Re: PF NAt
/etc/pf.conf
exter_if = "vr0"
^^^
nat on $exter_if from $inter_if to any -> $exter_if
^
Now look at man page about nat/rdr rule syntax:
nat-rule = [ "no" ] "nat" [ "pass" ] [ "on" ifspec ] [ af ]
[ protospec ] hosts [ "tag" string ] [ "tagged"
string ]
[ "->" ( redirhost | "{" redirhost-list "}" )
[ portspec ] [ pooltype ] [ "static-port" ] ]
Grammar says, that after the "->" keyword there should be specified
_host(s)_. So, if you want to use a macro, pointing to your interface
_name_, there's a technique to translate it to it's primary or any
aliased IP:
($macro)
Your line should look like this:
nat on $exter_if from $inter_if to any -> ($exter_if)
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: /usr/local/etc/rc.d and role accounts
Andrey V. Semyonov wrote:
The most terrible thing is than you can't extract a value from a
variable, which you name by some dynamic sting (you can't extract a
variable by name set in other variable partly or the whole)
Sorry, I'm too hurry.
if ! /bin/test -z $(eval echo \$${name}${common_var_suffix}); then ...
will work well too
.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: /usr/local/etc/rc.d and role accounts
Mike Hunter wrote:
Hi,
I'm hoping to get into the spirit of the new rc.d script specs (REQUIRES,
PROVIDES, command=, etc) on a new server I'm building. The old script I
was using looked like this:
I have several questions about how to replicate this behavior. I'm still
deciding whether I'm willing to split out the 10 or so instances into
separate scripts...if I didn't want to do that, is the best way to handle
it to create a script with all 10 command and then have the rc script run
that script?
How do I replicate the su stuff? I could say command=su and
foo_flags="foo-role -c ..." but that doesn't seem very good.
Well, you try to suggest rc scripts patches to implement such a beholder...
For example, implement new rc-script variable ${${name}_effective_user}
or like that... (sh syntax doesn't allow you to make such an expression)
Tried to play with and found that:
You may try to add a parameter to rc.conf:
for example, if cupsd.sh sets 'name=cupsd', then you should set
cupsd_effective_user in rc.conf (so, in sh-syntax it sounds like
${name}_effective_user )
The most terrible thing is than you can't extract a value from a
variable, which you name by some dynamic sting (you can't extract a
variable by name set in other variable partly or the whole)
So, some workaround is to use world's tools (may not work in minimal
installation distribution set):
if ! /bin/test -z $(set | /usr/bin/grep
"${name}${variable_common_suffix}" | /usr/bin/cut -d "=" -f 2); then
some_tricks();
fi;
Here I've just checked a nonzero length of such a 'dynamically' named
variable. If you can - try to implement such a beholder into rc.subr and
give us patches. If I have time I'll try to do that myself.
As a bonus, foo would like to make pid files, but /var/run isn't writable to
foo-role. What's the standard way to handle where to put the pid files?
/var/run/${progname}/ - directory for pidfiles of progs (ex. clamav's
clamd).
