Greetings All, Am running FreeBSD 7.0 on ET/BWMGR appliance. Ive hit a snag when trying to start natd, the box freezes. On googing ive found that it seems tobe a bug in natd within FreeBSD 7.0 but no work around is provided. Anyone on this list with a possible solution. I've run out of support licence for this box so even if Denis wanted to help, he cant without $$$. Any help is welcome. Alex
On Tue, May 26, 2009 at 3:45 PM, Kisakye Alex <akisakye@ucs.ucu.ac.ug>wrote:
Greetings All,
Am running FreeBSD 7.0 on ET/BWMGR appliance. Ive hit a snag when trying to start natd, the box freezes. On googing ive found that it seems tobe a bug in natd within FreeBSD 7.0 but no work around is provided. Anyone on this list with a possible solution. I've run out of support licence for this box so even if Denis wanted to help, he cant without $$$.
Where is the bug documented? But you can update the FreeBSD on the ET/BWMGR, yes? At one point when I looked at one, I thought I could:-) -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "Clothes make the man. Naked people have little or no influence on society." -- Mark Twain
Odhiambo ワシントン wrote:
On Tue, May 26, 2009 at 3:45 PM, Kisakye Alex <akisakye@ucs.ucu.ac.ug <mailto:akisakye@ucs.ucu.ac.ug>> wrote:
Greetings All,
Am running FreeBSD 7.0 on ET/BWMGR appliance. Ive hit a snag when trying to start natd, the box freezes. On googing ive found that it seems tobe a bug in natd within FreeBSD 7.0 but no work around is provided. Anyone on this list with a possible solution. I've run out of support licence for this box so even if Denis wanted to help, he cant without $$$.
Where is the bug documented? But you can update the FreeBSD on the ET/BWMGR, yes? At one point when I looked at one, I thought I could:-)
Been looking at this doc http://unix.derkeiler.com/Mailing-Lists/FreeBSD/net/2008-06/msg00190.html Am going to look into upgrading the FreeBSD thanks
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "Clothes make the man. Naked people have little or no influence on society." -- Mark Twain ------------------------------------------------------------------------
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
On Tue, May 26, 2009 at 4:18 PM, Kisakye Alex <akisakye@ucs.ucu.ac.ug>wrote:
Odhiambo ワシントン wrote:
On Tue, May 26, 2009 at 3:45 PM, Kisakye Alex <akisakye@ucs.ucu.ac.ug<mailto: akisakye@ucs.ucu.ac.ug>> wrote:
Greetings All,
Am running FreeBSD 7.0 on ET/BWMGR appliance. Ive hit a snag when trying to start natd, the box freezes. On googing ive found that it seems tobe a bug in natd within FreeBSD 7.0 but no work around is provided. Anyone on this list with a possible solution. I've run out of support licence for this box so even if Denis wanted to help, he cant without $$$.
Where is the bug documented? But you can update the FreeBSD on the ET/BWMGR, yes? At one point when I looked at one, I thought I could:-)
Been looking at this doc http://unix.derkeiler.com/Mailing-Lists/FreeBSD/net/2008-06/msg00190.html Am going to look into upgrading the FreeBSD
I am still quite surprised how you related the problem defined here to your situation. Is ipfw the engine they use inside ET/BWMGR?? Does your ET have the same interface names as the one of this thread (vr0 and fxp0) ?? We could do with a capture of your dmesg.boot, if any. BTW, does the storage in the ET ever get full? How often do they rotate the logs? Or how do they do the traffic analysis (snmp?)? Anyway, I still think you can update the ET to try and resolve the problem. If you don't then you still have to buy another BWMGR anyway, no? So you really don't stand to lose. Good luck. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "Clothes make the man. Naked people have little or no influence on society." -- Mark Twain
Odhiambo ワシントン wrote:
On Tue, May 26, 2009 at 4:18 PM, Kisakye Alex <akisakye@ucs.ucu.ac.ug <mailto:akisakye@ucs.ucu.ac.ug>> wrote:
Odhiambo ワシントン wrote:
On Tue, May 26, 2009 at 3:45 PM, Kisakye Alex <akisakye@ucs.ucu.ac.ug <mailto:akisakye@ucs.ucu.ac.ug> <mailto:akisakye@ucs.ucu.ac.ug <mailto:akisakye@ucs.ucu.ac.ug>>> wrote:
Greetings All,
Am running FreeBSD 7.0 on ET/BWMGR appliance. Ive hit a snag when trying to start natd, the box freezes. On googing ive found that it seems tobe a bug in natd within FreeBSD 7.0 but no work around is provided. Anyone on this list with a possible solution. I've run out of support licence for this box so even if Denis wanted to help, he cant without $$$.
