RE: recommendation word processer for xfce
On Thursday 06 November 2008, FBSD1 wrote: I looked at OpenOffice but there is no package of it since freebsd release 6 stable. It takes a very very long time to compile this port. Take a look at abiword. *** I installed abiword but it has bug on start up wanting to access some server. Gives popup window about error contacting some server. After clicking on OK button it works ok. But can't have error every time on startup ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: virtual consoles on freebsd-7.0-release
I logon from F2 as root and then startx. I believe F9 only works if you use the xorg logon session control. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Yuri Pankov Sent: Tuesday, November 04, 2008 7:49 PM To: Steven Susbauer Cc: [EMAIL PROTECTED]; freebsd-questions@freebsd.org Subject: Re: virtual consoles on freebsd-7.0-release On Tue, Nov 04, 2008 at 05:45:12AM -0600, Steven Susbauer wrote: joeb wrote: When I am in xorg/xfce and do Ctrl+Alt+Fx it does in fact open the selected virtual console. But I can not find any way to return to the xorg/xfce desktop running in the virtual console I left from. Alt+Fx does take me to the virtual console where x11/xfce is suppose to be, but puts me in command line mode. The command ps ax shows xorg/xfce is still running. How do I get back to the xorg/xfce desktop running in the virtual console I left from? You should be able to get back into Xorg with Alt F7 or F8. Does this not work? Steve X usually runs on ttyv8, so it should be Alt+F9. HTH, Yuri ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: xfce decktop time display
Right click on the pgm launcher does not open the drop down menu. Reading the xfce4 user guide says alternate way to open the pgm launcher drop down menu is to use Ctrl + left mouse click. This works. I have a two button mouse. Is this a Bug? By the way, once the pgm launcher drop down menu opens changing the clock time display format was easy. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Robert Sent: Wednesday, November 05, 2008 1:22 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] ORG Subject: Re: xfce decktop time display On Tue, 4 Nov 2008 21:53:47 +0800 FBSD1 [EMAIL PROTECTED] wrote: Using Xfce4 and the time is displayed in military time 2200. Want to change this to regular AM/PM displayed time. 10pm Been through the manual and all the menus and can not find knob to change the time setting. Thanks for any help you can give. Right click the time display and uncheck 24 hours ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: virtual consoles on freebsd-7.0-release
When I am in xorg/xfce and do Ctrl+Alt+Fx it does in fact open the selected virtual console. But I can not find any way to return to the xorg/xfce desktop running in the virtual console I left from. Alt+Fx does take me to the virtual console where x11/xfce is suppose to be, but puts me in command line mode. The command ps ax shows xorg/xfce is still running. How do I get back to the xorg/xfce desktop running in the virtual console I left from? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Steven Susbauer Sent: Tuesday, November 04, 2008 1:21 PM To: [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Subject: Re: virtual consoles on freebsd-7.0-release The Ghost wrote: Hello, I migrated to freensd-7.0-release and noticed that I can't switch to the virtual consoles by pressing Alt+Fx once I've started X ! I guess the key combination has changed in the nre version of Xorg implemented in FreeBSD 7.0, so I took a look at the online handbook, but I haven't found anything about the new way to switch to the virtual consoles... Could anyone please point me at what do I miss?.. The Ghost [EMAIL PROTECTED] Have you tried Ctrl+Alt+Fx? Alt alone has never gone to a virtual console from X for me, on any system. -Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: XFCE4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 FBSD1 wrote: What port names need to be installed to create a XFCE4 desktop environment? I was looking for a mega port like kde3 has but could not identify one. Thanks in advance. I'm going to rake a random guess: x11-wm/xfce4 ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Eitan Adler Sent: Monday, November 03, 2008 12:14 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] ORG Subject: Re: XFCE4 Thank you for your random guess, but research of the ports system seem to indicate a whole suite of ports are needed to build a complete working environment. Waiting for a real user to fill in the details of what combination of ports they used to build their XFCE4 desktop. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: ports missing their packages.
On Wed, October 29, 2008 9:09 am, FBSD1 wrote: It's my understanding that a port maintainer has to install the port for real any time a change is made to the port make files or a update to the source of the software to test and verify the changes work as wanted. Creating the package after this is just one command and a ftp upload to the package server. Why are maintainers being given approval to apply their changes without creating the required package? This is just lax management on the part of the people who do the authorizing of the changes. Missing packages increases user frustration level and makes FreeBSD look like its being mis-managed. An alternate solution to this problem is to allow users to upload missing packages to the package server direct or to a staging ftp server so port/pkg management staff can review first and them populate the production package server. There is a certain guideline in place which committers follow. If you have constructive feedback surely someone will listen to it. Spitting your frustration is not likely to help. Do note that we have a lot of maintainers which try to satify each and everyone of us, sending messages like this is not going to help *you*. I would have a strong opinion -against- people uploading towarsd the FTP server directly. That will not be done. period. To give you a better understanding; We have a ports-cluster which builds packages and uploads them to the appropriate place on the FTP servers, sometimes that takes a little to become available, donate more facilities so that we can do that better. Also note that QAT (a ports tinderbox) runs periodically to make sure every thing is just fine! Thanks, Remko -- /\ Best regards, | [EMAIL PROTECTED] \ / Remko Lodder | [EMAIL PROTECTED] Xhttp://www.evilcoder.org/ | / \ ASCII Ribbon Campaign | Against HTML Mail and News -Original Message- From: Remko Lodder [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 29, 2008 4:17 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] ORG; [EMAIL PROTECTED] Subject: Re: ports missing their packages. Well if you have this cluster build process why have some ports never been built all the way back to release 5.0 like kdenetwork-kopete-0.12.8. That is almost 3 years of waiting to get in the cluster build process. I am grateful to the maintainers for the great job they do, but completing the job by building the package is such a small additional task in light of they already have everything in place to build the package. Posting a email to [EMAIL PROTECTED] or posting a bug report about package missing does not get the missing package built. Its just considered as background noise. I have brought this problem to light in past years and new releases keep coming out with the same packages missing. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: ports missing their packages.
-Original Message- From: Erik Trulsson [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 29, 2008 4:47 PM To: FBSD1 Cc: [EMAIL PROTECTED] ORG; [EMAIL PROTECTED] Subject: Re: ports missing their packages. On Wed, Oct 29, 2008 at 04:09:23PM +0800, FBSD1 wrote: It's my understanding that a port maintainer has to install the port for real any time a change is made to the port make files or a update to the source of the software to test and verify the changes work as wanted. Creating the package after this is just one command and a ftp upload to the package server. Why are maintainers being given approval to apply their changes without creating the required package? This is just lax management on the part of the people who do the authorizing of the changes. Missing packages increases user frustration level and makes FreeBSD look like its being mis-managed. It is not port managers who create or upload packages. Most of them do not even have access to the package server. The downloadable packages are built and uploaded automatically by a cluster of servers that do little else. If a particular port does not have a corresponding package it is generally not due to laxness on anybodys part. The main reasons why a port might not have corresponding package are: 1) The port has just been created and the package hasn't had time to built yet. Normally a very temporary situation. 2) Legal restrictions. There are several ports where it is simply not legal for the FreeBSD project to distribute the corresponding binary packages. 3) The port is currently broken and cannot be built. (This is of course a bug which should be fixed as soon as possible. For ports without a maintainer that might take a while.) 4) One or more of the dependencies of the package is not available as a package. (If port A depends on port B, and there does not exist a package for B (for any of the reasons listed here) there will not be a package of A either. An alternate solution to this problem is to allow users to upload missing packages to the package server direct or to a staging ftp server so port/pkg management staff can review first and them populate the production package server. All the packages that can be built and distributed are already being built and uploaded. Allowing users to upload packages would not help. -- Insert your favourite quote here. Erik Trulsson [EMAIL PROTECTED] -Original Message- From: Erik Trulsson [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 29, 2008 4:47 PM To: FBSD1 Cc: [EMAIL PROTECTED] ORG; [EMAIL PROTECTED] Subject: Re: ports missing their packages. How does kdenetwork-kopete-0.12.8 or php5-gd or pdflib fit into those reasons you gave? These all have ports but no package for many releases of Freebsd. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: restrict FreeBSD users to their home directory
On Sun, Oct 26, 2008 at 12:13:17PM +0800, FBSD1 wrote: How do it configure FreeBSD to restrict users to their home directory? You can give the users rbash as their shell. This will restrict them to their home directory. But this can be easily broken out of if the user starts another shell! So you should disable all other shells for normal users. Otherwise you could put the users in a jail of their own. But they will still need system files (which they can see) in the jail for it to be usable. I don't want them to be able see any system directories or other users? User directories are by default both owned by the user and belong to the user's group. So you can set the umask for every user so that their files are not accessible to others. You cannot block read and execute access to a lot of system files (binaries, libraries, /usr/[local/]share/) without making the system useless. What is the problem you're trying to solve? Blocking read access to system files is almost certainly the wrong solution. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Roland Smith Sent: Sunday, October 26, 2008 4:54 PM To: FBSD1 Cc: [EMAIL PROTECTED] ORG Subject: Re: restrict FreeBSD users to their home directory Want to keep all the users from being able to see anything outside of their home directory using gnome or kde desktop. For a test I vipw a test user changing their /bin/csh to /usr/local/bin/rbash. I logged on ok to the test user and started gnome ok. But from the menu system filesystem app I still could access root and /etc directories. From the command line of the rbash test user a cd command responded with restricted comment. It seems rbash restrictions do not also restrict directory access from within gnome. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: restrict gnome desktop user.
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of en0f Sent: Saturday, October 25, 2008 2:50 PM To: [EMAIL PROTECTED] ORG Subject: Re: restrict gnome desktop user. joeb wrote: How do it configure gnome to restrict users to their home directory? I don't want them to be able see any system directories or other users? Dont know about gnome per se but you can use chroot/jails to restrict users to see only stuffs you want them to see for any environment. Just build the chroot and copy over the gnome-specific binaries to its chrooted-equivalent (copy or link /usr/bin/gnome-panel to /home/chrooted/johndoe/usr/bin/gnome-panel). I do not know of any tools that does this automatically and also I do not know how gdm will work out. e.g - Normal /home/johndoe/ | |___ .bashrc |___ .sig chrooted /home/chroot/johndoe/ | |__ bin/ |__ usr/ -- en0f ___ WOW this sure seems to be over kill putting each user in a jail. There must be some other way at the user id level or from gnome it self to do this. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
restrict gnome desktop user.
How do it configure gnome to restrict users to their home directory? I don't want them to be able see any system directories or other users? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ports/net-im/gtkyahoo/
Does anyone have the gtkyahoo port working so they can use yahoo instant messenger from a desktop? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Xorg/kde startup errors
What is your xorg.new.conf file? It's in the root directory. Here is my screen resolution from the above file Section Screen Identifier Screen0 Device Card0 MonitorMonitor0 SubSection Display Viewport 0 0 Depth 1 Modes 640x480 800x600 1024x768 1280x1024 EndSubSection SubSection Display Viewport 0 0 Depth 4 Modes 640x480 800x600 1024x768 1280x1024 EndSubSection SubSection Display Viewport 0 0 Depth 8 Modes 640x480 800x600 1024x768 1280x1024 EndSubSection SubSection Display Viewport 0 0 Depth 15 Modes 640x480 800x600 1024x768 1280x1024 EndSubSection SubSection Display Viewport 0 0 Depth 16 Modes 640x480 800x600 1024x768 1280x1024 EndSubSection SubSection Display Viewport 0 0 Depth 24 Modes 640x480 800x600 1024x768 1280x1024 EndSubSection EndSection You'll need to use vi to edit the file. typevi /root/xorg.conf.new in the terminal as root. Use the down arrow to move to the depth subsection of the screen section. Hit the escape key then the letter i. Hit the right arrow until. I'm going touse Modes 600x800 1024x768 :w! :q! *** My xorg.new.conf file did not have any mode statements. I added them but it made no difference. Still get the same errors as posted in original msg. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: The disc in your drive looks more like an Audio CD than a FreeBSDrelease
Yea I would say your burn of the .iso file to your cd did not work. Mount the cd and see if it contains a directory tree of Freebsd install files or mp3 files. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Monday, October 06, 2008 7:07 PM To: freebsd-questions@freebsd.org Subject: The disc in your drive looks more like an Audio CD than a FreeBSDrelease Hi there. I tried to install 7.1-BETA from the CD I burned from 7.1-BETA-i386-disc1.iso, but after I created all the partitions etc and then selected to install, I get the following error message: The disc in your drive looks more like an Audio CD than a FreeBSD release Any idea what's wrong? -- Kiffin Gish [EMAIL PROTECTED] Gouda, The Netherlands ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
KDE config not being saved at logoff
Freebsd 7.0 xorg/kde. Changes made in kde stay in effect only for the session. Logoff and log back in with startx command line command and previous config settings are gone. How do I save config setting between login sessions? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: pf question
pfctl -f /etc/pf.conf # loads the pf.conf file pfctl -Nf /etc/pf.conf # Load only the NAT rules from the file pfctl -Rf /etc/pf.conf # Load only the filter rules from the file -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Scott Bennett Sent: Tuesday, September 09, 2008 1:18 PM To: freebsd-questions@freebsd.org Subject: pf question I'm just starting to play around with pf to get it to handle NAT for a LAN, and I've just discovered that I don't know how to get pf to reload /etc/pf.conf after I make changes to it. pfctl -d -e doesn't do it, and neither does pfctl -d; pfctl -e. Is there a way to do it besides rebooting? Please copy me in directly on any replies. I'm subscribed to the digest form of this list, so I get all the messages at once, usually once a day, so I'll see the responses much sooner if they come to me directly as well as to the list. Thanks much! Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: kde3 build problems
I believe kde3 is obsolete. I Just did kde4 and it worked.
