mini-itx posting.
Greetings, I want to post some info on a mini-itx mobo I bought, so other users can benefit from that. can I post that to freebsd-questions@ ? If not what's the right list ? ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mini-itx posting.
borg wrote: Greetings, I want to post some info on a mini-itx mobo I bought, so other users can benefit from that. can I post that to freebsd-questions@ ? If not what's the right list ? My guess is it probably would be better to post to -hardware. http://lists.freebsd.org/mailman/listinfo/freebsd-hardware Good luck with the mini-itx. I plan on getting one in the very near future - ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Out of Office AutoReply: Mail Delivery (failure turner@usq.edu.au)
Thank you for your email. I will be off campus for the period 13 to 17 September 2004, inclusive. All urgent enquiries should be directed to Sheree Schott, Office Manager on (07) 4631 1759. Derek Turner Corporate Records Manager ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Sound problem, help.
hello Everyone, Well, i dunt know if this is a strange problem, or only strange for me. Im on FreeBSD 5.1R, with kde3.3, i have read the handbook about enabling the sound support, and it says for 5.x systems we need to compile the kernel with options sound..! when i do try that it gives me error that (sound) is not regonized! so i recompiled with options pcm! cdcontrol comand works from command line, and when i startx my kde, there is NO sound and it gives me an error says aRts controll error, or aRts server error. and it had to restart. do i need to add any more lines to my kernel? Why sound not working under KDE? any hint please? this is the sound output from pciconf [EMAIL PROTECTED]:31:5: class=0x040100 card=0x32dd4005 chip=0x24458086 rev=0x12 hdr=0x00 vendor = 'Intel Corporation' device = '82801BA/BAM (ICH2/ICH2-M) AC'97 Audio Controller' class= multimedia subclass = audio Thanks much in advance. marwan _ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
extensible thumbnail viewer
Hello! I am looking for a highly customizable and extensible thumbnail viewer; let me describe it as a kind of emacs with thumbnail viewer enbedded. I like to extend emacs so that it enables me to use it as a file manager. I write functions using emacs lisp so that I can execute arbitrary commands and shell scripts on files from within emacs' dired mode. Now, emacs does not seem to me to be great at working on large amounts of photos this way, because a thumbnail does still give more information on a photo than a filename gives information on a textfiles' content. Can anybody recommend me a photo manager and thumbnail viewer that is as customizable and extensible as emacs? Any hints greatly appreciated. Gabriel ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sound problem, help.
[...] so i recompiled with options pcm! I trust that this is *device* pcm you are referring to... [...] when i startx my kde, there is NO sound and it gives me an error says aRts controll error, or aRts server error. Could you please post the entire and exact error message(s) you are getting? Also, what happens if you try to run artsd from a shell? Sincerely, -Jan Christian Meyer ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
linprocfs
I have a application that runs under linux emulation, its a server manager for battlefield vietnam, basically it monitors the game server process and sends commands etc. The game server runs without a problem, the server monitor runs ok however when i start the game server from the remote manager the server manager looses connection to the game server. It appears to think that the game server has crashed, even thou it hasnt. The remote manager then has no more control over the game server. whilst the game server happily carries on loading Ive done some research into this and im pretty sure its happeneing becuase the server montior is looking for a file called /proc/pid/exe this file sits happily under /compat/linux/proc/pid/exe the server manager cant find the file so it thinks the game server has died. The folder /proc/pid does exsit and ive read that the exe file in /compat/linux/pid is the same as /proc/pid/file but I cant confirm this. Can anybody help ? Thanks _ Stay in touch with absent friends - get MSN Messenger http://www.msn.co.uk/messenger ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Prism2.5 firmware
Hello if you have FBSD 5.x, read this http://lists.freebsd.org/pipermail/freebsd-current/2004-May/027476.html for firmware update - for windows - download this file and run the .exe file http://bsd.mikulas.com/wifi/Fw_1.7.4.tgz Jiri Vince Hoffman wrote: Hi all, I've been wondering why I cant seem to get more than approx 180k(bytes)/sec from my freebsd server with a netgear MA311 pci card in hostap. After some googling After some googling the evidence seems to point at me having rather ancient firmware. (23:46:36 ~) 0 # dmesg |grep wi0 wi0: Intersil Prism2.5 mem 0x4050-0x40500fff irq 5 at device 4.0 on pci2 wi0: 802.11 address: 00:09:5b:11:fa:39 wi0: using RF:PRISM2.5 MAC:ISL3874A(Mini-PCI) wi0: Intersil Firmware: Primary (1.0.7), Station (1.3.6) wi0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps (the relevant line from ifconfig being media: IEEE 802.11 Wireless Ethernet DS/11Mbps hostap (DS/2Mbps hostap) Since Netgear dont seem to supply an updated firmware, has anyone any suggestions where i could get one, and if so is there any way to update it under FreeBSD ? or do i need to take down my server and put the card in my windows machine to update ? Any suggestions welcome. Thanks, Vince ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
freebsd.org.kz
HI. I searched for information sendmail+cyrus-sasl. http://www.andex.ru has found the page: morihaos.rootshell.ru/bsd/mailgate2.html. Instead of the document is opened page: http://freebsd.org.kz/no_MSIE/ is Used domain name freebsd.org.kz. There is place of the disgrace In internet? possible this page there to contribute? Excuse me for bad english. = sendmail+cyrus-sasl. http://www.andex.ru : morihaos.rootshell.ru/bsd/mailgate2.html . : http://freebsd.org.kz/no_MSIE/ freebsd.org.kz. ? ? . -- , Olga Goncharovamailto:[EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
XFree86-libraries-4.4.0_1 (xpm)
Hi list, i am having difficulties in installing the XFree86-libraries-4.4.0_1 port on FreeBSD-4.10: aragorn# make === XFree86-libraries-4.4.0_1 has known vulnerabilities: xpm --- image decoding vulnerabilities. Reference: http://www.FreeBSD.org/ports/portaudit/ef253f8b-0727-11d9-b45d-000c41e2cdad.html Please update your ports tree and try again. *** Error code 1 So I updated the ports tree via cvsup and checked the version of the Makefile which is 1.143, the latest one. Also the patch-xpm-sec.patch4 file is included in the files/ dir. Everything seems to be up to date. What I am doing wrong? Thanks for any help! -- Stephan A. Rickauer Institut für Neuroinformatik IT-Koordinator Universität / ETH Zürich Winterthurerstr. 190 CH-8057 Zürich Tel: +41 1 635 30 50 Sek: +41 1 635 30 52 Fax: +41 1 635 30 53 http://www.ini.unizh.ch [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Prism2.5 firmware
Hi, Looks good, i'll have a go when i get home. Thanks very much, Vince On Fri, 17 Sep 2004, Jiri Mikulas wrote: Hello if you have FBSD 5.x, read this http://lists.freebsd.org/pipermail/freebsd-current/2004-May/027476.html for firmware update - for windows - download this file and run the .exe file http://bsd.mikulas.com/wifi/Fw_1.7.4.tgz Jiri Vince Hoffman wrote: Hi all, I've been wondering why I cant seem to get more than approx 180k(bytes)/sec from my freebsd server with a netgear MA311 pci card in hostap. After some googling After some googling the evidence seems to point at me having rather ancient firmware. (23:46:36 ~) 0 # dmesg |grep wi0 wi0: Intersil Prism2.5 mem 0x4050-0x40500fff irq 5 at device 4.0 on pci2 wi0: 802.11 address: 00:09:5b:11:fa:39 wi0: using RF:PRISM2.5 MAC:ISL3874A(Mini-PCI) wi0: Intersil Firmware: Primary (1.0.7), Station (1.3.6) wi0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps (the relevant line from ifconfig being media: IEEE 802.11 Wireless Ethernet DS/11Mbps hostap (DS/2Mbps hostap) Since Netgear dont seem to supply an updated firmware, has anyone any suggestions where i could get one, and if so is there any way to update it under FreeBSD ? or do i need to take down my server and put the card in my windows machine to update ? Any suggestions welcome. Thanks, Vince ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: nforce2 vs. apic
on 16.09.2004 23:35 yuri van Overmeeren said the following: ... You could check the abit site and update/flash the mainboard with the latest bios. but I'm not sure about the 'official' fixed status of the nf7 and nf7 V2.0. Btw when flashing the bios make sure you get the correct bios, you can check your board to see if you have a normal NF7 or NF7 v2.0. flashing it with the wrong bios means bye bye bios. this is the next thing on my list, thanks -I suggest chipmakers make a new standard for something and call it 'apci', just to keep things clear...- the more the merrier -- Andriy Gapon ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Which Laser Printer for FreeBSD
Hi all, I'm planning to buy a new printer, because the results with my Canon S500 are total crap. I guess a laser printer is the best choice for Unix, and I'm wondering which one I should buy. I thought about the HP Laserjet 6L or something in this category. Any advice? Thanks! Martin ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: nforce2 vs. apic
on 17.09.2004 00:18 Vulpes Velox said the following: I own a Abit NF7 Yeah... I remember this. A bit... I remember having to tweak it a bit to get it to play nicely. IIRC 5.2.1 does not have apic in by defualt? I may just haved removed it... I forget now, but any ways. Before trying apic, make sure your kernel has it. If your kernel does not, go into the setup screen and turn it off. I never had any ACPI problems with it and that has all ways worked well, minus a warning about a odd character or the like in it at startup. I have also never had any ACPI problems, and everything is fine if APIC is disabled either in BIOS or in kernel, but when it is enabled in both the system freezes. So far my only complaint with it has been the onboard vr ethernet chip appears to suck compared to the dc pci card I have been using. Not taken the time to sort that out yet. Appears some what slow under heavy load. Think that has to do with a problem with device polling for that chipset. Btw, to be precise I have NF7-S and I use network driver from ports/net/nvnet, works fine for me, although I never did any performance benchmarking. -- Andriy Gapon ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Which Laser Printer for FreeBSD
Hi Martin, I'm planning to buy a new printer, because the results with my Canon S500 are total crap. I guess a laser printer is the best choice for Unix, and I'm wondering which one I should buy. if possible, take a printer with native postscript. That'll make things much easier. -volker ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Which Laser Printer for FreeBSD
On Fri, 17 Sep 2004, Martin Moeller wrote: I'm planning to buy a new printer, because the results with my Canon S500 are total crap. I guess a laser printer is the best choice for Unix, and I'm wondering which one I should buy. I thought about the HP Laserjet 6L or something in this category. Any advice? The two HP LaserJets I've had were both excellent - no problems at all, good results, easy to set up. I'd recommend getting the JetDirect card, because that lets the printer be its own print server and also provides native PostScript support. It also supports AppleTalk directly, if that matters. -- Chris Hill [EMAIL PROTECTED] ** [ Busy Expunging | ] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd.org.kz
fox [EMAIL PROTECTED] wrote: HI. I searched for information sendmail+cyrus-sasl. http://www.andex.ru has found the page: morihaos.rootshell.ru/bsd/mailgate2.html. Instead of the document is opened page: http://freebsd.org.kz/no_MSIE/ is Used domain name freebsd.org.kz. There is place of the disgrace In internet? possible this page there to contribute? freebsd.org.kz is not an official mirror of FreeBSD. Official mirrors have the form www.lang.FreeBSD.org (i.e. www.kz.freebsd.org) You could try contacting [EMAIL PROTECTED] or [EMAIL PROTECTED] with your complaint. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
VOIP
Dear Sir/Madam We are an import/export timber company in Australia who has many sites and suppliers around the world. Most important is our office and suppliers in P.N.G, we are looking to setup a VOIP server here in Australia to Manage and be in constant communication with our site and our suppliers in P.N.G. And is all goes well use this server to expand the technology so it can be available to other businesses/homes in P.N.G. Any information you can provide would be most appreciated. Thank you for your time Kind Regards Will Mussett ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
options NO_LKM?
I have seen that NO_LKM option has been removed (a long time ago ) from supported options in kernel config file. I want to disable kernel module loading in my system. Is there a way for that? --- Omer Faruk Sen http://www.EnderUNIX.ORG Software Development Team @ Turkey http://www.Faruk.NET For Public key: http://www.enderunix.org/ofsen/ofsen.asc First Turkish FreeBSD book is out! Go check it. Duydunuz mu! Turkiye'nin ilk FreeBSD kitabi cikti. http://www.acikkod.com/freebsd.php ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: VOIP
Peter Mussett [EMAIL PROTECTED] wrote: Dear Sir/Madam We are an import/export timber company in Australia who has many sites and suppliers around the world. Most important is our office and suppliers in P.N.G, we are looking to setup a VOIP server here in Australia to Manage and be in constant communication with our site and our suppliers in P.N.G. And is all goes well use this server to expand the technology so it can be available to other businesses/homes in P.N.G. Any information you can provide would be most appreciated. http://www.asterisk.org -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mini-itx posting.
If would be fine by me if you posted it here. I'm very interested in getting one of these boxes, I would like to hear the experience of others. regards, Robert On Thu, 16 Sep 2004 23:30:58 -0700 (PDT) borg [EMAIL PROTECTED] wrote: Greetings, I want to post some info on a mini-itx mobo I bought, so other users can benefit from that. can I post that to freebsd-questions@ ? If not what's the right list ? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mini-itx posting.
