Re: Sendmail Smarthost Auth
On 2006-11-09 09:13, Tom Grove [EMAIL PROTECTED] wrote: I just got a new Internet connection through Verizon and need to be able to use a smarthost to send mail. All servers that I can use required SMTP auth and I need to figure out a way to have Sendmail authenticate with the smarthost. Is this possible and could someone lead me in the right direction? You can start with: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html If this isn't enough, or you still have questions about the way to set up SMTP Authentication with Sendmail on FreeBSD, let me know. I'll try to answer your questions *and* update the section with whatever is not as clear as we would like it to be. - Giorgos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf working but no log
On 2006-11-07 08:53, Zbigniew Szalbot [EMAIL PROTECTED] wrote: On Tue, 7 Nov 2006, Giorgos Keramidas wrote: No, that should be ok. Can you see pflogd running when you run: # pgrep pflogd | xargs ps -xau -p No, and now when I think about it the main problem is that it has never been started (maybe). I tried to follow the manual and issued /etc/rc.d/pflogd start but I have no such file in that directory. Hmmm, this is odd. What version of FreeBSD are you running? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: tools for network traffic accounting
On 2006-11-06 15:51, Niek [EMAIL PROTECTED] wrote: Thanks, also to all others who answered this question. I found out that setting 'set loginterface if' in pf.conf makes it possible to get transfer statistics from pfctl -si. Maybe it is of interest for other beginners like me. There is also `pfctl -vv -s Interface -i ifname', which may be of interest in gathering per-interface statistics with PF: % # pfctl -vv -s Interface -i ath0 % Password: % No ALTQ support in kernel % ALTQ related functions disabled % ath0(instance, attached) % Cleared: Mon Nov 6 15:51:45 2006 % References: [ States: 0 Rules: 0 ] % In4/Pass:[ Packets: 48403 Bytes: 39977970 ] % In4/Block: [ Packets: 8600 Bytes: 1280772] % Out4/Pass: [ Packets: 44268 Bytes: 3636974] % Out4/Block: [ Packets: 0 Bytes: 0 ] % In6/Pass:[ Packets: 0 Bytes: 0 ] % In6/Block: [ Packets: 46 Bytes: 3152 ] % Out6/Pass: [ Packets: 0 Bytes: 0 ] % Out6/Block: [ Packets: 0 Bytes: 0 ] % # ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: REPOST: Howto use a *local* groff font?
On 2006-11-06 09:07, Gary Kline [EMAIL PROTECTED] wrote: Guys, This roff script is in a directory with ye-olden-English font, BlackChancery. Last Sept, I ran a simple groff script against this: \f[HR] This is a test line using Helvetica Roman .br \f[BlackChancery] .br This is another line of text in BlackChancery. .br It should output the first line in Helv; the second in BlackChancery. Now, whatever I do, the entire postscript file is in Helvetica. gross prints the stderr message: Can't find 'BlackChancery'. Is there a way of fixing this locally? If not, what exactly do I need to move to the /usr/share/groff_font/devps directory? Anybody? I have successfully used AvantGarde-Demi from the enscript font collection in groff with the following procedure: [1] Create a new project directory in `~/tmp/gf': % mkdir ~/tmp/gf [2] Copy the agd.afm file in `~/tmp/gf/afm/agd.afm' % cd ~/tmp/gf % mkdir afm/ % cp /usr/local/share/enscript/afm/agd.afm afm/ % chmod 0644 afm/* [3] Create a devps/ subdirectory for the conversion of the AFM font to groff format. % mkdir ~/tmp/gf/devps [4] Copied the file `textmap' from the groff source distribution, to `~/tmp/gf/devps/textmap': % cp /usr/src/contrib/groff/fontdevps/generate/textmap \ ~/tmp/gf/devps/textmap [5] Converted the AvantGarde-Demi font from AFM to groff's font format, with afmtodit(1): % afmtodit afm/agd.afm devps/textmap devps/AvantGarde-Demi [6] Started groff with the parameter -Fdir with dir set to the parent of the devps directory (in my case `~/tmp/gf'): % groff -F~/tmp/gf gary.groff The output correctly includes a `downloaded' version of AvantGarde-Demi, and displays correctly. the `gary.groff' input file I used contained: \f[HR] This is a test line using Helvetica Roman .br \f[AvantGarde-Demi] .br This is another line of text in BlackChancery. .br Hopefully, by following a similar process, you can repeat the same with your own fonts :) Regards, Giorgos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf working but no log
On 2006-11-06 19:40, Zbigniew Szalbot [EMAIL PROTECTED] wrote: Hello, I configured the pf utility on FBSD 6.1 stable. I put in a very simple rule to test: block in log on $ext_if proto tcp from 218.83.108.230 to any port 25 Now, my conf file specifies that logging should be done to /var/log/ipfilter.log I think there's a slight misunderstanding here. PF is *not* ipfilter, so unless you've done something special it doesn't log to ipfilter.log. Can you show us the exact rc.conf settings you used for PF? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf working but no log
On 2006-11-06 22:57, Zbigniew Szalbot [EMAIL PROTECTED] wrote: On Mon, 6 Nov 2006, Giorgos Keramidas wrote: I think there's a slight misunderstanding here. PF is *not* ipfilter, so unless you've done something special it doesn't log to ipfilter.log. Can you show us the exact rc.conf settings you used for PF? Acutally I made a typo when writting the email. I just called the log pflog (which I forgot and thought I had called it ipfileter.log). That's alright. Here's the snippet: #pf-related conf pf_enable=YES # Enable PF (load module if required) pf_rules=/etc/pf.conf # rules definition file for PF pflog_enable=YES # start pflogd(8) pflog_logfile=/var/log/pflog # where pflogd should store the logfile Sorry for the confusion and thanks for being willing to help! I appreciate that very much! Cool. The pf should be logging. * Have you restarted it at all, after the configuration options were set? * Does the file '/var/log/pflog' exist? If yes, who is its owner and what are its permissions? Is it empty? # /bin/ls -olbF /var/log/pflog ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf working but no log
On 2006-11-07 07:57, Zbigniew Szalbot [EMAIL PROTECTED] wrote: On Tue, 7 Nov 2006, Juha Saarinen wrote: That file should be a pcap file: Maybe that's the problem then - that I created it using touch? No, that should be ok. Can you see pflogd running when you run: # pgrep pflogd | xargs ps -xau -p After you created that file, did you restart pflogd? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: digression: There is no ye
On 2006-11-04 20:53, Bill Moran [EMAIL PROTECTED] wrote: There is no word ye, and there never was. Word origins is a hobby of mine, and I found it pretty difficult to figure out where ye came from, because it never existed. What _did_ exist, was a letter in old English called a thorne. The thorne looked a lot like a capital Y (with a horizontal line through it) and had the sound of th. When the thorne fell into disuse, later readers would think sentences said we went to Ye bar to drink wiY friends. Since the is liable to be the most common word in the English language, this fell into a more general belief that in olden times, the word ye was used instead of the. Anyway, it's a bit of non-BSD trivia. Sorry for the noise to those who aren't interested, and sorry that I don't know enough about groff to help fix your problem. Quite interesting trivia, nevertheless. Thanks for taking the time to write all this down :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: About how the GUI should look like after installation!
On 2006-11-01 17:18, Evans Durandisse [EMAIL PROTECTED] wrote: I am brand new to unix. I m a beginner student in computer engineering. I wanted to install freeBSD since there's such a fuss about it. I got the iso images and mounted them on a CD with Alcohol 120. I don't know what Alcohol 120 is, but since it helped you write ISO images to CD-ROM disks, it must be a good thing *grin* I installed freebsd without much configuration. I answered 'no' when asked to configure things what could be configured later. But I do not know if I installed it right, eventhough I tried to follow the instructions from the handbook. If it boots, and you can see a login prompt, it's installed fine. Most of the post-installation tasks can be done quite fine from a plain login shell, like the one you can see now after the boot process completes. When I open my computer, after installation, there's the screen that asked if I want to start freebsd or dos. So I choose freebsd. Then, I logged in and typed 'startx' to start the gui (that's what I should do! right!). Bingo! You have all you need for a basic FreeBSD installation *and* a desktop environment based on X11. Now is the time to install a desktop environment, if you haven't done so already :) Consequently, it'd been loaded. I am just seeing four comand shells. That's all I can see! No taskbars! No background picture (greying grinded dots: like pixels in a low definition image). There're just four squared box (shell). My mouse worked! But there's nothing it can be used for. I tried to work myself over that by typing some commands. But I don't know that much of the Unix language; so it's been to no avail! What you saw is the very Spartan, very basic, extremely low-profile desktop that comes with the X11 system. The decorations around the Windows are minimal, there is no fancy menu with lots of programs, program utilities, games, and other software. You can definitely build on top of this minimal desktop, but if you want a more featureful, more fancy desktop, you will have to install one yourself. In FreeBSD, there are dozens of choises for a desktop environment running on top of the basic X11 installation you have now. You can read more about the available environments at: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/x11-wm.html So my question is should I get this kind of graphic environment? or something missing in the installation. Don't worry. All is fine. This is the bare-bones window manager that comes with the X11 distribution. You can always install whatever you want, on top of X11. I am typing this message in GNU Emacs, running under XFCE4. The XFCE4 desktop is a fairly light, but nice desktop environment, which you can install easily on top of FreeBSD and X11. Other choise for a desktop environment are: GNOME and KDE. Read the Handbook section mentioned above, and you'll quickly know how to install and use one of them too. I have an intel D845GLVA motherboard with a Pent IV, integrated video card, Samsung SyncMaster 753DF (maybe it's the hardware). But I didn't get any error message for that. Thank you for considering helping! Have a good day! Good day to you too. Oh, and welcome to FreeBSD :) - Giorgos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: snd_hda driver for 6.1 now working
On 2006-11-02 23:22, Sergio Lenzi [EMAIL PROTECTED] wrote: Hello all after trying to set up the sound on the 6.1 RELEASE on a acer aspire 3100 notebook, I realise that the driver for the sound chip was the HDA (high definition audio) That notebook use a realtek version of the sound ship. The code I get in the internet does not compile in the 6.1-RELEASE it complains about some missing entry points in the sound.ko module (that exists in the -current kernel). I do not want to to use the CURRENT so I fixed the code to work with the 6.1-RELEASE..the main problem was the distorted sound it produces The problem was that the realtek chip was not able to make dma larger than 4096 bytes long a small fix in the hdac.c code did the trick Just get the file http://www.k1.com.br/downloads/snd_hda.tar.gz unpack it and do o make;make install inside the directory created (you must have the kernel sources installed) Hi Sergio, if you haven't done so already, then maybe ariff@ is interested in seeing your patches, reviewing them and then MFC'ing the driver changes, so 6-STABLE users can benefit from your work too. I've copied him to this reply. If your merge was ok, it would be (IMHO) beneficial to all if you two guys worked together to bring the driver to a stable enough state for RELENG_6 too, right? :) - Giorgos pgpexLU1ZtPNK.pgp Description: PGP signature
Re: ISO files...
On 2006-11-02 22:05, Denise and Raul [EMAIL PROTECTED] wrote: Hello, I have ISO files saved on cd's. 1) 6.1-RELEASE-i386-bootonly.iso 2) 6.1-RELEASE-i386-disc1.iso 3) 6.1-RELEASE-i386-disc2.iso if you have saved these ISO images as files on a CD-ROM, there is something wrong here. These are meant to be written as raw images each on a separate CD-ROM disk. Most CD-burning software has two modes: * One that lets you select files from a disk directory, and burn these files as a collection of *files* on a CD-ROM disk. * One that lets you burn a CD-ROM disk *image* as an image. You have to use the second mode, and burn 6.1-RELEASE-i386-disc1.iso on a disk of its own. Then 6.1-RELEASE-i386-disc2.iso on a second disk. After you have done these two steps, you can insert the first disk in a CD-ROM drive, and you will see the _contents_ of the CD-ROM disk :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: subversion on boot
On 2006-10-31 14:49, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hello,
what is the best way to launch subversion (svnserve) on boot?
So far I did not find out something that can be put in /etc/rc.conf.
You can write your own rc.d script and save it in `/usr/local/etc/rc.d'.
We have a very good guide about the internals of the rc.d scripts now,
which you can read online at:
http://www.freebsd.org/doc/en_US.ISO8859-1/articles/rc-scripting/
A sample `svnserve' script could be as simple as:
#!/bin/sh
. /etc/rc.subr
name=svnserve
rcvar=`set_rcvar`
command=/usr/sbin/${name}
start_precmd=${name}_prestart
pidfile=/var/run/${name}.pid
svnserve_prestart()
{
rc_flags=--pidfile ${pidfile} ${rc_flags}
return 0
}
load_rc_config $name
run_rc_command $1
Note that I haven't tested this, but something like this should be all
it takes to let you start or stop `svnserve' by adding in your local
`/etc/rc.conf.local' file:
svnserve_enable='YES'
svnserve_flags='-d -R --listen-port 9000'
Have a look at the `rc-scripting' article, try it out and let us know
how things worked out :)
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: replacing ^M with emacs
On 2006-10-28 04:18, Tsampros Leonidas [EMAIL PROTECTED] wrote: I think there is something similar in emacs by using the set-buffer-file-coding-system (binded at C-x RET f in default configurations). So to cure and succesfully convert DOS files into unix format, i use C-x RET f unix RET. I'm not sure `set-buffer-file-coding-system' will have any effect on an already opened file though. I just tried this with a file which was created outside Emacs, and contained: $ cat -vte foo fooo^M$ $ Opening this file with `C-x C-f foo RET' and setting the buffer file coding system with `C-x RET f unix RET', marks the buffer as modified, but saving the file does not modify the contents of the file to use UNIX newlines only. If you really want to use Emacs for the conversion, you have to *explicitly* replace ^M characters, either with `M-x replace-string RET C-q C-m RET RET' or some either way. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: replacing ^M with emacs
On 2006-10-27 16:30, Noah [EMAIL PROTECTED] wrote: Thanks Peter, where is the logic here? What is control-q for and what is control-j for? I am trying to figure out how I could have figured that out. also is there a better page than the one I am using below to figure all these keystrokes out? http://www.math.uh.edu/~bgb/emacs_keys.html `C-q' is an Emacs-specific prefix for `quoting' the next character when you are inserting text. This way, you can enter special characters, like C-a, C-b, C-c, ... C-z while you are typing text. Just hitting the respective control-key combination may be bound to an Emacs command. The relevant text from the Emacs manual describes this much better than me: Only printing characters and SPC insert themselves in Emacs. Other characters act as editing commands and do not insert themselves. These include control characters, and characters with codes above 200 octal. If you need to insert one of these characters in the buffer, you must quote it by typing the character `Control-q' (`quoted-insert') first. (This character's name is normally written `C-q' for short.) There are two ways to use `C-q': * `C-q' followed by any non-graphic character (even `C-g') inserts that character. * `C-q' followed by a sequence of octal digits inserts the character with the specified octal character code. You can use any number of octal digits; any non-digit terminates the sequence. If the terminating character is RET, it serves only to terminate the sequence. Any other non-digit terminates the sequence and then acts as normal input--thus, `C-q 1 0 1 B' inserts `AB'. The use of octal sequences is disabled in ordinary non-binary Overwrite mode, to give you a convenient way to insert a digit instead of overwriting with it. This is from section 8.1 (Inserting Text), of the Emacs 22 manual. I hope this helps :-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: replacing ^M with emacs
On 2006-10-30 10:03, Giorgos Keramidas [EMAIL PROTECTED] wrote: On 2006-10-28 04:18, Tsampros Leonidas [EMAIL PROTECTED] wrote: I think there is something similar in emacs by using the set-buffer-file-coding-system (binded at C-x RET f in default configurations). So to cure and succesfully convert DOS files into unix format, i use C-x RET f unix RET. I'm not sure `set-buffer-file-coding-system' will have any effect on an already opened file though. I just tried this with a file which was created outside Emacs, and contained: $ cat -vte foo fooo^M$ $ Opening this file with `C-x C-f foo RET' and setting the buffer file coding system with `C-x RET f unix RET', marks the buffer as modified, but saving the file does not modify the contents of the file to use UNIX newlines only. If you really want to use Emacs for the conversion, you have to *explicitly* replace ^M characters, either with `M-x replace-string RET C-q C-m RET RET' or some either way. Oops... Apparently, I have `inhibit-eol-conversion' modified locally. This is what makes Emacs avoid EOL conversion when `set-buffer-file-coding-system' is called. Sorry for the confusion. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: replacing ^M with emacs
On 2006-10-27 12:26, Noah [EMAIL PROTECTED] wrote: Hi there, It appears that a text editor placed a bunch on ^M throughout a text file I am working with. I assure this is equivalent to eh keystroke control-M. Open the file in Emacs with: M-x find-file-literally RET filename RET and then replace all ^M occurences with the empty string, with: M-x replace-string RET C-q C-m RET RET The important trick here is that you use C-q to 'quote' the C-m character in the substitution string :) also is there a mail list focused specifically on emacs usability? please refer me to it? There are at least 2 USENET newsgroups where GNU Emacs questions can be posted: comp.emacs gnu.emacs.help I'm not sure about mailing lists, though. Regards, Giorgos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: tao.thought.org is back.....
