Olivier Nicole wrote:
I need to implement a firewall with bridged interfaces that offers
captive portal (authentication before opening the traffic).
We are using a combination of squid+ipfw. Although we are NATing the
users, that really just introduces needless complexity that could be
Noah wrote:
I am unable to figure out why I am getting the following error: -bash:
/Users/user/.bashrc: line 10: syntax error: unexpected end of file
[...]
localhost:~ user$ cat .bashrc
#nc_fix() { sudo kill -9 $(ps auxwww | grep [nN]cproxyd | awk '{print
$2}') }
nc_fix() { sudo kill -9
Olivier Nicole wrote:
I need to implement a firewall with bridged interfaces that offers
captive portal (authentication before opening the traffic).
[...]
Is there any solution that exists?
I looked at pfSense, but captive portal does not work on bridged
interfaces; it's one or the other.
Gerhard Schmidt wrote:
I'm setting up a new FreeBSD Server for out local Computer club. Most of
the users are stored in LDAP and I've installed nss_ldap and pam_ldap
and set up both. Everything works so far with nsswitch.conf
entry passwd: ldap files.
When I try passwd: files ldap the login
Hello,
I have a large data-crunching job once a week that needs some more heap
space. How do I go about increasing the datasize limit for a process?
Here's what I've tried:
| $ sudo su -
| crunch# limits
| Resource limits (current):
| cputime infinity secs
| filesize
Mike Sweetser - Adhost wrote:
We currently have a primary/failover setup for two FreeBSD 6.3 servers
running PF, and we're running into odd issues when setting up multiple
subnets on a single VLAN and CARP interface. We have issues with them
coming up properly, and even worse, having both
Matias Surdi wrote:
I'm using mod_python3 and apache22 to create some scripts and access them
through a web interface.
The problem is that some of these scripts deal with configuration files and
some other tasks that require root privileges.
In the past, I've solved this issue by using
Sam Fourman Jr. wrote:
I am looking to configure FreeBSD's Bash
can anyone post a config file that would make FreeBSD's Bash shell
color code like the default gentoo bash shell
or if you have a config that you like and feel like posting it I will
take a look at it.
This is also heavily
Grant Peel wrote:
Hi all,
I recently became aware of a utility called Wireshark (apparently formerly
'EtherReal), and was showing a running copy on Windoze.
It apprears that it would be awsome for diagnosing network issues (such as
DoS attacks, Email bombs etc.
My question is:
Grant Peel wrote:
Just attempting to install the port. Something I noticed when the install
crapped out was that it wanted me to use the Force Package Register for
the OpenSSL_Overwrite_Base port.
That port was already installed, what would be the correct method to deal
with this?
I
The Noob wrote:
I have a small question.
I have two interface in two vlans.
The first interface 192.168.0.1 255.255.255.0
The second interface: 10.228.44.1 255.255.255.0
The gateway for the first interface must be 192.168.0.254 and the second
interface must be 10.228.44.254
How can I
Marcel Grandemange wrote:
Ok so I know this is a newbie question..
But ive for years now wanted to know how to only nat certain traffic or maby
only across a certain ip.
Ive tried many examples all not working.. Maby im just doing something
stupid..
But, below is a example of a machine
Steve Bertrand wrote:
I can't recall for certain, but not so long ago, I either read or heard
about IPFW having implicit keep-state and check-state.
Is it true that I can now omit these keywords in my rulesets?
keep-state is not implicit. check-state is not generally necessary,
because
Sasa Stupar wrote:
My situation: I have a server with FBSD 7 installed with two 40 GB disks
in RAID 1 (gmirror) config.
Now I have noticed the lack of space on the drive so I am thinking to
change these disks for two 160 GB.
What is the best way to clone the main hard disk in raid 1 config?
Hello,
I'm playing a game of cat and mouse with process accounting and disk
space. I built some boxes with 9GB /var partitions, rolled them into
production, and after about 4 days of full load, /var filled up.
Looking at the size of /var/account/acct{,.0}, and figuring I'd be
seeing a 200% load
Bill Moran wrote:
In response to Christopher Cowart [EMAIL PROTECTED]:
I only really see two options, neither of which I particularly like:
* Throw more disk at the problem (but given what I've seen, I don't
like the odds that within a month or two, I'll realize I didn't give
Dan Nelson wrote:
I only really see two options, neither of which I particularly like:
* Throw more disk at the problem (but given what I've seen, I don't
like the odds that within a month or two, I'll realize I didn't give
it enough).
