Re: Multiple DNS
Le 19 févr. 06 à 08:46, Robert Slade a écrit : Hi, I am looking for some advice. I have a network which is based on a number of servers running FreeBsd 6.0 serving Win XP work stations. (yes I know but..) The network is large enough to use DHCP and DNS for the internal network, I have setup a DHCP server with a Dynamic DNS (Bind 9) on one of the servers. That server is handling the LDAP side of the domain. Is your DNS server busy resolving internal requests or external ones ? There appears to be a fair bit of DNS Traffic which leads to a secondary DNS being required to take some of the load as DNS lookup are slow. The question I have is should I just setup a cashing DNS on another server using the primary as a forwarder or even several servers eg the mail server and the secondary LDAP server, or should I setup a proper secondary DNS using my ISP as a forwarder with dynamic updates from the primary. You should not forward anything to your ISP. This is probably the main reason for your DNS beeing slow. You should make shure you have well defined your network in your conf (so that you don't resolve queries for outside users...)- I would not advise you to forward any queries to your ISP as this will disable the capacity for your own server to build It's own resolver database and forward all the queries to the ISP (resulting in slow answers)! Normaly you should configure the master and the slave to be authoritative for your internal domains. And configure the master and the slave to resolve ALL the Internet domains for your internal network and none for outside domains. DNS is very tightly related to network... And we don't have any clue for the topology of your Net. SHORT ANSWER : DON'T FORWARD -- BUILD YOUR OWN DATABASE!! Sorry if this is a bit vague, but I have no experience in this area. Rob ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SATA Raid
From a little 1U server I am using : Promise PDC20371 SATA150 controller All the best : driver are setup in the card so you can upgrade your system without any problem. You'll probably have to compile driver before uploading them to the card... Or http://www.lsilogic.com/products/megaraid/sata_150_4.html Drivers are available for FreeBSD. Le 11 févr. 06 à 04:35, Robert Uzzi a écrit : Anyone know of any of the cheaper SATA raid cards that work well under FreeBSD. I'd love to go get a 3ware but they are fairly pricey. «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Cron script redirection (probably stderr problem ?)
Hello, I am using a little cron script to update my server that calls portsnap. Once this is done there is another piece of script that tells me which port(s) is to be updated with a simple call to a script that mainly execute portversion -l and mail me the output of the command. There is one little problem with that script : Cron mails me (root) each time this output (probably because it comes from standerr ?) : [Updating the portsdb format:bdb1_btree in /usr/ports ... - 14011 port entries found . 1000.2000.3000.4000.5000.6000. 7000.8000.9000.1.11000.120 00.13000.14000 . done] The cron script is executed as follow : 0 3 * * * /usr/local/sbin/portsnap cron /usr/local/sbin/portsnap - I update /root/src/upgrade.sh /var/log/upgrade.log I've tried to add a 21 at the end of the script : 0 3 * * * /usr/local/sbin/portsnap cron /usr/local/sbin/portsnap - I update /root/src/upgrade.sh /var/log/upgrade.log 21 But this does not seem to change my problem. Any help ? «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: unable to build ntp
Thanks everyone for the help. For the archive: I went to /usr/src/contrib/ntp/ntpdate and edited ntpdate.c. I searched for 'host found' and changed the stderror to stdout. I then went to /usr/src/usr.sbin/ntp and performed a make install clean. Problem solved; the new 'host found' messages now go to stdout, just like all the other messages, so I can dump them to /dev/null, but 'host not found' error messages still show up as mail to root. Brad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: blocking yahoo messenger
On 1/2/06, Imran Imtiaz [EMAIL PROTECTED] wrote: how can I block yahoo messenger using ipf? [snip] Have a look at at http://www.bsdforums.org/forums/showthread.php?t=10225 ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Closing some open ports
Greetings, I've finished installing a FreeBSD RELENG_6_0 which carries DNS/Apache/DHCP/SAMBA/TFTP Chrooted Bind9 / chrooted DHCP and tftp port is listening on the int_if only thru inetd. Apache is only serving intranet site for docs. I know too many services on one machine, but it's not my call. My problem is with SAMBA and SNMP for mrtg graph I want them to bind to specific IPs instead of listening on *:portmy sockstat -4l shows: snip root snmpd 717 6 udp4 *:161 *:* root smbd 709 21 tcp4 *:445 *:* root smbd 709 22 tcp4 *:139 *:* root nmbd 705 6 udp4 *:137 *:* root nmbd 705 7 udp4 *:138 *:* root nmbd 705 8 udp4 10.99.99.254:137 *:* root nmbd 705 9 udp4 10.99.99.254:138 *:* root nmbd 705 10 udp4 10.98.98.254:137 *:* root nmbd 705 11 udp4 10.98.98.254:138 *:* snip My general practice is always to bind each and every service to a specific IP for containing it. unless it's needed such as DHCP. I looked on samba's website first on how to make samba run as non-root unfortuantely looks that is not possible as far as I'm aware of, which is insance. Although I have hosts allow and interfaces statement in smb.conflistening only on the internal LAN. I can still scan my network with nmap from another network and get this: PORTSTATE SERVICE 139/tcp open netbios-ssn 445/tcp open microsoft-ds I can install samba inside a jail(8) but it will be still running as root and the ports will show up. Or I can put some rules in pf.conf to restrict access to whatever I want from outside. But maybe there is another way to do that, I'm all ears. All I want is to get rid of this: root smbd 709 21 tcp4 *:445 *:* root smbd 709 22 tcp4 *:139 *:* root nmbd 705 6 udp4 *:137 *:* root nmbd 705 7 udp4 *:138 *:* I can live with it running as root in my LAN, as long it doesn't show on the external interface when port scanning. Thanks in advance, -- BSDMail ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Errors during make buildworld (5.4 to 6.0 upgrade)
While running make buildworld after a make cleanworld and make cleandir in attempts to upgrade from 5.4 to 6.0, I cannot get around the following error: make: don't know how to make /usr/src/lib/libalias/alias.c. Stop *** Error code 2 Stop in /usr/src/lib. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. I followed the suggestions from http://www.nabble.com/buildworld-failing-on-amd64-with-RELENG_6-t494383.html and although going into the directory in question and building there worked, then running make buildworld quit at the same spot. The only other report I have seen suggested rm -rf /usr/obj/* (http://lists.freebsd.org/pipermail/freebsd-amd64/2005-November/006615.html) but that is part of what make cleanworld does so I didn't feel the need to do it yet again. Any suggestions and help is welcome. Cheers, BSDuser ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
PowerEdge 2850 AMD64 panics
This is my first post to the FreeBSD mailing list, and unfortunatley its because I've been having a vexing problem with one of my servers. The machine in question is a Dell PowerEdge 2850 w/2 3Ghz EMT64 Xeons, 2gbs of ram, a Perc 4e/Di w/6 300GB drives. This machines primary function is as a mail server running Exim. Below is a DMESG from this machine. This machine is running the AMD64 port of freebsd, and what is happening is often when the volume of incoming mail gets pretty high, the machine will panic and reboot. I have tried to capture a dump but it always fails dumping before it completes, usually before its dumped more then 24MB. The few times that I have seen the console when its happened the panic was something to do with UFS. I have upgraded the bios and firmwares on everything, and that increased the stability of the machine. I also turned off soft updates on all the file systems, which also further increased stability, however there is still a problem. Any pointers/hints/tips/solutions would be greatly appreciated. Also, if more information is needed let me know and I would be happy to provide it. Thanks in advance for any help you may be able to give. Stacy Anable Rio Communications The Regents of the University of California. All rights reserved. FreeBSD 5.4-RELEASE-p7 #0: Thu Oct 6 11:13:54 PDT 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/MAIL Timecounter i8254 frequency 1193182 Hz quality 0 CPU: Intel(R) Xeon(TM) CPU 3.00GHz (2992.71-MHz K8-class CPU) Origin = GenuineIntel Id = 0xf43 Stepping = 3 Features=0xbfebfbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE Features2=0x641dSSE3,RSVD2,MON,DS_CPL,CNTX-ID,CX16,b14 AMD Features=0x20100800SYSCALL,NX,LM Hyperthreading: 2 logical CPUs real memory = 2147221504 (2047 MB) avail memory = 2064646144 (1969 MB) ACPI APIC Table: DELL PE BKC FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 cpu2 (AP): APIC ID: 6 cpu3 (AP): APIC ID: 7 ioapic0: Changing APIC ID to 8 ioapic1: Changing APIC ID to 9 ioapic1: WARNING: intbase 32 != expected base 24 ioapic2: Changing APIC ID to 10 ioapic2: WARNING: intbase 64 != expected base 56 ioapic3: Changing APIC ID to 11 ioapic3: WARNING: intbase 96 != expected base 88 ioapic0 Version 2.0 irqs 0-23 on motherboard ioapic1 Version 2.0 irqs 32-55 on motherboard ioapic2 Version 2.0 irqs 64-87 on motherboard ioapic3 Version 2.0 irqs 96-119 on motherboard acpi0: DELL PE BKC on motherboard acpi0: Power Button (fixed) Timecounter ACPI-fast frequency 3579545 Hz quality 1000 acpi_timer0: 24-bit timer at 3.579545MHz port 0x808-0x80b on acpi0 cpu0: ACPI CPU on acpi0 cpu1: ACPI CPU on acpi0 cpu2: ACPI CPU on acpi0 cpu3: ACPI CPU on acpi0 pcib0: ACPI Host-PCI bridge port 0xcf8-0xcff on acpi0 pci0: ACPI PCI bus on pcib0 pcib1: ACPI PCI-PCI bridge at device 2.0 on pci0 pci1: ACPI PCI bus on pcib1 pcib2: ACPI PCI-PCI bridge at device 0.0 on pci1 pci2: ACPI PCI bus on pcib2 amr0: LSILogic MegaRAID 1.51 mem 0xdfec-0xdfef,0xd80f-0xd80f irq 46 at device 14.0 on pci2 amr0: LSILogic PERC 4e/Di Firmware 521S, BIOS H430, 256MB RAM pcib3: ACPI PCI-PCI bridge at device 0.2 on pci1 pci3: ACPI PCI bus on pcib3 pcib4: ACPI PCI-PCI bridge at device 4.0 on pci0 pci4: ACPI PCI bus on pcib4 pcib5: ACPI PCI-PCI bridge at device 5.0 on pci0 pci5: ACPI PCI bus on pcib5 pcib6: ACPI PCI-PCI bridge at device 0.0 on pci5 pci6: ACPI PCI bus on pcib6 em0: Intel(R) PRO/1000 Network Connection, Version - 1.7.35 port 0xecc0-0xecff mem 0xdfbe-0xdfbf irq 64 at device 7.0 on pci6 em0: Ethernet address: 00:14:22:10:4f:c2 em0: Speed:N/A Duplex:N/A pcib7: ACPI PCI-PCI bridge at device 0.2 on pci5 pci7: ACPI PCI bus on pcib7 em1: Intel(R) PRO/1000 Network Connection, Version - 1.7.35 port 0xdcc0-0xdcff mem 0xdf9e-0xdf9f irq 65 at device 8.0 on pci7 em1: Ethernet address: em1: Speed:N/A Duplex:N/A pcib8: ACPI PCI-PCI bridge at device 6.0 on pci0 pci8: ACPI PCI bus on pcib8 pcib9: ACPI PCI-PCI bridge at device 0.0 on pci8 pci9: ACPI PCI bus on pcib9 pcib10: ACPI PCI-PCI bridge at device 0.2 on pci8 pci10: ACPI PCI bus on pcib10 pci0: serial bus, USB at device 29.0 (no driver attached) pcib11: ACPI PCI-PCI bridge at device 30.0 on pci0 pci11: ACPI PCI bus on pcib11 pci11: unknown at device 5.0 (no driver attached) pci11: unknown at device 5.1 (no driver attached) pci11: unknown at device 5.2 (no driver attached) atapci0: SiI 0680 UDMA133 controller port 0xcc70-0xcc7f,0xccd0-0xccd3,0xccd8-0xccdf,0xcce4-0xcce7,0xccf0-0xccf7 irq 23 at device 6.0 on pci11 ata2: channel #0 on atapci0 ata3: channel #1 on atapci0 pci11: display, VGA at device 13.0 (no driver attached) isab0: PCI-ISA bridge at device 31.0 on pci0 isa0: ISA bus on isab0 atapci1: Intel ICH5 UDMA100 controller port 0xfc00-0xfc0f,0x376,0x170-0x177,0x3f6,0x1f0-0x1f7 at device 31.1 on pci0 ata0: channel #0 on atapci1
Re: pf blocking nfs
[snip] In your original post, there was something about a short packet. I'm guessing this might screw things up. You might try adding 'scrub in all' before the filtering rules. [smip] Be careful with scrub and NFS. From http://openbsd.bay13.net/faq/pf/scrub.html One reason not to scrub on an interface is if one is passing NFS through PF. Some non-OpenBSD platforms send (and expect) strange packets -- fragmented packets with the do not fragment bit set, which are (properly) rejected by scrub. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
make index make fetchindex
Hello, I have a little script that I run twice a week that updates my ports automatically. I have quite often errors with the make index line because I have a refuse file to fasten the process of updating my server. My question is : can I safely replace the make index by the a make fetchindex ? What will be the main differences if I do so ? What are the risks ? #!/bin/sh if SERVER=`/usr/local/bin/fastest_cvsup -Q -c fr,fr` then echo Je fais tourner CVSUP /usr/local/bin/cvsup -L1 -h $SERVER /root/cvs-supfile else echo Mmmh ! il y a un blem !! 12 exit 1 fi #echo Je mets a jour docs #cd /usr/docs #make install echo Je mets a jour l'index des ports cd /usr/ports make index echo Les logiciels suivant necessitent une mise a jour : /usr/local/sbin/portversion -l #echo Je mets a jour les ports #portupgrade -arR echo echo J'ai fini pour le serveur newmail a `/bin/date`. echo cat /var/log/upgrade.log | mail -s Portversion Newmail du `/bin/ date` gregober «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Updating from RELENG_5_1_2_RELEASE to ... ??
Hello, I am going to update one of my customer's server from RELENG_5_2_1_RELEASE to RELENG_5_3 or RELENG_5_4 or RELENG_5 Which version would you advise me ?? This is a mail server in production (postfix - amavisd - spamassassin) so It obviously needs stability. There is no GUI (X11 or so). Which version of the system should I stick to ?? What are the risks ? Which long term policy would you advise me to get this server up and running as long as possible ? «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Fwd: Updating from RELENG_5_1_2_RELEASE to ... ??
Hello, I am going to update one of my customer's server from RELENG_5_2_1_RELEASE to RELENG_5_3 or RELENG_5_4 or RELENG_5 Which version would you advise me ?? This is a mail server in production (postfix - amavisd - spamassassin) so It obviously needs stability. There is no GUI (X11 or so). Which version of the system should I stick to ?? What are the risks ? Which long term policy would you advise me to get this server up and running as long as possible ? «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
6.0 Release no /stand/sysinstall ?
Greetings, I've just installed a vanila FreeBSD 6.0 Release from CD. As usual I thought i might want to add other things from /stand/sysinstall but looks like I'm getting command not found so I cd to the / directory but there is no stand directory in there. Anything I should know about in regards of 6.0 ?? If no change happend, how can i access it or add it ? -- thanks, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
dhcp server on multiple interfaces.
