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Best SMTP Gateway Program and Reporting Tools

2008-08-12 Thread Josh Kidd 
I just wanted to pose this question to the list on people's opinions as
to what the best SMTP Gateway program (ie. Sendmail, Postfix, etc) is
and what the best log analysis tool for that SMTP program is. 

 

We are currently using Symantec Mail Security for our  outgoing SMTP
Gateway but want to employ an open-source solution instead. My problem
is our main requirement is to have a way to view the logs on a web based
interface that will allow our system administrators when a customer
complains they didn't receive an email to be able to go into the logs
and search by date/time and view the activity for that period to
determine if the mail went through our system or if it was blocked and
if so why. 

 

I've heard of and read about a few different programs like SMA and
Anteater and pflogstats, but I don't know if these will have the
functionality I need to allow admins to search logs for a specific
date/time and/or specific phrase/address on a web based interface.

 

I appreciate any help, advice in making this decision.

 

Josh 

 

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: tt/sbcglobal 2wire,1800 gateway (was: Re: freebsd)

2008-08-11 Thread Manolis Kiagias 

AAH wrote:

Hi,

 


Can someone give me the correct settings to configure an att/sbcglobal 2wire
1800 gateway(it's a modem, router/gateway)to work with FreeBSD?

I have been told my other users of FreeBSD that this router/gateway does
work with FreeBSD. (Freebsd 6.3).  However, the values given to me 


by att techs have not worked.  This is why I am email you all for some
assistance.  The error message is that network/server is unknown or cannot

be found.


  


Well, is this connected through Ethernet? Then it is not a FreeBSD 
problem. You would want to check the following:


- Your computer's IP address / subnet mask
- Your router's IP address / subnet mask (and whether they are in the 
same subnet with the PC). If you are not sure of the router's IP, most 
of them have a reset hole you can use to return it to factory settings. 
Have a look at the manual to see the defaults if you are not sure.


When you verify these, you should be able to ping the router from your 
terminal. Then it is simply a matter of entering the web interface of 
the router and provide a set of credentials and maybe a few more 
settings (like PPPoE or PPPoA and so on).


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Change gateway

2008-04-24 Thread Wojciech Puchar 


I'm trying to set the gateway 10.0.253.1 to the host 10.0.253.161/27 but i've  
received the answer:






# route flush
# route add default 10.0.253.1

route: writing to routing socket: Network is unreachable

The gateway and the host are connected in the same switch
How can I do it ?


the netmask /27 is nonsense in that context
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Change gateway

2008-04-24 Thread Reid Linnemann 
Written by Reid Linnemann on 04/24/08 11:50>>
> Written by Aguiar Magalhaes on 04/24/08 11:42>>
>> Hi list,
>>
>> I'm trying to set the gateway 10.0.253.1 to the host 10.0.253.161/27 but 
>> i've  received the answer: 
>>
>> # route flush
>> # route add default 10.0.253.1
>>
>> route: writing to routing socket: Network is unreachable
>>
>> The gateway and the host are connected in the same switch
>>
>> How can I do it ?
>>
>> Aguiar
> 
> your mask on 10.0.253.161 specifies the interfaces network spans
> addresses 10.0.253.160 - 10.0.253.167. 10.0.253.1 is not in that range.

oops.

the network spans 10.0.253.160 - 10.0.253.191, 32 - 27 is 5 bits, not 3 =)
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Change gateway

2008-04-24 Thread Aguiar Magalhaes 
Hi list,

I'm trying to set the gateway 10.0.253.1 to the host 10.0.253.161/27 but i've  
received the answer: 

# route flush
# route add default 10.0.253.1

route: writing to routing socket: Network is unreachable

The gateway and the host are connected in the same switch

How can I do it ?

Aguiar


  Abra sua conta no Yahoo! Mail, o único sem limite de espaço para 
armazenamento!
http://br.mail.yahoo.com/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Change gateway

2008-04-24 Thread Steve Bertrand 
I'm trying to set the gateway 10.0.253.1 to the host 10.0.253.161/27 but i've  received the answer: 


# route flush
# route add default 10.0.253.1

route: writing to routing socket: Network is unreachable

The gateway and the host are connected in the same switch


Even though the physical connection is the same, the .1 address is in a 
different subnet entirely than .161, due to the /27 prefix length.


