Re: pf for netgraph jails?

2024-10-31 Thread Patrick M. Hausen
Hi Palle, > Am 31.10.2024 um 16:32 schrieb Palle Girgensohn : > Thanks for the reply. It seems that these MIBs are related to if_bridge, not > ng_bridge? I didn't have them at first, men after kldload if_bridge they > appeared. They make no difference, though, so perhaps they do not relate to >

Re: pf for netgraph jails?

2024-10-16 Thread Patrick M. Hausen
.bridge.pfil_bridge=1 Although I do not know if this ablies to netgraph or to if_bridge(4) only. But obviously your rules are not applied to the bridge interface. The default of the tunables above is the other way round - don't filter on bridge interfaces. HTH, Patrick -- punkt.de GmbH Patrick

Re: drop synfin

2024-08-11 Thread Patrick M. Hausen
Hi all, > Am 11.08.2024 um 16:00 schrieb void : > > Hi, thank you for your response > > On Sun, Aug 11, 2024 at 09:47:28AM -0400, Michael Sierchio wrote: >> sysrc is for editing rc files, and that's not what you want to do. >> >> you may manually set the MIB with sysctl net.inet.tcp.drop_synfin

Re: OpenVPN suddenly working one way only

2024-07-06 Thread Patrick M. Hausen
ackets as part of an automatic "DoS protection" mechanism? Kind regards, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Sophienstr. 187 76185 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de i...@punkt.de AG Mannheim 108285 Geschäftsführer: Daniel Lienert, Fabian Stein

Re: Problem with Ethernet port BCM57416 NetXtreme-E Dual-Media 10G

2024-02-06 Thread Patrick M. Hausen
Hi all! > Am 06.02.2024 um 11:14 schrieb Marcos Lage : > > PciConf : > [...] What about the other two pieces of information I asked for? >> Also please verify with >> >> kldstat >> >> that the if_bnxt.ko module is loaded and add the output of >> >> ifconfig -a Kind regards, Patrick

Re: Problem with Ethernet port BCM57416 NetXtreme-E Dual-Media 10G

2024-02-06 Thread Patrick M. Hausen
Hello Marcos, > Am 06.02.2024 um 07:26 schrieb Marcos Lage : > > Hello, I have a problem with the installation of OPNSense 24.1. OPNsense 24.1 is based on FreeBSD 13.2-RELEASE-p9. > I am unable to activate the Ethernet port BCM57416 NetXtreme-E Dual-Media 10G > RDMA Ethernet Controller. Could

Odd performance problems with many vnet jail on a bridge and (possibly) ipfw

2024-01-05 Thread Patrick M. Hausen
Patrick -- punkt.de GmbH Patrick M. Hausen infrastructure Sophienstr. 187 76185 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de i...@punkt.de AG Mannheim 108285 Geschäftsführer: Daniel Lienert, Fabian Stein

Display of bridge member interfaces cut short - bug or intention?

2023-12-20 Thread Patrick M. Hausen
ge configuration. What's happening here? Is this intentional or shall I file a bug report? More importantly: either way is this only cosmetic or will we hit another unexpected limit of the number of interfaces that can be members of a bridge any time soon? Kind regards, Patrick -- p

Re: Odd values for various memory metrics via SNMP

2023-12-19 Thread Patrick M. Hausen
m not to paint them bright red. Kind regards, Patrick -- punkt.de GmbH Patrick M. Hausen infrastructure Sophienstr. 187 76185 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de i...@punkt.de AG Mannheim 108285 Geschäftsführer: Daniel Lienert, Fabian Stein

Re: Odd values for various memory metrics via SNMP

2023-12-19 Thread Patrick M. Hausen
HOST-RESOURCES-MIB::hrStorageAllocationUnits.3 = INTEGER: 4096 Bytes HOST-RESOURCES-MIB::hrStorageSize.3 = INTEGER: 1279129 HOST-RESOURCES-MIB::hrStorageUsed.3 = INTEGER: 1258824 HOST-RESOURCES-MIB::hrStorageAllocationFailures.3 = Counter32: 0 Kind regards, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructu

Odd values for various memory metrics via SNMP

2023-12-16 Thread Patrick M. Hausen
g on here? What do these numbers actually mean? Where do they come from? Are they artefacts of the SNMP implementation not taylored perfectly for FreeBSD or are they some real metric that ends up interpreted wrong in the NMS (Observium)? Thanks and kind regards, Patrick -- punkt.de GmbH

Re: VLAN not working - jails, bridges, and VLANs

2023-07-26 Thread Patrick M. Hausen
interface - if the host needs IP connectivity in that VLAN assign IP addresses to the bridge and not to the VLAN - connect the jail to that bridge One bridge per VLAN. Running in production with about 1000 jails, here. HTH, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Sophienstr.

Re: Lagg and multi-gigabit questions/proablems

2022-11-09 Thread Patrick M. Hausen
/LACP will give you only a single interface's bandwidth for a single stream? That's by design, because reordering of TCP packets is bad. You would need to test with multiple endpoints, because most commonly distribution is per IP address hash. HTH, Patrick -- punkt.de GmbH Patrick

Re: FRR ospf6 and bridge interfaces.

2022-06-11 Thread Patrick M. Hausen
and OSPF6 > ... which doesn't, I think dumped traffic on the bridge. > no OSPF6 packets on the bridge. IPV6 pings work. Host and VM are both > 13.1-RELEASE. Did you configure the host IP addresses on the physical bridge member or on the bridge interface? You must do the lat

Re: how to bridge "native" vlan?

2022-04-21 Thread Patrick M. Hausen
oes anybody know if the same restriction applies to ng_bridge(4)? Kind regards, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de i...@punkt.de AG Mannheim 108285 Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein

Re: Wireguard, MTUs, and jumbo packets

2022-04-04 Thread Patrick M. Hausen
TU = 1280 Wether your path will be capable of transporting packets with a tunnel MTU of 1500 is left for you to take care of - outside of WG. WireGuard overhead is 60 bytes for IPv4 transport and 80 bytes for IPv6. HTH, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiseralle

Re: epair and vnet jail loose connection.

2022-03-15 Thread Patrick M. Hausen
Just wanted to say: thanks for all your incredible work, guys! Kind regards, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de i...@punkt.de AG Mannheim 108285 Geschäftsführer: Jürgen Egeling

Re: epair and vnet jail loose connection.

2022-03-13 Thread Patrick M. Hausen
t to accept" rule active in the jails. I will probably downgrade the production host from 13.1-PRERELEASE to 13.0-pX tomorrow and see if that changes anything. Kind regards, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel.

Re: epair and vnet jail loose connection.

2022-03-09 Thread Patrick M. Hausen
in_menq == 1 / { printf("Enqueue task"); } fbt:if_epair:epair_tx_start_deferred:entry { printf("epair_tx_start_deferred"); } -- -- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.pun

Re: can't bridge an I/F with jumbo to taps, deleted bridge 'flags' are sticky if you remake them

2022-01-13 Thread Patrick M. Hausen
> > FreeBSD 12-2-RELEASE-p6 (if this is fixed in newer FreeBSD) Are you in a position to test FreeBSD 13? The bridge code has been more or less completely rewritten. Kind regards, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 91095

Re: sender source IP address on UDP socket bound to INADDR_ANY in golang

2021-05-14 Thread Patrick M. Hausen
setsockopt() because it's an IPv6 socket. Correct? Why can you have a single socket on both address families, anyway? IPv4 and IPv6 are as "related" as IP and IPX - if you go dual stack, treat them both separately - no? Any light you can shed on this issue greatly appreciated. Tha

Re: sender source IP address on UDP socket bound to INADDR_ANY in golang

2021-05-11 Thread Patrick M. Hausen
Hi! > Am 11.05.2021 um 12:38 schrieb Peter Jeremy : > > On 2021-May-08 19:05:56 +0200, "Patrick M. Hausen" wrote: >> I am facing a problem that is perfectly explained by the semantics >> of the socket interface for UDP, if one assumes that the application >>

sender source IP address on UDP socket bound to INADDR_ANY in golang

2021-05-08 Thread Patrick M. Hausen
util/udp_unix.go#L47 I am familiar with the socket API in C (and could always fetch a copy of "Stevens" from my shelf), but don't know enough about golang to make any progress from here. Anyone who can help? Thanks! Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiser

Re: PF Question

2020-11-22 Thread Patrick M. Hausen
Kind regards, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de i...@punkt.de AG Mannheim 108285 Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein signature.asc Description: Message signed with OpenPGP

Re: Help with VNET

2020-10-21 Thread Patrick M. Hausen
ion and Fusion can do it. But they rewrite MAC addresses or some such - it's ugly. Kind regards, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de i...@punkt.de AG Mannheim 108285 Geschäftsführer:

Re: IP MTU on gif and gre interfaces (with and without IPSec encryption)

2020-03-23 Thread Patrick M. Hausen
idea, I guess historical ;-) Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de i...@punkt.de AG Mannheim 108285 Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein __

IP_BINDANY in a jail?

2020-02-04 Thread Patrick M. Hausen
xy process logs: sslh-fork: setsockopt IP_BINDANY:1:Operation not permitted Thanks, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de i...@punkt.de AG Mannheim 108285 Geschäftsführer: Jürgen Egeling,

Re: IPv6, SLAAC, routing in iocage jail

2020-01-08 Thread Patrick M. Hausen
'll open a bug ticket for FreeBSD - no FreeNAS or iocage issue. Thanks! Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de i...@punkt.de AG Mannheim 108285 Geschäftsführer: Jürgen

Re: IPv6, SLAAC, routing in iocage jail

2020-01-08 Thread Patrick M. Hausen
vnet" (only allow vnet-enabled jails) to the list of KEYWORDS to skip in rcorder(8). Shouldn't the latter be named "onlyjailvnet" or some such? Naming things ... ;-) Kind regards, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 K

IPv6, SLAAC, routing in iocage jail

2020-01-08 Thread Patrick M. Hausen
regards, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de i...@punkt.de AG Mannheim 108285 Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein

Re: IPSec transport mode, mtu, fragmentation...

2019-12-23 Thread Patrick M. Hausen
ugh the box instead of originating locally - the SA was in in tunnel mode or - there was an interface for the encrypted connection with lower MTU Looks like an oversight for transport mode and locally originating traffic to me. Kind regards, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructur

Re: Continuing problems in a bridged VNET setup

2019-12-21 Thread Patrick M. Hausen
Hi all, kp@ and bz@ stepped in to help, now that we finally have a non-productive test system that is capable of reproducing the problem. Seems like it is related or identical to this bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=227100 Just to keep everyone informed and justify the no

Re: Continuing problems in a bridged VNET setup

2019-12-21 Thread Patrick M. Hausen
-- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de i...@punkt.de AG Mannheim 108285 Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein ___ freebsd-net

Continuing problems in a bridged VNET setup

2019-12-20 Thread Patrick M. Hausen
a suggestion what diagnostic measures could help to pinpoint the culprit? The random occurrance and the fact that the problem seems to prefer the production environment only makes this a real pain ... Thanks and kind regards, Patrick -- punkt.de GmbH Patrick

Re: NFSv4 without Kerberos

2019-08-16 Thread Patrick M. Hausen
i all, > Am 16.08.2019 um 14:37 schrieb Alexander Lunev via freebsd-net > : > >> /NFS -maproot=root -sec=krb5i >> V4: /NFS -sec=krb5i >> and this work ok for nfsv4 mount (mount -t nfsv4 host:/) >> May be order is important? > > I've already tried in any order, it doesn't change anything. > >

Re: Preferring internal IPv6 source address over gif tunnel IP?

2019-07-31 Thread Patrick M. Hausen
Hi! > Am 31.07.2019 um 14:07 schrieb Viktor Dukhovni : > Since a bunch of my traffic is SMTP, I need reverse resolution for > outgoing IPv6, which means that I need the outgoing sources address > to be ::1, not ::2, even though the > routing table lists "gif0" as the interface with the default ro

Re: IPFW NAT64 changed 11.2 --> 11.3?