Robert Storey [EMAIL PROTECTED] wrote: If would be fine by me if you posted it here. I'm very interested in getting one of these boxes, I would like to hear the experience of others. regards, Robert On Thu, 16 Sep 2004 23:30:58 -0700 (PDT) borg [EMAIL PROTECTED] wrote: Greetings, I want to post some info on a mini-itx mobo I bought, so other users can benefit from that. can I post that to freebsd-questions@ ? If not what's the right list ? I don't think anyone would object to such a posting, however, if the information is extensive, it would be a good idea to post it on a web site somewhere, and simply post a link to the mailing list. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mini-itx posting.
Bill Moran wrote: On Thu, 16 Sep 2004 23:30:58 -0700 (PDT) borg [EMAIL PROTECTED] wrote: Greetings, I want to post some info on a mini-itx mobo I bought, so other users can benefit from that. can I post that to freebsd-questions@ ? If not what's the right list ? I don't think anyone would object to such a posting, however, if the information is extensive, it would be a good idea to post it on a web site somewhere, and simply post a link to the mailing list. And, IIRC, someone around here (not official Project though) has a pretty good site set up for evaluating the fitness and performance or motherboards for use with FreeBSD. Maybe search the archives, or Google ... it would definitely be good to get stuff like this into some www databases ... My $.02, Kevin Kinsey ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Which Laser Printer for FreeBSD
Chris Hill writes: I thought about the HP Laserjet 6L or something in this category. Any advice? The two HP LaserJets I've had were both excellent - no problems at all, good results, easy to set up. The LaserJet series have an excellent and long-standing record for reliability; there are LJ IIs out there merrily chugging away. (I don't know about the various x000 series, but I would assume they haven't lost the touch.) I'll second the recommendation to get something with native PostScript; and maje sure whatever you get has the ability to add generic memory. Robert Huff happy owner of a LJ 6MP upgraded with 16 MB of 30-pin SIMM ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Crontab file (root user)
Hi all, I'm wondering where the crontab is located for the root user. I know there is the system crontab in /etc, however doing a #crontab -e when su'd to root, it comes up with a different crontab. Is there a file on the system that actually contains the root users crontab entries? Tks. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Crontab file (root user)
On Fri, 17 Sep 2004 09:36:01 -0400 (EDT), Steve Bertrand [EMAIL PROTECTED] wrote: Hi all, I'm wondering where the crontab is located for the root user. I know there is the system crontab in /etc, however doing a #crontab -e when su'd to root, it comes up with a different crontab. Is there a file on the system that actually contains the root users crontab entries? In /var/cron/tabs you have a file named root for root crontab. -- Renato Botelho ICQ: 54596223 AIM: RBGargaBR ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: options NO_LKM?
Omer Faruk Sen wrote: I have seen that NO_LKM option has been removed (a long time ago ) from supported options in kernel config file. I want to disable kernel module loading in my system. Is there a way for that? You can do that with securelevels: see man securelevel 1 Secure mode - the system immutable and system append-only flags may not be turned off; disks for mounted file systems, /dev/mem, and /dev/kmem may not be opened for writing; kernel modules (see kld(4)) may not be loaded or unloaded. Michael ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Crontab file (root user)
On Fri, 17 Sep 2004 09:36:01 -0400 (EDT), Steve Bertrand [EMAIL PROTECTED] wrote: Hi all, I'm wondering where the crontab is located for the root user. I know there is the system crontab in /etc, however doing a #crontab -e when su'd to root, it comes up with a different crontab. Is there a file on the system that actually contains the root users crontab entries? In /var/cron/tabs you have a file named root for root crontab. Indeed...thanks greatly! Steve -- Renato Botelho ICQ: 54596223 AIM: RBGargaBR ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Bandwithd and recovery from logs
Hi, I use freebsd 4.10 and bandwithd 1.2.1b installed from ports. Bandwithd works fine with default configuration. When I configure 'recover_cdf true' option and run bandwithd, it don't work. Does anybody use success this option? Tin __REKLAMA___ LAST MINUTE do celho svta - INVIA.CZ! http://www.mixer.cz/redirect.phtml?sig=LASTMINUTE ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Which Laser Printer for FreeBSD
On Fri, 17 Sep 2004, Martin Moeller wrote: I'm planning to buy a new printer, because the results with my Canon S500 are total crap. I guess a laser printer is the best choice for Unix, and I'm wondering which one I should buy. I thought about the HP Laserjet 6L or something in this category. Avoid the 5L and 6L, as they have failure-prone paper feeds. Newer versions of this top feed printer may share the same problem. Used 4/4M/4M+ or 5/5M/5M+ series can be found inexpensively; the M models (for Mac) have Adobe PostScript. The LaserJet 4000/4050 is a very nice printer, as is the LaserJet 5000 if you need 11x17. Both have a non-Adobe PostScript clone which works pretty well. Internal JetDirect cards are cheap for the 4/5 series, more expensive for 4000/5000, but very convenient. Having PostScript in the printer makes setup easier, and makes printing faster in some cases. If the printer is PCL only, Ghostscript is used as a filter, rendering PostScript jobs into PCL. Sometimes this method has speed advantages, also. -Warren Block * Rapid City, South Dakota USA ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
SATA under 4.10
The hardware notes aren't too clear on this, but does anyone know the model of card I would have to buy to make SATA work under 4.10? I think the hardware notes refer to chipsets, and I don't know of the correlations. -Dan -- When I'm lost, and confused, and trying to make a U-turn, nothing annoys me more than someone telling me to watch out for the tombstone! How often does that happen, Fab? -David Feld Tom Fabry, sometime in High School. Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ATI AGP card and Xorg
Robert Storey said: Sorry John, I apologize for not reading all the to the bottom of your post. No problem; I appreciate your reply as well as any help I can get. Just mentioned that the information was already in the post so I didn't have to type it out again. ;) But please don't forget to include the poster as a CC: when you reply, if at all possible. The only other thing I'd suggest is playing with xvidtune. I had to do this to get my screen to center properly. The frustrating thing with xvidtune is that it doesn't automatically save the adjustments you make - you have to manually edit xorg.conf - but at least it makes it relatively easy to find the right settings. In my experience thus far, it seems you always need to tweak xorg.conf after its creation anyway, regardless of what tool is used to create it. Unfortunately, I've not once yet run an X-config tool and been able to use that config file as-is on any system. BTW, perhaps this is a dumb question, but in skimming the xvidtune man pages, I saw it mentioned that it's a client interface to XFree86... is this because the man page was written pre-Xorg and hasn't been updated, or will it work only with XFree86? I will say that FreeBSD really could use a better configuration utility for X, though I realize that the developers have their hands full just trying to get 5.3 out the door. Amen. IMHO, this would be a huge step toward the perception of usability for people like me who aren't afraid to get their hands a bit dirty yet aren't quite gurus. regards, Robert On Thu, 16 Sep 2004 21:12:48 -0400 John DeStefano [EMAIL PROTECTED] wrote: Thanks Robert... but I did try 'vesa' before posting (2nd 3rd paras from bottom of my post below). I'm sure either 'raden' or 'ati' are the way to go, I just can't seem to get either one to work. I also read through the entire README.ati, and found it a bit of a frustrating read when trying to look for answers on 'radeon' drivers for my card... not much relevent info there for the end-user. Thanks, ~John ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Too many dynamic rules, sorry
Micheal Patterson wrote: . - Original Message - From: Norm Vilmer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 16, 2004 11:57 PM Subject: Too many dynamic rules, sorry If I repeatedly nmap my FreeBSD 4.10 machine configured with ipfirewall, I get the message Too many dynamic rules, sorry. Doing a sysctl -a |grep ip.fw I can see the the net.inet.ip.fw.dyn_count has reached the max value of 8192 that I set. The net.inet.ip.fw.dyn_ack_lifetime is set to 300, so the dynamic rule count starts going down after about 5 minutes after the simulated attack. Questions: When this happens, if my firewall still fully operational, in other words can I safely ignore this message? Is there a way to fix this? The error Too many dynamic rules, sorry will cause the system to drop any packets that are covered by a keep-state entry. So, the firewall, while operational, is in a dead lock down state for any outbound traffic until the dynamic rules clear out. I'm hoping that you're checking the system with nmap from behind it, because if your outside the firewall, then you're keeping state in inbound traffic and that's bad. You only want keep-state from traffic leaving that system, not to it. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Thanks for your help. I was running nmap against my public or outside interface. This is my first FreeBSD firewall, so I am sure my rules are not optimal, however, the firewall appears to be doing what I want. I gathered these rules from a number of how-to's and postings on the web with only a partial understanding of what they actually do (yes, I know, problem # 1). Here are the rules that I have that keep-state on the outside interface: #For DNS add 01300 pass udp from ${oip} to any 53 keep-state # For NTP add 01400 pass udp from ${oip} to any 123 keep-state # For VPN add 01500 pass gre from any to any keep-state # For ICMP add 01600 pass icmp from any to any via ${oip} keep-state Do you think these are causing the problem? Norm Vilmer ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Highpoint RAID HPT374
Joshua Lewis wrote: I am looking to make a RAID MIRROR using my built in HPT374 raid controller on my ABIT AT7-MAX motherboard. I will be installing the OS, MySQL, BIND9, POSTFIX2, APACHE2, PHP4, and MONO. I realize I should use separate drives. I will when I have the money. So my questions are: one is there anything special I should keep in mind (like drivers that support this chip and so on) and two when I was creating the array in the BIOS utility it asked what block size I would like to use. Using RAID-1 mirroring of two partitions on a single drive doesn't make a lot of sense: it will greatly slow down performance without gaining any real improvement to reliability. What blocksize you should use depends somewhat upon the files you use, and is best determined by benchmarking your expected load using the data you have; that said, normally a small blocksize will work fine if you have lots of small files. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Too many dynamic rules, sorry
. - Original Message - From: Norm Vilmer [EMAIL PROTECTED] To: Micheal Patterson [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, September 17, 2004 9:41 AM Subject: Re: Too many dynamic rules, sorry Micheal Patterson wrote: . - Original Message - From: Norm Vilmer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 16, 2004 11:57 PM Subject: Too many dynamic rules, sorry If I repeatedly nmap my FreeBSD 4.10 machine configured with ipfirewall, I get the message Too many dynamic rules, sorry. Doing a sysctl -a |grep ip.fw I can see the the net.inet.ip.fw.dyn_count has reached the max value of 8192 that I set. The net.inet.ip.fw.dyn_ack_lifetime is set to 300, so the dynamic rule count starts going down after about 5 minutes after the simulated attack. Questions: When this happens, if my firewall still fully operational, in other words can I safely ignore this message? Is there a way to fix this? The error Too many dynamic rules, sorry will cause the system to drop any packets that are covered by a keep-state entry. So, the firewall, while operational, is in a dead lock down state for any outbound traffic until the dynamic rules clear out. I'm hoping that you're checking the system with nmap from behind it, because if your outside the firewall, then you're keeping state in inbound traffic and that's bad. You only want keep-state from traffic leaving that system, not to it. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Thanks for your help. I was running nmap against my public or outside interface. This is my first FreeBSD firewall, so I am sure my rules are not optimal, however, the firewall appears to be doing what I want. I gathered these rules from a number of how-to's and postings on the web with only a partial understanding of what they actually do (yes, I know, problem # 1). Here are the rules that I have that keep-state on the outside interface: #For DNS add 01300 pass udp from ${oip} to any 53 keep-state # For NTP add 01400 pass udp from ${oip} to any 123 keep-state # For VPN add 01500 pass gre from any to any keep-state # For ICMP add 01600 pass icmp from any to any via ${oip} keep-state Do you think these are causing the problem? Norm Vilmer I don't recall if you're running ipfilter or ipfw on that system. I don't know ipfilter well enough to assist yet, but with ipfw, if you have a check-state entry above your keep-states, that may reduce the amount of dynamic rule entries that you'll have. What the check-state does, is to check the dynamic list, if an entry already exists, it stops processing rules there. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Too many dynamic rules, sorry
Norm Vilmer wrote: Here are the rules that I have that keep-state on the outside interface: #For DNS add 01300 pass udp from ${oip} to any 53 keep-state # For NTP add 01400 pass udp from ${oip} to any 123 keep-state # For VPN add 01500 pass gre from any to any keep-state # For ICMP add 01600 pass icmp from any to any via ${oip} keep-state Do you think these are causing the problem? Aren't udp and icmp state-less protocols? In that case, keep-state would not make much sense. I use 'keep-state' only for tcp rules. I may be wrong, moreover, I haven't followed the full thread :). Rob. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ata1-slave: ATA identify retries exceeded
On Thu, Sep 16, 2004 at 05:55:27PM -0600, RYAN vAN GINNEKEN wrote: Keep getting this error in my dmesg ata1-slave: ATA identify retries exceeded this is for my cdrom drive and it is not working can someone give me some hints on how to trouble shoot. The jumpers are set right and i have replace the cable but still get the error. Here is the intire dmseg dump ata0: at 0x1f0 irq 14 on atapci0 ata1: at 0x170 irq 15 on atapci0 FreeBSD is at least seeing both controllers. ata1-slave: ATA identify retries exceeded ad0: 4120MB Maxtor 84320D4 [8930/15/63] at ata0-master UDMA33 ad2: 3832MB QUANTUM Bigfoot TX4.0AT [8306/15/63] at ata1-master UDMA33 How sure are you that the CDROM device is good? Have you tried it in a different machine? One thing to do would be to take that Quantum drive off the secondary controller and try the CDROM device alone on that channel as the master device. An incorrect cable or device setting might affect the CDROM. If that fails try the CDROM as the slave device on the primary channel. Test various combinations that will allow you to be certain that the problem is not the controller, cable, or a faulty device sharing the channel. If you get the same error no matter the configuration, then it's likely that the CDROM device is defective in some way. One other possibilty would be to boot the machine to a LiveCD such as Knoppix and see if that OS has a problem identifying the CDROM device. If so, then there may be a problem in the interaction between the FreeBSD driver and your particular device and/or hardware. My guess, though, is that there may be something wrong with the CDROM device itself. Good luck ... Nathan -- PGP Public Key: pgp.mit.edu:11371/pks/lookup?op=getsearch=0xD8527E49 pgpjxFF0bgEtQ.pgp Description: PGP signature
Re: Sound problem, help.