10.0.253.160/27 encompasses 161-190. It's a good thing FreeBSD breaks in 
this case ;)


You will need to change your prefix length to /24 on the host, or add a 
secondary IP from the 160/27 range to the gateway to make this work.


Regards,

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Change gateway

2008-04-24 Thread Reid Linnemann 
Written by Aguiar Magalhaes on 04/24/08 11:42>>
> Hi list,
> 
> I'm trying to set the gateway 10.0.253.1 to the host 10.0.253.161/27 but i've 
>  received the answer: 
> 
> # route flush
> # route add default 10.0.253.1
> 
> route: writing to routing socket: Network is unreachable
> 
> The gateway and the host are connected in the same switch
> 
> How can I do it ?
> 
> Aguiar

your mask on 10.0.253.161 specifies the interfaces network spans
addresses 10.0.253.160 - 10.0.253.167. 10.0.253.1 is not in that range.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: dansguardian at boot time. +gateway server

2007-11-27 Thread Daniel Bye 
On Tue, Nov 27, 2007 at 09:27:02PM +0530,   wrote:
> Hello
> I installed dansguardian , gave it's entry in my /etc/rc.conf
> squid_enable="YES"
> dansguardian_enable="YES"
> 
> I am getting error at the boot time dansguardian couldn't connected to
> parent proxy.  Whereas squid starts without error.
> I am running squid over port 3121 and dansguardian on port 8080.
> 
> After logging in and giving command "dansguardian" it starts without any 
> error.

It sounds as though they're either starting in the wrong order, or 
dansguardian is starting before squid has had a chance to settle.

You can check what order they're starting in by doing

 # rcorder /etc/rc.d* /usr/local/etc/rc.d/*

and looking through the output for squid and dansguardian. Squid should
appear earlier in the list. If they are starting in the correct order,
try turning on squid's debugging to see why it is taking so long to 
start.

If they're starting in the wrong order, you can either rename the
control scripts as Mark suggested, or you can utilise the rcorder(8)
mechanism. In the squid control script, you should have this block near
the top:

# PROVIDE: squid
# REQUIRE: LOGIN
# KEYWORD: shutdown

And in the dansguardian control script, you should have this:

# PROVIDE: dansguardian
# REQUIRE: NETWORKING SERVERS squid
# KEYWORD: shutdown


> Plus in linux I have /etc/rc.local configuration file which i use to
> run special commands after my linux boots,
> How to do the same with FreeBSD.

You can create /etc/rc.local if you want, and it will run at the right
time. However, it is lightly deprecated these days in favour of 
/usr/local/etc/rc.d, as used by the ports. For each custom startup job
you want to run at boot time, create an rcorder(8) style script in 
/usr/local/etc/rc.d. rcorder(8) gives you great flexibility over the
start order.

Dan

-- 
Daniel Bye
 _
  ASCII ribbon campaign ( )
 - against HTML, vCards and  X
- proprietary attachments in e-mail / \


pgpE9k6Fsf8ta.pgp
Description: PGP signature

RE: dansguardian at boot time. +gateway server

2007-11-27 Thread Johan Hendriks 
You can also edit the file /usr/local/etc/rc.d/dansquardian and add squid to 
the require line like so
 
# PROVIDE: dansguardian
# REQUIRE: NETWORKING SERVERS squid
# KEYWORD: shutdown

that should start squid before dansquardian.
at least in my case it does
 
regards,
Johan Hendriks



Van: [EMAIL PROTECTED] namens Mark D. Foster
Verzonden: di 27-11-2007 21:18
Aan: 
CC: freebsd-questions@freebsd.org
Onderwerp: Re: dansguardian at boot time. +gateway server



 wrote:
> Hello
> I installed dansguardian , gave it's entry in my /etc/rc.conf
> squid_enable="YES"
> dansguardian_enable="YES"
>
> I am getting error at the boot time dansguardian couldn't connected to
> parent proxy.  Whereas squid starts without error.
> I am running squid over port 3121 and dansguardian on port 8080.
>
> After logging in and giving command "dansguardian" it starts without any 
> error.
>  
Had a similar problem  with dansguardian & tinyproxy, they start in the
wrong order.
So...
rename /usr/local/etc/rc.d/squid.sh to 01_squid.sh
rename /usr/local/etc/rc.d/dansguardian.sh to 02_dansguardian.sh
You might need to add "sleep 5" into 02_dansguardian.sh to give squid.sh
time to finish starting up.

