from:"Aaron P. Martinez"

Re: ltdl library problems

2006-10-12 Thread Aaron P. Martinez

> On Oct 12, 2006, at 1:48 PM, Aaron P. Martinez wrote:
>> I am trying to compile a program called gyachi on my freebsd 6.1
>> machine and am having a ton of problems.  I consulted the gyachi
>> forums but most people there are running on one flavor of linux or
>> another, nobody has it on freebsd that i can tell, so now i am
>> turning here.
>> at first my configure would stop at alsa, even though i have the
>> linux-compatible alsa programs, so then i used the --with-esd
>> switch and now i'm getting stopped with the following error:
>> checking for lt_dlopen in -lltdl... no configure: error: cannot
>> find ltdl library I have libtool installed and and under /usr/local/
>> lib i have: libltdl.a libltdl.la libltdl.so libltdl.so.4 I tried
>> using the --with-libintl-prefix switch like so: ./configure --
>> enable-esd --with-gnu-ld --with-libintl-prefix=/usr/local it's
>> still not finding it, same error again.
>
> Assuming you use a Bourne-compatible shell, try:
>
>   LDFLAGS=-L/usr/local/lib CPPFLAGS=-I/usr/local/include ./configure --
> enable-esd [ ... ]
>
> If you use csh, use setenv to export the above variables.
>
> --
> -Chuck
>
>
Great Chuck,

that worked like a charm.  I went straight to make after the configure and
for some odd reason i'm getting alsa errors and finally make fails..  here
is the output from make:

]$ make
make  all-recursive
Making all in intl
Making all in po
Making all in gyvoice
if gcc -DHAVE_CONFIG_H -I. -I. -I..
-DLOCALEDIR=\"/usr/local/share/locale\"  -DXTHREADS -DXUSE_MTSAFE_API
-I/usr/local/include/atk-1.0 -I/usr/local/include/cairo
-I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include
-I/usr/X11R6/include/gtk-2.0 -I/usr/X11R6/lib/gtk-2.0/include
-I/usr/X11R6/include/pango-1.0 -I/usr/X11R6/include
-I/usr/local/include/freetype2 -I/usr/local/include  
-I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include  
-I/usr/local/include  -g -O2  -I/usr/X11R6/include -Wall -funsigned-char
-MT sound.o -MD -MP -MF ".deps/sound.Tpo" -c -o sound.o sound.c;  then mv
-f ".deps/sound.Tpo" ".deps/sound.Po"; else rm -f ".deps/sound.Tpo"; exit
1; fi
sound.c:165:28: alsa/asoundlib.h: No such file or directory
sound.c:167: error: syntax error before '*' token
sound.c:167: warning: type defaults to `int' in declaration of
`pcm_handleplay'
sound.c:167: warning: data definition has no type or storage class
sound.c:168: error: syntax error before '*' token
sound.c:168: warning: type defaults to `int' in declaration of
`pcm_handlecapt'
sound.c:168: warning: data definition has no type or storage class
sound.c:170: error: syntax error before '*' token
sound.c: In function `set_hw_ALSA':
sound.c:173: error: `snd_pcm_hw_params_t' undeclared (first use in this
function)
sound.c:173: error: (Each undeclared identifier is reported only once
sound.c:173: error: for each function it appears in.)
sound.c:173: error: `hwparams' undeclared (first use in this function)
sound.c:176: error: syntax error before "period_frames"
sound.c:179: warning: implicit declaration of function
`snd_pcm_hw_params_alloca'
sound.c:182: warning: implicit declaration of function
`snd_pcm_hw_params_any'
sound.c:182: error: `pcm_handle' undeclared (first use in this function)
sound.c:187: warning: implicit declaration of function
`snd_pcm_hw_params_set_access'
sound.c:187: error: `SND_PCM_ACCESS_RW_INTERLEAVED' undeclared (first use
in this function)
sound.c:192: warning: implicit declaration of function
`snd_pcm_hw_params_set_format'
sound.c:192: error: `SND_PCM_FORMAT_S16_LE' undeclared (first use in this
function)
sound.c:200: warning: implicit declaration of function
`snd_pcm_hw_params_set_rate_near'
sound.c:208: warning: implicit declaration of function
`snd_pcm_hw_params_set_channels'
sound.c:213: warning: implicit declaration of function
`snd_pcm_hw_params_get_buffer_time_max'
sound.c:217: error: `period_frames' undeclared (first use in this function)
sound.c:217: error: `buffer_frames' undeclared (first use in this function)
sound.c:219: warning: implicit declaration of function
`snd_pcm_hw_params_set_period_time_near'
sound.c:220: warning: implicit declaration of function
`snd_pcm_hw_params_set_period_size_near'
sound.c:222: warning: implicit declaration of function
`snd_pcm_hw_params_set_buffer_time_near'
sound.c:223: warning: implicit declaration of function
`snd_pcm_hw_params_set_buffer_size_near'
sound.c:225: warning: implicit declaration of function `snd_pcm_hw_params'
sound.c: In function `init_ALSA':
sound.c:237: warning: implicit declaration of function `snd_pcm_open'
sound.c:237: error: `SND_PCM_STREAM_PLAYBACK' undeclared (first us

ltdl library problems

2006-10-12 Thread Aaron P. Martinez

I am trying to compile a program called gyachi on my freebsd 6.1 machine 
and am having a ton of problems.  I consulted the gyachi forums but most 
people there are running on one flavor of linux or another, nobody has 
it on freebsd that i can tell, so now i am turning here.


at first my configure would stop at alsa, even though i have the 
linux-compatible alsa programs, so then i used the --with-esd switch and 
now i'm getting stopped with the following error: 

checking for lt_dlopen in -lltdl... no 
configure: error: cannot find ltdl library 

I have libtool installed and and under /usr/local/lib i have: 

libltdl.a libltdl.la libltdl.so libltdl.so.4 

I tried using the --with-libintl-prefix switch like so: 

./configure --enable-esd --with-gnu-ld --with-libintl-prefix=/usr/local 

it's still not finding it, same error again.  

I looked in the readme for libltdl and here is what it says: 
/usr/local/share/libtool/libltdl]# less README 
This is GNU libltdl, a system independent dlopen wrapper for GNU libtool. 

