Re: Tunning Freebsd for clustering
Wojciech Puchar wrote: machine1# scp big_file machine2:/tmp Centos: 60 - 65 MB/s FBSD : 52 - 54 MB/s scp encrypts data. everything may depend of ssh version and configuration. use rcp Or better yet, make your own network client/server program for testing. -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Important Message...
Glen Barber wrote: Quoting Pollywog: On Thursday 30 August 2007 15:24:23 Glen Barber wrote: I must reply to about 25 of these per week... but I never hear anything back. Why would you reply to them? You will just get added to more of their lucky lottery lists and maybe get the list added too. Okay, maybe I came off wrong, since I received approximately 4 emails off-list about this. No, I do not reply to these emails -- well, except now. I'm done feeding the trolls. :) Cheers Everyone will forget all about you once the devil vs daemon, is beastie bad, change the FreeBSD Logo thread gets fired up again... DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Important Message...
On Aug 31, 2007, at 12:37 AM, DAve wrote: Glen Barber wrote: Quoting Pollywog: Okay, maybe I came off wrong, since I received approximately 4 emails off-list about this. No, I do not reply to these emails -- well, except now. I'm done feeding the trolls. :) Cheers Everyone will forget all about you once the devil vs daemon, is beastie bad, change the FreeBSD Logo thread gets fired up again... Why did beastie lose his face? It's very dehumanizing to those pixels, you know, or ink, or whatever medium. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Important Message...
[[ Clearing my voice. ]] Well, I have all of you know that I flew over there with my $21,000 check in hand, and they swore on theirmother's grave that my FOUR HUNDRED AND TENTY-SEVEN TRILLION DOLLARS would be in my bank tomorrow!! Well, I contributed to the feeding, so HOPFULY I GET PART OV THE ENTY-SEVN TRLLION DLLQRS. -- Glen Barber ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: auto mount xfce4 and kde
This week I installed FreeBSD on a computer of mine. Everything works fine but one thing I can't get working. Every person should be albe to work with the machine. The only thing that isn't working is auto-mounting of cd-roms and usb-sticks. If KDE is started and I put a usb-stick in the computer there should appear a icon on the desktop with the usb drive on it and that should also work for cd-roms. On XFCE4 there should also appear an icon; I saw auto-mounting working on Linux Mandriva and PCBSD but how do I get it working with FreeBSD KDE and XFCE4? I installed hal, dbus and policykit and added these lines to rc.conf: dbus_enable=YES hald_enable=YES polkitd_enable=YES I also added the regular user to the group operators. http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/disks.html#USER-FLOPPYMOUNT Bahman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
auto mount xfce4 and kde
Hello, This week I installed FreeBSD on a computer of mine. Everything works fine but one thing I can't get working. Every person should be albe to work with the machine. The only thing that isn't working is auto-mounting of cd-roms and usb-sticks. If KDE is started and I put a usb-stick in the computer there should appear a icon on the desktop with the usb drive on it and that should also work for cd-roms. On XFCE4 there should also appear an icon; I saw auto-mounting working on Linux Mandriva and PCBSD but how do I get it working with FreeBSD KDE and XFCE4? I installed hal, dbus and policykit and added these lines to rc.conf: dbus_enable=YES hald_enable=YES polkitd_enable=YES I also added the regular user to the group operators. What do I need to do to get it working? Thanks! Koen de Wijs ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
get Sql Server2005 data in Freebsd6.2
i know how to get data from SQL SERVER 2K but now it show me waring like this: PHP Warning: mssql_query(): WARNING! Some character(s) could not be converted into client's character set. my freetds.conf port = 1433 tds version = 8.0 client charset = CP936 i wanna get data and iconv it to utf-8. but it seems i lost some data.. anyone know how to fix it? -- regards jl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
NIS server over IPv6
Hi Group, I wish to know whether FreeBSD supports NIS server running over IPv6 protocol? I'm clueless in getting information about NIS server over IPv6 configuration and availability in any Unix flavors including *BSDs, Solaris or Linux distros. Thanks in Advance, Prabhu H ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Podcast management software?
On Thu, Aug 30, 2007 at 04:34:29PM +0100, Adam J Richardson wrote: Hey, maybe your recommendation supports the Zen V [or, at a pinch, the Zen Nano Plus]. No clue, but I don't think so.. GoldenPod is only for rss feeds. Brgds Harry ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
pf rdr + netsed : reinject loop...
Hello everyone, I need your help / insight here :)
My setup, 2 VMs, XP (WinXP) and BSD (FreeBSD 6.2)
[XP ,172.16.82.81 ] --- [172.16.82.81,em1 BSD A.B.C.D,em0] --- The Interweb
[Other_servers_galore]
A.B.C.D is a public IP.
[Other_servers_galore] represents all and any servers XP wants to talk to . I
really don't know either port or IP of these servers.
BSD is performing as gateway for XP , with NAT on em0 using pf.
I want to replace certain bytes (FOO) in TCP packets between XP and
[Other_servers_galore] for other bytes (BAR). Vlad Galu pointed out that
net/netsed can help with this (with overhead, i know, this is only a test ).
(Thanks again! )
so what I have setup :
1) pf.conf has :
ext_if=em0
int_if=em1
nat on $ext_if from $internal_net to any - ($ext_if)
rdr on $int_if proto tcp from 172.16.82.81 to any - 127.0.0.1 port 10101
-
2) I run netsed in transparent proxy mode as :
netsed tcp 10101 0 0 s/FOO/BAR
---
The traffic from XP gets redirected just fine to netsed, which replaces the
bytes just fine. BUT the changed packets (the output of netsed) get reinjected
somewhere so that the rdr hits them again, sending them back to netsed ad
infinitum. ( yes, i managed to hit a load of 700+ without anything ever leaving
BSD ...quite cool)
Now, netsed works just fine in that setup if I define the IP, eg :
pf.conf :
ext_if=em0
int_if=em1
nat on $ext_if from $internal_net to any - ($ext_if)
rdr on $int_if proto tcp from 172.16.82.81 to O.P.Q.R - 127.0.0.1 port 10101
netsed :
netsed tcp 10101 O.P.Q.R 0 s/FOO/BAR
traffic goes to the external server O.P.Q.R ... but this was just a proof of
concept, as I really can't tell the remote IPs in advance
How do I modify this setup so that netsed packets aren't caught again by pf's
rdr and sent back into netsed ? I'm happy to try other tools / setups...
thanks for your time and any help you can provide :)
B
_
{Beto|Norberto|Numard} Meijome
Great spirits have often encountered violent opposition from mediocre minds.
Albert Einstein
I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf rdr + netsed : reinject loop...
On Fri, Aug 31, 2007 at 08:27:29PM +1000, Norberto Meijome wrote: rdr on $int_if proto tcp from 172.16.82.81 to any - 127.0.0.1 port 10101 netsed tcp 10101 0 0 s/FOO/BAR The traffic from XP gets redirected just fine to netsed, which replaces the bytes just fine. BUT the changed packets (the output of netsed) get reinjected somewhere so that the rdr hits them again, sending them back to netsed ad infinitum. ( yes, i managed to hit a load of 700+ without anything ever leaving BSD ...quite cool) I'm pretty sure the endless loop you describe does not pass through pf, except for the first iteration. In the first iteration, pf replaces the destination address with 127.0.0.1, and the packet goes to netsed. netsed changes the payload, but leaves the destination address (127.0.0.1 now). It sends the packet out, and since the destination address is 127.0.0.1, it sends it to itself. Hence the loop, which does not involve pf any further (i.e. there's no 'redirecting again' or such, AFAICT). rdr on $int_if proto tcp from 172.16.82.81 to O.P.Q.R - 127.0.0.1 port 10101 netsed tcp 10101 O.P.Q.R 0 s/FOO/BAR How do I modify this setup so that netsed packets aren't caught again by pf's rdr and sent back into netsed ? I'm happy to try other tools / setups... Two approaches are possible: a) You modify netsed so it will query pf about the original destination address (O.P.Q.R), and re-insert that before sending out its modified packet. The DIOCNATLOOK ioctl(2) call can be used for that, see pf(4) for details and e.g. the squid source (ports) for how it's used. b) Instead of replacing the destination address in pf with rdr, try leaving it as it is, but use route-to (lo0) to get the packet routed to the loopback interface. This would require netsed to listen on INADDR_ANY (or use a raw socket, I haven't checked its source code). Daniel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf rdr + netsed : reinject loop...
On Fri, 31 Aug 2007 13:13:12 +0200
Mel [EMAIL PROTECTED] wrote:
I think you're looking for tagging, for example:
rdr on $int_if proto tcp from 172.16.82.81 to any tag NETSED - 127.0.0.1
port
10101
Then you need to figure out how they come back and pass them through, for
example:
pass in on $int_if proto tcp tagged NETSED keep state
See pf.conf(5) for more info. The examples section has one for spamd
redirection.
Mel, i think you are right. Thanks, I just haven't had my brain switched on.
I'll read the documentation and reply back with a solution for the list.
thanks so much again! :)
B
_
{Beto|Norberto|Numard} Meijome
Do not take away the camels hump, you may be stopping him from being a camel.
I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: doubts about the freebsd devil
On 8/30/07, Bill Moran [EMAIL PROTECTED] wrote: Nélio Mesquita [EMAIL PROTECTED] wrote: Hello to all! Just for curiosity, why the FreeBSD logo is a little devil? Is there a history around it? It's not a devil, it's a daemon, and there is plenty of history: http://en.wikipedia.org/wiki/Daemon_%28computer_software%29 -- Bill Moran http://www.potentialtech.com Omg! I forgot the Wikipedia! How an idiot am I! Oh guys! My apologies for my lazy! I don't do it again! Really thanks for the help! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf rdr + netsed : reinject loop...
On Friday 31 August 2007 12:27:29 Norberto Meijome wrote: 1) pf.conf has : ext_if=em0 int_if=em1 nat on $ext_if from $internal_net to any - ($ext_if) rdr on $int_if proto tcp from 172.16.82.81 to any - 127.0.0.1 port 10101 - 2) I run netsed in transparent proxy mode as : netsed tcp 10101 0 0 s/FOO/BAR --- The traffic from XP gets redirected just fine to netsed, which replaces the bytes just fine. BUT the changed packets (the output of netsed) get reinjected somewhere so that the rdr hits them again, sending them back to netsed ad infinitum. ( yes, i managed to hit a load of 700+ without anything ever leaving BSD ...quite cool) I think you're looking for tagging, for example: rdr on $int_if proto tcp from 172.16.82.81 to any tag NETSED - 127.0.0.1 port 10101 Then you need to figure out how they come back and pass them through, for example: pass in on $int_if proto tcp tagged NETSED keep state See pf.conf(5) for more info. The examples section has one for spamd redirection. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS server over IPv6
On Friday 31 August 2007 11:15:51 Prabhu Harihar wrote: I wish to know whether FreeBSD supports NIS server running over IPv6 protocol? I'm clueless in getting information about NIS server over IPv6 configuration and availability in any Unix flavors including *BSDs, Solaris or Linux distros. Except from configuring IPv6 and host resolving correctly, I don't think there's anything different with respect to NIS. It's all based on host and domainnames, so if a domain has one or more hosts with only IPv6 address, then it'll use IPv6. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: auto mount xfce4 and kde
On Friday 31 August 2007 09:41:23 Koen de Wijs wrote: This week I installed FreeBSD on a computer of mine. Everything works fine but one thing I can't get working. Every person should be albe to work with the machine. The only thing that isn't working is auto-mounting of cd-roms and usb-sticks. If KDE is started and I put a usb-stick in the computer there should appear a icon on the desktop with the usb drive on it and that should also work for cd-roms. On XFCE4 there should also appear an icon; Don't know about XFCE4, but read on. I also added the regular user to the group operators. You don't wanna do that, unless it's ok with you that a user can get read access to every file on every disk. Operator is meant for backup users. What do I need to do to get it working? portinstall desktop-bsd-tools and read the instructions about devfs, with a major side-note: ntfs/fat partitions can only be mounted by root, because mount changes the owner of the disk to the underlying directory, so it's likely that your users cannot mount usb-sticks. To automount usb storage devices as root, have a look at usbd(8) and usbd.conf(5). You'll have to provide an unmounter for your users though and instruct them to unmount before removing or things go to hell. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Floppy IO Errors
On Friday 31 August 2007 04:01:25 Dan Mahoney, System Admin wrote: I am trying to load a kernel module from a floppy disk (ms dos formatted). Is there anything special I have to do to format these disks, or make them readable? I can boot from an MS DOS startup disk (as generated by XP) but BSD returns an IO error when trying to read any floppy. I've tried multiple drives, cables, and disks. I don't see the relevance of the boot stage here, but if you wanna load a kernel module from a floppy: # mount_msdosfs /dev/fdc0 /mnt # sysctl kern.module_path=/boot/kernel;/boot/modules;/mnt # kldload mymodulename /dev/fdc0 being your floppy drive device. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
IPFW - Keep State
In a nutsheel, is it really necessary, or is thier a really compelling reason to use keep-state for a normal web - email server? I sometimes see Too many dynamic rules and can see a correlation between customer complaints and these log entries. My server all have about 200 rules, most of them counters for bandwidth accounting. -Grant ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring FreeBSD 6.2 to use sendmail for sending only
On 2007-08-30 18:03, L Goodwin [EMAIL PROTECTED] wrote: Um... I just want to pass an email message (complete with From, To, Subject and message body) to a mail handler (sendmail), as I stated in the original post. Anyway, Chuck kindly provided sample code. The only thing I'd like to do differently is to not use a temp file to store the message. Otherwise, I'm happy. Ah, sorry about the misunderstanding then. I think all you need is something along the lines of: ( command1 ; command2 ) | mail -s subject recipient1 ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPFW - Keep State
On Friday 31 August 2007 14:34:51 Grant Peel wrote: In a nutsheel, is it really necessary, or is thier a really compelling reason to use keep-state for a normal web - email server? I sometimes see Too many dynamic rules and can see a correlation between customer complaints and these log entries. My server all have about 200 rules, most of them counters for bandwidth accounting. It is necessary for NAT, since it doesn't know what to do with replies from webservers otherwise (internet:80 = $ext_addr:high_port = what?) -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS server over IPv6
I think, the underlying RPC portmapper needs to be ipv6-aware. Whether this is supported in FreeBSD? Do you think no other configuration changes needed for NIS server / client running natively over IPv6 network? Thanks! On 8/31/07, Mel [EMAIL PROTECTED] wrote: On Friday 31 August 2007 11:15:51 Prabhu Harihar wrote: I wish to know whether FreeBSD supports NIS server running over IPv6 protocol? I'm clueless in getting information about NIS server over IPv6 configuration and availability in any Unix flavors including *BSDs, Solaris or Linux distros. Except from configuring IPv6 and host resolving correctly, I don't think there's anything different with respect to NIS. It's all based on host and domainnames, so if a domain has one or more hosts with only IPv6 address, then it'll use IPv6. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Incoming SSL Proxy
