Re: Installing JDK without x11
Hi Jack, Java needs all the X11 bits for the swing and awt part of it. I dont know if there is a way to actually seperate the textual and graphic bits of java. Thus, as far as I know, no, you cannot install java without the X11 bits. Regards, Neeraj >>> Jack Baty <[EMAIL PROTECTED]> 02/16/03 04:36PM >>> Just curious if there's a way to install Java on a server without also installing all of the x11 stuff. I'm trying it from /usr/ports/java/jdk13 and can't find a way to not include the x11 bits. -- Jack Baty Fusionary Media - http://www.fusionary.com/ nobody,not even the rain,has such small hands -e.e. cummings To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Installing JDK without x11
Just curious if there's a way to install Java on a server without also installing all of the x11 stuff. I'm trying it from /usr/ports/java/jdk13 and can't find a way to not include the x11 bits. -- Jack Baty Fusionary Media - http://www.fusionary.com/ nobody,not even the rain,has such small hands -e.e. cummings To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
System stops responding on boot when detecting VIA V82C686B(KT-133A)
When booting on an ASUS A7V133 (with KT-133A chipset, chip V82C686B), system hangs during boot most times. A few times system doesn't hangs. The controller usually hangs when showing these messages: ...do /kernel: ad4: 57259MB [116336/16/63] at ata2-master UDMA100 Feb 16 01:36:31 conrado /kernel: ad6: 38172MB [77557/16/63] at ata3-master UDMA100 Feb 16 01:36:31 conrado /kernel: acd0: REQUEST_SENSE command timeout - resetting Feb 16 01:36:31 conrado /kernel: ata0: resetting devices .. done Feb 16 01:36:31 conrado /kernel: acd0: read data overrun 18/0 Feb 16 01:36:31 conrado /kernel: acd0: REQUEST_SENSE command timeout - resetting Feb 16 01:36:31 conrado /kernel: ata0: resetting devices .. done Feb 16 01:36:31 conrado /kernel: acd0: read data overrun 18/0 Feb 16 01:36:31 conrado /kernel: acd0: REQUEST_SENSE command timeout - resetting Feb 16 01:36:31 conrado /kernel: ata0: resetting devices .. done Feb 16 01:36:31 conrado /kernel: acd0: read data overrun 18/0 Feb 16 01:36:31 conrado /kernel: acd0: REQUEST_SENSE command timeout - resetting Feb 16 01:36:31 conrado /kernel: ata0: resetting devices .. done Feb 16 01:36:31 conrado /kernel: acd0: MODE_SENSE_BIG command timeout - resetting Feb 16 01:36:31 conrado /kernel: ata0: resetting devices .. done Feb 16 01:36:31 conrado /kernel: acd0: read data overrun 4/0 Feb 16 01:36:31 conrado last message repeated 5 times Feb 16 01:36:31 conrado /kernel: acd0: read data overrun 2/0 Feb 16 01:36:31 conrado /kernel: acd0: CD-RW at ata0-master PIO3 If no devices are attached to the on-board, chipset build-in ATA controller, system hangs EXACTLY when the controller is detected: ==> atapci0: at device 4.1 on pci0 DISABLING the VIA ATA-100 controller on BIOS SETUP, the system boots up normally. The machine is a 900-MHz Athlon, on a ASUS A7V133, one HP CD-RW attached to the primary master (VIA ATA controller) and two hard-discs attached to the on-board PROMISE controller. OS is FreeBSD 4.7 (RELEASE), but happens to 5.0, 4.6.2, 4.6, 4.5, and earlier (from 4.x line). Any hints? --- Conrado Vardanega [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: using Dummynet to rate limit ftp
Matthew Seaman wrote: On Sat, Feb 15, 2003 at 01:54:20PM -0500, Chuck Swiger wrote: [ ... ] The question of QoS rather than bandwidth capping is valid, but how do you prioritise data traffic if you can't identify at least one of the port numbers used for the TCP or UDP streams? While you need to identify traffic somehow in order to apply QoS, I don't see why you have to identify traffic by port alone. Set up different priorities for other hosts versus this FTP server's IP; or match other traffic types first and leave the generic "high ports" to "high ports" for the lowest priority. [ I'm still at the tinkering stage of using bandwidth shaping myself, but bandwidth limits are appropriate when you pay by the byte or have usage limits in place. QoS is better (more useful?) when you've got unlimited connectivity, or busy pipes, or both. ] -Chuck To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
5.0 Jail does not work (out of date documentation?)
Hi, I'm new to FreeBSD as I'm switching over from Linux. I want to get jail going but I've had no luck. Following the man page for jail, I did this: D=/usr/jails/hld cd /usr/src mkdir -p $D make world DESTDIR=$D cd etc make distribution DESTDIR=$D Variating from the MAKEDEV command I ran: mount -t devfs / $D/dev cd $D ln -sf dev/null kernel When I do a `sockstat -4l` I can see that nothing from my host server is bound to any jail server IP's. When I run: jail $D hld.ca 66.11.174.121 /bin/sh /etc/rc It gives the following output: hw.bus.devctl_disable: 1 -> 1 Entropy harvesting:sysctl: kern.random.sys.harvest.interrupt: Operation not permitted interruptssysctl: kern.random.sys.harvest.ethernet: Operation not permitted ethernetsysctl: kern.random.sys.harvest.point_to_point: Operation not permitted point_to_point. Fast boot: skipping disk checks. mount: /: unknown special file or file system adjkerntz[7724]: sysctl(put_wallclock): Operation not permitted Doing initial network setup:. Additional routing options:. Mounting NFS file systems:. ln: /dev/log: Operation not permitted Starting syslogd. syslogd: child pid 7816 exited with return code 1 ELF ldconfig path: /usr/lib /usr/lib/compat a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout Starting local daemons:. Updating motd. Configuring syscons: blanktime. ^CInitial i386 initialization:. Additional ABI support:. Local package initialization:. Additional TCP options:. Starting devfsln: vga: Operation not permitted Starting cron. Starting background file system checks. You can see the ^C at the beginning of "Intial i386 initialization". After "blanktime" it stalls and I've waited up to 5 minutes before hitting CTRL-C to make it continue. It just bails though. The /var/log/messages has no information of use (just syslogd starting message) I've also tried tracing this /etc/rc script by puting 'echo' commands here and there but none get executed. I'm new enough to FreeBSD that I don't really know how it runs it's startup scripts. Any help would be appreciated since I'd really like to get this going. Thanks, Dan P.S. I think I found a bug. If I 'mount -t procfs proc $D/proc' two times without unmounting and then 'ls $D/proc' my machine becomes completely unresponsive. I need to power cycle it to get it back. __ Dan Cardamoremailto:[EMAIL PROTECTED] http://www.hld.ca 00:07:50 up 2:33, 1 user, load average: 0.10, 0.06, 0.07 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
(no subject)
subscribe To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
5.0 install on an IBM Thinkpad i series 1400
