Re: [#24506597] apache 2.2.15_7 upgrade fails
Hi, Let us know the server IP in question, along with the root login details so we could check further. -- Best Regards Jim Server Engineer Hosting Services, Inc. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache web server being attacked
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 19/05/2010 04:55:26, Aiza wrote: I take a totally different approach to this problem for my production web sites. This is the result of people running scripts that roll through a large block of ip address scanning each ip address for open [STANDARD\] ports, and when they find port 80 open, they then attack the web server. The simple solution is not to have your web server use the standard port 80. Your web site is not know by it's ip address but by it's url (ie; www.domain-name.com.). My domain name register has option to associate my www.domain-name.com with any port number I want to use at the specified ip address. This way my web site has total access by anyone who knows it's URl, the URL is scanned by yahoo and google indexing bot and becomes know to the public. Nobody knows or cares that the web site is not using port 80. I then close inbound port 80 in my firewall thus locking out all the script kiddies who run the port scan on standard ports. This method has worked for me the last 10 years without ever having my production web servers attacked. Sure some nay sayers will counter by saying all the scanners have to do is scan all the ports. Yah sure that can be done, but in 10 years it has never occurred. If the URL for your site is http://www.domain-name.com/ then any client that attempts to access it will try to connect to port 80. That's the point of having well known ports. Now, you can explicitly state a different port in the URL: http://www.domain-name.com:8080/ but this is generally only useful amongst a closed group of users: the general public will on the whole just get confused, so it's not often encountered on general access websites. Your domain registrar can't control anything to do with port numbers. For some unknown reason this is a common misconception, particularly among management types. The DNS only associates hostnames with ip numbers and vice versa[*]. Now, it may be the case that your server is behind some sort of NAT/PAT gateway or HTTP reverse proxy, and that locally you are running apache bound to some arbitrary port numbers. Which is fine, but unless you are specifically telling people to use a different port in your URLs, then the world at large is accessing your site through port 80. Which means that port scanners can certainly find it and attempt to attack it. Guess what? Because the attacks are in the form of valid HTTP queries, they'd go straight through any sort of port address translation just like your normal traffic. What I think you're actually doing is that all your web sites use name based virtual hosts. So a query to the IP number of your server gets directed to a different bit of the apache config (and probably rejected) compared to a query to a site by name. That's actually a pretty good design, and if you combine it with a reverse proxy which knows about what hosts and URLs should be behind it, you can filter out a lot of bad traffic very effectively before it gets anywhere near your real web server. Cheers, Matthew [*] I speak loosely. That's the way it works for the HTTP(S) protocol used by websites. For some more recently specified protocols like XMPP the situation is different. - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvzrt8ACgkQ8Mjk52CukIwnyACdFFVhVuGjxebfZXpHG1zfGUaY 0HYAnAiqXjsT2XowGUNpYdjfDZg2UhPT =2Drn -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [#24506597] apache 2.2.15_7 upgrade fails
dedica...@midphase.com wrote: Hi, Let us know the server IP in question, along with the root login details so we could check further. And, of course, since this content is currently being mirrored on the public mailing list freebsd-questions it will be publicly available. While most of the true list users are professionals who would not abuse such information, that cannot be said for all the people who may come across such publicly available information. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [#24506597] apache 2.2.15_7 upgrade fails
Hi, Please let us know if there is anything we could assist you with, thanks. -- Best Regards Jim Server Engineer Hosting Services, Inc. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: using automounter (automatically mounting USB drives)
To enable it at system startup, you must add the following line to /etc/rc.conf : automounter_enable=YES --- En date de : Mar 18.5.10, David DEMELIER demelier.da...@gmail.com a écrit : De: David DEMELIER demelier.da...@gmail.com Objet: Re: using automounter (automatically mounting USB drives) À: Eitan Adler li...@eitanadler.com Cc: freebsd-questions@freebsd.org Date: Mardi 18 mai 2010, 21h07 2010/5/18 Eitan Adler li...@eitanadler.com: How can I automatically mount USB drives when I plug them in? I found a program sysutils/automounter which appears to create a link /media/msdosfs/USB20FD but doesn't actually mount anything. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org I don't know sysutils/automounter, but the COMMENT= Provides scripts to dynamically configure amd would means that it only prepare the devices entries to be used by the amd(8) daemon (amd — automatically mount file systems) Take a look at the amd(8) manpage (I can't help you I never used it) and the rc.conf(5) to enable it. -- Demelier David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
7.0/i386 to 8.0/amd64 - gmirror/gstripe migration
Hi! I am planning to move from 7.0-REL-i386 to 8.0-REL-amd64 in the near future. My OS drive is a single ata-133 80gb drive, and my data drives are four 1.5TB SATA drives. 6TB total, configured as 2x 3TB 'gstripe' volumes, and I am using gmirror to mirror those gstripe volumes. I hope that makes sense. In any case, I'd like to just unplug the drives, do my upgrade, plug the drives back in, and startup the array as I have in 7.0.I'm planning to just do a fresh install of 8.0 on a new SATA 80GB drive and make that my new OS drive. Does anyone foresee any serious problems with this plan? I know doing a whole version upgrade can sometimes introduce bugs when dealing with old setups, so I just want to cover my bases prior to the work. I am backing up this system to another system, so if I end up losing the data or having to rebuild the array, that's fine, it just sucks having to copy the 2TB of data over the wire afterward. Thanks for your help! ++AMARU ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
tar and --include