* Turn off accounting on these boxes.
*
Mike Sweetser - Adhost wrote:
Hello,
I'm attempting to set up a transparent bridge in FreeBSD 7.0 to
eventually act as a PF/Snort box, and it needs to be VLAN aware.
However, I don't seem to be on the right track as far as setting it up.
I have, for instance, VLAN 10 that it needs to be
Omer Faruk SEN wrote:
Is it possible to run a script after carp interface becomes MASTER? Ie
external script that runs the required services..
You should look at the ucarp implementation provided in ports
(net/ucarp). I believe it does its magic in userland and supports the
execution of
David Kelly wrote:
Its PC commodity-grade. Not all that unusual even for stuff sold
claiming to be a server. This is in no small part why ntpd exists.
nptd calculates a correction coefficient and (under FreeBSD) stores it
in /var/db/ntpd.drift for use on next start so as to more quickly
Agus wrote:
I've been trying to delete one line from my user tcsh history cause i made a
su and it seems didnt hit enter very well so i typed the password on the
console...Now anyone that can look my history will see my pass...
I tried to edit and delete a few lines but it all comes
Hello,
I stumbled across this behavior roughly a year ago. The php5 port has
the following lines in the pkg-plist:
[EMAIL PROTECTED] %D/sbin/apxs -e -a -n %%AP_NAME%% %f
[EMAIL PROTECTED] %D/sbin/apxs -e -A -n %%AP_NAME%% %f
This command reads /usr/local/etc/apache22/httpd.conf, looks
Gary Newcombe wrote:
[...]
# gmirror status
[mesh:/var/log]# gmirror status
NameStatus Components
mirror/gm0 DEGRADED ad4
looking in /dev/ however, we have
crw-r- 1 root operator0, 83 17 Apr 13:58 ad4
crw-r- 1 root operator0, 91 17 Apr 13:58 ad4s1
Simon Gao wrote:
I need to work on some files and directories that have spaces in them like:
interesting story\2008 March\{story one,story two}.
When using find with -exec, part of the file/directory name will be missing
and therefore lead to error.
What should I do to put escape key
[EMAIL PROTECTED] wrote:
I am trying to limit the bandwidth available to some connections and I'm
not sure FreeBSD can handle this. Maybe some of you can help. Here's what I
need to have exactly.
No matter what the number of connections, each connection should have at
most/least 50kbps
Paul Hoffman wrote:
How can I eliminate the Limiting icmp unreach response messages from
getting to /var/log/messages or to the console? I have a spate of them that
is causing log rollovers. I think I know the source of the problem, but
need to get rid of the messages first.
The icmp
Hello,
I was in the process of upgrading from 6.2 to 7.0. After the
installkernel, I rebooted into single, only to find the mountroot
prompt:
| Trying to mount root from ufs:/dev/ad2s1a
|
| Manual root filesystem specification:
| fstype:device Mount device using filesystem fstype
|
Josh Paetzel wrote:
I don't see much in the man page for ipfw concerning nat, certainly not the
rules you are specifying. Try man natd
NAT support was added to ipfw with the 7.0 release. You don't need to
run natd if you're using ipfw nat.
Robert Huff wrote:
ipfw nat 10 config log ip
Robert Huff wrote:
1) when I add the nat instance, it assigns it rule # 65100. Is
this a problem? Is there a way to assign my own rule #? (ipfw
seems not to like two adds in the same line.)
2) NAT still doesn't work. Still connected, but can't surf to
www.google.com using
Robert Huff wrote:
Christopher Cowart writes:
2) NAT still doesn't work. Still connected, but can't surf to
www.google.com using Firefox.
My kernel conf:
| options IPFIREWALL
| options IPFIREWALL_VERBOSE
| options IPFIREWALL_VERBOSE_LIMIT=100
| options IPFIREWALL_FORWARD
Robert Huff wrote:
Christopher Cowart writes:
Do you have gateway_enable=YES in your /etc/rc.conf?
huff@ grep gate /etc/rc.conf
gateway_enable=YES
$ sysctl -a net.inet.ip.forwarding
net.inet.ip.forwarding: 1
huff@ sysctl -a net.inet.ip.forwarding
net.inet.ip.forwarding: 1
On Tue, Mar 11, 2008 at 12:38:40AM +0100, Catalin Miclaus wrote:
What is the right way of building packages for non-ports applications?