It supports the following dlopen interfaces: 
* dlopen (Solaris, Linux and various BSD flavors) 
* shl_load (HP-UX) 
* LoadLibrary (Win16 and Win32) 
* load_add_on (BeOS) 
* GNU DLD (emulates dynamic linking for static libraries) 
* dyld (darwin/Mac OS X) 
* libtool's dlpreopen


Just one other note, like the fedora guys that got their's working by 
linking /usr/local/share/libtool/libltdl/ltdl.h to /usr/include this 
does not fix the problem on my system. i get the exact same error.  

checking for lt_dlopen in -lltdl... no 
configure: error: cannot find ltdl library


I'd really like to get this working if possible (and i'm sure it is) all 
help would be appreciated. I can submit my config.log if that would help.  

Thanks in advance. 


Aaron
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: pf blocking nfs

2005-12-01 Thread Aaron P. Martinez

On Thu, 2005-12-01 at 02:40 +0100, J65nko BSD wrote:
> [snip]
> > In your original post, there was something about a short packet. I'm
> > guessing this might screw things up. You might try adding 'scrub in all'
> > before the filtering rules.
> >
> [smip]
> 
> Be careful with scrub and NFS. From http://openbsd.bay13.net/faq/pf/scrub.html
> 
> "One reason not to scrub on an interface is if one is passing NFS
> through PF. Some non-OpenBSD platforms send (and expect) strange
> packets -- fragmented packets with the "do not fragment" bit set,
> which are (properly) rejected by scrub."

Well, it looks like scrub fixed the issue.  I had originally removed the
scrub in all line because i too had read in the OBSD faq that scrub
might be what was messing up my nfs connection.  

I put it back and i'm back to my one one state tracting rule for all
outbound traffic for this machine.  Just so everyone can see, this is
the ruleset and it's working properly:

scrub in all
block in log all
pass quick on lo0 all
pass  out on fxp0 proto { tcp, udp, icmp } all keep state


thanks to everyone that helped,

Aaron Martinez


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: pf blocking nfs

2005-11-29 Thread Aaron P. Martinez

> Aaron P. Martinez wrote:
> [ ... ]
>> Actually my network looks like this:
>>
>> INT---firewall--internal router/firewall-good lan
>> ||
>> ||-insecure lan (windoze
>> machines)
>> |
>> |DMZ
>>
>> the good lan is the only one that does nfs, so the nfs doesn't actually
>> pass through the firewall, just connects to the internal
>> router/firewall.
>> I am simply trying to avoid a worst case scenario (internal router gets
>> compromised) so trying to allow ONLY return packets.  Is this
>> unfeasable?
>
> I take it that your internal firewall box has three NICs, then?
>
> Normally, your firewall should not be doing anything else but security
> and would not be mounting NFS or depending on any other services on your
> network.  If that is not possible, you should permit traffic through the
> interface on the "good LAN".
>
> --
> -Chuck

the "main" firewall, which connects to the internet does nothing else but
filter incoming connections, but i'm a little more lax with the internal
which seperates my my lans (and actually there are 3 bad lans, one good,
and the connection to the main firewall...  so 5 nics)  the problem i'm
experiencing isn't with the firewall on the nfs server, it has always
seemed to work, even with linux workstation when i had only one rule in
iptables on the input chain:

iptables -A INPUT -m state -ESTABLISHED -j ACCEPT

..that seems to be fine (iptables), the workstation is where the
problems seem to arise.  When the aforementioned 3 line pf.conf is enabled
i can connect to and mount the nfs /home directory, just when i try to go
into or list the contents of a large directory, it seems that pf loses the
state for some reason.

I realize i could just accept all udp packets from the NFS server or even
just ports 2049, but the underlying question is, why isn't my "keep state"
rule handling this.

thanks again,

Aaron Martinez
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: pf blocking nfs

2005-11-29 Thread Aaron P. Martinez

> Aaron P. Martinez wrote:
>> I am running FreeBSD 6.0-release and setting up a very basic firewall
>> using pf on my workstation.  The ruleset is as follows:
>>
>> block in log all
>> pass quick on lo0 all
>> #pass  in  on $ext_if proto tcp from any to $ext_if port 22 keep state
>> pass  out on fxp0 proto { tcp, udp, icmp } all keep state
>
> Your firewall config is not enough to permit NFS to pass.  You might
> consider adding a "pass all" rule for machines on the local subnet.
>
> [ Perhaps you should re-evaluate your network so that you do not attempt
> to pass NFS through the firewall.  If you have to do filesharing between
> machines over an untrusted connection, should should consider a VPN or
> SSH tunnel approach instead. ]
>
> --
> -Chuck

Actually my network looks like this:

INT---firewall--internal router/firewall-good lan
||
||-insecure lan (windoze machines)
|
|DMZ

the good lan is the only one that does nfs, so the nfs doesn't actually
pass through the firewall, just connects to the internal router/firewall. 
I am simply trying to avoid a worst case scenario (internal router gets
compromised) so trying to allow ONLY return packets.  Is this unfeasable? 
Can you suggest a rule instead of:
pass  out on fxp0 proto { tcp, udp, icmp } all keep state

or in addition to that would still keep me very secure and at the same
time allow me to use nfs as i'm trying?

thanks for the quick reply,

Aaron Martinez
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

pf blocking nfs

2005-11-29 Thread Aaron P. Martinez

I am running FreeBSD 6.0-release and setting up a very basic firewall
using pf on my workstation.  The ruleset is as follows:

block in log all
pass quick on lo0 all
#pass  in  on $ext_if proto tcp from any to $ext_if port 22 keep state
pass  out on fxp0 proto { tcp, udp, icmp } all keep state


I am mounting /home on a linux machine to /usr/home on my workstation as i
have done for years.  I'm new to freebsd but i have
nfs_client_enable="YES" and rpcbind_enable="YES", which by all
documentation i have read should be more than enough.  The problem i'm
experiencing is that pf is blocking nfs packets and my workstation thinks
that the nfs server is not responding.  to further complicate this,
directories that don't have much in them on the exported server seem to
work fine but users that have a ton of stuff just hang when trying to list
the contents or switch to the direcotry.  disabling pf will make things
start working again.  One more glitch is that sometimes, not often, things
work as expected even with pf enabled.  I can't figure what's going on. 
Below is some output from pflog as it's blocking the nfs packets.