On Thursday 30 August 2007 23:26:29 [EMAIL PROTECTED] wrote: We have a corporate server which allows incoming connections on port 443 for checking e-mail. There is a possibility that soon, part of the data center will be moved to a new location. Unfortunately, due to corporate politics and the way the corporate network is setup, it is not possible to change the configuration of this server. So what can't you do? It's not possible to run an SSL proxy server like squid on port 443 and use it's acl's to proxy fixed to the new datacenter, similar to how a squid proxy can proxy for an internal apache server? -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Forcing GEOM to re-taste a device
I am having trouble with a USB stick (a Verbatim store'n'go, 4 GB). It seems there is a timing problem. On insertion there are complaints that there is no medium present when attempting to discover the size of the device. It goes on to retry but eventually bails out. However sometimes (only once so far) it manages to successfully retry and discover slices; presumably due to timing. So I would like to force GEOM to re-taste the media (camcontrol rescand da0 is not enough). Is there a way to do this? And further, I was hoping to boot off of this. If anyone have suggestions as to how to make the retries continue for a longer period (other than patching the source), it would be welcome, since during boot I need the kernel to be able to taste it on the initial attempt, since failure will cause a panic immediately. -- / Peter Schuller PGP userID: 0xE9758B7D or 'Peter Schuller [EMAIL PROTECTED]' Key retrieval: Send an E-Mail to [EMAIL PROTECTED] E-Mail: [EMAIL PROTECTED] Web: http://www.scode.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS server over IPv6
On Friday 31 August 2007 15:23:23 Prabhu Harihar wrote: reformatted for clarity(tm) On 8/31/07, Mel [EMAIL PROTECTED] wrote: On Friday 31 August 2007 11:15:51 Prabhu Harihar wrote: I wish to know whether FreeBSD supports NIS server running over IPv6 protocol? I'm clueless in getting information about NIS server over IPv6 configuration and availability in any Unix flavors including *BSDs, Solaris or Linux distros. Except from configuring IPv6 and host resolving correctly, I don't think there's anything different with respect to NIS. It's all based on host and domainnames, so if a domain has one or more hosts with only IPv6 address, then it'll use IPv6. I think, the underlying RPC portmapper needs to be ipv6-aware. Whether this is supported in FreeBSD? Do you think no other configuration changes needed for NIS server / client running natively over IPv6 network? man rpcbind shows a -6 option, giving it the ability to only bind to IPv6 addresses, so I assume it's IPv6 ready. I can't think of a network utility/daemon in stock FreeBSD that isn't actually. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPFW - Keep State
I don't use NAT, so is there any other compelling reasons? Speed etc? -Grant - Original Message - From: Mel To: freebsd-questions@freebsd.org Sent: Friday, August 31, 2007 9:21 AM Subject: Re: IPFW - Keep State On Friday 31 August 2007 14:34:51 Grant Peel wrote: In a nutsheel, is it really necessary, or is thier a really compelling reason to use keep-state for a normal web - email server? I sometimes see Too many dynamic rules and can see a correlation between customer complaints and these log entries. My server all have about 200 rules, most of them counters for bandwidth accounting. It is necessary for NAT, since it doesn't know what to do with replies from webservers otherwise (internet:80 = $ext_addr:high_port = what?) -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Total Control Panel Login To: [EMAIL PROTECTED] Block messages from this sender (blacklist) From: [EMAIL PROTECTED] Remove this sender from my whitelist You received this message because the sender is on your whitelist. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
dummynet lag
Is it normal to have +10msec ping times when pinging through dummynet (ipfw pipes)? If yes, why? If not, WTF? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Forcing GEOM to re-taste a device
On Friday 31 August 2007, Peter Schuller wrote: I am having trouble with a USB stick (a Verbatim store'n'go, 4 GB). It seems there is a timing problem. On insertion there are complaints that there is no medium present when attempting to discover the size of the device. It goes on to retry but eventually bails out. However sometimes (only once so far) it manages to successfully retry and discover slices; presumably due to timing. So I would like to force GEOM to re-taste the media (camcontrol rescand da0 is not enough). Is there a way to do this? cat /dev/null /dev/da0 That should retaste the device. -- Anish Mistry [EMAIL PROTECTED] AM Productions http://am-productions.biz/ pgpZCdmIZTaJ5.pgp Description: PGP signature
Re: doubts about the freebsd devil
Written by Nélio Mesquita on 08/31/07 06:44 On 8/30/07, Bill Moran [EMAIL PROTECTED] wrote: Nélio Mesquita [EMAIL PROTECTED] wrote: Hello to all! Just for curiosity, why the FreeBSD logo is a little devil? Is there a history around it? It's not a devil, it's a daemon, and there is plenty of history: http://en.wikipedia.org/wiki/Daemon_%28computer_software%29 -- Bill Moran http://www.potentialtech.com Omg! I forgot the Wikipedia! How an idiot am I! Oh guys! My apologies for my lazy! I don't do it again! Really thanks for the help! If by chance you feel that the daemon is contrary to your moral or religious beliefs, you could always take a look at Jesux ( http://www.geocities.com/ResearchTriangle/Node/4081/ ) =) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPFW - Keep State
On Friday 31 August 2007 15:38:57 Grant Peel wrote: I don't use NAT, so is there any other compelling reasons? Speed etc? Speed is one. The dynamic rules only evaluate protocol, IP addresses and ports. Whether this is noticeable, only you can tell. Also, if you're passing through traffic through other means (routing, bridging), that expects replies via the reverse route. So basically everything except local servers come to think of it. You may wanna look into: `sysctl net.inet.ip.fw | grep dyn_'. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dummynet lag
Is it normal to have +10msec ping times when pinging through dummynet (ipfw depends how exactly it's configured pipes)? If yes, why? If not, WTF? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Squid + Clamav to scan http proxy traffic
Hello Does anybody have experience with setting up Squid + Clamav to work as http proxy antivirus? I've tried last days such setups with c-icap (which worked few months ago) + clamav + squid, without success. Also I've tried using SquidClamav_Redirector, a python script, which partially works but is too slow. If you have links with documentation regarding this issue or have any advice for me please tell me. best regards ovi ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring FreeBSD 6.2 to use sendmail for sending only
At 08:14 PM 8/30/2007, L Goodwin wrote:
--- Derek Ragona [EMAIL PROTECTED]
wrote:
At 07:01 PM 8/30/2007, L Goodwin wrote:
Chuck, I'd prefer to have the script handle the
mailing so I can test the script (with email send)
manually, independent of cron.
Still looking for specifics on setting this up and
a
bourne shell script example that sends an email.
Thanks!
--- Chuck Swiger [EMAIL PROTECTED] wrote:
On Aug 30, 2007, at 3:12 PM, L Goodwin wrote:
I wrote a shell script that backs up the file
server.
I would like to modify this script to email a
notification message to a public email
address.
Use cron, which will automatically email out the
results of your
script to any email address you like.
Seems like sendmail should do the job nicely,
but
I've never set it
up before.
What specific steps (including
network-specific)
need
to be performed to get sendmail working for
outgoing
mail only in a secure manner?
Please see the fine Handbook:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail.html
Although, it is entirely reasonable to consider
using Postfix instead.
--
-Chuck
Here is a sample script that you can use as a
template:
===
#!/bin/sh
#define any commands you will use
MAILFILE=mymailfile
MAILFILE2=mymailfile2
[EMAIL PROTECTED]
[EMAIL PROTECTED]
MAIL=/usr/bin/mail
AWK=/usr/bin/awk
CAT=/bin/cat
TR=/usr/bin/tr
TEMPDIR=/tmp
#make sure we have paths
export PATH=$PATH:/usr/local/sbin:/usr/local/bin
cd $TEMPDIR
$CAT /etc/passwd | $AWK -F : '{ print $5 }'
$MAILFILE
$TR -cd \012-\172 $MAILFILE $MAILFILE2
$MAIL -s My list of real user names subject
$SENDTO -c $CCTO $MAILFILE2
===
Derek, your example brings up another question.
Should I be calling mail or sendmail, and which
mail or sendmail should I invoke if there is more than
one of either? Chuck's example calls sendmail in a
path that does not exist on my system (my sendmail is
in /usr/sbin/). I usually invoke whichever one is
first in my path.
Mail is the local MTA to send via sendmail. All my servers run sendmail.
One more question. Is it ok to run the script (and
send the email) as user root, or should I create a
user account with more limited permissions -- if so,
what limits should I set?
Some scripts may need to run as root. I have cron jobs I run as root, as
root permissions are required. Other jobs I run as non-root
users. Typically to run non-root jobs, create a new user group or use one
that is existing and make a new user that is a member of that
group. Typically a non-root task is analysis of webserver logs, since the
webserver should run with non-root privileges.
You can also use complex scripts where you combine root and non-root tasks
using sudo for the root tasks.
Like most tasks in a UNIX environment, there are many ways to do them.
-Derek
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
How to retrieve a directory tree from perforce.freebsd.org?
As the subject says, is there a straightforward way to retrieve a directory tree from perforce.freebsd.org? Clicking individual files in the web interface is really tedious. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf rdr + netsed : reinject loop...
On Fri, 31 Aug 2007 13:33:53 +0200 Daniel Hartmeier [EMAIL PROTECTED] wrote: On Fri, Aug 31, 2007 at 08:27:29PM +1000, Norberto Meijome wrote: rdr on $int_if proto tcp from 172.16.82.81 to any - 127.0.0.1 port 10101 netsed tcp 10101 0 0 s/FOO/BAR The traffic from XP gets redirected just fine to netsed, which replaces the bytes just fine. BUT the changed packets (the output of netsed) get reinjected somewhere so that the rdr hits them again, sending them back to netsed ad infinitum. ( yes, i managed to hit a load of 700+ without anything ever leaving BSD ...quite cool) I'm pretty sure the endless loop you describe does not pass through pf, except for the first iteration. In the first iteration, pf replaces the destination address with 127.0.0.1, and the packet goes to netsed. netsed changes the payload, but leaves the destination address (127.0.0.1 now). It sends the packet out, and since the destination address is 127.0.0.1, it sends it to itself. Hence the loop, which does not involve pf any further (i.e. there's no 'redirecting again' or such, AFAICT). I was just reaching the same conclusion after some strong coffee netsed's output is (part ) : --- Script started on Fri Aug 31 07:52:12 2007 [EMAIL PROTECTED] /usr/home/luser]# netsed tcp 10101 0 0 s/FOO/BAR netsed 0.01b by Michal Zalewski [EMAIL PROTECTED] [*] Parsing rule s/FOO/BAR ... [+] Loaded 1 rules... [+] Listening on port 10101/tcp. [+] Using dynamic (transparent proxy) forwarding. [+] Got incoming connection from 172.16.82.81:1178 to 127.0.0.1:10101 [*] Forwarding connection to 127.0.0.1:10101 [+] Got incoming connection from 127.0.0.1:51337 to 127.0.0.1:10101 [*] Forwarding connection to 127.0.0.1:10101 [+] Caught client - server packet. Applying rule s/FOO/BAR... [*] Done 1 replacements, forwarding packet of size 466 (orig 466). [+] Caught client - server packet. [+] Got incoming connection from 127.0.0.1:53272 to 127.0.0.1:10101 [*] Forwarding connection to 127.0.0.1:10101 [*] Forwarding untouched packet of size 466. [+] Got incoming connection from 127.0.0.1:56367 to 127.0.0.1:10101 [*] Forwarding connection to 127.0.0.1:10101 [+] Caught client - server packet. [*] Forwarding untouched packet of size 466. [+] Got incoming connection from 127.0.0.1:50565 to 127.0.0.1:10101 [*] Forwarding connection to 127.0.0.1:10101 [+] Caught client - server packet. [*] Forwarding untouched packet of size 466. [+] Got incoming connection from 127.0.0.1:61660 to 127.0.0.1:10101 [*] Forwarding connection to 127.0.0.1:10101 [+] Caught client - server packet. [*] Forwarding untouched packet of size 466. [+] Got incoming connection from 127.0.0.1:51520 to 127.0.0.1:10101 [*] Forwarding connection to 127.0.0.1:10101 [+] Caught client - server packet. [*] Forwarding untouched packet of size 466. [+] Got incoming connection from 127.0.0.1:63554 to 127.0.0.1:10101 [*] Forwarding connection to 127.0.0.1:10101 [+] Caught client - server packet. [*] Forwarding untouched packet of size 466. --- From another run, sockstat -4 shows (starting from bottom, which seem to have the starting connections): root netsed 3201 3 tcp4 *:10101 *:* root netsed 3201 4 tcp4 127.0.0.1:10101 127.0.0.1:64110 root netsed 3201 5 tcp4 127.0.0.1:55906 127.0.0.1:10101 root netsed 3200 3 tcp4 *:10101 *:* root netsed 3200 4 tcp4 127.0.0.1:10101 127.0.0.1:57224 root netsed 3200 5 tcp4 127.0.0.1:64110 127.0.0.1:10101 root netsed 3199 3 tcp4 *:10101 *:* root netsed 3199 4 tcp4 127.0.0.1:10101 127.0.0.1:55434 root netsed 3199 5 tcp4 127.0.0.1:57224 127.0.0.1:10101 root netsed 3198 3 tcp4 *:10101 *:* root netsed 3198 4 tcp4 127.0.0.1:10101 127.0.0.1:64816 root netsed 3198 5 tcp4 127.0.0.1:55434 127.0.0.1:10101 root netsed 3197 3 tcp4 *:10101 *:* root netsed 3197 4 tcp4 127.0.0.1:10101 127.0.0.1:61595 root netsed 3197 5 tcp4 127.0.0.1:64816 127.0.0.1:10101 root netsed 3196 3 tcp4 *:10101 *:* root netsed 3196 4 tcp4 127.0.0.1:10101 127.0.0.1:58293 root netsed 3196 5 tcp4 127.0.0.1:61595 127.0.0.1:10101 root netsed 3195 3 tcp4 *:10101 *:* root netsed 3195 4 tcp4 127.0.0.1:10101 172.16.82.81:1179 root netsed 3195 5 tcp4 127.0.0.1:58293 127.0.0.1:10101 root netsed 3194 3 tcp4 *:10101 *:* root netsed 3194 4 tcp4 127.0.0.1:10101 127.0.0.1:53543 --- so it does seem that one netsed is feeding the other... This explains why using pf tags isn't helping here, probably for this reason I'm only now getting acquired in depth with PF (been using ipf and ipfw until now... ) , so i'm sure that's not
Re: Configuring FreeBSD 6.2 to use sendmail for sending only
In response to L Goodwin [EMAIL PROTECTED]: --- Bill Moran [EMAIL PROTECTED] wrote: L Goodwin [EMAIL PROTECTED] wrote: Chuck, I'd prefer to have the script handle the mailing so I can test the script (with email send) manually, independent of cron. Why? What is your reason for overcomplicating this task by refusing to use the facilities built into the system? Still looking for specifics on setting this up and a bourne shell script example that sends an email. Thanks! Use mail(1). That's what it's there for. Huh? I want to use cron to run the script, but want more control over when and where email gets sent. The business reasons are sound. Anyway, a script that sends email is not complicated, so how can I be overcomplicating anything? Two lines of code vs. 1 line is overcomplicated. While your description of the reasons is somewhat vague, I still feel that cron's internal mailer can handle the chore. What control over who gets the mail do you need that can't be accomplished either by setting an env variable in the crontab, or by adding aliases to sendmail's config? Also, recent posts to freebsd-questions on the subject of sending email from cron seemed to favor having the script handle the mailing instead of cron. I haven't seen those mails, and can't comment on them. Anyway, I do not want the client to receive an email if the backup fails. Then don't send the mail to the client, just change who it goes to: [EMAIL PROTECTED] Bill, I'm just trying to figure stuff out here. I'm sorry if my ignorance offends you. I don't know how others feel about it, but I'd prefer not to get negative, condescending replies to my sincerely aimed questions. After all, this is a forum for questions, isn't it? Please don't mistake terseness for condescending. I didn't feel I was being condescending, and did not intend to be. What I did was: a) Comment that I feel you're taking the wrong approach to solving your problem. b) Give you a direct answer. What more could you ask for? I apologize if my language implied a negative tone. It was not intended that way. -- Bill Moran http://www.potentialtech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf rdr + netsed : reinject loop...