Hello everyone, I'm configuring a gateway machine with 3 network interfaces int_ext (rl0) will obtained a real static IP from a public dhcp server. int_dmz (fxp0) 10.0.1.1/24 http://10.0.1.1/24 both internal networks will need a dhcp server to assign them the right subnet int_lan (xl0) 10.0.0.1/24 http://10.0.0.1/24 I already figured out how to specify multiple subnets and grouping, static address etc... in the dhcp config file. what I want to make sure of is the /etc/rc.conf would this entry be valid and assign the right IP from the range of subnet : dhcpd_ifaces=fxp0 xl0 will that cause the dhcp server to assign 10.0.1.x/24 addresses to the machines on the switch connected to fxp0 ? and 10.0.0.x/24 to the machines on the switch connected to xl0 ? If not what's the maximum number of interfaces I can specify in the option dhcpd_ifaces= assuming I have all the subnets and related information configured correctly in the dhcpd.conf ? -- thanks, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Aztech modem
On 10/29/05, Greg 'groggy' Lehey [EMAIL PROTECTED] wrote: On Tuesday, 15 November 2005 at 6:37:40 +0330, Mohsen Pahlevanzadeh wrote: Dears, I can use my modem in GNU/Linux (each distro,without problem) My modem is external its mark is Aztech.I use dos port. But i can't use /dev/cuaa0 or plus in FreeBSD. Please guide .. http://www.lemis.com/questions.html Greg Same question as http://www.bsdforums.org/forums/showthread.php?t=35879 ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Core Dump using portversion
Problem was due to multiple install of ruby that were not cleaned well. solution : de-install these various version and keep the last release of ruby. Le 6 oct. 05 à 12:00, bsd a écrit : This has not solved my issue : ns2# pkgdb -fu --- Updating the pkgdb [Rebuilding the pkgdb format:bdb1_btree in /var/db/pkg ... - 168 packages found (-0 +168) ... . done] ns2# portversion -l [Failed `Inappropriate file type or format'] [Updating the portsdb format:bdb1_btree in /usr/ports ... - 13568 port entries found .1000.2000... The ruby process involved puts the processor at 98% use and nothing move on after that... I had to kill the process in order to get my hand back on the server... ?? Le 6 oct. 05 à 11:31, Vladimir Tsvetkov a écrit : We have one of our server that core dumps when we are trying to use portversion ns2# portversion -l [Updating the pkgdb format:bdb1_btree in /var/db/pkg ... - 168 packages found (-1 +1) (...). done] [Failed `Inappropriate file type or format'] [Updating the portsdb format:bdb1_btree in /usr/ports ... - 13568 port entries found .1000.2000...[BUG] Segmentation fault ruby 1.8.2 (2004-12-25) [i386-freebsd5] Abort (core dumped) So far I have : - de-install and re-install ruby. - de-install and re-install portupgrade. Nothing has changed... Our system is FreeBSD 5.2.1 Do you have any clue regarding the way we can solve this issue ?? This is from the portupgrade man page in the WARNING section: Even if you don't do anything wrong, a package database may get corrupt somehow when it is heavily updated. In such cases, run ``pkgdb -fu '' to rebuild the database and rescue the tools from coredumping. Best Regards, Vladimir «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Core Dump using portversion
Hello, We have one of our server that core dumps when we are trying to use portversion ns2# portversion -l [Updating the pkgdb format:bdb1_btree in /var/db/pkg ... - 168 packages found (-1 +1) (...). done] [Failed `Inappropriate file type or format'] [Updating the portsdb format:bdb1_btree in /usr/ports ... - 13568 port entries found .1000.2000...[BUG] Segmentation fault ruby 1.8.2 (2004-12-25) [i386-freebsd5] Abort (core dumped) So far I have : - de-install and re-install ruby. - de-install and re-install portupgrade. Nothing has changed... Our system is FreeBSD 5.2.1 Do you have any clue regarding the way we can solve this issue ?? Thanks «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Core Dump using portversion
This has not solved my issue : ns2# pkgdb -fu --- Updating the pkgdb [Rebuilding the pkgdb format:bdb1_btree in /var/db/pkg ... - 168 packages found (-0 +168) .. .. done] ns2# portversion -l [Failed `Inappropriate file type or format'] [Updating the portsdb format:bdb1_btree in /usr/ports ... - 13568 port entries found .1000.2000... The ruby process involved puts the processor at 98% use and nothing move on after that... I had to kill the process in order to get my hand back on the server... ?? Le 6 oct. 05 à 11:31, Vladimir Tsvetkov a écrit : We have one of our server that core dumps when we are trying to use portversion ns2# portversion -l [Updating the pkgdb format:bdb1_btree in /var/db/pkg ... - 168 packages found (-1 +1) (...). done] [Failed `Inappropriate file type or format'] [Updating the portsdb format:bdb1_btree in /usr/ports ... - 13568 port entries found .1000.2000...[BUG] Segmentation fault ruby 1.8.2 (2004-12-25) [i386-freebsd5] Abort (core dumped) So far I have : - de-install and re-install ruby. - de-install and re-install portupgrade. Nothing has changed... Our system is FreeBSD 5.2.1 Do you have any clue regarding the way we can solve this issue ?? This is from the portupgrade man page in the WARNING section: Even if you don't do anything wrong, a package database may get corrupt somehow when it is heavily updated. In such cases, run ``pkgdb -fu '' to rebuild the database and rescue the tools from coredumping. Best Regards, Vladimir «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Performance of mailserevr in FreeBSD 5.4
I have configured four servers using FreeBSD 5.3 with the following ports : - Postfix - Amavisd-new - SpamAssassin - Dcc - Courrier-IMAP - Clamav Not only is this working very well, but It's easy to update and very steady. One of the configuration I have is load balancing the trafic (using MX DNS) between 2 servers (1U 3Ghz Intel proc). Servers are processing mail (virus scanned - user verification using LDAP - spam checked) and delivering them inside a network wher people are collecting them. More than 10.000 mails are processed every day no problem. If you need more detail - let me know. Sincerly yours. Le 20 sept. 05 à 19:44, Deepak Naidu a écrit : Thanx Randy, It would be good, if I have some data of posted doc regarding this... or of your own experience. Thanx for your advise Cheers, Deepak Naidu. Randy Schultz [EMAIL PROTECTED] wrote: On Tue, 19 Sep 2005, Chuck Swiger spaketh thusly: -}Deepak Naidu wrote: -} I wanted to know whether FreeBSD can make a perfect -} mailserver compared to mailservers on linux. I am in -} process of porting them, but needed some statistical -} info regarding its performance compared with other os. -} -}FreeBSD makes a fine mailserver. It certainly does. A few months ago I did some testing and found that freebsd 5.4 with softupdates enabled was able to process IIRC ~300% more email than fedora core 4. In fact sendmail on fbsd 5.4 handled nearly as much email as postfix on fc4 while postfix on fbsd 5.4 was smokin' the wire. I still have the hard data around somewhere if you think it'll be useful to you. -- Randy ([EMAIL PROTECTED]) 715-726-2832 email bodhisattva * There is no fire like passion, there is no shark like hatred, there is no snare like folly, there is no torrent like greed. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] - How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos. Get Yahoo! Photos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Problem when making index in /usr/ports
Hello, Since this morning I have problem generating my index whith the traditional make index executed in/usr/ports I have already make fetchindex but this didn't solve the issue. Any help will be apreciated. root:newmail 12:16 /usr/ports # make index Generating INDEX-5 - please wait..p5-Unicode-MapUTF8-1.09: /usr/ ports/japanese/p5-Jcode non-existent -- dependency list incomplete === converters/p5-Unicode-MapUTF8 failed *** Error code 1 1 error Before reporting this error, verify that you are running a supported version of FreeBSD (see http://www.FreeBSD.org/ports/) and that you have a complete and up-to-date ports collection. (INDEX builds are not supported with partial or out-of-date ports collections -- in particular, if you are using cvsup, you must cvsup the ports-all collection, and have no refuse files.) If that is the case, then report the failure to [EMAIL PROTECTED] together with relevant details of your ports configuration (including FreeBSD version, your architecture, your environment, and your /etc/make.conf settings, especially compiler flags and WITH/WITHOUT settings). Note: the latest pre-generated version of INDEX may be fetched automatically with make fetchindex. *** Error code 1 Stop in /usr/ports. *** Error code 1 Stop in /usr/ports. root:newmail 12:17 /usr/ports # uname -a FreeBSD newmail.rmm.fr 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov 5 04:19:18 UTC 2004 [EMAIL PROTECTED]:/usr/obj/usr/ src/sys/GENERIC i386 «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Has this box been hacked?
On 7/6/05, Brett Glass [EMAIL PROTECTED] wrote: A client had a network problem, and I wanted to make sure that his FreeBSD 4.11 router wasn't the cause of it, so I rebooted it. I then did a last command and saw the following: root ttyv0 Tue Jul 5 12:01 - 12:05 (00:04) admin ttyp0 localhost Tue Jul 5 11:57 - 11:57 (00:00) root ttyv0 Tue Jul 5 11:49 - 12:00 (00:11) reboot ~ Tue Jul 5 11:49 shutdown ~ Tue Jul 5 11:47 root ttyv0 Tue Jul 5 11:37 - shutdown (00:10) reboot ~ Tue Jul 5 11:36 shutdown ~ Tue Jul 5 05:36 shutdown ~ Tue Jul 5 11:22 Note the shutdown entry with the time 5:36 AM, which is odd because it's out of chronological order and the other logs don't show the typical debug messages at that time. Where might such an entry come from? How likely is it that the box has been rooted? Are there known exploits that might have been used to root a FreeBSD 4.11-RELEASE machine? (The only unusual activity I can see in the logs is a few attempts to log in as root via SSH. The attempts that were logged were not successful, but of course a skilled attacker would cover his tracks.) If you would have installed something like tripwire or aide, you would have been in a better position to find out whether the box has been owned. See http://www.onlamp.com/pub/a/bsd/2003/04/03/FreeBSD_Basics.html =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Problem updating apache 2.1.x via port
or directory find: /usr/local/include/apr-1/apu_version.h: No such file or directory find: /usr/local/include/apr-1/apu_want.h: No such file or directory *** Error code 1 Stop in /usr/ports/www/apache21/work/httpd-2.1.4-alpha/server. *** Error code 1 Stop in /usr/ports/www/apache21/work/httpd-2.1.4-alpha/server. *** Error code 1 Stop in /usr/ports/www/apache21/work/httpd-2.1.4-alpha. *** Error code 1 Stop in /usr/ports/www/apache21. *** Error code 1 Stop in /usr/ports/www/apache21. ** Command failed [exit code 1]: /usr/bin/script -qa /tmp/ portupgrade50638.44 make reinstall egrep: /var/db/pkg/apache-2.1.3/+CONTENTS: No such file or directory --- Restoring the old version «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Using unix mail with maildir format
Hello, Does anyone know if there is a way to read mail with unix mail program? I've been using this program since couple of years and I am quite happy with It… I can't seem to find a shortcut to have It read maildir format… Thanks. «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Installing FreeBSD on NEC Express5800/120Ef
Has anyone successfully installed FreeBSD 5.x on a NEC Express5800/120Ef Thanks for your answer and experience. «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Refuse file for cvs sync.
Hello, I have just configured a refuse file for my mail server, I was wondering if the format of my file is ok... doc/bn_* doc/da_* doc/de_* doc/el_* doc/es_* doc/it_* doc/ja_* doc/nl_* doc/no_* doc/pl_* doc/pt_* doc/ru_* doc/sr_* doc/tr_* doc/zh_* ports/arabic* ports/astro* ports/audio* ports/biology* ports/chinese* ports/games* ports/german* ports/hebrew* ports/hungarian* ports/japanese* ports/korean* ports/polish* ports/portuguese* ports/russian* ports/x11* www/de* www/es* www/it* www/ja* www/nl* www/pt* www/ru* www/tr* www/zh* data/es* data/ja* data/ru* data/zh* www/data/es* www/data/ja* www/data/ru* www/data/zh* src/share/doc/es* src/share/doc/ja* src/share/doc/ru* src/share/doc/zh* And the second thing is that I would like to erase the ports that are not needed (the one that are in the refuse file). My question is : will this be done automatically last time I cvsup - or do I have to do smthg special ? Thanks for your answers. «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Using unix mail with maildir format
Hello, Does anyone know if there is a way to read mail with unix mail program? I've been using this program since couple of years and I am quite happy with It… I can't seem to find a shortcut to have It read maildir format… Thanks. «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Using unix mail with maildir format
On 6/29/05, bsd [EMAIL PROTECTED] wrote: Does anyone know if there is a way to read mail with unix mail program? I've been using this program since couple of years and I am quite happy with It… I can't seem to find a shortcut to have It read maildir format… The program maildir2mbox (part of qmail), can convert a Maildir into mbox format. See http://qmail.bzimage.dk/man/man1/maildir2mbox.html. There is also a short shell script called qail which runs maildir2mbox and then mail. =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Pthread Problem building clamav-0.86.1
Nope, The simple answer is to compile clamav with the disable-pthreads option. Modify the configure args of the Makefile using these attributes : CONFIGURE_ARGS= --with-dbdir=${DBDIR} \ --with-zlib=/usr \ --disable-zlib-vcheck \ --disable-clamuko \ --disable-clamav \ --enable-bigstack \ --disable-gethostbyname_r \ --enable-readdir_r \ --disable-dependency-tracking \ --disable-pthreads It'll compile smoothly. Thanks to Matt Fretwell from clamav Mailing List // Le 26 juin 05 à 21:43, Craig Kleski a écrit : On Sunday 26 June 2005 09:45 pm, bsd wrote: Hello, I have built on my test machine the latest version of clamav and I am facing a pthread build problem. My system is FreeBSD 5.2.1 // I ain't no C programmer (unfortunately) so any help will be welcome. Another question is how can I get back to the previous version that was installed (and working) on the system ? Sincerly yours; === Building for clamav-0.86.1 make all-recursive Making all in libclamav Making all in clamscan /bin/sh /usr/local/bin/libtool15 --mode=link cc -O -pipe - mcpu=pentiumpro -L/usr/local/lib -lc_r -lldap -o clamscan output.o getopt.o memory.o cfgparser.o misc.o clamscan.o options.o others.o manager.o treewalk.o ../libclamav/libclamav.la cc -O -pipe -mcpu=pentiumpro -o .libs/clamscan output.o getopt.o memory.o cfgparser.o misc.o clamscan.o options.o others.o manager.o treewalk.o -L/usr/local/lib ../libclamav/.libs/libclamav.so -lldap - lbz2 -lgmp -lcurl -lssl -lcrypto -lz -Wl,--rpath -Wl,/usr/local/lib ../libclamav/.libs/libclamav.so: undefined reference to `pthread_cleanup_pop' ../libclamav/.libs/libclamav.so: undefined reference to `pthread_create' ../libclamav/.libs/libclamav.so: undefined reference to `pthread_cleanup_push' ../libclamav/.libs/libclamav.so: undefined reference to `pthread_join' *** Error code 1 Stop in /usr/ports/security/clamav/work/clamav-0.86.1/clamscan. *** Error code 1 Stop in /usr/ports/security/clamav/work/clamav-0.86.1. *** Error code 1 Stop in /usr/ports/security/clamav/work/clamav-0.86.1. *** Error code 1 Stop in /usr/ports/security/clamav. *** Error code 1 Stop in /usr/ports/security/clamav. «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Possible solution: alter the Makefile LDFLAGS by adding -lpthread Then try the build again. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Pthread Problem building clamav-0.86.1
Hello, I have built on my test machine the latest version of clamav and I am facing a pthread build problem. My system is FreeBSD 5.2.1 // I ain't no C programmer (unfortunately) so any help will be welcome. Another question is how can I get back to the previous version that was installed (and working) on the system ? Sincerly yours; === Building for clamav-0.86.1 make all-recursive Making all in libclamav Making all in clamscan /bin/sh /usr/local/bin/libtool15 --mode=link cc -O -pipe - mcpu=pentiumpro -L/usr/local/lib -lc_r -lldap -o clamscan output.o getopt.o memory.o cfgparser.o misc.o clamscan.o options.o others.o manager.o treewalk.o ../libclamav/libclamav.la cc -O -pipe -mcpu=pentiumpro -o .libs/clamscan output.o getopt.o memory.o cfgparser.o misc.o clamscan.o options.o others.o manager.o treewalk.o -L/usr/local/lib ../libclamav/.libs/libclamav.so -lldap - lbz2 -lgmp -lcurl -lssl -lcrypto -lz -Wl,--rpath -Wl,/usr/local/lib ../libclamav/.libs/libclamav.so: undefined reference to `pthread_cleanup_pop' ../libclamav/.libs/libclamav.so: undefined reference to `pthread_create' ../libclamav/.libs/libclamav.so: undefined reference to `pthread_cleanup_push' ../libclamav/.libs/libclamav.so: undefined reference to `pthread_join' *** Error code 1 Stop in /usr/ports/security/clamav/work/clamav-0.86.1/clamscan. *** Error code 1 Stop in /usr/ports/security/clamav/work/clamav-0.86.1. *** Error code 1 Stop in /usr/ports/security/clamav/work/clamav-0.86.1. *** Error code 1 Stop in /usr/ports/security/clamav. *** Error code 1 Stop in /usr/ports/security/clamav. «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RELENG_5_3 // RELENG_5_3_RELEASE
Hi, I have configured my new BSD server with a RELENG_5_3 tag in the cvs- supfile and I was wondering if I took the right track to update my system. So far I have only compiled and installed the updated ports that I need (in /usr/ports). Since I have switched to the 5_3 instead of 5_3_RELEASE, do I have to do more updates for my system. I guess that the patched software that have been released since the 5_3_RELEASE are included in the 5_3 and that I have to install them somehow. So my question is how ? I guess that this is happening in /usr/src and that I have to make something… Have you got a specific pointer of the steps I have to take to update It properly. Do you think this is a good idea to stick to 5_3 instead of 5_3_RELEASE for a production system (mail server) ? Thanks for your advices. «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
de-660 D-Link
Hello folks, I'm trying to load FreeBSD onto an old laptop that uses a pcmcia D-Link DE-660+ card. The install doesn't seem to recognize it. Is this card supported, or is there a special trick I'm missing here? Any way of getting this to work? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: installing big qmail server ... where to start?