Hello, I recently tried to upgrade my IBM Thinkpad 1400i to RELENG_5_0 because I wanted the 32-bit cardbus support. I cvsup'd new source and followed these instructions from UPDATING: [7] make buildworld [9] make buildkernel KERNCONF=YOUR_KERNEL_HERE [8] cp src/sys/${MACHINE}/conf/GENERIC.hints /boot/device.hints [2] make installkernel KERNCONF=YOUR_KERNEL_HERE cd src/sys/boot ; make install [6] [1] [3] mergemaster -p [5] rm -rf /usr/include/g++ make installworld Here I ran into trouble. The installworld informed me that my kernel wasn't new enough. I'm sorry I don't have the exact error. I was unable to complete the installworld and unable to recover. I decided to do a fresh install. I made 5.0 boot floppies. kern.flp loaded with no problems. I inserted mfsroot.flp and it appears to load ok until: unknown can't assign resources (irq) unknown can't assign resources (port) unknown can't assign resources (port) unknown can't assign resources (port) Timecouters tick every 10.000 msec Fatal trap 12: page fault while in kernel mode fault virtual address = 0xc703a000 fault code = supervisor read, page not present instruction pointer = 0x8:0xc01c669f stack pointer = 0x10:0xc6d3a9c0 frame pointer = 0x10:0xc6d3ac04 code segment= base 0x0, limit 0xf, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags= interupt enabled, resume, IOPL=0 current process = 6 (cbb0) trap number = 12 panic: page fault syncing disks, buffers remaining... done uptime: 1s Automatic reboot in 15 seconds I've installed a new 4.7 release using the 4.7 kern.flp and mfsroot.flp and booted from the generic kernel. Here is my dmesg from boot -v: Copyright (c) 1992-2002 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 4.7-RELEASE #0: Wed Oct 9 15:08:34 GMT 2002 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC Calibrating clock(s) ... TSC clock: 365804707 Hz, i8254 clock: 1193176 Hz CLK_USE_I8254_CALIBRATION not specified - using default frequency Timecounter "i8254" frequency 1193182 Hz CLK_USE_TSC_CALIBRATION not specified - using old calibration method CPU: Pentium II/Pentium II Xeon/Celeron (365.81-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x66a Stepping = 10 Features=0x183f9ff real memory = 100597760 (98240K bytes) Physical memory chunk(s): 0x1000 - 0x0009efff, 647168 bytes (158 pages) 0x00536000 - 0x05fe7fff, 95100928 bytes (23218 pages) config> di sn0 config> di lnc0 config> di ie0 config> di fe0 config> di cs0 config> di bt0 config> di aic0 config> di aha0 config> di adv0 config> q avail memory = 92639232 (90468K bytes) bios32: Found BIOS32 Service Directory header at 0xc00f0280 bios32: Entry = 0xf0210 (c00f0210) Rev = 0 Len = 1 pcibios: PCI BIOS entry at 0x0 pnpbios: Found PnP BIOS data at 0xc00f62d0 pnpbios: Entry = fa000:0 Rev = 1.0 pnpbios: Event flag at 4b0 Other BIOS signatures found: ACPI: 000fe030 Preloaded elf kernel "kernel" at 0xc050f000. Preloaded userconfig_script "/boot/kernel.conf" at 0xc050f0a8. Pentium Pro MTRR support enabled Creating DISK md0 md0: Malloc disk Math emulator present pci_open(1):mode 1 addr port (0x0cf8) is 0x pci_open(1a): mode1res=0x8000 (0x8000) pci_cfgcheck: device 0 [class=06] [hdr=00] is there (id=162110b9) pcibios: No call entry point npx0: on motherboard npx0: INT 16 interface pcib0: on motherboard found-> vendor=0x10b9, dev=0x1621, revid=0x05 class=06-00-00, hdrtype=0x00, mfdev=0 subordinatebus=0secondarybus=0 map[10]: type 1, range 32, base e000, size 26 found-> vendor=0x10b9, dev=0x5247, revid=0x01 class=06-04-00, hdrtype=0x01, mfdev=0 subordinatebus=1secondarybus=1 found-> vendor=0x11c1, dev=0x0449, revid=0x01 class=07-80-00, hdrtype=0x00, mfdev=0 subordinatebus=0secondarybus=0 intpin=a, irq=9 map[10]: type 1, range 32, base 8010, size 8 map[14]: type 1, range 32, base 7090, size 3 map[18]: type 1, range 32, base 7400, size 8 found-> vendor=0x10b9, dev=0x1533, revid=0x0a class=06-01-00, hdrtype=0x00, mfdev=0 subordinatebus=0secondarybus=0 found-> vendor=0x125d, dev=0x1969, revid=0x02 class=04-01-00, hdrtype=0x00, mfdev=0 subordinatebus=0secondarybus=0 intpin=a, irq=5 map[10]: type 1, range 32, base 7800, size 6 map[14]: type 1, range 32, base 7850, size 4 map[18]: type 1, range 32, base 00
Re: No Description In ports search
Well, I'm not sure what caused the problem, but I fixed it. cd /usr/ports make index Fixed. Can someone tell me the difference between running make index, and using portsdb -Uu ? On Sat, Feb 15, 2003 at 06:11:51PM -0800, Michael Barrett wrote: > Hi, so I recently went to look for a mp3 ripper/encoder program in the ports >collection and I noticed something odd. For some reason, whenever I do a make search >of any sort, all the ports it lists have their Info: field set to ** No Description. > > Anyone have any idea why that is? It doesn't seem to matter what I search for, >or if I use keys or name to search, nothing has any info about it. I know that it >didn't have this behavior before, and it's really kind of bothersome. > > Thanks for any help you can give. > > -- > > Mike Barrett | "I used to read, now I go to raves." > [EMAIL PROTECTED] | -- Random MUNI Rider, speaking > www.daboyz.org |to my friend Allison. > +--- > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message -- Mike Barrett | "I used to read, now I go to raves." [EMAIL PROTECTED] | -- Random MUNI Rider, speaking www.daboyz.org |to my friend Allison. +--- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: sound module on start up
On Sat, Feb 15, 2003 at 08:29:59PM -0500, synrat wrote: > I figured out how to load the module for my sound card (ac97) > but I can't get it to load on start up. When I add the line > snd_via8233_enable="YES" to /etc/rc.conf it still doesn't load it on > the start up. How do I do that ? You would add the following line to /boot/loader.conf: snd_via8233_load="yes" > How would I compile that into my kernel? device pcm > I thought it would be built when I added pcm to my custom config, but > it wasn't. I had to build it manually in modules/sounds directory. You want to decide whether you want sound support compiled into the kernel or use a kernel module. I am not sure what happens if you try to load the kernel module when the kernel already provides it. -- Glenn Johnson [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
No Description In ports search
Hi, so I recently went to look for a mp3 ripper/encoder program in the ports collection and I noticed something odd. For some reason, whenever I do a make search of any sort, all the ports it lists have their Info: field set to ** No Description. Anyone have any idea why that is? It doesn't seem to matter what I search for, or if I use keys or name to search, nothing has any info about it. I know that it didn't have this behavior before, and it's really kind of bothersome. Thanks for any help you can give. -- Mike Barrett | "I used to read, now I go to raves." [EMAIL PROTECTED] | -- Random MUNI Rider, speaking www.daboyz.org |to my friend Allison. +--- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
sound module on start up
I figured out how to load the module for my sound card ( ac97 ) but I can't get it to load on start up. When I add the line snd_via8233_enable="YES" to /etc/rc.conf it still doesn't load it on the start up. How do I do that ? How would I compile that into my kernel ? I thought it would be built when I added pcm to my custom config, but it wasn't. I had to build it manually in modules/sounds directory. thanx a lot To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
歡樂慶元宵 讓妳樂透不寂寞! 24H聊天玩樂去
Title: ·sºô¶1 24¤p®É¹q¸Ü¥æ¤Í²á¤Ñºô... ·Q»P¦U¦æ¦U·~ªº²§©Ê²á¤Ñ¶Ü¡H ·Q»P¤£¦P¦æ·~ªº²§©Ê¥æ©¹¶Ü¡H 24¤p®É¹q¸Ü¥æ¤Í²á¤Ñºô... ¬°±z·f°_½Ëªº¾ô¼Ù «Øºc°_²á¤Ñ¡B ¤ß¨Æ¶É¶D¼ö½u--- °Ñ¥[¤èªk¤@¡G ¤k¥KºZ½Í§K¶O¼ö½u¡G02--2371¡]¥Nªí¸¹¡^ ¨k¥K¨Ó©±¡G¥_¥«©ø©úµó¢²¢Ý¸¹¢±¼Ó¡C(¬¥¶§°±¨®³õ¹j¾À) ¬¢¸ß±M½u¡G02---23317211¡]¦èªùËm¡^ °Ñ¥[¤èªk¤G¡G ¤k¥K²á¤Ñ¼ö½u¡G02---23886661¡]«ö¡¯¥i»P¤£¦P¨k©Ê¥æ½Í¡^ ¨k¥KÁÊ¥d±M½u¡G02---23703167¡]¦b®a³]©w¥iÂà±µ¡A¥þ¬Ù³q¥Î¡^ ¨C¤ê¼Æ¦Ê¦ì¬ü¤k«Óôµ¥µÛ©M±z²á¤Ñ¡B°µªB¤Í³á¡I ¨Ó¥»¯¸¡B¥i»{ÃѫܦhªB¤Í¡BÀô¹Ò³æ¯Â¡B®ø¶O§C·G ¤ß°Ê¤£¦p¦æ°Ê¡B°Ñ¥[´N¦³§Æ±æ¡B¤H¥Í¬O±m¦âªº... 24¤p®É¹q¸Ü¥æ¤Í²á¤Ñºô... ¦pªG¤£·Q¦¬¨ì¼s§i,½Ð«ö³o¸Ì ¸T¤î¥¼º¡18·³ªÌ°Ñ¥[.sorry... To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
þÆ#ÒÔ£ÔÝÈ BTMYSVFOYF
þÆ#ÒÔ£ÔÝÈ. ôÒ¼È ÀÓÔÙÈÜÛÈ ØÈÜ ÞÒÛÜÈ#È£ÀÔÒÙÀ.  ÔÒÃÈÜÛÈØ ñÈ#ÀÔÒ àÙÕÒ. ---Áèÿùòøò- 50 ÜÀÔ¾ ÀÓÀÈÔ ÆÙ #ÒÓÀ¿ÈÕÀ £ÀÙÒ - ßÒÃÆÝ ÆÈÜ. http://www.oboi.h10.ru SRCMCSYNHHQREEWVFGGPJIJYWERYLNHFQRVPWU To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: OT sendmail tagging spam
Laszlo Vagner wrote: currently i use spamcop.net's blocking service and have the FEATURE in my sendmail configuration, I would like to just tag spam say in the subject add SPAM: to all incoming mails that match the blocklist. What would be the best way of doing this.? Thank You Laszlo Spamassassin -- R To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: cvsup ?