Directory is chowned by `prog' effective UID, or GID and set the
appropriate permissions to allow that UID/GID make changes in it.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
OpenOffice.org on amd64
I tried to run OpenOffice.org on my amd64 desk, but there wasn't amd64-package of 2.0.2, so I installed i386 version. As I understand, binary i386-emulation compiled into kernel should allow me to run any i386 application by concept. But, thereis such a problem running OOo: ---CUT--- $ openoffice.org /libexec/ld-elf.so.1: Shared object "libuno_sal.so.3" not found, required by "javaldx" /libexec/ld-elf.so.1: Shared object "libm.so.4" not found, required by "pagein" /libexec/ld-elf.so.1: Shared object "libvcl680fi.so" not found, required by "soffice.bin" ---CUT--- $ ls /usr/local/openoffice.org-2.0.2.rc2/program/lib*.so* /usr/local/openoffice.org-2.0.2.rc2/program/libuno_sal.so.3 /usr/local/openoffice.org-2.0.2.rc2/program/libvcl680fi.so $ ls /lib/libm* /lib/libm.so.4 /lib/libmd.so.3 $ export LD_LIBRARY_PATH=/usr/local/openoffice.org-2.0.2.rc2/program $ openoffice.org /libexec/ld-elf.so.1: Shared object "libuno_sal.so.3" not found, required by "javaldx" /libexec/ld-elf.so.1: Shared object "libm.so.4" not found, required by "pagein" /libexec/ld-elf.so.1: Shared object "libvcl680fi.so" not found, required by "soffice.bin" $ ldconfig -m /usr/local/openoffice.org-2.0.2.rc2/program $ openoffice.org /libexec/ld-elf.so.1: Shared object "libuno_sal.so.3" not found, required by "javaldx" /libexec/ld-elf.so.1: Shared object "libm.so.4" not found, required by "pagein" /libexec/ld-elf.so.1: Shared object "libvcl680fi.so" not found, required by "soffice.bin" $ ldd /usr/local/openoffice.org-2.0.2.rc2/program/soffice.bin ldd: /usr/local/openoffice.org-2.0.2.rc2/program/soffice.bin: can't read program header ldd: /usr/local/openoffice.org-2.0.2.rc2/program/soffice.bin: not a dynamic executable $ file /usr/local/openoffice.org-2.0.2.rc2/program/soffice.bin /usr/local/openoffice.org-2.0.2.rc2/program/soffice.bin: ELF 32-bit LSB executable, Intel 80386, version 1 (FreeBSD), dynamically linked (uses shared libs), stripped $ uname -r 6.1-PRERELEASE Does anybody know what is the clue? Seems like linker cannot correctly define file type and it's dependencies (but how does it not find some libs!?). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
/etc/fstab FS-specific parameters
Hi there! How do you use FS-specific parameters in /etc/fstab (like -E for mount_msdosfs, or -I for mount_smbfs, etc...) ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: arp problem?
spen wrote: I get this message all the time and I 've searched around forums but did not find something about it.. arp: 00:10:b5:df:b5:ff attempts to modify permanent entry for 10.101.10.47 on xl0 arp: 00:10:b5:df:b5:ff attempts to modify permanent entry for 10.101.10.47 on xl0 arp: 00:10:b5:df:b5:ff attempts to modify permanent entry for 10.101.10.47 on xl0 arp: 00:10:b5:df:b5:ff attempts to modify permanent entry for 10.101.10.47 on xl0 arp: 00:10:b5:df:b5:ff attempts to modify permanent entry for 10.101.10.47 on xl0 after many times of repeating itself I get a message which says "last message repeated x times".. does anybody have any idea about it? ps: 10.101.10.47 is another pc on the local lan... You have a permanent entry in your ARP-table for that IP. But someone tries to use this IP on another computer, or NIC was changed on the PC with that IP. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Detecting CPU type without dmesg
Nathan Butcher wrote: Here's a curly question:- How can you detect the CPU type (make, model, and rated speed) on a running FreeBSD server without using dmesg? I can't shut this machine off to check BIOS messages, and neither can I check dmesg (it seems that a pile of network dmesg logging has rotated the kernel initialization log part off into the sunset). Is there a way to check CPU processor make and model type at all now? I'm starting to wish that FreeBSD would save the kernel initialization log in a place where it couldn't get lost (sort of like /proc in Linux but without the fanciness that entails)... or perhaps there is such a Valhalla in FreeBSD and I can't see it for the forest? You may try: # less /var/run/dmesg.boot The boot-stage dmesg is always saved there. Also, try to use linprocfs(5) and mount_linprocfs(8). The linux-style hardware description is there. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Low network performance after upgrade from FreeBSD 4.8 to 6.0