See http://www.lifewithqmail.org/ldap/ Maybe you could ask on the qmail-ldap mailing list ;) =adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Updating from 5_2_1 to 5_3
Hi, I want to upgrade my system from RELENG_5_2_1_RELEASE to RELENG_5_3_RELEASE I am using cvsup with this cvs-supfile # Utilise le mirroir francais *default host=cvsup5.fr.FreeBSD.org # Ne pas changer *default base=/usr/local/etc/cvsup *default prefix=/usr # Numero de version de FreeBSD *default tag=RELENG_5_2_1_RELEASE # Ne pas changer *default release=cvs delete use-rel-suffix compress # Met a jour src ports et docs src-all ports-all tag=. doc-all tag=. From what I have understand the steps that I must take to upgrade properly will be : 1. Change the cvs-supfile to : *default release=RELENG_5_3_RELEASE 2. Run cvsup : /usr/local/bin/cvsup -L1 -h cvsup5.fr.FreeBSD.org /root/cvs-supfile 3. cd to /usr/src 4. # make -j4 buildworld 5. # make build kernel 6. # make installkernel 7. # boot -s (optional, please confirm) 8. # mergmaster -p 9. # make install world 10. # mergmaster 11. # shutdown -r now Are these steps ok ? Do I have to upgrade or clean my /usr/ports - knowing that it is updated twice a week on the 5_2_1_RELEASE ? If so, how ? Any pointer beside the Handbook ? Thanks for your support. __ «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ¯¯ Grégory Bernard 11, rue de la Tour Directeur 75116 Paris France www.ToDoo.biz tel : +(33) 1 40 26 43 14 __ «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ¯¯ PGP ID -- 0x1BA3C2FD All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use hammer. -- IBM maintenance manual, 1975 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Qpopper SSL TLS problem
Le 27 avr. 05, 14:53, Lowell Gilbert a crit : Any idea ?? Do you know any other POP server that supports SSL / TLS ? If it's hanging during the *transmission* of mail, then that would be a problem with your MTA (sendmail?), not qpopper, right? What are the actual symptoms of this hang? Messages start to be delivered and then things are hanging and disconnected on the client. Server reports : Apr 27 11:44:23 newmail qpopper[20829]: (v4.0.5) TLSv1/SSLv3 handshake with client at IP_ADDR (IP_ADDR); new session-id; cipher: RC4-SHA (RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1), 128 bits Apr 27 11:44:23 newmail qpopper[20829]: (null) at IP_ADDR (IP_ADDR): -ERR POP EOF or I/O Error Apr 27 11:44:23 newmail qpopper[20829]: (v4.0.5) Timing for @IP_ADDR (error) auth=0 init=0 clean=0 On the Qpopper website they are stating on the FAQ: I see errors such as POP EOF, SIGHUP or SIGPIPE flagged, or POP hangup. Generally, this is because a client has disconnected without sending QUIT. This can be the result of telephone modem problems, which are more likely to occur when downloading large messages. It could also be caused by too-small timeout values in some clients. If you are using Qpopper 4.0 or later and your network is very congested, the aggregating of small packets into one large one can acerbate the situation. In this case you can use the --enable-chunky-writes=1 flag with ./configure, or use set chunky-writes = tls in a configuration file. My network is not congested. I don't use a phoneline, I have enabled the option set chunky-writes = tls as I am using TLS What does the error message POP EOF or I/O error mean? EOF or I/O error almost always means EOF. That is, the network connection with the client dropped unexpectedly. At the point where this message is issued, Qpopper no longer knows if it was an EOF or an actual I/O error, and so it reports the error number just in case it really is an I/O error (which it almost never is). When it is just an EOF, the associated error is meaningless. Where do you think this is coming from ? __ Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz __ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: illegal user root user failed login attempts
On 4/26/05, Peter Kropholler [EMAIL PROTECTED] wrote: I run a server at home on port 22. There are loads of illegal user attempts to login every few days. As its at home I protect myself by having only one user on the sshd AllowUsers list and with a very strong password and no admin/sysman priveleges. So essentially every failed login attempt is illegal. Is there any way to actually record what passwords the hackers' scripts are trying? I am just really intrigued to know what they are thinking might work. I realize that it's not normally appropriate to log people's passwords but in my case I am literally the only user who will ever legitimately login to my machine __ Moving your ssh port away from port 22 seems to stop these attempts. These logons seem to come from cracked Linux boxes. This issue has been discussed quite a lot on this list. For a non-list discussion, see http://www.freebsdforums.org/forums/showthread.php?s=threadid=27683 =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Qpopper SSL TLS problem
Hello, I have a weired problem with Qpopper FBSD 5.3. I am using the latest version compiled using the port tree. with one or two options : CONFIGURE_ARGS= --enable-nonauth-file=${POPUSERS_FILE} \ --without-gdbm \ --enable-keep-temp-drop \ --disable-update-abort \ --enable-bulletins=/var/spool/bulls \ --enable-log-login \ --enable-new-bulls=3 \ --enable-shy \ --enable-timing \ --enable-log-facility=LOG_MAIL \ --with-openssl=/usr/bin/openssl \ --with-pam=pop3 I am also using this compile time option : bsd# make WITHOUT_IPV6=yes WITHOUT_APOP=yes bsd# make install WITHOUT_APOP=yes bsd# make clean I was using this program since couple of months without any problem. But since couple of weeks, I have weired problems with my maling list account. I have configured four accounts : - Three are ok (the one on which I receive a small amount of large mail) - One is causing serious problem (hanging during the transmission of my mail). This account is used for my mailing list, so I have a lot of small size mail. Any idea ?? Do you know any other POP server that supports SSL / TLS ? Thanks for your support. __ «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ¯¯ Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz __ «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ¯¯ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Cluster on freeBSD 5.3
Hello, One of my clients want a high performance computer with a high level of redundancy. I was thinking of two solutions : ### 1. Installing 2 high perf computers : ### This will involve buying 2 servers with the same level of disks, hardware RAID array, and software. Regarding FreeBSD, I would install the software I need and sync the /etc and other vital soft using rsync. # 2. Installing a high perf cluster : # There is a question regarding how to setup this cluster with a redundancy on every part of the system (hardware + software). Has someone already been producing a high level cluster with FreeBSD ? What hardware have you been using ? What are the problems you are facing ? Any pointer ? --- The second question will be which of the two system will you use ? Thanks for your answers. __ «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ¯¯ Grégory Bernard 11, rue de la Tour Directeur 75116 Paris France www.ToDoo.biz tel : +(33) 1 40 26 43 14 __ «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ¯¯ PGP ID -- 0x1BA3C2FD All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use hammer. -- IBM maintenance manual, 1975 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Rép : Cluster on freeBSD 5.3
Le 21 avr. 05, à 19:36, Andrea Venturoli a écrit : BSD wrote: Hello, One of my clients want a high performance computer with a high level of redundancy. One big question to start with: what kind of servers? Or, what kind of services will they need to provide? bye av. - DNS (BIND) - Mail (Postfix) - LDAP Client - Mailing List (Sympa) - NTPD - WebMin - POP3 - POP3s Thanks __ «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ¯¯ Grégory Bernard 11, rue de la Tour Directeur 75116 Paris France www.ToDoo.biz tel : +(33) 1 40 26 43 14 __ «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ¯¯ PGP ID -- 0x1BA3C2FD All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use hammer. -- IBM maintenance manual, 1975 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Enabling Gratuitous ARP
On 4/14/05, Adam Smith [EMAIL PROTECTED] wrote: Hi, In a particular network scenario we have, swapping an ethernet link between two FreeBSD machines using the same IP and a different MAC is proving to be a problem. We have discovered that in order to make this work we will need to enable gratuitous ARP. Does anyone know how to turn this feature on? http://openbsd.org/faq/faq6.html#CARP and http://www.freebsd.org/cgi/man.cgi?query=carpapropos=0sektion=0manpath=FreeBSD+6.0-currentformat=html It looks like carp is available in FBSD 5.4 =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
mailing list
mailing list ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf synproxy and fragments
On Apr 2, 2005 12:18 AM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I'm running 5.3 stable. I've recently switched from ipfilter to pf to take advantage of the traffic shaping, and I've run into something I don't understand. I read the documentation on the synproxy option and it sounded good to me, so I replaced my keep state rules with synproxy state. After doing this, I noticed that my filesharing programs stopped downloading. I switched back to keep state for the rules that handled my filesharing traffic and the problem went away. Today my brother called and told me that he couldn't get to my website anymore because his firewall said that my http service was sending a fragment attack. I replaced synproxy state with keep state for the rules pertaining to httpd and the problem went away. Specifically, the http traffic rule was (formatted): pass in quick on $ext_if proto tcp from any to any port 80 flags S/SAFR synproxy state queue(http_out,ack_out) Having tried a few other firewalls in the past, I know that some of them don't like fragmented packets at all. This week's events make me believe that pf's synproxy option is causing my server to send out fragments, and those fragments aren't well-received. Is this normal with synproxy? Am I misusing synproxy? Is this just a coincidence? In http://archives.neohapsis.com/archives/openbsd/2005-03/2760.html somebody reported a similar problem. Maybe you could try his solution by leaving out flags S/SAFR =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: possible bug report re: (malformed?) internet addresses
On Thu, 31 Mar 2005 05:45:37 -0400, fredthetree [EMAIL PROTECTED] wrote: Almost forgot. $ uname -a FreeBSD computer 5.4-PRERELEASE FreeBSD 5.4-PRERELEASE #0: Tue Mar 1 05:39:33 AST 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/MACHINE i386 (I haven't cvsup'd and re-built in a little while.. maybe one of you who have could verify the problem still exists..) -dan On Thu, 31 Mar 2005 05:43:12 -0400, fredthetree [EMAIL PROTECTED] wrote: $ ping mr-chips-.deviantart.com ping: cannot resolve mr-chips-.deviantart.com: Unknown server error $ ping etc-etc-etc.deviantart.com PING etc-etc-etc.deviantart.com (69.28.181.43): 56 data bytes 64 bytes from 69.28.181.43: icmp_seq=0 ttl=50 time=108.127 ms At first it may seem logical to point the blame to the server, after noting Unknown server error, however, I am perfectly able to connect to this address on a Windows machine. The problem is reproducible with any address which has a - before a . I am not sure where the problem lies, it is obviously not just within 'ping,' as I first noticed this problem within firefox/mozilla. No problem on FreeBSD plato.utp.xnet 5.3-STABLE-20050116-JPSNAP FreeBSD 5.3-STABLE-20050116-JPSNAP #0: Sun Jan 16 01:31:07 UTC 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 consulting a local dnscache, part of djbdns, nameserver running under OpenBSD dig mr-chips-.deviantart.com ; DiG 9.2.3 mr-chips-.deviantart.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 27024 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mr-chips-.deviantart.com. IN A ;; ANSWER SECTION: mr-chips-.deviantart.com. 86400 IN A 69.28.181.43 ;; Query time: 293 msec ;; SERVER: 192.168.222.10#53(192.168.222.10) ;; WHEN: Thu Mar 31 23:08:23 2005 ;; MSG SIZE rcvd: 58 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ppp problems with routing
On Mon, 28 Mar 2005 19:13:47 -0500, PS [EMAIL PROTECTED] wrote: Hello I use freeBSD 4.11 with pppoe. I used almost default ppp.conf (as in freebsd handbook) for dynamic ip. my config is here http://block111.servehttp.com/ppp.conf Twice a day I restart ppp from cron with `killall -INT ppp` and if the new connection default gateway is different then the old default route isn't removed, e.g. after ppp restart I have this: ifconfig - ... inet 66.11.172.181 -- 66.11.165.1 netmask 0x inet 66.11.180.20 -- 66.11.190.1 netmask 0x before I had inet 66.11.172.181 -- 66.11.165.1 netmask 0x only, but after I sent INT to ppp the new ip has a different dafault gateway and the old one isn't removed. Should the old default route/ip be removed or not? In my case the old ip becomes invalid. Thank you ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Have you tried: add! default HISADDR Note the exclamation mark ! after the add. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Need find binary
-- On one of my web sites, that used to run Solaris 2.7 OS, I had a functional cron script, mirroring a Solaris Server at home. The web site was moved to a BSD Server, without access to many binaries like find. Can anyone tell me WHERE I can grab this one binary off a BSD system to ftp to the new server? Without it, my web server is reaching excessive disk quota and I cannot find the offending files. Please reply to freebsd-questions or directly to me at [EMAIL PROTECTED] Thanks in advance - Need find binary for FREE BSD 4.9 - REL p11 Need to place this command on a remote server for a cron script to function. Please reply to [EMAIL PROTECTED] (Alan) Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
find command
Need find binary for FREE BSD 4.9 - REL p11 Need to place this command on a remote server for a cron script to function. Please reply to [EMAIL PROTECTED] (Alan) Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
To Jail behind NAT or not.
Greetings all, I have the following topology: Internet - Gateway - DMZ | LAN I'm using PF to redirect traffic to the DMZ machine which carries the following: bind9;postfix;dovecot(imaps,pop3s),openwebmail;apache13;isc dhcp;sfs,ftps I have ssl certs for services such as mail/web/ftp. The gateway machine has 3 NICs and doesn't have any service enabled on its external interface nor internal. Remote access is denied to the gateway only console access allowed. It only forwards traffic to the inside DMZ. Also my LAN is on a different subnet from the DMZ. If all my services are behind that NAT box is it premature or too much paranoid to have multiple jails one for postfix another for apache and so on..on the DMZ machine that is hosting all these services ? Or can I say that I'm protected to a good extent that jail won't give me any additional protection because services are behind NAT ? I use SSH keys to access anymachin on my network, and I have OTP configured if I needed access from outside my network for college. Thanks for the insight. -- Regards, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Postfix Chroot.
