Re: portupgrade command line option -f problem
On Wed, 13 Oct 2010 13:24:26 +0100 David Southwell da...@vizion2000.net wrote: Tried that but no good - it still seems to goof up. I recall it used to work many versions ago but it may not have been picked up on a regression test. It works for me. Which port is it failing on portupgrade -frR apache22 does not rebuild apache modules david Photographic Artist Permanent Installations Design Creative Imagery and Advanced Digital Techniques High Dynamic Range Photography Official Portraiture Combined darkroom digital creations Systems Adminstrator for the vizion2000.net network ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Resin 3.1.9, Apache 2.2.16 and mod_caucho?
Hi, I'm trying to install Resin together with Apache and according to all documentation I can find I'm supposed to compile the mod_caucho and include this in the Apache httpd.conf, but I can't find any reference to mod_caucho in my ports, system or compile options. Is the documentation outdated or can anyone give me some pointers as to how I can make requests to Java sites go through Apache (using virtual hosts)? Ie. http://caucho.com/resin-3.1/doc/install-apache.xtp Both Apache (port 80) and Resin3.1 (port 8080) runs fine alone. uname -a FreeBSD domain.domain.net 8.0-RELEASE-p4 FreeBSD 8.0-RELEASE-p4 #0: Mon Jul 12 20:22:27 UTC 2010 r...@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 Cheers, Andreas ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: firefox
To install Flash for Firefox, I use this HOWTO http://forums.freebsd.org/showpost.php?p=33673postcount=1 I have used Linux Base Port 10 but now I use Linux Base Port 8 because I can use ICA Client, Citrix (see BSD Mag from last month). Flash works well on Firefox with both Linux Base Port, but please don't install both at the same time. On Thu, Oct 14, 2010 at 7:45 AM, Polytropon free...@edvax.de wrote: On Wed, 13 Oct 2010 22:27:05 +0800, yanxinyou yxy@gmail.com wrote: how to install the flash plugin to firefox Check out the FreeBSD handbook's chapter about browsers: http://www.freebsd.org/doc/handbook/desktop-browsers.html See 6.2.3 Firefox and Macromedia(R) Flash^TM Plugin and check if it works for you. I have virtually no experience with Flash on newer system and browser versions (8.1-R with Firefox 3.4 on your side?), but in the past, this was an instruction that worked - until I removed Flash, of course. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... Alexandre ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
gzip tries to unpack/pack 1st the filename of $GZIP
Hello, I was facing a problem in some Makefile/shell-scripting and finally I could nail it down: when you set the environment variable GZIP to something, for example to let it point to gzip itself, it tries 1st to unpack this file: $ GZIP=/usr/bin/gzip export GZIP $ $GZIP -dc source.tar.gz | wc -l gzip: /usr/bin/gzip: not in gzip format 645770 o $ GZIP=bla export GZIP $ gzip -dc source.tar.gz | wc -l gzip: can't stat: bla: No such file or directory 645770 Why is this? It's not mentioned in the man page. Thanks matthias -- Matthias Apitz t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211 e g...@unixarea.de - w http://www.unixarea.de/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [Bulk] Re: firefox
I think you have the same error than the one described here : https://forums.freebsd.org/showthread.php?t=10460 There is a security issue for Linux-Pango. That is why the Portaudit tool, won't let you install this port. But you can nevertheless install the port : - Add the following line to /etc/make.conf : DISABLE_VULNERABILITIES=yes - Or use this command to install the ports : # make DISABLE_VULNERABILITIES=yes install clean 2010/10/14 yanxinyou yxy@gmail.com I am new to the freebsd world . As some friends said , I do it from the handbook . After i install the linux-base f10 . then i install the from www/nspluginwrapper it failed the problem like this : i come from china. i may not describe clearly . thank you 在 2010-10-14四的 10:18 +0200,Alexandre写道: To install Flash for Firefox, I use this HOWTO http://forums.freebsd.org/showpost.php?p=33673postcount=1 I have used Linux Base Port 10 but now I use Linux Base Port 8 because I can use ICA Client, Citrix (see BSD Mag from last month). Flash works well on Firefox with both Linux Base Port, but please don't install both at the same time. On Thu, Oct 14, 2010 at 7:45 AM, Polytropon free...@edvax.de wrote: On Wed, 13 Oct 2010 22:27:05 +0800, yanxinyou yxy@gmail.com wrote: how to install the flash plugin to firefox Check out the FreeBSD handbook's chapter about browsers: http://www.freebsd.org/doc/handbook/desktop-browsers.html See 6.2.3 Firefox and Macromedia(R) Flash^TM Plugin and check if it works for you. I have virtually no experience with Flash on newer system and browser versions (8.1-R with Firefox 3.4 on your side?), but in the past, this was an instruction that worked - until I removed Flash, of course. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... Alexandre ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Resin 3.1.9, Apache 2.2.16 and mod_caucho?
On Thu, Oct 14, 2010 at 10:16 AM, Andy Wodfer wod...@gmail.com wrote: Hi, I'm trying to install Resin together with Apache and according to all documentation I can find I'm supposed to compile the mod_caucho and include this in the Apache httpd.conf, but I can't find any reference to mod_caucho in my ports, system or compile options. Is the documentation outdated or can anyone give me some pointers as to how I can make requests to Java sites go through Apache (using virtual hosts)? Ie. http://caucho.com/resin-3.1/doc/install-apache.xtp Both Apache (port 80) and Resin3.1 (port 8080) runs fine alone. You probably have that module already installed. It comes with www/resin3 according to the Makefile. -- chs, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Resin 3.1.9, Apache 2.2.16 and mod_caucho?
On Thu, Oct 14, 2010 at 1:06 PM, Christer Solskogen christer.solsko...@gmail.com wrote: On Thu, Oct 14, 2010 at 10:16 AM, Andy Wodfer wod...@gmail.com wrote: Hi, I'm trying to install Resin together with Apache and according to all documentation I can find I'm supposed to compile the mod_caucho and include this in the Apache httpd.conf, but I can't find any reference to mod_caucho in my ports, system or compile options. Is the documentation outdated or can anyone give me some pointers as to how I can make requests to Java sites go through Apache (using virtual hosts)? Ie. http://caucho.com/resin-3.1/doc/install-apache.xtp Both Apache (port 80) and Resin3.1 (port 8080) runs fine alone. You probably have that module already installed. It comes with www/resin3 according to the Makefile. Don't think so. locate (updated) and find only shows these: ./tmp/caucho ./usr/local/resin3/webapps/resin-doc/WEB-INF/classes/com/caucho ./usr/local/resin3/webapps/resin-doc/WEB-INF/xsl/caucho ./usr/local/resin3/webapps/resin-doc/examples/amber-basic/WEB-INF/classes/com/caucho /Andy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is it a good idea to use DHCP for point to point connections ?