000235 rule 0/0(match): block in on fxp0: (tos 0x0, ttl  64, id 0, offset
0, flags [DF], proto: UDP (17), length: 239) 192.168.3.94.138 >
192.168.3.95.138:
>>> NBT UDP PACKET(138) Res=0x110A ID=0x42BE IP=192 (0xc0).168 (0xa8).3
(0x3).94 (0x5e) Port=138 (0x8a) Length=197 (0xc5) Res2=0x0
SourceName=
WARNING: Short packet. Try increasing the snap length


202. 510573 rule 0/0(match): block in on fxp0: (tos 0x0, ttl  64, id 4076,
offset 0, flags [+], proto: UDP (17), length: 1500) 192.168.3.94.2049 >
192.168.3.69.325876150: reply ok 1472
83 rule 0/0(match): block in on fxp0: (tos 0x0, ttl  64, id 4076,
offset 1480, flags [+], proto: UDP (17), length: 1500) 192.168.3.94 >
192.168.3.69: udp
000122 rule 0/0(match): block in on fxp0: (tos 0x0, ttl  64, id 4076,
offset 2960, flags [+], proto: UDP (17), length: 1500) 192.168.3.94 >
192.168.3.69: udp
000121 rule 0/0(match): block in on fxp0: (tos 0x0, ttl  64, id 4076,
offset 4440, flags [+], proto: UDP (17), length: 1500) 192.168.3.94 >
192.168.3.69: udp
000125 rule 0/0(match): block in on fxp0: (tos 0x0, ttl  64, id 4076,
offset 5920, flags [+], proto: UDP (17), length: 1500) 192.168.3.94 >
192.168.3.69: udp
72 rule 0/0(match): block in on fxp0: (tos 0x0, ttl  64, id 4076,
offset 7400, flags [none], proto: UDP (17), length: 828) 192.168.3.94 >
192.168.3.69: udp
1. 587911 rule 0/0(match): block in on fxp0: (tos 0x0, ttl  64, id 4077,
offset 0, flags [+], proto: UDP (17), length: 1500) 192.168.3.94.2049 >
192.168.3.69.325876150: reply ok 1472
84 rule 0/0(match): block in on fxp0: (tos 0x0, ttl  64, id 4077,
offset 1480, flags [+], proto: UDP (17), length: 1500) 192.168.3.94 >
192.168.3.69: udp
000134 rule 0/0(match): block in on fxp0: (tos 0x0, ttl  64, id 4077,
offset 2960, flags [+], proto: UDP (17), length: 1500) 192.168.3.94 >
192.168.3.69: udp
000124 rule 0/0(match): block in on fxp0: (tos 0x0, ttl  64, id 4077,
offset 4440, flags [+], proto: UDP (17), length: 1500) 192.168.3.94 >
192.168.3.69: udp
000119 rule 0/0(match): block in on fxp0: (tos 0x0, ttl  64, id 4077,
offset 5920, flags [+], proto: UDP (17), length: 1500) 192.168.3.94 >
192.168.3.69: udp
51 rule 0/0(match): block in on fxp0: (tos 0x0, ttl  64, id 4077,
offset 7400, flags [none], proto: UDP (17), length: 828) 192.168.3.94 >
192.168.3.69: udp
3. 167948 rule 0/0(match): block in on fxp0: (tos 0x0, ttl  64, id 4078,
offset 0, flags [+], proto: UDP (17), length: 1500) 192.168.3.94.2049 >
192.168.3.69.325876150: reply ok 1472
96 rule 0/0(match): block in on fxp0: (tos 0x0, ttl  64, id 4078,
offset 1480, flags [+], proto: UDP (17), length: 1500) 192.168.3.94 >
192.168.3.69: udp
000125 rule 0/0(match): block in on fxp0: (tos 0x0, ttl  64, id 4078,
offset 2960, flags [+], proto: UDP (17), length: 1500) 192.168.3.94 >
192.168.3.69: udp
000118 rule 0/0(match): block in on fxp0: (tos 0x0, ttl  64, id 4078,
offset 4440, flags [+], proto: UDP (17), length: 1500) 192.168.3.94 >
192.168.3.69: udp
000131 rule 0/0(match): block in on fxp0: (tos 0x0, ttl  64, id 4078,
offset 5920, flags [+], proto: UDP (17), length: 1500) 192.168.3.94 >
192.168.3.69: udp
78 rule 0/0(match): block in on fxp0: (tos 0x0, ttl  64, id 4078,
offset 7400, flags [none], proto: UDP (17), length: 828) 192.168.3.94 >
192.168.3.69: udp
6. 326312 rule 0/0(match): block in on fxp0: (tos 0x0, ttl  64, id 4079,
offset 0, flags [+], proto: UDP (17), length: 1500) 192.168.3.94.2049 >
192.168.3.69.325876150: reply ok 1472
94 rule 0/0(match): block in on fxp0: (tos 0x0, ttl  64, id 4079,
offset 1480, flags [+], proto: UDP (17), length: 1500) 192.168.3.94 >
192.168.3.69: udp
000114 rule 0/0(match): block in on fxp0: (tos 0x0, ttl  64, id 4079,
offset 2960, flags [+], proto: UDP (17), length: 1500) 192.168.3.94 >
192.168.3.69: udp
000124 rule 0/0(match): block in on fxp0: (tos 0x0, ttl  64, id 4079,
offset 4440, f

up to date ports...portinstall/portupgrade won't work

2004-11-03 Thread Aaron P. Martinez

I have run up against a brick wall here and i'm not sure where to turn
next.

I tried to install openoffice and limewire from a freshly updated ports
tree  (fresh for openoffice = yesterday, fresh for limewire = 5 minutes
ago) as well as gnome2.  I get a very similar message at the end of
each, just different package failures.  The limewire message is below:

===>Verifying reinstall for /usr/X11R6/lib/libXm.so in
/usr/ports/x11-toolkits/open-motif
===>  open-motif-2.2.3 has known vulnerabilities:
>> xpm -- image decoding vulnerabilities.
   Reference:

>> Please update your ports tree and try again.
*** Error code 1
 
Stop in /usr/ports/x11-toolkits/open-motif.
*** Error code 1
 
Stop in /usr/ports/x11-toolkits/open-motif.
*** Error code 1
 
Stop in /usr/ports/java/jdk14.
*** Error code 1
 
Stop in /usr/ports/java/jdk14.
*** Error code 1
 
Stop in /usr/ports/net/limewire.
*** Error code 1
 
Stop in /usr/ports/net/limewire.
** Command failed [exit code 1]: /usr/bin/script -qa
/tmp/portinstall71119.18 make reinstall
** Fix the installation problem and try again.
** Listing the failed packages (*:skipped / !:failed)
! net/limewire  (install error)
--->  Packages processed: 0 done, 18 ignored, 0 skipped and 1 failed


