web cache

2001-07-11 Thread TooManySecrets 

Hi.

Excuse me my ignorance, but ¿can I use a wwwofle, squid, or any of "proxy 
programs" like a web cache into my website?
Is a great mistake, or simply, I'm only the great mistake ;) ?

Thank's for all.

Have a nice day  ;-)
TooManySecrets


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Maybe... "off topic".

2001-07-11 Thread TooManySecrets 

Hi.

Excuse me this off topic, but my boss want (only for political budgets) 
prices of commercial hardware firewall's. I only use Linux for make this, and 
I don't know (except "infamous" Cisco :)) any solution with these 
requeriments.

Anybody can help me, please?

I will apologize about my bad english... sorry... :(

Have a nice day ;-)
TooManySecrets


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Email Server

2001-07-11 Thread Aaron Hall 
On Thu, 12 Jul 2001, Paul Rae wrote:

> High everyone, bit of a newbie when it comes to it but slowly trying to drag
> our systems from windows and first main task is mail...
>
> so ive got myself a nice server and played around with a few distros and
> have decided on debian and exmin
>
> right here comes the questions.



> 2. when i was playing with other distros things went quite well in the
> testing apart from one thing... relaying.  a lot of the users work out of
> the office using dialup and dynamic ips, whats the best way to enable
> relaying for this so that they can send and recieve mail but still not leave
> the server open?  as i failed miserable on this one and it was either
> completely open, or denied relaying completely, not the ideal situation ;)

There's going to be some tradeoffs no matter what you do here. We'll
assume that an open relay is unacceptable.

* Disallow relaying, except for IP ranges you know your users will be
  coming in on.

  Pros: no additional configuration on their end
  Cons: you have to figure out what they are, and depending on how much you
  can narrow down the ranges, other people on the same range can abuse
  your server (though not many). I used to work at an ISP that did this
  for certain customers, and we rarely had a problem with it.

* SMTP Authentication

  Pros: Clean; nobody can use your SMTP that you don't want using it
  Cons: Additional end-user configuration. Not all mail clients support it
  (or they don't support it the same way your SMTP server does). More stuff
  that can go wrong. Yet another password to deal with.

* Have your users use their ISP's SMTP server, but still POP mail from you

  Pros: No additional work for you
  Cons: Their From: address will be their home email address. This may
  or may not be acceptable, depending on circumstances.

There's other ways I'm not thinking of, I'm sure. Hopefully a magic bullet
is among them. :)

> 3. whats the best pop3 server to use with this, from what i have looked at
> qpopper seems to be quite popular, any other suggestions on this? a few
> people have suggested tpop3d but ive not been able to find out much about
> it.

I use qpopper and am quite happy with it. If you go with qpopper, I recommend
using 4.0.3 or better, rather than the 2.53 that's in Debian stable. 4.0.3
is more flexible in its configuration, for one. That, and there's this
ominous message on the qpopper home page that says "Don't use 2.53 with
Linux!" 

You can get 4.0.3 from www.eudora.com, or from the Debian testing
distribution. (If you do that, build it from the deb-src package. apt-get
can do that for you automatically. Of course, I'm assuming you're running
stable here.)

> 4.  is there anything else i have missed / should be taking into
> consideration? or any other hints / tips to push me in the right
> direction

Oh, probably. But I can't think of them right now. :) Good luck.

- Aaron

-- 
So:  My point is that [Microsoft] may have a ton of money and be more
vicious than a junkyard dog, and have a stranglehold on dimwitted IS
managers, but they're just not very _competent_.

-- Rick Moen, on macosx-for-users

Email Server

2001-07-11 Thread Paul Rae 
High everyone, bit of a newbie when it comes to it but slowly trying to drag
our systems from windows and first main task is mail...

so ive got myself a nice server and played around with a few distros and
have decided on debian and exmin

right here comes the questions.

1.  i will be hosting mail for sever domains, is this easy to achieve using
exim? or should i consider sendmail  / posfix or another for this (this isnt
going to be a high bandwidht server, small company mail server and few other
"bits")

2. when i was playing with other distros things went quite well in the
testing apart from one thing... relaying.  a lot of the users work out of
the office using dialup and dynamic ips, whats the best way to enable
relaying for this so that they can send and recieve mail but still not leave
the server open?  as i failed miserable on this one and it was either
completely open, or denied relaying completely, not the ideal situation ;)

3. whats the best pop3 server to use with this, from what i have looked at
qpopper seems to be quite popular, any other suggestions on this? a few
people have suggested tpop3d but ive not been able to find out much about
it.

4.  is there anything else i have missed / should be taking into
consideration? or any other hints / tips to push me in the right
direction


thanks

paul

##
Attention: 
Any views or opinions presented are solely those of the author and not
necessarily those of GlobalNetFinancial.com or its subsidiary companies.
##

Re: Virtual Hosting and the FHS

2001-07-11 Thread Craig Sanders 
On Wed, Jul 11, 2001 at 01:20:16PM +0200, Russell Coker wrote:
> Why not use vhost_alias_module in Apache and something like the
> following:  VirtualDocumentRoot /home/www/%-1/%-2/%-3/%-4+

because that's not as flexible as my system. it's fine if you want
all your vhosts exactly the same, but it doesn't allow for individual
variation.

also because my virtual-hosts.conf file is a central configuration file
for everything to do with virtual hosts, not just apache - generating
apache config fragments, htdig configuration, nightly log processing,
weekly linbot runs, etc etc.

any script i need to write can just open the virtual-hosts.conf file
and parse it (it's a single line, colon-delimited format) to find out
everything it needs to know about every virtual host.

if i need a new feature, i can easily add it just by writing a new
script. and both new & pre-existing vhosts can have it just by editing
their line in the config file. e.g. adding an htdig option for all
vhosts took me about 2 hours total to write the scripts...now any
vhost with the "htdig" flag in the config file has htdig configuration
generated when make is run.


it also makes it easy for me to track down problems from the vague
reports passed on by customer service - even if they only give me part
of the information, i can easily grep that config file and get all the
details on a single line.