Hello Jan, Yes, sorry it was ofcourse device pcm, but what i wonder for is, its mention in handbook that it suppoze to be device sound...but sound it gives an error. and the error msg in KDE says: aRts control tool, (sorry- aRts had to restart) when i try to run the command artsd from shell, it just hang.! and the output of pciconf -v -l is [EMAIL PROTECTED]:31:5: class=0x040100 card=0x32dd4005 chip=0x24458086 rev=0x12 hdr=0x00 vendor = 'Intel Corporation' device = '82801BA/BAM (ICH2/ICH2-M) AC'97 Audio Controller' class= multimedia subclass = audio I really would appreciate it if you could help :( marwan [...] so i recompiled with options pcm! I trust that this is *device* pcm you are referring to... [...] when i startx my kde, there is NO sound and it gives me an error says aRts controll error, or aRts server error. Could you please post the entire and exact error message(s) you are getting? Also, what happens if you try to run artsd from a shell? Sincerely, -Jan Christian Meyer ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 3dnow, mmx, k6-2 optimizing?
Interesting. I just tried the settings you suggested, and it seems that -mcpu is depreciated for -mtune. ALWAYS check the documentation first. :-) Here's the details: http://gcc.gnu.org/onlinedocs/gcc-3.4.2/gcc/i386-and-x86_002d64-Options.html#i386-and-x86_002d64-Options Puna Puna Tannehill wrote: James Green wrote: Hi Puna, I had a k6-2 a few years back (before discovering BSD :) and did a lot of Linux From Scratch work on it. I found that passing -march=i586 -mcpu=i686 produced by far the best results for pretty much any C/C++ code. Of course the code produced will not run on anything but a k6-2, which as I understand it is a 686 core with 586 interface/timings, and likewise if memory serves specifying only -march=i586 or -march=i686 (implying -mcpu=i586 or -mcpu=i686 respectively) won't run on the k6-2 either. Definitely a trade off between speed and (total lack of) portablility. Again that was gcc-2.9x days... Interesting. Was there an option for -march=k6-2 at that time? Were the results based on a comparison of that setting and the ones you mention above? Do you happen to know if there is a particular benchmarking program that might be useful to testing different compiles in FreeBSD? I've also seen recommendations using '586/mmx' and 'k7', but it seems interesting that someone would create a 'k6-2' flag if there were not significant and benefitial optimizations that would be applied. Of course, whether anyone coded for that particular processor is probably extemely rare, so I can see how the -march -mcpu combination you suggested would probably be a better choice. Here are the relavent bits from dmesg (Compaq Presario 1692): CPU: AMD-K6(tm) 3D processor (432.98-MHz 586-class CPU) Origin = AuthenticAMD Id = 0x58c Stepping = 12 Features=0x8021bfFPU,VME,DE,PSE,TSC,MSR,MCE,CX8,PGE,MMX AMD Features=0x8800SYSCALL,3DNow! K6-family MTRR support enabled (2 registers) As far as ports such as Xorg/Xfree86, I am not entirely clear on CFLAGS inheritance, but AFAIK Xorg/Xfree don't gain much/anything from optimisation over than your usual -O2 and friends. I understand that this is down to whether they have been written to make use of these cpu functions/optimisations. On the other hand though, it is the specific applications that run under X, such as mplayer that tend to be written to make use of mmx, sse, 3dnow etc. because for graphics it makes a _big_ difference. Generally you find toggles in the Makefile to enable/force certain optimisation. Definitely worth looking at. According to the latest GCC, you can use -m3dnow -mmmx and it is of some benefit when comiling XF86 (and hopefully Xorg). I can't find the page offhand, but it was in the GCC Documentation, and I posted it in other responses of this same thread. I haven't been able to test it yet, as I'm still compiling Xorg as we speak. Puna On Mon, 2004-09-13 at 17:07, Puna Tannehill wrote: I've been looking for possible flags, optimizations, really anything that would help me setup my laptop to use mmx and 3dnow. I've updated /etc/make.conf to -march to the drum of a k6-2, but I'm not even sure if mmx and 3dnow are being taken into consideration for compiling and such, especially for Xorg. I did some googling and found people who used CFLAGS like -mmmx and -m3dnow, but when I run with those options, they fail and said to be invalid. they don't appear in 'man gcc' which should have been the first place i looked. I'm not finding anything in terms of compiling or configuring Xorg to use 3dnow or mmx, or even how to check to see if they are automatically detected and used. Any thoughts? Puna ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-mobile To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Too many dynamic rules, sorry
Micheal Patterson wrote: . - Original Message - From: Norm Vilmer [EMAIL PROTECTED] To: Micheal Patterson [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, September 17, 2004 9:41 AM Subject: Re: Too many dynamic rules, sorry Micheal Patterson wrote: . - Original Message - From: Norm Vilmer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 16, 2004 11:57 PM Subject: Too many dynamic rules, sorry If I repeatedly nmap my FreeBSD 4.10 machine configured with ipfirewall, I get the message Too many dynamic rules, sorry. Doing a sysctl -a |grep ip.fw I can see the the net.inet.ip.fw.dyn_count has reached the max value of 8192 that I set. The net.inet.ip.fw.dyn_ack_lifetime is set to 300, so the dynamic rule count starts going down after about 5 minutes after the simulated attack. Questions: When this happens, if my firewall still fully operational, in other words can I safely ignore this message? Is there a way to fix this? The error Too many dynamic rules, sorry will cause the system to drop any packets that are covered by a keep-state entry. So, the firewall, while operational, is in a dead lock down state for any outbound traffic until the dynamic rules clear out. I'm hoping that you're checking the system with nmap from behind it, because if your outside the firewall, then you're keeping state in inbound traffic and that's bad. You only want keep-state from traffic leaving that system, not to it. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Thanks for your help. I was running nmap against my public or outside interface. This is my first FreeBSD firewall, so I am sure my rules are not optimal, however, the firewall appears to be doing what I want. I gathered these rules from a number of how-to's and postings on the web with only a partial understanding of what they actually do (yes, I know, problem # 1). Here are the rules that I have that keep-state on the outside interface: #For DNS add 01300 pass udp from ${oip} to any 53 keep-state # For NTP add 01400 pass udp from ${oip} to any 123 keep-state # For VPN add 01500 pass gre from any to any keep-state # For ICMP add 01600 pass icmp from any to any via ${oip} keep-state Do you think these are causing the problem? Norm Vilmer I don't recall if you're running ipfilter or ipfw on that system. I don't know ipfilter well enough to assist yet, but with ipfw, if you have a check-state entry above your keep-states, that may reduce the amount of dynamic rule entries that you'll have. What the check-state does, is to check the dynamic list, if an entry already exists, it stops processing rules there. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I do have a check-state rule add 00200 check-state Norm Vilmer ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Too many dynamic rules, sorry
Rob [EMAIL PROTECTED] wrote: Norm Vilmer wrote: Here are the rules that I have that keep-state on the outside interface: #For DNS add 01300 pass udp from ${oip} to any 53 keep-state # For NTP add 01400 pass udp from ${oip} to any 123 keep-state # For VPN add 01500 pass gre from any to any keep-state # For ICMP add 01600 pass icmp from any to any via ${oip} keep-state Do you think these are causing the problem? Aren't udp and icmp state-less protocols? In that case, keep-state would not make much sense. I use 'keep-state' only for tcp rules. I may be wrong, moreover, I haven't followed the full thread :). You'll generally need to keep state on UDP when you play online games. If you're smart, you don't allow arbitrary UDP packets from the outside world into your network, but if you're playing Unreal or something, then all communication is via UDP, and you won't be able to play. The best solution is to allow all UDP traffic to _leave_, while keeping state. the keep-state remembers the ip/port information on the outgoing packets, and thus allows return packets to get back in (by matching the ip/port pair). Now, when you know the port, it doesn't really make sense to use keep-state, and all you're really doing is spamming your state tables. If you look in the /etc/rc.firewall that ships with FreeBSD, you'll see these rules (designed to handle running a DNS server): # Allow access to our DNS ${fwcmd} add pass tcp from any to ${oip} 53 setup ${fwcmd} add pass udp from any to ${oip} 53 ${fwcmd} add pass udp from ${oip} 53 to any Granted, it's three rules instead of 1, but it does not use your state tables unnecessarily (sp?) HTH. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Too many dynamic rules, sorry
- Original Message - From: Norm Vilmer [EMAIL PROTECTED] To: Micheal Patterson [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, September 17, 2004 10:30 AM Subject: Re: Too many dynamic rules, sorry snip I do have a check-state rule add 00200 check-state Norm Vilmer Ok. Then right above the check-state entry, place an allow ip from 123.123.123/24 to 123.123.123./24 Replace the ip's with the appropriate network/metric for your lan and that will allow lan traffic to go to itself unhindered by any stateful checks. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
XFree86-4 config issue
Hi, I installed FreeBSD 5.2.1 using by creating my own installation CD from the freeBSD5.2.1_disc1.iso image from the main ftp site for i386 system. Now, I am having trouble configuring XFree86-4, and: After building the X11 by using following commands- as root user # cd /usr/ports/x11/XFree86-4 # make install clean When I tried to configure it using: # XFree86 -configure It gives me following error message- (i.e the XFree86.0.log file exculding comments) Fatal Server error: xf86EnableIO: Failed to open /dev/io for extended io Please help me out to solve this problem thanks macuser ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Too many dynamic rules, sorry
You'll generally need to keep state on UDP when you play online games. If you're smart, you don't allow arbitrary UDP packets from the outside world into your network, but if you're playing Unreal or something, then all communication is via UDP, and you won't be able to play. The best solution is to allow all UDP traffic to _leave_, while keeping state. the keep-state remembers the ip/port information on the outgoing packets, and thus allows return packets to get back in (by matching the ip/port pair). Now, when you know the port, it doesn't really make sense to use keep-state, and all you're really doing is spamming your state tables. If you look in the /etc/rc.firewall that ships with FreeBSD, you'll see these rules (designed to handle running a DNS server): # Allow access to our DNS ${fwcmd} add pass tcp from any to ${oip} 53 setup ${fwcmd} add pass udp from any to ${oip} 53 ${fwcmd} add pass udp from ${oip} 53 to any Granted, it's three rules instead of 1, but it does not use your state tables unnecessarily (sp?) Unless you have above the #Allow access to our DNS rules- ${fwcmd} add pass udp from ${oip} to any keep-state to allow all UDP to leave. the first incoming packet to port 53 will match the stateless rule ${fwcmd} add pass udp from any to ${oip} 53 but the reply will create a dynamic rule because first match is ${fwcmd} add pass udp from ${oip} to any keep-state ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Too many dynamic rules, sorry
--- Bill Moran [EMAIL PROTECTED] wrote: Rob [EMAIL PROTECTED] wrote: Norm Vilmer wrote: Here are the rules that I have that keep-state on the outside interface: #For DNS add 01300 pass udp from ${oip} to any 53 keep-state # For NTP add 01400 pass udp from ${oip} to any 123 keep-state # For VPN add 01500 pass gre from any to any keep-state # For ICMP add 01600 pass icmp from any to any via ${oip} keep-state Do you think these are causing the problem? Aren't udp and icmp state-less protocols? In that case, keep-state would not make much sense. I use 'keep-state' only for tcp rules. I may be wrong, moreover, I haven't followed the full thread :). You'll generally need to keep state on UDP when you play online games. If you're smart, you don't allow arbitrary UDP packets from the outside world into your network, but if you're playing Unreal or something, then all communication is via UDP, and you won't be able to play. The best solution is to allow all UDP traffic to _leave_, while keeping state. the keep-state remembers the ip/port information on the outgoing packets, and thus allows return packets to get back in (by matching the ip/port pair). Now, when you know the port, it doesn't really make sense to use keep-state, and all you're really doing is spamming your state tables. If you look in the /etc/rc.firewall that ships with FreeBSD, you'll see these rules (designed to handle running a DNS server): # Allow access to our DNS ${fwcmd} add pass tcp from any to ${oip} 53 setup ${fwcmd} add pass udp from any to ${oip} 53 ${fwcmd} add pass udp from ${oip} 53 to any Granted, it's three rules instead of 1, but it does not use your state tables unnecessarily (sp?) HTH. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] __ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Too many dynamic rules, sorry
--- Bill Moran [EMAIL PROTECTED] wrote: Rob [EMAIL PROTECTED] wrote: Norm Vilmer wrote: Here are the rules that I have that keep-state on the outside interface: #For DNS add 01300 pass udp from ${oip} to any 53 keep-state # For NTP add 01400 pass udp from ${oip} to any 123 keep-state # For VPN add 01500 pass gre from any to any keep-state # For ICMP add 01600 pass icmp from any to any via ${oip} keep-state Do you think these are causing the problem? Aren't udp and icmp state-less protocols? In that case, keep-state would not make much sense. I use 'keep-state' only for tcp rules. I may be wrong, moreover, I haven't followed the full thread :). You'll generally need to keep state on UDP when you play online games. If you're smart, you don't allow arbitrary UDP packets from the outside world into your network, but if you're playing Unreal or something, then all communication is via UDP, and you won't be able to play. The best solution is to allow all UDP traffic to _leave_, while keeping state. the keep-state remembers the ip/port information on the outgoing packets, and thus allows return packets to get back in (by matching the ip/port pair). Now, when you know the port, it doesn't really make sense to use keep-state, and all you're really doing is spamming your state tables. If you look in the /etc/rc.firewall that ships with FreeBSD, you'll see these rules (designed to handle running a DNS server): # Allow access to our DNS ${fwcmd} add pass tcp from any to ${oip} 53 setup ${fwcmd} add pass udp from any to ${oip} 53 ${fwcmd} add pass udp from ${oip} 53 to any Granted, it's three rules instead of 1, but it does not use your state tables unnecessarily (sp?) HTH. Sorry, wasn't done with last message. Look at your dynamic table, if you are getting DoS'd, try using the limit option instead of keep-state or tweak the net.inet.ip.fw.dyn_(*)_lifetime to a level that suits your needs. Or, rewrite your rules removing the keep-state options. ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Too many dynamic rules, sorry
Micheal Patterson wrote: - Original Message - From: Norm Vilmer [EMAIL PROTECTED] To: Micheal Patterson [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, September 17, 2004 10:30 AM Subject: Re: Too many dynamic rules, sorry snip I do have a check-state rule add 00200 check-state Norm Vilmer Ok. Then right above the check-state entry, place an allow ip from 123.123.123/24 to 123.123.123./24 Replace the ip's with the appropriate network/metric for your lan and that will allow lan traffic to go to itself unhindered by any stateful checks. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. would this be the same? add 00200 allow all from any to any via ${iif} keep-state add 00210 check-state ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Too many dynamic rules, sorry