The package that had a vulnerability for oo and gnome2 was of course
xpdf.  I have known about the exploits so it was no surprise but i DID
update my ports tree.  I also visited the supplied link and read up
about updating to X11R6.8.1 but i don't see even how to do this.  I
searched the /usr/ports directory recursively for X11R and all i got was
the following:

./java/jdk14/work/j2se/src/solaris/classes/sun/awt/X11Renderer.java
./java/jdk14/work/j2se/src/solaris/classes/sun/awt/motif/X11RemoteOffScreenImage.java
./java/jdk14/work/j2se/src/solaris/native/sun/awt/X11RemoteOffScreenImage.c
./java/jdk14/work/j2se/src/solaris/native/sun/awt/X11Renderer.c
./java/jdk14/work/j2se/src/solaris/native/sun/awt/X11RemoteOffScreenImage.c.orig
./www/gnuinfo/files/gnuinfo.X11R6
./distfiles/xorg/X11R6.7.0-src1.tar.gz
./distfiles/xorg/X11R6.7.0-src3.tar.gz


Does this mean that the fixed version is not there and until it is..no
matter what these packages won't build?  

Would this work if i just went to the /usr/ports/x11/gnome2/ directory
and  did a make install?  if yes, why?

The last time portinstall/portupgrade was brought up as a way to install
ports there was a discussion on why or why not to use it..i'm not
looking for that.  I use it because i like it and i can specify to make
the up and downstream dependencies and i'm new to freebsd.  That
said.

Any advice would be great.

Thanks,

Aaron


signature.asc
Description: This is a digitally signed message part

Re: linux_base-8 mystery

2004-11-02 Thread Aaron P. Martinez

On Tue, 2004-11-02 at 19:32, Bsd B wrote:
> Hi, 
> I have a question that has really stumped me. I have
> searched far and wide and have found no literature on
> it.
> My question - Why can't i install linux_base-8 from
> packages?
> 
> I am running linux_base-7.1_7 on FreeBSD 4.10-RELEASE
> and wish to upgrade to linux_base-8. As root I type
> "pkg_add -r linux_base-8" and get the following
> 
> Error: FTP Unable to get
> ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-4.10-release/Latest/linux_base-8.tgz:
> File unavailable (e.g., file not found, no access)
> pkg_add: unable to fetch
> 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-4.10-release/Latest/linux_base-8.tgz'
> by URL
> 
> It installs perfectly from ports, but why not from
> packages? I am puzzled. Does any one know why or can
> point me to some reference or literature explaining
> this mystery?

I'm VERY new to freebsd, but as i understand things, all packages are
ports, but not all ports are packages  (unless you build it yourself of
course)
> Cheers
> Bob


Aaron


signature.asc
Description: This is a digitally signed message part

Re: 5.3 rc2 kernel install problems (UPDATE)

2004-11-01 Thread Aaron P. Martinez

On Mon, 2004-11-01 at 16:58, Aaron P. Martinez wrote:
> On Mon, 2004-11-01 at 15:45, Nagilum wrote:
> > Did you do a "make buildkernel" before?
> > 
> > Aaron P. Martinez wrote:
> > 
> > >I just got the new 5.3 rc2 cvsuped the sources (not much was updated
> > >that i could see) and proceeded to do a make buildworld and make
> > >buildkernel.  
> > >
> > >When i tried to make installkernel  it got the following error. 
> > >
> > >--
> > >  
> > >
> > >>>>Installing kernel
> > >>>>
> > >>>>
> > >--
> > >cd /usr/obj/usr/src/sys/GENERIC;  MAKEOBJDIRPREFIX=/usr/obj 
> > >MACHINE_ARCH=i386  MACHINE=i386  CPUTYPE= 
> > >GROFF_BIN_PATH=/usr/obj/usr/src/i386/legacy/usr/bin 
> > >GROFF_FONT_PATH=/usr/obj/usr/src/i386/legacy/usr/share/groff_font 
> > >GROFF_TMAC_PATH=/usr/obj/usr/src/i386/legacy/usr/share/tmac
> > >PATH=/usr/obj/usr/src/i386/legacy/usr/sbin:/usr/obj/usr/src/i386/legacy/usr/bin:/usr/obj/usr/src/i386/legacy/usr/games:/usr/obj/usr/src/i386/usr/sbin:/usr/obj/usr/src/i386/usr/bin:/usr/obj/usr/src/i386/usr/games:/sbin:/bin:/usr/sbin:/usr/bin
> > >  make KERNEL=kernel install
> > >cd: can't cd to /usr/obj/usr/src/sys/GENERIC
> > >*** Error code 2
> > > 
> > >Stop in /usr/src.
> > >*** Error code 1
> > > 
> > >Stop in /usr/src.
> > >
> > >
> > >I just created an empty GENERIC directory in /usr/obj/usr/src/sys/ but
> > >then i get the following error:
> > >
> > >--
> > >  
> > >
> > >>>>Installing kernel
> > >>>>
> > >>>>
> > >--
> > >cd /usr/obj/usr/src/sys/GENERIC;  MAKEOBJDIRPREFIX=/usr/obj 
> > >MACHINE_ARCH=i386  MACHINE=i386  CPUTYPE= 
> > >GROFF_BIN_PATH=/usr/obj/usr/src/i386/legacy/usr/bin 
> > >GROFF_FONT_PATH=/usr/obj/usr/src/i386/legacy/usr/share/groff_font 
> > >GROFF_TMAC_PATH=/usr/obj/usr/src/i386/legacy/usr/share/tmac
> > >PATH=/usr/obj/usr/src/i386/legacy/usr/sbin:/usr/obj/usr/src/i386/legacy/usr/bin:/usr/obj/usr/src/i386/legacy/usr/games:/usr/obj/usr/src/i386/usr/sbin:/usr/obj/usr/src/i386/usr/bin:/usr/obj/usr/src/i386/usr/games:/sbin:/bin:/usr/sbin:/usr/bin
> > >  make KERNEL=kernel install
> > >make: don't know how to make bsd.README. Stop
> > >*** Error code 2
> > > 
> > >Stop in /usr/src.
> > >*** Error code 1
> > > 
> > >Stop in /usr/src.
> > >
> > >
> > > I saw this error on google from back in june.
> > >
> > >kern/68452: Current GENERIC kerne build failure
> > >Maxim Konovalov  
> > >
> > >but it has of course been resolved.
> > >Synopsis: Current GENERIC kerne build failure
> > >
> > >State-Changed-From-To: open->closed
> > >State-Changed-By: maxim
> > >State-Changed-When: Mon Jun 28 18:14:14 GMT 2004
> > >State-Changed-Why: 
> > >Already fixed. Please report -CURRENT kernel build failures to
> > >freebsd-current mailing list.
> > >
> > >http://www.freebsd.org/cgi/query-pr.cgi?pr=68452
> > >
> > >
> > >
> > >
> > >Any help greatly appreciated..
> > >
> > >Thanks,
> > >
> > >Aaron
> > >
> Yes..i did a make buildkernel first...  Since i got no response (i know
> it' hasn't even been a day) and i was overly anxious...i saved the
> custom kernel i had configured  (but NOT built from as i wanted to test
> a GENERIC first) and then blew away the /usr/src and /usr/obj
> directories  i cvsuped again all of the src and have run a make
> buildworld and am currently running make buildkernelhopefully i had
> just botched something.
> 
> One thing i started wondering about  I kept my /var/db/sup direcory
> in tact..so it should have all of the stuff i have checked out or
> whatever the terminology is.  So when i ran cvsup it downloaded
> everything, why did it not think that i just had the differences between
> my checkout files and the cvsup repository?
> 
> Thanks,
> 
> Aaron