A few days ago, I asked about the --include directive in tar after things didn't quite work the way the man page seemed to indicate. One might get the impression that if --include or --include='*pattern*' was added to a tar command, tar would only archive what was in the pattern and not archive everything as its default operation. What I discovered was that --include doesn't appear to do anything at all. The example in the man page shows using it to filter an existing archive and make a tar file of what was in the existing archive that also matched the pattern. I never tried that since that is not what was needed here. What turned out to work very well was to use the feature in tar that lets one exclude a whole list of patterns in a designated file. You just put in what shouldn't be in the archive and it appeared to work fine. The --include directive only seems to exist in the FreeBSD form of tar. I tried a Linux system's tar man page and it is not there but both support the -X path/filename for a list of exclusion patterns. Martin McCormick WB5AGZ Stillwater, OK Systems Engineer OSU Information Technology Department Telecommunications Services Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Help With pptpclient Setup
I'm using FBSD 8.0-STABLE and trying to connect to a Cisco VPN at work. Windows PCs connect with the basic Microsoft dial-up networking client. Thus I assume pptpclient is my answer for FBSD. My work network is a class B but it's used as 254 class C networks. The vpn server address is part of that class B network. The VPN server gives me a class C address. Let's use these addresses as an example: 10.0.18.10 is the VPN server 10.0.206.150/24 is the IP address my client will be given 10.0.0.0/16 is my entire work network. I've followed examples at http://www.freebsddiary.org/pptp.php and http://www.freebsd.org/doc/en/books/handbook/userppp.html. My ppp.conf file looks like this: default: set log Phase Chat LCP IPCP CCP tun command ident user-ppp VERSION (built COMPILATIONDATE) WORK: set authname myusername set authkey mypassword set timeout 0 set ifaddr 0 0 add 10.0.206.0/24 HISADDR alias enable yes /var/log/message shows this when trying to make a connection: May 19 08:50:34 vm pptp[89300]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated May 19 08:50:34 vm pptp[89305]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request' May 19 08:50:34 vm pptp[89305]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply May 19 08:50:34 vm pptp[89305]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established. May 19 08:50:35 vm pptp[89305]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request' May 19 08:50:35 vm pptp[89305]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply. May 19 08:50:35 vm pptp[89305]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 34636). May 19 08:50:36 vm kernel: tun0: link state changed to UP May 19 08:50:36 vm ppp[89300]: tun0: Warning: The alias command is deprecated May 19 08:51:35 vm pptp[89305]: anon log[logecho:pptp_ctrl.c:677]: Echo Request received. May 19 08:51:35 vm pptp[89305]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 6 'Echo-Reply' The above lasts for a minute or two and then: May 19 08:52:56 vm pptp[89305]: anon log[pptp_read_some:pptp_ctrl.c:551]: read error: Operation timed out May 19 08:52:56 vm pptp[89305]: anon log[callmgr_main:pptp_callmgr.c:258]: Closing connection (shutdown) May 19 08:52:56 vm pptp[89305]: anon log[pptp_send_ctrl_packet:pptp_ctrl.c:622]: write error: Broken pipe May 19 08:52:56 vm pptp[89305]: anon log[call_callback:pptp_callmgr.c:79]: Closing connection (call state) May 19 08:52:56 vm pptp[89305]: anon log[pptp_read_some:pptp_ctrl.c:551]: read error: Bad file descriptor May 19 08:52:56 vm ppp[89300]: tun0: Warning: deflink: Unable to set physical to speed 0 May 19 08:52:56 vm ppp[89300]: tun0: Warning: deflink: Unable to set physical to speed 0 May 19 08:52:56 vm ppp[89300]: tun0: Warning: deflink: tcsetattr: Unable to restore device settings May 19 08:52:56 vm kernel: tun0: link state changed to DOWN May 19 08:52:56 vm kernel: pid 89305 (pptp), uid 0: exited on signal 11 (core dumped) Before core dump above, route table shows: # netstat -rn Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default192.168.1.2UGS 8 2203286em0 127.0.0.1 link#6 UH 044531lo0 10.0.18.10 link#7 UHS 0 176240 tun0 10.0.206.0/24 159.145.18.10 UGS 00 tun0 10.0.206.150link#7 UHS 00lo0 192.168.1.0/24 link#2 U 6 10627552em0 192.168.1.6link#2 UHS 00lo0 And ifconfig shows tun0 as: tun0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST metric 0 mtu 1498 options=8LINKSTATE inet 10.0.206.150 -- 10.0.18.10 netmask 0x Opened by PID 89300 So what am I doing wrong? I suspect routing is an issue. Wouldn't I need a route that points all 10.0.0.0/16 traffic to tun0 but another route that specifically sends 10.0.18.10/32 to my default gateway of 192.168.1.2? And if so, how do I properly specify that in my ppp.conf? Thanks, Drew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: natd in 8.1
I haven't had a chance to work on this yet. I'll be out of town for a little while, and will update the thread upon my arrival. Thanks. Casey - Коньков Евгений kes-...@yandex.ru wrote: Здравствуйте, Casey. What does natd with '-v' options shows? what is aliasing? You must bind natd to external interface NEVER DO: any to any divert!!! NOTICE: no traffice go through this rule CS 05000 00 divert 8668 ip from any to any out via fxp0 NEVER DO: open firewall because of security reasons CS 0500129 1484 allow ip from any to any All 'ALLOW' rules are useless! because of 5001 rule You drop all traffic before divert ;-) this make me confused a little CS 04000 75224282 deny log logamount 1 ip from any to any CS 05000 00 divert 8668 ip from any to any out via fxp0 NOTICE: CS 0120029 1484 skipto 5000 ip from 192.168.1.0/24 to any out via fxp0 setup keep-state maybe there some bugs in ipfw, try 4999 Please post where problem were for other readers with same question thank Вы писали 18 мая 2010 г., 18:51:10: CS I recently rebuilt a server from 7.x to 8.x. Using the exact CS same firewall natd config, natd appears not to be aliasing the CS private address when the traffic leaves the external interface. CS When sniffing traffic w/ tcpdump, I see the private address as the CS source address on the outbound request. CS e.g. CS 192.168.1.1 = internal source of request CS 74.75.76.77 = public address (website) CS 12.13.14.15 = CSInternalExternal 192.168.1.10 - 74.75.76.77(NAT) 192.168.1.10 - 74.75.76.77 CS Rather than it should be: CSInternalExternal 192.168.1.10 - 74.75.76.77(NAT) 12.13.14.15 - 74.75.76.77 CS Watching natd with ktrace shows that no traffic gets passed to CS natd when the source is internal, however external traffic passes through it. CS Firewall config: CS --- CS 00200 11946 3204818 allow ip from any to any via lo0 CS 00300 00 deny ip from any to 127.0.0.0/8 CS 0030110 528 deny ip from any to 74.94.69.225 dst-port 445 CS 00302 1 78 deny ip from any to 74.94.69.225 dst-port 137 CS 00303 9 544 deny ip from any to 74.94.69.225 dst-port 