Re: partly offtopic, but need feed back now.
On Mon, Jan 11, 2010 at 10:59:34PM -0800, Bill Campbell wrote: > On Tue, Jan 12, 2010, Jon Radel wrote: > > Gary Kline wrote: > > > ... > > Hif you're doing the standard thing, and porting your phone > > number to the cable company, they'll have to put some equipment of their > > own on or in your house. They don't really take ownership of the > > "line", just the number. > > One thing to be aware of with the cable company -- when we had a > week-long power outage a year or so ago, it took Comcast another > week to get the cable back up and running after the power came > back on. Our T1 and other phone lines were fine, and our > generator kept the computers up and running throughout. hehehehehe. I mean: "oh no, oh my heavens." well, I tried to caution my family, but seriously, I'm not anything remotely gleeful or even smiling. the past few months has burned me out gary ps: if my domain suddenly become un-pingable, you'll know the score. > > Bill > -- > INTERNET: b...@celestial.com Bill Campbell; Celestial Software LLC > URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way > Voice: (206) 236-1676 Mercer Island, WA 98040-0820 > Fax:(206) 232-9186 Skype: jwccsllc (206) 855-5792 > > The laws that forbid the carrying of arms ... disarm only those > who are neither inclined nor determined to commit crime Such > laws make things worse for the assaulted and better for the > assailants; they serve to encourage rather than to prevent > homicides, for an unarmed man may be attacked with greater > confidence than an armed one. -- Cesare Beccaria > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" -- Gary Kline kl...@thought.org http://www.thought.org Public Service Unix http://jottings.thought.org http://transfinite.thought.org The 7.79a release of Jottings: http://jottings.thought.org/index.php ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: partly offtopic, but need feed back now.
On Tue, Jan 12, 2010 at 12:19:19AM -0500, Jon Radel wrote: > Gary Kline wrote: > > >according to him, on each one copper circuit, there were two unused wires > >that > >could be used for a second phone number. so that afternoon I had a dialup > >line > >and the house had a voice line. > > Or more > > Each POTS (Plain Old Telephone Service) line takes one copper pair. The > wiring inside your house probably has two pairs, AH. yes, this is what the guy told me. he used all of the wires and I was able to connect my FreeBSD 2.0.5 with work. and call in to work too. :-) > which can either be > used for 2 lines or for 1 line plus power to light the dial of your > Princess phone. If your wiring is of the right vintage you might even > have the old transformer for providing the power dangling somewhere. LOL. I have no idea what kind of wiring this place had, but it was built in 1994; a spec house that we bought several month later. I do remember the Princess phonese... hadn't thought-of for decades, tho. So then some of the wires might have been used for current?? I didn't know that. the installer told me that two were for voice; the other two were ground. hmmm. I know that there has to be some juice in the wires, but never had any idea how much. right now, our one voice ckt had 3 Costco phones plugged in and they have LEDs. oH, wait, there's a wire to a small xformer that plugs into the wall > The > wiring up to your house probably has some even number of pairs. I think > I have a 4-pair and a 6-pair at this point, though most are no longer > used (I'm down to a single POTS and a single T1, way down from my high > point). If I could afford a T1, I'd go for that. but really it would be idioic. overkill. I'm happy with what I have from qwest [period] > > > > >if I'm not mistaken, there are some Qwest people amongst this group. I > >would > >like to know if what the telephone installer told me 14 years ago was > >true, and > >also, if it is likely unchanged. > > > > Well, pretty much unchanged other than that all the local exchange > carriers that actually run copper wire to houses are eager to get out of > that business to one extent or another. Why? not enough money? I can see where copper could be ttoo costly; where fiber would be much better. but then I'm thinking of the situation where the copper runs only a hundred meter at most. > I don't follow this closely, > but I think AT&T is the only one to have actually gone public with a > request to the FCC to set a date when they can drop POTS lines forever. > there was a show, Laugh-In, where Lilly Tomlin made fun of 'the phone company' ... but the situation has changed completely in 35-40 years. I'm dating myself, but facts is fax. > > > >at any rate, within four hours, the cable company will take ownership of > >the > >second voice line. I think it is just one physical circuit split in two > >by a > >clever tech. > > Hif you're doing the standard thing, and porting your phone > number to the cable company, they'll have to put some equipment of their > own on or in your house. They don't really take ownership of the > "line", just the number. the guy put in an RCA "VOIP" box. my daughter net connection is running from the wall to the box, her cat5 cable plugs into the box. I dont know how he got the other voice line working. voodo? I saw him in the corner where the cable to our tv set is, but had no idea what he was doingt there. all I see is the voip box and the comcast wire from the second wall ckt. [?] > > See if you can get the tech to make real sure that your two inside pairs > are well isolated so maybe you can get rid of the problem of ring > voltage leaking from one to the other. He'll probably just detach one > of your inside pairs from Qwest and hook it up to his box, assuming he > doesn't just wave his hands and tell you plug your phone in "here" and > go away. > my speech is too messed up, but my wife spent 13 hours on saturday talking to comcast who said it was quest///qwest's problem; then she talked to qwest for countless hours with my typing at her from my display.we talked to call centers all ovr the globe to people who had never heard of unix and barely even linux. I was going to roll over to the lines outside but they are too far for me to see anything. I was saying that all comcast needed to do was to undo what the installer had dione in '95but then there would be no cable phone/internet service since it was [is?] ONE F-LOUSY ckt. I expect things to go dead here in about 20 minutes. I mean my site. nobody w
Re: pkgtools and xz compressor
b. f. wrote: I notice FreeBSD 7.2's pkg_add, pkg_create, etc don't have support for the xz compressor, evidently due to lack of support for the xz format in bsdtar. Does bsdtar support xz in FreeBSD 8.0? If you have the xz port installed, yes. If you have liblzma installed, you can even recompile libarchive with native xz support by following the comments in lib/libarchive/Makefile. Failing that, is xz support for the pkgtools something being looked at in future? Yes, xz support is being looked at. Lzma-family compression has been of interest for some time but there have been a number of technical issues. The "xz" format seems to address those but the software is still in beta. Once a final production version of the xz software is available, I expect it to be imported into FreeBSD-CURRENT fairly quickly. Cheers, Tim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Q: recommendation for external USB disk
Jeffrey Goldberg wrote: > On Jan 11, 2010, at 6:32 AM, Matthias Apitz wrote: > > >> Can someone recommend a good external USB disk for backups which works >> with FreeBSD 8.0 and has more than 512 GByte? Thx in advance >> > > Pretty much anything that you consider to be a reliable supplier will do. > There are no specific FreeBSD requirements as far as I know. > > I recommend that you get a disk that is externally powered instead of with > power supplied over USB. > I use Freecom hard drive XS 1.5TB USB2.0 on our fallback servers as back-up disks. These are always connected to the servers for over half a year now. I have not had any problems with them and the price was ok. da1 at umass-sim0 bus 0 target 0 lun 0 da1: Fixed Direct Access SCSI-2 device da1: 40.000MB/s transfers da1: 1430799MB (2930277168 512 byte sectors: 255H 63S/T 182401C) /dev/da1s1d on /usr/home/www/backup (ufs, local, soft-updates) This is on FreeBSD 7.2-RELEASE-p6 DISCLAIMER: This e-mail is for the intended recipient(s) only. Access, disclosure, copying, distribution or reliance on any of it by anyone else is prohibited. If you have received it by mistake please let us know by reply and then delete it from your system. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: partly offtopic, but need feed back now.
