Re: [pfSense Support] IGMP packet out of WAN
On Thu, Jul 30, 2009 at 8:33 PM, Evgeny Yurchenko wrote: > > I was stupid enough sending multicast UDP traffic with TTL=1 (although > settings in my player were telling me 10). > Everything is working fine now. > That's great! I appreciate your efforts in sticking with this. > The code of igmpproxy is heavily inherited from mrouted and actual proxying > of IGMP-packets does not happen. It is not a problem if mcast > sender on upstream interface does not care about memberships and just > multicasts always, but if it is wise sender, or if sender is located in > several routers upstream then IGMP is needed. So I fixed this small issue for > 1.2.2 (I have only this development version). There was another > problem with understanding interfaces consisting of more than 3 letters (em1 > - ok, bge1 - can't start), also fixed. Could somebody validate and > put my several lines of code in repository please? How does it work at all - > if somebody found solution for some problem, what to do? > You can send a patch here (diff -rub please) and I'm sure Ermal will review (he does most of our C work, and did this multicast implementation) and get it committed. Thanks! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Pre-configured m0n0wall/pfsense boxes
I have a number of pre-configured m0n0wall and pfSense firewalls up for sale and I would like to offer them up to everyone on the list. I have m0n0wall v1.235 and pfSense v1.2.2 as the current versions as of this email. They are all Nokia boxes, the IP330, the IP440, and the IP530. The IP330 -AMD K62 533MHz -256mb RAM -3x 10/100 Ethernet interfaces -1x cPCI Slot The IP440 -Intel P3 600MHz -256mb RAM *Upgradeable upon request -4x 10/100 Ethernet Interfaces *Upgradeable upon request -VGA Video Output -Additional hardware/OS available The IP530 -Intel P3 700MHz -256mb RAM *Upgradeable upon request -4x 10/100 Ethernet Interfaces *Upgradeable upon request I have cPCI and PCI Ethernet cards that are compatible with the units. They are all 4x 10/100 Ethernet Interfaces The IP330 is $30 each plus shipping The IP440 is $75 each plus shipping The IP530 is $50 each plus shipping I only take payment via PayPal and I can configure it before I send it out to your liking. Thanks, Cheyenne
[pfSense Support] thread hijacking - was Re: [pfSense Support] A note about top vs bottom
Scott Ullrich wrote: > http://www.caliburn.nl/topposting.html > http://idallen.com/topposting.html > while we're all whinging, please can I whinge about thead hijacking where people start a new discussion by clicking "reply" and then editing the subject. *** why not? when the thread is hijacked it means the new discussion gets mixed in with the old one, which... 1/ can disrupt the original "conversation" which annoys people 2/ means that the new "conversation" won't get as much attention since people not interested in the old conversation will be deleting any follow-up messages 3/ it's bad etiquette (i.e. bad manners) ** how does it work? there are hidden fields in an email which allow the emails forming the discussion "thread" to be kept together to make reading them more logical. a good email reader understands threading and will make following the mailing list a lot easier. googlemail does this very well automatically. thunderbird does too - change view to "threaded" or click the funny "t" symbol in the message header window. Ok, I just hijacked the original thread :-) but sometimes it is actually valid. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: Can't get more than 15kpps.
Lenny wrote: > So do you have any other ideas? I NEED this to work. just for a sanity check, could you boot a live linux CD and make various tests with that (iptraf, timed netcat etc)? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: Can't get more than 15kpps.
Paul Mansfield wrote: Lenny wrote: So do you have any other ideas? I NEED this to work. just for a sanity check, could you boot a live linux CD and make various tests with that (iptraf, timed netcat etc)? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Well, I could... I'd rather do it with the server that's still in the office (identical). But to my biggest shame I'd never made those tests. Is there a chance you'd give me some pointers? Thanks. Lenny.
Re: [pfSense Support] A note about top vs bottom posting -- please read and make sure you bottom post on our lists. Thank you.
Curtis LaMasters wrote: > Gotta tell you guys...this is out right frustrating. Is it the fact there's some buttons on the keyboard called cursor keys, they move the little blob around which indicates where what you type will appear. you press the cursor down and type the response at the bottom. this may require more than a few nanoseconds of your time. for bonus points, as you move the cursor to the bottom, you highlight the existing text and delete anything irrelevant to your reply in order to ensure your reply makes sense and eliminates clutter and confusion. it's like when someone asks four questions and you say "yes, no, yes yes", but no-one knows which question you're answering. IME, people who top post and don't trim assume they're far too important and their time is more valuable than other people's; however, quite often what happens is people can't be bothered to wade through the emails and so the top-poster gets ignored. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] A note about top vs bottom posting -- please read and make sure you bottom post on our lists. Thank you.