Where is the bug documented? But you can update the FreeBSD on the ET/BWMGR, yes? At one point when I looked at one, I thought I could:-)
Been looking at this doc http://unix.derkeiler.com/Mailing-Lists/FreeBSD/net/2008-06/msg00190.html Am going to look into upgrading the FreeBSD
I am still quite surprised how you related the problem defined here to your situation. Is ipfw the engine they use inside ET/BWMGR?? Does your ET have the same interface names as the one of this thread (vr0 and fxp0) ?? We could do with a capture of your dmesg.boot, if any. BTW, does the storage in the ET ever get full? How often do they rotate the logs? Or how do they do the traffic analysis (snmp?)?
Anyway, I still think you can update the ET to try and resolve the problem. If you don't then you still have to buy another BWMGR anyway, no? So you really don't stand to lose. Good luck.
Actually my interfaces are em0,em1,em2 and em4. After setting up the interfaces am supposed run a script rc.natd which I have attarched (Am new to BSD's but i can see its setting up ipfw rule somewhere). The point where its calling "/sbin/ipfw -q add 5000 divert natd all from any to any via $PUBIFAC" is where the box freezes..... I have also attarched another file dmesg.today hope it is helpful. The box is relatively new so I can't say alot about its perfomance. However this is its output of df -h r2400# df -h Filesystem Size Used Avail Capacity Mounted on /dev/ad8s1a 421M 147M 241M 38% / devfs 1.0K 1.0K 0B 100% /dev /dev/ad8s1e 560M 24M 492M 5% /var /dev/ad8s1f 68G 526M 62G 1% /usr thanks ALex
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "Clothes make the man. Naked people have little or no influence on society." -- Mark Twain ------------------------------------------------------------------------
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
Copyright (c) 1992-2008 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 7.0-RELEASE #2: Thu Dec 4 14:46:22 EST 2008 root@bigby7.localdomain.com:/usr/src/sys/i386/compile/SMP Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel(R) Celeron(R) CPU 430 @ 1.80GHz (1795.51-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x10661 Stepping = 1 Features=0xafebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,PBE> Features2=0xe31d<SSE3,RSVD2,MON,DS_CPL,TM2,SSSE3,CX16,xTPR,PDCM> AMD Features=0x20100000<NX,LM> AMD Features2=0x1<LAHF> real memory = 1072103424 (1022 MB) avail memory = 1039790080 (991 MB) ACPI APIC Table: <PTLTD APIC > ioapic0 <Version 2.0> irqs 0-23 on motherboard ioapic1 <Version 2.0> irqs 24-47 on motherboard kbd1 at kbdmux0 acpi0: <SHIMAS SDS-ONE> on motherboard acpi0: [ITHREAD] acpi0: Power Button (fixed) Timecounter "ACPI-safe" frequency 3579545 Hz quality 850 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1008-0x100b on acpi0 cpu0: <ACPI CPU> on acpi0 p4tcc0: <CPU Frequency Thermal Control> on cpu0 pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0 pci0: <ACPI PCI bus> on pcib0 pcib1: <ACPI PCI-PCI