On Tue, Jan 12, 2010, Jon Radel wrote: > Gary Kline wrote: > ... > Hif you're doing the standard thing, and porting your phone > number to the cable company, they'll have to put some equipment of their > own on or in your house. They don't really take ownership of the > "line", just the number. One thing to be aware of with the cable company -- when we had a week-long power outage a year or so ago, it took Comcast another week to get the cable back up and running after the power came back on. Our T1 and other phone lines were fine, and our generator kept the computers up and running throughout. Bill -- INTERNET: b...@celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax:(206) 232-9186 Skype: jwccsllc (206) 855-5792 The laws that forbid the carrying of arms ... disarm only those who are neither inclined nor determined to commit crime Such laws make things worse for the assaulted and better for the assailants; they serve to encourage rather than to prevent homicides, for an unarmed man may be attacked with greater confidence than an armed one. -- Cesare Beccaria ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: "glabel label" questions
On Mon, 11 Jan 2010 12:24:47 + krad wrote: >2010/1/11 Scott Bennett > >> My system currently has three external disk drives connected via USB >> 2.0 >> ports and will soon have another drive connected via a Firewire port. The >> three already present have quite a few partitions on them, nearly all of >> which >> already contain file systems with lots of files in them. I would like to >> use >> the "glabel label" method of labeling each of these partitions, so that I >> do >> not always have to disconnect all but one external drive when rebooting the >> system and then reconnect them one by one in order to get the proper device >> files assigned to them for use with /etc/fstab entries. >> However, some of these partitions contain GELI-encrypted file systems. >> Can the "glabel label" sort of labeling be used with encrypted partitions? >> If so, can "glabel label" be used on the encrypted partitions without >> destroying the file systems or the data in them? Or will I need to >> recreate >> the file systems after labeling the partitions and then restore their >> contents >> from backups? Is there any danger to unencrypted partitions and data when >> using the "glabel label" operation? >> Thanks in advance for any help with this matter. >> > >just unmount them and do a tunefs -L on them. Geli works a >layer below the fs so should work fine. > Thank you for responding. Unfortunately, it appears I didn't state my questions clearly enough. The layering of the software is not what concerns me most here. What worries me is whether writing the label information to the disk will overwrite my data or file system control structure data that are already present on the disk. The layering issue that does concern me, however, is not that GELI lies below the file system, which one can clearly see even from the instructions in the handbook for setting up GELI-encrypted partitions. What is at issue is whether GELI can properly handle /dev/label/somename as a provider for a "geli attach" operation, creating then a /dev/label/somename.eli device file that can then be mounted onto a directory in the file system. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: partly offtopic, but need feed back now.
Gary Kline wrote: according to him, on each one copper circuit, there were two unused wires that could be used for a second phone number. so that afternoon I had a dialup line and the house had a voice line. Or more Each POTS (Plain Old Telephone Service) line takes one copper pair. The wiring inside your house probably has two pairs, which can either be used for 2 lines or for 1 line plus power to light the dial of your Princess phone. If your wiring is of the right vintage you might even have the old transformer for providing the power dangling somewhere. The wiring up to your house probably has some even number of pairs. I think I have a 4-pair and a 6-pair at this point, though most are no longer used (I'm down to a single POTS and a single T1, way down from my high point). if I'm not mistaken, there are some Qwest people amongst this group. I would like to know if what the telephone installer told me 14 years ago was true, and also, if it is likely unchanged. Well, pretty much unchanged other than that all the local exchange carriers that actually run copper wire to houses are eager to get out of that business to one extent or another. I don't follow this closely, but I think AT&T is the only one to have actually gone public with a request to the FCC to set a date when they can drop POTS lines forever. at any rate, within four hours, the cable company will take ownership of the second voice line. I think it is just one physical circuit split in two by a clever tech. Hif you're doing the standard thing, and porting your phone number to the cable company, they'll have to put some equipment of their own on or in your house. They don't really take ownership of the "line", just the number. See if you can get the tech to make real sure that your two inside pairs are well isolated so maybe you can get rid of the problem of ring voltage leaking from one to the other. He'll probably just detach one of your inside pairs from Qwest and hook it up to his box, assuming he doesn't just wave his hands and tell you plug your phone in "here" and go away. -- --Jon Radel j...@radel.com smime.p7s Description: S/MIME Cryptographic Signature
partly offtopic, but need feed back now.
something on the 12th, seattle time, the cable company may control both our voice lines. in '95 when we moved in, two lines were not available by the telco. when they understood that I was physically disabled, the technician came out the next day and gave us our second line. according to him, on each one copper circuit, there were two unused wires that could be used for a second phone number. so that afternoon I had a dialup line and the house had a voice line. if I'm not mistaken, there are some Qwest people amongst this group. I would like to know if what the telephone installer told me 14 years ago was true, and also, if it is likely unchanged. sometimes both lines ring when our voice line is dialed. there is no one at the telco who believes me; they only believe what they see on their computer screens. I spend an hour plus filling in an html FORM this afternoon explaining things. just heard back that they cannot create a problem ticket [or whatever] with the info I sent. at any rate, within four hours, the cable company will take ownership of the second voice line. I think it is just one physical circuit split in two by a clever tech. gary ps: if you can't ping me sometime mid-afternoon, 12jan10, you know what's happened. OTOH, maybe after all these years, somebody fixed things and I'll be all right -g -- Gary Kline kl...@thought.org http://www.thought.org Public Service Unix http://jottings.thought.org http://transfinite.thought.org The 7.79a release of Jottings: http://jottings.thought.org/index.php ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: After freebsd-update - all went wrong.
On Thu, Dec 24, 2009 at 03:47:51PM +, Marwan Sultan thus spake: This is a lesson for me and everyone to never run freebsd-update on a custom kernel I run FreeBSD on a custom kernel, and do binary updates. However, I can do this because I run my own update server. So all kernels are rebuilt and distributed. It can be done. The power of FreeBSD! - Marwan Sultan System Administrator Date: Thu, 24 Dec 2009 15:35:44 +0100 From: free...@edvax.de To: dead_l...@hotmail.com CC: freebsd-questions@freebsd.org Subject: Re: After freebsd-update - all went wrong. On Thu, 24 Dec 2009 14:06:48 +, Marwan Sultan wrote: > well, I have fixed problem two by installing back my custom kernel. > but the system still ignores the "defaultroute" command in rc.conf > this is why we have manuly added to the rc.local Is this possibly a spelling error? The setting in rc.conf is defaultrouter="..." - routeR. > But eventho it shouldnot touch rc.conf right? Correct. The rc.conf file is one of the few ones that shouldn't be in the scope of freebsd-update or mergemaster (if you update by source). > my rc.local now has > > route add default 66.xx.x.x > ifconfig em0 66.xx.x.x netmask 255.255.255.255 alias > If i take it off, system will not have any defaultroute > anymore although its in rc.conf > > defaultrouter="66.xx.x.x" > hostname="xx.com" > ifconfig_em0="inet 66.xx.x.x netmask 255.255.255.0" Your setting in rc.conf is spelled correctly (see above). Could you try what happens if you start the inet subsystem manually (/etc/rc.d/netif and /etc/rc.d/routing)? The last one reads defaultrouter="..." from rc.conf. As far as I see, the settings in rc.conf are completely valid, and should work. If this is still the "old" rc.conf (that worked before), the services activated in there should be started, too... You could additionally check /etc/resolv.conf and /etc/hosts for any malformed entries. I think /etc/hosts could be altered / overwritten by freebsd-update? -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" _ Hotmail: Powerful Free email with security by Microsoft. http://clk.atdmt.com/GBL/go/171222986/direct/01/___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: permission denied
Can you please document the process from the beginning to how you are receiving this error? This will greatly help in diagnosing the issue. Thanks, Jason On Mon, Jan 11, 2010 at 07:48:44PM -0800, Daniel Papadopoulos thus spake: hello i have tried installing free bsd version 7.0 and 8.0 but when i try to install the packages from the cd rom i get the message permission denied i just want a graphical interface or my version to work with kde ps i am loged in as a root user thank you __ The new Internet Explorer® 8 - Faster, safer, easier. Optimized for Yahoo! Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplorer/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
permission denied
hello i have tried installing free bsd version 7.0 and 8.0 but when i try to install the packages from the cd rom i get the message permission denied i just want a graphical interface or my version to work with kde ps i am loged in as a root user thank you __ The new Internet Explorer® 8 - Faster, safer, easier. Optimized for Yahoo! Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplorer/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
pkg_info fails with "leave_playpen: can't chdir back to ''"
Mike Clarke, I'm seeing the same problem with pkg_info on FreeBSD 8.0 RELEASE. However, I also found that even when running as the root user, if I'm in a chroot jail, it does not fail. Henry Wong ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: [PHP] RE: Clean PHP 5.2.12 Build Core Dumping / Can't Build Port - FreeBSD 6.1
Ok.. just for grins I installed a new instance of 6.1, NO Patches, just straight off the ISO... I loaded the ports that came WITH the distro, and was able to make php 5.1.2 ok... When I did a portsnap fetch, portsnap extract, then went into the /usr/ports/lang/php5 and just typed make I get the same error... SO as it seems, the port is broken, at least for working with FreeBSD 6.1. Can anyone give me some hints on how to build this sucker by hand? Seems as though there are a bunch of patches that are referenced in the distinfo file. I REALLY need to get this taken care of asap, any help is appreciated. Thanks! > > > I tried adding WITHOUT_X11=yes to /etc/make.conf as well as > X11BASE= > > and > > > X11BASE="", but I still get the same error. > > > > Remove them. This makes sure they are not defined, not even > > empty (as in "#define BLA -> symbol 'BLA' is defined"). > > > > > Where to go from here? Do I have and old version of something that > is > > > causing this? I get this error _right away_ before anything is even > > built. > > > > It seems to be a check by the Makefile at port's top level. > > Ok... I have no definition for X11BASE anywhere, not in my env, not in > my > /etc/make.conf, nowhwere... > > However, it's still complaining about X11BASE being deprecated. I tried > just > adding WITHOUT_X11=yes in /etc/make, and without it. I even searched > all the > Makefiles in /usr/ports, and in the /usr/ports/lang/php5 dir to find > any > reference to X11, or X, or X11BASE, but nada... I don't even know where > this > error message is being generated from. > > I can't even do a basic make without it immediately spitting out the > error: > > # make > X11BASE is now deprecated. Unset X11BASE in make.conf and try again. > *** Error code 1 > > Stop. > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Can't mountroot from ZFS pool
All, I've successfully upgraded the disks in my ZFS backup server, and can import/mount the pool properly. However, I designed this box originally so that it mounts / from zfs:storage after booting from a USB stick. After the upgrade of the disks, I'm stuck at a mountroot prompt when I attempt to boot the system with the original USB /boot key. Can someone inform me how to find the / filesystem at the mountroot prompt? If not, is there *any* way to boot the system normally from another medium, and then 'reload' the system with the ZFS / after its been mounted so that the system functions as designed (ie. cron works etc)? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: NDIS panics (Was: Can I rescan for new PCI devices? Or should hotplugging Expresscards work?)