AFAIK 'make package' and ' pkg_create -b name' are based on ports
installed packages.
Is there any way of using same commands or additional scripts to
On Fri, Feb 22, 2008 at 01:14:55AM +0100, Colin Brace wrote:
Hi all,
I am trying to set up a IPv6 tunnel following the instructions in the
handbook
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-ipv6.html.
aiccu starts ok:
# sixxs-aiccu start
Tunnel Information for
On Wed, Feb 13, 2008 at 09:23:31AM -0800, patrick wrote:
Is there a way to limit the number of TCP connections from a
particular IP at a given time using ipfw? We are running Cyrus IMAP on
FreeBSD 6.2, and are sometimes subject to POP3 brute force login
attacks. I'm not sure if it's Cyrus or
On Tue, Jan 29, 2008 at 08:46:18AM +0100, Norman Maurer wrote:
I have some strange problem.. After racoon works some hours it seems to
freeze and get a cpu usage of 99,9%. The vpns don't work anymore too..
Any idea ?
By any chance do you have a large number of tunnels? We went so far as
to
On Tue, Jan 29, 2008 at 10:47:05AM +0100, Norman Maurer wrote:
Am Dienstag, den 29.01.2008, 10:24 +0100 schrieb Norman Maurer:
Am Dienstag, den 29.01.2008, 00:04 -0800 schrieb Christopher Cowart:
On Tue, Jan 29, 2008 at 08:46:18AM +0100, Norman Maurer wrote:
I have some strange problem
On Mon, Jan 28, 2008 at 04:29:49PM -0500, Bhuvaneswari Ramkumar wrote:
I'm a newbie FreeBSD user, I've just installed the 5.5 version.
I know this is a very silly question but I've searched the archives and any
suggestions are welcome.
I think my system is not connected to the internet or
On Tue, Jan 08, 2008 at 12:01:18AM -0600, Jon Hamilton wrote:
} On Mon, Jan 07, 2008 at 09:10:58PM -0800, Gary Kline wrote:
} Paul Procacci [EMAIL PROTECTED], said on Mon Jan 07, 2008 [11:34:08 PM]:
} Hi All,
}
} Is there an easy way of determing whether a string//filename ends in
}
On Fri, Nov 23, 2007 at 03:43:39PM -0800, Kamil Kisiel wrote:
For some reason, on this particular FreeBSD machine, sudo never asks
me for a password, even if I haven't logged in for days.
I've been struggling with this problem for some time but still haven't
been able to find a solution. Any
On Fri, Nov 23, 2007 at 07:09:36PM -0800, Kamil Kisiel wrote:
On 11/23/07, Christopher Cowart [EMAIL PROTECTED] wrote:
On Fri, Nov 23, 2007 at 03:43:39PM -0800, Kamil Kisiel wrote:
For some reason, on this particular FreeBSD machine, sudo never asks
me for a password, even if I haven't
On Fri, Nov 23, 2007 at 08:01:23PM -0800, Kamil Kisiel wrote:
Alright, maybe my impression of success was slightly premature. It
seems that the problem now is that sudo doesn't like the pam_unix.so
module for whatever reason. If I use the default sudo pam file, which
simply includes all
On Thu, Nov 15, 2007 at 02:27:47PM -0600, Kevin Kinsey wrote:
Christopher Cowart wrote:
Hello,
I went to open up a new shell to our login server (recently rebuilt from
Debian to FreeBSD) and found problems allocating a new pty. With a
256-pty limit, I'm surprised more people haven't had
Hello,
I went to open up a new shell to our login server (recently rebuilt from
Debian to FreeBSD) and found problems allocating a new pty. With a
256-pty limit, I'm surprised more people haven't had this problem. With
team of 8 SysAdmins, each leaving about 30 windows open in screen
sessions,
On Thu, Nov 15, 2007 at 09:39:10PM +0100, Tino Engel wrote:
Which port do I have to install to get pkgdb?
$ pkg_info -W `which pkgdb`
/usr/local/sbin/pkgdb was installed by package portupgrade-2.2.2_4,2
I recommend installing ports-mgmt/port-maintenance-tools when building a
system.
--
Chris
On Wed, Nov 07, 2007 at 08:25:19AM +0100, Wojciech Puchar wrote:
is there any app for this. to simply record what's going on X server as
movie file (like .mov, .avi) or animated .gif?
or any other way to convert flash animation (no links, menus etc.) to
animated .gif?
