Re: ipfw confusion
Are you sure that your DNS requests are over TCP? DNS primarily uses UDP to serve requests. TCP is used when the response data size exceeds 512 bytes (I think), or for tasks such as zone transfers. I know a few resolver implementations use TCP for all queries, but most I have used not. You might want to add rules to allow UDP as well. On Sun, Aug 18, 2013 at 11:06 PM, Gary Aitken wrote: > I'm having some weird ipfw behavior, or it seems weird to me, and am > looking > for an explaination and then a way out. > > ipfw list > ... > 21109 allow tcp from any to 12.32.44.142 dst-port 53 in via tun0 setup > keep-state > 21129 allow tcp from any to 12.32.36.65 dst-port 53 in via tun0 setup > keep-state > ... > 65534 deny log logamount 5 ip from any to any > > tail -f messages > Aug 18 23:33:06 nightmare named[914]: client 188.231.152.46#63877: error > sending response: permission denied > > 12.32.36.65 is the addr of the internal interface (xl0) on the firewall > and is the public dns server. > 12.32.44.142 is the addr of the external interface (tun0) which is bridged > on a > dsl line. > > It appears that a dns request was allowed in, but the response was not > allowed > back out. It seems to me the above rules 21109 and 21129 should have > allowed > the request in and the response back out. > > It's possible a request could come in on 12.32.44.142, > which is why 21109 is present; > although I know I am getting failures to reply to refresh requests > from a secondary addressed to 12.32.36.65 > > What am I missing? > > Is there a problem if the incoming rule is for tun0, > which gets passed to named > since 12.32.44.142 is on the physical machine running named, > but named pumps its response out on 12.32.36.65, > relying on routing to get it to the right place, > and that fails to match the state tracking mechanism > which started with 12.32.44.142? > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscr...@freebsd.org" > -- Jason Cox ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
ipfw confusion
I'm having some weird ipfw behavior, or it seems weird to me, and am looking for an explaination and then a way out. ipfw list ... 21109 allow tcp from any to 12.32.44.142 dst-port 53 in via tun0 setup keep-state 21129 allow tcp from any to 12.32.36.65 dst-port 53 in via tun0 setup keep-state ... 65534 deny log logamount 5 ip from any to any tail -f messages Aug 18 23:33:06 nightmare named[914]: client 188.231.152.46#63877: error sending response: permission denied 12.32.36.65 is the addr of the internal interface (xl0) on the firewall and is the public dns server. 12.32.44.142 is the addr of the external interface (tun0) which is bridged on a dsl line. It appears that a dns request was allowed in, but the response was not allowed back out. It seems to me the above rules 21109 and 21129 should have allowed the request in and the response back out. It's possible a request could come in on 12.32.44.142, which is why 21109 is present; although I know I am getting failures to reply to refresh requests from a secondary addressed to 12.32.36.65 What am I missing? Is there a problem if the incoming rule is for tun0, which gets passed to named since 12.32.44.142 is on the physical machine running named, but named pumps its response out on 12.32.36.65, relying on routing to get it to the right place, and that fails to match the state tracking mechanism which started with 12.32.44.142? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: freebsd 9.2 via svn
On Mon, 19 Aug 2013 04:22:15 +0100, John wrote: > > If you don't use a custom kernel, why not use freebsd-update > > and follow the 9.2-RELEASE path with the security updates? > > Not sure if this is logic or "religon", but freebsd-update makes me > nervous. I'm allergic to automatic anything unless I've written it. The only > times I've run generic is when installing a new system, to see what I > need and what I don't. Maybe I'm just old. You demonstrated a valid argument for building from source. Using freebsd-update, a binary method is used for updating the _default_ system and the GENERIC kernel. If you have custom settings and therefore _intend_ to build from source, changing the version in your "svn co" command to the new -RELEASE-pX branch (security update branch) is safe. I've been using a similar approach with CVS to follow the -STABLE branch with a custom kernel and custom settings for building the system. If this makes me old, I should deserve several birthday parties per year. ;-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: freebsd 9.2 via svn