> Then for the logging you can have the following at the start of the
> Apache config:
>
> LogFormat "%V %h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\" %T"
> 
> Which allows you to produce a single log file with coherant
> information on all domains.  My logtools package has everything you
> need to split up and manipulate the log file generated.  I can supply
> some sample scripts (I'll put them in the next version of logtools) to
> automatically create webalizer stats for all domains dynamically.

i'll look into that.

i need to split up the log files so that each virtual domain can
download their raw access logs at any time. having separate error log
files is necessary for debugging scripts too (and preserving privacy -
don't want user A having access to user B's error logs).

the only trouble is that means at least 2 log files open per vhost per
apache process...on one of my machines, that means 344 log files open
per process, * 50 processes (average) = 17,200 log files open.

that obviously is not very scalable.

i have figured out how to have just one log file open per httpd - a
named pipe to a splitter script, which writes to the real log files.

your logtools may be faster than my perl script. i may hack it to fit
into my scheme of having logs under ~user/www_logs/


i don't know yet what to about error logs. the only thing i can think
of is to hack apache so that every line output to STDERR is prefixed by
"domain:" - then it can be split just like the access logs.

it's either that or give up on the idea of separate error logswhich
makes them basically useless.

craig

-- 
craig sanders <[EMAIL PROTECTED]>

Fabricati Diem, PVNC.
 -- motto of the Ankh-Morpork City Watch

ispman

2001-07-11 Thread Waldemar Brodkorb 
Hello debianfriends,

have anyone of you tested ispman?
http://www.ispman.org

Anyone seen a deb-package of it?

bye
Waldemar

-- 
It's naive to assume that just installing a firewall is going to protect 
you from all potential security threat. That assumption creates a false 
sense of security, and having a false sense of security is worse than having 
no security at all.  -- Kevin Mitnick

Re: Virtual Hosting and the FHS

2001-07-11 Thread Haim Dimermanas 

> > Now imagine that the guy wants his website accessible via
> > http://example.com as well. The URL only has 2 parts. Apache will look for
> > the files in /home/www/com/example/_/_/(notice the 2 "_" this time) when
> > example.com is requested.
> >
> > Any solution?
> 
> Enable sym-links in Apache (I know some people recomment against it, but when
> apache has no special privs it's no real risk).  Then create a sym-link
> between them.

Thank you. Here is what I do now:

VirtualDocumentRoot /usr/local/apache/domains/%-2.1/%-2-%-1/%-3+/

With this, I have the following:

URL Directory
www.example.com /usr/local/apache/domains/e/example-com/www/
dev.example.com /usr/local/apache/domains/e/example-com/dev/
example.com /usr/local/apache/domains/e/example-com/_/
www.dev.example.com /usr/local/apache/domains/e/example-com/www.dev/

A symlink from "_" pointing to "www" does the job as far as I am concerned.
Thanks again for your input, it really helped.

Haim.

Re: Virtual Hosting and the FHS

2001-07-11 Thread Craig Sanders 

On Wed, Jul 11, 2001 at 01:20:16PM +0200, Russell Coker wrote:
> Why not use vhost_alias_module in Apache and something like the
> following:  VirtualDocumentRoot /home/www/%-1/%-2/%-3/%-4+

because that's not as flexible as my system. it's fine if you want
all your vhosts exactly the same, but it doesn't allow for individual
variation.

also because my virtual-hosts.conf file is a central configuration file
for everything to do with virtual hosts, not just apache - generating
apache config fragments, htdig configuration, nightly log processing,
weekly linbot runs, etc etc.

any script i need to write can just open the virtual-hosts.conf file
and parse it (it's a single line, colon-delimited format) to find out
everything it needs to know about every virtual host.

if i need a new feature, i can easily add it just by writing a new
script. and both new & pre-existing vhosts can have it just by editing
their line in the config file. e.g. adding an htdig option for all
vhosts took me about 2 hours total to write the scripts...now any
vhost with the "htdig" flag in the config file has htdig configuration
generated when make is run.


it also makes it easy for me to track down problems from the vague
reports passed on by customer service - even if they only give me part
of the information, i can easily grep that config file and get all the
details on a single line.


> Then for the logging you can have the following at the start of the
> Apache config:
>
> LogFormat "%V %h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\" %T"
> 
> Which allows you to produce a single log file with coherant
> information on all domains.  My logtools package has everything you
> need to split up and manipulate the log file generated.  I can supply
> some sample scripts (I'll put them in the next version of logtools) to
> automatically create webalizer stats for all domains dynamically.

i'll look into that.

i need to split up the log files so that each virtual domain can
download their raw access logs at any time. having separate error log
files is necessary for debugging scripts too (and preserving privacy -
don't want user A having access to user B's error logs).

the only trouble is that means at least 2 log files open per vhost per
apache process...on one of my machines, that means 344 log files open
per process, * 50 processes (average) = 17,200 log files open.

that obviously is not very scalable.

i have figured out how to have just one log file open per httpd - a
named pipe to a splitter script, which writes to the real log files.

your logtools may be faster than my perl script. i may hack it to fit
into my scheme of having logs under ~user/www_logs/


i don't know yet what to about error logs. the only thing i can think
of is to hack apache so that every line output to STDERR is prefixed by
"domain:" - then it can be split just like the access logs.

it's either that or give up on the idea of separate error logswhich
makes them basically useless.

craig

-- 
craig sanders <[EMAIL PROTECTED]>

Fabricati Diem, PVNC.
 -- motto of the Ankh-Morpork City Watch


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

LVS article in Linux Magazine

2001-07-11 Thread Theodore Knab 
There is a nice feature story in Linux Magazine called "Coping with Traffic" by 
Steve Suering.

It describes how to build LVS clusters.

The story starts with a short overview of the LVS architecture. 

It covers Features and Benifits.
-high availability
-scalability
-servicablitity
-load balancing

It also covers the routing implementations and different types of load 
balancing alogrithms used.
LVS routing
Nat 
IP tunnel
Direct Routing
LVS load balancing alogrithms 
Round-robin 
Weighted Round-Robin
Least-Connections
Weighted Least Connections
Destination Hashing ("director desides which server to use by 
looking up the destination IP adderess in a static hash table.")
Soure Hashing ("director decides which server to use by looking 
up the source IP address in a static hash table.")

In the end of the artical is a Installation, Configuration and testing section.

The author states that for the installation of the LVS there are only 4 steps:
patch the kernel
install perl module
installing admin. software for the LVS
making the configuration file

-Ted Knab 
Breezy Network Solutions

Re: Virtual Hosting and the FHS

2001-07-11 Thread Russell Coker 
On Wed, 11 Jul 2001 19:39, Haim Dimermanas wrote:
> > Why not use vhost_alias_module in Apache and something like the
> > following: VirtualDocumentRoot /home/www/%-1/%-2/%-3/%-4+
>
> I have one large problem with this solution and I have been working on it
> for days without being able to solve it.
>
> What do you do if your customer have a URL that has less than 4 parts?
>
> Example: My domain name is example.com. If I have a www A record set in the
> DNS, it will look for the files in /home/www/com/example/www/_/ (notice the
> "_" at the end) when www.example.com is requested.
>
> Now imagine that the guy wants his website accessible via
> http://example.com as well. The URL only has 2 parts. Apache will look for
> the files in /home/www/com/example/_/_/(notice the 2 "_" this time) when
> example.com is requested.
>
> Any solution?

Enable sym-links in Apache (I know some people recomment against it, but when 
apache has no special privs it's no real risk).  Then create a sym-link 
between them.

If you don't want sym-links then use the --bind option to mount with kernel 
2.4.x and create hard-links in the kernel.

