Re: RaiserFS via NFS
Marcel Hicking wrote: --Sunday, April 18, 2004 10:14:22 +0200 Michelle Konzack [EMAIL PROTECTED]: Am I right in that nobody on the list knows whether or not any advantage to running raiserFS is swallowed by NFS? RaiserFs is a realy fast filesystem for very much smal files Well, from bad experience: Reiser seems to have exactly to states: Working and dead. As long as it's working it's very nice. But once you experience problems there's nothing between those two. We had several machines (fortunately no customer systems) just dying with no trace of the source of the problem (RAID5-SCSI- hardware without any faults). They just suddenly died with filesystem error. With all machines we had no luck rebuilding the filesystem. Just out of couriosity I contacted several Linux support company (including SuSE as one of the major supporers of Reiser and the very helpful guys at Bytec) but none could help but most did second our experience with Reiser. But as usual, YMMV. Cheers, Marcel Well, certainly my mileage did vary with reiserfs. The only failiures that have ocurred here, are due to faulty hardware, and they don't happen that often. The last one got a bit nasty, it required a reiserfsck --rebuild-tree, it recovered almost everything (including a fsckd up superblock), and I was most impressed with the results. The rebuild tree process for the 340 G array, took about 2.5 hours. One recomendation is to always use the latest reiserfs-tools from upstream in case of need, as the developers are constantly improving them. José -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: RaiserFS via NFS
Marcel Hicking wrote: --Sunday, April 18, 2004 10:14:22 +0200 Michelle Konzack [EMAIL PROTECTED]: Am I right in that nobody on the list knows whether or not any advantage to running raiserFS is swallowed by NFS? RaiserFs is a realy fast filesystem for very much smal files Well, from bad experience: Reiser seems to have exactly to states: Working and dead. As long as it's working it's very nice. But once you experience problems there's nothing between those two. We had several machines (fortunately no customer systems) just dying with no trace of the source of the problem (RAID5-SCSI- hardware without any faults). They just suddenly died with filesystem error. With all machines we had no luck rebuilding the filesystem. Just out of couriosity I contacted several Linux support company (including SuSE as one of the major supporers of Reiser and the very helpful guys at Bytec) but none could help but most did second our experience with Reiser. But as usual, YMMV. Cheers, Marcel Well, certainly my mileage did vary with reiserfs. The only failiures that have ocurred here, are due to faulty hardware, and they don't happen that often. The last one got a bit nasty, it required a reiserfsck --rebuild-tree, it recovered almost everything (including a fsckd up superblock), and I was most impressed with the results. The rebuild tree process for the 340 G array, took about 2.5 hours. One recomendation is to always use the latest reiserfs-tools from upstream in case of need, as the developers are constantly improving them
Re: debian on HP proliant
Nathan Eric Norman wrote: On Fri, Jan 16, 2004 at 10:33:09AM -0500, Eric Sproul wrote: On Fri, 2004-01-16 at 10:15, Francis Tyers wrote: The onboard 'scsi' controller appears as a block device and not as a scsi device under linux. 01:03.0 RAID bus controller: Compaq Computer Corporation Smart Array 5i/532 (rev 01) i think it is... there is a driver in linux 2.4.x... The driver is called cciss, and supports the built in SmartArray controller as well as the higher-end optional RAID controllers like the 641/642. Look in /proc/driver/cciss/ccissX (where X is the controller number, usually '0' for the built-in) for some basic info. Devices attached to these controllers appear as /dev/cciss/cXdXpX c=controller # d=logical drive # p=partition # Thus the first partition on the first logical drive on the built-in controller is /dev/cciss/c0d0p1. Is anyone aware of a debian-installer image which supports cciss built in? The existing d-i supports cciss just fine, but as a module. The installer from woody has built-in support for the cciss controller on at least the Proliant DL 580 G2. It works smoothly, but lacks support for the default installed 3com gig-ethernet adapter (tg3 driver), once installed, I usually either copy a recent kernel source and compile whatever I need, or install an eepro100 (or other supported) card to finish. The trick is to install with the bf24 kernel: version 2.4.18. Check the help at the Woody CD install boot prompt. José PS. please reply to the list -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: debian on HP proliant
Nathan Eric Norman wrote: On Fri, Jan 16, 2004 at 10:33:09AM -0500, Eric Sproul wrote: On Fri, 2004-01-16 at 10:15, Francis Tyers wrote: The onboard 'scsi' controller appears as a block device and not as a scsi device under linux. 01:03.0 RAID bus controller: Compaq Computer Corporation Smart Array 5i/532 (rev 01) i think it is... there is a driver in linux 2.4.x... The driver is called cciss, and supports the built in SmartArray controller as well as the higher-end optional RAID controllers like the 641/642. Look in /proc/driver/cciss/ccissX (where X is the controller number, usually '0' for the built-in) for some basic info. Devices attached to these controllers appear as /dev/cciss/cXdXpX c=controller # d=logical drive # p=partition # Thus the first partition on the first logical drive on the built-in controller is /dev/cciss/c0d0p1. Is anyone aware of a debian-installer image which supports cciss built in? The existing d-i supports cciss just fine, but as a module. The installer from woody has built-in support for the cciss controller on at least the Proliant DL 580 G2. It works smoothly, but lacks support for the default installed 3com gig-ethernet adapter (tg3 driver), once installed, I usually either copy a recent kernel source and compile whatever I need, or install an eepro100 (or other supported) card to finish. The trick is to install with the bf24 kernel: version 2.4.18. Check the help at the Woody CD install boot prompt. José PS. please reply to the list
Re: bandwidth
Thankyou all that repplied. I live in Brazil, and here internet connection is still expensive. I'm going to get in touch with the only two backbone providers in my region and will ask for 1-2mbps links prices. -- Carlos -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: bandwidth
Thankyou all that repplied. I live in Brazil, and here internet connection is still expensive. I'm going to get in touch with the only two backbone providers in my region and will ask for 1-2mbps links prices. -- Carlos
bandwidth
Hi, I live in a building which has 96 apartments, all of them wired in a LAN. We have contracted an isp that connects our LAN to the internet with a radio link. As our contract is going to expire soon, and I know the new contract will be with higher prices, I'll try to propose a new locally administered solution to my neighbours, that will be a direct link to a local backbone, with our own local firewall/bandwidth sharing machine. My question is how much bandwidth should I ask for with my local backbone to provide such universe of almost 96 home computers with a reasonable internet access service? Thanks, -- Carlos
Re: bandwidth
* Leonardo Boselli [EMAIL PROTECTED] [12-04-2004 11:03]: What kind of traffic ? what kind of usage pattern ? Is allowable to throttle on peaks ? since there is now a link you should be able to know what is current As it's a home building I suppose most of the traffic is web browsing and email checking and most of the activity is at evening/night, when usually I note throtting on my downloads. -- Carlos
Re: Fixed (hardisk) device names?