On Mon, Aug 19, 2013 at 04:17:02AM +0200, Polytropon wrote: > 9.2-RELEASE hasn't been released yet. :-) well yes, there is that I suppose ;) > If you don't use a custom kernel, why not use freebsd-update > and follow the 9.2-RELEASE path with the security updates? Not sure if this is logic or "religon", but freebsd-update makes me nervous. I'm allergic to automatic anything unless I've written it. The only times I've run generic is when installing a new system, to see what I need and what I don't. Maybe I'm just old. thanks for the input, -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: freebsd 9.2 via svn
On Mon, 19 Aug 2013 02:28:25 +0100, John wrote: > Is it "safe" to start using 9.2 in the svn repos? I have a line like > this in a daily crontab: > > svn co svn://svn.us-east.freebsd.org/base/releng/9.1 /usr/src > > Can I change that 9.1 to 9.2 now, or should I wait? I aim to follow > 9.2-R with security updates. 9.2-RELEASE hasn't been released yet. :-) http://www.freebsd.org/releases/9.2R/schedule.html If you don't use a custom kernel, why not use freebsd-update and follow the 9.2-RELEASE path with the security updates? -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
freebsd 9.2 via svn
Hello list, Is it "safe" to start using 9.2 in the svn repos? I have a line like this in a daily crontab: svn co svn://svn.us-east.freebsd.org/base/releng/9.1 /usr/src Can I change that 9.1 to 9.2 now, or should I wait? I aim to follow 9.2-R with security updates. thanks, -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: Pre-sales question
I would like to know if your freebsd OS 9.1 suite on CD(DVD) can be installed, and then run, on a Dell Inspiron 531S? I looked-over your website, and did +not see a citation for that specific PC (though I did see it for others). > For your reference, my PC has a AMD Athlon(tm) 64 X2 Dual core processor > 3800+ 2.01 GHz. The operating system on it right now (Vista) is 32-bit. The > PC can > have up to 4GB of RAM. I have a 80GB Hard drive on it right now. I would like > to "hitch" it to the PC using a USB cable. > If version 9.1 does run on that machine, then I may order a copy for myself. > Glen Peterson > Cedarburg, WI. > peterso...@aol.com You can go to ftp.freebsd.org/pub/FreeBSD and download iso files for FreeBSD amd64 and i386. You can download FreeBSD 9.1 or the newest release candidate for 9.2 (now RC2) and install from CD or DVD. Is that 80GB hard drive currently in the PC? Tom ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: Pre-sales question
Sir: I would like to know if your freebsd OS 9.1 suite on CD(DVD) can be installed, and then run, on a Dell Inspiron 531S? I looked-over your website, and did not see a citation for that specific PC (though I did see it for others). For your reference, my PC has a AMD Athlon(tm) 64 X2 Dual core processor 3800+ 2.01 GHz. The operating system on it right now (Vista) is 32-bit. The PC can have up to 4GB of RAM. I have a 80GB Hard drive on it right now. I would like to "hitch" it to the PC using a USB cable. If version 9.1 does run on that machine, then I may order a copy for myself. R.S.V.P., Glen Peterson Cedarburg, WI. peterso...@aol.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: undelete files in msdosfs
El día Sunday, August 18, 2013 a las 10:09:57PM +0200, CeDeROM escribió: > On Sun, Aug 18, 2013 at 7:00 PM, Matthias Apitz wrote: > > After a nice day in the fields, my wife deleted accidently the pictures > > in her cam; the microSD mounts fine in FreeBSD as -t msdosfs; do we have > > some FreeBSD 10-CUR tool to undelete the files, as there are some for M$? > > /usr/ports/sysutils/testdisk > > http://www.cgsecurity.org/wiki/TestDisk Thanks! This did what I was looking for. matthias -- Matthias Apitz | /"\ ASCII Ribbon Campaign: www.asciiribbon.org E-mail: g...@unixarea.de | \ / - No HTML/RTF in E-mail WWW: http://www.unixarea.de/ | X - No proprietary attachments phone: +49-170-4527211 | / \ - Respect for open standards ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: undelete files in msdosfs
On Sun, 18 Aug 2013 22:09:57 +0200, CeDeROM wrote: > On Sun, Aug 18, 2013 at 7:00 PM, Matthias Apitz wrote: > > After a nice day in the fields, my wife deleted accidently the pictures > > in her cam; the microSD mounts fine in FreeBSD as -t msdosfs; do we have > > some FreeBSD 10-CUR tool to undelete the files, as there are some for M$? > > /usr/ports/sysutils/testdisk > > http://www.cgsecurity.org/wiki/TestDisk That one is also on my "famous list", and if I remember correctly, also part of the UBCD for "OS-less" use. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: undelete files in msdosfs