-- 
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/   Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/ My home page

Re: Apache load ballancing

2001-07-11 Thread Russell Coker 
On Wed, 11 Jul 2001 16:37, Przemyslaw Wegrzyn wrote:
> On Wed, 11 Jul 2001, staf wagemakers wrote:
> > > I don't need persistent HTTP connections - I need persistent
> > > connections from my web application. That's why I need each session to
> > > be continued on the same host where it started.
> >
> > That is exactly what LVS does, it even works with https, where it is
> > necessary that each session goes back to the same server.
> >
> > You can find more info about LVS & persistence at
> > http://www.linuxvirtualserver.org/persistence.html
>
> I'm just reading it right now, thanks for URL. I'm not sure if I
> understand it well - it assigns client to particular real server on client
> IP number basis ? If so, it can be quite unballanced sometimes...
> Imagine large masqerading networks.

If the balancing is performed based on the number of connections (not the 
number of clients) then a masqueraded network directed to one server would 
balance some hundreds or thousands of non-masqueraded connections.

-- 
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/   Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/ My home page

ispman

2001-07-11 Thread Waldemar Brodkorb 

Hello debianfriends,

have anyone of you tested ispman?
http://www.ispman.org

Anyone seen a deb-package of it?

bye
Waldemar

-- 
It's naive to assume that just installing a firewall is going to protect 
you from all potential security threat. That assumption creates a false 
sense of security, and having a false sense of security is worse than having 
no security at all.  -- Kevin Mitnick


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Virtual Hosting and the FHS

2001-07-11 Thread Haim Dimermanas 


> > Now imagine that the guy wants his website accessible via
> > http://example.com as well. The URL only has 2 parts. Apache will look for
> > the files in /home/www/com/example/_/_/(notice the 2 "_" this time) when
> > example.com is requested.
> >
> > Any solution?
> 
> Enable sym-links in Apache (I know some people recomment against it, but when
> apache has no special privs it's no real risk).  Then create a sym-link
> between them.

Thank you. Here is what I do now:

VirtualDocumentRoot /usr/local/apache/domains/%-2.1/%-2-%-1/%-3+/

With this, I have the following:

URL Directory
www.example.com /usr/local/apache/domains/e/example-com/www/
dev.example.com /usr/local/apache/domains/e/example-com/dev/
example.com /usr/local/apache/domains/e/example-com/_/
www.dev.example.com /usr/local/apache/domains/e/example-com/www.dev/

A symlink from "_" pointing to "www" does the job as far as I am concerned.
Thanks again for your input, it really helped.

Haim.


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

LVS article in Linux Magazine

2001-07-11 Thread Theodore Knab 

There is a nice feature story in Linux Magazine called "Coping with Traffic" by Steve 
Suering.

It describes how to build LVS clusters.

The story starts with a short overview of the LVS architecture. 

It covers Features and Benifits.
-high availability
-scalability
-servicablitity
-load balancing

It also covers the routing implementations and different types of load balancing 
alogrithms used.
LVS routing
Nat 
IP tunnel
Direct Routing
LVS load balancing alogrithms 
Round-robin 
Weighted Round-Robin
Least-Connections
Weighted Least Connections
Destination Hashing ("director desides which server to use by looking 
up the destination IP adderess in a static hash table.")
Soure Hashing ("director decides which server to use by looking up the 
source IP address in a static hash table.")

In the end of the artical is a Installation, Configuration and testing section.

The author states that for the installation of the LVS there are only 4 steps:
patch the kernel
install perl module
installing admin. software for the LVS
making the configuration file

-Ted Knab 
Breezy Network Solutions


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Virtual Hosting and the FHS

2001-07-11 Thread Russell Coker 

On Wed, 11 Jul 2001 19:39, Haim Dimermanas wrote:
> > Why not use vhost_alias_module in Apache and something like the
> > following: VirtualDocumentRoot /home/www/%-1/%-2/%-3/%-4+
>
> I have one large problem with this solution and I have been working on it
> for days without being able to solve it.
>
> What do you do if your customer have a URL that has less than 4 parts?
>
> Example: My domain name is example.com. If I have a www A record set in the
> DNS, it will look for the files in /home/www/com/example/www/_/ (notice the
> "_" at the end) when www.example.com is requested.
>
> Now imagine that the guy wants his website accessible via
> http://example.com as well. The URL only has 2 parts. Apache will look for
> the files in /home/www/com/example/_/_/(notice the 2 "_" this time) when
> example.com is requested.
>
> Any solution?

Enable sym-links in Apache (I know some people recomment against it, but when 
apache has no special privs it's no real risk).  Then create a sym-link 
between them.

If you don't want sym-links then use the --bind option to mount with kernel 
2.4.x and create hard-links in the kernel.

-- 
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/   Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/ My home page


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Apache load ballancing

2001-07-11 Thread Russell Coker 

On Wed, 11 Jul 2001 16:37, Przemyslaw Wegrzyn wrote:
> On Wed, 11 Jul 2001, staf wagemakers wrote:
> > > I don't need persistent HTTP connections - I need persistent
> > > connections from my web application. That's why I need each session to
> > > be continued on the same host where it started.
> >
> > That is exactly what LVS does, it even works with https, where it is
> > necessary that each session goes back to the same server.
> >
> > You can find more info about LVS & persistence at
> > http://www.linuxvirtualserver.org/persistence.html
>
> I'm just reading it right now, thanks for URL. I'm not sure if I
> understand it well - it assigns client to particular real server on client
> IP number basis ? If so, it can be quite unballanced sometimes...
> Imagine large masqerading networks.

If the balancing is performed based on the number of connections (not the 
number of clients) then a masqueraded network directed to one server would 
balance some hundreds or thousands of non-masqueraded connections.

-- 
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/   Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/ My home page


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Virtual Email Hosting, IMAP and LDAP - advise needed

2001-07-11 Thread Gerard MacNeil 
On 11 Jul 2001 16:48:00 +0200, Ramin Motakef <[EMAIL PROTECTED]> wrote:


> The next question:
> How do people organize the LDAP tree? 
> I´ ve searched around the Internet, found lot of infos on LDAP, but
> not a concrete example of LDAP driven email solution. So, if you have
> links, or like to share your setup, please respond.

Check this list's archives. It was discussed quite extensively a while back.


Gerard MacNeil
System Administrator

RE: Recommended way to setup an encrypted tunnel (a VPN)

2001-07-11 Thread Jeremy Gaddis 
I said that IPSec was probably the "best" way because it's
a standard protocol, with companies such as Microsoft and
Cisco supporting it and it's supposed to be built into IPv6
if/when we ever see that.

As for how it compares, I have no idea.  FreeS/WAN is the
only implementation of IPSec I've used so I won't try to
say that it's better or worse than any other implementation.

j.

