Re: Setting up VPN's
Craig wrote: Hi Guys We have to setup a VPN for a client and was wondering what software packages we could use for this, what works well and is reliable ? And what I need to do to get it working on their firewall ... Thanks Craig I use freeswan ipsec, I believe win2k and firewall1 are compatible with it, but I just do freewswan to freeswan. Thing
Re: Recontruction a failed raid array on root
Craig wrote: Well we cannot run raidhotadd to add the new partition because the root file system is already mounted so we get disk busy error. -Original Message- From: thing [mailto:[EMAIL PROTECTED] Sent: 07 May 2003 09:37 To: [EMAIL PROTECTED] Subject: Re: Recontruction a failed raid array on root Craig wrote: Hi Guys We have a server running raid 1 mirroring and one of the HDD failed. We have since replaced the failed drive and have re-constructed 2 out of the 3 raid arrays. The problem we are having is with re-contructing the raid array runnning on the root partition. Any help would be greatly appreciated. Thanks Craig It should be straightforward, what problem(s) did you encounter? Basically make a matching partition using fdisk, set the type to fd, tell the raid about it now being available and watch it sync. regards Thing Show me the /etc/raidtab file, outputs from, cat /etc/fstab cat /etc/mtab df -h cat /proc/mdstat the syntax of the raidhotadd command you used regards Thing
Re: [Help] Dose Anyone have Debian Woody FreeS/WAN through NAT Howto ???
http://www.thing.dyndns.org/debian/wifivpn.htm might help regards Thing axacheng wrote: As subject..Please Help me.. Now, my freeswan can implement to : 1. FreeS/WAN server(Debian woody) [X.509 auth]FreeS/WAN client(Debian woody) 2. FreeS/WAN server(Debian woody) [X.509 auth]Windows2000/XP client But...i CAN NOT use FreeS/WAN server through NAT .. Anyone have this document or Howto that can share us [EMAIL PROTECTED]@ Thanks very much.
Re: Trusted Debian
Sebastian Zimmermann wrote: Hello, what is your opinion on the recently released Trusted Debian (http://www.trusteddebian.org/)? It is claimed that it is more secure than regular woody, however, there is no security team. I don't want to discuss security though, but whether or not an ISP should use it. Sebastian Ive just joined the list. The kernel spec looks interesting, at the very least if only for firewalls. Given the attacks ISPs are suject too, and that by thier very nature they are often exposed more than most i woud think this is a good idea. certainly am anout to evaluate on a test box and if it looks as goos as it suggests will move my boxes over regards Thing
Re: VPN
Samuele wrote: Hi there. I have to set up a VPN service on some Debian (woody) servers, and since I have no experienced with this I am searching for advices and hints about the best implementation among: . SSH + PPPD (as explained in the VPN HOWTO) . IPSec + FreeSwan (which seems to be more secure) . OpenVPN . tinc . pptpd ... Suggestions and advices are welcome. Bye. -- Samuele Catusian Ive done some vpn using ipsec/freeswan on debian, notes are here, http://www.thing.dyndns.org/debian/wifivpn.htm regards Thing
Re: VPN
Samuele wrote: Hi there. I have to set up a VPN service on some Debian (woody) servers, and since I have no experienced with this I am searching for advices and hints about the best implementation among: . SSH + PPPD (as explained in the VPN HOWTO) . IPSec + FreeSwan (which seems to be more secure) . OpenVPN . tinc . pptpd ... Suggestions and advices are welcome. Bye. -- Samuele Catusian Ive done some vpn using ipsec/freeswan on debian, notes are here, http://www.thing.dyndns.org/debian/wifivpn.htm regards Thing -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Too Many Files Open Error
Gene Grimm wrote: I have recently begun getting error messages from Postfix and other packages reporting "too many files" error messages. Can anyone suggest where to check on how many files can be open or adjust this limit if possible? If this is the limit Im thinking of (sounds like it) it can be adjusted on Solaris, I assume Linux has a kernel tunable as well. Thing
Re: Too Many Files Open Error
Gene Grimm wrote: I have recently begun getting error messages from Postfix and other packages reporting "too many files" error messages. Can anyone suggest where to check on how many files can be open or adjust this limit if possible? If this is the limit Im thinking of (sounds like it) it can be adjusted on Solaris, I assume Linux has a kernel tunable as well. Thing -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mail server
Asher Densmore-Lynn wrote: Can anyone give me any figures on how much machine I need to serve as a mail server for N users? I appreciate that every server is unique, but I can't judge these things for the life of me, and if I had baseline numbers I could modify them to suit. \: I'm looking at a thousand users, but anything would help. how long is a pice of string? a p120 with 32meg of ram can handle 30 users with ease. A p2-350 with 128 meg 200 with ease, depends on the use its put to. I doubt its linear scaling, give us some numbers. Thing -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: hard- or software-raid?