On Sun, 18 Aug 2013 15:01:37 -0500, iamatt wrote: > Its called backups. Not trying to be a dick but it's 2013. Not 1983. But it doesn't help when Johnny Fatfingers presses the wrong buttons on the camera _prior_ to archiving the photos. :-) > Plenty of online backup/archive options. And local options, because you have to trust your online backup provider (except it's _yourself_ who provides and maintains the systems). > As always. Test restores > periodically. A backup that cannot be restored is _not_ a backup. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: undelete files in msdosfs
On Sun, Aug 18, 2013 at 7:00 PM, Matthias Apitz wrote: > After a nice day in the fields, my wife deleted accidently the pictures > in her cam; the microSD mounts fine in FreeBSD as -t msdosfs; do we have > some FreeBSD 10-CUR tool to undelete the files, as there are some for M$? /usr/ports/sysutils/testdisk http://www.cgsecurity.org/wiki/TestDisk -- CeDeROM, SQ7MHZ, http://www.tomek.cedro.info ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: undelete files in msdosfs
Its called backups. Not trying to be a dick but it's 2013. Not 1983. Plenty of online backup/archive options. As always. Test restores periodically. On Aug 18, 2013 2:30 PM, "Matthias Apitz" wrote: > El día Sunday, August 18, 2013 a las 03:23:18PM -0400, Jerry escribió: > > > On Sun, 18 Aug 2013 19:00:39 +0200 > > Matthias Apitz articulated: > > > > > After a nice day in the fields, my wife deleted accidently the > > > pictures in her cam; the microSD mounts fine in FreeBSD as -t > > > msdosfs; do we have some FreeBSD 10-CUR tool to undelete the files, > > > as there are some for M$? > > > > There are dozens of Microsoft based applications that are intended to > > undelete a file, assuming you have not otherwise over written the file > > or messed up the file system. I even saw one designed just for cameras. > > Google is your friend. > > Thanks for your reply, but luckily we do not have any Microsoft infected > computer at home (and we will no have). > > matthias > > -- > Sent from my FreeBSD netbook > > Matthias Apitz, , http://www.unixarea.de/ f: > +49-170-4527211 > UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370) > UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5 > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscr...@freebsd.org" > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: undelete files in msdosfs
On Sun, 18 Aug 2013 20:28:53 +0100, Frank Leonhardt wrote: > I wrote something to do this a long time back, but I doubt I can find > the source quickly. The easiest way would be to download a forensic > live-CD like DEFT, which includes Undelete 360. Possibly over-kill but > it's handy to have one around. Most of these forensic tools use a GUI. Or UBCD, if I remember correctly. It also offers some of those tools, usually the text-mode variants (not CLI, but dialog-driven) which allow you to perform the tasks quickly and safely. > There is a program called fatback in the ports collection but I haven't > tried it. The tools on these forensic live-CDs are likely to be more > powerful by a long way. Most of the programs can be used from within FreeBSD. As I said, there are many of those available for free. Some of them require the user to _know_ what he does. The more complex the recovery task is, the more knowledge is involved. GUIs are good to hide this fact, and in worst case, you lose your data. Of course there is no problem delegating the recovery task to a service center for $$$. And sometimes, if you look close enough, you can see that those are using the free tools. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Setup HP Laserjet 1120m over network with LPD
On Sun, 18 Aug 2013, Juris Kaminskis wrote: Yes indeed, i corrected, but i have still the problem Please don't top-post, it makes responding more difficult. lpd will restart a queue when it gets an error from a filter. Manually test the filter before trying to use it with lpd. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: undelete files in msdosfs
El día Sunday, August 18, 2013 a las 03:23:18PM -0400, Jerry escribió: > On Sun, 18 Aug 2013 19:00:39 +0200 > Matthias Apitz articulated: > > > After a nice day in the fields, my wife deleted accidently the > > pictures in her cam; the microSD mounts fine in FreeBSD as -t > > msdosfs; do we have some FreeBSD 10-CUR tool to undelete the files, > > as there are some for M$? > > There are dozens of Microsoft based applications that are intended to > undelete a file, assuming you have not otherwise over written the file > or messed up the file system. I even saw one designed just for cameras. > Google is your friend. Thanks for your reply, but luckily we do not have any Microsoft infected computer at home (and we will no have). matthias -- Sent from my FreeBSD netbook Matthias Apitz, , http://www.unixarea.de/ f: +49-170-4527211 UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370) UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: undelete files in msdosfs
