Re: UDP packet spoofed LAN source address?
On 2010-10-17 19:36, Robert Bonomi wrote: From owner-freebsd-questi...@freebsd.org Sun Oct 17 09:04:59 2010 Date: Sun, 17 Oct 2010 16:06:12 +0200 From: =?ISO-8859-1?Q?Morgan_Wesstr=F6m?= freebsd-questi...@pp.dyndns.biz To: Nerius Landys nlan...@gmail.com Cc: FreeBSD Mailing List freebsd-questions@freebsd.org Subject: Re: UDP packet spoofed LAN source address? On 2010-10-17 06:56, Nerius Landys wrote: This is really more of a networking question. I'm wondering, in a typical scenario, for example my server is in a data center with a typical colocation company. I am editing someone else's code, and this code handles incoming UDP packets. The code handles UDP packets that have a source address being from the LAN differently. It gives those packets special treatment. To check whether a source address is a LAN address, it does the typical checks for 10.0.0.0, 172.16.0.0, 192.168.0.0, 127.0.0.0, and it also checks every assinged IP address with netmask to see if the source address on the UDP packet came from that network. My question is - how possible (in these typical environments) is it to send a UDP packet from far away that claims to have a source address being a LAN address? Will such a packet typically make it to my server, or will a router along the way stop it from arriving? Maybe, is there a simple 10 line C program that I can run and compile to check if this scenario is possible on _my_ server? - Nerius Section 3 of RFC1918 (http://www.ietf.org/rfc/rfc1918.txt) states the following, and I quote: Routers in networks not using private address space, especially those of Internet service providers, are expected to be configured to reject (filter out) routing information about private networks. This makes it _highly_ unlikely that your server will be hit by spoofed packets with a source address belonging to any of those private IP ranges. Wrong _WRONG_, *W*R*O*N*G* THAT STATEMENT IS ABSOLUTELY INCORRECT. routing informatin works on _destination_ addresses *ONLY*. The RFC languate means thhat you cannot -reach- an RFC-1918 *destination* address over the public internet. because no routing for those DESTINATION addrsses ic carried in the routing tables. The rest of your analysis is similarly similarly flawed. As a matter of 'reality' *NOBODY* providing 'transit' services filters on source addresses. 'Leaf' networks -- those with 'upstream' connectivity, but no 'downstream' clients -- are well advised to -themseleves- implement ingress/egress filtering at their border to block packets with 'inappropriate' _source_ addresses. This blocking has to be done with considerable care, however. There are some types of packets with 'un-routable' source addresses that *are* absolutely legitimate, and tht you -have- to let through, or you will have _major_ usability problems. It is also a GOOD IDEA to filter traffic, in _and_ out, to certain ports that are 'meaningful' *only* in a LAN environment. Robert, I have 3 comments: 1) RFC1918 does _not_ explicitly define routing information as only destination address. 2) Cisco recommend themselves to filter out RFC1918 based on _source_ address as described here: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801a1a55.shtml#ex If you're unfamiliar with Cisco's standard ACL syntax you can find it described here: http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml#standacl I don't claim that every router out there is configured this way (I have no way to verify that) but if you were employed by me and didn't follow basic Cisco recommendations, you would have to look for a new employer. 3) Shouting does _not_ make a false statement correct, even if I'm fully aware that there are people that believe so. Also, if you chose to argue in demeaning wordings like your analysis is flawed, on a public mailing list, please atleast try to explain why the analysis is flawed. It's generally a very good idea to always provide references to what you claim if you want to be taken seriously. Just a friendly suggestion. Have a pleasant day. Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: UDP packet spoofed LAN source address?
On 2010-10-17 06:56, Nerius Landys wrote: This is really more of a networking question. I'm wondering, in a typical scenario, for example my server is in a data center with a typical colocation company. I am editing someone else's code, and this code handles incoming UDP packets. The code handles UDP packets that have a source address being from the LAN differently. It gives those packets special treatment. To check whether a source address is a LAN address, it does the typical checks for 10.0.0.0, 172.16.0.0, 192.168.0.0, 127.0.0.0, and it also checks every assinged IP address with netmask to see if the source address on the UDP packet came from that network. My question is - how possible (in these typical environments) is it to send a UDP packet from far away that claims to have a source address being a LAN address? Will such a packet typically make it to my server, or will a router along the way stop it from arriving? Maybe, is there a simple 10 line C program that I can run and compile to check if this scenario is possible on _my_ server? - Nerius Section 3 of RFC1918 (http://www.ietf.org/rfc/rfc1918.txt) states the following, and I quote: Routers in networks not using private address space, especially those of Internet service providers, are expected to be configured to reject (filter out) routing information about private networks. This makes it _highly_ unlikely that your server will be hit by spoofed packets with a source address belonging to any of those private IP ranges. However, if your data center use some of these addresses internally, their internal routers will still forward such packages making your server vulnerable for spoofed packages emanating from another server within the same data center. If, on the other hand, they're using public IP ranges internally, there's also the possibility that your server could be hit by a spoofed packet using an address from one of those internal nets as its source address. This could possibly result in a DoS attack against the poor server that IP address really belongs to. It's up to your data center's firewall to block those packets. It should _never_ pass any packet coming from the outside with a source address belonging to any network on the inside, since they're obviously spoofed. A professional data center should already have taken care of this but you need to ask them to make sure. Regards Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Disappearing available space with ZFS...what am I missing?
On 2010-09-29 07:56, Aaron wrote: I've created a ZFS pool with zpool create tank raidz ada0 ada1 ada2 ada3, and then I add some additional mountpoints (I think they're called) using zfs create tank/storage, etc. In zpool list, I see the pool with 3.62T available. With df -h, I see 2.4T available for tank, and tank/storage. When I first created tank, it had the 3.62T available as I expected. What am I missing? I do have compression set to gzip-9 on tank which gets inherited like I want, don't know if that would affect anything. --Aaron There's nothing wrong here that I can see, you just have to make a distinction between the zfs pool and the filesystems within the pool and I agree it can be confusing at first. The numbers suggest you are using 4 x 1TB (base 10 TB) drives? That equals 3.7TiB (base 2 TB) which is the unit zpool/zfs uses. This is the total amount of space available to the pool and includes all space on all drives in the pool. Nothing strange so far. Now, since you've told zpool to create filesystems within the pool using raidz, the filesystems will have 25% less space available since this space is used for parity data. So a filesystem using the whole pool will report having 3.7 * 0.75 = 2.7TiB available which is in agreement with your numbers. A raidz filesystem will always lose 1 disk worth of space and will never report that space as available to you since it will always be occupied with parity data. The pool on the other hand doesn't make a distinction, in this case anyway, between user data and parity data so zpool will always report what's actually unallocated on all your physical drives in the pool. For every GiB you allocate in the filesystem you will allocate 1.33GiB in the pool since that includes parity data. zfs list and df -h are your best friends to find out how much space is available for your files. Don't bother about zpool list. Regards Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 8.1 memstick installation
2010/8/23 Morgan Wesströmfreebsd-questi...@pp.dyndns.biz: On 2010-08-23 19:34, Friedemann Becker wrote: Hello, I have some questions about an installation on a memorystick. I have (a few weeks still) a very poor internet connection at home that's unusable for anything beyond email. I tried some hacking on musescore (yes I know that it can't work, but that's not my problem for now). Since I don't want to carry missing ports/packages/other stuff around on a stick everytime I miss something - which takes one day each - i would like to have a working system (not installation image) on usb-stick. Can i use fdimage with the memorystick installation image on windows, or any hacked versions of it? And how do turn this stick in a running system? Or is there any kind of live-stick-images out there, and if it is, how to move these on the stick (since windows is missing dd and nero doesn't like burning sticks :-) ) Thanks in advance Check my old message on how to do this in FreeBSD 7.2. The same instructions should work for 8.1 too, just change the version references. http://lists.freebsd.org/pipermail/freebsd-questions/2009-July/201928.html /Morgan On 2010-08-26 13:52, Friedemann Becker wrote: Thanks a lot, this seems to work. Is there any chance to get this into the faq or handbook? It's seems way more usefull to me than a live-CD. Best thing would be putting it into sysinstall, but maybe this is not reallistic. Best regards, Friedemann For the archives - below I've updated my installation guide to work with FreeBSD 8.1-RELEASE, GPT and ZFS if anyone finds it useful. Make sure your usb memory stick is empty and unpartitioned, then plug it in and boot from the FreeBSD DVD. Select your country and keyboard layout. Enter the Fixit environment and use the live filesystem on your DVD. Your usb memory stick will most likely be da0 but you can (and should) check it with camcontrol devlist before you continue. Create a new GPT partitioning scheme: # gpart create -s gpt da0 Create a 64KiB partition for the zfs bootcode starting at LBA 1920: # gpart add -b 1920 -s 128 -t freebsd-boot da0 Create a zfs partition spanning the remainder of the usb memory stick and give it a label we can refer to: # gpart add -t freebsd-zfs -l FreeBSDonUSB da0 (The starting LBA for the first partition is there to align the partitions to the flash memory's erase block size. This is particularly important for the main zfs partition. The main partition above will start at exactly 1MiB (LBA 2048) which will align it to any erase block size used today. This alignment is also of great importance if you use this guide to install FreeBSD to one of the newer harddrives using 4096 byte sectors.) Install the protective MBR to LBA 0 and the zfs bootcode to the first partition: # gpart bootcode -b /dist/boot/pmbr -p /dist/boot/gptzfsboot -i 1 da0 Create /boot/zfs (for zpool.cache) and load the zfs kernel modules: # mkdir /boot/zfs # kldload /dist/boot/kernel/opensolaris.ko # kldload /dist/boot/kernel/zfs.ko Create a zfs pool and set its bootfs property: # zpool create zrootusb /dev/gpt/FreeBSDonUSB # zpool set bootfs=zrootusb zrootusb Switch to fletcher4 checksums and turn off access time modifications: # zfs set checksum=fletcher4 zrootusb # zfs set atime=off zrootusb Extract at a minimum, base and the generic kernel: # cd /dist/8.1-RELEASE/base # DESTDIR=/zrootusb ./install.sh # cd ../kernels # DESTDIR=/zrootusb ./install.sh generic Delete the empty, default kernel directory and move the generic kernel into its place: # rmdir /zrootusb/boot/kernel # mv /zrootusb/boot/GENERIC /zrootusb/boot/kernel Make sure the zfs modules are loaded at boot: # echo 'zfs_load=YES' /zrootusb/boot/loader.conf # echo 'vfs.root.mountfrom=zfs:zrootusb' \ /zrootusb/boot/loader.conf Create /etc/rc.conf. Adjust and add to your own needs: # echo 'ifconfig_DEFAULT=DHCP' /zrootusb/etc/rc.conf # echo 'hostname=freebsd' /zrootusb/etc/rc.conf # echo 'keymap=swedish.iso' /zrootusb/etc/rc.conf # echo 'ntpdate_enable=YES' /zrootusb/etc/rc.conf # echo 'sshd_enable=YES' /zrootusb/etc/rc.conf # echo 'zfs_enable=YES' /zrootusb/etc/rc.conf Setup your time zone: # cp /zrootusb/usr/share/zoneinfo/Europe/Stockholm \ /zrootusb/etc/localtime Create an empty fstab to avoid startup warnings: # touch /zrootusb/etc/fstab Set the root password in the new environment: # cd # chroot /zrootusb /bin/sh # passwd root # exit Copy zpool.cache: # cp /boot/zfs/zpool.cache /zrootusb/boot/zfs Unmount the filesystem and set its mountpoint: # zfs unmount -a # zfs set mountpoint=legacy zrootusb Exit SYSINSTALL and reboot. You now have a fully functional and bootable FreeBSD installation on your usb memory stick. Regards Morgan Wesström ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any
Re: Any way to force AHCI mode on ICH8?