Craig Sanders wrote: On Wed, Mar 31, 2004 at 07:54:19AM +0200, Arnd Vehling wrote: does anyone know how to fix the device name on a debian linux system? For example. If i have two IDE hardisks, the devices will be named like this. /dev/hda /dev/hdb If i now must remove the first harddisk (/dev/hda) the second (/dev/hdb) will be renamed to (/dev/hda) after the reboot. As i want /dev/hdb to be a mirror of /dev/hda and used as failover disk _without_ opening the case and tampering with the IDE bus setup, i want linux to keep the name /dev/hdb for the drive no matter what happens. huh? that's EXACTLY what linux does for IDE drives. the slave drive on the primary IDE controller will *always* be /dev/hdb, regardless of whether there is a master drive or not. /dev/hda - master drive on primary IDE controller /dev/hdb - slave drive on primary IDE controller /dev/hdc - master drive on secondary IDE controller /dev/hdd - slave drive on secondary IDE controller Is this possible? it's standard. Another question. How can i copy two identical discs _including_ the boot block? dd if=/dev/hda of=/dev/hdb doesnt do it don't use dd for that. set up a raid-1 mirror instead. it's easy to do, only about 5 minutes work. also, for performance and safety, put your second drive on a separate IDE controller. that way it will still work even if one IDE controller fails. e.g. have /dev/hda (primary IDE master) and /dev/hdc (secondary IDE master) rather than /dev/hda /dev/hdb. and there are no raw devices on linux AFAIK. /dev/hd? ARE the raw devices. craig In the bsdish slang, raw devices are character devices, so /dev/hd? are not exactly raw devices, but block devices. There's support for accessing harddisks as character devices, see: http://www.linuxdocs.org/HOWTOs/SCSI-2.4-HOWTO/rawdev.html José -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Fixed (hardisk) device names?
Craig Sanders wrote: On Wed, Mar 31, 2004 at 07:54:19AM +0200, Arnd Vehling wrote: does anyone know how to fix the device name on a debian linux system? For example. If i have two IDE hardisks, the devices will be named like this. /dev/hda /dev/hdb If i now must remove the first harddisk (/dev/hda) the second (/dev/hdb) will be renamed to (/dev/hda) after the reboot. As i want /dev/hdb to be a mirror of /dev/hda and used as failover disk _without_ opening the case and tampering with the IDE bus setup, i want linux to keep the name /dev/hdb for the drive no matter what happens. huh? that's EXACTLY what linux does for IDE drives. the slave drive on the primary IDE controller will *always* be /dev/hdb, regardless of whether there is a master drive or not. /dev/hda - master drive on primary IDE controller /dev/hdb - slave drive on primary IDE controller /dev/hdc - master drive on secondary IDE controller /dev/hdd - slave drive on secondary IDE controller Is this possible? it's standard. Another question. How can i copy two identical discs _including_ the boot block? dd if=/dev/hda of=/dev/hdb doesnt do it don't use dd for that. set up a raid-1 mirror instead. it's easy to do, only about 5 minutes work. also, for performance and safety, put your second drive on a separate IDE controller. that way it will still work even if one IDE controller fails. e.g. have /dev/hda (primary IDE master) and /dev/hdc (secondary IDE master) rather than /dev/hda /dev/hdb. and there are no raw devices on linux AFAIK. /dev/hd? ARE the raw devices. craig In the bsdish slang, raw devices are character devices, so /dev/hd? are not exactly raw devices, but block devices. There's support for accessing harddisks as character devices, see: http://www.linuxdocs.org/HOWTOs/SCSI-2.4-HOWTO/rawdev.html José
Re: Strabge LDAP problem
There's an explanation of this issue and some suggested workarounds on the (upstream) ldap-pam list, basically as finger knows nothing about ldap, it's better to substitute the 'finger' command with some perl/python/shell script that does the same but queries the ldap server directly. http://www.netsys.com/pamldap/2001/09/msg3.html I remember reading about a 'proper' solution to this issue, but can't find the thread on the list, anyway we've been using our own finger substitute for quite a long time with no problems. PS. Please reply to the list Michael Loftis wrote: augh disregard my last...sound slike you got that done. long day over here already. can you turn up debugging on your slapd? loglevel 256 or loglevel 512 are VERY helpful, they log what searches are run--one or both does i can't remember...this way you can find out whats up. --On Tuesday, March 23, 2004 23:06 -0500 Stephen Gran [EMAIL PROTECTED] wrote: Hello all, I am having the strangest LDAP issue. We recently migrated a network from a hodgepdge of system accounts to an all LDAP setup, with the exception of a few administrative accounts. All seems to be working well, except for one thing - finger. id returns the expected values, users can log in, mail gets accepted and delivered, everything I can think of to check works fine, except finger. Even stranger: finger -m $user returns expected results, although finger $user returns 'no such user'. Aha! I said - an indexing problem , or perhaps nscd. Responses coming back too slow for finger. Messed about with different indexing schemes (they are currently this: index gecos,cn,uid pres,eq,sub index homeDirectory,objectClass,loginshell,gidnumber,uidnumber pres,eq for an ldif of: dn: uid=$user,ou=People,dc=ccil,dc=org objectClass: top objectClass: ccilAccount objectClass: posixAccount objectClass: ccilAddress objectClass: ccilWorkAddress objectClass: ccilPerson cn: Some Guy uid: $user uidNumber: 11709 gidNumber: 100 homeDirectory: /home/u/$user l: Smalltown st: PA postalCode: 12345 userPassword:: secret loginShell: /bin/bash gecos: Some Guy pppAccess: TRUE emailAccess: TRUE registered: Oct 30 22:23:16 2001 street: 1224 Main St. bday: 01-02-03 telephoneNumber: 215-555-1212 education: College Graduate gender: Blank (names changed to protect the innocent)) Changing indexing options, running slapindex over and over, no help. By accident, I reran finger in my root session that was kept open as an I hope I don't hose something backup plan, and it worked. Now I start to think ACL's, nscd permissions, etc, but I see nothing out of the ordinary. We're using a pretty close to stock Debian config for all of this, with some minor tuning for indexing options and cache size, but that's about it. The ACL's are the stock ones, so I really don't know what's falling over here. Anybody have any ideas what to debug next? TIA, -- - | ,''`. Stephen Gran | | : :' : [EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`-http://www.debian.org | - -- Michael Loftis Modwest Sr. Systems Administrator Powerful, Affordable Web Hosting GPG/PGP -- 0xE736BD7E 5144 6A2D 977A 6651 DFBE 1462 E351 88B9 E736 BD7E -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Strabge LDAP problem