I once used vnc2swf
On Sun, Oct 28, 2007 at 09:14:48PM -0700, [EMAIL PROTECTED] wrote:
running 6.1,
Is there a way to bring an interface down and remove the ipaddr and mask?
I've tried ifconfig destroy with no effect, and I'm getting tired of
twiddling rc.conf and rebooting...
Have you tried `ifconfig fxp0
On Tue, Oct 23, 2007 at 09:09:04PM +0100, Adam J Richardson wrote:
Christopher Cowart wrote:
Unless you can find some local privilege escalation exploit, I'm
thinking you're stuck. You can probably fix it in single-user mode:
* Reboot
* Pick single user mode from the boot menu
* Accept
On Mon, Oct 22, 2007 at 06:51:48PM +, Mayank Jain wrote:
Hi all,
I have run chown -R uname:wheel . as root in the / directory. Now it is not
allowing me to log in as su.
Giving the following error
su
su: not running setuid
I have also tried su -l but still same error. Can any
On Mon, Oct 08, 2007 at 02:10:56AM +, Aryeh Friedman wrote:
I finally got around to compiling abiword and I get the following when
I try to run it:
abiword
Segmentation fault (core dumped)
uname -a
FreeBSD monsert 7.0-CURRENT FreeBSD 7.0-CURRENT #1: Sun Oct 7
20:47:51 UTC 2007
On Fri, Oct 05, 2007 at 05:31:25PM -0600, [EMAIL PROTECTED] wrote:
I'm having trouble seeing packets which are not going to or from the
machine on which tcpdump is running. Is there something special I
need to do to enable this? It's my understanding tcpdump puts the
interface in promiscuous
On Sat, Sep 29, 2007 at 09:49:36PM -0600, Simon Timms wrote:
That makes a lot of sense, but I suppose I still don't understand why this
isn't working. The handbook section on routing is pretty basic and it seems
to come down to setting net.inet.ip.forwarding to 1 if you want to route
packets
On Sat, Sep 29, 2007 at 07:06:55PM -0600, Simon Timms wrote:
Hello,
I seem to be having some trouble bridging interfaces in FreeBSD 6.2-STABLE.
What I have are two interfaces
rl0 - 192.168.2.2
sis0 - 192.168.1.2
and a bridge I've set up following the pages in the handbook. However
On Tue, Jul 31, 2007 at 08:03:50PM +0200, Michael Grant wrote:
In one of my domains, I have the MX record for it set up to my server.
But for one of the users within that domain, their mail needs to be
shuffled off to a different server at google. But I can't just
forward it because it's
On Thu, Jul 26, 2007 at 01:26:17AM +0500, Narek Gharibyan wrote:
I have a firewall/router with FreeBSD 6.2 installed on it. 2 ISP connection
and 2 LAN connections. I need to do a policy-based routing. All I need that
packets coming from one ISP interface return to that interface (incoming
On Wed, Jul 18, 2007 at 06:30:50PM -0700, Tech Valley Internet - Tony Kivits
wrote:
I am attempting to run portions (if not all) of the software called
HSphere inside of jailed subsystems of FreeBSD. I am able to create
the jails no problem but the devices /dev/random and /dev/urandom are
On Wed, Jul 18, 2007 at 08:34:21PM -0700, Tech Valley Internet - Tony Kivits
wrote:
At 07:32 PM 7/18/2007, Christopher Cowart wrote:
On Wed, Jul 18, 2007 at 06:30:50PM -0700, Tech Valley Internet -
Tony Kivits wrote:
I am attempting to run portions (if not all) of the software called
On Wed, Jul 18, 2007 at 09:41:35PM -0700, Tech Valley Internet - Tony Kivits
wrote:
At 08:42 PM 7/18/2007, Christopher Cowart wrote:
On Wed, Jul 18, 2007 at 08:34:21PM -0700, Tech Valley Internet -
Tony Kivits wrote:
At 07:32 PM 7/18/2007, Christopher Cowart wrote:
On Wed, Jul 18, 2007 at 06:30
On Wed, Jul 18, 2007 at 09:49:12PM -0700, Christopher Cowart wrote:
$ dd if=/dev/random bs=1 count=12 2/dev/null | openssl base64
Should give you a base64 encoding of some random data (base64 to prevent
it from messing up your terminal) if /dev/random is working.
I meant to point if=jailroot
On Thu, Jul 05, 2007 at 01:49:47AM +0100, Joe Holden wrote:
Alfred Perlstein wrote:
Hello, how do I fsck my disk if it's mounted?
