date:20040917

fox [EMAIL PROTECTED] wrote:
 HI.
 I searched for information sendmail+cyrus-sasl. http://www.andex.ru
 has found the page: morihaos.rootshell.ru/bsd/mailgate2.html. Instead
 of the document is opened page: http://freebsd.org.kz/no_MSIE/ is Used
 domain name freebsd.org.kz.
 
 There is place of the disgrace In internet? possible this page there
 to contribute?

freebsd.org.kz is not an official mirror of FreeBSD.  Official mirrors
have the form www.lang.FreeBSD.org (i.e. www.kz.freebsd.org)

You could try contacting [EMAIL PROTECTED] or
[EMAIL PROTECTED] with your complaint.

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

VOIP

2004-09-17 Thread Peter Mussett













Dear Sir/Madam

We are an import/export timber company in Australia who has many sites and
suppliers around the world.
Most important is our office and suppliers in P.N.G, we are looking to setup
a VOIP server here in Australia to
Manage and be in constant communication with our site and our suppliers in
P.N.G.
And is all goes well use this server to expand the technology so it can be
available to other businesses/homes in P.N.G.
Any information you can provide would be most appreciated.

Thank you for your time

Kind Regards

Will Mussett
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

options NO_LKM?

2004-09-17 Thread Omer Faruk Sen

I have seen that NO_LKM option has been removed (a long time ago ) from 
supported options in kernel config file. 

I want to disable kernel module loading in my system. Is there a way for 
that? 

---
Omer Faruk Sen
http://www.EnderUNIX.ORG
Software Development Team @ Turkey
http://www.Faruk.NET
For Public key: http://www.enderunix.org/ofsen/ofsen.asc
 

First Turkish FreeBSD book is out! Go check it.
Duydunuz mu! Turkiye'nin ilk FreeBSD kitabi cikti.
http://www.acikkod.com/freebsd.php 

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: VOIP

Peter Mussett [EMAIL PROTECTED] wrote:
 Dear Sir/Madam
 
 We are an import/export timber company in Australia who has many sites and
 suppliers around the world.
 Most important is our office and suppliers in P.N.G, we are looking to setup
 a VOIP server here in Australia to
 Manage and be in constant communication with our site and our suppliers in
 P.N.G.
 And is all goes well use this server to expand the technology so it can be
 available to other businesses/homes in P.N.G.
 Any information you can provide would be most appreciated.

http://www.asterisk.org

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: mini-itx posting.

2004-09-17 Thread Robert Storey

If would be fine by me if you posted it here. I'm very interested in
getting one of these boxes, I would like to hear the experience of
others.

regards,
Robert

On Thu, 16 Sep 2004 23:30:58 -0700 (PDT)
borg [EMAIL PROTECTED] wrote:

 Greetings,
 
 I want to post some info on a mini-itx mobo I bought,
 so other users can benefit from that. can I post that
 to freebsd-questions@ ? If not what's the right list ?

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: mini-itx posting.

Robert Storey [EMAIL PROTECTED] wrote:
 If would be fine by me if you posted it here. I'm very interested in
 getting one of these boxes, I would like to hear the experience of
 others.
 
 regards,
 Robert
 
 On Thu, 16 Sep 2004 23:30:58 -0700 (PDT)
 borg [EMAIL PROTECTED] wrote:
 
  Greetings,
  
  I want to post some info on a mini-itx mobo I bought,
  so other users can benefit from that. can I post that
  to freebsd-questions@ ? If not what's the right list ?

I don't think anyone would object to such a posting, however, if the
information is extensive, it would be a good idea to post it on a web
site somewhere, and simply post a link to the mailing list.

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: mini-itx posting.

2004-09-17 Thread Kevin D. Kinsey, DaleCo, S.P.

Bill Moran wrote:
On Thu, 16 Sep 2004 23:30:58 -0700 (PDT)
borg [EMAIL PROTECTED] wrote:
   

Greetings,
I want to post some info on a mini-itx mobo I bought,
so other users can benefit from that. can I post that
to freebsd-questions@ ? If not what's the right list ?
 

I don't think anyone would object to such a posting, however, if the
information is extensive, it would be a good idea to post it on a web
site somewhere, and simply post a link to the mailing list.
 

And, IIRC, someone around here (not official Project though) has
a pretty good site set up for evaluating the fitness and performance
or motherboards for use with FreeBSD.  Maybe search the archives,
or Google ... it would definitely be good to get stuff like this into some
www databases ...
My $.02,
Kevin Kinsey
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Which Laser Printer for FreeBSD

2004-09-17 Thread Robert Huff


Chris Hill writes:

   I thought about the HP Laserjet 6L or something in this
   category. Any advice?
  
  The two HP LaserJets I've had were both excellent - no problems
  at all, good results, easy to set up.

The LaserJet series have an excellent and long-standing record
for reliability; there are LJ IIs out there merrily chugging away.
(I don't know about the various x000 series, but I would assume they
haven't lost the touch.)
I'll second the recommendation to get something with native
PostScript; and maje sure whatever you get has the ability to add
generic memory.


Robert Huff
happy owner of a LJ 6MP
upgraded with 16 MB of 30-pin SIMM






___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Crontab file (root user)

2004-09-17 Thread Steve Bertrand

Hi all,

I'm wondering where the crontab is located for the root user. I know
there is the system crontab in /etc, however doing a #crontab -e when
su'd to root, it comes up with a different crontab.

Is there a file on the system that actually contains the root users
crontab entries?

Tks.

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Crontab file (root user)

2004-09-17 Thread Renato Botelho

On Fri, 17 Sep 2004 09:36:01 -0400 (EDT), Steve Bertrand
[EMAIL PROTECTED] wrote:
 Hi all,
 
 I'm wondering where the crontab is located for the root user. I know
 there is the system crontab in /etc, however doing a #crontab -e when
 su'd to root, it comes up with a different crontab.
 
 Is there a file on the system that actually contains the root users
 crontab entries?

In /var/cron/tabs you have a file named root for root crontab.

-- 
Renato Botelho
ICQ: 54596223
AIM: RBGargaBR
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: options NO_LKM?

2004-09-17 Thread Michael Ross

Omer Faruk Sen wrote:
I have seen that NO_LKM option has been removed (a long time ago ) 
from supported options in kernel config file.
I want to disable kernel module loading in my system. Is there a way 
for that?

You can do that with securelevels:
see
 man securelevel
   1 Secure mode - the system immutable and system append-only 
flags may
  not be turned off; disks for mounted file systems, /dev/mem, and
  /dev/kmem may not be opened for writing; kernel modules (see
  kld(4)) may not be loaded or unloaded.

Michael
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Crontab file (root user)

2004-09-17 Thread Steve Bertrand

 On Fri, 17 Sep 2004 09:36:01 -0400 (EDT), Steve Bertrand
 [EMAIL PROTECTED] wrote:
 Hi all,

 I'm wondering where the crontab is located for the root user. I know
 there is the system crontab in /etc, however doing a #crontab -e
 when
 su'd to root, it comes up with a different crontab.

 Is there a file on the system that actually contains the root users
 crontab entries?

 In /var/cron/tabs you have a file named root for root crontab.

Indeed...thanks greatly!

Steve


 --
 Renato Botelho
 ICQ: 54596223
 AIM: RBGargaBR



___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Bandwithd and recovery from logs

2004-09-17 Thread wintran

Hi,
I use freebsd 4.10 and bandwithd 1.2.1b installed from ports. 
Bandwithd works fine with default configuration.
When I configure 'recover_cdf true'
option and run bandwithd, it don't work.
Does anybody use success this option?

Tin

__REKLAMA___
LAST MINUTE do celho svta - INVIA.CZ! 
http://www.mixer.cz/redirect.phtml?sig=LASTMINUTE

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Which Laser Printer for FreeBSD

2004-09-17 Thread Warren Block

On Fri, 17 Sep 2004, Martin Moeller wrote:
I'm planning to buy a new printer, because the results with my Canon S500 are
total crap. I guess a laser printer is the best choice for Unix, and I'm
wondering which one I should buy.
I thought about the HP Laserjet 6L or something in this category.
Avoid the 5L and 6L, as they have failure-prone paper feeds.  Newer 
versions of this top feed printer may share the same problem.

Used 4/4M/4M+ or 5/5M/5M+ series can be found inexpensively; the M 
models (for Mac) have Adobe PostScript.

The LaserJet 4000/4050 is a very nice printer, as is the LaserJet 5000 
if you need 11x17.  Both have a non-Adobe PostScript clone which works 
pretty well.

Internal JetDirect cards are cheap for the 4/5 series, more expensive 
for 4000/5000, but very convenient.

Having PostScript in the printer makes setup easier, and makes printing 
faster in some cases.  If the printer is PCL only, Ghostscript is used 
as a filter, rendering PostScript jobs into PCL.  Sometimes this method 
has speed advantages, also.

-Warren Block * Rapid City, South Dakota USA
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

SATA under 4.10

2004-09-17 Thread Dan Mahoney, System Admin

The hardware notes aren't too clear on this, but does anyone know the 
model of card I would have to buy to make SATA work under 4.10?  I think 
the hardware notes refer to chipsets, and I don't know of the 
correlations.

-Dan
--
When I'm lost, and confused, and trying to make a U-turn, nothing annoys
me more than someone telling me to watch out for the tombstone!
How often does that happen, Fab?
-David Feld  Tom Fabry, sometime in High School.
Dan Mahoney
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ATI AGP card and Xorg

2004-09-17 Thread John DeStefano

Robert Storey said:
 Sorry John, I apologize for not reading all the to the bottom of your
 post.
 
No problem; I appreciate your reply as well as any help I can get. 
Just mentioned that the information was already in the post so I
didn't have to type it out again. ;)  But please don't forget to
include the poster as a CC: when you reply, if at all possible.

 The only other thing I'd suggest is playing with xvidtune. I had to do
 this to get my screen to center properly. The frustrating thing with
 xvidtune is that it doesn't automatically save the adjustments you make
 - you have to manually edit xorg.conf - but at least it makes it
 relatively easy to find the right settings.
 
In my experience thus far, it seems you always need to tweak xorg.conf
after its creation anyway, regardless of what tool is used to create
it.  Unfortunately, I've not once yet run an X-config tool and been
able to use that config file as-is on any system.

BTW, perhaps this is a dumb question, but in skimming the xvidtune man
pages, I saw it mentioned that it's a client interface to XFree86...
is this because the man page was written pre-Xorg and hasn't been
updated, or will it work only with XFree86?

 I will say that FreeBSD really could use a better configuration utility
 for X, though I realize that the developers have their hands full just
 trying to get 5.3 out the door.
 
Amen.  IMHO, this would be a huge step toward the perception of
usability for people like me who aren't afraid to get their hands a
bit dirty yet aren't quite gurus.

 regards,
 Robert
 
 On Thu, 16 Sep 2004 21:12:48 -0400
 John DeStefano [EMAIL PROTECTED] wrote:
 
  Thanks Robert... but I did try 'vesa' before posting (2nd  3rd paras
  from bottom of my post below).  I'm sure either 'raden' or 'ati' are
  the way to go, I just can't seem to get either one to work.  I also
  read through the entire README.ati, and found it a bit of a
  frustrating read when trying to look for answers on 'radeon' drivers
  for my card... not much relevent info there for the end-user.

Thanks,
~John
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Too many dynamic rules, sorry

Micheal Patterson wrote:
.
- Original Message - From: Norm Vilmer 
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, September 16, 2004 11:57 PM
Subject: Too many dynamic rules, sorry

If I repeatedly nmap my FreeBSD 4.10 machine configured with ipfirewall,
I get the message Too many dynamic rules, sorry. Doing a sysctl -a
|grep ip.fw I can see the the net.inet.ip.fw.dyn_count has reached the
max value of 8192 that I set. The net.inet.ip.fw.dyn_ack_lifetime is set
to 300, so the dynamic rule count starts going down after about 5
minutes after the simulated attack.
Questions:
When this happens, if my firewall still fully operational, in other
words can I safely ignore this message?
Is there a way to fix this?

The error Too many dynamic rules, sorry will cause the system to drop 
any packets that are covered by a keep-state entry. So, the firewall, 
while operational, is in a dead lock down state for any outbound traffic 
until the dynamic rules clear out. I'm hoping that you're checking the 
system with nmap from behind it, because if your outside the firewall, 
then you're keeping state in inbound traffic and that's bad. You only 
want keep-state from traffic leaving that system, not to it.