Curtis LaMasters wrote: >> This is a bottom post. > I actually find that to be annoying to read. However, in the spirit this is why a forum is often best, as it basically forces bottom-posting, but people can read the replies backwards if they want. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] A note about top vs bottom posting -- please read and make sure you bottom post on our lists. Thank you.
2009/7/31 Paul Mansfield : > Curtis LaMasters wrote: >>> This is a bottom post. >> I actually find that to be annoying to read. However, in the spirit > > > this is why a forum is often best, as it basically forces > bottom-posting, but people can read the replies backwards if they want. > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > Hi @all, I believe the best statement at all is from Scott: ... this are the list rules ... (in sense) It is like "Simon say's" , and there is Simon's Castle ;-) but it seems to me, not all the listmembers know about that rules ;-) we have many mature listmembers, from the times that this rules are not spreaded to all members ... is this possible? and now i think it should be clear. Or not? just that what i see. Greetings michael Hint: read Scott's (Simon's) rules -- = = = m i c h a e l - s c h u h . n e t = = = Projektmanagement - IT-Consulting - Professional Services IT Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0175/5616453 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = = - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: Can't get more than 15kpps.
Lenny wrote: > But to my biggest shame I'd never made those tests. Is there a chance > you'd give me some pointers? > Thanks. boot a live linux disk like ubuntu try a speed test website. for network testing... set up the interfaces create a 1G test file, e.g. "dd if=/dev/urandom of=/tmp/random bs=1024 count=1048576" then use "time scp /tmp/random otherhost:/tmp/blah" or use "netcat -l -p 1234" on one to create a listen and on other "time cat /tmp/random | netcat -p 1234 otherhost" to see how long it takes also use iptraf. you *should* be able to get close to theoretical maximum between two machines if switches, cabling and computers are working OK. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: Can't get more than 15kpps.
Paul Mansfield wrote: boot a live linux disk like ubuntu try a speed test website. for network testing... set up the interfaces create a 1G test file, e.g. "dd if=/dev/urandom of=/tmp/random bs=1024 count=1048576" then use "time scp /tmp/random otherhost:/tmp/blah" or use "netcat -l -p 1234" on one to create a listen and on other "time cat /tmp/random | netcat -p 1234 otherhost" to see how long it takes also use iptraf. you *should* be able to get close to theoretical maximum between two machines if switches, cabling and computers are working OK. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org ok, great. Thanks! Lenny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: Can't get more than 15kpps.
Paul Mansfield schrieb: > > boot a live linux disk like ubuntu > > try a speed test website. > > for network testing... > > set up the interfaces > > create a 1G test file, e.g. "dd if=/dev/urandom of=/tmp/random bs=1024 > count=1048576" > > then use "time scp /tmp/random otherhost:/tmp/blah" or use "netcat -l -p > 1234" on one to create a listen and on other "time cat /tmp/random | > netcat -p 1234 otherhost" to see how long it takes > > also use iptraf. > > you *should* be able to get close to theoretical maximum between two > machines if switches, cabling and computers are working OK. > I may be wrong, but his problem is pps (packets per second). That's not the same as being able to download a large file. Unfortunately. How does one generate a large a mount of (small) packets with "useful" an genuine traffic? Rainer - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: Can't get more than 15kpps.
Rainer Duffner wrote: Paul Mansfield schrieb: boot a live linux disk like ubuntu try a speed test website. for network testing... set up the interfaces create a 1G test file, e.g. "dd if=/dev/urandom of=/tmp/random bs=1024 count=1048576" then use "time scp /tmp/random otherhost:/tmp/blah" or use "netcat -l -p 1234" on one to create a listen and on other "time cat /tmp/random | netcat -p 1234 otherhost" to see how long it takes also use iptraf. you *should* be able to get close to theoretical maximum between two machines if switches, cabling and computers are working OK. I may be wrong, but his problem is pps (packets per second). That's not the same as being able to download a large file. Unfortunately. How does one generate a large a mount of (small) packets with "useful" an genuine traffic? Rainer - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org actually you're right. But I think there was a tool for that. iperf?