Tinus Nijmeijers wrote: I'm building a server that needs about 200G of harddisk space and the data has to be safe. If I need to replace a faulty hd and get downtime that's fine. Speed is not an issue. The system will boot of a scsi HD, I have a backup boot disk available. Disks (couple of 120G IDE or something) will be in 1+0, raid5 or raid6 (does software raid do raid6?) Is there any reason to use hardware-raid over software-raid in this case? thanks. Tinus OK, For booting, I suggest getting a uw or better ie (u2w) scsi hardware raid controller (AMI megatrends seem linux friendly) and 2 x 4gig ultra wide (uw) or bigger disks (raid1 ~ mirrored), you dont need bigger, but bigger disks will be younger and hopefully last longer. An improvement would be 3 x 4 gig disks and have one as a hot spare to the first 2. I wouldnt go older/smaller than 4 gig as 2 gig disks are getting very old and are slower. This will be a robust boot system, software raid is not any good for booting. Ive never heard of raid 6 (commercially anyway). Since speed is not your issue I suggest Raid 5 using software raid for the data. Ive found it no worse performance wise than hardware raid (on ide anyway) and way cheaper. Ive pulled a disk out of a software raid 5 setup and re-inserted it and the system recovered fine (that was scsi mind). These days CPU's are not usually the bottleneck in server performamce so the penalty of the raid 5 calculations on the CPU seems insignificant. Raid 5 needs at least 3 disks, as one disk is lost on parity, so your options for 200 gig are 3 x 100 or 120 gig drives giving you 200 ~ 240gig of usuable space or 4 x 80 gig disks also giving you 240gig of raid 5. 3 disks is good as then if you so choose you can add an extra disk as a hot spare, this way if one dies you rebuild on line and swap the dead one out at your convienience. That means paying for an extra disk mind If you want to improve performance only put 1 ide disk per channel, this means an extra ide controller (ie 2, assuming 2 channels per controller), but there should be a speed improvement. regards Thing -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Re Compaq 1500
I have similar problems with 1600r's, basically you need to wipe the cmos/bios/drives and start with new rompaqs and a totally clean system, if smartstart cds work with the 1500s then version 5.40 seems to work well. Once I did this Debian could then see both cpus. regards Thing On Sun, 29 Dec 2002 00:27, Samantha Scafe wrote: > I have a compaq 1500 server > I have 2 cpu's and have made sure that the correct modules are selected in > the kernel > > But it refses to use both cpus and ideas>?> > > Samantha Scafe > Network / System Administrator > > AUSSIEWIDE INTERNET > Unlimited Plans anywhere in OZ for $24.95 > (Ask for the 20% discount and it is yours) > Phone: 1300-554911 > www.aussiewide.com > Email: [EMAIL PROTECTED] > IT Solutions for Females > www.femtech.com.au > NCI-4471 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: how to see 14 disks
you need to MAKEDEV the extra drive letters I suspect. I ran into this on my scsi array. eg Linux will only see to /dev/sdh by default, to go past this, cd /dev then ./MAKEDEV sdi then reboot. fdisk should now work. regards Thing On Wed, 04 Dec 2002 21:12, Nate Campi wrote: > For years I've been using hardware raid on compaq smart2 cards to handle > hosts with 10-20 disks. The firmware presents each volume as a device to > the OS so there's usually only a couple "disks" from linux's point of > view. > > Now I have an aic7xxx card hooked straight up to an array with 14 disks > in it. Linux only sees the first 8. There's apparently only 128 device > nodes available for SCSI and all the possible partitions on each disk > is allowing for only my first 8 disks. > > It seems that you might be able to re-create the dev filesystem and only > use the device nodes you need. Each of my disks (that I can fdisk > anyways) has only a single linux raid autodetect partition on it. The > kernel certainly has enough nodes for this setup. > > Is there a way to get Linux (2.4.18-686-smp kernel) to see all the > disks? > > I don't want some patch like > http://www.suse.de/~garloff/linux/scsi-many/> since I run debian > kernels. > > TIA -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SCSI or IDE
