Need Netgraph Help [fixed]
Julian Elischer
julian at freebsd.org
Mon Apr 23 10:24:56 UTC 2018
On 23/4/18 6:11 pm, Julian Elischer wrote:
> On 23/4/18 5:55 pm, Julian Elischer wrote:
>> On 22/4/18 12:52 pm, GPz1100a wrote:
>>> @John
>>>
>>> Did you ever get this fully figured out? I'm trying to do what I
>>> think is
>>> the same thing with my fiber internet connection - eliminate the
>>> need to use
>>> the isp provided gateway (or at least reduce its function). I'm
>>> running
>>> *opnsense*. This thread
>>> https://forum.pfsense.org/index.php?topic=111043.msg793292#msg793292
>>> is what
>>> led me here.
>>>
>>> Three nics correspond to the following
>>>
>>> em0 - ONT (WAN)
>>> xl0 - 3com pci - isp provided residential gateway (RG)
>>> ue0 - usb nic - LAN
>>>
>>> Using Julian's code from Jan 06, 2018; 1:39pm,
>>>
>>> ngctl mkpeer em0: etf lower downstream
>>> ngctl name em0:lower waneapfilter
>>> ngctl connect waneapfilter: em0: nomatch upper
>>>
>>> ngctl mkpeer xl0: etf lower downstream
>>> ngctl name xl0:lower laneapfilter
>>> ngctl connect laneapfilter: xl0: nomatch upper
>>>
>>> * ngctl connect waneapfilter laneapfilter eapout eapout*
>>>
>>> ngctl msg waneapfilter: 'setfilter { matchhook="eapout"
>>> ethertype=0x888e }'
>>> ngctl msg laneapfilter: 'setfilter { matchhook="eapout"
>>> ethertype=0x888e }'
>>>
>>> When I get to the command in bold it comes back with this error:
>>>
>>> root at OPNsense:~ # ngctl connect waneapfilter laneapfilter
>>> eapout eapout
>>> ngctl: send msg: No such file or directory
>>>
>>> I'm not sure how to proceed from here.
>>>
>>> Thanks for any help you (or others) can offer.
>>>
>>> --J
>>>
>>
>> I wish I had known the full picture before..
>> then I could have added the required bits:
>>
>> So think you need this:
>>
>> ONT]----em0]lower---downstream[eapfilter:]nomatch----vlan0[VLAN]downstream----upper[em0...
>>
>> eapout
>> |
>> |
>> |
>> RG]------em1]lower---------------/
>>
> the following line is no longer true of course
>> ie. use an etf node on each interface.
>
>>
>> ngctl mkpeer igb0: etf lower downstream
>> ngctl name igb0:lower eapfilter
>> ngctl mkpeer igb0: vlan upper downstream
>> ngctl name igb0:upper vlanheader
>> ngctl msg vlanheader: addfilter '{ vlan=0 hook="vlan0" }'
>> ngctl connect vlanheader: eapfilter: vlan0 nomatch
>> ngctl connect eapfilter: igb1: eapout lower
>> ngctl msg waneapfilter: 'setfilter { matchhook="eapout"
>> ethertype=0x888e }'
>
> however having sent this I realise it may not work.. because the etf
> node doesn't take into account vlan labels, because vlan labels are
> them selvesm in fact a special case of ethertype.. (0x8100)
>
> so to know if this will work I need to know what a packet at the
> netgraph insertion point looks like:
>
> to find this out, attach the nghook program to an inserted ngtee
> node (inserted somewhere in your current graph) and see what comes
> out. (with -a ).
>
> so we can see what the packets look like.
see
https://forum.pfsense.org/index.php?action=post;topic=111043.30;last_msg=798618
>
>
>
>
>>
>> note the vlan node is inserted "backwards"..
>>
>>>
>>>
>>> --
>>> Sent from:
>>> http://freebsd.1045724.x6.nabble.com/freebsd-net-f4005075.html
>>> _______________________________________________
>>> freebsd-net at freebsd.org mailing list
>>> https://lists.freebsd.org/mailman/listinfo/freebsd-net
>>> To unsubscribe, send any mail to
>>> "freebsd-net-unsubscribe at freebsd.org"
>>>
>>
>> _______________________________________________
>> freebsd-net at freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>>
>>
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
>
More information about the freebsd-net
mailing list