--
Said one park ranger, 'There is considerable overlap between the
 intelligence of the smartest bears and the dumbest tourists.'
Mark D. Foster, CISSP <[EMAIL PROTECTED]>  http://mark.foster.cc/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: dansguardian at boot time. +gateway server

2007-11-27 Thread Mark D. Foster 
अनुज wrote:
> Hello
> I installed dansguardian , gave it's entry in my /etc/rc.conf
> squid_enable="YES"
> dansguardian_enable="YES"
>
> I am getting error at the boot time dansguardian couldn't connected to
> parent proxy.  Whereas squid starts without error.
> I am running squid over port 3121 and dansguardian on port 8080.
>
> After logging in and giving command "dansguardian" it starts without any 
> error.
>   
Had a similar problem  with dansguardian & tinyproxy, they start in the
wrong order.
So...
rename /usr/local/etc/rc.d/squid.sh to 01_squid.sh
rename /usr/local/etc/rc.d/dansguardian.sh to 02_dansguardian.sh
You might need to add "sleep 5" into 02_dansguardian.sh to give squid.sh
time to finish starting up.

-- 
Said one park ranger, 'There is considerable overlap between the 
 intelligence of the smartest bears and the dumbest tourists.'
Mark D. Foster, CISSP <[EMAIL PROTECTED]>  http://mark.foster.cc/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

dansguardian at boot time. +gateway server

2007-11-27 Thread अनुज 
Hello
I installed dansguardian , gave it's entry in my /etc/rc.conf
squid_enable="YES"
dansguardian_enable="YES"

I am getting error at the boot time dansguardian couldn't connected to
parent proxy.  Whereas squid starts without error.
I am running squid over port 3121 and dansguardian on port 8080.

After logging in and giving command "dansguardian" it starts without any error.

What can be the reason?
Plus in linux I have /etc/rc.local configuration file which i use to
run special commands after my linux boots,
How to do the same with FreeBSD.

Thanks and Regards.
Anugunj Anuj
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Gateway problem

2007-11-14 Thread Alaor Barroso de Carvalho Neto 
Hi, I have some troubles building my internet gateway to my network. I
already have a gateway machine running under linux, with two interfaces eth0
(192.168.1.1) and eth1 (external world), but I installed a new server
running FreeBSD6.2 with ipfilter and squid, in the test time with had the ip
192.168.1.240 in the rl0 and a external ip on rl1, I've configured some
machines in the network (3) to use it as gateway to test it and the
transparent proxy, everything worked fine. So I turned off my linux machine
and configured the BSD ip on rl0 to 192.168.1.1 and then it stop resolving
names. I have a DNS server in my network with the ip 192.168.1.2, I still
can ping to it and to the external world, but the names aren't resolved
anymore, it work for some seconds and then stop. When I turn on the
linuxmachine and plug it on the network with the ip 192.168.1.1 and change
the bsd ip to anything else it work again, resolve names and everything stay
just as suposed to be. If I turn off linux and set the rl0 to 192.168.1.1 it
stop resolving names but can ping to anywhere. Help!!!
in the rc.conf
gateway_enable="YES"
defaultrouter="X.X.X.X"
etc...
Everything seems to be OK.
Thankz for the attention
Hugs!
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: home lan with freebsd as gateway / security issues

2007-08-28 Thread Zbigniew Szalbot 

Hi,

On Tue, 28 Aug 2007 18:01:02 +0200 (CEST), "P.U.Kruppa"
<[EMAIL PROTECTED]> wrote:
>> do not need. My question is more general, though, I would simply like to
>> know if there's any simple way to put the box behind a router and sitll
> be
>> able to do transparent proxying of requests originating from my LAN?
> Yes: generally spoken: a gateway/proxy is what you tell your
> client machines to use as a gateway/proxy. You can just set it
> anywhere in your network and make it suck its data from your
> router.
> Transparent proxying might be a bit difficult to set up at times
> but you can start with an ordinary cache-proxy (called by
> requests on port 8080 or something).
> As long as your kids don't have admin rights on their
> workstations, they won't be able to change it.
> 
> By the way: blocking single addresses or even some expressions
> won't keep anyone from watching bad pages - all one needs is
> google and some patience.

I use dansguardian it is much more than a simple page block. DG is a very
useful tool.