On 2010-09-09 15:51, Morgan Wesström wrote: On 2010-09-09 13:04, Ivan Voras wrote: On 09/09/10 02:10, Morgan Wesström wrote: I run FreeBSD 8.1 on an old Asus P5B-VM motherboard with ICH8. Its AMI BIOS lacks an option to enable AHCI mode. Intel's datasheet for the ICH8 family specifies that this feature exists on the ICH8, and the option is available in the BIOS for the identical (apart from form factor) P5B motherboard. http://www.intel.com/Assets/PDF/datasheet/313056.pdf I've contacted Asus support for an updated BIOS but I don't have much hope I will ever see one. Would it be possible to patch the FreeBSD kernel to enable AHCI mode somehow during boot? You mean except adding: ahci_load=YES to /boot/loader.conf ? Yes, I meant if there was a way to programmatically switch the ICH8 into AHCI mode before loading ahci(4). The BIOS on this motherboard only provides a legacy and an enhanced option for the SATA controller. Neither option turns on AHCI mode so ata(4) attaches to the controller. There's also a JMicron controller, providing an eSATA connector, on this motherboard. It is AHCI compatible and ahci(4) attaches correctly to it. It would've been nice to be able to use NCQ and hotplug on the other SATA connectors too since the ICH8 has those features. Cross-posting this to freebsd-hackers in case that is a more appropriate list. On page 486, in the Intel I/O Controller Hub 8 (ICH8) Datasheet, there's a description of the address map register that controls the SATA mode selection (SMS). http://www.intel.com/assets/pdf/datasheet/313056.pdf I quote note 7: Software shall not manipulate SMS during runtime operation (i.e., the OS will not do this). The BIOS may choose to switch from one mode to another during POST. That note is probably there for a reason but what would life be without experimentation? :-) This is of course far beyond my level of expertise, but would it be possible to flip the necessary register bit very early on in the boot process to turn the SATA controller into AHCI mode? Has anyone done anything like this and what part of the kernel or boot loader would be most appropriate to patch? I have no problem applying a patch and recompiling what's needed if anyone could provide the necessary code. Regards Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Any way to force AHCI mode on ICH8?
On 2010-09-09 13:04, Ivan Voras wrote: On 09/09/10 02:10, Morgan Wesström wrote: I run FreeBSD 8.1 on an old Asus P5B-VM motherboard with ICH8. Its AMI BIOS lacks an option to enable AHCI mode. Intel's datasheet for the ICH8 family specifies that this feature exists on the ICH8, and the option is available in the BIOS for the identical (apart from form factor) P5B motherboard. http://www.intel.com/Assets/PDF/datasheet/313056.pdf I've contacted Asus support for an updated BIOS but I don't have much hope I will ever see one. Would it be possible to patch the FreeBSD kernel to enable AHCI mode somehow during boot? You mean except adding: ahci_load=YES to /boot/loader.conf ? Yes, I meant if there was a way to programmatically switch the ICH8 into AHCI mode before loading ahci(4). The BIOS on this motherboard only provides a legacy and an enhanced option for the SATA controller. Neither option turns on AHCI mode so ata(4) attaches to the controller. There's also a JMicron controller, providing an eSATA connector, on this motherboard. It is AHCI compatible and ahci(4) attaches correctly to it. It would've been nice to be able to use NCQ and hotplug on the other SATA connectors too since the ICH8 has those features. Regards Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Any way to force AHCI mode on ICH8?
I run FreeBSD 8.1 on an old Asus P5B-VM motherboard with ICH8. Its AMI BIOS lacks an option to enable AHCI mode. Intel's datasheet for the ICH8 family specifies that this feature exists on the ICH8, and the option is available in the BIOS for the identical (apart from form factor) P5B motherboard. http://www.intel.com/Assets/PDF/datasheet/313056.pdf I've contacted Asus support for an updated BIOS but I don't have much hope I will ever see one. Would it be possible to patch the FreeBSD kernel to enable AHCI mode somehow during boot? Regards Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 8.1 memstick installation
Check my old message on how to do this in FreeBSD 7.2. The same instructions should work for 8.1 too, just change the version references. http://lists.freebsd.org/pipermail/freebsd-questions/2009-July/201928.html /Morgan Thanks a lot, this seems to work. Is there any chance to get this into the faq or handbook? It's seems way more usefull to me than a live-CD. Best thing would be putting it into sysinstall, but maybe this is not reallistic. Best regards, Friedemann You're welcome. I'm not on the FreeBSD developer's team so I can't answer your questions about the FAQ. There is however a wiki at freebsd.org and I could ofc provide an article there if the developers find it useful. Sysinstall is simply put just a frontend to the commands I use in the guide and you could accomplish the exact same install thorugh it if you change the default options. But I find it much easier to do this basic install manually instead of navigating through several pages of menus. :-) /Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 8.1 memstick installation
On 2010-08-23 19:34, Friedemann Becker wrote: Hello, I have some questions about an installation on a memorystick. I have (a few weeks still) a very poor internet connection at home that's unusable for anything beyond email. I tried some hacking on musescore (yes I know that it can't work, but that's not my problem for now). Since I don't want to carry missing ports/packages/other stuff around on a stick everytime I miss something - which takes one day each - i would like to have a working system (not installation image) on usb-stick. Can i use fdimage with the memorystick installation image on windows, or any hacked versions of it? And how do turn this stick in a running system? Or is there any kind of live-stick-images out there, and if it is, how to move these on the stick (since windows is missing dd and nero doesn't like burning sticks :-) ) Thanks in advance Check my old message on how to do this in FreeBSD 7.2. The same instructions should work for 8.1 too, just change the version references. http://lists.freebsd.org/pipermail/freebsd-questions/2009-July/201928.html /Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Pidfile ends up in /tmp instead of /var/run
I'm trying to create an rc script for the first time following the guide
in the handbook. The script works as expected except for the pidfile
which is created in /tmp for some reason I can't figure out. The daemon
I try to run is a Linux program if that matters. Any help to solve this
would be appreciated. Here's the rc script:
#!/bin/sh
# PROVIDE: linuxdaemon
# REQUIRE: NETWORKING DAEMON
# BEFORE: LOGIN
# KEYWORD: shutdown
linuxdaemon_enable=${linuxdaemon_enable-NO}
. /etc/rc.subr
name=linuxdaemon
rcvar=`set_rcvar`
command=/usr/local/bin/linuxdaemon
command_args=-c /usr/local/etc/linuxdaemon.conf /dev/null 21
load_rc_config $name
pidfile=/var/run/linuxdaemon.pid
required_files=/usr/local/etc/linuxdaemon.conf
run_rc_command $1
Regards
Morgan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Pidfile ends up in /tmp instead of /var/run
On 2010-08-22 00:58, Morgan Wesström wrote:
I'm trying to create an rc script for the first time following the guide
in the handbook. The script works as expected except for the pidfile
which is created in /tmp for some reason I can't figure out. The daemon
I try to run is a Linux program if that matters. Any help to solve this
would be appreciated. Here's the rc script:
#!/bin/sh
# PROVIDE: linuxdaemon
# REQUIRE: NETWORKING DAEMON
# BEFORE: LOGIN
# KEYWORD: shutdown
linuxdaemon_enable=${linuxdaemon_enable-NO}
. /etc/rc.subr
name=linuxdaemon
rcvar=`set_rcvar`
command=/usr/local/bin/linuxdaemon
command_args=-c /usr/local/etc/linuxdaemon.conf /dev/null 21
load_rc_config $name
pidfile=/var/run/linuxdaemon.pid
required_files=/usr/local/etc/linuxdaemon.conf
run_rc_command $1
Some additional info. Creating /compat/linux/tmp makes the pidfile move
there instead when I start the service. Creating /compat/linux/var/run
does _not_ make the pidfile appear there. I though for a brief moment
that I had to symlink /compat/linux/var/run to /var/run but that seems
to be the wrong solution. Still interested in some pointers while I
continue trying to solve this...
