Re: pf rules
hi kalin,
my question is: are you telnet-ing to/from/through this machine with the
specified pf rules?
From: kalin m ka...@el.net
To: freebsd-questions@freebsd.org
Sent: Fri, January 22, 2010 8:12:00 AM
Subject: pf rules
hi all...
doing testing with pf...
how is it possible that if i have these rules below in pf.conf if i do:
telnet that.host.org 25
i get:
Trying xx.xx.xx.xx...
Connected to that.host.org.
Escape character is '^]'.
... etc ...
pf.conf contetns:
tcp_in = { www, https }
ftp_in = { ftp }
udp = { domain, ntp }
ping = echoreq
set skip on lo
scrub in
antispoof for eth0 inet
block in all
pass out all keep state
pass proto udp to any port $udp
pass inet proto icmp all icmp-type $ping keep state
pass in inet proto tcp to any port $tcp_in flags S/SAF synproxy state
pass proto tcp to any port ssh
thanks...
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: GELI file systems unusable after glabel label operations
On Sat, 16 Jan 2010 10:31:22 +0100 Roland Smith rsm...@xs4all.nl wrote: On Sat, Jan 16, 2010 at 12:38:14AM -0600, Scott Bennett wrote: 2) Create the geli device /dev/daXsYP.eli, and then create a label on th= at, yielding /dev/label/bar. [not sure what the utility of this is, since= the label will only appear after the geil provider has been attached] The important point here is that one of the above methods must be us= ed *before* the file system is created and the data loaded into it. Attempt= ing either method *after* data are loaded will result in loss of the data. Maybe not immediately, but since both the filesystem and geom can use the l= ast sector, there will be trouble. :-) The examples in the glabel manpage should how to set up a label correctly. Perhaps this provides a possible recovery method. As you read it, would it be possible to build an altered version of geli(8) that would si= mply use the existing key file without generating a new one to do a geli init operation? If so, it would certainly be worth my trouble to do that. In theory it is possible, I guess. But the salt is 512 bytes long. So it can have 2^512 different values. That is 1.340=C3=9710^154 different values, an= d you'd have to test them all. And by testing I mean use the modified 'geli init' to Why is that stored in the last sector of the device, rather than in the key file? What is the purpose of the key file if not to hold that type of information? generate a key, and then try if the key works, i.e. check if the relevant sector decrypted with that key yields a valid UFS2 superblock. Suppose you wrote a program capable of testing 10^9 keys every second, which sounds like quite alot to me. It would still be running for 2^512/1e9/(3600*24*365) =3D 4.25=C3=9710^137 years! So in practice, this is a hopeless task. And I think that the proper way to nest geoms is too obvious (at least f= or =3D the developers/maintainers) to explicitly list in the handbook. If you know = that geoms store metadata in their last sector, the proper way to nest them i= s to use the different devices for each geom stage, so that each has their = own metadata sector. =20 Well, it wasn't at all obvious to me, and reading the parts that men= tion metadata being written to the last sector suggests, if anything, that lab= eling and encryption are incompatible because both write to the last sector, = i.e., to the *same* sector. The idea of the last sector being different for = the two operations is not at all apparent. Well, it should be different, otherwise they overwrite the same sector. Ipso facto you should nest providers... ...unless, of course, the two had been designed to use different parts of the last sector for their own purposes, but also to avoid damaging the other's data when altering their own. Say you want to have a labeled, encrypted device on /dev/da0s1d. First, you create the label; glabel label =E2=80=90v foo /dev/da0s1d A device /dev/label/foo now appears. This device is one sector smaller than /dev/da0s1d, because the last sector of /dev/da0s1d is used for the glabel metadata. Now we want to create an encrypted device, so we do: geli init -l 256 /dev/label/foo geli attach /dev/label/foo This will create /dev/label/foo.eli. Again, /dev/label/foo.eli is one sector smaller than /dev/label/foo, because the last sector of /dev/label/foo contains the geli metadata. If one uses geli init -l 256 /dev/da0s1d geli attach /dev/da0s1d this will create and attach /dev/da0s1d.eli, but /dev/label/foo will be des= troyed, because 'geli init' overwrites glabel's metadata! Below I've tried to sketch the last sectors of the device, with the extents= of the geom-ed devices and the location of the metadata below. -- /dev/da0s1d ...N-5N-4N-3N-2 N-1N | | | | | | geli |glabel| -- /dev/label/foo --- /dev/label/foo.eli Nested geom devices are the only way to keep the metadata safe. Thanks for the explanation. However, if the key information is stored in the last sector rather than in the key file, then I guess I'm totally confused about how GELI works. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: pf rules
kalin m wrote:
tcp_in = { www, https }
ftp_in = { ftp }
udp = { domain, ntp }
ping = echoreq
set skip on lo
scrub in
antispoof for eth0 inet
block in all
pass out all keep state
pass proto udp to any port $udp
pass inet proto icmp all icmp-type $ping keep state
pass in inet proto tcp to any port $tcp_in flags S/SAF synproxy state
pass proto tcp to any port ssh
To debug pf rules:
- always add direction to the rule, pass or block, add interface to all
rules except default policy, keep state on all pass rules
- group your rules per direction, then per interface
- add log to all rules and watch pflog to see which rule blocks or
passes traffic.
- use keyword quick for any decisive rule
- check the parsing of your ruleset, pfctl -sr
then come back and ask for help.
BR, Erik
--
Erik Nørgaard
Ph: +34.666334818/+34.915211157 http://www.locolomo.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: need help with the last-two-ports!
2010/1/22 Gary Kline kl...@thought.org: On Thu, Jan 21, 2010 at 10:19:29PM +0100, Polytropon wrote: On Thu, 21 Jan 2010 13:07:00 -0800, Gary Kline kl...@thought.org wrote: I have looked for this library to rebuild it; can't find. Anybody know what's going on? Port: nspr-4.6.7 Path: /usr/ports/devel/nspr Info: A platform-neutral API for system level and libc like function This port installs libnspr. Thanks muchly. I'd like to know which pkg_* utility you used to find which port builds what. if there is one! Another question is: Are there any other brosers that offer use of the festival tts app? Konqueror is the only one i know of, altho there are some plugins that are alledged to work ... on linux. I'll stop there:_) gary ps: ff3.5 is rebuilding... . pkg_which works for installed ports... If the port isn't installed, then try this: [ch...@amnesiac]~% echo /usr/ports/*/pkg-plist /usr/ports/*/Makefile | xargs grep libnspr4.so Obviously we need to search the Makefile too because some ports use PLIST_FILES instead of pkg-plist. Unfortunately this doesn't work if the plist is dynamically created... HTH Chris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: pf rules
Erik Norgaard wrote:
kalin m wrote:
tcp_in = { www, https }
ftp_in = { ftp }
udp = { domain, ntp }
ping = echoreq
set skip on lo
scrub in
antispoof for eth0 inet
block in all
pass out all keep state
pass proto udp to any port $udp
pass inet proto icmp all icmp-type $ping keep state
pass in inet proto tcp to any port $tcp_in flags S/SAF synproxy state
pass proto tcp to any port ssh
To debug pf rules:
- always add direction to the rule, pass or block, add interface to all
rules except default policy, keep state on all pass rules
- group your rules per direction, then per interface
- add log to all rules and watch pflog to see which rule blocks or
passes traffic.
- use keyword quick for any decisive rule
- check the parsing of your ruleset, pfctl -sr
then come back and ask for help.
BR, Erik
See sample pf firewall rules in manual
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: pf rules
On 22 January 2010, at 01:45, Erik Norgaard wrote: To debug pf rules: - always add direction to the rule, pass or block, add interface to all rules except default policy, keep state on all pass rules - group your rules per direction, then per interface - add log to all rules and watch pflog to see which rule blocks or passes traffic. - use keyword quick for any decisive rule - check the parsing of your ruleset, pfctl -sr then come back and ask for help. Where do you find the rule information in the pflog output from tcpdump? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: pidgin 2.6.5 login QQ failed
Chad Perrin wrote: On Wed, Jan 20, 2010 at 04:26:07PM +0800, wsk wrote: hi, upgrade all software after upgrade to 8.0. and now found that pidgin login qq failed. any ideas? If you're talking about AIM or ICQ, it seems that AOL has changed the way servers handle logins so that the previous method doesn't exactly work properly any longer. There's a work-around that involves opening up the Edit Account dialog for the AIM or ICQ account in question, clicking on the Advanced tab in that dialog, and unchecking the Use clientLogin checkbox there. The potential security implications of this work-around are still being explored, and the Pidgin people are apparently trying to get AOL to clarify its best practices recommendation for how to handle logins, but in the meantime this work-around might help solve the problem you're having with logins. qq.com is a social networking site and a messaging application that's very big in China. Which means it's basically the biggest in the world... It has it's own chat / IM protocol, nothing to do with AOL. As the OP is installing pidgin 2.6.5 it should work -- there were problems with qq.com making arbitrary protocol changes that affected 2.6.4. Probably best to try asking on a Chinese language mailing list or forum (if you speak the language) as that's where you're most likely to find other users. This one, perhaps: http://www.freebsdchina.org/forum/ Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: SOLVED: WAS: wireless ath - unable to get scan results
Anton Shterenlikht wrote: In a firewall (ipfilter in my case) do I also use wlan0 as an interface, and not ath0? Yes. Same goes for pf -- when matching an interface, it should be one of the list returned by 'ifconfig -l'. You can say, for example 'em' as an interface name on OpenBSD to match all NICs that use em(4), but I'm not sure that works on FreeBSD. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: pf rules
Doug Hardie wrote: On 22 January 2010, at 01:45, Erik Norgaard wrote: To debug pf rules: - always add direction to the rule, pass or block, add interface to all rules except default policy, keep state on all pass rules - group your rules per direction, then per interface - add log to all rules and watch pflog to see which rule blocks or passes traffic. - use keyword quick for any decisive rule - check the parsing of your ruleset, pfctl -sr then come back and ask for help. Where do you find the rule information in the pflog output from tcpdump? a snip: alpha# tcpdump -n -e -i pflog0 tcpdump: WARNING: pflog0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes 11:55:20.910140 rule 81/0(match): block in on vr1: 172.16.1.127.52444 172.16.0.1.23: tcp 44 [bad hdr length 0 - too short, 20] rule 81 blocks. Now, problem is that your rules may be more compact, you'll find the rule with pfctl -sr. Now admittedly, I got: pass in quick on vr1 inet proto udp from 172.16.0.0/23 to local_ip port = secret_service keep state ofcourse, that rule didn't block. But two lines down I found: block return in log quick on vr1 inet from 172.16.0.0/23 to local_ip This makes sence, so why the offset 2? The first line of the output from pfctl -sr is scrub all fragment reassemble that shouldn't count as a rule. And then, if pflog starts counting with 0 while vi counts from 1 that explains it. Yet another reason to check the rules as parsed using pfctl -sr. Anyway, not trying to cut corners is the first step, then add log so you can see whats going on, use quick to avoid some packet fall through and being matched by a different rule than intended, organizes your rules so you can easily separate things out. My rules are grouped together like this: # default policy block all block in log general condition pass in quick some packets keep state block in log quick general condition block out log general condition pass out quick some packets keep state block out log quick general condition # Default policy catch all should never apply block log all the conditions for the pass rules should match those of the first block and then be more specific, say, only apply to one port. Doing so, the pf rule parser will optimize the ruleset. Even if I know that a given rule can only match packets on the vr0 interface, I explicitly state the interface. It makes it clear what's going on. Once the ruleset is debugged and working you can remove the log statements. BR, Erik -- Erik Nørgaard Ph: +34.666334818/+34.915211157 http://www.locolomo.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Invalid partition table after installation
John wrote: On Thu, Jan 21, 2010 at 10:25:26PM +0800, Fbsd1 wrote: John wrote: On Thu, Jan 21, 2010 at 04:38:22PM +0800, Fbsd1 wrote: John wrote: I've tried the modern BIOS geometry and the 255 head geometry. I've ensured that the first slice (boot slice) is smaller than 1.5 Gb. I've tried to figure out what the BIOS thinks the geometry is, but it doesn't seem to want to tell me. At least, I can't find it in the BIOS menu anywhere. When I boot from the CD-ROM with the 255 head geometry, though, it complains about the disk geometry, saying 16h,63s != 255h,63s or something like that - it flies by pretty fast (is there a way to go back and see that from the CD-ROM boot only boot?). I'm using the Standard boot manager, and the entire disk is devoted to FreeBSD. System BIOS version PT84510A.86A.2004.P05 Processor Type: Intel Pentium 4 Processor speed: 2.20Ghz Memory: 512Mb Disk: Primary IDE Master ST380021A (Seagate Barracuda ATA IV 80Gb) Primary IDE Slave: IOMega ZIP 250 Secondary IDE Master: Sony CD-RW CRX19 (what I boot from to install) Secondary IDE Slave: DVD-ROM DDU1621 Boot sequence: 1) ATAPI CD-ROM 2) Hard Drive 3) Removable Dev. Modern BIOS geometry: 155061/16/63 for ad0 calculated geometry: 9729/255/63 for ad0 ad0s1 start=63, size=2875572 ad0s2 start=2875635, size=10217340 ad0s3 start=13092975, size=143203410 unus start=156296384, size=5103 ad0s1a / 384Mb ad0s1d /usr 1Gb ad0s2b SWAP 1Gb ad0s2d /tmp 384Mb ad0s2e /var 512Mb ad0s2f /var/mail 2Gb ad0s2g /usr/ports 1Gb ad0s3d /home/mysql 4Gb ad0s3e /home 50Gb ad0s3f /usr/src 3Gb ad0s3g /usr/obj 3Gb ad0s3h /extra 8483Mb Suggestions, please? I'm making zero headway right now. :( What version of FreeBSD are you running Well, yes, I suppose that would be a good bit of information! What I'm *TRYING* to run is 8.0. It seems to install successfully (of course - after doing all that), but then when I try to boot from the hard drive, I see an otherwise-blank screen that says: Invalid partition table and that's as far as it goes! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org There are reports of this sort of thing caused by 8.0 fdisk when doing a install from scratch over a hard drive that all ready has an older version of Freebsd installed on it. The solution is to force the scratching of the MBR on the disk first before running sysinstall fdisk. Boot a LiveFS CD, then at a root prompt do: sysctl kern.geom.debugflags=16 and: dd if=/dev/zero of=/dev/adx oseek=1 bs=512 count=1 where x equals your drive number. OK. I did exactly that. I confirmed that the second 512 bytes were zero by doing a dd if/dev/ad0 bs=512 count=2 | od -c and everything from 001000 through 002000 was zero. But I still got Invalid partition table after the installation. I guess I should set up one of my other systems as a local mirror. I've done the installation so many time already, and it looks like I'm not done yet! On the 8.0 fdisk/MBR subject. Doing dd if=/dev/zero of=/dev/adx oseek=1 bs=512 count=1 was the solution from another post to the list with subject 'SunFire X2100 fails'. Here is another post that gives more details http://www.freebsd.org/cgi/getmsg.cgi?fetch=322687+326879+/usr/local/ www/db/text/2009/freebsd-questions/20091227.freebsd-questions It seems in 8.0 gpart was introduced and a change was made to fdisk to support its sector o mbr format. 8.0 fdisk and disklabel are now broken. Searching the list archives may shed more light on your problem. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Re: xdm and xdmcp
On Thu, Jan 21, 2010 at 11:30:47PM +0200, Manolis Kiagias wrote: On 21/01/2010 8:54 μ.μ., rhin...@postmail.ch wrote: modifying Xaccess, starting xdm with parameter udpPort 177. The command netstat -a never indicates that a process is listening on that port. The notes in Xaccess seem to indicate that when a LISTEN line is not present, it works like LISTEN * I found this to be false. Please insert a LISTEN line with your IP address, i.e. LISTEN 10.14.28.10 With wdm, the listening is possible but I cannot start the X server even if the server alone is perfectly working and if it is correctly started by xdm. I don't want to use kdm or gdm since they are too heavy (almost all kde and gnome should be installed with them). Thanks, this was the correct point. I have added the LISTEN 0.0.0.0 directive in Xaccess file and it works. xdm is perfect for me, I have just tried wdm since I was not able to make xdm work like I wanted. Thanks for the help. Alain Aubord ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to activate French locale ?
On 01/21/10 17:40, Frank Wißmann wrote: Frank Bonnet schrieb: Hello The question is in the subject :-) Thanks a lot ___ Hi! You may want to set setenv LANG fr_FR.ISO8859-15 in your .cshrc. Greetings Frank Hello Thanks for the answer , but I want to do this at server level this machine is an email server used by French clients ( mostly windows and Linux Debian ) thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Invalid partition table after installation
On Fri, Jan 22, 2010 at 08:16:59PM +0800, Fbsd1 wrote: John wrote: On Thu, Jan 21, 2010 at 10:25:26PM +0800, Fbsd1 wrote: John wrote: On Thu, Jan 21, 2010 at 04:38:22PM +0800, Fbsd1 wrote: John wrote: I've tried the modern BIOS geometry and the 255 head geometry. I've ensured that the first slice (boot slice) is smaller than 1.5 Gb. I've tried to figure out what the BIOS thinks the geometry is, but it doesn't seem to want to tell me. At least, I can't find it in the BIOS menu anywhere. When I boot from the CD-ROM with the 255 head geometry, though, it complains about the disk geometry, saying 16h,63s != 255h,63s or something like that - it flies by pretty fast (is there a way to go back and see that from the CD-ROM boot only boot?). I'm using the Standard boot manager, and the entire disk is devoted to FreeBSD. System BIOS version PT84510A.86A.2004.P05 Processor Type: Intel Pentium 4 Processor speed: 2.20Ghz Memory: 512Mb Disk: Primary IDE Master ST380021A (Seagate Barracuda ATA IV 80Gb) Primary IDE Slave: IOMega ZIP 250 Secondary IDE Master: Sony CD-RW CRX19 (what I boot from to install) Secondary IDE Slave: DVD-ROM DDU1621 Boot sequence: 1) ATAPI CD-ROM 2) Hard Drive 3) Removable Dev. Modern BIOS geometry: 155061/16/63 for ad0 calculated geometry: 9729/255/63 for ad0 ad0s1 start=63, size=2875572 ad0s2 start=2875635, size=10217340 ad0s3 start=13092975, size=143203410 unus start=156296384, size=5103 ad0s1a / 384Mb ad0s1d /usr 1Gb ad0s2b SWAP 1Gb ad0s2d /tmp 384Mb ad0s2e /var 512Mb ad0s2f /var/mail 2Gb ad0s2g /usr/ports 1Gb ad0s3d /home/mysql 4Gb ad0s3e /home 50Gb ad0s3f /usr/src 3Gb ad0s3g /usr/obj 3Gb ad0s3h /extra 8483Mb Suggestions, please? I'm making zero headway right now. :( What version of FreeBSD are you running Well, yes, I suppose that would be a good bit of information! What I'm *TRYING* to run is 8.0. It seems to install successfully (of course - after doing all that), but then when I try to boot from the hard drive, I see an otherwise-blank screen that says: Invalid partition table and that's as far as it goes! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org There are reports of this sort of thing caused by 8.0 fdisk when doing a install from scratch over a hard drive that all ready has an older version of Freebsd installed on it. The solution is to force the scratching of the MBR on the disk first before running sysinstall fdisk. Boot a LiveFS CD, then at a root prompt do: sysctl kern.geom.debugflags=16 and: dd if=/dev/zero of=/dev/adx oseek=1 bs=512 count=1 where x equals your drive number. OK. I did exactly that. I confirmed that the second 512 bytes were zero by doing a dd if/dev/ad0 bs=512 count=2 | od -c and everything from 001000 through 002000 was zero. But I still got Invalid partition table after the installation. I guess I should set up one of my other systems as a local mirror. I've done the installation so many time already, and it looks like I'm not done yet! On the 8.0 fdisk/MBR subject. Doing dd if=/dev/zero of=/dev/adx oseek=1 bs=512 count=1 was the solution from another post to the list with subject 'SunFire X2100 fails'. Here is another post that gives more details http://www.freebsd.org/cgi/getmsg.cgi?fetch=322687+326879+/usr/local/ www/db/text/2009/freebsd-questions/20091227.freebsd-questions It seems in 8.0 gpart was introduced and a change was made to fdisk to support its sector o mbr format. 8.0 fdisk and disklabel are now broken. Searching the list archives may shed more light on your problem. Hmmm. This seems to describe a case where fdisk fails to change the slice table. That is definitely not my case. The changes certainly get made. The next time I go to retry the installation, it has the information I gave it the previous time. I suppose it is possible that it is putting it (and reading it) in the wrong location, which is why the MBR throws up. The problem is that I have a finite (and smallish) amount of time in which to solve this. It seems like the most expedient route forward at this point may be to try to install 7.2 and see how that goes. -- John Lind j...@starfire.mn.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to activate French locale ?