--
Jeremy L. Gaddis <[EMAIL PROTECTED]>

-Original Message-
From: Stephane Bortzmeyer [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 11, 2001 3:17 AM
To: Jeremy Gaddis
Cc: debian-isp@lists.debian.org
Subject: Re: Recommended way to setup an encrypted tunnel (a VPN)


On Tue, Jul 10, 2001 at 11:25:24AM -0500,
 Jeremy Gaddis <[EMAIL PROTECTED]> wrote
 a message of 42 lines which said:

> Using an IPSec VPN is probably the "best" way to do it.

Why? (This is a real question: I see *many* solutions but I wonder why
I would choose one above the others.)

> FreeS/WAN (http://www.freeswan.org) is a Linux implementation
> of IPSec, but it's not the easiest thing in the world to

How do you compare it to other IPsec implementations such as pipsecd?


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]

Virtual Email Hosting, IMAP and LDAP - advise needed

2001-07-11 Thread Ramin Motakef 
Hi,
first of all i am quite new to all this stuff, so if anything below is
plain stupid, please tell me. (RTFM wellcome).

What i want to do is hosting virtual email domains on one server,
which should be accessible by IMAP and/or POP3 Clients. This actually
already works with exim as MTA and courier for POP and IMAP.

First question: 
I have exim deliver the mails in maildir format to 
/var/spool/virtual// with permissions "mail:mail 600".
Courier uses auth-userdb, the usernames are of the form
. and all users have uid=gid=8 (mail).
Is this save or are there better ways to set the permissions/ids?

Now to the hard part:
I´ve heard (read) a lot of good thing things about LDAP, and having
all the infos at a central place sounds really fine to me. 

The next question:
How do people organize the LDAP tree? 
I´ ve searched around the Internet, found lot of infos on LDAP, but
not a concrete example of LDAP driven email solution. So, if you have
links, or like to share your setup, please respond.

Thanks,
Ramin

Re: which radius server?

2001-07-11 Thread Brian Johnston 
Try:

http://www.freeradius.org

They have cistron-radius in their ftp directory: ftp.freeradius.org/pub/radius/
And have quite a robust radius server (I use cistron-radius on all the ISP's I
admin that have portmasters)

Brian


On Tue, 10 Jul 2001 20:26:08 -0600, Vector said:

> Just wondering if there are any good open source and free radius servers 
> out there to use that work well on debian and what others are using to do 
> radius with their ISP's.  Thanks,
>  
>  vector
>  
>  
>  
>   --- Next Part --- 
>  
>  
>  
>  
>  
>  
>  
>  
>      Just wondering if there are 
> any 
>  good open source and free radius servers out there to use that work well on 
>  debian and what others are using to do radius with their ISP's.  
>  Thanks,
>   
>  vector
>   
>

Re: Virtual Hosting and the FHS

2001-07-11 Thread Haim Dimermanas 

> Why not use vhost_alias_module in Apache and something like the following:
> VirtualDocumentRoot /home/www/%-1/%-2/%-3/%-4+

I have one large problem with this solution and I have been working on it
for days without being able to solve it.

What do you do if your customer have a URL that has less than 4 parts?

Example: My domain name is example.com. If I have a www A record set in the
DNS, it will look for the files in /home/www/com/example/www/_/ (notice the
"_" at the end) when www.example.com is requested.

Now imagine that the guy wants his website accessible via http://example.com
as well. The URL only has 2 parts. Apache will look for the files in
/home/www/com/example/_/_/(notice the 2 "_" this time) when example.com is
requested.

Any solution?

Haim.

Re: Virtual Email Hosting, IMAP and LDAP - advise needed

2001-07-11 Thread Gerard MacNeil 

On 11 Jul 2001 16:48:00 +0200, Ramin Motakef <[EMAIL PROTECTED]> wrote:


> The next question:
> How do people organize the LDAP tree? 
> I´ ve searched around the Internet, found lot of infos on LDAP, but
> not a concrete example of LDAP driven email solution. So, if you have
> links, or like to share your setup, please respond.

Check this list's archives. It was discussed quite extensively a while back.


Gerard MacNeil
System Administrator


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Apache bandwith...

2001-07-11 Thread Przemyslaw Wegrzyn 

What's the best way to limit particulat 's bandwidth usage ?
I tried to use mod_throttle, but...

I didn't check it deeply yet, but I guess it only can insert delay between
subsequent request handling.
Each request itself is handled at full  bandwidth , isn't it ?
So it can only limit _average_ bandwidth usage ?

Is there any way to limit peak connection speed, not the average ?
Say, no more than 10 connections 10KB/s each, any time...

-=Czaj-nick=-

Re: Apache load ballancing

2001-07-11 Thread Przemyslaw Wegrzyn 


On Wed, 11 Jul 2001, staf wagemakers wrote:

> > I don't need persistent HTTP connections - I need persistent connections
> > from my web application. That's why I need each session to be continued on
> > the same host where it started.
> 
> That is exactly what LVS does, it even works with https, where it is 
> necessary that each session goes back to the same server.
> 
> You can find more info about LVS & persistence at 
> http://www.linuxvirtualserver.org/persistence.html

I'm just reading it right now, thanks for URL. I'm not sure if I
understand it well - it assigns client to particular real server on client
IP number basis ? If so, it can be quite unballanced sometimes...
Imagine large masqerading networks.
 
I need to check mod_backhand, do some benchmarks...
Anybody has done any such benchmarks ?

> or ask it at [EMAIL PROTECTED] if you dont believe me :-)

Well , I need to check archives, I think it can help :)
 
Thanx
-=Czaj-nick=-

RE: Recommended way to setup an encrypted tunnel (a VPN)

2001-07-11 Thread Jeremy Gaddis 

I said that IPSec was probably the "best" way because it's
a standard protocol, with companies such as Microsoft and
Cisco supporting it and it's supposed to be built into IPv6
if/when we ever see that.

As for how it compares, I have no idea.  FreeS/WAN is the
only implementation of IPSec I've used so I won't try to
say that it's better or worse than any other implementation.

j.

--
Jeremy L. Gaddis <[EMAIL PROTECTED]>

-Original Message-
From: Stephane Bortzmeyer [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 11, 2001 3:17 AM
To: Jeremy Gaddis
Cc: [EMAIL PROTECTED]
Subject: Re: Recommended way to setup an encrypted tunnel (a VPN)


On Tue, Jul 10, 2001 at 11:25:24AM -0500,
 Jeremy Gaddis <[EMAIL PROTECTED]> wrote
 a message of 42 lines which said:

> Using an IPSec VPN is probably the "best" way to do it.

Why? (This is a real question: I see *many* solutions but I wonder why
I would choose one above the others.)

> FreeS/WAN (http://www.freeswan.org) is a Linux implementation
> of IPSec, but it's not the easiest thing in the world to

How do you compare it to other IPsec implementations such as pipsecd?