On Sun, Feb 16, 2003 at 12:25:38AM +0200, Petre Bandac wrote: > let me see if I got it ok > > if I cvsup ports/www - then I shall have the latest releases > > do I need to upgrade anything else ? > > I mean the whole cvsup thing is to "cvsup -g -L 2 ports-supfile" and that's > all ? After running cvsup, you'll have a collection of Makefiles, patches etc. under /usr/ports all set up to download the source and build the latest versions of any software you want to install. Running cvsup is just the preliminary to the whole process of updating any ports that are out of date. If you've installed portupgrade(1) [ports/sysutils/portupgrade] bringing all your installed ports up to date pretty much boils down to: cvsup -g -L 2 ports-supfile portsdb -Uu pkgdb -Fvu portupgrade -rRNia [the last two commands are interactive as shown: they'll prompt you to confirm any actions that modify your system] Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
OT sendmail tagging spam
currently i use spamcop.net's blocking service and have the FEATURE in my sendmail configuration, I would like to just tag spam say in the subject add SPAM: to all incoming mails that match the blocklist. What would be the best way of doing this.? Thank You Laszlo To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: using Dummynet to rate limit ftp
On Sat, Feb 15, 2003 at 01:54:20PM -0500, Chuck Swiger wrote: > Matthew Seaman wrote: > [ ... ] > >Now, that sounds quite reasonable, but it's really quite a minefield. > >Consider that the TCP stream could be fragmented --- unlikely in > >normal usage, but something a potential attacker might try --- or that > >an attacker might be able to persuade your firewall to open up access > >to ports or addresses it really shouldn't by sending a cunningly > >modified FTP control exchange. > > While I agree with this and the points you've made, let me suggest that > the problem the original poster had is better solved by prioritizing > traffic, rather than by setting fixed bandwidth limits in place. Or > perhaps "in addition to fixed BW limits" The question of QoS rather than bandwidth capping is valid, but how do you prioritise data traffic if you can't identify at least one of the port numbers used for the TCP or UDP streams? FTP isn't always so bad in this respect, unless mixed with NAT, as FTP data streams usually involve port 20 somewhere. A normal FTP PORT command results in opening a channel from port 20 on the server back to an arbitrary port number specified by the client --- that makes firewalling the server easy, but means you would have to poke holes in a client side firewall that you could drive a bus through. Hence the commonly used alternative: the FTP PASV command results in the client opening a connection from port 20 on the client to the specified but arbitrary port on the server. Easy enough to firewall correctly on the client side. Of course, if it's the server you're concerned with running, life isn't so good. Especially if your clients connect from behind a NAT gateway which feels free to munge the originating port number for outgoing connections. That means you've got the tricky situation where the server sees port numbers at either end of the connection which are arbitrary, and the only way the server's firewall could possibly identify FTP data streams would be by listening in on the FTP control channel. The same sort of thing happens for some other protocols. For instance MS Media Streaming opens a TCP and/or UDP control channel to port 1755 on the server --- that's all fine and dandy, and easy enough to write firewall rules for. However the actual data streaming occurs as a unidirectional stream of UDP packets from the server to the client using a random port number between 1024 and 5000 at either end of the connection. Horrible design from the p.o.v. of firewalling or controlling bandwidth usage. http://www.microsoft.com/windows/windowsmedia/serve/firewall.aspx Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
openoffice printing problems
I have a quick question to the openoffice geru's. I've installed the current version of openoffice (1.0.1) from the ports collection. I am trying to make some slides by using the "Drawing" window (from the "New" icon). After creating a slide, I can create a postscript file. However, it does not print on my HP laserjet4 printer, but I can view it fine with ghostscript. I'm running 4.7 FreeBSD. Does anyone have an idea what magic I need to perform to get the postscript file to print? I've searched the archives for both FreeBSD and openoffice.org and haven't found much helpful. Paul Fronberg [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: squid and ipfw ... fwd ...
At 14/02/2003, P. U. Kruppa wrote: On Thu, 13 Feb 2003, Dancho Penev wrote: > On Thu, Feb 13, 2003 at 06:44:24PM +0100, P. U. Kruppa wrote: > >Date: Thu, 13 Feb 2003 18:44:24 +0100 (CET) > >From: [EMAIL PROTECTED] (P. U. Kruppa) > >To: [EMAIL PROTECTED] > >Subject: squid and ipfw ... fwd ... > > > >Hi! > > > >I am trying to setup a transparent proxy with Squid. This should work, squid on port 3128 on the gateway of the intranet. # Transparent Proxy -- ipfw (before divert rules) ${ipfwcmd} 0045 pass tcp from ${MY_EXTERNAL_IP} to any 80 ${ipfwcmd} 0049 fwd 127.0.0.1,3128 tcp from any to any 80 --> minimal squid.conf http_port 3128 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on cache_dir null /tmp cache_access_log /usr/local/squid/logs/access.log cache_log /usr/local/squid/logs/cache.log ftp_user squid@ ftp_passive off acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl yournet src ${YOUR_NET_CLASS} http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow ${YOUR_NET_CLASS} http_access deny all Please let me know... Best Regards, Gianmarco Giovannelli , "Unix expert since yesterday" http://www.gufi.org/~gmarco To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
cvsup ?
