Re: [Off Topic] Clients still not connecting to the FreeBSD mail server
Hi Andrew, Nice name :) Andrew Falanga wrote: Hi, --snip-- I've verified the same timeout behavior with Outlook Express and Thunderbird. Using Thunderbird, I was able to check different settings too. The settings should be to use authentication on the smtp server using SSL. Someone, please educate me, does this mean that the authentication takes place over port 465 and the regular smtp still takes place over 25, or do both take place over 25? I ask because KMail (my setup at home that works) says to use SSL, not TLS which uses port 465. At the server, I use sockstat and see that on IPv4 sendmail has an open port on 465. Depending on the mailserver and its setup it should be able to support SSL/TLS and unencrypted session on port 25. On port 465 Only SSL/TLS sessions are supported. There is also port 587 (again depending on the server and setup) that uses port 587 just for the submission of email using unencrypted/SSL/TLS sessions. Depending on the mailserver it should also be able to support authentication on any of the 3 above ports. I hope that helps. Cheers cya Andrew Thanks, Andy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: OT: Clamd error
Jean-Paul Natola wrote: Hi all, Sorry for cross-posting but it seams that the members from the other list went on vacation- and I'm in a jam I run exim 4.69 clamav .93 and spamassassin on a freebsd box - basically it gets my smtp traffic, checks for spam virus etc,, then forwards it to my mailserver- Suddenly last night it stopped working , I check the paniclog and all I see is 2008-08-21 09:44:26 1KWASY-EF-PB malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamav/clamd (No such file or directory) 2008-08-21 09:44:34 1KWASh-EZ-Pq malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamav/clamd (No such file or directory) 2008-08-21 09:45:09 1KWARf-EG-En malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamav/clamd (No such file or directory) 2008-08-21 09:45:38 1KWATZ-EG-9e malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamav/clamd (No such file or directory) its now /var/run/clamav/clamd.sock you may wish to update your exim config file. I unistalled clamav "make deinstall" Then "&& make clean" Then "make install clean" And I still get the same errors- the weird part is that when I do "top" clamd IS running- 22089 clamav 1 40 62132K 61616K accept 0:00 0.00% clamd Any help would be greatly appreciated as im rerouting my mail now- and getting bombarded with spam Thx ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Security questions, seeing more then one dhcp client.
Christopher Joyner wrote: I am seeing two dhcp clients connected to my wireless router. Does that mean someone other then me is on it? I would say so, unless you have people connected to it via ethernet using DHCP. You do have WPA or similar turned on I hope. HTH Andrew Or does the router have it's private dhcp client attached? The router is a compusa broadband wireless router. In Love in Jesus Christ, Or Lord and Savior. For God so loved the world, that he gave his only *begotten Son, that whosoever believeth in him should not perish, but have everlasting life. --John 3:16 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Bidirectional traffic control with PF and altq or dummynet
Edwin L. Culp wrote: I have been using PF for several years now and used IPFW previous to PF that I've grown more and more fond of. I now need to manage bidirectional traffic I have used Dummynet before to do similar things but it is my understanding that Altq can only manage outgoing traffic although I find the occasional example of it managing incoming like one to limit window's email assuming that I'm reading it properly. My questions are: Am I correct in saying that Altq can not manage bidirectional traffic? based on what I have read of man pf.conf, I'd say nup. 'The interfaces on which queueing should be activated are declared' If you can set it on multiple devices then applying altq bidirectionaly on traffic going through should be no prob. If its traffic to and from the box in question I don't know. HTH cya Andrew if not I understand the dummynet can be used with pf and if so does anyone know of a howto to get me started? I would rather not switch to IPFW right now. Thanks, ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Crontab and adjkerntz.
Leslie Jensen wrote: I have a machine that only runs during office hours. I've rescheduled the periodic jobs in crontab so that they run when the machine is on. My question is can I reschedule the adjkerntz job as well, without causing any problems? I'm concerned because the job is set to run 12 times during night time, and I'm thinking that maybe it's a resource hog and therefore it's not advisible to run it when one uses the machine? adjkerntz is used for adjusting the time when daylight savings starts and finishes. I wouldn't worry about it as the system runs it on boot up. Cheers cya Andrew # Adjust the time zone if the CMOS clock keeps local time, as opposed to # UTC time. See adjkerntz(8) for details. 1,310-5 * * * rootadjkerntz -a Thanks /Leslie ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to test the uptime of a webserver?