On Thu, 28 Nov 2002 22:21, Russell Coker wrote: > On Thu, 28 Nov 2002 02:15, Jones, Steven wrote: > > If you lose the primary boot disk on software raid its not bootable in my > > experience. > > That's often the case. If the disk entirely dies then the BIOS should be > able to boot from the other disk, but if the disk partially fails then > it'll probably not be bootable. > > But if you want to save money on hardware software RAID-1 is a very good > option. Im afriad I have to disagree, have you tried to boot off the second disk? Im pretty sure its always the case, even with a totally dead primary disk. I know of no motherboard that can find the second disk and have Linux realise its booting off not the disk it expects. Sun boxes will do it, but we arnt talking Sparc in here, (at least Im not) Ive tested this scenario (after some clown bought a stack of compaq dp320s against my advice.PHB liked the pricedoh) and on several machines i have been unable to get the bios to boot the second disk with the primary disk removed. It simply does not work. If you know of a motherboard that will do it please let me/us know, it might get on my shopping list. regards Thing -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Re COMPAQ SERVER 3155 Series
as witrh most machines that wont, start with the 2 floppies then switch to the cdrom later Thing On Tue, 26 Nov 2002 13:47, Samantha Scafe wrote: > how the hell do you boot from the scsi cd rom interface? > > Samantha Scafe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Backup Web Server
cluster it, when one box goes down, its backup takes up that IP Thing On Mon, 25 Nov 2002 20:12, [EMAIL PROTECTED] wrote: >Can anyone pls tell me how to setup a Backup Web Server..meaning if the > primary Web Server fails, it will automatically go to a seperate Web > Server. > > ex. > > Home User - www.abc.com > > Server Unit 1 - www.abc.com : but if the unit bogs down > it will go to, > > Server Unit 2 - www.abc.com > > Can this be possible? > > Rizal > > "If you think you play too much, play more" -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Backup Web Server
cluster it Thing On Mon, 25 Nov 2002 20:12, [EMAIL PROTECTED] wrote: >Can anyone pls tell me how to setup a Backup Web Server..meaning if the > primary Web Server fails, it will automatically go to a seperate Web > Server. > > ex. > > Home User - www.abc.com > > Server Unit 1 - www.abc.com : but if the unit bogs down > it will go to, > > Server Unit 2 - www.abc.com > > Can this be possible? > > Rizal > > "If you think you play too much, play more" -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SCSI or IDE
On Mon, 25 Nov 2002 06:38, Scott wrote: > After some talks with the person who handles the books she has given me > the authority to bail on these Netfinity boxes and get something more > supported by Debian. My question is: with IDE drives as fast as they are > now does it really pay to go SCSI? Are there any benefits besides RAID? > I understand fault tolerance, but how about performance? > > Thanks, > > -Scott I would be grateful if you cold document why / what probs you are having wiht the net infinity kit (for future reference). Ide is obviously way cheaper than Scsi, You can go ide raid, which Ive not tried yet, but it would give a mirror whcih is what you want really (read performance will be a bit better too). Does the load justify scsi? if its not hammered then hardware ide raid is probably fine. regards Thing -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Converting /home/* from Susie to Debian
write a script? way more reliable and obviously way quicker Thing On Wed, 23 Oct 2002 00:25, Garry Byrne wrote: > We are converting our main mail/web server over from a Susie box to Debian. > Under Susie ownership on /home/client are client.users and the standard > debian is client.client We have around 3000 clients so we will be > adding an extra 3000 groups to keep with the standard Debian client.client > Can anyone see this as a problem? having a large group file? > > Thanks > Garry