I wrote something to do this a long time back, but I doubt I can find the source quickly. The easiest way would be to download a forensic live-CD like DEFT, which includes Undelete 360. Possibly over-kill but it's handy to have one around. Most of these forensic tools use a GUI. There is a program called fatback in the ports collection but I haven't tried it. The tools on these forensic live-CDs are likely to be more powerful by a long way. Regards, Frank. On 18/08/2013 18:00, Matthias Apitz wrote: Hello, After a nice day in the fields, my wife deleted accidently the pictures in her cam; the microSD mounts fine in FreeBSD as -t msdosfs; do we have some FreeBSD 10-CUR tool to undelete the files, as there are some for M$? Thanks matthias ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: undelete files in msdosfs
On Sun, 18 Aug 2013 19:00:39 +0200, Matthias Apitz wrote: > After a nice day in the fields, my wife deleted accidently the pictures > in her cam; the microSD mounts fine in FreeBSD as -t msdosfs; do we have > some FreeBSD 10-CUR tool to undelete the files, as there are some for M$? We have plenty of them. From my "unbelievable list of tools for data recovery" and regarding that you are trying to recover files from a camera: "photorec". It's in the ports collection. In the same context, "magicrescue" is worth mentioning. If they all fail, consider using TSK. Note: Do _not_ do ANY writes to the card! Mount it -o ro if needed. Make an 1:1 copy (using "dd_rescue" from ports), work with that copy. Everything that slips through fat fingers could reduce the chance of a successful recovery session. I know it. ;-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Setup HP Laserjet 1120m over network with LPD
Yes indeed, i corrected, but i have still the problem 2013. gada 18. aug. 22:01 "Chris Hill" rakstīja: > On Sun, 18 Aug 2013, Juris Kaminskis wrote: > > as suggested i tried now foo2xqx filter. My printcap entry: >> --- >> HP:\ >> :lp=:\ >> :sh:\ >> :mx#0:\ >> :rm=192.168.1.105:\ >> :rp=raw:\ >> :sd=/var/spool/hp:\ >> :if=/usr/bin/foo2xqx-wrapper:\ >> :lf=/var/log/lpd-errs:\ >> --- >> > ^ > That backslash needs to go, for one thing. The backslash indicates > continuation on the next line, but I don't know what would happen if there > is no next line. In other words, the last line should NOT end with a > backslash. > > HTH. > > -- > Chris Hill ch...@monochrome.org > ** [ Busy Expunging ] > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: undelete files in msdosfs
On Sun, 18 Aug 2013 19:00:39 +0200 Matthias Apitz articulated: > After a nice day in the fields, my wife deleted accidently the > pictures in her cam; the microSD mounts fine in FreeBSD as -t > msdosfs; do we have some FreeBSD 10-CUR tool to undelete the files, > as there are some for M$? There are dozens of Microsoft based applications that are intended to undelete a file, assuming you have not otherwise over written the file or messed up the file system. I even saw one designed just for cameras. Google is your friend. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
ipfw gateway rerouting
Can someone please hint me to to good explanatory site that explains how to reroute a network server to different/non standard network gateway(s) with ipfw? thanks, Jos Chrispijn ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Setup HP Laserjet 1120m over network with LPD
On Sun, 18 Aug 2013, Juris Kaminskis wrote: as suggested i tried now foo2xqx filter. My printcap entry: --- HP:\ :lp=:\ :sh:\ :mx#0:\ :rm=192.168.1.105:\ :rp=raw:\ :sd=/var/spool/hp:\ :if=/usr/bin/foo2xqx-wrapper:\ :lf=/var/log/lpd-errs:\ --- ^ That backslash needs to go, for one thing. The backslash indicates continuation on the next line, but I don't know what would happen if there is no next line. In other words, the last line should NOT end with a backslash. HTH. -- Chris Hill ch...@monochrome.org ** [ Busy Expunging ] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
undelete files in msdosfs
Hello, After a nice day in the fields, my wife deleted accidently the pictures in her cam; the microSD mounts fine in FreeBSD as -t msdosfs; do we have some FreeBSD 10-CUR tool to undelete the files, as there are some for M$? Thanks matthias -- Matthias Apitz | /"\ ASCII Ribbon Campaign: www.asciiribbon.org E-mail: g...@unixarea.de | \ / - No HTML/RTF in E-mail WWW: http://www.unixarea.de/ | X - No proprietary attachments phone: +49-170-4527211 | / \ - Respect for open standards ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Setup HP Laserjet 1120m over network with LPD