let me see if I got it ok if I cvsup ports/www - then I shall have the latest releases do I need to upgrade anything else ? I mean the whole cvsup thing is to "cvsup -g -L 2 ports-supfile" and that's all ? thanks, petre -- 12:21AM up 1 day, 1:40, 5 users, load averages: 0.20, 0.15, 0.15 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Running X program under different user
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, On Saturday 15 February 2003 19:53, Dennis wrote: > Tried the xhost command, but i get the exact error message afterwards... > So i guess something else causes the problem.. xhost doesn't always work for me, I don't care enough about it to find out why. Anyway, if you've still got KDE installed you can let kdesu do it for you: kdesu -u root - -- Cheers, Chris Howells -- [EMAIL PROTECTED], [EMAIL PROTECTED] Web: http://chrishowells.co.uk, PGP key: http://chrishowells.co.uk/pgp.txt KDE: http://www.koffice.org, http://printing.kde.org, http://usability.kde.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE+Tqd2F8Iu1zN5WiwRAsFXAJ0TiJ7nJT1NDbYn1lol3yZDQdnAlACfRV10 5xMdYY/oqkaaFSmG4QpPzgY= =CxOk -END PGP SIGNATURE- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Running X program under different user
You need to use 'su -m', which leaves the environment, including the DISPLAY export unchanged from the current user, but changes the userid to the user you want to switch to. You can then run your x program as the user you wish to use. I believe this is a MIT-MAGIC-COOKIE issue and is reasonably well documented in the questions mailing list archive. In your previous KDE life, were you using XFree86 v3 and now you have switched to XFree86 v4? This is one of the first things many users run into after they switch. Gene On Saturday 15 February 2003 01:53 pm, Dennis wrote: > Paul A. Mayer wrote: > > Hi, > > > > Did you try to call: > > > > xhost +localhost > > > > before your su command? > > > > Looks like your X session is not letting your other user access your > > display. > > > > $.02, hope it helps. > > > > /Paul > > > > Dennis wrote: > >> kitsune wrote: > >>> On Sat, 15 Feb 2003 18:23:18 +0100 > >>> > >>> Dennis <[EMAIL PROTECTED]> wrote: > Hi, > > I'm a former kde user, using Windowmaker now > > And in the past i always used RUN in kde, to startup my favourite > irc client... > > RUN had several options to execute programs under a different user > etc, which comes in handy when using IRC... > >>> > >>> if that run thing was a command that can be done then it can still > >>> be used under windowmaker... > >>> > But now i need to use SU i think to accomplish this, but it doesnt > work :( > >>> > >>> wierd it works here... > >>> su -c > >>> > >>> example... > >>> su kitsune -c scilab > >>> this will su user kitsune and then run scilab > >>> > Does anyone know which command i can use to execute an X program > under a different user? > >>> > >>> this will work too... > >>> ssh 127.0.0.1 -X -l > >>> the -X turns on X forwarding > >> > >> when i try su [user] -c xchat, i get this error: > >> > >> Xlib: connection to ":0.0" refused by server > >> Xlib: No protocol specified > >> > >> > >> Gtk-WARNING **: cannot open display: :0.0 > >> > >> RUN in kde was a kde-specific command...i think it was in the KDE Panel > >> > >> > >> > >> > >> To Unsubscribe: send mail to [EMAIL PROTECTED] > >> with "unsubscribe freebsd-questions" in the body of the message > > Thanx for ur replies... > > Tried the xhost command, but i get the exact error message afterwards... > So i guess something else causes the problem.. > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: required sources for kernel build
On Sat, Feb 15, 2003 at 08:34:00AM -0800, Nathan Kinkade wrote: > Can anyone tell me which of the source distributions from sysinstall are > required to build a kernel and nothing more? I tried installing just > 'base' and 'sys', but the kernel build failed. I'm currently > downloading the rest, but was curious which were safe to skip over in > order to successfully run `make buildkernel`. Only the "sys" distribution is required to build a kernel. The "config" method is required in this case. The "make buildkernel" method is only required if you're updating the kernel to later versions (in which case you're required to do a "make buildworld" to build the toolchain as well). -- Jonathan Chen <[EMAIL PROTECTED]> -- When you don't know what you are doing, do it neatly. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Running X program under different user
Paul A. Mayer wrote: Hi, Did you try to call: xhost +localhost before your su command? Looks like your X session is not letting your other user access your display. $.02, hope it helps. /Paul Dennis wrote: kitsune wrote: On Sat, 15 Feb 2003 18:23:18 +0100 Dennis <[EMAIL PROTECTED]> wrote: Hi, I'm a former kde user, using Windowmaker now And in the past i always used RUN in kde, to startup my favourite irc client... RUN had several options to execute programs under a different user etc, which comes in handy when using IRC... if that run thing was a command that can be done then it can still be used under windowmaker... But now i need to use SU i think to accomplish this, but it doesnt work :( wierd it works here... su -c example... su kitsune -c scilab this will su user kitsune and then run scilab Does anyone know which command i can use to execute an X program under a different user? this will work too... ssh 127.0.0.1 -X -l the -X turns on X forwarding when i try su [user] -c xchat, i get this error: Xlib: connection to ":0.0" refused by server Xlib: No protocol specified Gtk-WARNING **: cannot open display: :0.0 RUN in kde was a kde-specific command...i think it was in the KDE Panel To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message Thanx for ur replies... Tried the xhost command, but i get the exact error message afterwards... So i guess something else causes the problem.. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Replacement hard drives, was: Re: Hard error??
Henrik W Lund wrote: [ ... ] Anyway, it seems like I have just got to get myself a new drive. On that note, has anybody got any idea what I should go for? Any vendors whose drives do NOT cave in after half a year? ;) Your drive should still be under warrantee, then...? To answer your question: I've been fairly happy with Seagate over the years, and Maxtor has been okay. Seagate's flagship products tend to do well, at least if you've got an open budget available-- one main fileserver I run has four Seagate ST336752LC drives ("Cheetah X15 36LP"?) in a RAID-1,0. They rock. Maxtor has sometimes seemed to have better price/performance for their normal drives, which is useful when one's budget it more constrained. Avoid Quantum at all costs. While there was an educational benefit to learning how to coax more life from one of those famous 105MB's with stiction, newer Quantum drives are better in the sense that they hold more data, and worse in that they tend to fail more abruptly and more permanently. IBM and Fujitsu have both been having quality control issues recently, although the IBM UltraStar lineup used to be pretty good at one point. I'd also like to give a big thumbs up to recent the Western Digital series of SE drives with 8MB of cache. WD's previous SCSI drives, like the 10K 18GB Vantage were good, too. As for laptop drives, well, what you want is a single platter drive with low power consumption, hence low heat-- ie, ones for ultra-thin/light laptops, something like what Sony's got in their VAIO 505's; expect a slower spindle speed, though. Even so, laptops tend to take a beating, and even good laptop drives seem to have about a 25% mortality rate after 3 years, give or take. Anyone know of a laptop that takes SCA (80-pin SCSI) drives? Failing that, be nice once SATA + individual IDE channels per drive + RAID hardware + SCSI layers (TCQ/command protocol/iSCSI/etc) becomes more common. SATA for the cabling alone will do a world of good. While I'm thinking about it, a platform-spanning PCI-X version of a SATA/RAID card would remind me favorably of Adaptec's 2940 (U/UW/OF/etc) series. -Chuck Disclaimer: Any Clutch fans out there? Last night's show-- in the hinterlands of Brooklyn, New York; Lamours-- is responsible; any opinions represented above I may or may not agree with once I finish recovering. Very good show, finished very late. :-) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: SAPDB port for FreeBSD
On Fri, 14 Feb 2003, taxman wrote: > On Friday 14 February 2003 03:30 am, Matthew Emmerton wrote: > > > I was surprised; there are no SAPDB (www.sapdb.org) in > > > http://www.freebsd.org/ports/databases.html list! > > > Has someone tried to install SAPDB on FreeBSD? Is it possible to create > > new port? > > > > I tried about a year or so ago, but gave up. The SAPDB "build tools" are > > extremely Linux-centric (they expect a LSB-compliant filesystem layout, and > > it's next to impossible to trick it, as paths are hardcoded everywhere). > > Furthermore, the actual SAPDB product is again, Linux-centric and has all > > the warts that one would expect. Actually, I just took another look at this and things seems to be a bit less hairy than they were when I first looked at it. (For example, it uses autoconf now.) -- Matt Emmerton To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Running X program under different user