Le 13/10/2010 22:25, Elliot Finley a écrit : we did this with DSL customers. But instead of using a unique gateway for each Client, just use IP Unnumbered and proxy arp for your loopback interface. I was about to say that this solution seemed extremely sensitive to spoofing. But I figured out that my solution was not necessarily better. Looks like I will have to go for hardware solution after all... I am currently checking on Cisco private vlan system. But I am not a big fan of Cisco (Well to be perfectly honest I love the hardware...). Does anyone know of an alternative ? Jerome Herman On Wed, Oct 13, 2010 at 9:02 AM, Jerome Hermanjher...@dichotomia.frwrote: Hello, Given the price (an tedious management) of layer 3 switches I was thinking about using modified DHCP to distribute addresses with a /32 netmask (255.255.255.255) The Idea : Create a cheap (and preferably not dirty) way to have client isolation, without creating tons of vlan. Pratictal overview : The DHCP server will be serving IP addresses and gateways with a /32 mask. Client1 would recieve IP adress of 241.0.0.1 with a netmask of 255.255.255.255 and a gateway of 240.0.0.1 Client2 would recieve IP adress of 241.0.0.2 with a netmask of 255.255.255.255 and a gateway of 240.0.0.2 Client3 would recieve IP adress of 241.0.0.3 with a netmask of 255.255.255.255 and a gateway of 240.0.0.3 etc. Of course the gateway will have to have as many IP as there are clients (Unless I am mistaken) The questions : - Is there something similar already existing ? It must not require any configuration on the client side other than activating DHCP. - Would this work ? I do not see why it would not, though I am a little anxious about having tens of point to point connections going to the same physical port. - I could not find anything forbidding it in RFC2131, but then again I might be wrong. Am I ? - One problem remains that is solved by vlan isolation but not by DHCP isolation : rogue DHCP servers. Any Idea to crush those ? I hope it is not inappropriate to post this on this list. But it is an interesting problem (I think). Jerome Herman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is it a good idea to use DHCP for point to point connections ?
On Thu, Oct 14, 2010 at 9:16 AM, Jerome Herman jher...@dichotomia.frwrote: Le 13/10/2010 22:25, Elliot Finley a écrit : we did this with DSL customers. But instead of using a unique gateway for each Client, just use IP Unnumbered and proxy arp for your loopback interface. I was about to say that this solution seemed extremely sensitive to spoofing. But I figured out that my solution was not necessarily better. Looks like I will have to go for hardware solution after all... I am currently checking on Cisco private vlan system. But I am not a big fan of Cisco (Well to be perfectly honest I love the hardware...). Does anyone know of an alternative ? Jerome Herman On Wed, Oct 13, 2010 at 9:02 AM, Jerome Hermanjher...@dichotomia.fr wrote: Hello, Given the price (an tedious management) of layer 3 switches I was thinking about using modified DHCP to distribute addresses with a /32 netmask (255.255.255.255) The Idea : Create a cheap (and preferably not dirty) way to have client isolation, without creating tons of vlan. Pratictal overview : The DHCP server will be serving IP addresses and gateways with a /32 mask. Client1 would recieve IP adress of 241.0.0.1 with a netmask of 255.255.255.255 and a gateway of 240.0.0.1 Client2 would recieve IP adress of 241.0.0.2 with a netmask of 255.255.255.255 and a gateway of 240.0.0.2 Client3 would recieve IP adress of 241.0.0.3 with a netmask of 255.255.255.255 and a gateway of 240.0.0.3 etc. Of course the gateway will have to have as many IP as there are clients (Unless I am mistaken) The questions : - Is there something similar already existing ? It must not require any configuration on the client side other than activating DHCP. - Would this work ? I do not see why it would not, though I am a little anxious about having tens of point to point connections going to the same physical port. - I could not find anything forbidding it in RFC2131, but then again I might be wrong. Am I ? - One problem remains that is solved by vlan isolation but not by DHCP isolation : rogue DHCP servers. Any Idea to crush those ? I hope it is not inappropriate to post this on this list. But it is an interesting problem (I think). Jerome Herman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Around here (Ontario, Canada) - almost all DSL providers use PPPoE... just a thought, but might be a lot easier. -- Nathan Vidican nat...@vidican.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: gzip tries to unpack/pack 1st the filename of $GZIP
Matthias Apitz g...@unixarea.de writes: Hello, I was facing a problem in some Makefile/shell-scripting and finally I could nail it down: when you set the environment variable GZIP to something, for example to let it point to gzip itself, it tries 1st to unpack this file: $ GZIP=/usr/bin/gzip export GZIP $ $GZIP -dc source.tar.gz | wc -l gzip: /usr/bin/gzip: not in gzip format 645770 o $ GZIP=bla export GZIP $ gzip -dc source.tar.gz | wc -l gzip: can't stat: bla: No such file or directory 645770 Why is this? It's not mentioned in the man page. You need to fix the syntax on your 'export' lines. Adding a semicolon before the export keyword (or moving it to the next line) is the smallest change to do this. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
IPSec/racoon key time to live
Hi: I'm up against configuring a number of different systems with host-host IPSec AH-only. The systems use different versions of racoon. Questions: - Must the key lifetime be the same in both ends? - Can key lifetime be configured per host-host connection? Thanks, Erik -- Erik Nørgaard Ph: +34.666334818http://www.locolomo.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: gzip tries to unpack/pack 1st the filename of $GZIP
El día Thursday, October 14, 2010 a las 10:39:13AM -0400, Lowell Gilbert escribió: Matthias Apitz g...@unixarea.de writes: Hello, I was facing a problem in some Makefile/shell-scripting and finally I could nail it down: when you set the environment variable GZIP to something, for example to let it point to gzip itself, it tries 1st to unpack this file: ... This was my fault. I overlooked it in the man page. SOrry; You need to fix the syntax on your 'export' lines. Adding a semicolon before the export keyword (or moving it to the next line) is the smallest change to do this. Why? $ FIX=foo export FIX $ env | fgrep FIX FIX=foo matthias -- Matthias Apitz t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211 e g...@unixarea.de - w http://www.unixarea.de/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: gzip tries to unpack/pack 1st the filename of $GZIP