Redd Vinylene wrote: On Sun, Aug 31, 2008 at 2:22 AM, Moises Castellanos <[EMAIL PROTECTED]> wrote: On Sun, Aug 31, 2008 at 7:05 PM, Redd Vinylene <[EMAIL PROTECTED]> wrote: Hello hello! I got this dedicated server which is exposed to DDoS attacks quite frequently. Say I need to host a website on it, is there any way of telling how often it is actually online (to the rest of the world)? Maybe make some sort of ping script from a remote server? Hello, You can install nagios and monitor the web server. It will send you an email when the server is down and when is up again. With this information you can know the uptime of the web server. I'd have to install Nagios on a different server then, right? I doubt the actual server knows when its ISP's link drops (or just slows down) due to an attack. You can easily get nagios to test the web server sitting on the same machine its installed on and you can also get nagios to ping some external target to test the link. However if the link is down that won't help you, so basically yes it would be wise to have an external nagios server. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to test the uptime of a webserver?
Redd Vinylene wrote: On Sun, Aug 31, 2008 at 2:22 AM, Moises Castellanos <[EMAIL PROTECTED]> wrote: On Sun, Aug 31, 2008 at 7:05 PM, Redd Vinylene <[EMAIL PROTECTED]> wrote: Hello hello! I got this dedicated server which is exposed to DDoS attacks quite frequently. Say I need to host a website on it, is there any way of telling how often it is actually online (to the rest of the world)? Maybe make some sort of ping script from a remote server? Hello, You can install nagios and monitor the web server. It will send you an email when the server is down and when is up again. With this information you can know the uptime of the web server. I'd have to install Nagios on a different server then, right? I doubt the actual server knows when its ISP's link drops (or just slows down) due to an attack. You can easily get nagios to test the web server sitting on the same machine its installed on and you can also get nagios to ping some external target to test the link. However if the link is down that won't help you, so basically yes it would be wise to have an external nagios server. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: USB mouse problems
Patrick Lamaizière wrote: Le Mon, 06 Oct 2008 08:41:59 +0200, Aniruddha <[EMAIL PROTECTED]> a écrit : I have one Razer Lachesis USB mouse attached to the rear usb ports of my pc. This mouse has never worked, however when I plug in another USB mouse in the front of my pc it works?! I wonder; how do I get the Razer Lachesis working without plugging it in the front? I don't know. Some motherboards have a jumper (or BIOS option) to that has to be set, so that the front connectors work at the expense of other ports. Furthermore I wondered if there is a way to use both the mouse in a terminal (gpm) and in xorg? Yes, see moused(8) and vidcontrol(1). Regards. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
multihomed fbsd7 router with nat
G'Day all,
Got a network that has 2 DSL connections.
The 1st has cheap data and the 2nd is a more reliable provider.
Basically all data goes out the first provider except some IPs which
will use the second provider (just a ipfw fwd rule).
If the cheap one goes offline data has to route out via the 2nd ISP,
likewise if the 2nd does happen to go off then the fwd rule needs to be
dropped.
I have already solved this with an attached script (for
suggestions and maybe to help others who may face this problem in the
future).
Anyway I plan to put the 2 modems into bridge mode use the ppp that
comes with fbsd to do the auth side of things.
My question is what should I use for NAT. Use the inbuilt NAT that
comes with PPP or firewall based?