Hi, Did you try to call: xhost +localhost before your su command? Looks like your X session is not letting your other user access your display. $.02, hope it helps. /Paul Dennis wrote: kitsune wrote: On Sat, 15 Feb 2003 18:23:18 +0100 Dennis <[EMAIL PROTECTED]> wrote: Hi, I'm a former kde user, using Windowmaker now And in the past i always used RUN in kde, to startup my favourite irc client... RUN had several options to execute programs under a different user etc, which comes in handy when using IRC... if that run thing was a command that can be done then it can still be used under windowmaker... But now i need to use SU i think to accomplish this, but it doesnt work :( wierd it works here... su -c example... su kitsune -c scilab this will su user kitsune and then run scilab Does anyone know which command i can use to execute an X program under a different user? this will work too... ssh 127.0.0.1 -X -l the -X turns on X forwarding when i try su [user] -c xchat, i get this error: Xlib: connection to ":0.0" refused by server Xlib: No protocol specified Gtk-WARNING **: cannot open display: :0.0 RUN in kde was a kde-specific command...i think it was in the KDE Panel To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: using Dummynet to rate limit ftp
Matthew Seaman wrote: [ ... ] Now, that sounds quite reasonable, but it's really quite a minefield. Consider that the TCP stream could be fragmented --- unlikely in normal usage, but something a potential attacker might try --- or that an attacker might be able to persuade your firewall to open up access to ports or addresses it really shouldn't by sending a cunningly modified FTP control exchange. While I agree with this and the points you've made, let me suggest that the problem the original poster had is better solved by prioritizing traffic, rather than by setting fixed bandwidth limits in place. Or perhaps "in addition to fixed BW limits". -Chuck To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: FreeBSD 4.7 & Ipnat Question
On Sat, 15 Feb 2003, KizerSoze wrote: > Users, > > I have experiened a weird problem lately. I can comment out my entries in > my ipnat file and then reload the ipnat file and for some reason the natting > is STILL working, even with the entries taken out. Has anyone experienced > this and how could the natting still work. I am using IPfilter as my > firewall rules. it depends on how are you calling ipnat after you modified the file. You must use 'ipnat -FC -f /etc/ipnat.rules' The -C flag is for clearing the NAT table and the -F one to flush the active NAT mappings. Fer > > thanks > > > ed > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Running X program under different user
kitsune wrote: On Sat, 15 Feb 2003 18:23:18 +0100 Dennis <[EMAIL PROTECTED]> wrote: Hi, I'm a former kde user, using Windowmaker now And in the past i always used RUN in kde, to startup my favourite irc client... RUN had several options to execute programs under a different user etc, which comes in handy when using IRC... if that run thing was a command that can be done then it can still be used under windowmaker... But now i need to use SU i think to accomplish this, but it doesnt work :( wierd it works here... su -c example... su kitsune -c scilab this will su user kitsune and then run scilab Does anyone know which command i can use to execute an X program under a different user? this will work too... ssh 127.0.0.1 -X -l the -X turns on X forwarding when i try su [user] -c xchat, i get this error: Xlib: connection to ":0.0" refused by server Xlib: No protocol specified Gtk-WARNING **: cannot open display: :0.0 RUN in kde was a kde-specific command...i think it was in the KDE Panel To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
FreeBSD 4.7 & Ipnat Question
Users, I have experiened a weird problem lately. I can comment out my entries in my ipnat file and then reload the ipnat file and for some reason the natting is STILL working, even with the entries taken out. Has anyone experienced this and how could the natting still work. I am using IPfilter as my firewall rules. thanks ed To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Running X program under different user
On Sat, 15 Feb 2003 18:23:18 +0100 Dennis <[EMAIL PROTECTED]> wrote: > Hi, > > I'm a former kde user, using Windowmaker now > > And in the past i always used RUN in kde, to startup my favourite irc > client... > > RUN had several options to execute programs under a different user etc, > which comes in handy when using IRC... if that run thing was a command that can be done then it can still be used under windowmaker... > But now i need to use SU i think to accomplish this, but it doesnt work :( wierd it works here... su -c example... su kitsune -c scilab this will su user kitsune and then run scilab > Does anyone know which command i can use to execute an X program under a > different user? this will work too... ssh 127.0.0.1 -X -l the -X turns on X forwarding To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: A modern BSD UNIX workgroup - how would you do it?
BSD Freak wrote: [ ... ] 1. Centralised user/password/account management 2. 2-3 file servers running FreeBSD, 1 mail server and 1 VPN gateway also running FreeBSD 3. Workstations will be 75% FreeBSD and 25% Mac OS X 10.2 Most people I have spoken to automatically say NIS/NFS. Although I know that NIS/NFS is a tried and true combination, I can't help but feel there must be a better way to do a modern BSD UNIX environment. As silly as it may sound I am seriously thinking about running Samba for file sharing services even though this is a fully UNIX environment. Reasons for this include excellent performance on FreeBSD and better security than NFS. NIS support under MacOS 10.2.{0-2, haven't checked .3 yet) appears to be broken at the moment: specificly the login window doesn't "see" NIS-only users, unless you import them into the local NetInfo database. See "man niload". It's also possible to use NetInfo as your primary authentication repository, and then use "nidump" to export this to Unix flatfiles-- and then push the flatfiles via rsync, or scp, or NIS. On the other hand, 10.2's Samba support is very good, and SMB/CIFS handles reopening shares much better than NFS deals with mounts going down. NFS is much lighter in weight, however, and NFS semantics match those of FreeBSD's default filesystem and UFS under the MacOS better than Samba does. By contrast, HFS+ and Samba are case-insensitive, and they are more "seperate independent devices" (ala Windows C:, D:) than Unix'es "all filesystems get mounted under /, and a non-root filesystem's mount point looks very much like any normal directory". I'd probably recommend Samba filesharing for laptops and roaming users; either SMB or NFS for static desktops, depending on what your users are used to or would prefer. Kerberos will probably take more work to administer and more resources to implement than it is worth for small networks. The token-based authentication and so forth integrates well with other large-scale systems from MIT (and CMU): things where you also need AFS/DFS, Cyrus, etc. In fact, I'd be curious if anyone else had some thoughts on the size of network for which Kerberos is a benefit? As for LDAP, do you have any junior admins reporting to you? Try delegating the task of setting up an LDAP-based authentication system to one, and see how long it takes before that junior admin is able to reliably demonstrate that he can make LDAP go on a test network of 3-5 machines. Also, the degree to which LDAP authentication is integrated well with the native OS's normal authentication, on most of the platforms I've seen, resembles -CURRENT more than it resembles -STABLE. As always, your mileage may vary... :-) -Chuck To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
RE: problems creating tun1 tun2 etc devices
The tunx devices are only created by 'user ppp' You can not manually create tunx devices. There is an kernel option to increase the number of tunx devices that 'user ppp' can create. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Theo Purmer (Tepucom) Sent: Wednesday, February 12, 2003 6:54 AM To: '[EMAIL PROTECTED]' Subject: problems creating tun1 tun2 etc devices Hi ive got major problems creating extra tun interfaces on freebsd 4.7 server the command ifconfig tun1 create gives the following error messages ifconfig: SIOCIFCREATE: Invalid argument ifconfig -C doesnt give any cloneable interfaces but there is a tun0 interface ronning does anybody know how to make it so that tun interfaces are cloneable? thanks theo purmer To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Running X program under different user