On 01/22/10 14:10, Frank Bonnet wrote: On 01/21/10 17:40, Frank Wißmann wrote: Frank Bonnet schrieb: Hello The question is in the subject :-) Thanks a lot ___ Hi! You may want to set setenv LANG fr_FR.ISO8859-15 in your .cshrc. Greetings Frank Hello Thanks for the answer , but I want to do this at server level this machine is an email server used by French clients ( mostly windows and Linux Debian ) thanks The server is accessed thru imap ou pop3 protocols, nobody has local server access. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: pf rules
On 1/22/10, kalin m ka...@el.net wrote:
hi all...
doing testing with pf...
how is it possible that if i have these rules below in pf.conf if i do:
telnet that.host.org 25
i get:
Trying xx.xx.xx.xx...
Connected to that.host.org.
Escape character is '^]'.
... etc ...
pf.conf contetns:
tcp_in = { www, https }
ftp_in = { ftp }
udp = { domain, ntp }
ping = echoreq
set skip on lo
scrub in
antispoof for eth0 inet
block in all
pass out all keep state
pass proto udp to any port $udp
pass inet proto icmp all icmp-type $ping keep state
pass in inet proto tcp to any port $tcp_in flags S/SAF synproxy state
pass proto tcp to any port ssh
pfctl -s info
Look for the fact it says Enabled (near the top of the screen)
and you're blocking inbound all, but since you're passing out all,
telnetting out will work. You aren't very clear on which side you
have the pf loaded on, the email indicates it's the client-side you
have pf enabled. Please clarify.
--TJ
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Invalid partition table after installation
On Fri, Jan 22, 2010 at 06:36:14AM -0600, John wrote: On Fri, Jan 22, 2010 at 08:16:59PM +0800, Fbsd1 wrote: John wrote: On Thu, Jan 21, 2010 at 10:25:26PM +0800, Fbsd1 wrote: John wrote: On Thu, Jan 21, 2010 at 04:38:22PM +0800, Fbsd1 wrote: John wrote: I've tried the modern BIOS geometry and the 255 head geometry. I've ensured that the first slice (boot slice) is smaller than 1.5 Gb. I've tried to figure out what the BIOS thinks the geometry is, but it doesn't seem to want to tell me. At least, I can't find it in the BIOS menu anywhere. When I boot from the CD-ROM with the 255 head geometry, though, it complains about the disk geometry, saying 16h,63s != 255h,63s or something like that - it flies by pretty fast (is there a way to go back and see that from the CD-ROM boot only boot?). I'm using the Standard boot manager, and the entire disk is devoted to FreeBSD. System BIOS version PT84510A.86A.2004.P05 Processor Type: Intel Pentium 4 Processor speed: 2.20Ghz Memory: 512Mb Disk: Primary IDE Master ST380021A (Seagate Barracuda ATA IV 80Gb) Primary IDE Slave: IOMega ZIP 250 Secondary IDE Master: Sony CD-RW CRX19 (what I boot from to install) Secondary IDE Slave: DVD-ROM DDU1621 Boot sequence: 1) ATAPI CD-ROM 2) Hard Drive 3) Removable Dev. Modern BIOS geometry: 155061/16/63 for ad0 calculated geometry: 9729/255/63 for ad0 ad0s1 start=63, size=2875572 ad0s2 start=2875635, size=10217340 ad0s3 start=13092975, size=143203410 unus start=156296384, size=5103 ad0s1a / 384Mb ad0s1d /usr 1Gb ad0s2b SWAP 1Gb ad0s2d /tmp 384Mb ad0s2e /var 512Mb ad0s2f /var/mail 2Gb ad0s2g /usr/ports 1Gb ad0s3d /home/mysql 4Gb ad0s3e /home 50Gb ad0s3f /usr/src 3Gb ad0s3g /usr/obj 3Gb ad0s3h /extra 8483Mb Suggestions, please? I'm making zero headway right now. :( What version of FreeBSD are you running Well, yes, I suppose that would be a good bit of information! What I'm *TRYING* to run is 8.0. It seems to install successfully (of course - after doing all that), but then when I try to boot from the hard drive, I see an otherwise-blank screen that says: Invalid partition table and that's as far as it goes! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org There are reports of this sort of thing caused by 8.0 fdisk when doing a install from scratch over a hard drive that all ready has an older version of Freebsd installed on it. The solution is to force the scratching of the MBR on the disk first before running sysinstall fdisk. Boot a LiveFS CD, then at a root prompt do: sysctl kern.geom.debugflags=16 and: dd if=/dev/zero of=/dev/adx oseek=1 bs=512 count=1 where x equals your drive number. OK. I did exactly that. I confirmed that the second 512 bytes were zero by doing a dd if/dev/ad0 bs=512 count=2 | od -c and everything from 001000 through 002000 was zero. But I still got Invalid partition table after the installation. I guess I should set up one of my other systems as a local mirror. I've done the installation so many time already, and it looks like I'm not done yet! On the 8.0 fdisk/MBR subject. Doing dd if=/dev/zero of=/dev/adx oseek=1 bs=512 count=1 was the solution from another post to the list with subject 'SunFire X2100 fails'. Here is another post that gives more details http://www.freebsd.org/cgi/getmsg.cgi?fetch=322687+326879+/usr/local/ www/db/text/2009/freebsd-questions/20091227.freebsd-questions It seems in 8.0 gpart was introduced and a change was made to fdisk to support its sector o mbr format. 8.0 fdisk and disklabel are now broken. Searching the list archives may shed more light on your problem. Hmmm. This seems to describe a case where fdisk fails to change the slice table. That is definitely not my case. The changes certainly get made. The next time I go to retry the installation, it has the information I gave it the previous time. I suppose it is possible that it is putting it (and reading it) in the wrong location, which is why the MBR throws up. The problem is that I have a finite (and smallish) amount of time in which to solve this. It seems like the most expedient route forward at this point may be to try to install 7.2 and see how that goes. OK - well, I just tried with 7.2. I got exactly the same results. After what seems like a successful installation, I try to boot from the hard disk and get Invalid partition table. Should I try Boot Manager? Could that make a difference? Is it possible that this combination of BIOS, processor, disk drive, etc., just isn't going to to
Re: Cannot boot FreeBSD (8.0) from USB stick (Dell Inspiron 9400)
Christoph Kukulies wrote: Fbsd1 schrieb: Christoph Kukulies wrote: I installed FreeBSD 8.0 on an USB-stick and was able to boot it on my Desktop PC and install 8.0 from it. DO YOU MEAN YOU INSTALLED THE 8.0 ISO ON A USB STICK. BOOTED FROM IT AS INSTALL SOURCE AND INSTALLED 8.0 ON A DESKTOP PC TO THE MOTHERBOARD CABLED HARD DRIVE??? OR DO YOU MEAN YOU INSTALLED 8.0 ON A DESKTOP PC TO ANOTHER USB STICK??? Now I plugged the same stick into my Dell Inspiron 9400 and the USB stick (2GB) is not even listed in the F12 Bios boot menu. YOU MEAN YOU PLUGGED THE STICK WITH THE ISO INSTALLED ON IT THAT THE DESKTOP BOOTED FROM??? Any clues? -- Christoph Older pc's have bios which do not have option to boot from USB stick. I think that is so in your case. Check mfg website for bios update. If not you are SOL. (shit outof luck) I can boot USB sticks in general from that notebook/BIOS. That Dell 9400 isn't that old. Today I tried an another USB stick (16GB) an Ubuntu 9.04 boot image and it worked fine. I saw the boot device under F12 in the bootable device menu. It's definitely not the BIOS. Could be some partition problem (active partition?). Why is it part #4 btw, that FreeBSD resides in and not part #1 ? LETS NOT GET CONFUSED WITH MSDOS /FREEBSD TERMS. IN FREEBSD A SLICE IS WHAT MSDOS CALLS A PARTITION. IN FREEBSD A PARTITION IS A FILE SYSTEM SUCH AS /, /USR, /VAR WITH IN THE SLICE. A SLICE IS MARKED AS ACTIVE MEANING ITS BOOTABLE. THE MBR (MASTER BOOT RECORD)PARTITION TABLE IS REALLY FREEBSD SLICE TABLE. FROM YOUR STATEMENT ABOVE YOU HAVE A MOTHERBOARD CABLED HARD DRIVE WITH 4 PARTITIONS/SLICES DEFINED IN THE MBR PARTITION TABLE. THE FIRST 3 PARTITIONS COULD BE HOLDING OTHER OPERATING SYSTEMS THAT YOU MAY WANT TO BOOT FROM. IS THIS CORRECT? I followed some FreeBSD howto, if I'm not wrong, to bring the ISO to the USB stick. Think it was a tool from HP to write it to the stick. -- Christoph Here is some thing for you to check. When you plug your USB stick into a running freebsd system a bunch of messages are printed on the root console. One of those messages contain the Revision level of the 2.0 standard used by the micro code in the usb stick. I have found through testing different non-branded and branded sticks that the Revision level makes a very large difference in whether you can boot from the stick. Sticks that show Rev 2.00/0.00 or 2.00/1.00 will never boot. Only sticks that show Rev 2.00/2.00 are bootable. Now since only one of my 4 pc's is new enough to have bios option to boot from usb stick I do not know if these results are dependent on my particular Acer TravelMate 4220 pc bios. Please let me know what usb stick Revision levels you can boot from on both your desktop and laptop. I would think if the stick is bootable on desktop it should also boot on the laptop. Here is the script I use to put the disc-1 iso on usb stick so I can use the stick as source media to install from. When booting from usb stick as install source and installing onto another usb stack as the target you have to have both sticks plugged in before booting. When you are in sysinstall fdisk check the stick size to verify you have chosen the correct da stick as target. You can find yourself fdisking your source stick by mistake. If you don't get prompt to chose da0 or da1 before fdisk starts then you have to tell sysinstall to re-probe devices by using options rescan (*) off the main menu, move highlight bar by using arrow keys and hit space bar to rescan. Then you should get prompt containing both da devices before fdisk. I have used this command to to write zeros to the usb stick MBR dd if=/dev/zero of=/dev/da0 count=1 and this command to display the MBR dd if=/dev/da0 count=1 | od -c I also notice that fdisk does not allocate space on usb sticks as i would expect. It always allocates a free space before and after the full stick single slice. It also never get the size of the stick correct. A 2GB stick is shown as 1.7GB and 4GB stick is shown as 3.7GB. Do you see the same thing happening with your usb sticks? #!/bin/sh #Purpose = Use to transfer the FreeBSD install cd1 to # a bootable 1GB USB flash drive so it can be used to install from. # First fetch the FreeBSD 7.1-RELEASE-i386-disc1.iso to your # hard drive /usr. Then execute this script from the command line # fbsd2usb /usr/7.1-RELEASE-i386-disc1.iso /usr/7.1-RELEASE-i386-disc1.img # Change system bios to boot from USB-dd and away you go. # NOTE: This script has to be run from root and your 1GB USB flash drive # has to be plugged in before running this script. # On the command line enter fbsd2usb iso-path img-path # You can set some variables here. Edit them to fit your needs. # Set serial variable to 0 if you don't want serial console at all, # 1 if you want comconsole and 2 if you want comconsole and vidconsole serial=0 set -u if [ $# -lt 2 ]; then echo
Re: pf rules
On Fri, Jan 22, 2010 at 8:12 AM, kalin m ka...@el.net wrote: how is it possible that if i have these rules below in pf.conf if i do: telnet that.host.org 25 i get: Trying xx.xx.xx.xx... Connected to that.host.org. Escape character is '^]'. you probably don't load pf. pfctl -sa | grep Status echo 'pf_enable=YES' etc/rc.conf /etc/rc.d/pf restart -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Where is portsnap ?
Hello, I use freebsd for several years and I appreciate portsnap but it doesn't seem to be on the current port tree anymore … Can you tell me what is happening with him? Anyway thank you for your so useful work. Best regards, Bernard de Joly Lasserre d'Amour 32250 Montréal du Gers Téléphone 09 53 79 84 21 http://www.gers.net/b.dejoly/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Where is portsnap ?
On Jan 22, 2010, at 8:39 AM, Bernard de Joly wrote: Hello, I use freebsd for several years and I appreciate portsnap but it doesn't seem to be on the current port tree anymore … Can you tell me what is happening with him? Anyway thank you for your so useful work. Best regards, Bernard de Joly Lasserre d'Amour 32250 Montréal du Gers Téléphone 09 53 79 84 21 http://www.gers.net/b.dejoly/ ___ It is part of the base. As of 6.3, I think. Regards, Mikel King CEO, Olivent Technologies Senior Editor, BSD News Network Columnist, BSD Magazine 6 Alpine Court, Medford, NY 11763 o: 631.627.3055 c: 631.796.1499 skype:mikel.king http://olivent.com http://mikelking.com http://twitter.com/mikelking ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
make delete-old make delete-old-libs
I had a system that was royally borked after upgrading and completing these steps a few years ago. Ever since I have always skipped these steps. Has anyone else experienced any issues with these two steps? Cheers, Mikel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Invalid partition table after installation
John wrote: On Fri, Jan 22, 2010 at 06:36:14AM -0600, John wrote: On Fri, Jan 22, 2010 at 08:16:59PM +0800, Fbsd1 wrote: John wrote: On Thu, Jan 21, 2010 at 10:25:26PM +0800, Fbsd1 wrote: John wrote: On Thu, Jan 21, 2010 at 04:38:22PM +0800, Fbsd1 wrote: John wrote: I've tried the modern BIOS geometry and the 255 head geometry. I've ensured that the first slice (boot slice) is smaller than 1.5 Gb. I've tried to figure out what the BIOS thinks the geometry is, but it doesn't seem to want to tell me. At least, I can't find it in the BIOS menu anywhere. When I boot from the CD-ROM with the 255 head geometry, though, it complains about the disk geometry, saying 16h,63s != 255h,63s or something like that - it flies by pretty fast (is there a way to go back and see that from the CD-ROM boot only boot?). I'm using the Standard boot manager, and the entire disk is devoted to FreeBSD. System BIOS version PT84510A.86A.2004.P05 Processor Type: Intel Pentium 4 Processor speed: 2.20Ghz Memory: 512Mb Disk: Primary IDE Master ST380021A (Seagate Barracuda ATA IV 80Gb) Primary IDE Slave: IOMega ZIP 250 Secondary IDE Master: Sony CD-RW CRX19 (what I boot from to install) Secondary IDE Slave: DVD-ROM DDU1621 Boot sequence: 1) ATAPI CD-ROM 2) Hard Drive 3) Removable Dev. Modern BIOS geometry: 155061/16/63 for ad0 calculated geometry: 9729/255/63 for ad0 ad0s1 start=63, size=2875572 ad0s2 start=2875635, size=10217340 ad0s3 start=13092975, size=143203410 unus start=156296384, size=5103 ad0s1a / 384Mb ad0s1d /usr 1Gb ad0s2b SWAP 1Gb ad0s2d /tmp 384Mb ad0s2e /var 512Mb ad0s2f /var/mail 2Gb ad0s2g /usr/ports 1Gb ad0s3d /home/mysql 4Gb ad0s3e /home 50Gb ad0s3f /usr/src 3Gb ad0s3g /usr/obj 3Gb ad0s3h /extra 8483Mb Suggestions, please? I'm making zero headway right now. :( What version of FreeBSD are you running Well, yes, I suppose that would be a good bit of information! What I'm *TRYING* to run is 8.0. It seems to install successfully (of course - after doing all that), but then when I try to boot from the hard drive, I see an otherwise-blank screen that says: Invalid partition table and that's as far as it goes! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org There are reports of this sort of thing caused by 8.0 fdisk when doing a install from scratch over a hard drive that all ready has an older version of Freebsd installed on it. The solution is to force the scratching of the MBR on the disk first before running sysinstall fdisk. Boot a LiveFS CD, then at a root prompt do: sysctl kern.geom.debugflags=16 and: dd if=/dev/zero of=/dev/adx oseek=1 bs=512 count=1 where x equals your drive number. OK. I did exactly that. I confirmed that the second 512 bytes were zero by doing a dd if/dev/ad0 bs=512 count=2 | od -c and everything from 001000 through 002000 was zero. But I still got Invalid partition table after the installation. I guess I should set up one of my other systems as a local mirror. I've done the installation so many time already, and it looks like I'm not done yet! On the 8.0 fdisk/MBR subject. Doing dd if=/dev/zero of=/dev/adx oseek=1 bs=512 count=1 was the solution from another post to the list with subject 'SunFire X2100 fails'. Here is another post that gives more details http://www.freebsd.org/cgi/getmsg.cgi?fetch=322687+326879+/usr/local/ www/db/text/2009/freebsd-questions/20091227.freebsd-questions It seems in 8.0 gpart was introduced and a change was made to fdisk to support its sector o mbr format. 8.0 fdisk and disklabel are now broken. Searching the list archives may shed more light on your problem. Hmmm. This seems to describe a case where fdisk fails to change the slice table. That is definitely not my case. The changes certainly get made. The next time I go to retry the installation, it has the information I gave it the previous time. I suppose it is possible that it is putting it (and reading it) in the wrong location, which is why the MBR throws up. The problem is that I have a finite (and smallish) amount of time in which to solve this. It seems like the most expedient route forward at this point may be to try to install 7.2 and see how that goes. OK - well, I just tried with 7.2. I got exactly the same results. After what seems like a successful installation, I try to boot from the hard disk and get Invalid partition table. Should I try Boot Manager? Could that make a difference? Is it possible that this combination of BIOS, processor, disk drive, etc., just isn't going to to do for me? I can't just keep throwing hours at this problem. Something is wrong with the MBR. Do dd if=/dev/zero of=/dev/ad0 count=1 to blank out the MBR THEN Do you have a bootable win98 cd or floppy that contains the msdos fdisk pgm. If so boot that and fdisk the hard drive. If
Re: Invalid partition table after installation (GOOD NEWS!)
