Re: [pfSense Support] Bridging question
At 06:53 PM 1/24/2006, you wrote: Scott Ullrich wrote: That is FreeBSD 6 release. That does not include all the new goodies in -STABLE. just wanted to add that this is only advisable if you're doing it for good reason. in this case, you want -STABLE because of the relevant changes you need for this particular purpose. In all other circumstances, RELENG_6_0 would be your best bet for stability, as that's just 6.0 release with bug and security fixes. RELENG_6 is more likely to be broken in some fashion. Good point.. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridging question
On 1/24/06, Chris Buechler <[EMAIL PROTECTED]> wrote: > just wanted to add that this is only advisable if you're doing it for > good reason. in this case, you want -STABLE because of the relevant > changes you need for this particular purpose. > > In all other circumstances, RELENG_6_0 would be your best bet for > stability, as that's just 6.0 release with bug and security fixes. > RELENG_6 is more likely to be broken in some fashion. Indeed. When using -STABLE its a good idea to set a date= field in your supfile and always remember the last known good date so that you can rollback to the prior known working tree date if a problem occurs. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridging question
Scott Ullrich wrote: That is FreeBSD 6 release. That does not include all the new goodies in -STABLE. just wanted to add that this is only advisable if you're doing it for good reason. in this case, you want -STABLE because of the relevant changes you need for this particular purpose. In all other circumstances, RELENG_6_0 would be your best bet for stability, as that's just 6.0 release with bug and security fixes. RELENG_6 is more likely to be broken in some fashion. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridging question
At 03:20 PM 1/24/2006, you wrote: On Jan 24, 2006, at 11:48 AM, Dan Swartzendruber wrote: At 11:45 AM 1/24/2006, you wrote: Make sure you're freebsd box is on RELENG_6 and up to date. it's supposed to be. i've been running cvsup every couple of weeks. i'll make sure i didn't pooch something. thx! Make sure to remove the stale un-compressed kernel from /boot/ kernel. See my several emails in the past week regarding how to do that You may be booting an old kernel since the current one is gzipped. nope. checked that last time. i think this was just stone old kernel :( - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridging question
On Jan 24, 2006, at 11:48 AM, Dan Swartzendruber wrote: At 11:45 AM 1/24/2006, you wrote: Make sure you're freebsd box is on RELENG_6 and up to date. it's supposed to be. i've been running cvsup every couple of weeks. i'll make sure i didn't pooch something. thx! Make sure to remove the stale un-compressed kernel from /boot/ kernel. See my several emails in the past week regarding how to do that. You may be booting an old kernel since the current one is gzipped. smime.p7s Description: S/MIME cryptographic signature
Re: [pfSense Support] Bridging question
At 12:02 PM 1/24/2006, you wrote: That is FreeBSD 6 release. That does not include all the new goodies in -STABLE. that did it! no more loss of connectivity. bless you, my son! :) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridging question
At 12:02 PM 1/24/2006, you wrote: That is FreeBSD 6 release. That does not include all the new goodies in -STABLE. i'm wondering if that explains some of the anomalies i saw. i'll test tonight after doing a make world and make kernel etc... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridging question
That is FreeBSD 6 release. That does not include all the new goodies in -STABLE. On 1/24/06, Dan Swartzendruber <[EMAIL PROTECTED]> wrote: > At 12:00 PM 1/24/2006, you wrote: > >That is wrong. I said RELENG_6 > > > >On 1/24/06, Dan Swartzendruber <[EMAIL PROTECTED]> wrote: > > > At 11:50 AM 1/24/2006, you wrote: > > > >If you where up to date, you would have that sysctl :) > > > > > > Maybe I misread something. Here is my cvsup tag: > > > > > > *default release=cvs tag=RELENG_6_0 > > > > > > Please tell me this is wrong :) > > thank you! :) i think i got the RELENG_6_0 tip from someone at work... > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridging question
At 12:00 PM 1/24/2006, you wrote: That is wrong. I said RELENG_6 On 1/24/06, Dan Swartzendruber <[EMAIL PROTECTED]> wrote: > At 11:50 AM 1/24/2006, you wrote: > >If you where up to date, you would have that sysctl :) > > Maybe I misread something. Here is my cvsup tag: > > *default release=cvs tag=RELENG_6_0 > > Please tell me this is wrong :) thank you! :) i think i got the RELENG_6_0 tip from someone at work... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridging question