Hi, I'm a former kde user, using Windowmaker now And in the past i always used RUN in kde, to startup my favourite irc client... RUN had several options to execute programs under a different user etc, which comes in handy when using IRC... But now i need to use SU i think to accomplish this, but it doesnt work :( Does anyone know which command i can use to execute an X program under a different user? Greetz Dennis To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: A modern BSD UNIX workgroup - how would you do it?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, Feb 15, 2003 at 09:07:57AM -0500, Bill Moran wrote: > BSD Freak wrote: > >I have an upcoming project to create a modern UNIX (mainly > >FreeBSD-based) workgroup computing environment. > > > >If _YOU_ had your chance to do it from scratch, what technologies would > >you use? Basically only following are set in stone. Everything else is > >up to me: > > > >1. Centralised user/password/account management > >2. 2-3 file servers running FreeBSD, 1 mail server and 1 VPN gateway > >also running FreeBSD > >3. Workstations will be 75% FreeBSD and 25% Mac OS X 10.2 > > > >Most people I have spoken to automatically say NIS/NFS. Although I know > >that NIS/NFS is a tried and true combination, I can't help but feel > >there must be a better way to do a modern BSD UNIX environment. As silly > >as it may sound I am seriously thinking about running Samba for file > >sharing services even though this is a fully UNIX environment. > >Reasons for this include excellent performance on FreeBSD and better > >security than NFS. > > > >Some of the other authentication/account management technologies I'm > >evaluating include LDAP and Kerberos. Any and comments/suggestions would > >be very well received... > > > >Basically what I'm asking is if you could do it all over from scratch > >how would you do a modern BSD UNIX workgroup? > > If (and it's a fairly large "if") nss_ldap was supported by FreeBSD, and > if ldap authentication were supported by MacOS X, then I would go with > LDAP. > But 4.X doesn't support nss_ldap, and I'm not even sure if 5.x does yet. > I have no clue whether MacOS X does or not. > Unless I had a concern about someone sniffing my local network, I'd use > NFS for file sharing. I think it's still the cleanest, even if it's not > the fastest. And if you are concerned about somebody sniffing, why not use IPSEC? m&f - -- What do you care what other people think? -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+TnHfQgEMP0l2aH4RArn8AJ9eOhyCgVFI7N7Mv2q4f0nkp0roaACgv0eH 7ON11WjgMP8rYseCJD1UoGo= =OkNk -END PGP SIGNATURE- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: gs not found, scripts failing
Heinrich Rebehn wrote: Per olof Ljungmark wrote: I'm having problems with scripts involvivng Ghostscript on FreeBSD (4.6-4.7). Specifically, I am implementing a Hylafax solution and most of it works but there a two areas that fail: 1. Running the SambaFax (http://www.purpel3.com/sambafax/) utility that extracts a fax number from a postscript file 2. Using the "faxrcvd" script that comes with Hylafax converting incoming faxes to pdf's. In both cases the scripts seems to fail when tiff2ps, ps2pdf etc. are being executed. Running the scripts manually from the shell works. seems like /usr/local/bin (this is where gs lives) is not in the PATH when your scripts are executed. Try to set the PATH env variable in the script, i.e. PATH=/usr/bin:/usr/local/bin export PATH (Syntax is for Bourne shell) Thanks for the advice. Since my original post I have concluded that the two problems are similar but not identical and concentrated on (2.). From what I can see all seach paths are added in the script. Also I should have added earlier that a pdf file IS produced but with zero byte lenght. This is when the script is called from Hylafax server. Again, when run from the command line, faxrcvd works and the pdf is ok. This has led me to believe that the problem is the location of the temporary files used to produce the pdf. I have tried adding "#!/bin/sh -xv" but this only works from the command line. How can I pipe the debugging output from a scrpt to a file? To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
required sources for kernel build
Can anyone tell me which of the source distributions from sysinstall are required to build a kernel and nothing more? I tried installing just 'base' and 'sys', but the kernel build failed. I'm currently downloading the rest, but was curious which were safe to skip over in order to successfully run `make buildkernel`. Thanks, Nathan -- GPG Public Key ID: 0x4250A04C gpg --keyserver pgp.mit.edu --recv-keys 4250A04C http://63.105.21.156/gpg_nkinkade_4250A04C.asc msg19500/pgp0.pgp Description: PGP signature
ipfw2 dynamic rules not dying
I have a problem with my dynamic IPFW2 rules - they aren't dying. The system has been up now for 14 days, with it acting as firewall to two systems inside. One of the systems inside is also running IPFW2, but is in an open state. Here is the ruleset I am running, I have made no changes to the kernel variables regulating packet time-out - oh, and I'm running 4.7. # ipfw list 00010 allow ip from any to any via lo0 00020 deny log logamount 10 ip from any to 127.0.0.0/8 00030 deny log logamount 10 ip from 127.0.0.0/8 to any 00040 deny log logamount 10 ip from any to any frag 00050 deny log logamount 10 ip from 10.0.0.0/8 to any in via xl0 00060 deny log logamount 10 ip from 172.16.0.0/12 to any in via xl0 00100 divert 8668 ip from any to any via xl0 00101 count ip from 10.0.0.1 to any 00102 count ip from any to 10.0.0.1 00103 count ip from any to 192.168.1.101 00104 count ip from 192.168.1.101 to any 00105 count ip from 10.0.0.2 to any 00106 count ip from any to 10.0.0.2 00107 count ip from 10.0.0.3 to any 00108 count ip from any to 10.0.0.3 00200 deny log logamount 10 icmp from any to any in via xl0 icmptypes 8 00300 check-state 00400 allow icmp from any to any out via xl0 icmptypes 8 keep-state 00410 allow icmp from 10.0.0.0/8 to any keep-state 00420 deny log logamount 10 icmp from any to any 00500 deny log logamount 10 udp from any to any established 00510 allow udp from 10.0.0.0/8 to any setup keep-state 00520 allow udp from 192.168.1.101 to any keep-state 00530 allow udp from any to any dst-port 53 in keep-state 00600 deny log logamount 10 tcp from any to any established 00610 allow tcp from any to any dst-port 22,25,80 in setup keep-state 00620 allow tcp from 10.0.0.0/8 to any setup keep-state 00630 allow tcp from 192.168.1.101 to any setup keep-state 65000 deny log ip from any to any 65535 deny ip from any to any One last thing, my server is behind a ZyXel ADSL router, which is addressed as 192.168.1.1 on the inside. xl0 is my outside NIC. Currently, I have more than 180 dynamic rules active, most are attached to rule 00610. 180 rules seems to be excessive, and they don't seem to be timing out. Is my ruleset screwed up? Thanks Jason To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: gs not found, scripts failing
Per olof Ljungmark wrote: I'm having problems with scripts involvivng Ghostscript on FreeBSD (4.6-4.7). Specifically, I am implementing a Hylafax solution and most of it works but there a two areas that fail: 1. Running the SambaFax (http://www.purpel3.com/sambafax/) utility that extracts a fax number from a postscript file 2. Using the "faxrcvd" script that comes with Hylafax converting incoming faxes to pdf's. In both cases the scripts seems to fail when tiff2ps, ps2pdf etc. are being executed. Running the scripts manually from the shell works. seems like /usr/local/bin (this is where gs lives) is not in the PATH when your scripts are executed. Try to set the PATH env variable in the script, i.e. PATH=/usr/bin:/usr/local/bin export PATH (Syntax is for Bourne shell) HTH Heinrich The only trace I hae so far from the logs is when (1.) is executed, cupsd reports "gs: not found". How do I go about debugging this? I am in no way a programmer although I understand parts of what the scripts are doing. Grateful for any advice, Per olof To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message -- Heinrich Rebehn University of Bremen Physics / Electrical and Electronics Engineering - Department of Telecommunications - E-mail: mailto:[EMAIL PROTECTED] Phone : +49/421/218-4664 Fax :-3341 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
NIC numbering
When you have more than one of the same type of NIC card in one machine is there a way to insure that the NIC numbering remains attached to the same card / MAC address if more cards are added or they are moved around? TIA, Terry Todd To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: A modern BSD UNIX workgroup - how would you do it?
BSD Freak wrote: I have an upcoming project to create a modern UNIX (mainly FreeBSD-based) workgroup computing environment. If _YOU_ had your chance to do it from scratch, what technologies would you use? Basically only following are set in stone. Everything else is up to me: 1. Centralised user/password/account management 2. 2-3 file servers running FreeBSD, 1 mail server and 1 VPN gateway also running FreeBSD 3. Workstations will be 75% FreeBSD and 25% Mac OS X 10.2 Most people I have spoken to automatically say NIS/NFS. Although I know that NIS/NFS is a tried and true combination, I can't help but feel there must be a better way to do a modern BSD UNIX environment. As silly as it may sound I am seriously thinking about running Samba for file sharing services even though this is a fully UNIX environment. Reasons for this include excellent performance on FreeBSD and better security than NFS. Some of the other authentication/account management technologies I'm evaluating include LDAP and Kerberos. Any and comments/suggestions would be very well received... Basically what I'm asking is if you could do it all over from scratch how would you do a modern BSD UNIX workgroup? If (and it's a fairly large "if") nss_ldap was supported by FreeBSD, and if ldap authentication were supported by MacOS X, then I would go with LDAP. But 4.X doesn't support nss_ldap, and I'm not even sure if 5.x does yet. I have no clue whether MacOS X does or not. Unless I had a concern about someone sniffing my local network, I'd use NFS for file sharing. I think it's still the cleanest, even if it's not the fastest. In the more practical sense. It's probably still best to go with NIS, as it seems to be the most supported at this time. I still like NFS for file-sharing, although SMB is a viable option. YMMV -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: A modern BSD UNIX workgroup - how would you do it?