Bill Moran wrote: Rob [EMAIL PROTECTED] wrote: Norm Vilmer wrote: Here are the rules that I have that keep-state on the outside interface: #For DNS add 01300 pass udp from ${oip} to any 53 keep-state # For NTP add 01400 pass udp from ${oip} to any 123 keep-state # For VPN add 01500 pass gre from any to any keep-state # For ICMP add 01600 pass icmp from any to any via ${oip} keep-state Do you think these are causing the problem? Aren't udp and icmp state-less protocols? In that case, keep-state would not make much sense. I use 'keep-state' only for tcp rules. I may be wrong, moreover, I haven't followed the full thread :). You'll generally need to keep state on UDP when you play online games. If you're smart, you don't allow arbitrary UDP packets from the outside world into your network, but if you're playing Unreal or something, then all communication is via UDP, and you won't be able to play. The best solution is to allow all UDP traffic to _leave_, while keeping state. the keep-state remembers the ip/port information on the outgoing packets, and thus allows return packets to get back in (by matching the ip/port pair). Now, when you know the port, it doesn't really make sense to use keep-state, and all you're really doing is spamming your state tables. If you look in the /etc/rc.firewall that ships with FreeBSD, you'll see these rules (designed to handle running a DNS server): # Allow access to our DNS ${fwcmd} add pass tcp from any to ${oip} 53 setup ${fwcmd} add pass udp from any to ${oip} 53 ${fwcmd} add pass udp from ${oip} 53 to any Granted, it's three rules instead of 1, but it does not use your state tables unnecessarily (sp?) HTH. I'm not sure why, but using the above rules from the supplied rc.firewall causes nslookup to fail on all my machines inside the firewall. I am sure it must have something to do with the order. Also, I am not running a DNS, so I really only need the outbound rule (I think). I changed my rule to add 01300 pass udp from ${oip} to any 53 this seems to be working. So I also removed the keep state from the ICMP and NTP rules. I had thought that you needed the keep-state rule for ICMP if you wanted trace route to work correctly, but it behaves the same regardless. add 01400 pass udp from ${oip} to any 123 add 01600 pass icmp from any to any via ${oip} I left the keep state on the gre rule, well, because, I am afraid it may cause weirdness in the VPN connection. Norm Vilmer Norm ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How to get best results from FreeBSD-questions
How to get the best results from FreeBSD questions. === Last update $Date: 2003/03/09 22:09:31 $ This is a regular posting to the FreeBSD questions mailing list. If you got it in answer to a message you sent, it means that the sender thinks that at least one of the following things was wrong with your message: - You left out a subject line, or the subject line was not appropriate. - You formatted it in such a way that it was difficult to read. - You asked more than one unrelated question in one message. - You sent out a message with an incorrect date, time or time zone. - You sent out the same message more than once. - You sent an 'unsubscribe' message to FreeBSD-questions. If you have done any of these things, there is a good chance that you will get more than one copy of this message from different people. Read on, and your next message will be more successful. This document is also available on the web at http://www.lemis.com/questions.html. = Contents: I:Introduction II: How to unsubscribe from FreeBSD-questions III: Should I ask -questions, -newbies or -hackers? IV: How to submit a question to FreeBSD-questions V:How to answer a question to FreeBSD-questions I: Introduction === This is a regular posting aimed to help both those seeking advice from FreeBSD-questions (the newcomers), and also those who answer the questions (the hackers). Note that the term hacker has nothing to do with breaking into other people's computers. The correct term for the latter activity is cracker, but the popular press hasn't found out yet. The FreeBSD hackers disapprove strongly of cracking security, and have nothing to do with it. In the past, there has been some friction which stems from the different viewpoints of the two groups. The newcomers accused the hackers of being arrogant, stuck-up, and unhelpful, while the hackers accused the newcomers of being stupid, unable to read plain English, and expecting everything to be handed to them on a silver platter. Of course, there's an element of truth in both these claims, but for the most part these viewpoints come from a sense of frustration. In this document, I'd like to do something to relieve this frustration and help everybody get better results from FreeBSD-questions. In the following section, I recommend how to submit a question; after that, we'll look at how to answer one. II: How to unsubscribe from FreeBSD-questions == When you subscribed to FreeBSD-questions, you got a welcome message from [EMAIL PROTECTED] In this message, amongst other things, it told you how to unsubscribe. Here's a typical message: Welcome to the freebsd-questions mailing list! If you ever want to remove yourself from this mailing list, you can send mail to [EMAIL PROTECTED] with the following command in the body of your email message: unsubscribe freebsd-questions Greg Lehey [EMAIL PROTECTED] Here's the general information for the list you've subscribed to, in case you don't already have it: FREEBSD-QUESTIONS User questions This is the mailing list for questions about FreeBSD. You should not send how to questions to the technical lists unless you consider the question to be pretty technical. Normally, unsubscribing is even simpler than the message suggests: you don't need to specify your mail ID unless it is different from the one which you specified when you subscribed. If Majordomo replies and tells you (incorrectly) that you're not on the list, this may mean one of two things: 1. You have changed your mail ID since you subscribed. That's where keeping the original message from majordomo comes in handy. For example, the sample message above shows my mail ID as [EMAIL PROTECTED] Since then, I have changed it to [EMAIL PROTECTED] If I were to try to remove [EMAIL PROTECTED] from the list, it would fail: I would have to specify the name with which I joined. 2. You're subscribed to a mailing list which is subscribed to FreeBSD-questions. If that's the case, you'll have to figure out which one it is and get your name taken off that one. If you're not sure which one it might be, check the headers of the messages you receive from freebsd-questions: maybe there's a clue there. If you've done all this, and you still can't figure out what's going on, send a message to [EMAIL PROTECTED], and he will sort things out for you. Don't send a message to FreeBSD-questions: they can't help you. III: Should I ask -questions, -newbies or -hackers? === Two mailing lists handle general questions about FreeBSD, FreeBSD-questions and FreeBSD-hackers. In addition, the FreeBSD-newbies list caters
The Complete FreeBSD: errata and addenda
The trouble with books is that you can't update them the way you can a web page or any other online documentation. The result is that most leading edge computer books are out of date almost before they are printed. Unfortunately, The Complete FreeBSD, published by O'Reilly, is no exception. Inevitably, a number of bugs and changes have surfaced. The Complete FreeBSD has been through a total of five editions, including its predecessor Installing and Running FreeBSD. Two of these have been reprinted with corrections. I maintain a series of errata pages. Start at http://www.lemis.com/errata-4.html to find out how to get the errata information. Have you found a problem with the book, or maybe something confusing? Please let me know: I'm constantly updating it. Greg ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Too many dynamic rules, sorry
Dave McCammon wrote: --- Bill Moran [EMAIL PROTECTED] wrote: Rob [EMAIL PROTECTED] wrote: Norm Vilmer wrote: Here are the rules that I have that keep-state on the outside interface: #For DNS add 01300 pass udp from ${oip} to any 53 keep-state # For NTP add 01400 pass udp from ${oip} to any 123 keep-state # For VPN add 01500 pass gre from any to any keep-state # For ICMP add 01600 pass icmp from any to any via ${oip} keep-state Do you think these are causing the problem? Aren't udp and icmp state-less protocols? In that case, keep-state would not make much sense. I use 'keep-state' only for tcp rules. I may be wrong, moreover, I haven't followed the full thread :). You'll generally need to keep state on UDP when you play online games. If you're smart, you don't allow arbitrary UDP packets from the outside world into your network, but if you're playing Unreal or something, then all communication is via UDP, and you won't be able to play. The best solution is to allow all UDP traffic to _leave_, while keeping state. the keep-state remembers the ip/port information on the outgoing packets, and thus allows return packets to get back in (by matching the ip/port pair). Now, when you know the port, it doesn't really make sense to use keep-state, and all you're really doing is spamming your state tables. If you look in the /etc/rc.firewall that ships with FreeBSD, you'll see these rules (designed to handle running a DNS server): # Allow access to our DNS ${fwcmd} add pass tcp from any to ${oip} 53 setup ${fwcmd} add pass udp from any to ${oip} 53 ${fwcmd} add pass udp from ${oip} 53 to any Granted, it's three rules instead of 1, but it does not use your state tables unnecessarily (sp?) HTH. Sorry, wasn't done with last message. Look at your dynamic table, if you are getting DoS'd, try using the limit option instead of keep-state or tweak the net.inet.ip.fw.dyn_(*)_lifetime to a level that suits your needs. Or, rewrite your rules removing the keep-state options. ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I think I follow you. I am going to have to play around with the DNS rules supplied with rc.firewall to see if I can get them to work. Just putting them in as given, my machines inside the firewall can not do nslookup's. I am a little afraid to play with the net.inet.ip.fw.dyn_(*)_lifetime level, I have seen a number of posting where people increase the value, mine is set to 300 (default). I did remove keep-state from all my rules excpet the gre rule. I also set the net.inet.ip.fw.dyn_max to 8192 which helps. Maybe I need a good book on the subject. Any suggestions? Norm Vilmer ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: installation on CompaQ pro work 5000
Setting followup to [EMAIL PROTECTED] On Fri, 17 Sep 2004 [EMAIL PROTECTED] wrote: the freebsd sistem give me that error when install : the disk in your drive looks more like an audio disk than a freebsd release ...the server is a CompaQ professional workstation 5000 dual processor... i have recopy the iso of freebsd... and not work... change cd rom ... and not work why give that error?(only with bsd...)all other sistem WORK... Make sure you are buring the disc as a data/ISO image and not an audio image. This macine is also very old .. its a dual ppro. Its pssible it has some unsual cdrom setup that freebsd does not support. xompaqs are prone to somewhat nonstandard setups. -- Doug White| FreeBSD: The Power to Serve [EMAIL PROTECTED] | www.FreeBSD.org ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD 5.2.1 Release and Promise PDC20267 Raid Controller
I am trying to install 5.2.1 on an Intel S845WD1-E MB which has the Promise PDC20267 Raid Controller on board. I set up a mirror using two Seagate 160GB Hard Drives successfully. When I try to install FreeBSD, it sees the mirror, disk 0 is ready but disk 1 shows down and then the mirror fails. I get a missing interrupt error. After the Disk 1 Down message the machine stops the boot process and sits. I have to turn the machine off to do anything. Does this controller work with FreeBSD. I found a few messages on this list but saying that it worked but nothing on how to make it work. Any thoughts would be appreciated. Mike ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Too many dynamic rules, sorry
- Original Message - From: Norm Vilmer [EMAIL PROTECTED] To: Micheal Patterson [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, September 17, 2004 11:47 AM Subject: Re: Too many dynamic rules, sorry Micheal Patterson wrote: - Original Message - From: Norm Vilmer [EMAIL PROTECTED] To: Micheal Patterson [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, September 17, 2004 10:30 AM Subject: Re: Too many dynamic rules, sorry snip I do have a check-state rule add 00200 check-state Norm Vilmer Ok. Then right above the check-state entry, place an allow ip from 123.123.123/24 to 123.123.123./24 Replace the ip's with the appropriate network/metric for your lan and that will allow lan traffic to go to itself unhindered by any stateful checks. -- Micheal Patterson TSG Network Administration 405-917-0600 would this be the same? add 00200 allow all from any to any via ${iif} keep-state add 00210 check-state The goal is to not use dynamic rules for your local lan, only the traffic from the lan to the net. Otherwise, you're wasting dynamic state table space for rules that aren't necessary. A very basic stateful ruleset: ipfw add 100 allow ip from 1.1.1.0/24 to 1.1.1.0/24 ipfw add 500 check-state ipfw add 600 allow ip from 1.1.1.0/24 to any keep-state ipfw add 65000 deny log ip from any to any That type of ruleset, will allow local traffic without using state table, and the entry at 1000 will catch everything else outbound and use state tables for it. If it's not originating from your network, and there's no state entry, it's blocked by 65000. -- Micheal Patterson TSG Network Administration 405-917-0600 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Too many dynamic rules, sorry
Micheal Patterson wrote: - Original Message - From: Norm Vilmer [EMAIL PROTECTED] To: Micheal Patterson [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, September 17, 2004 11:47 AM Subject: Re: Too many dynamic rules, sorry Micheal Patterson wrote: - Original Message - From: Norm Vilmer [EMAIL PROTECTED] To: Micheal Patterson [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, September 17, 2004 10:30 AM Subject: Re: Too many dynamic rules, sorry snip I do have a check-state rule add 00200 check-state Norm Vilmer Ok. Then right above the check-state entry, place an allow ip from 123.123.123/24 to 123.123.123./24 Replace the ip's with the appropriate network/metric for your lan and that will allow lan traffic to go to itself unhindered by any stateful checks. -- Micheal Patterson TSG Network Administration 405-917-0600 would this be the same? add 00200 allow all from any to any via ${iif} keep-state add 00210 check-state The goal is to not use dynamic rules for your local lan, only the traffic from the lan to the net. Otherwise, you're wasting dynamic state table space for rules that aren't necessary. A very basic stateful ruleset: ipfw add 100 allow ip from 1.1.1.0/24 to 1.1.1.0/24 ipfw add 500 check-state ipfw add 600 allow ip from 1.1.1.0/24 to any keep-state ipfw add 65000 deny log ip from any to any That type of ruleset, will allow local traffic without using state table, and the entry at 1000 will catch everything else outbound and use state tables for it. If it's not originating from your network, and there's no state entry, it's blocked by 65000. -- Micheal Patterson TSG Network Administration 405-917-0600 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I tried your suggestion and got the same results and I think I understand why. If I have this right, it's putting keep-state on a rule that cause dynamic rules to be created. Well, I have removed all the keep-state's except for the one you specified. I launched the nmap attack against my public ip, however, the machine I launched it from is on the same network segment as the firewalls internal interface. So the traffic is going out the firewall then coming back in. If I am correct, this is a major Doh! on my part. Of course the net.inet.ip.fw.dyn_count is climbing, the ipfw add 600 allow ip from 1.1.1.0/24 to any keep-state rule is the culprit due to the outbound traffic. So I really need to nmap my firewall from another location to complete my test. Hmmm, does this mean that I can mess up my firewall by running nmap on a machine inside my firewall. It appears so. Do you know what the maximum value for net.inet.ip.fw.dyn_max is? I thought I read 8192 Norm Vilmer ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Burning OS X .dmg disk images...