On Fri, Jan 22, 2010 at 07:27:56AM -0600, John wrote: On Fri, Jan 22, 2010 at 06:36:14AM -0600, John wrote: On Fri, Jan 22, 2010 at 08:16:59PM +0800, Fbsd1 wrote: John wrote: On Thu, Jan 21, 2010 at 10:25:26PM +0800, Fbsd1 wrote: John wrote: On Thu, Jan 21, 2010 at 04:38:22PM +0800, Fbsd1 wrote: John wrote: I've tried the modern BIOS geometry and the 255 head geometry. I've ensured that the first slice (boot slice) is smaller than 1.5 Gb. I've tried to figure out what the BIOS thinks the geometry is, but it doesn't seem to want to tell me. At least, I can't find it in the BIOS menu anywhere. When I boot from the CD-ROM with the 255 head geometry, though, it complains about the disk geometry, saying 16h,63s != 255h,63s or something like that - it flies by pretty fast (is there a way to go back and see that from the CD-ROM boot only boot?). I'm using the Standard boot manager, and the entire disk is devoted to FreeBSD. System BIOS version PT84510A.86A.2004.P05 Processor Type: Intel Pentium 4 Processor speed: 2.20Ghz Memory: 512Mb Disk: Primary IDE Master ST380021A (Seagate Barracuda ATA IV 80Gb) Primary IDE Slave: IOMega ZIP 250 Secondary IDE Master: Sony CD-RW CRX19 (what I boot from to install) Secondary IDE Slave: DVD-ROM DDU1621 Boot sequence: 1) ATAPI CD-ROM 2) Hard Drive 3) Removable Dev. Modern BIOS geometry: 155061/16/63 for ad0 calculated geometry: 9729/255/63 for ad0 ad0s1 start=63, size=2875572 ad0s2 start=2875635, size=10217340 ad0s3 start=13092975, size=143203410 unus start=156296384, size=5103 ad0s1a / 384Mb ad0s1d /usr 1Gb ad0s2b SWAP 1Gb ad0s2d /tmp 384Mb ad0s2e /var 512Mb ad0s2f /var/mail 2Gb ad0s2g /usr/ports 1Gb ad0s3d /home/mysql 4Gb ad0s3e /home 50Gb ad0s3f /usr/src 3Gb ad0s3g /usr/obj 3Gb ad0s3h /extra 8483Mb Suggestions, please? I'm making zero headway right now. :( What version of FreeBSD are you running Well, yes, I suppose that would be a good bit of information! What I'm *TRYING* to run is 8.0. It seems to install successfully (of course - after doing all that), but then when I try to boot from the hard drive, I see an otherwise-blank screen that says: Invalid partition table and that's as far as it goes! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org There are reports of this sort of thing caused by 8.0 fdisk when doing a install from scratch over a hard drive that all ready has an older version of Freebsd installed on it. The solution is to force the scratching of the MBR on the disk first before running sysinstall fdisk. Boot a LiveFS CD, then at a root prompt do: sysctl kern.geom.debugflags=16 and: dd if=/dev/zero of=/dev/adx oseek=1 bs=512 count=1 where x equals your drive number. OK. I did exactly that. I confirmed that the second 512 bytes were zero by doing a dd if/dev/ad0 bs=512 count=2 | od -c and everything from 001000 through 002000 was zero. But I still got Invalid partition table after the installation. I guess I should set up one of my other systems as a local mirror. I've done the installation so many time already, and it looks like I'm not done yet! On the 8.0 fdisk/MBR subject. Doing dd if=/dev/zero of=/dev/adx oseek=1 bs=512 count=1 was the solution from another post to the list with subject 'SunFire X2100 fails'. Here is another post that gives more details http://www.freebsd.org/cgi/getmsg.cgi?fetch=322687+326879+/usr/local/ www/db/text/2009/freebsd-questions/20091227.freebsd-questions It seems in 8.0 gpart was introduced and a change was made to fdisk to support its sector o mbr format. 8.0 fdisk and disklabel are now broken. Searching the list archives may shed more light on your problem. Hmmm. This seems to describe a case where fdisk fails to change the slice table. That is definitely not my case. The changes certainly get made. The next time I go to retry the installation, it has the information I gave it the previous time. I suppose it is possible that it is putting it (and reading it) in the wrong location, which is why the MBR throws up. The problem is that I have a finite (and smallish) amount of time in which to solve this. It seems like the most expedient route forward at this point may be to try to install 7.2 and see how that goes. OK - well, I just tried with 7.2. I got exactly the same results. After what seems like a successful installation, I try to boot from the
Securing cgi scripts
Good morning all, I have been working on an issue here where I am being asked if we can support letting clients install and run their own CGI scripts on a shared vhost. I have tried sbox and cgiwrap, both which worked, but they cannot stop the one test of reading the /etc/passwd file. Forgive my ignorance here, but I thought CGIs were gone long ago and have not messed with them in over ten years. If a client really needs a specfic CGI script hosted, I check it out thoroughly and install it where they cannot reach it. Those instances are very very rare. It looks to me like the only way to keep a client contained is to run their CGIs chrooted. Would this be correct? DAve -- Posterity, you will know how much it cost the present generation to preserve your freedom. I hope you will make good use of it. If you do not, I shall repent in heaven that ever I took half the pains to preserve it. John Adams http://appleseedinfo.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
polkit-0.95_3: update fails
I try to update ports via 'portmaster -av' on a regular basis and ran into a sticky problem with poolkit and docbook I'm incapable to solve. Error message follows. Does anybody has any hint or tip? Please email me in CC. Regards, Oliver === Starting build for for ports that need updating === === Launching child to update polkit-0.95_3 === Port directory: /usr/ports/sysutils/polkit === Starting check for build dependencies === Gathering dependency list for sysutils/polkit from ports === Starting dependency check === Checking dependency: devel/eggdbus === Checking dependency: devel/gettext === Checking dependency: devel/glib20 === Checking dependency: devel/gmake === Checking dependency: devel/gobject-introspection === Checking dependency: devel/pkg-config === Checking dependency: textproc/docbook-410 === Launching child to update textproc/docbook-410 polkit-0.95_3 textproc/docbook-410 === Port directory: /usr/ports/textproc/docbook-410 === Starting check for build dependencies === Gathering dependency list for textproc/docbook-410 from ports === Starting dependency check === Checking dependency: archivers/unzip === Dependency check complete for textproc/docbook-410 polkit-0.95_3 textproc/docbook-410 === Cleaning for docbook-4.1_3 === Vulnerability check disabled, database not found === Extracting for docbook-4.1_3 = MD5 Checksum OK for docbk41.zip. = SHA256 Checksum OK for docbk41.zip. === docbook-4.1_3 depends on file: /usr/local/bin/unzip - found === Patching for docbook-4.1_3 === Configuring for docbook-4.1_3 === Starting check for runtime dependencies === Gathering dependency list for textproc/docbook-410 from ports === Starting dependency check === Checking dependency: textproc/iso8879 === Launching child to update textproc/iso8879 polkit-0.95_3 textproc/docbook-410 textproc/iso8879 === Port directory: /usr/ports/textproc/iso8879 === Starting check for build dependencies === Gathering dependency list for textproc/iso8879 from ports === Starting dependency check === Checking dependency: archivers/unzip === Dependency check complete for textproc/iso8879 polkit-0.95_3 textproc/docbook-410 textproc/iso8879 === Cleaning for iso8879-1986_2 === Vulnerability check disabled, database not found === Extracting for iso8879-1986_2 = MD5 Checksum OK for isoENTS.zip. = SHA256 Checksum OK for isoENTS.zip. === Patching for iso8879-1986_2 === iso8879-1986_2 depends on executable: unzip - found === Configuring for iso8879-1986_2 === Starting check for runtime dependencies === Gathering dependency list for textproc/iso8879 from ports === Starting dependency check === Checking dependency: textproc/xmlcatmgr === Dependency check complete for textproc/iso8879 polkit-0.95_3 textproc/docbook-410 textproc/iso8879 === Installing for iso8879-1986_2 === Generating temporary packing list xmlcatmgr: entry already exists for `iso8879/catalog' of type `CATALOG' *** Error code 1 Stop in /usr/ports/textproc/iso8879. === Installation of iso8879-1986_2 (textproc/iso8879) failed === Aborting update === Update for textproc/iso8879 failed === Aborting update === Update for textproc/docbook-410 failed === Aborting update === Update for polkit-0.95_3 failed === Aborting update ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Cannot boot FreeBSD (8.0) from USB stick (Dell Inspiron 9400)
I don't know why you shout. (?) Fbsd1 schrieb: Christoph Kukulies wrote: Fbsd1 schrieb: Christoph Kukulies wrote: I installed FreeBSD 8.0 on an USB-stick and was able to boot it on my Desktop PC and install 8.0 from it. DO YOU MEAN YOU INSTALLED THE 8.0 ISO ON A USB STICK. BOOTED FROM IT AS INSTALL SOURCE AND INSTALLED 8.0 ON A DESKTOP PC TO THE MOTHERBOARD CABLED HARD DRIVE??? OR DO YOU MEAN YOU INSTALLED 8.0 ON A DESKTOP PC TO ANOTHER USB STICK??? The former, I copied the 8.0 iso image to an USB stick, booted it and installed it to the desktop PCs hard drive. That was one story. The other point is, that I now wanted to plug this USB stick into my Dell inspiron and install FreeBSD in the same manner to a free partition on my notebooks hard drive. Now I plugged the same stick into my Dell Inspiron 9400 and the USB stick (2GB) is not even listed in the F12 Bios boot menu. YOU MEAN YOU PLUGGED THE STICK WITH THE ISO INSTALLED ON IT THAT THE DESKTOP BOOTED FROM??? Yes, that same stick booted the desktop but is not recognized in the F12 menu of my notebook. Any clues? -- Christoph Older pc's have bios which do not have option to boot from USB stick. I think that is so in your case. Check mfg website for bios update. If not you are SOL. (shit outof luck) I can boot USB sticks in general from that notebook/BIOS. That Dell 9400 isn't that old. Today I tried an another USB stick (16GB) an Ubuntu 9.04 boot image and it worked fine. I saw the boot device under F12 in the bootable device menu. It's definitely not the BIOS. Could be some partition problem (active partition?). Why is it part #4 btw, that FreeBSD resides in and not part #1 ? LETS NOT GET CONFUSED WITH MSDOS /FREEBSD TERMS. IN FREEBSD A SLICE IS WHAT MSDOS CALLS A PARTITION. IN FREEBSD A PARTITION IS A FILE SYSTEM SUCH AS /, /USR, /VAR WITH IN THE SLICE. A SLICE IS MARKED AS ACTIVE MEANING ITS BOOTABLE. THE MBR The FreeBSD fdisk program names it partition. (MASTER BOOT RECORD)PARTITION TABLE IS REALLY FREEBSD SLICE TABLE. FROM YOUR STATEMENT ABOVE YOU HAVE A MOTHERBOARD CABLED HARD DRIVE WITH 4 PARTITIONS/SLICES DEFINED IN THE MBR PARTITION TABLE. THE FIRST 3 PARTITIONS COULD BE HOLDING OTHER OPERATING SYSTEMS THAT YOU MAY WANT TO BOOT FROM. IS THIS CORRECT? Actually, I thought the USB stick had been blanked out before, but I'm nit sure and will look at it again. I followed some FreeBSD howto, if I'm not wrong, to bring the ISO to the USB stick. Think it was a tool from HP to write it to the stick. -- Christoph I will come back with the results of the check below later. -- Christoph !-- scripts deleted-- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: make delete-old make delete-old-libs
mikel king wrote: I had a system that was royally borked after upgrading and completing these steps a few years ago. Ever since I have always skipped these steps. Has anyone else experienced any issues with these two steps? make delete-old-libs can cause you much wailing and gnashing of teeth if you do it too soon, but usually only when you're doing a major version upgrade. In those circumstances, unless you're careful, all or large parts of your software installed from ports will cease to work. Delete the old libraries only once you've finished reinstalling all of your ported software. Major version upgrades are one of the few times when there will be old shlibs to consider deleting, so this is a rare event. make delete-old can theoretically cause you grief if you overwrite bits of the base system from ports and set corresponding WITHOUT_FOO flags in /etc/src.conf. On the whole, having ports overwrite base is something to be avoided unless you have very good reason to do it. Whether this will sting you or not is an interesting question: it depends on developers adding files and directories to the list of old items conditionally on defining WITHOUT_FOO type flags in /etc/src.conf. While this has the intuitively attractive behaviour that doing a buildworld cycle removes the unwanted programs or libraries, unfortunately it doesn't stop there. It will remove your carefully installed ported software the following time you do a buildworld cycle. For this reason, settings in src.conf do not generally affect the list of old files and directories nowadays. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: Invalid partition table after installation (GOOD NEWS!)
On Fri, Jan 22, 2010 at 08:09:50AM -0600, John wrote: On Fri, Jan 22, 2010 at 07:27:56AM -0600, John wrote: On Fri, Jan 22, 2010 at 06:36:14AM -0600, John wrote: On Fri, Jan 22, 2010 at 08:16:59PM +0800, Fbsd1 wrote: John wrote: On Thu, Jan 21, 2010 at 10:25:26PM +0800, Fbsd1 wrote: John wrote: On Thu, Jan 21, 2010 at 04:38:22PM +0800, Fbsd1 wrote: John wrote: I've tried the modern BIOS geometry and the 255 head geometry. I've ensured that the first slice (boot slice) is smaller than 1.5 Gb. I've tried to figure out what the BIOS thinks the geometry is, but it doesn't seem to want to tell me. At least, I can't find it in the BIOS menu anywhere. When I boot from the CD-ROM with the 255 head geometry, though, it complains about the disk geometry, saying 16h,63s != 255h,63s or something like that - it flies by pretty fast (is there a way to go back and see that from the CD-ROM boot only boot?). I'm using the Standard boot manager, and the entire disk is devoted to FreeBSD. System BIOS version PT84510A.86A.2004.P05 Processor Type: Intel Pentium 4 Processor speed: 2.20Ghz Memory: 512Mb Disk: Primary IDE Master ST380021A (Seagate Barracuda ATA IV 80Gb) Primary IDE Slave: IOMega ZIP 250 Secondary IDE Master: Sony CD-RW CRX19 (what I boot from to install) Secondary IDE Slave: DVD-ROM DDU1621 Boot sequence: 1) ATAPI CD-ROM 2) Hard Drive 3) Removable Dev. Modern BIOS geometry: 155061/16/63 for ad0 calculated geometry: 9729/255/63 for ad0 ad0s1 start=63, size=2875572 ad0s2 start=2875635, size=10217340 ad0s3 start=13092975, size=143203410 unus start=156296384, size=5103 ad0s1a / 384Mb ad0s1d /usr 1Gb ad0s2b SWAP 1Gb ad0s2d /tmp 384Mb ad0s2e /var 512Mb ad0s2f /var/mail 2Gb ad0s2g /usr/ports 1Gb ad0s3d /home/mysql 4Gb ad0s3e /home 50Gb ad0s3f /usr/src 3Gb ad0s3g /usr/obj 3Gb ad0s3h /extra 8483Mb Suggestions, please? I'm making zero headway right now. :( What version of FreeBSD are you running Well, yes, I suppose that would be a good bit of information! What I'm *TRYING* to run is 8.0. It seems to install successfully (of course - after doing all that), but then when I try to boot from the hard drive, I see an otherwise-blank screen that says: Invalid partition table and that's as far as it goes! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org There are reports of this sort of thing caused by 8.0 fdisk when doing a install from scratch over a hard drive that all ready has an older version of Freebsd installed on it. The solution is to force the scratching of the MBR on the disk first before running sysinstall fdisk. Boot a LiveFS CD, then at a root prompt do: sysctl kern.geom.debugflags=16 and: dd if=/dev/zero of=/dev/adx oseek=1 bs=512 count=1 where x equals your drive number. OK. I did exactly that. I confirmed that the second 512 bytes were zero by doing a dd if/dev/ad0 bs=512 count=2 | od -c and everything from 001000 through 002000 was zero. But I still got Invalid partition table after the installation. I guess I should set up one of my other systems as a local mirror. I've done the installation so many time already, and it looks like I'm not done yet! On the 8.0 fdisk/MBR subject. Doing dd if=/dev/zero of=/dev/adx oseek=1 bs=512 count=1 was the solution from another post to the list with subject 'SunFire X2100 fails'. Here is another post that gives more details http://www.freebsd.org/cgi/getmsg.cgi?fetch=322687+326879+/usr/local/ www/db/text/2009/freebsd-questions/20091227.freebsd-questions It seems in 8.0 gpart was introduced and a change was made to fdisk to support its sector o mbr format. 8.0 fdisk and disklabel are now broken. Searching the list archives may shed more light on your problem. Hmmm. This seems to describe a case where fdisk fails to change the slice table. That is definitely not my case. The changes certainly get made. The next time I go to retry the installation, it has the information I gave it the previous time. I suppose it is possible that it is putting it (and reading it) in the wrong location, which is why the MBR throws up. The problem is that I have a finite (and smallish) amount of time in which to solve this. It seems like the most expedient route forward at this
Migration planning - old system to new
Now that I've actually gotten the new system to boot, I need to figure out how I'm going to migrate everything - users, data, MySQL, NAT, firewall, apache, DHCP, gateway services BIND, Sendmail, etc., etc from FreeBSD 4.3-RELEASE #0: Thu Jan 22 19:44:16 CST 2004 to FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:48:17 UTC 2009 Bit of a challenge, eh? Not only that, but I'd like to update my UID scheme from a pre-standard version (most of the UIDs are down in the 100s) to the new convention so that I'm more in-line with the rest of the world. My rough idea: 1) Create a migrate account in Wheel with home as /var/migrate so that I can do a dump/restore on home without messing things up 2) Start putting together all the pieces - trying to find update / conversion scripts whenever possible. 3) once things get close, do the dump/retore of home, and a tar/untar of /var/mail (since I'm moving it from a part of the /var filesystem to a filesystem of its own - doing a dump/restore on /var is not a practical migration strategy in any case) 4) Let people move in, try it out, see how things are 5) Fix everything found in #4 6) Try a cut-over and make sure all the network services work in the middle of the night sometime, then switch back 7) Nuke /home and /var/mail and migrate them again to get the latest version 8) Do the real switch 9) spend a couple of weeks fixing all the things that weren't so disastrous that they got picked up in #4. Ideas / scripts / project plans / outlines - whatever? Maybe I should write a chapter for The Complete FreeBSD after surviving this... -- John Lind j...@starfire.mn.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Securing cgi scripts
DAve wrote: Good morning all, I have been working on an issue here where I am being asked if we can support letting clients install and run their own CGI scripts on a shared vhost. I have tried sbox and cgiwrap, both which worked, but they cannot stop the one test of reading the /etc/passwd file. Forgive my ignorance here, but I thought CGIs were gone long ago and have not messed with them in over ten years. If a client really needs a specfic CGI script hosted, I check it out thoroughly and install it where they cannot reach it. Those instances are very very rare. It looks to me like the only way to keep a client contained is to run their CGIs chrooted. Would this be correct? CGI programs run in the OS filesystem context, so there's generally nothing to stop them reading /etc/passwd. They are essentially the same level of risk as an unprivileged user login account. Mind you, pretty exactly the same thing applies if you let your customers supply their own PHP or perl or other programs which run using an interpreter embedded in the apache process: they can access anything accessible to the web server process. I should point out that unprivileged users are *meant* to be able to read /etc/passwd -- it's /etc/master.passwd that has the sensitive stuff in it. In fact, the bigger problem with running CGI programs from a shared webserver is that they generally all run using the same security credentials; those of the web server (www:www by default) -- which potentially lets all your different customers tread on each others toes. suexec(8) is the stock solution to that problem. If you really want to keep your customers properly separated, then send them to jail(8). While giving them each a separate jail with a full install of apache etc. certainly does work, it implies dedicating at least an IP per customer. You could avoid that by still keeping a single apache instance but use something like an fCGI process per customer running each in separate jails hanging off the loopback i/f. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: pidgin 2.6.5 login QQ failed
On Fri, Jan 22, 2010 at 10:49:16AM +, Matthew Seaman wrote: Chad Perrin wrote: On Wed, Jan 20, 2010 at 04:26:07PM +0800, wsk wrote: hi, upgrade all software after upgrade to 8.0. and now found that pidgin login qq failed. any ideas? If you're talking about AIM or ICQ, it seems that AOL has changed the way servers handle logins so that the previous method doesn't exactly work properly any longer. There's a work-around that involves opening up the Edit Account dialog for the AIM or ICQ account in question, clicking on the Advanced tab in that dialog, and unchecking the Use clientLogin checkbox there. The potential security implications of this work-around are still being explored, and the Pidgin people are apparently trying to get AOL to clarify its best practices recommendation for how to handle logins, but in the meantime this work-around might help solve the problem you're having with logins. qq.com is a social networking site and a messaging application that's very big in China. Which means it's basically the biggest in the world... It has it's own chat / IM protocol, nothing to do with AOL. Ah, I didn't realize that such a protocol existed. I thought perhaps all the references to QQ were just that bizarre crying abbreviation that I think originated in the Philippines. My mistake. Feel free to ignore what I said about AIM and ICQ, then. -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] pgpqYZx1oxNt1.pgp Description: PGP signature
posting coding bounties, appropriate money amounts?