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Virtual Email Hosting, IMAP and LDAP - advise needed

2001-07-11 Thread Ramin Motakef 

Hi,
first of all i am quite new to all this stuff, so if anything below is
plain stupid, please tell me. (RTFM wellcome).

What i want to do is hosting virtual email domains on one server,
which should be accessible by IMAP and/or POP3 Clients. This actually
already works with exim as MTA and courier for POP and IMAP.

First question: 
I have exim deliver the mails in maildir format to 
/var/spool/virtual// with permissions "mail:mail 600".
Courier uses auth-userdb, the usernames are of the form
. and all users have uid=gid=8 (mail).
Is this save or are there better ways to set the permissions/ids?

Now to the hard part:
I´ve heard (read) a lot of good thing things about LDAP, and having
all the infos at a central place sounds really fine to me. 

The next question:
How do people organize the LDAP tree? 
I´ ve searched around the Internet, found lot of infos on LDAP, but
not a concrete example of LDAP driven email solution. So, if you have
links, or like to share your setup, please respond.

Thanks,
Ramin  
   

  


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: which radius server?

2001-07-11 Thread Brian Johnston 

Try:

http://www.freeradius.org

They have cistron-radius in their ftp directory: ftp.freeradius.org/pub/radius/
And have quite a robust radius server (I use cistron-radius on all the ISP's I
admin that have portmasters)

Brian


On Tue, 10 Jul 2001 20:26:08 -0600, Vector said:

> Just wondering if there are any good open source and free radius servers out 
>there to use that work well on debian and what others are using to do radius with 
>their ISP's.  Thanks,
>  
>  vector
>  
>  
>  
>   --- Next Part --- 
>  
>  
>  
>  
>  
>  
>  
>  
>      Just wondering if there are any 
>  good open source and free radius servers out there to use that work well on 
>  debian and what others are using to do radius with their ISP's.  
>  Thanks,
>   
>  vector
>   
>  


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Virtual Hosting and the FHS

2001-07-11 Thread Haim Dimermanas 


> Why not use vhost_alias_module in Apache and something like the following:
> VirtualDocumentRoot /home/www/%-1/%-2/%-3/%-4+

I have one large problem with this solution and I have been working on it
for days without being able to solve it.

What do you do if your customer have a URL that has less than 4 parts?

Example: My domain name is example.com. If I have a www A record set in the
DNS, it will look for the files in /home/www/com/example/www/_/ (notice the
"_" at the end) when www.example.com is requested.

Now imagine that the guy wants his website accessible via http://example.com
as well. The URL only has 2 parts. Apache will look for the files in
/home/www/com/example/_/_/(notice the 2 "_" this time) when example.com is
requested.

Any solution?

Haim.


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: kernel misbehavior

2001-07-11 Thread Friedrich 
> {module_list} {module_list_R__ver_module_list}
> Warning: /boot/System.map-2.2.19 does not match kernel data.

Hi,

Make sure that when you have compiled a new kernel you also copy it's 
System.map 
file to /boot. I usually just copy it to /boot/System.map I don't know if this 
is 
the "correct" way but you do then have a System.map for the correct kernel. 
The System.map file is at the top of your kernel source tree after you have 
compiled the kernel. 

Thanks, Friedrich.

kernel misbehavior

2001-07-11 Thread Felipe Alvarez Harnecker 

Hia all,

i'm getting this:

{module_list} {module_list_R__ver_module_list}
Warning: /boot/System.map-2.2.19 does not match kernel data.

message after some commands, but the kernel image is exactly the same
as in other machine that don't do that. And that behavoir happend
after a couple of month of kernel intstallation.


Any hint ?

-- 
__

Felipe Alvarez Harnecker.  QlSoftware.

Tels. 665.99.41 - 09.874.60.17
e-mail: [EMAIL PROTECTED]

http://qlsoft.cl/
http://ql.cl/
__

Re: Apache load ballancing

2001-07-11 Thread staf wagemakers 
On Wed, Jul 11, 2001 at 10:54:36AM +0200, Przemyslaw Wegrzyn wrote:
> > LVS supports persistent connections ( see the webpage for more information)
> > which works well in most cases.
> 
> I don't need persistent HTTP connections - I need persistent connections
> from my web application. That's why I need each session to be continued on
> the same host where it started.

That is exactly what LVS does, it even works with https, where it is 
necessary that each session goes back to the same server.

You can find more info about LVS & persistence at 
http://www.linuxvirtualserver.org/persistence.html

or ask it at [EMAIL PROTECTED] if you dont believe me :-)

The LVS people are working on a level 7 virtualserver but I don't think 
it's very useable in his current state.

> > If it is a java application you could use tomcat/mod_jk which supports 
> > loabalancing.
> 
> I know :) But this is going to be mod_perl application.
> Maybe we will give JSP a try (actually I'm experimennting with it), but
> I'm afraid about it's performance - I need to do some testing.

I wouldn't use java, java is definally slower.

regards,

--
Staf Wagemakers

homepage:   http://www.stafwag.f2s.com
email:  [EMAIL PROTECTED]

Apache bandwith...

2001-07-11 Thread Przemyslaw Wegrzyn 


What's the best way to limit particulat 's bandwidth usage ?
I tried to use mod_throttle, but...

I didn't check it deeply yet, but I guess it only can insert delay between
subsequent request handling.
Each request itself is handled at full  bandwidth , isn't it ?
So it can only limit _average_ bandwidth usage ?

Is there any way to limit peak connection speed, not the average ?
Say, no more than 10 connections 10KB/s each, any time...

-=Czaj-nick=-



--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Apache load ballancing

2001-07-11 Thread Przemyslaw Wegrzyn 



On Wed, 11 Jul 2001, staf wagemakers wrote:

> > I don't need persistent HTTP connections - I need persistent connections
> > from my web application. That's why I need each session to be continued on
> > the same host where it started.
> 
> That is exactly what LVS does, it even works with https, where it is 
> necessary that each session goes back to the same server.
> 
> You can find more info about LVS & persistence at 
> http://www.linuxvirtualserver.org/persistence.html

I'm just reading it right now, thanks for URL. I'm not sure if I
understand it well - it assigns client to particular real server on client
IP number basis ? If so, it can be quite unballanced sometimes...
Imagine large masqerading networks.
 
I need to check mod_backhand, do some benchmarks...
Anybody has done any such benchmarks ?

> or ask it at [EMAIL PROTECTED] if you dont believe me :-)

Well , I need to check archives, I think it can help :)
 
Thanx
-=Czaj-nick=-


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: which radius server?