There's an explanation of this issue and some suggested workarounds on the (upstream) ldap-pam list, basically as finger knows nothing about ldap, it's better to substitute the 'finger' command with some perl/python/shell script that does the same but queries the ldap server directly. http://www.netsys.com/pamldap/2001/09/msg3.html I remember reading about a 'proper' solution to this issue, but can't find the thread on the list, anyway we've been using our own finger substitute for quite a long time with no problems. PS. Please reply to the list Michael Loftis wrote: augh disregard my last...sound slike you got that done. long day over here already. can you turn up debugging on your slapd? loglevel 256 or loglevel 512 are VERY helpful, they log what searches are run--one or both does i can't remember...this way you can find out whats up. --On Tuesday, March 23, 2004 23:06 -0500 Stephen Gran [EMAIL PROTECTED] wrote: Hello all, I am having the strangest LDAP issue. We recently migrated a network from a hodgepdge of system accounts to an all LDAP setup, with the exception of a few administrative accounts. All seems to be working well, except for one thing - finger. id returns the expected values, users can log in, mail gets accepted and delivered, everything I can think of to check works fine, except finger. Even stranger: finger -m $user returns expected results, although finger $user returns 'no such user'. Aha! I said - an indexing problem , or perhaps nscd. Responses coming back too slow for finger. Messed about with different indexing schemes (they are currently this: index gecos,cn,uid pres,eq,sub index homeDirectory,objectClass,loginshell,gidnumber,uidnumber pres,eq for an ldif of: dn: uid=$user,ou=People,dc=ccil,dc=org objectClass: top objectClass: ccilAccount objectClass: posixAccount objectClass: ccilAddress objectClass: ccilWorkAddress objectClass: ccilPerson cn: Some Guy uid: $user uidNumber: 11709 gidNumber: 100 homeDirectory: /home/u/$user l: Smalltown st: PA postalCode: 12345 userPassword:: secret loginShell: /bin/bash gecos: Some Guy pppAccess: TRUE emailAccess: TRUE registered: Oct 30 22:23:16 2001 street: 1224 Main St. bday: 01-02-03 telephoneNumber: 215-555-1212 education: College Graduate gender: Blank (names changed to protect the innocent)) Changing indexing options, running slapindex over and over, no help. By accident, I reran finger in my root session that was kept open as an I hope I don't hose something backup plan, and it worked. Now I start to think ACL's, nscd permissions, etc, but I see nothing out of the ordinary. We're using a pretty close to stock Debian config for all of this, with some minor tuning for indexing options and cache size, but that's about it. The ACL's are the stock ones, so I really don't know what's falling over here. Anybody have any ideas what to debug next? TIA, -- - | ,''`. Stephen Gran | | : :' : [EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`-http://www.debian.org | - -- Michael Loftis Modwest Sr. Systems Administrator Powerful, Affordable Web Hosting GPG/PGP -- 0xE736BD7E 5144 6A2D 977A 6651 DFBE 1462 E351 88B9 E736 BD7E
lire and it's messages
Hi all, I installed lire in woody, and configured it to report with html plus charts on squid and various other daemons, so far I assume it's working normally, for I receive the daily reports in my mailbox. The problem is, lire sends the images 'inline' and not as mime attachements. I'd rather wish it could generate the reports as actual files on the filesystem instead of mailing them. I've done a quick search on the docs, but couldn't find a way to do this. Any hints? José PS Please reply to the list. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
lire and it's messages
Hi all, I installed lire in woody, and configured it to report with html plus charts on squid and various other daemons, so far I assume it's working normally, for I receive the daily reports in my mailbox. The problem is, lire sends the images 'inline' and not as mime attachements. I'd rather wish it could generate the reports as actual files on the filesystem instead of mailing them. I've done a quick search on the docs, but couldn't find a way to do this. Any hints? José PS Please reply to the list.
Re: Best Authentikation and security against WarDriver
Michelle Konzack wrote: Hello Collegues, Now I have 17 Lucent ORINOCO COR/ROR and one Proxim MP.11a (54 MBit) Now my question: How can I block the Netzwork for all and do only allow to my Clients ? I know Win98 has already 'pptp' but Win95 and Macintosh ? In general, the Clients are using PCI/PCMCIA-Adaptors with ORINOCO GoldCards, because others are laking in Performance for this. There was someone which has sugested to install the pptpd... How secure is it ? Setting up pptp or ipsec would definitely be the most elegant solution, but alas it'd also be the most nightmarish to set up with so many different operating systems. The other solution I can think is authenticating users with a login/password in a caged firewalled environment, and after positive auth (via a web page), open up their connection to the network. There's an article discussing this on linux journal september 2003 issue, but it seems it's not available to the public: http://www.linuxjournal.com/modules.php?op=modloadname=NS-lj-issues/issue113file=index However, it deals with setting up software that does this trick, specifically NoCatAuth, which can be downloaded from: www.nocat.com José PS. Please reply to the list. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Best Authentikation and security against WarDriver
Michelle Konzack wrote: Hello Collegues, Now I have 17 Lucent ORINOCO COR/ROR and one Proxim MP.11a (54 MBit) Now my question: How can I block the Netzwork for all and do only allow to my Clients ? I know Win98 has already 'pptp' but Win95 and Macintosh ? In general, the Clients are using PCI/PCMCIA-Adaptors with ORINOCO GoldCards, because others are laking in Performance for this. There was someone which has sugested to install the pptpd... How secure is it ? Setting up pptp or ipsec would definitely be the most elegant solution, but alas it'd also be the most nightmarish to set up with so many different operating systems. The other solution I can think is authenticating users with a login/password in a caged firewalled environment, and after positive auth (via a web page), open up their connection to the network. There's an article discussing this on linux journal september 2003 issue, but it seems it's not available to the public: http://www.linuxjournal.com/modules.php?op=modloadname=NS-lj-issues/issue113file=index However, it deals with setting up software that does this trick, specifically NoCatAuth, which can be downloaded from: www.nocat.com José PS. Please reply to the list.
