5.2 install hangs
Hi all I'm trying to install FreeBSD 5.2-release on my: i386 1 Ghz 384 mb ram 60 gb harddisk 120 mb floppy disk It's running 4.9-release now btw. I've downloaded the iso for disc1 and made a cd. I have used that cd to install 5.2 on my laptop, test computer and my server, but when trying to install it on my main workstation I get: ad0: 58644 mb Maxtor 5T060H6 [119150/16/63] at ata0-master UDMA100 GEOM: create disk afd0 dp=0xc3f1bb6c afd0: REMOVABLE LS-120 VER5 00 UHD Floppy at ata0-slave PIO3 I've tried removing the floppy drive, but the it just hangs after: ad0: 58644 mb Maxtor 5T060H6 [119150/16/63] at ata0-master UDMA100 Any ideas? br socketd ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [Freebsd-hackers] 5.2 install hangs
On Thu, 22 Jan 2004 13:10:56 +0100 Remko Lodder [EMAIL PROTECTED] wrote: Perhaps some devices use the same IRQ or something like that, I had something similiar, 2 nics that used IRQ 10 and the IDE device used that also (Don't know if it's the correct IRQ but, for reference it should be ok ;p) Check that out beacause they might lock eachother out. Oki, I'll try that, thanks! br socketd ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 5.2 install hangs
On Thu, 22 Jan 2004 10:33:03 -0500 John Baldwin [EMAIL PROTECTED] wrote: ad0: 58644 mb Maxtor 5T060H6 [119150/16/63] at ata0-master UDMA100 GEOM: create disk afd0 dp=0xc3f1bb6c afd0: REMOVABLE LS-120 VER5 00 UHD Floppy at ata0-slave PIO3 I've tried removing the floppy drive, but the it just hangs after: ad0: 58644 mb Maxtor 5T060H6 [119150/16/63] at ata0-master UDMA100 Any ideas? Try disabling ACPI. Tried it, didn't work :-( br socketd ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 5.2 install hangs
On Thu, 22 Jan 2004 17:22:30 +0100 [EMAIL PROTECTED] (Dag-Erling Smørgrav) wrote: how long did you wait? Not long, 1-1½ min I guess. do you have anything connected to the secondary ata channel? The cdrom-drive has one channel and the disk and the floppy share the other. (If that's what you mean). is anything other than ata0 and ata1 listed as using irq 14 and 15? Nope. do you have pnp os set to no in youe bios? Yep :-) br socketd ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: HOW TO RETREIVE DATA FROM KERNEL.
On Sat, 30 Aug 2003 21:55:06 -0400 Sandeep Kumar Davu [EMAIL PROTECTED] wrote: I was wondering how to retreive data from the kernel if I wanna. I want TCP option(if any) to let the application know about that. Can u please tell me if there is any way that I can do it without adding any additional code. If I need to add it sould you please tell me the easiest way to do that. Something like man 3 sysctl? br socketd ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
ipfw newbie
Hi I am setting up a gateway for a friend and he want it to firewall and traffic shape. The network: Router (running NAT and PPP) |(192.168.1.1) |(no ip) Gateway (FreeBSD 5.1, ipfw + dummynet and DHCP to the LAN) |(192.168.2.1 to the LAN and 192.168.3.1 to the DMZ) |\ | \ | DMZ(192.168.3.0/24) LAN (192.168.2.0/24) I have been asking around wether I should NAT the DMZ. People had different opinions on that and I chose to NAT it. Now what I want is: Allow all traffic _from_ LAN and DMZ and out. Also allow all traffic between the two. DMZ traffic should have 100 times the weight of LAN traffic. So I was thinking if this maybe right? (I can't test the firewall before returning it, so the configuration have to be correct): //Give DMZ 100 times more weight than LAN pipe 10 config bw 512Kbit/s pipe 20 config bw 2Mbit/s add pipe 10 ip from any to any out add pipe 20 ip from any to any in queue 100 config pipe 10 weight 100 queue 200 config pipe 20 weight 100 queue 300 config pipe 10 weight 1 queue 400 config pipe 20 weight 1 //rl1 is the NIC to the router (rl0 = LAN, de0 = DMZ) add queue 100 ip from 192.168.3.0/24 to any out via rl1 add queue 200 ip from any to 192.168.3.0/24 in via rl1 add queue 300 ip from 192.168.2.0/24 to any out via rl1 add queue 400 ip from any to 192.168.2.0/24 in via rl1 //Allow all traffic _from_ LAN and DMZ add allow all from 192.168.0.0/255.255.0.0 to any //Here I will specify what traffic to allow to the DMZ //And I want this at the end: deny all from any to any And then set net.inet.ip.fw.one_pass: 0 Is this about right? And is it normal to place the firewalling rules after the pipes? Hope someone will help. br socketd ps: I think lockdown will be ready for wide testing by next weekend! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 5 Advanced networking questions