as suggested i tried now foo2xqx filter. My printcap entry: --- HP:\ :lp=:\ :sh:\ :mx#0:\ :rm=192.168.1.105:\ :rp=raw:\ :sd=/var/spool/hp:\ :if=/usr/bin/foo2xqx-wrapper:\ :lf=/var/log/lpd-errs:\ --- Now I get following errors in log file: --- Aug 18 21:16:17 laptops lpd[11798]: lpd startup: logging=0 Aug 18 21:16:17 laptops foo2xqx-wrapper: foo2xqx-wrapper -w132 -l66 -i0 -n root Aug 18 21:16:18 laptops lpd[11799]: restarting HP Aug 18 21:16:18 laptops foo2xqx-wrapper: foo2xqx-wrapper -w132 -l66 -i0 -n root Aug 18 21:16:19 laptops lpd[11799]: restarting HP Aug 18 21:16:19 laptops foo2xqx-wrapper: foo2xqx-wrapper -w132 -l66 -i0 -n root Aug 18 21:16:19 laptops lpd[11799]: restarting HP Aug 18 21:16:19 laptops foo2xqx-wrapper: foo2xqx-wrapper -w132 -l66 -i0 -n root Aug 18 21:16:19 laptops lpd[11799]: restarting HP Aug 18 21:16:19 laptops foo2xqx-wrapper: foo2xqx-wrapper -w132 -l66 -i0 -n root Aug 18 21:16:19 laptops lpd[11799]: HP: job could not be sent to remote host (cf Aug 18 21:16:20 laptops lpd[11799]: mail sent to user root about job o --- why foo2xqx-wrapper is forcing restart for the printer? 2013/8/6 Juris Kaminskis > > after several trials and errors and reading through FreeBSD handbook I am > at dead end on how to proceed further, hope someone can guide me. > > my /etc/printcap entry: > --- > HP:\ > :rm=192.168.1.105:sd=/var/spool/hp:lf=/var/log/lpd-errs:\ > :if=/usr/local/libexec/hp-network: > --- > > my /usr/local/libexec/hp-network entry: > --- > #!/bin/sh > # > # hp-network - Text filter for HP printer `NPI2B483C' listening > # on port 9100. Installed in /usr/local/libexec/hp-network > # > exec /usr/libexec/lpr/lpf "$@" | /usr/local/libexec/netprint 192.168.1.105 > 9100 > --- > > my /usr/local/libexec/netprint entry: > --- > !/usr/bin/perl -w > # > # netprint - Text filter for printer attached to network > # Installed in /usr/local/libexec/netprint > # > > $#ARGV eq 1 || die "Usage: $0 "; > > $printer_host = $ARGV[0]; > $printer_port = $ARGV[1]; > use Socket; > > $protocol = getprotobyname('tcp'); > $address = inet_aton("192.168.1.105"); > $sockaddr = sockaddr_in($printer_port, $address); > > socket(PRINTER, PF_INET, SOCK_STREAM, $protocol) > || die "Can't create TCP/IP stream socket: $!"; > connect(PRINTER, $sockaddr) || die "Can't contact $printer_host: $!"; > > while () { print PRINTER; } exit 0; > --- > > Now my /var/log/lpd-errs is empty and in spool directory I have following > after running command lptest 20 5 | lpr -P HP : > > content of /var/spool/hp > total 16 > -rw-r--r-- 1 root juris 4 Aug 6 21:55 .seq > -rw-rw 1 daemon juris 70 Aug 6 21:55 cfA014laptops > -rw-rw 1 root juris 605 Aug 6 21:55 dfA014laptops > -rw-rw-r-- 1 root juris 0 Aug 6 21:55 errs.ukc0YLC > -rw-rw-r-- 1 root juris 5 Aug 6 21:55 lock > > My printer is not responding in any way, it keeps on flashing Ready. it is > on the internal network having ip 192.168.1.105 > > thanks > Juris > > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Mouse Trails?
On Sun, 18 Aug 2013 18:29:23 +0200, cpghost wrote: > On 08/18/13 16:48, Gary Aitken wrote: >> On 08/17/13 19:08, cpghost wrote: >>> On 08/17/13 18:14, Walter Hurry wrote: On Sat, 17 Aug 2013 17:31:26 +0200, Polytropon wrote: >> >>> Good ole Xeyes... ;-) But beware, xeyes crashes X server right now! >>> Using >>> >>> xeyes-1.1.1 xorg-server-1.7.7_8,1 >>> >>> on FreeBSD 9.2-PRERELEASE #0 r253323 Sat Jul 13 21:00:32 CEST 2013 >>> amd64 >>> >>> I'm not the only one who's got X server crashes with xeyes: >>> >>> http://lists.freebsd.org/pipermail/freebsd-x11/2012-May/011833.html >>> >>> @Polytropon: what version of xeyes/xorg-server are you using? >> >> pkg_info | grep xeyes xeyes-1.1.1 A follow the mouse X demo >> pkg_info | grep xorg-server xorg-server-1.7.7_8,1 X.Org X server and >> related programs >> >> Works fine here, amd64. >> >> How soon does it crash? >> First mouse movement, program startup, or what? > > At program startup. > > Using fluxbox here. I'll try with another WM. Maybe it's a WM problem? > > No other programs cause X server crashes here. I must say that it caught > me by surprise! > >> The behavior I see is: >> mouse is visible start typing in xterm and cursor disappears xeyes >> comes up with eyes pointing to where cursor was a second or so later >> the cursor reappears move the cursor and eyes follow it No problem for me since Polytropon suggested it. I'm on amd64 - WM is Openbox. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
freebsd-update fails to tfetch public key
freebsd-update whatever on 9.2-PRERELEASE yields "Fetching public key from ... failed." using the freebsd-update.conf that comes w/the system. i must be doing something wrong. what? david coder ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: VPN where local private address collide