Greetings, I recently installed Postfix under FreeBSD 5_3 It's running fine without any problem. I followed the steps in the documentation on how to chroot postfix under FreeBSD. My sockstat(1) shows this though: root master 666 11 tcp4 127.0.0.1:25 *:* root master 666 12 tcp4 10.0.1.4:25 *:* Everything running under a different group except master it is still running as root. How can I fix that ? Also I need a way to verify that Postfix is actually running chrooted. I know I edited the master file and chroot y everything except: proxymap, local and virtual according to the docs they can't be chrooted. Any tips will be helpful. Otherwise I will be forced to configure a jail and run Postfix under it. -- Regards, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Strange operator messages
Since yesterday I have strange messages issued by operator !! Message 26: From [EMAIL PROTECTED] Fri Mar 4 23:00:00 2005 X-Original-To: operator Delivered-To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] (Cron Daemon) To: [EMAIL PROTECTED] Subject: Cron [EMAIL PROTECTED] /usr/libexec/save-entropy X-Cron-Env: SHELL=/bin/sh X-Cron-Env: PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin X-Cron-Env: HOME=/ X-Cron-Env: LOGNAME=operator X-Cron-Env: USER=operator Date: Fri, 4 Mar 2005 23:00:00 +0100 (CET) This: not found The only thing that I have done recently was manipulating the ethernet interfaces (adding and removing a virtual interface ??) What's that all about ? __ Grgory Bernard 11, rue de la Tour Directeur 75116 Paris France www.ToDoo.biz tel : +(33) 1 40 26 43 14 __ PGP ID -- 0x1BA3C2FD All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use hammer. -- IBM maintenance manual, 1975 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [repost] ip.forwarding with pf
On Thu, 03 Mar 2005 06:30:52 -0600, J.D. Bronson [EMAIL PROTECTED] wrote: No one replied to this and I thought it was easy for someone on this list to help me? I am going to run pf and setup FBSD as a router (3 NICs). And I see there are some options: net.inet.ip.fastforwarding or net.inet.ip.forwarding Can someone tell me which is appropriate when FreeBSD 5.4-PRE is used as a router running pf with built in NAT ? And what is the difference on these 2 options? -- I don't know the difference, but here is a report of WinXP clients having problems with net.inet.ip.fastforwarding: http://www.freebsdforums.org/forums/showthread.php?s=threadid=29094 =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Change MAC address of LAN card in rc.conf. How?
On Sun, 27 Feb 2005 05:54:49 -0800 (PST), Rob [EMAIL PROTECTED] wrote: Hi, I'm running 5.3 STABLE. I need to change the MAC address of my PC. I know it can be done like this: ifconfig rl0 ether 11:22:33:44:55:66 So I guessed I could make life a little easier by adding this in my /etc/rc.conf file as: ifconfig_rl0=inet 192.168.123.2 netmask 255.255.255.0 ether 11:22:33:44:55:66 However, this does not seem to work. No IP address is assigned to the LAN card after bootup. Apparently something is wrong here. Any idea how I can do this at bootup? echo 'ifconfig rl0 ether 11:22:33:44:55:66' /etc/start_if.rl0 =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
JDK15 and JDK14 for Firefox and OpenOffice.
Greetings, I've installed /usr/ports/java/jdk15 then installed /usr/ports/www/firefox I'm not really sure why Firefox didn't detect that I have JDK15 installed. Also Later I'm going to install OpenOffice. In OO website http://porting.openoffice.org/freebsd/ seems they want to have JDK14. My question is the following: 1. If for some reason OpenOffice can't use JDK15 and it needs JDK14 can I still keep JDK15 installed or that would cause a conflict ? 2. What am I missing with Firefox ? If JDK15 doesn't work with Firefox I wil install JKD14, although I thought it should work and be detected by the browser. Do I have to do any linking or specifying a path for the plugin ? If so please elaborate. Thanks in advance. -- Regards, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: need help watching mpeg movies from archive.org
On Sun, 27 Feb 2005 23:14:10 -0500 bsdnooby [EMAIL PROTECTED] wrote: [...] http://www.archive.org/movies/details-db.php?collection=prelingercollectionid=19296 I downloaded every version of it, and haven't been able to watch any of them. I tried some other movies, with the same results. Basically, I get the sound along with a blue video. [...] The mpeg4, which mplayer identified as a QuickTime movie, played the video aspect of it just fine, but failed to play any sound. The mpeg1, mplayer identified as the following: MPEG-PS file format detected. VIDEO: MPEG1 352x240 (aspect 12) 29.970 fps 1150.0 kbps (143.8 kbyte/s) This played just fine, both sound and video, and I stopped there. Did you install mplayer from ports? If you're on i386, did the port also install the win32 codecs? Not sure if the latter makes any difference though. Otherwise, I'm not sure what to suggest. - John. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Transfering from SCSI to IDE ?
On Wed, 23 Feb 2005 18:12:29 + (GMT), ali boreiri [EMAIL PROTECTED] wrote: Dear Sir : I have a FreeBSD system with a squid cache installed on it on my 17 GB SCSI drive. Recently I get an image of it by Norton GHOST on a 80GB IDE drive. Transferring was successful but when system on new IDE disk booted , after pimary freeBSD boot menu boot proccess continued till an error occured in mounting file system and disk; and then system ask me to mount root and a mount prompt appeared. Messages appears on screen are as below: Mounting root from ufs:/dev/da0s1a setrootbyname failed ffs_mountroot: can't find rootvp Rootmount failed:6 mount root mount root ? List of GEOMD Managed disk devices: ad1s1f ad1s1e ad1s1d ad1s1c ad1s1b ad1s1a ad1s1 acd0 ad1 fd0 Now please tell me what must I do ;and refer me to a compelete step by step guide in mounting partition of this IDE disk (which the image of a SCSI disk is on it.)and no change perform to partitions for properly working of squid cache. Thank you : Dr.A.Boreiri Maybe you should forget about the Ghost shortcut, and not ignore 30 years of Unix backup history ;) Use dump to make a backup of your SCSI disk. Do a minimal FBSD install on your IDE disk, using a similar partition and disklabel scheme as the FBSD install on the SCSI disk. Now use restore to transfer the backups to the IDE disk. Please note that dump and restore work on complete filesystems. =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: djbdns question
On Wed, 23 Feb 2005 14:45:16 -0600, Darryl Hoar [EMAIL PROTECTED] wrote: Greetings, I setup djbdns on a freebsd server attached to my internal network. It answers for the local machine on the domain for my internal while forwarding all others to our ISP for resolution. I set this up a 2 years ago and haven't needed to do a thing other than to add/remove machines. Well, now I need to change the domain name from osborneindustries.com to osborneinternal.com. Unfortunately, I haven't found any documentation that takes you through the changes to convert and already running tinydns/dnscache setup from one domain name to a different one. Anybody have any pointers here ? Change directory to the tinydns data directory (cd /service/tinydns/root) , edit your tinydns data file. Editing can be done in one sweep with # mv data data.old # sed -e 's/osborneindustries.com/osborneinternal.com/g' data.old data Now run make to generate a new data.cdb file from the edited data file. Tinydns will notice the change, no need to start/stop or give a -HUP to tinydns. The only other thing left is to tell dnscache about the change. # cd /service/dnscache/root/servers You will see a file called osborneindustries.com The contents of that file is the IP address of your tinydns server. Rename this file with mv to osborneinternal.com =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: djbdns question
On Thu, 24 Feb 2005 22:18:01 +0100, J65nko BSD [EMAIL PROTECTED] wrote: On Wed, 23 Feb 2005 14:45:16 -0600, Darryl Hoar [EMAIL PROTECTED] wrote: Greetings, I setup djbdns on a freebsd server attached to my internal network. It answers for the local machine on the domain for my internal while forwarding all others to our ISP for resolution. I set this up a 2 years ago and haven't needed to do a thing other than to add/remove machines. Well, now I need to change the domain name from osborneindustries.com to osborneinternal.com. Unfortunately, I haven't found any documentation that takes you through the changes to convert and already running tinydns/dnscache setup from one domain name to a different one. Anybody have any pointers here ? Change directory to the tinydns data directory (cd /service/tinydns/root) , edit your tinydns data file. Editing can be done in one sweep with # mv data data.old # sed -e 's/osborneindustries.com/osborneinternal.com/g' data.old data Now run make to generate a new data.cdb file from the edited data file. Tinydns will notice the change, no need to start/stop or give a -HUP to tinydns. The only other thing left is to tell dnscache about the change. # cd /service/dnscache/root/servers You will see a file called osborneindustries.com The contents of that file is the IP address of your tinydns server. Rename this file with mv to osborneinternal.com I forget to mention that a restart of dnscache is needed # svc -t /service/dnscache At http://www.freebsdforums.org/forums/showthread.php?s=threadid=25244 you can find a comfortable dnscachectl script to start/stop and many other things with dnscache. =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Partial web page loading
It could have something to do with an incorrect MTU size. This can cause partial loading of webpages. See http://www.cisco.com/warp/public/794/router_mtu.html Adriaan On Sun, 20 Feb 2005 12:46:09 -0800, Scott Stevenson [EMAIL PROTECTED] wrote: I'm a relatively new user of FreeBSD (5.3 release), and have encountered a problem that I haven't seen on other platforms. The details and a screenshot are outlined here: http://theocacao.com/document.page/82 Essentially, web content (text and images alike, it seems) occasionally fails to load in entirety. I personally haven't be able to recreate this yet, but a few people have sent me emails about it. I didn't hear anything about this prior to switching to FreeBSD. This is the exact same content I had running on a Red Hat-based machine running the same version of Apache. I've done a lot of googling and looking through mailing list archives, but haven't been able to identify any real leads yet. Syslog doesn't suggest anything is amiss. My environment is: FreeBSD 5.3-Release Apache 2.0.50 PHP 5.0.2 BIND 9.3.0 Both Apache and PHP were built from ports. I realize Apache is a few versions behind, and I'm going to upgrade it. Looking at the changelog, though, I can't seem to find anything that would pertain to this. Any ideas? Thanks, - Scott -- http://treehouseideas.com/ http://theocacao.com/ [blog] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring PF
On Sun, 20 Feb 2005 11:42:41 -0700, Pat Maddox [EMAIL PROTECTED] I'd still like to find a good example config file that works well for a web server. I posted an easy to adapt config file 3 days ago, haven't you seen it? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring PF
On Fri, 18 Feb 2005 00:28:30 -0700, Pat Maddox [EMAIL PROTECTED] wrote: Can you guys let me know if this looks like a good conf file? I've got web, mail, ftp, ssh, and DNS that I need to have open. # Macros ext_if=fxp0 SYN_ONLY=S/FSRA tcp_services = { 21, 22, 25, 53, 80, 143 } icmp_types = echoreq # Default deny block all ## Filtering rules # Default TCP policy block return-rst in log on $ext_if proto TCP all This block rule is not needed, You alreadt have a default deny policy pass in log quick on $ext_if proto TCP from any to $ext_if port $tcp_services flags $SYN_ONLY keep state # Default UDP policy block in log on $ext_if proto udp all This block rule is not needed, You alreadt have a default deny policy pass in log quick on $ext_if proto UDP from any to $ext_if port 53 keep state # Default ICMP policy block in log on $ext_if proto icmp all This block rule is not needed, You already have a default deny policy pass in inet proto icmp all icmp-type echoreq keep state block out log on $ext_if all This block rule is not needed, You alreadt have a default deny policy pass out log quick on $ext_if from $ext_if to any keep state # Allow the local interface to talk unrestricted pass in quick on lo0 all pass out quick on lo0 all On Fri, 18 Feb 2005 03:17:30 +0100, J65nko BSD [EMAIL PROTECTED] wrote: On Wed, 16 Feb 2005 19:18:17 -0700, Pat Maddox [EMAIL PROTECTED] wrote: I've managed to come up with something that works so far. I am having two problems though. The first is that I can't authenticate for IMAP anymore. No clue why, it just keeps rejecting my password. maillog shows imapd: LOGIN FAILED, that's it. Also, after enabling pf, all my UDP ports show as open. I've got a ruleset of block in log on $ext_if proto udp all So all UDP ports should be shown as closed. Doesn't really make any sense to me. Anyone care to help? Thanks for the help so far. Pat Start with a default policy to block and log all traffic # --- default policy block log from any to any Now you only have to open ports to let traffic in. If you don't know which port to open for a certain protocol, you can run tcpdump -eni pfl0g. tcpdump will show which rule blocked, and on which port address combination. How about this? # --- pf.conf skeleton for server # j65nko freebsdforums.org # # --- MACRO Section - EXT_IF=fxp0 PING = echoreq # --- allowed incoming services initiated by clients TCP_IN = { ssh, smtp, pop3, imap, http, https } #UDP_IN = { domain } # --- allowed services initiated by server TCP_OUT = { smtp } UDP_OUT = { domain } # -- TABLE Section -- # -- OPTIONS Section set loginterface $EXT_IF # - TRAFFIC NORMALIZATION scrub in all # -- TRANSLATION Section (NAT/RDR) # -- FILTER section # --- DEFAULT POLICY block log all # --- LOOPBACK pass quick on lo0 all # === INCOMING # --- EXTERNAL INTERFACE # --- TCP pass in quick on $EXT_IF inet proto tcp from any to $EXT_IF port $TCP_IN flags S/SA keep state # --- UDP #pass in quick on $EXT_IF inet proto udp from any to $EXT_IF port $UDP_IN keep state # --- ICMP #pass in quick on $EXT_IF inet proto icmp from any to $EXT_IF icmp-type $PING keep state # === OUTGOING # --- EXTERNAL INTERFACE # --- TCP pass out quick on $EXT_IF inet proto tcp from $EXT_IF to any port $TCP_OUT flags S/SA keep state # --- UDP pass out quick on $EXT_IF inet proto udp from $EXT_IF to any port $UDP_OUT keep state # --- ICMP pass out quick on $EXT_IF inet proto icmp from $EXT_IF to any icmp-type $PING keep state # - end of pr.conf =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Deinstalling perl module installed using CPAN
Hi all, How to deinstall a perl module (bsdpan-MailTools-1.64) that has been installed using CPAN ? I would like to deinstall that module manually and then reinstall It from the port tree. The reason why is that everytime I try ton deinstall a port I have these nasty messages : ns2# pkg_deinstall qt --- Deinstalling 'qt-3.3.3_3' pkg_delete: package 'qt-3.3.3_3' is required by these other packages and may not be deinstalled: arts-1.3.2,1 qca-tls-1.0_1 sdl-1.2.8,2 ** Listing the failed packages (*:skipped / !:failed) ! qt-3.3.3_3(pkg_delete failed) --- Packages processed: 0 done, 0 ignored, 0 skipped and 1 failed ns2# pkg_deinstall sdl-1.2.8,2 --- Deinstalling 'sdl-1.2.8,2' pkg_delete: package bsdpan-MailTools-1.64 has no origin recorded pkg_delete: package bsdpan-MailTools-1.64 has no origin recorded pkg_delete: package bsdpan-MailTools-1.64 has no origin recorded pkg_delete: package bsdpan-MailTools-1.64 has no origin recorded pkg_delete: package bsdpan-MailTools-1.64 has no origin recorded pkg_delete: package bsdpan-MailTools-1.64 has no origin recorded pkg_delete: package bsdpan-MailTools-1.64 has no origin recorded pkg_delete: package bsdpan-MailTools-1.64 has no origin recorded pkg_delete: package bsdpan-MailTools-1.64 has no origin recorded pkg_delete: package bsdpan-MailTools-1.64 has no origin recorded pkg_delete: package bsdpan-MailTools-1.64 has no origin recorded pkg_delete: package bsdpan-MailTools-1.64 has no origin recorded pkg_delete: package bsdpan-MailTools-1.64 has no origin recorded pkg_delete: package bsdpan-MailTools-1.64 has no origin recorded pkg_delete: package bsdpan-MailTools-1.64 has no origin recorded pkg_delete: package bsdpan-MailTools-1.64 has no origin recorded pkg_delete: package bsdpan-MailTools-1.64 has no origin recorded [Updating the pkgdb format:bdb1_btree in /var/db/pkg ... - 190 packages found (-1 +0) (...) done] This is getting on my nerves and I would like to clean this and install It the proper way (the BSD one !). Sincerly yours; __ «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ¯¯ Gregober --- PGP ID -- 0x1BA3C2FD omni_osx_ml @at@ todoo.biz __ «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ¯¯ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Removing old perl version from system
Hello again ! I have all these version of perl installed on my system (FreeBSD 5.2.1) : 5.6.1 5.6.2 5.8.5 5.8.6 I would like to get rid of the old versions and only keep 5.8.6 how do I have to do that ?? The reason why I would like to do that is that when I upgrade the port tree I found that modules sometimes get confused and switch to the old 5.6.1 module !! What are the pros and cons of doing such an uninstall ?? Thanks for your answers. __ «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ¯¯ Gregober --- PGP ID -- 0x1BA3C2FD omni_osx_ml @at@ todoo.biz __ «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ¯¯ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring PF