TIA
Cheers
cya
Andrew
#!/usr/local/bin/bash
FWRUL=1
# put main connection first
# the names must match the config names in /etc/ppp/ppp.conf
# Must also have a /etc/namedb/named.conf.ISP_NAME for each
# ISP so that named's forward lookups points to the right name server
PISP='isp1'
BISP='isp2'
FWBLOCK='192.168.1.209/28'
LAN='192.168.1.0/24'
# Functions
function getgwip {
PID=$1
GW=''
for i in 0 1 2 3 4 5 6 7 8 9; do
STR=`ifconfig tun$i 2>/dev/null |grep "PID $pid" `
if [ -n "$STR" ]; then
GW=`ifconfig tun$i |grep inet |tail -n 1|awk '{print $2 " " $4}'`
fi
done
echo $GW
}
function ch_route {
X="Changing routing for all data to: $2\nOld default gateway: $3"
GW=`getgwip $1 |awk '{print $2}'`
if [ "$GW" == "$3" ]; then
exit;
fi
echo "$X"
/sbin/route delete default
/sbin/route add default $GW
echo "New default gateway: $GW"
cp /etc/named/named.conf.$ROUTO /etc/namedb/named.conf
/etc/rc.d/named reload
exit
}
function ch_firewall {
if [ "$1" != "$PISP" ]; then
/sbin/ipfw -q delete $FWRUL >/dev/null 2>&1
else
F=`ipfw show $FWRUL 2>/dev/null|| echo FAIL`
if [ "$F" == "FAIL" ]; then
/sbin/ipfw -q add $FWRUL fwd $2 ip from $FWBLOCK to not $LAN
fi
fi
}
PPPCOM='/usr/sbin/ppp -quiet -ddial -nat '
PID1=`ps ax | grep ppp | grep -v grep |grep "$PISP" |awk '{print $1}'`
PID2=`ps ax | grep ppp | grep -v grep |grep "$BISP" |awk '{print $1}'`
ROUTO=''
if [ -z "$PID1" ] then
$PPPCOM $PISP >/dev/null 2>&1 &
ROUTO=$BISP
RPID="$PID2"
fi
if [ -z "$PID2" ] then
$PPPCOM $BISP >/dev/null 2>&1 &
ROUTO=$PISP
RPID=$PID1
fi
CGW=`netstat -rn | grep "^default" | awk '{print $2}'`
if [ -n "$ROUTO" ]; then
echo "restarting $ROUTO"
ch_firewall clear
ch_route $RPID "$ROUTO" "$CGW"
fi
TMP=`getgwip $PISP`
PGW=`echo $TMP | awk '{print $2}'`
PIP=`echo $TMP | awk '{print $1}'`
TMP=`getgwip $BISP`
BGW=`echo $TMP | awk '{print $2}'`
BIP=`echo $TMP | awk '{print $1}'`
OUT="Current default gateway: $CGW"
if [ -z "$PIP" -a -z "$BIP" ]; then
logg "BOTH $PISP and $BISP are DOWN!!"
exit
fi
if [ -z "$PIP" ]; then
if [ "$CGW" != "$BGW" ]; then
logg "$PISP currently down"
ch_firewall clear
ch_route $PID2 "$BISP" "$CGW"
fi
exit
fi
if [ -z "$BIP" ]; then
if [ "$CGW" != "$PGW" ]; then
logg "$BISP currently down"
ch_firewall clear
ch_route $PID1 "$PISP" "$CGW"
fi
exit
fi
PISPING=`ping -n -s 1 -o -c 5 -S $PIP -W 5000 -t 6 $PGW >/dev/null 2>&1 || echo
FAIL`
BISPING=`ping -n -s 1 -o -c 5 -S $BIP -W 5000 -t 6 $BGW >/dev/null 2>&1 || echo
FAIL`
if [ "$PISPING" == "FAIL" ]; then
if [ "$CGW" != "$BGW" ]; then
logg "$PISP currently down"
ch_firewall clear
ch_route $PID2 "$BISP" "$CGW"
fi
exit
fi
if [ "$BISPING" == "FAIL" ]; then
if [ "$CGW" != "$PGW" ]; then
logg "$BISP currently down"
ch_firewall clear
ch_route $PID1 "$PISP" "$CGW"
fi
exit
fi
FWCHECK=`ipfw show $FWRUL 2>/dev/null || echo FAIL`
if [ "$FWCHECK" != "FAIL" ];
logg "Added policy routing for $FWBLOCK"
ch_firewall $PISP
fi
if [ "$CGW" != "$PGW" ]; then
logg "Changed routing back to $PISP"
ch_route $PID1 "$PISP" "$CGW"
fi
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to restore a lost root password...
