Re: need help with pf configuration

2011-10-08 Thread Patrick Lamaiziere 
Le Sun, 9 Oct 2011 12:15:54 +0700,
Victor Sudakov  a écrit :

> I have a configuration with 2 inside interfaces, 1 outside and 1 dmz
> interface. The traffic should be able to flow
> 
> 1) from inside1 to any (and back)
> 2) from inside2 to any (and back)
> 3) from dmz to outside only (and back).
> 
> I need no details, just a general hint how to setup such security
> levels, preferably independent of actual IP addressses behind the
> interfaces (a :network macro is not always sufficient).

You may use urpf-failed instead :network
urpf-failed: Any source address that fails a unicast reverse path
forwarding (URPF) check, i.e. packets coming in on an interface other
than that which holds the route back to the packet's source address.

something like
block in quick on $inside1 from urpf-failed to any
pass in quick on $inside1

I've not tested this.

Regards
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

need help with pf configuration

2011-10-08 Thread Victor Sudakov 
Colleagues,

I have a configuration with 2 inside interfaces, 1 outside and 1 dmz
interface. The traffic should be able to flow

1) from inside1 to any (and back)
2) from inside2 to any (and back)
3) from dmz to outside only (and back).

I need no details, just a general hint how to setup such security
levels, preferably independent of actual IP addressses behind the
interfaces (a :network macro is not always sufficient). It would be
nice to find a configuration that would scale to any number of
interfaces with different security levels.

On a Cisco PIX I would configure

outside security0
inside1 security100
inside2 security100
dmz security50

and that's it, the PIX logic would do the rest.

Thank you very much in advance for any input.

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:suda...@sibptus.tomsk.ru
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: New FreeBSD User | HP Doesn't Boot

2011-10-08 Thread Adam Vande More 
On Sat, Oct 8, 2011 at 8:51 PM, Colin Barnabas  wrote:

> Are you able to boot from the usb you used to install? If yes,
> then my first instinct would be to scrub the disk and
> start over. Hopefully what ever is going on is just a freak anomaly.
>
> If you can boot the from the usb stick, go to the fixit shell and
> run
>
> dd if=/dev/zero of=/dev/ad0 bs=1k
>

Can you please not top-post while on this list as it's convention states?

That command is suboptimal to put it kindly.  First, it's not necessary to
wipe the entire drive, simply destroying the first couple sectors will be
sufficent for the cause.  Second, in the rare case you do need to wipe the
entire thing, don't use bs=1k unless you really enjoy sitting around
waiting.   Use either of the following if you really must:

dd if=/dev/zero of=/dev/ad0 bs=1k count=1
dd if=/dev/zero of=/dev/ad0 bs=512k

but you can call me uncle Eddie if that somehow helps.  I'm not sure how you
think a bad burn would cause POST to fail.  First, I'd check around and see
if there were problems with system like this:

http://en.kioskea.net/forum/affich-111507-hp-pavilion-dv6000-won-t-turn-on-black-screen

Then I might look for BIOS updates to fix the problem.  Teseting BIOS to
defaults would be something I would try, followed by unplugging unnecessary
peripherals.

-- 
Adam Vande More
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: New FreeBSD User | HP Doesn't Boot

2011-10-08 Thread Colin Barnabas 
Are you able to boot from the usb you used to install? If yes,
then my first instinct would be to scrub the disk and
start over. Hopefully what ever is going on is just a freak anomaly.

If you can boot the from the usb stick, go to the fixit shell and
run

dd if=/dev/zero of=/dev/ad0 bs=1k

That will fill the disk with zeros, erasing _everything_. 