bridge> irq 16 at device 1.0 on pci0 pci1: <ACPI PCI bus> on pcib1 pcib2: <ACPI PCI-PCI bridge> at device 0.0 on pci1 pci2: <ACPI PCI bus> on pcib2 pci2: <network, ethernet> at device 2.0 (no driver attached) pci2: <network, ethernet> at device 2.1 (no driver attached) pci0: <serial bus, USB> at device 26.0 (no driver attached) pci0: <serial bus, USB> at device 26.1 (no driver attached) pci0: <serial bus, USB> at device 26.2 (no driver attached) pci0: <serial bus, USB> at device 26.7 (no driver attached) pcib3: <ACPI PCI-PCI bridge> irq 16 at device 28.0 on pci0 pci5: <ACPI PCI bus> on pcib3 pcib4: <ACPI PCI-PCI bridge> irq 16 at device 28.4 on pci0 pci13: <ACPI PCI bus> on pcib4 pci13: <network, ethernet> at device 0.0 (no driver attached) pcib5: <ACPI PCI-PCI bridge> irq 17 at device 28.5 on pci0 pci15: <ACPI PCI bus> on pcib5 pci15: <network, ethernet> at device 0.0 (no driver attached) pci0: <serial bus, USB> at device 29.0 (no driver attached) pci0: <serial bus, USB> at device 29.1 (no driver attached) pci0: <serial bus, USB> at device 29.2 (no driver attached) pci0: <serial bus, USB> at device 29.7 (no driver attached) pcib6: <ACPI PCI-PCI bridge> at device 30.0 on pci0 pci17: <ACPI PCI bus> on pcib6 vgapci0: <VGA-compatible display> port 0x5000-0x50ff mem 0xd0000000-0xd7ffffff,0xd8400000-0xd840ffff irq 22 at device 3.0 on pci17 atapci0: <ITE IT8213F UDMA33 controller> port 0x5420-0x5427,0x5414-0x5417,0x5418-0x541f,0x5410-0x5413,0x5400-0x540f irq 23 at device 4.0 on pci17 atapci0: [ITHREAD] ata2: <ATA channel 0> on atapci0 ata2: [ITHREAD] ata3: <ATA channel 1> on atapci0 ata3: [ITHREAD] isab0: <PCI-ISA bridge> at device 31.0 on pci0 isa0: <ISA bus> on isab0 atapci1: <Intel AHCI controller> port 0x1c50-0x1c57,0x1c44-0x1c47,0x1c48-0x1c4f,0x1c40-0x1c43,0x18e0-0x18ff mem 0xd8701000-0xd87017ff irq 17 at device 31.2 on pci0 atapci1: [ITHREAD] atapci1: AHCI Version 01.20 controller with 6 ports detected ata4: <ATA channel 0> on atapci1 ata4: [ITHREAD] ata5: <ATA channel 1> on atapci1 ata5: port not implemented ata5: [ITHREAD] ata6: <ATA channel 2> on atapci1 ata6: port not implemented ata6: [ITHREAD] ata7: <ATA channel 3> on atapci1 ata7: port not implemented ata7: [ITHREAD] ata8: <ATA channel 4> on atapci1 ata8: port not implemented ata8: [ITHREAD] ata9: <ATA channel 5> on atapci1 ata9: port not implemented ata9: [ITHREAD] pci0: <serial bus, SMBus> at device 31.3 (no driver attached) pci0: <dasp> at device 31.6 (no driver attached) acpi_button0: <Power Button> on acpi0 atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0 atkbd0: <AT Keyboard> irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] atkbd0: [ITHREAD] sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 sio0: type 16550A sio0: [FILTER] em0: <Intel(R) PRO/1000 Network Connection Version - 6.7.3> port 0x3000-0x301f mem 0xd8200000-0xd821ffff irq 16 at device 0.0 on pci13 em0: Using MSI interrupt em0: Ethernet address: 00:30:48:d1:c3:94 em0: [FILTER] em1: <Intel(R) PRO/1000 Network Connection