--
Micheal Patterson
TSG Network Administration
405-917-0600
Confidentiality Notice:  This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to 
[EMAIL PROTECTED]

Thanks for your help.
I was running nmap against my public or outside interface. This is my
first FreeBSD firewall, so I am sure my rules are not optimal, however,
the firewall appears to be doing what I want. I gathered these rules
from a number of how-to's and postings on the web with only a partial
understanding of what they actually do (yes, I know, problem # 1).
Here are the rules that I have that keep-state on the outside interface:
#For DNS
add 01300 pass udp from ${oip} to any 53 keep-state
# For NTP
add 01400 pass udp from ${oip} to any 123 keep-state
# For VPN
add 01500 pass gre from any to any keep-state
# For ICMP
add 01600 pass icmp from any to any via ${oip} keep-state
Do you think these are causing the problem?
Norm Vilmer
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Highpoint RAID HPT374

2004-09-17 Thread Chuck Swiger

Joshua Lewis wrote:
I am looking to make a RAID MIRROR using my built in HPT374 raid
controller on my ABIT AT7-MAX motherboard. I will be installing the OS,
MySQL, BIND9, POSTFIX2, APACHE2, PHP4, and MONO.
I realize I should use separate drives. I will when I have the money.
So my questions are:
one is there anything special I should keep in mind (like drivers that
support this chip and so on) and two when I was creating the array in the
BIOS utility it asked what block size I would like to use.
Using RAID-1 mirroring of two partitions on a single drive doesn't make a lot 
of sense: it will greatly slow down performance without gaining any real 
improvement to reliability.

What blocksize you should use depends somewhat upon the files you use, and is 
best determined by benchmarking your expected load using the data you have; 
that said, normally a small blocksize will work fine if you have lots of small 
files.

--
-Chuck
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Too many dynamic rules, sorry

2004-09-17 Thread Micheal Patterson

.

- Original Message - 
From: Norm Vilmer [EMAIL PROTECTED]
To: Micheal Patterson [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, September 17, 2004 9:41 AM
Subject: Re: Too many dynamic rules, sorry

 Micheal Patterson wrote:
  .

  - Original Message - From: Norm Vilmer
  [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]
  Sent: Thursday, September 16, 2004 11:57 PM
  Subject: Too many dynamic rules, sorry

  If I repeatedly nmap my FreeBSD 4.10 machine configured with
ipfirewall,
  I get the message Too many dynamic rules, sorry. Doing a sysctl -a
  |grep ip.fw I can see the the net.inet.ip.fw.dyn_count has reached the
  max value of 8192 that I set. The net.inet.ip.fw.dyn_ack_lifetime is
set
  to 300, so the dynamic rule count starts going down after about 5
  minutes after the simulated attack.

  Questions:

  When this happens, if my firewall still fully operational, in other
  words can I safely ignore this message?

  Is there a way to fix this?

  The error Too many dynamic rules, sorry will cause the system to drop
  any packets that are covered by a keep-state entry. So, the firewall,
  while operational, is in a dead lock down state for any outbound traffic
  until the dynamic rules clear out. I'm hoping that you're checking the
  system with nmap from behind it, because if your outside the firewall,
  then you're keeping state in inbound traffic and that's bad. You only
  want keep-state from traffic leaving that system, not to it.

  -- 

  Micheal Patterson
  TSG Network Administration
  405-917-0600

  Confidentiality Notice:  This e-mail message, including any attachments,
  is for the sole use of the intended recipient(s) and may contain
  confidential and privileged information. Any unauthorized review, use,
  disclosure or distribution is prohibited. If you are not the intended
  recipient, please contact the sender by reply e-mail and destroy all
  copies of the original message
  ___
  [EMAIL PROTECTED] mailing list
  http://lists.freebsd.org/mailman/listinfo/freebsd-questions
  To unsubscribe, send any mail to
  [EMAIL PROTECTED]

 Thanks for your help.

 I was running nmap against my public or outside interface. This is my
 first FreeBSD firewall, so I am sure my rules are not optimal, however,
 the firewall appears to be doing what I want. I gathered these rules
 from a number of how-to's and postings on the web with only a partial
 understanding of what they actually do (yes, I know, problem # 1).
 Here are the rules that I have that keep-state on the outside interface:

 #For DNS
 add 01300 pass udp from ${oip} to any 53 keep-state
 # For NTP
 add 01400 pass udp from ${oip} to any 123 keep-state
 # For VPN
 add 01500 pass gre from any to any keep-state
 # For ICMP
 add 01600 pass icmp from any to any via ${oip} keep-state

 Do you think these are causing the problem?

 Norm Vilmer

I don't recall if you're running ipfilter or ipfw on that system. I don't
know ipfilter well enough to assist yet, but with ipfw, if you have a
check-state entry above your keep-states, that may reduce the amount of
dynamic rule entries that you'll have. What the check-state does, is to
check the dynamic list, if an entry already exists, it stops processing
rules there.

--

Micheal Patterson
TSG Network Administration
405-917-0600

Confidentiality Notice:  This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Too many dynamic rules, sorry

2004-09-17 Thread Rob

Norm Vilmer wrote:
Here are the rules that I have that keep-state on the outside interface:
#For DNS
add 01300 pass udp from ${oip} to any 53 keep-state
# For NTP
add 01400 pass udp from ${oip} to any 123 keep-state
# For VPN
add 01500 pass gre from any to any keep-state
# For ICMP
add 01600 pass icmp from any to any via ${oip} keep-state
Do you think these are causing the problem?
Aren't udp and icmp state-less protocols?
In that case, keep-state would not make much sense.
I use 'keep-state' only for tcp rules.
I may be wrong, moreover, I haven't followed the full thread :).
Rob.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ata1-slave: ATA identify retries exceeded

2004-09-17 Thread Nathan Kinkade

On Thu, Sep 16, 2004 at 05:55:27PM -0600, RYAN vAN GINNEKEN wrote:
 Keep getting this error in my dmesg
 
 ata1-slave: ATA identify retries exceeded
 
 this is for my cdrom drive and it is not working can someone give me 
 some hints on how to trouble shoot.  The jumpers are set right and i 
 have replace the cable but still get the error.  Here is the intire 
 dmseg dump

 ata0: at 0x1f0 irq 14 on atapci0
 ata1: at 0x170 irq 15 on atapci0

FreeBSD is at least seeing both controllers.

 ata1-slave: ATA identify retries exceeded
 ad0: 4120MB Maxtor 84320D4 [8930/15/63] at ata0-master UDMA33
 ad2: 3832MB QUANTUM Bigfoot TX4.0AT [8306/15/63] at ata1-master UDMA33

How sure are you that the CDROM device is good?  Have you tried it in a
different machine?  One thing to do would be to take that Quantum drive
off the secondary controller and try the CDROM device alone on that
channel as the master device.  An incorrect cable or device setting
might affect the CDROM.  If that fails try the CDROM as the slave device
on the primary channel.  Test various combinations that will allow you
to be certain that the problem is not the controller, cable, or a
faulty device sharing the channel.  If you get the same error no matter
the configuration, then it's likely that the CDROM device is defective
in some way.  One other possibilty would be to boot the machine to a
LiveCD such as Knoppix and see if that OS has a problem identifying the
CDROM device.  If so, then there may be a problem in the interaction
between the FreeBSD driver and your particular device and/or hardware.
My guess, though, is that there may be something wrong with the CDROM
device itself.  Good luck ...

Nathan
-- 
PGP Public Key: pgp.mit.edu:11371/pks/lookup?op=getsearch=0xD8527E49


pgpjxFF0bgEtQ.pgp
Description: PGP signature

Re: Sound problem, help.

2004-09-17 Thread Long Story


Hello Jan,
  Yes, sorry it was ofcourse device pcm,
  but what i wonder for is, its mention in handbook that
  it suppoze to be device sound...but sound it gives an error.
  and the error msg in KDE says:
 aRts control tool, (sorry- aRts had to restart)
 when i try to run the command artsd from shell, it just hang.!
 and the output of pciconf -v -l is
 [EMAIL PROTECTED]:31:5: class=0x040100 card=0x32dd4005 chip=0x24458086 rev=0x12 
hdr=0x00
   vendor   = 'Intel Corporation'
   device   = '82801BA/BAM (ICH2/ICH2-M) AC'97 Audio Controller'
   class= multimedia
   subclass = audio

 I really would appreciate it if you could help :(
 marwan
[...] so i recompiled with options pcm!
I trust that this is *device* pcm you are referring to...
[...] when i startx my kde, there is NO sound and it gives me an
error  says aRts controll error, or aRts server error.
Could you please post the entire and exact error message(s) you are 
getting? Also, what happens if you try to run artsd from a shell?

Sincerely,
 -Jan Christian Meyer
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to 
[EMAIL PROTECTED]
_
Protect your PC - get McAfee.com VirusScan Online 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: 3dnow, mmx, k6-2 optimizing?

2004-09-17 Thread Puna Tannehill

Interesting. I just tried the settings you suggested, and it seems
that -mcpu is depreciated for -mtune. ALWAYS check the documentation
first. :-) Here's the details:

http://gcc.gnu.org/onlinedocs/gcc-3.4.2/gcc/i386-and-x86_002d64-Options.html#i386-and-x86_002d64-Options
Puna
Puna Tannehill wrote:
James Green wrote:
Hi Puna,
I had a k6-2 a few years back (before discovering BSD :) and did a lot
of Linux From Scratch work on it. I found that passing -march=i586
-mcpu=i686 produced by far the best results for pretty much any C/C++
code. Of course the code produced will not run on anything but a k6-2,
which as I understand it is a 686 core with 586 interface/timings, and
likewise if memory serves specifying only -march=i586 or -march=i686
(implying -mcpu=i586 or -mcpu=i686 respectively) won't run on the k6-2
either. Definitely a trade off between speed and (total lack of)
portablility. Again that was gcc-2.9x days...

Interesting. Was there an option for -march=k6-2 at that time? Were
the results based on a comparison of that setting and the ones you
mention above?
Do you happen to know if there is a particular benchmarking program that
might be useful to testing different compiles in FreeBSD?

I've also seen recommendations using '586/mmx' and 'k7', but it seems
interesting that someone would create a 'k6-2' flag if there were not
significant and benefitial optimizations that would be applied. Of
course, whether anyone coded for that particular processor is probably
extemely rare, so I can see how the -march -mcpu combination you
suggested would probably be a better choice.
Here are the relavent bits from dmesg (Compaq Presario 1692):
CPU: AMD-K6(tm) 3D processor (432.98-MHz 586-class CPU)
Origin = AuthenticAMD Id = 0x58c Stepping = 12
Features=0x8021bfFPU,VME,DE,PSE,TSC,MSR,MCE,CX8,PGE,MMX
AMD Features=0x8800SYSCALL,3DNow!
K6-family MTRR support enabled (2 registers)
As far as ports such as Xorg/Xfree86, I am not entirely clear on CFLAGS
inheritance, but AFAIK Xorg/Xfree don't gain much/anything from
optimisation over than your usual -O2 and friends. I understand that
this is down to whether they have been written to make use of these cpu
functions/optimisations.
On the other hand though, it is the specific applications that run under
X, such as mplayer that tend to be written to make use of mmx, sse,
3dnow etc. because for graphics it makes a _big_ difference. Generally
you find toggles in the Makefile to enable/force certain optimisation.
Definitely worth looking at.

According to the latest GCC, you can use -m3dnow -mmmx and it is of
some benefit when comiling XF86 (and hopefully Xorg). I can't find the
page offhand, but it was in the GCC Documentation, and I posted it in
other responses of this same thread. I haven't been
able to test it yet, as I'm still compiling Xorg as we speak.

Puna

On Mon, 2004-09-13 at 17:07, Puna Tannehill wrote:
I've been looking for possible flags, optimizations, really anything
that would help me setup my laptop to use mmx and 3dnow. I've
updated /etc/make.conf to -march to the drum of a k6-2, but I'm not
even sure if mmx and 3dnow are being taken into consideration for
compiling and such, especially for Xorg.

I did some googling and found people who used CFLAGS like -mmmx and
-m3dnow, but when I run with those options, they fail and said to be
invalid. they don't appear in 'man gcc' which should have been the
first place i looked. I'm not finding anything in terms of compiling
or configuring Xorg to use 3dnow or mmx, or even how to check to see
if they are automatically detected and used.

Any thoughts?
Puna
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-mobile
To unsubscribe, send any mail to
[EMAIL PROTECTED]

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Too many dynamic rules, sorry

Micheal Patterson wrote:
.
- Original Message - 
From: Norm Vilmer [EMAIL PROTECTED]
To: Micheal Patterson [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, September 17, 2004 9:41 AM
Subject: Re: Too many dynamic rules, sorry


Micheal Patterson wrote:
.
- Original Message - From: Norm Vilmer
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, September 16, 2004 11:57 PM
Subject: Too many dynamic rules, sorry

If I repeatedly nmap my FreeBSD 4.10 machine configured with
ipfirewall,
I get the message Too many dynamic rules, sorry. Doing a sysctl -a
|grep ip.fw I can see the the net.inet.ip.fw.dyn_count has reached the
max value of 8192 that I set. The net.inet.ip.fw.dyn_ack_lifetime is
set
to 300, so the dynamic rule count starts going down after about 5
minutes after the simulated attack.
Questions:
When this happens, if my firewall still fully operational, in other
words can I safely ignore this message?
Is there a way to fix this?