On Thu, 14 Oct 2010 10:36:59 +0200 Matthias Apitz g...@unixarea.de wrote: Hello, I was facing a problem in some Makefile/shell-scripting and finally I could nail it down: when you set the environment variable GZIP to something, for example to let it point to gzip itself, it tries 1st to unpack this file: $ GZIP=/usr/bin/gzip export GZIP $ $GZIP -dc source.tar.gz | wc -l gzip: /usr/bin/gzip: not in gzip format 645770 o $ GZIP=bla export GZIP $ gzip -dc source.tar.gz | wc -l gzip: can't stat: bla: No such file or directory 645770 Why is this? It's not mentioned in the man page. It is, actually. ENVIRONMENT If the environment variable GZIP is set, it is parsed as a white-space separated list of options handled before any options on the command line. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Professional mapping solution for Education and Research
Having trouble viewing this email ? http://www.articque.com/mailing/2010/101011-geocampus-en/index.html?utm_source=articqueutm_medium=emailutm_campaign=geocampus-en = GEOCAMPUS An initiative of ARTICQUE Solutions Group = Your FREE thematical MAPPING solution = Students and Teachers, get your free professionnal mapping solution. Universities and Schools, get a preferential price to equip your IT classrooms. Get your free CD license : http://www.geocampus.com/en/home.html?utm_source=articqueutm_medium=emailutm_campaign=geocampus-en = In accordance with the french law of June 21, 2004 (article L345) and the european guideline 2002/58/CE dated July 12, 2002, you have full access to the data regarding your privacy and can indicate your unwillingness to receive information by unsubscribing instantly at desinscript...@articque.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: gzip tries to unpack/pack 1st the filename of $GZIP
On Thu, 2010-10-14 at 16:48 +0200, Matthias Apitz wrote: El día Thursday, October 14, 2010 a las 10:39:13AM -0400, Lowell Gilbert escribió: Matthias Apitz g...@unixarea.de writes: Hello, I was facing a problem in some Makefile/shell-scripting and finally I could nail it down: when you set the environment variable GZIP to something, for example to let it point to gzip itself, it tries 1st to unpack this file: ... This was my fault. I overlooked it in the man page. SOrry; You need to fix the syntax on your 'export' lines. Adding a semicolon before the export keyword (or moving it to the next line) is the smallest change to do this. Why? $ FIX=foo export FIX $ env | fgrep FIX FIX=foo matthias I'm with matthias on this one... Here's the technical explanation: When performing assignment in bourne/again shell, if the right-hand side of the assignment (=) does not begin with either a single-quote or double-quote, spaces will terminate the assignment and begin a new command. For example: abc=123 echo hello, world ^ | end of assignment (start of new command; imagine implied semi-colon) This produces two distinct commands: 1. abc=123 2. echo hello world Contrast that with either: abc=123 echo hello world or abc=123\ echo\ hello,\ world Both of which succeed in assigning `123 echo hello, world' to variable `abc'. Pop Quiz: What does the following do: abc=123\ xyz echo hello Answer: 1. assigns `123 xyz' to variable `abc' 2. executes: echo hello Second Pop Quiz: abc=123 xyz echo hello Answer: 1. assigns `123 xyz' to variable `abc' 2. executes: echo hello This obviously doesn't work in tennex/c shell: # echo $0 $SHELL -csh /bin/csh # abc=123 abc=123: Command not found. # ls -li `which csh tcsh` 1411 -r-xr-xr-x 2 root wheel 651964 Jan 23 2007 /bin/csh 1411 -r-xr-xr-x 2 root wheel 651964 Jan 23 2007 /bin/tcsh -- Cheers, Devin Teske - CONTACT INFORMATION - Business Solutions Consultant II FIS - fisglobal.com 510-735-5650 Mobile 510-621-2038 Office 510-621-2020 Office Fax 909-477-4578 Home/Fax devin.te...@fisglobal.com - LEGAL DISCLAIMER - This message contains confidential and proprietary information of the sender, and is intended only for the person(s) to whom it is addressed. Any use, distribution, copying or disclosure by any other person is strictly prohibited. If you have received this message in error, please notify the e-mail sender immediately, and delete the original message without making a copy. - END TRANSMISSION - ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Resin 3.1.9, Apache 2.2.16 and mod_caucho?
On Thu, Oct 14, 2010 at 3:07 PM, Andy Wodfer wod...@gmail.com wrote: On Thu, Oct 14, 2010 at 1:06 PM, Christer Solskogen christer.solsko...@gmail.com wrote: On Thu, Oct 14, 2010 at 10:16 AM, Andy Wodfer wod...@gmail.com wrote: Hi, I'm trying to install Resin together with Apache and according to all documentation I can find I'm supposed to compile the mod_caucho and include this in the Apache httpd.conf, but I can't find any reference to mod_caucho in my ports, system or compile options. Is the documentation outdated or can anyone give me some pointers as to how I can make requests to Java sites go through Apache (using virtual hosts)? Ie. http://caucho.com/resin-3.1/doc/install-apache.xtp Both Apache (port 80) and Resin3.1 (port 8080) runs fine alone. You probably have that module already installed. It comes with www/resin3 according to the Makefile. Don't think so. locate (updated) and find only shows these: ./tmp/caucho ./usr/local/resin3/webapps/resin-doc/WEB-INF/classes/com/caucho ./usr/local/resin3/webapps/resin-doc/WEB-INF/xsl/caucho ./usr/local/resin3/webapps/resin-doc/examples/amber-basic/WEB-INF/classes/com/caucho You might need to have apache[2|22] installed first. -- chs, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Jail question
I have a single box on which I would like to run openvpn, smtp (postfix, dspam, greylist, clamav), imap (dovecot) apache22 and bind. This box also acts as a network gateway so it would give an attacker carte blanche to the internal nets if it was compromised, which makes me nervous. The plan is to run openvpn as the only unjailed service and the rest of the services in a single jail or their own jails. I have never touched jails before and I'm a bit unsure of the best way to go. I realise that I can jail a service or a copy of the whole system (service would be preferable for space efficiency) but I am unclear on how to deal with IP addresses in jailed environments and if I should create individual jails or a single jail for all services. At the moment I am leaning toward a single system jail for everything so I can keep the space in which openvpn runs as uncluttered as possible and also have a single postgres instance shared by the other services. Basically, if any of the public services in the jail are compromised I would like to make it very hard for the attacker to see the internal network. If I use this scheme must I use separate public IPs for openvpn and the services jail or is it possible to use a single IP or some NAT/PAT scheme? -this box currently has 4 x NICs split into 2x lagg interfaces in failover mode (one public, one private), if that makes any difference Sorry for the rambling question and I hope this makes sense! Matt. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: gzip tries to unpack/pack 1st the filename of $GZIP
Matthias Apitz g...@unixarea.de writes: Why? $ FIX=foo export FIX $ env | fgrep FIX FIX=foo Sorry; I'm not sure how I fooled myself on that -- I didn't keep the example I tested on.. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Resin 3.1.9, Apache 2.2.16 and mod_caucho?