On Fri, 31 Aug 2007 13:33:53 +0200
Daniel Hartmeier [EMAIL PROTECTED] wrote:
b) Instead of replacing the destination address in pf with rdr, try
leaving it as it is, but use route-to (lo0) to get the packet routed to
the loopback interface. This would require netsed to listen on
INADDR_ANY (or use a raw socket, I haven't checked its source code).
Hi Daniel,
I tried this but i only managed to lock up the BSD VM a couple of times (not
even console access, so it was not just network affected). I am not sure if
i've done this correctly ..
pass in on $int_if route-to 127.0.0.1 proto tcp from 172.16.82.81 to O.P.Q.R
tag ROUTED keep state
is that ok ? ( tried also doing route-to 127.0.0.1 $external_addr with no
visible change.) I have logging enabled specifically on lo0 , but i dont see
any packets going through.
I am not entirely sure how netsed will pick up this packets. I've had netsed
listening on *:{port} and 127.0.0.1:{port} and it obviously didnt make any
difference. Could you point me to any reference / sample of what you mean?
thx again,
B
_
{Beto|Norberto|Numard} Meijome
I used to hate weddings; all the Grandmas would poke me and
say, You're next sonny! They stopped doing that when i
started to do it to them at funerals.
I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: doubts about the freebsd devil
On Thu, Aug 30, 2007 at 07:53:50PM -0300, Nélio Mesquita wrote: Hello to all! Just for curiosity, why the FreeBSD logo is a little devil? Is there a history around it? There is so much history it would take you several days to read it all. Just look for stuff on 'Beastie' or 'Bsd' or other variations of spelling on it and also look for BSD daemon.There is stuff in the list archive and on the FreeBSD web site and on various online publications. There are links to information and copyright information on the FreeBSD web site. There will also probably be loads of people replying to tell you that it is not a devil but a character representing a daemon that is a helpful sprite and that it is not a logo, but a mascot. You can also buy stickers and plush toys, etc at bsd mall and probably other places. jerry Thank you! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf rdr + netsed : reinject loop...
On Friday 31 August 2007 15:10:15 Norberto Meijome wrote: On Fri, 31 Aug 2007 13:33:53 +0200 Daniel Hartmeier [EMAIL PROTECTED] wrote: On Fri, Aug 31, 2007 at 08:27:29PM +1000, Norberto Meijome wrote: rdr on $int_if proto tcp from 172.16.82.81 to any - 127.0.0.1 port 10101 netsed tcp 10101 0 0 s/FOO/BAR The traffic from XP gets redirected just fine to netsed, which replaces the bytes just fine. BUT the changed packets (the output of netsed) get reinjected somewhere so that the rdr hits them again, sending them back to netsed ad infinitum. ( yes, i managed to hit a load of 700+ without anything ever leaving BSD ...quite cool) I'm pretty sure the endless loop you describe does not pass through pf, except for the first iteration. In the first iteration, pf replaces the destination address with 127.0.0.1, and the packet goes to netsed. netsed changes the payload, but leaves the destination address (127.0.0.1 now). It sends the packet out, and since the destination address is 127.0.0.1, it sends it to itself. Hence the loop, which does not involve pf any further (i.e. there's no 'redirecting again' or such, AFAICT). I was just reaching the same conclusion after some strong coffee netsed's output is (part ) : --- Script started on Fri Aug 31 07:52:12 2007 [EMAIL PROTECTED] /usr/home/luser]# netsed tcp 10101 0 0 s/FOO/BAR netsed 0.01b by Michal Zalewski [EMAIL PROTECTED] [*] Parsing rule s/FOO/BAR ... [+] Loaded 1 rules... [+] Listening on port 10101/tcp. [+] Using dynamic (transparent proxy) forwarding. [+] Got incoming connection from 172.16.82.81:1178 to 127.0.0.1:10101 [*] Forwarding connection to 127.0.0.1:10101 [+] Got incoming connection from 127.0.0.1:51337 to 127.0.0.1:10101 [*] Forwarding connection to 127.0.0.1:10101 [+] Caught client - server packet. I think you need to figure out what this 'transparent proxy mode' of netsed does, cause it should under no circumstances forward to itself... -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
strange arp problem with bge nics
Dear all, I've got two xSeries 346 servers here with a total of 6 Broadcom gigabit NIC's each. I'm going to build a firewall with them, but right now I'm in an early testing stage. The OS is FreeBSD 6.2-RELEASE for amd64. Each of the machines is currently configured to have an IP from our internal LAN on bge0. I use that link to ssh into the machines for testing purposes. (This is a temporary solution, of course). Both machines have their bge0 connected to our primary switch, where dozens of other computers are connected as well. Networking works normally here. Each machine also has got an IP address from a different network on the respective bge5 interface. The bge5 interfaces are connected to a switch having no other connections, i.e. this is a two machine network for testing purposes. My problem is I can ping machine #2 from machine #1 when using the IP addresses configured on the bge1 NICs. I cannot ping the other machine when using the IP addresses configured on the bge5 NICs as ARP entries remain incomplete. I can then configure bge5 to promiscous mode on one machine, and after about 10 seconds the ping starts working. Here's what ipconfig and netstat -nr say right after booting: Machine #1: bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=1bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING inet XX.XX.159.253 netmask 0xfe00 broadcast XX.XX.159.255 ether 00:14:5e:ac:71:c9 bge5: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=1bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING inet XX.XX.248.158 netmask 0xff00 broadcast XX.XX.248.255 ether 00:10:18:11:72:40 Destination GatewayFlagsRefs Use Netif default 141.58.159.254 UGS 00 bge0 127.0.0.1 127.0.0.1 UH 00lo0 XX.XX.158/23 link#1 UC 00 bge0 XX.XX.158.1 00:17:f2:93:01:30 UHLW13 bge0 XX.XX.159.254 00:04:76:19:03:de UHLW20 bge0 XX.XX.248/24 link#6 UC 00 bge5 Machine #2: bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=1bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING inet XX.XX.159.252 netmask 0xfe00 broadcast XX.XX.159.255 ether 00:14:5e:b4:2e:82 bge5: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=1bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING inet XX.XX.248.254 netmask 0xff00 broadcast XX.XX.248.255 ether 00:10:18:11:6f:45 Destination GatewayFlagsRefs Use Netif default XX.XX.159.254 UGS 00 bge0 127.0.0.1 127.0.0.1 UH 00lo0 XX.XX.158/23 link#1 UC 00 bge0 XX.XX.158.1 00:17:f2:93:01:30 UHLW1 14 bge0 XX.XX.159.254 00:04:76:19:03:de UHLW20 bge0 XX.XX.248/24 link#6 UC 00 bge5 Now, if I ping XX.XX.248.254 from machine #1, I get Sendto: Host is down. The ARP table looks like this: x.de (XX.XX.248.254) at (incomplete) on bge5 [ethernet] This goes on indefinitely. I can then do ifconfig bge5 promisc on ANY of the two machines (e.g. I can even do it on machine #2, or I can do it on machine #1!) and about 10 seconds later, the ARP table on machine #1 gets completed and from then on, the network connection will work normally, even if I do ifconfig bge5 -promisc after that. I can even delete the arp table entries on both machines, but they will be reinstated as soon as I issue the next ping. I need to reboot to trigger the strange behaviour again. I have already tried to use a different switch and have also tried using a crosslink cable. Both show the same behaviour. This is a vanilla install of 6.2-RELEASE. No firewalling of any sort is enabled yet. The only thing I did is add option BRIDGE to the kernel config on machine #1 and build a custom kernel (i.e. my kernel config on machine #1 only differs from GENERIC in that one line. Machine #2 still has the binary kernel from CD.) Am I overlooking something or is this a bug? What should I do next? I am not going to run the machines in the particular configuration described above, but I am now worried that there might be a bug in the bge driver and that I should not put these machines in production at all, at least not with FreeBSD. Regards Tobias -- Universität Stuttgart|Fakultät für Architektur und Stadtplanung|casinoIT 70174 Stuttgart Geschwister-Scholl-Straße 24D T +49 (0)711 121-4228 F +49 (0)711 121-4276 E [EMAIL PROTECTED] I http://www.casino.uni-stuttgart.de ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf rdr + netsed : reinject loop...
On Fri, 31 Aug 2007 17:40:06 +0200
Mel [EMAIL PROTECTED] wrote:
netsed's output is (part ) :
---
Script started on Fri Aug 31 07:52:12 2007
[EMAIL PROTECTED] /usr/home/luser]# netsed tcp 10101 0 0 s/FOO/BAR
netsed 0.01b by Michal Zalewski [EMAIL PROTECTED]
[*] Parsing rule s/FOO/BAR ...
[+] Loaded 1 rules...
[+] Listening on port 10101/tcp.
[+] Using dynamic (transparent proxy) forwarding.
[+] Got incoming connection from 172.16.82.81:1178 to 127.0.0.1:10101
[*] Forwarding connection to 127.0.0.1:10101
[+] Got incoming connection from 127.0.0.1:51337 to 127.0.0.1:10101
[*] Forwarding connection to 127.0.0.1:10101
[+] Caught client - server packet.
I think you need to figure out what this 'transparent proxy mode' of netsed
does, cause it should under no circumstances forward to itself...
it simply forwards the packet to the dst_ip:dst_port it originally had. But, as
Daniel H pointed out, those packets had been rewritten by pf's rdr to go TO
netsed's ip:port hence netsed wont change anything. It works fine in
non-proxy mode, but as I said in my first msg, that is not an option for me.
So the obvious question is how to get the packets to netsed's IP:PORT without
having the packet's original destination IP/PORT changedmaybe incorporating
the netsed code into a socks5-compatible server (in my case, the app that
generates the packets understands SOCKS). Alas, I am drawing a blank here atm.
Otherwise, i can only think that a new netgraph node would perform better than
my current pf + netsed approach
cheers,
B
_
{Beto|Norberto|Numard} Meijome
Ninety percent of the time things turn out worse than you thought they would.
The other ten percent of the time you had no right to expect that much.
Augustine
I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: auto mount xfce4 and kde
Edit devfs.conf and fstab files With permissions and links. Koen de Wijs wrote: Hello, This week I installed FreeBSD on a computer of mine. Everything works fine but one thing I can't get working. Every person should be albe to work with the machine. The only thing that isn't working is auto-mounting of cd-roms and usb-sticks. If KDE is started and I put a usb-stick in the computer there should appear a icon on the desktop with the usb drive on it and that should also work for cd-roms. On XFCE4 there should also appear an icon; I saw auto-mounting working on Linux Mandriva and PCBSD but how do I get it working with FreeBSD KDE and XFCE4? I installed hal, dbus and policykit and added these lines to rc.conf: dbus_enable=YES hald_enable=YES polkitd_enable=YES I also added the regular user to the group operators. What do I need to do to get it working? Thanks! Koen de Wijs ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring FreeBSD 6.2 to use sendmail for sending only
On Thu, 30 Aug 2007 18:14:55 -0700 (PDT) L Goodwin [EMAIL PROTECTED] wrote:
--- Derek Ragona [EMAIL PROTECTED] wrote:
[ slashing mercilessly ]
--- Chuck Swiger [EMAIL PROTECTED] wrote:
[..]
Although, it is entirely reasonable to consider
using Postfix instead.
Here is a sample script that you can use as a
template:
===
#!/bin/sh
#define any commands you will use
MAILFILE=mymailfile
MAILFILE2=mymailfile2
[EMAIL PROTECTED]
[EMAIL PROTECTED]
MAIL=/usr/bin/mail
AWK=/usr/bin/awk
CAT=/bin/cat
TR=/usr/bin/tr
TEMPDIR=/tmp
#make sure we have paths
export PATH=$PATH:/usr/local/sbin:/usr/local/bin
cd $TEMPDIR
$CAT /etc/passwd | $AWK -F : '{ print $5 }'
$MAILFILE
$TR -cd \012-\172 $MAILFILE $MAILFILE2
$MAIL -s My list of real user names subject
$SENDTO -c $CCTO $MAILFILE2
===
Derek, your example brings up another question.
Should I be calling mail or sendmail, and which
mail or sendmail should I invoke if there is more than
one of either? Chuck's example calls sendmail in a
path that does not exist on my system (my sendmail is
in /usr/sbin/). I usually invoke whichever one is
first in my path.
Use whatever works for you, and it never hurts to be specific :)
One more question. Is it ok to run the script (and
send the email) as user root, or should I create a
user account with more limited permissions -- if so,
what limits should I set?
There are so many ways of doing this .. here's another that we'd use to
mail out accounts to members monthly, from text files generated by some
php and mysql magic on another box, by another guy.
Note that this is enforced to be run by user 'subs' (here uid 996), so
that's who these messages are 'From:'. A script run from cron need not
be so paranoid about checking things .. this was hand-run 'when ready'.