Does anyone know of how to burn Mac OS X .dmg images under FBSD? I have .dmg files from an OSX system (10.3.x) that I want to convert to ISO images (if necessary) for burning to cd/dvd. I can't find anything in the list archives about this. Use this converter and burn the ISO file: http://vu1tur.eu.org/tools/ bye, artifex ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
can't get support for postgresql or mysql
Hello everyone... I have a problem getting support for mysql within php. I am running freebsd 5.2.1 and php 4.3.8. When I tried to run a php script that uses a mysql db connection, I got this error *Fatal error*: Call to undefined function: mysql_connect() in I did a phpinfo() and noticed i didn't see any mysql or postgresql support in it. I then tried to install php4-mysql module from the freebsd ports and still no luck.I also tried reinstalling both and I still end up in the same situation. I did a google search for how to load a mysql module but I keep getting articles about how to load it with apache. What should I do? Antoine ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Which Laser Printer for FreeBSD
At 8:08 AM -0600 9/17/04, Warren Block wrote: On Fri, 17 Sep 2004, Martin Moeller wrote: I guess a laser printer is the best choice for Unix, and I'm wondering which one I should buy. I thought about the HP Laserjet 6L or something in this category. Avoid the 5L and 6L, as they have failure-prone paper feeds. Newer versions of this top feed printer may share the same problem. Used 4/4M/4M+ or 5/5M/5M+ series can be found inexpensively; the M models (for Mac) have Adobe PostScript. The LaserJet 4000/4050 is a very nice printer, as is the LaserJet 5000 if you need 11x17. Both have a non-Adobe PostScript clone which works pretty well. Internal JetDirect cards are cheap for the 4/5 series, more expensive for 4000/5000, but very convenient. Having PostScript in the printer makes setup easier, and makes printing faster in some cases. I agree with everything Warren has said here. Here at RPI, we have also used Lexmark for blackwhite laser printers, and they have worked very well. We've also had a few Lexmark color laser printers. We have not been as happy with those, but I assume you are not looking for a color printer. -- Garance Alistair Drosehn= [EMAIL PROTECTED] Senior Systems Programmer or [EMAIL PROTECTED] Rensselaer Polytechnic Instituteor [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
how to make an executable run as another user
Um. I feel silly asking this. But I can't work it out. I want a shell script to run as another user. I always thought this was easy to do with the setuid bit, but never tried it before. I read man chmod and found this: . 4000(the setuid bit). Executable files with this bit set will run with effective uid set to the uid of the file owner. . s The set-user-ID-on-execution and set-group-ID-on-execution bits. And off I went. I wrote a shell script to output the current uid. I chown'ed it to another user. I chmod +sed it. I ran it. It didn't work. - rtb27# cat test #! /bin/sh whoami rtb27# ll test -rwsr-sr-x 1 rich wheel 20 Sep 17 19:34 test rtb27# ./test root Um. Help? Rich ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Multiple Net Connections
Chris Ryan [EMAIL PROTECTED] writes: I am running a Firewall / router / wireless freeBSD 5.2.1 pII 300. i.e it supplies net access for my LAN.. It has a wireless connection for internet that sometimes goes down and i wanted to get a backup internet connection for it - either DSL or ISDN. How can i enable it to use 2 different net connections? - and prioritize between the wireless first then if not available - the DSL. Is BGP the answer? and if so how? BGP is the answer for a sufficiently-large site, but you need the cooperation (peering) of your upstream providers. Since you're asking the question, that's unlikely to be an option for you. Some sort of failover solution would be a better idea; but I don't specifically know of any that are intended for wireless connections. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to make an executable run as another user
man sudo is what you need. Install it from the ports collection Regards S. On Fri, 17 Sep 2004 19:50:19 +, Richard Bradley [EMAIL PROTECTED] wrote: Um. I feel silly asking this. But I can't work it out. I want a shell script to run as another user. I always thought this was easy to do with the setuid bit, but never tried it before. I read man chmod and found this: . 4000(the setuid bit). Executable files with this bit set will run with effective uid set to the uid of the file owner. . s The set-user-ID-on-execution and set-group-ID-on-execution bits. And off I went. I wrote a shell script to output the current uid. I chown'ed it to another user. I chmod +sed it. I ran it. It didn't work. - rtb27# cat test #! /bin/sh whoami rtb27# ll test -rwsr-sr-x 1 rich wheel 20 Sep 17 19:34 test rtb27# ./test root Um. Help? Rich ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Subhro Sankha Kar School of Information Technology Block AQ-13/1 Sector V ZIP 700091 India ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Highpoint RAID HPT374
Thanks for the reply Chuck however I think you misunderstood me. Or perhaps I didn't make myself clear. I have two 80GB WD Special Edition drives. I am Mirroring them together. When I mention having things on seperate drives I was refering to my SQL databases and web pages and such each on thier own drives (money permitting also raided to other drives.) But no right now I am looking at installing everything on one drive. I have actually already done it wil no problems so far. The system is using the ro0 driver and I think I am good to go. I wasn't sure if there were optimizations I should be aware of or utilities or anything. This is my first drive set ever. So I am looking for any tips. The block sizes question seems to only apply to a striped drives. It was a seperate question and even a seperate thought all together. Thank you, Joshua Lewis Chuck Swiger Joshua Lewis wrote: I am looking to make a RAID MIRROR using my built in HPT374 raid controller on my ABIT AT7-MAX motherboard. I will be installing the OS, MySQL, BIND9, POSTFIX2, APACHE2, PHP4, and MONO. I realize I should use separate drives. I will when I have the money. So my questions are: one is there anything special I should keep in mind (like drivers that support this chip and so on) and two when I was creating the array in the BIOS utility it asked what block size I would like to use. Using RAID-1 mirroring of two partitions on a single drive doesn't make a lot of sense: it will greatly slow down performance without gaining any real improvement to reliability. What blocksize you should use depends somewhat upon the files you use, and is best determined by benchmarking your expected load using the data you have; that said, normally a small blocksize will work fine if you have lots of small files. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Hard drive encryption
[EMAIL PROTECTED] said: Hello, I am writing to inquire about a hard drive encryption software that is compatible with FreeBSD. We have been using PointSEC with windows and am looking for a similar solution for FreeBSD. I see you have GEOM Based Disk Encryption (gbde) Which I have read about on your web site, but the folks here are resistant to using it and are asking for a 3rd party solution that is separate from the OS. I don't know what third-party disk encryption services there are available for FreeBSD nor do I know what the status of gbde is currently, but there is no inherent reason that a third-party encryption service would be any more stable or robust than one that's built into the OS. In fact, I'd argue just the opposite, as the people who wrote gbde also work on related parts of the FreeBSD kernel and nearly all of the core FreeBSD developers are well-known for their ability to design and write quality, stable code. They would also be the first ones to notice a change to the kernel that would adversely effect gbde and probably also the first ones to fix such a problem. Do you have anything in mind? I understand that gbde requests a password before the partition can be mounted anyway so this simulates the same functionality of PointSEC, but since it is part of the OS, it seems that if someone has access to the OS, they could still get in. Is that right? No, otherwise there would be no point in encrypting the data on the disk. Encryption means that even if someone were to get their hands on the physical disk (which is always considered the worst-case scenario, from a security standpoint) and read all of the data off it, they could never use it to gain any information since the data would appear scambled unless they decrypted it with the appropriate key (the password, in this case). In other words, it's not the operating system that allows/disallows access to an ecrypted disk, it's the mathematical encryption algorithms. Similarly, disk encryption has nothing to do with allowing/disallowing access to the system, only its data. -- Charles Ulrich System Administrator Ideal Solution - http://www.idealso.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Best LAN file archive server?
Good day to everyone! I want to arrange a file archive on my FreeBSD box so that windows users can access it via LAN (100Mbit). It'll be over 100Gb, mp3 and divx mostly. Throttling is imperative, it must be designed so that clients can listen to music and watch movies directly, without downloading them. There are only 10 LAN users, so I expect 5-8 simultaneous connections. I wonder, what do you think is the best solution for this - samba, http, ftp or something else? I don't want users to install additional software on their computers, but I'm ready to consider it if it's worth the worries. If ftp is the best, what is the best server? Ftpd? Another point - how to configure the filesystem so that it suits the purpose best? It's just my imagination - but I want it to cache everything insanely, to be very fast in responses and to spare the hard drive (as the latter is going to be a simple ATA drive, Maxtor, Seagate or Hitachi, which are inclined to deadly failures under heavy loads). Please excuse me for my stupidity, but I'm still a hardcore newbie. Yours respectfully, Andrew P. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to make an executable run as another user
Richard Bradley [EMAIL PROTECTED] wrote: Um. I feel silly asking this. But I can't work it out. Not silly, common problem for shell script writers. I want a shell script to run as another user. I always thought this was easy to do with the setuid bit, but never tried it before. I read man chmod and found this: . 4000(the setuid bit). Executable files with this bit set will run with effective uid set to the uid of the file owner. . s The set-user-ID-on-execution and set-group-ID-on-execution bits. And off I went. I wrote a shell script to output the current uid. I chown'ed it to another user. I chmod +sed it. I ran it. It didn't work. - rtb27# cat test #! /bin/sh whoami rtb27# ll test -rwsr-sr-x 1 rich wheel 20 Sep 17 19:34 test rtb27# ./test root Interpreted programs (i.e. scripts) don't honor setuid/setgid (with the notable exception of setuidperl, which is installed but disabled on FreeBSD) Clever use of su or sudo can work around this. Also, writing a C or C++ wrapper program will help. That's a bit of a PITA, though. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Best LAN file archive server?
