Stunnel starting up twice?!?
Hey all, I've got a weird problem that's just appeared. I'd updated my ports to the latest CURRENT using portmanager, and now it seems like /usr/local/etc/rc.d/stunnel.sh is getting run twice! I have nuked my /etc/rc.d and run mergemaster -i. I'm running 6.2-RELEASE-p7, and the port is the latest available (stunnel-4.20). Anyone else seem similar? There is also a small bug in this port in that it fails to find the chroot'd pid file by default. Many thanks, Alan. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Submitting a new port via send-pr seems broken...
Hey all, When I try and submit a new port via send-pr I get this from my primary mail server from the MX at freebsd.org. --- May 25 14:35:28 thing1 postfix/smtp[65727]: 335055E10: to=[EMAIL PROTECTED], relay=mx1.freebsd.org[69.147.83.52]:25, delay=1.1, delays=0.02/0/0.66/0.38, dsn=4.7.1, status=deferred (host mx1.freebsd.org[69.147.83.52] said: 450 4.7.1 [EMAIL PROTECTED]: Recipient address rejected: Service is unavailable (in reply to RCPT TO command)) --- Am I doing it right? Or is something broken? Is [EMAIL PROTECTED] the correct address of a port submission? Thanks, Alan. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cvsup*.au.freebsd.org ??
On Tue, 2006-10-31 at 15:24 -0800, Pete Slagle wrote: Edit fastest_cvsup. It's just a Perl script -- it's simple to change it to check whatever list of servers you want. Yeah but then I have to remember to fix it each time whenever it gets updated (which is currently what I've been doing). It would be good if the servers included in the mirror list held the whole tree rather than just chunks. Or have fastest_cvsup check to see if the tree is complete before suggesting it. Cheers, Alan. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cvsup*.au.freebsd.org ??
On Tue, 2006-10-31 at 10:42 +1100, Norberto Meijome wrote: Hi all, i'm trying to cvsup /usr/src from cvsup.au.freebsd.org, cvsup2.freebsd.org and even 3. they are all rejecting my connections... Is it that I stink ;) or something else is going on? I also find that the cvsup6.au.freebsd.org is totally useless. It doesn't carry src-all and this effectively makes fastest_cvsup useless for me because when I do 'make update' in /usr/src it selects cvs6 and fails. [EMAIL PROTECTED] ~]$ cat /etc/make.conf CPUTYPE?=pentium4 CFLAGS= -O -pipe NO_PORTSUPDATE=true SUP_UPDATE=true SUPFILE=/usr/share/examples/cvsup/standard-supfile SUP=/usr/local/bin/csup SUPFLAGS=-L 2 SUPHOST=`/usr/local/bin/fastest_cvsup -q -c au` BOOTWAIT=1000 .if ${.CURDIR:M*/usr/ports*} .include /etc/make-ports.conf .endif It's highly annoying! Alan. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cvsup*.au.freebsd.org ??
On Tue, 2006-10-31 at 11:30 +1100, Norberto Meijome wrote: On Tue, 31 Oct 2006 11:21:32 +1100 Alan Garfield [EMAIL PROTECTED] wrote: SUPHOST=`/usr/local/bin/fastest_cvsup -q -c au` change this to not get the last item, which I assume is #6 ? Nah it goes up to #7, and you'd have to modify the fastest_cvsup script to do it (which is easy), but it's not the point. I like things from ports to be default as much as possible so when they get updated I don't have to remember what little mods I've made in the past. Plus it makes administrating multiple servers more complex. I like to try to keep things unmodified unless absolutely necessary. :) Cheers, Alan. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cvsup*.au.freebsd.org ??
