Re: Gateway problem
I'm moving this thread to freebsd-questions because it's the appropriate place for such questions. On Friday 20 October 2006 21:42, Brian Hawk wrote: I'm having a strange situation for quite sometime. I have two external interfaces one of which is an ADSL interface tun0 and obtains IP address dynamically and the other is a (xl1) leased line which has a static global IP address, lets say 212.64.212.180. Both interfaces access internet without any problem. Recently I've configured qmail on this system to send out email thru xl1 interface and use ADSL only for web traffic. It used to work quite good for a while but recently I noticed TCP packets have been going out from tun0 and responses coming in thru xl1. tun0 and ADSL is the default gateway. But the TCP packets are bound to 212.64.212.180 IP address which should send them out thru xl1. But it doesn't. No, you are wrong. Packet will be forwarded to default gateway through the interface which is on same network with it. You need some kind of policy routing. I'm not very familiar with ipf but with pf you can do: pass out on $ext_if0 route-to ($ext_if1 $ext_gw1) inet from $ext_if1 to any pass out on $ext_if1 route-to ($ext_if0 $ext_gw0) inet from $ext_if0 to any or with ipfw you can use fwd rule action. For the test, I did these tcpdump -nt -i xl1 tcp telnet -s 212.64.212.180 smtp.tnet.com 25 connection establishes but I can see only the TCP response packets coming from xl1, like the following x.y.z.t 212.64.212.180 x.y.z.t 212.64.212.180 All from external IPs to my xl1 int. No packets going out from xl1 they all go thru default gateway even if TCP connections are bound to xl1's IP address. I'd like to know if anybody knows why this happened and I can I turn things back the way they were. Any help would be much appreciated. My configuration is like this; FreeBSD 5.4-RELEASE ipf: IP Filter: v3.4.35 (336) Kernel: IP Filter: v3.4.35 ipfw has no rules; allow ip from any to any there's also a transparent proxy setup for squid #~netstat -rn Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default88.234.8.1 UGS 0 78722302 tun0 10/24 link#1 UC 00rl0 = 10 10.1.1.222 UGS 026233xl0 10.0.0.99 link#1 UHLW04rl0 10.1.1/24 link#2 UC 00xl0 10.1.1.13 00:50:8d:ed:88:94 UHLW0 1876xl0 1118 10.1.1.222 00:01:02:df:c1:19 UHLW1 689lo0 10.1.1.225 00:b0:d0:20:b7:9e UHLW096690xl0706 88.234.8.1 88.234.14.26 UH 10 tun0 127.0.0.1 127.0.0.1 UH 0 2305904lo0 192.168.0/16 link#3 UCS 00xl1 212.64.212.176 ff:ff:ff:ff:ff:ff UHLWb 0 15xl1 = 212.64.212.176/29 link#3 UC 00xl1 212.64.212.180 00:04:76:9b:3d:f8 UHLW0 125lo0 ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to [EMAIL PROTECTED] -- Dancho Penev ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Questions on file descriptors and squid
On Mon, Oct 18, 2004 at 07:17:18PM -0700, Mark Jayson Alvarez wrote: Date: Mon, 18 Oct 2004 19:17:18 -0700 (PDT) From: Mark Jayson Alvarez [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Questions on file descriptors and squid Good day, I have a pc which I am going to turn into one of our siblings proxy servers. The squid book says, the file descriptor values should not go below 1024. Qestion1: Do you know how do freebsd 4.10 sets its default(fresh install) file descriptor value? For example, here are the components of the workstation I am installing squid into. Pentium III 600 MHz 64 MB SD RAM 15 GB hard disk When I run 'sysctl kern.maxfilesperproc' this value appeared: kern.maxfilesperproc: 957 so, it already violates the squids recommended settings which should be not less than 1024 file descriptor(Squid: The Definitive Guide -Duane Wessels). On the other hand, another workstation of mine with the following components... 256 DDR PC333 Athlon XP 2000 80 GB seagate harddisk ...shows its file descriptor as beebopsysctl kern.maxfilesperproc kern.maxfilesperproc: 3636 Qestion2: both of the kern.maxfiles and kern.maxfilesperproc's values are changeable and so, how will I know what is the maximum value I can set them to(with regards to my hardware setup)? All these variables depend on maxusers option in your kernel config file. Look at /usr/src/sys/kern/subr_param.c to find how they are calculated. ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Dancho Penev Home page: http://www.mnet.bg/~dpenev GnuGP public key:http://www.mnet.bg/~dpenev/gnupg.asc Key fingerprint: E88D 8B7B 3EF6 E9C8 C5D2 7554 2AA8 C347 71A1 4277 pgpCd3j6eqqYg.pgp Description: PGP signature
Re: throughput test
On Tue, Oct 19, 2004 at 05:20:58PM +0800, Tomoki Taniguchi wrote: Date: Tue, 19 Oct 2004 17:20:58 +0800 From: Tomoki Taniguchi [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: throughput test I have a freebsd firewall/router. I want to test the data throughput through the router with and without the firewall turned on. How would I go about testing the network throughput of a machine? You can use benchmarks/ttcp port. TIA, tomoki ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Dancho Penev Home page: http://www.mnet.bg/~dpenev GnuGP public key:http://www.mnet.bg/~dpenev/gnupg.asc Key fingerprint: E88D 8B7B 3EF6 E9C8 C5D2 7554 2AA8 C347 71A1 4277 pgpu1p6OZkKs3.pgp Description: PGP signature
Re: Use pkg_delete or make deinstall?