#!/bin/sh
# sendacts 7Jan00 smithi .. mail out SubsBot messages .. cleanup 2Oct02
# each *.act file begins with To:, Cc:, X-mailer: etc lines
maildir=/home/subs/bills/$1 # preexisting dir as parameter eg '2000-01'
mailrun=./command.txt # perline format: 'sendmail -t userX.act 21'
if [ `id -u` != 996 ]; then
echo $0 must be run as user subs .. 'su subs' and retry ..
elif [ $1 = ]; then
echo usage: $0 directory
elif [ ! -d $maildir ]; then
echo $maildir does not exist .. mkdir first, unpack zipfile there
elif [ ! -w $maildir ]; then
echo $maildir is not writeable .. an older locked one, perhaps?
else
cd $maildir
if [ ! -f $mailrun ]; then
echo can't find ${maildir}/${mailrun} .. zipfile not unpacked?
elif [ -f ./mailout.done ]; then
echo 'rm ${maildir}/mailout.done' if you wanna repeat mailout?
else
umask 27
echo $0 sending mail: ; cat $mailrun
. $mailrun
touch ./mailout.done ; echo $0 done
exit 0
fi
fi
exit 1
with ./command.txt containing a line per recipient such as:
sendmail -t user1.act 21
sendmail -t user2.act 21
[..]
sendmail -t userN.act 21
and with the *.act files beginning such as:
To: [EMAIL PROTECTED]
Subject: August 2006 Account for Ian Smith
Cc: [EMAIL PROTECTED]
Reply-to: [EMAIL PROTECTED]
X-Mailer: subsbot v0.9 beta 8.90 :)
Hello Ian Smith,
[..]
HTH, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: doubts about the freebsd devil
On Friday 31 August 2007 15:32:26 Jerry McAllister wrote: There will also probably be loads of people replying to tell you that it is not a devil but a character representing a daemon that is a helpful sprite and that it is not a logo, but a mascot. I think that is much less different than the difference between a toad and a frog. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to retrieve a directory tree from perforce.freebsd.org?
Howard Goldstein wrote: As the subject says, is there a straightforward way to retrieve a directory tree from perforce.freebsd.org? Clicking individual files in the web interface is really tedious. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] It seems the required software for accessing perforce repositories is available in ports: /usr/ports/devel/perforce I haven't tried it myself though. I don't even know if perforce.freebsd.org allows anonymous access. You can however read some details on it here: http://www.freebsd.org/doc/en_US.ISO8859-1/articles/p4-primer/index.html If you do try, it please send a follow up post with results. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Information about freeBSD
Hi all, during a research project shall the company Philotech evaluate different operating system and middleware solutions. The FreeBSD OS is of high interest for this evaluation. To be able to evaluate freeBSd we need more information. I would like to know if it is possible to send you some questions about freeBSD and get them answered or maybe you know a better place to gain information about FreeBSD. With greetings and thanks in advance, Mike Gerdes PHILOTECH GmbH Dipl.-Ing. Mike Gerdes Niederlassung Hamburg Bebelstrasse 44 21614 Buxtehude Tel.: +49 (0) 4161 50 20 0 Fax: +49 (0) 4161 50 20 20 [EMAIL PROTECTED] www.philotech.de ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Squid + Clamav to scan http proxy traffic
Ovi wrote: Hello Does anybody have experience with setting up Squid + Clamav to work as http proxy antivirus? I've tried last days such setups with c-icap (which worked few months ago) + clamav + squid, without success. Also I've tried using SquidClamav_Redirector, a python script, which partially works but is too slow. If you have links with documentation regarding this issue or have any advice for me please tell me. I did my scanning (and more) back then with dansguardian in between. Peter -- http://www.boosten.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring FreeBSD 6.2 to use sendmail for sending only
On Aug 30, 2007, at 6:14 PM, L Goodwin wrote: [ ... ] Should I be calling mail or sendmail, and which mail or sendmail should I invoke if there is more than one of either? Chuck's example calls sendmail in a path that does not exist on my system (my sendmail is in /usr/sbin/). I usually invoke whichever one is first in my path. As others have said, there is more than one way to do the same task, but you asked to run sendmail in particular, rather than something else. The path I used was that to the actual sendmail binary, rather than the /usr/sbin wrapper which (on the particular machine I used, anyway) would invoke Postfix instead. You can find more details from man mailwrapper. One more question. Is it ok to run the script (and send the email) as user root, or should I create a user account with more limited permissions -- if so, what limits should I set? The simple answer is that you should try not to run things as root when you can do them as a normal user. If you wish the email to contain arbitrary envelope from-addresses, be aware that only root can do so without a warning message unless you use this FEATURE (see / usr/share/sendmail/cf/README): use_ct_file Read the file /etc/mail/trusted-users file to get the names of users that will be ``trusted'', that is, able to set their envelope from address using -f without generating a warning message. The actual filename can be overridden by redefining confCT_FILE. Someone else has already provided another example of a controlled access email script which checks for the right UID. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Pass all protocols in PF
I've been working with PF for awhile, and this is something that's bugged me for some time. Is there any way to make pass in all pass any protocol? Right now, for example, we have a firewall with two bridged (if_bridge) Intel NICs and pf. We need OSPF to pass, and so we have to add an explicit rule to pass it, despite the fact that we have a default pass in any rule. It's the same story for other protocols. Thanks in advance for any replies. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How to get best results from FreeBSD-questions
How to get the best results from FreeBSD questions. === Last update $Date: 2005/08/10 02:21:44 $ This is a regular posting to the FreeBSD questions mailing list. If you got it in answer to a message you sent, it means that the sender thinks that at least one of the following things was wrong with your message: - You left out a subject line, or the subject line was not appropriate. - You formatted it in such a way that it was difficult to read. - You asked more than one unrelated question in one message. - You sent out a message with an incorrect date, time or time zone. - You sent out the same message more than once. - You sent an 'unsubscribe' message to FreeBSD-questions. If you have done any of these things, there is a good chance that you will get more than one copy of this message from different people. Read on, and your next message will be more successful. This document is also available on the web at http://www.lemis.com/questions.html. = Contents: I:Introduction II: How to unsubscribe from FreeBSD-questions III: Should I ask -questions or -hackers? IV: How to submit a question to FreeBSD-questions V:How to answer a question to FreeBSD-questions I: Introduction === This is a regular posting aimed to help both those seeking advice from FreeBSD-questions (the newcomers), and also those who answer the questions (the hackers). Note that the term hacker has nothing to do with breaking into other people's computers. The correct term for the latter activity is cracker, but the popular press hasn't found out yet. The FreeBSD hackers disapprove strongly of cracking security, and have nothing to do with it. In the past, there has been some friction which stems from the different viewpoints of the two groups. The newcomers accused the hackers of being arrogant, stuck-up, and unhelpful, while the hackers accused the newcomers of being stupid, unable to read plain English, and expecting everything to be handed to them on a silver platter. Of course, there's an element of truth in both these claims, but for the most part these viewpoints come from a sense of frustration. In this document, I'd like to do something to relieve this frustration and help everybody get better results from FreeBSD-questions. In the following section, I recommend how to submit a question; after that, we'll look at how to answer one. II: How to unsubscribe from FreeBSD-questions == When you subscribed to FreeBSD-questions, you got a welcome message from [EMAIL PROTECTED] In this message, amongst other things, it told you how to unsubscribe. Here's a typical message: Welcome to the freebsd-questions@freebsd.org mailing list! If you ever want to unsubscribe or change your options (eg, switch to or from digest mode, change your password, etc.), visit your subscription page at: http://lists.freebsd.org/mailman/options/freebsd-questions/[EMAIL PROTECTED] (obviously, substitute your mail address for [EMAIL PROTECTED]). You can also make such adjustments via email by sending a message to: [EMAIL PROTECTED] with the word 'help' in the subject or body (don't include the quotes), and you will get back a message with instructions. You must know your password to change your options (including changing the password, itself) or to unsubscribe. Normally, Mailman will remind you of your freebsd.org mailing list passwords once every month, although you can disable this if you prefer. This reminder will also include instructions on how to unsubscribe or change your account options. There is also a button on your options page that will email your current password to you. Here's the general information for the list you've subscribed to, in case you don't already have it: FREEBSD-QUESTIONS User questions This is the mailing list for questions about FreeBSD. You should not send how to questions to the technical lists unless you consider the question to be pretty technical. Normally, unsubscribing is even simpler than the message suggests: you don't need to specify your mail ID unless it is different from the one which you specified when you subscribed. If Majordomo replies and tells you (incorrectly) that you're not on the list, this may mean one of two things: 1. You have changed your mail ID since you subscribed. That's where keeping the original message from majordomo comes in handy. For example, the sample message above shows my mail ID as [EMAIL PROTECTED] Since then, I have changed it to [EMAIL PROTECTED] If I were to try to remove [EMAIL PROTECTED] from the list, it would fail: I would have to specify the name with which I joined. 2. You're subscribed to a mailing list which is subscribed to
The Complete FreeBSD: errata and addenda
The trouble with books is that you can't update them the way you can a web page or any other online documentation. The result is that most leading edge computer books are out of date almost before they are printed. Unfortunately, The Complete FreeBSD, published by O'Reilly, is no exception. Inevitably, a number of bugs and changes have surfaced. The Complete FreeBSD has been through a total of five editions, including its predecessor Installing and Running FreeBSD. Two of these have been reprinted with corrections. I maintain a series of errata pages. Start at http://www.lemis.com/errata-4.html to find out how to get the errata information. Note also that the book has now been released for free download in PDF form. Instead of downloading the changed pages, you may prefer to download the entire book. See http://www.lemis.com/grog/Documentation/CFBSD/ for more information. Have you found a problem with the book, or maybe something confusing? Please let me know: I'm no longer constantly updating it, but I may be able to help Greg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: doubts about the freebsd devil
On Fri, Aug 31, 2007 at 03:50:27PM +, Pollywog wrote: On Friday 31 August 2007 15:32:26 Jerry McAllister wrote: There will also probably be loads of people replying to tell you that it is not a devil but a character representing a daemon that is a helpful sprite and that it is not a logo, but a mascot. I think that is much less different than the difference between a toad and a frog. Best ask a toad and/or a frog about that. jerry ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf rdr + netsed : reinject loop...
On Friday 31 August 2007 19:12:42 Mel wrote:
On Friday 31 August 2007 18:27:26 Norberto Meijome wrote:
On Fri, 31 Aug 2007 17:40:06 +0200
Mel [EMAIL PROTECTED] wrote:
netsed's output is (part ) :
---
Script started on Fri Aug 31 07:52:12 2007
[EMAIL PROTECTED] /usr/home/luser]# netsed tcp 10101 0 0 s/FOO/BAR
netsed 0.01b by Michal Zalewski [EMAIL PROTECTED]
[*] Parsing rule s/FOO/BAR ...
[+] Loaded 1 rules...
[+] Listening on port 10101/tcp.
[+] Using dynamic (transparent proxy) forwarding.
[+] Got incoming connection from 172.16.82.81:1178 to 127.0.0.1:10101
[*] Forwarding connection to 127.0.0.1:10101
[+] Got incoming connection from 127.0.0.1:51337 to 127.0.0.1:10101
[*] Forwarding connection to 127.0.0.1:10101
[+] Caught client - server packet.
I think you need to figure out what this 'transparent proxy mode' of
netsed does, cause it should under no circumstances forward to
itself...
it simply forwards the packet to the dst_ip:dst_port it originally had.
But, as Daniel H pointed out, those packets had been rewritten by pf's
rdr to go TO netsed's ip:port hence netsed wont change anything. It
works fine in non-proxy mode, but as I said in my first msg, that is not
an option for me.
OK, I just tried to verify if rdr rewrites dest and indeed it does from
netsed's point of view (didn't know my machine could go to 100 load and
still catch SIGINT).
Now I wonder how ftp-proxy(8) ever gets the server address. Time to view
the source.
Ah, here we go:
/usr/src/contrib/pf/ftp-proxy/util.c:115:
/*
* Open the pf device and lookup the mapping pair to find
* the original address we were supposed to connect to.
*/
fd = open(/dev/pf, O_RDWR);
if (fd == -1) {
syslog(LOG_ERR, cannot open /dev/pf (%m));
exit(EX_UNAVAILABLE);
}
if (ioctl(fd, DIOCNATLOOK, natlook) == -1) {
syslog(LOG_INFO,
pf nat lookup failed %s:%hu (%m),
inet_ntoa(client_sa_ptr-sin_addr),
ntohs(client_sa_ptr-sin_port));
close(fd);
return(-1);
}
close(fd);
So, in short, netsed needs extra code to deal with pf (and probably others
since only a linux iptables example is listed in README) and the port
maintainer should add a warning that transparent proxy mode does not (yet)
work with pf/ipfw/ipf.
In addition you need write access to /dev/pf :)
--
Mel
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Meaning of: kill -USR2
At 12:24 PM 8/31/2007, White Hat wrote: I have seen 'kill -USR2' used in some scripts; however, I am unable to find out exactly what it is referring to. The man page for 'kill' does not list any 'USR2' flag or signal, unless I am reading it incorrectly. Perhaps, someone can tell me exactly what this signal means. Thanks! -- White Hat [EMAIL PROTECTED] Do a man on signal instead. The argument passed is the signal to send. -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to retrieve a directory tree from perforce.freebsd.org?
Manolis Kiagias wrote: Howard Goldstein wrote: As the subject says, is there a straightforward way to retrieve a directory tree from perforce.freebsd.org? Clicking individual files in the web interface is really tedious. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] It seems the required software for accessing perforce repositories is available in ports: /usr/ports/devel/perforce I haven't tried it myself though. I don't even know if perforce.freebsd.org allows anonymous access. You can however read some details on it here: http://www.freebsd.org/doc/en_US.ISO8859-1/articles/p4-primer/index.html If you do try, it please send a follow up post with results. Whatever the magical incantation for p4 is it's well hidden after 15 minutes of poking around various docs cally:~$ p4 -H perforce.freebsd.org Perforce client error: Connect to server failed; check $P4PORT. TCP connect to perforce failed. perforce: host unknown. cally:~$ p4 -p 1666 -H perforce.freebsd.org Perforce client error: Connect to server failed; check $P4PORT. TCP connect to 1666 failed. connect: 1666: Connection refused cally:~$ I'm sure I'm missing something simple. If anon access is supposed to be denied by design it's broken because the browser portion allows access to the files themselves, although laden with revision prettyfication. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to retrieve a directory tree from perforce.freebsd.org?