On 2006-10-19 22:10, Gary Kline [EMAIL PROTECTED] wrote: On Fri, Oct 20, 2006 at 12:47:25AM +0300, Giorgos Keramidas wrote: On 2006-10-19 12:38, Gary Kline [EMAIL PROTECTED] wrote: On Wed, Oct 18, 2006 at 05:22:44PM -0700, Chuck Swiger wrote: [[ ... ]] I see an example as the equivalent of 10K words. I'll let Chuck write what he had in mind :) Is there any way of testing this after I have set up my table entries? In other words, how do I re-initialize things without having to (ugh) *reboot*. If you modify `mailertable' in `/etc/mail', you should be able to run: # cd /etc/mail # make mailertable.db to update it. A reboot is not necessary for Sendmail changes. For unknown reasons, mail started to be refused from my mailserver just as I was heading out this afternoon. It may have been a bad DHCP lease, ?? It's hard to guess without seeing the log file entries for the rejected messages. Can you _please_ show us the logs, instead of describing the results in broad terms? Anyway, a make restart and other reinitializations didn't seem to work, so my next guess is that I didn't restart my maps, databases correctly. Maps are not 'restarted'. They are parsed to *.db files. What does your `/etc/mail/HOSTNAME.mc' file contain? What do the map files referenced by it contain? How did you perform the `reinitializations' mentioned above? If I ever have enough courage to test these theories in the next 95 years, I'll know. Meanwhile, I've got to beg help from some REAL system admins here. I don't like 'REAL' in the above lines, but you are free to use whatever you are more comfortable with. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cvs
On 2006-10-20 13:27, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hello, I do not want to start any discussion - it just occurred to me that it seems like cvsup/csup binds FreeBSD to cvs (comparing to svn), or am I wrong? You're wrong. It's the other way around: We are *forced* to use CVSup, because CVS is centralized, without any other good way to mirror changesets to a distributed network of mirrors, users and developer workspaces. On the other hand, SVN is centralized too :-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: tao.thought.org is back.....
On 2006-10-20 11:26, Gary Kline [EMAIL PROTECTED] wrote: /* * several lines of mail being rejected yesterday afternoon */ 3929:Oct 19 13:08:56 sage sm-mta[8263]: k9JK8Jfs008260: makeconnection (tao.thought.org. [10.0.0.247]) failed: Connection refused by tao.thou ght.org. 3930:Oct 19 13:08:56 sage sm-mta[8263]: k9JK8Jfs008260: --- 050 [EMAIL PROTECTED]... Deferred: Connection refused by tao.thought.org. 3931:Oct 19 13:08:56 sage sm-mta[8263]: k9JK8Jfs008260: to=[EMAIL PROTECTED], delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=87298, relay=tao.thought.org. [10.0.0.247], dsn=4.0.0, stat=Deferred: Connection refused by tao.thought.org. 3944:Oct 19 13:11:29 sage sm-mta[8283]: k9JKAurL008281: makeconnection (tao.thought.org. [10.0.0.247]) failed: Connection refused by tao.thought.org. Sendmail is not listening on all IP addressed of tao.thought.org. Can you show me the following: (a) The `/etc/rc.conf' settings related to Sendmail: tao# grep sendmail /etc/rc.conf (b) The listening sockets of Sendmail on `tao.thought.org': tao# sockstat -l4 | grep sendmail ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Why csh on Root?
On 2006-10-19 11:48, Martin McCormick [EMAIL PROTECTED] wrote:
RW writes:
There is an alternative uid 0 user called toor which you can use if you
want
to use bash as root. OTOH hand there is a school of thought that you
shouldn't be too comfortable as root.
My thanks to all. On all the systems in question, bash
ends up on the same partition as root, but the points are
well-taken.
One thing I was trying to accomplish is to have a bell in
the root prompt. In the .cshrc file is a string
set prompt=\007\!#
I have also tried replacing the \007 with the actual
Control-G and even a \a. All produce an attempt to render a bell
but what is sent to the remote terminal is ^G1#
as in the actual ASCII characters ^ and G.
I am not sure what to do to correct this problem as I do not get
it in bash. A \a or \007 is sent literally.
This is easy to do with tcsh:
set prompt = '[EMAIL PROTECTED]:%/%# '
Note the %{ ... %} around the literal ^G character :)
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: tao.thought.org is back.....
On 2006-10-19 12:38, Gary Kline [EMAIL PROTECTED] wrote: On Wed, Oct 18, 2006 at 05:22:44PM -0700, Chuck Swiger wrote: You can override MX prioritization by using a mailertable. But you will need to list IP addresses in square brackets to disable MX lookups and force other MX hosts to relay mail to where-ever you want. Therefore, the simple answer is to make sure that the final destination for email to your domain is listed as the highest- priority MX record (ie, lowest numeric MX value). And you will either need to masquarade for your domain, or you will need to list all of the hostnames for which email is being addressed to in class w (aka /etc/mail/local-host-names) on the mailserver which performs local delivery Solunds like a win.. hopefully. Can you sent me the mailtable that I might use to have [EMAIL PROTECTED] goto zen.thought.org and [EMAIL PROTECTED] be forwarded to ns1.thought.org, and [EMAIL PROTECTED] be sent to ethos.thought.org? I see an example as the equivalent of 10K words. I'll let Chuck write what he had in mind :) Is there ay way of testing this after I have set up my table entries? In other words, how do I re-initialize things without having to (ugh) *reboot*. If you modify `mailertable' in `/etc/mail', you should be able to run: # cd /etc/mail # make mailertable.db to update it. A reboot is not necessary for Sendmail changes. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Why csh on Root?
On 2006-10-19 15:30, Martin McCormick [EMAIL PROTECTED] wrote:
Alex Zbyslaw writes:
set prompt=hello%{^G%}there
where ^G is a single control char, not two chars.
Thanks. It works perfectly. I am reading the man for
tcsh again to attempt to figure out what I missed the first time.
This part:
%{string%}
Includes string as a literal escape sequence. It should be
used only to change terminal attributes and should not move
the cursor location. This cannot be the last sequence in
prompt.
:)
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: File system full
On 2006-10-18 07:13, Paul Murphy [EMAIL PROTECTED] wrote: Giorgos Keramidas wrote: On 2006-10-18 07:53, Office of CEO- rithy4u.NET [EMAIL PROTECTED] wrote: Dear All, My firewall server was running out of space on / partition I have try to reboot/fsck and delete all unneccessary files inside / but I still get 12 MB of free space with total 495 MB worth of that partition. Any ideas? First of all, try to track down where all the space has gone, by using `df' and `du' with the -x option. For example, you can get a good idea of which places in your root filesystem are the top-10 users of space with: # cd / # du -xm . | sort -nr | head -10 If this doesn't show up a lot of stuff, then there's probably a rogue process which has opened a file and then removed it, so it's not directly visible by traversing the tree with `du', but you can still look for it with: # fstat -f / | sort -k +8 After you get this sort of information, we can make more informed suggestions about the best way to move forward :) I have been trying to track down a similar problem! Using the above method I think I have found 'natd' to be the culprit. Should 'natd' receive a signal when 'alias.log' rolls over? Restarting 'natd' seems to have releases some megabytes. Nice catch, Paul! The `alias.log' file is supposed to be in `/var/log', but I guess if you use a single root filesystem for everything, this can end up filling the root filesystem. The file `alias.log' is not rotated by `newsyslog.conf', so maybe we should add it there? Then we can let `newsyslog' signal `natd' by: %%% diff -r 4474abb9619a etc/newsyslog.conf --- a/etc/newsyslog.confFri Oct 13 17:34:54 2006 +0300 +++ b/etc/newsyslog.confWed Oct 18 15:54:52 2006 +0300 @@ -18,6 +18,7 @@ # # logfilename [owner:group]mode count size when flags [/pid_file] [sig_num] /var/log/all.log 600 7 *@T00 J +/var/log/alias.log 600 7 100 * JC /var/run/natd.pid /var/log/amd.log 644 7 100 * J /var/log/auth.log 600 7 100 * JC /var/log/console.log 600 5 100 * J %%% Can you please add this line to your newsyslog.conf file and let it run for a while to see if it prevents the `alias.log' file of `natd' to fill your /var/log filesystem? I don't use `natd', so I can't test this myself for a long enough period. Regards, Giorgos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: File system full
On 2006-10-18 14:34, Matthew Seaman [EMAIL PROTECTED] wrote: Giorgos Keramidas wrote: The file `alias.log' is not rotated by `newsyslog.conf', so maybe we should add it there? Then we can let `newsyslog' signal `natd' by: %%% diff -r 4474abb9619a etc/newsyslog.conf --- a/etc/newsyslog.confFri Oct 13 17:34:54 2006 +0300 +++ b/etc/newsyslog.confWed Oct 18 15:54:52 2006 +0300 @@ -18,6 +18,7 @@ # # logfilename [owner:group]mode count size when flags [/pid_file] [sig_num] /var/log/all.log 600 7 *@T00 J +/var/log/alias.log 600 7 100 * JC /var/run/natd.pid /var/log/amd.log 644 7 100 * J /var/log/auth.log 600 7 100 * JC /var/log/console.log 600 5 100 * J %%% Can you please add this line to your newsyslog.conf file and let it run for a while to see if it prevents the `alias.log' file of `natd' to fill your /var/log filesystem? I don't use `natd', so I can't test this myself for a long enough period. natd doesn't do the close and re-open all filehandles thing on receipt of SIGHUP which pretty much makes it unsuitable for use with newsyslog. (SIGHUP is caught by natd, but the only thing it does is cause natd to update its idea of what the IP address is on the nat'ed interface.) There doesn't seem to be any signal that you can send natd with the usual 'reread all config files and re-open all file descriptors' effect that most daemons understand. That's probably a bug, then, I guess. The fact that natd can keep a file open for an arbitrary amount of time and keep appending to it, until either natd dies or the file fills up an entire partition is not really a good idea :( I'll open a PR for this, and see if the people more knowledgeable with natd's internals can help with the SIGHUP-triggered actions of natd. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw vs. ipf on a freebsd router
On 2006-10-18 15:10, John Levine [EMAIL PROTECTED] wrote: I'm putting together a freebsd router to sit between my LAN and a T1. The current router (still running BSD/OS) uses BSDI's ipfw, but that died when BSDI did. It's about as simple a routing job as one could ask, a T1 with a static address to a LAN with a static /24. I have a whole bunch of packet filtering rules on the current router to keep out nasty stuff based partly on port numbers but also a couple of hundred IP ranges from the SBL and elsewhere. I have enough IP addresses that I do not need to NAT. What are the relative merits of freebsd's ipf and ipfw? It looks like either can do the filtering I need to do. Any reason to choose one over the other? For what it's worth, IPFW is also available on FreeBSD. I don't know how different the BSDi version of IPFW was, but it may be easier to use FreeBSD's IPFW -- at least at first. If reducing the pain of a transition from BSD/OS to FreeBSD is a worthy goal, I would recommend IPFW :) While I'm at it, should I turn on netgraph or just use the regular network stuff? Not necessarily. Do you really need it? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: tao.thought.org is back.....
On 2006-10-18 14:12, Gary Kline [EMAIL PROTECTED] wrote: This is only for sendmail *wizards* out there. It took me two hours of messing round with the /etc/mail/* files on ns1|sage before I just gave up. After I rebooted both servers to get mail to default to tao. After my first fatal trap on 01 Sept, I changed (uncommented) my ^Cw tao.thought.org line on sage's sendmail.cf to get mail going to sage rather than tao. I do realize that this Cw line means: route all mail for tao to localhost, which here was sage. With this Cw commented out, mail for [EMAIL PROTECTED] was routed to tao. Uncommented, and mail stayed in sage.thought.org. My one question is given that mail defaults to my ns1.thought.org, HOW can I get it to go to (say) zen.thought.org, or to tao.thought.org? or to ethos.thought.org? OR what re-initialization do I have to do? other than a shutdown -r now?? I thought I had this down cold, but nope. gary PS: Mail from my magnesium.net account mailed explicitedly to [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], or [EMAIL PROTECTED] other words, using the FQDN-- gets to which ever server. But how do I make [EMAIL PROTECTED] reach a specific server?? PS: Apologizes if this seems like an obscure question; it IS By setting the MX records for `thought.org' up so that the one with the lowest value of them all points to that specific server. This should be configured in the name-server which hosts the DNS zone for `thought.org'. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: tao.thought.org is back.....