I have downgraded the mount to read-only, but still geom seems
to disallow fsck access to it.
Is there a way to tell the system to allow fsck to open it
On Thu, Jun 28, 2007 at 03:45:50PM -0600, Chad Perrin wrote:
I'm attempting to connect to a Subversion repository via SSH using a
nonstandard port to check out the repository. The names and numbers in
the following have been changed to protect the guilty:
svn co svn+ssh://[EMAIL
On Thu, Jun 28, 2007 at 04:44:10PM -0600, Chad Perrin wrote:
On Thu, Jun 28, 2007 at 03:10:18PM -0700, Christopher Cowart wrote:
On Thu, Jun 28, 2007 at 03:45:50PM -0600, Chad Perrin wrote:
I'm attempting to connect to a Subversion repository via SSH using a
nonstandard port to check out
On Mon, May 14, 2007 at 09:45:48PM +0200, Gunther Mayer wrote:
Hi there,
I got a low key server who is wirelessly connected to the net using an
SSID that contains a space. In rc.conf I define the ifconfig line for
configuration of my wireless interface upon bootup, but the entire line
On Fri, May 11, 2007 at 10:59:19AM -0400, Lowell Gilbert wrote:
Christopher Cowart [EMAIL PROTECTED] writes:
When I ssh into FreeBSD hosts without allocating a tty, sshd segfaults
after the process terminates. This problem occurs on both 6_1_REL and
6_2_REL installations at all sorts
Hello,
When I ssh into FreeBSD hosts without allocating a tty, sshd segfaults
after the process terminates. This problem occurs on both 6_1_REL and
6_2_REL installations at all sorts of patch levels.
Examples:
Client: `ssh -t server ls`
Server Logs:
| May 9 15:33:44 server sshd[1503]:
Hello,
I have 2 servers running isc-dhcp3-server and syslog-ng. I have
configured dhcpd to run in a chroot. The following (reproducible)
sequence of events cause dhcpd logging to break:
1) Start syslog-ng
2) Start isc-dhcpd (At this point, logging is working fine)
3) `pkill -HUP syslog-ng`
I've used this ssh -X that you mention. This works fine for userland
programs, but in order to troubleshoot my particular issue I'd need to be
logged in as root. When I try to su remotely to run the command I get:
X11 connection rejected because of wrong authentication.
X connection to
On Sat, Dec 16, 2006 at 10:47:39PM -0500, Michael P. Soulier wrote:
So, portaudit keeps complaining about openssh, but when I try to upgrade...
[EMAIL PROTECTED] ~]$ sudo portupgrade -R openssh
[Updating the pkgdb format:bdb1_btree in /var/db/pkg ... - 207 packages
found (-1 +1) (...). done]
On 14:57 Thu 14 Dec , Tek Bahadur Limbu wrote:
Dear All,
I am very new to Bind and FreeBSD.
I have just configured a Local DNS server using the built-in Bind 9.3.1
on a FreeBSD 5.4 machine.
My problem is that the machine can cache queries on the localhost and
loop back (127.0.0.1)
Hello,
I'm working on a router that acts as a captive portal and transparent
http proxy for unregistered or disabled hosts that plug in to our
network.
The router has a public administrative interface on em0,
192.168.100.10/24. The router has a physically seperate interface,
192.168.200.10/24
I've partially removed a jail and I want to start over and recreate it
differently, but I'm having trouble removing files. Getting permission
denied on some files I am unable to chmod to +w.
Try 'sudo chflags -R noschg /path/to/jail'. I'm thinking the immutable
flag got set on something like
Hello,
The port for isc-dhcp3-server has config options for enabling FreeBSD
process jails. Basically, through a series of command line arguments
that are generated by the isc-dhcpd.sh script, the chroot is
auto-generated when you start the service and dhcpd makes the syscall to
jail itself. This
#
# Which installation device to use
RC
##Need to set this!
##
#nfs=MyNfsServer:/export/ari_scratch2/gallatin/freebsd-dist
mediaSetFTP
#mediaSetNFS
[[SNIP]]
===
--
Christopher Cowart
tips in terms
of troubleshooting or known workarounds would be great.
Thanks,
Chris
--
Christopher Cowart
Unix Systems Administrator
Residential Computing, UC Berkeley
May all your pushes be popped
pgpH4SPmXT1cw.pgp
Description: PGP signature
73 matches
Mail list logo