Hello I am curious about posting some coding bounties, my current interest revolves around improving the ZVOL functionality in FreeBSD: fixing the known ZVOL SWAP reliability/stability problems as well as making ZVOLs work as a dumpon device (as is already the case in OpenSolaris) for crash dumps. I am a private individual and not some huge Fortune 100 and while I am not exactly rich, I am willing to put some of my personal money towards this. I am curious though, what would be the best way to approach this: directly approaching committer(s) with the know-how-and-why of the areas involved or through the FreeBSD Foundation? And how would one go about calculating the appropriate amount of money for such a thing? Thanks. - Sincerely, Dan Naumov ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Securing cgi scripts
Matthew Seaman wrote: DAve wrote: Good morning all, I have been working on an issue here where I am being asked if we can support letting clients install and run their own CGI scripts on a shared vhost. I have tried sbox and cgiwrap, both which worked, but they cannot stop the one test of reading the /etc/passwd file. Forgive my ignorance here, but I thought CGIs were gone long ago and have not messed with them in over ten years. If a client really needs a specfic CGI script hosted, I check it out thoroughly and install it where they cannot reach it. Those instances are very very rare. It looks to me like the only way to keep a client contained is to run their CGIs chrooted. Would this be correct? CGI programs run in the OS filesystem context, so there's generally nothing to stop them reading /etc/passwd. They are essentially the same level of risk as an unprivileged user login account. Mind you, pretty exactly the same thing applies if you let your customers supply their own PHP or perl or other programs which run using an interpreter embedded in the apache process: they can access anything accessible to the web server process. I should point out that unprivileged users are *meant* to be able to read /etc/passwd -- it's /etc/master.passwd that has the sensitive stuff in it. In fact, the bigger problem with running CGI programs from a shared webserver is that they generally all run using the same security credentials; those of the web server (www:www by default) -- which potentially lets all your different customers tread on each others toes. suexec(8) is the stock solution to that problem. If you really want to keep your customers properly separated, then send them to jail(8). While giving them each a separate jail with a full install of apache etc. certainly does work, it implies dedicating at least an IP per customer. You could avoid that by still keeping a single apache instance but use something like an fCGI process per customer running each in separate jails hanging off the loopback i/f. All understood. I have had the conversation before with the PHB about the accessibility of /etc/passwd and the rest of the system. Our PHP instance is well locked down and they cannot do much harm, but I still have to audit periodically, if just for my own peace of mind. I suspected there was no new tool or wrapper to further secure a CGI process beyond chrooting it or putting the entire site within a it's own jail. But.. I have to look and ask because I WILL be asked if I did. Thanks for the response. DAve -- Posterity, you will know how much it cost the present generation to preserve your freedom. I hope you will make good use of it. If you do not, I shall repent in heaven that ever I took half the pains to preserve it. John Adams http://appleseedinfo.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Cannot boot FreeBSD (8.0) from USB stick (Dell Inspiron 9400)
Here is some more info: The file I copied to the USB stick was ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/ISO-IMAGES/8.0/8.0-RELEASE-i386-memstick.img Actually, I don't remember how I got the image to the USB stick. I believe I used a free tool from HP from within Windows XP. I will try out your method below now. kernel messages at the time usb stick is inserted: ugen4.3: USB 2.0 at usbus4 umass0: USB 2.0 Flash Disk, class 0/0, rev 2.00/1.10, addr 3 on usbus4 umass0: SCSI over Bulk-Only; quirks = 0x umass0:1:0:-1: Attached to scbus1 (probe0:umass-sim0:0:0:0): TEST UNIT READY. CDB: 0 0 0 0 0 0 (probe0:umass-sim0:0:0:0): CAM Status: SCSI Status Error (probe0:umass-sim0:0:0:0): SCSI Status: Check Condition (probe0:umass-sim0:0:0:0): UNIT ATTENTION asc:28,0 (probe0:umass-sim0:0:0:0): Not ready to ready change, medium may have changed (probe0:umass-sim0:0:0:0): Retrying Command (per Sense Data) da0 at umass-sim0 bus 0 target 0 lun 0 da0: USB 2.0 Flash Disk PMAP Removable Direct Access SCSI-0 device da0: 40.000MB/s transfers da0: 1921MB (3935000 512 byte sectors: 255H 63S/T 244C) GEOM: da0: media size does not match label. # # # fdisk /dev/da0 *** Working on device /dev/da0 *** parameters extracted from in-core disklabel are: cylinders=244 heads=255 sectors/track=63 (16065 blks/cyl) /tmp/l12: unmodified, readonly: line 1 kernel messages at the time usb stick is inserted: ugen4.3: USB 2.0 at usbus4 umass0: USB 2.0 Flash Disk, class 0/0, rev 2.00/1.10, addr 3 on usbus4 umass0: SCSI over Bulk-Only; quirks = 0x umass0:1:0:-1: Attached to scbus1 (probe0:umass-sim0:0:0:0): TEST UNIT READY. CDB: 0 0 0 0 0 0 (probe0:umass-sim0:0:0:0): CAM Status: SCSI Status Error (probe0:umass-sim0:0:0:0): SCSI Status: Check Condition (probe0:umass-sim0:0:0:0): UNIT ATTENTION asc:28,0 (probe0:umass-sim0:0:0:0): Not ready to ready change, medium may have changed (probe0:umass-sim0:0:0:0): Retrying Command (per Sense Data) da0 at umass-sim0 bus 0 target 0 lun 0 da0: USB 2.0 Flash Disk PMAP Removable Direct Access SCSI-0 device da0: 40.000MB/s transfers da0: 1921MB (3935000 512 byte sectors: 255H 63S/T 244C) GEOM: da0: media size does not match label. # # # fdisk /dev/da0 *** Working on device /dev/da0 *** parameters extracted from in-core disklabel are: cylinders=244 heads=255 sectors/track=63 (16065 blks/cyl) parameters to be used for BIOS calculations are: cylinders=244 heads=255 sectors/track=63 (16065 blks/cyl) Media sector size is 512 Warning: BIOS sector numbering starts with sector 1 Information from DOS bootblock is: The data for partition 1 is: UNUSED The data for partition 2 is: UNUSED The data for partition 3 is: UNUSED The data for partition 4 is: sysid 165 (0xa5),(FreeBSD/NetBSD/386BSD) start 0, size 5 (24 Meg), flag 80 (active) beg: cyl 0/ head 0/ sector 1; end: cyl 1023/ head 254/ sector 63 # -- Christoph ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
How to troubleshoot a frozen boot sequence
I am doing a test run on a production server. It has 2 hard drives. ad0 (mounted on /disk250 in a single slice plus SWAP) twed0 (mounted on / /var /usr and a SWAP) The twed0 is a hardware mirror and my main drive. ad0 is just for backups. What the issue is, and you probably know where I'm heading. The boot process freezes if I remove the ad0 (to test a drive failure condition) It freezes after saying: BTX boot loader etc. FreeBSD/i386 bootstrap loader 1.1 It spins for a second, then stops... unless I have ad0 in the computer. /boot/kernel/kernel text=0x7b03a0 data=0xcdee0 / And it never gets to the boot menu. So: 1. Should I put a new boot0config on the twed0 drive? If so do I boot from a CD to do that? I need to potentially do something also to my disk labels and my fstab so that I don't boot to single user mode if drive ad0 fails. I haven't done this exact type of thing before, so I am looking for a little help. my fstab: /dev/ad0s1b noneswapsw 0 0 /dev/twed0s1b noneswapsw 0 0 /dev/twed0s1a / ufs rw 1 1 /dev/ad0s1d /disk250ufs rw 2 2 /dev/twed0s1e /tmpufs rw 2 2 /dev/twed0s1f /usrufs rw 2 2 /dev/twed0s1d /varufs rw 2 2 /dev/acd0 /cdrom cd9660 ro,noauto 0 0 I tried to read the MBR from the twed0 drive, and the program couldn't read it. The one from the ad0 drive is readable and I saved a copy of it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Securing cgi scripts
Check out suExec, (assuming you're using Apache)... Please see: http://httpd.apache.org/docs/1.3/mod/core.html#user and/or http://httpd.apache.org/docs/1.3/suexec.html You can make an entire VirtualHost directive run as a different user/group. -- Nathan Vidican nat...@vidican.com On Fri, Jan 22, 2010 at 12:57 PM, DAve dave.l...@pixelhammer.com wrote: Matthew Seaman wrote: DAve wrote: Good morning all, I have been working on an issue here where I am being asked if we can support letting clients install and run their own CGI scripts on a shared vhost. I have tried sbox and cgiwrap, both which worked, but they cannot stop the one test of reading the /etc/passwd file. Forgive my ignorance here, but I thought CGIs were gone long ago and have not messed with them in over ten years. If a client really needs a specfic CGI script hosted, I check it out thoroughly and install it where they cannot reach it. Those instances are very very rare. It looks to me like the only way to keep a client contained is to run their CGIs chrooted. Would this be correct? CGI programs run in the OS filesystem context, so there's generally nothing to stop them reading /etc/passwd. They are essentially the same level of risk as an unprivileged user login account. Mind you, pretty exactly the same thing applies if you let your customers supply their own PHP or perl or other programs which run using an interpreter embedded in the apache process: they can access anything accessible to the web server process. I should point out that unprivileged users are *meant* to be able to read /etc/passwd -- it's /etc/master.passwd that has the sensitive stuff in it. In fact, the bigger problem with running CGI programs from a shared webserver is that they generally all run using the same security credentials; those of the web server (www:www by default) -- which potentially lets all your different customers tread on each others toes. suexec(8) is the stock solution to that problem. If you really want to keep your customers properly separated, then send them to jail(8). While giving them each a separate jail with a full install of apache etc. certainly does work, it implies dedicating at least an IP per customer. You could avoid that by still keeping a single apache instance but use something like an fCGI process per customer running each in separate jails hanging off the loopback i/f. All understood. I have had the conversation before with the PHB about the accessibility of /etc/passwd and the rest of the system. Our PHP instance is well locked down and they cannot do much harm, but I still have to audit periodically, if just for my own peace of mind. I suspected there was no new tool or wrapper to further secure a CGI process beyond chrooting it or putting the entire site within a it's own jail. But.. I have to look and ask because I WILL be asked if I did. Thanks for the response. DAve -- Posterity, you will know how much it cost the present generation to preserve your freedom. I hope you will make good use of it. If you do not, I shall repent in heaven that ever I took half the pains to preserve it. John Adams http://appleseedinfo.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to troubleshoot a frozen boot sequence
To me, it sounds like you have two issues to deal with here: #1 - booting off of the twed0 disk, what is your systems' BIOS currently set to boot from, from the way you describe it's almost as if the system is booting from ad0 - in which case yes, you will have to put a valid boot config onto twed0 #2 - you could add the flag 'noauto' to ad0 from within fstab - this will allow the system to boot without mounting the disk (alleviating the dreaded single-user-mode). Use a startup script in /usr/local/etc/rc.d to then mount the disk if available on bootup. I've done similar setups to this before where we were using external USB drives for backup and weren't 100% sure they'd always be connected in the case a server might be rebooted - worst case, you'll end up with it not mounted, but the system will still be up at least. -- Nathan Vidican nat...@vidican.com On Fri, Jan 22, 2010 at 12:53 PM, Billy Newsom bi...@nlcc.us wrote: I am doing a test run on a production server. It has 2 hard drives. ad0 (mounted on /disk250 in a single slice plus SWAP) twed0 (mounted on / /var /usr and a SWAP) The twed0 is a hardware mirror and my main drive. ad0 is just for backups. What the issue is, and you probably know where I'm heading. The boot process freezes if I remove the ad0 (to test a drive failure condition) It freezes after saying: BTX boot loader etc. FreeBSD/i386 bootstrap loader 1.1 It spins for a second, then stops... unless I have ad0 in the computer. /boot/kernel/kernel text=0x7b03a0 data=0xcdee0 / And it never gets to the boot menu. So: 1. Should I put a new boot0config on the twed0 drive? If so do I boot from a CD to do that? I need to potentially do something also to my disk labels and my fstab so that I don't boot to single user mode if drive ad0 fails. I haven't done this exact type of thing before, so I am looking for a little help. my fstab: /dev/ad0s1b noneswapsw 0 0 /dev/twed0s1b noneswapsw 0 0 /dev/twed0s1a / ufs rw 1 1 /dev/ad0s1d /disk250ufs rw 2 2 /dev/twed0s1e /tmpufs rw 2 2 /dev/twed0s1f /usrufs rw 2 2 /dev/twed0s1d /varufs rw 2 2 /dev/acd0 /cdrom cd9660 ro,noauto 0 0 I tried to read the MBR from the twed0 drive, and the program couldn't read it. The one from the ad0 drive is readable and I saved a copy of it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Securing cgi scripts
Nathan Vidican wrote: Check out suExec, (assuming you're using Apache)... Please see: http://httpd.apache.org/docs/1.3/mod/core.html#user and/or http://httpd.apache.org/docs/1.3/suexec.html You can make an entire VirtualHost directive run as a different user/group. A more up to date version :) http://httpd.apache.org/docs/2.2/suexec.html Also have a look at itk, http://mpm-itk.sesse.net/ Mike Woods Full of squishy cynicism ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Drive errors in raidz array
I have a system with 24 drives in raidz2. When testing with bonnie++ it seemed to work fine (although I had to raise the arc_max to prevent kernel panics). However, now we're copying data to it and dmesg is showing many errors like: mpt0: mpt_cam_event: 0x16 mpt0: request 0xff80005f3840:63495 timed out for ccb 0xff000988f800 (req-ccb 0xff000988f800) mpt0: request 0xff80005f1f80:63496 timed out for ccb 0xff00098d0800 (req-ccb 0xff00098d0800) mpt0: attempting to abort req 0xff80005f3840:63495 function 0 mpt0: request 0xff8000601ee0:63497 timed out for ccb 0xff011edaa800 (req-ccb 0xff011edaa800) mpt0: request 0xff80005f4ec0:63498 timed out for ccb 0xff011eda5800 (req-ccb 0xff011eda5800) mpt0: mpt_wait_req(1) timed out mpt0: mpt_recover_commands: abort timed-out. Resetting controller mpt0: mpt_cam_event: 0x0 mpt0: completing timedout/aborted req 0xff80005f3840:63495 mpt0: completing timedout/aborted req 0xff80005f1f80:63496 mpt0: completing timedout/aborted req 0xff8000601ee0:63497 mpt0: completing timedout/aborted req 0xff80005f4ec0:63498 followed by (da0:mpt0:0:1:0): READ(10). CDB: 28 0 1 23 81 6f 0 0 2b 0 (da0:mpt0:0:1:0): CAM Status: SCSI Status Error (da0:mpt0:0:1:0): SCSI Status: Check Condition (da0:mpt0:0:1:0): UNIT ATTENTION asc:29,0 (da0:mpt0:0:1:0): Power on, reset, or bus device reset occurred (da0:mpt0:0:1:0): Retrying Command (per Sense Data) for every drive in the array. Additionally, zpool scrub says: pool: backups state: ONLINE status: One or more devices has experienced an unrecoverable error. An attempt was made to correct the error. Applications are unaffected. action: Determine if the device needs to be replaced, and clear the errors using 'zpool clear' or replace the device with 'zpool replace'. see: http://www.sun.com/msg/ZFS-8000-9P scrub: resilver completed after 0h0m with 0 errors on Thu Jan 21 23:15:36 2010 I'm using 8.0-RELEASE-p2 on amd64. One other thing that changed between testing with bonnie++ and now is that I used glabel to label the drives before I put them in the raidz array. There is no raid controller. Is this something anyone has seen before? Googling around shows some similar errors but no solutions. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to troubleshoot a frozen boot sequence
On Fri, Jan 22, 2010 at 11:53:31AM -0600, Billy Newsom wrote: I am doing a test run on a production server. It has 2 hard drives. ad0 (mounted on /disk250 in a single slice plus SWAP) twed0 (mounted on / /var /usr and a SWAP) The twed0 is a hardware mirror and my main drive. ad0 is just for backups. What the issue is, and you probably know where I'm heading. The boot process freezes if I remove the ad0 (to test a drive failure condition) It freezes after saying: BTX boot loader etc. I don't see any indication that your ad0 has any provision for hotswap. It isn't in any raid setup. Try taking everything from /dev/ad0 out of /etc/fstab - including both the big partition and the swap partition and then rebooting. jerry FreeBSD/i386 bootstrap loader 1.1 It spins for a second, then stops... unless I have ad0 in the computer. /boot/kernel/kernel text=0x7b03a0 data=0xcdee0 / And it never gets to the boot menu. So: 1. Should I put a new boot0config on the twed0 drive? If so do I boot from a CD to do that? I need to potentially do something also to my disk labels and my fstab so that I don't boot to single user mode if drive ad0 fails. I haven't done this exact type of thing before, so I am looking for a little help. my fstab: /dev/ad0s1b noneswapsw 0 0 /dev/twed0s1b noneswapsw 0 0 /dev/twed0s1a / ufs rw 1 1 /dev/ad0s1d /disk250ufs rw 2 2 /dev/twed0s1e /tmpufs rw 2 2 /dev/twed0s1f /usrufs rw 2 2 /dev/twed0s1d /varufs rw 2 2 /dev/acd0 /cdrom cd9660 ro,noauto 0 0 I tried to read the MBR from the twed0 drive, and the program couldn't read it. The one from the ad0 drive is readable and I saved a copy of it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
ISO simple non-forking TCP connection forward/balance tool
I'm looking for a simple program I can use to forward incoming TCP connections to several other addr:port pairs. (including one on the machine itself.) Holding the connections open and passing the data back and forth until both parties close their ends. I need a solution that doesn't fork. One way to do it is just fork ad-hoc netcat pipes with inetd, but I'm trying to avoid the process overhead. An ssh tunnel is another option, but the crypto involves too much cpu overhead. I've investigaged ipnat rdr rules, but ipnat seems like it's too low-level, it wants to divert the packet directly w/o rewriting the from addr. This means that the return packet is a mismatch unless I make the machine running the forwarder into the router. I found a simple program called balance floating around out there, but unfortunately it uses an extremely naive fork-after-accept method that results in the same process overhead. Is there a simple kq-driven tcp forwarder out there? Is there a pure-TCP forwarding module for lighttpd? (or some other single-threaded app server?) Or is there a good way to do it in the kernel that I'm missing, and can someone direct me to an ipnat ruleset that creates new connections, so the TCP forwarding machine doesn't also need to be a router? Thanks very much for your help. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ISO simple non-forking TCP connection forward/balance tool
On Fri, Jan 22, 2010 at 2:01 PM, Chris Peiffer bsdli...@cabstand.comwrote: I'm looking for a simple program I can use to forward incoming TCP connections to several other addr:port pairs. (including one on the machine itself.) Holding the connections open and passing the data back and forth until both parties close their ends. I need a solution that doesn't fork. One way to do it is just fork ad-hoc netcat pipes with inetd, but I'm trying to avoid the process overhead. An ssh tunnel is another option, but the crypto involves too much cpu overhead. I've investigaged ipnat rdr rules, but ipnat seems like it's too low-level, it wants to divert the packet directly w/o rewriting the from addr. This means that the return packet is a mismatch unless I make the machine running the forwarder into the router. I found a simple program called balance floating around out there, but unfortunately it uses an extremely naive fork-after-accept method that results in the same process overhead. Is there a simple kq-driven tcp forwarder out there? Is there a pure-TCP forwarding module for lighttpd? (or some other single-threaded app server?) Or is there a good way to do it in the kernel that I'm missing, and can someone direct me to an ipnat ruleset that creates new connections, so the TCP forwarding machine doesn't also need to be a router? Thanks very much for your help. A few lines in python should do what you're looking for, see socket lib, twisted if you have high performance needs. -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ISO simple non-forking TCP connection forward/balance tool
Hi-- On Jan 22, 2010, at 12:01 PM, Chris Peiffer wrote: Or is there a good way to do it in the kernel that I'm missing, and can someone direct me to an ipnat ruleset that creates new connections, so the TCP forwarding machine doesn't also need to be a router? I don't know about ipnat, but natd (or kernel-level IPFW NAT functionality in newer versions of FreeBSD) redirect_port will do exactly what you've asked for: -redirect_port proto targetIP:targetPORT[,targetIP:targetPORT[,...]] [aliasIP:]aliasPORT [remoteIP[:remotePORT]] -redirect_address localIP[,localIP[,...]] publicIP These forms of -redirect_port and -redirect_address are used to transparently offload network load on a single server and distribute the load across a pool of servers. This function is known as LSNAT (RFC 2391). For example, the argument tcp www1:http,www2:http,www3:http www:http means that incoming HTTP requests for host www will be trans- parently redirected to one of the www1, www2 or www3, where a host is selected simply on a round-robin basis, without regard to load on the net. (Userland natd doesn't need to fork for individual connections.) Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ISO simple non-forking TCP connection forward/balance tool
Hi-- On Jan 22, 2010, at 12:21 PM, Adam Vande More wrote: A few lines in python should do what you're looking for, see socket lib, twisted if you have high performance needs. I'm a big fan of python, but you'd have to be careful to choose the right processing model-- some sort of select()/poll()/kqueue() wrapper with nonblocking I/O and process-towards-completion semantics rather than trying to do multithreaded approach, since the GIL will really interfere with concurrency. Note that the intended usage also matters quite a bit. For example, NAT-based solutions depend on the destinations being up all of the time and will happily drop a third (or whatever) of the traffic into the void if one of the backend boxes is down or a service is unresponsive. Software-based load-balancers which recognize and route around downed ports or boxes play nicer for this sort of thing, as do H/W load-balancer solutions like Foundry ServerIrons Citrix NetScalers, which have liveness checks built in to test destinations and make sure they stay up before distributing traffic onto them. There's also a question of whether the traffic ought to be stateful beyond individual connections, in which case software-based solutions like FastCGI or WebObjects which support session affinity are a much better idea than trying to write stateless services which have to persist to a backend database or something along those lines for every request. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: portupgrade fail qt4-rcc-4.6.1
On Thursday 21 January 2010 10:34:59 pm n dhert wrote: Today there were about 7 portupgrades to qt4 packages. Upgrading 'qt4-rcc-4.5.3' to 'qt4-rcc-4.6.1' (devel/qt4-rcc) failed: ... c++ -c -O2 -fno-strict-aliasing -pipe -O2 -fPIC -Wall -W -DQT_BOOTSTRAPPED -DQT_ LITE_UNICODE -DQT_NO_CAST_FROM_ASCII -DQT_NO_CAST_TO_ASCII -DQT_NO_CODECS -DQT_N O_DATASTREAM -DQT_NO_GEOM_VARIANT -DQT_NO_LIBRARY -DQT_NO_QOBJECT -DQT_NO_STL -D QT_NO_SYSTEMLOCALE -DQT_NO_TEXTSTREAM -DQT_NO_THREAD -DQT_NO_UNICODETABLES -DQT_ NO_USING_NAMESPACE -D_LARGEFILE64_SOURCE -D_LARGEFILE_SOURCE -I/usr/local/share/ qt4/mkspecs/freebsd-g++ -I. -I../../../include -I../../../include/QtCore -I../.. /../include/QtXml -I/usr/local/include -o .obj/release-static/qfsfileengine_unix .o ../../corelib/io/qfsfileengine_unix.cpp ../../corelib/io/qfsfileengine_unix.cpp: In member function 'uchar* QFSFileEngin ePrivate::map(qint64, qint64, QFile::MemoryMapFlags)': ../../corelib/io/qfsfileengine_unix.cpp:1273: warning: comparaison between signed and unsigned integer expressions ../../corelib/io/qfsfileengine_unix.cpp:1293: error: 'QT_MMAP' was not declared in this scope *** Error code 1 Stop in /usr/ports/devel/qt4-rcc/work/qt-everywhere-opensource-src-4.6.1/src/ too ls/bootstrap. *** Error code 1 Stop in /usr/ports/devel/qt4-rcc. --- Build of devel/qt4-rcc ended at: Fri, 22 Jan 2010 07:09:07 +0100 (consumed 00:01:47) --- Upgrade of devel/qt4-rcc ended at: Fri, 22 Jan 2010 07:09:07 +0100 (consum ed 00:01:47) Waht's wrong and how to remedy? I found that portugrade was trying to upgrade qt4-rcc or moc on my machines before it upgraded their only dependency, qt4-qmake. I updated that and then everything worked just fine. Kent -- Kent Stewart Richland, WA http://users.owt.com/kstewart/index.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: Drive errors in raidz array
I have a system with 24 drives in raidz2. Congrats, you answered your own question within the first sentance :) ANSWER: As per the ZFS documentation, don't do raidz/raidz2 vdev groups bigger than 9 vdevs per group or bad things (tm) will happen. Google will tell you more. - Sincerely, Dan Naumov ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Periodic maintenaince
Hi! I like to know how can I optimize the execution about periodic daily. I know periodic execute is a set of scripts, but I have some problems with a sepecific script: 450.status-security. When this script is running by periodic_daily on cron, take some time to end and many times cause network errors like lost packets or timeouts. When the script is executing I saw with top command that generate a procces called find and it take all CPU resources while 450.status-security is executing. How can I optimize this script? -- View this message in context: http://old.nabble.com/Periodic-maintenaince-tp27280687p27280687.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
sysinstall and the Right Terminal
If one logs in to a FreeBSD system from a Linux platform, the terminal type is set to linux which is compatible with a vt100. As soon as I run sysinstall, things go to the dogs very fast. It is as if there was no terminal emulation in effect at all. Other things such as the shell and vi work. If you run sysinstall from the installation CDROM, it works well. What should I be doing to get proper terminal behavior in sysinstall? I did try setting the $TERM variable to vt100 and a read of the environment showed this did take effect, but the display filled with garbage along with blocks of text as soon as I ran sysinstall. Thank you. Martin McCormick WB5AGZ Stillwater, OK Systems Engineer OSU Information Technology Department Telecommunications Services Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Upgrade from i386-8.0 to amd64-8.0 possible?