On 2006-10-18 17:14, Gary Kline [EMAIL PROTECTED] wrote: On Thu, Oct 19, 2006 at 12:57:08AM +0300, Giorgos Keramidas wrote: On 2006-10-18 14:12, Gary Kline [EMAIL PROTECTED] wrote: This is only for sendmail *wizards* out there. It took me two hours of messing round with the /etc/mail/* files on ns1|sage before I just gave up. After I rebooted both servers to get mail to default to tao. [[ ... ]] My one question is given that mail defaults to my ns1.thought.org, HOW can I get it to go to (say) zen.thought.org, or to tao.thought.org? or to ethos.thought.org? OR what re-initialization do I have to do? other than a shutdown -r now?? I thought I had this down cold, but nope. gary PS: Mail from my magnesium.net account mailed explicitedly to [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], or [EMAIL PROTECTED] other words, using the FQDN-- gets to which ever server. But how do I make [EMAIL PROTECTED] reach a specific server?? PS: Apologizes if this seems like an obscure question; it IS By setting the MX records for `thought.org' up so that the one with the lowest value of them all points to that specific server. This should be configured in the name-server which hosts the DNS zone for `thought.org'. This would work [or ought to!]; right now, all my mail echange entries are equi-valued at 50. But this seems like a back door way of dealing with sendmail. I'm the first to admit that it's a less tha optimal suite, obscure beyond words, (etc). But I'd like to understand how to resolve this problem with senmail Sendmail (or any other MTA, for that matter) should really *trust* the DNS admin to properly configure MX records. There's nothing wrong with relying on MX records which, for example, point to: thought.org.IN MX 10 mx1.thought.org. thought.org.IN MX 20 mx2.thought.org. If I understood what you are trying to do, then a nice set of MX priorities *does* what you want. Why would you want to mess with mailertables? :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: python-mode in emacs
On 2006-10-17 02:20, Svein Halvor Halvorsen [EMAIL PROTECTED] wrote: cpghost wrote: Well, it doesn't cause any harm to add to your ~/.emacs ;; Add python-mode (autoload 'python-mode python-mode Python editing mode. t) (setq auto-mode-alist (cons '(\\.py$ . python-mode) auto-mode-alist)) (add-hook 'python-mode-hook 'turn-on-font-lock) Are there any way to get emacs to automatically read files in this directory? Am I missing something? Shouldn't the ports system by default be setup in a way that this would work? I don't know. But having Emacs auto-load every mode from there doesn't seem a good idea. And the port can't do that either, since it's a per-user decision. I wasn't suggesting emacs autoload every mode, but rather that emacs simply read the files, and offer me the choice of using modes defines in such files. E.g. do the same as $emacs -l /usr/local/share/emacs/site-lisp/python-mode.el If I start emacs by just typing emacs, and then use esc-x python-mode is not an option. However, If I use the -l option, python-mode is not automatically loaded, but emacs will then offer me the option of loading it later. Your suggested additions to my .emacs file, seems to work, though. The newer versions of GNU Emacs include `python-mode' in the core Emacs distribution, so you might want to try the editors/emacs-devel port :) The distfiles of this port are generated from CVS snapshots of Emacs 22.X, which is going to be the next release of GNU Emacs. This version of Emacs still has a few rough edges (i.e. the GTK+ UI crashes on FreeBSD 7.0-CURRENT), but it has worked remarkably well for several months here. If you give it a try, please let me know, as all the testing we can get is nice. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's so compelling about FreeBSD?
On 2006-10-16 10:45, Simon Gao [EMAIL PROTECTED] wrote: I have a few FreeBSD machine from 4.x to 5.x. I have asked people how to upgrade them to latest version 6.x cleanly. All I was told is that I need to wipe them out and reinstall. However, this is not the case with Gentoo Linux. With Gentoo, version release does not matter that much, you can always keep your system up to date if you like. 'Clean' upgrades can be done with FreeBSD too. I have installed machines with 4.7-RELEASE and then upgraded them to 5.X, 6.X and finally 7.0-CURRENT a few times. It's not easier (or faster) than a straight installation of a 7.0-CURRENT snapshot from `ftp.FreeBSD.org', but it's certainly possible. Linux supports more devices than FreeBSD, especially new devices. This is probably true. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: python-mode in emacs
On 2006-10-17 00:21, Alex Zbyslaw [EMAIL PROTECTED] wrote: Svein Halvor Halvorsen wrote: Emacs doesn't seem to load files in /usr/local/share/emacs/site-lisp installed by ports. [...] In emacs do ESC-x describe-variable load-path which tells you where emacs is looking. Mine is (/usr/local/share/emacs/21.3/site-lisp /usr/local/share/emacs/site-lisp /usr/local/share/emacs/21.3/leim /usr/local/share/emacs/21.3/lisp /usr/local/share/emacs/21.3/lisp/toolbar /usr/local/share/emacs/21.3/lisp/textmodes /usr/local/share/emacs/21.3/lisp/progmodes /usr/local/share/emacs/21.3/lisp/play /usr/local/share/emacs/21.3/lisp/obsolete /usr/local/share/emacs/21.3/lisp/net /usr/local/share/emacs/21.3/lisp/mail /usr/local/share/emacs/21.3/lisp/language /usr/local/share/emacs/21.3/lisp/international /usr/local/share/emacs/21.3/lisp/gnus /usr/local/share/emacs/21.3/lisp/eshell /usr/local/share/emacs/21.3/lisp/emulation /usr/local/share/emacs/21.3/lisp/emacs-lisp /usr/local/share/emacs/21.3/lisp/calendar) and as you can see second entry is /usr/local/share/emacs/site-lisp Assuming it is missing for you, then you could add something like this to your .emacs (set-variable 'load-path (append '(/usr/local/share/emacs/site-lisp) load-path)) but that sticks it at the end, so anything there won't override defaults, which is not so good. FWIW, one way to add a path to the beginning of the `load-path' list is: (add-to-list 'load-path /usr/local/share/emacs/site-lisp) The `add-to-list' function can also append stuff to a list by: (add-to-list 'load-path /usr/local/share/emacs/site-lisp t) See the documentation of `add-to-list' for more details :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's so compelling about FreeBSD?
On 2006-10-18 08:37, jan gestre [EMAIL PROTECTED] wrote: On 10/17/06, Giorgos Keramidas [EMAIL PROTECTED] wrote: Linux supports more devices than FreeBSD, especially new devices. This is probably true. yes it's true linux has support for more devices than FreeBSD and that's why i think we got to be heard, install this nifty app called bsdstats and maybe just maybe those device manufacturers will notice us FreeBSD users, that it is not just for hobbyist. There are other forms of active advocacy too. Write articles, post to forums, present stuff at conventions, talk and chat in local user groups about BSD, etc. Let us not limit ourselves to just bsdstats :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: File system full
On 2006-10-18 07:53, Office of CEO- rithy4u.NET [EMAIL PROTECTED] wrote: Dear All, My firewall server was running out of space on / partition I have try to reboot/fsck and delete all unneccessary files inside / but I still get 12 MB of free space with total 495 MB worth of that partition. Any ideas? First of all, try to track down where all the space has gone, by using `df' and `du' with the -x option. For example, you can get a good idea of which places in your root filesystem are the top-10 users of space with: # cd / # du -xm . | sort -nr | head -10 If this doesn't show up a lot of stuff, then there's probably a rogue process which has opened a file and then removed it, so it's not directly visible by traversing the tree with `du', but you can still look for it with: # fstat -f / | sort -k +8 After you get this sort of information, we can make more informed suggestions about the best way to move forward :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: canary mismatch on efree()
On 2006-10-14 18:27, Mark [EMAIL PROTECTED] wrote: Hello, I'm running Apache/1.3.37 (Unix) and PHP/4.4.4 with Suhosin-Patch. All of a sudden I get this in my log: [Sat Oct 14 19:54:32 2006] [error] ALERT - canary mismatch on efree() - heap overflow or double efree detected (attacker '192.168.1.4', file '/www/vhosts/asarian-host.net/htdocs/phpMyAdmin/index.php') This is not good. If a simple thing like phpMyAdmin causes it, then I will have to disable the Suhosin-Patch (which propably means recompiling from scratch, right?). o What version of FreeBSD are you using? o What php-related and apache-related packages have you installed and what options did you use while installing them? o Does this happen only with phpMyAdmin or with other PHP scripts too? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Getting started with FreeBSD
On 2006-10-11 01:20, cothrige [EMAIL PROTECTED] wrote: * Garrett Cooper ([EMAIL PROTECTED]) wrote: I find it interesting that a former Slackware user would be complaining about compiling stuff, but you probably used slapt-get to update your packages. Well, I am probably coming off whiny. However, I am pretty typical of the Slackware crowd in that much of what I am running I compiled from source. The same thing can be accomplished with FreeBSD. You still have the option to compile things your way, install them in /opt instead of /usr/local, trim things down to the bare minimum that fits your preferences, etc. Slackware, with its free for all, build it however you want it to look like attitude, is the one Linux distribution that approaches the BSD spirit more than any other distribution, if you ask me. But the base system is still binaries and that does speed things up. That's ok. The `base system' of FreeBSD is also a bunch of binaries. You can get it going by installing the `bin' collection of packages from the official release CD-ROMs. Pat doesn't patch everything endlessly and so it works well and as intended, so there is really no trade off. I am all for compiling, but why do it when nothing is any different? Firefox works great from binaries, and so I have never bothered to try compiling it. Same for openoffice and java. Even in Gentoo I installed the binaries of those. You can always install portsnap and portupgrade. The first of these tools will fetch you an up to date /usr/ports tree in blazingly fast speed. The second tool can upgrade your installed `ports and packages', either by fetching pre-built packages from the network or by compiling locally. Once a port is compiled and installed from source, it is NOT DIFFERENT from a binary package, which you fetched from the network a week ago. At least, it is not different as far as the package management tools of FreeBSD (the pkg_xxx tools) are concerned. A common trick I use is to build ports on a fast machine, or fetch them from the network, and then run a small local script to save them all as binary packages in `/usr/pkg/i386/freebsd-7.0'. Then, I periodically burn this directory to a CD-ROM or DVD disk, and I can quickly reinstall it all with: # mount /cdrom # cd /cdrom # cd pkg/i386/freebsd-7.0 # pkg_add * What I guess is troubling me here though is just figuring stuff out. Don't worry. It takes a bit of time. Keep testing stuff and learning how it all fits together, and you may have lots of fun :) However, after reading you post, I am thinking that the packages are only available for the snapshots labelled RELEASE. Am I right? Bingo... More up-to-date versions of the Ports are compiled in the FreeBSD.org systems by our package people, but they are not always in sync with /usr/ports and it takes a lot of time to build them all. All updates and changes made in between one release and the next are via sources. Would that be accurate? This is, indeed, *one* of the options. If so, I can say that is also fairly simple, simply non-intuitive. In some ways like having a separate ports system from the base. It is not `in some ways'. It is *EXACTLY* this way. Note how the ports/ tree is separate from the src/ source tree at: http://cvsweb.FreeBSD.org/ There is a fundamental difference between something in the `base system' (i.e. something which lives under the `src/' tree) and something that installs thirdparty software, as part of the Ports collection. Simple, even sensible, but in some ways non-intuitive. It certainly takes some time getting used to. That's fine. Let me know how ridiculously off-base I am in my current understanding. That is really what I am trying to do, find out what I should do to maintain things as move along the learning curve. Thanks for the help. Try things out. Test more things. Break a few. I know I've trashed many installations of FreeBSD before I managed to build this one. But it was *SO* much fun doing that ... I'd do it again. Welcome to FreeBSD, BTW :) -- Giorgos pgpwj8kFcABKq.pgp Description: PGP signature
Re: Getting started with FreeBSD
On 2006-10-11 08:45, cothrige [EMAIL PROTECTED] wrote: * Tore Lund ([EMAIL PROTECTED]) wrote: I wondered about the same thing some time ago. I was told by one of the gurus to try packages-6-stable, which would most likely work with 6.1-RELEASE. So I tried to fetch the latest Firefox in this way: pkg_add [no line break] ftp://ftp.mirror.freebsd.org/pub/FreeBSD/ports/i386/packages-6-stable/www/firefox-1.5.0.7,1.tbz Doesn't this seem a tad clunky and unfinished? I am still having a bit of trouble figuring out what I am overlooking. Why would a fully binary installed OS offer no binary support for updates at all? Oh but we do. Just have a look at freebsd-update, portsnap and portupgrade: http://www.daemonology.net/freebsd-update/ http://www.daemonology.net/portsnap/ http://www.freebsd.org/cgi/cvsweb.cgi/ports/sysutils/portupgrade/ Why have a nice secure RELEASE edition when once installed it will naturally develop security holes that are very hard to find and fix? Because in FreeBSD we don't install a system that fires up the kitchen sink, the hairdresser and a few local classical orchestras, when it starts. You know the feeling... I mean, after all, you are a _Slackware_ user, right? :) Security updates can be fetched pretty fast with `freebsd-update' and they don't always affect you. So, if there's no need to upgrade to the latest and greatest release of all the other things, why do it for your base system? One of the things I don't get is the stable vs. release concept. There is basically nothing said to address this. Heh! You areally _are_ a new FreeBSD user, after all. This is, typically, the first question one asks after the first Oh! Ah! Wow! You mean it does... Awesome! parts: ``What is STABLE, CURRENT and what do I do with them?'' The answer is in the Handbook ( here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/current-stable.html ) I can imagine that the packages in packages-6.1-release are fixed and static, though it surprises me that no security fixes are placed there, but what about packages-6-stable? These seem quite new, comparitively, and so I would assume that they are not static as release are. And if they are in fact tracked and improved, how can they be accessed via the tools? Try reading the manpages of the pkg_xxx tools: % man pkg_add % pkg_check % pkg_create % pkg_delete % pkg_info % pkg_sign % pkg_version In FreeBSD, the manpages are _really_ informative and we try to keep them up to date. Learn to search through them, with apropos(1), to read them carefully and you'll find a huge wealth of information. No Linux distrubition has *EVER* convinced me that they value their manpage documentation as much as the FreeBSD people do. - Giorgos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problems with ipfw and ssh
I removed freebsd-ipfw from the recipient list. Please keep `general'
questions in freebsd-questions. The freebsd-ipfw list is, as far as I
know, used for *development* of IPFW; not questions.
On 2006-10-11 22:53, Spiros Papadopoulos [EMAIL PROTECTED] wrote:
Hi,
I am trying to configure a firewall using ipfw for a machine running
FreeBSD 5.4. Without NAT.
I am nearly a newbie on this (since i never had time until now..) but
still i believe i understand exactly the concepts and what needs to be
done. Except the manual page and chapter 26.1 in the handbook I am
using good references such as:
http://www.freebsd-howto.com/HOWTO/Ipfw-HOWTO
I need to connect remotely to the machine using ssh and this is where
i get the problem:
Initially i can connect properly using a normal user account. When
later i am trying to su to root it does nothing and the connection
closes.
Can you show us the full IPFW ruleset you are using?
I have ipfw enabled in the kernel to deny everything by default. I
have used both (one at a time) the following rules concerning ssh, in
/etc/ipfw.rules and also other combinations, such as taking off setup
and keep-state etc etc which would then make my firewall stateless as
far as i understood, which is something i don't want anyway.
${addcmd} 300 allow log logamount 5 tcp from any to me 22 setup keep-state
-
${addcmd} 300 allow log logamount 5 tcp from any to any ssh keep-state
The second seems wrong, unless you also have 'setup' rules elsewhere.
In a first investigation (not thorough) i found this post:
http://www.freebsdforums.org/forums/showthread.php?t=21876
where from, i cannot realize what is wrong or how to fix this.
The initial ruleset of this forum thread has a few bugs, which I'm not
interested in pointing out one by one right now. Just ignore most of it.
I run the sshd in debug mode and below is the portion, for when i am trying
to su to root
/* sshd -d */
Write failed: Permission denied
debug1: do_cleanup
debug1: PAM: cleanup
debug1: do_cleanup
debug1: PAM: cleanup
debug1: session_pty_cleanup: session 0 release /dev/ttyp7
Now we're getting somewhere. Please post your *FULL* ipfw ruleset so we
can try to find out why/when/where packets can be blocked.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problems with ipfw and ssh
On 2006-10-12 00:53, Spiros Papadopoulos [EMAIL PROTECTED] wrote:
I started yesterday playing with it / testing it, but since i
want to do most of the work remotely, i stuck on this rule and
feel like keep looking until i find the solution. I paste the
whole script here just in case something else is wrong... Here
is my ipfw.rules file:
/** Sorry for the delay. In the meanwhile, just before sent the
mail something else happened. Taking in account what you told
me about the state keyword, i added it to the rule 300. Then
i could not connect at all. I tried to take it off again, but
surprisingly it still doesn't allow any connections at all (not
even the user this time), hmmm... I am sending it as it was
initially, which from yesterday until my first e-mail it was
working as described previously...Now also when i run the
script with the allowall option gives me problems, when it
was working before. I can ping the machine and get replies but
i cannot ssh to it. It seems that i am doing something wrong
but cannot identify where */
#!/bin/sh
# rules commmand prefix
addcmd=/sbin/ipfw -q add
# and the interface
if=xl0
# details of this computer
ip=192.168.1.199
net=192.168.1.0
mask=255.255.255.0
bcast=192.168.1.255
nic=sk0
ks=keep-state
# Flush out the list
/sbin/ipfw -q -f flush
if [ $1 = allowall ]
then
${addcmd} 100 allow all from any to any via ${nic}
exit 0
else
# Only in rare cases do you want to change these rules
${addcmd} 50 allow all from any to any via lo0
${addcmd} 100 deny all from any to 127.0.0.0/8
${addcmd} 150 deny ip from 127.0.0.0/8 to any
These look ok.