On Wed, 16 Feb 2005 19:18:17 -0700, Pat Maddox [EMAIL PROTECTED] wrote: I've managed to come up with something that works so far. I am having two problems though. The first is that I can't authenticate for IMAP anymore. No clue why, it just keeps rejecting my password. maillog shows imapd: LOGIN FAILED, that's it. Also, after enabling pf, all my UDP ports show as open. I've got a ruleset of block in log on $ext_if proto udp all So all UDP ports should be shown as closed. Doesn't really make any sense to me. Anyone care to help? Thanks for the help so far. Pat Start with a default policy to block and log all traffic # --- default policy block log from any to any Now you only have to open ports to let traffic in. If you don't know which port to open for a certain protocol, you can run tcpdump -eni pfl0g. tcpdump will show which rule blocked, and on which port address combination. =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Broken shell - I can't login at all
On Tue, 15 Feb 2005 14:34:46 +0100, Ruben de Groot [EMAIL PROTECTED] wrote: Hi, On Mon, Feb 14, 2005 at 08:57:28PM -0800, Jeff BSD typed: Hi- I'm in the process of upgrading a 4.6 system to 5.3. When I boot the machine it gets to: How are you doing the upgrade? There are some specific steps about upgrading from 4.x to 5.x all the way down in /usr/src/UPGRADING. Also, I believe only upgrades from 4-STABLE are supported, so since 4.6 is pretty old, you probably should upgrade in 2 steps: 4.6 - 4-STABLE followed by 4-STABLE - 5.3 (This counts for source upgrades, not binary upgrades) init: bin/sh on /etc/rc terminated abnormally, going to single user mode Enter root password, or ^D to go multi-user Password: I enter the password, then: Enter full pathname of shell of RETURN for /bin/sh: pid # (sh), uid 0: exited on signal 12 init: bin/sh on /etc/rc terminated abnormally, going to single user mode Enter root password, or ^D to go multi-user Password: Round and round I go. Sounds like I broke /bin/sh to me. I've messed around in safe mode but I can't see how I can use it to possibly fix my problem, assuming I did do anything to /bin/sh (which I don't think I did - intentionally/directly that is). How do I fix it so I can boot it? A bit of the chicken and the egg, what? Yes, it sounds like the easiest way for you would be to boot from a 5.3 installation CD and just do a binary upgrade. The problem is you now have a mixed 4.6/5.3 system with out-of-sync binaries, libs and kernel and there really isn't much fun in trying to troubleshoot that. If you want to continue down this road, there is a chance that you can at least get a working shell by entering /rescue/sh on the above Enter full pathname of shell of RETURN for /bin/sh: prompt. From there you can use other tools from /rescue (if they were allready installed before your system got hosed) to try and finish the installworld G'luck Ruben Thanks all- Turned out I was booting the wrong kernel (new kernels are in /boot/kernel/... duh!) Took me hours to figure that one out. As always, upgrading provides a unique learning experience. Your advice was useful and appreciated however. Jeff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Postfix + Auth + SSL + pop3s/imaps
Greetings, I have a 5.3 Server. I'm planning to install Postfix. I'm planning to use the Maildir format. I'm going to generate my own SSL certificates for mail and use it for smpts/imaps/pop3s. But I'm not sure what to use for authentication. I need to have the mail users/password seperated from the system user/password. Because some users will only have mail accounts and they won't have any shell access. I read about different auth mechanism and I know for sure that Plain Login is not what I want. I need DIGEST-MD5. I'm looking for something easier than SASL to configure. On my test server I tried to configure SASL and couldn't get DIGEST-MD5 to work. Any suggestion ? Someone mentioned that I shouldn't worry about the authentication if it's Plain or Login because I'm going to use SSL and that would encrypt both Login and the data channel. I'm not sure if this is 100% true. Any idea ? Last but not least, I'm going to add on top of all that a webmail. probably Openwebmail or squirrelmail. Which one of them would work better with all what I mentioned earlier: - Auth DIGEST-MD5 - Maildir - SSL - dovecot I was checking one of squirrelmail password plugins and I read this sentence: Cyrus SASL includes a shell utility called saslpasswd for manipulating user passwords in the sasldb database. This patch attempts to use this utility to perform password manipulations required by your squirrelmail users without any administrative interaction. Unfortunately, this scheme requires that the saslpasswd utility be run as the cyrus user - a horrible security problem since we have chosen to SUID a small script which will allow this to happen. I'm pretty confused about the authentication method to use. I'm trying to run everything as secure as possible. I configured Postfix to run chrooted. and I'm going to use SSL for sure. What auth should I choose for smtp ? -- Regards, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix + Auth + SSL + pop3s/imaps
On Mon, 14 Feb 2005 11:00:57 +0100, Erik Norgaard [EMAIL PROTECTED] wrote: BSD Mail wrote: I have a 5.3 Server. I'm planning to install Postfix. I'm planning to use the Maildir format. I'm going to generate my own SSL certificates for mail and use it for smpts/imaps/pop3s. But I'm not sure what to use for authentication. I need to have the mail users/password seperated from the system user/password. Because some users will only have mail accounts and they won't have any shell access. You don't _need_ to separate them from the system password file, just give them shell /usr/sbin/nologin, set homedir to /nonexistent, they can still authenticate to fetch mail. Secondly, if users should receive mail, postfix must know about them. This is normally done by lookup in the password file. That's fine with me too. So with this method is PAM would be used for authentication ? Or I would still need SASL for smtp ? If there is a way to not use SASL at all I would like to know the available options that I have. Because I'm going to use Dovecot for pop3s and imaps, I would probably want to get rid of SASL if it's possible throughtout the entire mail suite if possible and use an easier and still secure as an auth method. I read about different auth mechanism and I know for sure that Plain Login is not what I want. I need DIGEST-MD5. I'm looking for something easier than SASL to configure. On my test server I tried to configure SASL and couldn't get DIGEST-MD5 to work. Any suggestion ? SASL isn't difficult too if you use the system password file. Just set pwcheck_method: saslauthd mech_list: plain login in /usr/local/lib/sasl2/smtpd.conf, remember to start saslauthd. Sasl supports different schemes, I have only been able to make plain work, maybe the others require use of sasldb. Someone mentioned that I shouldn't worry about the authentication if it's Plain or Login because I'm going to use SSL and that would encrypt both Login and the data channel. I'm not sure if this is 100% true. Any idea ? First, your users don't have shell access, a compromise is a compromise of their privacy not your system - ofcourse their privacy should be protected, but it makes their account less interesting. Using ssl/tls you are tunnelling clear text passwords through an encrypted connection. This protects against sniffing. So if SSL/TLS is tunneling clear text passwords and it's encrypting the connection then why would I need SASL in the first place ? Shouldn't adding user with nologin shell / nonexistent home and enabling TLS would suffice ? or I'm I missing something here? Last but not least, I'm going to add on top of all that a webmail. probably Openwebmail or squirrelmail. Which one of them would work better with all what I mentioned earlier: I use squirrelmail, don't worry too much about that, squirrelmail connects through imap, so you server must support imap. The web interface must be setup with ssl also. I think I will go with Openwebmail there is a patch to make it work with Maildir and also it does support SSL login. I was checking one of squirrelmail password plugins and I read this sentence: Cyrus SASL includes a shell utility called saslpasswd for manipulating user passwords in the sasldb database. This patch attempts to use this utility to perform password manipulations required by your squirrelmail users without any administrative interaction. Unfortunately, this scheme requires that the saslpasswd utility be run as the cyrus user - a horrible security problem since we have chosen to SUID a small script which will allow this to happen. You will always have a security concern when letting some program mess with passwords. Ofcourse this is particularly important if it messes with system password file. An alternative is to employ eg. a ldap server - same problem, but at least you get things separated. I'm pretty confused about the authentication method to use. I'm trying to run everything as secure as possible. I configured Postfix to run chrooted. and I'm going to use SSL for sure. What auth should I choose for smtp ? Ok, I have pretty much the setup you want, except that I use cyrus-imap which does not use Maildir nor Mailbox. Postfix can be setup to use saslauth, it can be configured only to accept authentication through encrypted connection using ssl. postfix supports the recommended use of start_tls to start an encrypted connection on the default port 25 instead of smtps. I thought if I want to use smtps I have to use port 465 instead of 25. I want all outgoing email to use smtps. In this case if all mail is sent via smpts would that work fine even if the second hop doesn't have smtps ? In other words, would a mail server that uses port 25 for send and receive have a problem receiving mail from my server ? I am not clear on how cyrus-imap supports this, or it's my mail
Broken shell - I can't login at all
Hi- I'm in the process of upgrading a 4.6 system to 5.3. When I boot the machine it gets to: init: bin/sh on /etc/rc terminated abnormally, going to single user mode Enter root password, or ^D to go multi-user Password: I enter the password, then: Enter full pathname of shell of RETURN for /bin/sh: pid # (sh), uid 0: exited on signal 12 init: bin/sh on /etc/rc terminated abnormally, going to single user mode Enter root password, or ^D to go multi-user Password: Round and round I go. Sounds like I broke /bin/sh to me. I've messed around in safe mode but I can't see how I can use it to possibly fix my problem, assuming I did do anything to /bin/sh (which I don't think I did - intentionally/directly that is). How do I fix it so I can boot it? A bit of the chicken and the egg, what? Jeff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Problem with mknod for /dev/random = jailed bind configuration
Hello, I've tried to configure a bind server in a chroot jail and am facing a problem with /dev/random Thaugh I've read the man mknod I have to say that this didn't help me in solving the problem. When I start named with the -g switch here are the error. 08-Feb-2005 15:18:22.551 errno2result.c:109: unexpected error: 08-Feb-2005 15:18:22.551 unable to convert errno to isc_result: 6: Device not configured 08-Feb-2005 15:18:22.551 could not open entropy source /dev/random: unexpected error 08-Feb-2005 15:18:22.551 using pre-chroot entropy source /dev/random I've used the following mknod command : mknod /var/named/dev/null c 2 2 mknod /var/named/dev/random c 2 3 and also tried : mknod random c 245 0 mknod null c 2 2 I've chmod 666 the two files and make shure they are owned by bind:bind // ?? Any help will be welcome. __ «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ¯¯ Grégory Bernard 11, rue de la Tour Directeur 75116 Paris France www.ToDoo.biz tel : +(33) 1 40 26 43 14 __ «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ¯¯ PGP ID -- 0x1BA3C2FD All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use hammer. -- IBM maintenance manual, 1975 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: keeping freebsd uptodate - doubt
On Fri, 04 Feb 2005 22:16:30 -0600, Billy Newsom [EMAIL PROTECTED] wrote: saravanan ganapathy wrote: cvsup -g -L 2 /root/ports-supfile Once you get your cvsup stuff straightened out, try this script, which I run every other day. Change the Log file if you want. This updates my sources to stable and updates the ports tree. I use two different cvsup files and commands so the two don't get confused. Don't try to use the same config file and cvsup command for the two different types of updates!! (In my experience, you're asking for trouble.) You will need to install a few ports first, but you should get the idea. If you read the output every day (or you could email it to yourself, which I may eventually do if I like it), you will see which ports need to be updated. This script will probably contiune to get better as it gets added to. Like I need to include the security audited version of ports that need updated! BEGIN CODE... mydaily.sh #!/bin/sh # # Billy borrowed stuff on 12/18/2004 from: #http://www.oreillynet.com/pub/wlg/6041?page=lastx-order=date # LOGF=/var/log/cvsup.log echo START @ `/bin/date` $LOGF #/bin/date $LOGF #use fastest_cvsup to find fastest geographically #close mirror; I'll check Canada and the US if SERVER=`/usr/local/bin/fastest_cvsup -Q -c ca,us`; then echo Using STABLE Server: $SERVER $LOGF /usr/local/bin/cvsup -L1 -h $SERVER -l /var/log/cvs-lock-s /root/stable-supfile $LOGF echo STABLE done @ `/bin/date` $LOGF else echo cvsup-STABLE has a fastest_cvsup problem on...`/bin/date` $LOGF fi if SERVER=`/usr/local/bin/fastest_cvsup -Q -c ca,us`; then echo Using PORTS Server: $SERVER $LOGF /usr/local/bin/cvsup -L0 -h $SERVER -l /var/log/cvs-lock-p /root/ports-supfile $LOGF echo PORTS done @ `/bin/date` $LOGF else echo cvsup-PORTS has a fastest_cvsup problem on...`/bin/date` $LOGF fi #-U (which takes a long time to execute) isn't needed #with the fetchindex command cd /usr/ports make fetchindex $LOGF /usr/local/sbin/portsdb -u $LOGF # command1 21 | command2 # echo Looking for security patches # freebsd-update fetch # This program not working for me. unComment above line if it works for U. echo The following ports need upgrading $LOGF /usr/local/sbin/portversion -l $LOGF echo $LOGF echo STOP at `/bin/date`. $LOGF echo $LOGF END CODE... mydaily.sh -- Billy ___ You can use exec at the top of your script to redirect all output to a file. This way don't need to add $LOG at the end of each line. #!/bin/sh LOGF=/var/log/cvsup.log # --- redirect all script output to logfile exec ${LOGF} 21 =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: couldn't start KDE.
On Thu, 3 Feb 2005 15:47:53 +, nbco [EMAIL PROTECTED] wrote: On Thursday 03 February 2005 09:04, BSD Mail wrote: On Wed, 2 Feb 2005 23:48:13 -0800, Kent Stewart [EMAIL PROTECTED] wrote: On Wednesday 02 February 2005 11:28 pm, BSD Mail wrote: snip Did you see the error message about /tmp/.ICE-unix. Check the ownership. Kent Sorry I forgot to mention that this is the second thing I tried actually. I noticed the permissions for 3 other directory and the .ICE-unix under /'tmp as root:wheel I ran chown -R user:user on them it got rid of most the errors but still, I was getting an error about that .ICE-unix directory. the third thing I did is I rm -rf everything under /tmp and started kde again. Less errors and still showing the .ICE-unix error and my previous attachment was the least error I was able to get. snip Hi, In relaton to the .ICE_unix directory, UPDATING deals with it in part (see below). I like having clear_tmp_enable=YES so to avoid this problem, I created the directory /etc/rc.local with the following line: mkdir -p -m 1777 /tmp/.ICE-unix This means that I can still clear out my tmp directories automatically on reboot and maintain the ICE-unix permissions. I hope this helps .nbco 20041229: AFFECTS: users of x11/kdebase3, x11-servers/xorg-server AUTHOR: [EMAIL PROTECTED] If KDE does not start anymore after upgrading Xorg to version 6.8.1 (X restarts when the KDE splash screen has reached the third icon), please check whether the directory /tmp/.ICE-unix exists, is owned by root and has permissions 1777 (read/write/access for everybody + sticky bit). To make sure everything is in working order, do (as root): mkdir -p /tmp/.ICE-unix chmod 1777 /tmp/.ICE-unix chown root:wheel /tmp/.ICE-unix Also, make sure you do NOT have clear_tmp_enable=YES set in /etc/rc.conf, as it will remove the directory on every reboot and applications will re-create it with the wrong ownership. Users of daily_clean_tmps_enable in /etc/periodic.conf should make sure daily_clean_tmps_ignore contains /tmp/.ICE-unix. Thanks very much that did help. I'm able to start KDE, and no more error pop-ups. There is only one small thing what would make my day. Under Control Center --- Peripherals --- Display I'm only able to run 640x480 @ 60 Hz I can't change those values. As I mentioned before I failed to use the Modes directive in xorg.conf The video card is GeForce4 440 Go and I'm using the nv driver. I'm attaching my xorg.conf file. You won't see the Modes directive anywhere because if added kde or blackbox will fail to start. Thanks again, have a good day. -- Regards, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: couldn't start KDE.