/Morgan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Pidfile ends up in /tmp instead of /var/run [SOLVED]
On 2010-08-22 01:37, Morgan Wesström wrote:
On 2010-08-22 00:58, Morgan Wesström wrote:
I'm trying to create an rc script for the first time following the guide
in the handbook. The script works as expected except for the pidfile
which is created in /tmp for some reason I can't figure out. The daemon
I try to run is a Linux program if that matters. Any help to solve this
would be appreciated. Here's the rc script:
#!/bin/sh
# PROVIDE: linuxdaemon
# REQUIRE: NETWORKING DAEMON
# BEFORE: LOGIN
# KEYWORD: shutdown
linuxdaemon_enable=${linuxdaemon_enable-NO}
. /etc/rc.subr
name=linuxdaemon
rcvar=`set_rcvar`
command=/usr/local/bin/linuxdaemon
command_args=-c /usr/local/etc/linuxdaemon.conf /dev/null 21
load_rc_config $name
pidfile=/var/run/linuxdaemon.pid
required_files=/usr/local/etc/linuxdaemon.conf
run_rc_command $1
Some additional info. Creating /compat/linux/tmp makes the pidfile move
there instead when I start the service. Creating /compat/linux/var/run
does _not_ make the pidfile appear there. I though for a brief moment
that I had to symlink /compat/linux/var/run to /var/run but that seems
to be the wrong solution. Still interested in some pointers while I
continue trying to solve this...
/Morgan
Being the beginner on rc scripting that I am, I mistakenly believed the
rc subsystem was responsible for creating the pid-file. I understand now
that this is up to the daemon itself and in my case the location of the
pid-file is hardcoded to /tmp in the binary blob. Adjusting the pidfile
entry in the rc script to the pid-files true location solved the problem
and the daemon is no playing nicely with rc.
/Morgan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: mrtg-2.16.2_6,1 does not run with perl-5.12.1_1
On 2010-08-02 10:49, Jon Theil Nielsen wrote: 2010/8/2 Jon Theil Nielsen jonth...@gmail.com Hi list After upgrading perl according to UPDATING, I cannot use mrtg anymore. The error message is: Bareword P_DETACH not allowed while strict subs in use at /usr/local/lib/perl5/site_perl/5.12.1/MRTG_lib.pm line 1172. Compilation failed in require at /usr/local/bin/mrtg line 89. BEGIN failed--compilation aborted at /usr/local/bin/mrtg line 89. I filled a PR on this but haven't seen any answers/solutions: http://www.freebsd.org/cgi/query-pr.cgi?pr=148914 Am I the only one having this problem? If the port needs upgrading (as suggested in my PR), but this does not happen, how can I fix it myself? Cheers, Jon -- Jon Theil Nielsen Hi again, Hope I'm not beeing a pain... But I wolud really like to hearing from *anyone* who has upgradeded perl and has mrtg installed. Even if is working whtout problems. So, at least, I know that I have to look for a specific problem on my own server. I forgot to mention that I'm running 8.1 Stable. Cheers, Jon Hi Jon. You're not alone. :-) I ran into the same issue and it has also been reported on Gentoo (which I use too). The solution is mrtg 2.16.4 and until the ports tree is updated there's a patch here you can apply manually which worked for me: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/149016 Regards Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Upgrading Apache fails - I don't understand why, exactly
On 2010-07-27 23:47, Kurt Buff wrote: Trying to do the following on a couple of machines: # portupgrade apache-2.2.14_5 snip I've grepped through the port and haven't found anything that mentions this. Anyone got a clue for me? Thanks, Kurt Check /usr/ports/UPDATING. The entry from 20100518. Regards Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Online gaming and file downloads - latency hell!
On 2010-06-21 07:50, Ian Smith wrote: In freebsd-questions Digest, Vol 315, Issue 11, Message: 9 On Fri, 18 Jun 2010 12:11:48 +0200 Morgan Wesstr?m freebsd-questi...@pp.dyndns.biz wrote: On 2010-06-16 02:51, Modulok wrote: Yo, I have a FreeBSD box acting as a router between me and the Internet. Whenever someone on the local network downloads something, the other connections have a really high latency. A second or more. For people who like to download large files and play online games, it's not good. I tried traffic shaping with PF, which works - almost: I tried the home example in the PF book, but it doesn't work out so well. I can throttle users with no trouble, but even so that doesn't seem to help the latency issue unless I choke the 'big file download' users almost completely off. It's like nothing helps. I tried a priority based queue where all traffic on the gaming ports was placed in front of all other traffic, and while I saw a very mild improvement, latency was still really pitiful. Is there anything else I can do? Anyone have a similar setup and wish to share config files? Are there some sysctl's that would help this out or something. I'm almost ready to just buy a 'gaming' *gag* router which implements their own brand of QoS, but don't want to sink to that level if I don't have to. Help! -Modulok- Traffic shaping on your side when downloading unfortunately doesn't help you. The data has already been transferred across your cable or DSL connection by then and reordering any packets on your side will not change the latency. Traffic shaping your download has to be performed at your upstream router which you probably don't control. PF can help you traffic shape your outgoing traffic. I have used it for this for the past 6 years to help me maintain a low and stable ping while I play online, even if I upload simultaneously. I've read about people trying to throttle outgoing ACKs to slow down their download but that still wouldn't rearrange any incoming data packets so I don't see how that would help. I haven't tried it myself though but neither have I read about anyone successfully accomplishing this. Regards Morgan A short story: About 15 months ago, before becoming aware that Luigi and colleagues had been busy porting ipfw and dummynet to Linux, I was asked to implement a shaping solution for a very limited (512/512kbps) ADSL connection for a community radio station using a Linux firewall-in-a-box called IPCop as router, whose shaping was based on Bert Hubert's WonderShaper script, using Linux' tc module to prioritise and shape only outbound traffic. Having used ipfw+dummynet successfully for some years to shape traffic for a local voluntary organisation 'Community Technology Centre', I was staggered to find that all of the collective Linux wisdom on the subject chanted that same mantra .. that you can't prioritise download traffic, as the ISP will have 'gigantic queues' of TCP traffic that you can't control, and that prioritising ACKs, QoS and ICMP traffic and such is the best you can do. By this philosophy, tc only implements limiting total bandwidth of inbound traffic, shaping outbound by QoS and classes. To disprove this pervasive myth I had to implement inbound shaping by using tc to control the _outbound_ traffic to the _inside_ interface, where all sorts of random clients are doing big downloads, yootoobing and such plus some big uploads, while guaranteeing that the station's outbound audio stream had fully half the outbound-to-net bandwidth free without undue pressure and that remote ssh sessions etc remained snappy. This involves queuing inbound (mostly TCP) traffic on the local router, dropping any excess, which works most effectively to maintain a hard limit to downloads (at around 85% of 512kbps) while keeping the outbound (to-net) channel lightly loaded after streaming, ACKs, and uploads. I don't know how pf works (or can be made to work) in this regard, nor can I speculate about gaming latency particularly, but hope to find out soon by either replacing the old IPCop box with pfSense, or trying ipfw and dummynet on Linux .. I know, but they're still reluctant to shop other than Linux, and the idea of implementing a FreeBSD-derived firewall and shaping solution on Linux has a good deal of appeal .. HTH (or at least, doesn't hurt :) cheers, Ian PF can handle the bandwidth limiting on the internal interface, no problem there. However, bandwidth limiting is only one part of traffic shaping. The other part is packet reordering. Even if you limit incoming bandwidth, your ISP may still have hundreds of packets of P2P traffic in it's queue to send before that vital packet from the online game. This will of course increase the latency of that packet which is
Re: Online gaming and file downloads - latency hell!