pkg_add -r kde4
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Desmond Chapman
Sent: Wednesday, September 10, 2008 11:24 AM
To: freebsd-questions@freebsd.org
Subject: kde3 build problems
Current build problems with kde3:
# pkg_add -rf kde3
Error: FTP Unable to get
ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-7.0-release/Latest/kd
e3.tbz: File unavailable (e.g., file not found, no access)
pkg_add: unable to fetch
'ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-7.0-release/Latest/k
de3.tbz' by URL
# cd kdelibs3
# ls
Makefilefiles pkg-plist
distinfopkg-descr work
# vi Makefile
# -*-mode: makefile-*-
# New ports collection makefile for:KDE libraries 3
# Date created: 2 November 2001
# Whom: [EMAIL PROTECTED]
#
# $FreeBSD: ports/x11/kdelibs3/Makefile,v 1.221 2007/10/29 23:48:15 lofi Exp
$
#
PORTNAME= kdelibs
PORTVERSION=${KDE_VERSION}
PORTREVISION= 0
CATEGORIES= x11 kde ipv6
MASTER_SITES= ${MASTER_SITE_KDE}
DIST_SUBDIR=KDE
COMMENT=Base set of libraries needed by KDE programs
LIB_DEPENDS=IlmImf:${PORTSDIR}/graphics/OpenEXR \
art_lgpl_2.5:${PORTSDIR}/graphics/libart_lgpl \
artsc.0:${PORTSDIR}/audio/arts \
aspell:${PORTSDIR}/textproc/aspell \
dns_sd:${PORTSDIR}/net/mDNSResponder \
idn:${PORTSDIR}/dns/libidn \
jasper:${PORTSDIR}/graphics/jasper \
pcre:${PORTSDIR}/devel/pcre \
thai:${PORTSDIR}/devel/libthai \
tiff.4:${PORTSDIR}/graphics/tiff \
xml2.5:${PORTSDIR}/textproc/libxml2 \
xslt.2:${PORTSDIR}/textproc/libxslt
RUN_DEPENDS=kdehier0:${PORTSDIR}/misc/kdehier \
${FONTSCALE}:${X_FONTS_TTF_PORT} \
${FONTENCOD}:${X_FONTS_ENCODINGS_PORT} \
${LOCALBASE}/share/icons/hicolor/index.theme:${PORTSDIR}/mis
c/hi
color-icon-theme
CONFLICTS+= kdeadmin-3.[0-3].* kdeadmin-3.4.[0-1]* kdeartwork-3.[2-3]*
kdeba
se-3.[0-4]* kdepim-3.2*
.if defined(WITHOUT_CUPS) || defined(KDE_WITHOUT_CUPS)
CONFLICTS+= kdelibs-[0-9]*
PKGNAMESUFFIX= -nocups
CONFIGURE_ARGS+=--disable-cups
PLIST= ${.CURDIR}/../kdelibs3-nocups/pkg-plist
.else
CONFLICTS+= kdelibs-nocups-[0-9]*
LIB_DEPENDS+= cups:${PORTSDIR}/print/cups-base
.endif
USE_BZIP2= yes
USE_FAM=yes
USE_GETTEXT=yes
USE_GMAKE= yes
:q!
# make depends --disable-cups
make: illegal option -- -
usage: make [-BPSXeiknqrstv] [-C directory] [-D variable]
[-d flags] [-E variable] [-f makefile] [-I directory]
[-j max_jobs] [-m directory] [-V variable]
[variable=value] [target ...]
# make depends -d --disable-cups
make: illegal argument to d option -- -
usage: make [-BPSXeiknqrstv] [-C directory] [-D variable]
[-d flags] [-E variable] [-f makefile] [-I directory]
[-j max_jobs] [-m directory] [-V variable]
[variable=value] [target ...]
# make -d --disable-cups
make: illegal argument to d option -- -
usage: make [-BPSXeiknqrstv] [-C directory] [-D variable]
[-d flags] [-E variable] [-f makefile] [-I directory]
[-j max_jobs] [-m directory] [-V variable]
[variable=value] [target ...]
# make depends
=== kdelibs-3.5.8 depends on shared library: IlmImf - found
=== kdelibs-3.5.8 depends on shared library: art_lgpl_2.5 - found
=== kdelibs-3.5.8 depends on shared library: artsc.0 - found
=== kdelibs-3.5.8 depends on shared library: aspell - found
=== kdelibs-3.5.8 depends on shared library: dns_sd - found
=== kdelibs-3.5.8 depends on shared library: idn - found
=== kdelibs-3.5.8 depends on shared library: jasper - found
=== kdelibs-3.5.8 depends on shared library: pcre - found
=== kdelibs-3.5.8 depends on shared library: thai - found
=== kdelibs-3.5.8 depends on shared library: tiff.4 - found
=== kdelibs-3.5.8 depends on shared library: xml2.5 - found
=== kdelibs-3.5.8 depends on shared library: xslt.2 - found
=== kdelibs-3.5.8 depends on shared library: cups - not found
===Verifying install for cups in /usr/ports/print/cups-base
cd /usr/ports/print/cups-base make config;
┌┐
│ Options for cups-base 1.3.5_2
│
│
┌┐ │
│ │[X] GNUTLSBuild with GNUTLS library │ │
│ │[ ] PHP Build PHP support │
│
│ │[X] PYTHONBuild PYTHON support │
│
│ │[ ] LIBPAPER Build with libpaper support │
│
│ │[X] DNSSD Build with DNS_SD (avahi) support │
│
│ │[X] PAM Build with PAM
RE: ssh
In FreeBSD 6.2 and older the port SSH listened on was controlled by /etc/services. Now in 7.0 SSH no longer looks at /etc/services to find out what port to listen on. Is this by design or error in the move to a newer release of SSH? When it comes to security through obscurity don't be so fast to shoot it down. On my system port 22 was receiving over 700 scans or login attempts a day. Changing the SSH to use xx22 port stopped all the high school and college script kiddies cold. Now I only get maybe 5 hits on my xx22 port every 3 months. In my book I would say 'security through obscurity' is a very simple first step solution that gives great results. But it will not stop the perpetrator who targets your IP addresses on purpose for some unknown reason. Then your SOL. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: mysql-server-5.1.22 system administration docs onFreeBSD7.0-RELEASE-i386 ?
To autostart mysql at boot add this to /etc/rc.conf mysql_enable=YES Add this to /etc/rc.conf to direct to use this location where there is disk space to hold your databases mysql_dbdir=/usr/local/mysql To start or stop mysql server do this /usr/local/share/mysql/mysql.server start /usr/local/share/mysql/mysql.server stop You have to tell mysql to create its internal control db by running this command one time first before trying to create databases. mysql_install_db --user=mysql To verify mysql is operational issue these commands mysqladmin version mysqladmin variables To start command line session with mysql server to create a DB enter mysql -u root The online mysql manual is at http://dev.mysql.com/doc/refman/5.0/en/index.html The mysql databases and log files are written here /var/db/mysql -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David Christensen Sent: Thursday, August 28, 2008 1:47 PM To: freebsd-questions@freebsd.org Subject: RE: mysql-server-5.1.22 system administration docs onFreeBSD7.0-RELEASE-i386 ? Fraser Tweedale wrote: put the following line in /etc/rc.conf: mysql_enable=YES and run (as root): /usr/local/etc/rc.d/mysql-server start # echo 'mysql_enable=YES' /etc/rc.conf # /usr/local/etc/rc.d/mysql-server start Starting mysql. # mysql Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 1 Server version: 5.1.22-rc FreeBSD port: mysql-server-5.1.22 Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql Ahhh -- much better. :-) The explanation is here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-rcd.h tml Since the rc.d system is primarily intended to start/stop services at system startup/shutdown time, the standard start, stop and restart options will only perform their action if the appropriate /etc/rc.conf variables are set. For instance the above sshd restart command will only work if sshd_enable is set to YES in /etc/rc.conf. ... [EMAIL PROTECTED] wrote: Try adding mysql_enable=YES to /etc/rc.conf after this is done try starting again via the rc script. In the future pass the parameter rcvar to the rc script. Eg. /usr/local/etc/rc.d/mysql-server rcvar mysql_enable=YES this would indicate what to add to rc.conf # /usr/local/etc/rc.d/mysql-server rcvar # mysql mysql_enable=YES The explanation is here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-rcd.h tml It is easy to check if a service is enabled in /etc/rc.conf by running the appropriate rc.d script with the option rcvar. Thus, an administrator can check that sshd is in fact enabled in /etc/rc.conf by running: # /etc/rc.d/sshd rcvar # sshd $sshd_enable=YES Thanks! David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ports AUTOCONFxxx
Why does the AUTOCONFxxx change the suffix between Freebsd releases? In 6.2 it was called AUTOCONF259 in 7.0 its called AUTOCONF261. Is this not a violation of the naming convention? The ports names are not suppose to carry the version number as part of its name. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
GEOM + mount_msdosfs usb flash stick
On 7.0 release of FBSD trying to mount a usb flash memory stick. The stick has a msdos file system on it and has been loaded with files using windows xp. When I plug the stick into my FBSD 7.0 box I get Geom console msg 'GEOM_LABEL:Label for provider Da0s1 is msdosfs_flashdrive'. Does this mean the flash stick is mounted and the mount point is msdosfs_flashdrive'? When is issue this command, mount_msdosfs /dev/da0s1 /mnt I get this console msg ' GEOM get label removed'. Using the /mnt mount point every thing works fine. What is GEOM doing form me in 7.0? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
mount_msdosfs usb flash stick
On 6.2 release of FBSD trying to mount a usb flash memory stick. The stick has a msdos file system on it and has been loaded with files using windows xp. When I plug the stick into my FBSD box I get console msg about da0 device as usb flash memory stick. All looks good at this point. When is issue this command, mount_msdosfs /dev/da0 /mnt I get this error msg ' invalid argument' . Also tried this format of the command with same results.mount -t msdos /dev/da0 /mnt (note typing error on msdos in first post. Sorry) What am I doing wrong here? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
mount_msdosfs usb flash stick
On 6.2 release of FBSD trying to mount a usb flash memory stick. The stick has a msdos file system on it and has been loaded with files using windows xp. When I plug the stick into my FBSD box I get console msg about da0 device as usb flash memory stick. All looks good at this point. When is issue this command, mount_msdosfs /dev/da0 /mnt I get this error msg ' invalid argument' . Also tried this format of the command with same results.mount -t msdo /dev/da0 /mnt What am I doing wrong here? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Where did I go wrong?
log_in_vain=YES in /etc/rc.conf -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Sam Drinkard Sent: Friday, February 28, 2003 12:57 PM To: [EMAIL PROTECTED] Subject: Where did I go wrong? For some time, I've been seeing all these entries in my console log, the dmesg, and in the security logs. I don't remember when or what change I made to create them, but looking thru what I thought would turn them off, I see nothing. Can somebody refresh my memory and tell me where I need to make the change? System is 4.7-Stable, no ipfilter, only ipfw. vortex.wa4phy.net kernel log messages: 127.0.0.1:2725 from 127.0.0.1:53 Connection attempt to UDP 127.0.0.1:2936 from 127.0.0.1:53 Connection attempt to TCP 69.1.2.172:445 from 24.73.116.177:1724 Connection attempt to TCP 69.1.2.172:445 from 24.73.116.177:1724 Connection attempt to TCP 69.1.2.172:445 from 24.73.116.177:1724 Connection attempt to UDP 127.0.0.1:3055 from 127.0.0.1:53 Connection attempt to UDP 127.0.0.1:3185 from 127.0.0.1:53 Connection attempt to UDP 127.0.0.1:3235 from 127.0.0.1:53 Connection attempt to UDP 127.0.0.1:3307 from 127.0.0.1:53 Thanks... Sam PS.. would appreciate a CC: as I'm not subscribed to -questions To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: problems creating tun1 tun2 etc devices
The tunx devices are only created by 'user ppp' You can not manually create tunx devices. There is an kernel option to increase the number of tunx devices that 'user ppp' can create. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Theo Purmer (Tepucom) Sent: Wednesday, February 12, 2003 6:54 AM To: '[EMAIL PROTECTED]' Subject: problems creating tun1 tun2 etc devices Hi ive got major problems creating extra tun interfaces on freebsd 4.7 server the command ifconfig tun1 create gives the following error messages ifconfig: SIOCIFCREATE: Invalid argument ifconfig -C doesnt give any cloneable interfaces but there is a tun0 interface ronning does anybody know how to make it so that tun interfaces are cloneable? thanks theo purmer To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: problem with install
Since you have tried FBSD 4.3, 4.4, 4.7, 5.0 I would say that the problem is not an FBSD problem but a problem with the hard ware of the box you are installing FBSD onto. From your description of what you have done to fix the problem, I can see that you started to use the process of elimination method to debug the problem. You need to continue using this method. First of all I have never heard of ever needing dummy cards to terminate unused memory slots. Remove them. Also strip down your PC to bare bones. Remove SCSI control card from PC PCI bus and unplug power supplies from all SCSI devices. Only have IDE hard drive and IDE CDROM drive and install FBSD to see if it works. If that works then you know you have problem with SCSI control card. If SCSI control is old style ISA card you may have bio's irq assignment problem. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of joseph grundy Sent: Friday, February 14, 2003 12:56 AM To: [EMAIL PROTECTED] Subject: problem with install I am having problems trying to install FreeBSD. I have installed in before on different machines, but now this is the only one I have. I would like to have FreeBSD as my main OS on the machine. When I put in the bootable cd and restart the computer, I get to the boot section where it says Hit enter or wait 9 seconds to boot I hit enter and get the follow /boot/kernel/acpi.ko test=0x3985c data=0x1978+0xb2k sysms=[0x4+0x6010+0x4+0x7994 ] then the line below it is spinning and stops and freezes. I have tried 4.2, 4.4, 4.7. and 5.0 releases all lock in the same place. I have windows 2000 server on first 40 gigs of a 60 gig HD. Inside the machine are Intel 850 MV motherboard 2 256 sticks of rambus and 2 dummy cards to terminate unused memory slots geforce 3 Audigy Plat Intel 10/100 pro NIC adaptec 2940 scsi card dvd player ( used for install ) cdrw scsi cd rom scsi secondary 60 gig HD Now I have tried with 3com nic instead, I have taken all cards out and only had graphics, primary HD and cd rom. I also updated the BIOS of the Motherboard and I still get the same freeze in the same spot. I don't know what might be the problem I have looked all over and tried many things, I have been working on this install for 2 days now. Any idea's or help, I would be grateful Joseph **PRIVILEGED AND CONFIDENTIAL INFORMATION** The information contained in this document is intended solely for use by the persons or entities identified above. This electronically transmitted document contains privileged and confidential information including information which may be protected by the attorney-client and/or work product privileges. If you are not the intended recipient, be aware that any disclosure, copying, distribution or other use of the contents of this transmission is prohibited. If you received this transmission in error, please delete this message without making a copy. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: Bug help- HDLC/FCS errors!