That is wrong. I said RELENG_6 On 1/24/06, Dan Swartzendruber <[EMAIL PROTECTED]> wrote: > At 11:50 AM 1/24/2006, you wrote: > >If you where up to date, you would have that sysctl :) > > Maybe I misread something. Here is my cvsup tag: > > *default release=cvs tag=RELENG_6_0 > > Please tell me this is wrong :) > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridging question
At 11:50 AM 1/24/2006, you wrote: If you where up to date, you would have that sysctl :) Maybe I misread something. Here is my cvsup tag: *default release=cvs tag=RELENG_6_0 Please tell me this is wrong :) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridging question
If you where up to date, you would have that sysctl :) Scott On 1/24/06, Dan Swartzendruber <[EMAIL PROTECTED]> wrote: > At 11:45 AM 1/24/2006, you wrote: > >Make sure you're freebsd box is on RELENG_6 and up to date. > > it's supposed to be. i've been running cvsup every couple of > weeks. i'll make sure i didn't pooch something. thx! > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridging question
At 11:45 AM 1/24/2006, you wrote: Make sure you're freebsd box is on RELENG_6 and up to date. it's supposed to be. i've been running cvsup every couple of weeks. i'll make sure i didn't pooch something. thx! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridging question
Make sure you're freebsd box is on RELENG_6 and up to date. On 1/24/06, Dan Swartzendruber <[EMAIL PROTECTED]> wrote: > At 11:42 AM 1/24/2006, you wrote: > >There is a sysctl to work around this: > > > >sysctl net.link.bridge.pfil_onlyip=0 > > this sysctl did not show up on my freebsd > box. the other pfil ones did. another odd difference? > > >On 1/24/06, Tom Müller-Kortkamp <[EMAIL PROTECTED]> wrote: > > > I have also Problems with AppleTalk (EtherTalk) packets on a > > > ath <-> sis bridge. > > > > > > Am 24.01.2006 um 16:47 schrieb Dan Swartzendruber: > > > > > > > At 09:58 AM 1/24/2006, you wrote: > > > >> Yes, Andrew is investigating this problem. We are seeing some > > > >> similar issues as well. > > > > > > > > boy that's a relief. i was noticing that when the wifi card was on > > > > my pfsense box and bridging on, ftp proxy broke. possibly other > > > > weird stuff... > > > > > > -- > > > kommunity GmbH & Co.KG > > > Tom Müller-Kortkamp > > > Netzwerke & Internet > > > Goseriede 4 > > > D-30159 Hannover > > > > > > Phone +49 (0)5 11 - 80 72 58 0 > > > Fax +49 (0)5 11 - 80 72 58 10 > > > http://www.kommunity.net > > > > > > > > > > > > - > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > >- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridging question
At 11:42 AM 1/24/2006, you wrote: There is a sysctl to work around this: sysctl net.link.bridge.pfil_onlyip=0 this sysctl did not show up on my freebsd box. the other pfil ones did. another odd difference? On 1/24/06, Tom Müller-Kortkamp <[EMAIL PROTECTED]> wrote: > I have also Problems with AppleTalk (EtherTalk) packets on a > ath <-> sis bridge. > > Am 24.01.2006 um 16:47 schrieb Dan Swartzendruber: > > > At 09:58 AM 1/24/2006, you wrote: > >> Yes, Andrew is investigating this problem. We are seeing some > >> similar issues as well. > > > > boy that's a relief. i was noticing that when the wifi card was on > > my pfsense box and bridging on, ftp proxy broke. possibly other > > weird stuff... > > -- > kommunity GmbH & Co.KG > Tom Müller-Kortkamp > Netzwerke & Internet > Goseriede 4 > D-30159 Hannover > > Phone +49 (0)5 11 - 80 72 58 0 > Fax +49 (0)5 11 - 80 72 58 10 > http://www.kommunity.net > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridging question
There is a sysctl to work around this: sysctl net.link.bridge.pfil_onlyip=0 On 1/24/06, Tom Müller-Kortkamp <[EMAIL PROTECTED]> wrote: > I have also Problems with AppleTalk (EtherTalk) packets on a > ath <-> sis bridge. > > Am 24.01.2006 um 16:47 schrieb Dan Swartzendruber: > > > At 09:58 AM 1/24/2006, you wrote: > >> Yes, Andrew is investigating this problem. We are seeing some > >> similar issues as well. > > > > boy that's a relief. i was noticing that when the wifi card was on > > my pfsense box and bridging on, ftp proxy broke. possibly other > > weird stuff... > > -- > kommunity GmbH & Co.KG > Tom Müller-Kortkamp > Netzwerke & Internet > Goseriede 4 > D-30159 Hannover > > Phone +49 (0)5 11 - 80 72 58 0 > Fax +49 (0)5 11 - 80 72 58 10 > http://www.kommunity.net > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridging question
I have also Problems with AppleTalk (EtherTalk) packets on a ath <-> sis bridge. Am 24.01.2006 um 16:47 schrieb Dan Swartzendruber: At 09:58 AM 1/24/2006, you wrote: Yes, Andrew is investigating this problem. We are seeing some similar issues as well. boy that's a relief. i was noticing that when the wifi card was on my pfsense box and bridging on, ftp proxy broke. possibly other weird stuff... -- kommunity GmbH & Co.KG Tom Müller-Kortkamp Netzwerke & Internet Goseriede 4 D-30159 Hannover Phone +49 (0)5 11 - 80 72 58 0 Fax +49 (0)5 11 - 80 72 58 10 http://www.kommunity.net - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridging question