On 1/11/10, Bob Johnson wrote: > On 1/9/10, Paul B Mahol wrote: >> On 12/16/09, Bob Johnson wrote: >>> I'm using an ExpressCard for wireless networking because there seems >>> to be no driver for the internal card in my laptop (and NDIS panics >>> the system). The Expresscard shows up as a PCI device and works fine, >> >> How are you using NDIS and when system panic what is displayed? > > I tried to use ndisgen with the internal Dell 1397 card. I don't have > details available right now, although if you need them I can try it > again. When I did the kldload the system spit out error messages about > unknown symbols and then panic-ed. I did some searching of the > archives and found a message describing the same symptoms, and the > response posted was that it indicated that the Windows driver made API > calls that were not implemented in the NDIS wrapper. > > This was a 64-bit Windows driver and an amd64 FreeBSD system. Similar > results in both > FreeBSD 7.2 and 8.0. > > It appears that kern/132672 is describing the same or a very similar > issue. It also suggests that there is a more fundamental problem than > the unrecognized symbols. > > I can try to reproduce the problem tonight if you want me to. > > Thanks, If you have debug kernel, then make breakpoint for MSCALL2 (kldload ndis.ko before that): `break MSCALL2' Then load ndisgen module. Then single step it with `s' it should panic after few steps. At least this is issue I'm experiencing on amd64, it fails in DriverEntry(). -- Paul B Mahol ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD 8.0, HyperV and non-uniform processors.
Hi-- On Jan 11, 2010, at 10:43 AM, Paul Halliday wrote: > Is this warning as harmful as it sounds: > > WARNING: Non-uniform processors. > WARNING: Using suboptimal topology. > > More info: > > CPU: Intel(R) Xeon(R) CPU E7330 @ 2.40GHz (2304.83-MHz 686-class > CPU) > ACPI APIC Table: > FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs > FreeBSD/SMP: 0 package(s) x 4 core(s) > cpu0 (BSP): APIC ID: 0 > cpu1 (AP): APIC ID: 1 > WARNING: Non-uniform processors. > WARNING: Using suboptimal topology. > > Unfortunately I am forced to use this setup. Is there anything I can > do? Should I even be worried? This comes from the SMP probing code in i386/i386/mp_machdep.c (and similar for amd64): if (mp_ncpus % (cpu_cores * cpu_logical) != 0) { printf("WARNING: Non-uniform processors.\n"); printf("WARNING: Using suboptimal topology.\n"); return (smp_topo_none()); } smp_topo_none() means that the system assumes none of the L1/L2 cache levels are shared; for a virtual machine, this is probably correct, so you should not be unduly concerned. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: speed test in ports?
You don't need ports for thatJust use fetch(1) and grab an ISO of a DVD (or even a CD) from somewhere. Eg, a debian DVD image or freebsd image or whatever. A lot of ISPs boost the first x MB of a transfer to give the illusion that you can download faster when doing speed tests (since speed tests only transfer a small amount of data). Comcast's "PowerBoost" is a perfect example of this. So if you get something bigger, you can monitor the speed of the download and get your speed test that way. If you really want to be accurate, you can do the test several times using mirrors in various geographical areas as well to get a better overall idea of your available bandwidth. This method works for me - what about testing upload? I am guessing the best way might be to login into another server and "fetch" from my server? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
NDIS panics (Was: Can I rescan for new PCI devices? Or should hotplugging Expresscards work?)
On 1/9/10, Paul B Mahol wrote: > On 12/16/09, Bob Johnson wrote: >> I'm using an ExpressCard for wireless networking because there seems >> to be no driver for the internal card in my laptop (and NDIS panics >> the system). The Expresscard shows up as a PCI device and works fine, > > How are you using NDIS and when system panic what is displayed? I tried to use ndisgen with the internal Dell 1397 card. I don't have details available right now, although if you need them I can try it again. When I did the kldload the system spit out error messages about unknown symbols and then panic-ed. I did some searching of the archives and found a message describing the same symptoms, and the response posted was that it indicated that the Windows driver made API calls that were not implemented in the NDIS wrapper. This was a 64-bit Windows driver and an amd64 FreeBSD system. Similar results in both FreeBSD 7.2 and 8.0. It appears that kern/132672 is describing the same or a very similar issue. It also suggests that there is a more fundamental problem than the unrecognized symbols. I can try to reproduce the problem tonight if you want me to. Thanks, -- -- Bob Johnson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: speed test in ports?
On Mon, Jan 11, 2010 at 12:45 PM, David Banning wrote: > I wonder if there is something in the ports that tests my DSL speed. > I am guessing that if I installed firefox3 and then installed flash > or Java then I could go to speedtest.net, but I wonder if there is > a simpler solution. > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" > You don't need ports for thatJust use fetch(1) and grab an ISO of a DVD (or even a CD) from somewhere. Eg, a debian DVD image or freebsd image or whatever. A lot of ISPs boost the first x MB of a transfer to give the illusion that you can download faster when doing speed tests (since speed tests only transfer a small amount of data). Comcast's "PowerBoost" is a perfect example of this. So if you get something bigger, you can monitor the speed of the download and get your speed test that way. If you really want to be accurate, you can do the test several times using mirrors in various geographical areas as well to get a better overall idea of your available bandwidth. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: speed test in ports?
On Jan 11, 2010, at 9:45 AM, David Banning wrote: > I wonder if there is something in the ports that tests my DSL speed. > I am guessing that if I installed firefox3 and then installed flash > or Java then I could go to speedtest.net, but I wonder if there is > a simpler solution. You can use ftp or fetch from the base system to test downloads of some reasonably large files, and get a decent estimate of your bandwidth (or that of the server, depending on which is lower). However, the network-based tests from your ISP, speedtest.net, dslreports.com, etc including the tweak test often provide useful information about MTU, dropped packets, tweaking TCP window size, etc, so a browser-based test is a good approach. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Q: recommendation for external USB disk
On Jan 11, 2010, at 6:32 AM, Matthias Apitz wrote: > Can someone recommend a good external USB disk for backups which works > with FreeBSD 8.0 and has more than 512 GByte? Thx in advance Pretty much anything that you consider to be a reliable supplier will do. There are no specific FreeBSD requirements as far as I know. I recommend that you get a disk that is externally powered instead of with power supplied over USB. Earlier versions of FreeBSD had problems with USB connected devices. In particular if they were removed or powered down without dismounting, this could lead to a kernel panic. This problem has been fixed, but I still am extra careful with my USB backup disks: (1) Power for the back-up disks should be on a UPS (2) umount the file systems on the back-up disk when not in use. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
FreeBSD 8.0, HyperV and non-uniform processors.
Is this warning as harmful as it sounds: WARNING: Non-uniform processors. WARNING: Using suboptimal topology. More info: CPU: Intel(R) Xeon(R) CPU E7330 @ 2.40GHz (2304.83-MHz 686-class CPU) ACPI APIC Table: FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs FreeBSD/SMP: 0 package(s) x 4 core(s) cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 WARNING: Non-uniform processors. WARNING: Using suboptimal topology. Unfortunately I am forced to use this setup. Is there anything I can do? Should I even be worried? Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Serious problems updating 8.0-Stable after switching to with_gecko= libxul.