Add this to your ppp.conf file disable pred1 deflate lqr# compression features line quality reporting denypred1 deflate lqr# compression features line quality reporting -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bill Moran Sent: Sunday, February 09, 2003 2:22 PM To: Rick Crawford Cc: [EMAIL PROTECTED] Subject: Re: Bug help- HDLC/FCS errors! Rick Crawford wrote: Hi, I *desperately* need either a fix for the problem below, or hardware specs for a new system (under $1,000) that you can *guarantee* will work properly. (Yes, I'm so desperate I'm willing to spend big bucks to make this disappear!) The problem is, I'm getting killed by HDLC errors, e.g: ppp[200]: tun0: Phase: deflink: HDLC errors - FCS: 4, ADDR: 0, COMD: 0, PROTO: 0 is a typical ppp.log error under FreeBSD 4.5. Sometimes I can gracefully kill (-TERM) and successfully restart ppp. But often, I get complete system hang, and must powercycle. (Every time I search freebsd.org bug archives, my system hangs when I try to read the first matching search item!) Under Windows98, it just hangs occasionally with no error msgs. (Hence unclear if that's merely normal Microsoft quality, or if the same underlying hardware problem is troubling both OS.) These errors occur *frequently* with my preferred ISPs -- access4less and SBC/Yahoo, but almost never occurred using Earthlink/Mindspring (which was slow as molasses, so I had to switch ISPs). Often (but not always), HDLC errs in ppp.log are preceded by: tun0: Warning: Packet too large (4102), discarding. I'm using standard hardware flow control. snip lots of stuff I don't _know_ what your problem is, but ... Try running memtest and cpuburn on this machine and make sure the hardware is stable. I've spend hours and hours trying to diagnose software/config problems when the real issue was unreliable hardware. If that checks out, make sure your power is clean. I'm dealing with a client right now that's having problems with a modem, and when we plug the system in at our office, it works fine. I'm taking an AVR UPS in on Monday to see if that solves their problem. Hope this is helpful. -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
oh my god the nasa shuttle blewup
Seven soles lost in the disaster. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Postfix SpamAssassin
Can Spamassassin work directly with Postfix? Meaning no procmail in the mix? IF so is there any HOWTO's on it? To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: please comment on my nat/ipfw rules (resent)
1. Your firewall rules are not working at all, except for the natd redirect option. This is caused by the kernel compile time option IPFIREWALL_DEFAULT_TO_ACCEPT.This option tell your firewall that any packet that does not match a rule is allowed to pass on through the firewall. Comment out that option in your kernel options source and recompile your kernel to take the default of default-to-deny and your current rules set will stop functioning. 2. You are using the simplest of the rule types 'state-less'. Using this type of rules you have to not only have a rule to allow the packet out you also have to have a rule to allow the packet in. See rules 220 230 of your posted rule set to see how it should be done. 3. There are 3 classes of rules, each class has separate packet interrogation abilities. Each proceeding class has greater packet interrogation abilities than the previous one. These are stateless, simple stateful, and advanced stateful. The advanced stateful rule class is the only class having technically advanced interrogation abilities capable of defending against the flood of different attack methods currently employed by perpetrators. Stateless and Simple Stateful IPFW firewall rules are inadequate to protect the users system in today's internet environment and leaves the user unknowingly believing they are protected when in reality they are not. 4. The advanced stateful rule option keep-state works as documented only when used in a rule set that does not use the divert rule. Simply stated the IPFW advanced stateful rule option keep-state does not function correctly when used in a IPFW firewall that also is using the IPFW built in NATD function. For the most complete keep-state protection the other FIREWALL solution (IPFILTER) that comes with FBSD should be used. Just checkout the IPFW list archives and you will see this subject discussed in detail with out any solution forthcoming. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Redmond Militante Sent: Friday, January 31, 2003 8:18 AM To: [EMAIL PROTECTED] Subject: please comment on my nat/ipfw rules (resent) hi all i have my test machine set up as a gateway box, with ipfw/natd configured on it, set up to filter/redirect packets bound for a client on my internal network. external ip of my internal client is aliased to the outside nic of the gateway box gateway machine's kernel has been recompiled with: options IPFIREWALL options IPDIVERT options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_VERBOSE gateway's /etc/rc.conf looks like defaultrouter=129.x.x.1 hostname=hostname.com ifconfig_xl0=inet 129.x.x.1 netmask 255.255.255.0 #aliasing internal client's ip to the outside nic of gateway box ifconfig_xl0_alias0=inet 129.x.1.20 netmask 255.0.0.0 #inside nic of gateway box ifconfig_xl1=inet 10.0.0.1 netmask 255.0.0.0 gateway_enable=YES firewall_enable=YES #firewall_script=/etc/rc.firewall firewall_type=/etc/ipfw.rules natd_enable=YES #natd interface is outside nic natd_interface=xl0 #natd flags redirect any traffic bound for ip of www3 to internal ip of www3 natd_flags=-redirect_address 10.0.0.2 129.x.x.20 kern_securelevel_enable=NO . internal client's /etc/rc.conf looks like second machine's /etc/rc.conf: defaultrouter=10.0.0.1 ifconfig_xl0=inet 10.0.0.2 netmask 255.0.0.0 looks like this setup is working. the internal client is a basic webserver/ftp server. i am able to ftp to it, ssh to it, view webpages that it serves up, etc. with it hooked up to the internal nic of the gateway box. i am now trying to come up with a good set of firewall rules on the gateway box to filter out all unnecessary traffic to my internal network. the following is my /etc/ipfw.rules on the gateway box. -snip-- # firewall_type=/etc/ipfw.rules # enquirer ipfw.rules # NAT add 00100 divert 8668 ip from any to any via xl0 # loopback add 00210 allow ip from any to any via lo0 add 00220 deny ip from any to 127.0.0.0/8 add 00230 deny ip from 127.0.0.0/8 to any #allow tcp in for nfs shares #add 00301 allow tcp from 129.x.x.x to any in via xl0 #add 00302 allow tcp from 129.x.x.x to any in via xl0 #allow tcp in for ftp,ssh, smtp, httpd add 00303 allow tcp from any to any in 21,22,25,80,1 via xl0 #deny rest of incoming tcp add 00309 deny log tcp from any to any in established #from man 8 ipfw: allow only outbound tcp connections i've created add 00310 allow tcp from any to any out via xl0 #allow udp in for gateway for DNS add 00300 allow udp from 10.0.0.0/24 to 129.105.49.1 53 via xl0 #allow udp in for nfs shares #add 00401 allow udp from 129.x.x.x to any in recv xl0 #add 00402 allow udp from 129.x.x.x to any in recv xl0 #allow all udp out from machine add 00404 allow udp from any to any out via xl0 #allow some icmp types (codes not supported)
RE: Syslog Configuration Question
Add this local5.none; local6.none; local7.none /var/log/messages -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael K. Smith Sent: Friday, January 31, 2003 1:15 PM To: questions list Subject: Syslog Configuration Question Hello All: I am trying to set up a few facilities to receive syslog info from various network devices. In all cases, not only do the arriving packets get logged to the logfile configured, but they also get logged to /var/log/messages. I would like messages to be used only for system-related issues. I have included the relevant snippets from my syslog.conf file. Could someone please help me figure out what I'm doing wrong? Thanks, Mike *.err;kern.debug;auth.notice;mail.crit /dev/console *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages security.* /var/log/security auth.info;authpriv.info /var/log/auth.log mail.info /var/log/maillog lpr.info/var/log/lpd-errs cron.* /var/log/cron local5.* /var/log/switches.log local6.*/var/log/pix.log local7.*/var/log/routers.log -- Michael K. Smith NoaNet 206.219.7116 (work) 206.579.8360 (cell) [EMAIL PROTECTED] http://www.noanet.net To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: Syslog Configuration Question
Add this local5.none;local6.none;local7.none /var/log/messages No spaces between works -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael K. Smith Sent: Friday, January 31, 2003 1:15 PM To: questions list Subject: Syslog Configuration Question Hello All: I am trying to set up a few facilities to receive syslog info from various network devices. In all cases, not only do the arriving packets get logged to the logfile configured, but they also get logged to /var/log/messages. I would like messages to be used only for system-related issues. I have included the relevant snippets from my syslog.conf file. Could someone please help me figure out what I'm doing wrong? Thanks, Mike *.err;kern.debug;auth.notice;mail.crit /dev/console *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages security.* /var/log/security auth.info;authpriv.info /var/log/auth.log mail.info /var/log/maillog lpr.info/var/log/lpd-errs cron.* /var/log/cron local5.* /var/log/switches.log local6.*/var/log/pix.log local7.*/var/log/routers.log -- Michael K. Smith NoaNet 206.219.7116 (work) 206.579.8360 (cell) [EMAIL PROTECTED] http://www.noanet.net To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: copy a cd
I think your problem is this statement you made 'i don't think it is working' What do you mean by this?. The command you used copied the image.iso file to the cd. If you tried to boot from it of course it won't boot. To be able to boot you have to uncompress to ISO file into an FBSD directory tree format and the dd command does not do that. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Doug Poland Sent: Thursday, January 30, 2003 4:29 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: copy a cd Brian Henning said: i am trying to copy a data cd with dd if=/dev/acd0c of=/home/image.iso bs=2048 i don't think it is working... i don't have the error message, but the cd doesn't work when i burn it. can i somehow find out for sure if bs=2048 is correct ? is there any other info i need about the cd before i can copy it? http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/creating-c ds.html -- Regards, Doug To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: Syslog Configuration Question
By your question I see you think you are to replace to /var/log/messages line with this one. You are not to remove the original line but add this line following the original line. If I remember correctly this second line is like a continuation. If this does not work then read man syslog.conf for info on continuing a line. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael K. Smith Sent: Friday, January 31, 2003 2:19 PM To: [EMAIL PROTECTED] Cc: questions list Subject: Re: Syslog Configuration Question On Friday, January 31, 2003, at 10:35 AM, JoeB wrote: Add this local5.none;local6.none;local7.none /var/log/messages No spaces between works Thanks for the info above. Are there any important system messages that will be caught by this? I wouldn't want to miss something because I had stopped logging to messages for those facilities. Thanks, Mike To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: please comment on my nat/ipfw rules (resent)
# suggested is 32768 bytes. Change from 16384. In release 4.5 the defaults # for these values changed upwards to what they are below. net.inet.tcp.sendspace=32768 net.inet.tcp.recvspace=65536 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Redmond Militante Sent: Friday, January 31, 2003 3:37 PM To: JoeB; [EMAIL PROTECTED] Subject: Re: please comment on my nat/ipfw rules (resent) hi you've sold me :) do you have any good online tutorials to recommend for setting up a gateway/firewall/natd machine using ipfilter/ipnat? thanks redmond 1. Your firewall rules are not working at all, except for the natd redirect option. This is caused by the kernel compile time option IPFIREWALL_DEFAULT_TO_ACCEPT.This option tell your firewall that any packet that does not match a rule is allowed to pass on through the firewall. Comment out that option in your kernel options source and recompile your kernel to take the default of default-to-deny and your current rules set will stop functioning. 2. You are using the simplest of the rule types 'state-less'. Using this type of rules you have to not only have a rule to allow the packet out you also have to have a rule to allow the packet in. See rules 220 230 of your posted rule set to see how it should be done. 3. There are 3 classes of rules, each class has separate packet interrogation abilities. Each proceeding class has greater packet interrogation abilities than the previous one. These are stateless, simple stateful, and advanced stateful. The advanced stateful rule class is the only class having technically advanced interrogation abilities capable of defending against the flood of different attack methods currently employed by perpetrators. Stateless and Simple Stateful IPFW firewall rules are inadequate to protect the users system in today's internet environment and leaves the user unknowingly believing they are protected when in reality they are not. 4. The advanced stateful rule option keep-state works as documented only when used in a rule set that does not use the divert rule. Simply stated the IPFW advanced stateful rule option keep-state does not function correctly when used in a IPFW firewall that also is using the IPFW built in NATD function. For the most complete keep-state protection the other FIREWALL solution (IPFILTER) that comes with FBSD should be used. Just checkout the IPFW list archives and you will see this subject discussed in detail with out any solution forthcoming. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Redmond Militante Sent: Friday, January 31, 2003 8:18 AM To: [EMAIL PROTECTED] Subject: please comment on my nat/ipfw rules (resent) hi all i have my test machine set up as a gateway box, with ipfw/natd configured on it, set up to filter/redirect packets bound for a client on my internal network. external ip of my internal client is aliased to the outside nic of the gateway box gateway machine's kernel has been recompiled with: options IPFIREWALL options IPDIVERT options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_VERBOSE gateway's /etc/rc.conf looks like defaultrouter=129.x.x.1 hostname=hostname.com ifconfig_xl0=inet 129.x.x.1 netmask 255.255.255.0 #aliasing internal client's ip to the outside nic of gateway box ifconfig_xl0_alias0=inet 129.x.1.20 netmask 255.0.0.0 #inside nic of gateway box ifconfig_xl1=inet 10.0.0.1 netmask 255.0.0.0 gateway_enable=YES firewall_enable=YES #firewall_script=/etc/rc.firewall firewall_type=/etc/ipfw.rules natd_enable=YES #natd interface is outside nic natd_interface=xl0 #natd flags redirect any traffic bound for ip of www3 to internal ip of www3 natd_flags=-redirect_address 10.0.0.2 129.x.x.20 kern_securelevel_enable=NO . internal client's /etc/rc.conf looks like second machine's /etc/rc.conf: defaultrouter=10.0.0.1 ifconfig_xl0=inet 10.0.0.2 netmask 255.0.0.0 looks like this setup is working. the internal client is a basic webserver/ftp server. i am able to ftp to it, ssh to it, view webpages that it serves up, etc. with it hooked up to the internal nic of the gateway box. i am now trying to come up with a good set of firewall rules on the gateway box to filter out all unnecessary traffic to my internal network. the following is my /etc/ipfw.rules on the gateway box. -snip-- # firewall_type=/etc/ipfw.rules # enquirer ipfw.rules # NAT add 00100 divert 8668 ip from any to any via xl0 # loopback add 00210 allow ip from any to any via lo0 add 00220 deny ip from any to 127.0.0.0/8 add 00230 deny ip from 127.0.0.0/8 to any #allow tcp in for nfs shares #add 00301 allow tcp from 129.x.x.x to any in via xl0 #add 00302 allow tcp from 129.x.x.x to any in via xl0 #allow tcp
RE: UnInstalling