Re: Starting isp and going to use Debian
Nicolas Rueff wrote: Ainsi parla Chris Hoover le 52ème jour de l'an 2004: Me and some friends are looking into starting a local isp. My friends are networking experts with some linux experience and I am the linux expert with some networking experience. Anyway, my question is what software do most of you use? Obviously, we have decided to use Debian for our base os. However, what do most of you use for: 1. Webmail Imp. Works well. Really. 2. Imap/pop access Courier, definitely. Virtual-user based conf. 3. User management LDAP. 5. Drive usage control (i.e. user only get 10M for mail and 15M for web) Quota. Any other advice sould be appreciated. MTA: Postfix. I'll second his opinion on every point. And add the secure version of every protocol you offer, either natively or via stunnel. Plus, it may be good to have reiserfs and some sort of volume management layer (ie. LVM) preferably on hardware raid, to quickly increase (and maybe decrease?) storage on the boxes if needed, as well as as for allowing online hotswapping of damaged hard disks. This will increase the time the service goes uninterrupted and may even aid in structuring some service level agreements with your clients. Jose PS please reply to the list -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: protecting mail server from DOS
Lucas Albers wrote: Just recently I had my mail server swamped by a single virus machine that kept resending a virus message, ignoring my 5xx rejection code. Is it possbile to block this via an iptables smtp max connection throttle code? How do you handle this? Via iptables?, or via qmail/postfix/exim/sendmail internal coding? Does anyone else encounter this problem on a regular basis? How do you solve this? Check out http://www.spamshield.org/ a perl script that monitors the smtp's (like sendmail) logs for unusual events, and on a set amount of mail received from a single IP, takes action and informs via email, usually it sets up an invalid route to the offending spammer, effectively blocking any contact with that machine, but it can be configured to do anything. José PS please reply to the list -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: protecting mail server from DOS
Lucas Albers wrote: Just recently I had my mail server swamped by a single virus machine that kept resending a virus message, ignoring my 5xx rejection code. Is it possbile to block this via an iptables smtp max connection throttle code? How do you handle this? Via iptables?, or via qmail/postfix/exim/sendmail internal coding? Does anyone else encounter this problem on a regular basis? How do you solve this? Check out http://www.spamshield.org/ a perl script that monitors the smtp's (like sendmail) logs for unusual events, and on a set amount of mail received from a single IP, takes action and informs via email, usually it sets up an invalid route to the offending spammer, effectively blocking any contact with that machine, but it can be configured to do anything. José PS please reply to the list
Re: Debian and SAN support
George Georgalis wrote: On Tue, Feb 10, 2004 at 01:32:44PM -0700, Michael Loftis wrote: --On Tuesday, February 10, 2004 21:22 +0100 J.J. van Gorkum [EMAIL PROTECTED] wrote: Yes, a big one : NFS is non-atomic in it's writing... A write action to the (NFS) disk can be interrupted (normal behaviour in the NFS world). So when the software (even the disk driver) reports that the data is written to the disk there is a possibilitiy that this is not true That said we run about ten thousand web sites like this and rarely, if ever, have a problem. We have more problems with the caching of the inode status information and such producing incoherency than actual data incoherency. I'm building a system with 3 nodes across the country on dynamic dsl links (one of which may be intermitent and have 15% packet loss when up). since there is not much likelyhood any two sites will be in use at once (one person, multiple offices) I'm planning a daily rsync; but had wanted to do something more realtime. Any suggestions? // George Have a look at Coda Filesystem. It may come in handy especially with the intermitent node. http://www.coda.cs.cmu.edu/ José -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Imap imap-ssl pop3-ssl
Jonathan Matthews wrote: [Sorry for the cross-post - I think it's applicable to both -isp and -user.] I need to offer imap, imapssl and pop3ssl services. FWIW, imap would be localhost only, but -ssl services would be publically accessible. My reading thus far leads me towards Courier-imap with Exim 4 backported to stable so I can interface with ClamAV, but feel free to point out something important that I've missed. Do I need to have a different instance of the server running for each protocol? i.e. one listening on each port that the three services use as standard? Is there a server that would do the job with just one instance listening on all three ports? Would there be any advantages or disadvantages to this? I'm thinking locking/concurrency/that-sorta-thing. How do you deal with this situation? Are there any gotchas I need to know about? I'm guessing that using Maildirs will alleviate many of the problems that mboxes would create ... Any pointers/suggestions/cluebats appreciated! jc What we run here, is standard uw-imap and popa3d, with stunnel. Works like a charm. I know courier could handle everything with a single hand and half the overhead, maybe someday I'll migrate every mbox into maildir and set that up, but in the mean time, it does a pretty job. José PS please reply to debian-isp -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian and SAN support
George Georgalis wrote: On Tue, Feb 10, 2004 at 01:32:44PM -0700, Michael Loftis wrote: --On Tuesday, February 10, 2004 21:22 +0100 J.J. van Gorkum [EMAIL PROTECTED] wrote: Yes, a big one : NFS is non-atomic in it's writing... A write action to the (NFS) disk can be interrupted (normal behaviour in the NFS world). So when the software (even the disk driver) reports that the data is written to the disk there is a possibilitiy that this is not true That said we run about ten thousand web sites like this and rarely, if ever, have a problem. We have more problems with the caching of the inode status information and such producing incoherency than actual data incoherency. I'm building a system with 3 nodes across the country on dynamic dsl links (one of which may be intermitent and have 15% packet loss when up). since there is not much likelyhood any two sites will be in use at once (one person, multiple offices) I'm planning a daily rsync; but had wanted to do something more realtime. Any suggestions? // George Have a look at Coda Filesystem. It may come in handy especially with the intermitent node. http://www.coda.cs.cmu.edu/ José
Re: Imap imap-ssl pop3-ssl
Jonathan Matthews wrote: [Sorry for the cross-post - I think it's applicable to both -isp and -user.] I need to offer imap, imapssl and pop3ssl services. FWIW, imap would be localhost only, but -ssl services would be publically accessible. My reading thus far leads me towards Courier-imap with Exim 4 backported to stable so I can interface with ClamAV, but feel free to point out something important that I've missed. Do I need to have a different instance of the server running for each protocol? i.e. one listening on each port that the three services use as standard? Is there a server that would do the job with just one instance listening on all three ports? Would there be any advantages or disadvantages to this? I'm thinking locking/concurrency/that-sorta-thing. How do you deal with this situation? Are there any gotchas I need to know about? I'm guessing that using Maildirs will alleviate many of the problems that mboxes would create ... Any pointers/suggestions/cluebats appreciated! jc What we run here, is standard uw-imap and popa3d, with stunnel. Works like a charm. I know courier could handle everything with a single hand and half the overhead, maybe someday I'll migrate every mbox into maildir and set that up, but in the mean time, it does a pretty job. José PS please reply to debian-isp
Re: I/O performance issues on 2.4.23 SMP system
Mark Ferlatte wrote: Benjamin Sherman said on Wed, Jan 28, 2004 at 03:16:56PM -0600: I've got some machines in nearly the same configuration. What I ended up doing was to put an `append=mem=1G' in the lilo.conf boot stanza for the kernel I was using, and rebooted the machine in question. This does reduce the available memory in the machine to 1GB, but solves the IO problem. In my case, it was much faster, even though MySQL couldn't buffer nearly as much as with 4GB. Thanks, Mark. I will probably try this with 3GB instead of 1GB. Did you try that? Yes; it didn't work. The problem (bug) is that block device IO has to go through buffers that are below 1GB. The memory manager doesn't know this, so what happens is that the IO layer requests a block of memory below 1GB, and the swapout daemon (kswapd) then runs around like a madman trying to free pages, instead of shuffling pages that don't need to be below 1GB to higher memory addresses. Since many of the pages below 1GB can't be freed (they belong to active programs), the IO starves. With 1GB of memory, both the IO layer and the swapout daemon are working with the same view of memory, so the bug is concealed, and performance is good. I have heard of people trying 2GB, and having it work, but it didn't for me. M Is this problem specific to the 3ware cards? does anyone know of any issues with the Highpoint 1640 SATA RAID cards? Any experience or recomendations with these? Which is the best SATA raid card for linux at the moment? Thanks José PS. please reply to the list. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: I/O performance issues on 2.4.23 SMP system
Mark Ferlatte wrote: Benjamin Sherman said on Wed, Jan 28, 2004 at 03:16:56PM -0600: I've got some machines in nearly the same configuration. What I ended up doing was to put an `append=mem=1G' in the lilo.conf boot stanza for the kernel I was using, and rebooted the machine in question. This does reduce the available memory in the machine to 1GB, but solves the IO problem. In my case, it was much faster, even though MySQL couldn't buffer nearly as much as with 4GB. Thanks, Mark. I will probably try this with 3GB instead of 1GB. Did you try that? Yes; it didn't work. The problem (bug) is that block device IO has to go through buffers that are below 1GB. The memory manager doesn't know this, so what happens is that the IO layer requests a block of memory below 1GB, and the swapout daemon (kswapd) then runs around like a madman trying to free pages, instead of shuffling pages that don't need to be below 1GB to higher memory addresses. Since many of the pages below 1GB can't be freed (they belong to active programs), the IO starves. With 1GB of memory, both the IO layer and the swapout daemon are working with the same view of memory, so the bug is concealed, and performance is good. I have heard of people trying 2GB, and having it work, but it didn't for me. M Is this problem specific to the 3ware cards? does anyone know of any issues with the Highpoint 1640 SATA RAID cards? Any experience or recomendations with these? Which is the best SATA raid card for linux at the moment? Thanks José PS. please reply to the list.