Manolis Kiagias wrote: Howard Goldstein wrote: As the subject says, is there a straightforward way to retrieve a directory tree from perforce.freebsd.org? Clicking individual files in the web interface is really tedious. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] It seems the required software for accessing perforce repositories is available in ports: /usr/ports/devel/perforce I haven't tried it myself though. I don't even know if perforce.freebsd.org allows anonymous access. You can however read some details on it here: http://www.freebsd.org/doc/en_US.ISO8859-1/articles/p4-primer/index.html If you do try, it please send a follow up post with results. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] No, it doesn't allow anonymous access (this isn't feasible due to the way perforce works, i.e. maintaining all client state on the server). I dont know of a way to extract a general perforce tree, although a few of them (like trustedbsd) are exported via cvsup on I think cvsup9. I think you will have to ask whoever's branch you are looking at for a copy of it. Kris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Meaning of: kill -USR2
In response to White Hat [EMAIL PROTECTED]: I have seen 'kill -USR2' used in some scripts; however, I am unable to find out exactly what it is referring to. The man page for 'kill' does not list any 'USR2' flag or signal, unless I am reading it incorrectly. Perhaps, someone can tell me exactly what this signal means. USR2 is a user defined signal (from man signal) It doesn't mean anything by definition. Each application is free to define its meaning as it sees fit. It's there specifically so that applications can use signals for special purposes without reusing the defined signals. What scripts are you seeing using this? I expect they're following application-specific behaviour. -- Bill Moran http://www.potentialtech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Meaning of: kill -USR2
I have seen 'kill -USR2' used in some scripts; however, I am unable to find out exactly what it is referring to. The man page for 'kill' does not list any 'USR2' flag or signal, unless I am reading it incorrectly. because it's user defined signal number 2 - the program taking it does what it want (or exactly - what programmer want) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Information about freeBSD
Gerdes, Mike wrote: Hi all, during a research project shall the company Philotech evaluate different operating system and middleware solutions. The FreeBSD OS is of high interest for this evaluation. To be able to evaluate freeBSd we need more information. I would like to know if it is possible to send you some questions about freeBSD and get them answered or maybe you know a better place to gain information about FreeBSD. With greetings and thanks in advance, Mike Gerdes PHILOTECH GmbH Dipl.-Ing. Mike Gerdes Niederlassung Hamburg Bebelstrasse 44 21614 Buxtehude Tel.: +49 (0) 4161 50 20 0 Fax: +49 (0) 4161 50 20 20 [EMAIL PROTECTED] www.philotech.de ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] You should be able to get many answers to your basic (and not so basic) questions by reading the handbook and faqs on the FreeBSD website: http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/ http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ Most people on the list will be glad to help you to the best of their knowledge, as long as your questions are specific and you have researched the relevant documentation beforehand. If you have no expierence on FreeBSD I would also suggest you perform a test installation to experiment. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: auto mount xfce4 and kde
Edit devfs.conf and fstab files With permissions and links. Koen de Wijs wrote: Hello, This week I installed FreeBSD on a computer of mine. Everything works fine but one thing I can't get working. Every person should be albe to work with the machine. The only thing that isn't working is auto-mounting of cd-roms and usb-sticks. If KDE is started and I put a usb-stick in the computer there should appear a icon on the desktop with the usb drive on it and that should also work for cd-roms. On XFCE4 there should also appear an icon; I saw auto-mounting working on Linux Mandriva and PCBSD but how do I get it working with FreeBSD KDE and XFCE4? I installed hal, dbus and policykit and added these lines to rc.conf: dbus_enable=YES hald_enable=YES polkitd_enable=YES I also added the regular user to the group operators. What do I need to do to get it working? Thanks! Koen de Wijs You might want to have a look at: /usr/ports/sysutils/k3b/pkg-message This file contains a detailed step-by-step instruction on how to enable mounting for non-privileged users. Also, the following port might be of interest to you: /usr/ports/sysutils/am-utils Andriy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Tyan S5197 and ACPI don't mix on 6.2 Re: 6.2-RELEASE amd64 system rebooting under heavy load with Areca ARC-1231ML
On Aug 21, 2007, at 2:53 AM, Chad Leigh -- Shire.Net LLC wrote: Hi I have a new system I am building. Tyan S5197 MB with Intel Core 2 Quad 2.4ghz, 4GB RAM Areca ARC-1231ML raid card. 5 320gb disks in a RAID6 with 1 320gb disk hot spare plus two 750gb in a raid1 mirror. Using the ARECA firmware, each raidset is subdivided into separate volumes that each appear to the OS as separate daN type disks. I read through Google about various problems that the Areca driver had as well as on the Areca website FAQ (on FreeBSD) I installed 6.2-RELEASE on this system. Under heavy IO load the system reboots itself. This happened both in trying to install the OS, and if I got that far, in trying to build cvsup tool or in building a new kernel. The machine could sit there idle for hours but you startup a large build and usually withing a few minutes or 10 minutes it would reboot itself. I tried installing the 6.2- STABLE snapshot (latest on in the downloads which is from June) but the whole system would lock up after a few minutes and I would get corruption on the console screen so I decided that was not a great plan. I also tried the 7-CURRENT as a test but that would not stay out of the kernel debugger. So I went back to 6.2-STABLE. I installed it and then copied the areca kernel driver source arcmsr.c/.h from the 6.2-STABLE snapshot from June (latest snapshot I could find) and used it to rebuild the kernel. I was then able to build cvsup and do a cvsup to the latest -RELEASE code and was a significant way through a buildworld when it happened again and rebooted itself. So it appears the problem is not yet solved. Is anyone out there running a form of 6.2 on an x64 type platform using an Areca controller? What is the latest 6.x compatible driver source for the Areca? I tried to copy the 7-CURRENT areca source back but it relies on the new CAM system and even if I added that option to my 6.2 there were a bunch of compilation errors that made it look like the 7.0-CURRENT IO or SCSI or whatever lower level it uses system has changed. Any help in figuring out how to get this up and running without these reboots under load would be greatly appreciated. After replacing the power supply with a beefier one, running memtest86 for a day, trying to install Solaris 10 with the same reboot issue, etc, I tried running with boot without ACPI and that seems to have cured the issue. So there seems to be an issue with the Tyan S5197 board and ACPI on 6.2-RELEASE (and on Solaris 10u3) Chad --- Chad Leigh -- Shire.Net LLC Your Web App and Email hosting provider chad at shire.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf rdr + netsed : reinject loop...
On Friday 31 August 2007 18:27:26 Norberto Meijome wrote: On Fri, 31 Aug 2007 17:40:06 +0200 Mel [EMAIL PROTECTED] wrote: netsed's output is (part ) : --- Script started on Fri Aug 31 07:52:12 2007 [EMAIL PROTECTED] /usr/home/luser]# netsed tcp 10101 0 0 s/FOO/BAR netsed 0.01b by Michal Zalewski [EMAIL PROTECTED] [*] Parsing rule s/FOO/BAR ... [+] Loaded 1 rules... [+] Listening on port 10101/tcp. [+] Using dynamic (transparent proxy) forwarding. [+] Got incoming connection from 172.16.82.81:1178 to 127.0.0.1:10101 [*] Forwarding connection to 127.0.0.1:10101 [+] Got incoming connection from 127.0.0.1:51337 to 127.0.0.1:10101 [*] Forwarding connection to 127.0.0.1:10101 [+] Caught client - server packet. I think you need to figure out what this 'transparent proxy mode' of netsed does, cause it should under no circumstances forward to itself... it simply forwards the packet to the dst_ip:dst_port it originally had. But, as Daniel H pointed out, those packets had been rewritten by pf's rdr to go TO netsed's ip:port hence netsed wont change anything. It works fine in non-proxy mode, but as I said in my first msg, that is not an option for me. OK, I just tried to verify if rdr rewrites dest and indeed it does from netsed's point of view (didn't know my machine could go to 100 load and still catch SIGINT). Now I wonder how ftp-proxy(8) ever gets the server address. Time to view the source. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Meaning of: kill -USR2
I have seen 'kill -USR2' used in some scripts; however, I am unable to find out exactly what it is referring to. The man page for 'kill' does not list any 'USR2' flag or signal, unless I am reading it incorrectly. Perhaps, someone can tell me exactly what this signal means. Thanks! -- White Hat [EMAIL PROTECTED] Pinpoint customers who are looking for what you sell. http://searchmarketing.yahoo.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to retrieve a directory tree from perforce.freebsd.org?
On Friday 31 August 2007 19:50:19 Howard Goldstein wrote: Kris Kennaway wrote: Manolis Kiagias wrote: Howard Goldstein wrote: As the subject says, is there a straightforward way to retrieve a directory tree from perforce.freebsd.org? Clicking individual files in the web interface is really tedious. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] It seems the required software for accessing perforce repositories is available in ports: /usr/ports/devel/perforce I haven't tried it myself though. I don't even know if perforce.freebsd.org allows anonymous access. You can however read some details on it here: http://www.freebsd.org/doc/en_US.ISO8859-1/articles/p4-primer/index.html If you do try, it please send a follow up post with results. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] No, it doesn't allow anonymous access (this isn't feasible due to the way perforce works, i.e. maintaining all client state on the server). I dont know of a way to extract a general perforce tree, although a few of them (like trustedbsd) are exported via cvsup on I think cvsup9. I think you will have to ask whoever's branch you are looking at for a copy of it. Dang. Like an idiot savant, perforce appears to be (channeling Yoda I am?) Time for a script to workaround perforce's needlessly overcomplex stupidity. Thanks for letting me know I'm beating my head against the wall with the out-of-box tools...binary only at that. I assume that since sources in perforce is work-in-progress that may or not become official work-in-progress (-current), download complexity is a plus. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to retrieve a directory tree from perforce.freebsd.org?
Kris Kennaway wrote: Manolis Kiagias wrote: Howard Goldstein wrote: As the subject says, is there a straightforward way to retrieve a directory tree from perforce.freebsd.org? Clicking individual files in the web interface is really tedious. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] It seems the required software for accessing perforce repositories is available in ports: /usr/ports/devel/perforce I haven't tried it myself though. I don't even know if perforce.freebsd.org allows anonymous access. You can however read some details on it here: http://www.freebsd.org/doc/en_US.ISO8859-1/articles/p4-primer/index.html If you do try, it please send a follow up post with results. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] No, it doesn't allow anonymous access (this isn't feasible due to the way perforce works, i.e. maintaining all client state on the server). I dont know of a way to extract a general perforce tree, although a few of them (like trustedbsd) are exported via cvsup on I think cvsup9. I think you will have to ask whoever's branch you are looking at for a copy of it. Dang. Like an idiot savant, perforce appears to be (channeling Yoda I am?) Time for a script to workaround perforce's needlessly overcomplex stupidity. Thanks for letting me know I'm beating my head against the wall with the out-of-box tools...binary only at that. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to retrieve a directory tree from perforce.freebsd.org?