On 18/08/2013 12:51, Terje Elde wrote: On 18. aug. 2013, at 12.20, Frank Leonhardt wrote: I'm not sure that TLS would cause more problems than any other packets, but as you point out, the exercise is bound to be full of pooh traps as yet undiscovered. FTP should be interesting, for a start. But for most things, why would swapping an IP address in the packet header cause any kind of problem as long as it was done consistently? I was cutting corners and trying to keep the reply short (was on cellphone at the time), and I think the word headers might have lead to some crosstalk. For TCP/IP itself, just consistently swapping the IP would solve the problem. That'd fix a lot, and things like like ssh and http should work fine with that. If we look at other things though, like SIP, it's not that easy. I'm using SIP as an example just because it illustrates the point nicely, and I know it well. For SIP, you'd have the IP in multiple places: TCP/IP - the connection to the server. SIP - The application protocol RTP - Payload in the application protocol, carrying media-metadata Now, you'd get the connection to the server (TCP/IP), but for registering against the SIP-server, the client would include it's IP in the SIP-layer as well, in a http-like header. It'd tell the server where it would want to be contacted for things like incoming calls. Initially this would point to the clients perspective of the IP, and not to the IP it were to carry after NAT. That is, the client would be able to register, but for incoming calls the server would try to contact the IP in the wrong place. For placing calls, you'd also have information about where media-streams should go in RTP, both IP and port numbers. This would also carry wrong information if you're merely changing the IP/port in TCP/IP-layers. Both of these can be resolved wither in the router/firewall/NAT-box, or worked around on the server, but it's not pretty by a long shot, and it's completely avoidable if you can avoid the NAT. There are lots of corporate networks on 10.x.x.x, and I'm told this kind of caper is used to sort them out when they collide. Paying for a Cisco VPN could easily work out cheaper than reconfiguring a large corporate LAN, but I don't have the budget for either. This kind of thing *can* be used to sort out colliding subnets, but that doesn't mean it *should* be used to resolve the issue(s). You mentioned that a Cisco-guy said this would work, and explained details of how to do it. I'm thinking that the same Cisco-guy could also give details on how to drop a rack full of Juniper-equipment out of a 10th floor window, in order to replace it with Cisco-gear. It's quite possible to do that, but again, that doesn't mean you should. I think the gist of the issue here is that you have a problem, and you're (correctly) thinking you can solve a lot if you NAT the two networks together. That's not wrong, it's completely true. You can get a lot to work in that way. Then you also have some random-looking guy on a mailing-list telling you that "Yes, you can do that. But you shouldn't". I get how hard it can be to take that kind of advice, especially when you know and have been told that it's quite possible. If you really, really want to explore that route, then here's one way to go about it: Use the VPN just to get the link up, don't worry about using NAT with MPD. It's nice to keep all of the nat/firewall-bits in a single place, and pf is a good solution to it. If you're running the VPN off of the primary gateway, this should be fairly straight-forward, and you should be able to use something like this: pf.conf on gateway/vpn-endpoint in lan_a: lan_a = "192.168.0.0/24" lan_b = "192.168.0.0/24" vpn_a = "192.168.1.0/24" vpn_b = "192.168.2.0/24" binat on $vpn_if from $lan_a to any -> $vpn_a pf.conf on gateway/vpn-endpoint in lan_b: lan_a = "192.168.0.0/24" lan_b = "192.168.0.0/24" vpn_a = "192.168.1.0/24" vpn_b = "192.168.2.0/24" binat on $vpn_if from $lan_b to any -> $vpn_b The VPN-tunnel itself could ignore any concept of the conflicting 192.168.0.0/24-range, and simply deal with 192.168.1.0/24 being on one end, and 192.168.2.0/24 on the other. If you're standing in lan_a, and your local address is 192.168.0.182, and you'd like to reach 192.168.0.17 in lan_b, you'd talk to 192.168.2.17. In lan_a, the conneciton would be seen as 192.168.0.182 -> 192.168.2.17. Crossing the lan_a VPN-endpoing going into the tunnel, it'd get rewritten to be 192.168.1.182 -> 192.168.2.17. Crossing the lan_b VPN-endpoint going into lan_b, it'd get rewritten to be 192.168.1.182 -> 192.168.0.17 You'd then hit the right server. The response from 192.168.0.17 (in lan_b) would get routed back over the VPN-tunnel, since it's sent to 192.168.1.182. That is, in lan_b the response would be 192.168.0.17 -> 192.168.1.182. Crossing the lan_b VPN-endpoing going into the tunnel, on the way back
Re: Mouse Trails?