On Sat, Oct 08, 2011 at 04:56:29PM -0700, Michael Starr wrote:
> Thanks for the prompt response. The screen only shows the HP startup screen 
> with the "Press the Esc Key for Startup Menu" at the bottom. When I press it, 
> it doesn't do anything. Researching this a little more, it looks more like a 
> partitioning issue. However, I used the automatic settings to configure the 
> partitions on my hard drive. What could this mean?
> 
> On Sat, Oct 8, 2011 at 4:52 PM, Colin Barnabas 
> mailto:a...@ucs.com>> wrote:
> The chances that you have inadvertently altered your BIOS are
> quite slim. What does the machine display when you try to
> boot?
> 
> On Sat, Oct 08, 2011 at 04:11:31PM -0700, Michael Starr wrote:
> > Hello Everyone,
> >
> >I am a brand new FreeBSD user with minimal Unix knowledge. I have
> > "successfully" installed FreeBSD on a computer dedicated to the operating
> > system. However, after rebooting, the machine can't boot, nor get into BIOS.
> > I installed the system from a bootable USB stick. I would try another fresh
> > install, but currently I can't do anything. Could someone please direct me
> > to a solution? I hope I did not irrevocably alter my BIOS. Any help would be
> > deeply appreciated. Thank you.
> >
> > Computer: HP dvr6 2150us (laptop)
> >
> > --
> > Michael Starr
> > masmi...@gmail.com
> > ___
> > freebsd-questions@freebsd.org mailing 
> > list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to 
> > "freebsd-questions-unsubscr...@freebsd.org"
> 
> 
> 
> --
> Michael Starr
>   760-522-0863
> 
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: pkg_upgrade seems to try server that isn't right

2011-10-08 Thread Conrad J. Sabatier 
On Sat, 08 Oct 2011 04:35:11 -0400
Allen  wrote:

[snip]
 
> I noticed a little while ago I had "upgrade_pkg" and since I have 0
> Ports (I don't need to squeeze out extra performance, I'm not running
> a Server, so I only compile when I have to, and I like Binaries more
> so I generally install my software either with sysinstall, or,
> pkg_add -r whateverIWant) and then, get emailed that my software has
> a security flaw, and from there it usually went down hill.
> 
> Well, now I have Hardware security in place, and that allowed me to
> not worry about it as much, su, I started reading the man page. I saw
> that I could do this:
> 
> upgrade_pkg -a
> 
> When I ran this, I noticed it was trying to get to a server about
> FreeBSD Release 8, and freebsd-update, uses the right one.
> freebsd-update grabs patches no problem, but for software packages it
> doesn't touch them, though I DO wish it did If I could code in C,
> the first thing I would do, would be to build a Package for FreeBSD
> that basically was like this:
> 
> fbsdupdate --update --all
> 
> That would download, and install, ALL Security and Bug Fixes, no
> matter if it was in the base system, the ports, or whatever. Since
> I'm no coder, I can't though. But I did wonder why it wouldn't work.
> 
> I read through the man page, looking to see if it showed a file it
> uses to decide where to contact the server, but there isn't one. So
> basically, how do you make upgrade_pkg work the way it says in the
> man page?
> 
> I basically figured I'd run upgrade_pkg -af and let it update and
> reinstall everything, and Hoped that would patch it, but it kept going
> for some FreeBSD8-RELEASE server saying it couldn't contact it, and
> as I said, freebsd-update works fine, grabbing things from the server
> for FreeBSD-RELEASE 8.2 which is what I'm running.

I assume you mean "pkg_upgrade" (not "upgrade_pkg")?

See the "ENVIRONMENT" section of the man page.  All of the pkg_* tools
are consistent in how they reference these variables.

-- 
Conrad J. Sabatier
conr...@cox.net
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: New FreeBSD User | HP Doesn't Boot

2011-10-08 Thread Colin Barnabas 
The chances that you have inadvertently altered your BIOS are
quite slim. What does the machine display when you try to
boot?

On Sat, Oct 08, 2011 at 04:11:31PM -0700, Michael Starr wrote:
> Hello Everyone,
> 
>I am a brand new FreeBSD user with minimal Unix knowledge. I have
> "successfully" installed FreeBSD on a computer dedicated to the operating
> system. However, after rebooting, the machine can't boot, nor get into BIOS.
> I installed the system from a bootable USB stick. I would try another fresh
> install, but currently I can't do anything. Could someone please direct me
> to a solution? I hope I did not irrevocably alter my BIOS. Any help would be
> deeply appreciated. Thank you.
> 
> Computer: HP dvr6 2150us (laptop)
> 
> -- 
> Michael Starr
> masmi...@gmail.com
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

New FreeBSD User | HP Doesn't Boot

2011-10-08 Thread Michael Starr 
Hello Everyone,

   I am a brand new FreeBSD user with minimal Unix knowledge. I have
"successfully" installed FreeBSD on a computer dedicated to the operating
system. However, after rebooting, the machine can't boot, nor get into BIOS.
I installed the system from a bootable USB stick. I would try another fresh
install, but currently I can't do anything. Could someone please direct me
to a solution? I hope I did not irrevocably alter my BIOS. Any help would be
deeply appreciated. Thank you.