On 2010-06-16 02:51, Modulok wrote: Yo, I have a FreeBSD box acting as a router between me and the Internet. Whenever someone on the local network downloads something, the other connections have a really high latency. A second or more. For people who like to download large files and play online games, it's not good. I tried traffic shaping with PF, which works - almost: I tried the home example in the PF book, but it doesn't work out so well. I can throttle users with no trouble, but even so that doesn't seem to help the latency issue unless I choke the 'big file download' users almost completely off. It's like nothing helps. I tried a priority based queue where all traffic on the gaming ports was placed in front of all other traffic, and while I saw a very mild improvement, latency was still really pitiful. Is there anything else I can do? Anyone have a similar setup and wish to share config files? Are there some sysctl's that would help this out or something. I'm almost ready to just buy a 'gaming' *gag* router which implements their own brand of QoS, but don't want to sink to that level if I don't have to. Help! -Modulok- Traffic shaping on your side when downloading unfortunately doesn't help you. The data has already been transferred across your cable or DSL connection by then and reordering any packets on your side will not change the latency. Traffic shaping your download has to be performed at your upstream router which you probably don't control. PF can help you traffic shape your outgoing traffic. I have used it for this for the past 6 years to help me maintain a low and stable ping while I play online, even if I upload simultaneously. I've read about people trying to throttle outgoing ACKs to slow down their download but that still wouldn't rearrange any incoming data packets so I don't see how that would help. I haven't tried it myself though but neither have I read about anyone successfully accomplishing this. Regards Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Log rotation / newsyslog / apache not reloaded
On 2010-04-15 12:08, Zbigniew Szalbot wrote: On 15 Apr 2010 at 8:30, Zbigniew Szalbot wrote: Hello, I have the following lines in my /etc/newsyslog.conf /var/log/*-access.log 644 30*@T00 JCG /var/log/*-error.log644 30*@T00 JCG I added /var/run/httpd.pid at the end of both lines and will see if that helps. Zbigniew Szalbot Alternatively you can use sysutils/cronolog which will eliminate the need to restart Apache entirely. Apache's configuration file allows you to pipe your logs to sysutils/cronolog (or any other external program) which in turn can be configured to split the logs almost any way you like. This is very convenient, especially if you run many vhosts which normally will turn nywsyslog.conf into a mess. The man page explains it in detail. http://cronolog.org/download/cronolog.pdf Regards Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to control upload data in bittorrent clients
RW wrote: On Sat, 06 Feb 2010 23:14:45 +0100 Morgan Wesström freebsd-questi...@pp.dyndns.biz wrote: 1) in the transmission web it showing downloading is 10 kbps to 30 kbpsbut uploading it shows 50 to 92 kbps my question is is it possible to limit the uploading data rate , how can I do this ? Check out Daniel Hartmeier's excellent article on how to prioritize TCP ACKs (and other traffic). It will explain what you experience and solve the problem for you. It's a good idea to handle this from within transmission too. Rate limiting works best at the TCP level. Well, the thing is that if you prioritize your TCP ACKs you won't have to do any rate limiting within transmission. You can then use your full upload and download simultaneously. Don't you want to use the bandwidth you pay for? :-) /Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to control upload data in bittorrent clients
RW wrote: On Sun, 07 Feb 2010 10:51:20 +0100 Morgan Wesström freebsd-questi...@pp.dyndns.biz wrote: RW wrote: On Sat, 06 Feb 2010 23:14:45 +0100 Morgan Wesström freebsd-questi...@pp.dyndns.biz wrote: 1) in the transmission web it showing downloading is 10 kbps to 30 kbpsbut uploading it shows 50 to 92 kbps my question is is it possible to limit the uploading data rate , how can I do this ? Check out Daniel Hartmeier's excellent article on how to prioritize TCP ACKs (and other traffic). It will explain what you experience and solve the problem for you. It's a good idea to handle this from within transmission too. Rate limiting works best at the TCP level. Well, the thing is that if you prioritize your TCP ACKs you won't have to do any rate limiting within transmission. You can then use your full upload and download simultaneously. Don't you want to use the bandwidth you pay for? :-) You can't get the full bandwidth because you need to set the upload limit at a level that can be sustained upstream in your router or modem; otherwise it doesn't work properly. You can't just use your nominal line-speed or let altq pick-up the interface speed. You're of course correct. I'm sorry if I didn't specify that but Daniel's article clearly explains it. The purpose of my response here was not to describe in detail how to configure ALTQ but merely to direct the OP to a solution that solves the exact problem he describes. This phenomenon is very common among people with asymmetric connections. It depends what you are trying achieve. If your sole object is to prevent ack delays reducing tcp download speed then altq will do it. However, if you want to seed afterwards you need to reduce the impact on latency-sensitive protocols like http and imap. Further traffic prioritization does help, but I find that I get better results if I also set the client to limit itself a bit below the altq limit. My personal queue definition is rather complex. Naturally I prioritize traffic like http, smtp, ssh, rsync, ntp and others over the bulk traffic produced by bittorrent. Since bandwidth can be borrowed between queues the bulk traffic is able to use all of my bandwidth when I don't need it for prioritized traffic. In my experience tcp limiting also produces steadier uploads than altq so the average rate can actually be higher. I have probably been lucky with the ISPs I've used over the years because they have always delivered a constant and steady upload to me. I set up my first PF/ALTQ-based router on OpenBSD, several years before it was ported to FreeBSD, and I have never looked back since then. No amount of application speed limiting has ever come close to produce better bandwidth utilization for me than PF/ALTQ. Regards Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to control upload data in bittorrent clients
I am using transmission-daemon and tr ansmission web for accessing bittorrent sites. I have a slow connection, the problem is that 1) in the transmission web it showing downloading is 10 kbps to 30 kbps but uploading it shows 50 to 92 kbps my question is is it possible to limit the uploading data rate , how can I do this ? 2) When ever transmission daemon running and downloading files, I can't access any other sites, it waiting for long and getting message sever not found ... When I stop transmission daemon then other sites accessible. why its happening ? any hints to fix it ? transmission-daemon-1.51_1 transmission-web-1.51 any help most welcome. dhanesh Check out Daniel Hartmeier's excellent article on how to prioritize TCP ACKs (and other traffic). It will explain what you experience and solve the problem for you. http://www.benzedrine.cx/ackpri.html /Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Backward compatibility libraries?
John wrote: The GENERIC 8.0 kernel and the kernel I built for my new FreeBSD 8.0 system both contain options COMPAT_FREEBSD4 # Compatible with FreeBSD4 yet, when I try to run a program compiled on the FreeBSD 4.3 system on the new system, I get /usr/libexec/ld-elf.so.1: Shared object libc.so.4 not found, required by pipetype So - there must be some compatibility libraries somewhere. I've looked in Packages and in Distributions, and didn't see what I'm looking for (probably looking right at it). What am I missing? Thanks! misc/compat4x ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Missing all ttyv* device nodes after upgrade 7.0 - 7.2
These dmesg lines are from another 7.2 machine and I am missing them from the output of this newly upgraded machine: sc0: System console at flags 0x100 on isa0 sc0: VGA 16 virtual consoles, flags=0x300 vga0: Generic ISA VGA at port 0x3c0-0x3df iomem 0xa-0xb on isa0 Both devices are in the kernel. What could prevent them from binding? Is it maybe a newer system that has keyboard and mouse set to USB as a default which needs disabling in BIOS? I know a machine I just built I set the keyboard to Legacy to use the PS/2 port while the mouse stayed USB. -Mike Thanks for your answer Mike. The system is actually an old Celeron on an Intel i865 based mainboard so the hardware should be pretty well supported I guess and after all - it did work with 7.0. The machine is only used as a router so the lack of virtual terminals aren't critical but I still would like to solve it. I will have the owner look for a more recent BIOS and then I'll reinstall the GENERIC kernel before filing a bug report. Here's a more verbose dmesg snippet that might give someone a clue: agp0: Intel 82865 host to AGP bridge on hostb0 agp0: allocating GATT for aperture of size 128M vgapci0: VGA-compatible display mem 0xf800-0xf8ff,0xe000-0xefff,0xf900-0xf9ff irq 3 at device 0.0 on pci1 isab0: PCI-ISA bridge at device 31.0 on pci0 isa0: ISA bus on isab0 sc: sc0 already exists; skipping it vga: vga0 already exists; skipping it isa_probe_children: disabling PnP devices isa_probe_children: probing non-PnP devices pmtimer0 on isa0 sc0: no video adapter found. sc0: System console failed to probe on isa0 vga0: Generic ISA VGA failed to probe on isa0 atkbdc0: Keyboard controller (i8042) at port 0x60,0x64 on isa0 vt0: not probed (disabled) isa_probe_children: probing PnP devices What is that vt0 (disabled)? Is that related? pciconf reports this: pc...@pci0:0:1:0: class=0x060400 card=0x chip=0x25718086 rev=0x02 hdr=0x01 vendor = 'Intel Corporation' device = '82865G/PE/P, 82848P PCI-to-AGP Bridge' class = bridge subclass = PCI-PCI is...@pci0:0:31:0: class=0x060100 card=0x chip=0x24d08086 rev=0x02 hdr=0x00 vendor = 'Intel Corporation' device = '82801EB/ER (ICH5/ICH5R) LPC Interface Bridge' class = bridge subclass = PCI-ISA vgap...@pci0:1:0:0: class=0x03 card=0x2034107d chip=0x022010de rev=0xa1 hdr=0x00 vendor = 'Nvidia Corp' class = display subclass = VGA Googling on this turns up a lot of older posts with references to PnP incompatibilities and ATA but I can't find any info that helps me with syscons. Regards Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Missing all ttyv* device nodes after upgrade 7.0 - 7.2
Michael Powell wrote: agp0: Intel 82865 host to AGP bridge on hostb0 agp0: allocating GATT for aperture of size 128M vgapci0: VGA-compatible display mem 0xf800-0xf8ff,0xe000-0xefff,0xf900-0xf9ff irq 3 at device 0.0 on pci1 This is an odd IRQ for a video card to come up on, as this is usually reserved for one of the COMM ports. Maybe an IRQ conflict here. I noticed that too :-) Below is a snippet from mine. You didn't remove device vga from the kernel by any chance? Switching back to GENERIC for a test is probably a good idea as it may remove a variable from the problem. No, all of syscons dependencies (according to the man page) are still there. Funny thing is it worked in 7.0 previously? At first glance this smells like BIOS PnP probing problems, but I think if it were it would have showed itself before. Try GENERIC and see what happens. If it goes away you know where to look. It appears this computer has an i865G chipset (built-in graphics) as well as an extra nvidia card. The output from devinfo shows that agp is attaching to hostb0 instead of vgapci0 so I will ask the person to remove the nvidia card and only run from the built-in graphics. PnP most likely seems to be the culprit here for sure. Thanks again for your input. pcib0 pci0 hostb0 agp0 pcib1 pci1 vgapci0 /Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: immense delayed write to file system (ZFS and UFS2), performance issues