# At the moment don't allow it
#${addcmd} 400 allow all from ${ip} to ${net}:${mask}
#${addcmd} 500 allow all from ${net}:${mask} to ${ip}
Not sure why these are needed (but they are commented out).
# Allow only specific stuff and maintain the firewall for as long
# as needed to become tough enough
# check state and keep it
${addcmd} 200 check-state
${addcmd} 210 allow tcp from me to any setup ${ks}
${addcmd} 211 allow udp from me to any ${ks}
${addcmd} 212 allow icmp from any to me icmptype 0, 3, 4, 11
${addcmd} 212 allow icmp from me to any
# Allow Traffic to my ISP DNS server
${addcmd} 250 allow udp from ${ip} to xx.xxx.x.xx 53 out via ${nic}
${addcmd} 251 allow udp from xx.xxx.x.xx to ${ip} 53 in via ${nic}
# Allow ssh from anywhere
#${addcmd} 300 allow log logamount 5 tcp from any to me 22 setup
${ks}
#${addcmd} 301 allow tcp from any to me ssh in recv ${nic} ${ks}
setup
${addcmd} 300 allow log logamount 5 tcp from any to any ssh {ks}
# Everything else is denied
${addcmd} 65535 deny all from any to ${ip}
exit 0
fi
You seem to be missing a 'setup' keyword in the ssh rule :-/
I just loaded your own ruleset (with ${ip} and ${nic} set to local
values) on a FreeBSD 7.0-CURRENT system here. They work fine, as far as
I can tell:
,
| [EMAIL PROTECTED]:/home/giorgos$ su -
| Password:
| [EMAIL PROTECTED]:/root# ipfw -d show
| 00050 168 30828 allow ip from any to any via lo0
| 00100 0 0 deny ip from any to 127.0.0.0/8
| 00150 0 0 deny ip from 127.0.0.0/8 to any
| 00200 0 0 check-state
| 00210 881 129402 allow tcp from me to any setup keep-state
| 00211 8965 allow udp from me to any keep-state
| 00212 0 0 allow icmp from any to me icmptypes 0,3,4,11
| 00212 0 0 allow icmp from me to any
| 00250 0 0 allow udp from 10.6.0.131 to any dst-port 53 out via re0
| 00251 0 0 allow udp from any to 10.6.0.131 dst-port 53 in via re0
| 00300 649 92691 allow log logamount 5 tcp from any to any dst-port 22
keep-state
| 65535 154 35966 deny ip from any to any
| ## Dynamic rules (12):
| [EMAIL PROTECTED]:/root#
`
The only changes I made are:
* Use 'any' instead of xx.xxx.x.xx as the UDP address.
* Change ${ip} to my own address
* Change ${nic} to my own interface name
I can connect to other hosts and ssh back into my workstation
with this ruleset :-/
Sorry, but I'm not sure why in your case this fails to work.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problems with ipfw and ssh
On 2006-10-12 01:31, Spiros Papadopoulos [EMAIL PROTECTED] wrote:
On 12/10/06, Giorgos Keramidas [EMAIL PROTECTED] wrote:
,
| [EMAIL PROTECTED]:/home/giorgos$ su -
| Password:
| [EMAIL PROTECTED]:/root# ipfw -d show
| 00050 168 30828 allow ip from any to any via lo0
| 00100 0 0 deny ip from any to 127.0.0.0/8
| 00150 0 0 deny ip from 127.0.0.0/8 to any
| 00200 0 0 check-state
| 00210 881 129402 allow tcp from me to any setup keep-state
| 00211 8965 allow udp from me to any keep-state
| 00212 0 0 allow icmp from any to me icmptypes 0,3,4,11
| 00212 0 0 allow icmp from me to any
| 00250 0 0 allow udp from 10.6.0.131 to any dst-port 53 out via re0
| 00251 0 0 allow udp from any to 10.6.0.131 dst-port 53 in via re0
| 00300 649 92691 allow log logamount 5 tcp from any to any dst-port 22
keep-state
| 65535 154 35966 deny ip from any to any
| ## Dynamic rules (12):
| [EMAIL PROTECTED]:/root#
`
The only changes I made are:
* Use 'any' instead of xx.xxx.x.xx as the UDP address.
* Change ${ip} to my own address
* Change ${nic} to my own interface name
I can connect to other hosts and ssh back into my workstation
with this ruleset :-/
Sorry, but I'm not sure why in your case this fails to work.
Now this is strange. I will try again tomorrow evening more
carefully and i will post any results.
Initially i sent the mail because of the failure to su as root
(as described also in that post i referenced) after i was
logging in as normal user canonically. So it was working as you
said. But can you su to root after connecting?
Yes. See above. The `ipfw -d show' command shown there was
after I looped using SSH from my workstation to another system
and back again.
Sorry i will not be able to reply again tonight
No problem. Take your time. There is definitely a logical
explanation why this is happening, even if that explanation is
`there is a bug in ipfw and 5.4' :)
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 'File too large' mail delivery error
On 2006-09-30 11:46, Gerard Seibert [EMAIL PROTECTED] wrote: What could cause Postfix/Dovecot to suddenly start failing to deliver mail and issue this error message in the /var/log/maillog: Sep 30 09:45:24 scorpio postfix/local[1439]: 80E65C613: to=[EMAIL PROTECTED] st.seibercom.net, relay=local, delay=6.5, delays=6.4/0.01/0/0.03, dsn=5.2.2, st atus=bounced (cannot update mailbox /var/mail/gerard-gmail for user gerard-gmail . error writing message: File too large) What does postconf have to say about mailbox size limit? # postconf mailbox_size_limit mailbox_size_limit = 5120 # ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 'File too large' mail delivery error
On 2006-09-30 22:02, Gerard Seibert [EMAIL PROTECTED] wrote: On Saturday 30 September 2006 23:27, Giorgos Keramidas wrote: What does postconf have to say about mailbox size limit? # postconf mailbox_size_limit mailbox_size_limit = 5120 # Yes, that is the same number I get. So why did this mysteriously just start after I updated FBSD? I don't think I can answer this, since I don't know what the configuration of your Postfix was before and what it is now. Nothing happens 'mysteriously' though. For example: * Did you recently update FreeBSD *AND* update all your ports with portupgrade or similar? * If yes, did you backup your Postfix configuration? * If you really did keep backup copies, can you show me the output of diff(1) on the old main.cf and the new one? I am using dovecot as the LDA so I would not have thought that a size limit set in postfix would have an bearing on dovcot's ability to deliver mail. In any case, I have had mail folders over 75M in size and neither dovecot nor postfix complained. Well, they do now. Even if we can't find out why they didn't before, we currently know how to fix this :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Best way to renice a process by name?
On 2006-09-26 09:32, Brett Glass [EMAIL PROTECTED] wrote: I'm working with a machine that's operating as a NAT router and recursive DNS resolver and is also running the Squid disk cache. Squid, in turn, spawns the diskd daemon, which does disk accesses on behalf of Squid. When Squid spawns diskd, it gives it a priority level 6 greater than itself. In other words, if Squid is launched normally, it gets a priority of 2 (normal) while diskd gets a priority of -4 (very high). Unfortunately, diskd is not an efficient user of CPU (it seems to be polling for I/O completion) and is starving other processes on the machine (for example, natd) which need to operate in near real time. I'd like to keep diskd running on that machine, because having disk access done by a separate process is very efficient -- even more so if the system uses SMP. But I need to re-prioritize Squid and diskd to keep the rest of the machine functional. In particular, I'd like to nice Squid down by 1 (so that natd and named have priority over it) and have diskd run at standard priority (so that it can't starve other processes). This will keep diskd at a higher priority than Squid itself, which in turn will hopefully prevent message queues from overflowing. Reducing Squid's priority is simple; I can just edit the script that starts Squid so that /usr/bin/nice is used to invoke it. But taming diskd is more difficult, because diskd is a child process of Squid. I have to make sure it has started (which may require a delay loop), find out its PID, and then renice it by whatever increment is required to get it to the system's standard priority (2 by convention). Is there a renice by name utility for FreeBSD (sort of an equivalent of killall)? I could gin one up, but since this seems like something that people would want to do frequently, find it hard to believe that someone hasn't already written one. Maybe something like this helps? $ echo renice -n +10 -p `echo \`pgrep httpd\` | sed -e 's/ /,/g'` renice -n +10 -p 1023,656,655,654,653,652,610 $ There is always a fair chance you might attempt to renice a process which just happened to die, but this should be ok, unless you start seeing PIDs being recycled too fast :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd compilation of handbooks
On 2006-09-21 15:21, Bob M. [EMAIL PROTECTED] wrote: Came across this earlier today, and figured it was a good resource: http://elibrary.fultus.com/technical/index.jsp?topic=/com.fultus.freebsd.books/books/arch-handbook/index.html FWIW, most of the FreeBSD stuff mentioned there is also available through the FreeBSD web site too: http://www.freebsd.org/docs.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Crippled FreeBSD! Need help!
On 2006-09-16 20:15, Viswas Nair [EMAIL PROTECTED] wrote: I have managed to scr** up my FBSD 6.1 installation. This is what happened: I had an installation of BSD with which I was experimenting and managed to get it to work to my taste. Call this installation A. This installation had a lot of unwanted ports installed so I decided to do a new installation. I installed BSD in another partition. Call this installation B. I wanted to custom build the kernel in B and hence created the config file needed for the custom build. I used sysinstall to copy the src from the 6.1 CD. When I marked Base inside sysinstall to be copied, it gave me an error: Write failure on transfer! (wrote -1 bytes of 1425408 bytes). I know this is not a problem with the CD because I was able to copy the base and src in another machine that I have. Src however got copied in B. I couldnt do a make buildworld because it gave me an error saying that it didnt know what buildworld was. I knew i needed the base files to get it to work. A friend of mine had helped me custom build the kernel in installation A. So I mounted the partition and copied the files in /usr/src (only files, excluded /usr/src/sys) from installation A to installation B. Then when I did a make buildworld it gave me an error that it was unable to cd into a directory by thename /somepath/usr.bin. I dont remember what somepath was. I couldn't note it down. Then I mounted the 6.1 CD and went into the 6.1Release folder and into the base directory and ran ./install.sh. It asked me if I wanted to copy files to / and i said yes. I attempted make buildworld again and it did not work. When this did not work, I decided to restart the machine and try again. However, after restarting, the login prompt does not accept my user id and password. And when i type root for user, it logs me in without asking for a password. I am clueless whats happening here. Please help. You have managed to wipe out your /etc/master.passwd file (among other things, but let's fix this first). Backup copies of master.passwd are kept in `/var/backups', so you can always look there and restore it. Unless you have added many users during the last day or so, all should be there already :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Newbie Experience (As promised)
On 2006-09-17 12:22, Joel Adamson [EMAIL PROTECTED] wrote: Dear Very Helpful and Informative FreeBSD List, I installed FreeBSD on Friday Night and tried very hard to get it all working. My initial X problem actually fixed itself (you can imagine my surprise), however, even with that, our computer is useless as a desktop (or anything else) without an internet connection. Well, maybe not completely useless. You can still grab packages from the network, using another system, transfer them to the target installation with a CD-ROM disk or other medium and install without a network connection. In general, though, a FreeBSD system without any sort of network connection is (IMHO) something like a 'crippled' computer. In fact, these days, *any* desktop system without some sort of access to a network is crippled in one or more ways. My hardware is unsupported and despite my best efforts, I decided it would be better to expedite the process and I installed Mepis Linux. What hardware are you talking about? Maybe it *is* supported, but it was not very obvious how to configure or set it all up. If you still want to give FreeBSD a try, please try to install it, then run the following commands, saving their output to a file and find a way to post these files to us (i.e. use a floppy disk or something else, like a USB stick): # dmesg # pciconf -lv I would hardly describe it the way another newbie did one week ago. It was a good challenge. I'll wait until I'm a better administrator and there's more support for hardware I might have. The only really annoying thing was that I perpetually had trouble mounting my usb flash drive. I think this was a filesystem problem. Mounting filesystems is probably not as intuitive or automatic as it could have been. If you give FreeBSD another try, as I said above, then you can try showing us the output of: # usbdevs -v Run this command when logged in as `root', save its output to a file and post this file to us as a text attachment. We'll help you with the rest of the things needed to discover more about your USB flash disk and how to mount it. Thanks for any help you've offered, Joel You're most welcome. You know how to find us if you need more help with FreeBSD either some time soon now, or later :-) Regards, Giorgos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cvs question
On 2006-09-14 19:11, Michael Grant [EMAIL PROTECTED] wrote: I'm being driven slowly mad by cvs... I have 3 boxes, one is acting as a cvs server. The cvs clients (for lack of a better term) are running 6.1 and should be configured the same. Yet, one machine lets me do a cvs login, the other requires I use cvs -d :psserver:.. with each cvs command. I do not have CVSROOT set on either machine. What I get is this: [#822] cvs login Logging in to :pserver:[EMAIL PROTECTED]/home/foo/bar cvs login: authorization failed: server myserver rejected access to /home/foo/bar for user mgrant yet, on the other machine, I get a password prompt and all is fine. Someone sets CVSROOT, if you can just type cvs login and get a prompt for ``Logging in to :pserver:[EMAIL PROTECTED]/home/foo/bar''. Can you run, on both systems, the following? $ env | sort | grep CVS ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cvs question
On 2006-09-15 13:56, Michael Grant [EMAIL PROTECTED] wrote: On 9/15/06, Giorgos Keramidas [EMAIL PROTECTED] wrote: On 2006-09-14 19:11, Michael Grant [EMAIL PROTECTED] wrote: I'm being driven slowly mad by cvs... I have 3 boxes, one is acting as a cvs server. The cvs clients (for lack of a better term) are running 6.1 and should be configured the same. Yet, one machine lets me do a cvs login, the other requires I use cvs -d :psserver:.. with each cvs command. I do not have CVSROOT set on either machine. What I get is this: [#822] cvs login Logging in to :pserver:[EMAIL PROTECTED]/home/foo/bar cvs login: authorization failed: server myserver rejected access to /home/foo/bar for user mgrant yet, on the other machine, I get a password prompt and all is fine. Someone sets CVSROOT, if you can just type cvs login and get a prompt for ``Logging in to :pserver:[EMAIL PROTECTED]/home/foo/bar''. Can you run, on both systems, the following? $ env | sort | grep CVS env | sort | grep CVS returns nothing. There are no CVS* variables set! Strange. Where is it getting the cvsroot from? Even if I remove the .cvspass file, it still uses the pserver line from before. It's definitely getting cached somewhere. greping the env for pserver shows nothing. Do you have a local CVS/ subdirectory when you try cvs login? If yes, what does it contain? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cvs question
On 2006-09-15 17:58, Michael Grant [EMAIL PROTECTED] wrote: [#786] ls -l CVS total 6 -rw-r--r-- 1 mgrant 1001 197 Oct 16 2005 Entries -rw-r--r-- 1 mgrant 10018 May 30 2005 Repository -rw-r--r-- 1 mgrant 1001 55 May 30 2005 Root [#787] cat CVS/Root :pserver:xgrant:[EMAIL PROTECTED]/home/ng/tools/cvsroot Ok, so that solve that mystery. However, I still cannot log in on one machine yet I can on the other: Except for the Entries file, Root and Repository are identical in the CVS directory. cvs login Logging in to :pserver:[EMAIL PROTECTED]:2401/home/ng/tools/cvsroot cvs login: authorization failed: server grant.org rejected access to /home/ng/tools/cvsroot for user mgrant The CVS server seems to be using some sort of CVS access control, i.e. by a CVSROOT/readers or CVSROOT/writers file or something similar. I am not sure of all the gory details about your particular setup, but the message seems to imply that `mgrant' is blocked by the access controls of the server itself. Do you have a CVSROOT/readers or CVSROOT/writers in /home/ng/tools/cvsroot/CVSROOT/ on the CVS server? If yes, what do they contain? Please take care of masking any sensitive data (like user passwords), if you sent their contents!!! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cvs question