On 08/18/13 16:48, Gary Aitken wrote: > On 08/17/13 19:08, cpghost wrote: >> On 08/17/13 18:14, Walter Hurry wrote: >>> On Sat, 17 Aug 2013 17:31:26 +0200, Polytropon wrote: > >> Good ole Xeyes... ;-) But beware, xeyes crashes X server right now! Using >> >> xeyes-1.1.1 >> xorg-server-1.7.7_8,1 >> >> on >> FreeBSD 9.2-PRERELEASE #0 r253323 Sat Jul 13 21:00:32 CEST 2013 amd64 >> >> I'm not the only one who's got X server crashes with xeyes: >> >> http://lists.freebsd.org/pipermail/freebsd-x11/2012-May/011833.html >> >> @Polytropon: what version of xeyes/xorg-server are you using? > > pkg_info | grep xeyes > xeyes-1.1.1 A follow the mouse X demo > pkg_info | grep xorg-server > xorg-server-1.7.7_8,1 X.Org X server and related programs > > Works fine here, amd64. > > How soon does it crash? > First mouse movement, program startup, or what? At program startup. Using fluxbox here. I'll try with another WM. Maybe it's a WM problem? No other programs cause X server crashes here. I must say that it caught me by surprise! > The behavior I see is: > mouse is visible > start typing in xterm and cursor disappears > xeyes comes up with eyes pointing to where cursor was > a second or so later the cursor reappears > move the cursor and eyes follow it > > Gary > -cpghost -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Mouse Trails?
On 08/17/13 19:08, cpghost wrote: > On 08/17/13 18:14, Walter Hurry wrote: >> On Sat, 17 Aug 2013 17:31:26 +0200, Polytropon wrote: > Good ole Xeyes... ;-) But beware, xeyes crashes X server right now! Using > > xeyes-1.1.1 > xorg-server-1.7.7_8,1 > > on > FreeBSD 9.2-PRERELEASE #0 r253323 Sat Jul 13 21:00:32 CEST 2013 amd64 > > I'm not the only one who's got X server crashes with xeyes: > > http://lists.freebsd.org/pipermail/freebsd-x11/2012-May/011833.html > > @Polytropon: what version of xeyes/xorg-server are you using? pkg_info | grep xeyes xeyes-1.1.1 A follow the mouse X demo pkg_info | grep xorg-server xorg-server-1.7.7_8,1 X.Org X server and related programs Works fine here, amd64. How soon does it crash? First mouse movement, program startup, or what? The behavior I see is: mouse is visible start typing in xterm and cursor disappears xeyes comes up with eyes pointing to where cursor was a second or so later the cursor reappears move the cursor and eyes follow it Gary ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: VPN where local private address collide
On 18. aug. 2013, at 02.43, Adam Vande More wrote: > > What about SSL/TLS for example? How would the router swap the header in an > > encrypted session? > > Same as it would any sessions since only the payload is encrypted. What > Frank calls basic nat, most people call static nat(at least people who have > read enough Cisco docs) and it works just fine. Also you are confusing > headers. The point I was aiming for was that even if you were to swap the IPs in the IP-header on the gateway, some protocols still reference the IPs inside the TCP-payload, and while you can rewrite that on a NAT-box using an application level gateway, you can not do that if the session is using SSL or TLS. I was referring to headers *inside* the SSL/TLS-layers. I thought that was obvious, but I see I might not have been clear enough. Yes, you can often still resolve it on the server, but just how messy does one want to get stacking workaround on top of workaround, just to avoid renumbering the network? Terje ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: VPN where local private address collide
On 18. aug. 2013, at 12.20, Frank Leonhardt wrote: > I'm not sure that TLS would cause more problems than any other packets, but > as you point out, the exercise is bound to be full of pooh traps as yet > undiscovered. FTP should be interesting, for a start. But for most things, > why would swapping an IP address in the packet header cause any kind of > problem as long as it was done consistently? I was cutting corners and trying to keep the reply short (was on cellphone at the time), and I think the word headers might have lead to some crosstalk. For TCP/IP itself, just consistently swapping the IP would solve the problem. That'd fix a lot, and things like like ssh and http should work fine with that. If we look at other things though, like SIP, it's not that easy. I'm using SIP as an example just because it illustrates the point nicely, and I know it well. For SIP, you'd have the IP in multiple places: TCP/IP - the connection to the server. SIP - The application protocol RTP - Payload in the application protocol, carrying media-metadata Now, you'd get the connection to the server (TCP/IP), but for registering against the SIP-server, the client would include it's IP in the SIP-layer as well, in a http-like header. It'd tell the server where it would want to be contacted for things like incoming calls. Initially this would point to the clients perspective of the IP, and not to the IP it were to carry after NAT. That is, the client would be able to register, but for incoming calls the server would try to contact the IP in the wrong place. For placing calls, you'd also have information about where media-streams should go in RTP, both IP and port numbers. This would also carry wrong information if you're merely changing the IP/port in TCP/IP-layers. Both of these can be resolved