Re: FreeBSD/ Redhat / Debian
Peter wrote: On Mon, 19 Jan 2004 21:00:18 +0100, in linux.debian.isp you wrote: I will be new user of Debian. For quick tour I want to learn and I want to get your advise about Comparing other OS with Debian . well, three really bad kernel bugs and now on 2.6 kernel so many new things - in 2004 linux administrators will have to follow security mailing lists very closely. it will be a time consuming job to update kernels every x weeks. It's not only when kernel bugs appear, that admins have to follow security lists very closely, it's just about everytime. As for the time consuming job part, it may be so, if your hardware is something like a pentium mmx, nowadays it takes less than 3 or 4 minutes to recompile a 2.4, and maybe other 3 or 4 mins. from reboot to login prompt. Also you will have to be a security expert to get a secured system, as neither debian nor redhat kernels are hardened out of the box. maybe it´s better to take a look at adamantix.org, that is based on debian. I'd partially disagree on this one. There is no such thing as a 'secured system'. Security is a relative thing, not an absolute one. I believe that if the common debian admins keep their systems up to date with the latest security patches released by debian, they'll deter probably 99% of the available exploits. The remaining 1% would fall on the unpublished exploits or those which are 'work in progress', and thus only targeted and crafted for the high profile sites which should have a security expert in their payroll anyway. On the other hand, it certainly adds comfort to have a buffer-over-underrun-proof kernel running on the server. if freebsd is in your choice, take a deeper look into it. seems to be much more developed. better jail solution, especially interesting for webhosting. Better accounting, better filesystem. What exactly is developed? *BSD is certainly based in a much older code base than linux, but at this point in time, I'd say that most of the cutting edge stuff is happening more on the linux side of the free unixes (hardware support, filesystems, clustering, virtualization, etc), also linux has had for quite a while now, a much broader base of _developers_ (google for the cathedral and the bazaar). Is UFS a better filesystem than ext2 in terms of robustness and speed? *maybe*. Better than Reiserfs?hardly. that´s how it appears to me. i have average admin knowledge and judge only on one thing: how much time does it cost to keep the system running. Linux was to expensive last year. Peter Also, these are just my opinions. We used to serve everything here for ~8k users (email, web hosting, web caching, etc.) on FreeBSD, these were the 2.x-3.x 'make world for update' times. Since some 4 years now we grown to ~11k users, and everything runs on Debian and that's just because of the quality that maintainers put on their packages and the the distro in general, and the consequent ease for updating, securing, and managing debian servers. Jose -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: FreeBSD/ Redhat / Debian
Peter wrote: On Mon, 19 Jan 2004 21:00:18 +0100, in linux.debian.isp you wrote: I will be new user of Debian. For quick tour I want to learn and I want to get your advise about Comparing other OS with Debian . well, three really bad kernel bugs and now on 2.6 kernel so many new things - in 2004 linux administrators will have to follow security mailing lists very closely. it will be a time consuming job to update kernels every x weeks. It's not only when kernel bugs appear, that admins have to follow security lists very closely, it's just about everytime. As for the time consuming job part, it may be so, if your hardware is something like a pentium mmx, nowadays it takes less than 3 or 4 minutes to recompile a 2.4, and maybe other 3 or 4 mins. from reboot to login prompt. Also you will have to be a security expert to get a secured system, as neither debian nor redhat kernels are hardened out of the box. maybe it´s better to take a look at adamantix.org, that is based on debian. I'd partially disagree on this one. There is no such thing as a 'secured system'. Security is a relative thing, not an absolute one. I believe that if the common debian admins keep their systems up to date with the latest security patches released by debian, they'll deter probably 99% of the available exploits. The remaining 1% would fall on the unpublished exploits or those which are 'work in progress', and thus only targeted and crafted for the high profile sites which should have a security expert in their payroll anyway. On the other hand, it certainly adds comfort to have a buffer-over-underrun-proof kernel running on the server. if freebsd is in your choice, take a deeper look into it. seems to be much more developed. better jail solution, especially interesting for webhosting. Better accounting, better filesystem. What exactly is developed? *BSD is certainly based in a much older code base than linux, but at this point in time, I'd say that most of the cutting edge stuff is happening more on the linux side of the free unixes (hardware support, filesystems, clustering, virtualization, etc), also linux has had for quite a while now, a much broader base of _developers_ (google for the cathedral and the bazaar). Is UFS a better filesystem than ext2 in terms of robustness and speed? *maybe*. Better than Reiserfs?hardly. that´s how it appears to me. i have average admin knowledge and judge only on one thing: how much time does it cost to keep the system running. Linux was to expensive last year. Peter Also, these are just my opinions. We used to serve everything here for ~8k users (email, web hosting, web caching, etc.) on FreeBSD, these were the 2.x-3.x 'make world for update' times. Since some 4 years now we grown to ~11k users, and everything runs on Debian and that's just because of the quality that maintainers put on their packages and the the distro in general, and the consequent ease for updating, securing, and managing debian servers. Jose
Re: postfix with SASL over PAM
Hi Rodi, Postfix is not in a chroot jail, and (I forgot to mention this) the user posftix is in the shadow group. Google only has questions on this subject, but not many answers... :( Thanks R.M. Evers wrote: Hi Jose, Maybe your smtpd (smtp/smtps) is chrooted? Check your master.cf for this. And for shadow auth you probably also have to add postfix to the shadow group.. Hope this helps :) Regards, -Rodi On Fri, 2003-08-29 at 00:19, Jose Alberto Guzman wrote: I'm trying to get posfix authenticate (for relaying purposes) users with SASL via PAM on woody. I've installed posftix, posftix-tls, libsasl and it´s modules. Following the READMEs, I can see that postfix does support SASL auth LOGIN and PLAIN mechanisms: 220 mybox.over.here ESMTP Postfix (Debian/GNU) EHLO localhost 250-mybox.over.here 250-PIPELINING 250-SIZE 1024 250-VRFY 250-ETRN 250-AUTH GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN PLAIN 250-XVERP 250 8BITMIME But when I try to authenticate with plain (base64 encoded: 'user\0user\0password'), posfix complains with : postfix/smtpd[2134]: connect from localhost[127.0.0.1] postfix/smtpd[2134]: PAM _pam_init_handlers: could not open /etc/pam.conf postfix/smtpd[2134]: PAM pam_start: failed to initialize handlers postfix/smtpd[2134]: warning: localhost[127.0.0.1]: SASL PLAIN authentication failed I've added the following lines to my working postfix's main.cf: smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = check_relay_domains permit_mynetworks permit_sasl_authenticated And /etc/pam.d/smtp looks like: #%PAM-1.0 auth required pam_nologin.so auth required pam_unix.so auth required pam_env.so accountrequired pam_unix.so sessionrequired pam_unix.so sessionrequired pam_limits.so To be on the safe side, I also added the following lines to /etc/pam.conf smtpauth required pam_nologin.so smtpauth required pam_unix.so smtpauth required pam_env.so smtpaccountrequired pam_unix.so smtpsessionrequired pam_unix.so smtpsessionrequired pam_limits.so Both pam files are world readable. Also, the file /etc/postfix/sasl/smtpd.conf contains: pwcheck_method: pam and it's perms are: 0644 With sasl over shadow, it just warns: SASL PLAIN authentication failed. Has anyone managed to get woody's postfix to authenticate with sasl over pam? Thanks in advance José -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