You do not uninstall FBSD, you just delete the FBSD partition on the hard drive -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Cain Saint Sent: Friday, January 31, 2003 12:40 PM To: [EMAIL PROTECTED] Subject: UnInstalling Hi. I would like to find out if it is possible to uninstall FreeDSB. If so, how do I do it. THanks htmlDIVEMI've found out why people laugh. They laugh because it hurts so much... because it's the only thing that'll make it stop hurting./EM/DIV/html _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: another go at natd
You have just fallen onto the unpublished secret that IPFW / NATD does not work with keep-state rules. If you use user ppp -nat so the NAT function is done outside of IPFW, then IPFW keep-state rules will function as documented. For true keep-state protection you are far better off using IPFILTER / IPNAT. Much much simpler to configure and use. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Redmond Militante Sent: Wednesday, January 29, 2003 10:28 PM To: [EMAIL PROTECTED] Subject: another go at natd hi all this is a followup to an email i sent out to the list a week or so ago. i was having trouble getting the following natd setup to work: ---snip-- two machines - one has two nics, one has one nic. i'd like to set up the machine with two nics as a gateway/natd box, and place the second machine behind it. gateway machine's kernel has been recompiled with: options IPFIREWALL options IPDIVERT options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_VERBOSE gateway machine's /etc/rc.conf: defaultrouter=129.x.x.1 hostname=enquirer.medill.northwestern.edu ifconfig_xl0=inet 129.x.x.35 netmask 255.255.255.0 ifconfig_xl1=inet 10.0.0.1 netmask 255.0.0.0 gateway_enable=YES firewall_enable=YES #firewall_script=/etc/rc.firewall firewall_type=OPEN natd_enable=YES natd_interface=xl0 natd_flags= second machine's /etc/rc.conf: defaultrouter=10.0.0.1 ifconfig_xl0=inet 10.0.0.2 netmask 255.0.0.0 'ipfw list' on the gateway machine gives me: 00050 divert 8668 ip from any to any via xl0 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 65000 allow ip from any to any 65535 allow ip from any to any i'm following the instructions in the handbook http://www.freebsd.org/doc/en_US.IS...dbook/natd.html snip- -turns out my setup above was exactly right. i was informed by various members of the list that my original problem was that i was running a connection from the client machine directly to the internal nic on the gateway box, and all i needed to do was to run everything through a hub to get it to work. so, i'm nat'ing. i'm redirecting packets to my internal lan on the gateway box. i guess my question to the list would be: is a vanilla natd setup like this enough? today, i tried changing firewall_type to '/etc/ipfw.rules' instead of OPEN, it's been problematic. i'm having trouble getting the following /etc/ipfw.rules file working with my nat setup: add 00100 allow ip from any to any via lo0 add 00200 deny ip from any to 127.0.0.0/8 add 00300 check-state add 00301 allow tcp from 129.x.x.20 to any in setup keep-state add 00302 allow tcp from 10.0.0.2 to any in setup keep-state #allow tcp in for ftp,ssh, smtp, httpd add 00304 allow tcp from any to any 21 in setup keep-state add 00305 allow tcp from any to any 22 in setup keep-state add 00306 allow tcp from any to any 25 in setup keep-state add 00307 allow tcp from any to any 80 in setup keep-state #allow tcp in for webmin port add 00308 allow tcp from any to any 1 in setup keep-state #deny rest of incoming tcp add 00309 deny log tcp from any to any in established #from man 8 ipfw: allow only outbound tcp connections i've created add 00310 allow tcp from any to any out setup keep-state #allow udp in for gateway for DNS add 00400 allow udp from 129.105.49.1 to any in recv xl0 add 00401 allow udp from 129.x.x.20 to any in recv xl0 add 00402 allow udp from 10.0.0.2 to any in recv xl0 #allow all udp out from machine add 00404 allow udp from any to any out #allow some icmp types (codes not supported) ##allow path-mtu in both directions add 00500 allow icmp from any to any icmptypes 3 ##allow source quench in and out add 00501 allow icmp from any to any icmptypes 4 ##allow me to ping out and receive response back add 00502 allow icmp from any to any icmptypes 8 out add 00503 allow icmp from any to any icmptypes 0 in ##allow me to run traceroute add 00504 allow icmp from any to any icmptypes 11 in add 00600 deny log ip from any to any sorry, this is long winded. any comments on how to get the above rules working with my nat setup, or if these measures are even necessary would be greatly appreciated. thanks redmond To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: Fixit instructions
Hay aren't you forgetting the most important usage. Use the fixit cdrom to boot small running FBSD environment so you can restore your tape backup to the failed hard drive, or dd your bkup image. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Mike Meyer Sent: Thursday, January 30, 2003 9:54 AM To: [EMAIL PROTECTED] Cc: Chuck Swiger; Giorgos Keramidas; [EMAIL PROTECTED] Subject: Re: Fixit instructions In [EMAIL PROTECTED], [EMAIL PROTECTED] typed: Quoting Mike Meyer [EMAIL PROTECTED]: You don't have to boot the fixit cd - just mount it and look. I'm sure that what you will find on the CD is a pretty complete FreeBSD system, with the layout described in the hier man page. Close, but... root@BAPhD ~ #ls /cdrom .cshrc bin etc modules sys .profilebootfilename.txtproc tmp COPYRIGHT cdrom.inf floppiesroot usr CVS-REPOcommercekernel.GENERIC rr_moved var README.TXT dev mnt sbin Note the absence of mnt2 and stand, both of which I was aked to examine. Those directories are set up on booting the cdrom and entering Fixit mode. bin, sbin and usr/bin on the cd are indeed readable ( and extensive) directly from the CD. Right. Those aren't on the fixit disk, they are on the root file system used by the boot process. That's a stripped system file system used for installing FreeBSD. It mounts the fixit cdrom to give you the rest of the FreeBSD world. I don't mean to be difficult or over-demanding about this, especially to people who are offering help, but what I was expecting was trhat some helpful guru would have prepared a Fixit Handbook which might have chapters like Repairing a corrupt partition table and Restoring a lost directory and ... whatever. Perhaps the book Chuck suggested would do that. If such a book exists, I don't know about it. Part of the problem is that the commands for this only exist at two levels: the straightforward (you want fsck), and the incredibly baroque world of hex file editors that you're going to point at the disk. One handles all the cases you are liable to run into in real life. The other requires an intimate knowledge of the on-disk file structure, and a hex calculator - and even then what you are doing is incredibly risky. Reading man pages doesn't tell me with any clarity which commands go with what do do something. One really needs far more knowledge than I have to make sense of it all. On the other hand, a reading guide might do a lot of good, and makes a lot of sense. Something that says things like For problems with DOS partitions (aka slices), see fdisk(8), boot0cfg(8) and /usr/include/sys/disklabel.h. For problems with FreeBSD partitions, see disklabel(8) and /usr/include/sys/disklabel.h. For problems with the file system, see fsck(8), /usr/include/ufs/ufs/dinode.h and /usr/include/ufs/ufs/dir.h. Come to think of it, about the only reason one should be mounting the fixit CDROM is because your root file system is screwed. I think I just covered everything you need to know about fixing broken file systems. The problem is, that's not complete. You may need to know how to create dev entries - at least on 4.7. You'll want to know about mount in order to mount working file systems, and to check the broken file system once you've fixed it. If the breakage causes you to change what's mounted where, I tend to fix that in fixit mode with ed, so you may want to know about that. Maybe what's needed is an Essential BSD commands handbook entry, that covers the lists the commands available in Fixit mode that are actually useful for fixing a broken system? mike -- Mike Meyer [EMAIL PROTECTED] http://www.mired.org/consulting.html Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: disconnecting nic
The problem you describe is becoming common in the 4.x versions of FBSD. I have seen these solutions voiced previously in this list. 1. Check the PC's bios, look for a toggle to disable plug-n-play function. 2. Check that your PCI Nic card is not in the first or last PCI expansion slot on the motherboard. 3. There is a problem with autonegotiation of the media settings between your NIC and your switch. The default setting of auto means the Nic card should sense the Lan for the switch or hub and set it's media type to match. There have been reports of the Nic Card media type changing on the fly between 10/100 and halfduplex and fullduplex causing the network to freeze up. To stop this use the ifconfig command in the rc.conf file to force the media type. Like this ifconfig_xl0=inet 10.0.10.2 media 100baseTX mediaopt full-duplex 4 add option PCI_ENABLE_IO_MODES to your kernel source and recompile. See LINT 5. add device puc option PUC_FASTINTR to your kernel source and recompile. See LINT 6. Follow bug fix using this url http://www.freebsd.org/cgi/query-pr.cgi?pr=40636 Try one of the above one at a time until your problem goes away. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Wayne Swart Sent: Wednesday, January 29, 2003 10:12 AM To: FreeBSD Mailing list Subject: disconnecting nic Good day all you smart ppl I seem to have an unsolvable (unsovable only in my small world) problem. i have posted this problem to you guys before but no one was able to help me with it :( i have two network cards in my box (freebsd 4.7), both are accton 1207f (dc type) running at 100baseTX full-duplex. as soon as i send high volumes of data through dc0 to another box on the lan, like for instance over an ftp connection, dc0 looses its connectivity by doing an ifconfig dc0 down, and then up again, it brings the connection back up only to see it fail after a minute or so. if i remove dc1 completely from the box it works fine could this be because of irq conflicts even though dc0 and dc1 are not using the same irq's? please help me kind regards wayne To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Is the Kernel device config visual interface still necessary
When using the FBSD bootable CDROM to install FBSD the first thing to display on the screen is the 'Kernel configuration menu'. The handbook says to select the 'Start kernel configuration in full-screen visual mode' which takes you to the 'Kernel Device Configuration Visual Interface' screen that always has 7 irq conflicts. The 7 conflicts are built into FBSD because the Nic cards the irq conflicts are on are all old style ISA cards, and just responding with a Q to quite without deleting the conflicts causes no problems. This seems like it's no longer necessary to stop at this screen and that at the first screen 'Kernel configuration menu' the 'Skip kernel configuration and continue with installation' option should be the one taken. My question, what purpose does the 'Kernel Device Configuration Visual Interface' screen serve and can people safely use the 'Skip kernel configuration and continue with installation' from the 'Kernel configuration menu'? Thanks for your help Joe To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: PPP strangeness - hosed my /etc/hosts file
Add this to ppp.conf
disable iface-alias# Stop adding old IP addr as alias when ppp
# redials because line was lost. These old
ips
# showed using ifconfig -a on tun0.
iface clear# Remove all previous IP address
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Louis
LeBlanc
Sent: Wednesday, January 22, 2003 12:49 PM
To: FreeBSD Questions
Subject: PPP strangeness - hosed my /etc/hosts file
Hey all. I've been with Verizon DSL for 3 or 4 months now, and just
when I think I'm getting things right, I start seeing some really
screwy behavior. ifconfig shows the following for the PPP interface
(tun0)
tun0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1492
inet6 fe80::2a0:c9ff:fe74:12a3%tun0 prefixlen 64 scopeid 0x8
inet 68.160.2.89 -- 10.9.64.1 netmask 0xff00
inet 68.160.25.67 -- 10.9.76.1 netmask 0xff00
Opened by PID 67
The weird thing is that the first IP is not valid. I'm sure this is
not supposed to be the case, but I don't know how I should fix it.
My
/etc/hosts and httpd.conf files were hosed because of it, so I'm
going
to have to figure out how to spot this problem in the scripts, and
at
least warn about it, if not fix it on the fly.
My domain is served via zoneedit.com, and when a lookup is done of
the
domain, it shows the latter IP. Neither IP is pingable, but the
machine is accessible via the IP in the zoneedit servers, and not
the
other.
Is it normal for this to happen? There was a power cut last week,
and
I had to run some manual disk checks before everything came up
again.
Is there an easy way to simply release everything and restart ppp,
regrab the IP, and with any luck, restrict it to a single IP?
Right now, I'm grabbing the old and new IP addresses as follows:
OLD_IPADDRESS=`cat /var/db/ppp.ip`
if [ -n ${OLD_IPADDRESS} ]; then
echo Old IP Address: ${OLD_IPADDRESS}
fi
NEW_IPADDRESS=`/sbin/ifconfig tun0 | grep netmask | awk '{print
$2}'`
if [ -n ${NEW_IPADDRESS} ]; then
echo New IP Address: ${NEW_IPADDRESS}
echo Saving New Address
echo ${NEW_IPADDRESS} /var/db/ppp.ip
fi
if [ ${OLD_IPADDRESS} != ${NEW_IPADDRESS} ]; then
. . .
/var/db/ppp.ip had both IPs shown in the ifconfig output shown
above,
so I'm probably going to have to change that NEW_IPADDRESS= line to
ensure I only get the last IP. But can I be sure the last one is
always the right one?