At 09:58 AM 1/24/2006, you wrote: Yes, Andrew is investigating this problem. We are seeing some similar issues as well. boy that's a relief. i was noticing that when the wifi card was on my pfsense box and bridging on, ftp proxy broke. possibly other weird stuff... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridging question
Yes, Andrew is investigating this problem. We are seeing some similar issues as well. On 1/24/06, Dan Swartzendruber <[EMAIL PROTECTED]> wrote: > At 09:54 AM 1/24/2006, you wrote: > >On 1/24/06, Dan Swartzendruber <[EMAIL PROTECTED]> wrote: > > > not complaining. i'm just puzzled it works on pfsense on not my > > > sitch. oh well... > > > >We use if_bridge if pfSense. Is that what you are using? > > yes. that's why i'm so puzzled. it did NOT work on freebsd 6.0 > until i moved the IP address from fxp0 to bridge0. dunno why not :( > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridging question
At 09:54 AM 1/24/2006, you wrote: On 1/24/06, Dan Swartzendruber <[EMAIL PROTECTED]> wrote: > not complaining. i'm just puzzled it works on pfsense on not my > sitch. oh well... We use if_bridge if pfSense. Is that what you are using? yes. that's why i'm so puzzled. it did NOT work on freebsd 6.0 until i moved the IP address from fxp0 to bridge0. dunno why not :( - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridging question
On 1/24/06, Dan Swartzendruber <[EMAIL PROTECTED]> wrote: > not complaining. i'm just puzzled it works on pfsense on not my > sitch. oh well... We use if_bridge if pfSense. Is that what you are using? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridging question
At 12:11 AM 1/24/2006, you wrote: Our new code in head allows a bridge group to receive an ip and will remedy this. 1.0 is not even out and 1.1 is much more fancy. Go figure ;) not complaining. i'm just puzzled it works on pfsense on not my sitch. oh well... Scott On 1/23/06, Dan Swartzendruber <[EMAIL PROTECTED]> wrote: > At 07:32 PM 1/23/2006, you wrote: > >I've never really tried doing bridging with FreeBSD, but with Linux > >that's how bridging is done. For every interface you want to add to > >the bridge, you set its IP address to 0.0.0.0. Then, you set the IP > >address of the bridge interface and that becomes the bridged IP > >address for all the interfaces in the bridge. > > what is odd is that i was looking at how pfsense uses if_bridge, and > they don't set the IP on the bridge interface. color me puzzled... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridging question
Our new code in head allows a bridge group to receive an ip and will remedy this. 1.0 is not even out and 1.1 is much more fancy. Go figure ;) Scott On 1/23/06, Dan Swartzendruber <[EMAIL PROTECTED]> wrote: > At 07:32 PM 1/23/2006, you wrote: > >I've never really tried doing bridging with FreeBSD, but with Linux > >that's how bridging is done. For every interface you want to add to > >the bridge, you set its IP address to 0.0.0.0. Then, you set the IP > >address of the bridge interface and that becomes the bridged IP > >address for all the interfaces in the bridge. > > what is odd is that i was looking at how pfsense uses if_bridge, and > they don't set the IP on the bridge interface. color me puzzled... > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridging question
At 07:32 PM 1/23/2006, you wrote: I've never really tried doing bridging with FreeBSD, but with Linux that's how bridging is done. For every interface you want to add to the bridge, you set its IP address to 0.0.0.0. Then, you set the IP address of the bridge interface and that becomes the bridged IP address for all the interfaces in the bridge. what is odd is that i was looking at how pfsense uses if_bridge, and they don't set the IP on the bridge interface. color me puzzled... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridging question
I've never really tried doing bridging with FreeBSD, but with Linux that's how bridging is done. For every interface you want to add to the bridge, you set its IP address to 0.0.0.0. Then, you set the IP address of the bridge interface and that becomes the bridged IP address for all the interfaces in the bridge. On 1/23/06, Dan Swartzendruber <[EMAIL PROTECTED]> wrote: > > I got it working, but only by moving the IP address from fxp0 to > bridge0. WTF??? > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridging question
I got it working, but only by moving the IP address from fxp0 to bridge0. WTF??? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] bridging question