> So - sorry for adding educational hints - talk to your children
> first and explain the meaning of the word trust to them. When
> they really believe they have to deceive you, they probably will
> be able to live without a computer for some time.

Absolutely - that's what I do. I only want to prevent situations where kids
by accident go to bad sites (spoofed urls, and the like). I do not have a
problem of kids trying to cheat me. 

> 
> Sorry, this really was off topic.

No problem. I appreciate all advice. I can always learn something, can't I?


-- 
Zbigniew Szalbot
www.slowo.pl
www.lcwords.com

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: home lan with freebsd as gateway / security issues

2007-08-28 Thread P.U.Kruppa 

On Tue, 28 Aug 2007, Zbigniew Szalbot wrote:



Dear all,

Please bear with me one more time. In two months I will need to set up a
home network and I was planning to use a spare freebsd box as a gateway,
proxy (squid) and content filtering (dansguardian). I am basically ready
but the more I think about it, the more worried I am.

That is - for content filtering to work without bypassing it, I will need
to put the machine in front of my wireless router, won't I? I am going to
do some reading on tightening FreeBSD security and closing ports/services I
do not need. My question is more general, though, I would simply like to
know if there's any simple way to put the box behind a router and sitll be
able to do transparent proxying of requests originating from my LAN?
Yes: generally spoken: a gateway/proxy is what you tell your 
client machines to use as a gateway/proxy. You can just set it 
anywhere in your network and make it suck its data from your 
router.
Transparent proxying might be a bit difficult to set up at times 
but you can start with an ordinary cache-proxy (called by 
requests on port 8080 or something).
As long as your kids don't have admin rights on their 
workstations, they won't be able to change it.


By the way: blocking single addresses or even some expressions 
won't keep anyone from watching bad pages - all one needs is 
google and some patience.
But of course you can use squid's log files to control what your 
kids really did.


So - sorry for adding educational hints - talk to your children 
first and explain the meaning of the word trust to them. When 
they really believe they have to deceive you, they probably will 
be able to live without a computer for some time.


Sorry, this really was off topic.

Regards,

Uli.


What I
really need is content filtering so that my kids won't accidentaly go to
bad sites.

I am not really an administrator so my knowledge is limited but I love this
(FreeBSD) system and want to continue using it and learning the ropes. What
would you advise a person like me?

Many, many thanks!

Zbigniew Szalbot

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"





Peter Ulrich Kruppa
Wuppertal
Germany

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

home lan with freebsd as gateway / security issues

2007-08-28 Thread Zbigniew Szalbot 

Dear all,

Please bear with me one more time. In two months I will need to set up a
home network and I was planning to use a spare freebsd box as a gateway,
proxy (squid) and content filtering (dansguardian). I am basically ready
but the more I think about it, the more worried I am. 

That is - for content filtering to work without bypassing it, I will need
to put the machine in front of my wireless router, won't I? I am going to
do some reading on tightening FreeBSD security and closing ports/services I
do not need. My question is more general, though, I would simply like to
know if there's any simple way to put the box behind a router and sitll be
able to do transparent proxying of requests originating from my LAN? What I
really need is content filtering so that my kids won't accidentaly go to
bad sites. 

I am not really an administrator so my knowledge is limited but I love this
(FreeBSD) system and want to continue using it and learning the ropes. What
would you advise a person like me?

Many, many thanks!

Zbigniew Szalbot

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Minimal gateway hardware configuration

2007-08-24 Thread Bahman M. 
> > Then my configuration is not minimal I'd say :-)
> > Thanks.
>
> so make use of it's huge power. first make gateway, then add squid at
> least. possibly mail etc.
A question out of subject:
Do I need to install in such conditions: a network composed of one
gateway and two other nodes at maximum and a slow connection? I mean
does it improve anything?