On Fri, Oct 15, 2004 at 11:31:19PM -0500, Dan Nelson wrote: Date: Fri, 15 Oct 2004 23:31:19 -0500 From: Dan Nelson [EMAIL PROTECTED] To: Ben Washington-Yule [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Use pkg_delete or make deinstall? In the last episode (Oct 16), Ben Washington-Yule said: I've been wondering lately if there is any difference between the two methods of removing software from the system; pkg_delete software-name and cd /usr/ports/catagory/software-name make deinstall. This question is not answered in the FAQ, I mainly ask out of curiousity. make deinstall just runs pkg_delete, so they're identical. It's important to know that make deinstall runs pkg_delete -f ... -- Dan Nelson [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Dancho Penev Home page: http://www.mnet.bg/~dpenev GnuGP public key:http://www.mnet.bg/~dpenev/gnupg.asc Key fingerprint: E88D 8B7B 3EF6 E9C8 C5D2 7554 2AA8 C347 71A1 4277 pgpNb29woGg1n.pgp Description: PGP signature
Re: ACL and write permission
On Mon, Oct 04, 2004 at 11:47:52AM +0500, Sergey Velikanov [UzPAK] wrote: Date: Mon, 4 Oct 2004 11:47:52 +0500 From: Sergey Velikanov [UzPAK] [EMAIL PROTECTED] To: freebsd-questions [EMAIL PROTECTED] Subject: ACL and write permission Hi again I can't add write permission via ACL mkdir /dir/docs chown user:user /dir/docs setfacl -n -dm u::rwx,g::rx,o::,u:user2:rwx,m::rwx /dir/docs setfacl -m u:user2:rwx /dir/docs chmod 750 /dir/docs I create file in /dir/docs, but user2 have only read permission, That's because when new file is creating file permissions are get from directory's default ACL, and then they are mask with umask. The entries, that are mask, are u::, m:: and o::, so if you have umask 022 (which is default) file's acl mask entry is set to r. Robert Watson has plan acl mask to override umask, but he doesn't realize that yet. getfacl says that #efective rights r--, how should i set ACL to /dir/docs if I want give write permission to user2 Sergey Velikanov Technical Division National Data Network UzPAK tel +(99871) 114-6326 e-mail: [EMAIL PROTECTED] http://www.uzpak.uz/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Dancho Penev Home page: http://www.mnet.bg/~dpenev GnuGP public key:http://www.mnet.bg/~dpenev/gnupg.asc Key fingerprint: E88D 8B7B 3EF6 E9C8 C5D2 7554 2AA8 C347 71A1 4277 pgpwWIhkV3gIr.pgp Description: PGP signature
Re: Troubleshoting with nat
On Mon, Oct 04, 2004 at 12:49:53PM +0530, deepak wrote: From: deepak [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Mon, 4 Oct 2004 12:49:53 +0530 Subject: Troubleshoting with nat Dear sir I have two network on two different switch. My pc have two lan cards among which 1st is connected to 1st switch and 2nd is connected to second switch. Both the switch are not cascaded. One pc from 1st network can ping to 1st card and not to 2nd card and 2nd network , in the same manner pc from 2nd network can't ping to 1st card and 1st network . How to do it without cascading . All my pc are running windows 2000 server and professional. You didn't mention anything about NAT. Do you have NAT between these two networks? And if so what is your configuration? Deepak Srivastava Lafance Overseas Private Ltd. Handy: 011 38750887 Ph: +91 11 26827333 Think Positively and Masterfully, With Confidence and Faith, and life becomes more secure... richer in achievement and experience - Swami Vivekananda ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Dancho Penev Home page: http://www.mnet.bg/~dpenev GnuGP public key:http://www.mnet.bg/~dpenev/gnupg.asc Key fingerprint: E88D 8B7B 3EF6 E9C8 C5D2 7554 2AA8 C347 71A1 4277 pgpv4eDsBfhkM.pgp Description: PGP signature
Re: Outbound SMTP filtering