135 CS 00304 00 deny ip from 224.0.0.0/4 to any via fxp0 CS 00305 67118788 deny ip from any to 224.0.0.0/4 via fxp0 CS 01000 9093 1158436 allow ip from any to any via em0 CS 01050 51045 5205047 divert 8668 ip from any to any in via fxp0 CS 01100 00 check-state CS 01100 69183 83429465 allow ip from me to any CS 0120029 1484 skipto 5000 ip from 192.168.1.0/24 to any out via fxp0 setup keep-state CS 01201 00 skipto 5000 udp from 192.168.1.0/24 to any out via fxp0 keep-state CS 01202 45002 4690467 allow ip from any to any established CS 01800 142172620 allow tcp from any to me dst-port 20,21,53,76,80,123,443 CS 01900 3 194 allow ip from 216.251.112.0/24,208.95.100.4 to any CS 02000 530 127559 allow udp from any 53 to any CS 02100 83459414 allow udp from any to any dst-port 53 CS 02150 1930 146680 allow udp from any 123 to me dst-port 123 CS 02200 46839312 allow icmp from any to any icmptypes 0,3,11 CS 04000 75224282 deny log logamount 1 ip from any to any CS 05000 00 divert 8668 ip from any to any out via fxp0 CS 0500129 1484 allow ip from any to any CS 65535 00 deny ip from any to any CS --- CS natd.conf CS --- CS use_sockets CS same_ports CS unregistered_only CS interface fxp0 CS redirect_port tcp 192.168.1.82:82 82 CS redirect_port tcp 192.168.1.41:8082 8082 CS redirect_port tcp 192.168.1.3:3389 3389 CS redirect_port udp 192.168.1.3:3389 3389 CS redirect_port tcp 192.168.1.6:6881-6889 6881-6889 CS --- CS As I previously stated, this exact same config worked great in CS 7.x. I built a kernel in 8.x w/ IPFIREWALL IPDIVERT, and CS reviewed UPDATING. Have I missed something? CS TIA, CS Casey CS ___ CS freebsd-questions@freebsd.org mailing list CS http://lists.freebsd.org/mailman/listinfo/freebsd-questions CS To unsubscribe, send any mail to CS freebsd-questions-unsubscr...@freebsd.org -- С уважением, Коньков mailto:kes-...@yandex.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to
Re: Help With pptpclient Setup
On Wed, May 19, 2010 at 10:59 AM, Drew Tomlinson d...@mykitchentable.netwrote: I'm using FBSD 8.0-STABLE and trying to connect to a Cisco VPN at work. Windows PCs connect with the basic Microsoft dial-up networking client. Thus I assume pptpclient is my answer for FBSD. I would think GRE would be the answer here. http://www.packtpub.com/article/network-configuration-tunneling-with-free-bsd http://www.freebsd.org/doc/en/books/handbook/ipsec.html -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help With pptpclient Setup
On 5/19/2010 10:14 AM, Adam Vande More wrote: On Wed, May 19, 2010 at 10:59 AM, Drew Tomlinsond...@mykitchentable.netwrote: I'm using FBSD 8.0-STABLE and trying to connect to a Cisco VPN at work. Windows PCs connect with the basic Microsoft dial-up networking client. Thus I assume pptpclient is my answer for FBSD. I would think GRE would be the answer here. http://www.packtpub.com/article/network-configuration-tunneling-with-free-bsd http://www.freebsd.org/doc/en/books/handbook/ipsec.html Thanks for your reply. However I do not see how to pass my username/password to the Cisco VPN in either of those 2 links. FWIW, I've found more detailed logs that suggest I'm making the initial connection and being authenticated. I just don't understand what has to happen next. Here's my log: May 19 10:00:43 vm ppp[89700]: Phase: Using interface: tun0 May 19 10:00:43 vm ppp[89700]: Phase: deflink: Created in closed state May 19 10:00:43 vm ppp[89700]: tun0: Phase: PPP Started (direct mode). May 19 10:00:43 vm ppp[89700]: tun0: Phase: bundle: Establish May 19 10:00:43 vm ppp[89700]: tun0: Phase: deflink: closed - opening May 19 10:00:43 vm ppp[89700]: tun0: Phase: deflink: Connected! May 19 10:00:43 vm ppp[89700]: tun0: Phase: deflink: opening - carrier May 19 10:00:44 vm ppp[89700]: tun0: Phase: deflink: /dev/pts/5: CD detected May 19 10:00:44 vm ppp[89700]: tun0: Phase: deflink: carrier - lcp May 19 10:00:45 vm ppp[89700]: tun0: Phase: bundle: Authenticate May 19 10:00:45 vm ppp[89700]: tun0: Phase: deflink: his = CHAP 0x81, mine = none May 19 10:00:45 vm ppp[89700]: tun0: Phase: Chap Input: CHALLENGE (16 bytes) May 19 10:00:45 vm ppp[89700]: tun0: Phase: Chap Output: RESPONSE (username) May 19 10:00:45 vm ppp[89700]: tun0: Phase: Chap Input: CHALLENGE (16 bytes) May 19 10:00:45 vm ppp[89700]: tun0: Phase: Chap Output: RESPONSE (username) May 19 10:00:45 vm ppp[89700]: tun0: Phase: Chap Input: SUCCESS (S=078026768A691A7716A3AE855F67492A2D9F3F73) May 19 10:00:45 vm ppp[89700]: tun0: Phase: deflink: lcp - open May 19 10:00:45 vm ppp[89700]: tun0: Phase: bundle: Network May 19 10:02:53 vm ppp[89700]: tun0: Phase: Signal 15, terminate. May 19 10:02:53 vm ppp[89700]: tun0: Phase: Signal 15, terminate. May 19 10:03:08 vm ppp[89700]: tun0: Phase: bundle: Terminate May 19 10:03:08 vm ppp[89700]: tun0: Phase: deflink: open - lcp May 19 10:03:23 vm ppp[89700]: tun0: Phase: deflink: Disconnected! May 19 10:03:23 vm ppp[89700]: tun0: Phase: deflink: Connect time: 160 secs: 513 octets in, 5886370561 octets out May 19 10:03:23 vm ppp[89700]: tun0: Phase: deflink: 16 packets in, 9795297 packets out May 19 10:03:23 vm ppp[89700]: tun0: Phase: total 36789819 bytes/sec, peak 52339780 bytes/sec on Wed May 19 10:02:43 2010 May 19 10:03:23 vm ppp[89700]: tun0: Phase: deflink: lcp - closed May 19 10:03:23 vm ppp[89700]: tun0: Phase: bundle: Dead May 19 10:03:23 vm ppp[89700]: tun0: Phase: PPP Terminated (normal). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: using automounter (automatically mounting USB drives)
On Wed, May 19, 2010 at 4:09 PM, Alexandre L. axel...@ymail.com wrote: To enable it at system startup, you must add the following line to /etc/rc.conf : automounter_enable=YES Which I have already done. However this only causes the labels in /media to appear to disappear. It does not seem like it actually mounts anything. -- Eitan Adler ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
downloading e-mail is blocking network
Hi, I'm having a strange network problem. Every day, when I turn on my computer, fetchmail is started and procmail is putting all my mail in the correct mailboxes. This takes some time because I receive a few hundred e-mails a day (mostly mailing lists). The strange thing is that when the e-mail is being downloaded, all other network traffic seems blocked. So browsing the internet is not possible when fetchmail/procmail is busy. At first I thought I had a problem with DNS and/or DHCP and/or my ADSL modem because after a reset of the modem, the problem mostly went away, and there were some hostname not found errors in my logfiles. But today I just waited for a while and discovered that when fetchmail/procmail is finished, the internet suddenly was reachable again. So has anyone has seen fetchmail/procmail blocking network traffic before? Regards, Marco -- You may my glories and my state dispose, But not my griefs; still am I king of those. -- William Shakespeare, Richard II ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: downloading e-mail is blocking network