On 2006-09-15 20:05, Michael Grant [EMAIL PROTECTED] wrote: On 9/15/06, Giorgos Keramidas [EMAIL PROTECTED] wrote: The CVS server seems to be using some sort of CVS access control, i.e. by a CVSROOT/readers or CVSROOT/writers file or something similar. I didn't set anything like that up. I simply added this line to /etc/inetd.conf: cvspserver stream tcp nowait root /usr/bin/cvs cvs --allow-root=/home/ng/tools/cvsroot --allow-root=/home/somewhere/else pserver I am not sure of all the gory details about your particular setup, but the message seems to imply that `mgrant' is blocked by the access controls of the server itself. It sure seems that way. Or it seems that somehow it's proposing the wrong password. Hmm, now, here's something funny, the password in CVSROOT/Root is all lower case and my password is mixed case. Try removing the relevant line from your ``~/.cvspass'', if there is one. I think what's happening is that a cached copy of the password is used from that file, and that copy is out of date. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Top behavior differences
On 2006-09-10 18:04, stan [EMAIL PROTECTED] wrote: On Sun, Sep 10, 2006 at 11:57:05AM -0400, Bob Hall wrote: On Sun, Sep 10, 2006 at 08:56:31AM -0400, stan wrote: Can someone explain to me why top's handling of multi processor status display is different on FreeBSD, than it is on Linux? Open source started with the concept of individuals hacking the source code to get the features they want. The commericial ideal of users paying for features they want was replaced by the ideal of users doing the work to create the features they want. Open source has evolved into the concept of many users getting a free ride as a relatively small number of open source programmers do the work for them, without pay. Possible reasons why open source software X doesn't have feature Y: -- Long discussion of open source philosophy dleted --- Once upon a time, when people posted on lists like this, they got well reasoned technical answers. The question I was really asking, is if there is a technical reason for this difference (eg difernt sturctures for obatining the information in the 2 OS's). The reason that i feel this is an apropriate place to ask such a question, is that top is NOT a port, but is provided by the base OS in FreeBSD. There are technical reasons. The top(1) utility peeks into kernel structures, such as process lists, memory usage information and other stuff, and our current FreeBSD version has been changed, fixed and augmented with new features as FreeBSD was developed. I doubt that it can run unmodified on Linux. What sort of technical details are you interested in? I've made some changes to top(1) myself, so maybe I can tell you what the differences are if you have something specific in mind :) - Giorgos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sendmail and hosts_access(5)
On 2006-09-13 11:14, Kevin Kinsey [EMAIL PROTECTED] wrote: Hello all, I am attempting to block an SMTP server with /etc/hosts.allow: -- Received: from 241net251.net.zeork.com.pl (241net251.net.zeork.com.pl [194.117.241.251] (may be forged)) -- [506] Tue 12.Sep.2006 20:55:44 [EMAIL PROTECTED] #ssh [EMAIL PROTECTED] grep zeork /home/kadmin/spammers .net.zeork.com.pl [507] Tue 12.Sep.2006 20:56:55 [EMAIL PROTECTED] #ssh [EMAIL PROTECTED] grep /home/kadmin/spammers /etc/hosts.allow sendmail : /home/kadmin/spammers : deny -- hosts_access(5) says this: The access control language implements the following patterns: * A string that begins with a `.' character. A host name is matched if the last components of its name match the specified pattern. For example, the pattern `.tue.nl' matches the host name `wzv.win.tue.nl' So, why does my server continue accepting SMTP connections from 241net251.net.zeork.com.pl ? Thoughts, pointers, gentle kicks on the bum welcomed. I don't think you can have the hostnames in a separate map file and then reference this file from /etc/hosts.allow. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: CLI text editor recommendation
On 2006-09-13 12:25, Andy Greenwood [EMAIL PROTECTED] wrote: I need a CLI text editor I can use over ssh, which does NOT append newlines to the end of files as I save them. I am using this to edit PHP files, and my PHP doesn't like newlines outside the last ?. ee and vi both do so, I tried nano which also does the same. I haven't installed emacs to try that yet, since the man page says that it also does the same thing. Does anyone have any ideas? IMHO, the problem is not the editor, but the brokenness of this particular PHP installation. Having said that, you can configure both VIM and Emacs to append or not append newlines. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sendmail and hosts_access(5)
On 2006-09-13 19:37, Giorgos Keramidas [EMAIL PROTECTED] wrote: On 2006-09-13 11:14, Kevin Kinsey [EMAIL PROTECTED] wrote: Hello all, I am attempting to block an SMTP server with /etc/hosts.allow: -- Received: from 241net251.net.zeork.com.pl (241net251.net.zeork.com.pl [194.117.241.251] (may be forged)) -- [506] Tue 12.Sep.2006 20:55:44 [EMAIL PROTECTED] #ssh [EMAIL PROTECTED] grep zeork /home/kadmin/spammers .net.zeork.com.pl [507] Tue 12.Sep.2006 20:56:55 [EMAIL PROTECTED] #ssh [EMAIL PROTECTED] grep /home/kadmin/spammers /etc/hosts.allow sendmail : /home/kadmin/spammers : deny -- hosts_access(5) says this: The access control language implements the following patterns: * A string that begins with a `.' character. A host name is matched if the last components of its name match the specified pattern. For example, the pattern `.tue.nl' matches the host name `wzv.win.tue.nl' So, why does my server continue accepting SMTP connections from 241net251.net.zeork.com.pl ? Thoughts, pointers, gentle kicks on the bum welcomed. I don't think you can have the hostnames in a separate map file and then reference this file from /etc/hosts.allow. ... and I'm wrong of course. Alex Zbyslaw pointed out that I had missed the part of the manpage which refers to this: oA string that begins with a `/' character is treated as a file name. A host name or address is matched if it matches any host name or address pattern listed in the named file. The file for- mat is zero or more lines with zero or more host name or address patterns separated by whitespace. A file name pattern can be used anywhere a host name or address pattern can be used. Sorry for the confusion :-/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sendmail and hosts_access(5)
On 2006-09-13 17:56, Matthew Seaman [EMAIL PROTECTED] wrote: hosts.allow triggers special behaviour with sendmail. Unlike other services which just close the connection immediately, with sendmail what happens is that it will accept the connection, let the sender attempt to send e-mail, but then respond with a 500 'permanent failure' code. The reason for that is fairly simple: if a MTA gets no answer when trying to connect to a server and deliver e-mail, then the standards say it should requeue the message and try again for up to 5 days. The only way to get the sending MTA to give up immediately is to issue a SMTP 500 error code. Ah! I see now. Thanks for taking the time to write this cool, detailed explanation. Now I know one more thing about Sendmail :-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: CLI text editor recommendation
On 2006-09-13 17:49, Alex Zbyslaw [EMAIL PROTECTED] wrote: Andy Greenwood wrote: I need a CLI text editor I can use over ssh, which does NOT append newlines to the end of files as I save them. I am using this to edit PHP files, and my PHP doesn't like newlines outside the last ?. ee and vi both do so, I tried nano which also does the same. I haven't installed emacs to try that yet, since the man page says that it also does the same thing. Does anyone have any ideas? Emacs most certainly can save files without newlines. I don't see any option in my .emacs to force this behaviour so assume it works out of the box, nor can I find any reference in the man page which says it does add newlines. FWIW, try looking at the documentation of `require-final-newline': C-h v require-final-newline RET ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Top not showing cpu usage even remotely accurately
On 2006-09-14 00:48, Tamouh H. [EMAIL PROTECTED] wrote: I think TOP and load averages are no longer accurate on FBSD 5.x and 6.x with SMP kernel. As far as I've seen. Load averages hit sometimes 8.0 without a noticable degradation in performance. This is one TOP that freaked me out, notice Idle CPU is 70% while the process is showing it is using 99% of CPU. systat draws more accurate picture, however, load average is still useless as far as performance monitoring : last pid: 10174; load averages: 1.63, 1.44, 1.20 up 4+00:25:19 00:39:20 169 processes: 2 running, 166 sleeping, 1 zombie CPU states: 25.8% user, 0.0% nice, 0.7% system, 0.1% interrupt, 73.4% idle Mem: 1316M Active, 1445M Inact, 297M Wired, 127M Cache, 112M Buf, 79M Free Swap: 8762M Total, 2096K Used, 8760M Free PID USERNAME PRI NICE SIZERES STATE C TIME WCPUCPU COMMAND 13362 root 1110 36444K 34196K CPU3 3 50:06 98.88% 98.88% perl5.8.7 90391 root 960 27356K 26236K select 2 0:06 0.54% 0.54% perl5.8.7 79619 nobody 40 209M 84640K sbwait 1 0:09 0.39% 0.39% httpd 10161 root 970 6712K 4752K select 2 0:00 1.40% 0.20% exim-4.62-0 79649 nobody200 210M 84464K lockf 0 0:06 0.15% 0.15% httpd Apparently, you have a 4-CPU system :-) What you see displayed as CPU is for one of the processors, not for all of them. Load average is not an easy thing to update for an SMP system, I guess. There are two options: - Set load-average to = 1.0 if at least one process wants to run on at least one processor - Calculate an aggregate load-average for all CPUs None of these is 100% correct, though. One of them is useful in some cases. The other in other cases :-( I don't remember off-hand how 5.X or 6.X calculate their load-average, but I'd be interested to know what you expected it to show, or what it shows on Linux systems. pgpC51FkX8BbO.pgp Description: PGP signature
Re: solaris
On 2006-09-05 22:50, Bill-Schoolcraft [EMAIL PROTECTED] wrote: If just a relatively small handful of dedicated FreeBSD coders can produce an OS that will install on damm near ANYTHING I always found it troubling that SUN Microsystems, with all it's resources, could not, at the least, make their x86 OS (think Solaris-10) install with support, for lets say, what FreeBSD had for 4.2? I mean, all the drivers are available, wouldn't one think that they could at least support what FreeBSD supports in terms of number of devices? I don't speak officially *for* FreeBSD, but let's be a bit realistic shall we? There are both good and bad points for both FreeBSD and Solaris. I'm sure someone can find hardware on which FreeBSD can not be installed at all. The same can be said for Solaris. In the end, it is all a matter of what hardware you have and what your particular application requires :-) Having said that, I am more comfortable with the FreeBSD-way of doing most things, so when I have the choise and *both* systems can be used, I usually pick FreeBSD just because it is the one I know best. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: solaris
On 2006-09-04 16:57, dick hoogendijk [EMAIL PROTECTED] wrote: On 03 Sep Chad Leigh -- Shire.Net LLC wrote: I am not sure about installing Solaris into an existing partition. I remember one of the FBSD's (a RC, but still) destroying my partition table. That's the reason I ask. I know that I don't have to use the main option (that's for the whole disk). But if there are no problems know of with the sol installer, than I'm a little less worried. I have no space to backup my XP and FBSD disk parts (at the moment). My suggestion is, then, to avoid fooling around with anything that can cause pain... ... or get another disk, and try Solaris when only that other disk is connected to the system. NEVER try out stuff that can wreak all sorts of havoc in your current disk, if you do not have a properly configured, tested, working backup system in place. Not a good idea :-/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: solaris
On 2006-09-04 08:41, Bill-S [EMAIL PROTECTED] wrote: At Mon, 4 Sep 2006 it looks like Matthew Seaman composed: Back in the Solaris 8 days, the trick was to use fdisk to create a primary partition and mark it as type 'Linux Swap' after which Solaris would happily recognise it as a location to install into. Quite how it happened that Solaris uses the same partition type as Linux swap is shrouded in the mists of time. (giggle) If I recall correctly, there was some hacking to do too if you were dual-booting Solaris and Linux on the same disk for Solaris would try on use your whole Linux filesystem as its own swap location. Wasn't it the other way around (i.e. Linux assuming that anything marked as Linux swap, is fine for a swap partition, happily proceeding to trash your Solaris filesystems?). Still sounds like tons of fun though :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: solaris
On 2006-09-04 15:52, backyard [EMAIL PROTECTED] wrote: I would recommend the second drive option. Me too. Not for the same reasons though. I have attempted installing Solaris 10 on multiple computers and all if ever seems to do is corrupt the drive on me. Once I got it to boot up and go into their version of X windows. After installing the Bonus pack with KDE and such never turned on again. Very frustrating. good luck, I've given up until I have a Sun Box to play with. I have installed Solaris 10 on *dozens* of systems at work. Very few of them were real Sun hardware and there has been exactly *one* case where something went wrong. It turns out this case was *my* fault. The only case when Solaris can be a pain to install is when you try it out on a system with hardware that is not supported by the drivers shipped with Solaris. Even in those cases, some times just adding one of the supported NICs, or a VGA, or booting from ATA disks and using SATA disks only for extra storage, can really work wonders... Solaris 10 is a wonderful system, it works flawlessly for various tasks that I use it at work (I prefer FreeBSD for my home systems), and the people who answer questions on comp.unix.solaris are knowledgeable, (usually) kind, and cool. So, please, don't be so hasty in accusing Solaris for problems you have had until now ;-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Oh, no....
On 2006-09-01 20:30, Gary Kline [EMAIL PROTECTED] wrote: Well, gang, for about the only time in ten or eleven years, my FreeBSD has kernel crashed. The kernel err is 18 I believe a int divide by zero. I backup most stuff regularly but still have several megs of data files. Can I fix this with a fixit disk? Or is all hope lost? gary Fatal trap 18: blah, blah Uptime 1sec Have you restarted the system that crashed? Does it consistently panic when you try to boot, or was this a panic introduced by the particular conditions of that moment? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Is the new version going to be easier to get working?
On 2006-09-02 14:33, NoIP (exemail) [EMAIL PROTECTED] wrote: Hi, Two mornings ago I was feeling pretty good. I had downloaded and burnt to disc freebsd, pcbsd and also desktopbsd. But not now Having 21 computers here I figured I would finally be rid of MSwindows, and have a complete LAN system that was more reliable. Seven computers I have tried with all three BSDs and not one of them managed to produce a working network connection. The only thing I achieved was that now I can almost visualise every screen from the installations. I am baffled by how anyone is able to get a bsd networked system working. I guess I just have to stick with a windowsOS. Have you already read the Handbook? If not, then start here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ Pay special attention to section 2.9 and chapter 27: 2.9. Post Installation http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-post.html 27. Advanced Networking http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/advanced-networking.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Oh, no....