Christer Solskogen wrote: [snip] Both Apache (port 80) and Resin3.1 (port 8080) runs fine alone. You probably have that module already installed. It comes with www/resin3 according to the Makefile. Don't think so. locate (updated) and find only shows these: ./tmp/caucho ./usr/local/resin3/webapps/resin-doc/WEB-INF/classes/com/caucho ./usr/local/resin3/webapps/resin-doc/WEB-INF/xsl/caucho ./usr/local/resin3/webapps/resin-doc/examples/amber-basic/WEB- INF/classes/com/caucho You might need to have apache[2|22] installed first. You do need Apache installed first as apxs is used to build the mod_caucho module. Install Apache by the ports system as you normally would. See the 'Compiling mod_caucho.so' section here: http://www.caucho.com/resin-3.1/doc/install-apache.xtp If the configure script doesn't/can't find apxs automagically use the CLI switch and provide it with the location. It should be able to find it. Then config resin.conf and httpd.conf accordingly. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is it a good idea to use DHCP for point to point connections ?
Le 14/10/2010 16:33, Nathan Vidican a écrit : On Thu, Oct 14, 2010 at 9:16 AM, Jerome Hermanjher...@dichotomia.frwrote: Le 13/10/2010 22:25, Elliot Finley a écrit : we did this with DSL customers. But instead of using a unique gateway for each Client, just use IP Unnumbered and proxy arp for your loopback interface. I was about to say that this solution seemed extremely sensitive to spoofing. But I figured out that my solution was not necessarily better. Looks like I will have to go for hardware solution after all... I am currently checking on Cisco private vlan system. But I am not a big fan of Cisco (Well to be perfectly honest I love the hardware...). Does anyone know of an alternative ? Jerome Herman On Wed, Oct 13, 2010 at 9:02 AM, Jerome Hermanjher...@dichotomia.fr wrote: Hello, Given the price (an tedious management) of layer 3 switches I was thinking about using modified DHCP to distribute addresses with a /32 netmask (255.255.255.255) The Idea : Create a cheap (and preferably not dirty) way to have client isolation, without creating tons of vlan. Pratictal overview : The DHCP server will be serving IP addresses and gateways with a /32 mask. Client1 would recieve IP adress of 241.0.0.1 with a netmask of 255.255.255.255 and a gateway of 240.0.0.1 Client2 would recieve IP adress of 241.0.0.2 with a netmask of 255.255.255.255 and a gateway of 240.0.0.2 Client3 would recieve IP adress of 241.0.0.3 with a netmask of 255.255.255.255 and a gateway of 240.0.0.3 etc. Of course the gateway will have to have as many IP as there are clients (Unless I am mistaken) The questions : - Is there something similar already existing ? It must not require any configuration on the client side other than activating DHCP. - Would this work ? I do not see why it would not, though I am a little anxious about having tens of point to point connections going to the same physical port. - I could not find anything forbidding it in RFC2131, but then again I might be wrong. Am I ? - One problem remains that is solved by vlan isolation but not by DHCP isolation : rogue DHCP servers. Any Idea to crush those ? I hope it is not inappropriate to post this on this list. But it is an interesting problem (I think). Jerome Herman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Around here (Ontario, Canada) - almost all DSL providers use PPPoE... just a thought, but might be a lot easier. It is indeed a lot easier. Unfortunatly it cannot be used in this case. Basically it is an hotel that is already wired in CAT.6. We ant the clients to be able to connect through wire without resorting to routers or DSL modem, with just DHCP set up. The hotel is composed of 33 small residences connected with fiber. The idea is to avoid the part where we buy 33 layer3 switches at 3000$ a piece. Jerome Herman -- Nathan Vidican nat...@vidican.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Jail question
On Thu, 14 Oct 2010, Matthew Law wrote: I have a single box on which I would like to run openvpn, smtp (postfix, dspam, greylist, clamav), imap (dovecot) apache22 and bind. This box also acts as a network gateway so it would give an attacker carte blanche to the internal nets if it was compromised, which makes me nervous. The plan is to run openvpn as the only unjailed service and the rest of the services in a single jail or their own jails. I have never touched jails before and I'm a bit unsure of the best way to go. I realise that I can jail a service or a copy of the whole system (service would be preferable for space efficiency) but I am unclear on how to deal with IP addresses in jailed environments and if I should create individual jails or a single jail for all services. At the moment I am leaning toward a single system jail for everything so I can keep the space in which openvpn runs as uncluttered as possible and also have a single postgres instance shared by the other services. Basically, if any of the public services in the jail are compromised I would like to make it very hard for the attacker to see the internal network. If I use this scheme must I use separate public IPs for openvpn and the services jail or is it possible to use a single IP or some NAT/PAT scheme? -this box currently has 4 x NICs split into 2x lagg interfaces in failover mode (one public, one private), if that makes any difference Sorry for the rambling question and I hope this makes sense! Matt. Starting with FreeBSD 8 jails may have multiple IPs and can use sockets. AFAIK this makes a jail pretty much like a separate physical system in a functional sense. Between man jail and the handbook there is a clear explaination of the management and setup procedures. Hopefully those with a better understanding of the internals will weigh in with the liabilities for what you want to do. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPSec/racoon key time to live
Le 14/10/2010 16:26, Erik Norgaard a écrit : Hi: I'm up against configuring a number of different systems with host-host IPSec AH-only. The systems use different versions of racoon. Questions: - Must the key lifetime be the same in both ends? In theory both ends are supposed to negotiate and select the smallest lifetime between the hosts. Reality is quite different, there are as many implementations of IPSec as there are debices implementing it, or close. And connecting in IPSec with a Cisco or a Checkpoint can be quite tedious. My opinion : avoid unnecessary headaches : put the same lifetime on both ends. - Can key lifetime be configured per host-host connection? Yes. Jerome Herman Thanks, Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is it a good idea to use DHCP for point to point connections ?