On Tue, 08 Jul 2003 22:51:24 -0700 Terry Lambert [EMAIL PROTECTED] wrote: Hmm, why not just use a firewall? Because most firewalls, even commercial ones, don't block the ICMP messages you appear to be interested in blocking. You appeared to want to turn your FreeBSD box into what's normally called a stealth system: one that doesn't respond at all to external probe attempts. So it looked like you were trying to *write* a firewall, or at least find a set of rules that would let your FreeBSD box act as a stealth one. I am mainly trying to hide my firewall/gateway and logserver. Thank you for your reply, I'll go read a little :-) br socketd ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 5 Advanced networking questions
On Tue, 08 Jul 2003 03:17:00 -0700 Terry Lambert [EMAIL PROTECTED] wrote: Socketd wrote: Ok, anyway to prevent sending ICMP's when ttl = 0? Or do I need a firewall? I guess you want to do this so that you can break path MTU discovery and fail to properly exchange packets with the DF bit set in the headers, and which don't take into account intermediate links with smaller MTUs, like VPNs or PPPOE links? What exactly are you getting from disabling ICMP, besides a broken network connection to some systems you may wish to be able to exchange packets with? I don't want to disable ICMP, just don't want to respond when ttl=0, meaning when my firewall/gateway is on a traceroute path. br socketd ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 5 Advanced networking questions
On Tue, 08 Jul 2003 04:17:04 -0700 Terry Lambert [EMAIL PROTECTED] wrote: I don't want to disable ICMP, just don't want to respond when ttl=0, meaning when my firewall/gateway is on a traceroute path. You should specifically modify the ICMP code to not respond to echo datagrams, or when ttl == 0, then, and work it that way. In other words, it's time to hack your network stack to specifically add that feature. Hmm, why not just use a firewall? br socketd ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 5 Advanced networking questions
On Tue, 08 Jul 2003 15:50:30 +0400 Andrey Alekseyev [EMAIL PROTECTED] wrote: You may also take a look at the IPSTEALTH kernel config option (see LINT): # IPSTEALTH enables code to support stealth forwarding (i.e., forwarding # packets without touching the ttl). This can be useful to hide firewalls # from traceroute and similar tools. Jep, have already seen that one :-) br socketd ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 5 Advanced networking questions
On Mon, 7 Jul 2003 17:33:14 +0200 Toni Andjelkovic [EMAIL PROTECTED] wrote: On Mon, Jul 07 2003 (01:22:05 +0200), Socketd wrote: 1. Reading man blackhole I found that net.inet.udp.blackhole=1 will prevent traceroute. Is this only if the host is the end target? or will it simply disable sending an ICMP packet when it get's a packet with ttl=1? Look in sys/netinet/udp_usrreq.c. This flag operates on the UDP layer and doesn't interfere with TTLs. Ok, anyway to prevent sending ICMP's when ttl = 0? Or do I need a firewall? Thank you for your reply! br socketd ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
5 Advanced networking questions
Hi all 1. Reading man blackhole I found that net.inet.udp.blackhole=1 will prevent traceroute. Is this only if the host is the end target? or will it simply disable sending an ICMP packet when it get's a packet with ttl=1? 2. Does net.inet.icmp.drop_redirect drop all redirects? Redirect datagrams for the Network. Redirect datagrams for the Host. Redirect datagrams for the Type of Service and Network. Redirect datagrams for the Type of Service and Host. 3. What is the difference between net.inet.ip.redirect and the above? 4. There is a net.inet.icmp.maskrepl, but can you also disable timestamp, echo request and information request messages the same way or do I need a firewall for that? 5. In order to drop SYN-FIN packets, do I need to compile the kernel with options TCP_DROP_SYNFIN or can I just use tcp_drop_synfin=YES in /etc/rc.conf? Is there a net.inet.tcp.?? I can use instead of the above suggestions? br socketd ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mounting
On Tue, 24 Jun 2003 16:31:33 +0100 (BST) Jan Grant [EMAIL PROTECTED] wrote: /tmp and /var/tmp noexec (I know /tmp has to be execuable to make world) nosymfollow. I've not found anything that this breaks (except a gazillion symlink race exploits). Great! Thanks :-) br socketd ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Suid and gid files