The error Too many dynamic rules, sorry will cause the system to drop
any packets that are covered by a keep-state entry. So, the firewall,
while operational, is in a dead lock down state for any outbound traffic
until the dynamic rules clear out. I'm hoping that you're checking the
system with nmap from behind it, because if your outside the firewall,
then you're keeping state in inbound traffic and that's bad. You only
want keep-state from traffic leaving that system, not to it.
--
Micheal Patterson
TSG Network Administration
405-917-0600
Confidentiality Notice:  This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]
Thanks for your help.
I was running nmap against my public or outside interface. This is my
first FreeBSD firewall, so I am sure my rules are not optimal, however,
the firewall appears to be doing what I want. I gathered these rules
from a number of how-to's and postings on the web with only a partial
understanding of what they actually do (yes, I know, problem # 1).
Here are the rules that I have that keep-state on the outside interface:
#For DNS
add 01300 pass udp from ${oip} to any 53 keep-state
# For NTP
add 01400 pass udp from ${oip} to any 123 keep-state
# For VPN
add 01500 pass gre from any to any keep-state
# For ICMP
add 01600 pass icmp from any to any via ${oip} keep-state
Do you think these are causing the problem?
Norm Vilmer

I don't recall if you're running ipfilter or ipfw on that system. I don't
know ipfilter well enough to assist yet, but with ipfw, if you have a
check-state entry above your keep-states, that may reduce the amount of
dynamic rule entries that you'll have. What the check-state does, is to
check the dynamic list, if an entry already exists, it stops processing
rules there.
--
Micheal Patterson
TSG Network Administration
405-917-0600
Confidentiality Notice:  This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
I do have a check-state rule
add 00200 check-state
Norm Vilmer
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Too many dynamic rules, sorry

Rob [EMAIL PROTECTED] wrote:

 Norm Vilmer wrote:
  Here are the rules that I have that keep-state on the outside interface:
  
  #For DNS
  add 01300 pass udp from ${oip} to any 53 keep-state
  # For NTP
  add 01400 pass udp from ${oip} to any 123 keep-state
  # For VPN
  add 01500 pass gre from any to any keep-state
  # For ICMP
  add 01600 pass icmp from any to any via ${oip} keep-state
  
  Do you think these are causing the problem?
 
 Aren't udp and icmp state-less protocols?
 In that case, keep-state would not make much sense.
 
 I use 'keep-state' only for tcp rules.
 
 I may be wrong, moreover, I haven't followed the full thread :).

You'll generally need to keep state on UDP when you play online games.

If you're smart, you don't allow arbitrary UDP packets from the outside
world into your network, but if you're playing Unreal or something, then
all communication is via UDP, and you won't be able to play.

The best solution is to allow all UDP traffic to _leave_, while keeping
state.  the keep-state remembers the ip/port information on the outgoing
packets, and thus allows return packets to get back in (by matching the
ip/port pair).

Now, when you know the port, it doesn't really make sense to use
keep-state, and all you're really doing is spamming your state tables.

If you look in the /etc/rc.firewall that ships with FreeBSD, you'll see
these rules (designed to handle running a DNS server):
# Allow access to our DNS
${fwcmd} add pass tcp from any to ${oip} 53 setup
${fwcmd} add pass udp from any to ${oip} 53
${fwcmd} add pass udp from ${oip} 53 to any

Granted, it's three rules instead of 1, but it does not use your state
tables unnecessarily (sp?)

HTH.

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Too many dynamic rules, sorry

2004-09-17 Thread Micheal Patterson

- Original Message - 
From: Norm Vilmer [EMAIL PROTECTED]
To: Micheal Patterson [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, September 17, 2004 10:30 AM
Subject: Re: Too many dynamic rules, sorry

snip

 I do have a check-state rule

 add 00200 check-state

 Norm Vilmer

Ok. Then right above the check-state entry, place an

allow ip from 123.123.123/24 to 123.123.123./24

Replace the ip's with the appropriate network/metric for your lan and that
will allow lan traffic to go to itself unhindered by any stateful checks.

--

Micheal Patterson
TSG Network Administration
405-917-0600

Confidentiality Notice:  This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message.

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

XFree86-4 config issue

2004-09-17 Thread digish reshamwala

Hi,

I installed FreeBSD 5.2.1 using by creating my own installation CD from the 
freeBSD5.2.1_disc1.iso image from the main ftp site for i386 system.

Now, I am having trouble configuring XFree86-4, and:

After building the X11 by using following commands-  as root user

# cd /usr/ports/x11/XFree86-4
# make install clean

When I tried to configure it using:

# XFree86 -configure

It gives me following error message-  (i.e the XFree86.0.log file exculding 
comments)


Fatal Server error:
xf86EnableIO: Failed to open /dev/io for extended io


Please help me out to solve this problem

thanks
macuser

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Too many dynamic rules, sorry



 You'll generally need to keep state on UDP when you
 play online games.
 
 If you're smart, you don't allow arbitrary UDP
 packets from the outside
 world into your network, but if you're playing
 Unreal or something, then
 all communication is via UDP, and you won't be able
 to play.
 
 The best solution is to allow all UDP traffic to
 _leave_, while keeping
 state.  the keep-state remembers the ip/port
 information on the outgoing
 packets, and thus allows return packets to get back
 in (by matching the
 ip/port pair).
 
 Now, when you know the port, it doesn't really make
 sense to use
 keep-state, and all you're really doing is spamming
 your state tables.
 
 If you look in the /etc/rc.firewall that ships with
 FreeBSD, you'll see
 these rules (designed to handle running a DNS
 server):
 # Allow access to our DNS
 ${fwcmd} add pass tcp from any to ${oip} 53
 setup
 ${fwcmd} add pass udp from any to ${oip} 53
 ${fwcmd} add pass udp from ${oip} 53 to any
 
 Granted, it's three rules instead of 1, but it does
 not use your state
 tables unnecessarily (sp?)
 
Unless you have above the #Allow access to our DNS
rules-

${fwcmd} add pass udp from ${oip} to any keep-state
 
to allow all UDP to leave.
the first incoming packet to port 53 will match the
stateless rule 
${fwcmd} add pass udp from any to ${oip} 53

but the reply will create a dynamic rule
because first match is 

${fwcmd} add pass udp from ${oip} to any keep-state




___
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Too many dynamic rules, sorry


--- Bill Moran [EMAIL PROTECTED] wrote:

 Rob [EMAIL PROTECTED] wrote:
 
  Norm Vilmer wrote:
   Here are the rules that I have that keep-state
 on the outside interface:
   
   #For DNS
   add 01300 pass udp from ${oip} to any 53
 keep-state
   # For NTP
   add 01400 pass udp from ${oip} to any 123
 keep-state
   # For VPN
   add 01500 pass gre from any to any keep-state
   # For ICMP
   add 01600 pass icmp from any to any via ${oip}
 keep-state
   
   Do you think these are causing the problem?
  
  Aren't udp and icmp state-less protocols?
  In that case, keep-state would not make much
 sense.
  
  I use 'keep-state' only for tcp rules.
  
  I may be wrong, moreover, I haven't followed the
 full thread :).
 
 You'll generally need to keep state on UDP when you
 play online games.
 
 If you're smart, you don't allow arbitrary UDP
 packets from the outside
 world into your network, but if you're playing
 Unreal or something, then
 all communication is via UDP, and you won't be able
 to play.
 
 The best solution is to allow all UDP traffic to
 _leave_, while keeping
 state.  the keep-state remembers the ip/port
 information on the outgoing
 packets, and thus allows return packets to get back
 in (by matching the
 ip/port pair).
 
 Now, when you know the port, it doesn't really make
 sense to use
 keep-state, and all you're really doing is spamming
 your state tables.
 
 If you look in the /etc/rc.firewall that ships with
 FreeBSD, you'll see
 these rules (designed to handle running a DNS
 server):
 # Allow access to our DNS
 ${fwcmd} add pass tcp from any to ${oip} 53
 setup
 ${fwcmd} add pass udp from any to ${oip} 53
 ${fwcmd} add pass udp from ${oip} 53 to any
 
 Granted, it's three rules instead of 1, but it does
 not use your state
 tables unnecessarily (sp?)
 
 HTH.
 
 -- 
 Bill Moran
 Potential Technologies
 http://www.potentialtech.com
 ___
 [EMAIL PROTECTED] mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to
 [EMAIL PROTECTED]
 





__
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail 
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Too many dynamic rules, sorry


--- Bill Moran [EMAIL PROTECTED] wrote:

 Rob [EMAIL PROTECTED] wrote:
 
  Norm Vilmer wrote:
   Here are the rules that I have that keep-state
 on the outside interface:
   
   #For DNS
   add 01300 pass udp from ${oip} to any 53
 keep-state
   # For NTP
   add 01400 pass udp from ${oip} to any 123
 keep-state
   # For VPN
   add 01500 pass gre from any to any keep-state
   # For ICMP
   add 01600 pass icmp from any to any via ${oip}
 keep-state
   
   Do you think these are causing the problem?
  
  Aren't udp and icmp state-less protocols?
  In that case, keep-state would not make much
 sense.
  
  I use 'keep-state' only for tcp rules.
  
  I may be wrong, moreover, I haven't followed the
 full thread :).
 
 You'll generally need to keep state on UDP when you
 play online games.
 
 If you're smart, you don't allow arbitrary UDP
 packets from the outside
 world into your network, but if you're playing
 Unreal or something, then
 all communication is via UDP, and you won't be able
 to play.
 
 The best solution is to allow all UDP traffic to
 _leave_, while keeping
 state.  the keep-state remembers the ip/port
 information on the outgoing
 packets, and thus allows return packets to get back
 in (by matching the
 ip/port pair).
 
 Now, when you know the port, it doesn't really make
 sense to use
 keep-state, and all you're really doing is spamming
 your state tables.
 
 If you look in the /etc/rc.firewall that ships with
 FreeBSD, you'll see
 these rules (designed to handle running a DNS
 server):
 # Allow access to our DNS
 ${fwcmd} add pass tcp from any to ${oip} 53
 setup
 ${fwcmd} add pass udp from any to ${oip} 53
 ${fwcmd} add pass udp from ${oip} 53 to any
 
 Granted, it's three rules instead of 1, but it does
 not use your state
 tables unnecessarily (sp?)
 
 HTH.
 


Sorry, wasn't done with last message.

Look at your dynamic table, if you are getting DoS'd,
try using the limit option instead of keep-state or
tweak the net.inet.ip.fw.dyn_(*)_lifetime to a level
that suits your needs.

Or, rewrite your rules removing the keep-state options.



___
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Too many dynamic rules, sorry

Micheal Patterson wrote:
- Original Message - 
From: Norm Vilmer [EMAIL PROTECTED]
To: Micheal Patterson [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, September 17, 2004 10:30 AM
Subject: Re: Too many dynamic rules, sorry

snip
I do have a check-state rule
add 00200 check-state
Norm Vilmer

Ok. Then right above the check-state entry, place an
allow ip from 123.123.123/24 to 123.123.123./24
Replace the ip's with the appropriate network/metric for your lan and that
will allow lan traffic to go to itself unhindered by any stateful checks.
--
Micheal Patterson
TSG Network Administration
405-917-0600
Confidentiality Notice:  This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message.


would this be the same?
add 00200 allow all from any to any via ${iif} keep-state
add 00210 check-state
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Too many dynamic rules, sorry

Bill Moran wrote:
Rob [EMAIL PROTECTED] wrote:

Norm Vilmer wrote:
Here are the rules that I have that keep-state on the outside interface:
#For DNS
add 01300 pass udp from ${oip} to any 53 keep-state
# For NTP
add 01400 pass udp from ${oip} to any 123 keep-state
# For VPN
add 01500 pass gre from any to any keep-state
# For ICMP
add 01600 pass icmp from any to any via ${oip} keep-state
Do you think these are causing the problem?
Aren't udp and icmp state-less protocols?
In that case, keep-state would not make much sense.
I use 'keep-state' only for tcp rules.
I may be wrong, moreover, I haven't followed the full thread :).