On Tue, 2006-10-31 at 13:32 +1300, Juha Saarinen wrote: On 10/31/06, Alan Garfield [EMAIL PROTECTED] wrote: I also find that the cvsup6.au.freebsd.org is totally useless. It doesn't carry src-all and this effectively makes fastest_cvsup useless for me because when I do 'make update' in /usr/src it selects cvs6 and fails. Hmm, that's Planetmirror, isn't it? Have you tried contacting them? No I haven't had the time really. It's a minor annoyance in the grand scheme of things. I generally just manually override SUPHOST if it doesn't work. SUP_UPDATE=true SUPFILE=/usr/share/examples/cvsup/standard-supfile SUP=/usr/local/bin/csup SUPFLAGS=-L 2 SUPHOST=`/usr/local/bin/fastest_cvsup -q -c au` Neat - didn't know you could put it into make.conf like that. Indeed, it makes updating a system really easy. Also I prefer csup over cvsup because it doesn't rely on a stack of dependencies that are otherwise unused on my systems. Cheers, Alan. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Squid2.6/WCCP2/GRE
Hey guys, I'm hoping someone will have a configuration of the following they can share as I'm pulling my hair out here trying to get this to work. I have a Cisco 1841 setup on my test bench with WCCP2 configured to redirect web traffic to the FreeBSD squid proxy via gre. I can see the traffic on the gre interface on the FreeBSD box, but squid never sees the traffic and eventually the Cisco removes the cache as a dead cache. If anyone has a squid.conf and the proper configuration for ipfw and gre that would be excellent! Many thanks, Alan. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Weird ipf redirected traffic with WCCP
Hey guys, I wonder if you can help me figure out why my squid proxy never sees any traffic on the loopback,3128 I've setup ipf to log everything and it appears after the redirection it immediately gets spat out the ethernet interface to be lost in the ether. Why on earth would the routing table / ipf doing that?? Squid sees nothing and nothing appears on the loopback interface. == Feb 15 10:57:24 thing3 ipmon[296]: 10:57:24.071776 fxp0 @-1:-1 p 204.21.169.1 - 204.21.169.66 PR gre len 20 (72) IN Feb 15 10:57:24 thing3 ipmon[296]: 10:57:24.071791 gre0 @-1:-1 p 192.168.1.28,2147 - 127.0.0.1,3128 PR tcp len 20 48 -S IN NAT Feb 15 10:57:24 thing3 ipmon[296]: 10:57:24.071824 fxp0 @-1:-1 p 127.0.0.1,3128 - 192.168.1.28,2147 PR tcp len 20 48 -AS OUT == Any ideas? Thanks, Alan. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Re[2]: FreeBSD 6.x / GRE / WCCP / Squid
On Wed, 2005-12-07 at 23:55 +0200, Cezar Fistik wrote: Hello Alan, Wednesday, December 7, 2005, 5:46:41 AM, you wrote: ipfw conf - ipfw add 50 fwd 127.0.0.1,3128 tcp from any to any 80 Sorry for missleading you with wccp version2, my mistake. No problem. Now, is it a mistake or you changed the port squid listens on? First time it was 8080. Could you try to add in via gre0 to you fwd rule? Yes I change the port, I've not done the obvious thing and used the wrong port. :) I've also tried using in via gre0, that part is working perfectly. I can see the packets getting forwarded by the rule logging into /var/log/security, but I never see the forwarded packets on the loopback interface I have forwarding turned on via sysctl. Is there something I'm missing? What version of FreeBSD are you using, is it a 5.3? If so, you'll have to upgrade to at least 5.4. I'm running 6.0-RELEASE. Thanks, Alan. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 6.x / GRE / WCCP / Squid
Hello Cezar, On Tue, 2005-12-06 at 19:48 +0200, Cezar Fistik wrote: Just a couple of thoughts. Do you realy need that tunnel? Try if it will work without it, maybe there's a problem with it. I've not really got a tunnel. It's just setup as per the Squid docs to have FreeBSD think it is. The Cisco just sends the packets encapsulated in gre to the FreeBSD squid box. The tunnel is setup so FreeBSD will strip the gre headers and present the system with the original encapsulated packet on the gre0 interface. I can see the encapsulated packets via tcpdump on gre0, and I can also see the packets hitting my ipfw fwd rule when I turn logging on for that rule. But I never see the forwarded packets, they just disappear! Second, can you see your squid in show ip wcccp web-cache detail from the cisco? Yes, the Cisco happily sends the packets and sees the cache. Does you squid work without wccp? Yes, the cache works perfectly without issue. I mean setting up the host explicitly to use the proxy? I don't remember precisely, I did it a long ago, but I think you should use wccp version 2 in order to run wccp with squid. I've not tried version 2, but I will try it now. Hope that helps. Thanks, Alan. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 6.x / GRE / WCCP / Squid