I've got a system currently running FreeBSD-i386-8.0, and was wondering whether or not it's possible to move the system to FreeBSD-amd64-8.0 without bringing it down for more than a reboot or two (and avoid reinstalling all of the client software on the box itself). The box itself will be undergoing a hardware change from a dual xeon (P4, not 64bit) to a dual opteron. I think I can boot i386, set up a amd64 cross-compile, then compile a new kernel with it, or do a binary change to the new arch and then reboot. --Joseph Lenox ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sysinstall and the Right Terminal
On Fri, 22 Jan 2010 16:10:15 -0600, Martin McCormick mar...@dc.cis.okstate.edu wrote: If one logs in to a FreeBSD system from a Linux platform, the terminal type is set to linux which is compatible with a vt100. What about using $TERM = xterm or cons25 (or cons25l1)? -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: pf rules
On 22 January 2010, at 03:14, Erik Norgaard wrote: Doug Hardie wrote: On 22 January 2010, at 01:45, Erik Norgaard wrote: To debug pf rules: - always add direction to the rule, pass or block, add interface to all rules except default policy, keep state on all pass rules - group your rules per direction, then per interface - add log to all rules and watch pflog to see which rule blocks or passes traffic. - use keyword quick for any decisive rule - check the parsing of your ruleset, pfctl -sr then come back and ask for help. Where do you find the rule information in the pflog output from tcpdump? a snip: alpha# tcpdump -n -e -i pflog0 tcpdump: WARNING: pflog0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes 11:55:20.910140 rule 81/0(match): block in on vr1: 172.16.1.127.52444 172.16.0.1.23: tcp 44 [bad hdr length 0 - too short, 20] rule 81 blocks. Now, problem is that your rules may be more compact, you'll find the rule with pfctl -sr. Now admittedly, I got: pass in quick on vr1 inet proto udp from 172.16.0.0/23 to local_ip port = secret_service keep state ofcourse, that rule didn't block. But two lines down I found: block return in log quick on vr1 inet from 172.16.0.0/23 to local_ip This makes sence, so why the offset 2? The first line of the output from pfctl -sr is scrub all fragment reassemble that shouldn't count as a rule. And then, if pflog starts counting with 0 while vi counts from 1 that explains it. Yet another reason to check the rules as parsed using pfctl -sr. Anyway, not trying to cut corners is the first step, then add log so you can see whats going on, use quick to avoid some packet fall through and being matched by a different rule than intended, organizes your rules so you can easily separate things out. My rules are grouped together like this: # default policy block all block in log general condition pass in quick some packets keep state block in log quick general condition block out log general condition pass out quick some packets keep state block out log quick general condition # Default policy catch all should never apply block log all the conditions for the pass rules should match those of the first block and then be more specific, say, only apply to one port. Doing so, the pf rule parser will optimize the ruleset. Even if I know that a given rule can only match packets on the vr0 interface, I explicitly state the interface. It makes it clear what's going on. Once the ruleset is debugged and working you can remove the log statements. Thanks. That is really helpful. The key is that the rule information is in the link layer. I never guessed that. Now I see it just fine. This approach sure beats monitoring the statistics and the input and trying to correlate them. That was the approach I was using. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Invalid partition table after installation (GOOD NEWS!)
On Fri, Jan 22, 2010 at 11:01:02AM -0600, John wrote: On Fri, Jan 22, 2010 at 08:09:50AM -0600, John wrote: On Fri, Jan 22, 2010 at 07:27:56AM -0600, John wrote: On Fri, Jan 22, 2010 at 06:36:14AM -0600, John wrote: On Fri, Jan 22, 2010 at 08:16:59PM +0800, Fbsd1 wrote: John wrote: On Thu, Jan 21, 2010 at 10:25:26PM +0800, Fbsd1 wrote: John wrote: On Thu, Jan 21, 2010 at 04:38:22PM +0800, Fbsd1 wrote: John wrote: I've tried the modern BIOS geometry and the 255 head geometry. I've ensured that the first slice (boot slice) is smaller than 1.5 Gb. I've tried to figure out what the BIOS thinks the geometry is, but it doesn't seem to want to tell me. At least, I can't find it in the BIOS menu anywhere. When I boot from the CD-ROM with the 255 head geometry, though, it complains about the disk geometry, saying 16h,63s != 255h,63s or something like that - it flies by pretty fast (is there a way to go back and see that from the CD-ROM boot only boot?). I'm using the Standard boot manager, and the entire disk is devoted to FreeBSD. System BIOS version PT84510A.86A.2004.P05 Processor Type: Intel Pentium 4 Processor speed: 2.20Ghz Memory: 512Mb Disk: Primary IDE Master ST380021A (Seagate Barracuda ATA IV 80Gb) Primary IDE Slave: IOMega ZIP 250 Secondary IDE Master: Sony CD-RW CRX19 (what I boot from to install) Secondary IDE Slave: DVD-ROM DDU1621 Boot sequence: 1) ATAPI CD-ROM 2) Hard Drive 3) Removable Dev. Modern BIOS geometry: 155061/16/63 for ad0 calculated geometry: 9729/255/63 for ad0 ad0s1 start=63, size=2875572 ad0s2 start=2875635, size=10217340 ad0s3 start=13092975, size=143203410 unus start=156296384, size=5103 ad0s1a / 384Mb ad0s1d /usr 1Gb ad0s2b SWAP 1Gb ad0s2d /tmp 384Mb ad0s2e /var 512Mb ad0s2f /var/mail 2Gb ad0s2g /usr/ports 1Gb ad0s3d /home/mysql 4Gb ad0s3e /home 50Gb ad0s3f /usr/src 3Gb ad0s3g /usr/obj 3Gb ad0s3h /extra 8483Mb Suggestions, please? I'm making zero headway right now. :( What version of FreeBSD are you running Well, yes, I suppose that would be a good bit of information! What I'm *TRYING* to run is 8.0. It seems to install successfully (of course - after doing all that), but then when I try to boot from the hard drive, I see an otherwise-blank screen that says: Invalid partition table and that's as far as it goes! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org There are reports of this sort of thing caused by 8.0 fdisk when doing a install from scratch over a hard drive that all ready has an older version of Freebsd installed on it. The solution is to force the scratching of the MBR on the disk first before running sysinstall fdisk. Boot a LiveFS CD, then at a root prompt do: sysctl kern.geom.debugflags=16 and: dd if=/dev/zero of=/dev/adx oseek=1 bs=512 count=1 where x equals your drive number. OK. I did exactly that. I confirmed that the second 512 bytes were zero by doing a dd if/dev/ad0 bs=512 count=2 | od -c and everything from 001000 through 002000 was zero. But I still got Invalid partition table after the installation. I guess I should set up one of my other systems as a local mirror. I've done the installation so many time already, and it looks like I'm not done yet! On the 8.0 fdisk/MBR subject. Doing dd if=/dev/zero of=/dev/adx oseek=1 bs=512 count=1 was the solution from another post to the list with subject 'SunFire X2100 fails'. Here is another post that gives more details http://www.freebsd.org/cgi/getmsg.cgi?fetch=322687+326879+/usr/local/ www/db/text/2009/freebsd-questions/20091227.freebsd-questions It seems in 8.0 gpart was introduced and a change was made to fdisk to support its sector o mbr format. 8.0 fdisk and disklabel are now broken. Searching the list archives may shed more light on your problem. Hmmm. This seems to describe a case where fdisk fails to change the slice table. That is definitely not my case. The changes certainly get made. The next time I go to retry the installation, it has the information I gave it the previous time. I suppose it is possible that it is putting it (and reading it) in
Re: Migration planning - old system to new
On 22 January 2010, at 09:12, John wrote: Now that I've actually gotten the new system to boot, I need to figure out how I'm going to migrate everything - users, data, MySQL, NAT, firewall, apache, DHCP, gateway services BIND, Sendmail, etc., etc from FreeBSD 4.3-RELEASE #0: Thu Jan 22 19:44:16 CST 2004 to FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:48:17 UTC 2009 Bit of a challenge, eh? Not only that, but I'd like to update my UID scheme from a pre-standard version (most of the UIDs are down in the 100s) to the new convention so that I'm more in-line with the rest of the world. My rough idea: 1) Create a migrate account in Wheel with home as /var/migrate so that I can do a dump/restore on home without messing things up 2) Start putting together all the pieces - trying to find update / conversion scripts whenever possible. 3) once things get close, do the dump/retore of home, and a tar/untar of /var/mail (since I'm moving it from a part of the /var filesystem to a filesystem of its own - doing a dump/restore on /var is not a practical migration strategy in any case) 4) Let people move in, try it out, see how things are 5) Fix everything found in #4 6) Try a cut-over and make sure all the network services work in the middle of the night sometime, then switch back 7) Nuke /home and /var/mail and migrate them again to get the latest version 8) Do the real switch 9) spend a couple of weeks fixing all the things that weren't so disastrous that they got picked up in #4. Ideas / scripts / project plans / outlines - whatever? Maybe I should write a chapter for The Complete FreeBSD after surviving this... I presume you can't bring down the old system for a few weeks to make the conversion. Thus I would suggest you get the new system configured the way you want without the user data and back it up so that you can restore it to that configuration easily. Then once you have your approach established do a test conversion. Leave the old system in production and check out the results of the conversion. You may want to tweak your conversion approach a few times. Then when it works fine, restore the new system and do the conversion for real.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: need help with the last-two-ports!
On Thu, 21 Jan 2010 19:33:09 -0800, Gary Kline kl...@thought.org wrote: surprised how many things depend on that nspr... wow. It seems to be because many other things depend on Netscape (or the corresponding HTML renderer or who knows what); from the port's description: Netscape Portable Runtime (NSPR) provides a platform-neutral API for system level and libc like functions. The API is used in the Mozilla client, many of Netscape/AOL/iPlanet's and other software offerings. So why port software complicatedly to FreeBSD when all the OS-specific stuff can be abstracted by another port? :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ISO simple non-forking TCP connection forward/balance tool
Chris Peiffer wrote: I'm looking for a simple program I can use to forward incoming TCP connections to several other addr:port pairs. (including one on the machine itself.) Holding the connections open and passing the data back and forth until both parties close their ends. I need a solution that doesn't fork. One way to do it is just fork ad-hoc netcat pipes with inetd, but I'm trying to avoid the process overhead. See net/bsdproxy. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FreeBSD 8.0 amd64 on Nehelem Xeon?
I'm in the process of purchasing a small Nehelem-based server (Xeon L5506 CPU to be exact). I will be installing some flavor of FreeBSD 8.0 (either i386 32 bit or amd64 64 bit, to be exact). I have no immediate need for a 64 bit server, as none of the processes that I will be running in the forseeable future will require more than 3 gigs of memory. My primary use for the server (which will be in a data center) will be to run video games servers; the exact game I'll be running is based on the ioquake3 open source engine, which compiles and runs fine on FreeBSD, at least 32 bit (have not tried 64 bit FreeBSD yet, but will get around to that). My two concerns when making a decision between 32 bit and 64 bit are: 1. Performance. Will there be any difference in performance between a 64 bit OS and 32 bit on my Nehelem? 2. Availability of software. Will some software run only on 32 bit? Only on 64 bit? Please help me in making this decision. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: posting coding bounties, appropriate money amounts?
Dan Naumov wrote: Hello I am curious about posting some coding bounties, my current interest revolves around improving the ZVOL functionality in FreeBSD: fixing the known ZVOL SWAP reliability/stability problems as well as making ZVOLs work as a dumpon device (as is already the case in OpenSolaris) for crash dumps. I am a private individual and not some huge Fortune 100 and while I am not exactly rich, I am willing to put some of my personal money towards this. I am curious though, what would be the best way to approach this: directly approaching committer(s) with the know-how-and-why of the areas involved or through the FreeBSD Foundation? And how would one go about calculating the appropriate amount of money for such a thing? Hi, This idea (bounties) appear approximately every 6 months and it appears there is no better way than contacting the developers directly. AFAIK all attempts to conglomerate such an effort have failed. One important conclusion is that it cannot go through the Foundation since they cannot accept targeted donations. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: pf rules
On 22 January 2010, at 03:14, Erik Norgaard wrote:
Doug Hardie wrote:
On 22 January 2010, at 01:45, Erik Norgaard wrote:
To debug pf rules:
- always add direction to the rule, pass or block, add interface to all
rules except default policy, keep state on all pass rules
- group your rules per direction, then per interface
- add log to all rules and watch pflog to see which rule blocks or
passes traffic.
- use keyword quick for any decisive rule
- check the parsing of your ruleset, pfctl -sr
then come back and ask for help.
Where do you find the rule information in the pflog output from tcpdump?
a snip:
alpha# tcpdump -n -e -i pflog0
tcpdump: WARNING: pflog0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96
bytes
11:55:20.910140 rule 81/0(match): block in on vr1: 172.16.1.127.52444
172.16.0.1.23: tcp 44 [bad hdr length 0 - too short, 20]
rule 81 blocks. Now, problem is that your rules may be more compact, you'll
find the rule with pfctl -sr. Now admittedly, I got:
pass in quick on vr1 inet proto udp from 172.16.0.0/23 to local_ip port =
secret_service keep state
ofcourse, that rule didn't block. But two lines down I found:
block return in log quick on vr1 inet from 172.16.0.0/23 to local_ip
This makes sence, so why the offset 2? The first line of the output from
pfctl -sr is
scrub all fragment reassemble
that shouldn't count as a rule. And then, if pflog starts counting with 0
while vi counts from 1 that explains it.
Yet another reason to check the rules as parsed using pfctl -sr.
Anyway, not trying to cut corners is the first step, then add log so you can
see whats going on, use quick to avoid some packet fall through and being
matched by a different rule than intended, organizes your rules so you can
easily separate things out.
My rules are grouped together like this:
# default policy
block all
block in log general condition
pass in quick some packets keep state
block in log quick general condition
block out log general condition
pass out quick some packets keep state
block out log quick general condition
# Default policy catch all should never apply
block log all
the conditions for the pass rules should match those of the first block and
then be more specific, say, only apply to one port. Doing so, the pf rule
parser will optimize the ruleset.
Even if I know that a given rule can only match packets on the vr0 interface,
I explicitly state the interface. It makes it clear what's going on.
Once the ruleset is debugged and working you can remove the log statements.