You'll generally need to keep state on UDP when you play online games.
If you're smart, you don't allow arbitrary UDP packets from the outside
world into your network, but if you're playing Unreal or something, then
all communication is via UDP, and you won't be able to play.
The best solution is to allow all UDP traffic to _leave_, while keeping
state.  the keep-state remembers the ip/port information on the outgoing
packets, and thus allows return packets to get back in (by matching the
ip/port pair).
Now, when you know the port, it doesn't really make sense to use
keep-state, and all you're really doing is spamming your state tables.
If you look in the /etc/rc.firewall that ships with FreeBSD, you'll see
these rules (designed to handle running a DNS server):
# Allow access to our DNS
${fwcmd} add pass tcp from any to ${oip} 53 setup
${fwcmd} add pass udp from any to ${oip} 53
${fwcmd} add pass udp from ${oip} 53 to any
Granted, it's three rules instead of 1, but it does not use your state
tables unnecessarily (sp?)
HTH.
I'm not sure why, but using the above rules from the supplied
rc.firewall causes nslookup to fail on all my machines inside the
firewall. I am sure it must have something to do with the order.
Also, I am not running a DNS, so I really only need the outbound
rule (I think).
I changed my rule to
add 01300 pass udp from ${oip} to any 53
this seems to be working. So I also removed the keep state from
the ICMP and NTP rules. I had thought that you needed the keep-state
rule for ICMP if you wanted trace route to work correctly, but it
behaves the same regardless.
add 01400 pass udp from ${oip} to any 123
add 01600 pass icmp from any to any via ${oip}
I left the keep state on the gre rule, well, because, I am afraid it
may cause weirdness in the VPN connection.
Norm Vilmer
Norm
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

How to get best results from FreeBSD-questions

2004-09-17 Thread Greg Lehey

How to get the best results from FreeBSD questions.
===

Last update $Date: 2003/03/09 22:09:31 $

This is a regular posting to the FreeBSD questions mailing list.  If
you got it in answer to a message you sent, it means that the sender
thinks that at least one of the following things was wrong with your
message:

- You left out a subject line, or the subject line was not appropriate.
- You formatted it in such a way that it was difficult to read.
- You asked more than one unrelated question in one message.
- You sent out a message with an incorrect date, time or time zone.
- You sent out the same message more than once.
- You sent an 'unsubscribe' message to FreeBSD-questions.

If you have done any of these things, there is a good chance that you
will get more than one copy of this message from different people.
Read on, and your next message will be more successful.

This document is also available on the web at
http://www.lemis.com/questions.html.

=

Contents:

I:Introduction
II:   How to unsubscribe from FreeBSD-questions
III:  Should I ask -questions, -newbies or -hackers?
IV:   How to submit a question to FreeBSD-questions
V:How to answer a question to FreeBSD-questions

I: Introduction
===

This is a regular posting aimed to help both those seeking advice from
FreeBSD-questions (the newcomers), and also those who answer the
questions (the hackers).

   Note that the term hacker has nothing to do with breaking
   into other people's computers.  The correct term for the latter
   activity is cracker, but the popular press hasn't found out
   yet.  The FreeBSD hackers disapprove strongly of cracking
   security, and have nothing to do with it.

In the past, there has been some friction which stems from the
different viewpoints of the two groups.  The newcomers accused the
hackers of being arrogant, stuck-up, and unhelpful, while the hackers
accused the newcomers of being stupid, unable to read plain English,
and expecting everything to be handed to them on a silver platter.  Of
course, there's an element of truth in both these claims, but for the
most part these viewpoints come from a sense of frustration.

In this document, I'd like to do something to relieve this frustration
and help everybody get better results from FreeBSD-questions.  In the
following section, I recommend how to submit a question; after that,
we'll look at how to answer one.

II:  How to unsubscribe from FreeBSD-questions
==

When you subscribed to FreeBSD-questions, you got a welcome message
from [EMAIL PROTECTED]  In this message, amongst other things, it
told you how to unsubscribe.  Here's a typical message:

  Welcome to the freebsd-questions mailing list!

  If you ever want to remove yourself from this mailing list,
  you can send mail to [EMAIL PROTECTED] with the following command
  in the body of your email message:

  unsubscribe freebsd-questions Greg Lehey [EMAIL PROTECTED]

  Here's the general information for the list you've
  subscribed to, in case you don't already have it:

  FREEBSD-QUESTIONS   User questions
  This is the mailing list for questions about FreeBSD.  You should not
  send how to questions to the technical lists unless you consider the
  question to be pretty technical.

Normally, unsubscribing is even simpler than the message suggests: you
don't need to specify your mail ID unless it is different from the one
which you specified when you subscribed.

If Majordomo replies and tells you (incorrectly) that you're not on
the list, this may mean one of two things:

  1.  You have changed your mail ID since you subscribed.  That's where
  keeping the original message from majordomo comes in handy.  For
  example, the sample message above shows my mail ID as
  [EMAIL PROTECTED]  Since then, I have changed it to
  [EMAIL PROTECTED]  If I were to try to remove [EMAIL PROTECTED] from
  the list, it would fail: I would have to specify the name with
  which I joined.

  2.  You're subscribed to a mailing list which is subscribed to
  FreeBSD-questions.  If that's the case, you'll have to figure out
  which one it is and get your name taken off that one.  If you're
  not sure which one it might be, check the headers of the
  messages you receive from freebsd-questions: maybe there's a
  clue there.

If you've done all this, and you still can't figure out what's going
on, send a message to [EMAIL PROTECTED], and he will sort things
out for you.  Don't send a message to FreeBSD-questions: they can't
help you.

III: Should I ask -questions, -newbies or -hackers?
===

Two mailing lists handle general questions about FreeBSD,
FreeBSD-questions and FreeBSD-hackers.  In addition, the
FreeBSD-newbies list caters

The Complete FreeBSD: errata and addenda

2004-09-17 Thread Greg Lehey

The trouble with books is that you can't update them the way you can a web page
or any other online documentation.  The result is that most leading edge
computer books are out of date almost before they are printed.  Unfortunately,
The Complete FreeBSD, published by O'Reilly, is no exception.  Inevitably, a
number of bugs and changes have surfaced.

The Complete FreeBSD has been through a total of five editions, including its
predecessor Installing and Running FreeBSD.  Two of these have been reprinted
with corrections.  I maintain a series of errata pages.  Start at
http://www.lemis.com/errata-4.html to find out how to get the errata
information.

Have you found a problem with the book, or maybe something confusing?  Please
let me know: I'm constantly updating it.

Greg
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Too many dynamic rules, sorry

Dave McCammon wrote:
--- Bill Moran [EMAIL PROTECTED] wrote:

Rob [EMAIL PROTECTED] wrote:

Norm Vilmer wrote:
Here are the rules that I have that keep-state
on the outside interface:
#For DNS
add 01300 pass udp from ${oip} to any 53
keep-state
# For NTP
add 01400 pass udp from ${oip} to any 123
keep-state
# For VPN
add 01500 pass gre from any to any keep-state
# For ICMP
add 01600 pass icmp from any to any via ${oip}
keep-state
Do you think these are causing the problem?
Aren't udp and icmp state-less protocols?
In that case, keep-state would not make much
sense.
I use 'keep-state' only for tcp rules.
I may be wrong, moreover, I haven't followed the
full thread :).
You'll generally need to keep state on UDP when you
play online games.
If you're smart, you don't allow arbitrary UDP
packets from the outside
world into your network, but if you're playing
Unreal or something, then
all communication is via UDP, and you won't be able
to play.
The best solution is to allow all UDP traffic to
_leave_, while keeping
state.  the keep-state remembers the ip/port
information on the outgoing
packets, and thus allows return packets to get back
in (by matching the
ip/port pair).
Now, when you know the port, it doesn't really make
sense to use
keep-state, and all you're really doing is spamming
your state tables.
If you look in the /etc/rc.firewall that ships with
FreeBSD, you'll see
these rules (designed to handle running a DNS
server):
   # Allow access to our DNS
   ${fwcmd} add pass tcp from any to ${oip} 53
setup
   ${fwcmd} add pass udp from any to ${oip} 53
   ${fwcmd} add pass udp from ${oip} 53 to any
Granted, it's three rules instead of 1, but it does
not use your state
tables unnecessarily (sp?)
HTH.


Sorry, wasn't done with last message.
Look at your dynamic table, if you are getting DoS'd,
try using the limit option instead of keep-state or
tweak the net.inet.ip.fw.dyn_(*)_lifetime to a level
that suits your needs.
Or, rewrite your rules removing the keep-state options.

___
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
I think I follow you. I am going to have to play around with the
DNS rules supplied with rc.firewall to see if I can get them to
work. Just putting them in as given, my machines inside the firewall
can not do nslookup's.
I am a little afraid to play with the net.inet.ip.fw.dyn_(*)_lifetime
level, I have seen a number of posting where people increase the value,
mine is set to 300 (default). I did remove keep-state from all my rules
excpet the gre rule. I also set the net.inet.ip.fw.dyn_max to 8192 which
helps.
Maybe I need a good book on the subject. Any suggestions?
Norm Vilmer
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: installation on CompaQ pro work 5000

2004-09-17 Thread Doug White

Setting followup to [EMAIL PROTECTED]

On Fri, 17 Sep 2004 [EMAIL PROTECTED] wrote:

 the freebsd sistem give me that error when install :
 the disk in your drive looks more like an audio disk than a freebsd release
 ...the server is a CompaQ professional workstation 5000 dual processor...
 i have recopy the iso of freebsd... and not work... change cd rom ... and
 not work
 why give that error?(only with bsd...)all other sistem WORK...

Make sure you are buring the disc as a data/ISO image and not an audio
image.

This macine is also very old .. its a dual ppro.  Its pssible it has some
unsual cdrom setup that freebsd does not support. xompaqs are prone to
somewhat nonstandard setups.

-- 
Doug White|  FreeBSD: The Power to Serve
[EMAIL PROTECTED]  |  www.FreeBSD.org
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

FreeBSD 5.2.1 Release and Promise PDC20267 Raid Controller

2004-09-17 Thread Michael Milbach

I am trying to install 5.2.1 on an Intel S845WD1-E MB which has the Promise 
PDC20267 Raid Controller on board.
I set up a mirror using two Seagate 160GB Hard Drives successfully.  When I 
try to install FreeBSD, it sees the mirror, disk 0 is ready but disk 1 
shows down and then the mirror fails.

I get a missing interrupt error.
After the Disk 1 Down message the machine stops the boot process and 
sits.  I have to turn the machine off to do anything.

Does this controller work with FreeBSD.  I found a few messages on this 
list but saying that it worked but nothing on how to make it work.

Any thoughts would be appreciated.
Mike
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Too many dynamic rules, sorry

2004-09-17 Thread Micheal Patterson

- Original Message - 
From: Norm Vilmer [EMAIL PROTECTED]
To: Micheal Patterson [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, September 17, 2004 11:47 AM
Subject: Re: Too many dynamic rules, sorry

 Micheal Patterson wrote:

  - Original Message - 
  From: Norm Vilmer [EMAIL PROTECTED]
  To: Micheal Patterson [EMAIL PROTECTED]
  Cc: [EMAIL PROTECTED]
  Sent: Friday, September 17, 2004 10:30 AM
  Subject: Re: Too many dynamic rules, sorry

  snip

 I do have a check-state rule

 add 00200 check-state

 Norm Vilmer

  Ok. Then right above the check-state entry, place an

  allow ip from 123.123.123/24 to 123.123.123./24

  Replace the ip's with the appropriate network/metric for your lan and
that
  will allow lan traffic to go to itself unhindered by any stateful
checks.

  --

  Micheal Patterson
  TSG Network Administration
  405-917-0600

 would this be the same?

 add 00200 allow all from any to any via ${iif} keep-state
 add 00210 check-state

The goal is to not use dynamic rules for your local lan, only the traffic
from the lan to the net. Otherwise, you're wasting dynamic state table space
for rules that aren't necessary.

A very basic stateful ruleset:

ipfw add 100 allow ip from 1.1.1.0/24 to 1.1.1.0/24
ipfw add 500 check-state
ipfw add 600 allow ip from 1.1.1.0/24 to any keep-state
ipfw add 65000 deny log ip from any to any

That type of ruleset, will allow local traffic without using state table,
and the entry at 1000 will catch everything else outbound and use state
tables for it.  If it's not originating from your network, and there's no
state entry, it's blocked by 65000.