Re: Converting /home/* from Susie to Debian
write a script? way more reliable and obviously way quicker Thing On Wed, 23 Oct 2002 00:25, Garry Byrne wrote: > We are converting our main mail/web server over from a Susie box to Debian. > Under Susie ownership on /home/client are client.users and the standard > debian is client.client We have around 3000 clients so we will be > adding an extra 3000 groups to keep with the standard Debian client.client > Can anyone see this as a problem? having a large group file? > > Thanks > Garry -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: scsi boot
u may have to start with the 2 compact image floppies they are on the CD. regards Thing sihite wrote: > Dear All, > > I am a beginner in linux, and now i have a problem with my new installation. > I try to install a debian using debian potato rel. 2.2R4, > my computer is compag, using scsi hardrive. But when i try to boot using the > cd of debian rel. 2.2.R4 my scsi hardisk didn't detect/probe by debian > automatically. > > How to boot parameters, and make my scsi detect/probe automatically ? > > Thanks, > > sihite > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: failure notice (about relays.osirusoft.com)
what would be the feature syntax in sendmail.mc for using osirusoft please? im in NZ and sick to death of being spammed from asia :] regards Thing Craig Sanders wrote: > you seem to have a chip on YOUR shoulder about the osirusoft RBLs. this > is not the first time you have bitched about them in public. > > amusingly, however, you completely discredit your line of argument by > suggesting that bl.spamcop.net is a viable substitute. bl.spamcop.net > isn't even a good RBL let alone any kind of a substitute for osirusoft, > their moronic automation policies (and inevitably inadequate automation > software) result in an enormous number of false positives. to put it > bluntly, anyone using bl.spamcop.net is either running only a tiny > personal mail server or is a complete barking moron. or both. > > your sole complaint against osirusoft is that they list numerous open > relays and spam-sources in Asia which (potentially?) affects you > personally. tough luck. find yourself an ISP which a) has a clue about > running & securing mail servers and b) doesn't allow open relays or > spammers on their network. > > craig > > -- > craig sanders <[EMAIL PROTECTED]> > > Fabricati Diem, PVNC. > -- motto of the Ankh-Morpork City Watch > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: VPN Tools!
I made some Debian vpn notes for ipsec / freeswan here http://www.thing.dyndns.org/debian/vpn.htm Ive not played with freeswan since 2.4.14, but Im about to use it over wireless 802.11barrrggg! Its a bitch. If anybody has a config for a debian laptop to a debian firewall and win2k to Debian firewall please let me know!. regards Thing
Re: Some more port closing questions
113 is controlled from inetd.conf, add a # in front of the relevent line. afterwards do a killall -HUP inetd 111 is portmaper, its in /etc/init.d, you can stop the services with ./portmap stop then remove the sym link to the run level or chmod the script to 0400 and it wont run on boot in future. regards Thing Crawford Rainwater wrote: > Thanks to all on the Portsentry issue I had > a week ago. > > Along those same lines, I have two ports I cannot > figure out (even looking through the LDP) on how > to close or shut down their related services. > They are as follows: > > 111/tcp sunrpc > 111/udp sunrpc > 113/tcp auth > 1024/tcp kdm > 1024/udp unknown (I am guessing this is with the kdm one) > > Advice appreciated, thanks in advance. > > --- Crawford > > The I.T.E.C. Company > P.M.B. 146 > 368 South McCaslin Boulevard > Louisville, CO 80027 USA > (303) 604-2550 (voice) > (866) 604-2550 (toll free) > (303) 664-0036 (fax) > http://www.itec-co.com > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]