BR, Erik
--
This is quite interesting. I can't figure out the rules on my system. Here is
the pf.conf file with all comments removed:
table blackhole persist file /etc/blackhole
table spamd persist
table spamd-white persist
table spamd-white-local persist file /etc/mail/whitelist
MAILHOSTS = {zool.lafn.org}
no rdr on { lo0, lo1 } from any to any
no rdr inet proto tcp from spamd-white-local to any port smtp
no rdr inet proto tcp from spamd-white to any port smtp
rdr pass log inet proto tcp from any to any port smtp - 127.0.0.1 port spamd
pass in log inet proto tcp to $MAILHOSTS port smtp keep state
pass in log on sis0 reply-to (sis0 192.168.25.1) proto tcp from any to any port
75 keep state
block in quick log on $ext_if from blackhole to any
Note: the blackhole file is empty as is the whitelist file. There is an entry
for 216.54.240.150 in spamd database. This is a test system.
Here is the output of tcpdump where I have only taken one entry for each rule.
I have listed the rule number at the front of each line:
Rule 0: 14:01:27.133320 rule 0/0(match): pass in on dc0: 216.54.240.150.55782
206.117.18.7.25: S 2501333595:2501333595(0) win 65535 mss
1460,nop,nop,sackOK
Rule 1: 02:26:44.755650 rule 1/0(match): pass in on sis0: 71.109.144.133.40864
192.168.25.7.75: S 3941268770:3941268770(0) win 65535 mss 1460,nop,wscale
3,nop,nop,timestamp[|tcp]
Rule 2: 10:44:45.037918 rule 2/0(match): block in on dc0: 71.109.162.173.39529
206.117.18.7.75: . ack 145 win 65535 nop,nop,timestamp 705571170 1951648775
Rule 4: 13:51:16.022700 rule 4/0(match): rdr in on dc0: 216.54.240.150.49821
127.0.0.1.8025: S 2371633783:2371633783(0) win 65535 mss 1460,nop,nop,sackOK
I found no entries for rule 3. There is virtually no traffic on this system
other than from me.
As I look at pf.conf and tie the rules to the entries I get (rule number at
beginning of line):
no rdr on { lo0, lo1 } from any to any
no rdr inet proto tcp from spamd-white-local to any port smtp
0 - no rdr inet proto tcp from spamd-white to any port smtp
4 - rdr pass log inet proto tcp from any to any port smtp - 127.0.0.1 port
spamd
pass in log inet proto tcp to $MAILHOSTS port smtp keep state
1 - pass in log on sis0 reply-to (sis0
Re: sysinstall and the Right Terminal
If one logs in to a FreeBSD system from a Linux platform, the terminal type is set to linux which is compatible with a vt100. As soon as I run sysinstall, things go to the dogs very fast. It is as if there was no terminal emulation in effect I don't have a solution but can report I regularily login to my fbsd 7 and 8 boxes from an Ubuntu laptop using ssh in Terminal and run sysinstall. I've never encountered this problem though. -- Dale Scott Calgary, AB, Canada ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Failed to Load Kernel
On 1/5/2010 1:30 AM, Programmer In Training wrote: snip The message I'm getting (wish I could just screen cap and put it up on the web): FreeBSD/i386 bootstrap loader, Revision 1.1 (r...@almeida.cse.buffalo.edu, Sat Nov 21 14:05:36 UTC 2009) Loading /boot/defaults/loader.conf /boot/kernel/kernel text=0x88d680 readin failed elf32_loadimage: read failed Unable to lad a kernel! / Hit [Enter] to boot immediately, or any other key for command prompt. Booting [/boot/kernel/kernel]... can't load 'kernel' snip OK, update time. Swapped out all optical drives for one older, plain jane CD-ROM. Still fail. Swapped out 6GB Western Digital drive for 41GB Maxtor. Still fail. Swapped out IDE cable going to optical drive. Still fail. When I get to the line where it tells me to hit enter to boot or type in a command etc. I type ? get a list of commands. I try (OK is the prompt) OK boot can't load 'kernel' no bootable kernel OK boot-conf /boot/kernel/kernel text=0x88d680 readin failed elf32_loadimage: read failed can't find 'kernel' OK Yet, as I've said before. Loads up fine on my mom's laptop. I get to the main installation screen (the one with all the initial options). I'm thinking of swapping out the IDE cable for the hdd but I'm fairly certain that won't change anything. I'm ~6h away from having 7.2 to burn to disc and try that way. If anyone has any suggestions (short of actual voodoo), please please please let me know. -- PIT Emails are not formal business letters, whatever businesses may want. signature.asc Description: OpenPGP digital signature
Re: Where is portsnap ?
Portsnap is part of the base, now. Well, I am running 7.2 /usr/sbin/portsnap On Fri, Jan 22, 2010 at 02:39:52PM +0100, Bernard de Joly thus spake: Hello, I use freebsd for several years and I appreciate portsnap but it doesn't seem to be on the current port tree anymore ? Can you tell me what is happening with him? Anyway thank you for your so useful work. Best regards, Bernard de Joly Lasserre d'Amour 32250 Montr?al du Gers T?l?phone 09 53 79 84 21 http://www.gers.net/b.dejoly/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- Jason Helfman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Periodic maintenaince
On Fri, Jan 22, 2010 at 02:04:21PM -0800, fpineda wrote: Hi! I like to know how can I optimize the execution about periodic daily. I know periodic execute is a set of scripts, but I have some problems with a sepecific script: 450.status-security. When this script is running by periodic_daily on cron, take some time to end and many times cause network errors like lost packets or timeouts. When the script is executing I saw with top command that generate a procces called find and it take all CPU resources while 450.status-security is executing. How can I optimize this script? This scripts calls /usr/sbin/periodic, which then executes all the scripts in /etc/periodic/security. With the command 'grep find /etc/periodic/security/*', you'll find that three scripts contain a find command; - /etc/periodic/security/100.chksetuid - /etc/periodic/security/800.loginfail - /etc/periodic/security/900.tcpwrap What you could do is prepend the find(1) commands with the nice(1) command, to give the find commands lower priority. E.g. 'find -bla' then becomes '/usr/bin/nice -n 19 find -bla'. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgp1tX3e26zK3.pgp Description: PGP signature
Re: FreeBSD 8.0 amd64 on Nehelem Xeon?
Nerius Landys wrote: I'm in the process of purchasing a small Nehelem-based server (Xeon L5506 CPU to be exact). I will be installing some flavor of FreeBSD 8.0 (either i386 32 bit or amd64 64 bit, to be exact). I have no immediate need for a 64 bit server, as none of the processes that I will be running in the forseeable future will require more than 3 gigs of memory. My primary use for the server (which will be in a data center) will be to run video games servers; the exact game I'll be running is based on the ioquake3 open source engine, which compiles and runs fine on FreeBSD, at least 32 bit (have not tried 64 bit FreeBSD yet, but will get around to that). My two concerns when making a decision between 32 bit and 64 bit are: 1. Performance. Will there be any difference in performance between a 64 bit OS and 32 bit on my Nehelem? Probably not so much that you would notice (i.e. not something the users would immediately feel) - for general loads we're talking about low percentages in either direction. But installing a 64-bit OS is more like planning for the future. Maybe you will need more RAM for some application and then you will be stuck with a 32-bit OS. 2. Availability of software. Will some software run only on 32 bit? Only on 64 bit? There probably are some. If you are only interested in FreeBSD ports, you can make a list of which ports you need and then inspect their Makefiles to see if there's a flag disabling them on the amd64 architecture. Another option is that you bring up a 32-bit-only jail and run your 32-bit applications from it. Additional information for Nehalems is that you should stick to the more widely available models - the 4 core+HTT ones. Some of the more exotic ones (6 core) might have problems with ULE and topology guesswork. http://suckit.blog.hu/2009/10/05/freebsd_8_is_it_worth_to_upgrade ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: posting coding bounties, appropriate money amounts?
On Fri, Jan 22, 2010 at 3:06 PM, Ivan Voras ivo...@freebsd.org wrote: Dan Naumov wrote: Hello I am curious about posting some coding bounties, my current interest revolves around improving the ZVOL functionality in FreeBSD: fixing the known ZVOL SWAP reliability/stability problems as well as making ZVOLs work as a dumpon device (as is already the case in OpenSolaris) for crash dumps. I am a private individual and not some huge Fortune 100 and while I am not exactly rich, I am willing to put some of my personal money towards this. I am curious though, what would be the best way to approach this: directly approaching committer(s) with the know-how-and-why of the areas involved or through the FreeBSD Foundation? And how would one go about calculating the appropriate amount of money for such a thing? Hi, This idea (bounties) appear approximately every 6 months and it appears there is no better way than contacting the developers directly. AFAIK all attempts to conglomerate such an effort have failed. One important conclusion is that it cannot go through the Foundation since they cannot accept targeted donations. Awhile back, we built a simple app for posting bounties, getting devs and sponsors on board, posting the committed code in a browser viewable format, and then handle final payout upon completion. iXsystems is more than willing to handle financial details and I would gladly be the first to sponsor this project on the site. http://www.sponsorbsd.org We would need a team leader *cough* Ivan *cough* that could make sure developing contributors are actually involved so that the final payoff can be shared accordingly. It's a cakephp app and I'm sure it needs a bit more polish but we could do it on the fly and it shouldn't be to hard :) Any cakephp or php devs interested in helping testing and launch, let me know. I just haven't had much time to spend on launching it although I still think it's a great idea. If somebody would like to spearhead this effort, that would be great. For companies wishing to sponsor non-community code, it also has the option of hiding the community committed code. best, -matt ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Upgrade from i386-8.0 to amd64-8.0 possible?
On Fri, Jan 22, 2010 at 04:16:53PM -0600, LoH wrote: I've got a system currently running FreeBSD-i386-8.0, and was wondering whether or not it's possible to move the system to FreeBSD-amd64-8.0 without bringing it down for more than a reboot or two It is possible, but not recommended. First of all, you'll need a free (root) partition to install the new amd64 kernel and world into. And you need to rebuild not only the kernel, but the userland binaries (world) as well. (and avoid reinstalling all of the client software on the box itself). Realize that if you _ever_ want to update a port (which is still a i386 binary), those ports will be rebuilt as amd64 binaries, and linking (to libraries that are still i386) will fail. Likewise, is you update a library, all i386 binaries that depend on it will stop working because the library becomes amd64. Unless you copy the old library to a lib32 directory which you then have to tell ldconfig how to find. The box itself will be undergoing a hardware change from a dual xeon (P4, not 64bit) to a dual opteron. I think I can boot i386, set up a amd64 cross-compile, then compile a new kernel with it, or do a binary change to the new arch and then reboot. Do yourself a big favor. Back up your data, configuration files and a list of your ports, en delete all ports. Then install amd64 cleanly on the new machine. Restore your data. Re-build your ports from scratch, or install packages. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgprWwZxTp7Yx.pgp Description: PGP signature
Re: FreeBSD 8.0 amd64 on Nehelem Xeon?
There probably are some. If you are only interested in FreeBSD ports, you can make a list of which ports you need and then inspect their Makefiles to see if there's a flag disabling them on the amd64 architecture. OK thanks. Could you give me an example of a port that is disabled on 64 bit and tell me what I will find in the Makefile, so I can look for it on other ports? Additional information for Nehalems is that you should stick to the more widely available models - the 4 core+HTT ones. Some of the more exotic ones (6 core) might have problems with ULE and topology guesswork. The L5506 is a 4 core model without Turbo Boost and without Hyper Threading. It's a power-efficient model. Think that'll be OK? http://ark.intel.com/Product.aspx?id=40712 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Upgrade from i386-8.0 to amd64-8.0 possible?
On Fri, 22 Jan 2010 16:16:53 -0600 LoH lordofhyph...@gmail.com wrote: I've got a system currently running FreeBSD-i386-8.0, and was wondering whether or not it's possible to move the system to FreeBSD-amd64-8.0 without bringing it down for more than a reboot or two (and avoid reinstalling all of the client software on the box itself). Just in case you're not aware of it, I find this site very useful: http://www.google.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Cannot boot FreeBSD (8.0) from USB stick (Dell Inspiron 9400)
Christoph Kukulies wrote: I don't know why you shout. (?) Not shouting, just making my inserted comments visible within the old post as in different from bottom or top posting. Fbsd1 schrieb: Christoph Kukulies wrote: Fbsd1 schrieb: Christoph Kukulies wrote: I installed FreeBSD 8.0 on an USB-stick and was able to boot it on my Desktop PC and install 8.0 from it. DO YOU MEAN YOU INSTALLED THE 8.0 ISO ON A USB STICK. BOOTED FROM IT AS INSTALL SOURCE AND INSTALLED 8.0 ON A DESKTOP PC TO THE MOTHERBOARD CABLED HARD DRIVE??? OR DO YOU MEAN YOU INSTALLED 8.0 ON A DESKTOP PC TO ANOTHER USB STICK??? The former, I copied the 8.0 iso image to an USB stick, booted it and installed it to the desktop PCs hard drive. That was one story. The other point is, that I now wanted to plug this USB stick into my Dell inspiron and install FreeBSD in the same manner to a free partition on my notebooks hard drive. Now I plugged the same stick into my Dell Inspiron 9400 and the USB stick (2GB) is not even listed in the F12 Bios boot menu. YOU MEAN YOU PLUGGED THE STICK WITH THE ISO INSTALLED ON IT THAT THE DESKTOP BOOTED FROM??? Yes, that same stick booted the desktop but is not recognized in the F12 menu of my notebook. Any clues? -- Christoph Older pc's have bios which do not have option to boot from USB stick. I think that is so in your case. Check mfg website for bios update. If not you are SOL. (shit outof luck) I can boot USB sticks in general from that notebook/BIOS. That Dell 9400 isn't that old. Today I tried an another USB stick (16GB) an Ubuntu 9.04 boot image and it worked fine. I saw the boot device under F12 in the bootable device menu. It's definitely not the BIOS. Could be some partition problem (active partition?). Why is it part #4 btw, that FreeBSD resides in and not part #1 ? LETS NOT GET CONFUSED WITH MSDOS /FREEBSD TERMS. IN FREEBSD A SLICE IS WHAT MSDOS CALLS A PARTITION. IN FREEBSD A PARTITION IS A FILE SYSTEM SUCH AS /, /USR, /VAR WITH IN THE SLICE. A SLICE IS MARKED AS ACTIVE MEANING ITS BOOTABLE. THE MBR The FreeBSD fdisk program names it partition. (MASTER BOOT RECORD)PARTITION TABLE IS REALLY FREEBSD SLICE TABLE. FROM YOUR STATEMENT ABOVE YOU HAVE A MOTHERBOARD CABLED HARD DRIVE WITH 4 PARTITIONS/SLICES DEFINED IN THE MBR PARTITION TABLE. THE FIRST 3 PARTITIONS COULD BE HOLDING OTHER OPERATING SYSTEMS THAT YOU MAY WANT TO BOOT FROM. IS THIS CORRECT? Actually, I thought the USB stick had been blanked out before, but I'm nit sure and will look at it again. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Cannot boot FreeBSD (8.0) from USB stick (Dell Inspiron 9400)
Christoph Kukulies wrote: Here is some more info: The file I copied to the USB stick was ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/ISO-IMAGES/8.0/8.0-RELEASE-i386-memstick.img Actually, I don't remember how I got the image to the USB stick. I believe I used a free tool from HP from within Windows XP. I will try out your method below now. kernel messages at the time usb stick is inserted: ugen4.3: USB 2.0 at usbus4 umass0: USB 2.0 Flash Disk, class 0/0, rev 2.00/1.10, addr 3 on usbus4 umass0: SCSI over Bulk-Only; quirks = 0x umass0:1:0:-1: Attached to scbus1 (probe0:umass-sim0:0:0:0): TEST UNIT READY. CDB: 0 0 0 0 0 0 (probe0:umass-sim0:0:0:0): CAM Status: SCSI Status Error (probe0:umass-sim0:0:0:0): SCSI Status: Check Condition (probe0:umass-sim0:0:0:0): UNIT ATTENTION asc:28,0 (probe0:umass-sim0:0:0:0): Not ready to ready change, medium may have changed (probe0:umass-sim0:0:0:0): Retrying Command (per Sense Data) da0 at umass-sim0 bus 0 target 0 lun 0 da0: USB 2.0 Flash Disk PMAP Removable Direct Access SCSI-0 device da0: 40.000MB/s transfers da0: 1921MB (3935000 512 byte sectors: 255H 63S/T 244C) GEOM: da0: media size does not match label. # # # fdisk /dev/da0 *** Working on device /dev/da0 *** parameters extracted from in-core disklabel are: cylinders=244 heads=255 sectors/track=63 (16065 blks/cyl) /tmp/l12: unmodified, readonly: line 1 kernel messages at the time usb stick is inserted: ugen4.3: USB 2.0 at usbus4 umass0: USB 2.0 Flash Disk, class 0/0, rev 2.00/1.10, addr 3 on usbus4 umass0: SCSI over Bulk-Only; quirks = 0x umass0:1:0:-1: Attached to scbus1 (probe0:umass-sim0:0:0:0): TEST UNIT READY. CDB: 0 0 0 0 0 0 (probe0:umass-sim0:0:0:0): CAM Status: SCSI Status Error (probe0:umass-sim0:0:0:0): SCSI Status: Check Condition (probe0:umass-sim0:0:0:0): UNIT ATTENTION asc:28,0 (probe0:umass-sim0:0:0:0): Not ready to ready change, medium may have changed (probe0:umass-sim0:0:0:0): Retrying Command (per Sense Data) da0 at umass-sim0 bus 0 target 0 lun 0 da0: USB 2.0 Flash Disk PMAP Removable Direct Access SCSI-0 device da0: 40.000MB/s transfers da0: 1921MB (3935000 512 byte sectors: 255H 63S/T 244C) GEOM: da0: media size does not match label. # # # fdisk /dev/da0 *** Working on device /dev/da0 *** parameters extracted from in-core disklabel are: cylinders=244 heads=255 sectors/track=63 (16065 blks/cyl) parameters to be used for BIOS calculations are: cylinders=244 heads=255 sectors/track=63 (16065 blks/cyl) Media sector size is 512 Warning: BIOS sector numbering starts with sector 1 Information from DOS bootblock is: The data for partition 1 is: UNUSED The data for partition 2 is: UNUSED The data for partition 3 is: UNUSED The data for partition 4 is: sysid 165 (0xa5),(FreeBSD/NetBSD/386BSD) start 0, size 5 (24 Meg), flag 80 (active) beg: cyl 0/ head 0/ sector 1; end: cyl 1023/ head 254/ sector 63 # -- Christoph The dd command is what is used to copy the memstick.img to USB stick. The memstick.img is created with the dd command so no compression done. It has fixit included and is 3 times larger than the disc-1 iso file. Thats why I download the disc-1 iso and run the script to build the img on USB stick. So much faster this way. So I see that both usb sticks you are using are revision rev 2.00/1.10. But the stick that boots on your desktop will not boot on the laptop. And the stick that boots on the laptop will not boot on the desktop. Very strange indeed. This indicates that the pc bios are playing a big part in which USB stick it recognizes as bootable. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Recommendations for NICs?