2001-07-11 Thread Russell Coker 
On Wed, 11 Jul 2001 09:04, Charl Matthee wrote:
> On Tue, Jul 10, 2001 at 08:26:08PM -0600, Vector wrote:
> > Just wondering if there are any good open source and free radius
> > servers out there to use that work well on debian and what others are
> > using to do radius with their ISP's.  Thanks,
>
> I can recommend Radiator by Open Systems Consultants
> [http://www.open.com.au/radiator/]. It is not a free piece of software but
> is well worth spending the $1,000 (AUD).
>
> It is very configurable and extensible
> [http://www.open.com.au/radiator/technical.html] (it is written in perl
> and can be extended using perl modules). You obviously also get the source
> when you buy it.

Last time I benchmarked Radiator I found it to have serious performance 
issues due to being single-threaded and being written in Perl.  On a moderate 
machine (Celery 400) it could only do about 40 RADIUS requests per second to 
an LDAP backend.  In contrast the Cistron or Livingstone servers could easily 
double that on half the hardware without the RADIUS server being a bottleneck.

Radiator might deliver OK performance for smaller sites, but if you have 
10,000 phone lines it won't do the job properly.  Also if you want to do 
non-standard things with RADIUS (IE using RADIUS for authentication of POP, 
login, etc), or if you want to use RADIUS for cable-TV authentication then it 
won't do.

On Wed, 11 Jul 2001 06:05, Craig Sanders wrote:
> cistron-radiusd is pretty good.
>
> it's certainly better than any of the other debian radiusd packages.

For some reason the FreeRADIUS package hasn't gone into unstable yet.  
FreeRADIUS is where it's at.  It supports SQL, LDAP, and other sources of 
back-end data.  It's all written in C and it's fully multi-threaded (with 
thread pooling).  It's written by the same people who did Cistron-RADIUS 
(amoung others).

FreeRADIUS might be considered experimental now, but it's the one everyone 
will be using in future.

-- 
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/   Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/ My home page

Re: Virtual Hosting and the FHS

2001-07-11 Thread Russell Coker 
On Wed, 11 Jul 2001 05:29, Craig Sanders wrote:
> whatever policy you decide on for your system, make it consistent...that
> will allow you to automate just about every aspect of creating or
> maintaining virtual hosts. e.g. because all vhosts are set up according
> to my policy, i only have to edit one line in one config file and
> run "make" to create or change any virtual host...a tedious job now
> takes only a few seconds with almost all chances for operator-error
> eliminated.

Why not use vhost_alias_module in Apache and something like the following:
VirtualDocumentRoot /home/www/%-1/%-2/%-3/%-4+

Then have the home directory for the main user be /home/www/au/com/company .  
Then the user can login through ftp, create a directory named "www" for 
storing the www.company.com.au site, then they could create a directory 
"sales" to create the sales.company.com.au site etc.  Then the only thing you 
need to solve is automatic creation of BIND configuration to match.

Then for the logging you can have the following at the start of the Apache 
config:
LogFormat "%V %h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\" %T"

Which allows you to produce a single log file with coherant information on 
all domains.  My logtools package has everything you need to split up and 
manipulate the log file generated.  I can supply some sample scripts (I'll 
put them in the next version of logtools) to automatically create webalizer 
stats for all domains dynamically.

-- 
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/   Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/ My home page

Re: kernel misbehavior

2001-07-11 Thread Friedrich 

> {module_list} {module_list_R__ver_module_list}
> Warning: /boot/System.map-2.2.19 does not match kernel data.

Hi,

Make sure that when you have compiled a new kernel you also copy it's System.map 
file to /boot. I usually just copy it to /boot/System.map I don't know if this is 
the "correct" way but you do then have a System.map for the correct kernel. 
The System.map file is at the top of your kernel source tree after you have 
compiled the kernel. 

Thanks, Friedrich.


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Apache load ballancing

2001-07-11 Thread staf wagemakers 

On Wed, Jul 11, 2001 at 10:54:36AM +0200, Przemyslaw Wegrzyn wrote:
> > LVS supports persistent connections ( see the webpage for more information)
> > which works well in most cases.
> 
> I don't need persistent HTTP connections - I need persistent connections
> from my web application. That's why I need each session to be continued on
> the same host where it started.

That is exactly what LVS does, it even works with https, where it is 
necessary that each session goes back to the same server.

You can find more info about LVS & persistence at 
http://www.linuxvirtualserver.org/persistence.html

or ask it at [EMAIL PROTECTED] if you dont believe me :-)

The LVS people are working on a level 7 virtualserver but I don't think 
it's very useable in his current state.

> > If it is a java application you could use tomcat/mod_jk which supports 
> > loabalancing.
> 
> I know :) But this is going to be mod_perl application.
> Maybe we will give JSP a try (actually I'm experimennting with it), but
> I'm afraid about it's performance - I need to do some testing.

I wouldn't use java, java is definally slower.

regards,

--
Staf Wagemakers

homepage:   http://www.stafwag.f2s.com
email:  [EMAIL PROTECTED]


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Virtual Hosting and the FHS

2001-07-11 Thread Russell Coker 

On Wed, 11 Jul 2001 05:29, Craig Sanders wrote:
> whatever policy you decide on for your system, make it consistent...that
> will allow you to automate just about every aspect of creating or
> maintaining virtual hosts. e.g. because all vhosts are set up according
> to my policy, i only have to edit one line in one config file and
> run "make" to create or change any virtual host...a tedious job now
> takes only a few seconds with almost all chances for operator-error
> eliminated.

Why not use vhost_alias_module in Apache and something like the following:
VirtualDocumentRoot /home/www/%-1/%-2/%-3/%-4+

Then have the home directory for the main user be /home/www/au/com/company .  
Then the user can login through ftp, create a directory named "www" for 
storing the www.company.com.au site, then they could create a directory 
"sales" to create the sales.company.com.au site etc.  Then the only thing you 
need to solve is automatic creation of BIND configuration to match.

Then for the logging you can have the following at the start of the Apache 
config:
LogFormat "%V %h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\" %T"

Which allows you to produce a single log file with coherant information on 
all domains.  My logtools package has everything you need to split up and 
manipulate the log file generated.  I can supply some sample scripts (I'll 
put them in the next version of logtools) to automatically create webalizer 
stats for all domains dynamically.

-- 
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/   Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/ My home page


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: which radius server?

2001-07-11 Thread Russell Coker 

On Wed, 11 Jul 2001 09:04, Charl Matthee wrote:
> On Tue, Jul 10, 2001 at 08:26:08PM -0600, Vector wrote:
> > Just wondering if there are any good open source and free radius
> > servers out there to use that work well on debian and what others are
> > using to do radius with their ISP's.  Thanks,
>
> I can recommend Radiator by Open Systems Consultants
> [http://www.open.com.au/radiator/]. It is not a free piece of software but
> is well worth spending the $1,000 (AUD).
>
> It is very configurable and extensible
> [http://www.open.com.au/radiator/technical.html] (it is written in perl
> and can be extended using perl modules). You obviously also get the source
> when you buy it.