Computer: HP dvr6 2150us (laptop)

-- 
Michael Starr
masmi...@gmail.com
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Problem with Samba (SOLVED)

2011-10-08 Thread Carmel 
I discover the problem. A soon to be "former" employee decided to
change the name of the router to the same name as the FreeBSD server.
Why, I do not know. Once I discovered this, I reverted the name to its
original state, rebooted the router and all is well.

-- 
Carmel ✌
carmel...@hotmail.com

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Problem with Samba

2011-10-08 Thread Carmel 
I probably should be asking this on the Samba forum; however, I thought
I would start here.

A few days ago the Samba shares on my FreeBSD-8.2 amd64 machine stopped
showing up on my Windows machines. All of them to be precise. I removed
all of the old Samba logs after having shut it down and then restarted
it. This error message is being printed in the "log.nmdb" file:

[2011/10/08 12:30:30,  0] nmbd/nmbd_mynames.c:35(my_name_register_failed)
  my_name_register_failed: Failed to register my name SCORPIO<20> on subnet 
192.168.1.101.
[2011/10/08 12:30:30,  0] nmbd/nmbd_namelistdb.c:307(standard_fail_register)
  standard_fail_register: Failed to register/refresh name SCORPIO<20> on subnet 
192.168.1.101
[2011/10/08 12:30:30,  0] nmbd/nmbd_mynames.c:35(my_name_register_failed)
  my_name_register_failed: Failed to register my name SCORPIO<03> on subnet 
192.168.1.101.
[2011/10/08 12:30:30,  0] nmbd/nmbd_namelistdb.c:307(standard_fail_register)
  standard_fail_register: Failed to register/refresh name SCORPIO<03> on subnet 
192.168.1.101
[2011/10/08 12:30:30,  0] nmbd/nmbd_mynames.c:35(my_name_register_failed)
  my_name_register_failed: Failed to register my name SCORPIO<00> on subnet 
192.168.1.101.
[2011/10/08 12:30:30,  0] nmbd/nmbd_namelistdb.c:307(standard_fail_register)
  standard_fail_register: Failed to register/refresh name SCORPIO<00> on subnet 
192.168.1.101


This only started a few days ago. I do need to get this network back up
however.

-- 
Carmel ✌
carmel...@hotmail.com

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

pkg_upgrade seems to try server that isn't right

2011-10-08 Thread Allen 
Hi all,

I recently started taking BSD more seriously, and I'm coming from using
Windows first, then, trying to learn DOS, and seeing there was no point
outside of a hobby, and, Linux and BSD at very similar points in time,
however, I always seemed to stick with Linux a little more.

The main reasons were ease of updating software installed. (My first
exposure to FreeBSD was when I was walking around Best Buy one day, and,
after having bought multiple versions of Linux from there, and BeOS, I
one day saw the "BSD PowerPak" for sale for 59 dollars, which came with
FreeBSD 4.0) this was around the year 2000.

I saw Unix and, being that I was just starting in Computers, and didn't
know much other than that I REALLY wanted something more Unix like that
wasn't Linux, I instantly bought the BSD thing without thinking twice.

I noticed it was very different from Linux; In Linux, even Slackware,
updating Software that had Security Flaws in it was as simple as using
wget to grab the updated version, and upgradepkg to install it.

At the time, FreeBSD's version meant screwing with source code, and, not
wanting to run a system totally insecure, I would install it for a
while, use it, and then generally use something else I could keep
patched easier.

I noticed a little while ago I had "upgrade_pkg" and since I have 0
Ports (I don't need to squeeze out extra performance, I'm not running a
Server, so I only compile when I have to, and I like Binaries more so I
generally install my software either with sysinstall, or, pkg_add -r
whateverIWant) and then, get emailed that my software has a security
flaw, and from there it usually went down hill.

Well, now I have Hardware security in place, and that allowed me to not
worry about it as much, su, I started reading the man page. I saw that I
could do this:

upgrade_pkg -a

When I ran this, I noticed it was trying to get to a server about
FreeBSD Release 8, and freebsd-update, uses the right one.
freebsd-update grabs patches no problem, but for software packages it
doesn't touch them, though I DO wish it did If I could code in C,
the first thing I would do, would be to build a Package for FreeBSD that
basically was like this:

fbsdupdate --update --all

That would download, and install, ALL Security and Bug Fixes, no matter
if it was in the base system, the ports, or whatever. Since I'm no
coder, I can't though. But I did wonder why it wouldn't work.