--

Micheal Patterson
TSG Network Administration
405-917-0600

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Too many dynamic rules, sorry

Micheal Patterson wrote:
- Original Message - 
From: Norm Vilmer [EMAIL PROTECTED]
To: Micheal Patterson [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, September 17, 2004 11:47 AM
Subject: Re: Too many dynamic rules, sorry


Micheal Patterson wrote:
- Original Message - 
From: Norm Vilmer [EMAIL PROTECTED]
To: Micheal Patterson [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, September 17, 2004 10:30 AM
Subject: Re: Too many dynamic rules, sorry

snip
I do have a check-state rule
add 00200 check-state
Norm Vilmer

Ok. Then right above the check-state entry, place an
allow ip from 123.123.123/24 to 123.123.123./24
Replace the ip's with the appropriate network/metric for your lan and
that
will allow lan traffic to go to itself unhindered by any stateful
checks.
--
Micheal Patterson
TSG Network Administration
405-917-0600

would this be the same?
add 00200 allow all from any to any via ${iif} keep-state
add 00210 check-state


The goal is to not use dynamic rules for your local lan, only the traffic
from the lan to the net. Otherwise, you're wasting dynamic state table space
for rules that aren't necessary.
A very basic stateful ruleset:
ipfw add 100 allow ip from 1.1.1.0/24 to 1.1.1.0/24
ipfw add 500 check-state
ipfw add 600 allow ip from 1.1.1.0/24 to any keep-state
ipfw add 65000 deny log ip from any to any
That type of ruleset, will allow local traffic without using state table,
and the entry at 1000 will catch everything else outbound and use state
tables for it.  If it's not originating from your network, and there's no
state entry, it's blocked by 65000.
--
Micheal Patterson
TSG Network Administration
405-917-0600
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
I tried your suggestion and got the same results and I think I
understand why. If I have this right, it's putting keep-state on
a rule that cause dynamic rules to be created. Well, I have
removed all the keep-state's except for the one you specified.
I launched the nmap attack against my public ip, however, the
machine I launched it from is on the same network segment as the
firewalls internal interface. So the traffic is going out the firewall
then coming back in. If I am correct, this is a major Doh! on my part.
Of course the net.inet.ip.fw.dyn_count is climbing, the
ipfw add 600 allow ip from 1.1.1.0/24 to any keep-state
rule is the culprit due to the outbound traffic.
So I really need to nmap my firewall from another location
to complete my test.
Hmmm, does this mean that I can mess up my firewall by running
nmap on a machine inside my firewall. It appears so.
Do you know what the maximum value for net.inet.ip.fw.dyn_max is?
I thought I read 8192
Norm Vilmer
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Burning OS X .dmg disk images...

2004-09-17 Thread artifex

 Does anyone know of how to burn Mac OS X .dmg images under FBSD?

 I have .dmg files from an OSX system (10.3.x) that I want to convert to
 ISO images (if necessary) for burning to cd/dvd. I can't find anything
 in the list archives about this.
Use this converter and burn the ISO file:
http://vu1tur.eu.org/tools/

bye,
artifex

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

can't get support for postgresql or mysql

2004-09-17 Thread asolomon15

Hello everyone...   I have a problem getting support for mysql within 
php.   I am running freebsd 5.2.1 and php 4.3.8.  When I tried to run a 
php script that uses a mysql db connection, I got  this error
 *Fatal error*: Call to undefined function: mysql_connect() in

I did a phpinfo() and noticed i didn't see any mysql or postgresql 
support in it.   I then tried to install php4-mysql module from the 
freebsd ports and still no luck.I also tried reinstalling both and I 
still end up in the same situation.   I did a google search for how to 
load a mysql module but I keep getting articles about how to load it 
with apache.   What should I do?  

Antoine  
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Which Laser Printer for FreeBSD

2004-09-17 Thread Garance A Drosihn

At 8:08 AM -0600 9/17/04, Warren Block wrote:
On Fri, 17 Sep 2004, Martin Moeller wrote:
I guess a laser printer is the best choice for Unix, and I'm
wondering which one I should buy.
I thought about the HP Laserjet 6L or something in this category.
Avoid the 5L and 6L, as they have failure-prone paper feeds.
Newer versions of this top feed printer may share the same problem.
Used 4/4M/4M+ or 5/5M/5M+ series can be found inexpensively; the
M models (for Mac) have Adobe PostScript.
The LaserJet 4000/4050 is a very nice printer, as is the LaserJet
5000 if you need 11x17.  Both have a non-Adobe PostScript clone
which works pretty well.
Internal JetDirect cards are cheap for the 4/5 series, more
expensive for 4000/5000, but very convenient.
Having PostScript in the printer makes setup easier, and makes
printing faster in some cases.
I agree with everything Warren has said here.  Here at RPI, we
have also used Lexmark for blackwhite laser printers, and they
have worked very well.  We've also had a few Lexmark color laser
printers.  We have not been as happy with those, but I assume
you are not looking for a color printer.
--
Garance Alistair Drosehn=   [EMAIL PROTECTED]
Senior Systems Programmer   or  [EMAIL PROTECTED]
Rensselaer Polytechnic Instituteor  [EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

how to make an executable run as another user

2004-09-17 Thread Richard Bradley

Um. I feel silly asking this. But I can't work it out.

I want a shell script to run as another user. I always thought this was easy 
to do with the setuid bit, but never tried it before. I read man chmod and 
found this:

.
4000(the setuid bit).  Executable files with this bit set will
 run with effective uid set to the uid of the file owner.
.
s   The set-user-ID-on-execution and set-group-ID-on-execution
   bits.


And off I went. I wrote a shell script to output the current uid. I chown'ed 
it to another user. I chmod +sed it. I ran it.

It didn't work.

-

rtb27# cat test
#! /bin/sh
whoami
rtb27# ll test
-rwsr-sr-x  1 rich wheel  20 Sep 17 19:34 test
rtb27# ./test
root



Um. Help?



Rich

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Multiple Net Connections

2004-09-17 Thread Lowell Gilbert

Chris Ryan [EMAIL PROTECTED] writes:

 I am running a Firewall / router / wireless freeBSD
 5.2.1 pII 300.
 
 i.e it supplies net access for my LAN..
 
 
 It has a wireless connection for internet that
 sometimes goes down and i wanted to get a backup
 internet connection for it - either DSL or ISDN.
 
 
 How can i enable it to use 2 different net
 connections? - and prioritize between the wireless
 first then if not available - the DSL.
 
 Is BGP the answer? and if so how?

BGP is the answer for a sufficiently-large site, but you need the
cooperation (peering) of your upstream providers.

Since you're asking the question, that's unlikely to be an option
for you.  Some sort of failover solution would be a better idea; 
but I don't specifically know of any that are intended for 
wireless connections.  
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: how to make an executable run as another user

2004-09-17 Thread Subhro

man sudo is what you need. Install it from the ports collection

Regards
S.


On Fri, 17 Sep 2004 19:50:19 +, Richard Bradley [EMAIL PROTECTED] wrote:
 Um. I feel silly asking this. But I can't work it out.
 
 I want a shell script to run as another user. I always thought this was easy
 to do with the setuid bit, but never tried it before. I read man chmod and
 found this:
 
 .
 4000(the setuid bit).  Executable files with this bit set will
 run with effective uid set to the uid of the file owner.
 .
 s   The set-user-ID-on-execution and set-group-ID-on-execution
   bits.
 
 
 And off I went. I wrote a shell script to output the current uid. I chown'ed
 it to another user. I chmod +sed it. I ran it.
 
 It didn't work.
 
 -
 
 rtb27# cat test
 #! /bin/sh
 whoami
 rtb27# ll test
 -rwsr-sr-x  1 rich wheel  20 Sep 17 19:34 test
 rtb27# ./test
 root
 
 
 
 Um. Help?
 
 Rich
 
 ___
 [EMAIL PROTECTED] mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to [EMAIL PROTECTED]
 



-- 
Subhro Sankha Kar
School of Information Technology
Block AQ-13/1 Sector V
ZIP 700091
India
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Highpoint RAID HPT374

2004-09-17 Thread Joshua Lewis

Thanks for the reply Chuck however I think you misunderstood me. Or
perhaps I didn't make myself clear.

I have two 80GB WD Special Edition drives. I am Mirroring them together.
When I mention having things on seperate drives I was refering to my SQL
databases and web pages and such each on thier own drives (money
permitting also raided to other drives.)

But no right now I am looking at installing everything on one drive. I
have actually already done it wil no problems so far. The system is using
the ro0 driver and I think I am good to go. I wasn't sure if there were
optimizations I should be aware of or utilities or anything. This is my
first drive set ever. So I am looking for any tips.

The block sizes question seems to only apply to a striped drives. It was a
seperate question and even a seperate thought all together.


Thank you,
Joshua Lewis



Chuck Swiger
 Joshua Lewis wrote:
 I am looking to make a RAID MIRROR using my built in HPT374 raid
 controller on my ABIT AT7-MAX motherboard. I will be installing the OS,
 MySQL, BIND9, POSTFIX2, APACHE2, PHP4, and MONO.

 I realize I should use separate drives. I will when I have the money.

 So my questions are:

 one is there anything special I should keep in mind (like drivers that
 support this chip and so on) and two when I was creating the array in
 the
 BIOS utility it asked what block size I would like to use.

 Using RAID-1 mirroring of two partitions on a single drive doesn't make a
 lot
 of sense: it will greatly slow down performance without gaining any real
 improvement to reliability.

 What blocksize you should use depends somewhat upon the files you use, and
 is
 best determined by benchmarking your expected load using the data you
 have;
 that said, normally a small blocksize will work fine if you have lots of
 small
 files.

 --
 -Chuck



___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Hard drive encryption

2004-09-17 Thread Charles Ulrich


[EMAIL PROTECTED] said:


 Hello,

 I am writing to inquire about a hard drive encryption software that is
 compatible with FreeBSD.  We have been using PointSEC with windows and am
 looking for a similar solution for FreeBSD.  I see you have  GEOM Based Disk
 Encryption (gbde)   Which I have read about on your web site, but the folks
 here are resistant to using it and are asking for a 3rd party solution that is
 separate from the OS.

I don't know what third-party disk encryption services there are available for
FreeBSD nor do I know what the status of gbde is currently, but there is no
inherent reason that a third-party encryption service would be any more stable
or robust than one that's built into the OS. In fact, I'd argue just the
opposite, as the people who wrote gbde also work on related parts of the
FreeBSD kernel and nearly all of the core FreeBSD developers are well-known
for their ability to design and write quality, stable code. They would also be
the first ones to notice a change to the kernel that would adversely effect
gbde and probably also the first ones to fix such a problem.

 Do you have anything in mind?  I understand that gbde
 requests a password before the partition can be mounted anyway so this
 simulates the same functionality of PointSEC, but since it is part of the OS,
 it seems that if someone has access to the OS, they could still get in.  Is
 that right?

No, otherwise there would be no point in encrypting the data on the disk.
Encryption means that even if someone were to get their hands on the physical
disk (which is always considered the worst-case scenario, from a security
standpoint) and read all of the data off it, they could never use it to gain
any information since the data would appear scambled unless they decrypted it
with the appropriate key (the password, in this case).

In other words, it's not the operating system that allows/disallows access to
an ecrypted disk, it's the mathematical encryption algorithms. Similarly, disk
encryption has nothing to do with allowing/disallowing access to the system,
only its data.

-- 
Charles Ulrich
System Administrator
Ideal Solution - http://www.idealso.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Best LAN file archive server?

2004-09-17 Thread Andrew

Good day to everyone!

I want to arrange a file archive on my FreeBSD box so that windows users
can access it via LAN (100Mbit). It'll be over 100Gb, mp3 and divx
mostly. Throttling is imperative, it must be designed so that clients
can listen to music and watch movies directly, without downloading them.
There are only 10 LAN users, so I expect 5-8 simultaneous connections.

I wonder, what do you think is the best solution for this - samba, http,
ftp or something else? I don't want users to install additional software
on their computers, but I'm ready to consider it if it's worth the
worries.

If ftp is the best, what is the best server? Ftpd?


Another point - how to configure the filesystem so that it suits the
purpose best? It's just my imagination - but I want it to cache
everything insanely, to be very fast in responses and to spare the hard
drive (as the latter is going to be a simple ATA drive, Maxtor, Seagate
or Hitachi, which are inclined to deadly failures under heavy loads).


Please excuse me for my stupidity, but I'm still a hardcore newbie.

Yours respectfully,
Andrew P.

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: how to make an executable run as another user

Richard Bradley [EMAIL PROTECTED] wrote:
 Um. I feel silly asking this. But I can't work it out.

Not silly, common problem for shell script writers.

 I want a shell script to run as another user. I always thought this was easy 
 to do with the setuid bit, but never tried it before. I read man chmod and 
 found this:
 
 .
 4000(the setuid bit).  Executable files with this bit set will
  run with effective uid set to the uid of the file owner.
 .
 s   The set-user-ID-on-execution and set-group-ID-on-execution
bits.
 
 
 And off I went. I wrote a shell script to output the current uid. I chown'ed 
 it to another user. I chmod +sed it. I ran it.
 