postfix with SASL over PAM
I'm trying to get posfix authenticate (for relaying purposes) users with SASL via PAM on woody. I've installed posftix, posftix-tls, libsasl and it´s modules. Following the READMEs, I can see that postfix does support SASL auth LOGIN and PLAIN mechanisms: 220 mybox.over.here ESMTP Postfix (Debian/GNU) EHLO localhost 250-mybox.over.here 250-PIPELINING 250-SIZE 1024 250-VRFY 250-ETRN 250-AUTH GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN PLAIN 250-XVERP 250 8BITMIME But when I try to authenticate with plain (base64 encoded: 'user\0user\0password'), posfix complains with : postfix/smtpd[2134]: connect from localhost[127.0.0.1] postfix/smtpd[2134]: PAM _pam_init_handlers: could not open /etc/pam.conf postfix/smtpd[2134]: PAM pam_start: failed to initialize handlers postfix/smtpd[2134]: warning: localhost[127.0.0.1]: SASL PLAIN authentication failed I've added the following lines to my working postfix's main.cf: smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = check_relay_domains permit_mynetworks permit_sasl_authenticated And /etc/pam.d/smtp looks like: #%PAM-1.0 auth required pam_nologin.so auth required pam_unix.so auth required pam_env.so accountrequired pam_unix.so sessionrequired pam_unix.so sessionrequired pam_limits.so To be on the safe side, I also added the following lines to /etc/pam.conf smtpauth required pam_nologin.so smtpauth required pam_unix.so smtpauth required pam_env.so smtpaccountrequired pam_unix.so smtpsessionrequired pam_unix.so smtpsessionrequired pam_limits.so Both pam files are world readable. Also, the file /etc/postfix/sasl/smtpd.conf contains: pwcheck_method: pam and it's perms are: 0644 With sasl over shadow, it just warns: SASL PLAIN authentication failed. Has anyone managed to get woody's postfix to authenticate with sasl over pam? Thanks in advance José -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
ISP docs
Hello! I already work with debian servers, but I never setuped ISP servers. Now, I need to do it. It hardware configuration is 1 RAS Cyclades, 1 Router Cyclades, 1 P4 that must to run the services (http, ftp, DNS, Radius, etc). Can you recommend general hardware/software documentation for linux ISPs (RAS,Wireless,multiserials,etc)? I read ISP-Setup-RedHat-HOWTO but it give just a restrict notion about ISPs. Thank you Tom -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Documentation
Hello! I already work with debian servers, but I never setuped ISP servers. Now, I need to do it. Can you recommend general hardware/software documentation for linux ISPs (RAS,Wireless,multiserials,etc) ?. I read ISP-Setup-RedHat-HOWTO but it give just a restrict notion about ISPs. Thank you Tom -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Documentation
Hello! I already work with debian servers, but I never setuped ISP servers. Now, I need to do it. Can you recommend general hardware/software documentation for linux ISPs (RAS,Wireless,multiserials,etc) ?. I read ISP-Setup-RedHat-HOWTO but it give just a restrict notion about ISPs. Thank you Tom
best socks setup
Hi everyone, I'm in need to implement a socks proxy for a few machines in the LAN, currently we have a somewhat tight firewall and a squid proxy for http/ftp access, and need to reach content from realnetworks protocols in servers that don't stream in http. Searching in dselect, I find the tsocks and socks 4.3 options are available in woody. In your experience, what's the cleanest and most secure way to implement socks in a LAN ? Thanks in advance José -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
best socks setup
Hi everyone, I'm in need to implement a socks proxy for a few machines in the LAN, currently we have a somewhat tight firewall and a squid proxy for http/ftp access, and need to reach content from realnetworks protocols in servers that don't stream in http. Searching in dselect, I find the tsocks and socks 4.3 options are available in woody. In your experience, what's the cleanest and most secure way to implement socks in a LAN ? Thanks in advance José
traffic reporter
I need to implement traffic shaper in my net but must get info on what traffic is eating up more bw. What traffic sniffers/reporters have you played with or can recomend or comment on? (preferably with HTML/graphic output). Thanks -- Jose
disabling reverse map of addresses
Hi all Anyone knows how to disable reverse lookup of IP addresses in sshd et al? I've got a box connected to the net with a dynamic IP and dynamic dns service, and the wait time for ssh to present a prompt after not finding a reverse map for a given address is kind of annoying... Thanks -- José
Re: Fw: Problems with lost packets
- Original Message - From: nn [EMAIL PROTECTED] To: Alberto Rodríguez [EMAIL PROTECTED] Sent: Wednesday, April 24, 2002 8:47 PM Subject: Re: Fw: Problems with lost packets Quoting Alberto Rodríguez [EMAIL PROTECTED]: OK, I understand. -Which ADSL driver do you use under linux ? I havent't got any, my adsl machine is an external router adsl which is conected by an ethernet nic to the computer. It's a 3com 812. -do you have a noisy line ? Do you have ADSL phone filters for all your phones Well... not, on this adsl-line aren`t phones, and it have got a splitter which slipt date and voice. or fax machine ? Ok, yes, we have a fax machine on this line. Perhaps It's the problem, but so I don't understand the reason because I can work from the firewall (which is a potato-debian-linux machine with kernel 2.2.17), and I can't work from the server properly (which is a potato-debian-linux with kernel 2.4.17 and support for xfs filesystem). both of them (Server and Firewall) and the router-adsl are all conected to a switch. Perhaps, the problem is between adsl conection and the kernel 2.4.17? In anyway, yesterday I conected the server to another machine ( on my house ) who has a ppp conection by modem, and there, the server works succesfully. In fact I have updated with apt-get the potato release of debian ( about 33 megas) from this poor conection. -do you use IPTABLES as firewall under linux ? Do you have rules for ICMP traffic ? No, I use Ipchains as firewall under linux only in the Firewall-machine. And I'm sure that I haven't any rule for ICMP packets. Do you think the problem is on the adsl-line? Do you think is