TIA
Lou
--
Louis LeBlanc [EMAIL PROTECTED]
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org ԿԬ
Actual war is a very messy business. Very, very messy business.
-- Kirk, A Taste of Armageddon, stardate 3193.0
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
RE: PPP strangeness - hosed my /etc/hosts file
I take it you mean that you added iface clear to the ppp.linkdown? I thought I was supposed to add it to ppp.conf. I'm also trying to figure out the best way to kill ppp and restart the connection clean without having to reboot the machine. Any ideas there? Thanks a lot for the reply. Lou ** ppp.linkdown is an older way of doing the same thing as putting it in the ppp.conf both ways work Killall ppp will stop user ppp ppp -direct incoming -nat incoming is the section name in your ppp.conf where your account id and password is coded. -nat turns on Network Address Translation To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Long msdos names
The mount_msdos has a -l option to force the use of msdos long names. Below is my fstab file and mount points /a /c are msdos file types. Is there some way in the fstab file to specify long msdos names? # DeviceMountpoint FStype Options DumpPass# /dev/ad0s2b noneswapsw 0 0 /dev/ad0s2a / ufs rw 1 1 /dev/ad0s2f /tmpufs rw 2 2 /dev/ad0s2g /usrufs rw 2 2 /dev/ad0s2e /varufs rw 2 2 /dev/acd0c /cdrom cd9660 ro,noauto0 0 /dev/acd1c/cdrom1 cd9660 ro,noauto 0 0 /dev/fd0 /a msdos rw,noauto 0 0 /dev/ad0s1/c msdos rw,noauto 0 0 proc/proc procfs rw 0 0 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
list of fbsd console commands
I have reviewed the FBSD handbook and can not find any documentation listing all the FBSD console commands. Are they documented some where? Is there some way using the man command to list all the man files in the man directory? To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
what is mtree command used for
Read man mtree, but it does not describe when or for what purpose you would use the mtree command. Would someone explain when to use the mtree command? To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: Possible attack?
Just some body knocking at your front door. What this means is you have ports 20 21 open and your were port scanned. You have to add some rules to your firewall. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jim Freeze Sent: Friday, January 17, 2003 9:35 AM To: FreeBSD Questions Subject: Possible attack? Hi: I got an interesting log report today. Has anyone seen such messages lately? Jan 14 12:59:52 rabbit /kernel: ipfw: limit 100 reached on entry 64000 Jan 14 17:39:13 rabbit ftpd[1502]: ANONYMOUS FTP LOGIN REFUSED FROM p5089A961.dip.t-dialin.net Jan 14 17:39:13 rabbit ftpd[1503]: ANONYMOUS FTP LOGIN REFUSED FROM p5089A961.dip.t-dialin.net Jan 15 12:15:21 rabbit sm-mta[3937]: h0FHFIJI003936: Truncated MIME Content-Disposition header due to field size (length = 25) (possible attack) Jan 15 17:33:03 rabbit ftpd[4434]: ANONYMOUS FTP LOGIN REFUSED FROM pD9E60C0F.dip.t-dialin.net Jan 15 17:33:04 rabbit ftpd[4435]: ANONYMOUS FTP LOGIN REFUSED FROM pD9E60C0F.dip.t-dialin.net Jan 15 23:59:48 rabbit sm-mta[5210]: h0G4xkJI005209: Truncated MIME Content-Disposition header due to field size (length = 22) (possible attack) -- Jim Freeze -- It's not Camelot, but it's not Cleveland, either. -- Kevin White, mayor of Boston To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: different ipfw/natd prob
Do you really have named Domain server configured? If not remove named_enable=YES If you really do not want sendmail it should be sendmail_enable=NONE From your description I see no reason for any of the router_ options You don't need this either network_interfaces=lo0 fxp0 dc0 ifconfig_lo0=inet 127.0.0.1 Your rule set is missing the divert rule to send all packets to ipfw's built in nat function inferface module. allow ip from any to any via lo0 divert natd all from any to any via dc0 add this rule allow all ip from any to any deny ip from any to any -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Stephen D. Kingrea Sent: Friday, January 17, 2003 8:53 AM To: Bill Moran Cc: [EMAIL PROTECTED] Subject: Re: different ipfw/natd prob following is rc.conf, /etc/natd.conf, ifconfig, ipfw show rc.conf inetd_enable=YES kern_securelevel_enable=NO linux_enable=YES tcp_extensions=YES named_enable=YES sendmail_enable=NO portmap_enable=YES router_enable=yes router=/sbin/routed router_flags=-q defaultrouter=68.abc.de.1 hostname=www.kingrea.com network_interfaces=lo0 fxp0 dc0 ifconfig_lo0=inet 127.0.0.1 ifconfig_dc0=inet 68.abc.de.14 netmask 255.255.255.0 media 10baseT/UTP ifconfig_fxp0=inet 192.168.2.1 netmask 255.255.255.0 firewall_enable=YES firewall_type=OPEN gateway_enable=YES natd_enable=YES natd_interface=dc0 natd_flags=-f /etc/natd.conf natd.conf interface dc0 use_sockets yes same_ports yes ifconfig dc0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet 68.abc.de.14 netmask 0xff00 broadcast 68.abc.de.255 inet6 fe80::204:5aff:fe5a:9987%dc0 prefixlen 64 scopeid 0x1 ether 00:04:5a:5a:99:87 media: Ethernet 10baseT/UTP status: active fxp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet 192.168.2.1 netmask 0xff00 broadcast 192.168.2.255 inet6 fe80::2a0:c9ff:fe5c:3738%fxp0 prefixlen 64 scopeid 0x2 ether 00:a0:c9:5c:37:38 media: Ethernet autoselect (100baseTX) status: active lp0: flags=8810POINTOPOINT,SIMPLEX,MULTICAST mtu 1500 faith0: flags=8002BROADCAST,MULTICAST mtu 1500 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 inet 127.0.0.1 netmask 0xff00 ppp0: flags=8010POINTOPOINT,MULTICAST mtu 1500 sl0: flags=c010POINTOPOINT,LINK2,MULTICAST mtu 552 ipfw show 00100 0 0 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65000 4208345040 all ip from any to any 65535 0 0 deny ip from any to any thanks for assistance! stephen d. kingrea On Fri, 17 Jan 2003, Bill Moran wrote: Stephen D. Kingrea wrote: i have a slightly different ipfw/natd problem. machines on the lan can ping internal nic on the server (fbsd 4.7), and the external nic, but can not ping or reach anything outside. unless i telnet into the server, then telnet out. currently running ipfw open until problem is solved. server can ping all machines on lan. On a wild guess, it sounds like your divert rule is wrong. Need more information to help with this. Please repost to the list and include the following: The output of 'ipfw show' The output of 'ifconfig' The contents of your rc.conf file -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: Bootable CDs (was Re: Interest in diskless booting?)
Have you been able to get any of the methods to work repeatable? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Warren Block Sent: Sunday, December 08, 2002 9:16 PM To: Garance A Drosihn; [EMAIL PROTECTED] Cc: FreeBSD Questions Subject: Bootable CDs (was Re: Interest in diskless booting?) On Sun, 8 Dec 2002, Garance A Drosihn wrote: One of the students here at RPI worked on a project for the custom cd-rom idea. It's at http://www.sourceforge.net/projects/freebsdtogo/ I've spent the weekend experimenting with the various methods of making bootable FreeBSD CDs. LiveCD died with an unlogged error just before it was ready to build an ISO. The project at http://www.bsdtoday.com/2002/March/Features646.html went farther, but booted the CD into sysinstall. freebsdtogo has worked the best so far, although there were some missing boot files that needed to be copied. After that, it actually produced a bootable CD. I'm going to work on it some more, and try to work up at least a checklist. In the meantime, here are my notes: (Note to potential users: some of this is speculation and reading between the lines. Consider it untested. Lawrence, please feel free to include this with your project if you like.) CD to /home and untar the freebsdtogo archive. It'll create a togo directory. Bundles are directory trees of changes that will be made to the target tree before the CD image is created. There's a default bundle in the /home/togo/bundles directory. The copy subdirectory contains files which will be copied over existing ones. For example, the file copy/etc/rc.conf would be copied over the sysinstall-generated rc.conf. Packages (ports-type *.tgz packages) placed in the packages subdirectory will be installed to the target tree before the CD is created. The patch directory contains patches that will be made to the original files, and the postpatch.sh script will be run afterwards. rwmounts is a list of directories that will be created as memory filesystems. You'll probably want to either modify the default bundle directly, or copy it, modify it, and give the bundle a new name. Basic procedure: Update or create bundle as described above. cd /usr/src make buildworld cd /usr/src make buildkernel qcp -pR /boot /home/togo/trees/bin make iso (add BUNDLE=mybundlename if you're not using default) The ISO file ends up in /home/togo/build/default/cdimage.iso, or /home/togo/build/mybundlename/cdimage.iso if you've used a different bundle name. -Warren Block * Rapid City, South Dakota USA To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: /usr/src/UPDATING - Solution
Matthew Thank you for the last bit of info. Yes what I wanted is available at http://www.freebsd.org/cgi/cvsweb.cgi/src/UPDATING but the missing key was that one has to scroll to the bottom of the UPDATING file to find the selection options. This must be an programming error by who ever coded that web page. The selections options should be at the top of the screen display not at the bottom where most people will never find it. Thanks again to all that replied to my question Joe -Original Message- From: Scott Mitchell [mailto:[EMAIL PROTECTED]] Sent: Monday, January 13, 2003 4:31 PM To: JoeB Cc: [EMAIL PROTECTED]; Matthew Seaman Subject: Re: /usr/src/UPDATING On Mon, Jan 13, 2003 at 08:22:41PM +, Matthew Seaman wrote: On Mon, Jan 13, 2003 at 01:00:20PM -0500, JoeB wrote: Thanks this is what I was looking for, But after viewing the URL you posted I see info for all the releases of FBSD. I thought the /usr/src/UPDATING file that was on the install CD for FBSD 4.7 only contained the detail info on the updates to create FBSD 4.7 since the FBSD 4.6 release was frozen? The UPDATING file dates back to before 4.0-RELEASE, and contains notes of various modifications to the source that may cause problems to people updating their systems, as well as various other notes useful in that situation. Did you perhaps mean the release notes: http://www.freebsd.org/releases/4.7R/relnotes-i386.html which list the changes made to the system since the previous release? Cheers, Matthew Or, if you just wanted the version of UPDATING that was on the 4.7 CDs, scroll to the bottom of http://www.freebsd.org/cgi/cvsweb.cgi/src/UPDATING, select 'RELENG_4_7' in the 'View only Branch' box and hit the 'Set' button. I assume that the CDs would have been cut using the RELENG_4_7_0_RELEASE tag, so the version you want is probably the last one on the page, 1.73.2.74. I suspect Matthew is right and you were really looking for the release notes, though. Scott -- === Scott Mitchell | PGP Key ID | Eagles may soar, but weasels Cambridge, England | 0x54B171B9 | don't get sucked into jet engines [EMAIL PROTECTED] | 0xAA775B8B | -- Anon To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: ipfw and dhcp.