Just a note.after i wiped /usr/src and /usr/obj clean the
buildkernel works now.  I haven't yet rebooted..but i suspect everything
went smoothly as i saw no errors.

Thanks again,

Aaron
> 
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: 5.3 rc2 kernel install problems

2004-11-01 Thread Aaron P. Martinez

On Mon, 2004-11-01 at 15:45, Nagilum wrote:
> Did you do a "make buildkernel" before?
> 
> Aaron P. Martinez wrote:
> 
> >I just got the new 5.3 rc2 cvsuped the sources (not much was updated
> >that i could see) and proceeded to do a make buildworld and make
> >buildkernel.  
> >
> >When i tried to make installkernel  it got the following error. 
> >
> >--
> >  
> >
> >>>>Installing kernel
> >>>>
> >>>>
> >--
> >cd /usr/obj/usr/src/sys/GENERIC;  MAKEOBJDIRPREFIX=/usr/obj 
> >MACHINE_ARCH=i386  MACHINE=i386  CPUTYPE= 
> >GROFF_BIN_PATH=/usr/obj/usr/src/i386/legacy/usr/bin 
> >GROFF_FONT_PATH=/usr/obj/usr/src/i386/legacy/usr/share/groff_font 
> >GROFF_TMAC_PATH=/usr/obj/usr/src/i386/legacy/usr/share/tmac
> >PATH=/usr/obj/usr/src/i386/legacy/usr/sbin:/usr/obj/usr/src/i386/legacy/usr/bin:/usr/obj/usr/src/i386/legacy/usr/games:/usr/obj/usr/src/i386/usr/sbin:/usr/obj/usr/src/i386/usr/bin:/usr/obj/usr/src/i386/usr/games:/sbin:/bin:/usr/sbin:/usr/bin
> >  make KERNEL=kernel install
> >cd: can't cd to /usr/obj/usr/src/sys/GENERIC
> >*** Error code 2
> > 
> >Stop in /usr/src.
> >*** Error code 1
> > 
> >Stop in /usr/src.
> >
> >
> >I just created an empty GENERIC directory in /usr/obj/usr/src/sys/ but
> >then i get the following error:
> >
> >--
> >  
> >
> >>>>Installing kernel
> >>>>
> >>>>
> >--
> >cd /usr/obj/usr/src/sys/GENERIC;  MAKEOBJDIRPREFIX=/usr/obj 
> >MACHINE_ARCH=i386  MACHINE=i386  CPUTYPE= 
> >GROFF_BIN_PATH=/usr/obj/usr/src/i386/legacy/usr/bin 
> >GROFF_FONT_PATH=/usr/obj/usr/src/i386/legacy/usr/share/groff_font 
> >GROFF_TMAC_PATH=/usr/obj/usr/src/i386/legacy/usr/share/tmac
> >PATH=/usr/obj/usr/src/i386/legacy/usr/sbin:/usr/obj/usr/src/i386/legacy/usr/bin:/usr/obj/usr/src/i386/legacy/usr/games:/usr/obj/usr/src/i386/usr/sbin:/usr/obj/usr/src/i386/usr/bin:/usr/obj/usr/src/i386/usr/games:/sbin:/bin:/usr/sbin:/usr/bin
> >  make KERNEL=kernel install
> >make: don't know how to make bsd.README. Stop
> >*** Error code 2
> > 
> >Stop in /usr/src.
> >*** Error code 1
> > 
> >Stop in /usr/src.
> >
> >
> > I saw this error on google from back in june.
> >
> >kern/68452: Current GENERIC kerne build failure
> >Maxim Konovalov  
> >
> >but it has of course been resolved.
> >Synopsis: Current GENERIC kerne build failure
> >
> >State-Changed-From-To: open->closed
> >State-Changed-By: maxim
> >State-Changed-When: Mon Jun 28 18:14:14 GMT 2004
> >State-Changed-Why: 
> >Already fixed. Please report -CURRENT kernel build failures to
> >freebsd-current mailing list.
> >
> >http://www.freebsd.org/cgi/query-pr.cgi?pr=68452
> >
> >
> >
> >
> >Any help greatly appreciated..
> >
> >Thanks,
> >
> >Aaron
> >
Yes..i did a make buildkernel first...  Since i got no response (i know
it' hasn't even been a day) and i was overly anxious...i saved the
custom kernel i had configured  (but NOT built from as i wanted to test
a GENERIC first) and then blew away the /usr/src and /usr/obj
directories  i cvsuped again all of the src and have run a make
buildworld and am currently running make buildkernelhopefully i had
just botched something.

One thing i started wondering about  I kept my /var/db/sup direcory
in tact..so it should have all of the stuff i have checked out or
whatever the terminology is.  So when i ran cvsup it downloaded
everything, why did it not think that i just had the differences between
my checkout files and the cvsup repository?

Thanks,

Aaron

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: PCI modems supported.