Hello, I'm running Freebsd 8.0-Stable #9 Dec 17/09 on amd64. I'm running gnome, and at the time i started my update i was at Gnome 2.26 I went through UPDATING and tried to switch from firefox 2 which is marked ignore to libxul by changing WITH_GECKO=libxul removed firefox3 and installed firefox35 I used UPDATING to try and sort out libxul, but it seems i have some cyclic dependencies. I use portmaster (i did try to rebuild things for portupgrade and try, but it had bigger problems and i couldn't even update the index.) I keep updating my ports tree (cvsup) i used portsnap, and it seems that was when my problems started, i rm -rf /usr/ports/* and cvsupped the entire thing back at one point. I got an error which seems to have started the whole ugly affair with /usr/ports/Mk/bsd.gecko.mk causing post patch issues, the main problem seemed to be e2fsprogs-libuuid which i was unable to rebuild due to it wanting a bsd.gecko.mk patch which from what i've read is now removed with firefox2, i deleted stuff till i got around that for now... but... at present my key problem is a cyclic dependency when i try and rebuilt pretty much anything, with libxul as the main issue. glib20 => libxul =>glib20 => libxul =>glib20 => libxul =>glib20 => libxul =>glib20 => libxul =>glib20 I have tried installing the package for both. i've tried pkg_deleting both then installing the port, or using portmaster, i've tried portmaster --check-depends, i've tried portmaster -e to remove them and try and re-install them. I've removed about 1/2 my system and now have even more problems. (i removed gettext and now portmaster complains about missing libintl.so.8 not found. at best i get a much larger cyclic loop with: glib20 => libtool22 => libiconv => gettetxt => atk => libgmp4 => farsight => gdm => libxul => glib20 or some other combination of the cycle. Can anyone help me get my system back up and running? make.conf looks like this: WITH_MYSQL_VER=51 APACHE_VERSION=22 OVERRIDE_LINUX_BASE_PORT=f8 WWWDIR = /web/phpmyadmin WITH_CUPS="yes" CUPS_OVERWRITE_BASE=true #NO_LPR=true USE_GECKO=libxul # Begin portconf settings # Do not touch these lines .if !empty(.CURDIR:M/usr/ports*) && exists(/usr/local/libexec/portconf) _PORTCONF!=/usr/local/libexec/portconf .for i in ${_PORTCONF:S/|/ /g} ${i:S/%/ /g} .endfor .endif # End portconf settings # added by use.perl 2009-09-19 16:22:20 PERL_VERSION=5.10.1 thanks ken___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
speed test in ports?
I wonder if there is something in the ports that tests my DSL speed. I am guessing that if I installed firefox3 and then installed flash or Java then I could go to speedtest.net, but I wonder if there is a simpler solution. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: denying spam hosts ssh access - good idea?
On Mon, Jan 11, 2010 at 7:01 AM, Anton Shterenlikht wrote: > I'm thinking of denying ssh access to host from which > I get brute force ssh attacks. > > HOwever, I see in /etc/hosts.allow: > > # Wrapping sshd(8) is not normally a good idea, but if you > # need to do it, here's how > #sshd : .evil.cracker.example.com : deny > > Why is it not a good idea? > > Also, apparently in older ssh there was DenyHosts option, > but no longer in the current version. > Is there a replacement for DenyHOsts? > Or is there a good reason for such option not to be used? Anton- In the general theme of this thread -- not answering your question, but providing an alternate solution -- sshguard from ports work fantastically for me. It interfaces with both ipfw and pf firewalls (I use it with pf) and has builtin timeout. I use syslog on several machine behind my firewall to forward SSH authentication failures to my FreeBSD firewall that uses PF and it quickly identifies and blocks bruteforce attacks. From my syslog.conf: !sshd auth.info @wall The handy thing here is that it has builtin timeout rules so if you do something silly and block yourself out temporarily, it'll eventually straighten itself out. Cheers, Ben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
64-bit or 32-bit bind and DHCP
We are upgrading our FreeBSD servers to FreeBSD8.0 and most of the servers are 64-bit platforms. At one time, there was an issue in which either bind or dhcpd actually ran a bit slower in the 64-bit version of FreeBSD. Are there any similar issues these days or should I use 64-bit where possible? Many thanks. Martin McCormick WB5AGZ Stillwater, OK Systems Engineer OSU Information Technology Department Telecommunications Services Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UTF-16 decoder
On Mon, Jan 11, 2010 at 08:33:07PM +0300, Yuri Pankov wrote: > On Mon, Jan 11, 2010 at 10:40:01AM -0600, Paul Schmehl wrote: > > Can anyone point me to an online or unix utility that decodes utf-16 > > to ascii? Or unicode? My google searches have been nonproductive. > > > > -- > > Paul Schmehl, Senior Infosec Analyst > > As if it wasn't already obvious, my opinions > > are my own and not those of my employer. > > *** > > "It is as useless to argue with those who have > > renounced the use of reason as to administer > > medication to the dead." Thomas Jefferson > > converters/iconv, which should be already installed. This should read converters/libiconv, of course, sorry. > > > Yuri ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UTF-16 decoder
On Mon, Jan 11, 2010 at 10:40:01AM -0600, Paul Schmehl wrote: > Can anyone point me to an online or unix utility that decodes utf-16 > to ascii? Or unicode? My google searches have been nonproductive. > > -- > Paul Schmehl, Senior Infosec Analyst > As if it wasn't already obvious, my opinions > are my own and not those of my employer. > *** > "It is as useless to argue with those who have > renounced the use of reason as to administer > medication to the dead." Thomas Jefferson converters/iconv, which should be already installed. Yuri ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UTF-16 decoder
On Mon, Jan 11, 2010 at 10:40:01AM -0600, Paul Schmehl wrote: > Can anyone point me to an online or unix utility that decodes utf-16 to > ascii? > Or unicode? My google searches have been nonproductive. Try uconv(1) from the devel/icu port. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpxp1vp87zZ7.pgp Description: PGP signature
UTF-16 decoder
Can anyone point me to an online or unix utility that decodes utf-16 to ascii? Or unicode? My google searches have been nonproductive. -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: bin/115406: [patch] gpt(8) GPT MBR hangs award BIOS on boot
Dan Naumov wrote: What exactly is "gart" and where do I find it's manpage, http://www.freebsd.org/cgi/man.cgi comes up with nothing? Also, does this mean that GPT is _NOT_ in fact fixed regarding this bug? That's gpart(8). With a 'p'. gpart has had significant amounts of work put into it for 8.0 release, and a lot of people are using it for eg. ZFS-root based systems, so it will probably work for you. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: denying spam hosts ssh access - good idea?
I had the same ssh-bruteforce troubles. Here's the script I use against that. It's in cron, launched every 2 minutes. #!/bin/sh AUTH=/var/log/auth.log BKLST=/var/log/blacklist.log HOSTS=/etc/hosts DHOSTS=/etc/hosts.deny cat $AUTH | egrep -i "(illegal|invalid|failed)" | awk -F "from" '{print $2}' | awk '{print $1}' | sort -u >$BKLST for i in `cat $BKLST`; do nerr=`cat $AUTH | egrep -i "(illegal|invalid|failed)" | grep $i | wc -l` if [ "$nerr" -ge "3" -a -z "`cat $HOSTS | grep $i`" -a -z "`cat $DHOSTS | grep $i`" ]; then echo "ALL : $i # matched on `date`" >>$DHOSTS fi done #nota: I added my home & work IPs to /etc/hosts I can't use ssh-keys (many of my users don't know how that works/what it is). But if you can do it, you should. Samuel Martín Moro On Mon, Jan 11, 2010 at 4:59 PM, Anton Shterenlikht wrote: > On Mon, Jan 11, 2010 at 03:25:04PM +, Matthew Seaman wrote: > > Anton Shterenlikht wrote: > > > I'm thinking of denying ssh access to host from which > > > I get brute force ssh attacks. > > > > > > HOwever, I see in /etc/hosts.allow: > > > > > > # Wrapping sshd(8) is not normally a good idea, but if you > > > # need to do it, here's how > > > #sshd : .evil.cracker.example.com : deny > > > > > > Why is it not a good idea? > > > > Probably because ssh is likely to be the only method of login access > > you have to a remote server, and hosts.allow could conceivably be spoofed > > into blocking your legitimate access? In any case, hosts.allow is a > poor relation to using a real firewall -- it has no access to the lower > level bits > > of the networking code, so has to allow a full tcp connection setup > before it > > can block anything. Some daemons allow quite a lot of interaction with > the > > remote site when using hosts.allow functionality -- eg. sendmail will > > apparently go through all of the stages of accepting an incoming e-mail > from > > a denied host, right up to the 'MAIL FROM...' section of the SMTP > transaction > > where it will respond with a 500 permanent failure error code. > [admittedly > > this does have the benefit that the other side will then immediately give > up > > trying to send the message if it's playing by the RFC rules. (Most > spam-bots > > don't, of course.) Otherwise, you'ld get the remote side retrying the > message > > several times an hour over the next 5 days before it timed out and gave > up. > > > > > Also, apparently in older ssh there was DenyHosts option, > > > but no longer in the current version. > > > Is there a replacement for DenyHOsts? > > > Or is there a good reason for such option not to be used? > > > > I believe you can do something like this: > > > > match address 192.168.23.0/24,172.16.0.0/16 > > ForceCommand /usr/sbin/nologin > > > > but this is not foolproof, as it is run via the users' login shell > > and a sufficiently cunning person can arrange for all sorts of > interesting > > things to happen from their shell initialization files... > > Matthew, this makes sense > > many thanks > anton > > -- > Anton Shterenlikht > Room 2.6, Queen's Building > Mech Eng Dept > Bristol University > University Walk, Bristol BS8 1TR, UK > Tel: +44 (0)117 331 5944 > Fax: +44 (0)117 929 4423 > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscr...@freebsd.org" > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: denying spam hosts ssh access - good idea?