G'Day, Steven Susbauer wrote: Mauricio López wrote: On Sun, Oct 26, 2008 at 4:08 PM, Daniel Bye --snip-- As far as I know, from my previous Linux experience, you just need a LiveCD in order to boot the PC, mount the / partition, edit /etc/passwd or /etc/shadow and change the hash for one that correspond to one we know. Perhaps you can make it in every UNIX. This is similar to what Matthew Seaman was mentioning. I am curious though, might it be possible to boot from something like Freesbie (or a fixit disc), mount the drive, chroot to the actual install and run passwd like normal to change the password? Does root on yep. FreeBSD ask to verify the old password when trying to change its own? nope :) HTH cya Andrew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Limewire package install error
Fbsd1 wrote: Andrew D wrote: Fbsd1 wrote: Tried to pkg_add -r limewire. Dependant diablo-jdk-1.6.0.07.02.tbz File unavailable. The package diablo-jdk is not on 7.0 or 7.1 pkg server. Looking up diablo-jdk on the ports website, the long description points to here http://www.freebsdfoundation.org/downloads/java.shtml How am i to get these mis-matched package names to fulfill the limewire dependent name? You do realise you don't have to install it using a pkg. you can 'make install' it in /usr/ports/java/diablo-jdk16 :) You do realize that I don't want to full around with compiling port source. That is the whole reason behind the package system. I am looking for answer to error in the package install of limewire and it's dependent diablo-jdk. I do now, with the cross-post It seemed like you wanted it done fairly quickly :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Limewire package install error
Fbsd1 wrote: Tried to pkg_add -r limewire. Dependant diablo-jdk-1.6.0.07.02.tbz File unavailable. The package diablo-jdk is not on 7.0 or 7.1 pkg server. Looking up diablo-jdk on the ports website, the long description points to here http://www.freebsdfoundation.org/downloads/java.shtml How am i to get these mis-matched package names to fulfill the limewire dependent name? You do realise you don't have to install it using a pkg. you can 'make install' it in /usr/ports/java/diablo-jdk16 :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Reconfiguring network interfaces
David Allen wrote: I need to make several wholesale changes to a few different systems, and I'd prefer to do it over SSH without losing connectivity where possible. I know I can use ifconfig, or edit /etc/rc.conf directly and reboot, but is there a canonical way to make the changes in /etc/rc.conf and "reload" those changes to ensure everything is in a known state? From what I can determine, running netif stop/start would work, but would require I do that locally. You could also use the alias featue, adding the new ip, sshing into the new ip, and dump the old ip. ** Though I haven't tried this method personally. ** HTH cya Andrew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
pptp and routing
G'Day all, got a freebsd Box FreeBSD gw.ade.eltrak.com.au 7.0-STABLE FreeBSD 7.0-STABLE #0: Wed Jul 9 03:46:03 CST 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/ELKERN i386 that has a poptop server on it. When a client logs in they get authed fine and get issued an IP. However when connecting or pinging no data comes back from the server. arpproxy is set, as is forwarding. net.inet.ip.forwarding: 1 net.link.ether.inet.proxyall: 1 The server for some reason puts a route for the client ip on the ethernet interface rather than the tun interface the client has come in on. /etc/ppp/ppp.conf loop: set timeout 0 set log phase chat connect lcp ipcp command set device localhost:pptp set dial set login set ifaddr 10.10.1.5 10.10.1.20-10.10.1.60 255.255.255.0 add default HISADDR set server /tmp/loop "" 0177 loop-in: set timeout 0 set log phase lcp ipcp command allow mode direct pptp: load loop disable pap enable passwdauth disable ipv6cp enable proxy accept dns enable MSChapV2 enable mppe disable deflate pred1 deny deflate pred1 set dns 10.10.1.5 set device !/etc/ppp/secure /etc/ppp/secure #!