Your first problem is you are confused about what you are talking about. You state you are using IPFW but you give firewall rule for IPFILTER. IPFW IPFILTER are 2 different firewall software applications. Verify what you really have installed and post the contents of your /etc/rc.conf file for us to see. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Gary D Kline Sent: Monday, January 13, 2003 12:24 AM To: FreeBSD Mailing List Subject: ipfw and dhcp. When I installed ipfw recently, my wife complained that she couldn't reach outside. --She has a DOS/Win laptop that is plugged into my hub. It works fine without enabling the DHCP line in my ipf firewall. If I translate this line into ipfw, should dhcp bgin working for an arbitrary line:: # use next line if ISP uses DHCP # pass in quick on dc0 proto udp from X.X.X.X/32 to any port = 68 keep state ?? My other systems are presently hard-wired. Any ideas, pointers, thoughts, guesses very welcome. thanks in advance, everybody, gary -- Gary Kline [EMAIL PROTECTED] www.thought.org Public service Unix To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
/usr/src/UPDATING
I have installed FBSD 4.7 using cdrom and /stand/sysinstall, selected standard install with user distribution which does not install any source. This install config does not install /usr/src/UPDATING directory. Where else can I find this info?? To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
ipfilter/ipmon log msgs
I have read both the Freebsd.org online man page and the man page installed on my FBSD 4.7 system for man ipmon and the man page info does not match the syntax of the ipfilter.log messages. Man ipmon says than when option -s is selected to send ipfilter log messages to syslogd the day, month, year prefix is removed from the message before posting to syslogd. This does not happen. I also see that the message posted in the syslogd contains the pid (running task number of ipmon) in the posted message. This is not documented in man ipmon. FBSD 4.7 contains a updated release of ipfilter. Is it possible that the FBSD man page info was not updated to the new release? To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: /usr/src/UPDATING
You misunderstand me. I am not interested in loading the complete FBSD source just to get /usr/src/UPDATING Can it be downloaded standalone of the source or is this info retrievable from Freebsd.org someplace? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Thomas Spreng Sent: Monday, January 13, 2003 11:50 AM To: FBSDQ Subject: Re: /usr/src/UPDATING Hi, On Mon, Jan 13, 2003 at 11:42:27AM -0500, JoeB wrote: I have installed FBSD 4.7 using cdrom and /stand/sysinstall, selected standard install with user distribution which does not install any source. This install config does not install /usr/src/UPDATING directory. Where else can I find this info?? get the source either via /stand/sysinstall or via cvsup (prefered). This will get you /usr/src/UPDATING. cheers, Tom To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: /usr/src/UPDATING
Thanks this is what I was looking for, But after viewing the URL you posted I see info for all the releases of FBSD. I thought the /usr/src/UPDATING file that was on the install CD for FBSD 4.7 only contained the detail info on the updates to create FBSD 4.7 since the FBSD 4.6 release was frozen? How or where can I find the UPDATING detail info just for selected FBSD version without having to load the complete FBSD sources from CD? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Giorgos Keramidas Sent: Monday, January 13, 2003 12:09 PM To: JoeB Cc: [EMAIL PROTECTED] Subject: Re: /usr/src/UPDATING On 2003-01-13 12:05, [EMAIL PROTECTED] (JoeB) wrote: You misunderstand me. I am not interested in loading the complete FBSD source just to get /usr/src/UPDATING Can it be downloaded standalone of the source or is this info retrievable from Freebsd.org someplace? Ahh... I see! Then you can find any version of the file over the Web at: http://cvsweb.freebsd.org/src/UPDATING To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
execution sequance of IPFW/IPFILTER when used together
Informational post for the archives From [EMAIL PROTECTED] who wrote We actually found it goes: Internal private Net - NIC - IPF+NAT - IPFW - Public internet World Public internet World - IPF+NAT - IPFW - NIC - Internal Private net Suffice to say, IPF+NAT always sees the packets first This is way to use ipfilter to perform the nat function and ipfw dummynet To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: Apache_fp Port install problem
I installed apache-fp on newly install FBSD 4.7 system that was installed from cd without any compt selected from /stand/sysinstall process and apache-fp was the first port installed on this system and in went in with no problem. You must have an older version of compt3 on your FBSD system that is causing the problem. If you installed compatibility from the /stand/sysinstall process during the original install then I believe the ports/make environment does not know about it and the only solution is to reinstall FSBD from cd. The other problem area is that you may have a old version of compt3 on your ports installed environment and if so, you will have to find which of your installed ports has compt3 as a pre-rec, deinstall all the ports using it, delete compt3 from /usr/ports/distfiles, and then make the ports again. Or install portupgrade and let it do all the detail work for you. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of G D McKee Sent: Monday, January 13, 2003 5:20 PM To: [EMAIL PROTECTED]; Jack L. Stone; Matthew Seaman; [EMAIL PROTECTED] Subject: Re: Apache_fp Port install problem Hi I have just cvsupped today and get the error - are you saying to add the COMPT3 into make.conf cd /usr/src make clean and rm -rf /usr/obj to get it to work? Is there not a few files I can copy to get it working? Many thanks Gordon - Original Message - From: JoeB [EMAIL PROTECTED] To: Jack L. Stone [EMAIL PROTECTED]; Matthew Seaman [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Sunday, January 12, 2003 5:02 PM Subject: RE: Apache_fp Port install problem At 12:03 PM 1.12.2003 +, Matthew Seaman wrote: On Sat, Jan 11, 2003 at 12:01:44PM -0600, Jack L. Stone wrote: At 05:44 PM 1.11.2003 +, Matthew Seaman wrote: On Sat, Jan 11, 2003 at 11:31:22AM -0600, Jack L. Stone wrote: I just updated from FBSD-4.5 to 4.7 on a server running apache_fp.1.26. The update somehow has broken the FP extensions (ugh!). I have tried a number of fixes, including portupgrade, but get a checksum error there. Have tried to rerun the present install of FP using fp_install.sh, but get this error: Who should own web root web on port 80 [www]: What should the group for web root web on port 80 be [www]: /usr/libexec/ld-elf.so.1: /usr/lib/libm.so.2: Undefined symbol __stderrp ERROR: Unable to chown web root web in port 80 Hit enter to continue I'm also seeing the __stderrp error in my httpd-error.log whenever I try to login to FP. So, something has changed in the FBSD-4.5-4.7 update and I've never seen this error, so don't know what needs to be fixed. I have another server running apache_fp.1.27 on FBSD.4.7 just fine. It's looking like an uninstall/reinstall completely for apache+fp didn't want to have to do that on a box with a bunch of virtual hosts. Has anyone seen the above problem on similar installs...??? /usr/src/UPDATING says: 20021110: The definitions of the standard file streams (stdio, stdout, and stderr) have changed so that they are no longer compile-time constants. Some older binaries may require updated 3.X compatability libraries (for example, by setting COMPAT3X=yes for a buildworld/installworld). Alternatively to doing a buildworld with COMPAT3X=yes, you could install the misc/compat3x port. Good grief! I read the UPDATING as always, but this one did NOT sink in! Thank you so much for pointing me in the right direction before I shot myself in the foot If I go the misc/compat3x port route, I assume I need to redo the buildword?? If so, then I might as well include the COMPAT3X=yes in the make.conf. All that setting COMPAT3X=yes does is cause the buildworld process to uudecode and install some precompiled copies of FreeBSD-3.x shared libraries --- see /usr/src/lib/compat/compat3x.i386 for what's available. Those libraries were originally just copied off a 3.x machine, but since then kernel changes in 4.x or 5.0 have meant that certain changes have had to be back ported to RELENG_3 in order to maintain compatibility between the 3.x shlibs and the kernel. Supplying those libraries by installing the port achieves exactly the same effect, but quicker. However, the choice is entirely up to you. In the long run, putting COMPAT3X into /etc/make.conf would be my choice, as my regular schedule of buildworlds would ensure everything was up to date. Once the 3.x shlibs are in place, the binary frontpage binary supplied with the apache-fp port should pick them up OK. The interface between the 3.x shlibs and any applications linked to them should remain exactly the same. Cheers, Matthew Matthew, thanks again for the reply. However, I've tried both methods of the compat3x on a test server, including and whole new build/installworld
RE: ipfilter/ipmon log msgs
Did ipf -V and the which command on both ipf ipmon and they are both in same directory. The only thing that look questionable is ipf -V says log flags: 0 = none set. Does this mean ipfilter_flags= or ipmon_flags=-Ds What is this talking about?? In rc.conf I have ipfilter_enable=YES ipfilter_flags= ipnat_enable=YES ipmon_enable=YES ipmon_flags=-Ds Is there a ipfilter web site that I can check man info page on ipmon to see if it has newer information that what FBSD has in it's man ipmon which would mean that the new man info was not updated into the new FBSD release of ipfilter which happened in FBSD 4.7 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Wayne Pascoe Sent: Monday, January 13, 2003 4:35 PM To: [EMAIL PROTECTED] Cc: FBSDQ Subject: Re: ipfilter/ipmon log msgs JoeB [EMAIL PROTECTED] writes: Man ipmon says than when option -s is selected to send ipfilter log messages to syslogd the day, month, year prefix is removed from the message before posting to syslogd. This does not happen. Firstly, ensure you're starting ipmon with the -Ds flags. This will put it in daemon mode and log through syslogd. I've had a problem with logfile formats in the past and this was because I was not running the correct version of ipmon. do sudo ipf -V Check the version. Then do which ipf Then check to see that the ipmon is running is in the same directory. Otherwise, post a sample log line... Regards, -- - Wayne Pascoe You know, it's simply not true that wars never settle anything - James Burnham To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: Apache_fp Port install problem
At 12:03 PM 1.12.2003 +, Matthew Seaman wrote: On Sat, Jan 11, 2003 at 12:01:44PM -0600, Jack L. Stone wrote: At 05:44 PM 1.11.2003 +, Matthew Seaman wrote: On Sat, Jan 11, 2003 at 11:31:22AM -0600, Jack L. Stone wrote: I just updated from FBSD-4.5 to 4.7 on a server running apache_fp.1.26. The update somehow has broken the FP extensions (ugh!). I have tried a number of fixes, including portupgrade, but get a checksum error there. Have tried to rerun the present install of FP using fp_install.sh, but get this error: Who should own web root web on port 80 [www]: What should the group for web root web on port 80 be [www]: /usr/libexec/ld-elf.so.1: /usr/lib/libm.so.2: Undefined symbol __stderrp ERROR: Unable to chown web root web in port 80 Hit enter to continue I'm also seeing the __stderrp error in my httpd-error.log whenever I try to login to FP. So, something has changed in the FBSD-4.5-4.7 update and I've never seen this error, so don't know what needs to be fixed. I have another server running apache_fp.1.27 on FBSD.4.7 just fine. It's looking like an uninstall/reinstall completely for apache+fp didn't want to have to do that on a box with a bunch of virtual hosts. Has anyone seen the above problem on similar installs...??? /usr/src/UPDATING says: 20021110: The definitions of the standard file streams (stdio, stdout, and stderr) have changed so that they are no longer compile-time constants. Some older binaries may require updated 3.X compatability libraries (for example, by setting COMPAT3X=yes for a buildworld/installworld). Alternatively to doing a buildworld with COMPAT3X=yes, you could install the misc/compat3x port. Good grief! I read the UPDATING as always, but this one did NOT sink in! Thank you so much for pointing me in the right direction before I shot myself in the foot If I go the misc/compat3x port route, I assume I need to redo the buildword?? If so, then I might as well include the COMPAT3X=yes in the make.conf. All that setting COMPAT3X=yes does is cause the buildworld process to uudecode and install some precompiled copies of FreeBSD-3.x shared libraries --- see /usr/src/lib/compat/compat3x.i386 for what's available. Those libraries were originally just copied off a 3.x machine, but since then kernel changes in 4.x or 5.0 have meant that certain changes have had to be back ported to RELENG_3 in order to maintain compatibility between the 3.x shlibs and the kernel. Supplying those libraries by installing the port achieves exactly the same effect, but quicker. However, the choice is entirely up to you. In the long run, putting COMPAT3X into /etc/make.conf would be my choice, as my regular schedule of buildworlds would ensure everything was up to date. Once the 3.x shlibs are in place, the binary frontpage binary supplied with the apache-fp port should pick them up OK. The interface between the 3.x shlibs and any applications linked to them should remain exactly the same. Cheers, Matthew Matthew, thanks again for the reply. However, I've tried both methods of the compat3x on a test server, including and whole new build/installworld and the latest 4.7-STABLE still hoses FrontPage. I even deleted and started from scratch on Apache+FP-1.27, but the FP install stops dead at trying to chown the uid:gid on the root web and gives the same error: /usr/libexec/ld-elf.so.1: /usr/lib/libm.so.2: Undefined symbol __stderrp ERROR: Unable to chown web root web in port 80 This caught me by surprise because I'd had FP running fine with FBSD-4.7 (RELEASE and STABLE) on other servers, but it was the installs JUST prior to the change date of 20021110. In fact they where only 5 days earlier. FP still doesn't understand what's going on apparently. Backing down to the installs prior to 20021110 makes FP happy again. Unfortunately, until I figure out the cure, I can't track 4.7-STABLE. As much as it is a pain, I must run FP for the users. No doubt others running FP must have seen this by now nothing else is affected and 4.7-STABLE runs fine otherwise (tried several machines). Any other thoughts, Matthew or from anyone much appreciated. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jack L. Stone Sent: Sunday, January 12, 2003 10:56 AM To: Matthew Seaman; [EMAIL PROTECTED] Subject: Re: Apache_fp Port install problem Jack: Last Thursday I installed apache-fp from the ports collection on newly installed FBSD 4.7 box and it installed without any problems. But remember a clean install also installs a clean copy of all the frontpage pre-rec's which COMPAT3X is one. If I remember correctly you also have a lot of other mods on apache-fp and that may have messed up the COMPAT3X version you though you were using. All I am saying is as of 1/09/03 the apache-fp port installs cleanly and functions correctly with