Version - 6.7.3> port 0x4000-0x401f mem 0xd8300000-0xd831ffff irq 17 at device 0.0 on pci15 em1: Using MSI interrupt em1: Ethernet address: 00:30:48:d1:c3:95 em1: [FILTER] em2: <Intel(R) PRO/1000 Network Connection Version - 6.7.3> port 0x2000-0x203f mem 0xd8000000-0xd801ffff irq 24 at device 2.0 on pci2 em2: Ethernet address: 00:e0:ed:09:d4:08 em2: [FILTER] em3: <Intel(R) PRO/1000 Network Connection Version - 6.7.3> port 0x2040-0x207f mem 0xd8020000-0xd803ffff irq 25 at device 2.1 on pci2 em3: Ethernet address: 00:e0:ed:09:d4:09 em3: [FILTER] pmtimer0 on isa0 orm0: <ISA Option ROM> at iomem 0xc0000-0xcafff pnpid ORM0000 on isa0 ata0 at port 0x1f0-0x1f7,0x3f6 irq 14 on isa0 ata0: [ITHREAD] ata1 at port 0x170-0x177,0x376 irq 15 on isa0 ata1: [ITHREAD] sc0: <System console> at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> sio1: configured irq 3 not in bitmap of probed irqs 0 sio1: port may not be enabled vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 Timecounter "TSC" frequency 1795510638 Hz quality 800 Timecounters tick every 1.000 msec ipfw2 initialized, divert enabled, rule-based forwarding enabled, default to accept, logging disabled acd0: DVDROM <DVD-ROM UJDA780/1.50> at ata2-slave PIO4 ad8: 76319MB <WDC WD800AAJS-00WAA0 58.01D58> at ata4-master SATA300 Trying to mount root from ufs:/dev/ad8s1a Bridge Module Version 1 ET/BWMGR Driver v4.0RC1 ET/BYPASS Driver v1.2 bridge0: Ethernet address: 06:a3:dc:0f:b5:40 em0: link state changed to UP em1: link state changed to UP free inode /var/11606 had 2 blocks #!/bin/sh case $1 in stop) #Remove the divert rule, and stop natd. /sbin/ipfw -q delete 5000 killall natd 1> /dev/null 2>/dev/null ;; *) STOP="NO" [ ! -f /etc/natd.conf ] && STOP="Missing /etc/natd.conf! Aborting." if [ "$STOP" = "NO" ] ; then PUBIFAC=`cat /etc/natd.conf|grep -v ^#|grep interface|head -1|awk '{print $2}'` if [ "$PUBIFAC" = "" ] ; then STOP="No interface defined in /etc/natd.conf! Aborting." fi fi if [ "$STOP" = "NO" ] ; then # Add the divert rule. Interface here must match the one in natd.conf /sbin/ipfw -q add 5000 divert natd all from any to any via $PUBIFAC #start natd /sbin/natd -f /etc/natd.conf else echo "$STOP" exit fi ;; esac
1. /etc/rc.conf ?? 2. ipfw list ?? - Output On 5/26/09, Kisakye Alex <akisakye@ucs.ucu.ac.ug> wrote:
Odhiambo ワシントン wrote:
On Tue, May 26, 2009 at 4:18 PM, Kisakye Alex <akisakye@ucs.ucu.ac.ug <mailto:akisakye@ucs.ucu.ac.ug>> wrote:
Odhiambo ワシントン wrote:
On Tue, May 26, 2009 at 3:45 PM, Kisakye Alex <akisakye@ucs.ucu.ac.ug <mailto:akisakye@ucs.ucu.ac.ug> <mailto:akisakye@ucs.ucu.ac.ug <mailto:akisakye@ucs.ucu.ac.ug>>> wrote:
Greetings All,
Am running FreeBSD 7.0 on ET/BWMGR appliance. Ive hit a snag when trying to start natd, the box freezes. On googing ive found that it seems tobe a bug in natd within FreeBSD 7.0 but no work around is provided. Anyone on this list with a possible solution. I've run out of support licence for this box so even if Denis wanted to help, he cant without $$$.