/bin/sh exec /usr/sbin/ppp -direct loop-in /usr/local/etc/pptpd.conf localip 10.10.1.5 remoteip 10.10.1.20-60 pidfile /var/run/pptpd.pid noipparam debug $ ifconfig fxp0: flags=8943 metric 0 mtu 1500 options=8 ether 00:04:ac:98:d2:c6 inet 10.10.1.5 netmask 0xff00 broadcast 10.10.1.255 media: Ethernet autoselect (100baseTX ) status: active re0: flags=8802 metric 0 mtu 1500 options=399b ether 00:40:ca:23:ed:5f media: Ethernet autoselect (100baseTX ) status: no carrier lo0: flags=8049 metric 0 mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff00 tun0: flags=8051 metric 0 mtu 1500 inet 10.8.0.1 --> 10.8.0.2 netmask 0x Opened by PID 775 tun1: flags=8051 metric 0 mtu 1398 inet 10.10.1.5 --> 10.10.1.34 netmask 0xff00 Opened by PID 14740 $ netstat -nr Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default10.10.1.254UGS 029107 fxp0 10.8.0.0/2410.8.0.2 UGS 0 215 tun0 10.8.0.2 10.8.0.1 UH 2 45 tun0 10.10.1.0/24 link#1 UC 00 fxp0 10.10.1.5 00:04:ac:98:d2:c6 UHLW2 322lo0 10.10.1.34 10.10.1.5 UGH 00 fxp0 10.10.1.25400:1e:be:97:95:23 UHLW20 fxp0 10.10.2.0/24 10.8.0.2 UGS 0 918 tun0 127.0.0.1 127.0.0.1 UH 0 208lo0 As you can see the client (10.10.1.34) is routed on the fxp0 interface rather than the tun1. Anyone got any Ideas? Cheers cya Andrew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Having some problems with a FreeBSD mail server (SMTP)
Andrew Falanga wrote: Hi, I run a mail server for my church. Today I was called that folks are able to receive, but not send their mail. They are all currently configured for POP3 (I use dovecot). At home I tried to send mail to two different e-mail accounts of mine using the church e-mail server and was successful. I used KMail for this. As I look through /var/log/maillog I do not even see authid= in the mail log (I'm using TLS with sendmail). One of the pastor's told me the error he's seeing is "timeout." They are using Outlook, I'm not sure of the version. What problems do people here usually encounter with Outlook mail clients and their SMTP servers? Have you even tried to get them to telnet to port 25, 465(for tls/ssl) to see what happens? If their ISP is blocking port 25 then you can get them to send their mail using port 465 (with TLS/SSL) or using the SMTP submission port which is on port 587. HTH cya Andrew At this point, I'd just like to have some leads. Any ideas what might be keeping them from sending? They can all log in and receive e-mail POP3. Thanks, Andy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
jailed isc-dhcpd
Anyone out there successfully running isc-dhcpd-3 jailed? I'm actually trying to get it jailed on an address which is on a loopback interface, which doesn't work (but I believe that's isc-dhcpd's fault and think I know how to fix that). Anyone have it working in a jail just on a generic alias on a "real" physical interface? If so, how'd you do it without dhcpd complaining about bpfs? Thanks in advance! -- Andrew Clark Campus Network Programmer Office of Information Technology University of California, Santa Barbara [EMAIL PROTECTED] (805) 893-5311 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: jailed isc-dhcpd
Answering my own question here. It is possible. I believe one will always need to define USE_SOCKETS in (within the isc-dhcpd-3 source) include/site.h to run it in a jail. Otherwise, dhcpd will try to use bpfs, which it cannot do inside a jail. To get it listening on a loopback, a small change to common/discover.c is needed: 187,188c187,189 < if ((ifa->ifa_flags & IFF_LOOPBACK) || <(ifa->ifa_flags & IFF_POINTOPOINT) || --- // ADC HACKED - don't skip loopbacks //if ((ifa->ifa_flags & IFF_LOOPBACK) || if((ifa->ifa_flags & IFF_POINTOPOINT) || Works for me! You probably only want to do this sort of thing if your dhcpd is _only_ getting requests via relay. I believe this will break things for you if you need to reply to broadcasts. -- Andrew Clark Campus Network Programmer Office of Information Technology University of California, Santa Barbara [EMAIL PROTECTED] (805) 893-5311 --On Thursday, January 27, 2005 05:15:23 PM -0800 "Andrew D. Clark" <[EMAIL PROTECTED]> wrote: Anyone out there successfully running isc-dhcpd-3 jailed? I'm actually trying to get it jailed on an address which is on a loopback interface, which doesn't work (but I believe that's isc-dhcpd's fault and think I know how to fix that). Anyone have it working in a jail just on a generic alias on a "real" physical interface? If so, how'd you do it without dhcpd complaining about bpfs? Thanks in advance! -- Andrew Clark Campus Network Programmer Office of Information Technology University of California, Santa Barbara [EMAIL PROTECTED] (805) 893-5311 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
isc-dhcp3-server chroot behavior
Hello,
I'm using the chrooted isc-dhcp3-server and I'd like the startup script
to do a few extra things which it does not. In order for name
resolution to work for a chrooted dhcp server, the following files must
be in /etc in the chroot:
host.confhostslocaltimeresolv.conf
The startup script doesn't handle copying those into the chroot, though
I think it should. Name resolution is handy if one wants to do
something like:
host somehost {
hardware ethernet blahblah;
fixed-address somehost.somedomain;
}
instead of using an IP address as the parameter for the fixed-address
argument.