Hi I just installed FreeBSD 5.1 release and ran a find / -perm +4000 and find / -perm +2000. My question is: are any of these files used by the system, in a way that prevents me from making them non-executable to the world? I have no shell users and don't use sendmail. Btw why is /usr/sbin/ppp world readable? (not that is matters) br socketd ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Mounting
Hi again Would it be possible to have this configuration and not having the system fail (because of lacking rights or something): /tmp and /var/tmp noexec (I know /tmp has to be execuable to make world) /varnosuid (what about even noexec?) /var/mail noexec /home nosuid (again what about noexec if I don't have shell users, but only websites and backup's on /home?) Can nodev also be added to all above + /usr? br socketd ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mounting
On Mon, 23 Jun 2003 11:45:37 -0400 (EDT) Robert Watson [EMAIL PROTECTED] wrote: /var/mail noexec nosuid would be fine here also. And noexec too I guess? nodev prevents opening specfs character devices, but doesn't prevent opening fifos or UNIX domain sockets, so is generally fine for all file systems except /dev. The common exceptions I bump into are: (1) If you have per-user chroots, make sure wherever their custom /dev is isn't nodev. (2) The linux port used to (may still) install with a null device under /usr in the compat tree. Mounting this with nodev will break opening/dev/null for Linux apps. I'm not sure why the null entry exists there, and in fact we know it needs to go away since it will break when we GC major device numbers. Ah ok, again thank you for your help :-D br socketd ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Ftpd (option -h not working)
Hi all When FreeBSD 4.8 was released I reported this bug, but now in 5.1 releaed it is still there. Since http://www.freebsd.org/send-pr.html is down I'll try reporting the bug here (again). When using ftpd, you have the -h option to prevent the server from giving any info about itself. This works fino regarding the greeting message and when typing stat, but with syst is still gives info to the user. Will someone please forward this message to the maintainer of ftpd (can't find any mail is the source files)? br socketd ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ftpd (option -h not working)
On Sat, 21 Jun 2003 22:57:13 +0400 (MSD) Maxim Konovalov [EMAIL PROTECTED] wrote: Will someone please forward this message to the maintainer of ftpd (can't find any mail is the source files)? http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/50690 Ah ok, strange it haven't been fixed jet then, but my bad for reporting it without checking first :-) br socketd ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
ftpd -h
Hi When updating to FreeBSD 4.8 I saw that you can give ftpd a -h flag to prevent the server from telling clients, what kind of server it is (finally I don't have to edit the source to uptain this feature). Now correct me if I am wrong, but normally you can get server information 3 ways right? 1. When connecting to the server it will display a message 2. When giving the command stat 3. When giving the command syst Using 1 and 2 I was not able to get any server info (YES!), but sadly when writing syst I still get: 215 UNIX Type: L8 Version: BSD-199506 Mirror mistake or is it just me? br socketd ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ACPI programming under FreeBSD?
Original Message On 10/2/02, 12:34:49 PM, Oliver Fromme [EMAIL PROTECTED] wrote regarding Re: ACPI programming under FreeBSD?: Mark Santcroos [EMAIL PROTECTED] wrote: ACPI developers, there is alot more information available in the kernel about ACPI that we don't export to userland yet. Do you think we should do that using more sysctl's or should we implement some ioctl's on /dev/acpi to retrieve the information? I'm not an ACPI developer, but I really like the sysctl interface, because it enables you to retrieve information from within scripts easily. For ioctls you would have to write a separate tool to be able to access it. I think the list of sysctl entries is pretty long as it is. Just my 0.02 Euro. Just my 25 øre (or 0.25 kroner). Br socketd To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message