Bohuslav Plucinsky wrote: I've tried PF, suggested by Martin Hudec and it seems that PF does not have this performance problem. I like IPFW, I use it since year 1999, but probably is time to switch to PF. The impact you receive is caused by user-level 'natd'. Use 'ipnat(8)' instead as it is kernel-level, or as mentioned use 'pf(4)'. Of course use it without 'ipfw add divert' rule by saving the overall role of 'ipfw' in your firewalling. As an addition, you may use 'ipnat', 'ipfw' and 'pf' and seems even 'ipf' together the same time (with some precautions, try to find the information on it, I know it was there). Just using needed specific features of each of them where it is needed. Try it. Use it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Thunderbird + Mozilla Suite
Duane Whitty wrote: Strange things... When launched from xterm (or directly from my WM's button) /usr/X11R6/bin/mozilla starts mozilla binary normally. But after such a reconfiguration of TB when I try to open any link in TB it prints "/usr/X11R6/bin/mozilla: Cannot find mozilla binary executable. Exiting." into terminal from X is launched. ___ I am not sure why it is doing that. Please, do not take offense but have you checked to make sure you did not make any typographical mistakes. Another point to consider is that /usr/X11R6/bin/mozilla is probably not the actual mozilla binary but rather a shell script to start the browser. Maybe you can find out what the actual binary is called. It is probably similar to mozilla-bin, moz-bin, etc. Actually it will be mentioned in the script but beware though that calling it directly may not work. Yes, that's a script. And a strange bug was actually in it. I've commented out some checks in it and now it works fine. So, thanks a lot for help. (Aside: I thought the mozilla-suite built in email program was essentially thunderbird? I hope I was correct when I assumed you were using mozilla and not firefox?) No, Mozilla Suit's mail programm is named 'mozilla-mail'. It's heir by some shared code is Thunderbird (that's already explained yesterday). Thunderbird's feature of RSS-reading is the most necessary feature that caused me to use it (mozilla-mail can't read RSS-feeds). But as I understand, Thunderbird is mostly compat-ed to Firefox and some kind of moved away from Mozilla Suite project. That's why we have to do tricks to make these same-family projects do well together now. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Thunderbird + Mozilla Suite
Duane Whitty wrote: If you did not find an entry named network.protocol-handler.app.http then right click on any entry under Preference Name. Choose New, String. When you are prompted for the new string type network.protocol-handler.app.http When you are prompted for the new value enter the path of the mozilla web browser launcher. Follow the same procedures as above to enable support for https. Everywhere you typed http above type https instead. I hope this helps. Strange things... When launched from xterm (or directly from my WM's button) /usr/X11R6/bin/mozilla starts mozilla binary normally. But after such a reconfiguration of TB when I try to open any link in TB it prints "/usr/X11R6/bin/mozilla: Cannot find mozilla binary executable. Exiting." into terminal from X is launched. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Thunderbird + Mozilla Suite
Is it possible and what docs do describe setting a mozilla-bin from Mozilla Suite as URL-browser in Thunderbird? Mozilla Suite and Thunderbird are installed from ports. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Put non-ether iface + ether-iface into bridge mode
Hi,
Is it possible to make a non-ether iface work bridged together ether-iface?
As for example:
[NET1] <-> {if1_1}[ROUTER1]{if1_0} <-> wireless <->
{if0_0}[ROUTER0]{if0_1} <-> [NET0]
{ppp1}
<--> {ppp0}
As for insufficient security provided by wireless protocols I try to
establish {ppp1}-{ppp0} encrypted link on top of wireless link
{if1_0}-{if0_0}. But the figure is there are not only IP packets in the
wire, also it must transport IPX packets, so I decided to transport all
of ethernet traffic between routers through ppp-link and setting
{if1_1}+{ppp1}=bridge1 and {ppp0}+{if0_1}=bridge0. But neither
ng_bridge, nor if_bridge allow to set bridged non-ether type iface.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