 It didn't work.
 
 -
 
 rtb27# cat test
 #! /bin/sh
 whoami
 rtb27# ll test
 -rwsr-sr-x  1 rich wheel  20 Sep 17 19:34 test
 rtb27# ./test
 root

Interpreted programs (i.e. scripts) don't honor setuid/setgid (with the
notable exception of setuidperl, which is installed but disabled on
FreeBSD)

Clever use of su or sudo can work around this.  Also, writing a C or
C++ wrapper program will help.  That's a bit of a PITA, though.

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Best LAN file archive server?

Andrew [EMAIL PROTECTED] wrote:
 Good day to everyone!
 
 I want to arrange a file archive on my FreeBSD box so that windows users
 can access it via LAN (100Mbit). It'll be over 100Gb, mp3 and divx
 mostly. Throttling is imperative, it must be designed so that clients
 can listen to music and watch movies directly, without downloading them.
 There are only 10 LAN users, so I expect 5-8 simultaneous connections.
 
 I wonder, what do you think is the best solution for this - samba, http,
 ftp or something else?

Samba is probably going to provide the easiest use, assuming all your
clients are running Windows (you didn't mention).  If they're mixed
OS, you may do better with something like FTP or HTTP, as it's more
portable/standardized.  Although Mac and Linux talk to Samba servers
very nicely these days.

 I don't want users to install additional software
 on their computers, but I'm ready to consider it if it's worth the
 worries.
 
 If ftp is the best, what is the best server? Ftpd?

If you're setting up anon-only FTP access, then just about any FTP
server will do.  I'd just use the one that ships with FreeBSD.  If
it's going to be more complex, something like proftpd has support
for virtual users, and authenticating out of a MySQL database.

 Another point - how to configure the filesystem so that it suits the
 purpose best? It's just my imagination - but I want it to cache
 everything insanely, to be very fast in responses and to spare the hard
 drive (as the latter is going to be a simple ATA drive, Maxtor, Seagate
 or Hitachi, which are inclined to deadly failures under heavy loads).

Just install it and give the system as much RAM as you can afford.
FreeBSD will cache as much data as possible by default.

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Crontab file (root user)

2004-09-17 Thread Lowell Gilbert

Steve Bertrand [EMAIL PROTECTED] writes:

 I'm wondering where the crontab is located for the root user. I know
 there is the system crontab in /etc, however doing a #crontab -e when
 su'd to root, it comes up with a different crontab.
 
Right.  Just as you said: the former is the system crontab, the latter
is the root user's crontab.  The former has an extra field that
indicates which user to run a command as, the latter is exactly the
same as any other user's crontab (and is stored in /var/cron/tabs just
all the other user crontabs).

I'm not quite sure what your confusion is: did my previous paragraph
eliminate it?

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

weird problem following 4.10-STABLE build....

2004-09-17 Thread John Von Essen

After upgrading to 4.10-STABLE I have noticed some weird issues with 
email. My remote clients are unable to connect to the mail server, even 
though they can access websites on it. Since they arent even getting to 
the server, the logs show nothing. At first I suspected networking 
issues. I checked everything and there dont seem to be any problems. 
The only thing I changed when doing the upgrade was I increased 
kern.maxfiles to 12288. Also, my top level ISP does not delegate 
reverse authority. So the mail server ip reverses to something else 
when outside my network.

Any ideas?
Thanks
John
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Best LAN file archive server?

2004-09-17 Thread Vulpes Velox

On Fri, 17 Sep 2004 23:20:47 +0400
Andrew [EMAIL PROTECTED] wrote:

 Good day to everyone!
 
 I want to arrange a file archive on my FreeBSD box so that windows
 users can access it via LAN (100Mbit). It'll be over 100Gb, mp3 and
 divx mostly. Throttling is imperative, it must be designed so that
 clients can listen to music and watch movies directly, without
 downloading them. There are only 10 LAN users, so I expect 5-8
 simultaneous connections.

BTW what OSes are they running. If it all just various unix machines,
nfs should work. Not exactly sure how to throttle it though.
 
 I wonder, what do you think is the best solution for this - samba,
 http, ftp or something else? I don't want users to install
 additional software on their computers, but I'm ready to consider it
 if it's worth the worries.

SMB :)

I would setup some rules for throttling using IPFW to each client
machine. Not sure if samba supports throttling or now, but doing it by
IPFW should work fine.
 
 If ftp is the best, what is the best server? Ftpd?

Possible, but would make it annoying for fetching files and probally
more network load.


 Another point - how to configure the filesystem so that it suits the
 purpose best? It's just my imagination - but I want it to cache
 everything insanely, to be very fast in responses and to spare the
 hard drive (as the latter is going to be a simple ATA drive, Maxtor,
 Seagate or Hitachi, which are inclined to deadly failures under
 heavy loads).

man tuning
man sysctl
:)

IIRC there is also a section in the handbook on it.

If you have not bought the drive yet, I would suggest advioding
Western Digital. I have all ways have problems with transfer speeds
and their drives.


BTW movies and music does not eat much bandwidth. You may very well be
able to do it with out throttling, depending on the bit rate. But
should all be fine for the most part with out throttling.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: XFree86-4 config issue

2004-09-17 Thread Lowell Gilbert

digish reshamwala [EMAIL PROTECTED] writes:

 I installed FreeBSD 5.2.1 using by creating my own installation CD from the 
 freeBSD5.2.1_disc1.iso image from the main ftp site for i386 system.
 
 Now, I am having trouble configuring XFree86-4, and:
 
 After building the X11 by using following commands-  as root user
 
 # cd /usr/ports/x11/XFree86-4
 # make install clean
 
 When I tried to configure it using:
 
 # XFree86 -configure
 
 It gives me following error message-  (i.e the XFree86.0.log file exculding 
 comments)
 
 
 Fatal Server error:
 xf86EnableIO: Failed to open /dev/io for extended io
 

Looks like you're running at a raised securelevel.  
If so, that would explain it; you can't open an X server in a raised
securelevel (it is left as an exercise to the reader to explain why
raw access to system memory and configuration registers are not
considered compatible with raised security levels).
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: RELENG_5: KDE upgrade Catch-22

2004-09-17 Thread Mark Ovens

Michael Nottebrock wrote:
On Friday 17 September 2004 21:14, Mark Ovens wrote:
Hmmm, if I delete XFree86-libraries then X won't run, and without
libXinerama.so.1 KDE won't run  :-/
Anyone have a solution to this conundrum please?
Yes: Update all of XFree86 to the latest version in ports (4.4).
XFree86-libraries does contain libXinerama.so.1. The real conundrum is how you 
ended up with a system like this.  I can make a few guesses: You upgraded KDE
via packages
Running ''portupgrade -PPRa'' I guess. I had been having problems caused 
by the compiler changes and read in this list, or -questions, an answer 
to a question about the same problem where the advice was to u/g all 
your ports via packages (or uninstall them all and rebuild from ports).

portupgrade(1) skipped XFree86.
 - that KDE has been built against xorg (which is the default X
distribution for 5.3 and contains libXinerama.so.1, while XFree86-4.3 only 
contains a libXinerama.a).

Are you saying the KDE packages are built against xorg? I guess that 
explains all the dependencies on xorg that I kept having to delete using 
''pkgdb -F''. Is that the real reason KDE won't run? Would switching to 
xorg be the best solution in the long run then (now is the time for me 
to do it if it is)? I guess that would mean rebuilding all my X apps 
that weren't installed from packages.

Thanks for the quick and detailed reply.
Regards,
Mark
Or maybe you compiled KDE yourself - against Xorg or XFree86-4.4 and then 
downgraded to XFree86-4.3?


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Too many dynamic rules, sorry


--- Norm Vilmer [EMAIL PROTECTED] wrote:

 Dave McCammon wrote:
 
  --- Bill Moran [EMAIL PROTECTED] wrote:
  
  
 Rob [EMAIL PROTECTED] wrote:
 
 
 Norm Vilmer wrote:
 
 Here are the rules that I have that keep-state
 
 on the outside interface:
 
 #For DNS
 add 01300 pass udp from ${oip} to any 53
 
 keep-state
 
 # For NTP
 add 01400 pass udp from ${oip} to any 123
 
 keep-state
 
 # For VPN
 add 01500 pass gre from any to any keep-state
 # For ICMP
 add 01600 pass icmp from any to any via ${oip}
 
 keep-state
 
 Do you think these are causing the problem?
 
 Aren't udp and icmp state-less protocols?
 In that case, keep-state would not make much
 
 sense.
 
 I use 'keep-state' only for tcp rules.
 
 I may be wrong, moreover, I haven't followed the
 
 full thread :).
 
 You'll generally need to keep state on UDP when
 you
 play online games.
 
 If you're smart, you don't allow arbitrary UDP
 packets from the outside
 world into your network, but if you're playing
 Unreal or something, then
 all communication is via UDP, and you won't be
 able
 to play.
 
 The best solution is to allow all UDP traffic to
 _leave_, while keeping
 state.  the keep-state remembers the ip/port
 information on the outgoing
 packets, and thus allows return packets to get
 back
 in (by matching the
 ip/port pair).
 
 Now, when you know the port, it doesn't really
 make
 sense to use
 keep-state, and all you're really doing is
 spamming
 your state tables.
 
 If you look in the /etc/rc.firewall that ships
 with
 FreeBSD, you'll see
 these rules (designed to handle running a DNS
 server):
 # Allow access to our DNS
 ${fwcmd} add pass tcp from any to ${oip}
 53
 setup
 ${fwcmd} add pass udp from any to ${oip}
 53
 ${fwcmd} add pass udp from ${oip} 53 to
 any
 
 Granted, it's three rules instead of 1, but it
 does
 not use your state
 tables unnecessarily (sp?)
 
 HTH.
 
 
  
  
  Sorry, wasn't done with last message.
  
  Look at your dynamic table, if you are getting
 DoS'd,
  try using the limit option instead of keep-state
 or
  tweak the net.inet.ip.fw.dyn_(*)_lifetime to a
 level
  that suits your needs.
  
  Or, rewrite your rules removing the keep-state
 options.
  
  
  
  ___
  Do you Yahoo!?
  Declare Yourself - Register online to vote today!
  http://vote.yahoo.com
  ___
  [EMAIL PROTECTED] mailing list
 

http://lists.freebsd.org/mailman/listinfo/freebsd-questions
  To unsubscribe, send any mail to
 [EMAIL PROTECTED]
  
 I think I follow you. I am going to have to play
 around with the
 DNS rules supplied with rc.firewall to see if I can
 get them to
 work. Just putting them in as given, my machines
 inside the firewall
 can not do nslookup's.
 
 I am a little afraid to play with the
 net.inet.ip.fw.dyn_(*)_lifetime
 level, I have seen a number of posting where people
 increase the value,
 mine is set to 300 (default). I did remove
 keep-state from all my rules
 excpet the gre rule. I also set the
 net.inet.ip.fw.dyn_max to 8192 which
 helps.
 
 Maybe I need a good book on the subject. Any
 suggestions?
 
 Norm Vilmer

What you may you may want to do is lower the 
net.inet.ip.fw.dyn_ack_lifetime. 
This will help the dynamic rules to be cleared faster
on connections that don't get completed with the FIN
or RST.
Besides, I believe the UDP dynamic rules are
controlled by net.inet.ip.fw.dyn_udp_lifetime.
On my bridging-firewall, it is set to 10 but in the
man page for ipfw it shows default as 5 (unless the 5
is just an example not the default).

Here is some links that I have bookmarked
http://www.kgb.ro/Ipfw-HOWTO
http://freebsd.amazingdev.com/blog/archives/000112.html
http://www.toad-one.org/howto/FreeBSD/Ipfw-Advanced-Supplement-HOWTO.txt






___
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: how to make an executable run as another user

2004-09-17 Thread mailing lists at MacTutor

Rich,
Someone else had responded to your post explaining that setuid does not  
work with shell scripts. Nor does it work with any interpreted input.  
The following article might help explain this (and others):

http://www.evolt.org/article/UNIX_File_Permissions_and_Setuid_Part_2/ 
18/263/

QUOTE: In most UNIX kernels there exists what is called a 'race  
condition' when executing scripts. Scripts are pieces of code which are  
interpreted by, strangely enough, interpreters. Common examples of  
interpreters are perl, sed, and awk. So when you have in your perl code  
#!/usr/local/bin/perl it tells the operating system to start executing  
the perl interpreter with the current script as input. Between the time  
that the perl interpreter starts executing and the time that it reads  
in your script the 'race condition' exists. At this time, a mischievous  
person could 'win the race' and be able to replace your script with  
another. And if your script is running as setuid, that person's script  
would run as your user! So their script could do anything that you  
could do from the command line. As a result, most UNIX kernels will  
disable users from running scripts as setuid. The most common way  
around this is to create a wrapper program around your script. A  
wrapper, in this context, is a small program, possibly written in C,  
that when executed will simply run your script. The 'race condition'  
does not exist for real executables and so you won't be thwarted by the  
kernel itself.