On 2006-09-02 11:01, Gary Kline [EMAIL PROTECTED] wrote: 100% consistent. tHe strange thing is that when I set the boot-order in the BIOS to CDROM it's ignored. (Maybe I don't have the boot CD? that occured when I was crawling out of bed!) I have all 4 f the 5.3 boxed set. So there is no way to boot from install disc-1 of FreeBSD? This should at least give you a chance to boot from the install disc, and then insert the FixIt CD-ROM to start investigating what is wrong, as Greg Lehey suggested :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Why sendmail?
On 2006-09-02 13:25, Gerard Seibert [EMAIL PROTECTED] wrote: On Saturday 02 September 2006 11:31, Atom Powers wrote: [...] By making the Postfix port /not/ disable Sendmail it gives you the ability to, more easily, run Sendmail *and* Postfix on the same machine. ie it doesn't break your current configuation. Why would I want Sendmail running in conjunction with a properly functioning Postfix installation? I can only imagine problems resulting from such a venture. Testing, during a transition period? Multiple MTA's serving two different sides of a network? I'm not saying that this would be a terribly good idea for a long-term setup, but there are cases where one may find it slightly useful. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: CVS
On 2006-08-30 16:32, Martin Schweizer [EMAIL PROTECTED] wrote: Hello Which ports does I need for a cvs system (client and server)? I searched against cvs in ports but it gets a lot of links. Any hints are welcome. You don't need any ports. CVS is part of the base system, and it can work both as a client and server. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfilter on 6.1
On 2006-08-26 20:31, J.D. Bronson [EMAIL PROTECTED] wrote: At 07:59 PM 8/26/2006, you wrote: I'd go for the simpler syntax of: MYADDR: ! /sbin/ipf -y well that didnt work either. what a pain. :( tun0: Warning: /etc/ppp/ppp.linkup: ! /sbin/ipf -y: Invalid command perhaps its time to write a script and simply reference the script from ppp.linkup This is indeed, a good idea :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Commercial Software
On 2006-08-26 13:00, shankar [EMAIL PROTECTED] wrote: Hi, I quote you from your page: http://www.freebsd.org/doc/en_US.ISO8859-1/articles/contributing/index.html Commercial entities engaged in FreeBSD-related enterprises are also encouraged to contact us. I am a software writer, my website is http://www.shankar-software.org I want to port my business software to other operating systems. Linux seemed the obvious first choice. After studying it for the past one month I am completely vexed by the gnu licenses covering their glibc libraries. It seems that if I want to port my software to linux, I have to write my own libc libraries (which is a highly time consuming effort) or not-object to giving my software under terms that almost strips me of all rights. Some of the frustrating aspects of the LGPL terms are: a) I must allow the end user to modify my work for their own use (should picasso allow the buyers of his paintings to alter it if it doesn't suit their taste?) No, you are not required to do this for all programs that merely use the services provided by the LGPL. Term (5) of the LGPL explicitly states that: A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a work that uses the Library. Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License. b) I must allow reverse engineering for debugging even if source is not provided. (should or would an artist allow his artwork to be corrected by his customers?) I don't agree with the parallel and comparison with artists, but what is the explicit part of the LGPL that makes you think this is a requirement? I want to port my software to the freebsd OS. Great :-) You are more than welcome, of course. Now my question to you are these. 1) Can I keep my software closed source, proprietary? Yes. 2) Do you have any C library that will ease the porting of my software to freebsd that I can statically link to, which is not covered by LGPL or any such nonsense. The system version of libc in FreeBSD is not distributed under the terms of the LGPL. Please see the copyright statements in our web site: http://www.freebsd.org/copyright/index.html After the royal treatment that we commercial developers receive under windows, entering other oses seem prohibitively time consuming because: 1) Commercial interests are discouraged. One linux user said if I copy protect my system, I will have no takers under linux. So I said fine, linux then does not need me I will go where I am welcome and where I am allowed to protect my interests. The price of anything depends on its need. If my software is very much needed people will take it even if it is closed source and proprietary and copy protected. After all there are a lot of buyers for my closed source, proprietary, copy protected windows version of my software. If it is not needed then people will not take it even if it is free and open source. Ask business users about their ERP source code customization project disasters and if they still would like to have the source code. They will vehemently say no. They want software that will work, that will solve their headaches, that will solve their problems. All these does not necessarily come with free source code. All this is irrelevant in the context of the BSD license. You are, essentially, free to do whatever you wish, other than sell FreeBSD itself and say that you did all the work. The popularity of an operating system depends on the number of applications (commercial or otherwise) that are available for it. Microsoft understands this very very well. When windows 3.0 was released Bill Gates rolled in a big trolley full of software packages that would run on windows 3.0 on to the stage. That led to the success of windows 3.0 where windows 1.0 and windows 2.0 failed due to lack of applications on it. Most of FreeBSD users are highly uniniterested in what Windows wants or Windows users like paying for. We like getting the job done, and if a BSD OS can do it, that's what we use. For example, Windows can do whatever it pleases, as far as I am concerned. I don't really care about the reasons why other people like paying huge amounts of money for buing something that runs as part of Windows or on Windows itself. 2) Porting help like libraries, programming documentation like MSDN is next to non existent or are most difficult to find. Are you sure? The BSD operating systems are famous for their level of documentation and the support they provide to users who are programmers themselves too. 3) There is no Platform SDK complete with all libraries, compilers, header files that encourages developers without stripping them naked. In fact the windows operating system is itself one huge library with thousands
Re: ipfilter on 6.1
On 2006-08-26 15:02, J.D. Bronson [EMAIL PROTECTED] wrote: I got a full load of 6.1p4 installed and all built. I have pppoe and ipfilter running almost perfect. Clients can use the machine (as a router) and get out perfectly! No issues with network performance at all. I am very pleased...until... I found out that the router itself cant get out 100%. My ipconfig is basically this: bge0 - 10.43.82.174 alias 10.43.82.171 - for bind9 views alias 10.43.82.51 - for bind9 views bge1 - connected to dsl modem well I cant even telnet from the machine to itself! 'destination unreachable' DNS requests from the server itself (to itself - it runs bind) are unanswered yet it is able to fully answer requests from internal or external clients...just not itself! If I use a public DNS server -or- use the IP of the machine I want to connect up to, the router is able to get out and uses the correct IP. I used the same configs from solaris on here (ipf.conf and ipnat.conf) and only needed to change sppp0 to tun0. this should take care of anything the machine itself needs: ipf.conf== # Pass LAN traffic to/from bge0 pass in quick on bge0 all keep state keep frags pass out quick on bge0 all keep state keep frags # Pass traffic to WAN and keep state pass out quick on tun0 proto tcp all flags S keep state keep frags pass out quick on tun0 proto udp all keep state keep frags pass out quick on tun0 proto icmp all keep state keep frags == I am totally baffled. Its like I am being blocked somehow but even with ipfilter WIDE open - traffic still wont pass. I am wondering if this is some quirk with the interface aliases...although running the basic same setup on solaris - it works perfectly. Don't show us the ipf.conf file you are using, but the output of: % ipfstat -hni % ipfstat -hno Then we can really know what rules you have loaded in IP Filter. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfilter on 6.1
On 2006-08-26 16:05, J.D. Bronson [EMAIL PROTECTED] wrote: At 03:40 PM 8/26/2006, Giorgos Keramidas wrote: Don't show us the ipf.conf file you are using, but the output of: % ipfstat -hni % ipfstat -hno Then we can really know what rules you have loaded in IP Filter. # ipfstat -hni 2 @1 pass in quick on bge0 all keep state keep frags # ipfstat -hno 1 @1 pass out quick on bge0 all keep state keep frags 1 @2 pass out quick on tun0 proto tcp from any to any flags S/FSRPAU keep state keep frags 1 @3 pass out quick on tun0 proto udp from any to any keep state keep frags 0 @4 pass out quick on sppp0 proto icmp from any to any keep state keep frags ...they seem to match exactly. Weird. This doesn't seem ot include *ANY* block rules at all. Is this a standard 6.1 installation, or do you have local IP Filter modifications (like, for instance, a modified 'default' rule which blocks everything, instead of allowing everything)? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfilter on 6.1
On 2006-08-26 17:10, J.D. Bronson [EMAIL PROTECTED] wrote: At 05:07 PM 8/26/2006, Giorgos Keramidas wrote: Weird. This doesn't seem ot include *ANY* block rules at all. Is this a standard 6.1 installation, or do you have local IP Filter modifications (like, for instance, a modified 'default' rule which blocks everything, instead of allowing everything)? Yes and no. I did build a kernel with BLOCK as a default... but my IPF rules are pass it all with no specific blocking... Well, there's your problem then. If you are using a modified kernel with block as the default action for IP Filter, hten you have to *EXPLICITLY* allow traffic to travese the loopback interface, which you haven't done. Your current ipf.conf includes: # Pass LAN traffic to/from bge0 pass in quick on bge0 all keep state keep frags pass out quick on bge0 all keep state keep frags # Pass traffic to WAN and keep state pass out quick on tun0 proto tcp all flags S keep state keep frags pass out quick on tun0 proto udp all keep state keep frags pass out quick on tun0 proto icmp all keep state keep frags Try reverting the local IP Filter changes that modify the default policy to block and use something like this instead: + # Block everything by default. + block in log from any to any + block out log from any to any + + # Allow everything on lo0. + pass in quick on lo0 from 127.0.0.1/32 to 127.0.0.1/32 + pass out quick on lo0 from 127.0.0.1/32 to 127.0.0.1/32 # Pass LAN traffic on bge0 interface. pass in quick on bge0 all keep state keep frags pass out quick on bge0 all keep state keep frags # Pass outgoing traffic to WAN and keep state pass out quick on tun0 proto tcp all flags S keep state keep frags pass out quick on tun0 proto udp all keep state keep frags pass out quick on tun0 proto icmp all keep state keep frags Please pay particular attention to the rules marked with '+' above. This may explain why in a previous post you wrote: On 2006-08-26 15:02, J.D. Bronson [EMAIL PROTECTED] wrote: Clients can use the machine (as a router) and get out perfectly! No issues with network performance at all. I am very pleased...until... I found out that the router itself cant get out 100%. My ipconfig is basically this: bge0 - 10.43.82.174 alias 10.43.82.171 - for bind9 views alias 10.43.82.51 - for bind9 views bge1 - connected to dsl modem well I cant even telnet from the machine to itself! 'destination unreachable' DNS requests from the server itself (to itself - it runs bind) are unanswered yet it is able to fully answer requests from internal or external clients...just not itself! If I use a public DNS server -or- use the IP of the machine I want to connect up to, the router is able to get out and uses the correct IP. You are implicitly blocking all traffic on the lo0 interface (by the modified default policy to block all traffic, and missing an explicit rule to allow lo0 traffic). When a system tries to connect to itself, it uses lo0/127.0.0.1 and this is not possible with your setup. I hope this helps a bit, -- Giorgos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfilter on 6.1
On 2006-08-26 17:48, J.D. Bronson [EMAIL PROTECTED] wrote: At 05:19 PM 8/26/2006, Giorgos Keramidas wrote: You are implicitly blocking all traffic on the lo0 interface (by the modified default policy to block all traffic, and missing an explicit rule to allow lo0 traffic). When a system tries to connect to itself, it uses lo0/127.0.0.1 and this is not possible with your setup. I hope this helps a bit, Oh geezI cant believe I forgot lo0. HOW STUPID. I will edit this and take another look at it. Cool! If this is indeed the fix, let us know :) If you also feel like it and you are not limited by contract or other things, I'd be interested to see how you modified IP Filter to make it use a block by default policy. Regards, Giorgos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfilter on 6.1
On 2006-08-26 18:52, J.D. Bronson [EMAIL PROTECTED] wrote: At 06:37 PM 8/26/2006, Giorgos Keramidas wrote: Cool! If this is indeed the fix, let us know :) If you also feel like it and you are not limited by contract or other things, I'd be interested to see how you modified IP Filter to make it use a block by default policy. Regards, Giorgos This fixed it. WHEW! Great :) Simply adding this to my own kernel: options IPFILTER options IPFILTER_LOG options IPFILTER_DEFAULT_BLOCK Ok this was what I wanted to make sure :) then: # ipf -V ipf: IP Filter: v4.1.8 (416) Kernel: IP Filter: v4.1.8 Running: yes Log Flags: 0 = none set Default: block all, Logging: available Active list: 0 Feature mask: 0xa ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfilter on 6.1
On 2006-08-26 19:46, J.D. Bronson [EMAIL PROTECTED] wrote: Ok guys...now that I have ipfilter working...I need to run a few commands in /etc/ppp/ppp;linkup and cant figure out the syntax... % cat /etc/ppp/ppp.linkup # It is no longer necessary to re-add the default route here as our MYADDR: ! sh -c /sbin/ipnat -CF -f /etc/ipnat.conf ! sh -c /sbin/ipf -F -f /etc/ipf.conf ! sh -c /sbin/ipf -Fa -f /etc/ipf.conf ! sh -c /sbin/ipf -y Watch out for that empty line, if it is *REALLY* part of your `ppp.linkup' script. Empty lines are section delimiters in ppp(8) config files. Thereis also no reason to run ipf _twice_! Please also note that I don't use sh -c to signal ntpd to start/stop from my ppp.linkup script and it all works fine: [EMAIL PROTECTED]:/root# cat -n /etc/ppp/ppp.linkup 1 MYADDR: 2 ! /etc/rc.d/ntpd start [EMAIL PROTECTED]:/root# Maybe the whole sh -c and quoting stuff you are using is not really passed down to sh(1) but is parsed by ppp(8) when `ppp.linkup' is read? I am also not sure if it is a good idea to run ``ipnat -CF'' of ``ipf -Fa''. What about states of existing connections? If you momentarily lose the PPP connection, but it then comes up pretty fast, you are effectively dropping all previous connection information here, even though it may still be valid and useful. I'd go for the simpler syntax of: MYADDR: ! /sbin/ipf -y ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: The Regents of the University of California. All rights reserved.
On 2006-08-25 05:50, David J Brooks [EMAIL PROTECTED] wrote: On Friday 25 August 2006 04:19, Kyrre Nyg?rd wrote: Hello! I am just wondering why it says: The Regents of the University of California. All rights reserved. when I log in locally, but: The Regents of the University of California. All rights reserved. when I log in via SSH? The difference for you with untrained eyes is the double spacing after the dot instead of the standard single spacing. I was just curious if there's a reason to this or not. Back in the Jurassic era, when typewriters still roamed the earth, it was a convention to leave a double-space following a period so that the reader could more easily distinguish the end of a sentence. With the advent of word processors (and proportional fonts) this double-spacing convention lapsed. Which is very unfortunate, since none of the, so called, word processors can get it right(TM). Only TeX is a typesetting program that I have found smart enough to deal with properly spacing sentences, without the need for this doubled space character :-( My guess is that the code for SSH was written by someone who learned to type on a typewriter, or was taught by someone who learned to type that way. A lot of people still use non-proportional fonts; especially when reading and/or writing program sources ;-) You really hit the mark with typewriter habits vs. word processors though :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Code beautifiers, anyone?