Last time I benchmarked Radiator I found it to have serious performance 
issues due to being single-threaded and being written in Perl.  On a moderate 
machine (Celery 400) it could only do about 40 RADIUS requests per second to 
an LDAP backend.  In contrast the Cistron or Livingstone servers could easily 
double that on half the hardware without the RADIUS server being a bottleneck.

Radiator might deliver OK performance for smaller sites, but if you have 
10,000 phone lines it won't do the job properly.  Also if you want to do 
non-standard things with RADIUS (IE using RADIUS for authentication of POP, 
login, etc), or if you want to use RADIUS for cable-TV authentication then it 
won't do.

On Wed, 11 Jul 2001 06:05, Craig Sanders wrote:
> cistron-radiusd is pretty good.
>
> it's certainly better than any of the other debian radiusd packages.

For some reason the FreeRADIUS package hasn't gone into unstable yet.  
FreeRADIUS is where it's at.  It supports SQL, LDAP, and other sources of 
back-end data.  It's all written in C and it's fully multi-threaded (with 
thread pooling).  It's written by the same people who did Cistron-RADIUS 
(amoung others).

FreeRADIUS might be considered experimental now, but it's the one everyone 
will be using in future.

-- 
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/   Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/ My home page


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: zebra and bgp4

2001-07-11 Thread ya 
Hi,

We were using all debian potato with zebra as router for an ISP, it was
working fine, with full BGP table, all peers were cisco boxes and we
never experience problem.
The debian/zebra box support very well a lot of traffic, it learn the
full bgp tablme faster than a cisco and you got all the robustness of
debian.
The only problem we had was with the eepro100 ethernet nic.
Actually all the debian box were changed for cisco 7507 and 7206,
because we have a new network team that don't know linux and because the
'head' of he company decide to migrate to cisco.
So i can pretend that debian/zebra box work as well (even better to my
opinion) as cisco box.

Youri

"Fabrice Lorrain (home)" wrote:
> 
> Hi all,
> 
> How well does zebra get interfaced with cisco routers (using bgp4) ?
> 
> Any of you've done some bench and/or comparison in performance for
> a debian box + zebra + 2 fast ethernet NIC compared to an equivalent
> config with a cisco (3600 + 2 fast ethernet NIC for ex) ?
> 
> Thank's for the answers.
> 
> Fab
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

-- 
\
/ ^   _ \
   ( (o) (o) )   
+=oOOO=(_)=OOOo==+
|Albinovanus Youri   |
|System Administrator|
|email: [EMAIL PROTECTED]|
+=Oooo.==+
  .oooO   (   )
  (   )) /   
   \ ((_/
\_)

Re: Apache load ballancing

2001-07-11 Thread Przemyslaw Wegrzyn 


On Tue, 10 Jul 2001, ARAKI Yasuhiro wrote:

> Hello,
> 
> > session will come to the same machine in the cluster. This requires load
> > ballancing in 7th layer, so LVS doesn't help much. 
> 
> check libapache-mod-backhand.

Someone already pointed me on it in my private mail
. Looks _very_ interresting, I'm going to examine it this weekend probably
(ugh, lots of other work right now :( )
It has the ability to preserv host-to-session assignment in very
simple, nice way :)

-=Czaj-nick=-

Re: Apache load ballancing

2001-07-11 Thread Przemyslaw Wegrzyn 


On Tue, 10 Jul 2001, staf wagemakers wrote:

> LVS supports persistent connections ( see the webpage for more information)
> which works well in most cases.

I don't need persistent HTTP connections - I need persistent connections
from my web application. That's why I need each session to be continued on
the same host where it started.

> > The question is: are there any software level 7 ballancer available ? If
> > not, which hardware box would you recommend ?
> 
> If it is a java application you could use tomcat/mod_jk which supports 
> loabalancing.

I know :) But this is going to be mod_perl application.
Maybe we will give JSP a try (actually I'm experimennting with it), but
I'm afraid about it's performance - I need to do some testing.

-=Czaj-nick=-

Re: Apache load ballancing

2001-07-11 Thread Przemyslaw Wegrzyn 


On Tue, 10 Jul 2001, Eric Jennings wrote:

> >I need to build a scalable webserver based on Apache. I'm not sure yet if
> >the application requires persistent TCP connections. If so, it will
> >require that after starting session all subsequent HTTP request in this
> >session will come to the same machine in the cluster. This requires load
> >ballancing in 7th layer, so LVS doesn't help much.
> 
> 7th layer for sure?  I'd imagine that would only need to land in the 4th 
> Layer.
> 7th layer would be custom HTTP requests to test things like an 
> application servers, CGI scripts, or PHP scripts (7th layer == 
> application layer).

Nope - I need sessions opened on one of the servers to be continued on
this one. This requires digging into TCP stream and extracting session
IDs from cookies or URLs. And this is the 7th layer.

-=Czaj-nick=-

Re: zebra and bgp4

2001-07-11 Thread Stephane Bortzmeyer 
On Wed, Jul 11, 2001 at 12:17:54AM +0200,
 Fabrice Lorrain (home) <[EMAIL PROTECTED]> wrote 
 a message of 17 lines which said:

> How well does zebra get interfaced with cisco routers (using bgp4) ?

Gitoyen uses two PC/Debian, at our two POPs. Peers are Ciscos. zebra
is the sid version. Kernel is 2.4.x. Except for the eepro100 driver,
everything seems fine. The 100k routes are swallowed in two minutes
and 50 Mbytes of RAM are enough for the BGP process.

After that, forwarding works fine, although there is not a lot of
traffic yet. 

Since we are in the same country, we are may be at the same POP? (Ours
are Interxion/Sfinx and Telehouse2.)

Re: Recommended way to setup an encrypted tunnel (a VPN)

2001-07-11 Thread Stephane Bortzmeyer 
On Tue, Jul 10, 2001 at 11:25:24AM -0500,
 Jeremy Gaddis <[EMAIL PROTECTED]> wrote 
 a message of 42 lines which said:

> Using an IPSec VPN is probably the "best" way to do it.

Why? (This is a real question: I see *many* solutions but I wonder why
I would choose one above the others.)

> FreeS/WAN (http://www.freeswan.org) is a Linux implementation
> of IPSec, but it's not the easiest thing in the world to

How do you compare it to other IPsec implementations such as pipsecd?

Re: Recommended way to setup an encrypted tunnel (a VPN)

2001-07-11 Thread Stephane Bortzmeyer 
On Tue, Jul 10, 2001 at 01:05:48PM -0400,
 Theodore Knab <[EMAIL PROTECTED]> wrote 
 a message of 73 lines which said:

> If you want an easy way to setup IPsec, contact a network security consultant 
> that understands it. 

No, I don't want an easy way, I want opinions and pointers.

> If this is not feasible or you want to do it yourself, start reading.

I've found already many documents, which I mentioned in my first
message. The problem is that there is almost no comprehensive
comparison.
 