I'm not exceptionally well versed in this stuff. But I think this is  
what you're after.

Alex
On Sep 17, 2004, at 3:50 PM, Richard Bradley wrote:
Um. I feel silly asking this. But I can't work it out.
I want a shell script to run as another user. I always thought this  
was easy
to do with the setuid bit, but never tried it before. I read man  
chmod and
found this:

.
4000(the setuid bit).  Executable files with this bit set will
 run with effective uid set to the uid of the file  
owner.
.
s   The set-user-ID-on-execution and set-group-ID-on-execution
   bits.


And off I went. I wrote a shell script to output the current uid. I  
chown'ed
it to another user. I chmod +sed it. I ran it.

It didn't work.
-
rtb27# cat test
#! /bin/sh
whoami
rtb27# ll test
-rwsr-sr-x  1 rich wheel  20 Sep 17 19:34 test
rtb27# ./test
root

Um. Help?

Rich
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to  
[EMAIL PROTECTED]


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 Alexander Sendzimir (owner)802 863 5502
 MacTutor: Apple Mac OS X Consulting   [EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: can't get support for postgresql or mysql

2004-09-17 Thread Kevin D. Kinsey, DaleCo, S.P.

asolomon15 wrote:
Hello everyone...   I have a problem getting support for mysql within 
php.   I am running freebsd 5.2.1 and php 4.3.8.  When I tried to run 
a php script that uses a mysql db connection, I got  this error
 *Fatal error*: Call to undefined function: mysql_connect() in

I did a phpinfo() and noticed i didn't see any mysql or postgresql 
support in it.   I then tried to install php4-mysql module from the 
freebsd ports and still no luck.I also tried reinstalling both and 
I still end up in the same situation.   I did a google search for how 
to load a mysql module but I keep getting articles about how to load 
it with apache.   What should I do? 

Please read /usr/ports/UPDATING if it is available on your system.  If not,
you may access it via the cvsweb at the Project web site.  You will need to
install /usr/ports/lang/php4-extensions to, um, get the extensions ;-)
Kevin Kinsey
DaleCo, S.P.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: XFree86-4 config issue

2004-09-17 Thread digish reshamwala

Thanks a lot Lowell,

After reducing the secure lever I was able to configure the XFree86 by using

#XFree86 -configure   then
#cp XF86Config.new /etc/X11/XF86Config  
(Copying it in common location where XFree86 can find it)

But afterthat, whenever I tried to start the X11 using

#statrx  

the system simply froze??

Also when I tried to test the existing configuration by giving
# XFree86 -xf86config XF86Config.new

It simply frozes the OS???

Any idea whats wrong?  Can u please suggest/help asap

Macuser


- Original Message -
From: Lowell Gilbert [EMAIL PROTECTED]
Date: Friday, September 17, 2004 1:24 pm
Subject: Re: XFree86-4 config issue

 digish reshamwala [EMAIL PROTECTED] writes:
 
  I installed FreeBSD 5.2.1 using by creating my own installation CD from 
 the 
  freeBSD5.2.1_disc1.iso image from the main ftp site for i386 system.
  
  Now, I am having trouble configuring XFree86-4, and:
  
  After building the X11 by using following commands-  as root user
  
  # cd /usr/ports/x11/XFree86-4
  # make install clean
  
  When I tried to configure it using:
  
  # XFree86 -configure
  
  It gives me following error message-  (i.e the XFree86.0.log file 
 exculding 
  comments)
  
  
  Fatal Server error:
  xf86EnableIO: Failed to open /dev/io for extended io
  
 
 Looks like you're running at a raised securelevel.  
 If so, that would explain it; you can't open an X server in a raised
 securelevel (it is left as an exercise to the reader to explain why
 raw access to system memory and configuration registers are not
 considered compatible with raised security levels).
 ___
 [EMAIL PROTECTED] mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to freebsd-questions-
[EMAIL PROTECTED]
 

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Hard drive encryption

2004-09-17 Thread Svein Halvor Halvorsen


[EMAIL PROTECTED], 2004-09-16]
  I understand that gbde requests a password before the partition can be
  mounted anyway so this simulates the same functionality of PointSEC,
  but since it is part of the OS, it seems that if someone has access to
  the OS, they could still get in.  Is that right?

See gbde(4) http://www.freebsd.org/cgi/man.cgi?query=gbdesektion=4

The objective of this facility is to provide a high degree of
denial of access to the contents of a ``cold'' storage device.

Be aware that if the computer is compromised while up and running
and the storage device is actively attached and opened with a
valid pass-phrase, this facility offers no protection or denial of
access to the contents of the storage device.

If, on the other hand, the device is ``cold'', it should present
an formidable challenge for an attacker to gain access to the
contents in the absence of a valid pass-phrase.

Four cryptographic barriers must be passed to gain access to the
data, and only a valid pass-phrase will yield this access.


A cold device should be understood as a hard drive (or other geom-
device) that is not powered on, or that has not yet been opened by a valid
pass-phrase. For more info on the four barriers, read the rest of the
manual page. GBDE should not be any less secure just because the OS has
builtin support for it.

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: pf not logging on 5.3-BETA3 ?

2004-09-17 Thread Hugo Silva

 On Thursday 16 September 2004 21:19, Thomas T. Veldhouse wrote:
 Bruno Afonso wrote:
  Thomas T. Veldhouse wrote:
  Max Laier wrote:
  Okay, have you guys read UPDATING?
 
  Yes, but it is from a BETA3 install ... so the user/group was already
  their.  Besides, installworld will fail unless this group is added
  first.
 
  Did you do mergemaster -p ?

 Yes.  But like I said, it is not required to move from 5.3-BETA3 to
 RELENG_5 as the changes in master.passwd and group are already there.
 If they were not, an installworld would fail because the chown or chgrp
 commands fail trying to set the user or group to _pflogd or authpf
 (group).

 In any event, my passwd and group file are indeed up to date and
 /var/log/pflog broken (no logging taking place).

 fuggle# ps aux | grep pf
 root  340  0.0  0.3  1584  612  ??  Ss3:05PM   0:00.01 pflogd:
 [priv] (
 _pflogd   343  0.0  0.3  1648  652  ??  S 3:05PM   0:11.14 pflogd:
 [running
 root21395  0.0  0.1   440  224  p1  R+2:18PM   0:00.00 grep pf

 Are you sure that you have logging rules in place? And are you sure that
 these
 rules are matched? Please attach the output of $pfctl -vvsr if in doubt.



Yep, I can follow the log with my pflog script:

[EMAIL PROTECTED]:/home/klr]# pflog
tcpdump: WARNING: pflog0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96
bytes
2. 827601 rule 7/0(match): block out on rl1: IP X.X.X.X.61201 
66.35.250.150.6060: S 1604621353:1604621353(0) win 65535 mss
1460,nop,wscale 1,[|tcp]
(ip blocked out)

[workstation:
[EMAIL PROTECTED]:/home/killer/] telnet slashdot.org 6060
Trying 66.35.250.150...
]

The script (very simple):

[EMAIL PROTECTED]:/home/klr]# cat `which pflog`
tcpdump -n -e -ttt -i pflog0

This ensures logging rules are there, but anyway:

[EMAIL PROTECTED]:/home/klr]# grep log /etc/pf.conf
block in log on $net proto { tcp,udp,icmp }
block out log on $net proto { tcp,udp,icmp }

 Also, are you using the module or did you build pf into your kernel
 directly?

Compiled directly into the kernel, device pf/pflog/pfsync, all ALTQ options:
options ALTQ
options ALTQ_CBQ# Class Bases Queueing
options ALTQ_RED# Random Early Drop
options ALTQ_RIO# RED In/Out
options ALTQ_HFSC   # Hierarchical Packet Scheduler
options ALTQ_CDNR   # Traffic conditioner
options ALTQ_PRIQ   # Priority Queueing
options ALTQ_NOPCC  # Required for SMP build
options ALTQ

device  pf  # Packet Filter
device  pfsync
device  pflog
_DEBUG


 Did you put in device pflog as well? What does $ifconfig pflog0 say?

[EMAIL PROTECTED]:/home/klr]# ifconfig pflog0
pflog0: flags=41UP,RUNNING mtu 33208


If more info is needed, let me know. I don't think this is an obvious
mistake of me (altough it could be, I haven't looked to this problem in
the last days, must take some time to look more carefully at it).

As a reminder, the system is:
FreeBSD evilreborn 5.3-BETA3 FreeBSD 5.3-BETA3 #0: Wed Sep 15 19:18:51
WEST 2004 [EMAIL PROTECTED]:/usr/src/sys/i386/compile/evilreborn53-kernel
 i386



 --
 /\  Best regards,  | [EMAIL PROTECTED]
 \ /  Max Laier  | ICQ #67774661
  X   http://pf4freebsd.love2party.net/  | [EMAIL PROTECTED]
 / \  ASCII Ribbon Campaign  | Against HTML Mail and News


Best Regards,

Hugo

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Apache Installation

2004-09-17 Thread digish reshamwala

Hey

I am a novice at FreeBSD!  I want to install apache v 1.3.28 in my FreeBSD 
5.21.

Can u guys help me?  How to proceed?

-macuser



___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Apache Installation

2004-09-17 Thread Hugo Silva

Hey,

It's very simple!
Assuming you have an updated ports tree, just do this as root:

cd /usr/ports/www/apache13
make install clean



 Hey

 I am a novice at FreeBSD!  I want to install apache v 1.3.28 in my FreeBSD
 5.21.

 Can u guys help me?  How to proceed?

 -macuser



 ___
 [EMAIL PROTECTED] mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to
 [EMAIL PROTECTED]



-- 
www.6s-gaming.com

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ATI AGP card and Xorg

2004-09-17 Thread jason

John DeStefano wrote:
Trying to take my mind off my server exploit issue...
I'm trying to configure an ATI Radeon 9000 64mb AGP video card with
Xorg on a FreeBSD5.3beta2 workstation. No matter which config option I
choose ('Xorg -configure', 'xorgcfg -textmode', xorgconfig), when I
test the generated .conf file, the screen locks up with a bunch of
colors and horizontal lines (green on top, blue everywhere else). The
mouse cursor moves, but none of the Ctrl+Alt key combos work, and I
can't escape the X session or access another virtual console. The
Device section generated from 'Xorg -configure' is:
Section Device
Identifier Card0
Driver ati
VendorName ATI Technologies Inc
BoardName Radeon RV250 If [Radeon 9000]
BusID PCI:3:0:0
Here's any related output I can think of from 'pciconf -lv':
[EMAIL PROTECTED]:0:0: class=0x06 card=0x chip=0x01e010de rev=0xa2 
hdr=0x00
vendor = 'NVIDIA Corporation'
device = 'nForce2 AGP Controller'
class = bridge
subclass = HOST-PCI
.
.
.
[EMAIL PROTECTED]:0:0: class=0x03 card=0x20021002 chip=0x49661002 rev=0x01 
hdr=0x00
vendor = 'ATI Technologies Inc.'
device = 'RV250 Radeon 9000/9000 Pro'
class = display
subclass = VGA
[EMAIL PROTECTED]:0:1: class=0x038000 card=0x20031002 chip=0x496e1002 
rev=0x01 hdr=0x00
vendor = 'ATI Technologies Inc.'
device = 'RV250 Radeon 9000/9000 Pro - Secondary'
class = display

I thought it might be an AGP/kernel issue, but when I try 'kldload
agp' I get back File exists, and when I do 'kldstat -n agp' or
'kldunload' I get No such file.
I tried someone else's bare-bones radeon conf file, and I got the
same problem as always on test: blue/green garbled screen, mouse
moves, can't escape out of locked-up X. I then replaced the radeon
Driver entry with vesa in the config. When I tested this, it showed
a different garbled screen (grey this time) for a few seconds, then
clicked to a normal X-Windows screen, but with a black hourglass
outline on the sides. I was able to Ctl+Alt+Backspace out of this as
normal, and the console didn't report any warnings or errors.
I then moved this config file to /etc/X11/xorg.conf and ran 'startx'.
It started fine and looked as described above, with an hourglass
outline. When I exited X, there were some errors on the console that
were probably just from exiting out of X, and this one:
xauth: (argv):1: bad display name my.hostname.com:0 in remove command
Any ideas on how to get this card working properly?  BTW: I began
using FreeBSD5.3beta2 on this machine for its NDIS support for my
onboard NIC.
Thanks,
~John
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
 

I know your pain so well!  I have a r200 on a nforce2 board.  I have the 
same problems as you.