Anton Shterenlikht writes: > I'm very grateful for all advice, but I'm still unsure > why denying ssh access to a particular host via /etc/hosts.allow > is a bad idea. As far as I recall, the reason the warning was added to the manual was that it's fairly heavy on resources to implement that way (especially back before the wrapper support was added to sshd; running it out of inetd added quite a bit of lag). It is also liable to problems from the idiosyncratic configuration syntax. By and large, you'd be better off with a firewall, but hosts.allow will certainly work if you want to do that. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
bin/115406: [patch] gpt(8) GPT MBR hangs award BIOS on boot
I have a few questions about this PR: http://www.freebsd.org/cgi/query-pr.cgi?pr=115406&cat=bin 1) Is this bug now officially fixed as of 8.0-RELEASE? Ie, can I expect to set up a completely GPT-based system using an Intel D945GCLF2 board and not have the installation crap out on me later? 2) The very last entry into the PR states the following: "The problem has been addressed in gart(8) and gpt(8) is obsolete, so no follow-up is to be expected at this time. Close the PR to reflect this." What exactly is "gart" and where do I find it's manpage, http://www.freebsd.org/cgi/man.cgi comes up with nothing? Also, does this mean that GPT is _NOT_ in fact fixed regarding this bug? Thanks. - Sincerely, Dan Naumov ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: denying spam hosts ssh access - good idea?
On Mon, Jan 11, 2010 at 03:25:04PM +, Matthew Seaman wrote: > Anton Shterenlikht wrote: > > I'm thinking of denying ssh access to host from which > > I get brute force ssh attacks. > > > > HOwever, I see in /etc/hosts.allow: > > > > # Wrapping sshd(8) is not normally a good idea, but if you > > # need to do it, here's how > > #sshd : .evil.cracker.example.com : deny > > > > Why is it not a good idea? > > Probably because ssh is likely to be the only method of login access > you have to a remote server, and hosts.allow could conceivably be spoofed > into blocking your legitimate access? In any case, hosts.allow is a poor > relation to using a real firewall -- it has no access to the lower level bits > of the networking code, so has to allow a full tcp connection setup before it > can block anything. Some daemons allow quite a lot of interaction with the > remote site when using hosts.allow functionality -- eg. sendmail will > apparently go through all of the stages of accepting an incoming e-mail from > a denied host, right up to the 'MAIL FROM...' section of the SMTP transaction > where it will respond with a 500 permanent failure error code. [admittedly > this does have the benefit that the other side will then immediately give up > trying to send the message if it's playing by the RFC rules. (Most spam-bots > don't, of course.) Otherwise, you'ld get the remote side retrying the > message > several times an hour over the next 5 days before it timed out and gave up. > > > Also, apparently in older ssh there was DenyHosts option, > > but no longer in the current version. > > Is there a replacement for DenyHOsts? > > Or is there a good reason for such option not to be used? > > I believe you can do something like this: > > match address 192.168.23.0/24,172.16.0.0/16 > ForceCommand /usr/sbin/nologin > > but this is not foolproof, as it is run via the users' login shell > and a sufficiently cunning person can arrange for all sorts of interesting > things to happen from their shell initialization files... Matthew, this makes sense many thanks anton -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 331 5944 Fax: +44 (0)117 929 4423 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Setup of Router machine with FreeBSD
Quoting Paul Shi : Dear All, I have tried to setup a wireless network consist of a server, AP, a router machine and wireless client. Here is setup and configuration of my design. Please correct me if I am wrong about anything. Server IP: 192.168.2.1, Gateway: 192.168.2.2, Netmask: 255.255.255.0 - IP: 192.168.2.2, Netmask: 255.255.255.0 Router IP: 192.168.1.1, Netmask: 255.255.255.0 - IP:192.168.1.2, Gateway: 192.168.1.1, Netmask: 255.255.255.0 Access Point - IP: 192.168.1.3, Netmask: 255.255.255.0 Client I have add following to /etc/rc.conf of server machine static_routes="serverinternal" routes_serverinternal="'-net 192.168.2.1/24 192.168.2.2" and following to /etc/rc.conf of router machine static_routes="internal" routes_internal="'-net 192.168.2.2/24 192.168.1.1" Is there anything I have done wrong? Or anything else I need to do. My problem now is I cannot connect from server to router machine. Any suggestion would be greatly appreciated! Your sincerely, Paul Shi Electronic and Communication Engineering Senior Department of Electrical and Electronic Engineering University of Hong Kong ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" Paul, It seems to me your problem is in your route configuration. "192.168.2.1/24" is incorrect, /24 indicates the bitmask; the network address should be correctly written as "192.168.2.0/24" instead indicating a network address of '192.168.2.0' with a network of 254 usable IP addresses in the same subnet. You'll thus only have to have ONE route entry for the whole network, not one per IP (unless that is your intention -in which case the '-net' syntax is incorrectly being used). So long as routing is turned on (man sysctl), simply pointing the server to the router and the client to the router to connect to each other should work. Try doing the commands from the console first to get it all working, then worry about putting in the startup configs on boot-up. Given your example, I'd login to 'server' and run: route add 192.168.1.0/24 192.168.2.2 (if the router is the ONLY router from the server, use this instead): route add 0.0.0.0 192.168.2.2 Then, from the client, add: route add 192.168.2.0/24 192.168.1.1 The gateway/router box itself does not need any routing setup internally; you don't need/shouldn't be setting any routes given that 192.168.2.2, and 192.168.1.2 are hosts on the two networks for which you want to allow routes. They key is in getting the clients to both use the same gateway, (as accessible from the network they are respectfully on). This may be a little more clearly depicted below: Host A (192.168.2.1) <--> Router (192.168.2.2) (192.168.1.1) <--> Host B (192.168.1.3) Host A: - needs to know to use '192.168.2.2' as it's gateway to 192.168.1.0/24 - may just use 192.168.2.2 as it's default gateway to ANY network Host B: - needs to know to use '192.168.1.1' as it's gateway to 192.168.2.0/24 - similarly, may just use '192.168.1.1' as it's default gateway to ANY as well Assuming you're connecting the internet at some point to the gateway (router) machine, a decent firewall filter and NAT will most likely be required as well. Read up in the handbook a bit on the subject or feel free to come back for more info if needed. Hope this helps. -- Nathan Vidican nat...@vidican.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: denying spam hosts ssh access - good idea?