2004-11-01 Thread Aaron P. Martinez

On Mon, 2004-11-01 at 15:09, borg wrote:
> Greetings,
> 
> I was looking at the hardware-i386 under releases for
> a PCI modem V.92 data/fax/voice that is supported
> under FreeBSD. Found only a reference to 3com 3CP5609
> not much on google, but one OpenBSD link compained
> about it.
> 
> I would like to get a feedback if anyone had a
> successful experience with one of the following:
> 
> Hayes ; Zoom ; Airlink+ ; Broadxent.

Not with any of those, but i think that you will have good luck with
Mulitilink modems. 
> 
> As a last resort I don't mind to use an external modem
> with serial connection. It's just bulky that's why I'm
> avoiding it. 
> 
> regards,
> 
> 
> =
> "UNIX, it's a way of life."
> 
> 
Aaron

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

5.3 rc2 kernel install problems

2004-11-01 Thread Aaron P. Martinez

I just got the new 5.3 rc2 cvsuped the sources (not much was updated
that i could see) and proceeded to do a make buildworld and make
buildkernel.  

When i tried to make installkernel  it got the following error. 

--
>>> Installing kernel
--
cd /usr/obj/usr/src/sys/GENERIC;  MAKEOBJDIRPREFIX=/usr/obj 
MACHINE_ARCH=i386  MACHINE=i386  CPUTYPE= 
GROFF_BIN_PATH=/usr/obj/usr/src/i386/legacy/usr/bin 
GROFF_FONT_PATH=/usr/obj/usr/src/i386/legacy/usr/share/groff_font 
GROFF_TMAC_PATH=/usr/obj/usr/src/i386/legacy/usr/share/tmac
PATH=/usr/obj/usr/src/i386/legacy/usr/sbin:/usr/obj/usr/src/i386/legacy/usr/bin:/usr/obj/usr/src/i386/legacy/usr/games:/usr/obj/usr/src/i386/usr/sbin:/usr/obj/usr/src/i386/usr/bin:/usr/obj/usr/src/i386/usr/games:/sbin:/bin:/usr/sbin:/usr/bin
  make KERNEL=kernel install
cd: can't cd to /usr/obj/usr/src/sys/GENERIC
*** Error code 2
 
Stop in /usr/src.
*** Error code 1
 
Stop in /usr/src.


I just created an empty GENERIC directory in /usr/obj/usr/src/sys/ but
then i get the following error:

--
>>> Installing kernel
--
cd /usr/obj/usr/src/sys/GENERIC;  MAKEOBJDIRPREFIX=/usr/obj 
MACHINE_ARCH=i386  MACHINE=i386  CPUTYPE= 
GROFF_BIN_PATH=/usr/obj/usr/src/i386/legacy/usr/bin 
GROFF_FONT_PATH=/usr/obj/usr/src/i386/legacy/usr/share/groff_font 
GROFF_TMAC_PATH=/usr/obj/usr/src/i386/legacy/usr/share/tmac
PATH=/usr/obj/usr/src/i386/legacy/usr/sbin:/usr/obj/usr/src/i386/legacy/usr/bin:/usr/obj/usr/src/i386/legacy/usr/games:/usr/obj/usr/src/i386/usr/sbin:/usr/obj/usr/src/i386/usr/bin:/usr/obj/usr/src/i386/usr/games:/sbin:/bin:/usr/sbin:/usr/bin
  make KERNEL=kernel install
make: don't know how to make bsd.README. Stop
*** Error code 2
 
Stop in /usr/src.
*** Error code 1
 
Stop in /usr/src.


 I saw this error on google from back in june.

kern/68452: Current GENERIC kerne build failure
Maxim Konovalov  

but it has of course been resolved.
Synopsis: Current GENERIC kerne build failure

State-Changed-From-To: open->closed
State-Changed-By: maxim
State-Changed-When: Mon Jun 28 18:14:14 GMT 2004
State-Changed-Why: 
Already fixed. Please report -CURRENT kernel build failures to
freebsd-current mailing list.

http://www.freebsd.org/cgi/query-pr.cgi?pr=68452




Any help greatly appreciated..

Thanks,

Aaron


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvsup....base and prefix???

2004-10-30 Thread Aaron P. Martinez

I have successfully used cvsup a few times now...and i am comfortable
with what the base and the prefix do.  

My question is why would someone put things in different locations than
for instance./usr for both base and/or prefix?  

I have seen a few different options used both in the cvs up faq on the
cvsup homepage, the handbook and also in "the complete freebsd"  they
all have different places listed..but not one single place is any
discussion about the theory or logic behind where it is placed.

This is really just a "help me understand the philosophy" question as it
seems that no matter where i place my 'base' and 'prefix' paths..the
cvsup will work...just trying to get a grasp on _why_ i would want it
one place more than another.

Thanks in advance,

Aaron

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: make buildworld.........24 hours????

2004-10-29 Thread Aaron P. Martinez

--snip
> 
> Thats not too much RAM, although the processor would not complain.
> What is the amount of SWAP space you created?

96megs 

Aaron

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Apache 2.0.52 help

2004-10-29 Thread Aaron P. Martinez

--snip

> > > I just did a default install of FreeBSD 4.10 and used CVSup
> to
> > > download the newest port of Apache (2.0.52), did a make, then make
> install
> > > everything looked like it went well. Used /usr/local/sbin/apachectl
> start,
> > > to start up the httpd and put this line in to my /etc/rc.conf so it will
> > > start up when the server boots. The problem I am having is that anyone
> not
> > > on the subnet on the server gets a DNS error (Page can not be
> displayed).
> > > I can view the page fine as I have the same subnet of the server, but
> > tried
> > > it on another machine (different Internet Service Provider) to verify
> and
> > > it would not load. Any suggestions on what could be causing this issue?
> I
> > > am new to both FreeBSD and Apache, and right now am finding the
> > > documentation for Apache 2 a little lacking for troubleshooting
> something
> > > like this.
> > 
> > Doesn't sound like an Apache problem to me.  From outside the subnet, can
> > you ping the server by ip?  By name?  Is it a public (routable) IP
> address?
> 
> >Hi Clay,  please bottom post..it helps people get the whole story..
> 
> >you can ping the ip from remote isp...can you also telnet to port 80
> >on the apache machine from the remote isp? 
> 
> >telnet  80
> 
> >Aaron
> 
>   Sorry, I find bottom posting a pain in the arse. No it looks like
> ftp and telnet do not work from the remote ISP.
> 

You say you're behind a 3com dsl router.  do you have port 80 set to
forward port 80 requests to the machine running apache?  the pings that
you are seeing are likely just ping responses from the external IP of
the dsl router.