Bahman
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Minimal gateway hardware configuration

2007-08-23 Thread Wojciech Puchar 

You will be pleasantly surprised to find out that with adequate cooling
and a good quality power supply, most standard PCs can go on for ages
without a single problem, no shutdowns, no reboots. A UPS is also


such low end (by today standards) machine is actually better. it rarely 
overheats.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Minimal gateway hardware configuration

2007-08-23 Thread Wojciech Puchar 

One other question -a bit silly:
If I use that configuration as the gateway, can it be left on and
working 24x7? I mean, regarding the _hardware_, how often does it need
to be powered off: once a day, once a week, ... to prevent hardware
failures such as HDD crash?


actually disks feel better when running 24/7. other elements too.
stable temperature etc...
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Minimal gateway hardware configuration

2007-08-23 Thread Wojciech Puchar 



Then my configuration is not minimal I'd say :-)
Thanks.


so make use of it's huge power. first make gateway, then add squid at 
least. possibly mail etc.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Minimal gateway hardware configuration

2007-08-23 Thread Wojciech Puchar 

(cheap) PC to act as the gateway. The hardware specification is
CPU: Pentium II at 433MHz
RAM: 128MB
HDD: IDE 4GB
LAN Card: D-Link 538FE

Internet connection is a slow one below 512Kbps and there is only one
other node than the gateway in the network.

Is the configuration enough?


for pure gateway/nat 486 with 8MB RAM is enough with netbsd, and with 
freebsd will be too but i'm not sure FreeBSD can be used on 8MB, for sure it can 
on 16.


i'm using such configurations (486/25 to 50, 8MB RAM) many places. 
hardware was for free.


on machine you specified you may use squid and make your mailserver etc. 
without problems.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Minimal gateway hardware configuration

2007-08-22 Thread Bahman M. 
Thank you all! Very surprising! I didn't know that.

Bahman
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Minimal gateway hardware configuration

2007-08-22 Thread Jerry McAllister 
On Wed, Aug 22, 2007 at 04:07:42PM +0330, Bahman M. wrote:

> One other question -a bit silly:
> If I use that configuration as the gateway, can it be left on and
> working 24x7? I mean, regarding the _hardware_, how often does it need
> to be powered off: once a day, once a week, ... to prevent hardware
> failures such as HDD crash?

On average, the less you power it off the better.
Power cycling is more stressful than running.
The exception would be if it is getting too hot while running and
that is a totally different problem, not fixable by powering it off
and on.

jerry

> 
> Bahman
> 
> On 8/21/07, Bahman M. <[EMAIL PROTECTED]> wrote:
> > > Note: You need two LAN cards:  One for the outside connection and one
> > > to your internal network.  (You probably already know that, but since you
> > > referred to 'LAN Card' in the singular I thought I should mention it
> > > anyway.)
> > >
> > Yes, the machine has 2 D-Link cards.
> >
> > > More than enough.
> > >
> > > I use a Pentium I @ 133MHz w/ 64MB RAM as a gateway with a faster Internet
> > > connection (8Mbps down / 1Mbps up) and it has no problem keeping up.
> > >
> > > Earlier I had only 512 Kbps connection, and at that time used a 386sx @
> > > 33MHZ w/ 8MB RAM as gateway.  It had no problem handling that speed.
> > >
> > Then my configuration is not minimal I'd say :-)
> > Thanks.
> >
> > Bahman
> >
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Minimal gateway hardware configuration

2007-08-22 Thread Erik Trulsson 
On Wed, Aug 22, 2007 at 04:07:42PM +0330, Bahman M. wrote:
> One other question -a bit silly:
> If I use that configuration as the gateway, can it be left on and
> working 24x7? I mean, regarding the _hardware_, how often does it need
> to be powered off: once a day, once a week, ... to prevent hardware
> failures such as HDD crash?

As long as it doesn't overheat (and as long as you do not care overly much
about increasing the electricity bill) you can pretty much leave it on all
the time.




> 
> Bahman
> 
> On 8/21/07, Bahman M. <[EMAIL PROTECTED]> wrote:
> > > Note: You need two LAN cards:  One for the outside connection and one
> > > to your internal network.  (You probably already know that, but since you
> > > referred to 'LAN Card' in the singular I thought I should mention it
> > > anyway.)
> > >
> > Yes, the machine has 2 D-Link cards.
> >
> > > More than enough.
> > >
> > > I use a Pentium I @ 133MHz w/ 64MB RAM as a gateway with a faster Internet
> > > connection (8Mbps down / 1Mbps up) and it has no problem keeping up.
> > >
> > > Earlier I had only 512 Kbps connection, and at that time used a 386sx @
> > > 33MHZ w/ 8MB RAM as gateway.  It had no problem handling that speed.
> > >
> > Then my configuration is not minimal I'd say :-)
> > Thanks.
> >
> > Bahman
> >
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"