On Fri, 4 Feb 2005 00:18:27 -0800, BSD Mail [EMAIL PROTECTED] wrote: On Thu, 3 Feb 2005 15:47:53 +, nbco [EMAIL PROTECTED] wrote: On Thursday 03 February 2005 09:04, BSD Mail wrote: On Wed, 2 Feb 2005 23:48:13 -0800, Kent Stewart [EMAIL PROTECTED] wrote: On Wednesday 02 February 2005 11:28 pm, BSD Mail wrote: snip Did you see the error message about /tmp/.ICE-unix. Check the ownership. Kent Sorry I forgot to mention that this is the second thing I tried actually. I noticed the permissions for 3 other directory and the .ICE-unix under /'tmp as root:wheel I ran chown -R user:user on them it got rid of most the errors but still, I was getting an error about that .ICE-unix directory. the third thing I did is I rm -rf everything under /tmp and started kde again. Less errors and still showing the .ICE-unix error and my previous attachment was the least error I was able to get. snip Hi, In relaton to the .ICE_unix directory, UPDATING deals with it in part (see below). I like having clear_tmp_enable=YES so to avoid this problem, I created the directory /etc/rc.local with the following line: mkdir -p -m 1777 /tmp/.ICE-unix This means that I can still clear out my tmp directories automatically on reboot and maintain the ICE-unix permissions. I hope this helps .nbco 20041229: AFFECTS: users of x11/kdebase3, x11-servers/xorg-server AUTHOR: [EMAIL PROTECTED] If KDE does not start anymore after upgrading Xorg to version 6.8.1 (X restarts when the KDE splash screen has reached the third icon), please check whether the directory /tmp/.ICE-unix exists, is owned by root and has permissions 1777 (read/write/access for everybody + sticky bit). To make sure everything is in working order, do (as root): mkdir -p /tmp/.ICE-unix chmod 1777 /tmp/.ICE-unix chown root:wheel /tmp/.ICE-unix Also, make sure you do NOT have clear_tmp_enable=YES set in /etc/rc.conf, as it will remove the directory on every reboot and applications will re-create it with the wrong ownership. Users of daily_clean_tmps_enable in /etc/periodic.conf should make sure daily_clean_tmps_ignore contains /tmp/.ICE-unix. Thanks very much that did help. I'm able to start KDE, and no more error pop-ups. There is only one small thing what would make my day. Under Control Center --- Peripherals --- Display I'm only able to run 640x480 @ 60 Hz I can't change those values. As I mentioned before I failed to use the Modes directive in xorg.conf The video card is GeForce4 440 Go and I'm using the nv driver. I'm attaching my xorg.conf file. You won't see the Modes directive anywhere because if added kde or blackbox will fail to start. Thanks again, have a good day. Sorry forgot to attach my xorg.conf file. I just need to know how can I increase the resolution to lets say 1024x768 there should be a directive that works if the Modes directive is refused by xorg.conf. -- Regards, Section ServerLayout Identifier X.org Configured Screen 0 Screen0 0 0 InputDeviceMouse0 CorePointer InputDeviceKeyboard0 CoreKeyboard EndSection Section Files RgbPath /usr/X11R6/lib/X11/rgb ModulePath /usr/X11R6/lib/modules FontPath /usr/X11R6/lib/X11/fonts/misc/ FontPath /usr/X11R6/lib/X11/fonts/TTF/ FontPath /usr/X11R6/lib/X11/fonts/Speedo/ FontPath /usr/X11R6/lib/X11/fonts/Type1/ FontPath /usr/X11R6/lib/X11/fonts/CID/ FontPath /usr/X11R6/lib/X11/fonts/75dpi/ FontPath /usr/X11R6/lib/X11/fonts/100dpi/ EndSection Section Module Load dbe Load dri Load extmod Load glx Load record Load xtrap Load freetype Load speedo Load type1 EndSection Section InputDevice Identifier Keyboard0 Driver keyboard EndSection Section InputDevice Identifier Mouse0 Driver mouse Option Protocol auto Option Device /dev/sysmouse EndSection Section Monitor Identifier Monitor0 VendorName Monitor Vendor ModelNameMonitor Model ### Uncomment if you don't want to default to DDC: # HorizSync31.5 - 57.0 # VertRefresh 50.0 - 70.0 EndSection Section Device ### Available Driver options are:- ### Values: i: integer, f: float, bool: True/False, ### string: String, freq: f Hz/kHz/MHz ### [arg]: arg optional #Option SWcursor # [bool] #Option HWcursor # [bool] #Option NoAccel # [bool] #Option ShadowFB # [bool] #Option UseFBDev # [bool] #Option Rotate# [str] #Option VideoKey # i #Option FlatPanel
Re: couldn't start KDE.
On Wed, 2 Feb 2005 23:48:13 -0800, Kent Stewart [EMAIL PROTECTED] wrote: On Wednesday 02 February 2005 11:28 pm, BSD Mail wrote: Greetings, I installed a fresh 5_3 upgraded the ports and source. I'm using xorg. I can run blackbox without any errors. I also installed KDE 3.3.2 latest one. It was running fine at first untill I started installing few other applications. I'm attaching the error I recieve after running startx. Besides that. There is another small problem. xorg.conf refuses the Modes directive. I have an nVIDIA GeForce4 440 Go. Because the FreeBSD driver from nvidia refused to work with xorg. I used driver nv instead. I can only run 800x600 everything looks huge. I tried something like Modes 1024x758 and it refused the directive Modes. It's unkown. Any help would be appreciated. Did you see the error message about /tmp/.ICE-unix. Check the ownership. Kent Sorry I forgot to mention that this is the second thing I tried actually. I noticed the permissions for 3 other directory and the .ICE-unix under /'tmp as root:wheel I ran chown -R user:user on them it got rid of most the errors but still, I was getting an error about that .ICE-unix directory. the third thing I did is I rm -rf everything under /tmp and started kde again. Less errors and still showing the .ICE-unix error and my previous attachment was the least error I was able to get. Follow up: what about the Modes 1024x758 why the word Modes is unknown to xorg.conf ? and if it is. What should I use instead to increase the resolution. At least to be able to run blackbox smoothly till I get kde errors fixed. thanks again for your help. -- Regards, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
couldn't start KDE.
Greetings, I installed a fresh 5_3 upgraded the ports and source. I'm using xorg. I can run blackbox without any errors. I also installed KDE 3.3.2 latest one. It was running fine at first untill I started installing few other applications. I'm attaching the error I recieve after running startx. Besides that. There is another small problem. xorg.conf refuses the Modes directive. I have an nVIDIA GeForce4 440 Go. Because the FreeBSD driver from nvidia refused to work with xorg. I used driver nv instead. I can only run 800x600 everything looks huge. I tried something like Modes 1024x758 and it refused the directive Modes. It's unkown. Any help would be appreciated. -- Regards, X Window System Version 6.8.1 Release Date: 17 September 2004 X Protocol Version 11, Revision 0, Release 6.8.1 Build Operating System: FreeBSD 5.3 i386 [ELF] Current Operating System: FreeBSD host.domain 5.3-RELEASE-p5 FreeBSD 5.3-REL EASE-p5 #0: Fri Jan 21 13:45:52 PST 2005 [EMAIL PROTECTED]:/usr/obj/usr/src /sys/custom i386 Build Date: 21 January 2005 Before reporting problems, check http://wiki.X.Org to make sure that you have the latest version. Module Loader present Markers: (--) probed, (**) from config file, (==) default setting, (++) from command line, (!!) notice, (II) informational, (WW) warning, (EE) error, (NI) not implemented, (??) unknown. (==) Log file: /var/log/Xorg.0.log, Time: Wed Feb 2 22:11:52 2005 (==) Using config file: /etc/X11/xorg.conf (EE) Failed to load module speedo (module does not exist, 0) startkde: Starting up... QPixmap: Cannot create a QPixmap when no GUI is being used QPixmap: Cannot create a QPixmap when no GUI is being used QPixmap: Cannot create a QPixmap when no GUI is being used QPixmap: Cannot create a QPixmap when no GUI is being used kbuildsycoca running... KWrited - Listening on Device /dev/ttyp0 SetClientVersion: 0 8 running as realtime process now (priority 15) _IceTransmkdir: ERROR: Owner of /tmp/.ICE-unix must be set to root _IceTransSocketUNIXCreateListener: mkdir(/tmp/.ICE-unix) failed, errno = 1 _IceTransMakeAllCOTSServerListeners: failed to create listener for local KSMServer: Error listening for connections: Cannot establish any listening socke ts KSMServer: Aborting. startkde: Shutting down... klauncher: Exiting on signal 1 warning: leaving MCOP Dispatcher and still 12 object references alive. - Arts::SampleStorage - Arts::Synth_MULTI_ADD - Arts::Synth_MULTI_ADD - Arts::Synth_PLAY - Arts::StereoVolumeControl - Arts::StereoEffectStack - Arts::Synth_BUS_DOWNLINK - Arts::SoundServerV2 - Arts::Synth_BUS_UPLINK - Arts::Synth_AMAN_PLAY - Arts::AudioManagerClient - Arts::MidiManager warning: leaving MCOP Dispatcher and still 113 types alive. ICE default IO error handler doing an exit(), pid = 39012, errno = 0 startkde: Running shutdown scripts... startkde: Done. waiting for X server to shut down % ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
de-installing kde Xfree86 from 5.2.1
Hello, I am looking for a fast and secure way to remove all kde* things from my system. We are using this machine as a headless server and do not need this kind of things at all. This is bothering me when I update de port tree and do my cvsup things. ON THE OTHER HAND we absolutely need the deinstall not to compromise our server !! Libraries used by other program must not be touched by the deinstall process as this is a quite busy mail server. I was thinking about going into each directory in /usr/ports/... and making a make deinstall Any other clue will be welcome ! __ «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ¯¯ Grégory Bernard 11, rue de la Tour Directeur 75116 Paris France www.ToDoo.biz __ «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ ¯¯ PGP ID -- 0x1BA3C2FD All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use hammer. -- IBM maintenance manual, 1975 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: BIND9 doesn't seem to do anything
On Sat, 29 Jan 2005 17:57:50 -0700, Pat Maddox [EMAIL PROTECTED] wrote: The named process is always in the kserel state. I've got no idea what that is, and all I can find on Google is that programs hang in that state. So I don't know what to do. There's no output, I can't find any logs, there's just no way for me to tell what's wrong. On Sat, 29 Jan 2005 15:59:46 -0800, Thomas Foster [EMAIL PROTECTED] wrote: you might want to add named_enable=YES in your /etc/rc.conf check out the following tutorial on setting up Bind9 http://www.section6.net/help/bind.php Hope this helps.. T - Original Message - From: Pat Maddox [EMAIL PROTECTED] To: freebsd-questions@freebsd.org Sent: Saturday, January 29, 2005 3:54 PM Subject: BIND9 doesn't seem to do anything I installed BIND9 from the ports earlier, edited the config files a bit, but I can't get it to run at all. When I type named, or /etc/rc.d/named start, there's no output at all, and then I find that named isn't running. I've tried this again with the default install as well, without touching and files, but same thing. There also isn't anything in the logs folder, so I guess it's not creating an error log of anything. Any ideas? Thanks, Pat netstat -an -f inet should show something like this. A nameserver LISTENing on port 53 for TCP and another line for for UDP. tcp0 0 192.168.222.10.53 *.*LISTEN udp0 0 192.168.222.10.53 *.* =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ATA problem
On Thu, 27 Jan 2005 21:25:41 -0800, Ted Mittelstaedt [EMAIL PROTECTED] wrote: Are you using an old ordinary IDE cable or the super special high density go-fast new style IDE cable? Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of BSD Mail Sent: Thursday, January 27, 2005 7:28 PM To: FreeBSD-questions@freebsd.org Subject: ATA problem Hello, I'm having a problem installing any version of FreeBSD 5.2 and above on a EIDE Western Digital Caviar 80GB. That system was running 4.x without any problems for over 2 years. When I planned to install 5.3 I got the error below. I thought at first it's HD jumper settings not that I changed the current settings Then I thought it's the IDE bus. I did further debugging. I installed different types of Linux and Windows 2k and I got no problem with the HD. I'm able to install FreeBSD 5.1 and any prior release with no problem. I read some threads about 5.3 having problems with some IDEs. If that's the case, what is your suggestion ? I want to take advantage of the nice features in 5.3 plus I got my DVD burner identified for the first time under 5.3. After I boot from CD to proceed with a clean install. When I get hardware probing, as I reach the 'ata' part I get the message below and everything just freeze there. I have to do a hard boot. ad0: 76293MB WDC WD800BB-75FRA0 [155009/16/63] at ata0-master UDMA100 ata1-master: FAILURE - ATA_IDENTIFY status=7fREADY,DMA_READY,DSC,DRQ,CORRECT,INDEX,ERROR error=7fUNCORRECTABLE,MEDIA_CHANGED,NID_NOT_FOUND,MEDIA_CHAN.. REQUEST,ABORTED,NO_MEDIA,ILLEGAL_LENGTH LBA=0 Thank you, -- Regards, I'm using the same cables I've been using for long time. A round Single IDE Ultra ATA Cable, 40c/80p 18 inch. I'm using the same exact cable on 5 other FreeBSD machines with no problem at all. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How does FreeBSD access NetBSD, OpenBSD?