Aaron

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Apache 2.0.52 help

2004-10-29 Thread Aaron P. Martinez

On Fri, 2004-10-29 at 23:53, Clay wrote:
> Hi,
> 
>   Yes the IP address can be pinged from outside of the subnet. The
> machine that is running off a different ISP can ping the machine just not
> connect to it through a web browser.
> 
> Clay
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Danny MacMillan
> Sent: Friday, October 29, 2004 10:49 PM
> To: Clay
> Cc: [EMAIL PROTECTED]
> Subject: Re: Apache 2.0.52 help
> 
> On Fri, Oct 29, 2004 at 10:28:21PM -0600, Clay wrote:
> > I just did a default install of FreeBSD 4.10 and used CVSup to
> > download the newest port of Apache (2.0.52), did a make, then make install
> > everything looked like it went well. Used /usr/local/sbin/apachectl start,
> > to start up the httpd and put this line in to my /etc/rc.conf so it will
> > start up when the server boots. The problem I am having is that anyone not
> > on the subnet on the server gets a DNS error (Page can not be displayed).
> > I can view the page fine as I have the same subnet of the server, but
> tried
> > it on another machine (different Internet Service Provider) to verify and
> > it would not load. Any suggestions on what could be causing this issue? I
> > am new to both FreeBSD and Apache, and right now am finding the
> > documentation for Apache 2 a little lacking for troubleshooting something
> > like this.
> 
> Doesn't sound like an Apache problem to me.  From outside the subnet, can
> you ping the server by ip?  By name?  Is it a public (routable) IP address?

Hi Clay,  please bottom post..it helps people get the whole story..

you can ping the ip from remote isp...can you also telnet to port 80
on the apache machine from the remote isp? 

telnet  80

Aaron

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Apache 2.0.52 help

2004-10-29 Thread Aaron P. Martinez

On Fri, 2004-10-29 at 23:28, Clay wrote:
> Hi,
> 
>  
> 
> Sorry about posting this to [EMAIL PROTECTED] also but that
> list does not seem to get much use.
> 
>  
> 
> I just did a default install of FreeBSD 4.10 and used CVSup to
> download the newest port of Apache (2.0.52), did a make, then make install
> everything looked like it went well. Used /usr/local/sbin/apachectl start,
> to start up the httpd and put this line in to my /etc/rc.conf so it will
> start up when the server boots. The problem I am having is that anyone not
> on the subnet on the server gets a DNS error (Page can not be displayed). I
> can view the page fine as I have the same subnet of the server, but tried it
> on another machine (different Internet Service Provider) to verify and it
> would not load. 

Chances are, if you can see it on the same subnet, a networking  or dns
issue.if not both is the culprit.

> Any suggestions on what could be causing this issue? 

To give any 'good' suggestion.we need to know more about your
networkThe machine running apache..is it in a private network or
is it on a network that is public?  What type of gateway to the internet
do you have and if you have a nat like on a dsl router or are natting on
a bsd firewall machine..do you have portforwarding (sorry..i'm new to
fbsd  so maybe it's called something diff i haven't gotten that far yet)
enabled sending incoming port 80 requests to your apache server? 
Lastly..do you have a dns domain name set up for the server you are
trying to hit? if not you will not be able to get to your server unless
you give the ip address.
> I am
> new to both FreeBSD and Apache, and right now am finding the documentation
> for Apache 2 a little lacking for troubleshooting something like this.
> 
>  
> 
> Clay
Aaron

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

make buildworld.........24 hours????

2004-10-29 Thread Aaron P. Martinez

I have an amd k6II 500 machine with 32 megs of ram, 20 gig 7200 rpm hard
drive which i just installed fresh with FBSD 5.3RC1 on the whole disk,
no boot loader.  

I cvsuped the sources yesterday around 5 pm CDT and then started a make
buildworld.It is now 7:15 pm CDT the following day and it is still
grinding away... Can it really take this long?The hard drive is
grinding i can see from the hdd led but top reports that the box isn't
under that heavy of a load.. 

I saw a thread back in January about how long this process should take
(buildworld) and immediately they started talking about kernel
optionsi thought the kernel wouldn't matter here because that
doesn't get built unless you make kernel..but i guess they meant the
debugging features that are currently turned on in the kernel.  Even
so..this seems REALLY long as i saw some earlier posts where people were
saying that on earlier versions of FBSD with lessor machines they were
finishing in 3-4 hours.  

I'm _very_ new to this process...and wow..this is painful...i have _all_
of the default values set in the kernel  completely stock machine except
for the 3 packages i installed...(bash, cvsup and
OpenSSH-askpass-1.2.2.2001.02.24 and of course the dependencies they
installed)

Is something going wrongshould i abort this and start over? 
something i can look at to see why it's taking so long or maybe it's
just that 5.3 is made to build on exponentially faster machines...and
help is greatly appreciated.

Thanks for the patience.

Aaron

PS...i see a lot of this as it's building

/usr/src/gnu/lib/libstdc++/../../../contrib/libstdc++/src/valarray-inst.cc:1: warning: 
-ffunction-sections disabled; it makes profiling impossible


is this just some switch (-ffunction i presume) that is turned off in
the kernel?

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: ATA Slave Devices

2004-10-28 Thread Aaron P. Martinez

On Wed, 2004-10-27 at 13:04, Jim Chapman wrote:
> I have 2 devices that will not work as slaves. They are a CD-RW drive 
> and an IDE tape drive. They both work fine as masters. They give a message
> 
> ATA identify retries exceeded
> 
> during the boot.
> 
> I have tried different combinations of masters and slaves and different 
> cables. The bios recognizes them as slaves.

In the bios.how do you ahve the devices defined?  have you tried to
set them instead of setting to auto?  

How do you have the jumpters setboth on these devices and the master
device?