Where is the bug documented? But you can update the FreeBSD on the ET/BWMGR, yes? At one point when I looked at one, I thought I could:-)
Been looking at this doc
http://unix.derkeiler.com/Mailing-Lists/FreeBSD/net/2008-06/msg00190.html Am going to look into upgrading the FreeBSD
I am still quite surprised how you related the problem defined here to your situation. Is ipfw the engine they use inside ET/BWMGR?? Does your ET have the same interface names as the one of this thread (vr0 and fxp0) ?? We could do with a capture of your dmesg.boot, if any. BTW, does the storage in the ET ever get full? How often do they rotate the logs? Or how do they do the traffic analysis (snmp?)?
Anyway, I still think you can update the ET to try and resolve the problem. If you don't then you still have to buy another BWMGR anyway, no? So you really don't stand to lose. Good luck.
Actually my interfaces are em0,em1,em2 and em4. After setting up the interfaces am supposed run a script rc.natd which I have attarched (Am new to BSD's but i can see its setting up ipfw rule somewhere). The point where its calling "/sbin/ipfw -q add 5000 divert natd all from any to any via $PUBIFAC" is where the box freezes..... I have also attarched another file dmesg.today hope it is helpful. The box is relatively new so I can't say alot about its perfomance. However this is its output of df -h
r2400# df -h Filesystem Size Used Avail Capacity Mounted on /dev/ad8s1a 421M 147M 241M 38% / devfs 1.0K 1.0K 0B 100% /dev /dev/ad8s1e 560M 24M 492M 5% /var /dev/ad8s1f 68G 526M 62G 1% /usr
thanks
ALex
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "Clothes make the man. Naked people have little or no influence on society." -- Mark Twain ------------------------------------------------------------------------
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
Hi Alex, in /etc/rc.conf please check to see that you have ipfw_enable="YES" Secondly could you send us post your natd.conf here for us to have a look am not sure if its picking up the right interface based on your description of where its freezing. Best regards, Mich Kisakye Alex wrote:
Odhiambo ワシントン wrote:
On Tue, May 26, 2009 at 4:18 PM, Kisakye Alex <akisakye@ucs.ucu.ac.ug
Hi Mich, Attarched is the rc.conf and natd.conf Looks like these files are ok. take a look thanks ALex Michuki Mwangi wrote:
Hi Alex,
in /etc/rc.conf please check to see that you have ipfw_enable="YES"
Secondly could you send us post your natd.conf here for us to have a look am not sure if its picking up the right interface based on your description of where its freezing.
Best regards,
Mich
Kisakye Alex wrote:
Odhiambo ワシントン wrote:
On Tue, May 26, 2009 at 4:18 PM, Kisakye Alex <akisakye@ucs.ucu.ac.ug
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
#Sample NATD configuration file for 2-port BWMGR appliances. #This should be the public, outside interface (with the 'real' IP address) interface em0 #Only perform NAT on private, unroutable addresses. unregistered_only #Uncomment this if you get your public IP address via DHCP. #dynamic ~ # Created: Fri Nov 16 06:35:24 2007 # Enable network daemons for user convenience. # Please make all changes to this file, not to /etc/defaults/rc.conf. # This file now contains just the overrides from /etc/defaults/rc.conf. inetd_enable="YES" sendmail_enable="NO" sshd_enable="YES" etbridge_enable="YES" hostname="r2400" #ipfw_enable="YES" #gateway_enable="NO" gateway_enable="YES" # Enable natd. natd_enable="YES" natd_interface="em0" # your public network interface natd_flags="-m" #natd_flags="" ipfw_enable="YES" ifconfig_em0="inet MY.PUB.IP netmask xxx.xxx.xxx.xxx" defaultrouter="xx.xx.xx.xx" ifconfig_em1="inet MY.LAN.IP netmask 255.255.255.0 broadcast xx.xx.xx.255"
Ensure the following options are set in your kernel: IPFIREWALL IPDIVERT IPFIREWALL_FORWARD IPFIREWALL_VERBOSE also add firewall_type="OPEN" in your /etc/rc.conf See what happens. On 5/26/09, Kisakye Alex <akisakye@ucs.ucu.ac.ug> wrote:
Hi Mich, Attarched is the rc.conf and natd.conf Looks like these files are ok.