Hi, Marco-- On May 19, 2010, at 12:15 PM, Marco Beishuizen wrote: I'm having a strange network problem. Every day, when I turn on my computer, fetchmail is started and procmail is putting all my mail in the correct mailboxes. This takes some time because I receive a few hundred e-mails a day (mostly mailing lists). The strange thing is that when the e-mail is being downloaded, all other network traffic seems blocked. So browsing the internet is not possible when fetchmail/procmail is busy. At first I thought I had a problem with DNS and/or DHCP and/or my ADSL modem because after a reset of the modem, the problem mostly went away, and there were some hostname not found errors in my logfiles. But today I just waited for a while and discovered that when fetchmail/procmail is finished, the internet suddenly was reachable again. So has anyone has seen fetchmail/procmail blocking network traffic before? Are you using NAT? It sounds like something has a limited number of NAT state slots available, and is dropping connections past that limit. It probably will help to try to serialize the activity of fetchmail / procmail so that they aren't opening new connections for every email being processed, if that is what is going on. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: downloading e-mail is blocking network
On 19 May 2010 20:21, Chuck Swiger cswi...@mac.com wrote: Hi, Marco-- On May 19, 2010, at 12:15 PM, Marco Beishuizen wrote: I'm having a strange network problem. Every day, when I turn on my computer, fetchmail is started and procmail is putting all my mail in the correct mailboxes. This takes some time because I receive a few hundred e-mails a day (mostly mailing lists). The strange thing is that when the e-mail is being downloaded, all other network traffic seems blocked. So browsing the internet is not possible when fetchmail/procmail is busy. At first I thought I had a problem with DNS and/or DHCP and/or my ADSL modem because after a reset of the modem, the problem mostly went away, and there were some hostname not found errors in my logfiles. But today I just waited for a while and discovered that when fetchmail/procmail is finished, the internet suddenly was reachable again. So has anyone has seen fetchmail/procmail blocking network traffic before? Are you using NAT? It sounds like something has a limited number of NAT state slots available, and is dropping connections past that limit. It probably will help to try to serialize the activity of fetchmail / procmail so that they aren't opening new connections for every email being processed, if that is what is going on. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org I'd be surprised if its that as you would have to have 1000's of connections open to cause an issue like that, even one a fairly low end router. One simple way round would be to schedule your computer to turn on an hour or so before you need to use it. A lot of bios have this feature these days ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Livefs/fixit
Hello, I have a amd64 8.0-RELEASE-P2 FreeBSD box. I was building a spam/av gateway. Something has happened and there seems to be some OS corruption. I am not sure what did it but symlinks all over the system seem to be gone. Links like /home pointing at /usr/home. The data is still there in /usr/home/user_blah but the link pointing there is gone. There could be more issues that I have not discovered yet. I would like to repair the base os from the 8.0 DVD. I believe I should use the livecd/fixit method. Is this the right way to go about doing this? Are there some concise instructions for this? Will this affect the installed ports, ie. things like getting rid of all the configs in /usr/local/etc, rc.conf, passwd, /etc/groups ? I imagine I will need to reinstall all the ports like one would do after a buildworld. Any help would be appreciated. Peter ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: downloading e-mail is blocking network
On Wed, 19 May 2010, Chuck Swiger wrote: Are you using NAT? Not that I know of. It sounds like something has a limited number of NAT state slots available, and is dropping connections past that limit. It probably will help to try to serialize the activity of fetchmail / procmail so that they aren't opening new connections for every email being processed, if that is what is going on. Seems worth trying to increase this number but how do I do that? Is this changable in FreeBSD or do I change this in the modem (couldn't find anything about this in the modem though)? Regards, Marco -- Women who want to be equal to men lack imagination. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: downloading e-mail is blocking network
On May 19, 2010, at 1:44 PM, Marco Beishuizen wrote: On Wed, 19 May 2010, Chuck Swiger wrote: Are you using NAT? Not that I know of. You presumably would know from the IP your machine has-- if it's RFC-1918 unroutable, NAT is involved. It sounds like something has a limited number of NAT state slots available, and is dropping connections past that limit. It probably will help to try to serialize the activity of fetchmail / procmail so that they aren't opening new connections for every email being processed, if that is what is going on. Seems worth trying to increase this number but how do I do that? Is this changable in FreeBSD or do I change this in the modem (couldn't find anything about this in the modem though)? It would be in whatever device is doing NAT, assuming it is being used. Running tcpdump against your traffic during this sort of problem would likely be informative. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 7.0/i386 to 8.0/amd64 - gmirror/gstripe migration
No one has any idea? :( ++AMARU From: Amaru Netapshaak postfix_am...@yahoo.com To: freebsd-questions@freebsd.org Sent: Wed, May 19, 2010 9:33:14 AM Subject: 7.0/i386 to 8.0/amd64 - gmirror/gstripe migration Hi! I am planning to move from 7.0-REL-i386 to 8.0-REL-amd64 in the near future. My OS drive is a single ata-133 80gb drive, and my data drives are four 1.5TB SATA drives. 6TB total, configured as 2x 3TB 'gstripe' volumes, and I am using gmirror to mirror those gstripe volumes. I hope that makes sense. In any case, I'd like to just unplug the drives, do my upgrade, plug the drives back in, and startup the array as I have in 7.0.I'm planning to just do a fresh install of 8.0 on a new SATA 80GB drive and make that my new OS drive. Does anyone foresee any serious problems with this plan? I know doing a whole version upgrade can sometimes introduce bugs when dealing with old setups, so I just want to cover my bases prior to the work. I am backing up this system to another system, so if I end up losing the data or having to rebuild the array, that's fine, it just sucks having to copy the 2TB of data over the wire afterward. Thanks for your help! ++AMARU ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Bash lockups