Mel wrote: On Friday 31 August 2007 19:50:19 Howard Goldstein wrote: Kris Kennaway wrote: Manolis Kiagias wrote: Howard Goldstein wrote: As the subject says, is there a straightforward way to retrieve a directory tree from perforce.freebsd.org? Clicking individual files in the web interface is really tedious. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] It seems the required software for accessing perforce repositories is available in ports: /usr/ports/devel/perforce I haven't tried it myself though. I don't even know if perforce.freebsd.org allows anonymous access. You can however read some details on it here: http://www.freebsd.org/doc/en_US.ISO8859-1/articles/p4-primer/index.html If you do try, it please send a follow up post with results. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] No, it doesn't allow anonymous access (this isn't feasible due to the way perforce works, i.e. maintaining all client state on the server). I dont know of a way to extract a general perforce tree, although a few of them (like trustedbsd) are exported via cvsup on I think cvsup9. I think you will have to ask whoever's branch you are looking at for a copy of it. Dang. Like an idiot savant, perforce appears to be (channeling Yoda I am?) Time for a script to workaround perforce's needlessly overcomplex stupidity. Thanks for letting me know I'm beating my head against the wall with the out-of-box tools...binary only at that. I assume that since sources in perforce is work-in-progress that may or not become official work-in-progress (-current), download complexity is a plus. perforce just isn't intended for this purpose, it's meant for internal use within a (closed) organisation. As great as it is for development with large numbers of branches, this is one of the important technical reasons why it's not suitable for primary FreeBSD distribution. In principle the web front end could offer this kind of aggregation of files from a branch, maybe you should raise it as a feature request with perforce.com. Kris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Meaning of: kill -USR2
On Fri, 31 Aug 2007 10:24:47 -0700 (PDT) White Hat [EMAIL PROTECTED] wrote: I have seen 'kill -USR2' used in some scripts; however, I am unable to find out exactly what it is referring to. The man page for 'kill' does not list any 'USR2' flag or signal, unless I am reading it incorrectly. Perhaps, someone can tell me exactly what this signal means. SIGUSR1 and SIGUSR2 are signals that don't have any predefined meaning. You can use them for based inter-process communication. See: man 3 signal http://en.wikipedia.org/wiki/SIGUSR1_and_SIGUSR2 Jona -- I am chaos. I am the substance from which your artists and scientists build rhythms. I am the spirit with which your children and clowns laugh in happy anarchy. I am chaos. I am alive, and tell you that you are free. Eris, Goddess Of Chaos, Discord Confusion ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Cannot rebuild Sendmail (with sasl2) **FIXED**
I would like to send a heartfelt 'THANK YOU' to everyone who contributed info to this thread. I had to use bits a pieces of everyone's input to make it finally do what I wanted it to do.. which it finally does! in the end.. what my ultimate problem was.. was the /usr/obj directory. I must not have cleaned it out entirely. so what i did was: # chflags -R noschg /usr/obj/usr # rm -rf /usr/obj/usr # cd /usr/src # make cleandir # make cleandir # cd /usr/src/lib/libsmutil # make cleandir # make cleandir make obj make # cd /usr/src/lib/libsm # make cleandir # make cleandir make obj make # cd /usr/src/usr.sbin/sendmail # make cleandir # make cleandir make obj make make install with this in my make.conf: PERL_VER=5.8.8 PERL_VERSION=5.8.8 SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl2 I did have to modify what I had in my make.conf because it had -DSASL=2 instead of just -DSASL so I hope this helps another FBSD lowbie. I am gaining lots of respect for this Good Software. I will probably be putting FBSD in where I have other linux installations as the hardware gets replaced. THANK YOU AGAIN EVERYONE FOR YOUR HELP! 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH PLAIN LOGIN W H *** 250-STARTTLS 250-DELIVERBY 250 HELP From: Giorgos Keramidas [EMAIL PROTECTED] To: brad davison [EMAIL PROTECTED] CC: freebsd-questions@freebsd.org Subject: Re: Cannot rebuild Sendmail (with sasl2) Date: Thu, 30 Aug 2007 23:40:43 +0300 On 2007-08-30 17:48, brad davison [EMAIL PROTECTED] wrote: Thank you for your help. We seem to be further now. Running the 'make cleandir' twice seems to have gotten us past that hangup. Now the buildworld and buildkernel and installkernel all worked. It seems, however, that the -DSASL=2 did not take, because now, when I reboot (or restart sendmail) I get: Warning: Option: AuthMechanisms requires SASL support (-DSASL) Also, building Sendmail from /usr/src/usr.sbin/sendmail gives the old error message .. cc -O2 -fno-strict-aliasing -pipe [...] -std=iso9899:1990 -c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/version.c make: don't know how to make /usr/src/usr.sbin/sendmail/../../lib/libsmutil/libsmutil.a. Stop That's because to 'reuse' the existing object code (compiled during the last buildworld and stored in /usr/obj) you have to set in your shell's environment the MAKEOBJDIRPREFIX variable. If you run buildworld with csh as your shell, this would be: csh# setenv MAKEOBJDIRPREFIX /usr/obj If you are using /bin/sh use: # export MAKEOBJDIRPREFIX=/usr/obj Then you should try: # cd /usr/src/usr.sbin/sendmail # make cleandir make cleandir # make obj depend all If you are (but the buildworld did finish successfully including the sendmail piece, which did have the -DSASL=2 in the make.conf.) I don't know why your buildworld seems to have picked the wrong settings from make.conf. Are you *sure* you run a clean build? This would require: 1. Removing /usr/obj 2. Running make cleandir cleandir in /usr/src 3. Checking /etc/make.conf 4. Running buildworld buildkernel 5. Installing everything, following the instructions from /usr/src/UPDATING _ Booking a flight? Know when to buy with airfare predictions on MSN Travel. http://travel.msn.com/Articles/aboutfarecast.aspxocid=T001MSN25A07001 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Forcing GEOM to re-taste a device
cat /dev/null /dev/da0 That should retaste the device. Thanks! For the archives, I also discovered that the issue can be worked around by physically timing the insertion of the stick. If you insert it just enough that it gets powered up (presumably initializing) but not enough for it to attach to the USB bus, wait a few seconds, and insert it all the way - it will get properly detected. Similarly if connected on boot there is no problem. -- / Peter Schuller PGP userID: 0xE9758B7D or 'Peter Schuller [EMAIL PROTECTED]' Key retrieval: Send an E-Mail to [EMAIL PROTECTED] E-Mail: [EMAIL PROTECTED] Web: http://www.scode.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: strange arp problem with bge nics
Hi, I have further news on this problem. It really seems to be a driver/hardware issue. As I said, the two servers have 6 NICs each. These are: bge0, bge1: BCM5750, integrated on the motherboard bge2, bge3: BCM5704, PCIX card bge4, bge5: BCM5704, PCIX card I have now greatly simplified the test case: Only connect any two interfaces with the same number with a crosslink cable or an otherwise unused switch. Assign two IP addresses from within the same subnet. E.g., make bge0 on machine #1 10.0.0.1 and bge0 on machine #2 10.0.0.2. Don't connect anything else. I can instantly ping the other machine after booting up when using bge0, bge1 or bge2 on both machines. I cannot initially ping the other machine when using bge3, bge4 or bge5. In this case, I first have to put one of the interfaces into promiscuous mode, wait for the ping to come through, then disable promiscuous mode. Incidentally, the working interfaces all sit on IRQ3, while the other three sit on IRQ7, IRQ11 and IRQ5, respectively. Where do I take this from here? I need at least four interfaces working for the configuration I need to implement. I could do away with the other two, but four is the minimum I need. Incidentally, another option to wake up the ping, apart from setting and unsetting promiscous modem, is to connect any Windows machine to the same switch. As soon as a Windows machine is present on the switch, the ping between the two FreeBSD machines works right out from the start. This looks like a minor issue at first glance, because everything seems to be normal once the ping is set going, and I could just write a script that enables promiscuous mode on startup for a certain amount of time, and there will always be Windows boxes on the network anyway. However, I am now wary that there might be other hidden bugs or hardware problems, and I have no use for those in a production machine ... Best regards Tobias -- Universität Stuttgart|Fakultät für Architektur und Stadtplanung|casinoIT 70174 Stuttgart Geschwister-Scholl-Straße 24D T +49 (0)711 121-4228 F +49 (0)711 121-4276 E [EMAIL PROTECTED] I http://www.casino.uni-stuttgart.de ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: strange arp problem with bge nics
On Friday 31 August 2007 21:55, Tobias Ernst wrote: Hi, I have further news on this problem. It really seems to be a driver/hardware issue. As I said, the two servers have 6 NICs each. These are: bge0, bge1: BCM5750, integrated on the motherboard bge2, bge3: BCM5704, PCIX card bge4, bge5: BCM5704, PCIX card I have now greatly simplified the test case: Only connect any two interfaces with the same number with a crosslink cable or an otherwise unused switch. Assign two IP addresses from within the same subnet. E.g., make bge0 on machine #1 10.0.0.1 and bge0 on machine #2 10.0.0.2. Don't connect anything else. I can instantly ping the other machine after booting up when using bge0, bge1 or bge2 on both machines. I cannot initially ping the other machine when using bge3, bge4 or bge5. In this case, I first have to put one of the interfaces into promiscuous mode, wait for the ping to come through, then disable promiscuous mode. Incidentally, the working interfaces all sit on IRQ3, while the other three sit on IRQ7, IRQ11 and IRQ5, respectively. Where do I take this from here? I need at least four interfaces working for the configuration I need to implement. I could do away with the other two, but four is the minimum I need. Incidentally, another option to wake up the ping, apart from setting and unsetting promiscous modem, is to connect any Windows machine to the same switch. As soon as a Windows machine is present on the switch, the ping between the two FreeBSD machines works right out from the start. This looks like a minor issue at first glance, because everything seems to be normal once the ping is set going, and I could just write a script that enables promiscuous mode on startup for a certain amount of time, and there will always be Windows boxes on the network anyway. However, I am now wary that there might be other hidden bugs or hardware problems, and I have no use for those in a production machine ... If you take a look here http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/dev/bge/if_bge.c you will see some problems with some chipsets regarding auto negotiation. http://www.freebsd.org/cgi/query-pr.cgi?pr=94833 How all these apply to your case? Did you try down-ing and up-ing the interfaces? Did you try without forcing a link speed(check ifconfig -m) Just wild guesses... HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: strange arp problem with bge nics
On Friday 31 August 2007 22:30, I correctly wrote: Did you try without forcing a link speed(check ifconfig -m) s/without // anything useful in dmesg? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf rdr + netsed : reinject loop...
On Friday 31 August 2007 18:27:26 Norberto Meijome wrote:
On Fri, 31 Aug 2007 17:40:06 +0200
Mel [EMAIL PROTECTED] wrote:
netsed's output is (part ) :
---
Script started on Fri Aug 31 07:52:12 2007
[EMAIL PROTECTED] /usr/home/luser]# netsed tcp 10101 0 0 s/FOO/BAR
netsed 0.01b by Michal Zalewski [EMAIL PROTECTED]
[*] Parsing rule s/FOO/BAR ...
[+] Loaded 1 rules...
[+] Listening on port 10101/tcp.
[+] Using dynamic (transparent proxy) forwarding.
[+] Got incoming connection from 172.16.82.81:1178 to 127.0.0.1:10101
[*] Forwarding connection to 127.0.0.1:10101
[+] Got incoming connection from 127.0.0.1:51337 to 127.0.0.1:10101
[*] Forwarding connection to 127.0.0.1:10101
[+] Caught client - server packet.
I think you need to figure out what this 'transparent proxy mode' of
netsed does, cause it should under no circumstances forward to itself...
it simply forwards the packet to the dst_ip:dst_port it originally had.
But, as Daniel H pointed out, those packets had been rewritten by pf's rdr
to go TO netsed's ip:port hence netsed wont change anything. It works
fine in non-proxy mode, but as I said in my first msg, that is not an
option for me.
So the obvious question is how to get the packets to netsed's IP:PORT
without having the packet's original destination IP/PORT changedmaybe
incorporating the netsed code into a socks5-compatible server (in my case,
the app that generates the packets understands SOCKS). Alas, I am drawing a
blank here atm.
Otherwise, i can only think that a new netgraph node would perform better
than my current pf + netsed approach
Figured I'd take a shot at it and it works:
# ./netsed tcp 10101 0 0 s/boo/GET/
netsed 0.01b by Michal Zalewski [EMAIL PROTECTED]
[*] Parsing rule s/boo/GET/...
[+] Loaded 1 rules...
[+] Listening on port 10101/tcp.
[+] Using dynamic (transparent proxy) forwarding.
[+] Got incoming connection from 11.22.33.44:27712 to 127.0.0.1:10101
[*] Forwarding connection to 55.66.77.88:80
[+] Caught client - server packet.
Renamed the ip's to protect the innocent, but that's all. I typed boo /
HTTP/1.0 and got back a solid page of html.
Patch inlined below sig. I'm surprised no one ever caught up on this, seeing
the makefile is last modified in 2005 :)
--
Mel
--- orig/netsed.c 2007-08-31 21:51:51.0 +0200
+++ work/netsed.c 2007-08-31 21:51:31.0 +0200
@@ -11,6 +11,12 @@
#include ctype.h
#include stdlib.h
#include signal.h
+#ifdef USE_PF
+#include sys/ioctl.h
+#include net/if.h
+#include net/pfvar.h
+#include sysexits.h
+#endif
#define VERSION 0.01b
#define MAXRULES 50
@@ -254,11 +260,19 @@
signal(SIGCHLD,sig_chld);
// Am I bad coder?;
+ /* Yeah, comments should be useful and frequent and not in C++ format. */
while (1) {
struct sockaddr_in s;
int x,l=sizeof(struct sockaddr_in);
int conho,conpo;
+#ifdef USE_PF
+struct pfioc_natlook natlook;
+int fd;
+socklen_t clen; /* client length */
+struct sockaddr_in *client; /* client socket */
+#endif
+
usleep(1000); // Do not wanna select ;P
if ((csock=accept(lsock,(struct sockaddr*)s,l))=0) {
fcntl(csock,F_SETFL,O_NONBLOCK);
@@ -266,8 +280,51 @@
l=sizeof(struct sockaddr_in);
getsockname(csock,(struct sockaddr*)s,l);
printf( to %s:%d\n, inet_ntoa(s.sin_addr), ntohs(s.sin_port));
+ /* The logic here is that it receives an unmodified dest address,
+ * however that's not the case with pf. */
+#ifdef USE_PF
+ /* We also need the client peer to look up the nat in pf, blatantly
+ * borrowed from ftp-proxy(8). */
+ clen = sizeof(struct sockaddr_in);
+ client = (struct sockaddr_in *)malloc(clen);
+ getpeername(csock, (struct sockaddr *)client, clen);
+ memset((void *)natlook, 0, sizeof(natlook));
+ natlook.af = AF_INET;
+ natlook.saddr.addr32[0] = client-sin_addr.s_addr;
+ natlook.daddr.addr32[0] = s.sin_addr.s_addr;
+ natlook.proto = IPPROTO_TCP;
+ natlook.sport = client-sin_port;
+ natlook.dport = s.sin_port;
+ /* NOTE: It works with PF_OUT, even though rdr rule is on incoming
+ * traffic in my tests. More research into natlook.direction is needed
+ * here.
+ */
+ natlook.direction = PF_OUT;
+ /*
+ * Open the pf device and lookup the mapping pair to find
+ * the original address we were supposed to connect to.
+ */
+ fd = open(/dev/pf, O_RDWR);
+ if (fd == -1) {
+ printf(No permission to open /dev/pf, see ya\n);
+ exit(EX_UNAVAILABLE);
+ }
+
+ if (ioctl(fd, DIOCNATLOOK, natlook) == -1) {
+ printf(
+pf nat lookup failed %s:%hu\n,
+ inet_ntoa(client-sin_addr),
+ ntohs(client-sin_port));
+ close(fd);
+ exit(EX_UNAVAILABLE);
+ }
+ close(fd);
+
sshfs - fuse: failed to open fuse device: No such file or directory
I have installed fusefs-sshfs. I tried this: sshfs [EMAIL PROTECTED]:/usr/fileshare/pub /usr/fileshare/pub fuse: failed to open fuse device: No such file or directory sshfs has no manual page, just sshfs -h but it did not help. I could not find useful information in the archives. I have tried env FUSE_DEV_NAME=/dev/fuse0 but did not help. I tried to follow http://fuse4bsd.creo.hu/doc/html_single_out/doc.html#hd001003003 but I do not have a kernel module for fusefs (why not???), so I cannot do this: kldload fuse_module/fuse.ko sysctl vfs.usermount=1 Output of uname -a: FreeBSD neptunus.msnet 6.2-RELEASE-p7 FreeBSD 6.2-RELEASE-p7 #6: Thu Aug 23 21:03:16 CEST 2007 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/NEPTUNUS i386 Ports tree was updated a week ago and portupgrade -a was completed. Please help me! Thanks, Laszlo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: strange arp problem with bge nics
Nikos Vassiliadis schrieb: On Friday 31 August 2007 22:30, I correctly wrote: Did you try without forcing a link speed(check ifconfig -m) s/without // anything useful in dmesg? No, nothing at all in dmesg. I don't think this is an auto negotiation issue. How can a Windows machine that is connected to the same switch as my two FreeBSD machines and does not even talk to them explicitly influence the autonegotation of the FreeBSD NIC? If the NIC were not properly negotiated, it would not even see the broadcasts of the Windows machine, I would think. It must be something with ARP and TCP/IP in connection with that particular river, I suppose. The cards properly negotiate whatever the particular switch (tried several, 100 and 1000) supports and I also tried setting various fixed rates and duplex settings when using a cross link cable. This does not change anything. The interface is live and running, it just does not properly perform ARP up to the point when I either put the interface in promiscuous mode for a while or send some Windows broadcasts. Regards Tobias -- Universität Stuttgart|Fakultät für Architektur und Stadtplanung|casinoIT 70174 Stuttgart Geschwister-Scholl-Straße 24D T +49 (0)711 121-4228 F +49 (0)711 121-4276 E [EMAIL PROTECTED] I http://www.casino.uni-stuttgart.de ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Question about Window Scaling
Thank you Bob for your help. The net.inet.tcp.rfc1323 was already enabled but the problem still exists. Upgrading is not an option as it is an underlying os for an appliance running Spam Filter software. -Original Message- From: Bob Middaugh [mailto:[EMAIL PROTECTED] Sent: Thursday, August 30, 2007 11:16 AM To: Shah, Baiju-p98993; freebsd-questions@freebsd.org Subject: Re: Question about Window Scaling Hi Baiju, Try this to get started: http://proj.sunet.se/E2E/tcptune.html http://www.wormulon.net/files/pub/FreeBSD_Network_Tuning_-_slides.pdf If upgrading is an option: http://caia.swin.edu.au/reports/070717B/CAIA-TR-070717B.pdf Hope that helps, Bob -- Original message -- From: Shah, Baiju-p98993 [EMAIL PROTECTED] Greetings. We currently use Espion appliance running FreeBSD 4.9 as a mail interceptor for SPAM. We have one customer who has their mail gateway hard coded with Window Scaling (WS=9). Their mail gateway fails to establish SMTP hello connection with WS=9. However if they set their Window Scaling to 7, it works. Where can I go on the FreeBSD to see its configuration for Window Scale? How can I modify that configuration? Please email me with your recommendation to [EMAIL PROTECTED] Any and all help are appreciated. Thank you in advance. Baiju Shah Network Security Engineer General Dynamics-C4S West 8201 E. McDowell Road MD: H1217 Scottsdale, Arizona 85257 Desk: 480.441.9877 Email: [EMAIL PROTECTED] Important Confidentiality Notice: This message and any attachments are confidential and may be protected by legal privilege. If you are not the intended recipient, be aware that any disclosure, copying, distribution, or use of this message or any attachment is prohibited. If you have received this message in error, please notify me immediately by returning it to me and deleting this copy from your system. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sshfs - fuse: failed to open fuse device: No such file or directory
On Friday 31 August 2007 22:34:01 Laszlo Nagy wrote: I have installed fusefs-sshfs. I tried this: sshfs [EMAIL PROTECTED]:/usr/fileshare/pub /usr/fileshare/pub fuse: failed to open fuse device: No such file or directory but I do not have a kernel module for fusefs (why not???), so I cannot Make sure your dependencies are correct: $ ls /var/db/pkg|grep fuse fusefs-kmod-0.3.9.p1 fusefs-libs-2.7.0_1 fusefs-sshfs-1.8 It should have been installed automatically. Not sure why it didn't. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Cannot rebuild Sendmail (with sasl2) **FIXED**
On 2007-08-31 18:29, brad davison [EMAIL PROTECTED] wrote: I would like to send a heartfelt 'THANK YOU' to everyone who contributed info to this thread. I had to use bits a pieces of everyone's input to make it finally do what I wanted it to do.. which it finally does! Hurray! :-) THANK YOU AGAIN EVERYONE FOR YOUR HELP! You are welcome, of course. Happy FreeBSD'ing... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to retrieve a directory tree from perforce.freebsd.org?