take a look
thanks ALex
Michuki Mwangi wrote:
Hi Alex,
in /etc/rc.conf please check to see that you have ipfw_enable="YES"
Secondly could you send us post your natd.conf here for us to have a look am not sure if its picking up the right interface based on your description of where its freezing.
Best regards,
Mich
Kisakye Alex wrote:
Odhiambo ワシントン wrote:
On Tue, May 26, 2009 at 4:18 PM, Kisakye Alex <akisakye@ucs.ucu.ac.ug
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
Patrick Kariuki wrote:
Ensure the following options are set in your kernel:
IPFIREWALL IPDIVERT IPFIREWALL_FORWARD IPFIREWALL_VERBOSE
I doubt if this are needed in anything thats freeBSD 6.x and above. In older versions this was needed and a kernel recompile as well. I doubt if this is necessary in the current kernels.
also add firewall_type="OPEN" in your /etc/rc.conf
If you dont specify any firewall type the default is open Regards, Michuki.
2009/5/26 Patrick Kariuki <patrick.kariuki@gmail.com>
Ensure the following options are set in your kernel:
IPFIREWALL IPDIVERT IPFIREWALL_FORWARD IPFIREWALL_VERBOSE
also add firewall_type="OPEN" in your /etc/rc.conf
Those will force him to recompile the kernel! he can achieve the same by simply loading the relevant modules using /boot/loader.conf: ipfw_load=YES ipfw_nat_load=YES -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "Clothes make the man. Naked people have little or no influence on society." -- Mark Twain
Those will force him to recompile the kernel!
Isn't that the joy of it? :-) , he is bound to recompile the kernel anyway when upgrading to 7.2 Stable. Some feedback as to any progress from Alex might help. On 5/27/09, Odhiambo ワシントン <odhiambo@gmail.com> wrote:
2009/5/26 Patrick Kariuki <patrick.kariuki@gmail.com>
Ensure the following options are set in your kernel:
IPFIREWALL IPDIVERT IPFIREWALL_FORWARD IPFIREWALL_VERBOSE
also add firewall_type="OPEN" in your /etc/rc.conf
Those will force him to recompile the kernel! he can achieve the same by simply loading the relevant modules using /boot/loader.conf:
ipfw_load=YES ipfw_nat_load=YES
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "Clothes make the man. Naked people have little or no influence on society." -- Mark Twain
2009/5/27 Patrick Kariuki <patrick.kariuki@gmail.com>
Those will force him to recompile the kernel!
Isn't that the joy of it? :-) , he is bound to recompile the kernel anyway when upgrading to 7.2 Stable.
It's a very unnecessary step if you only need to run ipfw, or any other application which can be loaded as a module. Yes...we need feedback from the OP before this thread assumes a different life dimension:) -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "Clothes make the man. Naked people have little or no influence on society." -- Mark Twain
Odhiambo ワシントン wrote:
2009/5/27 Patrick Kariuki <patrick.kariuki@gmail.com <mailto:patrick.kariuki@gmail.com>>
>>Those will force him to recompile the kernel!