-- 

Erik Trulsson
[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Minimal gateway hardware configuration

2007-08-22 Thread Manolis Kiagias 


Bahman M. wrote:
> One other question -a bit silly:
> If I use that configuration as the gateway, can it be left on and
> working 24x7? I mean, regarding the _hardware_, how often does it need
> to be powered off: once a day, once a week, ... to prevent hardware
> failures such as HDD crash?
>
> Bahman
>
>
>   
You will be pleasantly surprised to find out that with adequate cooling
and a good quality power supply, most standard PCs can go on for ages
without a single problem, no shutdowns, no reboots. A UPS is also
recommended but definitely not required if the machine will not have
mission critical data (as I understand, yours will not have any data at
all...). In fact, from my experience, the 24/7 machines may be more
reliable than others since they will not go the endless power up / down
cycles that actually stresses components, both electronic and mechanical
(like disks). Hard disks mostly wear out from constant head movement and
not just by simply spinning idly. Low load machines, where IO bound
processes are few, will have no problems with disk reliability. Just
test the components (ie memtest, disk surface etc. esp. if old),
install, turn on and "forget". FreeBSD will happily do the rest...
forever that is :)
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Minimal gateway hardware configuration

2007-08-22 Thread Bahman M. 
One other question -a bit silly:
If I use that configuration as the gateway, can it be left on and
working 24x7? I mean, regarding the _hardware_, how often does it need
to be powered off: once a day, once a week, ... to prevent hardware
failures such as HDD crash?

Bahman

On 8/21/07, Bahman M. <[EMAIL PROTECTED]> wrote:
> > Note: You need two LAN cards:  One for the outside connection and one
> > to your internal network.  (You probably already know that, but since you
> > referred to 'LAN Card' in the singular I thought I should mention it
> > anyway.)
> >
> Yes, the machine has 2 D-Link cards.
>
> > More than enough.
> >
> > I use a Pentium I @ 133MHz w/ 64MB RAM as a gateway with a faster Internet
> > connection (8Mbps down / 1Mbps up) and it has no problem keeping up.
> >
> > Earlier I had only 512 Kbps connection, and at that time used a 386sx @
> > 33MHZ w/ 8MB RAM as gateway.  It had no problem handling that speed.
> >
> Then my configuration is not minimal I'd say :-)
> Thanks.
>
> Bahman
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Minimal gateway hardware configuration

2007-08-21 Thread Bahman M. 
> Note: You need two LAN cards:  One for the outside connection and one
> to your internal network.  (You probably already know that, but since you
> referred to 'LAN Card' in the singular I thought I should mention it
> anyway.)
>
Yes, the machine has 2 D-Link cards.

> More than enough.
>
> I use a Pentium I @ 133MHz w/ 64MB RAM as a gateway with a faster Internet
> connection (8Mbps down / 1Mbps up) and it has no problem keeping up.
>
> Earlier I had only 512 Kbps connection, and at that time used a 386sx @
> 33MHZ w/ 8MB RAM as gateway.  It had no problem handling that speed.
>
Then my configuration is not minimal I'd say :-)
Thanks.

Bahman
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Minimal gateway hardware configuration

2007-08-21 Thread Erik Trulsson 
On Tue, Aug 21, 2007 at 01:32:28PM +0330, Bahman M. wrote:
> Hi all,
> 
> I'd like to setup a small home network therefore I plan to buy an old
> (cheap) PC to act as the gateway. The hardware specification is
> CPU: Pentium II at 433MHz
> RAM: 128MB
> HDD: IDE 4GB
> LAN Card: D-Link 538FE

Note: You need two LAN cards:  One for the outside connection and one 
to your internal network.  (You probably already know that, but since you
referred to 'LAN Card' in the singular I thought I should mention it
anyway.)

> 
> Internet connection is a slow one below 512Kbps and there is only one
> other node than the gateway in the network.
> 
> Is the configuration enough?

More than enough.

I use a Pentium I @ 133MHz w/ 64MB RAM as a gateway with a faster Internet
connection (8Mbps down / 1Mbps up) and it has no problem keeping up.

Earlier I had only 512 Kbps connection, and at that time used a 386sx @
33MHZ w/ 8MB RAM as gateway.  It had no problem handling that speed.



