Search results

  1. bobveznat

    IPv6?

    I'm going to disagree with everything you just said. Head's up. If you actually read the thread that I posted from vbulletin.com you'd know that vBulletin does not completely support IPv6. They use a 15-byte field to store an IP address in presentation format. IPv6 addresses don't always fit...
  2. bobveznat

    Route certaintraffic through VPN tunnel

    ha. It's funny how in hindsight this crap is so simple. :)
  3. bobveznat

    Route certaintraffic through VPN tunnel

    Oh. So maybe the kernel is getting the SYN and trying to reply with the SYN+ACK but it's going out the wrong interface? Have you run tcpdump on the other interfaces to see if wonky SYN+ACK packets are being sent out?
  4. bobveznat

    Route certaintraffic through VPN tunnel

    Well now I just don't know. I don't think this is a setfib problem. I do see your pf rule says something about rtable? Is that the same as setfib for ipfw? You shouldn't need that on the receiving side unless this host is a router (which it isn't, at least its not routing this traffic on to...
  5. bobveznat

    Route certaintraffic through VPN tunnel

    I'm left assuming that your firewall is breaking things. I'd turn on logging and verify that the packets coming in have the attributes you're trying to match in your rule.
  6. bobveznat

    Route certaintraffic through VPN tunnel

    In that sockstat output I don't see where rtorrent is actually bound to a listen socket? For example, on one of my hosts here is Apache: www httpd 1708 3 tcp46 *:80 *:* There we see that Apache is bound to all interfaces on port 80. Here's named with a UDP...
  7. bobveznat

    Route certaintraffic through VPN tunnel

    Is the destination IP for the packets you're seeing in tcpdump the correct IP (i.e. the IP your torrent client is supposed to be using?) Does sockstat(1) show your torrent client using the right IP and port?
  8. bobveznat

    Route certaintraffic through VPN tunnel

    What do you mean by incoming traffic? Incoming connection attempts? Or replies to your outgoing packets?
  9. bobveznat

    Route certaintraffic through VPN tunnel

    Are you using RFC 1918 addresses? Do you need to do port forwarding in whatever device is doing NAT? I use ipfw for my firewall and when I have problems like this I turn logging on for my deny rule. This puts a message into /var/log/security for each packet that is blocked and let's me see...
  10. bobveznat

    Route certaintraffic through VPN tunnel

    Turns out that the bind IP doesn't have anything to do with routing. The bind IP is the address used in the source field of the IP packet. The route used is based on the destination address of the IP packet. Notice this is inline with `netstat -r` output, `route add` and even `route get`. You...
  11. bobveznat

    about freebsd ipv6 isatap server setup ?

    Turns out that ISATAP and the ist interface were never merged to FreeBSD. If you grab the latest Kame distribution from kame.net there is an assumed-working implementation of a Kame kernel with ISATAP and all of the other Kame features that FreeBSD doesn't have. Unfortunately Kame is still...
  12. bobveznat

    cp like program with transfer speed

    If you're wanting to test a new harddrive or something I'd recommend dd(1). To test write speed: $ dd bs=4096 count=20000 if=/dev/zero of=$HOME/testcrap 20000+0 records in 20000+0 records out 81920000 bytes transferred in 1.301245 secs (62955094 bytes/sec) I'm not sure exactly how accurate...
  13. bobveznat

    Temporarily disable ipfw during rule reload

    If you compile the kernel with IPFIREWALL_DEFAULT_TO_ACCEPT then the ipfw flush won't disconnect you. At least this is the only difference I see on the two servers I have that have differing behavior :) Your server's role and location within a network may make this impractical. Another option...
  14. bobveznat

    about freebsd ipv6 isatap server setup ?

    I've managed to find this ancient document: http://www.kame.net/newsletter/20041201/ Unfortunately the ist device appears to have been removed a while back? At least there's no mention of it in /usr/src/sys/conf/NOTES and almost no mention of it in /usr/src/... Is there any information on...
  15. bobveznat

    named

    Those messages almost seem to be saying that it knows, somehow, some way what the uid/gid used to be and it knows that they've changed. If I were you I'd be tempted to blow away (or mv aside) /var/named/*, set the permissions correctly, and then start bind. This is just a wild guess though...
  16. bobveznat

    IPv6?

    Any plans to add a AAAA for forums.freebsd.org? vBulletin doesn't offer very good support for IPv6 but it does work. I can provide a link to an IPv6-enabled vBulletin site that I run if necessary. Related feature request at vbulletin.com...
  17. bobveznat

    named

    /var/named/etc/namedb needs to be writable for that error message to go away. I was getting this warning as well but just kept ignoring it. After chowning that directory to bind:bind the error has gone away. I think this is your problem as well. # chown -R bind:bind /var/named/etc/namedb
  18. bobveznat

    bind and routing problems

    Looks like you forgot to paste in the dhcpd.conf file? The relevant pieces of mine: From named.conf: Allowing updates from 192.168.1.0/24 is not required for what you're wanting to do. Are you running double nat? This BSD box is behind another router or something? I'd recommend against...
Back
Top