Emil Mikulic wrote: (off-list) On Tue, Jan 19, 2010 at 04:32:34PM +0100, Morgan Wesstr?m wrote: Emil Mikulic wrote: On Tue, Jan 19, 2010 at 09:16:41AM +0100, Gerrit K?hn wrote: Thanks for bringing up this topic here. I have drives showing up close to 80 load cycle counts here. Guess it's time for that fix... :-| Device Model: WDC WD10EACS-00ZJB0 Firmware Version: 01.01B01 Serial Number:WD-WCAS [...] 9 Power_On_Hours 17046 193 Load_Cycle_Count 1045512 The above drive is in a raidz of three. The other two drives from that batch have already failed. :( Did you RMA the failing drives? Did WD comment the Load_Cycle_Count? No. But apparently they're still under warranty, so maybe I'll give that a shot and let you know in ~3 weeks or so. :) Thanks. I'd be really interested to know whether they'll make any comments regarding that value or if they simply ignore it. /Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Missing all ttyv* device nodes after upgrade 7.0 - 7.2
I obviously did something wrong somewhere but I can't figure out what. All console device nodes /dev/ttyv0 - /dev/ttyvf are missing after I upgraded a machine from 7.0 to 7.2. The serial console node /dev/ttyd0 is there though if that rings a bell. What controls the creation of the console device nodes? Any hints on what I should check? I did deactivate unneeded SCSI-drivers and the like in the GENERIC kernel but the tty related stuff is still there, like: options COMPAT_43TTY# BSD 4.3 TTY compat device sc /Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Missing all ttyv* device nodes after upgrade 7.0 - 7.2
Morgan Wesström wrote: I obviously did something wrong somewhere but I can't figure out what. All console device nodes /dev/ttyv0 - /dev/ttyvf are missing after I upgraded a machine from 7.0 to 7.2. The serial console node /dev/ttyd0 is there though if that rings a bell. What controls the creation of the console device nodes? Any hints on what I should check? I did deactivate unneeded SCSI-drivers and the like in the GENERIC kernel but the tty related stuff is still there, like: options COMPAT_43TTY# BSD 4.3 TTY compat device sc I'm also missing /dev/consolectl I've read man syscons and all the prerequisites there are present in the kernel: device atkbdc device atkbd device vga device sc device splash And also these in /boot/device.hints: hint.atkbdc.0.at=isa hint.atkbdc.0.port=0x060 hint.atkbd.0.at=atkbdc hint.atkbd.0.irq=1 hint.vga.0.at=isa hint.sc.0.at=isa Where should I look next? /Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Missing all ttyv* device nodes after upgrade 7.0 - 7.2
Morgan Wesström wrote: Morgan Wesström wrote: I obviously did something wrong somewhere but I can't figure out what. All console device nodes /dev/ttyv0 - /dev/ttyvf are missing after I upgraded a machine from 7.0 to 7.2. The serial console node /dev/ttyd0 is there though if that rings a bell. What controls the creation of the console device nodes? Any hints on what I should check? I did deactivate unneeded SCSI-drivers and the like in the GENERIC kernel but the tty related stuff is still there, like: options COMPAT_43TTY# BSD 4.3 TTY compat device sc I'm also missing /dev/consolectl These dmesg lines are from another 7.2 machine and I am missing them from the output of this newly upgraded machine: sc0: System console at flags 0x100 on isa0 sc0: VGA 16 virtual consoles, flags=0x300 vga0: Generic ISA VGA at port 0x3c0-0x3df iomem 0xa-0xb on isa0 Both devices are in the kernel. What could prevent them from binding? /Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: immense delayed write to file system (ZFS and UFS2), performance issues
O. Hartmann wrote: I realise a strange behaviour of several FreeBSD 8.0-STABLE/amd64 boxes. All boxes have the most recent STABLE. One box is a UP system, two others SMP boxes, one with a Q6600 4-core, another XEON with 2x 4-cores (Dell Poweredge III). Symptome: All boxes have ZFS and UFS2 filesystems. Since two weeks or so, sometimes the I/O performance drops massively when doing 'svn update', 'make world' or even 'make kernel'. It doesn't matter what memory and how many cpu the box has, it get stuck for several seconds and freezing. On the UP box, this is sometimes for 10 - 20 seconds. A very interesting phenomenon is the massively delayed file writing on ZFS filesystems I realise. Editing a file in 'vi' running on one XTerm and having in another Xterminal my shell for compiling this file, it takes sometimes up to 20 seconds to get the file updated after it has been written. It's like having an old, slow NFS connection with long cache delays. These massively delayed file transactions are not necessarely under heavy load, sometimes they occur in a relaxed situation. They seem to occur much more often on the UP box than on the SMP boxes, but this strange phenomenon also occur on the Dell Poweredge II, which has 16GB RAM and summa summarum 16 cores. This phenomenon does occur on ZFS- and UFS2 filesystems as well. It is hardly reproducable. Is there any known issue? Ragrds, Oliver The disks involved don't happen to be Western Digital Green Power disks, do they? The Intelli-Park function in these disks are wrecking havoc with I/O in Linux-land at least, causing massive stalls and iowait through the roof during the 25-30 seconds it takes for the heads to unload after parking. I have two of these disks sitting on my desk now collecting dust... /Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Problem with USB serial in linux emulation
Dear list. I have an USB smartcard reader that emulates a serial port. It uses the uftdi.ko kernel module and creates the following device nodes when plugged in. System is FreeBSD 7.2-RELEASE-p3 amd64. crw-rw 1 uucp dialer0, 110 Jan 14 19:27 /dev/cuaU0 crw-rw 1 uucp dialer0, 111 Jan 7 14:01 /dev/cuaU0.init crw-rw 1 uucp dialer0, 112 Jan 7 14:01 /dev/cuaU0.lock crw--- 1 root wheel 0, 107 Jan 14 19:25 /dev/ttyU0 crw--- 1 root wheel 0, 108 Jan 7 14:01 /dev/ttyU0.init crw--- 1 root wheel 0, 109 Jan 7 14:01 /dev/ttyU0.lock dmesg output: ucom0: FTDI USB - Serial, class 0/0, rev 1.10/4.00, addr 2 on uhub5 I'm trying to access it with a linux program and the program initializes and manages to read at least some basic info from the card but any further communication with the card results in the following message regardless of what device node I use: linux_sys_futex: unknown op 265 Same software and reader works on a pure linux machine. Does anyone have any hints on what I can do to try to track this problem down? Some clarification on what the difference is between cuaU0 and ttyU0 would be appreciated too and which of them I should use primarily. Regards Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Problem with USB serial in linux emulation
Morgan Wesström wrote: Dear list. I have an USB smartcard reader that emulates a serial port. It uses the uftdi.ko kernel module and creates the following device nodes when plugged in. System is FreeBSD 7.2-RELEASE-p3 amd64. crw-rw 1 uucp dialer0, 110 Jan 14 19:27 /dev/cuaU0 crw-rw 1 uucp dialer0, 111 Jan 7 14:01 /dev/cuaU0.init crw-rw 1 uucp dialer0, 112 Jan 7 14:01 /dev/cuaU0.lock crw--- 1 root wheel 0, 107 Jan 14 19:25 /dev/ttyU0 crw--- 1 root wheel 0, 108 Jan 7 14:01 /dev/ttyU0.init crw--- 1 root wheel 0, 109 Jan 7 14:01 /dev/ttyU0.lock dmesg output: ucom0: FTDI USB - Serial, class 0/0, rev 1.10/4.00, addr 2 on uhub5 I'm trying to access it with a linux program and the program initializes and manages to read at least some basic info from the card but any further communication with the card results in the following message regardless of what device node I use: linux_sys_futex: unknown op 265 Same software and reader works on a pure linux machine. Does anyone have any hints on what I can do to try to track this problem down? Some clarification on what the difference is between cuaU0 and ttyU0 would be appreciated too and which of them I should use primarily. Adding some more info myself here. Initially I only copied the shared libraries the program needed from my Linux computer and loaded the linux kernel module. Installing the full linux_base-f10 port seems to get rid of the error message so it seems unrelated to the actual communication problem I experience. The program initially detects the card in the reader but as soon as I try to communicate with it, the program thinks the reader is empty. Does anyone recognize this behaviour? /Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: pf headaches: why won' t it let me fetch from ftp servers?
Dino Vliet wrote:
Dear freebsd list,
I have the following pf.conf file:
tcp_services = { ftp, ssh, domain, www, auth, https }
udp_services = { ftp, domain, ntp }
icmp_types = echoreq
block all
pass inet proto icmp all icmp-type $icmp_types keep state
#pass in proto tcp to any port 22 keep state
pass out proto tcp to any port $tcp_services keep state
#pass out proto tcp to any port 25 keep state
#pass out proto tcp to any port 465 keep state
#pass out proto tcp to any port 587 keep state
pass out proto tcp to any port 5999 keep state
#pass out all keep state
#pass out proto tcp to any keep state
pass out proto udp to any port $udp_services
However,if I try to fetch a file from a ftp server as in the followining
example:fetch: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/bash/FAQ
I get the result: Operation not permitted
My first question is: What is causing this? If I stop pf, then I' m able to
fetch it.
My second question is:Is my ruleset looking fine, as i want to block
everything and only let some specific services go out. Or need t be tightened
more?
BrgdsDino
The ftp protocol is unfortunately not very firewall friendly and it
involves far more ports and connections you have accounted for in your
rules. You should have a look at ftp-proxy(8) and closely study the pf
examples there. I'm sure it will solve your problem.
/Morgan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SMP and ALTQ_NOPCC
APseudoUtopia wrote: Hello, With the improvements in SMP in FreeBSD 8.0, is the ALTQ_NOPCC option still required? In the handbook and other older documentation, it says ALTQ_NOPCC is in fact required on SMP systems because the TSC is unstable. I was wondering if this is still the case after the improvements done with SMP. Thanks. Not every CPU has an unstable TSC. It mostly affects AMD processors and Intel Pentium M. Wikipedia has a great listing of models and families affected: http://en.wikipedia.org/wiki/Time_Stamp_Counter#Implementation_in_Various_Processors However, in /usr/src/sys/amd64/amd64/tsc.c you can find the following code: #ifdef SMP /* * We can not use the TSC in SMP mode unless the TSCs on all CPUs * are somehow synchronized. Some hardware configurations do * this, but we have no way of determining whether this is the * case, so we do not use the TSC in multi-processor systems * unless the user indicated (by setting kern.timecounter.smp_tsc * to 1) that he believes that his TSCs are synchronized. */ if (mp_ncpus 1 !smp_tsc) tsc_timecounter.tc_quality = -100; #endif It will set the quality of the timestamp counter to -100 if SMP is detected and effectively disable it so by default the TSC won't be used on an SMP system and consequently you don't have to use ALTQ_NOPCC. It is probably safe to enable and use TSC in pf, as described in the code, if you have a modern Intel CPU but I have not tested it. Regards Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Get the cwd of a process?
patrick wrote:
I've made some headway... perl supports sitecustomize.pl which can
be used to execute code when any perl script is run. It doesn't seem
to be enabled by default, so I had to add the following line to
/usr/ports/lang/perl5.8/Makefile's CONFIGURE_ARGS:
-Dusesitecustomize \
As a temporary measure, my sitecustomize.pl has:
system echo $$ $ENV{'PWD'} $0 . (localtime) . /tmp/scripts_used.lst;
(found this in another thread somewhere)
So, hopefully the next time this spammer comes back, I will see the
original working directory, etc. before the process forks itself.
Fingers crossed!
Patrick
For the mail archives and also my personal interest - did you ever
figure out what was running the script?