1.It looks as if your pci id is wrong.  I might be wrong, but I see  
3:0:1 and 3:0:0.  You should not use the BusID option if you can avoid 
it.  There is a free pci scan with every startx!  The point of the scan 
is not having to set the id.

[EMAIL PROTECTED]:0:0:  class=0x03 card=0x7149174b chip=0x514c1002 rev=0x00 
hdr=0x00
   vendor   = 'ATI Technologies Inc.'
   device   = 'R200 Radeon 8500 / 8500LE'
   class= display
   subclass = VGA

You see here on mine I am getting a driver attached to my card.  The 
[EMAIL PROTECTED]:0:1 means there is no driver attacked, or at least drm is 
not working. 

2.You must preload agp.  The handbook clearly states you have to have 
agp in the kernel or preloaded.  You should not kldload or kldunload agp.

hw.ata.atapi_dma=1
agp.ko_load=YES
snd_ich.ko_load=YES
radeon.ko_load=YES
This is just a sample of my /boot/loader.conf file.  You see I have the 
radeon and agp drivers preloaded.

3.The current version of dri in the kernel is outdated and does not have 
accellerated drivers that work.  I think they will be updated after the 
release of 5.3 when the new xorg sever is put into ports.  You can use 
dri without x, but no one does.  Dri is its own project and a part of x, 
but in FreeBSD dri is part of the base system since it has drivers(I 
think this is why).  So this means no loading dri modules in the 
xorg.conf file, and no hardware accellerated 3d for you until the 
update.  Before you mention it, I do know you have the RV280 and not the 
R200 like me.  The RV280 is a modifed R200 and does use the same driver.

I also noticed you have 2 radeons in the pciscan.  I have a tripple head 
8500(svideo, vga, dvi) and I only have 1 radeon show up.  Do you have 2 
cards(it looks like 1 card, could this be a dual head side effect? could 
I get a dmesg on this)?  What settings have you changed to get this to 
happen or is it deafult?

Finally, if you do all I said you should have a working x and system.  
Right now I can get 25-30 fps in glxgears fullscreen.  When the new 
drivers are here that number should be more like 2500-3000(or was there 
another zero?).  If you need any

Re: Apache Installation

2004-09-17 Thread mailing lists at MacTutor

This is valid advice. However, since you say your are new to FreeBSD 
(and, perhaps, *nix?), I would break the process down like this. Use a 
terminal (xterm) to do run these commands. Otherwise, excuse the 
simplicity. I'll assume you're using sudo for root privilege.

1. It's easiest to use the ports tree (/usr/ports). Apache is in the 
www directory under /usr/ports. So, go there.

cd /usr/ports/www
There are a few versions you could install when it comes to Apache. You 
can see them with

ls -d apache*
'apache13' is the most straight forward to start with. So, go into this 
directory,

cd apache13
2. Fetch, extract, and compile. Check the Makefile for things you can 
modify to your needs.

more Makefile
Look for defined(...) or !defined(...). For example,
.if (!defined(WITHOUT_APACHE_EXPAT)...
In the case of Apache 1.3.x you can specify -DWITHOUT_APACHE_EXPAT. 
If you're unsure about this, then forget about it. Just compile and 
install. Or extract,

sudo make extract
which will usually tell you what you can modify on the command line. 
Otherwise,

sudo make
You can do the make and install in one line.
sudo make install
If your were to exclude expat support, then you would use this
sudo make -DWITHOUT_APACHE_EXPAT
sudo make install
or
sudo make -DWITHOUT_APACHE_EXPAT install
You can remove the installation and start over by running
sudo make deinstall
and
sudo rm -rf ./work
where ./ assumes you are already in /usr/ports/www/apache13/. This gets 
rid of the work directory that 'make extract' created.

You don't have to do it like this all the time. But once you're 
familiar with the basic process, you will discover your own refined 
process.

Good luck,
Alex

On Sep 17, 2004, at 3:09 PM, Hugo Silva wrote:
Hey,
It's very simple!
Assuming you have an updated ports tree, just do this as root:
cd /usr/ports/www/apache13
make install clean

Hey
I am a novice at FreeBSD!  I want to install apache v 1.3.28 in my 
FreeBSD
5.21.

Can u guys help me?  How to proceed?
-macuser

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]

--
www.6s-gaming.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to 
[EMAIL PROTECTED]


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 Alexander Sendzimir (owner)802 863 5502
 MacTutor: Apple Mac OS X Consulting   [EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

couldn't map memory

2004-09-17 Thread Richard Lynch

Richard Lynch wrote:
 I have installed FreeBSD 5.2.1 on a Dell Insprion 700 m, dual boot with
 the existing XP Home Edition (blech).

 Have begun posting my experience at
 http://phpbootcamp.com/articles/inspiron700m.htm

 The built-in LAN NIC is a Broadcom 440x.

 It works well enough under Windows to send this message. :-^

An update, and re-title, since I've moved quite a bit forward.

I'm also cc-ing -mobile, to which I'm not even subscribed at this time,
cuz I can only keep up with so many lists...  Hope that's not too rude.

I disabled bfe in my GENERIC kernel and re-built that, so I could hack the
BFE source and try it as a module without a 20-minute re-build and
re-boot.

So I do make; make install: in /usr/src/sys/modules/bfe and then
kldload /boot/kernel/if_bfe.ko which seems to work -- at least well
enough to print out my debugging statements, or when I'm particularly
stupid, page fault and crash the machine.

I added the device_id as a constant in the BFE header:
--- /usr/src/sys/dev/bfe/if_bfereg.h ---
#define BCOM_DEVICEID_BCM4401_B0   0x170c

I added the device id to the array of known BFE devices:
--- /usr/src/sys/dev/bfe/if_bfe.c ---
static struct bfe_type bfe_devs[] = {
{ BCOM_VENDORID, BCOM_DEVICEID_BCM4401,
Broadcom BCM4401 Fast Ethernet },
{ BCOM_VENDORID, BCOM_DEVICEID_BCM4401_B0,
Broadcom BCM4401-B0 Fast Ethernet },
{ 0, 0, NULL }
};

I added an id to the MII headers, even thought it's the same:
--- /usr/src/sys/dev/mii/miidevs ---
model BROADCOM BCM4401  0x0036 BCM4401 10/100baseTX PHY
/* Michael Chan of Broadcom was kind enough to email me that 0x36 is right */
model BROADCOM BCM4401_B0   0x0036 BCM4401-B0 10/100baseTX PHY

The bfe_attach function which is getting registered with the Device as a
callback is being called, and eventually reaches the line where it
attempts to do:
sc-bfe_res = bus_alloc_resource(dev, SYS_RES_MEMORY, rid, 0, ~0, 1,
RF_ACTIVE);

It is at this point that it is then printing out Could not map memory

Now, I had already tried setting hints for maddr and msize to the values
being used by Windows, in the hope that they would also be good numbers
for FreeBSD.

However, one thing I'm not sure of -- Do those hints affect a Module, or
would they only apply to something built in to the kernel?

Perhaps now that I've gotten the device recognized I should move back to
using the kernel re-build with bfe enabled again.

What other ways, short of hacking the source, can be used to provide good
numbers for memory to bus_alloc_resource?

And what magical incantations would allow me to find good numbers, as with
2 GIG of RAM, I suspect it could be a lonnng time before I stumbled on
good numbers by just guessing.

The is the output of kldload /boot/kernel/if_bfe.ko with the above
alterations applied.

Not quite sure why cbb0 and fwohci0 are getting in the picture... Perhaps
the mere attempt to query their PCI vendor_id and device_id causes them to
attempt to re-initialize?...

Sep 17 00:31:09  kernel: cbb0: PCI-CardBus Bridge at device 4.0 on pci2
Sep 17 00:31:09  kernel: cbb0: pccbb.c Could not grab register memory
Sep 17 00:31:09  kernel: device_probe_and_attach: cbb0 attach returned 12
Sep 17 00:31:09  kernel: cbb0: PCI-CardBus Bridge at device 4.1 on pci2
Sep 17 00:31:09  kernel: cbb0: pccbb.c Could not grab register memory
Sep 17 00:31:09  kernel: device_probe_and_attach: cbb0 attach returned 12
Sep 17 00:31:09  kernel: fwohci0: vendor=104c, dev=802e
Sep 17 00:31:09  kernel: fwohci0: 1394 Open Host Controller Interface
mem 0xe020-0xe0203fff,0xe0209000-0xe02097ff irq 10 at device 4.2 on
pci2
Sep 17 00:31:09  kernel: fwohci0: Could not map memory
Sep 17 00:31:09  kernel: device_probe_and_attach: fwohci0 attach returned 6
Sep 17 00:31:09  kernel: sc-bfe_miibus is NULL.
Sep 17 00:31:09  kernel: bfe0: Broadcom BCM4401-B0 Fast Ethernet mem
0xe0206000-0xe0207fff irq 10 at device 5.0 on pci2
Sep 17 00:31:09  kernel: bfe0: couldn't map memory
Sep 17 00:31:09  kernel: device_probe_and_attach: bfe0 attach returned 6

-- 
Like Music?
http://l-i-e.com/artists.htm

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: weird problem following 4.10-STABLE build....

2004-09-17 Thread Warren Block

On Fri, 17 Sep 2004, John Von Essen wrote:
After upgrading to 4.10-STABLE I have noticed some weird issues with email. 
My remote clients are unable to connect to the mail server, even though they 
can access websites on it. Since they arent even getting to the server, the 
logs show nothing. At first I suspected networking issues. I checked 
everything and there dont seem to be any problems. The only thing I changed 
when doing the upgrade was I increased kern.maxfiles to 12288. Also, my top 
level ISP does not delegate reverse authority. So the mail server ip reverses 
to something else when outside my network.
Did you 'cd /etc/mail  make all install restart' to rebuild and 
reinstall your sendmail config files?

-Warren Block * Rapid City, South Dakota USA
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Apache Installation

2004-09-17 Thread Kevin D. Kinsey, DaleCo, S.P.

digish reshamwala wrote:
Hey
I am a novice at FreeBSD!  I want to install apache v 1.3.28 in my FreeBSD 
5.21.

Can u guys help me?  How to proceed?
-macuser
 

I see another post in which someone has taken great pains
to explain a lot.
In a nutshell, though, it's this:
***
1.  Make sure you're connected to the Internet.
2.  Make sure you have superuser privileges (su to root).
3.  Then:
#cd /usr/ports/www/apache13
#make install clean
***
See the Handbook chapter on installing 3rd party software.
Kevin Kinsey
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

HTT on 4.10 not working

2004-09-17 Thread robg

Hi:

Could someone tell me how to get hyperthreading on 4.10 working
correctly? I have a P4 2.8GHz w/ HT enabled and `dmesg` shows:

CPU: Intel(R) Pentium(R) 4 CPU 2.80GHz (2795.24-MHz 686-class CPU)
  Origin = GenuineIntel  Id = 0xf33  Stepping = 3
  
Features=0xbfebfbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE
  Hyperthreading: 2 logical CPUs
real memory  = 1065287680 (1040320K bytes)
avail memory = 1031405568 (1007232K bytes)
Preloaded elf kernel kernel at 0xc0556000.
Warning: Pentium 4 CPU: PSE disabled
Pentium Pro MTRR support enabled


but running `top` shows

last pid:  7301;  load averages:  0.00,  0.00,  0.00  
  
up 0+21:36:00  20:01:56
22 processes:  2 running, 20 sleeping
CPU states:  0.8% user,  0.0% nice,  2.0% system,  0.0% interrupt, 97.3% idle
Mem: 107M Active, 533M Inact, 91M Wired, 34M Cache, 111M Buf, 229M Free
Swap: 2048M Total, 2048M Free

  PID USERNAME PRI NICE  SIZERES STATETIME   WCPUCPU COMMAND
 7096 hlds  10   0 62508K 56596K RUN  2:15  1.07%  1.07% hlds_i686


so I don't think its being used, could someone tell me how to get it
working in 4.10?

Thank you

-- 
robg
[EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Ports config location

2004-09-17 Thread Skylar Thompson

I'm having some trouble with deleting an old ports configuration file. I'm
trying to build the new PHP 4.3.8 (with the new modular config setup), and
made a mistake in setting it up. I want to be able to pull up the
curses-based config screen, but not even deleting the entire ports tree and
pulling it down again solves that; I get the some setup every time, and it
proceeds with the build without prompting me. How do I get it to prompt me
again for configuration? 

-- 
-- Skylar Thompson ([EMAIL PROTECTED])
-- http://www.cs.earlham.edu/~skylar/


pgphidh4NYdv7.pgp
Description: PGP signature

Re: Ports config location