-- 

Erik Trulsson
[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Minimal gateway hardware configuration

2007-08-21 Thread Bahman M. 
Hi all,

I'd like to setup a small home network therefore I plan to buy an old
(cheap) PC to act as the gateway. The hardware specification is
CPU: Pentium II at 433MHz
RAM: 128MB
HDD: IDE 4GB
LAN Card: D-Link 538FE

Internet connection is a slow one below 512Kbps and there is only one
other node than the gateway in the network.

Is the configuration enough?

Thanks in advance,
Bahman
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: freebsd / gateway / parental control

2007-07-04 Thread Tom Evans 
On Mon, 2007-07-02 at 12:44 -0400, Chuck Swiger wrote:
> Norberto Meijome wrote:
> > On Fri, 29 Jun 2007 22:46:10 +0200
> > Momchil Ivanov <[EMAIL PROTECTED]> wrote:
> >> 4) Forget about the DSL router. Box with wireless NIC, 1 NIC for home net, 
> >> 1 
> >> NIC for the DSL
> >>- same as above, just have to tell your box how to connect to your ISP
> > 
> > ok, this is interesting. You mean, plug the phone line straight into, say,
> > fxp1 ? and then using ppp to connect over PPoE to your ISP? 
> > 
> > I had originally thought of getting a DSL card , but there doesn't seem to 
> > be
> > any ADSL2/2+ supported.
> 
> A phone line is RJ11 and can be only a single pair; ethernet cables which go 
> into a fxp NIC are RJ45 and have four pairs.  :-)  If you wanted to connect 
> the phone line directly, you'd rightly need to get a DSL PCI card.
> 
> However, you can connect a DSL modem into one side in bridge mode, and have 
> the output of the DSL modem connect to a FreeBSD machine via ethernet which 
> uses PPP to do the PPPoE/PPPoA negotiation, or you can use a "broadband 
> router/switch" to do that, instead.
> 
> Regards,

In your part of the world, yes. I've encountered setups (iirc in
Denmark?) where the telco terminates their line as an RJ-11 and an
RJ-45. You can then plug into that either a router that talks PPPoE on
an ethernet port, or directly into NIC in your computer and talk PPPoE
there. This is where PPPoE clients like rp-pppoe and their ilk come into
play.

You can even do (rudimentary) sharing of the ADSL by plumbing it into a
hub. Any other client connected to the hub can kick off a PPPoE session.

Not many telcos do this these days I think..


signature.asc
Description: This is a digitally signed message part

Re: freebsd / gateway / parental control

2007-07-02 Thread Chuck Swiger 

Norberto Meijome wrote:

On Fri, 29 Jun 2007 22:46:10 +0200
Momchil Ivanov <[EMAIL PROTECTED]> wrote:
4) Forget about the DSL router. Box with wireless NIC, 1 NIC for home net, 1 
NIC for the DSL

- same as above, just have to tell your box how to connect to your ISP


ok, this is interesting. You mean, plug the phone line straight into, say,
fxp1 ? and then using ppp to connect over PPoE to your ISP? 


I had originally thought of getting a DSL card , but there doesn't seem to be
any ADSL2/2+ supported.


A phone line is RJ11 and can be only a single pair; ethernet cables which go 
into a fxp NIC are RJ45 and have four pairs.  :-)  If you wanted to connect 
the phone line directly, you'd rightly need to get a DSL PCI card.


However, you can connect a DSL modem into one side in bridge mode, and have 
the output of the DSL modem connect to a FreeBSD machine via ethernet which 
uses PPP to do the PPPoE/PPPoA negotiation, or you can use a "broadband 
router/switch" to do that, instead.


Regards,
--
-Chuck
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: freebsd / gateway / parental control

2007-07-02 Thread RW 
On Mon, 2 Jul 2007 14:33:50 +1000
Norberto Meijome <[EMAIL PROTECTED]> wrote:

> :) i figured...but i asked just in the crazy chance that PPoE meant u
> could use any Ethernet capable device (like a NIC) to connect to DSL.
> Oh well, it'd been cool if true :D
>

If I were you I'd go with your original plan of putting your router into
bridged mode, but I'd also try what I suggested about using the normal
ethernet interface to access the other lan ports. That avoids the use
of a second NIC and allows the use of the router's other ports.

It has the additional advantage that you can put the router back into
NAT mode, which can be useful for troubleshooting networking
problems or if your FreeBSD machine has a fault. It's also useful if you
want to boot a live-cd with internet access.