>   Here is an intro to VPN
>   http://www.synthcom.com/~val/cs510/termpaper.htm

Which does not even mention GRE or SSH+PPP...

Re: which radius server?

2001-07-11 Thread Charl Matthee 
On Tue, Jul 10, 2001 at 08:26:08PM -0600, Vector wrote:

> Just wondering if there are any good open source and free radius servers 
> out there to use that work well on debian and what others are using to do 
> radius with their ISP's.  Thanks,

I can recommend Radiator by Open Systems Consultants
[http://www.open.com.au/radiator/]. It is not a free piece of software but
is well worth spending the $1,000 (AUD).

It is very configurable and extensible 
[http://www.open.com.au/radiator/technical.html] (it is written in perl 
and can be extended using perl modules). You obviously also get the source 
when you buy it.


Ciao

Charl
__

The loon
Left me 
chuckling
In the 
mist
__

  [ Charl Matthee ] [ +27-11-721-3800 ]
  [ Reality Manufacturing ] [ +27-11-405-6508 ]
__

Re: zebra and bgp4

2001-07-11 Thread ya 

Hi,

We were using all debian potato with zebra as router for an ISP, it was
working fine, with full BGP table, all peers were cisco boxes and we
never experience problem.
The debian/zebra box support very well a lot of traffic, it learn the
full bgp tablme faster than a cisco and you got all the robustness of
debian.
The only problem we had was with the eepro100 ethernet nic.
Actually all the debian box were changed for cisco 7507 and 7206,
because we have a new network team that don't know linux and because the
'head' of he company decide to migrate to cisco.
So i can pretend that debian/zebra box work as well (even better to my
opinion) as cisco box.

Youri

"Fabrice Lorrain (home)" wrote:
> 
> Hi all,
> 
> How well does zebra get interfaced with cisco routers (using bgp4) ?
> 
> Any of you've done some bench and/or comparison in performance for
> a debian box + zebra + 2 fast ethernet NIC compared to an equivalent
> config with a cisco (3600 + 2 fast ethernet NIC for ex) ?
> 
> Thank's for the answers.
> 
> Fab
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

-- 
\
/ ^   _ \
   ( (o) (o) )   
+=oOOO=(_)=OOOo==+
|Albinovanus Youri   |
|System Administrator|
|email: [EMAIL PROTECTED]|
+=Oooo.==+
  .oooO   (   )
  (   )) /   
   \ ((_/
\_)


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Apache load ballancing

2001-07-11 Thread Przemyslaw Wegrzyn 



On Tue, 10 Jul 2001, ARAKI Yasuhiro wrote:

> Hello,
> 
> > session will come to the same machine in the cluster. This requires load
> > ballancing in 7th layer, so LVS doesn't help much. 
> 
> check libapache-mod-backhand.

Someone already pointed me on it in my private mail
. Looks _very_ interresting, I'm going to examine it this weekend probably
(ugh, lots of other work right now :( )
It has the ability to preserv host-to-session assignment in very
simple, nice way :)

-=Czaj-nick=-


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Apache load ballancing

2001-07-11 Thread Przemyslaw Wegrzyn 



On Tue, 10 Jul 2001, staf wagemakers wrote:

> LVS supports persistent connections ( see the webpage for more information)
> which works well in most cases.

I don't need persistent HTTP connections - I need persistent connections
from my web application. That's why I need each session to be continued on
the same host where it started.

> > The question is: are there any software level 7 ballancer available ? If
> > not, which hardware box would you recommend ?
> 
> If it is a java application you could use tomcat/mod_jk which supports 
> loabalancing.

I know :) But this is going to be mod_perl application.
Maybe we will give JSP a try (actually I'm experimennting with it), but
I'm afraid about it's performance - I need to do some testing.

-=Czaj-nick=-



--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Apache load ballancing

2001-07-11 Thread Przemyslaw Wegrzyn 



On Tue, 10 Jul 2001, Eric Jennings wrote:

> >I need to build a scalable webserver based on Apache. I'm not sure yet if
> >the application requires persistent TCP connections. If so, it will
> >require that after starting session all subsequent HTTP request in this
> >session will come to the same machine in the cluster. This requires load
> >ballancing in 7th layer, so LVS doesn't help much.
> 
> 7th layer for sure?  I'd imagine that would only need to land in the 4th Layer.
> 7th layer would be custom HTTP requests to test things like an 
> application servers, CGI scripts, or PHP scripts (7th layer == 
> application layer).

Nope - I need sessions opened on one of the servers to be continued on
this one. This requires digging into TCP stream and extracting session
IDs from cookies or URLs. And this is the 7th layer.

-=Czaj-nick=-


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: zebra and bgp4

2001-07-11 Thread Stephane Bortzmeyer 

On Wed, Jul 11, 2001 at 12:17:54AM +0200,
 Fabrice Lorrain (home) <[EMAIL PROTECTED]> wrote 
 a message of 17 lines which said:

> How well does zebra get interfaced with cisco routers (using bgp4) ?

Gitoyen uses two PC/Debian, at our two POPs. Peers are Ciscos. zebra
is the sid version. Kernel is 2.4.x. Except for the eepro100 driver,
everything seems fine. The 100k routes are swallowed in two minutes
and 50 Mbytes of RAM are enough for the BGP process.

After that, forwarding works fine, although there is not a lot of
traffic yet. 

Since we are in the same country, we are may be at the same POP? (Ours
are Interxion/Sfinx and Telehouse2.)


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Recommended way to setup an encrypted tunnel (a VPN)

2001-07-11 Thread Stephane Bortzmeyer 

On Tue, Jul 10, 2001 at 11:25:24AM -0500,
 Jeremy Gaddis <[EMAIL PROTECTED]> wrote 
 a message of 42 lines which said:

> Using an IPSec VPN is probably the "best" way to do it.

Why? (This is a real question: I see *many* solutions but I wonder why
I would choose one above the others.)

> FreeS/WAN (http://www.freeswan.org) is a Linux implementation
> of IPSec, but it's not the easiest thing in the world to

How do you compare it to other IPsec implementations such as pipsecd?


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Recommended way to setup an encrypted tunnel (a VPN)

2001-07-11 Thread Stephane Bortzmeyer 

On Tue, Jul 10, 2001 at 01:05:48PM -0400,
 Theodore Knab <[EMAIL PROTECTED]> wrote 
 a message of 73 lines which said:

> If you want an easy way to setup IPsec, contact a network security consultant that 
>understands it. 

No, I don't want an easy way, I want opinions and pointers.

> If this is not feasible or you want to do it yourself, start reading.

I've found already many documents, which I mentioned in my first
message. The problem is that there is almost no comprehensive
comparison.
 
>   Here is an intro to VPN
>   http://www.synthcom.com/~val/cs510/termpaper.htm

Which does not even mention GRE or SSH+PPP...




--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]