Dear/Beste BSD, Saturday, February 15, 2003, 9:10:55 AM, you wrote: > I have an upcoming project to create a modern UNIX (mainly > FreeBSD-based) workgroup computing environment. > If _YOU_ had your chance to do it from scratch, what technologies would > you use? Basically only following are set in stone. Everything else is > up to me: > 1. Centralised user/password/account management > 2. 2-3 file servers running FreeBSD, 1 mail server and 1 VPN gateway > also running FreeBSD > 3. Workstations will be 75% FreeBSD and 25% Mac OS X 10.2 > Most people I have spoken to automatically say NIS/NFS. Although I know > that NIS/NFS is a tried and true combination, I can't help but feel > there must be a better way to do a modern BSD UNIX environment. As silly > as it may sound I am seriously thinking about running Samba for file > sharing services even though this is a fully UNIX environment. > Reasons for this include excellent performance on FreeBSD and better > security than NFS. > Some of the other authentication/account management technologies I'm > evaluating include LDAP and Kerberos. Any and comments/suggestions would > be very well received... > Basically what I'm asking is if you could do it all over from scratch > how would you do a modern BSD UNIX workgroup? Backward compatiblity is somwat important and since NIS/NFS is a succesfull combination i would use that with kerbidos. If i needed to link other platforms, without NIS/NFS support, then i would also use LDAP transparent. -- Best regards/Met vriendelijke groet, Alex To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: New release
On Saturday 15 February 2003 08:29 am, Jack Raats wrote: > When will the tree be frozen? The release scheme on > http://www.freebsd.org/releases/4.8R/schedule.html > is not uptodate > > Can anyone give a clue? > Jack sorry for the semi-sarcasm, but no step can really be announced before it is announced! It looks like they are as much as 7 days behind (and possibly none at all, the testing guide could appear later today), but with all the releng team has to do, that's not too surprising, it is all done by volunteers. That page seems like the best place to check. Tthe [EMAIL PROTECTED] mailing list is a closed list for committers only. So those reminder anouncements could have been made already and everything on schedule, just not updated the page yet It seems the code freeze announcement is only sent to developers, but you can follow [EMAIL PROTECTED] if you want to see exactly when it does happen. Why the announcement is not sent to -stable, I have no idea. Basically, likely no biggie, be patient Tim To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
URGENT RESPONCE.
FROM THE DESK OF DR OUSMAN FOREIGN REMITTANCE DEPT. AFRICAN DEVELOPMENT BANK dear friend, I am the manager of bill and exchange at the foriegn remittance department of AFICAN DEVELOPMENT BANK. I am writing, following the impressive information about you through one of my friends WORKS WITH THE BURKINA CHAMBERS firm. In my department we discovered an abandoned sum of $U.S15.5Million dollars (fifteen million five hundred thousand US dolloars) in an account that belongs to one of our foriegn customer who died along with his entire family in November 1997 in a plane crash. Since we got information about his death, we have been expecting his next of kin to come over and claim his money because we cannot release it unless some body applies for it as next of kin or relation to the deceased as indicated in our banking guidlines and laws but unfortunately we learnt that all his supposed next of kin or relation died alongside with him at the plane crash leaving nobody behind for the claim. It is therefore upon this discovery that I and other officials in my department now decided to make this business proposal to you and release the money to you as the next of kin or relation to the deceased for safety and subsequent disbursement since nobody is coming for it and we don't want this money to go into the bank treasury as unclaimed bill. The banking law and guidling here stipulates that if such money remained unclaimed after six years the money will be transfered into the bank treasury as unclaimed fund. The request of foreigner as next of kin in this business is occassioned by the fact that the customer was a foreigner and a Burkinabe cannot stand as next of kin to a foreigner. We agree that 30% of this money will be for you as a foreign partner, in respect to the provision of a foriegn account, 10% will be set aside for expenses occured during the business and 60% would be for me and my colleagues. There after I and my colleagues will visit your country for disbursement according to the percentage indicated. Therefore, to enable the immediate transfer of this fund to you as arranged, you must apply first to the bank as relation or next of kin of the deceased indicating your bank name, your bank account number, your private telephone and fax number for easy and effective communication and location wherein the money will be remitted. Upon receipt of your reply, I will send to you by fax or email the text of the application. I will not fail to bring to your notice that this transaction is hitch -free and that you should not entertain any atom of fear as all required arrangements have been made for the transfer. You should contact me immediately as soon as you recieve this letter. Yours faithful Bill & Exchange Management DR OUSMAN _ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: gs not found, scripts failing
Per olof Ljungmark wrote: I'm having problems with scripts involvivng Ghostscript on FreeBSD (4.6-4.7). Specifically, I am implementing a Hylafax solution and most of it works but there a two areas that fail: 1. Running the SambaFax (http://www.purpel3.com/sambafax/) utility that extracts a fax number from a postscript file 2. Using the "faxrcvd" script that comes with Hylafax converting incoming faxes to pdf's. In both cases the scripts seems to fail when tiff2ps, ps2pdf etc. are being executed. Running the scripts manually from the shell works. The only trace I hae so far from the logs is when (1.) is executed, cupsd reports "gs: not found". How do I go about debugging this? I am in no way a programmer although I understand parts of what the scripts are doing. You need to install ghostscript. It includes the gs, tiff2ps, ps2pdf, etc programs that are needed for everything else to run. Ghostscript is pretty much a requirement whenever you're converting documents from one type to another or doing printing beyond plain text. -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
URGENT RESPONCE.
