At Thu, 14 Dec 2006 23:27:53 +0100,
Daniel Dvořák wrote:
>
> Hi all,
>
>
>
> I want back ipv6 link-local routes back, do you know how to do that
> ? I hope this significant change will be in release document for
> 6.2. I did not change rc.conf since release FreeBSD 6.1 in May06.
>
You need t
Hi,
If I enable carp on a vlan interface in rc.conf the kernel goes
boom. This is 6.2-RC from a couple of weeks ago. (IIRC then I had
the same problem setting up carp on a bridge'd interface).
I'm configuring it like this:
ifconfig_vlan2="inet 10.50.0.3/24 vlan 202 vlandev sis2"
ifconfi
Most of the torrent clients do encrypted sessions nowadays so they really
are impossible to detect by simply parsing the packets.
Baldur
On Fri, Dec 15, 2006 at 02:08:41AM +0200, Ivo Vachkov wrote:
> I'm not familiar with bittorrent protocol but I guess you can always
> implement simple L7 filter
On 14/12/06, Andre Oppermann <[EMAIL PROTECTED]> wrote:
Chris wrote:
> On 12/12/06, Andre Oppermann <[EMAIL PROTECTED]> wrote:
>> This is a patch adding automatic TCP send and receive socket buffer
>> sizing.
>> Normally the socket buffers are static (either derived from global
>> defaults
>> or
I'm not familiar with bittorrent protocol but I guess you can always
implement simple L7 filter using ipfw rules to divert packets to a custom
daemon that can parse the data and drop torrent packets. I did something
similar for ICQ several years ago.
On 12/14/06, Julian H. Stacey <[EMAIL PROTECTE
Hi all,
I want back ipv6 link-local routes back, do you know how to do that ? I hope
this significant change will be in release document for 6.2. I did not change
rc.conf since release FreeBSD 6.1 in May06.
This is STABLE RELENG_6, kernel from 28.8.2006 and it is OKAY:
server1# uname
Hi Benjamin,
I recommend you not monowall, but pfsense for its pf and altq framework.
If you want effectively erase bittorents from your network you have to use
snort_inline plus snort on FreeBSD platform with ipfw.
It exists more effectively platform, unfortunaly not for BSD, it is re
Andre Oppermann wrote:
Julian Elischer wrote:
in the ipfw function send_reject6() we go to great length to calculate
the sequence number to put into the ack field of the reject packet..
but it's a RESET we are generating..
do we need to go to all the work of setting the ACK value etc?
Yes,
Alexander Motin wrote:
Julian Elischer wrote:
could we do either of:
1/ not set the ACK bit and just not do the extra work. Just send a
reset?
Reset packet MUST have valid sequence number. Else it will be rejected
as protection from DoS atack.
Andre's reference explains it very well... t
Andre Oppermann wrote:
or
2/ instead of ACKing all the data in the packet we are resetting,
how about just ACKing the sequence number it starts with
and saving ourselves from doing the work of ACKing all the data
up to the current packet end. (which is the packet we are rejecting
anyhow) (It t
> Thus you'd still achieve your ideal of
> avoiding spending money rather than your time on it :-)
Sorry, I wrote that wrongly, I meant:
Thus you'd still spend money & still save spending your own work time on it.
--
Julian Stacey. BSD Unix C Net Consultancy, Munich/Muenchen http://berklix.c
Hi.
Can anybody explain me for sure current license status of Microsoft
Point-to-Point Compression (MPPC) Protocol? It is not implemented in
FreeBSD for years and I think it would be good to change this.
In RFC 2118 told that "Source and object licenses are available on a
non-discriminatory
Synopsis: [net] [patch] ifconfig may not connect an interface to known network
Responsible-Changed-From-To: freebsd-bugs->freebsd-net
Responsible-Changed-By: linimon
Responsible-Changed-When: Thu Dec 14 18:56:16 UTC 2006
Responsible-Changed-Why:
Over to maintainer(s).
http://www.freebsd.org/cgi/
"Benjamin Adams" wrote:
> employees are killing the network with torrents. anyone know a company where
> I can get a box to monitor traffic and kill torrents. Thanks
>
> PS Not looking to build a firewall this time.
Instead of paying money for a box (More space, heat, electricity
bill & fault lia
On Dec 14, 2006, at 9:41 AM, Benjamin Adams wrote:
employees are killing the network with torrents. anyone know a
company where
I can get a box to monitor traffic and kill torrents. Thanks
PS Not looking to build a firewall this time.
If you plan to restrict network traffic, then you're look
Get a faster network.
Baldur
On Thu, Dec 14, 2006 at 12:41:41PM -0500, Benjamin Adams wrote:
> employees are killing the network with torrents. anyone know a company where
> I can get a box to monitor traffic and kill torrents. Thanks
>
> PS Not looking to build a firewall this time.
> _
employees are killing the network with torrents. anyone know a company where
I can get a box to monitor traffic and kill torrents. Thanks
PS Not looking to build a firewall this time.
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mai
Nikos Vassiliadis wrote:
for ipfw man, BUGS section:
Rules which use uid, gid or jail based matching should be used only if
debug.mpsafenet=0 to avoid possible deadlocks due to layering violations
in its implementation.