Re: [pfSense Support] Re: Can't get more than 15kpps.
> I may be wrong, but his problem is pps (packets per second). > That's not the same as being able to download a large file. > Unfortunately. > > How does one generate a large a mount of (small) packets with "useful" > an genuine traffic? > > > > actually you're right. But I think there was a tool for that. iperf? > You could use hping2. That can generate TCP/UDP adn ICMP traffic of the size the you want and the amount of your desire. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: Can't get more than 15kpps.
Rainer Duffner wrote: > I may be wrong, but his problem is pps (packets per second). > That's not the same as being able to download a large file. > Unfortunately. > > How does one generate a large a mount of (small) packets with "useful" > and genuine traffic? set the MTU to a low value (200?) so that it forces the stream to use many small packets BTW, I suggested using a data file generated from random data to avoid any simple compression applied by drivers and scp. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] thread hijacking - was Re: [pfSense Support] A note about top vs bottom
On Fri, Jul 31, 2009 at 5:02 AM, Paul Mansfield wrote: > Scott Ullrich wrote: >> http://www.caliburn.nl/topposting.html >> http://idallen.com/topposting.html >> > > while we're all whinging, please can I whinge about thead hijacking > where people start a new discussion by clicking "reply" and then editing > the subject. > Ok, I just hijacked the original thread :-) but sometimes it is actually > valid. Not according to gmail you didn't ;-P This came in on a shiny new thread all of it's own. --Bill - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: Can't get more than 15kpps.
On Fri, Jul 31, 2009 at 10:30 AM, Paul Mansfield wrote: > Rainer Duffner wrote: >> I may be wrong, but his problem is pps (packets per second). >> That's not the same as being able to download a large file. >> Unfortunately. >> >> How does one generate a large a mount of (small) packets with "useful" >> and genuine traffic? > > set the MTU to a low value (200?) so that it forces the stream to use > many small packets > > > BTW, I suggested using a data file generated from random data to avoid > any simple compression applied by drivers and scp. A low MTU and Apache Bench (ab) can make for a useful test. Ditto with iperf. --Bill - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] IGMP packet out of WAN
> From: cbuech...@gmail.com [mailto:cbuech...@gmail.com] On
> Behalf Of Chris Buechler
>
> On Thu, Jul 30, 2009 at 8:33 PM, Evgeny
> Yurchenko wrote:
> >
> > The code of igmpproxy is heavily inherited from mrouted and actual
> > proxying of IGMP-packets does not happen. It is not a
> problem if mcast
> > sender on upstream interface does not care about
> memberships and just
> > multicasts always, but if it is wise sender, or if sender
> is located
> > in several routers upstream then IGMP is needed. So I fixed
> this small issue for 1.2.2 (I have only this development
> version). There was another problem with understanding
> interfaces consisting of more than 3 letters (em1 - ok, bge1
> - can't start), also fixed. Could somebody validate and put
> my several lines of code in repository please? How does it
> work at all - if somebody found solution for some problem, what to do?
> >
>
> You can send a patch here (diff -rub please) and I'm sure
> Ermal will review (he does most of our C work, and did this multicast
> implementation) and get it committed.
>
> Thanks!