I'd also like to add a feature to the rc script whereby one can define
a directory containing configs to be included in the dhcpd.conf to also
be copied to the chroot. A large configuration file is often easier to
handle if it is broken up into smaller files which are included into
the dhcpd.conf. If these included files lived only in the chroot,
they'd have to be edited there, which would be confusing compared to
the behavior of the dhcpd.conf in the chroot, which is copied from
/usr/local/etc/dhcpd.conf at startup.
I'm running isc-dhcp3-server-3.0.1.r14_6
I'll happily submit a patch against the current rc script which
implements these features if desired.
--
Andrew Clark
Campus Network Programmer
Office of Information Technology
University of California, Santa Barbara
[EMAIL PROTECTED] (805) 893-5311
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: isc-dhcp3-server chroot behavior
Here's a patch to the isc-dhcpd.sh script in /usr/local/etc/rc.d that
handles copying a few files out of /etc into the chroot for name
resolution and also handles copying a directory of configs to be
included (handy if you want to modularize the config):
--- isc-dhcpd.sh.orig Fri Dec 3 14:21:50 2004
+++ isc-dhcpd.shFri Dec 3 15:39:03 2004
@@ -11,6 +11,19 @@
# dhcpd_enable="YES"
#
+# ADC - I've made a few changes to this file.
+#
+# In order for name resolution to work (necessary if you want to use
DNS
+# names in the config (e.g. fixed-address somehost instead of some IP)
+# copy the following out of /etc: host.conf hosts localtime
resolv.conf
+#
+# define a directory containing included config files and copy those
+# to the chroot too. Otherwise, the real included configs must live
in
+# the chroot. This is confusing compared to the behavior of
dhcpd.conf,
+# which is copied from /usr/local/etc/dhcpd.conf to the chroot at
startup
+# and the chrooted copy should not be edited (since changes are lost
at
+# startup)
+
. /usr/local/etc/rc.subr
name=dhcpd
@@ -37,6 +50,10 @@
dhcpd_hostname=${dhcpd_hostname:-} # jail hostname
dhcpd_ipaddress=${dhcpd_ipaddress:-} # jail ip
address
+# added by ADC
+dhcpd_include_dir=${dhcpd_include_dir:-} # directory containing
included
+# config files
+
safe_run ()# rc command [args...]
{
local _rc
@@ -409,6 +426,10 @@
_dhcpd_conffile=${dhcpd_rootdir}${dhcpd_conffile}
_dhcpd_pidfile=${dhcpd_rootdir}${dhcpd_pidfile}
_dhcpd_leasesfile=${dhcpd_rootdir}${dhcpd_leasesfile}
+
+ #
+ # added by ADC
+ _dhcpd_include_dir=${dhcpd_rootdir}${dhcpd_include_dir}
}
setup_compat ()
@@ -450,6 +471,22 @@
safe_copy ${dhcpd_devdir} ${_dhcpd_devdir}
fi
safe_copy ${dhcpd_conffile} ${_dhcpd_conffile}
+
+ #
+ # added by ADC - copy files out of /etc for name
resolution
+ # host.conf hosts localtime resolv.conf
+ safe_mkdir ${_dhcpd_rootdir}/etc
+ safe_copy /etc/host.conf ${_dhcpd_rootdir}/etc/host.conf
+ safe_copy /etc/hosts ${_dhcpd_rootdir}/etc/hosts
+ safe_copy /etc/localtime ${_dhcpd_rootdir}/etc/localtime
+ safe_copy /etc/resolv.conf
${_dhcpd_rootdir}/etc/resolv.conf
+
+ #
+ # added by ADC - copy dhcpd_include_dir if defined
+ if [ -d "${dhcpd_include_dir}" ]; then
+ safe_mkdir ${_dhcpd_include_dir}
+ safe_copy ${dhcpd_include_dir}
${_dhcpd_include_dir}
+ fi
fi
}
--On Friday, December 03, 2004 02:38:41 PM -0800 "Andrew D. Clark"
<[EMAIL PROTECTED]> wrote:
Hello,
I'm using the chrooted isc-dhcp3-server and I'd like the startup
script to do a few extra things which it does not. In order for name
resolution to work for a chrooted dhcp server, the following files
must be in /etc in the chroot:
host.confhostslocaltimeresolv.conf
The startup script doesn't handle copying those into the chroot,
though I think it should. Name resolution is handy if one wants to
do something like:
host somehost {
hardware ethernet blahblah;
fixed-address somehost.somedomain;
}
instead of using an IP address as the parameter for the fixed-address
argument.