In recent testing with 8-Stable, we couldn't get our Intel cards to push more than 450Mbps. We put some Broadcom cards in and we can get 980Mbps. On Thu, Jan 21, 2010 at 10:27 AM, John j...@starfire.mn.org wrote: This used to be a hot topic long ago, but now seems to have become rather dormant. Does that mean that all NICs are pretty much commodity with all the good features (unaligned scatter/gather, etc), or does it just mean that machine performance has grown to the point where we don't care anymore? The hardware.html page tells me what may owrk, but not what may work WELL. The on-board NIC uses the fxp driver. Should I look for another card that uses the same driver? Are those good, or are both good and bad cards supproted by the same driver? The list doesn't give any of the featuers which used to be assocaited with good or bad cards - just the names. Thanks! -- John Lind j...@starfire.mn.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: GELI file systems unusable after glabel label operations
On Fri, Jan 22, 2010 at 03:08:00AM -0600, Scott Bennett wrote: Why is that stored in the last sector of the device, rather than in the key file? What is the purpose of the key file if not to hold that type of information? All geom(4) providers use their last sector to store metadata; it's a design decision. Probably because the first sector(s) are used for boot blocks or filesystem metadata etc. It would have been possible to store the generated key in the user-provided keyfile. But since it is not mandatory to have a keyfile (you can also use just a passphrase), it makes more sense to use the already provided metadata space in the last sector. Well, it should be different, otherwise they overwrite the same sector. Ipso facto you should nest providers... ...unless, of course, the two had been designed to use different parts of the last sector for their own purposes, but also to avoid damaging the other's data when altering their own. The geom framework was designed to be _extensible_. It was designed so that it would be possible to combine (nest) different types of geom providers, even if those classes (types of providers) didn't even exist when the framework was designed. Trying to shoehorn all metadata for any combination of geom providers into on 512-byte sector would have severely limited the usability of the geom system. In my opinion the solition of using nested providers each using their own last sector for metadata is simple and elegant and avoids that problem rather nicely. As I've been trying to explain, the 'nesting' of geoms is _precisely_ what avoids the whole issue of damaging each others data. I've got the feeling that you do not 'get' that concept, which lead to your problem. Unfortunately, I don't know how to explain it more clearly. Thanks for the explanation. However, if the key information is stored in the last sector rather than in the key file, then I guess I'm totally confused about how GELI works. The encryption key is _not_ stored in the last sector. That would be unsafe, like locking your front door and leaving the key in the lock. But a part of the information necessary to create the encryption key is. Your keyfile is just one component of the en- / decryption key to unlock the data. They are not the same. You can use one or more keyfile(s), a passphrase or both. You can also have more than one key; a user key and a 'company' or system key. And geli uses a random component when the encryption key is initially created. The metadata sector is the natural place to store some of that info. This is safe because it is in itself not sufficient to create the en- / decryption key. One also need the keyfile and/or passphase. Personally, I would never use only a keyfile; it is not really secure, especially if you leave that key on another unencrypted partition of the same drive! So-called two-factor authentication (something you have [keyfile] and something you know [passphrase]) is much safer. If you really want to know how geli works, as always with free software, the source code is the ultimate reference. :-) Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpOg17AZwPNF.pgp Description: PGP signature
Re: Periodic maintenaince
On Sat, 23 Jan 2010 00:54:33 +0100 Roland Smith rsm...@xs4all.nl wrote: What you could do is prepend the find(1) commands with the nice(1) command, to give the find commands lower priority. E.g. 'find -bla' then becomes '/usr/bin/nice -n 19 find -bla'. Unless there's something under periodic that really needs normal priority, it's easier to modify /etc/crontab so that all periodic tasks run under nice. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: GELI file systems unusable after glabel label operations
On 1/14/10, Scott Bennett benn...@cs.niu.edu wrote: I used glabel label to label each of the file systems I have on external disk drives. Unfortunately, afterward I am now unable to geli attach any of the GELI-encrypted file systems. The system is FreeBSD 7.2-STABLE. Is there a way to get this to work? Or have I just lost everything in the encrypted file systems? hellas# geli attach -k work.key /dev/label/work geli: Cannot read metadata from /dev/label/work: Invalid argument. hellas# ls -lgF /dev/label/ total 0 crw-r- 1 root operator0, 192 Jan 14 00:47 archives crw-r- 1 root operator0, 191 Jan 14 00:47 backupsi crw-r- 1 root operator0, 182 Jan 14 00:47 backupsl crw-r- 1 root operator0, 166 Jan 14 00:47 backupss crw-r- 1 root operator0, 179 Jan 14 00:47 sec crw-r- 1 root operator0, 161 Jan 14 00:47 usrobj crw-r- 1 root operator0, 184 Jan 14 00:47 usrports crw-r- 1 root operator0, 186 Jan 14 00:47 vboxdisk crw-r- 1 root operator0, 181 Jan 14 00:47 work hellas# Any help in recovering the lost data would be deeply appreciated. If that cannot be done, then at least knowing that would keep me from wasting further time on it. Thanks much. Are you aware that tunefs -L will label a device? It is stored as part of the filesystem, instead as a GEOM metadata. So you should be able to get both labeling (/dev/ufs/labelname) and GELI as you are asking for. As for recovering your data, I see other helpful posts in this thread, as I have no additional helpful information to recommend. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Invalid partition table after installation (GOOD NEWS!)
On Fri, Jan 22, 2010 at 04:35:21PM -0600, John wrote: On Fri, Jan 22, 2010 at 11:01:02AM -0600, John wrote: On Fri, Jan 22, 2010 at 08:09:50AM -0600, John wrote: On Fri, Jan 22, 2010 at 07:27:56AM -0600, John wrote: On Fri, Jan 22, 2010 at 06:36:14AM -0600, John wrote: On Fri, Jan 22, 2010 at 08:16:59PM +0800, Fbsd1 wrote: John wrote: On Thu, Jan 21, 2010 at 10:25:26PM +0800, Fbsd1 wrote: John wrote: On Thu, Jan 21, 2010 at 04:38:22PM +0800, Fbsd1 wrote: John wrote: I've tried the modern BIOS geometry and the 255 head geometry. I've ensured that the first slice (boot slice) is smaller than 1.5 Gb. I've tried to figure out what the BIOS thinks the geometry is, but it doesn't seem to want to tell me. At least, I can't find it in the BIOS menu anywhere. When I boot from the CD-ROM with the 255 head geometry, though, it complains about the disk geometry, saying 16h,63s != 255h,63s or something like that - it flies by pretty fast (is there a way to go back and see that from the CD-ROM boot only boot?). I'm using the Standard boot manager, and the entire disk is devoted to FreeBSD. System BIOS version PT84510A.86A.2004.P05 Processor Type: Intel Pentium 4 Processor speed: 2.20Ghz Memory: 512Mb Disk: Primary IDE Master ST380021A (Seagate Barracuda ATA IV 80Gb) Primary IDE Slave: IOMega ZIP 250 Secondary IDE Master: Sony CD-RW CRX19 (what I boot from to install) Secondary IDE Slave: DVD-ROM DDU1621 Boot sequence: 1) ATAPI CD-ROM 2) Hard Drive 3) Removable Dev. Modern BIOS geometry: 155061/16/63 for ad0 calculated geometry: 9729/255/63 for ad0 ad0s1 start=63, size=2875572 ad0s2 start=2875635, size=10217340 ad0s3 start=13092975, size=143203410 unus start=156296384, size=5103 ad0s1a / 384Mb ad0s1d /usr 1Gb ad0s2b SWAP 1Gb ad0s2d /tmp 384Mb ad0s2e /var 512Mb ad0s2f /var/mail 2Gb ad0s2g /usr/ports 1Gb ad0s3d /home/mysql 4Gb ad0s3e /home 50Gb ad0s3f /usr/src 3Gb ad0s3g /usr/obj 3Gb ad0s3h /extra 8483Mb Suggestions, please? I'm making zero headway right now. :( What version of FreeBSD are you running Well, yes, I suppose that would be a good bit of information! What I'm *TRYING* to run is 8.0. It seems to install successfully (of course - after doing all that), but then when I try to boot from the hard drive, I see an otherwise-blank screen that says: Invalid partition table and that's as far as it goes! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org There are reports of this sort of thing caused by 8.0 fdisk when doing a install from scratch over a hard drive that all ready has an older version of Freebsd installed on it. The solution is to force the scratching of the MBR on the disk first before running sysinstall fdisk. Boot a LiveFS CD, then at a root prompt do: sysctl kern.geom.debugflags=16 and: dd if=/dev/zero of=/dev/adx oseek=1 bs=512 count=1 where x equals your drive number. OK. I did exactly that. I confirmed that the second 512 bytes were zero by doing a dd if/dev/ad0 bs=512 count=2 | od -c and everything from 001000 through 002000 was zero. But I still got Invalid partition table after the installation. I guess I should set up one of my other systems as a local mirror. I've done the installation so many time already, and it looks like I'm not done yet! On the 8.0 fdisk/MBR subject. Doing dd if=/dev/zero of=/dev/adx oseek=1 bs=512 count=1 was the solution from another post to the list with subject 'SunFire X2100 fails'. Here is another post that gives more details http://www.freebsd.org/cgi/getmsg.cgi?fetch=322687+326879+/usr/local/ www/db/text/2009/freebsd-questions/20091227.freebsd-questions It seems in 8.0 gpart was introduced and a change was made to fdisk to support its sector o mbr format. 8.0 fdisk and disklabel are now broken. Searching the list archives may shed more light on your problem. Hmmm. This seems to describe a case where fdisk fails to change the slice table. That is
Re: GELI file systems unusable after glabel label operations
On Sat, 23 Jan 2010 02:34:31 +0100 Roland Smith rsm...@xs4all.nl wrote: On Fri, Jan 22, 2010 at 03:08:00AM -0600, Scott Bennett wrote: Why is that stored in the last sector of the device, rather than in the key file? What is the purpose of the key file if not to hold that type of information? The keyfile is user generated, usually just some bytes from /dev/random All geom(4) providers use their last sector to store metadata; it's a design decision. Probably because the first sector(s) are used for boot blocks or filesystem metadata etc. It would have been possible to store the generated key in the user-provided keyfile. But since it is not mandatory to have a keyfile (you can also use just a passphrase), it makes more sense to use the already provided metadata space in the last sector. Having it on the last sector allows the auto-detection of geli partitions. It would be nice to have the option of having the metadata in a separate metadata file instead of the last sector, to allow geli partitions to be indistinguishable from securely erased partitions. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Migration planning - old system to new
Hi, On 23 January 2010 am 01:12:19 John wrote: Now that I've actually gotten the new system to boot, I need to figure out how I'm going to migrate everything - users, data, MySQL, NAT, firewall, apache, DHCP, gateway services BIND, Sendmail, etc., etc from FreeBSD 4.3-RELEASE #0: Thu Jan 22 19:44:16 CST 2004 to FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:48:17 UTC 2009 this is real jump. Bit of a challenge, eh? I have heard that somebody actually landed on the moon? Was it you? Not only that, but I'd like to update my UID scheme from a pre-standard version (most of the UIDs are down in the 100s) to the new convention so that I'm more in-line with the rest of the world. Ok, I cannot imagine how you will do this with the access rights of the files? My rough idea: 1) Create a migrate account in Wheel with home as /var/migrate so that I can do a dump/restore on home without messing things up Are you sure? Use /usr to make sure you will have enough space. 2) Start putting together all the pieces - trying to find update / conversion scripts whenever possible. I think, this would only help if you would go the long way 5.x, 6.x, 7x and finally 8. Setup the new machine, install the applications you need, configure them as close as possible to the original configuration and see what happens. 4) Let people move in, try it out, see how things are 5) Fix everything found in #4 6) Try a cut-over and make sure all the network services work in the middle of the night sometime, then switch back Oh, it is a life system in use while you migrate. Are you able to set the new thing up in parallel? It might be easier for you to run both machines and move first the simple things over. 7) Nuke /home and /var/mail and migrate them again to get the latest version 8) Do the real switch 9) spend a couple of weeks fixing all the things that weren't so disastrous that they got picked up in #4. I think, if you do it service by service, you have a better chance to avoid this. Ideas / scripts / project plans / outlines - whatever? Maybe I should write a chapter for The Complete FreeBSD after surviving this... Yes. It is a Le Must. Erich ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Invalid partition table after installation (GOOD NEWS!)
SNIP OK - my current best theory is that if the Standard boot manager is faced with anything other than exactly 1 bootable slice (partition to it), it defaults to Invalid partition table. I'll bet anyone lunch that this is true. Any takers? I've read before: the standard bootloader looks for the first freebsd slice, and runs it. If there's no bsdlabel partition 'a' then it will have trouble booting. I haven't followed this thread in detail. I briefly saw you had 3 slices defined, is by chance the first slice a nonsystem disk? I'll test my theory tonight and let you all know how it turns out. If this is true, then we should at least post some warnings, if not actually fix the installation process so that if you choose Standard, it helps ensure that you have one and only one bootable slice/partition! Whaddaya think? Well, better it happen to me than someone from another community who is trying us out for the first time... -- John Lind j...@starfire.mn.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Invalid partition table after installation (GOOD NEWS!)
John wrote: On Fri, Jan 22, 2010 at 04:35:21PM -0600, John wrote: On Fri, Jan 22, 2010 at 11:01:02AM -0600, John wrote: On Fri, Jan 22, 2010 at 08:09:50AM -0600, John wrote: On Fri, Jan 22, 2010 at 07:27:56AM -0600, John wrote: On Fri, Jan 22, 2010 at 06:36:14AM -0600, John wrote: On Fri, Jan 22, 2010 at 08:16:59PM +0800, Fbsd1 wrote: John wrote: On Thu, Jan 21, 2010 at 10:25:26PM +0800, Fbsd1 wrote: John wrote: On Thu, Jan 21, 2010 at 04:38:22PM +0800, Fbsd1 wrote: John wrote: I've tried the modern BIOS geometry and the 255 head geometry. I've ensured that the first slice (boot slice) is smaller than 1.5 Gb. I've tried to figure out what the BIOS thinks the geometry is, but it doesn't seem to want to tell me. At least, I can't find it in the BIOS menu anywhere. When I boot from the CD-ROM with the 255 head geometry, though, it complains about the disk geometry, saying 16h,63s != 255h,63s or something like that - it flies by pretty fast (is there a way to go back and see that from the CD-ROM boot only boot?). I'm using the Standard boot manager, and the entire disk is devoted to FreeBSD. System BIOS version PT84510A.86A.2004.P05 Processor Type: Intel Pentium 4 Processor speed: 2.20Ghz Memory: 512Mb Disk: Primary IDE Master ST380021A (Seagate Barracuda ATA IV 80Gb) Primary IDE Slave: IOMega ZIP 250 Secondary IDE Master: Sony CD-RW CRX19 (what I boot from to install) Secondary IDE Slave: DVD-ROM DDU1621 Boot sequence: 1) ATAPI CD-ROM 2) Hard Drive 3) Removable Dev. Modern BIOS geometry: 155061/16/63 for ad0 calculated geometry: 9729/255/63 for ad0 ad0s1 start=63, size=2875572 ad0s2 start=2875635, size=10217340 ad0s3 start=13092975, size=143203410 unus start=156296384, size=5103 ad0s1a / 384Mb ad0s1d /usr 1Gb ad0s2b SWAP 1Gb ad0s2d /tmp 384Mb ad0s2e /var 512Mb ad0s2f /var/mail 2Gb ad0s2g /usr/ports 1Gb ad0s3d /home/mysql 4Gb ad0s3e /home 50Gb ad0s3f /usr/src 3Gb ad0s3g /usr/obj 3Gb ad0s3h /extra 8483Mb Suggestions, please? I'm making zero headway right now. :( What version of FreeBSD are you running Well, yes, I suppose that would be a good bit of information! What I'm *TRYING* to run is 8.0. It seems to install successfully (of course - after doing all that), but then when I try to boot from the hard drive, I see an otherwise-blank screen that says: Invalid partition table and that's as far as it goes! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org There are reports of this sort of thing caused by 8.0 fdisk when doing a install from scratch over a hard drive that all ready has an older version of Freebsd installed on it. The solution is to force the scratching of the MBR on the disk first before running sysinstall fdisk. Boot a LiveFS CD, then at a root prompt do: sysctl kern.geom.debugflags=16 and: dd if=/dev/zero of=/dev/adx oseek=1 bs=512 count=1 where x equals your drive number. OK. I did exactly that. I confirmed that the second 512 bytes were zero by doing a dd if/dev/ad0 bs=512 count=2 | od -c and everything from 001000 through 002000 was zero. But I still got Invalid partition table after the installation. I guess I should set up one of my other systems as a local mirror. I've done the installation so many time already, and it looks like I'm not done yet! On the 8.0 fdisk/MBR subject. Doing dd if=/dev/zero of=/dev/adx oseek=1 bs=512 count=1 was the solution from another post to the list with subject 'SunFire X2100 fails'. Here is another post that gives more details http://www.freebsd.org/cgi/getmsg.cgi?fetch=322687+326879+/usr/local/ www/db/text/2009/freebsd-questions/20091227.freebsd-questions It seems in 8.0 gpart was introduced and a change was made to fdisk to support its sector o mbr format. 8.0 fdisk and disklabel are now broken. Searching the list archives may shed more light on your problem. Hmmm. This seems to describe a case where fdisk fails to change the slice table. That is definitely not my case. The changes certainly get made. The next time I go to retry the installation, it has the information I gave it the previous time. I suppose it is possible that it is putting it (and reading it) in the wrong location, which is why the MBR throws up. The problem is that I have a finite (and smallish) amount of time in which to solve this. It seems like the most expedient route forward at this point may be to try to install 7.2 and see how that goes. OK - well, I just tried with 7.2. I got exactly the same results. After what seems like a successful installation, I try to boot from the hard disk and get Invalid partition table. Should I try Boot Manager? Could that make a difference? Is it possible that this combination of BIOS, processor, disk drive, etc., just isn't going to to do for me? I can't just keep throwing hours at this problem. --
Re: need help with the last-two-ports!
On Sat, Jan 23, 2010 at 12:05:39AM +0100, Polytropon wrote: On Thu, 21 Jan 2010 19:33:09 -0800, Gary Kline kl...@thought.org wrote: surprised how many things depend on that nspr... wow. It seems to be because many other things depend on Netscape (or the corresponding HTML renderer or who knows what); from the port's description: Netscape Portable Runtime (NSPR) provides a platform-neutral API for system level and libc like functions. The API is used in the Mozilla client, many of Netscape/AOL/iPlanet's and other software offerings. So why port software complicatedly to FreeBSD when all the OS-specific stuff can be abstracted by another port? :-) It wasn't until I checked into the tests that I started to get a clue; and since i never checked into the code, I can't say that much. But if these functions were to be a kind of libc that compiled and ran Everywhere, these guys deserve five gold stars. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... -- Gary Kline kl...@thought.org http://www.thought.org Public Service Unix http://jottings.thought.org http://transfinite.thought.org The 7.79a release of Jottings: http://jottings.thought.org/index.php ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
libpthread.so.0 not found ...
Hi I'm using 8.0-p2 with the linux f10 flashplugin used with firefox 35. I did a fresh install a few days ago. So far, ive not noticed any problems when viewing flash sites, the only thing Im unsure about is the following error message i get in my ~/.xsession-errors file (or on the console when not in x): LoadPlugin: failed to initialize shared library /usr/local/lib/npapilinux-f10-flashplugin/libflashplayer.so [Shared object libpthread.so.0 not found, required by libflashplayer.so] This library is on my system, in /usr/compat/linux/lib/libpthread.so.0. Its simlinked to libpthread-2.9.so. So, I wondered, as this library is on my system what could the cause of the error, and how can I fix it? Jamie ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: make delete-old make delete-old-libs
Matthew Seaman wrote: mikel king wrote: I had a system that was royally borked after upgrading and completing these steps a few years ago. Ever since I have always skipped these steps. Has anyone else experienced any issues with these two steps? What do you mean by borked? If you mean that you had to temporarily take it out of service while you rebuilt ports and other software, and adjusted configuration files, well, that is probably to be expected during a major upgrade. make delete-old-libs can cause you much wailing and gnashing of teeth if you do it too soon, but usually only when you're doing a major version upgrade. In those circumstances, unless you're careful, all or large parts of your software installed from ports will cease to work. Delete the old libraries only once you've finished reinstalling all of your ported software. Major version upgrades are one of the few times when there will be old shlibs to consider deleting, so this is a rare event. On the whole, I think it is better to remove all of the old files, libraries, and ports first, and only then rebuild in a clean sandbox, rather than run the risk of including an old header or linking to an old base system library that will soon be discarded. In any event, if you must keep old ports around, at least temporarily, in most cases you can still use them if you have the appropriate COMPAT_FREEBSD? options in your kernel, and the corresponding misc/compat?x ports installed. And for other cases you can use libmap.conf(5). So you may as well run make delete-old-libs before rebuilding ports. make delete-old can theoretically cause you grief if you overwrite bits of the base system from ports and set corresponding WITHOUT_FOO flags in /etc/src.conf. On the whole, having ports overwrite base is something to be avoided unless you have very good reason to do it. Indeed. Whether this will sting you or not is an interesting question: it depends on developers adding files and directories to the list of old items conditionally on defining WITHOUT_FOO type flags in /etc/src.conf. While this has the intuitively attractive behaviour that doing a buildworld cycle removes the unwanted programs or libraries, unfortunately it doesn't stop there. It will remove your carefully installed ported software the following time you do a buildworld cycle. For this reason, settings in src.conf do not generally affect the list of old files and directories nowadays. This is wrong: they often do. To see if the files you have may be affected by options in src.conf, look at /usr/src/tools/build/mk/OptionalObsoleteFiles.inc, or run 'make check-old'. And if you are using -CURRENT, be aware that this file is now being updated. In any event, make-delete-old-[libs] is interactive, if you have not defined BATCH_DELETE_OLD_FILES, and you can choose to prevent some files from being removed on the command-line. And of course, you are not obliged to run these targets, but you are probably better off doing so, or cleaning your base system by other means, to avoid pollution. If you've files or links in directories normally reserved for the base system that you want to preserve, you could just write a script to use find(1) to look for files, directories, or links that are older than your freshly-installed files in these directories, ignore those you want to keep, and delete the rest. Some parts of the base system, particularly some header files, are installed with old timestamps, but you can just run make installworld again after running your script, and your base system will be then be clean and up-to-date. b. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sysinstall and the Right Terminal
Polytropon writes: What about using $TERM = xterm or cons25 (or cons25l1)? Thank you! I tried cons25 first and it worked very well. Since I am still actually receiving via the linux terminal definition, I was surprised it worked as well as it does. The cons25 must use many of the same escape sequences that vt100 style terminals do. The arrows appeared to work and the screen seemed to be formatted well enough. I left $TERM set to cons25 and tried vi on a file. It started out okay but some of the escape sequences are not compatible as things soon got messy. Even so, it is nice to know that sysinstall can be remotely run without too much strangeness. Martin McCormick WB5AGZ Stillwater, OK Systems Engineer OSU Information Technology Department Telecommunications Services Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Unable to find device node for /dev/ad0s1b in /dev!