I have been experimenting with FreeBSD for a while, and I consistently get bash lockups at irregular intervals when it is otherwise idle. By lockup, I mean that it stops responding to the keyboard and uses 100% CPU. It will sometimes go for days with no problems, but I had two yesterday, and other today. They have occurred on test systems running in VirtualBox and on a real computer, both i386 and amd64 images, and a mixture of 7.1, 7.3 and 8.0. They usually seem to happen when I am switching tabs in konsole or switching shells in screen, but other times I think they happen when I am not even using the system. The only thing I have found I can do is to do a kill -9 and start a new shell. Does anybody have any suggestings on how I could try to trace this? I haven't been able to find any bug reports, but I don't know enough to know how to search the FreeBSD problem reports very well. Thanks for any help. I already subscribe to this list, so there is no need to cc me. -- Carl Johnsonca...@peak.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache web server being attacked
Matthew Seaman wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 19/05/2010 04:55:26, Aiza wrote: I take a totally different approach to this problem for my production web sites. This is the result of people running scripts that roll through a large block of ip address scanning each ip address for open [STANDARD\] ports, and when they find port 80 open, they then attack the web server. The simple solution is not to have your web server use the standard port 80. Your web site is not know by it's ip address but by it's url (ie; www.domain-name.com.). My domain name register has option to associate my www.domain-name.com with any port number I want to use at the specified ip address. This way my web site has total access by anyone who knows it's URl, the URL is scanned by yahoo and google indexing bot and becomes know to the public. Nobody knows or cares that the web site is not using port 80. I then close inbound port 80 in my firewall thus locking out all the script kiddies who run the port scan on standard ports. This method has worked for me the last 10 years without ever having my production web servers attacked. Sure some nay sayers will counter by saying all the scanners have to do is scan all the ports. Yah sure that can be done, but in 10 years it has never occurred. If the URL for your site is http://www.domain-name.com/ then any client that attempts to access it will try to connect to port 80. That's the point of having well known ports. Now, you can explicitly state a different port in the URL: http://www.domain-name.com:8080/ but this is generally only useful amongst a closed group of users: the general public will on the whole just get confused, so it's not often encountered on general access websites. Your domain registrar can't control anything to do with port numbers. For some unknown reason this is a common misconception, particularly among management types. The DNS only associates hostnames with ip numbers and vice versa[*]. Now, it may be the case that your server is behind some sort of NAT/PAT gateway or HTTP reverse proxy, and that locally you are running apache bound to some arbitrary port numbers. Which is fine, but unless you are specifically telling people to use a different port in your URLs, then the world at large is accessing your site through port 80. Which means that port scanners can certainly find it and attempt to attack it. Guess what? Because the attacks are in the form of valid HTTP queries, they'd go straight through any sort of port address translation just like your normal traffic. What I think you're actually doing is that all your web sites use name based virtual hosts. So a query to the IP number of your server gets directed to a different bit of the apache config (and probably rejected) compared to a query to a site by name. That's actually a pretty good design, and if you combine it with a reverse proxy which knows about what hosts and URLs should be behind it, you can filter out a lot of bad traffic very effectively before it gets anywhere near your real web server. Cheers, Matthew Matthew Nothing is worse than someone insinuating the original poster don't know what they are talking about. I find your remarks totally un-necessary. Your telling the poster they don't know what their doing when it's you who don't know what options are offered by their register. How can you say something is not available when you are not the one using or providing the register service. For you information port forwarding is common function when the domain name is specified to a dynamic ip address. Check out http://www.zoneedit.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 7.2 to 8.0 upgrade issues
On Tue, 18 May 2010 13:28:46 -0500 Adam Vande More amvandem...@gmail.com wrote: On Tue, May 18, 2010 at 2:28 AM, n dhert ndhert...@gmail.com wrote: Upgrading a freebsd7.2 (i386) system to 8.0 After # freebsd-update -r 8.0-RELEASE upgrade # freebsd-update install reboot # freebsd-update install I did # portupgrade -af --batch --yes after 17 hours (mostly during the night..), it finished with --- ** Upgrade tasks 425: 199 done, 1 ignored, 3 skipped and 1 failed (no error messages here..) Unfortunately, I didn't log the screen output to a file .. - how can I find out what port failed and which where skipped and ignored? - is it normal this didn't recompile all 425 ports? - to rebuild the failed port: is # portupgrade -fr failed-port OK? .. but make sure you're following /usr/ports/UPDATING. This is extremely important. The UPDATING file is in reverse chronological order and each ent list the port affected. I am a fan of portupgrade. To get a list of ports that are not up to date use pkg_version -v. At this point you should not need the -f option to portupgrade. No need to waste time rebuilding ports that do not ned rebuilding. portupgrade -a should be all you need. Another way to reveal what did not get updated is to run portupgrade -an The -n will cause portupgrade to show what it would do without actually doing anything. This won't help when port B depends on something in port A that will be updated. Another portupgrade option that may help you is -R. Put it all together and you get portupgrade -aR --batch Note that the handbook does not show -a and -R being used together. My thinking is that without the -R a new version of an existing port that requires something new -- that you do not already have -- will fail. Rather unlikely, to start with portupgrade -a --batch and use -R only if you still getb errors. Gary Dunn Open Slate Project ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 7.2 to 8.0 upgrade issues