Andrew [EMAIL PROTECTED] wrote: Good day to everyone! I want to arrange a file archive on my FreeBSD box so that windows users can access it via LAN (100Mbit). It'll be over 100Gb, mp3 and divx mostly. Throttling is imperative, it must be designed so that clients can listen to music and watch movies directly, without downloading them. There are only 10 LAN users, so I expect 5-8 simultaneous connections. I wonder, what do you think is the best solution for this - samba, http, ftp or something else? Samba is probably going to provide the easiest use, assuming all your clients are running Windows (you didn't mention). If they're mixed OS, you may do better with something like FTP or HTTP, as it's more portable/standardized. Although Mac and Linux talk to Samba servers very nicely these days. I don't want users to install additional software on their computers, but I'm ready to consider it if it's worth the worries. If ftp is the best, what is the best server? Ftpd? If you're setting up anon-only FTP access, then just about any FTP server will do. I'd just use the one that ships with FreeBSD. If it's going to be more complex, something like proftpd has support for virtual users, and authenticating out of a MySQL database. Another point - how to configure the filesystem so that it suits the purpose best? It's just my imagination - but I want it to cache everything insanely, to be very fast in responses and to spare the hard drive (as the latter is going to be a simple ATA drive, Maxtor, Seagate or Hitachi, which are inclined to deadly failures under heavy loads). Just install it and give the system as much RAM as you can afford. FreeBSD will cache as much data as possible by default. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Crontab file (root user)
Steve Bertrand [EMAIL PROTECTED] writes: I'm wondering where the crontab is located for the root user. I know there is the system crontab in /etc, however doing a #crontab -e when su'd to root, it comes up with a different crontab. Right. Just as you said: the former is the system crontab, the latter is the root user's crontab. The former has an extra field that indicates which user to run a command as, the latter is exactly the same as any other user's crontab (and is stored in /var/cron/tabs just all the other user crontabs). I'm not quite sure what your confusion is: did my previous paragraph eliminate it? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
weird problem following 4.10-STABLE build....
After upgrading to 4.10-STABLE I have noticed some weird issues with email. My remote clients are unable to connect to the mail server, even though they can access websites on it. Since they arent even getting to the server, the logs show nothing. At first I suspected networking issues. I checked everything and there dont seem to be any problems. The only thing I changed when doing the upgrade was I increased kern.maxfiles to 12288. Also, my top level ISP does not delegate reverse authority. So the mail server ip reverses to something else when outside my network. Any ideas? Thanks John ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Best LAN file archive server?
On Fri, 17 Sep 2004 23:20:47 +0400 Andrew [EMAIL PROTECTED] wrote: Good day to everyone! I want to arrange a file archive on my FreeBSD box so that windows users can access it via LAN (100Mbit). It'll be over 100Gb, mp3 and divx mostly. Throttling is imperative, it must be designed so that clients can listen to music and watch movies directly, without downloading them. There are only 10 LAN users, so I expect 5-8 simultaneous connections. BTW what OSes are they running. If it all just various unix machines, nfs should work. Not exactly sure how to throttle it though. I wonder, what do you think is the best solution for this - samba, http, ftp or something else? I don't want users to install additional software on their computers, but I'm ready to consider it if it's worth the worries. SMB :) I would setup some rules for throttling using IPFW to each client machine. Not sure if samba supports throttling or now, but doing it by IPFW should work fine. If ftp is the best, what is the best server? Ftpd? Possible, but would make it annoying for fetching files and probally more network load. Another point - how to configure the filesystem so that it suits the purpose best? It's just my imagination - but I want it to cache everything insanely, to be very fast in responses and to spare the hard drive (as the latter is going to be a simple ATA drive, Maxtor, Seagate or Hitachi, which are inclined to deadly failures under heavy loads). man tuning man sysctl :) IIRC there is also a section in the handbook on it. If you have not bought the drive yet, I would suggest advioding Western Digital. I have all ways have problems with transfer speeds and their drives. BTW movies and music does not eat much bandwidth. You may very well be able to do it with out throttling, depending on the bit rate. But should all be fine for the most part with out throttling. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: XFree86-4 config issue
digish reshamwala [EMAIL PROTECTED] writes: I installed FreeBSD 5.2.1 using by creating my own installation CD from the freeBSD5.2.1_disc1.iso image from the main ftp site for i386 system. Now, I am having trouble configuring XFree86-4, and: After building the X11 by using following commands- as root user # cd /usr/ports/x11/XFree86-4 # make install clean When I tried to configure it using: # XFree86 -configure It gives me following error message- (i.e the XFree86.0.log file exculding comments) Fatal Server error: xf86EnableIO: Failed to open /dev/io for extended io Looks like you're running at a raised securelevel. If so, that would explain it; you can't open an X server in a raised securelevel (it is left as an exercise to the reader to explain why raw access to system memory and configuration registers are not considered compatible with raised security levels). ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: RELENG_5: KDE upgrade Catch-22
Michael Nottebrock wrote: On Friday 17 September 2004 21:14, Mark Ovens wrote: Hmmm, if I delete XFree86-libraries then X won't run, and without libXinerama.so.1 KDE won't run :-/ Anyone have a solution to this conundrum please? Yes: Update all of XFree86 to the latest version in ports (4.4). XFree86-libraries does contain libXinerama.so.1. The real conundrum is how you ended up with a system like this. I can make a few guesses: You upgraded KDE via packages Running ''portupgrade -PPRa'' I guess. I had been having problems caused by the compiler changes and read in this list, or -questions, an answer to a question about the same problem where the advice was to u/g all your ports via packages (or uninstall them all and rebuild from ports). portupgrade(1) skipped XFree86. - that KDE has been built against xorg (which is the default X distribution for 5.3 and contains libXinerama.so.1, while XFree86-4.3 only contains a libXinerama.a). Are you saying the KDE packages are built against xorg? I guess that explains all the dependencies on xorg that I kept having to delete using ''pkgdb -F''. Is that the real reason KDE won't run? Would switching to xorg be the best solution in the long run then (now is the time for me to do it if it is)? I guess that would mean rebuilding all my X apps that weren't installed from packages. Thanks for the quick and detailed reply. Regards, Mark Or maybe you compiled KDE yourself - against Xorg or XFree86-4.4 and then downgraded to XFree86-4.3? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Too many dynamic rules, sorry
--- Norm Vilmer [EMAIL PROTECTED] wrote: Dave McCammon wrote: --- Bill Moran [EMAIL PROTECTED] wrote: Rob [EMAIL PROTECTED] wrote: Norm Vilmer wrote: Here are the rules that I have that keep-state on the outside interface: #For DNS add 01300 pass udp from ${oip} to any 53 keep-state # For NTP add 01400 pass udp from ${oip} to any 123 keep-state # For VPN add 01500 pass gre from any to any keep-state # For ICMP add 01600 pass icmp from any to any via ${oip} keep-state Do you think these are causing the problem? Aren't udp and icmp state-less protocols? In that case, keep-state would not make much sense. I use 'keep-state' only for tcp rules. I may be wrong, moreover, I haven't followed the full thread :). You'll generally need to keep state on UDP when you play online games. If you're smart, you don't allow arbitrary UDP packets from the outside world into your network, but if you're playing Unreal or something, then all communication is via UDP, and you won't be able to play. The best solution is to allow all UDP traffic to _leave_, while keeping state. the keep-state remembers the ip/port information on the outgoing packets, and thus allows return packets to get back in (by matching the ip/port pair). Now, when you know the port, it doesn't really make sense to use keep-state, and all you're really doing is spamming your state tables. If you look in the /etc/rc.firewall that ships with FreeBSD, you'll see these rules (designed to handle running a DNS server): # Allow access to our DNS ${fwcmd} add pass tcp from any to ${oip} 53 setup ${fwcmd} add pass udp from any to ${oip} 53 ${fwcmd} add pass udp from ${oip} 53 to any Granted, it's three rules instead of 1, but it does not use your state tables unnecessarily (sp?) HTH. Sorry, wasn't done with last message. Look at your dynamic table, if you are getting DoS'd, try using the limit option instead of keep-state or tweak the net.inet.ip.fw.dyn_(*)_lifetime to a level that suits your needs. Or, rewrite your rules removing the keep-state options. ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I think I follow you. I am going to have to play around with the DNS rules supplied with rc.firewall to see if I can get them to work. Just putting them in as given, my machines inside the firewall can not do nslookup's. I am a little afraid to play with the net.inet.ip.fw.dyn_(*)_lifetime level, I have seen a number of posting where people increase the value, mine is set to 300 (default). I did remove keep-state from all my rules excpet the gre rule. I also set the net.inet.ip.fw.dyn_max to 8192 which helps. Maybe I need a good book on the subject. Any suggestions? Norm Vilmer What you may you may want to do is lower the net.inet.ip.fw.dyn_ack_lifetime. This will help the dynamic rules to be cleared faster on connections that don't get completed with the FIN or RST. Besides, I believe the UDP dynamic rules are controlled by net.inet.ip.fw.dyn_udp_lifetime. On my bridging-firewall, it is set to 10 but in the man page for ipfw it shows default as 5 (unless the 5 is just an example not the default). Here is some links that I have bookmarked http://www.kgb.ro/Ipfw-HOWTO http://freebsd.amazingdev.com/blog/archives/000112.html http://www.toad-one.org/howto/FreeBSD/Ipfw-Advanced-Supplement-HOWTO.txt ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to make an executable run as another user
Rich, Someone else had responded to your post explaining that setuid does not work with shell scripts. Nor does it work with any interpreted input. The following article might help explain this (and others): http://www.evolt.org/article/UNIX_File_Permissions_and_Setuid_Part_2/ 18/263/ QUOTE: In most UNIX kernels there exists what is called a 'race condition' when executing scripts. Scripts are pieces of code which are interpreted by, strangely enough, interpreters. Common examples of interpreters are perl, sed, and awk. So when you have in your perl code #!/usr/local/bin/perl it tells the operating system to start executing the perl interpreter with the current script as input. Between the time that the perl interpreter starts executing and the time that it reads in your script the 'race condition' exists. At this time, a mischievous person could 'win the race' and be able to replace your script with another. And if your script is running as setuid, that person's script would run as your user! So their script could do anything that you could do from the command line. As a result, most UNIX kernels will disable users from running scripts as setuid. The most common way around this is to create a wrapper program around your script. A wrapper, in this context, is a small program, possibly written in C, that when executed will simply run your script. The 'race condition' does not exist for real executables and so you won't be thwarted by the kernel itself. I'm not exceptionally well versed in this stuff. But I think this is what you're after. Alex On Sep 17, 2004, at 3:50 PM, Richard Bradley wrote: Um. I feel silly asking this. But I can't work it out. I want a shell script to run as another user. I always thought this was easy to do with the setuid bit, but never tried it before. I read man chmod and found this: . 4000(the setuid bit). Executable files with this bit set will run with effective uid set to the uid of the file owner. . s The set-user-ID-on-execution and set-group-ID-on-execution bits. And off I went. I wrote a shell script to output the current uid. I chown'ed it to another user. I chmod +sed it. I ran it. It didn't work. - rtb27# cat test #! /bin/sh whoami rtb27# ll test -rwsr-sr-x 1 rich wheel 20 Sep 17 19:34 test rtb27# ./test root Um. Help? Rich ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Alexander Sendzimir (owner)802 863 5502 MacTutor: Apple Mac OS X Consulting [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: can't get support for postgresql or mysql
asolomon15 wrote: Hello everyone... I have a problem getting support for mysql within php. I am running freebsd 5.2.1 and php 4.3.8. When I tried to run a php script that uses a mysql db connection, I got this error *Fatal error*: Call to undefined function: mysql_connect() in I did a phpinfo() and noticed i didn't see any mysql or postgresql support in it. I then tried to install php4-mysql module from the freebsd ports and still no luck.I also tried reinstalling both and I still end up in the same situation. I did a google search for how to load a mysql module but I keep getting articles about how to load it with apache. What should I do? Please read /usr/ports/UPDATING if it is available on your system. If not, you may access it via the cvsweb at the Project web site. You will need to install /usr/ports/lang/php4-extensions to, um, get the extensions ;-) Kevin Kinsey DaleCo, S.P. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: XFree86-4 config issue
Thanks a lot Lowell, After reducing the secure lever I was able to configure the XFree86 by using #XFree86 -configure then #cp XF86Config.new /etc/X11/XF86Config (Copying it in common location where XFree86 can find it) But afterthat, whenever I tried to start the X11 using #statrx the system simply froze?? Also when I tried to test the existing configuration by giving # XFree86 -xf86config XF86Config.new It simply frozes the OS??? Any idea whats wrong? Can u please suggest/help asap Macuser - Original Message - From: Lowell Gilbert [EMAIL PROTECTED] Date: Friday, September 17, 2004 1:24 pm Subject: Re: XFree86-4 config issue digish reshamwala [EMAIL PROTECTED] writes: I installed FreeBSD 5.2.1 using by creating my own installation CD from the freeBSD5.2.1_disc1.iso image from the main ftp site for i386 system. Now, I am having trouble configuring XFree86-4, and: After building the X11 by using following commands- as root user # cd /usr/ports/x11/XFree86-4 # make install clean When I tried to configure it using: # XFree86 -configure It gives me following error message- (i.e the XFree86.0.log file exculding comments) Fatal Server error: xf86EnableIO: Failed to open /dev/io for extended io Looks like you're running at a raised securelevel. If so, that would explain it; you can't open an X server in a raised securelevel (it is left as an exercise to the reader to explain why raw access to system memory and configuration registers are not considered compatible with raised security levels). ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Hard drive encryption
[EMAIL PROTECTED], 2004-09-16] I understand that gbde requests a password before the partition can be mounted anyway so this simulates the same functionality of PointSEC, but since it is part of the OS, it seems that if someone has access to the OS, they could still get in. Is that right? See gbde(4) http://www.freebsd.org/cgi/man.cgi?query=gbdesektion=4 The objective of this facility is to provide a high degree of denial of access to the contents of a ``cold'' storage device. Be aware that if the computer is compromised while up and running and the storage device is actively attached and opened with a valid pass-phrase, this facility offers no protection or denial of access to the contents of the storage device. If, on the other hand, the device is ``cold'', it should present an formidable challenge for an attacker to gain access to the contents in the absence of a valid pass-phrase. Four cryptographic barriers must be passed to gain access to the data, and only a valid pass-phrase will yield this access. A cold device should be understood as a hard drive (or other geom- device) that is not powered on, or that has not yet been opened by a valid pass-phrase. For more info on the four barriers, read the rest of the manual page. GBDE should not be any less secure just because the OS has builtin support for it. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf not logging on 5.3-BETA3 ?