I *think* PVLANs are open standard, other vendors may support. DHCP snooping and/or ACL's can address rogue issue. Used Ci$co hardware is cheap. Check out Nework Hardware Resale or just google. 2960's support PVLANs, but only significant to each switch. If you want distributed PVLANs, 3750's would work. Is this a requirement or nice to have? With host based firewalls and/or proper disclosure may not need this level of isolation. Simply having a switch is a fair amount of isolation, especially with port level MAC security, sticky/static ARP's, etc. I don't mind, but probably off topic for this list. - Original Message - From: owner-freebsd-questi...@freebsd.org owner-freebsd-questi...@freebsd.org To: freebsd-questions@freebsd.org freebsd-questions@freebsd.org; nat...@vidican.com nat...@vidican.com Sent: Thu Oct 14 12:56:19 2010 Subject: Re: Is it a good idea to use DHCP for point to point connections ? Le 14/10/2010 16:33, Nathan Vidican a écrit : On Thu, Oct 14, 2010 at 9:16 AM, Jerome Hermanjher...@dichotomia.frwrote: Le 13/10/2010 22:25, Elliot Finley a écrit : we did this with DSL customers. But instead of using a unique gateway for each Client, just use IP Unnumbered and proxy arp for your loopback interface. I was about to say that this solution seemed extremely sensitive to spoofing. But I figured out that my solution was not necessarily better. Looks like I will have to go for hardware solution after all... I am currently checking on Cisco private vlan system. But I am not a big fan of Cisco (Well to be perfectly honest I love the hardware...). Does anyone know of an alternative ? Jerome Herman On Wed, Oct 13, 2010 at 9:02 AM, Jerome Hermanjher...@dichotomia.fr wrote: Hello, Given the price (an tedious management) of layer 3 switches I was thinking about using modified DHCP to distribute addresses with a /32 netmask (255.255.255.255) The Idea : Create a cheap (and preferably not dirty) way to have client isolation, without creating tons of vlan. Pratictal overview : The DHCP server will be serving IP addresses and gateways with a /32 mask. Client1 would recieve IP adress of 241.0.0.1 with a netmask of 255.255.255.255 and a gateway of 240.0.0.1 Client2 would recieve IP adress of 241.0.0.2 with a netmask of 255.255.255.255 and a gateway of 240.0.0.2 Client3 would recieve IP adress of 241.0.0.3 with a netmask of 255.255.255.255 and a gateway of 240.0.0.3 etc. Of course the gateway will have to have as many IP as there are clients (Unless I am mistaken) The questions : - Is there something similar already existing ? It must not require any configuration on the client side other than activating DHCP. - Would this work ? I do not see why it would not, though I am a little anxious about having tens of point to point connections going to the same physical port. - I could not find anything forbidding it in RFC2131, but then again I might be wrong. Am I ? - One problem remains that is solved by vlan isolation but not by DHCP isolation : rogue DHCP servers. Any Idea to crush those ? I hope it is not inappropriate to post this on this list. But it is an interesting problem (I think). Jerome Herman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Around here (Ontario, Canada) - almost all DSL providers use PPPoE... just a thought, but might be a lot easier. It is indeed a lot easier. Unfortunatly it cannot be used in this case. Basically it is an hotel that is already wired in CAT.6. We ant the clients to be able to connect through wire without resorting to routers or DSL modem, with just DHCP set up. The hotel is composed of 33 small residences connected with fiber. The idea is to avoid the part where we buy 33 layer3 switches at 3000$ a piece. Jerome Herman -- Nathan Vidican nat...@vidican.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To
Re: Resin 3.1.9, Apache 2.2.16 and mod_caucho?
On 10/14/10 13:09, Tim Kellers wrote: On 10/14/10 12:11, Christer Solskogen wrote: On Thu, Oct 14, 2010 at 3:07 PM, Andy Wodferwod...@gmail.com wrote: On Thu, Oct 14, 2010 at 1:06 PM, Christer Solskogen christer.solsko...@gmail.com wrote: On Thu, Oct 14, 2010 at 10:16 AM, Andy Wodferwod...@gmail.com wrote: Hi, I'm trying to install Resin together with Apache and according to all documentation I can find I'm supposed to compile the mod_caucho and include this in the Apache httpd.conf, but I can't find any reference to mod_caucho in my ports, system or compile options. Is the documentation outdated or can anyone give me some pointers as to how I can make requests to Java sites go through Apache (using virtual hosts)? Ie. http://caucho.com/resin-3.1/doc/install-apache.xtp Both Apache (port 80) and Resin3.1 (port 8080) runs fine alone. You probably have that module already installed. It comes with www/resin3 according to the Makefile. Don't think so. locate (updated) and find only shows these: ./tmp/caucho ./usr/local/resin3/webapps/resin-doc/WEB-INF/classes/com/caucho ./usr/local/resin3/webapps/resin-doc/WEB-INF/xsl/caucho ./usr/local/resin3/webapps/resin-doc/examples/amber-basic/WEB-INF/classes/com/caucho You might need to have apache[2|22] installed first. After I built and installed Resin (with make WITH_APACHE2=YES install) and followed the config instructions in the pkg_messages), I cd'd to: /usr/ports/www/resin3/work/resin-3.1.9/modules/c/src/apache2/.libs and copied mod_caucho.so to /usr/local/libexec/apache22 I restarted apache and have this output from nmap -A localhost:80 /tcp open http Apache httpd 2.2.16 ((FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8n DAV/2 PHP/5.2.14 with Suhosin-Patch Resin/3.1.9) |_http-methods: No Allow or Public header in OPTIONS response (status code 503) |_html-title: 503 Service Temporarily Unavailable and 8080/tcp open http Caucho Resin JSP engine 3.1.9 |_http-methods: No Allow or Public header in OPTIONS response (status code 200) |_html-title: Resin#174; Default Home Page |_http-open-proxy: Proxy might be redirecting requests Device type: general purpose Running: FreeBSD 8.X OS details: FreeBSD 8.0-BETA2 - 8.0-RELEASE Network Distance: 0 hops Service Info: Host: beta.maestro; OSs: Unix, FreeBSD It looks like manually copying those files does get the server working both standalone and in aoache22. Tim Kellers NJIT I should have also mentioned that I added this line to my /usr/local/etc/apache22/httpd.conf: LoadModule caucho_modulelibexec/apache22/mod_caucho.so Below the already listed LoadModule lines. Tim Kellers NJIT ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Resin 3.1.9, Apache 2.2.16 and mod_caucho?