/Morgan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD 7.1 as a router - poor download speed, but normal upload
.kkursor wrote: Hello everybody! Please help me if you can. I have a home server built on Gigabyte MiniITX motherboard with VIA C3 800MHz CPU and 512M RAM aboard. The server acts as a file server, torrent downloader, router and mail and HTTP server. I have a PPTP connection to my ISP through the integrated network card. The network configuration is: [0:04] kkur...@dot.kkursor.ru ~ # ifconfig rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8VLAN_MTU ether 00:19:cb:54:c6:15 inet 192.168.0.26 netmask 0xff00 broadcast 192.168.0.255 media: Ethernet autoselect (100baseTX full-duplex) status: active rl1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8VLAN_MTU ether 00:0f:ea:e2:cd:e0 inet 192.168.158.102 netmask 0xff00 broadcast 192.168.158.255 media: Ethernet autoselect (100baseTX full-duplex) status: active lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 inet 127.0.0.1 netmask 0xff00 tun0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST metric 0 mtu 1500 inet 195.98.183.20 -- 172.30.96.1 netmask 0x Opened by PID 73795 tun1: flags=8010POINTOPOINT,MULTICAST metric 0 mtu 1500 rl1 is integrated network card and rl0 is an additional PCI NIC which is inserted into the only PCI slot on the motherboard. Connection to ISP is done over rl1 using port pptp-client. The problem is that there is very low download speed. My ISP provides symmetric 4Mbps line, but download speed is poor - about 1 Mbps. Upload speed is OK. I called ISP, they asked me to connect WinXP computer and measure speed. It was normal, therefore there is an issue in my server. If you could point me in the right direction, it would be wonderful. Thank you very much for your work! With best regards and looking forward for answer, Kirill Sarksyan, Russian Federation Did you really saturate your upload while testing your download speed in WinXP? What you're describing is a common problem with how TCP works especially on (but not limited to) assymetric connections. I use the technique described by Daniel Hartmeier to circumvent it and can fully utilize my upload and download simultaneously. http://www.benzedrine.cx/ackpri.html /Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: what www perl script is running?
Jonathan McKeown wrote: On Wednesday 26 August 2009 15:44:41 Adam Vande More wrote: [450 lines including multiple signatures and twelve levels of quoting, all to say:] Specifically what am I confused on? Or are you just going to continue with the personal attacks? You've offered no technical rebuttal, simply insults. Please, take it to email - or at least learn to trim (ideally both). No, please keep it on the list. I really, really want to see what concensus you reach. :-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Recover deleted file
Leonardo M. Ramé wrote: Hi, I deleted a directory using rm -rf directory in a mounted NTFS volume (with ntfs-3g) and I'm wondering if is there a way to recover this directory? Thanks in advance, Leonardo. sysutils/testdisk I haven't used it in FreeBSD but I have used it successfully in Linux to undelete files and folders on NTFS partitions. Wiki to describe the procedure is here: http://www.cgsecurity.org/wiki/TestDisk:_undelete_file_for_NTFS Regards Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD 7.2 o/s on a flash stick
Fbsd1 wrote: Al Plant wrote: Aloha Gurus. All the gogle-ing I did does not give a current status on or how-to on installing FreeBSD 7.2 on a flash stick on one slice with the default partions. I want to boot from it on a mini lap top ( no CD ) and use it like the hd inside. Hi Al The way i have done this in 7.0 7.1 and 7.2 is to boot off the cd1 install cd and do a normal install to my 1gb flash stick. A 1gb flash stick is to small for the default slice sizes. You will have to manually allocate the / /usr /var /swap sizes. I also found it usefully to set the boot flag when allocating the whole flash stick. A 2gb or larger flash stick allows you to take the auto-allocate option for / /usr /var /swap sizes. Keep in mind that your /var log files can fill up you flash stick real quick and lock up your system. If your running this flash stick 7/24 then rotate them more often deleting the oldest one. It's as simple as that. I usually find it easier and faster to do this the manual way. You need the DVD iso image with the live filesystem. Boot from it and enter the fixit shell. Create one bootable slice covering the whole USB-stick: # fdisk -BI /dev/da0 Create one bootable BSD partition covering the whole slice: # bsdlabel -B -w /dev/da0s1 Create the filesystem and give it a label you can refer to in fstab: # newfs -U -L FreeBSDonUSB /dev/da0s1a Mount it: # mount /dev/da0s1a /mnt Extract at a minimum base and the generic kernel: # DESTDIR=/mnt /dist/7.2-RELEASE/base/install.sh # DESTDIR=/mnt /dist/7.2-RELEASE/kernels/install.sh generic Delete the empty default kernel directory and move the generic kernel into its place: # rmdir /mnt/boot/kernel # mv /mnt/boot/GENERIC /mnt/boot/kernel Create /etc/fstab: # echo '/dev/ufs/FreeBSDonUSB / ufs rw,noatime 1 1' /mnt/etc/fstab Load the necessary kernel module at boot: # echo 'geom_label_load=YES' /mnt/boot/loader.conf Create /etc/rc.conf. Adjust and add to your own needs: # echo 'ifconfig_DEFAULT=DHCP' /mnt/etc/rc.conf # echo 'hostname=freebsd' /mnt/etc/rc.conf # echo 'keymap=swedish.iso' /mnt/etc/rc.conf # echo 'sshd_enable=YES' /mnt/etc/rc.conf Set the time zone: # cp /mnt/usr/share/zoneinfo/Europe/Stockholm /mnt/etc/localtime Set the root password in the new environment: # chroot /mnt /bin/sh # passwd root # exit Now exit SYSINSTALL and reboot. I hope I haven't missed anything. I think geom_label is unnecessary in FreeBSD 7+ but it doesn't hurt. Also remember that the displayed time is dependent on whether your computer's CMOS clock is UTC or local time. Maybe someone has a nice trick to correct for both options. Finally some credit to the guide I learned this from: http://typo.submonkey.net/articles/2006/04/13/installing-freebsd-on-usb-stick-episode-2 I actually do all my FreeBSD installs this way nowadays but I use gmirror instead of the label. Regards Morgan Wesström ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: mysql error
thanos trompoukis wrote: Hi all, I am new with FreeBSD and I have a problem with mysql. I have 6.2Release i386 I am running mysql 5.0.27 and It worked perfectly until the time that I formated /tmp (for some other reason) and now when I am trying to connect on mysql *I get this:* *[r...@leonidas:/]$ mysql ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock2' (38)* *and when I edit /var/db/mysql/leonidas.MSHOME.err I see this:* *090628 14:49:19 mysqld started 090628 14:49:19 [Warning] Ignoring user change to 'ser=mysql' because the user was set to 'mysql' e 090628 14:49:20 InnoDB: Started; log sequence number 0 43655 090628 14:49:20 [ERROR] Can't start server : Bind on unix socket: Permission denied 090628 14:49:20 [ERROR] Do you already have another mysqld server running on socket: /tmp/mysql.soc 090628 14:49:20 [ERROR] Aborting 090628 14:49:20 InnoDB: Starting shutdown... 090628 14:49:22 InnoDB: Shutdown completed; log sequence number 0 43655 090628 14:49:22 [Note] /usr/local/libexec/mysqld: Shutdown complete 090628 14:49:22 mysqld ended *I have checked /tmp and there is no mysql.sock file. (because I formated /tmp immagine) I wouldn't like to loose my database, and I have no idea What I have to do? Thanx! :D Don't forget to chmod 1777 /tmp /Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Other browsers show the same behaviour (Firefox crashes on yahoo.com)
Manish Jain wrote: The problem is not restricted to firefox or yahoo.com. There are other sites too where this happens. I built Galeon from ports, and it shows exactly the same behaviour as firefox2/firefox3 for those sites. So does Epiphany (installed from the distribution media). Hi, This seems to be a strange problem with Firefox which I never encountered on my old system. Both Firefox2 and Firefox3 work well the other sites I have tried accessing, but crash on navigating to www.yahoo.com /usr/home/emmjanex # firefox3 http://www.yahoo.com [1] 2668 /usr/home/emmjanex # NP_Initialize New SetWindow SetWindow NewStream WriteReady Write decoding... The program 'firefox-bin' received an X Window System error. This probably reflects a bug in the program. The error was 'BadImplementation (server does not implement operation)'. (Details: serial 31 error_code 17 request_code 140 minor_code 5) (Note to programmers: normally, X errors are reported asynchronously; that is, you will receive the error a while after causing it. To debug your program, run it with the --sync command line option to change this behavior. You can then get a meaningful backtrace from your debugger if you break on the gdk_x_error() function.) [1]+ Exit 1 firefox3 http://www.yahoo.com There is nothing relevant to the crash in Xorg.0.log or console.log I'm not using X at all on my FreeBSD machines so I don't know if this is related. We had a similar problem in Gentoo lately where Firefox simply segfaulted on certain webpages. It was tracked down to librsvg and there is a temporary patch for 2.22-2.26: http://mirrors.evolva.ro/gentoo-portage/gnome-base/librsvg/files/librsvg-2.22.3-fix-segfault-with-firefox.patch As I said, I don't know if this relates to FreeBSD in any way but to a layman like myself it seems plausible since it's the same applications involved and I can't see that there is a patch for this in Ports. Some developer probably can make more sense out of this than I but I though it was worth mentioning. Regards Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Python 2.6 and upgrade-site-packages
I haven't performed the upgrade from 2.5 to 2.6 yet but I notice my /usr/local/lib/python2.5/site-packages is empty. Does that mean I can skip running upgrade-site-packages afterwards and avoid the problems with portmaster, currently discussed on the list? /Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
vmstat questions
Hi. This is my vmstat -i from my newly installed 7.2-RELEASE-amd64: # vmstat -i interrupt total rate irq4: sio0 1105 0 irq17: em1 uhci1+ 10921807182 irq19: uhci3++ 8196905136 cpu0: timer117164643 1956 irq256: em0 7346687122 irq257: re0 166625 2 cpu1: timer117164471 1956 Total 260962243 4358 For a long time I've tried to find out what the + and ++ means. Can anyone shed some light on that? Also, where did my atapcis on irq19 go? I'm pretty sure I had them listed there in 7.0-RELEASE. dmesg snip: uhci3: Intel 82801H (ICH8) USB controller USB-B port 0xd480-0xd49f irq 19 at device 29.1 on pci0 atapci2: Intel ICH8 SATA300 controller port 0xe880-0xe887,0xe800-0xe803,0xe480-0xe487,0xe400-0xe403,0xe080-0xe08f,0xe000-0xe00f irq 19 at device 31.2 on pci0 atapci3: Intel ICH8 SATA300 controller port 0xd080-0xd087,0xd000-0xd003,0xcc00-0xcc07,0xc880-0xc883,0xc800-0xc80f,0xc480-0xc48f irq 19 at device 31.5 on pci0 Regards Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: What do ASCII codes 128-159 stand for?