On Thu, 27 Jan 2005 19:17:33 -0800, Loren M. Lang [EMAIL PROTECTED] wrote: I have FreeBSD, OpenBSD, and NetBSD on the same hard drive of my system. How can I mount the NetBSD or OpenBSD partitions from FreeBSD? Slice 1 - Ext3fs for data between linux/bsd Slice 2 - OpenBSD slice with 4 ufs partitions and swap (a,b,e,f,g) Slice 3 - FreeBSD slice with 4 ufs partitions and swap (a,b,d,e,f) Slice 4 - Extended slice composed of: Slice 5 - NetBSD slice with 4 ufs partitions and swap (a,b,e,f,g) Slice 6 - Unformatted as of yet. FreeBSD is, of course running fine, but I can't see any of the other slices/partitions on the drive including the ext3fs partition. $ ls /dev/ad1* /dev/ad1/dev/ad1s3 /dev/ad1s3c /dev/ad1s3f /dev/ad1s6 /dev/ad1s1 /dev/ad1s3a /dev/ad1s3d /dev/ad1s4 /dev/ad1s2 /dev/ad1s3b /dev/ad1s3e /dev/ad1s5 I can seem to access all the linux partitions on my first drive ad0, but that drive is only linux so there are no complex partitions in slices like on ad1. I would expect that the nature of geom, I should be able to access all the partitions fine, but I might be missing something. [snip] OpenBSD and NetBSD have one single label for the whole disk or all slices, unlike FreeBSD that has a separate disklabel for each slice. See http://www.freebsdforums.org/forums/showthread.php?s=threadid=27859 =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Adding a partition
On Fri, 28 Jan 2005 15:36:08 +0101, David J. Weller-Fahy [EMAIL PROTECTED] wrote: I left about 26GB free on my 80GB hard drive. Having found a use for that space, I now want to add a partition. I've not added one by hand, and /stand/sysinstall gives me a 'cannot write to ...' message, so I want confirmation that what I'm about to do won't crump on me. ;] System is two 80GB ATA hard drives on a 'Promise PDC20269 UDMA133 controller' (according to dmesg), with one on each channel (both master). I'm running software raid using atacontrol. My current partition table follows: #v+ dave[tigger]~ sudo bsdlabel ar0s1 # /dev/ar0s1: 8 partitions: #size offsetfstype [fsize bsize bps/cpg] a: 104857604.2BSD 2048 16384 8 b: 2097152 1048576 swap c: 1562963220unused0 0 # raw part, don't edit d: 73400320 304087044.2BSD 2048 16384 28544 e: 2097152 31457284.2BSD 2048 16384 28552 f: 12582912 52428804.2BSD 2048 16384 28552 g: 12582912 178257924.2BSD 2048 16384 28552 #v- To use up the unused space, I believe I need to add the following line: #v+ h: 52487298 1038090244.2BSD 2048 16384 28552 #v- Could someone who's done that before confirm whether that looks right? First you need to create a FreeBSD slice with fdisk, say /dev/ar0s2. Only then you can disklabel that /dev/ar0s2. =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ATA problem
Hello, I'm having a problem installing any version of FreeBSD 5.2 and above on a EIDE Western Digital Caviar 80GB. That system was running 4.x without any problems for over 2 years. When I planned to install 5.3 I got the error below. I thought at first it's HD jumper settings not that I changed the current settings Then I thought it's the IDE bus. I did further debugging. I installed different types of Linux and Windows 2k and I got no problem with the HD. I'm able to install FreeBSD 5.1 and any prior release with no problem. I read some threads about 5.3 having problems with some IDEs. If that's the case, what is your suggestion ? I want to take advantage of the nice features in 5.3 plus I got my DVD burner identified for the first time under 5.3. After I boot from CD to proceed with a clean install. When I get hardware probing, as I reach the 'ata' part I get the message below and everything just freeze there. I have to do a hard boot. ad0: 76293MB WDC WD800BB-75FRA0 [155009/16/63] at ata0-master UDMA100 ata1-master: FAILURE - ATA_IDENTIFY status=7fREADY,DMA_READY,DSC,DRQ,CORRECT,INDEX,ERROR error=7fUNCORRECTABLE,MEDIA_CHANGED,NID_NOT_FOUND,MEDIA_CHAN..REQUEST,ABORTED,NO_MEDIA,ILLEGAL_LENGTH LBA=0 Thank you, -- Regards, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPSec without AH
On Sun, 23 Jan 2005 13:47:35 +0100, Erik Norgaard [EMAIL PROTECTED] wrote: Hi, Due to the problems of IPSec with NAT I was thinking if it is posible to setup IPSec without Authenticated Headers? Does anyone know of a howto? My postulate is that since data is encrypted, this should provide the same security as SSL/TLS - or better as _all_ protocols are encapsulated - or did I miss something? Thanks, Erik The AH (Authenticated Header) protocol cannot be used with NAT, NAT modifies the header of packets, while AH is supposed to protect that header from being modified. Another IPSEC protocol ESP (Encrypted Security Payload), both authenticates and encrypts, and thus has no problem with NAT traversal. BTW I am not an IPSEC expert, just scratched its surface a little bit ;) =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPSec without AH
On Sun, 23 Jan 2005 14:54:46 +0100, Erik Norgaard [EMAIL PROTECTED] wrote: J65nko BSD wrote: Due to the problems of IPSec with NAT I was thinking if it is posible to setup IPSec without Authenticated Headers? Does anyone know of a howto? The AH (Authenticated Header) protocol cannot be used with NAT, NAT modifies the header of packets, while AH is supposed to protect that header from being modified. Another IPSEC protocol ESP (Encrypted Security Payload), both authenticates and encrypts, and thus has no problem with NAT traversal. Thanks, AFAIK, ESP and AH are used in conjunction in IPSec, ESP for encrypting the packet payload, and AH for authentication. ESP in it self does not provide authentication, but only encrypts the payload - hence the names :-) Since ESP only encrypts the payload, as you say, ESP has no problem with NAT, whereas AH appends a signed checksum of the header. And since NAT alters the header, verifying the AH fails. Ofcourse, it requires access to the (public?) keys to create valid encrypted packets. Hence, if the public key is kept as a shared secret among the authorized users, one could assume that ESP packets are authenticated/trusted. This is my idea, discard AH, rely on ESP and assume that anyone capable of producing decryptable packets must have access to the pre-shared secret public key and hence authorized. Your are not the first to have this idea. The authors of Secure Architectures with OpenBSD already published this ;) AH would work, if both ends were NATaware, such that the rigth src/dst ip could be inserted in the header before checking. It just occured to me that maybe this could be done by adding yet another IP/IP tunnel? Cheers, Erik OpenBSD 3.6 supports NAT traversal. From http://openbsd.org/36.html: isakmpd(8) now supports NAT-traversal and Dead Peer Detection (RFC 3706). Don't know how ling it would take to before this is supported by FreeBSD ;) =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 'nat pass' not working in PF
On Fri, 21 Jan 2005 08:20:45 -0600, Andrew L. Gould [EMAIL PROTECTED] wrote: I'm running pf in FreeBSD 5.3 on my laptop. The filters for the local box work fine. I'm also working on a pc for a friend; but ran out of ethernet ports in my router. This pc doesn't have a wireless adapter; so I adjusted my pf rules to use my laptop as a gateway for the pc. I want my filters to remain intact for the laptop; but I want nat to let all the pc's traffic through. (It has it's own firewall.) According the OpenBSD pf tutorial, adding the word 'pass' after 'nat' in the nat command will allow nat traffic to bypass the filter rules. Unfortunately, this doesn't seem to work. If my default 'block log all' rule is left uncommented, I can only ping ip addresses (not host names that require nameservers). No other activity passes through. If I comment it out, all traffic passes; but my laptop is left unprotected. Any advice? The relevant lines from my pf rules follow: ifdev = ath0 natdev = fxp0 scrub in all no-df nat pass on $ifdev from $natdev:network to any - $ifdev icmp_types = echoreq block log all #other filtering rules follow Thanks, Andrew Gould How about something like this: EXT_IF = fxp0 INT_IF = xl0 TCP_OUT = { ssh, www, https, smtp, pop3 } UDP_OUT = { domain } ICMP_OUT = echoreq scrub in all no-df nat on $EXT_IF from $INT_IF:network to any - $EXT_IF # -- default policy block log from any to any # -- LOOPBACK pass quick on lo0 from any to any # -- EXTERNAL # -- tcp pass out quick on $EXT_IF inet proto tcp from any to any port $TCP_OUT flags S/SA keep state # -- udp pass out quick on $EXT_IF inet proto udp from any to any port $UDP_OUT keep state # -- icmp pass out quick on $EXT_IF inet proto icmp from any to any icmp-type $ICMP_OUT keep state # -- INTERNAL pass on $INT_IF from any to any =Adriaan== ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sendmail: host name lookup failure
On Thu, 23 Dec 2004 15:09:08 +1030, Paul A. Hoadley [EMAIL PROTECTED] wrote: On Mon, Dec 20, 2004 at 10:54:42PM +1030, Paul A. Hoadley wrote: I have actually solved the problem. I intend to post a summary for the archive when I return to the site later in the week, at which time I'll be able to identify the OS/nameserver combination at fault. I am told it's running Windows 2000 DNS Server. Presumably that's Microsoft's own DNS implementation built into Windows 2000. Here's a teaser, though: it's a Microsoft product (I just don't know which), and it's returing SERVFAIL status for a record query. Sometimes it behaves: dig tsb.coremedicalsolutions.com. ; DiG 9.3.0 tsb.coremedicalsolutions.com. ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 8959 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;tsb.coremedicalsolutions.com. IN ;; AUTHORITY SECTION: coremedicalsolutions.com. 3600 IN SOA archibald2.coremedicalsolutions.com. marc.coremedicalsolutions.com. 1480 900 600 86400 3600 ;; Query time: 281 msec ;; SERVER: 192.168.10.2#53(192.168.10.2) ;; WHEN: Thu Dec 23 15:03:23 2004 ;; MSG SIZE rcvd: 98 But sendmail seems intent on asking for just about every permutation on each domain name invovled, so sometimes it returns the bogus answer: dig tsb ; DiG 9.3.0 tsb ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: SERVFAIL, id: 43109 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;tsb. IN ;; Query time: 245 msec ;; SERVER: 192.168.10.2#53(192.168.10.2) ;; WHEN: Thu Dec 23 15:04:42 2004 ;; MSG SIZE rcvd: 21 (By 'sometimes' I don't mean it's non-deterministic. Every time sendmail asks for the record of an unqualified hostname, the nameserver responds with SERVFAIL.) The consequence of this is that sendmail repeatedly defers delivery until the mail expires. Curiously, sendmail's WorkAroundBroken option did not help, and I don't know why. Daryl Tester suggested using a mailertable entry, and this worked. I still don't know why WorkAroundBroken isn't working in this case. From [EMAIL PROTECTED] Fri Jan 21 03:59:02 2005 Date: Fri, 21 Jan 2005 03:58:59 +0100 (CET) From: J65nko BSD [EMAIL PROTECTED] To: [EMAIL PROTECTED] A couple of months ago some root servers started doing something they never did before: handing out IPV6 referrals $ dig +norecurse kpn.com @a.root-servers.net ; DiG 9.2.3 +norecurse kpn.com @a.root-servers.net ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 25453 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 14 ;; QUESTION SECTION: ;kpn.com. IN A ;; AUTHORITY SECTION: com.172800 IN NS A.GTLD-SERVERS.NET. com.172800 IN NS G.GTLD-SERVERS.NET. com.172800 IN NS H.GTLD-SERVERS.NET. com.172800 IN NS C.GTLD-SERVERS.NET. com.172800 IN NS I.GTLD-SERVERS.NET. com.172800 IN NS B.GTLD-SERVERS.NET. com.172800 IN NS D.GTLD-SERVERS.NET. com.172800 IN NS L.GTLD-SERVERS.NET. com.172800 IN NS F.GTLD-SERVERS.NET. com.172800 IN NS J.GTLD-SERVERS.NET. com.172800 IN NS K.GTLD-SERVERS.NET. com.172800 IN NS E.GTLD-SERVERS.NET. com.172800 IN NS M.GTLD-SERVERS.NET. ;; ADDITIONAL SECTION: A.GTLD-SERVERS.NET. 172800 IN 2001:503:a83e::2:30 A.GTLD-SERVERS.NET. 172800 IN A 192.5.6.30 G.GTLD-SERVERS.NET. 172800 IN A 192.42.93.30 H.GTLD-SERVERS.NET. 172800 IN A 192.54.112.30 C.GTLD-SERVERS.NET. 172800 IN A 192.26.92.30 I.GTLD-SERVERS.NET. 172800 IN A 192.43.172.30 B.GTLD-SERVERS.NET. 172800 IN 2001:503:231d::2:30 B.GTLD-SERVERS.NET. 172800 IN A 192.33.14.30 D.GTLD-SERVERS.NET. 172800 IN A 192.31.80.30 L.GTLD-SERVERS.NET. 172800 IN A 192.41.162.30 F.GTLD-SERVERS.NET. 172800 IN A 192.35.51.30 J.GTLD-SERVERS.NET. 172800 IN A 192.48.79.30 K.GTLD-SERVERS.NET. 172800 IN A 192.52.178.30 E.GTLD-SERVERS.NET. 172800 IN A 192.12.94.30 ;; Query time: 115 msec ;; SERVER: 198.41.0.4#53(a.root-servers.net) ;; WHEN: Fri Jan 21 01:06:01 2005 ;; MSG SIZE rcvd: 497 Somehow an IPV6 referral may entice a nameserver into actually issue a query via IPV6. BIND in the OpenBSD base
ntp is acting strangely
Hi, I am baffled about an ntp problem i am experiencing. Please excuse me if this is a simple question, as I am still a relatively inexperienced user compared to the community. My setup is 3 computers (2 act as game clients and the other acts as a game server) all running FreeBSD4.9 RELEASE. They are each connected to the internet (through the network) and through wireless (private network). Each connection is fully functioning (ie internet connection is good and they can ping each other) The experiment i wanted to carry out was to just have a look at the ntp offsets over time for the three computers, and comparing them to each other. I have written a very simple shell script that simply outputs the date and time along with the result of the ntp offset of the server being synched to (ie the server with a asterik(*) from the result of ntpq -p), every 30 seconds. The servers I have selected in /etc/ntp.conf for all 3 computers are reliable stratum 2 university ntp servers. (2 are in the x.x.1 network and the other is on the x.x.20 network) I ran the script on all 3 computers and over a week (from Jan 5 to Jan 13), they seemed to run fine (fluctuating offsets within the range of -50 to 50, however, towards the end of the week, all 3 tests ran showed missing data for about 1/2 day, as if there was some sort of outage. Upon investigation, I found only one of the client machines had the following in /var/log/messages (it is an extract, starting from the first ntpd related entry - it is the exact data except i was advised to edit the ip addresses out - please excuse me) Jan 11 22:34:46 client1 ntpd[95]: sendto(ntp server 1 x.x.20.x): No route to host Jan 11 22:39:04 client1 ntpd[95]: sendto(ntp server 1 x.x.20.x): No route to host Jan 11 23:26:13 client1 ntpd[95]: sendto(ntp server 1 x.x.20.x): No route to host Jan 12 03:06:05 client1 ntpd[95]: sendto(ntp server 2 x.x.1.x): No route to host Jan 12 07:53:46 client1 ntpd[95]: sendto(ntp server 3 x.x.1.x): No route to host Jan 12 11:08:14 client1 ntpd[95]: time reset -0.189678 s Looking at the ntp offset result files, the missing data began at approx 11 Jan 2005 22:29:58 (showing an ntp offset of -5.332) and resumed approx 12 Jan 2005 10:32:26 with an offset of 46.081. The offset gradually decreased to -172.70 at 11:07:57 before dropping out again and resuming minutes later with a offset of -5.712. After that it seemed fine. I don't believe it was just simply the case of 3 of the ntp servers going down. Also, as stated previously, 3 computers are pinging fine, and the script is so simple and basic that it can't be the problem. A previous test i ran was even stranger...one of the computers produced the desired results, one of the computers received frequent drop outs and the other only had a small period of results. Question - is it common to have ntp offsets not providing data? I specified a drift file (/var/db/ntp.dirft) in /etc/ntp.conf, which i thought was used to continue adjusting the offset even when contact was lost with all servers. So how do I fix this problem or more importantly, what is the cause of it? Is it freebsd? I have been searching the internet for the last couple of days and I am yet to find some solid literature or solutions. I am very keen to get on top of this. Any suggestions/ideas/pointers are much appreciated. Deep thanks in advance Bob __ Do you Yahoo!? The all-new My Yahoo! - What will yours do? http://my.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
5.3 random reboot problems
I've been having an issue with a Compaq Proliant DL580. For some odd reason it randomly reboots. This usually happens when I leave it on for more than two days. I'd like to find out when it reboots first of all, and second, obviously, I'd like to find out why, and prevent it from doing so. The system specs are as follows: DL580 dual xeon 700mhz 1 gig ram 3 x 9.1 gig drives in a RAID 5 array on a compaq integrated array controller 3Com 3c905C-TX dual intel 82559 pro/100 ...and it's running FreeBSD 5.3, which were installed from the CD's. In addition, and I don't know if this is relevant, but I'm getting a slew of messages that say something like: calcru: negative runtime of -x usec for pid y (something like: yarrow, g_down, g_up, etc) __ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ipnat port forwarding froblem
Hi All, I have an ADSL router with some very basic Firewall connecting my internal network to the internet. I now want to give myself greater flexibility and protection and so I have been attempting to set a 3 homed host running a firewall with nat. This host needs to route packets between 2 further networks, 1 as a dmz and the other as a protected network, layout as follows: Internet | --- --| Router |-- --- 192.168.0.1 Min protected Net | 192.168.0.2 - dc0 --| Firewall |- 192.168.1.2 - dc1 192.168.2.2 - rl0 DMZ Net | Protected Net | I have tried using both ipfilter+ipnat and pf, and even tried OpenBSD, but always have the same problem that forwarding from the protected net and the dmz net to the internet fails (no route to host). My current configuration is using ipfilter+ipnat on FreeBSD 5.3 The firewall can reach the internet, dmz and protected net ok and sysctl -a reveals that net.inet.ip.forwarding=1 and also redirect=1. My ipnat rules are as folows: map dc0 192.168.2.0/24 - 192.168.0.2/32 portmap tcp/udp 1:2 map dc0 192.168.2.0/24 - 192.168.0.2/32 map dc0 192.168.1.0/24 - 192.168.0.2/32 portmap tcp/udp 20001:4 map dc0 192.168.1.0/24 - 192.168.0.2/32 In order to get this working I have my internal firewall open, so that it does not cause an issue. For now I just want to get this working using ipfilter+ipnat and when I know what the problem is I will try implementing it using pf. In the past I have had a firewall connecting to a ADSL modem using PPPoA running ipfw and natd on FreeBSD 4.8, but this is a different configuration. I am completely out of ideas, so all are welcome. Thanks in advance. Tim Preece. ___ ALL-NEW Yahoo! Messenger - all new features - even more fun! http://uk.messenger.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
compaq proliant dl580 w/5.3 - random reboots
hi, I've been having an issue with a Compaq Proliant DL580. For some odd reason it randomly reboots. This usually happens when I leave it on for more than two days. I'd like to find out when it reboots first of all, and second, obviously, I'd like to find out why, and prevent it from doing so. The system specs are as follows: DL580 dual xeon 700mhz 1 gig ram 3 x 9.1 gig drives in a RAID 5 array on a compaq integrated array controller 3Com 3c905C-TX dual intel 82559 pro/100 ...and it's running FreeBSD 5.3, which were installed from the CD's. In addition, and I don't know if this is relevant, but I'm getting a slew of messages that say something like: calcru: negative runtime of -x usec for pid y (something like: yarrow, g_down, g_up, etc) __ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Copying directory trees only for new files
On Mon, 10 Jan 2005 00:08:35 +0100, Anthony Atkielski [EMAIL PROTECTED] wrote: What's the safest and most elegant way to copy an entire directory tree such that only newer files and directories are actually copied? Have a look at rsync http://rsync.samba.org/ It is in ports ;) [snip] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPFW and whois lookup
On Fri, 7 Jan 2005 19:33:32 -0700, V Foulk [EMAIL PROTECTED] wrote: [snip] # ipfw list 65535 allow ip from any to any I did have more elaborate rule sets that worked great, with the exception of the whois/hostname lookups. $ grep whois /etc/services whois 43/tcp nicname In pf the following rule would allow whois requests, initiated by clients behind the firewall pass out quick on xl0 proto tcp from any to any port = whois flags S/SA modulate state [snip] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Packet filtering with pf and gif tunnels.