On 2007-08-31 20:01, Mel [EMAIL PROTECTED] wrote: On Friday 31 August 2007 19:50:19 Howard Goldstein wrote: Dang. Like an idiot savant, perforce appears to be (channeling Yoda I am?) Time for a script to workaround perforce's needlessly overcomplex stupidity. Thanks for letting me know I'm beating my head against the wall with the out-of-box tools...binary only at that. I assume that since sources in perforce is work-in-progress that may or not become official work-in-progress (-current), download complexity is a plus. Not really. It's just the way Perforce works. Even work in progress repositories are interesting things to tinker with, since testing before something is finalized in an official tree is easier this way :) Perforce can be used for this sort of 'experimental cross-developer testing', and its branching, merging and history support is quite fast, elegant and featureful. It just has a few points which are, to put it mildly, 'annoying' if you are not used to the way Perforce works. Having said that, the perforce.freebsd.org server has played an instrumental role in keeping our CVS tree clean from feature-related branches, and its usefulness to the Project should not be underestimated just because of its (few) limitations :-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to retrieve a directory tree from perforce.freebsd.org?
On 2007-08-31 13:50, Howard Goldstein [EMAIL PROTECTED] wrote: Dang. Like an idiot savant, perforce appears to be (channeling Yoda I am?) Time for a script to workaround perforce's needlessly overcomplex stupidity. Thanks for letting me know I'm beating my head against the wall with the out-of-box tools...binary only at that. I have been tinkering with scripts which pull changesets from Perforce and commit them to 'clonable' Mercurial repositories (other repoformats should be possible too). If there is a specific part of the Perforce tree you are interested in, we can arrange with the people developing that part of the tree to 'mirror' and/or export Perforce changesets to another format. - Giorgos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sshfs - fuse: failed to open fuse device: No such file or directory
Make sure your dependencies are correct: $ ls /var/db/pkg|grep fuse fusefs-kmod-0.3.9.p1 fusefs-libs-2.7.0_1 fusefs-sshfs-1.8 Same here. :-) It should have been installed automatically. Not sure why it didn't. My mistake. I did not add fusefs_enable=YES to rc.conf, because I installed fusefs-sshfs from the ports tree. The ports system installed fusefs-kmod as a dependency for me, and of course I could not read the instructions at the end of the installation. In fact I did not even know that there is separate package for this. (What a pity that sshfs has no manual.) After starting the daemon, I get this error: neptunus# kldstat Id Refs AddressSize Name 17 0xc040 77e068 kernel 21 0xc0b7f000 15a60geom_mirror.ko 31 0xc0b95000 6810 snd_via8233.ko 42 0xc0b9c000 25828sound.ko 51 0xd0683000 3000 daemon_saver.ko 61 0xd2ffb000 e000 fuse.ko neptunus# sshfs [EMAIL PROTECTED]:/usr/fileshare/pub /usr/fileshare/pub fuse: bad mount point `/usr/fileshare/pub': Bad file descriptor neptunus# ls -l /usr/fileshare/ ls: pub: Bad file descriptor total 22 -rw-r--r-- 1 fileshare fileshare 767 Aug 30 19:41 .cshrc -rw--- 1 fileshare fileshare 214 Aug 30 20:12 .history -rw-r--r-- 1 fileshare fileshare 248 Aug 30 19:41 .login -rw-r--r-- 1 fileshare fileshare 158 Aug 30 19:41 .login_conf -rw--- 1 fileshare fileshare 373 Aug 30 19:41 .mail_aliases -rw-r--r-- 1 fileshare fileshare 331 Aug 30 19:41 .mailrc -rw-r--r-- 1 fileshare fileshare 797 Aug 30 19:41 .profile -rw--- 1 fileshare fileshare 276 Aug 30 19:41 .rhosts -rw-r--r-- 1 fileshare fileshare 975 Aug 30 19:41 .shrc drwx-- 2 fileshare fileshare 512 Aug 30 19:43 .ssh neptunus# This is interesting. Now I have a special node called pub in that directory and I cannot delete it. What is wrong? :-) Thanks, Laszlo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sshfs - fuse: failed to open fuse device: No such file or directory
On Friday 31 August 2007 23:09:33 Laszlo Nagy wrote: neptunus# sshfs [EMAIL PROTECTED]:/usr/fileshare/pub /usr/fileshare/pub fuse: bad mount point `/usr/fileshare/pub': Bad file descriptor neptunus# ls -l /usr/fileshare/ ls: pub: Bad file descriptor total 22 This is interesting. Now I have a special node called pub in that directory and I cannot delete it. What is wrong? :-) Looks like your mount point didn't exist before connecting. No idea how to get rid of that bad descriptor - but if you: mkidr /usr/fileshare/mnt sshfs [EMAIL PROTECTED]:/usr/fileshare/pub /usr/fileshare/mnt (assuming /usr/fileshare/pub is a directory on server fileshare) things should work correctly. I do hope fileshare isn't the local machine, cause then you're mounting the directory on itself using ssh/fuse..eew, messy. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dummynet lag
On Aug 31, 2007, at 6:34 AM, [EMAIL PROTECTED] wrote: Is it normal to have +10msec ping times when pinging through dummynet (ipfw pipes)? If yes, why? If not, WTF? If your HZ is 100, then, yes, it's common for the packets to be delayed by 10+ msec. Set HZ to 1000 or higher and you'll have the latency drop to circa 1 ms. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sshfs - fuse: failed to open fuse device: No such file or directory
Looks like your mount point didn't exist before connecting. Shouldn't mount_sshfs check it? No idea how to get rid of that bad descriptor - neptunus# /usr/local/etc/rc.d/fusefs stop Stopping fusefs. kldunload: can't unload file: Device busy Neither do I. :-) but if you: mkidr /usr/fileshare/mnt sshfs [EMAIL PROTECTED]:/usr/fileshare/pub /usr/fileshare/mnt (assuming /usr/fileshare/pub is a directory on server fileshare) things should work correctly. I do hope fileshare isn't the local machine, cause then you're mounting the directory on itself using ssh/fuse..eew, messy. That is not the case. I used the same user names on both machines with the same uid, so I do not need to use uid mapping. I have to find out how to get rid of that device node, then I'll try again. Thank you Laszlo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring FreeBSD 6.2 to use sendmail for sending only
--- Bill Moran [EMAIL PROTECTED] wrote: In response to L Goodwin [EMAIL PROTECTED]: --- Bill Moran [EMAIL PROTECTED] wrote: L Goodwin [EMAIL PROTECTED] wrote: Chuck, I'd prefer to have the script handle the mailing so I can test the script (with email send) manually, independent of cron. Why? What is your reason for overcomplicating this task by refusing to use the facilities built into the system? Still looking for specifics on setting this up and a bourne shell script example that sends an email. Thanks! Use mail(1). That's what it's there for. Huh? I want to use cron to run the script, but want more control over when and where email gets sent. The business reasons are sound. Anyway, a script that sends email is not complicated, so how can I be overcomplicating anything? Two lines of code vs. 1 line is overcomplicated. While your description of the reasons is somewhat vague, I still feel that cron's internal mailer can handle the chore. What control over who gets the mail do you need that can't be accomplished either by setting an env variable in the crontab, or by adding aliases to sendmail's config? Also, recent posts to freebsd-questions on the subject of sending email from cron seemed to favor having the script handle the mailing instead of cron. I haven't seen those mails, and can't comment on them. Anyway, I do not want the client to receive an email if the backup fails. Then don't send the mail to the client, just change who it goes to: [EMAIL PROTECTED] Bill, I'm just trying to figure stuff out here. I'm sorry if my ignorance offends you. I don't know how others feel about it, but I'd prefer not to get negative, condescending replies to my sincerely aimed questions. After all, this is a forum for questions, isn't it? Please don't mistake terseness for condescending. I didn't feel I was being condescending, and did not intend to be. What I did was: a) Comment that I feel you're taking the wrong approach to solving your problem. b) Give you a direct answer. What more could you ask for? I apologize if my language implied a negative tone. It was not intended that way. Apology accepted. Sorry if I overreacted -- the last few days have been less fruitful than I'd hoped. Shape Yahoo! in your own image. Join our Network Research Panel today! http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Network Monitor?
2007/8/31, Agus [EMAIL PROTECTED]: Try Munin also for monitoring a great deal of system functionality as Load, Apache, Disk, Network, etc.. is in the ports, under sysutils i think... Try it, its very very easyand u get web graphic reports Luck brahama 2007/8/13, Graham Bentley [EMAIL PROTECTED]: /usr/ports/net/trafshow ? -- [EMAIL PROTECTED] www.cpcnw.co.uk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring FreeBSD 6.2 to use sendmail for sending only
--- Ian Smith [EMAIL PROTECTED] wrote:
On Thu, 30 Aug 2007 18:14:55 -0700 (PDT) L Goodwin
[EMAIL PROTECTED] wrote:
--- Derek Ragona [EMAIL PROTECTED]
wrote:
[ slashing mercilessly ]
--- Chuck Swiger [EMAIL PROTECTED] wrote:
[..]
Although, it is entirely reasonable to
consider
using Postfix instead.
Here is a sample script that you can use as a
template:
===
#!/bin/sh
#define any commands you will use
MAILFILE=mymailfile
MAILFILE2=mymailfile2
[EMAIL PROTECTED]
[EMAIL PROTECTED]
MAIL=/usr/bin/mail
AWK=/usr/bin/awk
CAT=/bin/cat
TR=/usr/bin/tr
TEMPDIR=/tmp
#make sure we have paths
export
PATH=$PATH:/usr/local/sbin:/usr/local/bin
cd $TEMPDIR
$CAT /etc/passwd | $AWK -F : '{ print $5 }'
$MAILFILE
$TR -cd \012-\172 $MAILFILE $MAILFILE2
$MAIL -s My list of real user names subject
$SENDTO -c $CCTO $MAILFILE2
===
Derek, your example brings up another question.
Should I be calling mail or sendmail, and
which
mail or sendmail should I invoke if there is more
than
one of either? Chuck's example calls sendmail in
a
path that does not exist on my system (my
sendmail is
in /usr/sbin/). I usually invoke whichever one is
first in my path.
Use whatever works for you, and it never hurts to be
specific :)
One more question. Is it ok to run the script
(and
send the email) as user root, or should I create
a
user account with more limited permissions -- if
so,
what limits should I set?
There are so many ways of doing this .. here's
another that we'd use to
mail out accounts to members monthly, from text
files generated by some
php and mysql magic on another box, by another guy.
Note that this is enforced to be run by user 'subs'
(here uid 996), so
that's who these messages are 'From:'. A script run
from cron need not
be so paranoid about checking things .. this was
hand-run 'when ready'.
#!/bin/sh
# sendacts 7Jan00 smithi .. mail out SubsBot
messages .. cleanup 2Oct02
# each *.act file begins with To:, Cc:, X-mailer:
etc lines
maildir=/home/subs/bills/$1 # preexisting dir as
parameter eg '2000-01'
mailrun=./command.txt # perline format:
'sendmail -t userX.act 21'
if [ `id -u` != 996 ]; then
echo $0 must be run as user subs .. 'su subs'
and retry ..
elif [ $1 = ]; then
echo usage: $0 directory
elif [ ! -d $maildir ]; then
echo $maildir does not exist .. mkdir first,
unpack zipfile there
elif [ ! -w $maildir ]; then
echo $maildir is not writeable .. an older
locked one, perhaps?
else
cd $maildir
if [ ! -f $mailrun ]; then
echo can't find ${maildir}/${mailrun} ..
zipfile not unpacked?
elif [ -f ./mailout.done ]; then
echo 'rm ${maildir}/mailout.done' if you
wanna repeat mailout?
else
umask 27
echo $0 sending mail: ; cat $mailrun
. $mailrun
touch ./mailout.done ; echo $0 done
exit 0
fi
fi
exit 1
with ./command.txt containing a line per recipient
such as:
sendmail -t user1.act 21
sendmail -t user2.act 21
[..]
sendmail -t userN.act 21
and with the *.act files beginning such as:
To: [EMAIL PROTECTED]
Subject: August 2006 Account for Ian Smith
Cc: [EMAIL PROTECTED]
Reply-to: [EMAIL PROTECTED]
X-Mailer: subsbot v0.9 beta 8.90 :)
Hello Ian Smith,
[..]