an incompatibiliy problem between kernel 2.4.17 and fax or noises on the line? - Original Message - From: nn [EMAIL PROTECTED] To: Alberto Rodríguez [EMAIL PROTECTED] Sent: Wednesday, April 24, 2002 7:07 PM Subject: Re: Fw: Problems with lost packets ok but your windows boxes MUST send correct sized packets WHEN these packets are destination TO the internet. Example : connection to www.yahoo.com from your windows machine : Yes but the problem is not with a windows machine! The problem is with a debian-linux machine linux-server-machine -- Linux-firewall-machine-- internet -- yahoo.com The problem is when I ping from linux-server-machine to Internet, not when I ping from a windows to internet. Do you understand? windows machine -- Linux Box -- internet - Yahoo.com Your windows packets must be sized correctly. please read articles http://www.dslreports.com/ Quoting Alberto Rodríguez [EMAIL PROTECTED]: - Original Message - From: [EMAIL PROTECTED] To: Alberto Rodríguez [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, April 24, 2002 6:28 PM Subject: Re: Fw: Problems with lost packets Try to set the MTU parameters correctly under your windows boxes. I can't understand, since the server is a linux-debian box not a windows box. stef Quoting Alberto Rodríguez [EMAIL PROTECTED]: Hello, I'm having problems with packets from internet. I have a little network. theare are a firewall which masquerade all paquets. Now I have a server for web, email etc... The firewall have a adsl line. theare are about 10 windows machines which use internet conection by the firewall. All these machines ( the windows ones) use full internet without problems. But the server have a big problem whit packets... For instance, if I write ping www.gulic.org from the server, I get the follow: ping www.gulic.org PING www.gulic.org (193.145.135.17): 56 data bytes 64 bytes from 193.145.135.17: icmp_seq=0 ttl=237 time=157.7 ms 64 bytes from 193.145.135.17: icmp_seq=1 ttl=237 time=465.3 ms and I only can receive one or two response to the ping, after Ctrl+C I get the follow: --- www.gulic.org ping statistics --- 9 packets transmitted, 2 packets received, 77% packet loss round-trip min/avg/max = 157.7/311.5/465.3 ms The problem is only if I ping to a exterior IP. If I ping to an internal one, the response of ping is normal: ping 10.0.0.64 PING 10.0.0.64 (10.0.0.64): 56 data bytes 64 bytes from 10.0.0.64: icmp_seq=0 ttl=128 time=0.7 ms 64 bytes from 10.0.0.64: icmp_seq=1 ttl=128 time=0.6 ms 64 bytes from 10.0.0.64: icmp_seq=2 ttl=128 time=0.7 ms 64 bytes from 10.0.0.64: icmp_seq=3 ttl=128 time=0.7 ms 64 bytes from 10.0.0.64: icmp_seq=4 ttl=128 time=0.7 ms 64 bytes from 10.0.0.64: icmp_seq=5 ttl=128 time=0.7 ms 64 bytes from 10.0.0.64: icmp_seq=6 ttl=128 time=0.7 ms --- 10.0.0.64 ping statistics
Re: Fw: Problems with lost packets
- Original Message - From: Vincent Meoc [EMAIL PROTECTED] To: Alberto Rodríguez [EMAIL PROTECTED] Sent: Thursday, April 25, 2002 8:19 AM Subject: Re: Fw: Problems with lost packets Try to clean your physical ADSL connection (the phone plug), maybe there are dust. Ok, but if it were the problem, neither the Firewal-linux-debian-kernel-2.2.17-machine and windows box machines should work properly, don`t you? On Wed, Apr 24, 2002 at 06:21:44PM +0100, Alberto Rodríguez wrote: Hello, I'm having problems with packets from internet. I have a little network. theare are a firewall which masquerade all paquets. Now I have a server for web, email etc... The firewall have a adsl line. theare are about 10 windows machines which use internet conection by the firewall. All these machines ( the windows ones) use full internet without problems. But the server have a big problem whit packets... For instance, if I write ping www.gulic.org from the server, I get the follow: ping www.gulic.org PING www.gulic.org (193.145.135.17): 56 data bytes 64 bytes from 193.145.135.17: icmp_seq=0 ttl=237 time=157.7 ms 64 bytes from 193.145.135.17: icmp_seq=1 ttl=237 time=465.3 ms and I only can receive one or two response to the ping, after Ctrl+C I get the follow: --- www.gulic.org ping statistics --- 9 packets transmitted, 2 packets received, 77% packet loss round-trip min/avg/max = 157.7/311.5/465.3 ms The problem is only if I ping to a exterior IP. If I ping to an internal one, the response of ping is normal: ping 10.0.0.64 PING 10.0.0.64 (10.0.0.64): 56 data bytes 64 bytes from 10.0.0.64: icmp_seq=0 ttl=128 time=0.7 ms 64 bytes from 10.0.0.64: icmp_seq=1 ttl=128 time=0.6 ms 64 bytes from 10.0.0.64: icmp_seq=2 ttl=128 time=0.7 ms 64 bytes from 10.0.0.64: icmp_seq=3 ttl=128 time=0.7 ms 64 bytes from 10.0.0.64: icmp_seq=4 ttl=128 time=0.7 ms 64 bytes from 10.0.0.64: icmp_seq=5 ttl=128 time=0.7 ms 64 bytes from 10.0.0.64: icmp_seq=6 ttl=128 time=0.7 ms --- 10.0.0.64 ping statistics --- 7 packets transmitted, 7 packets received, 0% packet loss round-trip min/avg/max = 0.6/0.6/0.7 ms servidor:~# The server have a pci ethernet with the 8029 realtek chip. The server have a 2.4.18 kernel with xfs journaling support. The irq of the ethernet is 10 and is shared with the usb port. Could anyone help me with this problem? Sorry for my bad English and thanks in advance. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Vincent Meoc Administrateur système et réseau DUKE - Digital Age Agency T : 01 53 44 19 00 F : 01 53 44 19 21 e-mail : [EMAIL PROTECTED] www.duke-interactive.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Fw: Problems with lost packets
Hello, I'm having problems with packets from internet. I have a little network. theare are a firewall which masquerade all paquets. Now I have a server for web, email etc... The firewall have a adsl line. theare are about 10 windows machines which use internet conection by the firewall. All these machines ( the windows ones) use full internet without problems. But the server have a big problem whit packets... For instance, if I write ping www.gulic.org from the server, I get the follow: ping www.gulic.org PING www.gulic.org (193.145.135.17): 56 data bytes 64 bytes from 193.145.135.17: icmp_seq=0 ttl=237 time=157.7 ms 64 bytes from 193.145.135.17: icmp_seq=1 ttl=237 time=465.3 ms and I only can receive one or two response to the ping, after Ctrl+C I get the follow: --- www.gulic.org ping statistics --- 9 packets transmitted, 2 packets received, 77% packet loss round-trip min/avg/max = 157.7/311.5/465.3 ms The problem is only if I ping to a exterior IP. If I ping to an internal one, the response of ping is normal: ping 10.0.0.64 PING 10.0.0.64 (10.0.0.64): 56 data bytes 64 bytes from 10.0.0.64: icmp_seq=0 ttl=128 time=0.7 ms 64 bytes from 10.0.0.64: icmp_seq=1 ttl=128 time=0.6 ms 64 bytes from 10.0.0.64: icmp_seq=2 ttl=128 time=0.7 ms 64 bytes from 10.0.0.64: icmp_seq=3 ttl=128 time=0.7 ms 64 bytes from 10.0.0.64: icmp_seq=4 ttl=128 time=0.7 ms 64 bytes from 10.0.0.64: icmp_seq=5 ttl=128 time=0.7 ms 64 bytes from 10.0.0.64: icmp_seq=6 ttl=128 time=0.7 ms --- 10.0.0.64 ping statistics --- 7 packets transmitted, 7 packets received, 0% packet loss round-trip min/avg/max = 0.6/0.6/0.7 ms servidor:~# The server have a pci ethernet with the 8029 realtek chip. The server have a 2.4.18 kernel with xfs journaling support. The irq of the ethernet is 10 and is shared with the usb port. Could anyone help me with this problem? Sorry for my bad English and thanks in advance. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Software VS Hardware Raid