FROM THE DESK OF DR OUSMAN FOREIGN REMITTANCE DEPT. AFRICAN DEVELOPMENT BANK dear friend, I am the manager of bill and exchange at the foriegn remittance department of AFICAN DEVELOPMENT BANK. I am writing, following the impressive information about you through one of my friends WORKS WITH THE BURKINA CHAMBERS firm. In my department we discovered an abandoned sum of $U.S15.5Million dollars (fifteen million five hundred thousand US dolloars) in an account that belongs to one of our foriegn customer who died along with his entire family in November 1997 in a plane crash. Since we got information about his death, we have been expecting his next of kin to come over and claim his money because we cannot release it unless some body applies for it as next of kin or relation to the deceased as indicated in our banking guidlines and laws but unfortunately we learnt that all his supposed next of kin or relation died alongside with him at the plane crash leaving nobody behind for the claim. It is therefore upon this discovery that I and other officials in my department now decided to make this business proposal to you and release the money to you as the next of kin or relation to the deceased for safety and subsequent disbursement since nobody is coming for it and we don't want this money to go into the bank treasury as unclaimed bill. The banking law and guidling here stipulates that if such money remained unclaimed after six years the money will be transfered into the bank treasury as unclaimed fund. The request of foreigner as next of kin in this business is occassioned by the fact that the customer was a foreigner and a Burkinabe cannot stand as next of kin to a foreigner. We agree that 30% of this money will be for you as a foreign partner, in respect to the provision of a foriegn account, 10% will be set aside for expenses occured during the business and 60% would be for me and my colleagues. There after I and my colleagues will visit your country for disbursement according to the percentage indicated. Therefore, to enable the immediate transfer of this fund to you as arranged, you must apply first to the bank as relation or next of kin of the deceased indicating your bank name, your bank account number, your private telephone and fax number for easy and effective communication and location wherein the money will be remitted. Upon receipt of your reply, I will send to you by fax or email the text of the application. I will not fail to bring to your notice that this transaction is hitch -free and that you should not entertain any atom of fear as all required arrangements have been made for the transfer. You should contact me immediately as soon as you recieve this letter. Yours faithful Bill & Exchange Management DR OUSMAN _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
problems creating tun1 tun2 etc devices
Hi ive got major problems creating extra tun interfaces on freebsd 4.7 server the command ifconfig tun1 create gives the following error messages ifconfig: SIOCIFCREATE: Invalid argument ifconfig -C doesnt give any cloneable interfaces but there is a tun0 interface ronning does anybody know how to make it so that tun interfaces are cloneable? thanks theo purmer To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
net-snmp configuration
hi all, I've been experimenting a bit with freebsd(4.7rel) again and came across some some software called mrtg. mrtg would be very usefull on my box at home but in order to run it i need to run(therefore also configure) net-snmp. I've discovered the "snmpconf -g basic_setup" this seems to be the easiest way to configure it. of course i'm doing it wrong and it doesn't work. any tips/suggestions of maybe helpful links? -- "This is exciting! I've never been involved with a being from another planet before" - Kevin Spacey, Hurlyburly - To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: using Dummynet to rate limit ftp
On Sat, Feb 15, 2003 at 08:24:58AM +0800, Paul Hamilton wrote: > I have played around with dummynet a bit. Very nice! However, it would be > nice to be able to rate limit ftp. The control channel port 21 is easy, and > not really necessary to rate limit it, but as fas as I can see there would > be no way to rate limit the data channel, as it could be different every > time, even in passive mode. > > Am I missing something? No, you are entirely correct. In order to properly filter (or for that matter, rate limit) FTP and some other annoying protocols like IRC DCC or Microsoft Media Streaming, you need to have a firewall that understands at least part of the protocol, so that it can discover what ports are being used for supplementary channels. Or in other words, the firewall has to start parsing the payload of packets, rather than just the headers. Now, that sounds quite reasonable, but it's really quite a minefield. Consider that the TCP stream could be fragmented --- unlikely in normal usage, but something a potential attacker might try --- or that an attacker might be able to persuade your firewall to open up access to ports or addresses it really shouldn't by sending a cunningly modified FTP control exchange. Combine that with the requirement that the firewall works speedily and efficiently, and you can see that implementing such a system is by no means trivial. As far as I know, the only software available to do protocol aware filtering with the native FreeBSD firewalls is natd(8), with it's '-punch_fw' option. (That also appears as the 'nat punch_fw' command built into ppp(8), but it's the same code really). Unfortunately that doesn't help with your requirement to rate limit traffic on the punched connection. Now, there are some commercial firewalls that provide this sort of functionality: Checkpoint FW-1 does, and you could feed your FreeBSD habit by running it on one of those Nokia appliances based on FreeBSD 3.2... Having a natd-like process that can hang off a divert socket, interpret the FTP (or other) protocol traffic passed to it and open up dynamic rules in ipfw(8) to permit traffic through the data channel or push the data traffic through a dummynet rate limiter would be exceedingly cool. If only I had both the time and the talent to implement such a thing. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
gs not found, scripts failing
I'm having problems with scripts involvivng Ghostscript on FreeBSD (4.6-4.7). Specifically, I am implementing a Hylafax solution and most of it works but there a two areas that fail: 1. Running the SambaFax (http://www.purpel3.com/sambafax/) utility that extracts a fax number from a postscript file 2. Using the "faxrcvd" script that comes with Hylafax converting incoming faxes to pdf's. In both cases the scripts seems to fail when tiff2ps, ps2pdf etc. are being executed. Running the scripts manually from the shell works. The only trace I hae so far from the logs is when (1.) is executed, cupsd reports "gs: not found". How do I go about debugging this? I am in no way a programmer although I understand parts of what the scripts are doing. Grateful for any advice, Per olof To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
hpijs poor quality printing
Hi ! I'm trying to make my Hp Deskjet 970Cxi works with LPD using apsfilter. So far, it works, but the output quality is very poor. I'm using the ijs/DESKJET_970 (hpijs) driver since it is supposed to be the best filter for that printer (I remember having great printing quality under Linux with hpijs). Anyone having that kind of setup (Hp Deskjet+hpijs) that could help me improve printing quality ? Here is my printer details in my /etc/printcap: hpdeskjet_hpijs|ijs/DESKJET_970;r=1200x1200;q=photo;c=full;p=a4;m=auto:\ :lp=/dev/ulpt0:\ :if=/usr/local/etc/apsfilter/basedir/bin/apsfilter:\ :sd=/var/spool/lpd/hpdeskjet_hpijs:\ :lf=/var/spool/lpd/hpdeskjet_hpijs/log:\ :af=/var/spool/lpd/hpdeskjet_hpijs/acct:\ :mx#0:\ :sh: I have ghostscript-gnu-nox11-7.05_3 and hpijs-1.3.1 under FreeBSD-4.7-STABLE-p3. Thanks in advance. -- Antoine Jacoutot [EMAIL PROTECTED] http://www.lphp.org "Unix is user friendly. He's just very picky about who his friends are..." To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
how to change ip packets source address
Hello, Sorry if there is a repost, but i did not receive the previous message in my mailbox I have a FreeBSD box with three nicks. ed0 is xxx.xxx.30.198/27 rl1 is xxx.xxx.5.130/30 and rl0 is a private network 192.168.100.1/24 The default gateway is xxx.xxx.5.129 This gateway is configured to only route packets from xxx.xxx.30.192/27 and ed0 is the gateway for the xxx.xxx.30.192/27 network. For this network everything is ok, the hosts can access the internet and all the other services. The problem is with this particular machine and the private network behind it. All traffic from these hosts is with source address xxx.xxx.5.130 and therefore it is not routed through the default gateway. For now they can access the internet using a proxy server on the xxx.xxx.30.192/27 network. How can I change the source address of the ip packets, so it seems as they are coming from xxx.xxx.30.198 and not from xxx.xxx.5.130? I have read the man pages for ipfw and natd but couldn't seem to find the answer. I'm running a very basic firewall and doing natd over ed0. Bellow is the firewall list cyberzone# ipfw show 00050 2281651 1184079986 divert 8668 ip from any to any via ed0 001001894 114530 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65000 6756119 3208623388 allow ip from any to any 65535 2130 deny ip from any to any natd is started with the following options: cyberzone# cat /etc/natd.conf use_sockets yes same_ports yes unregistered_only yes A friend of mine told me about this situation in linux and that it is easily done with something like: ip route add default via xxx.xxx.5.129 src xxx.xxx.30.198 Is there something similar in FreeBSD? Thanks in advance. please CC any replies to [EMAIL PROTECTED] because I am not subscribed to the list. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
kernel panic and large hard drive transfers
Has any one else had this problem? I have a 80Gb IDE hhd I mount on /usr/arc and is device /dev/ad0s1e. I use this this hhd for archival purposes. And I have /dev/ad1s1a,f,g,e for /,tmp,usr,var. If I have the 80Gb drive on the other IDE channel as /dev/ad2s1e I get a kernal panic any time I try to move a large number of files. Has any one else encountered this, have any idea what is happening, or found a solution to this befor? /me is currently planning of adding on a 200Gb drive but does not want to throw in the extra money for a new PICMG backplane, controller card, and powersupply unless he really has to To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
A modern BSD UNIX workgroup - how would you do it?
I have an upcoming project to create a modern UNIX (mainly FreeBSD-based) workgroup computing environment. If _YOU_ had your chance to do it from scratch, what technologies would you use? Basically only following are set in stone. Everything else is up to me: 1. Centralised user/password/account management 2. 2-3 file servers running FreeBSD, 1 mail server and 1 VPN gateway also running FreeBSD 3. Workstations will be 75% FreeBSD and 25% Mac OS X 10.2 Most people I have spoken to automatically say NIS/NFS. Although I know that NIS/NFS is a tried and true combination, I can't help but feel there must be a better way to do a modern BSD UNIX environment. As silly as it may sound I am seriously thinking about running Samba for file sharing services even though this is a fully UNIX environment. Reasons for this include excellent performance on FreeBSD and better security than NFS. Some of the other authentication/account management technologies I'm evaluating include LDAP and Kerberos. Any and comments/suggestions would be very well received... Basically what I'm asking is if you could do it all over from scratch how would you do a modern BSD UNIX workgroup? - Would you like to receive faxes to your personal email address? You can with mBox. Visit http://www.mbox.com.au/fax To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message