ipfilter/ipmon log msgs
I am using ipfilter for my firewall and ipmon to capture firewall error msgs. Where can I find description of the format of the ipmon msg text so I can decipher what the msgs are saying? To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
LS -L command, year created field contains hour:minute instead of year
The LS -L command will display the long info about files in a directory. FBSD 4.0 through 4.5 LS -L command would display among other things the month/day/year the file was created. FBSD versions 4.6 and 4.7 displays the hour:minute the file was created in the year field instead of the year. To me this looks like there is a bug in the routine that populates the file's creation date field upon creation of the file and the LS -L command is just displaying what it finds in the year field which has been populated with incorrect data. I am looking for confirmation of my interpretation of the problem from other FBSD users, before I submit PR on it. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
dig command for reverse dsn check
How do I check my ISP domain name to see if it's DNS server is configured correctly for email reverse DNS lookup? I have used dig isp-domain-name but I can not tell from what it displays what to look for to verify it's configured correctly. The dig display is lacking descriptive verbiage to identify what the information displayed means. Can someone help me please. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: LS -L command, year created field contains hour:minute instead of year
More info on problem. I have files created by FBSD 4.5 before 6/19/02 that have the year 2002 in the year field. When in moved to 4.6 6/21/02 I have files created during the rest of 2002 that have dates with the time in the year field. Now 1/5/03 I went to 4.7 and see the same problem. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of JoeB Sent: Tuesday, January 07, 2003 9:00 PM To: FBSDQ Subject: LS -L command, year created field contains hour:minute instead of year The LS -L command will display the long info about files in a directory. FBSD 4.0 through 4.5 LS -L command would display among other things the month/day/year the file was created. FBSD versions 4.6 and 4.7 displays the hour:minute the file was created in the year field instead of the year. To me this looks like there is a bug in the routine that populates the file's creation date field upon creation of the file and the LS -L command is just displaying what it finds in the year field which has been populated with incorrect data. I am looking for confirmation of my interpretation of the problem from other FBSD users, before I submit PR on it. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: dig command for reverse dsn check
On Tue, 7 Jan 2003, JoeB wrote: How do I check my ISP domain name to see if it's DNS server is configured correctly for email reverse DNS lookup? I have used dig isp-domain-name but I can not tell from what it displays what to look for to verify it's configured correctly. The dig display is lacking descriptive verbiage to identify what the information displayed means. Can someone help me please. I'd use: dig -x ip.ad.dr.ess PTR [@name.server] the ANSWER SECTION shows what DNS thinks is the reverse name for that IP. dig -x 66.26.76.83 ptr ; DiG 8.3 -x ptr ;; res options: init recurs defnam dnsrch ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 2 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUERY SECTION: ;; 83.76.26.66.in-addr.arpa, type = PTR, class = IN ;; ANSWER SECTION: 83.76.26.66.in-addr.arpa. 59m25s IN PTR rdu26-76-083.nc.rr.com. ;; AUTHORITY SECTION: 76.26.66.in-addr.arpa. 59m25s IN NSns1.nc.rr.com. 76.26.66.in-addr.arpa. 59m25s IN NSns2.nc.rr.com. ;; ADDITIONAL SECTION: ns1.nc.rr.com. 33m25s IN A 24.93.67.126 ns2.nc.rr.com. 33m25s IN A 24.93.67.127 ;; Total query time: 0 msec ;; FROM: pooh.ASARian.org to SERVER: default -- 127.0.0.1 ;; WHEN: Tue Jan 7 21:34:00 2003 ;; MSG SIZE sent: 42 rcvd: 146 Thanks for the quick reply, but I need some clarification MY email address = [EMAIL PROTECTED] My email server mail.clvhoh.adelphia.net dig -x 66.26.76.83 ptr what IP address to use in dig command? The ip address of the domain name or the email server? To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: Clone FreeBSD Partition
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Muller Petr Sent: Friday, December 13, 2002 5:44 AM To: '[EMAIL PROTECTED]' Subject: Clone FreeBSD Partition Hi, Is there any tool for cloning FreeBSD partiton with support fot FreeBSD file system, something like Symantec Ghost or DriveImage? Ghost and DriveImage have only sector by sector cloning for Unix system, but I need something better. Thanks for your help Petr Muller [EMAIL PROTECTED] This question gets asked all most every month. You should check the Questions archives before posting your questions. From the archives The question of using the Norton Ghost program to make an single flat image file of an hard drives partition containing FBSD has been asked many times on this list. UP until now the answer has all ways been that the benefits of using Ghost on a MS/win partition can not be achieved when used on a FBSD slice because the ghost created image file contains all the unused space as well as the used space. Jacob S. Barrett had the idea of zeroing out the unused space before running ghost so ghost will compress all the zero filled space resulting in an image file size and elapse run time comparable to what you would achieve on a MS/win partition. This is a great work around. Before running the Ghost program from native booted ms/dos you have to run this command on FBSD before shutting FBSD down. dd if=/dev/zero of=filler bs=1m ; rm filler Below is the original thread -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dan Nelson Sent: Friday, October 04, 2002 10:33 AM To: Jacob S. Barrett Cc: [EMAIL PROTECTED] Subject: Re: Block Zeroing Tool In the last episode (Oct 04, 2002), Jacob S. Barrett said: Is there a tool for FreeBSD that zeros the unallocated blocks on a filesystem? The company I work for has an image on demand system for our lab machines. This system relies on ghost which only supports file by file imaging on certain file systems. I want to take disk images of certain FreeBSD installations. Ghost will only take sector by sector images of FreeBSD partitions. Since it is doing this it stores all the junk unused blocks as well. This makes for a very large image even with high compression. If I can zero out the unused blocks before taking the image with high compression the image size should be much smaller. So, is there utility to zero out those blocks? Does this make sense? Is there a better way to take images of FreeBSD machines? dd if=/dev/zero of=filler bs=1m ; rm filler I also have tried to use ghost to make image backups of FBSD, but the image is the same size as the FBSD slice. Have you tested the solution posted above to zero out the unused disk space in the FBSD slice so ghost will only image bkup real data? Did it work like you hoped? Yes I have tested it, and it works great. Be sure to turn compression on to high to get the best results. Here is what I saw after zeroing the unallocated blocks using the dd command. FreeBSD partition size: 11G Allocated space: 6G Ghost image size: 3.4G Before zeroing out the images on this box were between 8-9G. Needless to say our IT guy is much happier that my box isn't chewing up 9G per image on the system anymore. And I am happy that imaging this machine only takes an hour now rather than 4. -Jake -- Jacob S. Barrett [EMAIL PROTECTED] www.amduat.net To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: firewall / natd problem I think
Put your mail server and apache server domain names in /etc/hosts file -Original Message- From: [EMAIL PROTECTED] [mailto:owner-freebsd-questions;FreeBSD.ORG]On Behalf Of Kenny Elliott Sent: Wednesday, November 13, 2002 10:42 AM To: [EMAIL PROTECTED] Subject: firewall / natd problem I think Hello Everyone. I have a problem that I just can't seem to figure out. I have a FreeBSD server connected to the internet via xl1 which is connected to a cable modem. This interface gets it's ip dynamicly via dhcp. Interface xl0 has an assigned ip address of 10.1.1.1 and is connected to an internal network. Clients on the internal network are given ip addresses in the 10.1.1.0/24 class C via dhcp. I use the homedns.org service to map the ip address that xl1 receives to eagle.homedns.org. I have configured natd to run on the server. rc.conf and ipfw output to follow I have an apache server running on this server and it is configured to respond to eagle.homedns.org. If I connect to the web server from the outside world it works correctly. However, if I attempt to connect to the web server from one of the internal clients the connection is VERY slow. Accessing outside web servers from the same client works without a problem speed is wuite acceptable. This client has the same problem (very slow) whne attempting to retreive it's mail from the pop server running on the freebsd box. Hopefully someone can point me in the right direction to get this corrected. Please excuse im if I am doing anything obviously wrong here. I'm not very familar with freebsd I mainly have experiance with Linux and Solaris. Thanks in advance. Kenny Contents of my rc.comf file: gateway_enable=YES natd_program=/sbin/natd natd_enable=YES natd_interface=xl1 natd_flags=-f /etc/natd.conf tcp_drop_synfin=YES # -- sysinstall generated deltas -- # saver=fire network_interfaces=xl0 xl1 lo0 pccard_ifconfig=NO pccard_mem=DEFAULT # -- sysinstall generated deltas -- # routerflags= ifconfig_xl0=inet 10.1.1.1 netmask 255.255.255.0 ifconfig_xl1=DHCP router=routed router_enable=YES hostname=eagle.homedns.org ldconfig_paths=/usr/lib /usr/local/lib /usr/local/X11R6/lib named_enable=YES firewall_enable=YES firewall_type=OPEN firewall_quiet=NO firewall_script=/etc/rc.firewall Output of ipfw -a l: 00100 31895 10126379 divert 8668 ip from any to any via xl1 00100 28211054 allow ip from any to any via lo0 00200 1 56 deny ip from any to 127.0.0.0/8 65000 31894 10126323 allow ip from any to any 65535 8 1482 deny ip from any to any To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: Can't connect to DNS servers -- Firewall prob?
Change rules so they look this. $fwcmd add allow udp from 66.135.144.2 53 to $oip $fwcmd add allow udp from 66.135.128.68 53 to $oip $fwcmd add allow tcp from 66.135.144.2 53 to $oip $fwcmd add allow tcp from 66.135.128.68 53 to $oip $fwcmd add allow udp from $oip to 66.135.144.2 53 $fwcmd add allow udp from $oip to 66.135.128.68 53 $fwcmd add allow tcp from $oip to 66.135.144.2 53 $fwcmd add allow tcp from $oip to 66.135.128.68 53 -Original Message- From: [EMAIL PROTECTED] [mailto:owner-freebsd-questions;FreeBSD.ORG]On Behalf Of C KH Sent: Tuesday, October 29, 2002 1:53 PM To: [EMAIL PROTECTED] Subject: Can't connect to DNS servers -- Firewall prob? I have 2 computers on a network -- one freebsd 4.7 and one slackware linux. The slackware linux box is able to connect to the DNS servers no problem, so I know it's not a problem with my ISP. My FreeBSD 4.7 box is unable to contact either primary or secondary nameservers. I have explicitly added these rules to my /etc/rc.firewall: $fwcmd add allow udp from 66.135.144.2 53 to $oip $fwcmd add allow udp from 66.135.128.68 53 to $oip $fwcmd add allow tcp from 66.135.144.2 53 to $oip $fwcmd add allow tcp from 66.135.128.68 53 to $oip (where $oip is my external IP address). Another possibly related thing is that on bootup, my server hangs indefinitely as the initializing hostname part. I need to hard break it with CTRL+C to continue bootup. Any ideas? I don't know how to tell if this is a larger problem with my server configuration or somethign to do with a firewall rule. Suggestions appreciated. _ Get faster connections -- switch to MSN Internet Access! http://resourcecenter.msn.com/access/plans/default.asp To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: server reboot's on it's own.
Replace the power supply. -Original Message- From: [EMAIL PROTECTED] [mailto:owner-freebsd-questions;FreeBSD.ORG]On Behalf Of Moti Levy Sent: Wednesday, October 23, 2002 2:41 PM To: [EMAIL PROTECTED] Subject: server reboot's on it's own. Hi to all , I can't belive it even as i write it but yes , i have a freebsd server that crashes I have upgraded to stable as i usualy do ( once a week ) . upgrade went smooth . than i run portupgrade which went smooth as well . ever since than my server began rebooting once every few hours and sometimes minutes :-( the logs show nothing out of the ordinary ( i have *.* to all.log in syslog.conf ) . I hae done the following since 1.cvsuped all sources 2.compiled GENRIC 3.replace motherboard and cpu 4.replaced memory any idea's or lids what should i look for ? [root@srv:root-uname -as FreeBSD srv 4.7-STABLE FreeBSD 4.7-STABLE #0: Fri Oct 18 13:10:30 EDT 2002 toor@srv:/usr/src/sys/compile/NEWSRV i386 I am running : apache + mysql +php4 cyrus-imap + postfix + procmail + spamassassin ipfilter that's it - Moti www.flncs.com - be careful what you wish for ... - To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: problem with network cards in server, plz help
The problem you describe is becoming common in the 4.x versions of FBSD. I have seen these solutions voiced previously in this list. 1. Check the PC's bios, look for a toggle to disable plug-n-play function. 2. Check that your PCI Nic card is not in the first or last PCI expansion slot on the motherboard. 3. There is a problem with autonegotiation of the media settings between your NIC and your switch. The default setting of auto means the Nic card should sense the Lan for the switch or hub and set it's media type to match. There have been reports of the Nic Card media type changing on the fly between 10/100 and halfduplex and fullduplex causing the network to freeze up. To stop this use the ifconfig command in the rc.conf file to force the media type. Like this ifconfig_xl0=inet 10.0.10.2 media 100baseTX mediaopt full-duplex 4 add option PCI_ENABLE_IO_MODES to your kernel source and recompile. See LINT 5. add device puc option PUC_FASTINTR to your kernel source and recompile. See LINT 6. Follow bug fix using this url http://www.freebsd.org/cgi/query-pr.cgi?pr=40636 Try one of the above one at a time until your problem goes away. I have two different cards on my Netfinity 5000 server, a pci Netgear FA311 (showing up as a NatSemi (sis0), and the onboard network card which seems to have an AMD chipset (pcn0). If I have the onboard ethernet card enabled at all and have an active cable connected to it and restart the computer it comes up on ukphy0, turns the pci error light on and I get no internet access which it later makes the computer reboot automatically without any warning. If I disable that card and put in a PCI Netgear card, have also tried other cards such as Intel or IBM cards, once in a while it will boot normally but every once in a while it will get hung up on the ukphy0 as well, giving me the same problem as the onboard network and reboot itself. At first I thought it was an IRQ problem but all of my devices now have individual IRQ's set in the bios and I'm still having this problem. I'm afraid to reboot this thing because I'm afraid it won't be coming back up. Below are from my dmesg, the first is when I have my onboard ethernet enabled and the second is when I have the netgear installed. Any help would be much appreciated on what to do with this problem. By the wayI'm running on FreeBSD 4.6.2 but also have this problem running 4.7, I it also usually hangs on the driver initialization during installation of the os. Dave Oct 4 21:11:36 hermes /kernel: pcn0: AMD PCnet/PCI 10/100BaseTX port 0x2180-0 x219f mem 0xfebfdc00-0xfebfdc1f irq 10 at device 9.0 on pci0 Oct 4 21:11:36 hermes /kernel: pcn0: Ethernet address: 00:06:29:39:bf:a9 Oct 4 21:11:36 hermes /kernel: miibus0: MII bus on pcn0 Oct 4 21:11:36 hermes /kernel: ukphy0: Generic IEEE 802.3u media interface on miibus0 Oct 4 21:11:36 hermes /kernel: ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100bas eTX-FDX, auto pcib1: ServerWorks NB6536 2.0HE host to PCI bridge on motherboard pci1: PCI bus on pcib1 sis0: NatSemi DP83815 10/100BaseTX port 0x4b00-0x4bff mem 0xc0fdf000-0xc0fd irq 5 at device 4.0 on pci1 sis0: Ethernet address: 00:a0:cc:76:d9:f1 miibus0: MII bus on sis0 ukphy0: Generic IEEE 802.3u media interface on miibus0 ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: pcAnywhere over ppp