Russell Coker wrote: On Wed, 30 Jan 2002 17:54, [EMAIL PROTECTED] wrote: detected the drive, but during the part that lilo: is supposed to come up, nothing did. The disk kept grinding and grinding, and eventually asked for a floppy. I was hoping that the 2nd, working drive in the raid array would kick in any moment, but that didn't happen. Everything stalled right there. Lilo would have to know about your RAID setup (and of course it doesn't), that's why it's not recommended to use software RAID on the root partition. Who recommends that you don't use software RAID on the root file system? Not me (lilo maintainer and user of this), not the lilo author, not the software RAID kernel maintainer. Sorry, I'm not up to date on the newest features of LILO (it's cool that is supports SW/RAID now, btw), I stated this because of what I read on the Software-RAID-HOWTO. http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/Software-RAID-HOWTO.html 'The latest official lilo distribution (Version 21) doesn't handle RAID devices, and thus the kernel cannot be loaded at boot-time from a RAID device. If you use this version, your |/boot| filesystem will have to reside on a non-RAID device. A way to ensure that your system boots no matter what is, to create similar |/boot| partitions on all drives in your RAID, that way the BIOS can always load data from eg. the first drive available. This requires that you do not boot with a failed disk in your system.' It is stated there also that you can boot root RAID filesystems, but it requires some tweaking (applying some RedHat patches to lilo, installing on a spare disk, then copying the installation on the RAID fs...), which is less straightforward than having the / partition on a normal device. Btw, while searching for the howto, I found several of them dealing with the issue: http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/Root-RAID-HOWTO.html http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/Boot+Root+Raid+LILO.html I'd say software RAID should be used on data partitions, and keep a backup of your root partition somewhere, so that when the disk holding it fails, you just swap in a new one and recover your root backup. When a disk holding the data partition (on sw/raid) fails I assume it'd work as advertised. If the primary disk fails and the BIOS and boot loader don't allow booting from the second disk then you just have to physically swap disks (which is much less effort than swapping disks and restoring from backup). You can't be 24x7-high-availability with software raid only, there's always some down time involved with it, or at least a higher risk of downtime than with hardware raid. Actually LinuxBIOS could solve this issue... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
tweaking samba and windows
Hi. I'd like to know how (if possible) to 'map' in a 'network drive' a subdirectory in an account's share with samba/windows, for example: H: == \\sambasrvr\account\subdir instead of H: being just \\sambasrvr\account. Also I'd like to know how to tweak the windows smb cache or whatever it is so that when msword is saving a 10KB file it won't take a little pause in the middle and then continue to write. Sometimes it hangs for more than 20 seconds and it's somewhat annoying, notwithstanding netware 4.11 doesn't 'hang' when writing the same file but writes somewhat faster or at least it seems so. Any help is appreciated. José -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
tweaking samba and windows
Hi. I'd like to know how (if possible) to 'map' in a 'network drive' a subdirectory in an account's share with samba/windows, for example: H: == \\sambasrvr\account\subdir instead of H: being just \\sambasrvr\account. Also I'd like to know how to tweak the windows smb cache or whatever it is so that when msword is saving a 10KB file it won't take a little pause in the middle and then continue to write. Sometimes it hangs for more than 20 seconds and it's somewhat annoying, notwithstanding netware 4.11 doesn't 'hang' when writing the same file but writes somewhat faster or at least it seems so. Any help is appreciated. José
Re: very long passwd
Just add a wrapper before procesing any incoming mail which auth on mysql. --- Antes de pasar el mail al delivery añade un nivel de chequeo via wrapper (ahora que lo pienso puedes hacerlo tb añadiendolo como status de retorno de una regla que definas) y que sea quien autentifique en el mysql. bye At 11:40 04/08/00 +0200, Joaquin Ferrero wrote: I have 200.000 users. The most part only have email service. The file /etc/passwd es very, very long... but es necessary for IMAP server to check the home directory for every user. nss_mysql is the only solution? Now, I have mysql to auth users for proftpd apache via PAM (pam_mysql) Sendmail can't delivery emails to not existents users (it check /etc/passwd). IMAP server need /etc/passwd for check user home dir. With pam_mysql check the user but not the home dir. Any solution for only-email users without /etc/passwd file??? How can to have many users easy? Joaquin Ferrero [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: very long passwd
Just add a wrapper before procesing any incoming mail which auth on mysql. --- Antes de pasar el mail al delivery añade un nivel de chequeo via wrapper (ahora que lo pienso puedes hacerlo tb añadiendolo como status de retorno de una regla que definas) y que sea quien autentifique en el mysql. bye At 11:40 04/08/00 +0200, Joaquin Ferrero wrote: I have 200.000 users. The most part only have email service. The file /etc/passwd es very, very long... but es necessary for IMAP server to check the home directory for every user. nss_mysql is the only solution? Now, I have mysql to auth users for proftpd apache via PAM (pam_mysql) Sendmail can't delivery emails to not existents users (it check /etc/passwd). IMAP server need /etc/passwd for check user home dir. With pam_mysql check the user but not the home dir. Any solution for only-email users without /etc/passwd file??? How can to have many users easy? Joaquin Ferrero [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: named error
I'm a bit lost. U have a domain xy.com which is configured on named or u r just trying to configure subdomains without add any 'zone' reference about the main domain in named.conf? i dont know how could bind actue if detect a zone 'lala.xy.com' and a zone 'xy.com' at the same named.conf file. Anyway u could use a only one 'zone' pointing to a xy.com dile which contain ip1.subdomain IN A etc etc seeya At 14:33 02/08/00 +0200, Aubert Gabor wrote: Hi there! I got an interesting error, while configuring named. There is a domain, like xy.com, and i tried to create dardai.xy.com I restarted named (and increased the serial number of course), but after the restart the new subdomain did not work. nslookup dardai.xy.com gave an error (not found) I tried darday.xy.com, and it worked excellent. dardai did not. There were an other subdomain, that gave the same error: theunion.xy.com the-union.xy.com were correct. Have you ever faced this problem? Aubert Gabor E-mail - [EMAIL PROTECTED] ICQ - #49342508 ICQhome - #58722720 Tel.- +36 72 327 622 #4819 (pte) Mobil - +36 20 321 3164 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