2019-06-26 Thread Patrick M. Hausen
Hi all, first, for completeness: > So (3rd line) the SYN/ACK arrives with correct IPv4 addresses then get’s > forwarded with a source address of > > :200:0:50:e689:9765:7085 instead of 64:ff9b::9765:7085 That looks like random garbage due to an uninitialized struct in6_addr. > Then we h

Re: IPFW NAT64 changed 11.2 --> 11.3?

2019-06-26 Thread Patrick M. Hausen
Hi all, > Am 26.06.2019 um 12:28 schrieb Andrey V. Elsukov : > > On 26.06.2019 13:10, Patrick M. Hausen wrote: >> tcpdump will take some more time, currently we do not have /dev/bpf in these >> jails. > > So, nat64_direct_output didn't help? > Does `ipf

Re: IPFW NAT64 changed 11.2 --> 11.3?

2019-06-26 Thread Patrick M. Hausen
> Am 26.06.2019 um 11:47 schrieb Andrey V. Elsukov : > Check the output of the following commands on both translators: > > # sysctl net.inet.ip.fw | grep nat64 > # ipfw nat64lsn all list > # ipfw nat64lsn NAT64 stats Working 11.2 system: root@gate64:~ # sysctl net.inet.ip.fw | grep nat64 net.ine

IPFW NAT64 changed 11.2 --> 11.3?

2019-06-26 Thread Patrick M. Hausen
Hi all, we have a bit of a problem with some new servers that use NAT64 to access certain services that offer only legacy IP - like github. As far as I found the respective NAT64 gateways (in jails with VNET) are configured identically except for the particular addresses, of course. Yet, 11.2 wo

Re: Eliminating IPv6 (?)

2019-06-19 Thread Patrick M. Hausen
Hi! > Am 19.06.2019 um 09:14 schrieb Andreas Nilsson : > As soon as set firewall_script instead of firewall_type your problems will > be solved. Just try it. The man page for rc.conf will tell you the same > thing. He will need to adjust his rule file, though. Setting firewall_type to an absolute

Re: localhost woes -- help requested

2019-06-19 Thread Patrick M. Hausen
Hi! > Am 19.06.2019 um 08:23 schrieb Ronald F. Guilmette : > So basically you're telling me that local-unbound has taken it upon > itself to decide for me, regardless of what is or isn't in my /etc/hosts > file, what addresses "localhost" should resolve to?? > > If so, that really is rather presu

Re: Eliminating IPv6 (?)

2019-06-18 Thread Patrick M. Hausen
Hi all, > Am 18.06.2019 um 13:54 schrieb Robert Huff : > > If this is true - haven't checked personally - then it's a bug. > (And a non-trivial one, the fact you're the first to report it > notwithstanding.) > Can you please open a bug report? I doubt it would qualify as a bug - poss

Re: Eliminating IPv6 (?)

2019-06-18 Thread Patrick M. Hausen
Hi! > Am 18.06.2019 um 09:44 schrieb Ronald F. Guilmette : > As I have already learned, the /etc/rc.firewall script also assumes both the > presence of, and the desirability of IPv6 support. And unless one edits that > file manually... which I have been effectively forced to do... there is no way

Re: VLANs for use with jails

2019-05-17 Thread Patrick M. Hausen
Hi! > Am 17.05.2019 um 10:58 schrieb Christian Baer : > > Hi, > i still can’t get it to work. Two problems that I see: > ifconfig_igb0="inet 10.0.3.11/24 -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso > -vlanhwtso" > ifconfig_vlan30="inet 10.0.3.12/24 vlan 30 vlandev igb1 description LAN“ One do

Re: VLANs for use with jails

2019-05-14 Thread Patrick M. Hausen
Hi! Not tested, minor typos possible ... > Am 10.05.2019 um 23:02 schrieb Christian Baer : > ifconfig_igb1="inet 10.0.3.12/24 -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso > -vlanhwtso" > ifconfig_igb1_ipv6="inet6 accept_rtadv -lro -tso“ > [...] > What's the proper way to set up igb1 to be untagg

Re: bnxt(4) and VLANs - supposed to work?

2019-03-20 Thread Patrick M. Hausen
Hi! > Am 20.03.2019 um 13:23 schrieb Andrey V. Elsukov : > > Did you try to run `ifconfig bnxt0 up`? Now I feel stupid ;-) I can only say I expected the FreeNAS config system to take care of that. Seems like it doesn’t. But … that alone did not help. I see frames with tcpdump but still no traff

bnxt(4) and VLANs - supposed to work?