Anton Shterenlikht wrote: I'm thinking of denying ssh access to host from which I get brute force ssh attacks. HOwever, I see in /etc/hosts.allow: # Wrapping sshd(8) is not normally a good idea, but if you # need to do it, here's how #sshd : .evil.cracker.example.com : deny Why is it not a good idea? Probably because ssh is likely to be the only method of login access you have to a remote server, and hosts.allow could conceivably be spoofed into blocking your legitimate access? In any case, hosts.allow is a poor relation to using a real firewall -- it has no access to the lower level bits of the networking code, so has to allow a full tcp connection setup before it can block anything. Some daemons allow quite a lot of interaction with the remote site when using hosts.allow functionality -- eg. sendmail will apparently go through all of the stages of accepting an incoming e-mail from a denied host, right up to the 'MAIL FROM...' section of the SMTP transaction where it will respond with a 500 permanent failure error code. [admittedly this does have the benefit that the other side will then immediately give up trying to send the message if it's playing by the RFC rules. (Most spam-bots don't, of course.) Otherwise, you'ld get the remote side retrying the message several times an hour over the next 5 days before it timed out and gave up. Also, apparently in older ssh there was DenyHosts option, but no longer in the current version. Is there a replacement for DenyHOsts? Or is there a good reason for such option not to be used? I believe you can do something like this: match address 192.168.23.0/24,172.16.0.0/16 ForceCommand /usr/sbin/nologin but this is not foolproof, as it is run via the users' login shell and a sufficiently cunning person can arrange for all sorts of interesting things to happen from their shell initialization files... Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Setup of Router machine with FreeBSD
Dear All, I have tried to setup a wireless network consist of a server, AP, a router machine and wireless client. Here is setup and configuration of my design. Please correct me if I am wrong about anything. Server IP: 192.168.2.1, Gateway: 192.168.2.2, Netmask: 255.255.255.0 - IP: 192.168.2.2, Netmask: 255.255.255.0 Router IP: 192.168.1.1, Netmask: 255.255.255.0 - IP:192.168.1.2, Gateway: 192.168.1.1, Netmask: 255.255.255.0 Access Point - IP: 192.168.1.3, Netmask: 255.255.255.0 Client I have add following to /etc/rc.conf of server machine static_routes="serverinternal" routes_serverinternal="'-net 192.168.2.1/24 192.168.2.2" and following to /etc/rc.conf of router machine static_routes="internal" routes_internal="'-net 192.168.2.2/24 192.168.1.1" Is there anything I have done wrong? Or anything else I need to do. My problem now is I cannot connect from server to router machine. Any suggestion would be greatly appreciated! Your sincerely, Paul Shi Electronic and Communication Engineering Senior Department of Electrical and Electronic Engineering University of Hong Kong ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: denying spam hosts ssh access - good idea?
Tim Judd wrote: I've been meaning to check this out. My firewall ssh rules are very strict, in fact, if the remote IP is "unknown" meaning, I don't know where the heck it's coming from, it's blocked. It's easier to say it this way: I allow ssh connections from IPs I know, preferably static IPs. Given that there are more than one general blacklists out there that list unwanted behavior, and that we have ports that make use of these lists, I wonder if we can use a list (in this case, for spam) effective for blocking ssh connections. This means: install spamd setup pf (requirement for spamd, it is built by OpenBSD after all) in the pf rules, block *ANYTHING* coming from the blacklisted IPs I don't know how effective it is, but since the spamd blacklist IPs are hosted on what seems to be only one server/server farm, I am also looking for any way I can provide a mirror (even if it's slightly outdated) of this data. Sure you can do this -- you don't even need to install spamd(8) to do it. If all you're going to do is use the uatraps and nixspam lists to block all traffic to your server, then you can just create a table in pf, and load the list of addresses from those lists into it. You may need some very small shell scripts to strip out anything other than IP numbers from the lists (if you use the original sources for the Nixspam stuff from heise.de), and then print out the list of addresses into a file, one per line. You can load that file into a PF table very easily: table persist file "/var/db/blacklisted.txt" and use it to block any traffic: block log in quick on $ext_if from to any Then whenever you update your blacklisted.txt file, just run: # pfctl -t blacklisted -T replace -f /var/db/blacklisted.txt As you say, the places where you can download those lists are few and far between, plus they're not particularly comprehensive. There are bigger and better spam blocklists out there, but those are generally served as DNS rbls which aren't feasible for hooking into PF configs. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: denying spam hosts ssh access - good idea?
On Mon, Jan 11, 2010 at 07:18:04AM -0700, Tim Judd wrote: > On 1/11/10, David Southwell wrote: > >> I'm thinking of denying ssh access to host from which > >> I get brute force ssh attacks. > >> > >> HOwever, I see in /etc/hosts.allow: > >> > >> # Wrapping sshd(8) is not normally a good idea, but if you > >> # need to do it, here's how > >> #sshd : .evil.cracker.example.com : deny > >> > >> Why is it not a good idea? > >> > >> Also, apparently in older ssh there was DenyHosts option, > >> but no longer in the current version. > >> Is there a replacement for DenyHOsts? > >> Or is there a good reason for such option not to be used? > >> > >> many thanks > >> anton > >> > > I use denyhosts ( /usr/ports/security/denyhosts ) works well for me. I also > > use blackhole and sshguard > > > > david > > > I've been meaning to check this out. My firewall ssh rules are very > strict, in fact, if the remote IP is "unknown" meaning, I don't know > where the heck it's coming from, it's blocked. It's easier to say it > this way: I allow ssh connections from IPs I know, preferably static > IPs. > > Given that there are more than one general blacklists out there that > list unwanted behavior, and that we have ports that make use of these > lists, I wonder if we can use a list (in this case, for spam) > effective for blocking ssh connections. This means: > install spamd > setup pf (requirement for spamd, it is built by OpenBSD after all) > in the pf rules, block *ANYTHING* coming from the blacklisted IPs > > > I don't know how effective it is, but since the spamd blacklist IPs > are hosted on what seems to be only one server/server farm, I am also > looking for any way I can provide a mirror (even if it's slightly > outdated) of this data. I'm very grateful for all advice, but I'm still unsure why denying ssh access to a particular host via /etc/hosts.allow is a bad idea. many thanks anton -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 331 5944 Fax: +44 (0)117 929 4423 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: denying spam hosts ssh access - good idea?
On 1/11/10, David Southwell wrote: >> I'm thinking of denying ssh access to host from which >> I get brute force ssh attacks. >> >> HOwever, I see in /etc/hosts.allow: >> >> # Wrapping sshd(8) is not normally a good idea, but if you >> # need to do it, here's how >> #sshd : .evil.cracker.example.com : deny >> >> Why is it not a good idea? >> >> Also, apparently in older ssh there was DenyHosts option, >> but no longer in the current version. >> Is there a replacement for DenyHOsts? >> Or is there a good reason for such option not to be used? >> >> many thanks >> anton >> > I use denyhosts ( /usr/ports/security/denyhosts ) works well for me. I also > use blackhole and sshguard > > david I've been meaning to check this out. My firewall ssh rules are very strict, in fact, if the remote IP is "unknown" meaning, I don't know where the heck it's coming from, it's blocked. It's easier to say it this way: I allow ssh connections from IPs I know, preferably static IPs. Given that there are more than one general blacklists out there that list unwanted behavior, and that we have ports that make use of these lists, I wonder if we can use a list (in this case, for spam) effective for blocking ssh connections. This means: install spamd setup pf (requirement for spamd, it is built by OpenBSD after all) in the pf rules, block *ANYTHING* coming from the blacklisted IPs I don't know how effective it is, but since the spamd blacklist IPs are hosted on what seems to be only one server/server farm, I am also looking for any way I can provide a mirror (even if it's slightly outdated) of this data. --Tim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: denying spam hosts ssh access - good idea?
David Southwell wrote: I'm thinking of denying ssh access to host from which I get brute force ssh attacks. HOwever, I see in /etc/hosts.allow: # Wrapping sshd(8) is not normally a good idea, but if you # need to do it, here's how #sshd : .evil.cracker.example.com : deny Why is it not a good idea? Also, apparently in older ssh there was DenyHosts option, but no longer in the current version. Is there a replacement for DenyHOsts? Or is there a good reason for such option not to be used? many thanks anton I use denyhosts ( /usr/ports/security/denyhosts ) works well for me. I also use blackhole and sshguard david ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" Take a look at fail2ban: http://www.fail2ban.org/ This hooks in IPtables and really does a nice job of preventing DoS attacks from not just SSH but many other ports and protocols too. Regards, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: denying spam hosts ssh access - good idea?
> I'm thinking of denying ssh access to host from which > I get brute force ssh attacks. > > HOwever, I see in /etc/hosts.allow: > > # Wrapping sshd(8) is not normally a good idea, but if you > # need to do it, here's how > #sshd : .evil.cracker.example.com : deny > > Why is it not a good idea? > > Also, apparently in older ssh there was DenyHosts option, > but no longer in the current version. > Is there a replacement for DenyHOsts? > Or is there a good reason for such option not to be used? > > many thanks > anton > I use denyhosts ( /usr/ports/security/denyhosts ) works well for me. I also use blackhole and sshguard david ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
denying spam hosts ssh access - good idea?