On Wed, 2005-12-07 at 08:32 +1100, Alan Garfield wrote: I mean setting up the host explicitly to use the proxy? I don't remember precisely, I did it a long ago, but I think you should use wccp version 2 in order to run wccp with squid. I've not tried version 2, but I will try it now. Okay, Squid doesn't support WCCP version 2. So I decided to try to use a route-map redirector to see if it was something else causing the issue. Now I've have tried two was and I'm seeing the exact same problem. Firstly I tried :- kern conf - options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_FORWARD ipfw conf - ipfw add 50 fwd 127.0.0.1,3128 tcp from any to any 80 I see the packets hitting fxp0 correctly and I see the forward rules, but nothing appears in tcpdump for lo0 nor does squid see anything either. So secondly I tried to us IP Filter instead. I removed all the IPFIREWALL stuff from the kernel and I setup ipf as follows :- ipnat.rules -- rdr fxp0 0/0 port 80 - 127.0.0.1 port 3128 tcp Now I can see the transactions when I do 'ipnat -s' but still nothing appears on the lo0. I have ip forwarding turned on and the machine is acting as a gateway. The only thing I can think of is the packets are from a private IP range and the proxy server is in a routable IP range in my DMZ. But if that where a problem why do I see the packets hitting the forwarding rules but never coming out the otherside? Any help would be appreciated. Thanks, Alan. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD 6.x / GRE / WCCP / Squid
Hi all, I'm hoping someone can shed some light on what's going wrong with my setup. I've searched high and low for a solution, but I've only found old posts talking about FreeBSD 4.x and not the later versions (nor do any of the suggestions make any difference). I'm trying to setup WCCP on our Cisco 1840 router. I have a DMZ with a squid server listening on port 8080. I have got the gre0 tunnel setup between the router with link1 option set, I can see the gre packets coming from the router and appearing on the gre0 interface via tcpdump, I can see the packets hitting my fwd rule in ipfw via the security log, but I never see any traffic on the lo0 or anything hitting squid. It seems like the packets are getting eaten after the forward. Plus I've also noticed that the encapsulated packets appear to be going 'out' my Ethernet interface back to the default route, even though they have been forwarded. An example of my setup is :- Net | | - Cisco | | | | DMZ LAN Internal LAN | | | | Squid Host Network : Net: 192.168.20.0/30 DMZ: 192.168.10.0/24 Internal: 192.168.1.0/24 Cisco Ext: 192.168.20.1 Cisco DMZ: 192.168.10.1 Cisco Internal: 192.168.1.1 Squid: 192.168.10.66 Host: 192.168.1.99 Cisco conf extract : ip wccp version 1 ip wccp web-cache redirect-list 109 ! interface Serial0/0/0:0.1 point-to-point ip wccp web-cache redirect out ! access-list 109 permit ip 192.168.1.0 0.0.0.255 any access-list 109 deny ip any any FreeBSD conf : ifconfig gre0 - gre0: flags=b051UP,POINTOPOINT,RUNNING,LINK0,LINK1,MULTICAST mtu 1476 tunnel inet 192.168.10.66 -- 192.168.10.1 inet6 fe80::2e0:18ff:feb7:a79c%gre0 prefixlen 64 scopeid 0x4 inet 192.168.10.66 -- 10.20.30.40 netmask 0x ipfw list - 00010 allow gre from any to any frag 00020 allow log tcp from any to any dst-port 80 00050 fwd 127.0.0.1,8080 tcp from 192.168.1.0/24 to any dst-port 80 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 65000 allow ip from any to any 65535 deny ip from any to any rc.conf --- gateway_enable=YES ifconfig_fxp0=inet 192.168.10.66 netmask 255.255.255.0 defaultrouter=192.168.10.1 squid_enable=YES Any help or suggestions would be greatly appreciated. Thanks, Alan. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]