2019-03-20 Thread Patrick M. Hausen
Hi all, FreeBSD 11.2-STABLE (FreeNAS): bnxt0: flags=8842 metric 0 mtu 1500 options=e527bb ether 00:25:90:5f:9a:82 hwaddr 00:25:90:5f:9a:82 nd6 options=9 media: Ethernet autoselect (1000baseT ) status: active vlan1: flags=8843 metric 0 mtu 1500 options=600703 ether 00:

Re: Bridges on VLAN-tagged interfaces.

2019-03-19 Thread Patrick M. Hausen
Hi! > Am 18.03.2019 um 22:12 schrieb Eric Bautsch : > I now have a bridge0 on re0.33 which works, great. > I now configure a bridge1 which contains re0 and put an IP on that bridge, > and hey presto, that IP pings, but the IP on bridge0 on VLAN 33 stops pinging. IMHO you should not be mixing VLA

Re: Bridges on VLAN-tagged interfaces.

2019-03-11 Thread Patrick M. Hausen
Hi! have you done an „ifconfig up“ for the physical interface? This works in our environment: ifconfig_ixl0="up" cloned_interfaces="vlan11 bridge0" ifconfig_vlan11="up vlan 11 vlandev ixl0" ifconfig_bridge0_name="inet0" ifconfig_inet0="addm vlan11 up" ifconfig_inet0_alias0="inet " ifco

Re: TCP-forwarding with netcat - weird failures ...

2019-03-04 Thread Patrick M. Hausen
Hi Eugene, > Am 04.03.2019 um 12:21 schrieb Eugene Grosbein : > > 04.03.2019 17:43, Patrick M. Hausen wrote: > >> Needless to say: doesn’t work. And no, it’s not the obvious ARP caches. >> Connections can be established but then abort spontaneously without >> a

TCP-forwarding with netcat - weird failures ...

2019-03-04 Thread Patrick M. Hausen
Hi all, in a particular customer network we have a world wide VPN with partially overlapping addresses, renumbering impossible due to political reasons, and all the fun you can have in the „enterprise“ environment. No IPv6 either, newfangled nonsense … :-/ So to access a certain set of services w

Re: Performance issues with VNET/bridge/VLAN

2019-02-28 Thread Patrick M. Hausen
Hi, just a quick info - I need some more time because this is getting weirder and weirder … Changing the „complaint“ host from VLANs to dedicated interfaces fixed the perceived TCP performance issue for that host. Then I tried to reproduce the problem on another host *with* the VLAN based setup.

Re: Performance issues with VNET/bridge/VLAN

2019-02-22 Thread Patrick M. Hausen
Hi! > Am 22.02.2019 um 18:03 schrieb Michael Grimm : > > Am 2019-02-22 11:31, schrieb Patrick M. Hausen: > > [x-posted to freebsd-j...@freebsd.org] > >> The machine is an iocage jail host, all jails with VNET. >> The problem is: network performance in t

Performance issues with VNET/bridge/VLAN

2019-02-22 Thread Patrick M. Hausen
Hi all, please have a look at these two network setups: --- separate interfaces --- ifconfig_ixl0="up" ifconfig_ixl1="up" cloned_interfaces="bridge0 bridge1" ifconfig_bridge0_name="inet0" ifconfig_inet0="addm ixl0 up" ifconfig_inet0_alias0="inet ww.xx.yy.zz/24" ifconfig_inet0_ipv6="ine

Re: Running PPPoE server in jail, possible with VNET?

2019-02-21 Thread Patrick M. Hausen
Hi all, > Am 21.02.2019 um 08:23 schrieb Alexander Zagrebin : > To pass PPPoE packets via bridge you have to set the kernel variable > net.link.bridge.pfil_onlyip to 0 (`sysctl > net.link.bridge.pfil_onlyip=0`)… Doesn’t this apply only if you have some kind of packet filter active on the bridge

Re: isc-dhcpd refuses access?