On Thursday 16 September 2004 21:19, Thomas T. Veldhouse wrote: Bruno Afonso wrote: Thomas T. Veldhouse wrote: Max Laier wrote: Okay, have you guys read UPDATING? Yes, but it is from a BETA3 install ... so the user/group was already their. Besides, installworld will fail unless this group is added first. Did you do mergemaster -p ? Yes. But like I said, it is not required to move from 5.3-BETA3 to RELENG_5 as the changes in master.passwd and group are already there. If they were not, an installworld would fail because the chown or chgrp commands fail trying to set the user or group to _pflogd or authpf (group). In any event, my passwd and group file are indeed up to date and /var/log/pflog broken (no logging taking place). fuggle# ps aux | grep pf root 340 0.0 0.3 1584 612 ?? Ss3:05PM 0:00.01 pflogd: [priv] ( _pflogd 343 0.0 0.3 1648 652 ?? S 3:05PM 0:11.14 pflogd: [running root21395 0.0 0.1 440 224 p1 R+2:18PM 0:00.00 grep pf Are you sure that you have logging rules in place? And are you sure that these rules are matched? Please attach the output of $pfctl -vvsr if in doubt. Yep, I can follow the log with my pflog script: [EMAIL PROTECTED]:/home/klr]# pflog tcpdump: WARNING: pflog0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes 2. 827601 rule 7/0(match): block out on rl1: IP X.X.X.X.61201 66.35.250.150.6060: S 1604621353:1604621353(0) win 65535 mss 1460,nop,wscale 1,[|tcp] (ip blocked out) [workstation: [EMAIL PROTECTED]:/home/killer/] telnet slashdot.org 6060 Trying 66.35.250.150... ] The script (very simple): [EMAIL PROTECTED]:/home/klr]# cat `which pflog` tcpdump -n -e -ttt -i pflog0 This ensures logging rules are there, but anyway: [EMAIL PROTECTED]:/home/klr]# grep log /etc/pf.conf block in log on $net proto { tcp,udp,icmp } block out log on $net proto { tcp,udp,icmp } Also, are you using the module or did you build pf into your kernel directly? Compiled directly into the kernel, device pf/pflog/pfsync, all ALTQ options: options ALTQ options ALTQ_CBQ# Class Bases Queueing options ALTQ_RED# Random Early Drop options ALTQ_RIO# RED In/Out options ALTQ_HFSC # Hierarchical Packet Scheduler options ALTQ_CDNR # Traffic conditioner options ALTQ_PRIQ # Priority Queueing options ALTQ_NOPCC # Required for SMP build options ALTQ device pf # Packet Filter device pfsync device pflog _DEBUG Did you put in device pflog as well? What does $ifconfig pflog0 say? [EMAIL PROTECTED]:/home/klr]# ifconfig pflog0 pflog0: flags=41UP,RUNNING mtu 33208 If more info is needed, let me know. I don't think this is an obvious mistake of me (altough it could be, I haven't looked to this problem in the last days, must take some time to look more carefully at it). As a reminder, the system is: FreeBSD evilreborn 5.3-BETA3 FreeBSD 5.3-BETA3 #0: Wed Sep 15 19:18:51 WEST 2004 [EMAIL PROTECTED]:/usr/src/sys/i386/compile/evilreborn53-kernel i386 -- /\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News Best Regards, Hugo ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Apache Installation
Hey I am a novice at FreeBSD! I want to install apache v 1.3.28 in my FreeBSD 5.21. Can u guys help me? How to proceed? -macuser ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Apache Installation
Hey, It's very simple! Assuming you have an updated ports tree, just do this as root: cd /usr/ports/www/apache13 make install clean Hey I am a novice at FreeBSD! I want to install apache v 1.3.28 in my FreeBSD 5.21. Can u guys help me? How to proceed? -macuser ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- www.6s-gaming.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ATI AGP card and Xorg
John DeStefano wrote: Trying to take my mind off my server exploit issue... I'm trying to configure an ATI Radeon 9000 64mb AGP video card with Xorg on a FreeBSD5.3beta2 workstation. No matter which config option I choose ('Xorg -configure', 'xorgcfg -textmode', xorgconfig), when I test the generated .conf file, the screen locks up with a bunch of colors and horizontal lines (green on top, blue everywhere else). The mouse cursor moves, but none of the Ctrl+Alt key combos work, and I can't escape the X session or access another virtual console. The Device section generated from 'Xorg -configure' is: Section Device Identifier Card0 Driver ati VendorName ATI Technologies Inc BoardName Radeon RV250 If [Radeon 9000] BusID PCI:3:0:0 Here's any related output I can think of from 'pciconf -lv': [EMAIL PROTECTED]:0:0: class=0x06 card=0x chip=0x01e010de rev=0xa2 hdr=0x00 vendor = 'NVIDIA Corporation' device = 'nForce2 AGP Controller' class = bridge subclass = HOST-PCI . . . [EMAIL PROTECTED]:0:0: class=0x03 card=0x20021002 chip=0x49661002 rev=0x01 hdr=0x00 vendor = 'ATI Technologies Inc.' device = 'RV250 Radeon 9000/9000 Pro' class = display subclass = VGA [EMAIL PROTECTED]:0:1: class=0x038000 card=0x20031002 chip=0x496e1002 rev=0x01 hdr=0x00 vendor = 'ATI Technologies Inc.' device = 'RV250 Radeon 9000/9000 Pro - Secondary' class = display I thought it might be an AGP/kernel issue, but when I try 'kldload agp' I get back File exists, and when I do 'kldstat -n agp' or 'kldunload' I get No such file. I tried someone else's bare-bones radeon conf file, and I got the same problem as always on test: blue/green garbled screen, mouse moves, can't escape out of locked-up X. I then replaced the radeon Driver entry with vesa in the config. When I tested this, it showed a different garbled screen (grey this time) for a few seconds, then clicked to a normal X-Windows screen, but with a black hourglass outline on the sides. I was able to Ctl+Alt+Backspace out of this as normal, and the console didn't report any warnings or errors. I then moved this config file to /etc/X11/xorg.conf and ran 'startx'. It started fine and looked as described above, with an hourglass outline. When I exited X, there were some errors on the console that were probably just from exiting out of X, and this one: xauth: (argv):1: bad display name my.hostname.com:0 in remove command Any ideas on how to get this card working properly? BTW: I began using FreeBSD5.3beta2 on this machine for its NDIS support for my onboard NIC. Thanks, ~John ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I know your pain so well! I have a r200 on a nforce2 board. I have the same problems as you. 1.It looks as if your pci id is wrong. I might be wrong, but I see 3:0:1 and 3:0:0. You should not use the BusID option if you can avoid it. There is a free pci scan with every startx! The point of the scan is not having to set the id. [EMAIL PROTECTED]:0:0: class=0x03 card=0x7149174b chip=0x514c1002 rev=0x00 hdr=0x00 vendor = 'ATI Technologies Inc.' device = 'R200 Radeon 8500 / 8500LE' class= display subclass = VGA You see here on mine I am getting a driver attached to my card. The [EMAIL PROTECTED]:0:1 means there is no driver attacked, or at least drm is not working. 2.You must preload agp. The handbook clearly states you have to have agp in the kernel or preloaded. You should not kldload or kldunload agp. hw.ata.atapi_dma=1 agp.ko_load=YES snd_ich.ko_load=YES radeon.ko_load=YES This is just a sample of my /boot/loader.conf file. You see I have the radeon and agp drivers preloaded. 3.The current version of dri in the kernel is outdated and does not have accellerated drivers that work. I think they will be updated after the release of 5.3 when the new xorg sever is put into ports. You can use dri without x, but no one does. Dri is its own project and a part of x, but in FreeBSD dri is part of the base system since it has drivers(I think this is why). So this means no loading dri modules in the xorg.conf file, and no hardware accellerated 3d for you until the update. Before you mention it, I do know you have the RV280 and not the R200 like me. The RV280 is a modifed R200 and does use the same driver. I also noticed you have 2 radeons in the pciscan. I have a tripple head 8500(svideo, vga, dvi) and I only have 1 radeon show up. Do you have 2 cards(it looks like 1 card, could this be a dual head side effect? could I get a dmesg on this)? What settings have you changed to get this to happen or is it deafult? Finally, if you do all I said you should have a working x and system. Right now I can get 25-30 fps in glxgears fullscreen. When the new drivers are here that number should be more like 2500-3000(or was there another zero?). If you need any
Re: Apache Installation
This is valid advice. However, since you say your are new to FreeBSD (and, perhaps, *nix?), I would break the process down like this. Use a terminal (xterm) to do run these commands. Otherwise, excuse the simplicity. I'll assume you're using sudo for root privilege. 1. It's easiest to use the ports tree (/usr/ports). Apache is in the www directory under /usr/ports. So, go there. cd /usr/ports/www There are a few versions you could install when it comes to Apache. You can see them with ls -d apache* 'apache13' is the most straight forward to start with. So, go into this directory, cd apache13 2. Fetch, extract, and compile. Check the Makefile for things you can modify to your needs. more Makefile Look for defined(...) or !defined(...). For example, .if (!defined(WITHOUT_APACHE_EXPAT)... In the case of Apache 1.3.x you can specify -DWITHOUT_APACHE_EXPAT. If you're unsure about this, then forget about it. Just compile and install. Or extract, sudo make extract which will usually tell you what you can modify on the command line. Otherwise, sudo make You can do the make and install in one line. sudo make install If your were to exclude expat support, then you would use this sudo make -DWITHOUT_APACHE_EXPAT sudo make install or sudo make -DWITHOUT_APACHE_EXPAT install You can remove the installation and start over by running sudo make deinstall and sudo rm -rf ./work where ./ assumes you are already in /usr/ports/www/apache13/. This gets rid of the work directory that 'make extract' created. You don't have to do it like this all the time. But once you're familiar with the basic process, you will discover your own refined process. Good luck, Alex On Sep 17, 2004, at 3:09 PM, Hugo Silva wrote: Hey, It's very simple! Assuming you have an updated ports tree, just do this as root: cd /usr/ports/www/apache13 make install clean Hey I am a novice at FreeBSD! I want to install apache v 1.3.28 in my FreeBSD 5.21. Can u guys help me? How to proceed? -macuser ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- www.6s-gaming.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Alexander Sendzimir (owner)802 863 5502 MacTutor: Apple Mac OS X Consulting [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
couldn't map memory
Richard Lynch wrote: I have installed FreeBSD 5.2.1 on a Dell Insprion 700 m, dual boot with the existing XP Home Edition (blech). Have begun posting my experience at http://phpbootcamp.com/articles/inspiron700m.htm The built-in LAN NIC is a Broadcom 440x. It works well enough under Windows to send this message. :-^ An update, and re-title, since I've moved quite a bit forward. I'm also cc-ing -mobile, to which I'm not even subscribed at this time, cuz I can only keep up with so many lists... Hope that's not too rude. I disabled bfe in my GENERIC kernel and re-built that, so I could hack the BFE source and try it as a module without a 20-minute re-build and re-boot. So I do make; make install: in /usr/src/sys/modules/bfe and then kldload /boot/kernel/if_bfe.ko which seems to work -- at least well enough to print out my debugging statements, or when I'm particularly stupid, page fault and crash the machine. I added the device_id as a constant in the BFE header: --- /usr/src/sys/dev/bfe/if_bfereg.h --- #define BCOM_DEVICEID_BCM4401_B0 0x170c I added the device id to the array of known BFE devices: --- /usr/src/sys/dev/bfe/if_bfe.c --- static struct bfe_type bfe_devs[] = { { BCOM_VENDORID, BCOM_DEVICEID_BCM4401, Broadcom BCM4401 Fast Ethernet }, { BCOM_VENDORID, BCOM_DEVICEID_BCM4401_B0, Broadcom BCM4401-B0 Fast Ethernet }, { 0, 0, NULL } }; I added an id to the MII headers, even thought it's the same: --- /usr/src/sys/dev/mii/miidevs --- model BROADCOM BCM4401 0x0036 BCM4401 10/100baseTX PHY /* Michael Chan of Broadcom was kind enough to email me that 0x36 is right */ model BROADCOM BCM4401_B0 0x0036 BCM4401-B0 10/100baseTX PHY The bfe_attach function which is getting registered with the Device as a callback is being called, and eventually reaches the line where it attempts to do: sc-bfe_res = bus_alloc_resource(dev, SYS_RES_MEMORY, rid, 0, ~0, 1, RF_ACTIVE); It is at this point that it is then printing out Could not map memory Now, I had already tried setting hints for maddr and msize to the values being used by Windows, in the hope that they would also be good numbers for FreeBSD. However, one thing I'm not sure of -- Do those hints affect a Module, or would they only apply to something built in to the kernel? Perhaps now that I've gotten the device recognized I should move back to using the kernel re-build with bfe enabled again. What other ways, short of hacking the source, can be used to provide good numbers for memory to bus_alloc_resource? And what magical incantations would allow me to find good numbers, as with 2 GIG of RAM, I suspect it could be a lonnng time before I stumbled on good numbers by just guessing. The is the output of kldload /boot/kernel/if_bfe.ko with the above alterations applied. Not quite sure why cbb0 and fwohci0 are getting in the picture... Perhaps the mere attempt to query their PCI vendor_id and device_id causes them to attempt to re-initialize?... Sep 17 00:31:09 kernel: cbb0: PCI-CardBus Bridge at device 4.0 on pci2 Sep 17 00:31:09 kernel: cbb0: pccbb.c Could not grab register memory Sep 17 00:31:09 kernel: device_probe_and_attach: cbb0 attach returned 12 Sep 17 00:31:09 kernel: cbb0: PCI-CardBus Bridge at device 4.1 on pci2 Sep 17 00:31:09 kernel: cbb0: pccbb.c Could not grab register memory Sep 17 00:31:09 kernel: device_probe_and_attach: cbb0 attach returned 12 Sep 17 00:31:09 kernel: fwohci0: vendor=104c, dev=802e Sep 17 00:31:09 kernel: fwohci0: 1394 Open Host Controller Interface mem 0xe020-0xe0203fff,0xe0209000-0xe02097ff irq 10 at device 4.2 on pci2 Sep 17 00:31:09 kernel: fwohci0: Could not map memory Sep 17 00:31:09 kernel: device_probe_and_attach: fwohci0 attach returned 6 Sep 17 00:31:09 kernel: sc-bfe_miibus is NULL. Sep 17 00:31:09 kernel: bfe0: Broadcom BCM4401-B0 Fast Ethernet mem 0xe0206000-0xe0207fff irq 10 at device 5.0 on pci2 Sep 17 00:31:09 kernel: bfe0: couldn't map memory Sep 17 00:31:09 kernel: device_probe_and_attach: bfe0 attach returned 6 -- Like Music? http://l-i-e.com/artists.htm ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: weird problem following 4.10-STABLE build....