Unable to find device node for /dev/ad0s1b in /dev! help me please ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Cannot boot FreeBSD (8.0) from USB stick (Dell Inspiron 9400)
In freebsd-questions Digest, Vol 294, Issue 12, Message 1 On Fri, 22 Jan 2010 18:59:00 +0100 Christoph Kukulies k...@kukulies.org wrote: Here is some more info: The file I copied to the USB stick was ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/ISO-IMAGES/8.0/8.0-RELEASE-i386-memstick.img Actually, I don't remember how I got the image to the USB stick. I believe I used a free tool from HP from within Windows XP. This is likely your problem. As on the release page referring to this image (but substituting i386 for amd64) it should have been made using: # dd if=8.0-RELEASE-i386-memstick.img of=/dev/da0 bs=10240 conv=sync This works; I've no idea what a HP windows tool might do instead, though your fdisk below may offer clues; certainly the cylinders/heads/sectors arrangement seems wrong for a disk made from this image by dd as above. kernel messages at the time usb stick is inserted: ugen4.3: USB 2.0 at usbus4 umass0: USB 2.0 Flash Disk, class 0/0, rev 2.00/1.10, addr 3 on usbus4 umass0: SCSI over Bulk-Only; quirks = 0x umass0:1:0:-1: Attached to scbus1 (probe0:umass-sim0:0:0:0): TEST UNIT READY. CDB: 0 0 0 0 0 0 (probe0:umass-sim0:0:0:0): CAM Status: SCSI Status Error (probe0:umass-sim0:0:0:0): SCSI Status: Check Condition (probe0:umass-sim0:0:0:0): UNIT ATTENTION asc:28,0 (probe0:umass-sim0:0:0:0): Not ready to ready change, medium may have changed (probe0:umass-sim0:0:0:0): Retrying Command (per Sense Data) da0 at umass-sim0 bus 0 target 0 lun 0 da0: USB 2.0 Flash Disk PMAP Removable Direct Access SCSI-0 device da0: 40.000MB/s transfers da0: 1921MB (3935000 512 byte sectors: 255H 63S/T 244C) GEOM: da0: media size does not match label. While mine is only a 1GB stick, it shows an entirely different geometry, with 1MB per cylinder. da0: 967MB (1981440 512 byte sectors: 64H 32S/T 967C) # fdisk /dev/da0 *** Working on device /dev/da0 *** parameters extracted from in-core disklabel are: cylinders=244 heads=255 sectors/track=63 (16065 blks/cyl) Here instead fdisk /dev/da0 sees: cylinders=967 heads=64 sectors/track=32 (2048 blks/cyl) # fdisk /dev/da0 *** Working on device /dev/da0 *** parameters extracted from in-core disklabel are: cylinders=244 heads=255 sectors/track=63 (16065 blks/cyl) parameters to be used for BIOS calculations are: cylinders=244 heads=255 sectors/track=63 (16065 blks/cyl) Media sector size is 512 Warning: BIOS sector numbering starts with sector 1 Information from DOS bootblock is: The data for partition 1 is: UNUSED The data for partition 2 is: UNUSED The data for partition 3 is: UNUSED The data for partition 4 is: sysid 165 (0xa5),(FreeBSD/NetBSD/386BSD) start 0, size 5 (24 Meg), flag 80 (active) beg: cyl 0/ head 0/ sector 1; end: cyl 1023/ head 254/ sector 63 The reason fdisk (bogusly) shows this as slice 4 is that this image is so-called 'dangerously dedicated' to FreeBSD, ie it is an unsliced disk, and needs to be mounted as /dev/da0a (not da0s1a or da0s4a). It contains a bsdlabel allocating 16 sectors for boot code (/boot/boot1 and /boot/boot2) with partition 'a' beginning at offset 16 (8KB). It boots just fine (though slowly as a 4x CDROM :) on my 2002 IBM Thinkpad T23 with only USB 1.0, after having promoted it in the BIOS boot order. I suggest remaking the image using dd exactly as above and trying that. cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Unable to find device node for /dev/ad0s1b in /dev!
insecur...@malandrines.net wrote: Unable to find device node for /dev/ad0s1b in /dev! help me please $ grep ad /var/run/dmesg.boot Is /dev/ad0 there? /dev/ad0s1b ? Do you have SCSI disks instead? A RAID? Kevin Kinsey ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Failed to Load Kernel
The issue was in my BIOS, of all places. I was going to see if I could do install from a Gentoo LiveCD from April 2k8, and it kept on hanging near the beginning and lighting up all the lights on my keyboard (caps, num and scroll lock). So I went into the BIOS, loaded optimized defaults, changed a few things I really needed (usb keyboard on startup, for one) and viola! I was able to install. Now I'm getting the same irksome message as the other gentleman about an invalid partition. Going to delete all the partitions I created, recreate and install bootmgr instead of just a normal MBR. Thanks for all the help. (: -- PIT Emails are not formal business letters, whatever businesses may want. signature.asc Description: OpenPGP digital signature
Re: Invalid partition table after installation (GOOD NEWS!)
In freebsd-questions Digest, Vol 294, Issue 12, Message 19 On Fri, 22 Jan 2010 16:35:21 -0600 John j...@starfire.mn.org wrote: [..] OK! Well! Good news! After a sort. I switched to BootMgr, and it came right up with 8.0! Slight downside - extra prompt during boot, and of course, it offers me all three slices, when I only need to boot from one. See boot0cfg(8); you can specify which slice/s are offered by the boot menu, from none to four, and you can specify the delay in ticks (~1/18 second). I'm not sure if 0 is a valid delay, but 1 is not very long. Is that's what's wrong with Standard MBR? Are all three FSD partitions (type 165) marked bootable and that's upsetting it? Can I change it so only one of them is marked bootable? See fdisk(8) -a switch. I expect this would clear other active flags. Anyway, it appears that there is a problem with the Standard MBR boot. I don't think I was doing anything that unnatural - I wanted quite a few file systems, so I used multiple slices, both to keep the boot slice below 1.5Gb and to be able to support all the file systems I wanted, and maybe that's what upset it. I don't know. All I know is that Standard MBR didn't work, and BootMgr does. I'm willing to spend SOME time trying to debug / fix this for the good of the community and the next poor sucker who comes along behind me, but I need to move somewhat quickly. I actually plan to use this machine! OK - my current best theory is that if the Standard boot manager is faced with anything other than exactly 1 bootable slice (partition to it), it defaults to Invalid partition table. I'll bet anyone lunch that this is true. Any takers? Perhaps. Certainly only one should be set active at boot time, either statically or by being chosen by a boot menu. I'll test my theory tonight and let you all know how it turns out. If this is true, then we should at least post some warnings, if not actually fix the installation process so that if you choose Standard, it helps ensure that you have one and only one bootable slice/partition! Whaddaya think? sysinstall (fdisk) lets you toggle the active flag while slicing the disk. You're supposed to have set one (and only one) active there, and you've already chosen which slice you want to install to, though I agree that selecting Standard boot sector might check for one active slice. Well, better it happen to me than someone from another community who is trying us out for the first time... All good grist for the achives .. OK, so here's the update so far. It was, indeed, the case that all three slices (partitions) were marked as active (bootable), to wit: The data for partition 1 is: sysid 165 (0xa5),(FreeBSD/NetBSD/386BSD) start 63, size 2883825 (1408 Meg), flag 80 (active) beg: cyl 0/ head 1/ sector 1; end: cyl 1023/ head 15/ sector 63 The data for partition 2 is: sysid 165 (0xa5),(FreeBSD/NetBSD/386BSD) start 2883888, size 10224144 (4992 Meg), flag 80 (active) beg: cyl 1023/ head 255/ sector 63; end: cyl 1023/ head 15/ sector 63 The data for partition 3 is: sysid 165 (0xa5),(FreeBSD/NetBSD/386BSD) start 13108032, size 143193456 (69918 Meg), flag 80 (active) beg: cyl 1023/ head 255/ sector 63; end: cyl 1023/ head 15/ sector 63 The data for partition 4 is: UNUSED So - I used dd to make a copy of the MBR, and wrote a C program to interpret it and clear the other two flags. Once I was satisfied with that, I used the sysctl from earlier in the thread (which I assume allows me to actually change things) and dd to put the modifed mbr back in place on sector 0. Now fdisk reports The data for partition 1 is: sysid 165 (0xa5),(FreeBSD/NetBSD/386BSD) start 63, size 2883825 (1408 Meg), flag 80 (active) beg: cyl 0/ head 1/ sector 1; end: cyl 1023/ head 15/ sector 63 The data for partition 2 is: sysid 165 (0xa5),(FreeBSD/NetBSD/386BSD) start 2883888, size 10224144 (4992 Meg), flag 0 beg: cyl 1023/ head 255/ sector 63; end: cyl 1023/ head 15/ sector 63 The data for partition 3 is: sysid 165 (0xa5),(FreeBSD/NetBSD/386BSD) start 13108032, size 143193456 (69918 Meg), flag 0 beg: cyl 1023/ head 255/ sector 63; end: cyl 1023/ head 15/ sector 63 The data for partition 4 is: UNUSED So - there's only ONE active partition, but it still has bootmgr. Well I'm sure it was fun writing a program, but fdisk -a should do :) I have used dd and cat to manufacture a new boot record from /boot/mbr and the parition (slide) table I've modified, and I'm tempted to put THAT in place over this one, but I'm afraid of what that might mean - are there other changes to the structure of the disk that I need to make to switch from BootMgr to the Standard
Re: Invalid partition table after installation (GOOD NEWS!)
On Sat, Jan 23, 2010 at 05:34:10PM +1100, Ian Smith wrote: In freebsd-questions Digest, Vol 294, Issue 12, Message 19 On Fri, 22 Jan 2010 16:35:21 -0600 John j...@starfire.mn.org wrote: [..] OK! Well! Good news! After a sort. I switched to BootMgr, and it came right up with 8.0! Slight downside - extra prompt during boot, and of course, it offers me all three slices, when I only need to boot from one. See boot0cfg(8); you can specify which slice/s are offered by the boot menu, from none to four, and you can specify the delay in ticks (~1/18 second). I'm not sure if 0 is a valid delay, but 1 is not very long. Is that's what's wrong with Standard MBR? Are all three FSD partitions (type 165) marked bootable and that's upsetting it? Can I change it so only one of them is marked bootable? See fdisk(8) -a switch. I expect this would clear other active flags. Anyway, it appears that there is a problem with the Standard MBR boot. I don't think I was doing anything that unnatural - I wanted quite a few file systems, so I used multiple slices, both to keep the boot slice below 1.5Gb and to be able to support all the file systems I wanted, and maybe that's what upset it. I don't know. All I know is that Standard MBR didn't work, and BootMgr does. I'm willing to spend SOME time trying to debug / fix this for the good of the community and the next poor sucker who comes along behind me, but I need to move somewhat quickly. I actually plan to use this machine! OK - my current best theory is that if the Standard boot manager is faced with anything other than exactly 1 bootable slice (partition to it), it defaults to Invalid partition table. I'll bet anyone lunch that this is true. Any takers? Perhaps. Certainly only one should be set active at boot time, either statically or by being chosen by a boot menu. I'll test my theory tonight and let you all know how it turns out. If this is true, then we should at least post some warnings, if not actually fix the installation process so that if you choose Standard, it helps ensure that you have one and only one bootable slice/partition! Whaddaya think? sysinstall (fdisk) lets you toggle the active flag while slicing the disk. You're supposed to have set one (and only one) active there, and you've already chosen which slice you want to install to, though I agree that selecting Standard boot sector might check for one active slice. Well, better it happen to me than someone from another community who is trying us out for the first time... All good grist for the achives .. OK, so here's the update so far. It was, indeed, the case that all three slices (partitions) were marked as active (bootable), to wit: The data for partition 1 is: sysid 165 (0xa5),(FreeBSD/NetBSD/386BSD) start 63, size 2883825 (1408 Meg), flag 80 (active) beg: cyl 0/ head 1/ sector 1; end: cyl 1023/ head 15/ sector 63 The data for partition 2 is: sysid 165 (0xa5),(FreeBSD/NetBSD/386BSD) start 2883888, size 10224144 (4992 Meg), flag 80 (active) beg: cyl 1023/ head 255/ sector 63; end: cyl 1023/ head 15/ sector 63 The data for partition 3 is: sysid 165 (0xa5),(FreeBSD/NetBSD/386BSD) start 13108032, size 143193456 (69918 Meg), flag 80 (active) beg: cyl 1023/ head 255/ sector 63; end: cyl 1023/ head 15/ sector 63 The data for partition 4 is: UNUSED So - I used dd to make a copy of the MBR, and wrote a C program to interpret it and clear the other two flags. Once I was satisfied with that, I used the sysctl from earlier in the thread (which I assume allows me to actually change things) and dd to put the modifed mbr back in place on sector 0. Now fdisk reports The data for partition 1 is: sysid 165 (0xa5),(FreeBSD/NetBSD/386BSD) start 63, size 2883825 (1408 Meg), flag 80 (active) beg: cyl 0/ head 1/ sector 1; end: cyl 1023/ head 15/ sector 63 The data for partition 2 is: sysid 165 (0xa5),(FreeBSD/NetBSD/386BSD) start 2883888, size 10224144 (4992 Meg), flag 0 beg: cyl 1023/ head 255/ sector 63; end: cyl 1023/ head 15/ sector 63 The data for partition 3 is: sysid 165 (0xa5),(FreeBSD/NetBSD/386BSD) start 13108032, size 143193456 (69918 Meg), flag 0 beg: cyl 1023/ head 255/ sector 63; end: cyl 1023/ head 15/ sector 63 The data for partition 4 is: UNUSED So - there's only ONE active partition, but it still has bootmgr. Well I'm sure it was fun writing a program, but fdisk -a should do :) I have used dd and cat to manufacture a new boot record from /boot/mbr and the parition (slide) table I've modified, and I'm tempted to put THAT in place over
Re: How to troubleshoot a frozen boot sequence
Nathan Vidican wrote: To me, it sounds like you have two issues to deal with here: #1 - booting off of the twed0 disk, what is your systems' BIOS currently set to boot from, from the way you describe it's almost as if the system is booting from ad0 - in which case yes, you will have to put a valid boot config onto twed0 I feel that I have run across a common and old SCSI v IDE battle (The FreeBSD Handbook still talks about it). Even though I make the drive controller (the twe = 3Ware SATA controller) as my first boot drive in BIOS (effectively 0x80 as I understand it), FreeBSD does not ever pay attention to the BIOS's numerical order. (See my reason below*) It wants to find stuff on ad0 and boot that drive if it exists. My supposition is that since I had twe0 and ad0 running during my 7.2 install, that the correct drive partition and MBR stuff were applied to get it to boot AS-IS, but... When it is not as it is now, It freezes at the boot loader, attempting to find ad0. It is either a. Finding ad0 in fstab and really wishing it was there or b. The boot strap code is physically on ad0 and not twed0 because the Sysinstall process never wrote it there. I think it is b. If b, the boot process may be: Stage 1: BIOS picks twe0 to be the first drive to attempt a boot. Stage 2: MBR (boot 0) -- located on twe0 Stage 3: boot1 -- located on twed0 (BTX Boot Loader?) Stage 4: boot2 -- located on ad0 (FreeBSD/i386 bootstrap loader 1.1?) Stage 5: Boot Loader -- shows menu on twed0s1a Stage 6: Kernel boots up on twed0s1a And so when I remove ad0 to simulate a backup drive failure, the stage 4 tries to run a missing bootstrap loader from twed0. Stage 4: boot2 -- missing on twed0, system hangs. I think this is happening because it is the BTX loader which may find and concatenate the BIOS drives, getting confused, and switching the boot to ad0 for just the one stage that finishes the bootstrap. I think one solution is to (next time) not install my backup drive until after Sysinstall is long done! I think it's a sysinstall bug, some of this. * My Reason for saying that is my guess that the sysinstall program saw the ad0 as something important, and included it in the chain of the boot. For example, when I was done SLICING my drives in Sysinstall, the silly thing then got the w write command and went out there and made some (wrong) decisions under the assumption that ad0 would NATURALLY (via BIOS) be part of the boot process. So the right code never got written to twe0 in the right places. Sure, it got all the kernel and I told it to put a standard FreeBSD MBR, but it must be missing something on track 0. #2 - you could add the flag 'noauto' to ad0 from within fstab - this will allow the system to boot without mounting the disk (alleviating the dreaded single-user-mode). Use a startup script in /usr/local/etc/rc.d to then mount the disk if available on bootup. I've done similar setups to this before where we were using external USB drives for backup and weren't 100% sure they'd always be connected in the case a server might be rebooted - worst case, you'll end up with it not mounted, but the system will still be up at least. I will give it a try. I need to do something to correct this second issue for certain. My ad0 is a good spare, but it's old. -- Nathan Vidican nat...@vidican.com mailto:nat...@vidican.com On Fri, Jan 22, 2010 at 12:53 PM, Billy Newsom bi...@nlcc.us mailto:bi...@nlcc.us wrote: I am doing a test run on a production server. It has 2 hard drives. ad0 (mounted on /disk250 in a single slice plus SWAP) twed0 (mounted on / /var /usr and a SWAP) The twed0 is a hardware mirror and my main drive. ad0 is just for backups. What the issue is, and you probably know where I'm heading. The boot process freezes if I remove the ad0 (to test a drive failure condition) It freezes after saying: BTX boot loader etc. FreeBSD/i386 bootstrap loader 1.1 It spins for a second, then stops... unless I have ad0 in the computer. /boot/kernel/kernel text=0x7b03a0 data=0xcdee0 / And it never gets to the boot menu. So: 1. Should I put a new boot0config on the twed0 drive? If so do I boot from a CD to do that? I need to potentially do something also to my disk labels and my fstab so that I don't boot to single user mode if drive ad0 fails. I haven't done this exact type of thing before, so I am looking for a little help. my fstab: /dev/ad0s1b noneswapsw 0 0 /dev/twed0s1b noneswapsw 0 0 /dev/twed0s1a / ufs rw 1 1 /dev/ad0s1d /disk250ufs rw 2 2 /dev/twed0s1e /tmpufs rw 2 2 /dev/twed0s1f