Isn't that the joy of it? :-) , he is bound to recompile the kernel anyway when upgrading to 7.2 Stable.
It's a very unnecessary step if you only need to run ipfw, or any other application which can be loaded as a module.
Yes...we need feedback from the OP before this thread assumes a different life dimension:)
I have been contemplating on whether I should upgrade this distro or not, but while at it I decided to delete the original bridge configuration (the one that was shipped with it) and recreated it and guess what natd started fine, no more freezing(still dunno what was wrong with the original conf) ... Now am throwing in more rules and soon I will deploy the box thanks to all who responded ALex
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "Clothes make the man. Naked people have little or no influence on society." -- Mark Twain ------------------------------------------------------------------------
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
I think et is proprietory and your rc.conf looks as this line at boot and so is kernel: ipfw2 initialized, divert enabled, rule-based forwarding enabled, default to accept, logging disabled. if you've have changed any interfaces or hardware, the device is looking for that particular component. This seems not to be a bsd issue but proprietory implementation . ( my 2 cents ).
Hi Alex, I think i may have given you the wrong syntax firewall_enable="YES" i think this should suffice since the default type of firewall is open. I also like enabling logging firewall_logging="YES" let us know. Regards, Michuki. Kisakye Alex wrote:
Hi Mich, Attarched is the rc.conf and natd.conf Looks like these files are ok.
take a look
thanks ALex
Michuki Mwangi wrote:
Hi Alex,
in /etc/rc.conf please check to see that you have ipfw_enable="YES"
Secondly could you send us post your natd.conf here for us to have a look am not sure if its picking up the right interface based on your description of where its freezing.
Best regards,
Mich
Kisakye Alex wrote:
Odhiambo ワシントン wrote:
On Tue, May 26, 2009 at 4:18 PM, Kisakye Alex <akisakye@ucs.ucu.ac.ug
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
Hi Alex, After those changes mentioned, reboot the machine then as root type: dmesg and post the result Michuki Mwangi wrote:
Hi Alex,
I think i may have given you the wrong syntax
firewall_enable="YES"
i think this should suffice since the default type of firewall is open.
I also like enabling logging
firewall_logging="YES"
let us know.
Regards,
Michuki.
Kisakye Alex wrote:
Hi Mich, Attarched is the rc.conf and natd.conf Looks like these files are ok.
take a look
thanks ALex
Michuki Mwangi wrote:
Hi Alex,
in /etc/rc.conf please check to see that you have ipfw_enable="YES"
Secondly could you send us post your natd.conf here for us to have a look am not sure if its picking up the right interface based on your description of where its freezing.
Best regards,
Mich
Kisakye Alex wrote:
Odhiambo ワシントン wrote:
On Tue, May 26, 2009 at 4:18 PM, Kisakye Alex <akisakye@ucs.ucu.ac.ug
Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
2009/5/26 Odhiambo ワシントン <odhiambo@gmail.com>:
Where is the bug documented? But you can update the FreeBSD on the ET/BWMGR, yes? At one point when I looked at one, I thought I could:-)
Hey Wash, Alex, It's been eons since I used one of these nifty little machines, and yes, I agree Dennis can be a pain if you haven't paid for support. He's still alive? Anyway, IIRC if you update the OS you break the system. At least on Linux (self built box) you'd have to recompile the et/bwmgr kernel module. Not sure about the FreeBSD version but I think the auto-update ($$$) does both a kernel upgrade plus a version of the module to match. What's your bridge configuration? Regards, Steve -- "A democracy is a sheep and two wolves deciding on what to have for lunch. Freedom is a well armed sheep contesting the results of the decision." - Stolen from someone else's sig.
suggest you try bridge mode and edit your rules correctly. how many interfaces?
participants (7)
-
aki -
Kevin G. Chege -
Kisakye Alex -
Michuki Mwangi -
Odhiambo ワシントン -
Patrick Kariuki -
Steve Muchai