On Thu, Oct 14, 2010 at 6:11 PM, Christer Solskogen christer.solsko...@gmail.com wrote: Both Apache (port 80) and Resin3.1 (port 8080) runs fine alone. You might need to have apache[2|22] installed first. Apache was installed first. /Andy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
no sound with ALC888
Running most recent FreeBSD 8.1-STABLE on a P45/ICH10 based ASUS motherboard. There is no sound. dmesg output reports two HDA devices, one located on a Radeon HD4830 graphics board and one located on the ICH10 chipset. Setting hw.snd.default_unit=1 in /etc/sysctl.conf or manually does not solve the problem. 'cat /dev/sndstat' reports this: FreeBSD Audio Driver (newpcm: 64bit 2009061500/amd64) Installed devices: pcm0: HDA ATI R6xx HDMI PCM #0 HDMI (play) pcm1: HDA Analog Devices AD1988B PCM #0 Analog (play/rec) default pcm2: HDA Analog Devices AD1988B PCM #1 Analog (play) pcm3: HDA Analog Devices AD1988B PCM #2 Digital (play) (dmesg output: hdac0: ATI RV770 High Definition Audio Controller mem 0xfe7fc000-0xfe7f irq 17 at device 0.1 on pci1 hdac0: HDA Driver Revision: 20100226_0142 hdac0: [ITHREAD] hdac1: Intel 82801JI High Definition Audio Controller mem 0xfe6f8000-0xfe6fbfff irq 22 at device 27.0 on pci0 hdac1: HDA Driver Revision: 20100226_0142 hdac1: [ITHREAD] hdac0: HDA Codec #0: ATI R6xx HDMI pcm0: HDA ATI R6xx HDMI PCM #0 HDMI at cad 0 nid 1 on hdac0 hdac1: HDA Codec #0: Realtek ALC888 pcm1: HDA Realtek ALC888 PCM #0 Analog at cad 0 nid 1 on hdac1 pcm2: HDA Realtek ALC888 PCM #1 Analog at cad 0 nid 1 on hdac1 pcm3: HDA Realtek ALC888 PCM #2 Digital at cad 0 nid 1 on hdac1 pcm4: HDA Realtek ALC888 PCM #3 Digital at cad 0 nid 1 on hdac1) I tried windows 7 on the box, no problem, sound is all right. VLC on freebsd doesn't do any sound output. When using a legacy PCI sound card (M-Audio Revolution 5.1), sound is present. I do not have any idea what the muting of the device could trigger. Any suggestions? Please email, too, since I'm not subscribing 'questions'. Thanks. Oliver ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: VIA EPIA 5000 and ACPI Cx levels
On 10/10/10, Bruce Cran br...@cran.org.uk wrote: On Sunday 10 October 2010 21:49:30 b. f. wrote: If it has an i8254, that can also be used in one-shot mode if hint.attimer.0.timecounter=0 is used, since r212778. Thanks, I didn't know about that. After enabling it things are quite different: kern.eventtimer.periodic is now 1, and setting hw.acpi.cpu.cx_lowest=C2 results in 100% time being reported as being spent in C2 mode according to dev.cpu.0.cx_usage - using C3 causes the system to hang. Shouldn't a fully loaded CPU spent more time in C1 state though? When I run a program that results in 0% idle time cx_usage still reports that no time was spent in C1 state. I'm not sure what is going on here: if you set hint.attimer.0.timecounter=0 and kern.eventtimer.timer=i8254 in /boot/loader.conf, then the system should try to use the i8254 in one-shot mode, unless you've specifically set periodic mode. If kern.eventtimer.periodic=1, then you are _not_ using one-shot mode. If it was 0 before your latest changes, then you were previously using one-shot mode. But, as I wrote earlier, for kern.hz128 and kern.eventtimer.singlemul=1, periodic mode may result in more sleeping than one-shot mode, though at a price. This may be what you are seeing. The C-state used is determined in acpi_cpu_idle() in src/sys/dev/acpica/acpi_cpu.c, if you are using ACPI. I think that if the latency for the C2 state is low enough, the number of callouts and interrupts sufficiently low, and the scheduler quanta large enough, it's possible for your machine to mostly use C2 rather than C1. You can take a look at the algorithm, and make some experiments. Note that bus mastering activity, which can include routine USB polling, may prevent the use of C3. This or the high latency of C3 may account for your machine not using it. Also note that you shouldn't use a LAPIC timer if you are using C3 or deeper sleep states. b. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: VIA EPIA 5000 and ACPI Cx levels
On Thu, 14 Oct 2010 19:43:36 + b. f. bf1...@googlemail.com wrote: I'm not sure what is going on here: if you set hint.attimer.0.timecounter=0 and kern.eventtimer.timer=i8254 in /boot/loader.conf, then the system should try to use the i8254 in one-shot mode, unless you've specifically set periodic mode. If kern.eventtimer.periodic=1, then you are _not_ using one-shot mode. If it was 0 before your latest changes, then you were previously using one-shot mode. But, as I wrote earlier, for kern.hz128 and kern.eventtimer.singlemul=1, periodic mode may result in more sleeping than one-shot mode, though at a price. This may be what you are seeing. Sorry, that was a typo: kern.eventtimer.periodic=0 after setting hint.attimer.0.timecounter=0. I'm seeing 145 interrupts per second now, so setting hz=100 and using singlemul mode would further decrease it - but I guess it's not something you would want to do on a router or desktop. This or the high latency of C3 may account for your machine not using it. Also note that you shouldn't use a LAPIC timer if you are using C3 or deeper sleep states. Thanks. It sounds like things are working as they should then. Good to know the new timer code is working properly on this more unusual hardware! -- Bruce Cran ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Resin 3.1.9, Apache 2.2.16 and mod_caucho?