Do you always use the same master device or have you tried with a
different on?  
> 
> Has anyone else experienced this problem?
> 
> Thanks.
> 
Aaron

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: MRTG monitoring specific ports

2004-10-28 Thread Aaron P. Martinez

On Wed, 2004-10-27 at 23:34, Spades wrote:
> Thanks, how do i install this and view the MRTG of
> the port 25, 110, etc.
> 
> - Original Message - 
> From: "Joe Marcus Clarke" <[EMAIL PROTECTED]>
> To: "Spades" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Thursday, October 28, 2004 2:22 AM
> Subject: Re: MRTG monitoring specific ports
> 
> 
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > Spades wrote:
> > | Hi,
> > |
> > | Is there anyway for us to trace the server bandwidth based on
> > | specific ports on a MRTG graph?
> > |
> > | Such as smtp bandwidth? port 25
> > | pop3 bandwidth? port 110
> > | web bandwidth? port 80
> > | dns bandwidth? port 53
> > |
> > | Is there any program or can MRTG do, please advise, thanks.
> >
> > I use net/ntop of this.  Ntop can also output Netflow data or RRDTool
> > data, and has some built-in MRTG-like graphs.  All-in-all, it's a great
> > tool for traffic analysis.
> >
> > Joe
> >
> > |
> > | --
> > | Spades

Just a word, probably save you from getting flamed by a someone hard
core down the road...you really should bottom post, as is lets newcomers
to the thread get a glimpse as to what is going on.  This also gets you
the best help.

That said, you can simply change to the /usr/src/ports/net/ntop
directory issue make install clean and sit back.  You will need to read
the documentation on configuring it after it's installed.

Aaron


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Can't login to Nessus

2004-10-28 Thread Aaron P. Martinez

On Thu, 2004-10-28 at 09:50, Alexandr wrote:
> > > SSL_CTX_load_verify_locations: error:02001002:system library:fopen:No such file 
> > > or directory
> > 
> > I'd guess it's trying to load an SSL key - did you create them?
> > (by default ISTR nessus talks to the nessusd over SSL).
> I didn't create SSL keys I don't know nothing about them.
> Where I cat create them???

I have installed nessus many times...i know for a fact this is covered
in the docs  

nessus-mkcert

Aaron

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: VPN questions

2004-10-27 Thread Aaron P. Martinez

On Wed, 2004-10-27 at 03:38, Erik Norgaard wrote:
> Hi,
> 
> I am looking at how to implement VPN but I'm getting confused as to how
> IPSec, IKE, OpenSSL, FreeSWAN, racoon etc. all fit into the picture. I
> am looking at two scenarios, and I have two questions.
> 
> 1) Standard IPSec tunnel:
> 
>  ++ IPSec/VPN ++
>LAN---| FW |---| FW |---LAN
>  ++   ++
> 
> In this scenario: Can CARP/pf handle VPN/IPSec connections incase the
> master unit fails? (I am assuming that both ends have fixed public
> routable ip's).
> 
> 2) VPN for mobile users
> 
> ++VPN+-+
>   LAN---| FW |---| FW? |---[mobile unit]
> ++   +-+
> 
> For mobile users I can't be sure where they are, their ip, or if they
> are behind NAT/firewall, nor can I trust the network until the mobile unit.
> 
> IPSec breaks behind NAT, are there other altertives than ssh-tunnels I
> should take a look at? (which? :-)

I suggest looking at openvpn, it is a ssl based vpn that is fairly easy
to set up.  I might shy away from freeswan as it is for the most part
out of development, only one more rollup and that's it.
> 
> Thanks, Erik
> --
> Ph: +34.666334818  web: www.locolomo.org
> S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt
> Subject ID:  A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9
> Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Aaron

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: 2 Network Cards & 2 IP's?

2004-10-26 Thread Aaron P. Martinez

On Tue, 2004-10-26 at 11:27, Adam Seniuk wrote:
> Hello;
> 
>  
> 
> I am wondering how to get 2 Different network cards to have 2 Different IP's
> but I want to have both ips on the same ip block.
> 
>  
> 
> For example:
> 
> 192.168.1.100 on NIC 1
> 
> 192.168.1.101 on NIC 2
> 
> Gateway 192.168.1.1 
> 
>  
> 
> Not sure on how to set it up properly. I would appreciate any help or tips
> people have on this subject. and yes I have googled for it but none have
> this scenario :D
> 

Probably a better setup for this would be using carp and only one IP
address.  
>  
> 
> Sincerely,
> 
> 
> Adam Seniuk
>   [EMAIL PROTECTED]
> Senior Server Administrator
> -
> System Administrator |
> Server Administrator ||
> Database Administrator ||
> Website Administrator ||
> 
> Techweavers Inc.
>   www.techweavers.net
> "Your Website Solution"
> 
>  
> 
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Aaron

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

interim port versions

2004-10-26 Thread Aaron P. Martinez


I'm new to the bsd's, came from linux and i'm having a bit of difficulty
figuring out the general philosophy.

One of the major reasons that i decided to try out the 'bsds'  is
because of the security.  I'm having a hard time however figuring out
how security issues in the ports get dealt with when there is a port
freeze, like now.  The best example i can think of is gaim...(i almost
didn't recheck the port on the 4.10 tree, it's now mysteriously up to
date, phew.)

..slightly altered next paragraph
lets say i found out there is a msn slp buffer overflow (like currently)
and i wanted to protect myselfso i cvsuped my ports tree and then
wanted to portupgrade... problem is...since it's a port freeze...up
until a few days ago it's still at 0.82  not the 1.02 that is out now, I
watched it and never saw version 1.00 or 1.01.  Are the ports frozen
_except_for_security_fixes or am i missing something. 


I looked around on the lists for this but didn't see it and it seems
like a fairly big deal if security issues arise during a freeze.  

Thanks in advance,

Aaron

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: ltdl library problems

ltdl library problems

Re: pf blocking nfs

Re: pf blocking nfs

Re: pf blocking nfs

pf blocking nfs

up to date ports...portinstall/portupgrade won't work

Re: linux_base-8 mystery

Re: 5.3 rc2 kernel install problems (UPDATE)

Re: 5.3 rc2 kernel install problems

Re: PCI modems supported.

5.3 rc2 kernel install problems

cvsup....base and prefix???

Re: make buildworld.........24 hours????

RE: Apache 2.0.52 help

RE: Apache 2.0.52 help

Re: Apache 2.0.52 help

make buildworld.........24 hours????

Re: ATA Slave Devices

Re: MRTG monitoring specific ports

Re: Can't login to Nessus

Re: VPN questions

Re: 2 Network Cards & 2 IP's?

interim port versions

24 matches

Site Navigation

Mail list logo

Footer information