HTH, Ian
Thanks for sharing your example, Ian.
They all help!
Got a little couch potato?
Check out fun summer activities for kids.
http://search.yahoo.com/search?fr=oni_on_mailp=summer+activities+for+kidscs=bz
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring FreeBSD 6.2 to use sendmail for sending only
--- Chuck Swiger [EMAIL PROTECTED] wrote: On Aug 30, 2007, at 6:14 PM, L Goodwin wrote: [ ... ] Should I be calling mail or sendmail, and which mail or sendmail should I invoke if there is more than one of either? Chuck's example calls sendmail in a path that does not exist on my system (my sendmail is in /usr/sbin/). I usually invoke whichever one is first in my path. As others have said, there is more than one way to do the same task, but you asked to run sendmail in particular, rather than something else. The path I used was that to the actual sendmail binary, rather than the /usr/sbin wrapper which (on the particular machine I used, anyway) would invoke Postfix instead. You can find more details from man mailwrapper. Thanks, Chuck! That's the man page I needed to see... One more question. Is it ok to run the script (and send the email) as user root, or should I create a user account with more limited permissions -- if so, what limits should I set? The simple answer is that you should try not to run things as root when you can do them as a normal user. If you wish the email to contain arbitrary envelope from-addresses, be aware that only root can do so without a warning message unless you use this FEATURE (see / usr/share/sendmail/cf/README): use_ct_file Read the file /etc/mail/trusted-users file to get the names of users that will be ``trusted'', that is, able to set their envelope from address using -f without generating a warning message. The actual filename can be overridden by redefining confCT_FILE. Someone else has already provided another example of a controlled access email script which checks for the right UID. -- -Chuck Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online. http://smallbusiness.yahoo.com/webhosting ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: strange arp problem with bge nics
On Fri, 31 Aug 2007 22:48:35 +0200, Tobias Ernst [EMAIL PROTECTED] wrote: I don't think this is an auto negotiation issue. How can a Windows machine that is connected to the same switch as my two FreeBSD machines and does not even talk to them explicitly influence the autonegotation of the FreeBSD NIC? I didn't say that a Windows machine can influence adversely a FreeBSD machine. My question was about the NIC's link status. It's crystal clear now that your links are up. But: (Symptom is that the NIC reports the link as up (PCS synched) but no traffic can be exchanged.) This message is from revision 1.71 of the bge driver. In short I would really try what's recommended there. It must be something with ARP and TCP/IP in connection with that particular river, I suppose. hm, there's nothing bge-specific in TCP/IP nor ARP. The cards properly negotiate whatever the particular switch (tried several, 100 and 1000) supports and I also tried setting various fixed rates and duplex settings when using a cross link cable. This does not change anything. The interface is live and running, it just does not properly perform ARP up to the point when I either put the interface in promiscuous mode for a while or send some Windows broadcasts. hm, what happens if you disable ARP? ifconfig intX -arp and use static ARP? I'd go the driver-fiddling way myself. HTH Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD Cron Job to run (ifconfig em0 down; ifconfig em0 up)
Dear People As a courtesy to anyone interested I have finally sovled this (I hope), this is what I did, this is on a FreeBSD pfSense firewall router. Essentially the fix is to ping the static IP's first hop, if this is down then flick the WAN NIC state down and up, this restores the lost connection where the Motorola 5101 has stopped sending packets (presumably for some incompatibility reason) The Motorola 5101 has today been replaced with a 5100, the ISP tell me most commercial lines are running the 5100 as they say it is more router compatible than the newer 5101. I'll advise if the 5100 exhibits the same behaviour(!) however if it does the following should address it within a minute. If you are copying it be sure to copy it exactly as spaces in the wrong place stuff it upetc!! For both the lists and my record it is done by: = in /etc/crontab add */1 * * * * root /usr/bin/pinger.sh = from edit.php create / write into new file /usr/bin/pinger.sh #!/bin/sh ping -c1 Insert_1st_Gateway_Hop_Here_commonly_Static_IP_a.b.c.1 if [ $? -eq 2 ]; then ifconfig em0 down ifconfig em0 up echo 'Gateway Down' else echo 'Gateway Up' fi = from exec.php run chmod u+x /usr/bin/pinger.sh = from exec.php run ls -l /usr/bin/pinger.sh and check there is an x in the file permissions (for executable) It will have run when you see a log series of commands starting with Sep 1 11:32:13 kernel: em0: link state changed to UP Sep 1 11:32:11 kernel: em0: link state changed to DOWN The only problem I see with this approach is that whenever the Internet is down for whatever reason the WAN interface is going to be disconnected and reconnected every minute, as well as filling the logs with this info, but that seems only of concern from the perspective of filling the log with rubbish. I might tinker with it to send me an email to advise me when the code has also run . Thank you again to the people who worked with me on this. Kind regards David Hingston ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
OpenBSD administrator needed ASAP
I was contacted today by someone in the Seattle area (East side) who is looking for someone to manage an OpenBSD server. I remember there being at least one person on this list who is based in that area. If you are a qualified person for this job, please contact me and I'll pass your information on to them (no charge). Sick sense of humor? Visit Yahoo! TV's Comedy with an Edge to see what's on, when. http://tv.yahoo.com/collections/222 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Question about Window Scaling
On 8/30/07, Shah, Baiju-p98993 [EMAIL PROTECTED] wrote: Greetings. We currently use Espion appliance running FreeBSD 4.9 as a mail interceptor for SPAM. We have one customer who has their mail gateway hard coded with Window Scaling (WS=9). Their mail gateway fails to establish SMTP hello connection with WS=9. However if they set their Window Scaling to 7, it works. Where can I go on the FreeBSD to see its configuration for Window Scale? How can I modify that configuration? Please email me with your recommendation to [EMAIL PROTECTED] Any and all help are appreciated. Thank you in advance. [snip] A not well configured firewall also could cause problems with TCP window scaling. See the section Create TCP states on the initial SYN packet of Daniel Hartmeier's article at http://undeadly.org/cgi?action=articlesid=20060928081238 =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OpenBSD administrator needed ASAP
L Goodwin wrote: I was contacted today by someone in the Seattle area (East side) who is looking for someone to manage an OpenBSD server. I remember there being at least one person on this list who is based in that area. If you are a qualified person for this job, please contact me and I'll pass your information on to them (no charge). So ask on an OpenBSD list, duh. Kris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
wpa_supplicant question
I use wpa_supplicant and have set the 'ifconfig_ndis0=WPA DHCP' in my /etc/rc.conf. However I am using the NDIS driver, so how do I pass the -Dndis argument to the wpa_supplicant? Thanks -- Free pop3 email with a spam filter. http://www.bluebottle.com/tag/5 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD Cron Job to run (ifconfig em0 down; ifconfig em0 up)
Wow, thats Kewl!
Thanks Robert, yes, that makes the code a little more portable!
In a similar vein, to make it truly run, and for being so good(!), how do I
automate getting the WAN interface name (em0 dc0 etc) on
different machines!?
Kind regards
David Hingston
- Original Message -
From: Robert Huff [EMAIL PROTECTED]
To: Hinkie [EMAIL PROTECTED]
Sent: Saturday, September 01, 2007 2:45 PM
Subject: Re: FreeBSD Cron Job to run (ifconfig em0 down; ifconfig em0 up)
Hello:
from edit.php create / write into new file /usr/bin/pinger.sh
#!/bin/sh
ping -c1 Insert_1st_Gateway_Hop_Here_commonly_Static_IP_a.b.c.1
if [ $? -eq 2 ]; then
ifconfig em0 down
ifconfig em0 up
echo 'Gateway Down'
else
echo 'Gateway Up'
fi
And you might consider replacing:
ping -c1 Insert_1st_Gateway_Hop_Here_commonly_Static_IP_a.b.c.1
with:
ping -c1 `netstat -rn | head -n 5 | tail -n 1 | awk '{ print $2 }'`
Robert Huff
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to retrieve a directory tree from perforce.freebsd.org?
Giorgos Keramidas wrote: On 2007-08-31 13:50, Howard Goldstein [EMAIL PROTECTED] wrote: Dang. Like an idiot savant, perforce appears to be (channeling Yoda I am?) Time for a script to workaround perforce's needlessly overcomplex stupidity. Thanks for letting me know I'm beating my head against the wall with the out-of-box tools...binary only at that. I have been tinkering with scripts which pull changesets from Perforce and commit them to 'clonable' Mercurial repositories (other repoformats should be possible too). If there is a specific part of the Perforce tree you are interested in, we can arrange with the people developing that part of the tree to 'mirror' and/or export Perforce changesets to another format. I was looking for Pawel's ZFS code at //depot/user/pjd/zfs to see if I could MFC it for my own system but it occurs to me as I'm answering you that I ought to be able to csup what I need right out of the CURRENT and avoid the problem. perforce must be pretty good as compared to everything else we can run for version control? Needless to say it could use the thing you're working on to aid in supplying anonymous access to it particularly because you're working on a more general solution where maybe it can be grabbed by git and cvsup as well as the repository system you're now targeting. Thanks in advance for taking a whack at the problem. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to retrieve a directory tree from perforce.freebsd.org?
On 2007-08-31 23:10, Howard Goldstein [EMAIL PROTECTED] wrote: Giorgos Keramidas wrote: I have been tinkering with scripts which pull changesets from Perforce and commit them to 'clonable' Mercurial repositories (other repoformats should be possible too). If there is a specific part of the Perforce tree you are interested in, we can arrange with the people developing that part of the tree to 'mirror' and/or export Perforce changesets to another format. I was looking for Pawel's ZFS code at //depot/user/pjd/zfs to see if I could MFC it for my own system but it occurs to me as I'm answering you that I ought to be able to csup what I need right out of the CURRENT and avoid the problem. Sure, depending on the time it takes for changes to trickle into CVS HEAD from //depot/user/pjd/zfs/... it may be sufficient to pull the changes from a CVSup copy of HEAD :-) perforce must be pretty good as compared to everything else we can run for version control? It does the job, and it's an advanced centralized SCM system, with many nice features one would expect from this sort of an SCM tool :-) Thanks in advance for taking a whack at the problem. You're welcome :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
m0n0wall on Firebox II vs. Trend Micro firewall on ZyXel P-334 router
I found this interesting account of someone installing the (freebsd-based) m0n0wall firewall on an old WatchGuard Firebox II firewall using a discarded 8MB compact flash card: http://www.ls-net.com/m0n0wall-watchguard/ I happen to have a Firebox II sitting around, and was wondering what the benefit might be of doing this conversion vs. just using the Trend Micro firewall on a ZyXel P-334 router. I was also wondering if the Firebox II might be put to any other/additional uses? It's a cool little red box containing a PII/200, 2 PCI slots and an expansion port that I don't know anything about, but I expect I can get an adapter that will enable me to plug a 1.2Gig laptop HDD into it. Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out. http://answers.yahoo.com/dir/?link=listsid=396545433 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd-questions Digest, Vol 192, Issue 16
On Fri, 31 Aug 2007 07:55:49 -0500 Reid Linnemann [EMAIL PROTECTED] wrote: Written by Nélio Mesquita on 08/31/07 06:44 On 8/30/07, Bill Moran [EMAIL PROTECTED] wrote: Nélio Mesquita [EMAIL PROTECTED] wrote: Hello to all! Just for curiosity, why the FreeBSD logo is a little devil? Is there a history around it? It's not a devil, it's a daemon, and there is plenty of history: http://en.wikipedia.org/wiki/Daemon_%28computer_software%29 -- Bill Moran http://www.potentialtech.com Omg! I forgot the Wikipedia! How an idiot am I! Oh guys! My apologies for my lazy! I don't do it again! Really thanks for the help! If by chance you feel that the daemon is contrary to your moral or religious beliefs, you could always take a look at Jesux ( http://www.geocities.com/ResearchTriangle/Node/4081/ ) =) Thanks Reid, I appreciated a good chuckle for breakfast. Fortunately for my keyboard I didn't have a mouth full of weet-bix esp. when coming to: chmod(1) accepts hexadecimal modes, such as 0x01B6 Cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
panic:vm_fault saga
Hi; I have not been able to get the boxed set v6.2 install cd 1 to boot on MSI RX480 Neo2 motherboard/amd64 processor. I started with an IDE hard drive that I was going to use as boot drive for OS. I have had panics related to USB controller, ps2 mouse, md0 and sci0 com port. Disabling the usb controller solves that accept for a bios setting that seems to work with usb enabled. It seems to have to do with extended ROM associated with Realtek ethernet device. I took out the IDE hard drive because it seemed to give the system detection problems. It was taking over a minute to enter the bios setup. I replaced it with another SATA drive. Now the delay is gone (some problem with the IDE hard drive ??) The panic related to ps2 mouse was solved by disconnecting the mouse. I got what md0 is, memory disc. The upshot of all of this boils down to one of two possibilities: There is a problem with this motherboard, or there is some in compatibility with FreeBSD. Just for kicks I tried booting from 6.0 install cd and got the same result as panic related to md0. All of the 6.2 panics give the same; vm_fault on no fault entry. The 6.0 panic message gives too much data to transcribe before it reboots. I would take this to mean that vm in vm_fault is virtual memory. And I am guessing that the kernel on the install cd is trying to create a temporary swap partition on one of the hard drives and is having trouble with it. The short question is, how can I get FreeBSD install cd boot on this machine, or from misbehavior does it appear possible? (one other paranoid possibility, MSI and Microsoft conspired to sabotage attempts to install alternative OS). I will try a linux distro just for kicks and see what happens. notes for an X Files episode: I have installed 6.2 from the same install set on an ASUS/amd64 machine successfully. So the install disc 1 could have been damaged, the Logitec ps2 mouse is bad all of these possibilities all at once does not seem likely. But it does tend to imply a hardware problem in general. (yes/no?) Thanks in advance for info, data, consolation, whatever. Jeff K ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: wpa_supplicant question
On 8/31/07, Xihong Yin [EMAIL PROTECTED] wrote:
I use wpa_supplicant and have set the 'ifconfig_ndis0=WPA DHCP' in my
/etc/rc.conf. However I am using the NDIS driver, so how do I pass the
-Dndis
argument to the wpa_supplicant?
Thanks
It looks like /etc/rc.d/wpa_supplicant contains logic to take care of that:
case ${ifn} in
ndis*)
driver=ndis
;;
*)
driver=bsd
;;
esac
and then:
command_args=-B -q -i $ifn -c $conf_file -D $driver -P $pid_file
--
I am the kwisatz haderach
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