Oleg Bulyzhin wrote:
> sysctl debug.mpsafenet value?
>
Th
On Thu, Dec 14, 2006 at 12:51:19PM +, Spadge wrote:
> Hi all
>
> I'm completely baffled by how to work this problem out that I am having
> with ipfw/dummynet.
>
> I have created some ipfw rules to use a pipe which dummynet then shapes.
> The problem I appear to be having is that whenever a
On Thursday 14 December 2006 14:51, Spadge wrote:
> Hi all
>
> I'm completely baffled by how to work this problem out that I am having
> with ipfw/dummynet.
>
> I have created some ipfw rules to use a pipe which dummynet then shapes.
> The problem I appear to be having is that whenever a packet
Julian Elischer wrote:
could we do either of:
1/ not set the ACK bit and just not do the extra work. Just send a reset?
Reset packet MUST have valid sequence number. Else it will be rejected
as protection from DoS atack.
___
freebsd-net@freebsd.org
My FTP is 202.119.123.7. From 202.119.117/24 to it, there are two routers.
traceroute to 202.119.123.7 (202.119.123.7), 64 hops max, 40 byte packets
1 202.119.117.254 (202.119.117.254) 0.794 ms 0.809 ms 0.882 ms
2 172.17.2.14 (172.17.2.14) 0.963 ms 0.736 ms 0.868 ms
3 202.119.123.7 (202
Hi.
Ganbold wrote:
Is it possible to give static IP addresses to the users using mpd?
How it should be done? User is authenticating with radius server.
Your RADIUS server should send FRAMED_IP_ADDRESS attribute to mpd
specifying required IP address. When mpd will get that attribute it will
p
Hi all
I'm completely baffled by how to work this problem out that I am having
with ipfw/dummynet.
I have created some ipfw rules to use a pipe which dummynet then shapes.
The problem I appear to be having is that whenever a packet is sent to
the pipe, the entire system locks up and I have t
Alexander Motin wrote:
Ganbold wrote:
OK, so I have to create vlans first on the system and then configure
mpd.links file accordingly and take out the "set pppoe iface bge1"
line from mpd.conf. I will try it sometime later and let you know how
it goes.
Somebody should strip vlan header. If n
Anton Yuzhaninov wrote:
Wednesday, December 13, 2006, 1:30:26 AM, Andre Oppermann wrote:
AO> The patch is available here (it may apply with some fuzz):
AO> http://people.freebsd.org/~andre/tcp_auto_buf-20061212.diff
AO> Any tests and test reports are very welcome.
Please answer on question fr
Wednesday, December 13, 2006, 1:30:26 AM, Andre Oppermann wrote:
AO> The patch is available here (it may apply with some fuzz):
AO> http://people.freebsd.org/~andre/tcp_auto_buf-20061212.diff
AO> Any tests and test reports are very welcome.
Please answer on question from Phil Rosenthal:
PR> 1)
Julian Elischer wrote:
in the ipfw function send_reject6() we go to great length to calculate
the sequence number to put into the ack field of the reject packet..
but it's a RESET we are generating..
do we need to go to all the work of setting the ACK value etc?
Yes, at least some of it.
c
Chris wrote:
On 12/12/06, Andre Oppermann <[EMAIL PROTECTED]> wrote:
This is a patch adding automatic TCP send and receive socket buffer
sizing.
Normally the socket buffers are static (either derived from global
defaults
or set with setsockopt) and do not adapt to real network conditions. Two
王晓东 wrote:
> I have applied the patch of automatic send buffer sizing.
> My log file is:
> Dec 13 21:54:25 FreeBSD kernel: tcp_output: 202.119.117.246 inc sockbuf, old
> 33304, new 41496, sb_cc 30328, snd_wnd 65160, sendwnd 20308
> Dec 13 21:54:25 FreeBSD kernel: tcp_output: 202.119.117.246 inc soc
At Thu, 14 Dec 2006 16:07:03 +0900,
Tomoyuki Okazaki wrote:
>
> Hi all,
>
> NTT is pleased to announce releasing the patch for -current,
> NTT and I would like to merge to -current, and then MFC to 6-stable.
>
And, to just chime in, I've been working with the folks at NTT on this
and this is th
On Thu, Dec 14, 2006 at 12:55:51AM +, MQ wrote:
> 2006/12/12, Oleg Bulyzhin <[EMAIL PROTECTED]>:
> >
> >On Wed, Dec 06, 2006 at 11:54:01AM +0300, Gleb Smirnoff wrote:
> >> Forwarding to net@ list and to Oleg, who has made polling
> >> support for bge(4).
> >>
> >> - Forwarded message from
I have applied the patch of automatic send buffer sizing.
My log file is:
Dec 13 21:54:25 FreeBSD kernel: tcp_output: 202.119.117.246 inc sockbuf, old
33304, new 41496, sb_cc 30328, snd_wnd 65160, sendwnd 20308
Dec 13 21:54:25 FreeBSD kernel: tcp_output: 202.119.117.246 inc sockbuf, old
41496, new
33 matches
Mail list logo