On 2006-08-25 15:24, Kyrre Nyg?rd [EMAIL PROTECTED] wrote: At 21:09 24.08.2006, Matti J. Karki wrote: Well, my scripts aren't magic. They are pretty simple. Here's few (not scripts, these are valid Vim regexps): Those are great regexps, Matti, thank you so much. They have been noteworthy recorded! Say, could I use these with Sed let's say in a Bash script? One more question about :%s/^ *$//g versus :%s/ *$//g, won't the latter here perform the job of the former? They are different for a reason, I guess: The first one matches lines that only have spaces (it fails spectacularly with lines that have a mix of TAB vs. SPACE characters though, unless you pre-expand TABs). The second one only removes trailing SPACEs from a line. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sendmail
On 2006-08-25 16:00, eoghan [EMAIL PROTECTED] wrote: Hello Im using sylpheed for my mail (its work mail). Having some issues sending from their smtp server to non-work accounts. I have sendmail installed but I have never used it before and am wondering if I can use this through my local machine to send my mail? Yes, of course :-) This is what I usually do. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sendmail
On 2006-08-25 18:40, eoghan [EMAIL PROTECTED] wrote:
On 25 Aug 2006, at 18:35, Giorgos Keramidas wrote:
On 2006-08-25 16:00, eoghan [EMAIL PROTECTED] wrote:
Hello
Im using sylpheed for my mail (its work mail). Having some issues
sending from their smtp server to non-work accounts.
I have sendmail installed but I have never used it before and am
wondering if I can use this through my local machine to send my
mail?
Yes, of course :-)
This is what I usually do.
Heh, thanks. I guess youre saying I should have said: how would i go
about doing this...
If someone was to re-write a step by step guide for Sendmail on FreeBSD,
it would take far more than a single email response.
You should definitely start by reading, at least, the following:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail.html
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/sendmail.html
For available configuration options and the functionality they
implement, you can also look at: /usr/share/sendmail/cf/README
The Sendmail FAQ is also a valuable resource, and it is available online
at: http://www.sendmail.org/faq/index.html
In general, what you have as a goal is something that works like this:
work
+--+ related+--+
| | messages | |
| Sendmail | | Company's Mail |
| | | Gateway |
| Running| | |
| as | +--+
| a local|
| MTA |
| | ==.
| || other +--+
+--+| messages | |
|| Mail Gateway |
`= | of your |
| Internet |
| Provider |
| |
+--+
This is very easy to do in FreeBSD. You just have to run `make' once in
the `/etc/mail' directory. This will create two files, called:
HOSTNAME.mc
HOSTNAME.submit.mc
where `HOSTNAME' is your local host name. You can configure Sendmail,
by following the instructions in the Handbook, the help in the README
file of the Sendmail macros, at `/usr/share/sendmail/cf/README', and
making configuration changes to `HOSTNAME.mc'.
You can direct all outgoing email from `localhost' to the mail gateway
of your ISP, by reading the comments in `/etc/mail/HOSTNAME.mc' and
enabling the `SMART_HOST' feature.
Extra bonus points, if you don't want company email to pass through the
MTA of your ISP, if you set up a `mailertable' entry to direct all
company-related email to the mail gateway of your company, you can use
the `mailertable' feature. Note that some ISPs do not allow outgoing
connections to port 25 of any random host, so this may not be always
possible though.
Attached below are two descriptions of the steps I took to set up
Sendmail, from two of my older posts to the list. See if these are of
any help too.
The second one describes the configuration I use on my workstation at
work, to do something similar to the two-way output (work email to the
email gateway of work, all the rest to the default mail gateway) which
is shown in the ASCII-diagram above.
==
Date: Fri, 26 Mar 2004 07:34:45 +0200
From: Giorgos Keramidas [EMAIL PROTECTED]
To: David Bear
Cc: freebsd-questions@freebsd.org
Subject: Re: sendmail local mta mode only
Message-ID: [EMAIL PROTECTED]
References: [EMAIL PROTECTED]
On 2004-03-25 19:24, David Bear [EMAIL PROTECTED] wrote:
Not sure how to phrase this to limit the number of google hits ..
I would like to run the stock sendmail freebsd has as a local MTA
only... ie I don't want to listening on ANY real/public interface for
mail. I do want it to handle delivery of local messages to local
accounts -- and handle sending messages destined for external systems.
I think that what you need is something similar to my setup at home,
where sendmail doesn't listen on any public interfaces:
$ sockstat | { read head ; echo $head; grep :25; }
USER COMMANDPID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root sendmail 458 4 tcp4 127.0.0.1:25 *:*
Delivery of local messages is handled nicely by the submit daemon
that I run, and mail submitted by local programs into the clientmqueue
is pushed along by an msp_queue daemon:
$ ps xa | grep -v grep | grep sendmail
458 ?? Ss 0:01.17 sendmail: accepting connections (sendmail)
461 ?? Is 0:00.09
Re: The Regents of the University of California. All rights reserved.
On 2006-08-25 19:46, Kyrre Nyg?rd [EMAIL PROTECTED] wrote: At 12:50 25.08.2006, David J Brooks wrote: Back in the Jurassic era, when typewriters still roamed the earth, it was a convention to leave a double-space following a period so that the reader could more easily distinguish the end of a sentence. With the advent of word processors (and proportional fonts) this double-spacing convention lapsed. My guess is that the code for SSH was written by someone who learned to type on a typewriter, or was taught by someone who learned to type that way. I just hope somebody with the know-how can submit a patch. A patch? There's nothing wrong, so why fix it :-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Has Anyone Else Tried mha-mhedit?
On 2006-08-25 16:03, Martin McCormick [EMAIL PROTECTED] wrote: I use nmh and recently wanted to not have to manually clean up all the garbage that gets in to the quoted text if you quote a HTML message or one that has a lot of 8-bit junk like Microsoft OUtlook messages do. It looked like I needed mhonarc so I installed the port with no problem. Each time I try to use mha-mhedit to reply to a message full of mime and 8-bit characters, I get the following error: open2: exec of w3m -dump -cols 76 -T text/html failed at /usr/local/etc/mha-mhedit line 104 It looks like mha-mhedit tries to run the www/w3m browser to dump a text-only version of the HTML document, and then quote this as the original. Do you have the w3m port installed? If not, there is probably an option to tell mha-mhedit to use another browser with similar capabilities. FWIW, I use a similar trick to let mutt(1) handle HTML-only messages posted by Outlook users. In my ~/.mailcap file I have (all in one line): text/html ; /usr/local/bin/elinks \ -dump -dump-charset greek '%s' ; copiousoutput Maybe mha-mhedit can use a similar trick? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Rebuilding Kernel
On 2006-08-21 16:28, beno [EMAIL PROTECTED] wrote: Hi; I just barely finished upgrading from 5.3 to 6.1 and all is well, however, now I realize I have to rebuild my kernel again to accommodate PF. I've edited the correct GENERIC file (I'm on an i386 box). Don't edit GENERIC. It's very rarely a good idea. If you spend some time to fine tune GENERIC to your own particular setup, matching your own preferences, you may be surprised in a very bad way after the next CVSup run, when all your local modifications are blown away by CVSup as it updates your 'GENERIC' configuration to the official GENERIC status. It is a *FAR* better idea to copy GENERIC and edit a copy. Most of the time I even go as far as copying GENERIC _outside_ of the `/usr/src' tree, i.e. in `/root/kernconf/LOCAL' and symlink that file inside the source tree, i.e. at `/usr/src/sys/i386/conf'. Are these commands sufficient? make buildkernel make installkernel Not necessarily. or do I need to redo all this? make buildkernel make installkernel sh /etc/rc.shutdown pkill sendmail pkill syslogd mergemaster -p make installworld mergemaster reboot /usr/local/bin/portmanager -u -f -l -y make delete-old-libs Why are you running `/etc/rc.shutdown' manually? Why are you using `pkill' on Sendmail and syslogd? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Rebuilding Kernel
On 2006-08-22 18:00, Mikhail Goriachev [EMAIL PROTECTED] wrote: Giorgos Keramidas wrote: On 2006-08-21 16:28, beno [EMAIL PROTECTED] wrote: make buildkernel make installkernel sh /etc/rc.shutdown pkill sendmail pkill syslogd mergemaster -p make installworld mergemaster reboot /usr/local/bin/portmanager -u -f -l -y make delete-old-libs Why are you running `/etc/rc.shutdown' manually? Why are you using `pkill' on Sendmail and syslogd? That was just an *example*[1] I gave Beno for the remote upgrade. Apparently, it's been taken very seriously and copy-pasted. [1] http://lists.freebsd.org/pipermail/freebsd-questions/2006-August/129129.html Ah, I see now :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Rebuilding Kernel
On 2006-08-22 08:43, beno [EMAIL PROTECTED] wrote: Giorgos Keramidas wrote: Don't edit GENERIC. It's very rarely a good idea. If you spend some time to fine tune GENERIC to your own particular setup, matching your own preferences, you may be surprised in a very bad way after the next CVSup run, when all your local modifications are blown away by CVSup as it updates your 'GENERIC' configuration to the official GENERIC status. It is a *FAR* better idea to copy GENERIC and edit a copy. Most of the time I even go as far as copying GENERIC _outside_ of the `/usr/src' tree, i.e. in `/root/kernconf/LOCAL' and symlink that file inside the source tree, i.e. at `/usr/src/sys/i386/conf'. Great. I added that to my script and copied over GENERIC to a separate folder, as per your idea. Now, since I had already rebuilt the kernel, I presume I don't have to concern myself with this issue until the next time I do so, is that correct? I'm not sure what that refers to (I am assuming it refers to this issue), but I don't know what the *real* issue was. You can definitely keep the kernel configuration file anywhere you want. You *have* to follow the documented, buildworld and then buildkernel process if you are upgrading from one major release branch (5.X) to a newer branch (6.X). You can save some time if you keep your /usr/obj tree around and run only buildkernel, but this costs in disk space. Even in that case, there are two sub-cases: - You have only tweaked minor options in your config file. Then it may be safe to run: # cd /usr/src # make -DNO_CLEAN KERNCONF=LOCAL buildkernel - You have made significant changes to your kernel. Then it may still be necessary to run buildworld/buildkernel (especially if one of the options you tweaked changes kernel internals, which may break programs that depend on these kernel internals). For these reasons, if you have a moderately fast system, it is always safer to run the full buildworld/buildkernel cycle. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to prevent users from receiving email
On 2006-08-19 19:21, Bill Moran [EMAIL PROTECTED] wrote: Apparently my memory is useless and I've lost the ability to use google as well. I just added a user account to a mail server, but I don't want that user to receive mail on that server. It's running Postfix. I seem to remember a canonical method for preventing certain users from receiving email. But my memory has failed, and I can't seem to find anything on google. Is it an /etc/aliases trick? You can use the Postfix `access' map for this. You can enable an `access' map in Postfix by setting in your `main.cf' file: smtpd_client_restrictions = \ check_client_access hash:/usr/local/etc/postfix/access Then, in `/usr/local/etc/postfix/access' put: [EMAIL PROTECTED]REJECT and run `postmap' on the `access' file: # postmap /usr/local/etc/postfix/access Reload Postfix and off you go :-) There are other reject options too, which offer more fine-grained control of the SMTP error codes and the text of the error messages Postfix will return. See, for example: http://www.postfix.org/access.5.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ouch! write failed, file system is full
On 2006-08-19 18:55, W. D. [EMAIL PROTECTED] wrote: How do I get out of this mess? gzip: stdout: No space left on device Broken pipe df Filesystem 1K-blocks UsedAvail Capacity Mounted on /dev/da0s1a 9918398644-7395 108%/ First of all, start by trying to find out where all that space has gone, by judicious use of du(1), i.e.: # cd / # du -xsk * Then, when you have a good idea why your root filesystem is out of space, backup and remove or move away any files that don't need to be there :-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Stupid question about mountpoints and fstab
On 2006-08-15 18:41, Odhiambo Washington [EMAIL PROTECTED] wrote: Hello people, I have never figured out something like this can be done, but today I see it. We have purchased s co-lo server. They have installed it and given me access to do whatever you want with the box, but their fstab has left me thirsty, wanting to know what's going on ... sp2817a# less /etc/fstab # DeviceMountpoint FStype Options DumpPass# /dev/ad0s1b noneswapsw 0 0 /dev/ad0s1a / ufs rw 1 1 /dev/ad0s1g /home ufs rw 2 2 /dev/ad0s1e /tmpufs rw 2 2 /dev/ad0s1f /usrufs rw 2 2 /dev/ad0s1d /varufs rw 2 2 /dev/ad0s2 /home ufs rw 2 2 /dev/acd0 /cdrom cd9660 ro,noauto 0 0 sp2817a# df -h Filesystem SizeUsed Avail Capacity Mounted on /dev/ad0s1a2.9G 54M2.6G 2%/ devfs 1.0K1.0K 0B 100%/dev /dev/ad0s1g 15G 22K 13G 0%/home /dev/ad0s1e248M8.0K228M 0%/tmp /dev/ad0s1f9.7G1.9G7.0G22%/usr /dev/ad0s1d6.8G 46M6.2G 1%/var /dev/ad0s2 72G 22K 66G 0%/home Now, if someone can explain to me what the hell is being done with /home in this server... ;) What does dumpfs print? # dumpfs /home | head -19 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Stupid question about mountpoints and fstab
On 2006-08-15 19:08, Giorgos Keramidas [EMAIL PROTECTED] wrote: On 2006-08-15 18:41, Odhiambo Washington [EMAIL PROTECTED] wrote: Hello people, I have never figured out something like this can be done, but today I see it. We have purchased s co-lo server. They have installed it and given me access to do whatever you want with the box, but their fstab has left me thirsty, wanting to know what's going on ... sp2817a# less /etc/fstab # DeviceMountpoint FStype Options Dump Pass# /dev/ad0s1b noneswapsw 0 0 /dev/ad0s1a / ufs rw 1 1 /dev/ad0s1g /home ufs rw 2 2 /dev/ad0s1e /tmpufs rw 2 2 /dev/ad0s1f /usrufs rw 2 2 /dev/ad0s1d /varufs rw 2 2 /dev/ad0s2 /home ufs rw 2 2 /dev/acd0 /cdrom cd9660 ro,noauto 0 0 sp2817a# df -h Filesystem SizeUsed Avail Capacity Mounted on /dev/ad0s1a2.9G 54M2.6G 2%/ devfs 1.0K1.0K 0B 100%/dev /dev/ad0s1g 15G 22K 13G 0%/home /dev/ad0s1e248M8.0K228M 0%/tmp /dev/ad0s1f9.7G1.9G7.0G22%/usr /dev/ad0s1d6.8G 46M6.2G 1%/var /dev/ad0s2 72G 22K 66G 0%/home Now, if someone can explain to me what the hell is being done with /home in this server... ;) What does dumpfs print? # dumpfs /home | head -19 Doh! Ignore that. I didn't realize two filesystems were mounted on top of each other. This shouldn't be a problem, but unless you unmount the /dev/ad0s2 device, the 13 GB of /dev/ad0s1g will remain forever hidden. Not much harm done, but it's a pity to waste all that space :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: quick way fall back to the original kernel
On 2006-08-14 11:20, dick hoogendijk [EMAIL PROTECTED] wrote: On 13 Aug Atom Powers wrote: And, although I've never tried it, you sholud be able to `cp /boot/kernel.old /boot/kernel` to restore the previous kernel. I did. A few times. I just renamed the directories to kernel and whatevername ;-) Works like a charm.. Right. I usually wait a few days to make sure there are no funny problems with the CURRENT kernel I'm using, and then run: # cd /boot # rm -fr kernel.safe # cp -Rp kernel kernel.safe This way, I have /boot/kernel, /boot/kernel.old and /boot/kernel.safe. By keeping kernel.safe out of the (kernel, kernel.old) way, I'm sure that I won't accidentally lose my 'safe' kernels because I run make installkernel at the wrong time. HTH, Giorgos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD STREAMS
On 2006-08-14 18:23, Aaron Christensen [EMAIL PROTECTED] wrote: All, Just curious, does FreeBSD (or any of the BSDs) have a STREAMS implementation? Not really. At least not in the official source tree. Or does anyone know of a 3rd party implementation? I'm not sure about this. What do you need STREAMS for? Perhaps we can find something that fits the bill and is already part of the base-system? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD STREAMS