On Sun, 9 Jan 2005 00:23:55 +, Lewis Thompson [EMAIL PROTECTED] wrote: Hi, I am wondering what sequence a packet goes through when it is passing through a gif tunnel. I have the following interface and gif tunnel (with the equivalent being on the same subnet at the other side): fxp0: a.a.a.a/24 gif0: a.a.a.a - a.a.a.b (192.168.0.1/32 - 192.168.0.2/32) My question is really what order does the packet go pass through my firewall (pf) in? i.e., is it: in on fxp0 from a.a.a.b to a.a.a.a (unencapsulated) in on gif0 from 192.168.0.2 to 192.168.0.1 or does it just magically ``appear'' on gif0 straight away? Now I write it out I am assuiming that it passes through pf twice (first on fxp0 and secondly on gif0); if this is in fact the case, what sensible rule might I add to allow this encapsulated traffic from a.a.a.b? Currently I have pf configured as follows: pass all pass quick proto icmp block in on fxp0 pass out on fxp0 keep state pass in on fxp0 proto tcp from any to fxp0 port 22 keep state The reason I ask this question is that for my tunnel endpoints to ping each other, a.a.a.a must be doing so (a.a.a.b has no firewall). Thank you, -Lewis Thompson. For some debugging strategies in a similar case with IPSEC see http://www.bsdforums.org/forums/showthread.php?s=threadid=18601 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sendmail and mbox permissions
On Wed, 5 Jan 2005 23:23:29 +0300, Eugene M. Minkovskii [EMAIL PROTECTED] wrote: Hi. I use FreeBSD 5.3 and sendmail. When root rechieve the mail, mailbox's (/var/mail/root) permission bits has been setted to 600. Who and how it does? Can I change this behavior? -- For security reasons, the root account should not receice any mail. One of sendmail's alternatives qmail will even NEVER send any mail to the root account. Enter an alias for root in /etc/mail/aliases and run the newaliases command. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: defered mail
On Mon, 3 Jan 2005 10:23:07 +0200, tethys ocean [EMAIL PROTECTED] wrote: My problem is about defered mail. On our server sendmail is running and sometimes some mail defered. I am researching how I can get managed to send defer mail information to senders? I am taking a mail from root but sender didnt take a mail that consist your mail defered bla bla blaso I will take next tree minutes.. is it possible? if it is possible how I can manage? in sendmail.cf O Timeout.queuereturn=2d O Timeout.queuewarn=4h O Timeout.queuewarn.normal=4h mailq /var/spool/mqamavis (5 requests) -Q-ID- --Size-- -Q-Time- Sender/Recipient--- iBVC8fpT049046-6361 Fri Dec 31 14:12 [EMAIL PROTECTED] (host map: lookup (bbscomputer.net): deferred) [EMAIL PROTECTED] iBVCIB9u051147-6361 Fri Dec 31 14:21 [EMAIL PROTECTED] (host map: lookup (bbscomputer.net): deferred) [EMAIL PROTECTED] iBVDjmck072838- 19579 Fri Dec 31 15:46 [EMAIL PROTECTED] (host map: lookup (gesan.com.tr): deferred) [EMAIL PROTECTED] iBV68HLM055154- 30 Fri Dec 31 08:08 [EMAIL PROTECTED] (host map: lookup (active.net): deferred) [EMAIL PROTECTED] iBVAnlhq030740- 354708 Fri Dec 31 12:49 [EMAIL PROTECTED] (host map: lookup (jungletree.org): deferred) [EMAIL PROTECTED] Total requests: 5 As far as I can see, there is not much what you can do about it ;) $ host bbscomputer.net ;; connection timed out; no servers could be reached $ host gesan.com.tr Host gesan.com.tr not found: 2(SERVFAIL) $ host active.net active.net has address 12.161.44.180 $ host -t mx active.net active.net mail is handled by 10 mail.active.net. $ host mail.active.net Host mail.active.net not found: 3(NXDOMAIN) $ host jungletree.org Host jungletree.org not found: 3(NXDOMAIN) =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: basic freebsd programming
On Sun, 02 Jan 2005 21:11:42 +0300, Andrew P. [EMAIL PROTECTED] wrote: Hello and Happy New Year! I need to write some very basic C programs under FreeBSD. I am new to Unix programming and not very good at C programming either, so I'm looking for documentation on some topics. The ones that are the most interesting for me now is how to write small daemons best and how to read ipfw info from a program. Man pages help me very much, but I really need some guide. The problem is that doc project doesn't seem to have released anything like it. I looked through dev-, arch-, porters- handbooks, read design-44bsd - but I didn't find what I want. Of course I can refresh my C skills and gain some Unix-coding knowledge by reading a couple' thousand pages, but I don't feel like it's necessary for what I want to write - just a basic statistics collector. Should I explore FreeBSD source code or is there some solid piece of documentation? Best wishes, Andrew P. This could be useful: http://www.khmere.com/freebsd_book/index.html Table of Contents: * I. Introduction * Chapter 1: FreeBSD's Make * Chapter 2: Bootstrapping BSD * Chapter 3: Processes and Kernel Services * Chapter 4: Advanced Process Controls and Signals * Chapter 5: Basic I/O * Chapter 6: Advanced I/O * Chapter 7: Processes Resources and System Limits * Chapter 8: FreeBSD 5.x * All source code * Entire book in a tarball ==Adriaan== ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS TTL problem
On Wed, 22 Dec 2004 12:47:34 +0100, Mark Frasa [EMAIL PROTECTED] wrote: Hello, I am using a djbdns DNS server which operates almost perfect. There is 1 small problem, i have for my domain frasa.net 2 namservers: frasa.net. 3600IN NS ns1.frasa.net. frasa.net. 3600IN NS ns2.frasa.net. This is when i resolve directly on ns1.frasa.net or ns2.frasa.net When I resolve on my ISP's nameserver and serveral others: frasa.net. 172800 IN NS ns1.frasa.net. frasa.net. 172800 IN NS ns2.frasa.net. The problem is that this is a TTL of 2 days. When i Trace the dig, is see that the root servers are providing the 2 days TTL: ;; Received 512 bytes from 198.32.64.12#53(l.root-servers.net) in 169 ms frasa.net. 172800 IN NS ns1.frasa.net. frasa.net. 172800 IN NS ns2.frasa.net. ;; Received 95 bytes from 192.42.93.30#53(G.GTLD-SERVERS.net) in 154 ms Can anyone explain this behaviour? Yes, you have something like this in your tinydns data file: .frasa.net:80.69.78.171:ns1.frasa.net:3600 .frasa.net:80.69.78.172:ns2.frasa.net:3600 If you change the 3600 into a higher number , like 172800 you will have the same TTL as the GTLD-SERVERS.net servers ;) == Adriaan === ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Desperate for Help
On Tue, 21 Dec 2004 17:24:02 -0500, alfredo perez [EMAIL PROTECTED] wrote: Heloo list I have been trying to set up my FreeBSD 5.3 to get my emails with no results. I have installed and set up Mutt, Ssmtp and Fetchmail. None of them are working properly. I have no idea where to start first. I have already read the man pages and followed several how-tos I found on the internet but no results. I was wondering if any of you know of a web site with steps that I can follow to sep up my Mutt, fetchmail and ssmtp. I dont want to give up on this!!! THANKS Start with fetchmail. You need a .fetchmailrc file in your home directory. Some examples poll pop.domain2.com protocol POP3 timeout 60 no dns user loginname password 'poppassword' is homedirowner here, options fetchall fetchlimit 0 poll pop3.domain.com protocol POP3 user [EMAIL PROTECTED] password poppasswd is homedirowner here, options fetchall As you can see some ISP's require only your login name, others require [EMAIL PROTECTED]. You can run fetchmail -v to see where you get stuck. This is an example for googles gmail, using SSL poll pop.gmail.com protocol POP3 timeout 60 no dns user gmailname password gmailpassword ssl is homdirowner here, options fetchall fetchlimit 0 If you are new to all this MTA, MUA and SMTP thing, you could consider to use Pine. mutt is nice but as a beginner Pine is probably easier to understand and configure than mutt. Just take step by step ;) J65nko ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: X kills su
On Sat, 18 Dec 2004 11:31:24 -0500, Robert William Vesterman [EMAIL PROTECTED] wrote: After I exit from X windows, I no longer have the ability to su (to root, at least). It doesn't even ask for my password - it just immediately says bad su from myacct to root. If I then exit, and immediately log back in as myacct, I am able to su to root no problem. I am running 5.3-STABLE, and the latest X (or very, very near it). It happens with at least two distinct WMs (Window Maker and Fluxbox). Any idea? Or any further information I can provide? Thanks, Bob Vesterman. Did you change your root shell recently? Somebody on the list reported about the systems inability to run ppp from boot-up. His problem was caused by using bash as the root shell. Restoring sh as the root shell fixed it :) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OT: Backing up machine to machine, cvsup vs. rsync vs... ?
On Thu, 9 Dec 2004 14:14:53 -0500, Communications Machine [EMAIL PROTECTED] wrote: Hey all, Looking for a (cheap but effective) solution to nightly backup or synchronize about 100-200gigs of data. Figure this might be a tad bit off-topic, but sent to the general questions list hoping to find anyone out there doing something similar. I was hoping to do something along the lines of cvsup or rsync, so-as to only have to sync changes daily. Here's a better picture of the scenario: ~~ File Server 1 has (roughly) 750GB Storage on RAID 5 Array, runs as a PDC using combination of Samba, OpenLDAP and some in-house utilities. This machine is very fast by comparasin to all of our other machines (dual AMD Opteron 244, 2GB RAM, running 5.3-RELEASE/amd64), and runs under minimal load/stress. Server two runs as an incoming filter for email (spamassassin/mimedefang/custom stuff using milter interface), and as a proxy server for network users during the day (running squid). This machine is considerably slower (AMD 350Mhz K62, 768Mb RAM, ATA133 disks running 4.9-RELEASE/i386), but should be adequate for the job. This machine has two 80GB disks which we'd like to use to sync data to. Ideally, we would like to backup certain directories nightly, so as to have a mirror of the important files (100-200GB or so) on the second server in the event that the first ever goes down, (essentially avoiding a tape-backup solution we cannot afford). The two machines will be connected with a dedicated ethernet link (cross cable) driectly from to each other at 100Mbps. How do I reliably synchronize the data in selected directories from one machine to the other on a nightly basis? Any ideas/suggestions/comments/questions will be greatly appreciated. -- Thank-you Nathan Vidican [EMAIL PROTECTED] I will skip the rsyn or cvsup issue;) Have you considered the security implications of such an setup? A publicly accessible email server, handling incoming mail directly connected to a corporate file server. That is a security nightmare. You would be playing with fire. In case the mail server gets hacked, the attacker has direct access to your mission critical file server. Please put this out of our mind ;) The sendmail box belongs in properly setup DMZ firewall and should not be allowed to initiate any connections with any of your internal network boxes. If that box gets hacked, it cannot be used to launch an attack against your local network. Get a refurbished PII or PIII box to do the backup. Adriaan ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 5.3-release-i386-disc2.iso will not burn
Quoting jkcooke [EMAIL PROTECTED]: I have downloaded both of the 5.3 i386 isos and the miniinstall iso, disc1 and the miniinstall burn an image, disc 2 does not. I downloaded disc2 from two additional ftp sites with the same result. Is there a problem with disc2 ?. Jim at [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] You will need to provide more details. What error do you receive? What OS are you using? What software are you using? What hardware are you using? Sent using IMP under Horde - http://www.horde.org/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
linux_base-8 mystery
Hi, I have a question that has really stumped me. I have searched far and wide and have found no literature on it. My question - Why can't i install linux_base-8 from packages? I am running linux_base-7.1_7 on FreeBSD 4.10-RELEASE and wish to upgrade to linux_base-8. As root I type pkg_add -r linux_base-8 and get the following Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-4.10-release/Latest/linux_base-8.tgz: File unavailable (e.g., file not found, no access) pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-4.10-release/Latest/linux_base-8.tgz' by URL It installs perfectly from ports, but why not from packages? I am puzzled. Does any one know why or can point me to some reference or literature explaining this mystery? Cheers Bob Find local movie times and trailers on Yahoo! Movies. http://au.movies.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Kernel Options
Hi, I am working with the Kernel config file to optimize it and also to improve the overall security of the system! I have the following quetions: (1) There are a few options that are not available in the default kernel... like the IPFIREWALL options(and the like)... I basically need to know all possible options I can add to the kernel config file! (2) I guess these options can be used to set the kernel variables accessible through the sysctl command. So can I create my own options so that I can set a few kernel variables as and when I build the custom kernel? (3) and also my aim includes optimizing the kernel... so by enabling only the options I need to I should get a get optimization... is there anything else that can be done? (4) My aim is to improve local and network security. I guess enabling IPFIREWALL helps with the network security part are there any special options for local security? Thank you. -HKR - Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
how do you switch between wireless networks?
I just got my wireless connection working with a new PCMCIA card. But I'm still naming the wireless network in my rc.conf file. (DHCP connection) But as I go to join other wireless DHCP networks around the world, what's the best way to switch to that network without rebooting to do it from rc.conf? If there's a tutorial about this kind of thing (besides /handbook/network-wireless.html) - please point me there. Thanks! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do you switch between wireless networks?
I just got my wireless connection working with a new PCMCIA card. But I'm still naming the wireless network in my rc.conf file. (DHCP connection) But as I go to join other wireless DHCP networks around the world, what's the best way to switch to that network without rebooting to do it from rc.conf? ifconfig interface ssid ssidofwirelessnetwork ip netmask netmask should do that trick without rebooting. What I couldn't find in the handbook was how to do this for DHCP? If I don't know the IP or netmask, and want to let the DHCP server decide, how to I tell that to ifconfig? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]