I think you could still do it to a certain extent though. Set the interface speed on the opt1 lower than the lan. Or I guess in is a dsl connection. Segment the lan and put all the public ips on it and 1 to1 nat his public block back to his router. Maybe a little insecure but the shaper would work well. > -Original Message- > From: Dan Swartzendruber [mailto:[EMAIL PROTECTED] > Sent: 24 October 2005 23:38 > To: support@pfsense.com > Subject: Re: [pfSense Support] bridging question > > At 05:49 PM 10/24/2005, you wrote: > >Yes, but the shaper won't shape the way you want it to right now (nor > >is it bound to the OPT interfaces yet, just LAN/WAN). What would be > >better, is to plug the router into the WAN side of dedicated shaper > >box that's in bridge mode and plug the LAN side into the 10mbit > >switch. It means another box (dunno if you can bear that or not :)), > >but should do exactly what you're after (of course, then mucking with > >the shaper to get it to do 'the right thing'). > > oh, bummer. now that you mention it, i do recall having read stuff > about bridging and OPT. oh well. i'm moving in 3-4 months, so it's > not a big deal (certainly not enough to build another box!) thanks anyway > :) > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] bridging question
Yep same config as discussed befor but bridge the opt with the wan and let him put his ips on his firewall. Then shaper the traffic on opt1 on the way out > -Original Message- > From: Dan Swartzendruber [mailto:[EMAIL PROTECTED] > Sent: 24 October 2005 22:20 > To: support@pfsense.com > Subject: [pfSense Support] bridging question > > > I was looking over the bridging example posted earlier, but it wasn't > quite what I was wondering about. Is it possible to bridge an OPT > interface to the WAN interface even though the WAN interface is in a > totally different subnet than the hosts on the OPT interface? My > situation: > > home DSL line. my LAN has NAT'ed addressed in 10.0.0.0/24 > subnet. WAN is a static IP assigned by ISP. I share DSL line with > roommate, but because we have limited upload (384kb), if he's doing > anything at all outbound, my latency goes down the toilet. He has a > routable C block the ISP sends down the DSL line, and has his own > firewall. The net port on the DSL modem is connected to a 10mb > switch, into which each of our WAN ports is plugged. So... What I'd > like to do is add an OPT interface and bridge it to the WAN > interface. Then, unplug his WAN cable from the DSL modem and plug it > into said OPT interface. I'd then use the traffic shaper to give his > outbound traffic the lowest priority there is (and no, I don't feel > guilty about this, because DSL line is mine, and he's free-riding on > it.) Will this work? > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] bridging question
At 05:49 PM 10/24/2005, you wrote: Yes, but the shaper won't shape the way you want it to right now (nor is it bound to the OPT interfaces yet, just LAN/WAN). What would be better, is to plug the router into the WAN side of dedicated shaper box that's in bridge mode and plug the LAN side into the 10mbit switch. It means another box (dunno if you can bear that or not :)), but should do exactly what you're after (of course, then mucking with the shaper to get it to do 'the right thing'). oh, bummer. now that you mention it, i do recall having read stuff about bridging and OPT. oh well. i'm moving in 3-4 months, so it's not a big deal (certainly not enough to build another box!) thanks anyway :) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] bridging question
On 10/24/05, Dan Swartzendruber <[EMAIL PROTECTED]> wrote: > > I was looking over the bridging example posted earlier, but it wasn't > quite what I was wondering about. Is it possible to bridge an OPT > interface to the WAN interface even though the WAN interface is in a > totally different subnet than the hosts on the OPT interface? My situation: > > home DSL line. my LAN has NAT'ed addressed in 10.0.0.0/24 > subnet. WAN is a static IP assigned by ISP. I share DSL line with > roommate, but because we have limited upload (384kb), if he's doing > anything at all outbound, my latency goes down the toilet. He has a > routable C block the ISP sends down the DSL line, and has his own > firewall. The net port on the DSL modem is connected to a 10mb > switch, into which each of our WAN ports is plugged. So... What I'd > like to do is add an OPT interface and bridge it to the WAN > interface. Then, unplug his WAN cable from the DSL modem and plug it > into said OPT interface. I'd then use the traffic shaper to give his > outbound traffic the lowest priority there is (and no, I don't feel > guilty about this, because DSL line is mine, and he's free-riding on > it.) Will this work? Yes, but the shaper won't shape the way you want it to right now (nor is it bound to the OPT interfaces yet, just LAN/WAN). What would be better, is to plug the router into the WAN side of dedicated shaper box that's in bridge mode and plug the LAN side into the 10mbit switch. It means another box (dunno if you can bear that or not :)), but should do exactly what you're after (of course, then mucking with the shaper to get it to do 'the right thing'). --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