o...@aloha.com writes: Note that the handbook does not show -a and -R being used together. My thinking is that without the -R a new version of an existing port that requires something new -- that you do not already have -- will fail. Rather unlikely, to start with portupgrade -a --batch and use -R only if you still getb errors. This is incorrect. -R is *entirely* redundant when -a is specified. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Searching for functions in Perl code
This is more of a handy how-to than it is a question. A permanent 'howto' as it were. A Perl project I'm working on contains 457 functions (ie. subroutines (ie methods)), and even though I have documentation for all of them, sometimes it is handy to have a list in front of me. This is how I produce the list of all sub-routines within all module files, which includes the module name and sub. % grep -E -r sub \w+ { * | grep -v svn | awk '{FS=:} \ {print $1, , $2}' | awk '{FS= } {print $1, , $3}' ...adapted to pull subs from a single file: % cat lib/ISP/User.pm | grep -E sub \w+ { | awk '{print $2}' For efficiency, and so I can remember more readily, my request is for golf, particularly adaption to a Perl one-liner ;) Cheers, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache web server being attacked
On Wed, May 19, 2010 at 6:36 PM, Aiza aiz...@comclark.com wrote: Nothing is worse than someone insinuating the original poster don't know what they are talking about. I find your remarks totally un-necessary. Your telling the poster they don't know what their doing when it's you who don't know what options are offered by their register. How can you say something is not available when you are not the one using or providing the register service. For you information port forwarding is common function when the domain name is specified to a dynamic ip address. Check out No you are wrong. Matthew is correct. Perhaps you are confusing URL forwarding/redirect with port forwarding, but they are completely different. Domains on dynamic ip address REQUIRE some method of intervention to update the DNS record when it changes eg dns/ipcheck. The only way a registrar could avoid doing such thing would be if they controlled address assignment and since registrar and ISP are rarely if ever the same organization you are forced to use the Internet in Matthew's reality. As far as URL forwarding goes, there are several different methods to accomplish it. The safest way is to simply host the vhost and http 301 it to the correct place. Other methods are hackish and may not be able to be tracked if so desired as well as other limitations. -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Searching for functions in Perl code
Steve == Steve Bertrand st...@ipv6canada.com writes: Steve This is how I produce the list of all sub-routines within all module Steve files, which includes the module name and sub. See perldoc B::Xref. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 mer...@stonehenge.com URL:http://www.stonehenge.com/merlyn/ Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
freebsd on netbook
Hello all, I intend to buy a netbook for convenience (for many remote jobs, a netbook seems to be enough) whose cost is around $400. I'd like have freebsd on that netbook (oh, no linux, no windows, please :-) but it's hard to choose a right one that works fine (even with Ubuntu. See https://wiki.ubuntu.com/HardwareSupport/Machines/Netbooks.) Does anyone experience this problem? Thank you for your comments. -- Anh Ky Huynh ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
which utility do i use to burn some [two] of my cd's?
guys, sound-juicer used to let me transfer one to some N tracks of my OLD favorites. no mo'. or | unless i'm mouse clicking the wrong place. what it the audio utility of choice these days for freebsd? thanks in advance, gary -- Gary Kline kl...@thought.org http://www.thought.org Public Service Unix The 7.83a release of Jottings: http://jottings.thought.org/index.php http://journey.thought.org 99 44/100% Guaranteed Novel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Searching for functions in Perl code
On 2010.05.19 22:05, Randal L. Schwartz wrote: Steve == Steve Bertrand st...@ipv6canada.com writes: Steve This is how I produce the list of all sub-routines within all module Steve files, which includes the module name and sub. See perldoc B::Xref. ...that *might* just work, for what I want, and for far more detail later... Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: tar and --include
Martin McCormick wrote: A few days ago, I asked about the --include directive in tar after things didn't quite work the way the man page seemed to indicate. One might get the impression that if --include or --include='*pattern*' was added to a tar command, tar would only archive what was in the pattern and not archive everything as its default operation. What I discovered was that --include doesn't appear to do anything at all. The example in the man page shows using it to filter an existing archive and make a tar file of what was in the existing archive that also matched the pattern. I never tried that since that is not what was needed here. There certainly seems to be a bug here, either in the documentation or the implementation. The example you mention works as expected for me on 9-CURRENT, but the --include option fails on, for example: tar -cvf new.tar --include='baz' foo/bar when the pattern baz should match files in the directory foo/bar, regardless of whether baz contains wildcards or not, or when baz is anchored at the start or not. The output is garbage. ... The --include directive only seems to exist in the FreeBSD form of tar. I tried a Linux system's tar man page and it is not there but both support the -X path/filename for a list of exclusion patterns. I don't see your point here. For the sake of compatibility, bsdtar aims to support GNU tar features, but not _only_ those features. The --include option is useful for specifying files and directories to include without having to anchor inclusion patterns from the start, and without having to use tar -I/-T with an inclusion file, or tar in conjunction with find(1) -- so the option should be fixed so that it works. b. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Need advise.
Guys, I have a box that I need to add several software package, I can't use ports because it appears that they have blocked the ports to do a fetch. So I am wondering what can I do? Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Need advise.
Hi Chuck, pa...@magi.magidesign.com wrote: Guys, I have a box that I need to add several software package, I can't use ports because it appears that they have blocked the ports to do a fetch. Who is they? Some details would help us help you. So I am wondering what can I do? Chuck Regards, -- Glen Barber ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Autoresponders [pa...@magi.magidesign.com: [#24508600] Re: Need advise.]