I'd also like to add a feature to the rc script whereby one can
define a directory containing configs to be included in the
dhcpd.conf to also be copied to the chroot. A large configuration
file is often easier to handle if it is broken up into smaller files
which are included into the dhcpd.conf. If these included files
lived only in the chroot, they'd have to be edited there, which would
be confusing compared to the behavior of the dhcpd.conf in the
chroot, which is copied from /usr/local/etc/dhcpd.conf at startup.
I'm running isc-dhcp3-server-3.0.1.r14_6
I'll happily submit a patch against the current rc script which
implements these features if desired.
--
Andrew Clark
Campus Network Programmer
Office of Information Technology
University of California, Santa Barbara
[EMAIL PROTECTED] (805) 893-5311
--
Andrew Clark
Campus Network Programmer
Office of Information Technology
University of California, Santa Barbara
[EMAIL PROTECTED] (805) 893-5311
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
liferay
Howdy all, I was wondering if anyone has installed liferay portal on a freeBSD server? If so, is there any catches I should be looking out for. TIA Cheers cya Andrew -- Network Administrator / Manager Webzone Internet 1st Floor (Oakley Street Entrance) 167 Grote Street Adelaide SA, 5000 Phone 1300 303 932 Fax 08 8221 6204 Email [EMAIL PROTECTED] [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Auto blacklist ssh connections ...
Howdy, We use Blockhosts found here :) http://www.aczoom.com/cms/blockhosts HTH cya Andrew DA Forsyth wrote: On 17 Sep 2008 , [EMAIL PROTECTED] entreated about "freebsd-questions Digest, Vol 233, Issue 7": Does anyone know of a utility that I can use with sshd to auto-block by IP if there are more then N failed attempts in a row? yes, 'pf' the packet filter. http://home.nuug.no/~peter/pf/en/bruteforce.html (but you really should read the tutorial from the beginning) -- DA Fo rsythNetwork Supervisor Principal Technical Officer -- Institute for Water Research http://www.ru.ac.za/institutes/iwr/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" -- Network Administrator / Manager Webzone Internet 1st Floor (Oakley Street Entrance) 167 Grote Street Adelaide SA, 5000 Phone 1300 303 932 Fax 08 8221 6204 Email [EMAIL PROTECTED] [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: configure NAT with demand dial interface?
imax36581 wrote: --snip-- thanks my friends... useful information also i must do it with pppoe connection and not ppp,it seems that both are the same,if not please inform me. pppoe is supported by ppp, just has a slightly different config within /etc/ppp/ppp.conf than ppp see http://www.freebsd.org/doc/en/books/handbook/pppoe.html 10x again . Cheers cya Andrew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
quick question regarding jails.
Howdy all, Just wondering if a box has 2 Ethernet cards with each card going to a different gateway/network, is it possible to stick a jail on the machine listening on one network interface and routing data out one card/network/gatway while the rest of the system uses the other port and gateway/network. I hope that makes sense. TIA cheers cya Andrew -- Network Administrator / Manager Webzone Internet 1st Floor (Oakley Street Entrance) 167 Grote Street Adelaide SA, 5000 Phone 1300 303 932 Fax 08 8221 6204 Email [EMAIL PROTECTED] [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