2018-11-18 Thread Patrick M. Hausen
Hi! > Am 16.11.2018 um 22:51 schrieb Freddie Cash : > While FreeBSD is generally better than most at supporting hybrid interfaces > (tagged and untagged vlans on the same NIC), you really shouldn't do that. > Configure it either as an access port (untagged vlan only) or a trunk port > (tagged vlan

Re: isc-dhcpd refuses access?

2018-11-16 Thread Patrick M. Hausen
Hi! > Am 16.11.2018 um 21:37 schrieb Zaphod Beeblebrox : > Oddly, however, when restarted, dhcpd says it is listening on bge0.31 and > bge0.221, but ignores bge0. Help? Did you set „dhcpd_ifaces“ and if yes, to which value? If not, have you tried setting it? rc.conf … Kind regards, Patrick --

Re: ECN+ Implementation

2018-11-03 Thread Patrick M. Hausen
Hi! > I am trying to implement ECN+ (rfc5562 ) > in FreeBSD. > I am not able to figure out the code where SYN and SYN+ACK is sent and > received. > Please guide me to correct part of code. It was looking into tcp_input.c > and tcp_output.c but couldn't get it f

Re: sysctl for carp and pfsync on boot

2018-08-24 Thread Patrick M. Hausen
Hi! > Am 24.08.2018 um 12:43 schrieb Kajetan Staszkiewicz : > > On Wednesday, 22 August 2018 17:11:59 CEST Patrick M. Hausen wrote: >> Hi all, >> >>> Am 22.08.2018 um 17:00 schrieb Kajetan Staszkiewicz >>> : Is there a preferred way to configure sysct

Re: sysctl for carp and pfsync on boot

2018-08-22 Thread Patrick M. Hausen
Hi all, > Am 22.08.2018 um 17:00 schrieb Kajetan Staszkiewicz : > Is there a preferred way to configure sysctls for modules loaded from > kld_list? We found the same problem in our setup making extensive use of if_bridge. Now we simply load that module early via loader.conf - all sysctls availab

Running bridged interfaces inside VMware ESXi

2018-08-14 Thread Patrick M. Hausen
Hi all, I'm trying to deploy our "proServer" setup inside a VM that is unfortunately not controlled by us. Problem is that I can connect to and ping the host (i.e. FreeBSD running in the hypervisor VM), but network connectivity to a jail using VIMAGE and a bridged interface with iocage is ener

Re: DHCP vs. SYNCDHCP in rc.conf

2018-08-07 Thread Patrick M. Hausen
Hi! > Am 07.08.2018 um 11:07 schrieb Herbert J. Skuhra : > Hmm, works for me! Tested on a Raspberry Pi 2 and 3 (both CURRENT) and a > VM (11.2-RELEASE-p1 and CURRENT). Have you tried to boot with "rc_debug=YES"? Weird. You are correct - I cannot reproduce which typo or similar caused it to fail b

DHCP vs. SYNCDHCP in rc.conf

2018-08-07 Thread Patrick M. Hausen
Hi all, from reading the docs I think that SYNCDHCP is supposed to wait for dhclient to finish and that there should not be another difference. But then why does ifconfig_em0_name="inet0" ifconfig_inet0="SYNCDHCP" in rc.conf lead to the desired result while ifconfig_em0

Re: How to setup ethernet address and IPv4 address on interface?

2016-06-29 Thread Patrick M. Hausen
Hi, all, > Am 29.06.2016 um 14:23 schrieb Slawa Olhovchenkov : > > On Wed, Jun 29, 2016 at 02:13:59PM +0200, Patrick M. Hausen wrote: > >> What about using a combination of >> >> ifconfig_em1 >> ipv4_addrs_em1 >> >> in rc.conf? > &g

Re: How to setup ethernet address and IPv4 address on interface?

2016-06-29 Thread Patrick M. Hausen
Hi! > Am 29.06.2016 um 14:01 schrieb Slawa Olhovchenkov : > I am need in one call, multiple commands not allways allowed. > Using /etc/start_if.$IFNAME produce side effects and can mask errors > in rc.conf. What about using a combination of ifconfig_em1 ipv4_addrs_em1 in rc.conf? Kind regards