The router will also allow you to switch to PPPoA, which makes it easy
to deal with support if your ISP uses it as its official means of
connection.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: freebsd / gateway / parental control

2007-07-02 Thread Feargal Reilly 
On Mon, 2 Jul 2007 14:33:50 +1000
Norberto Meijome <[EMAIL PROTECTED]> wrote:

 
> :) i figured...but i asked just in the crazy chance that PPoE
> meant u could use any Ethernet capable device (like a NIC) to
> connect to DSL. Oh well, it'd been cool if true :D

I can't speak in the general case, but it works for me. I guess
you'll probably need to check with somebody in your ISP who
doesn't read answers from a flow chart.

-fr.

-- 
Feargal Reilly, Chief Techie, FBI.
PGP Key: 0xBD252C01 (expires: 2006-11-30)
Web: http://www.fbi.ie/ | Tel: +353.14988588 | Fax: +353.14988489
Communications House, 11 Sallymount Avenue, Ranelagh, Dublin 6.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: freebsd / gateway / parental control

2007-07-01 Thread Norberto Meijome 
On Mon, 2 Jul 2007 04:16:13 +0200
Momchil Ivanov <[EMAIL PROTECTED]> wrote:

> On Monday 02 July 2007 03:45:39 Norberto Meijome wrote:
> > On Fri, 29 Jun 2007 22:46:10 +0200
> >
> > Momchil Ivanov <[EMAIL PROTECTED]> wrote:
> > > 4) Forget about the DSL router. Box with wireless NIC, 1 NIC for home
> > > net, 1 NIC for the DSL
>   ^^
> > >   - same as above, just have to tell your box how to connect to your ISP
> >
> > ok, this is interesting. You mean, plug the phone line straight into, say,
> > fxp1 ? and then using ppp to connect over PPoE to your ISP?
> >
> > I had originally thought of getting a DSL card , but there doesn't seem to
> > be any ADSL2/2+ supported.
> 
> Well, as you get your internet connection through a DSL line, the above is 
> meant to be a DSL card.

:) i figured...but i asked just in the crazy chance that PPoE meant u could use
any Ethernet capable device (like a NIC) to connect to DSL. Oh well, it'd been
cool if true :D

_
{Beto|Norberto|Numard} Meijome

"Software is like sex, its better when its free"
   Linus Torvalds

I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: freebsd / gateway / parental control

2007-07-01 Thread Momchil Ivanov 
On Monday 02 July 2007 03:45:39 Norberto Meijome wrote:
> On Fri, 29 Jun 2007 22:46:10 +0200
>
> Momchil Ivanov <[EMAIL PROTECTED]> wrote:
> > 4) Forget about the DSL router. Box with wireless NIC, 1 NIC for home
> > net, 1 NIC for the DSL
^^
> > - same as above, just have to tell your box how to connect to your ISP
>
> ok, this is interesting. You mean, plug the phone line straight into, say,
> fxp1 ? and then using ppp to connect over PPoE to your ISP?
>
> I had originally thought of getting a DSL card , but there doesn't seem to
> be any ADSL2/2+ supported.

Well, as you get your internet connection through a DSL line, the above is 
meant to be a DSL card.

-- 
PGP KeyID: 0x3118168B
Keyserver: pgp.mit.edu
Key fingerprint BB50 2983 0714 36DC D02E  158A E03D 56DA 3118 168B
  


pgpclIeguBIZD.pgp
Description: PGP signature

Re: freebsd / gateway / parental control

2007-07-01 Thread Norberto Meijome 
On Fri, 29 Jun 2007 22:46:10 +0200
Momchil Ivanov <[EMAIL PROTECTED]> wrote:

> 4) Forget about the DSL router. Box with wireless NIC, 1 NIC for home net, 1 
> NIC for the DSL
>   - same as above, just have to tell your box how to connect to your ISP

ok, this is interesting. You mean, plug the phone line straight into, say,
fxp1 ? and then using ppp to connect over PPoE to your ISP? 

I had originally thought of getting a DSL card , but there doesn't seem to be
any ADSL2/2+ supported.

cheers,
B

_
{Beto|Norberto|Numard} Meijome

"All that is necessary for the triumph of evil is that good men do nothing."
  Edmund Burke

I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

  1   2   3   4   5   >