Lars Eighner wrote: That is all the ASCII codes there are. ASCII is a a seven-bit standard. There is no such thing as ASCII codes from 160-255. ASCII is a 7-bit standard. You cannot express 160 in seven bits. No, because there are no ASCII codes between 128 and 159. ASCII is a 7-bit standard. which as I have mentioned, is a seven-bit standard. Just to clarify, are you saying that ASCII is a 7-bit standard? Innocently, Mike I'm almost certain I've seen this exact discussion on an episode of Red Dwarf. ;-) Respectfully, Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to rotate a tcpdump file
Frank Shute wrote: On Sat, May 23, 2009 at 02:57:08PM +0300, Yavuz Ma?lak wrote: I wish tcpdump to rotate tcpdump file whose size reaches 10Mbyte. Which command should I use ? You should be able to set up newsyslog(8) to rotate the dumps. You want to have a look at newsyslog.conf(5) to craft a line to put in your conf file. There are examples to work from in the conf file already. Regards, Correct me if I'm wrong but wouldn't tcpdump have to be restarted after the logrotate? I'm under the impression that it would just continue to output to the old inode even if the file occupying it changes name and the restart functionality of newsyslog(8) isn't really bright enough to restart tcpdump with all its initial parameters. I'm using sysutils/cronolog for my Apache logs so I don't have to restart Apache at all for the logrotate. Unfortunately cronolog doesn't seem to have a size option to trigger the rotation though. Maybe there's another alternative for the OP? /Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: bsnmpd vs net-snmp
2) Is there anyway to enable these two options during make without editing the Makefile? 2. The easiest way is to set the define upon running make [/usr/ports/net-mgmt/net-snmp]$ make -DWITH_MFD_REWRITES install clean Thanks Steve, I actually tried that before posting but thought I made something wrong since I couldn't spot that command in the output. A vimdiff between that output and a regular make, shows significant differences though so I assume everything is alright. Thanks again for helping me solve this irritating problem I've had for so long. /Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: bsnmpd vs net-snmp
net-snmp has no problems providing 64-bit counters (interface and disk). You must build it with -DWITH_MFD_REWRITES (passes --with-mfd-rewrites to ./configure). I do not know why this is not the default. It works just fine. I also have a PR open to make this define a ports 'make config' option (therefore a persistent setting), but the maintainer has ignored this. This post caught my attention because I've had a 64 bit - 32 bit truncation error in my SNMP logs since I installed net-snmp on my AMD64 a year ago. I was unable to figure out how to add -DWITH_MFD_REWRITES to make so I ended up editing the Makefile and added --enable-mfd-rewrites (the compile told me --with-mfd-rewrites had been replace by --enable-mfd-rewrites). My error messages now seems to have disappeared so I'm extremely happy. I later found the following info in NEWS: Solaris, FreeBSD, OpenBSD: - Experimental support for 64bit interface counters (ifXTable). Enable via '--with-mib-modules=if-mib --enable-mfd-rewrites'. So I have two questions: 1) Is --with-mib-modules=if-mib already covered in the Makefile? I can see the parameter but it refers to a variable I don't know the contents of. The variable seems to refer to the build option NET_SNMP_MIB_MODULES which is mentioned at the beginning of the compile process but I don't know how to use it or its initial value. 2) Is there anyway to enable these two options during make without editing the Makefile? Regards Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ipfw, pf and ALTQ on outbound traffic? (or: The net is slow when I upload!)
CyberLeo Kitsana wrote: Morgan Wesström wrote: Jubal Kessler wrote: (To put it another way: When I max out my upstream, and my upstream is capped lower than my downstream, my downstream becomes useless and I am forced to wait until the upload finishes before I can resume using the downstream. This is a problem, and I'd like to solve it.) This is exactly the reason why I built my own router several years ago. I have done the same with PF and AltQ for the past few years. It is so effective on my 1536/384 ADSL that I now have the opposite problem: a large download will lag both downloads and uploads. Sadly, this is a more difficult issue to tackle without full access to hardware at both ends of the slow link. Yes, I have noticed that too. Some discussions I've seen suggest that you add a queue on your internal interface too and limit the bandwidth entering your LAN. This will drop packets and TCP is supposed to renegotiate transmission windows then and make the upstream server send data slower and not saturate your download. I'm no expert in the gritty technical details and I haven't tried this myself but it might be worth experimenting with. /Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ipfw, pf and ALTQ on outbound traffic? (or: The net is slow when I upload!)
http://homerouters.info/wiki/Main_Page Be aware that I'm not a very good teacher... ;-) On the contrary, you're an excellent teacher, and I now have a working pf configuration handling my NAT duties as well as outbound traffic shaping (and handy graphs, too). Thank you very much for the well-written guide! Jubal That's very kind of you, I'm already blushing :-) I'm happy it helped solve your problem. If you find any errors or other weirdness, all feedback is appreciated. Regards Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: {Classmates#889-142}read it immediately
Paul Procacci wrote: To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Darn, here I was expecting a completely different kind of answer. Now I have to find something else to brighten up my day... ;-) /M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ipfw, pf and ALTQ on outbound traffic? (or: The net is slow when I upload!)
Jubal Kessler wrote: Greetings, Is there a general how-to, or a set of coherent instructions, for shaping outbound traffic such that when I upload something over my asymmetric cable-modem pipe, doing so doesn't completely kill my Web browsing or any other attempts to use my Internet connection? Daniel Hartmeier's tutorial is the base on which I build my own knowledge: http://www.benzedrine.cx/ackpri.html I have helped my friends build FreeBSD based routers for a few years now. I've put together a documentation, mainly to help myself being consistent, but your free to look at my examples there and the reasoning behind it. It's in the Firewall setup guide but it's rather long since I explain in detail every part of the firewall rule set: http://homerouters.info/wiki/Main_Page Be aware that I'm not a very good teacher... ;-) (To put it another way: When I max out my upstream, and my upstream is capped lower than my downstream, my downstream becomes useless and I am forced to wait until the upload finishes before I can resume using the downstream. This is a problem, and I'd like to solve it.) This is exactly the reason why I built my own router several years ago. I have looked at various ALTQ + pf setups on the Web, but I have one caveat. I use FreeBSD 6.4 on my home gateway, and it is also using the default natd server, which relies on an ipfw divert rule. I don't know if this matters, or if I need to switch from natd to a pf-based NAT setup. Should I use *just* ipfw, or should I switch everything to pf (including NAT services) and go from there? I have no experience running pf and ipfw at the same time. NAT is handled perfectly by pf and keeping everything in the same config makes everything much easier. Naturally I recommend you have a look at the example in my tutorial and the pf man page of course. It's extremely flexible. Thanks much, Jubal /Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Cron Not Sending Mail
APseudoUtopia wrote:
In my case I only see either local there or my smart host as defined
in /var/mail/{hostname}.mc
Can you provide a diff -u between /etc/mail/freebsd.mc and
/etc/mail/{hostname}.mc ?
/Morgan
I'd switch over to postfix, but I'm only using this to send output
from cron and the daily security run scripts. I don't receive any mail
over the network, so I think it'd be pointless to go through the
effort of switching and configuring another MTA.
Here's the diff. I figured it was too long to include in the email
(word wrap will make it hard to read :-P)
http://pastebin.ca/1352338
I'm no expert on Sendmail but you are aware that dnl is Sendmail's way
of commenting out a line, aren't you? In your config you have disabled
pretty much every configuration file in /etc/mail, especially
/etc/mail/access which defines who can relay mail through the local MTA.
I'm pretty sure this isn't a good idea. Apart from this I couldn't see
any major differences between your config and FreeBSD's default. Why not
try to use the default config and make sure to populate /etc/mail/access
with at least 127.0.0.1 RELAY and try again?
/Morgan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Cron Not Sending Mail
Yeah, I am aware what dnl does. The reason I commented that stuff out is because I have no use for any of it - all those files (access, local-host-names, mailertable, virtusertable, etc) are all empty by default and I had no reason to add anything to them. I'll try going back to the default config and putting the RELAY line in the access file. Thanks once again for the help. I really do appreciate the time. Sendmail is not an open relay by default so you need at least one RELAY entry in /etc/mail/access for it to forward mail externally. I'm still curious of where it picks up that w...@localhost but chances are it will disappear as soon as you have a valid access config. /Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Cron Not Sending Mail
Glen Barber wrote: On Tue, Mar 3, 2009 at 4:10 PM, APseudoUtopia apseudouto...@gmail.com wrote: Thanks for the tips. I've put the following line in my normal user account's crontab (This account does have a shell, it's one I use on a daily basis): SHELL=/bin/sh mailto=my_email_acco...@gmail.com * * * * * /sbin/ping -c4 localhost I'm getting no emails at all. In /var/log/maillog, I'm getting the following output: Mar 3 21:10:00 domain sendmail[86797]: n23LA0td086797: from=www, size=0, class=0, nrcpts=0, msgid=200903032110.n23la0td086...@subdomain.domain.tld, relay=...@localhost Isn't w...@localhost a very weird hostname for a relay? Can you really resolve that into an IP address? /Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Cron Not Sending Mail
relay=...@localhost
Isn't w...@localhost a very weird hostname for a relay? Can you really
resolve that into an IP address?
/Morgan
Hm, I'm not sure where it's getting that from. The MAILTO variable is
set in the crontab, so it shouldn't be going to or relaying through
localhost at all, right? It should go directly to gmail's servers?
If grep 'n23LA0td086797' /var/log/maillog only yields one entry, then
something is wrong with your email setup. There should at least be one more
entry from the spooler to pickup final destination. And yes, the
relay 'w...@localhost' seems odd, but since I gave up sendmail for postfix
years ago, I'm not current with how it spits things into syslog.