I read through the man page, looking to see if it showed a file it uses
to decide where to contact the server, but there isn't one. So
basically, how do you make upgrade_pkg work the way it says in the man page?

I basically figured I'd run upgrade_pkg -af and let it update and
reinstall everything, and Hoped that would patch it, but it kept going
for some FreeBSD8-RELEASE server saying it couldn't contact it, and as I
said, freebsd-update works fine, grabbing things from the server for
FreeBSD-RELEASE 8.2 which is what I'm running.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: OT: how to tell when i've hit a Fn key?

2011-10-08 Thread Polytropon 
On Fri, 7 Oct 2011 12:01:29 -0700, Gary Kline wrote:
>   i still have a few mile--maybe lightyears--to go, but
>   slowly...slowly this is coming back.  when ken arnold was
>   working on the early versions of curses i was
>   still learning C.  i dont remembr any arrow keys on the old
>   AMD3a terms so wasn't that interested in things-termcap.

The UNIX termcap representation differs from what programmers
of DOS time (not _that_ DOS, the other one) can remember. So
relying on NCurses is the optimal way to go, as it proves to
be most portable across UNIX and the various Linusi.



>   but what i'm doing with my clicky-keys for those FEW of use
>   who like feedback =proves= that, yes, there are new and
>   interesting uses for curses.  :_)  

Oh yes, there _are_ interesting uses for (n)curses. :-)



>   i have writeen the rough draft of a curses [or Ncurses]
>   test program that gets rid of the rat-a-tat-tat WAV response 
>   whenever i hit a non-std key.  say "home" or up-arrow, or
>   F12 or Scroll Lock.  how long it will be before i've joined
>   this test program with my kclick stuff is unknown.  maybe 45
>   mins, maybe 75 years. [[that's IFF they've got programming
>   in hell]]

They have. Never wondered where "Windows" comes from? :-)



>   **Change-of-topic:
> 
>   the GUI editor that has vi bindings is kate.  unfortunately,
>   kate has no abbrevs.   i asked the principal developer about
>   that.  no answer.  his site has a .de suffix.  (i was
>   wondering if he doesn't speak english.  he may be like me, 
>   a linguistic dimwit.  then again, he may not think much of
>   my idea.  or overwhelingly busy... .)

Programmers with no English skillz... hard to believe, but well,
in our modern times of "rapid application development" and layers
of layers of abstraction of libraries of layers of libraries of
abstraction of (cont. ad naus.) it wouldn't be a big surprise. :-)



>   anyway, for now, i think having a GUI editor that the speech
>   disabled can use to have their computer speak what they type
>   is better than using something like vim/gvim. 

Depends. When moving a mouse pointer or chasing across a full-sized
keyboard gets complicated (e. g. with limited movement of arm),
the "vi concept" may be superior, especially when the user does
more than just writing some few sentences, say he writes a complete
document (letter, essay, book); in this case, _not_ having too
much shift/alt/ctrl layers could be a benefit. Of course I do
acknowledge that using this approach requires learning and
training. Those who use vi on a regular basis do know this.

The strength of the "vi concept" is that the letter keys and
the "mode switch" Esc basically can do all the stuff other
editors need Ctrl-something, Alt-something, click-something
for - which can be hard to do under specific circumstances.



> the One
>   Laptop per Child bunch are still interested.  their device
>   has a membrane kybd.  i have heard that the keys are
>   somewhat hard to use.  

That's typical for lowest-end keyboards. Remember IBM's PCjr?
Also came with a weird keyboard. Today, you need to stick to
old keyboards (and adapters DIN -> PS/2 -> USB -> ?) when you
intendedly want a _good_ keyboard. :-)

The membrane keyboards often lack a usable tactile feedback
(as touch-interfaces do), so they might not be 1st choice in
every place.



>   IF there is another GUI editor that has builtin
>   abbreviations that you guys know of, please senf up some
>   smoke signals:)

Abbreviations are a _professional_ feature, while GUI editors
do not seem to cater the kind of users who _want_ those features,
they are not the primary target group. The result: Some GUI
editors even have limited keyboard support, expecting a
continuous "click & wait" flow.

Summary: Depends.



-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"