I'm thinking of denying ssh access to host from which I get brute force ssh attacks. HOwever, I see in /etc/hosts.allow: # Wrapping sshd(8) is not normally a good idea, but if you # need to do it, here's how #sshd : .evil.cracker.example.com : deny Why is it not a good idea? Also, apparently in older ssh there was DenyHosts option, but no longer in the current version. Is there a replacement for DenyHOsts? Or is there a good reason for such option not to be used? many thanks anton -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 331 5944 Fax: +44 (0)117 929 4423 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Converting i386 to amd64
Michael Powell wrote: Greetings everyone: This is probably a pretty dumb question, but it's never really come up for me before. I am at a crossroads with regard to some hardware upgrades, and for a couple of them I have been putting off making the change to 64 bit. These are server boxen with no concerns for desktop use. Is it possible to change an i386 install to amd64 without needing to start from scratch? I was poking around reading some stuff, and ran across this in in /usr/src/Makefile: # If TARGET=machine (e.g. ia64, sparc64, ...) is specified you can # cross build world for other machine types using the buildworld target, # and once the world is built you can cross build a kernel using the # buildkernel target. Does this mean I can achieve the desired effect with "make buildworld TARGET=amd64", et al? It would be a tremendous time-saver for me. Of course I would follow with a portupgrade -fa and rebuild all ports afterward. Thanks in advance for the wielding of any clue sticks. :-) This sort of process /is/ possible, but it is a lot more involved than you're anticipating. Unless you're the sort of person that likes doing terribly complicated and risky procedures for the hell of it, you are going to be better off just starting from scratch and reinstalling using an AMD64 .iso. It's going to be quicker to reinstall anyhow. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: syncache_timer: errors; What do they mean?
> David Southwell wrote: > > Here are some example entries in /var/log/messages (server ip address > > removed and replaced by [xxx.xxx.xxx.xxx] : > > > > Can anyone please tell me what thses messages mean and what action (if > > any) I should be taking. > > Thanks in advance for any replies > > Jan 11 10:41:57 dns1 kernel: TCP: [113.53.173.247]:63584 to > > [xxx.xxx.xxx.xxx]:25; syncache_timer: Response timeout, retransmitting > > (1) SYN|ACK > > Jan 11 10:42:01 dns1 kernel: TCP: [113.53.173.247]:63429 to > > [xxx.xxx.xxx.xxx]:25; syncache_timer: Response timeout, retransmitting > > (2) SYN|ACK > > Jan 11 10:42:03 dns1 kernel: TCP: [113.53.173.247]:63584 to > > [xxx.xxx.xxx.xxx]:25; syncache_timer: Response timeout, retransmitting > > (2) SYN|ACK > > Jan 11 10:42:13 dns1 kernel: TCP: [113.53.173.247]:63429 to > > [xxx.xxx.xxx.xxx]:25; syncache_timer: Response timeout, retransmitting > > (3) SYN|ACK > > Jan 11 10:42:16 dns1 kernel: TCP: [113.53.173.247]:63584 to > > [xxx.xxx.xxx.xxx]:25; syncache_timer: Response timeout, retransmitting > > (3) SYN|ACK > > What is happening is this: host 113.53.173.247 (which appears to be > somewhere in Thailand) is trying to connect to port 25 on your machine. > [I guess it's probably trying to spam you.] > > Now, the very first packet sent to establish a TCP connection is known > as the 'SYN' packet -- that's because it has the Syn bit set in the > options bitmap. That comes from the remote system (as it is trying to > connect to you.) Your machine is receiving that OK. > > The next step is for your machine to respond, sending a SYNACK packet > back to the remote machine (Yes: you guessed it: this has both the Syn > and the Ack bits set in the packet options). Your machine is sending > these packets off OK, but here is where it is all going horribly wrong. > > Your machine never receives the 3rd packet back from the originating > machine -- which is just an ACK packet -- to say it received the response. > So it logs the message you've seen and tries again. After a certain > number of retries, it will give up on the attempted connection, clear > out any allocated memory and go back to a quiescent state just listening > for new incoming connections. > > Unless all three of these packets make it to and fro, the TCP connection > has not been properly set up. This process is described as the "Three > way handshake" -- unless that succeeds do data can flow across the > connection, so if this is an attempt to spam you, it's going to be > singularly ineffective. > > Chances are, you've run into a badly configured firewall, or a broken > spam-bot, which is causing packets to disappear from the wire. It /might/ > possibly be an attempt to DoS you by filling up various kernel memory > structures allocated to managing TCP connection state, but judging by the > time chops on the log extract you've shown, the other side would need to > be sending orders of magnitude more traffic in order to beeffective. > > Given this is too low intensity to have much effect on your machine, you > can simply do nothing and ignore the log messages: it will clear itself up > given enough time. Otherwise, a firewall rule to drop traffic from the > offending source will help reduce the noise level. > > On the vanishingly remote chance that this really is a valid SMTP peer of > yours, you'ld need to contact them out of band and try and work out where > the traffic is being blocked and what to do about it. > > Cheers, > > Matthew Thanks Mathew -- very well described..even I can understand it I did not mention I am running freebsd 7.2 p3. I use sshguard and denyhosts and blackhole. I have the: sshd : PARANOID : deny set in /etc/hosts.allow and wonder if the above combination could somehow be connected with the messages. I get some interesting messages sequences like this: Jan 11 12:40:09 dns1 kernel: TCP: [200.199.44.147]:22093 to [xxx.xxx.xxx.xxx]:139 tcpflags 0x18; tcp_do_segment: FIN_WAIT_1: Received 76 bytes of data after socket was closed, sending RST and removing tcpcb Jan 11 12:40:11 dns1 kernel: TCP: [200.199.44.147]:22093 to [xxx.xxx.xxx.xxx]:139 tcpflags 0x10; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) Jan 11 12:40:11 dns1 kernel: TCP: [200.199.44.147]:22093 to [xxx.xxx.xxx.xxx]:139 tcpflags 0x4; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored Jan 11 12:40:14 dns1 kernel: TCP: [200.199.44.147]:9 to [xxx.xxx.xxx.xxx]:445 tcpflags 0x2; tcp_input: Connection attempt to closed port From what are clear spoofing "initiatives" Thanks again David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: syncache_timer: errors; What do they mean?