In my case I only see either local there or my smart host as defined
in /var/mail/{hostname}.mc
Can you provide a diff -u between /etc/mail/freebsd.mc and
/etc/mail/{hostname}.mc ?
/Morgan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Is there a trick to boot 7.1 install CD with USB keyboard?
Dell OptiPlex 745 - no PS/2 connectors. USB keyboard works on boot menu but during kernel initialization I see this: usb1: host controller halted uhub1: device problem (IOERROR), disabling port 2 Keyboard is non-working when SYSINSTALL starts. Upgraded to latest BIOS and error disappears but keyboard is still non-working in SYSINSTALL. I've tried both front and rear USB ports. I've googled extensively but can't find any workaround or trick to make this work. Solution seems to be 8.0-CURRENT or am I missing something vital here? I was hoping for some command to issue at the boot prompt... Regards Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is there a trick to boot 7.1 install CD with USB keyboard?
-Original Message- From: Morgan Wesström [mailto:freebsd-questi...@pp.dyndns.biz] Sent: 28 January 2009 13:27 To: FreeBSD Questions Subject: Is there a trick to boot 7.1 install CD with USB keyboard? Dell OptiPlex 745 - no PS/2 connectors. USB keyboard works on boot menu but during kernel initialization I see this: usb1: host controller halted uhub1: device problem (IOERROR), disabling port 2 snip Have you made sure you have USB keyboard support enabled in the bios and you may also need to enable USB legacy support. Regards Graeme Thanks Graeme. None of those options exist in the BIOS of this particular machine. I assume it's always enabled due to its lack of PS/2 connectors. At least one Google hit mentions Dell Optiplex 745 specifically not working while model 755 boots FreeBSD without problems. Disabling atkbd via hints (as suggested by other posts) doesn't change the behaviour either unfortunately. This isn't extremely important to me. I simply wondered if I had missed some vital information regarding the use of USB keyboards. /Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: PHP 5.2.8 crash (segmentation fault 11)
Saifi Khan wrote:
Hi all:
Freshly compiled PHP 5.2.8 with PECL and PHP5-extensions support
on FreeBSD 7.1 (i386) seems to be crashing in
#0 0x28e3e006 in hash_lookup (hashtab=0x29ea2f70,
key=0xbfbfea30 \221Û\222)À{\206)p/ê)ì\r\226)`Qp() at misc.c:349
349 for (ret = hashtab-table[hash_index (hashtab,key)]; ret; ret =
ret-next)
[New Thread 0x28759400 (LWP 100083)]
The stack frame are shown below.
snip
Anybody pointers as to how to solve this issue ?
Isn't this simply the classic problem with the order of the extensions
in extensions.ini?
http://www.pingle.org/2006/10
/Morgan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: default CFLAGS
RW wrote:
On Sat, 24 Jan 2009 12:51:32 +
Saifi Khan saifik...@gmail.com wrote:
on running the command 'make -V CFLAGS', the output is
-O2 -fno-strict-aliasing -pipe
i haven't setup the CPUTYPE anywhere (not as an env variable nor in
/etc/make.conf)
So are these default settings for a generc x86 based system ?
Yes, if you are using i386.
Most CPUs have the same default CFLAGS, it's the value of CPUTYPE
that's passed to the compiler that determines processor optimizations.
If you want to know what gcc processor optimizations will be enabled you
can do this:
Create hello.c:
#include stdio.h
main()
{
printf(hello, world\n);
}
Then compile it with -Q -v in addition to the default CFLAGS:
gcc -O2 -fno-strict-aliasing -pipe -Q -v -o hello hello.c
The section options enabled will list them all. I usually only add
-march=native to my CFLAGS to enable a few more CPU specific
optimizations.
/Morgan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: default CFLAGS
Saifi Khan wrote: On Sat, Jan 24, 2009 at 5:57 PM, Pojken Purken p...@pp.dyndns.biz wrote: RW wrote: On Sat, 24 Jan 2009 15:27:02 +0100 Morgan Wesström freebsd-questi...@pp.dyndns.biz wrote: The section options enabled will list them all. I usually only add -march=native to my CFLAGS to enable a few more CPU specific optimizations. If you set CPUTYPE, -march is set to match, so setting -march=native should be redundant. OTOH a number of other make variables are defined from CPUTYPE, so if you set -march=native, but not CPUTYPE you might miss some optimisations based on build options. I've no idea whether there are any such options, just that you're probably not going to do better than setting CPUTYPE, and leaving the rest alone. I'm sorry I was unclear. I set CPUTYPE to native of course which is then passed as -march=native to compiler. The entry in file /var/run/dmesg.boot shows the CPU information as CPU: Intel (R) Celeron (R) CPU 2.40 GHz (686-class CPU) The entry in /usr/share/examples/etc/make.conf shows CPU types for Intel as core2 core nocona pentium4m pentium4 prescott pentium3m pentium3 pentium-m pentium2 pentiumpro pentium-mx pentium i486 i386 What would be the appropriate CPUTYPE specification in this case ? Is there any table which sort of maps the marketing names of the Intel processor with the CPU information shown in dmesg ? gcc 4.2 and later will figure out the correct -march and -mtune for you automatically if you use CPUTYPE=native. How it does it in detail can be seen in its source code but basically it's decided by checking manufacturer, cpu family and whether sse2 and sse3 support is present. Your processor is most likely a prescott and you can see what gcc selects by running the compilation example from my previous post. The choice shows up in its output. /Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: default CFLAGS
RW wrote:
On Sat, 24 Jan 2009 21:13:00 +0100
Morgan Wesström freebsd-questi...@pp.dyndns.biz wrote:
gcc 4.2 and later will figure out the correct -march and -mtune for
you automatically if you use CPUTYPE=native.
The point I was making before, is that CPUTYPE isn't just passed
transparently to gcc, it's used for setting other variables, such as
CFLAGS. So unless you know that CPUTYPE=native is supported by the OS as
well as the compiler, you probably shouldn't use it in make.conf.
I got that point. As with all tuning you always take the risk of
breaking something but that is a personal choice. From my own experience
I prefer that the compiler choses the optimizations.
I don't know about the base OS but a quick grep through /usr/ports only
reveals 5 or 6 ports that actually checks CPUTYPE and they don't do much
more than setting -march={$CPUTYPE} which is pretty redundant.
Regards
Morgan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: PHP Apache module no longer loads /usr/local/etc/php.ini
APseudoUtopia wrote: On Tue, Jan 6, 2009 at 12:26 AM, Morgan Wesström freebsd-questi...@pp.dyndns.biz wrote: Hi. I have two almost identical FreeBSD servers with FreeBSD 7.0, Apache 2.2.11 and PHP 5.2.8. After a restart of Apache four days ago, the PHP module on one of those servers no longer loads /usr/local/etc/php.ini and I can't for my world figure out what's preventing it. My workaround right now is to move php.ini to / where it is loaded properly. phpinfo on non-working server: http://pp.dyndns.biz/phpinfo.php phpinfo on working server: http://prefectftp.no-ip.com/phpinfo.php According to php.net the default location for php.ini is /usr/local/lib and to change that you have to compile PHP with --with-config-file-path=/some/path but I can't see that this is done on FreeBSD. Still /usr/local/etc is listed in phpinfo's Configuration File (php.ini) Path. What mechanism does FreeBSD use to alter the default location of the ini file? Can I somehow have interfered with that mechanism? The following things DO work though: - Setting PHPRC to /usr/local/etc (as described in php.ini) and restarting Apache loads /usr/local/etc/php.ini correctly. - CLI version works correctly regardless of PHPRC: # php -i | grep php.ini Configuration File (php.ini) Path = /usr/local/etc Loaded Configuration File = /usr/local/etc/php.ini No errors are listed in any log-file and I've been banging my head against the wall for four days now trying to solve this... Any help would be appreciated to figure out what stupid mistake I've made. :-) Regards Morgan Notice: Configuration File (php.ini) Path /usr/local/etc Loaded Configuration File /php.ini So it _IS_ looking in /usr/local/etc/ for a php.ini file, it just can't find it. Move the file back to /usr/local/etc/, then make sure the permissions are correct (so the www-data user can read) on both the php.ini file and the directories above it. I forgot to respond to the list on this. php.ini was present all the time in /usr/local/etc and with the right permissions. There seemed however to be some weird inconsistencies in my filesystem after one of the disks in my gmirror RAID1 failed earlier that day and I had to rebuild it. Creating a new copy of php.ini in /usr/local/etc once again made the php module able to pick it up. I have now fsck:ed all filesystems and I hope they're alright again. Just out of curiosity: how does the FreeBSD port of lang/php5 find /usr/local/etc/php.ini without being compiled with --with-config-file-path ? /Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
PHP Apache module no longer loads /usr/local/etc/php.ini
Hi. I have two almost identical FreeBSD servers with FreeBSD 7.0, Apache 2.2.11 and PHP 5.2.8. After a restart of Apache four days ago, the PHP module on one of those servers no longer loads /usr/local/etc/php.ini and I can't for my world figure out what's preventing it. My workaround right now is to move php.ini to / where it is loaded properly. phpinfo on non-working server: http://pp.dyndns.biz/phpinfo.php phpinfo on working server: http://prefectftp.no-ip.com/phpinfo.php According to php.net the default location for php.ini is /usr/local/lib and to change that you have to compile PHP with --with-config-file-path=/some/path but I can't see that this is done on FreeBSD. Still /usr/local/etc is listed in phpinfo's Configuration File (php.ini) Path. What mechanism does FreeBSD use to alter the default location of the ini file? Can I somehow have interfered with that mechanism? The following things DO work though: - Setting PHPRC to /usr/local/etc (as described in php.ini) and restarting Apache loads /usr/local/etc/php.ini correctly. - CLI version works correctly regardless of PHPRC: # php -i | grep php.ini Configuration File (php.ini) Path = /usr/local/etc Loaded Configuration File = /usr/local/etc/php.ini No errors are listed in any log-file and I've been banging my head against the wall for four days now trying to solve this... Any help would be appreciated to figure out what stupid mistake I've made. :-) Regards Morgan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