wither in the router/firewall/NAT-box, or worked around on the server, but it's not pretty by a long shot, and it's completely avoidable if you can avoid the NAT. > There are lots of corporate networks on 10.x.x.x, and I'm told this kind of > caper is used to sort them out when they collide. Paying for a Cisco VPN > could easily work out cheaper than reconfiguring a large corporate LAN, but I > don't have the budget for either. This kind of thing *can* be used to sort out colliding subnets, but that doesn't mean it *should* be used to resolve the issue(s). You mentioned that a Cisco-guy said this would work, and explained details of how to do it. I'm thinking that the same Cisco-guy could also give details on how to drop a rack full of Juniper-equipment out of a 10th floor window, in order to replace it with Cisco-gear. It's quite possible to do that, but again, that doesn't mean you should. I think the gist of the issue here is that you have a problem, and you're (correctly) thinking you can solve a lot if you NAT the two networks together. That's not wrong, it's completely true. You can get a lot to work in that way. Then you also have some random-looking guy on a mailing-list telling you that "Yes, you can do that. But you shouldn't". I get how hard it can be to take that kind of advice, especially when you know and have been told that it's quite possible. If you really, really want to explore that route, then here's one way to go about it: Use the VPN just to get the link up, don't worry about using NAT with MPD. It's nice to keep all of the nat/firewall-bits in a single place, and pf is a good solution to it. If you're running the VPN off of the primary gateway, this should be fairly straight-forward, and you should be able to use something like this: pf.conf on gateway/vpn-endpoint in lan_a: lan_a = "192.168.0.0/24" lan_b = "192.168.0.0/24" vpn_a = "192.168.1.0/24" vpn_b = "192.168.2.0/24" binat on $vpn_if from $lan_a to any -> $vpn_a pf.conf on gateway/vpn-endpoint in lan_b: lan_a = "192.168.0.0/24" lan_b = "192.168.0.0/24" vpn_a = "192.168.1.0/24" vpn_b = "192.168.2.0/24" binat on $vpn_if from $lan_b to any -> $vpn_b The VPN-tunnel itself could ignore any concept of the conflicting 192.168.0.0/24-range, and simply deal with 192.168.1.0/24 being on one end, and 192.168.2.0/24 on the other. If you're standing in lan_a, and your local address is 192.168.0.182, and you'd like to reach 192.168.0.17 in lan_b, you'd talk to 192.168.2.17. In lan_a, the conneciton would be seen as 192.168.0.182 -> 192.168.2.17. Crossing the lan_a VPN-endpoing going into the tunnel, it'd get rewritten to be 192.168.1.182 -> 192.168.2.17. Crossing the lan_b VPN-endpoint going into lan_b, it'd get rewritten to be 192.168.1.182 -> 192.168.0.17 You'd then hit the right server. The response from 192.168.0.17 (in lan_b) would get routed back over the VPN-tunnel, since it's sent to 192.168.1.182. That is, in lan_b the response would be 192.168.0.17 -> 192.168.1.182. Crossing the lan_b VPN-endpoing going into the tunnel, on the way back to lan_a, it'd get rewr
Re: VPN where local private address collide
On 18/08/2013 00:29, Terje Elde wrote: > The obvious answer is IPv6, of course. I'm surprised no one has mentioned it yet. You seemed dead set on not renumbering the networks, and moving to IPv6 would not only be just that, but also be harder than just renumbering IPv4-nets, so you answered that question for us already. I was being ironic ;-) I'm not sure that TLS would cause more problems than any other packets, but as you point out, the exercise is bound to be full of pooh traps as yet undiscovered. FTP should be interesting, for a start. But for most things, why would swapping an IP address in the packet header cause any kind of problem as long as it was done consistently? Apparently Cisco routers manage to sort this all out as a matter of course, which goes some way to explaining why they cost so much. There are lots of corporate networks on 10.x.x.x, and I'm told this kind of caper is used to sort them out when they collide. Paying for a Cisco VPN could easily work out cheaper than reconfiguring a large corporate LAN, but I don't have the budget for either. Unfortunately this goes beyond my current knowledge of FreeBSD's networking layers so I may be busy for some time. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: where to start with PGP/GPG?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >>I never needed to use pgp till now. >>So I'm not sure where to start. >>Is security/gnupg the way to go? >>Any other advice? >> >>Thanks >>Anton You might like to look at: http://www.cyberdelix.net/tech/bsd-gpg.htm as a start. Its got a list of "related artcles" with the page that might give you some other directions in which to look. The gnupg-users mailing list MIGHT be able to give you more FreeBSD-specific help, but I must confess I have not seen any FreeBSD specific answers or questions for a long time. Anyway, here is the URL for the mailing list(s): http://www.gnupg.org/documentation/mailing-lists.en.html ++ Graham Todd Using gNewSense Linux 3.0 "Parkes" -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAlIQjpQACgkQklFwVWr4Yu+KDQCgmdb5GN4HufoirmxOISbKayAl Fw0AoOX2qeMft3ogEiM38ho2Fjkzurnj =VE0D -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"