Pcanywhere has to be run from a pc that has a public ip address to the other pc which also has to be on a public ip address. What I do is have the user of the pc I want to take over to dial out to the internet and establish it's connection, then start pcanywhere and configure it to wait for incoming connection request. On the pc I am using I configure pcanywhere with the high order public ip address numbers and pcanywhere then scans whole ip address block for a ip address that is pcanywhere aware. You really have to read the instruction that come with pcanywhere for details. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Lane Holcombe Sent: Wednesday, October 09, 2002 2:37 PM To: [EMAIL PROTECTED] Subject: pcAnywhere over ppp I have a number of clients for whom I periodicaly dial in to provide consulting services. In all cases I use ppp on FreeBSD 4.5. Many clients have RAS servers, AS/400 modems, and several other remote dial-in facilities. But one client uses pcAnywhere and I cannot seem to connect with it. Below is the /var/log/ppp.log file. Typically I can determine the cause of a rejected connection, but this time it is unclear. I see LCP: deflink: State change Stopped -- Closed but I can't figure out what causes it.: If anyone has experience with ppp over pcAnywhere modem connection then please clue me in. Thanks, lane Oct 9 12:59:11 joeandlane ppp[20895]: Phase: Using interface: tun0 Oct 9 12:59:11 joeandlane ppp[20895]: Phase: deflink: Created in closed state Oct 9 12:59:11 joeandlane ppp[20895]: tun0: Command: default: set speed 115200 Oct 9 12:59:11 joeandlane ppp[20895]: tun0: Command: default: set dial ABORT BUSY ABORT NO\sCARRIER TIMEOUT 5 AT OK-AT-OK ATE1Q0M1 OK \dATDT\T TIMEOUT 40 CONNECT Oct 9 12:59:11 joeandlane ppp[20895]: tun0: Command: default: set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 Oct 9 12:59:11 joeandlane ppp[20895]: tun0: Command: default: set timeout 360 Oct 9 12:59:11 joeandlane ppp[20895]: tun0: Command: thebank: set phone 199 Oct 9 12:59:11 joeandlane ppp[20895]: tun0: Command: thebank: set authname my.userid Oct 9 12:59:11 joeandlane ppp[20895]: tun0: Command: thebank: set authkey Oct 9 12:59:11 joeandlane ppp[20896]: tun0: Phase: PPP Started (auto mode). Oct 9 12:59:11 joeandlane ppp[20896]: tun0: Phase: bundle: Establish Oct 9 12:59:11 joeandlane ppp[20896]: tun0: Phase: deflink: closed - opening Oct 9 12:59:11 joeandlane ppp[20896]: tun0: Phase: deflink: Connected! Oct 9 12:59:11 joeandlane ppp[20896]: tun0: Phase: deflink: opening - dial Oct 9 12:59:11 joeandlane ppp[20896]: tun0: Chat: Phone: 199 Oct 9 12:59:11 joeandlane ppp[20896]: tun0: Chat: deflink: Dial attempt 1 of 1 Oct 9 12:59:11 joeandlane ppp[20896]: tun0: Chat: Send: AT^M Oct 9 12:59:11 joeandlane ppp[20896]: tun0: Chat: Expect(5): OK Oct 9 12:59:16 joeandlane ppp[20896]: tun0: Chat: Expect timeout Oct 9 12:59:16 joeandlane ppp[20896]: tun0: Chat: Send: AT^M Oct 9 12:59:16 joeandlane ppp[20896]: tun0: Chat: Expect(5): OK Oct 9 12:59:16 joeandlane ppp[20896]: tun0: Chat: Received: AT^M^M Oct 9 12:59:16 joeandlane ppp[20896]: tun0: Chat: Received: OK^M Oct 9 12:59:16 joeandlane ppp[20896]: tun0: Chat: Send: ATE1Q0M1^M Oct 9 12:59:16 joeandlane ppp[20896]: tun0: Chat: Expect(5): OK Oct 9 12:59:16 joeandlane ppp[20896]: tun0: Chat: Received: ATE1Q0M1^M^M Oct 9 12:59:16 joeandlane ppp[20896]: tun0: Chat: Received: OK^M Oct 9 12:59:16 joeandlane ppp[20896]: tun0: Chat: Send: ATDT199^M Oct 9 12:59:18 joeandlane ppp[20896]: tun0: Chat: Expect(40): CONNECT Oct 9 12:59:33 joeandlane ppp[20896]: tun0: Chat: Received: ATDT199^M^M Oct 9 12:59:33 joeandlane ppp[20896]: tun0: Chat: Received: CONNECT 115200^M Oct 9 12:59:33 joeandlane ppp[20896]: tun0: Phase: deflink: dial - carrier Oct 9 12:59:34 joeandlane ppp[20896]: tun0: Phase: deflink: /dev/cuaa0: CD detected Oct 9 12:59:34 joeandlane ppp[20896]: tun0: Phase: deflink: carrier - login Oct 9 12:59:34 joeandlane ppp[20896]: tun0: Phase: deflink: login - lcp Oct 9 12:59:34 joeandlane ppp[20896]: tun0: LCP: FSM: Using deflink as a transport Oct 9 12:59:34 joeandlane ppp[20896]: tun0: LCP: deflink: State change Initial -- Closed Oct 9 12:59:34 joeandlane ppp[20896]: tun0: LCP: deflink: State change Closed -- Stopped Oct 9 12:59:35 joeandlane ppp[20896]: tun0: LCP: deflink: LayerStart Oct 9 12:59:35 joeandlane ppp[20896]: tun0: LCP: deflink: SendConfigReq(1) state = Stopped Oct 9 12:59:35 joeandlane ppp[20896]: tun0: LCP: ACFCOMP[2] Oct 9 12:59:35 joeandlane ppp[20896]: tun0: LCP: PROTOCOMP[2] Oct 9 12:59:35 joeandlane ppp[20896]: tun0: LCP: ACCMAP[6] 0x Oct 9 12:59:35 joeandlane ppp[20896]: tun0: LCP: MRU[4] 1500 Oct 9 12:59:35 joeandlane ppp[20896]: tun0: LCP: MAGICNUM[6] 0xe9ee6b65 Oct 9 12:59:35 joeandlane ppp[20896]: tun0: LCP: deflink: State change Stopped -- Req-Sent Oct 9 12:59:38
RE: pcAnywhere over ppp
PcAnywhere only speaks to pcAnywhere. PcAnywhere is a windows application only. You can not dial into pcAnywhere from user ppp, it does not work that way. Forget pcAnywhere and work on dialin connection to NT host. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Lane Holcombe Sent: Wednesday, October 09, 2002 7:08 PM To: [EMAIL PROTECTED]; Lane Holcombe; [EMAIL PROTECTED] Subject: RE: pcAnywhere over ppp Thanks for your reply. But I don't use pcAnywhere, my client does. I just want to establish a TCP/IP connection to their NT host over the phone line. I use ppp from FreeBSD to connect to various types of hosts, but this is the first time I've ever had to connect to pcAnywhere. What I'm trying to determine is how to authenticate to a pcAnywhere host from a client using ppp on FreeBSD. But I get the feeling that pcAnywhere doesn't speak my language. lane Pcanywhere has to be run from a pc that has a public ip address to the other pc which also has to be on a public ip address. What I do is have the user of the pc I want to take over to dial out to the internet and establish it's connection, then start pcanywhere and configure it to wait for incoming connection request. On the pc I am using I configure pcanywhere with the high order public ip address numbers and pcanywhere then scans whole ip address block for a ip address that is pcanywhere aware. You really have to read the instruction that come with pcanywhere for details. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Lane Holcombe Sent: Wednesday, October 09, 2002 2:37 PM To: [EMAIL PROTECTED] Subject: pcAnywhere over ppp I have a number of clients for whom I periodicaly dial in to provide consulting services. In all cases I use ppp on FreeBSD 4.5. Many clients have RAS servers, AS/400 modems, and several other remote dial-in facilities. But one client uses pcAnywhere and I cannot seem to connect with it. Below is the /var/log/ppp.log file. Typically I can determine the cause of a rejected connection, but this time it is unclear. I see LCP: deflink: State change Stopped -- Closed but I can't figure out what causes it.: If anyone has experience with ppp over pcAnywhere modem connection then please clue me in. Thanks, lane Oct 9 12:59:11 joeandlane ppp[20895]: Phase: Using interface: tun0 Oct 9 12:59:11 joeandlane ppp[20895]: Phase: deflink: Created in closed state Oct 9 12:59:11 joeandlane ppp[20895]: tun0: Command: default: set speed 115200 Oct 9 12:59:11 joeandlane ppp[20895]: tun0: Command: default: set dial ABORT BUSY ABORT NO\sCARRIER TIMEOUT 5 AT OK-AT-OK ATE1Q0M1 OK \dATDT\T TIMEOUT 40 CONNECT Oct 9 12:59:11 joeandlane ppp[20895]: tun0: Command: default: set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 Oct 9 12:59:11 joeandlane ppp[20895]: tun0: Command: default: set timeout 360 Oct 9 12:59:11 joeandlane ppp[20895]: tun0: Command: thebank: set phone 199 Oct 9 12:59:11 joeandlane ppp[20895]: tun0: Command: thebank: set authname my.userid Oct 9 12:59:11 joeandlane ppp[20895]: tun0: Command: thebank: set authkey Oct 9 12:59:11 joeandlane ppp[20896]: tun0: Phase: PPP Started (auto mode). Oct 9 12:59:11 joeandlane ppp[20896]: tun0: Phase: bundle: Establish Oct 9 12:59:11 joeandlane ppp[20896]: tun0: Phase: deflink: closed - opening Oct 9 12:59:11 joeandlane ppp[20896]: tun0: Phase: deflink: Connected! Oct 9 12:59:11 joeandlane ppp[20896]: tun0: Phase: deflink: opening - dial Oct 9 12:59:11 joeandlane ppp[20896]: tun0: Chat: Phone: 199 Oct 9 12:59:11 joeandlane ppp[20896]: tun0: Chat: deflink: Dial attempt 1 of 1 Oct 9 12:59:11 joeandlane ppp[20896]: tun0: Chat: Send: AT^M Oct 9 12:59:11 joeandlane ppp[20896]: tun0: Chat: Expect(5): OK Oct 9 12:59:16 joeandlane ppp[20896]: tun0: Chat: Expect timeout Oct 9 12:59:16 joeandlane ppp[20896]: tun0: Chat: Send: AT^M Oct 9 12:59:16 joeandlane ppp[20896]: tun0: Chat: Expect(5): OK Oct 9 12:59:16 joeandlane ppp[20896]: tun0: Chat: Received: AT^M^M Oct 9 12:59:16 joeandlane ppp[20896]: tun0: Chat: Received: OK^M Oct 9 12:59:16 joeandlane ppp[20896]: tun0: Chat: Send: ATE1Q0M1^M Oct 9 12:59:16 joeandlane ppp[20896]: tun0: Chat: Expect(5): OK Oct 9 12:59:16 joeandlane ppp[20896]: tun0: Chat: Received: ATE1Q0M1^M^M Oct 9 12:59:16 joeandlane ppp[20896]: tun0: Chat: Received: OK^M Oct 9 12:59:16 joeandlane ppp[20896]: tun0: Chat: Send: ATDT199^M Oct 9 12:59:18 joeandlane ppp[20896]: tun0: Chat: Expect(40): CONNECT Oct 9 12:59:33 joeandlane ppp[20896]: tun0: Chat: Received: ATDT199^M^M Oct 9 12:59:33 joeandlane ppp[20896]: tun0: Chat: Received: CONNECT 115200^M Oct 9 12:59:33 joeandlane ppp[20896]: tun0: Phase: deflink: dial - carrier Oct 9 12:59:34 joeandlane ppp[20896]: tun0: Phase: deflink: /dev/cuaa0: CD detected Oct 9 12:59:34
RE: Puzzling NATD problem - revisited
You state Network topology: Internet---Campus Network---(xl0)FreeBSD NATD machine(xl1)---Internal host Internet is public ip address, if Campus Network private ip address then you can not nat them again, if Campus Network is public ip address then you should nat x11 for the private ip address on the lan behind the FBSD box. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kim Helenius Sent: Tuesday, October 08, 2002 9:13 AM To: [EMAIL PROTECTED] Subject: Puzzling NATD problem - revisited The setting: Network topology: Internet---Campus Network---(xl0)FreeBSD NATD machine(xl1)---Internal host A custom kernel build including the following options: options IPFIREWALL options IPDIVERT Used the command: sysctl net.inet.ip.forwarding=1 And started natd with natd -interface xl0 Then did, straight from the manpage, the following firewall rules: /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via xl0 /sbin/ipfw add pass all from any to any Now NAT works perfectly for the internal host, but (almost) all TCP connections cease to work to/from the NATD machine. AFAIK UDP and ICMP work perfectly. I've tried this on two different FreeBSD machines in the same network with identical results. If I remove the divert rule, everything works perfectly, except of course for the NAT. There have been no similar, puzzling effects on any Linux hosts I know of in the same network. Therefore I'm sure there's some knob I haven't pushed yet :) I'm aware this doesn't make much of a firewall but I'd like to get natd working before I run the firewall script. -- Kim Helenius [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: Ghost to image bkup FBSD(SOLUTION)
For the archives The question of using the Norton Ghost program to make an single flat image file of an hard drives partition containing FBSD has been asked many times on this list. UP until now the answer has all ways been that the benefits of using Ghost on a MS/win partition can not be achieved when used on a FBSD slice because the ghost created image file contains all the unused space as well as the used space. Jacob S. Barrett had the idea of zeroing out the unused space before running ghost so ghost will compress all the zero filled space resulting in an image file size and elapse run time comparable to what you would achieve on a MS/win partition. This is a great work around. Before running the Ghost program from native booted ms/dos you have to run this command on FBSD before shutting FBSD down. dd if=/dev/zero of=filler bs=1m ; rm filler Below is the original thread -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dan Nelson Sent: Friday, October 04, 2002 10:33 AM To: Jacob S. Barrett Cc: [EMAIL PROTECTED] Subject: Re: Block Zeroing Tool In the last episode (Oct 04), Jacob S. Barrett said: Is there a tool for FreeBSD that zeros the unallocated blocks on a filesystem? The company I work for has an image on demand system for our lab machines. This system relies on ghost which only supports file by file imaging on certain file systems. I want to take disk images of certain FreeBSD installations. Ghost will only take sector by sector images of FreeBSD partitions. Since it is doing this it stores all the junk unused blocks as well. This makes for a very large image even with high compression. If I can zero out the unused blocks before taking the image with high compression the image size should be much smaller. So, is there utility to zero out those blocks? Does this make sense? Is there a better way to take images of FreeBSD machines? dd if=/dev/zero of=filler bs=1m ; rm filler I also have tried to use ghost to make image backups of FBSD, but the image is the same size as the FBSD slice. Have you tested the solution posted above to zero out the unused disk space in the FBSD slice so ghost will only image bkup real data? Did it work like you hoped? Yes I have tested it, and it works great. Be sure to turn compression on to high to get the best results. Here is what I saw after zeroing the unallocated blocks using the dd command. FreeBSD partition size: 11G Allocated space: 6G Ghost image size: 3.4G Before zeroing out the images on this box were between 8-9G. Needless to say our IT guy is much happier that my box isn't chewing up 9G per image on the system anymore. And I am happy that imaging this machine only takes an hour now rather than 4. -Jake -- Jacob S. Barrett [EMAIL PROTECTED] www.amduat.net To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