Headers attached, so we can stop this nonsense in the future. - Forwarded message from pa...@magi.magidesign.com - Delivered-To: glen.j.bar...@gmail.com Received: from gmail-pop.l.google.com [74.125.113.109] by glenbarber.us with POP3 (fetchmail-6.3.14) for gbar...@localhost (single-drop); Wed, 19 May 2010 22:33:20 -0400 (EDT) Received: by 10.231.40.13 with SMTP id i13cs11992ibe; Wed, 19 May 2010 19:36:15 -0700 (PDT) Received: by 10.142.55.20 with SMTP id d20mr6759641wfa.331.1274322975037; Wed, 19 May 2010 19:36:15 -0700 (PDT) Return-Path: pa...@magi.magidesign.com Received: from secure.mpcustomer.com (secure.mpcustomer.com [208.43.146.75]) by mx.google.com with ESMTP id 4si11369005pzk.70.2010.05.19.19.36.11; Wed, 19 May 2010 19:36:12 -0700 (PDT) Received-SPF: neutral (google.com: 208.43.146.75 is neither permitted nor denied by best guess record for domain of pa...@magi.magidesign.com) client-ip=208.43.146.75; Authentication-Results: mx.google.com; spf=neutral (google.com: 208.43.146.75 is neither permitted nor denied by best guess record for domain of pa...@magi.magidesign.com) smtp.mail=pa...@magi.magidesign.com Received: by secure.mpcustomer.com (Postfix, from userid 99) id CACC615407D8; Wed, 19 May 2010 21:36:11 -0500 (CDT) To: Glen Barber glen.j.bar...@gmail.com Subject: [#24508600] Re: Need advise. Date: Wed, 19 May 2010 21:36:11 -0500 From: pa...@magi.magidesign.com Reply-To: supp...@mpcustomer.com Message-ID: 23c180a83264bf123c83316d8eaec...@secure.mpcustomer.com X-Priority: 3 X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version 2.0.4] X-Uberinst: uber_phase-support X-Mailer: Ubersmith MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=utf-8 Hello, This is an automated response to inform you that your question has been entered into our system, and will be reviewed shortly. Your ticket has been submitted into the General Support department. We will respond to you as soon as possible. == Please keep this information, and use it when refering to your ticket: Ticket subject: Re: Need advise. Ticket number: 24508600 Ticket link: https://secure.mpcustomer.com/ticket.php?ticket=24508600 Ticket body: Hi Chuck, pa...@magi.magidesign.com wrote: Guys, I have a box that I need to add several software package, I can't use ports because it appears that they have blocked the ports to do a fetch. Who is they? Some details would help us help you. So I am wondering what can I do? Chuck Regards, -- Glen Barber ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org == - End forwarded message - -- Glen Barber ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd on netbook
On Thu, 20 May 2010 09:08:48 +0700, Anh Ky Huynh xky...@gmail.com wrote: Hello all, I intend to buy a netbook for convenience (for many remote jobs, a netbook seems to be enough) whose cost is around $400. I'd like have freebsd on that netbook (oh, no linux, no windows, please :-) but it's hard to choose a right one that works fine (even with Ubuntu. See https://wiki.ubuntu.com/HardwareSupport/Machines/Netbooks.) There are several ways to check. One that especially fits Netbooks is to prepare an USB stick with a FreeBSD system on it. If possible, test the Netbook you're intending to buy at a store. See if all the components are compatible with FreeBSD. Another way is to check the specifications published by the Netbook manufacturer. Compare with the FreeBSD hardware list. A third way is to check for recommendations what models are well supporting FreeBSD. FreeBSD on Netbook is a good searching term to start. In any case, having the chance to actually try the Netbook with a FreeBSD USB stick is the most secure way NOT to buy crap. Does anyone experience this problem? Not yet, luckily. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
freebsd on netbook
Hello all, I intend to buy a netbook for convenience (for many remote jobs, a netbook seems to be enough) whose cost is around $400. I'd like have freebsd on that netbook (oh, no linux, no windows, please :-) but it's hard to choose a right one that works fine (even with Ubuntu. See https://wiki.ubuntu.com/HardwareSupport/Machines/Netbooks.) Does anyone experience this problem? Thank you for your comments. -- Anh Ky Huynh ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd on netbook
On Thu, 20 May 2010, Anh Ky Huynh wrote: I intend to buy a netbook for convenience (for many remote jobs, a netbook seems to be enough) whose cost is around $400. I'd like have freebsd on that netbook (oh, no linux, no windows, please :-) but it's hard to choose a right one that works fine (even with Ubuntu. See https://wiki.ubuntu.com/HardwareSupport/Machines/Netbooks.) http://laptop.bsdgroup.de/freebsd/index.html has a lot of user-supplied information. I've used FreeBSD on Acer Aspire One models AOA150 and D250. Most of the basic hardware is the same on all brands: Atom processor, Intel chipset. Potential problem areas are card readers, wireless, and even wired Ethernet. Watch out for the Poulsbo/GMA500 video in newer netbooks. Sounds like xorg is questionable on them so far. -Warren Block * Rapid City, South Dakota USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: which utility do i use to burn some [two] of my cd's?
On Wed, May 19, 2010 at 07:14:12PM -0700, Gary Kline wrote: guys, sound-juicer used to let me transfer one to some N tracks of my OLD favorites. no mo'. or | unless i'm mouse clicking the wrong place. what it the audio utility of choice these days for freebsd? Use audio/cdparanoia for ripping CDs to wav files, then use cdrecord from the sysutils/cdrtools port to burn the tracks to CD. With cdrecord you can burn both data and audio CDs. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgptAal4x2r0H.pgp Description: PGP signature
Re: 7.0/i386 to 8.0/amd64 - gmirror/gstripe migration
Hi! I am planning to move from 7.0-REL-i386 to 8.0-REL-amd64 SNIP! Does anyone foresee any serious problems with this plan? I know doing a whole version upgrade can sometimes introduce bugs when dealing with old setups, so I just want to cover my bases prior to the work. This sounds like the kind of thing Release notes were designed for. I was not able to find them on the first page of the FreeBSD website, but if you click the big Get FreeBSD Now button, there is a link in the table detailing the releases: http://www.freebsd.org/releases/8.0R/relnotes.html I am backing up this system to another system, so if I end up losing the data or having to rebuild the array, that's fine, it just sucks having to copy the 2TB of data over the wire afterward. Good idea ;) FreeBSD no longer supports dangerously dedicated UFS filesystems (section 2.2.5 of Detailed release notes) but I'm not sure if that is possible with gmirror. Thanks for your help! ++AMARU PS: Your reply to yourself was in the same digest message. Not everybody is in your timezone either. Regards, James Phillips ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: downloading e-mail is blocking network