David Southwell wrote: Here are some example entries in /var/log/messages (server ip address removed and replaced by [xxx.xxx.xxx.xxx] : Can anyone please tell me what thses messages mean and what action (if any) I should be taking. Thanks in advance for any replies Jan 11 10:41:57 dns1 kernel: TCP: [113.53.173.247]:63584 to [xxx.xxx.xxx.xxx]:25; syncache_timer: Response timeout, retransmitting (1) SYN|ACK Jan 11 10:42:01 dns1 kernel: TCP: [113.53.173.247]:63429 to [xxx.xxx.xxx.xxx]:25; syncache_timer: Response timeout, retransmitting (2) SYN|ACK Jan 11 10:42:03 dns1 kernel: TCP: [113.53.173.247]:63584 to [xxx.xxx.xxx.xxx]:25; syncache_timer: Response timeout, retransmitting (2) SYN|ACK Jan 11 10:42:13 dns1 kernel: TCP: [113.53.173.247]:63429 to [xxx.xxx.xxx.xxx]:25; syncache_timer: Response timeout, retransmitting (3) SYN|ACK Jan 11 10:42:16 dns1 kernel: TCP: [113.53.173.247]:63584 to [xxx.xxx.xxx.xxx]:25; syncache_timer: Response timeout, retransmitting (3) SYN|ACK What is happening is this: host 113.53.173.247 (which appears to be somewhere in Thailand) is trying to connect to port 25 on your machine. [I guess it's probably trying to spam you.] Now, the very first packet sent to establish a TCP connection is known as the 'SYN' packet -- that's because it has the Syn bit set in the options bitmap. That comes from the remote system (as it is trying to connect to you.) Your machine is receiving that OK. The next step is for your machine to respond, sending a SYNACK packet back to the remote machine (Yes: you guessed it: this has both the Syn and the Ack bits set in the packet options). Your machine is sending these packets off OK, but here is where it is all going horribly wrong. Your machine never receives the 3rd packet back from the originating machine -- which is just an ACK packet -- to say it received the response. So it logs the message you've seen and tries again. After a certain number of retries, it will give up on the attempted connection, clear out any allocated memory and go back to a quiescent state just listening for new incoming connections. Unless all three of these packets make it to and fro, the TCP connection has not been properly set up. This process is described as the "Three way handshake" -- unless that succeeds do data can flow across the connection, so if this is an attempt to spam you, it's going to be singularly ineffective. Chances are, you've run into a badly configured firewall, or a broken spam-bot, which is causing packets to disappear from the wire. It /might/ possibly be an attempt to DoS you by filling up various kernel memory structures allocated to managing TCP connection state, but judging by the time chops on the log extract you've shown, the other side would need to be sending orders of magnitude more traffic in order to beeffective. Given this is too low intensity to have much effect on your machine, you can simply do nothing and ignore the log messages: it will clear itself up given enough time. Otherwise, a firewall rule to drop traffic from the offending source will help reduce the noise level. On the vanishingly remote chance that this really is a valid SMTP peer of yours, you'ld need to contact them out of band and try and work out where the traffic is being blocked and what to do about it. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Q: recommendation for external USB disk
Hello, Can someone recommend a good external USB disk for backups which works with FreeBSD 8.0 and has more than 512 GByte? Thx in advance matthias -- Matthias Apitz t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211 e - w http://www.unixarea.de/ Vote NO to EU The Lisbon Treaty: http://www.no-means-no.eu ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: a question on ZFS boot/root in 8.0-RELEASE
2010/1/11 Dan Naumov > Hello list. > > My concern is this: I really really like freebsd-update and want to > continue using it. Freebsd-update however, assumes that no part of > your base system has been compiled by hand, it's intended to be used > to update from official binaries to other official binaries. I am also > gathering (from things I've read so far) that you HAVE to build a > custom loader if you want to boot off a ZFS mirror or raidz... but > what about a non-redundant ZFS pool as system root in 8.0-RELEASE? Can > I have a full ZFS FreeBSD installation on a non-redundant ZFS pool and > have the system boot off it without having to compile anything > manually with the existing binaries provided on the 8.0 install DVD? > > - Sincerely, > Dan Naumov > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscr...@freebsd.org" > At the moment dont mix freebsd update and zfsroot. Much safer to do it from source. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: "glabel label" questions
2010/1/11 Scott Bennett > My system currently has three external disk drives connected via USB > 2.0 > ports and will soon have another drive connected via a Firewire port. The > three already present have quite a few partitions on them, nearly all of > which > already contain file systems with lots of files in them. I would like to > use > the "glabel label" method of labeling each of these partitions, so that I > do > not always have to disconnect all but one external drive when rebooting the > system and then reconnect them one by one in order to get the proper device > files assigned to them for use with /etc/fstab entries. > However, some of these partitions contain GELI-encrypted file systems. > Can the "glabel label" sort of labeling be used with encrypted partitions? > If so, can "glabel label" be used on the encrypted partitions without > destroying the file systems or the data in them? Or will I need to > recreate > the file systems after labeling the partitions and then restore their > contents > from backups? Is there any danger to unencrypted partitions and data when > using the "glabel label" operation? > Thanks in advance for any help with this matter. > > > Scott Bennett, Comm. ASMELG, CFIAG > ** > * Internet: bennett at cs.niu.edu * > ** > * "A well regulated and disciplined militia, is at all times a good * > * objection to the introduction of that bane of all free governments * > * -- a standing army." * > *-- Gov. John Hancock, New York Journal, 28 January 1790 * > ** > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscr...@freebsd.org" > just unmount them and do a tunefs -L on them. Geli works a layer below the fs so should work fine. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Converting i386 to amd64
Greetings everyone: This is probably a pretty dumb question, but it's never really come up for me before. I am at a crossroads with regard to some hardware upgrades, and for a couple of them I have been putting off making the change to 64 bit. These are server boxen with no concerns for desktop use. Is it possible to change an i386 install to amd64 without needing to start from scratch? I was poking around reading some stuff, and ran across this in in /usr/src/Makefile: # If TARGET=machine (e.g. ia64, sparc64, ...) is specified you can # cross build world for other machine types using the buildworld target, # and once the world is built you can cross build a kernel using the # buildkernel target. Does this mean I can achieve the desired effect with "make buildworld TARGET=amd64", et al? It would be a tremendous time-saver for me. Of course I would follow with a portupgrade -fa and rebuild all ports afterward. Thanks in advance for the wielding of any clue sticks. :-) -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
a question on ZFS boot/root in 8.0-RELEASE
Hello list. My concern is this: I really really like freebsd-update and want to continue using it. Freebsd-update however, assumes that no part of your base system has been compiled by hand, it's intended to be used to update from official binaries to other official binaries. I am also gathering (from things I've read so far) that you HAVE to build a custom loader if you want to boot off a ZFS mirror or raidz... but what about a non-redundant ZFS pool as system root in 8.0-RELEASE? Can I have a full ZFS FreeBSD installation on a non-redundant ZFS pool and have the system boot off it without having to compile anything manually with the existing binaries provided on the 8.0 install DVD? - Sincerely, Dan Naumov ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
syncache_timer: errors; What do they mean?
Here are some example entries in /var/log/messages (server ip address removed and replaced by [xxx.xxx.xxx.xxx] : Can anyone please tell me what thses messages mean and what action (if any) I should be taking. Thanks in advance for any replies Jan 11 10:41:57 dns1 kernel: TCP: [113.53.173.247]:63584 to [xxx.xxx.xxx.xxx]:25; syncache_timer: Response timeout, retransmitting (1) SYN|ACK Jan 11 10:42:01 dns1 kernel: TCP: [113.53.173.247]:63429 to [xxx.xxx.xxx.xxx]:25; syncache_timer: Response timeout, retransmitting (2) SYN|ACK Jan 11 10:42:03 dns1 kernel: TCP: [113.53.173.247]:63584 to [xxx.xxx.xxx.xxx]:25; syncache_timer: Response timeout, retransmitting (2) SYN|ACK Jan 11 10:42:13 dns1 kernel: TCP: [113.53.173.247]:63429 to [xxx.xxx.xxx.xxx]:25; syncache_timer: Response timeout, retransmitting (3) SYN|ACK Jan 11 10:42:16 dns1 kernel: TCP: [113.53.173.247]:63584 to [xxx.xxx.xxx.xxx]:25; syncache_timer: Response timeout, retransmitting (3) SYN|ACK David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
"glabel label" questions
My system currently has three external disk drives connected via USB 2.0 ports and will soon have another drive connected via a Firewire port. The three already present have quite a few partitions on them, nearly all of which already contain file systems with lots of files in them. I would like to use the "glabel label" method of labeling each of these partitions, so that I do not always have to disconnect all but one external drive when rebooting the system and then reconnect them one by one in order to get the proper device files assigned to them for use with /etc/fstab entries. However, some of these partitions contain GELI-encrypted file systems. Can the "glabel label" sort of labeling be used with encrypted partitions? If so, can "glabel label" be used on the encrypted partitions without destroying the file systems or the data in them? Or will I need to recreate the file systems after labeling the partitions and then restore their contents from backups? Is there any danger to unencrypted partitions and data when using the "glabel label" operation? Thanks in advance for any help with this matter. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Reference to your Work
S Pavan wrote: Currently we are finalizing the release version of our courseware that prepares aspirants for the certification *‘CEHv7’* as awarded by EC-Council. In this context, we would like to seek your permission to include references to your work *“Wireless Networking"* published at ‘* http://www.freebsd.org/doc/en/books/handbook/network-wireless.html*’ as a resource material for the said instructional material. This will further enrich the knowledge base shared with the students and the intent is solely to disseminate knowledge-to-knowledge seekers. First of all, let me say that I'm not anyone with any official standing with the FreeBSD project that can give you a definitive answer to your enquiry. However, let me point you towards the copyright/license on the FreeBSD Handbook: http://www.freebsd.org/doc/en/books/handbook/LEGALNOTICE.html Which is a variant on the well known BSD family of open-source licenses (as you might expect). Essentially this says that you are free to make whatever use of the material in the handbook, and the source code it is derived from, subject only to the proviso that you maintain the same copyright notice and disclaimer in derived works. Simply providing a link back to the original copyright notice on the FreeBSD site should be sufficient. Should you have further concerns to be addressed, might I suggest that the most relevant group of people to contact is the FreeBSD Documentation Project via their mailing list: freebsd-...@freebsd.org Ever since I first encountered it, I've been convinced that the FreeBSD Handbook and related documentation is an outstandingly good example of how to do such things, and I am glad to see that it is attracting attention outside its core constituency of FreeBSD users. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: PGP signature signature.asc Description: OpenPGP digital signature