On 2006-08-14 22:08, Aaron Christensen [EMAIL PROTECTED] wrote: On 8/14/06, Giorgos Keramidas [EMAIL PROTECTED] wrote: On 2006-08-14 18:23, Aaron Christensen [EMAIL PROTECTED] wrote: All, Just curious, does FreeBSD (or any of the BSDs) have a STREAMS implementation? Not really. At least not in the official source tree. Or does anyone know of a 3rd party implementation? I'm not sure about this. What do you need STREAMS for? Perhaps we can find something that fits the bill and is already part of the base-system? Well, we're trying to implement a custom kernel-level ssl... Is there any mechanism in FreeBSD to facilitate this? That's the reply I was sort of expecting, and the reason I asked. If this is meant to be used for network sockets, then a mechanism in FreeBSD that is similar to streams: it is called NETGRAPH. There are various 'node types' in FreeBSD already, which support various sorts of packet processing, filtering, rewriting, etc. The manpages of all the ng_(4) nodes are quite informational, and you can find a few good references for Netgraph in Julian Elischer's personal web space at FreeBSD.org: http://people.freebsd.org/~julian/ There are currently more than 50 different Netgraph node types in FreeBSD 7.0-CURRENT, providig packet functions such diverse as Berkeley packet filtering, a generic tunneling interface, packet firewalling, NAT functions, kernel mbuf tagging, or VLAN tagging, and so on. See all the ng_ manpages with: % man -k ng_ and the webpage of Julian mentioned above. Hopefully, you can find something that can help you get started. If an existing Netgraph node doesn't match 100% the functionality you want to do, you can always copy an existing node sources and modify them to create a node type of your own :-) HTH, Giorgos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: working with dbsd-tools
On 2006-08-13 18:30, Jonathan Horne [EMAIL PROTECTED] wrote: i almost have desktopbsd tools working perfectly... except that i cannot mount usb drives without opening a terminal as root, and chmoding /dev/da* to 660. how can i cause new devices (such as da*) to be created with proper permissions to let me mount it without becomming root to do so? ive already set up my devd.conf, and cdrom is working (but that one doesnt disappear/reappear like usb devices do). You can use devfs.rules for this. The manpage has an example that is probably pretty close to what you need: [localrules=10] add path 'da*s*' mode 0660 group usb ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OT: new documents notification and approval
On 2006-08-12 18:26, Andrea Venturoli [EMAIL PROTECTED] wrote: Hello. I apologize for the OT, but I really wouldn't know where to ask and, afterall, server side will be FreeBSD. A customer of mine has the need to notify all users when a certain type of new document is written and ask them to sign they have read it. Right now everything is on plain old paper, with someone running after everyone personally, but obviously they'd like to move to the electronic way. Right now the best (but surely not the only one) solution I've thought of is be the following: _ that same person can write to a SMB share on my server and will put new documents there; _ some program in NETLOGON.CMD will check for new entries, pop up a window with the link and the Accept button; acceptance means something will be written somewhere (possibly on that same share or another, or connecting to a web script); _ some PHP web page will collect the result and display who has accepted and who must be sollicited. Nah! That's a hack and an ugly one too. Just get a full document management system, instead of reimplementing a square wheel in PHP and being happy that it didn't come up with more edges :-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Top not showing cpu usage even remotely accurately
On 2006-08-10 00:45, Tamouh H. [EMAIL PROTECTED] wrote: But since running 5.x (5.5-STABLE since 1st Aug) top can show 0.0% idle but the cpu usages shown don't add up to much of a fraction of 100%. In recent 6.X versions, you can use 'S' to show system threads too. For an even more fine-grained view, you can use 'H' to show each thread separately. Then there is also the 'CPU' mode (as opposed to the default 'WCPU' mode of top). I've the same issue with FBSD 5.4 and TOP. In fact, the load averages are so irrelevant now that I barely pay attention to them. The server goes to 4 or 6 load averages without slowing down, and other times the load average would be 0.8 and the server is running slow. Probably because the work it does at the moment is not CPU-bounded? An example of unmatching TOP: last pid: 17889; load averages: 0.60, 0.52, 0.50 up 3+17:22:33 00:41:45 186 processes: 2 running, 183 sleeping, 1 lock CPU states: 30.0% user, 0.0% nice, 1.7% system, 0.1% interrupt, 68.3% idle Mem: 1678M Active, 1110M Inact, 287M Wired, 87M Cache, 112M Buf, 103M Free Swap: 8762M Total, 1584K Used, 8760M Free PID USERNAME PRI NICE SIZERES STATE C TIME WCPUCPU COMMAND 5071 nobody 1010 43124K 35180K CPU2 2 0:07 14.89% 14.89% httpd 14409 nobody 40 43940K 36076K sbwait 0 0:01 1.22% 1.22% httpd 95515 nobody 40 39892K 32188K sbwait 1 0:08 0.29% 0.29% httpd Try hitting 'S'. Perhaps the system spends too much time in system threads (i.e. the syncer) :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Port Not Available
On 2006-08-08 14:59, Gerard Seibert [EMAIL PROTECTED] wrote: I have not been able to get printing working on this PC. By accident. I noticed that the ::1 port does not seem to be available. I tried this command: ~ $ telnet localhost 25 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 scorpio.seibercom.net ESMTP Postfix (2.4-20060727) quit 221 2.0.0 Bye Connection closed by foreign host. As you can see, it says that the connection was refused. Is this normal? I thought that ::1 and localhost were always available. Ehm, that's not a port number, but an IPv6 address of `localhost': $ grep ::1 /usr/src/etc/hosts ::1 localhost localhost.my.domain $ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: perl problem
On 2006-08-03 10:50, RJ45 [EMAIL PROTECTED] wrote: Hello using imapsync to make a transition from imapuw to a cyrus server make the imapsync perl process to die on FreeBSD 6.1 because it uses more than 512MB of memory. this does not happen using imapsync with the same transfer operations on hte same mailboxes on a Linux fedora box the memory used also is less than 512MB. recompiling ther kernel of FreeBSD rising the memory to 1GB does not fix this at all. Seems like the perl process on FreeBSD explodes in memory. You don't have to rebuild your kernel to raise the maximum data segment size. Just set kern.maxdsiz in /boot/loader.conf and boot with the new setting. How can I do to fix this issue, any hints ? Increasing kern.maxdsiz and checking that the user limits are not still set to 512 MB may help a bit, but if the program still tries to allocate enormous amounts of memory I'm not sure if this is going to help a lot. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Midnight Commander in base distribution set
On 2006-08-04 08:38, Scott Oertel [EMAIL PROTECTED] wrote: Bryan Bonifacio wrote: The ports and packages are also available from the CD-ROMs (either the first or the second). I use midnight commander on a daily basis, can anyone recommend a better, more lightweight tool then mc? What's the job and who is going to do it? The best tool for a job is not always so easy to guess beforehand :P ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Are hardware vendors starting to bail on FreeBSD ... ?
On 2006-07-26 18:59, Gerard Seibert [EMAIL PROTECTED] wrote: Darrin Chandler wrote: Do you see that if support in 4.x had been based on open specs from Adaptec that this issue would not exist? Adaptec is controlling your ability to use their product, and that's the real problem. It's consumer-hostile, unless you fit their perfect picture of consumer. You don't, so you're left in the cold. I think you are missing the point here. It is 'THEIR PRODUCT'. They can do with it as they wish. If you are unhappy with their product, then don't use it. Darrin is not missing the point. He is just making a different point, which is (for many people, including me) quite valid. Most corporation are primarily interested in profits. Nothing wrong with that. I like making money, as I assume you do. Obviously they have weight the cost of producing FSBD compatible products and concluded that it would not be profitable to do so. Unless you could produce enough evidence to show them otherwise, I fear that you are simply beating a dead horse here. If the technical specifications are open, there is *zero* support cost for the hardware vendor. They don't even _have_ to make a driver for their hardware. What they *can* do though is reply to requests for an open source driver with: ``Piss off! We have you the technical specs, so you can write your own. Our development and support costs would not be justified, but here's the spec... give it your best shot.'' *This* is the point Darrin is trying to make :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to use kernel modules from CURRENT on STABLE
On 2006-07-25 08:44, Erik Norgaard [EMAIL PROTECTED] wrote: Hi: I have had some problems, it seems that the drivers in -STABLE does not support my hardware fully. So I want to try out drivers on -CURRENT without switching the whole system up to current. What is the best way to do this? - checkout current and copy the relevant source into the stable source tree? - checkout and compile -CURRENT kernel and then copy relevant kernel modules? - or won't work at all? problems with linking? other? It appears that most modules don't have a separate make file, how do I compile just the module in question? Apart from back-porting the fixes of the drivers to STABLE, I don't think there is *any* good way to do what you describe, so it's not easy to say what the best way is. I don't think any of the options listed above can work -- at least without some porting effort. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: A question for the AWK wizards
On 2006-07-25 21:43, Murray Taylor [EMAIL PROTECTED] wrote:
Hi all,
I have a shell script which is called with an arbitrary message
argument. Punctuation excludes * ? | chars.
It processes it via an AWK command line 'script' and dumps the result
in a file for the SMS sender...
Nice and simple.
Except that the AWK script seems to duplicate the last character or
two in the message. Everything else in the 200 odd lines of shell
scripts surrounding this function run just fine, and this bit runs
too, but this tiny thing is _VERY_ annoying.
The shell code is listed below.
Please teach me what bit I missed (C and TCL are my forte, not
AWK)
--8--
# sourced into other scripts that need to SMS
# !! 4 space indents, NOT tabs !!
#
# generate the sms message
# the awk code forces the message to be 160 chars
sendsms() {
msg=$1
case ${sms_enable} in
[Yy][Ee][Ss])
for phone in ${phonelist}
do
tmpfile=`mktemp -t sms`
echo ${phone} ${tmpfile}
${AWK} '{ printf %-0.159s, $0 }' ${tmpfile} EOF2
`echo $msg`
EOF2
mv ${tmpfile} ${gsmspool_dir}
done
;;
*)
;;
esac
}
The above has a weird construct which can be simplified a bit:
| ${AWK} '{ printf %-0.159s, $0 }' ${tmpfile} EOF2
| `echo $msg`
| EOF2
You can write this as:
| echo ${msg} | ${AWK} '{printf %-0.159s, $0}' ${tmpfile}
Are you deliberately avoiding to append a newline character to the
output of ${AWK} above? See the output of the two commands below,
as it's filtered through hd(1) utility.
| $ echo foo | awk '{ printf %-0.159s, $0 }' | hd
| 66 6f 6f |foo|
| 0003
| $ echo foo | awk '{ printf %-0.159s\n, $0 }' | hd
| 66 6f 6f 0a |foo.|
| 0004
| $
There is no problem with this part of the scripts you posted though.
They should work as expected. I'd probably look elsewhere for a bug
that causes the character duplication.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OpenBSD PF firewall in Freebsd
On 2006-07-25 18:53, Ivan Levchenko [EMAIL PROTECTED] wrote: Hello all, Is PF installed with the base system in FreeBSD 6.1? I see that there is IPF, is it the same thing? I didn't find PF in the ports tree, so thats why i'm asking. Yes, PF is part of the base system in recent FreeBSD releases. To enable PF support, you can either load it as a module (kldload pf), or compile it into your custom kernel. The startup scripts of the system support loading the module, if necessary, so to use PF you can just enable it in `/etc/rc.conf', i.e. with something like: pf_rules=/etc/pf.conf pf_enable=YES pflog_enable=YES Then, all you have to do is tune your ruleset in `/etc/pf.conf', and off you go :) One tricky point that you should pay attention to is that when PF is used as a loadable kernel module you cannot use ALTQ for traffic shaping. To be able to use the ALTQ features, you have to build a custom kernel that includes both PF and ALTQ options. HTH, -- Giorgos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [OT] gcc: maximum length of an array?
On 2006-07-27 17:02, P.U.Kruppa [EMAIL PROTECTED] wrote: On Sun, 23 Jul 2006, Giorgos Keramidas wrote: On 2006-07-24 20:49, P.U.Kruppa [EMAIL PROTECTED] wrote: Hi, sorry for posting an [OT], but usually people on this list know everything :-) Since I don't know too much about programming I am frequently fascinated by simple things like Eratosthenes' sieve. As you might remember, one has to create a boolean array for that. The longer the array the more primes can be found. With malloc() I can create an array of length 1 (10^8) and the first 5761455 primes are calculated in a few seconds. So of course I would like to test length 10^9 but here my program crashes. If this is about integer values, which are probably 32-bit, you are hitting the kern.maxdsiz limit of 512 MB. An array of 100,000,000 32-bit values takes up 4 * 100,000,000 = 400,000,000 (close to 400 MiB of memory to store). Anything above 512 MB in size will make the data size of your program so big that it will overflow the data seg size: $ ulimit -a core file size (blocks, -c) unlimited data seg size (kbytes, -d) 524288 ... You can either increase kern.maxdsiz in your `/boot/loader.conf' file, or redesign the algorithm to work with larger datasets by splitting them in chunks that you can still process with 512 MB of data :) *How* can I effectively split my array up? Not by using the original Sieve of Eratosthenes, that's for sure. By sacrifising some of the speed, you can probably use secondary storage though, to make sure that you keep at most 512 MB of data in physical memory. How can I access an element arr[n] if n is bigger than INT_MAX ? I have tried some kind of linear/linked list, but that becomes disgustingly slow. Actually, the limit of data offsets you can meaningfully access with a C program is not INT_MAX, which may be as low as +32767 (see page 22 of the ISO/IEC 9899:TC2 public draft of the C programming language[1]). [1] Draft n1124 from http://www.open-std.org/JTC1/SC22/WG14/www/docs/ The largest size of object you can access with a conforming C program is SIZE_MAX (see page 259 of the same PDF document). The standard doesn't require `size_t' to be much larger than `int' though, so this may still be inadequate for processing huge datasets. You have multiple options, the way I see it: * Bump kern.maxdsiz to something higher (this can work for much larger datasets than 512 MB, but a little after 2 GB things start getting ugly again). * Work on an amd64 system with LOTS of physical memory and a high kern.maxdsiz value. * Try to find a variation of the Sieve of Eratosthenes that can work with smaller memory load (possibly sacrifising, as you guessed, some of the speed for space). One possible variation would be to keep copies of the data you have processed in secondary storage and load only the parts needed in physical memory. A simplistic implementation of the Sieve of Eratosthenes may result in heavy thrashing if you just swap in and out regions of the numeric range as they are being accessed though :( ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: auto-guessing filesystems
On 2006-07-24 17:56, Lennon Cook [EMAIL PROTECTED] wrote: I have been looking over the tutorial for automounting removable devices at http://www.caia.swin.edu.au/reports/041130A/ , and have come to one interesting point. It has the fstab line: /dev/da0 /mnt/usbflash auto noauto 0 0 However, my system doesn't appear to support 'auto' as an fstype. I assume that it would guess the filesystem type ala Linux, which is about the only thing I miss about the mount system there. Can this actually be made to work easily on FreeBSD, or is this tutorial using an untested fstab entry? AFAIK, FreeBSD does not support filesystem autodetection. There was a discussion recently, in one of the FreeBSD lists, but I couldn't easily find a pointer to the relevant thread. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