On 10/14/10 12:11, Christer Solskogen wrote: On Thu, Oct 14, 2010 at 3:07 PM, Andy Wodferwod...@gmail.com wrote: On Thu, Oct 14, 2010 at 1:06 PM, Christer Solskogen christer.solsko...@gmail.com wrote: On Thu, Oct 14, 2010 at 10:16 AM, Andy Wodferwod...@gmail.com wrote: Hi, I'm trying to install Resin together with Apache and according to all documentation I can find I'm supposed to compile the mod_caucho and include this in the Apache httpd.conf, but I can't find any reference to mod_caucho in my ports, system or compile options. Is the documentation outdated or can anyone give me some pointers as to how I can make requests to Java sites go through Apache (using virtual hosts)? Ie. http://caucho.com/resin-3.1/doc/install-apache.xtp Both Apache (port 80) and Resin3.1 (port 8080) runs fine alone. You probably have that module already installed. It comes with www/resin3 according to the Makefile. Don't think so. locate (updated) and find only shows these: ./tmp/caucho ./usr/local/resin3/webapps/resin-doc/WEB-INF/classes/com/caucho ./usr/local/resin3/webapps/resin-doc/WEB-INF/xsl/caucho ./usr/local/resin3/webapps/resin-doc/examples/amber-basic/WEB-INF/classes/com/caucho You might need to have apache[2|22] installed first. After I built and installed Resin (with make WITH_APACHE2=YES install) and followed the config instructions in the pkg_messages), I cd'd to: /usr/ports/www/resin3/work/resin-3.1.9/modules/c/src/apache2/.libs and copied mod_caucho.so to /usr/local/libexec/apache22 I restarted apache and have this output from nmap -A localhost:80 /tcp open http Apache httpd 2.2.16 ((FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8n DAV/2 PHP/5.2.14 with Suhosin-Patch Resin/3.1.9) |_http-methods: No Allow or Public header in OPTIONS response (status code 503) |_html-title: 503 Service Temporarily Unavailable and 8080/tcp open http Caucho Resin JSP engine 3.1.9 |_http-methods: No Allow or Public header in OPTIONS response (status code 200) |_html-title: Resin#174; Default Home Page |_http-open-proxy: Proxy might be redirecting requests Device type: general purpose Running: FreeBSD 8.X OS details: FreeBSD 8.0-BETA2 - 8.0-RELEASE Network Distance: 0 hops Service Info: Host: beta.maestro; OSs: Unix, FreeBSD It looks like manually copying those files does get the server working both standalone and in aoache22. Tim Kellers NJIT ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
How is CPU usage calculated?
Hi list! I did a strange observation yesterday night. The CPU usage reported by top doesn't match what is indicated under it. I was seeing around 80-90% user, 5% system, 1% interrupt and 10% idle. But the process details under it doesn't match. mysqld was taking around 250% (WCPU) with a few httpd processes at 1-2%. The system is running GENERIC 8.0-REL on a Xeon E5630 (quad core with hyperthreading so 8 CPUs). MySQL and Apache each have their own jail (I don't think it will matter but just in case) I understand why the mysqld process take more than 100% but how can I know what's taking the rest? Why doesn't the total user CPU usage match the total of the CPU usage of each process? Is there a link with hyperthreading? There sure is a logical answer and I would really like to know it :) Thanks in advance, Martin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Jail question
On 14 October 2010 19:19, doug d...@fledge.watson.org wrote: On Thu, 14 Oct 2010, Matthew Law wrote: I have a single box on which I would like to run openvpn, smtp (postfix, dspam, greylist, clamav), imap (dovecot) apache22 and bind. This box also acts as a network gateway so it would give an attacker carte blanche to the internal nets if it was compromised, which makes me nervous. The plan is to run openvpn as the only unjailed service and the rest of the services in a single jail or their own jails. I have never touched jails before and I'm a bit unsure of the best way to go. I realise that I can jail a service or a copy of the whole system (service would be preferable for space efficiency) but I am unclear on how to deal with IP addresses in jailed environments and if I should create individual jails or a single jail for all services. At the moment I am leaning toward a single system jail for everything so I can keep the space in which openvpn runs as uncluttered as possible and also have a single postgres instance shared by the other services. Basically, if any of the public services in the jail are compromised I would like to make it very hard for the attacker to see the internal network. If I use this scheme must I use separate public IPs for openvpn and the services jail or is it possible to use a single IP or some NAT/PAT scheme? -this box currently has 4 x NICs split into 2x lagg interfaces in failover mode (one public, one private), if that makes any difference Sorry for the rambling question and I hope this makes sense! Matt. Starting with FreeBSD 8 jails may have multiple IPs and can use sockets. AFAIK this makes a jail pretty much like a separate physical system in a functional sense. Between man jail and the handbook there is a clear explaination of the management and setup procedures. Hopefully those with a better understanding of the internals will weigh in with the liabilities for what you want to do. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.orgo how ever you decide to do it have a look a qjail, as its a good managment tool especially if you have multiple jails ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
mkmf on Linux??
I tried my first minor build of an unusual program [that only a CLI geek like me would use]. But can't find the mkmf that I've used for years. I haven't found anything comparable in the Linux world. Has anybody else out there gotten our old '93 src mkmf installed on Linux? tia, gary -- Gary Kline kl...@thought.org http://www.thought.org Public Service Unix The 7.90a release of Jottings: http://jottings.thought.org/index.php http://journey.thought.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: mkmf on Linux??