On Fri, 17 Sep 2004, John Von Essen wrote: After upgrading to 4.10-STABLE I have noticed some weird issues with email. My remote clients are unable to connect to the mail server, even though they can access websites on it. Since they arent even getting to the server, the logs show nothing. At first I suspected networking issues. I checked everything and there dont seem to be any problems. The only thing I changed when doing the upgrade was I increased kern.maxfiles to 12288. Also, my top level ISP does not delegate reverse authority. So the mail server ip reverses to something else when outside my network. Did you 'cd /etc/mail make all install restart' to rebuild and reinstall your sendmail config files? -Warren Block * Rapid City, South Dakota USA ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Apache Installation
digish reshamwala wrote: Hey I am a novice at FreeBSD! I want to install apache v 1.3.28 in my FreeBSD 5.21. Can u guys help me? How to proceed? -macuser I see another post in which someone has taken great pains to explain a lot. In a nutshell, though, it's this: *** 1. Make sure you're connected to the Internet. 2. Make sure you have superuser privileges (su to root). 3. Then: #cd /usr/ports/www/apache13 #make install clean *** See the Handbook chapter on installing 3rd party software. Kevin Kinsey ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
HTT on 4.10 not working
Hi: Could someone tell me how to get hyperthreading on 4.10 working correctly? I have a P4 2.8GHz w/ HT enabled and `dmesg` shows: CPU: Intel(R) Pentium(R) 4 CPU 2.80GHz (2795.24-MHz 686-class CPU) Origin = GenuineIntel Id = 0xf33 Stepping = 3 Features=0xbfebfbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE Hyperthreading: 2 logical CPUs real memory = 1065287680 (1040320K bytes) avail memory = 1031405568 (1007232K bytes) Preloaded elf kernel kernel at 0xc0556000. Warning: Pentium 4 CPU: PSE disabled Pentium Pro MTRR support enabled but running `top` shows last pid: 7301; load averages: 0.00, 0.00, 0.00 up 0+21:36:00 20:01:56 22 processes: 2 running, 20 sleeping CPU states: 0.8% user, 0.0% nice, 2.0% system, 0.0% interrupt, 97.3% idle Mem: 107M Active, 533M Inact, 91M Wired, 34M Cache, 111M Buf, 229M Free Swap: 2048M Total, 2048M Free PID USERNAME PRI NICE SIZERES STATETIME WCPUCPU COMMAND 7096 hlds 10 0 62508K 56596K RUN 2:15 1.07% 1.07% hlds_i686 so I don't think its being used, could someone tell me how to get it working in 4.10? Thank you -- robg [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Ports config location
I'm having some trouble with deleting an old ports configuration file. I'm trying to build the new PHP 4.3.8 (with the new modular config setup), and made a mistake in setting it up. I want to be able to pull up the curses-based config screen, but not even deleting the entire ports tree and pulling it down again solves that; I get the some setup every time, and it proceeds with the build without prompting me. How do I get it to prompt me again for configuration? -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgphidh4NYdv7.pgp Description: PGP signature
Re: Ports config location
Skylar Thompson [EMAIL PROTECTED] wrote: I'm having some trouble with deleting an old ports configuration file. I'm trying to build the new PHP 4.3.8 (with the new modular config setup), and made a mistake in setting it up. I want to be able to pull up the curses-based config screen, but not even deleting the entire ports tree and pulling it down again solves that; I get the some setup every time, and it proceeds with the build without prompting me. How do I get it to prompt me again for configuration? cd /usr/ports/lang/php4-extensions make config \ make FORCE_PKG_REGISTER=yes install ... a little more complicated than usual for the ports sytem ... -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ports config location
On Fri, Sep 17, 2004 at 08:18:02PM -0400, Bill Moran wrote: Skylar Thompson [EMAIL PROTECTED] wrote: I'm having some trouble with deleting an old ports configuration file. I'm trying to build the new PHP 4.3.8 (with the new modular config setup), and made a mistake in setting it up. I want to be able to pull up the curses-based config screen, but not even deleting the entire ports tree and pulling it down again solves that; I get the some setup every time, and it proceeds with the build without prompting me. How do I get it to prompt me again for configuration? cd /usr/ports/lang/php4-extensions make config \ make FORCE_PKG_REGISTER=yes install ... a little more complicated than usual for the ports sytem ... That did the trick. Thanks! -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgptjeWlllKcJ.pgp Description: PGP signature
Re: Ports config location
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Saturday 18 September 2004 02:14, Skylar Thompson wrote: I'm having some trouble with deleting an old ports configuration file. I'm trying to build the new PHP 4.3.8 (with the new modular config setup), and made a mistake in setting it up. I want to be able to pull up the curses-based config screen, but not even deleting the entire ports tree and pulling it down again solves that; I get the some setup every time, and it proceeds with the build without prompting me. How do I get it to prompt me again for configuration? You may find what are you looking for in /var/db/ports/. 'man 7 ports' points you to 'make showconfig' and 'make rmconfig'. Cheers, ch - -- Christian Hiris [EMAIL PROTECTED] | OpenPGP KeyID 0x3BCA53BE OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBS4EW09WjGjvKU74RAlQgAJwKzQfcFidNOKy6ROyeJcMODxPzFwCdGc0q D2ApuZ7ISUyfFTAnwF7khTw= =EnEy -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Apache13 + mod_php segfault at startup
I keep struggling with this without finding a way of fixing it. Whenever I link in mod_php into httpd.conf (loadmodule and addmodule), apache fails to start up. I can get it to work by commenting mod_php it out, starting up apache, then commenting it back in and restarting. If I restart once more, then it segfaults again. In the logs I occasionally get: [notice] child pid 17255 exit signal Segmentation fault (11) I've tried installing (and reinstalling) apache13-modssl, apache13-modperl, reinstalling /usr/ports/www/mod_php4, compiling apache without expat, checking ldd: /usr/local/libexec/apache/libphp4.so: libcrypt.so.2 = /lib/libcrypt.so.2 (0x28248000) libm.so.2 = /lib/libm.so.2 (0x28261000) /usr/local/libexec/apache/libphp4.so: libcrypt.so.2 = /lib/libcrypt.so.2 (0x28248000) libm.so.2 = /lib/libm.so.2 (0x28261000) So far nothing has been successful. I even tried installing apache2 to see if that would work, and although it does for the most part, it crashes when using the php mail() function. Any suggestions at all are welcomed. I'm willing to try anything at this point. It was all working beautifully until I did a portupgrade of apache and mod_php. I really wish I would've just left it alone. Vonleigh Simmons http://illusionart.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
/var/db/pkg/cups-base-1.1.20.0/+CONTENTS: No such file or directory
Hi folks, I don't know what I have done to cause this, but now every use of the various portutils results in this message: /var/db/pkg/cups-base-1.1.20.0/+CONTENTS: No such file or directory That files does indeed not exist, althoug the directory does and the port is installed. Based on googling I have tried running pkgdb -F and portsdb -u, but it doesn't help. Both run without error. Does anyone have any ideas? pgpjGrMGgjFiR.pgp Description: PGP signature
Re: mini-itx posting.
Greetings, I was told freebsd-hardware@ is the appropriate place to such posting. It's in the archive now. In order not to waste more bandwidth here is the link: http://lists.freebsd.org/pipermail/freebsd-hardware/2004-September/001919.html Good luck, = UNIX, it's a way of life. ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Courier IMAP, MySQL, Postfix and Maildrop
Has anybody setup the combination of Courier IMAP, MySQL, Postfix and Courier Maildrop and managed to get it to work? I am so close I could just scream, but I can not get any of the Courier components to work! I get postfix to query my MySQL database just fine so it will accept recipient mail. However, when I try to get courier maildrop to deliver the mail I get: fuggle# maildrop -d [EMAIL PROTECTED] Invalid user specified. There is no record of it querying the database even though I know I have the maildropmysql.config setup correctly (tabs, no spaces etc). As a matter of fact, it doesn't seem to matter what is in the file and just touching it results in the same thing! I am having the same problem with Courier IMAP, it doesn't seem to read the database either and I have setup authmysqlrc appropriately as well and placed authmysql at the front of the authmodulelist. Does anybody have any ideas what I should look for to solve this problem? It is truly maddening. Thanks in advance, Tom Veldhouse signature.asc Description: OpenPGP digital signature
Re: Which Laser Printer for FreeBSD
On Friday 17 September 2004 08:40 am, Martin Moeller wrote: I'm planning to buy a new printer, because the results with my Canon S500 are total crap. I guess a laser printer is the best choice for Unix, and I'm wondering which one I should buy. I'm using an HP LaserJet 1200 with an additional 64MB of generic memory, being fed PostScript via USB by CUPS on my FreeBSD server. Setup took all of about 5 minutes, and the print quality is flawless. -- Kirk Strauser pgpEp27K30uyB.pgp Description: PGP signature
Re: Which Laser Printer for FreeBSD
- Original Message - From: Kirk Strauser [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, September 18, 2004 1:04 AM Subject: Re: Which Laser Printer for FreeBSD On Friday 17 September 2004 08:40 am, Martin Moeller wrote: I'm planning to buy a new printer, because the results with my Canon S500 are total crap. I guess a laser printer is the best choice for Unix, and I'm wondering which one I should buy. I'm using an HP LaserJet 1200 with an additional 64MB of generic memory, being fed PostScript via USB by CUPS on my FreeBSD server. Setup took all of about 5 minutes, and the print quality is flawless. -- Kirk Strauser Any old LaserJet (the III, 4 or 5 series at 300/600 dpi) that speaks PCL or PS will work quite well, and will take virtually no effort to set up. If you look around, you can find old LaserJets that are being dumped when they're still perfectly fine (and usually come with a full toner cartridge too). -- Matt Emmerton ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
apache chroot or FreeBSD jail ?
Hi, I am planning to restrict apache to a spesific directory. But I am not sure if to install apache in chroot env or making a FreeBSD jail install ( say /usr/jail/freebsd_jail_ip). Which one is recommended for better security ? An artilcele in http://www.haught.org/freebsdapache.php says jail is better that just chroot environment. But I want to be sure to have your opinions about it and want be sure which one is better. Regards, --- Omer Faruk Sen http://www.EnderUNIX.ORG Software Development Team @ Turkey http://www.Faruk.NET For Public key: http://www.enderunix.org/ofsen/ofsen.asc First Turkish FreeBSD book is out! Go check it. Duydunuz mu! Turkiye'nin ilk FreeBSD kitabi cikti. http://www.acikkod.com/freebsd.php ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]