>
diff -rub original/igmpproxy/work/igmpproxy/src/config.c
igmpproxy/work/igmpproxy/src/config.c
--- original/igmpproxy/work/igmpproxy/src/config.c 2009-07-31
17:17:16.0 +
+++ igmpproxy/work/igmpproxy/src/config.c 2009-07-31
17:21:28.0 +
@@ -241,7 +241,7 @@
tmpPtr->allowednets = NULL;
// Make a copy of the token to store the IF name
-tmpPtr->name = (char *)malloc( sizeof(char) * strlen(token) );
+tmpPtr->name = (char *)malloc( sizeof(char) * strlen(token) + 1 );
if(tmpPtr->name == NULL) {
log(LOG_ERR, 0, "Out of memory.");
}
diff -rub original/igmpproxy/work/igmpproxy/src/mcgroup.c
igmpproxy/work/igmpproxy/src/mcgroup.c
--- original/igmpproxy/work/igmpproxy/src/mcgroup.c 2009-07-31
17:17:16.0 +
+++ igmpproxy/work/igmpproxy/src/mcgroup.c 2009-07-31
17:11:00.0 +
@@ -63,13 +63,18 @@
}
#else
if( setsockopt( UdpSock, IPPROTO_IP,
- Cmd == 'j' ? IP_ADD_SOURCE_MEMBERSHIP :
IP_DROP_SOURCE_MEMBERSHIP,
+ Cmd == 'j' ? IP_ADD_MEMBERSHIP : IP_DROP_MEMBERSHIP,
(void *)&CtlReq, sizeof( CtlReq ) ) )
{
log( LOG_WARNING, errno, "MRT_%s_MEMBERSHIP failed", Cmd == 'j'
? "ADD" : "DROP" );
return 1;
}
#endif
+/* We have to send IGMP packet on upstream interface */
+if( Cmd == 'j' )
+ sendIgmp(0, mcastaddr, IGMP_V2_MEMBERSHIP_REPORT, 0, mcastaddr,
0);
+else
+sendIgmp(0, mcastaddr, IGMP_V2_LEAVE_GROUP, 0, mcastaddr, 0);
return 0;
}
diff -rub original/igmpproxy/work/igmpproxy/src/rttable.c
igmpproxy/work/igmpproxy/src/rttable.c
--- original/igmpproxy/work/igmpproxy/src/rttable.c 2009-07-31
17:17:16.0 +
+++ igmpproxy/work/igmpproxy/src/rttable.c 2009-07-31
17:25:18.0 +
@@ -344,12 +344,8 @@
return 0;
}
}
-}
-
-// Send join message upstream, if the route has no joined flag...
-if(croute->upstrState != ROUTESTATE_JOINED) {
-// Send Join request upstream
-sendJoinLeaveUpstream(croute, 1);
+// Send join message upstream
+ sendIgmp(0, group, IGMP_V2_MEMBERSHIP_REPORT, 0, group, 0);
}
IF_DEBUG logRouteTable("Insert Route");
Eugene.
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: Can't get more than 15kpps.
On Fri, Jul 31, 2009 at 7:16 AM, Rainer Duffner wrote: > Paul Mansfield schrieb: >> >> boot a live linux disk like ubuntu >> >> try a speed test website. >> >> for network testing... >> >> set up the interfaces >> >> create a 1G test file, e.g. "dd if=/dev/urandom of=/tmp/random bs=1024 >> count=1048576" >> >> then use "time scp /tmp/random otherhost:/tmp/blah" or use "netcat -l -p >> 1234" on one to create a listen and on other "time cat /tmp/random | >> netcat -p 1234 otherhost" to see how long it takes >> >> also use iptraf. >> >> you *should* be able to get close to theoretical maximum between two >> machines if switches, cabling and computers are working OK. >> > > > I may be wrong, but his problem is pps (packets per second). > That's not the same as being able to download a large file. > Unfortunately. > > How does one generate a large a mount of (small) packets with "useful" > an genuine traffic? > > > > Rainer > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > IPERF is the tool for that. You can specify packet size. I just used it to test PPS throughput for simulated VOIP traffic. Works very well. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: Can't get more than 15kpps.
> then use "time scp /tmp/random otherhost:/tmp/blah" or use "netcat -l -p > 1234" on one to create a listen and on other "time cat /tmp/random | > netcat -p 1234 otherhost" to see how long it takes > scp doesn't perform well over fast links, it's not really a good tool for testing. I can barely get 100mbit out of my GigE network that otherwise performs well. I think it is due to the issue discussed here: http://www.psc.edu/networking/projects/hpn-ssh/ Keenan signature.asc Description: OpenPGP digital signature
Re: [pfSense Support] Re: Can't get more than 15kpps.
On Fri, Jul 31, 2009 at 12:09 PM, Keenan Tims wrote: >> then use "time scp /tmp/random otherhost:/tmp/blah" or use "netcat -l -p >> 1234" on one to create a listen and on other "time cat /tmp/random | >> netcat -p 1234 otherhost" to see how long it takes >> > scp doesn't perform well over fast links, it's not really a good tool > for testing. I can barely get 100mbit out of my GigE network that > otherwise performs well. I think it is due to the issue discussed here: > > http://www.psc.edu/networking/projects/hpn-ssh/ Most of the time, the real issue is that scp has to encrypt the data on one end and decrypt it on the other - that takes a lot of CPU power that could otherwise be used for tossing packets around. -Dave - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