On Thu, 2010-10-14 at 16:30 -0700, Gary Kline wrote: I tried my first minor build of an unusual program [that only a CLI geek like me would use]. But can't find the mkmf that I've used for years. I haven't found anything comparable in the Linux world. Has anybody else out there gotten our old '93 src mkmf installed on Linux? On Linux: $ uname -spr Linux 2.6.9-78.0.5.ELsmp i686 $ cat /etc/redhat-release CentOS release 4.7 (Final) $ which xmkmf /usr/X11R6/bin/xmkmf $ rpm -qf /usr/X11R6/bin/xmkmf xorg-x11-devel-6.8.2-1.EL.52 $ man -P 'cat' xmkmf | grep -EA2 '(NA|SY|DE)' NAME xmkmf - create a Makefile from an Imakefile SYNOPSIS xmkmf [ -a ] [ topdir [ curdir ] ] DESCRIPTION The xmkmf command is the normal way to create a Makefile from an Imakefile shipped with third-party software. Meanwhile, over on FreeBSD... $ uname -spr FreeBSD 8.1-RELEASE-p1 amd64 $ which xmkmf /usr/local/bin/xmkmf $ pkg_info -W /usr/local/bin/xmkmf /usr/local/bin/xmkmf was installed by package imake-1.0.3,1 $ man -P 'cat' xmkmf | grep -EA2 '(NA|SY|DE)' NAME xmkmf - create a Makefile from an Imakefile SYNOPSIS xmkmf [ -a ] [ topdir [ curdir ] ] DESCRIPTION The xmkmf command is the normal way to create a Makefile from an Imake- file shipped with third-party software. tia, gary -- Cheers, Devin Teske - CONTACT INFORMATION - Business Solutions Consultant II FIS - fisglobal.com 510-735-5650 Mobile 510-621-2038 Office 510-621-2020 Office Fax 909-477-4578 Home/Fax devin.te...@fisglobal.com - LEGAL DISCLAIMER - This message contains confidential and proprietary information of the sender, and is intended only for the person(s) to whom it is addressed. Any use, distribution, copying or disclosure by any other person is strictly prohibited. If you have received this message in error, please notify the e-mail sender immediately, and delete the original message without making a copy. - END TRANSMISSION - ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: mkmf on Linux??
On Thu, Oct 14, 2010 at 04:49:42PM -0700, Devin Teske wrote: On Thu, 2010-10-14 at 16:30 -0700, Gary Kline wrote: I tried my first minor build of an unusual program [that only a CLI geek like me would use]. But can't find the mkmf that I've used for years. I haven't found anything comparable in the Linux world. Has anybody else out there gotten our old '93 src mkmf installed on Linux? On Linux: $ uname -spr Linux 2.6.9-78.0.5.ELsmp i686 $ cat /etc/redhat-release CentOS release 4.7 (Final) $ which xmkmf /usr/X11R6/bin/xmkmf $ rpm -qf /usr/X11R6/bin/xmkmf xorg-x11-devel-6.8.2-1.EL.52 $ man -P 'cat' xmkmf | grep -EA2 '(NA|SY|DE)' NAME xmkmf - create a Makefile from an Imakefile SYNOPSIS xmkmf [ -a ] [ topdir [ curdir ] ] DESCRIPTION The xmkmf command is the normal way to create a Makefile from an Imakefile shipped with third-party software. Meanwhile, over on FreeBSD... $ uname -spr FreeBSD 8.1-RELEASE-p1 amd64 $ which xmkmf /usr/local/bin/xmkmf $ pkg_info -W /usr/local/bin/xmkmf /usr/local/bin/xmkmf was installed by package imake-1.0.3,1 $ man -P 'cat' xmkmf | grep -EA2 '(NA|SY|DE)' NAME xmkmf - create a Makefile from an Imakefile SYNOPSIS xmkmf [ -a ] [ topdir [ curdir ] ] DESCRIPTION The xmkmf command is the normal way to create a Makefile from an Imake- file shipped with third-party software. tia, gary -- Cheers, Devin Teske Close, but no cigar. I want just plain mkmf, not [x]mkmf. thanks, tho. ps: I did find the shar utilities, so I'll tarball up our stuff and see if it build in my ~/devel files. - CONTACT INFORMATION - Business Solutions Consultant II FIS - fisglobal.com 510-735-5650 Mobile 510-621-2038 Office 510-621-2020 Office Fax 909-477-4578 Home/Fax devin.te...@fisglobal.com - LEGAL DISCLAIMER - This message contains confidential and proprietary information of the sender, and is intended only for the person(s) to whom it is addressed. Any use, distribution, copying or disclosure by any other person is strictly prohibited. If you have received this message in error, please notify the e-mail sender immediately, and delete the original message without making a copy. - END TRANSMISSION - ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- Gary Kline kl...@thought.org http://www.thought.org Public Service Unix The 7.90a release of Jottings: http://jottings.thought.org/index.php http://journey.thought.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: mkmf on Linux??
On Thu, Oct 14, 2010 at 04:30:32PM -0700, Gary Kline wrote: I tried my first minor build of an unusual program [that only a CLI geek like me would use]. But can't find the mkmf that I've used for years. I haven't found anything comparable in the Linux world. Has anybody else out there gotten our old '93 src mkmf installed on Linux? Even on FreeBSD mkmf 4.11 needs some patching to compile (as evidenced by the devel/mkmf port), so I expect same goes for Linux. Maybe the FreeBSD patches work? Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpteZXU7aKd6.pgp Description: PGP signature
Re: mkmf on Linux??
On Fri, Oct 15, 2010 at 03:00:17AM +0200, Roland Smith wrote: On Thu, Oct 14, 2010 at 04:30:32PM -0700, Gary Kline wrote: I tried my first minor build of an unusual program [that only a CLI geek like me would use]. But can't find the mkmf that I've used for years. I haven't found anything comparable in the Linux world. Has anybody else out there gotten our old '93 src mkmf installed on Linux? Even on FreeBSD mkmf 4.11 needs some patching to compile (as evidenced by the devel/mkmf port), so I expect same goes for Linux. Maybe the FreeBSD patches work? Roland We'll see. I have entirely forgotten howto use uuencode/uudecode [!!] -- well, it's been at least 13 years--so carefully transferring things by hand. Anyway, there is the 32 and 64 bit issues... . gary PS: be nice to see [*esp'ly* ubuntu] get with it; maintain the older stuff. Even if it was back in the Eozoic:) -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) -- Gary Kline kl...@thought.org http://www.thought.org Public Service Unix The 7.90a release of Jottings: http://jottings.thought.org/index.php http://journey.thought.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
gedit in gnome
when i hit the command gedit : it show Fontconfig error: Cannot load default config file (gedit:2858): GVFS-RemoteVolumeMonitor-WARNING **: remote volume monitor with dbus name org.gtk.Private.HalVolumeMonitor is not supported (gedit:2858): GVFS-RemoteVolumeMonitor-WARNING **: remote volume monitor with dbus name org.gtk.Private.GPhoto2VolumeMonitor is not supported but it can still be opened when i su to root gedit show : GConf �� ORBit TCP/IP NFS �� http://projects.gnome.org/gconf/ ��( - 1: ��Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.) it show differently yesterday i change my LANG to English , but i don't now how � happened thank you ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org