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 19/05/2010 21:48:36, Chuck Swiger wrote: On May 19, 2010, at 1:44 PM, Marco Beishuizen wrote: On Wed, 19 May 2010, Chuck Swiger wrote: Are you using NAT? Not that I know of. You presumably would know from the IP your machine has-- if it's RFC-1918 unroutable, NAT is involved. It sounds like something has a limited number of NAT state slots available, and is dropping connections past that limit. It probably will help to try to serialize the activity of fetchmail / procmail so that they aren't opening new connections for every email being processed, if that is what is going on. Seems worth trying to increase this number but how do I do that? Is this changable in FreeBSD or do I change this in the modem (couldn't find anything about this in the modem though)? It would be in whatever device is doing NAT, assuming it is being used. Running tcpdump against your traffic during this sort of problem would likely be informative. Hmmm... I wonder if it could be something like this? http://www.benzedrine.cx/ackpri.html although at first glance, the traffic flows would be in the wrong direction to trigger this effect. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkv0x5sACgkQ8Mjk52CukIzCBACdGFOr54HVxLPV6XRwK9PFu6KF zhsAnRm4m7sIH9/CeMXKIcopWhubbn2G =DJjY -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 7.0/i386 to 8.0/amd64 - gmirror/gstripe migration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20/05/2010 24:03:17, Amaru Netapshaak wrote: I am planning to move from 7.0-REL-i386 to 8.0-REL-amd64 in the near future. My OS drive is a single ata-133 80gb drive, and my data drives are four 1.5TB SATA drives. 6TB total, configured as 2x 3TB 'gstripe' volumes, and I am using gmirror to mirror those gstripe volumes. I hope that makes sense. Errr... the usual way of doing this is to create mirrored pairs of drives and then stripe the mirrors together (a.k.a RAID10 -- creating a pair of stripes and then mirroring them is RAID0+1). There's very little difference in performance characteristics between the two, but RAID10 is more failure resistant. Think about what happens if you lose one drive. In the RAID10 case one mirror pair runs in degraded mode. In the RAID0+1 case, one stripe -- half of your drives -- is out of action. In any case, I'd like to just unplug the drives, do my upgrade, plug the drives back in, and startup the array as I have in 7.0.I'm planning to just do a fresh install of 8.0 on a new SATA 80GB drive and make that my new OS drive. Should be fine. I've done source upgrades from 7.x to 8.0 and gmirror has just worked. If your old 7.0 drive is still in decent working order, it might be an idea to set up the new 8.0 drive as half of a gmirror, and then reuse the 7.0 drive as the other half once you're happy that the upgrade succeeded. If the disks aren't identical, you'll need to make sure that the new 8.0 disk is not bigger than the old 7.0 drive -- look at the number of sectors on each disk for the best comparison. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkv0y14ACgkQ8Mjk52CukIxK6wCdE9AEVBJbvT3IjT3CWpcYaam4 mk0An03OU96lPTtF7VigcT976Qr1ssdf =3yzZ -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: tar and --include
b. f. wrote: Martin McCormick wrote: What I discovered was that --include doesn't appear to do anything at all. The example in the man page shows using it to filter an existing archive ... I never tried that since that is not what was needed here. The --include directive was designed to support the case of filtering an existing archive. GNU tar has no equivalent to bsdtar's @archive feature and hence has no real need for --include. If you really need detailed control over which files get archived, I do recommend learning how to use find(1) in conjunction with tar. (Just remember to use tar's -n option!) There certainly seems to be a bug here, either in the documentation or the implementation. The example you mention works as expected for me on 9-CURRENT, but the --include option fails on, for example: tar -cvf new.tar --include='baz' foo/bar In your example here, the first item tar inspects is foo/bar, which does not match the pattern and therefore is not included. Excluding a directory excludes everything in the directory. The net result is the same as if you had specified: tar -cvf new.tar --exclude='foo/bar' foo/bar Cheers, Tim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd on netbook
On Thu, May 20, 2010 at 1:16 AM, Warren Block wbl...@wonkity.com wrote: On Thu, 20 May 2010, Anh Ky Huynh wrote: I intend to buy a netbook for convenience (for many remote jobs, a netbook seems to be enough) whose cost is around $400. I'd like have freebsd on that netbook (oh, no linux, no windows, please :-) but it's hard to choose a right one that works fine (even with Ubuntu. See https://wiki.ubuntu.com/HardwareSupport/Machines/Netbooks.) http://laptop.bsdgroup.de/freebsd/index.html has a lot of user-supplied information. I've used FreeBSD on Acer Aspire One models AOA150 and D250. Most of the basic hardware is the same on all brands: Atom processor, Intel chipset. Potential problem areas are card readers, wireless, and even wired Ethernet. Watch out for the Poulsbo/GMA500 video in newer netbooks. Sounds like xorg is questionable on them so far. Keep an eye on the ethernet and wireless cards too. Be sure _not_ to buy anything that comes with Broadcom chipsets (be it ethernet or wireless) specially if you are buying from Dell. Best advice I could give you is: - Set a top price: How much will you spent on it. - Based on that number, look for the netbook you like the most (given that they all pack almost the same hardware ... looks and probably keyboard are what make the difference... at least until AMD/ATI netbooks start to show up) - Once you have a candidate, use google to try and get the output of lspci -vv (that's 2 v, and not 1 w) from somebody running linux on the netbook you have chosen. ( the output of pciconf -lbcv will probably be harder to get .. ) - Make sure all the hardware ( or at least the parts you care about ) are fully supported under FreeBSD. Specially: suspend/resume as we are talking on a netbook in here and hence .. full suspend/resume support is vital. - With all that info in your hands, come back, post it to the list and ask if somebody owns the netbook you'd like to buy .. what problems they've run into (if any) and how was their experience running FreeBSD under that particular netboook. - Having done that, and knowing in advanced what you are about to get into ... just decide whether to spend your hard earned money on it or not =) My take? I decided to wait (for the last 4 months with the money on my wallet) until Dell released the new version of the Dell Latitude 2100 .. and then the Latitude 2110 showed up a week or so ago .. After seeing they went with the lackluster Atom N470 and it's crappy video chipset instead of going with the new AMD/ATI combo, that they only offer Dell Wireless cards (which AFAIK are all based on Broadcom chips) with no option to pick an intel 5100, and knowing they use soldered Broadcom ethernet chips, I decided not to spend my money on it and spend it in something that works for me, instead of spending it on something that only works for them =) Tips: - Do not buy anything with Broadcom Corporation NetLink BCM5906M ethernet cards. - Do not buy anything with Broadcom Corporation chips - Do not buy anything with Broadcom Corporation components - Do not buy anything that has the word Broadcom written on it or in its packaging, manuals or documentation. - Always look for harware from manufacturers that make their chipsets documentation available to the public, or at least, to the devels of different Open Source (specially BSD) projects. - Even if it's not my cup of tea and I am in no way recommending you to even consider them, _do_ take a look in here as it has a lot of information: http://wiki.freebsd.org/AsusEee Hope that helped =) Best luck on your buy Gonzalo Nemmi ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org