On Mon, Aug 09, 2004 at 05:49:27PM -0600, Nick Rogness wrote: Date: Mon, 9 Aug 2004 17:49:27 -0600 (MDT) From: Nick Rogness [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Outbound SMTP filtering I am looking for an Outbound SMTP filtering solution to prevent SPAM and Virii from being sent through our SMTP relay machine (FreeBSD running sendmail). A plugin module for sendmail or maybe some external appliance? Just outbound SMTP traffic only. Any suggestions? You may try mail/smtp-vilter. Nick Rogness [EMAIL PROTECTED] - How many people here have telekenetic powers? Raise my hand. -Emo Philips ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Dancho Penev GnuGP public key: http://www.mnet.bg/~dpenev/gnupg.asc Key fingerprint: E88D 8B7B 3EF6 E9C8 C5D2 7554 2AA8 C347 71A1 4277 pgpNaH2n3NWnG.pgp Description: PGP signature
Re: NEWBIE: FreeBSD 4.10 Internet gateway/DNS problem
20 192.168.1.110 255.255.255.255127.0.0.1 127.0.0.120 192.168.1.255 255.255.255.255192.168.1.110 192.168.1.11020 224.0.0.0240.0.0.0192.168.1.110 192.168.1.11020 255.255.255.255 255.255.255.255192.168.1.110 192.168.1.1101 Default Gateway: 192.168.1.1 === Persistent Routes: None I'm not sure what to do next. For some reason the Windows cannot access a name server. From what I understand from the literature I've been using (FreeBSD Handbook, Lehey's The Complete FreeBSD, and Anderson's FreeBSD: An Open-Source etc etc) all that should be needed is set gateway_enable=YES in /etc/rc.conf and I've done that. Google revealed some info on using natd for PPOE, but not sure if that applies to this problem. Definitely you must use NAT. Search Handbook for Network Address Translation. All suggestions/out-right solutions appreciated. TIA, Jim C. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Dancho Penev GnuPG public key: http://www.mnet.bg/~dpenev/gnupg.asc Key fingerprint: E88D 8B7B 3EF6 E9C8 C5D2 7554 2AA8 C347 71A1 4277 pgph1IxroIC5G.pgp Description: PGP signature
Re: Confusion / minor problem using nss_ldap
On Mon, Jul 12, 2004 at 12:01:04PM +0200, Daniel Ruthardt wrote: Date: Mon, 12 Jul 2004 12:01:04 +0200 From: Daniel Ruthardt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Confusion / minor problem using nss_ldap Hi list, I've installed FreeBSD 5.1-RELEASE connecting to an OpenLDAP Server running on a Linux box. nss_ldap as well as pam_ldap is working fine. I am able to connect to my FreeBSD box via ssh without any problmes. `id` shows my correct user information, which is: %id uid=503(daniel.ruthardt) gid=503(serverAdmins) groups=503(serverAdmins), 501(sambaUsers), 502(sambaAdmins) Now the problem / confusing thing: (1) Although my primary group id should be 503 , everything created by my user shows up with group wheel. It's normal behavior if the directory group is wheel. (2) Although everyhting seems to work without any problems, `ls`never shows my username, only my user id (and that although I can see a successful query for my user id in the log file of the LDAP server). 5.1 uses statically linked binaries in /bin and /sbin, that's why ls(1) doesn't print names for users that not exist in the local password file. It's not a big problem, but if you prefer ls(1) and the others programs from /bin and /sbin to work with user names instead of UIDs you must upgrade to 5.2 or better ;-) %mkdir daniel %ls -l total 4 drwxr-xr-x 2 503 wheel 512 Jul 12 11:56 daniel drwxr-xr-x 2 503 wheel 512 Jul 12 11:37 test % Can anybody point me in the right direction what might go wrong here? Greets and thanks in advance, Daniel ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Dancho Penev GnuPG public key: http://www.mnet.bg/~dpenev/gnupg.asc Key fingerprint: E88D 8B7B 3EF6 E9C8 C5D2 7554 2AA8 C347 71A1 4277 pgpz9HHmRqsfH.pgp Description: PGP signature
[fwd] IPFW fwd to remote address (from: iaccounts@ibctech.ca)
- Forwarded message from Steve Bertrand [EMAIL PROTECTED] - From: Steve Bertrand [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Fri, 9 Jul 2004 12:44:33 -0400 (EDT) Subject: IPFW fwd to remote address I am trying to set up a forward from one machine to another on a remote network across the Internet. I want to receive requests on one box on port 8080 and simply forward them to a remote machine on the same port. I have tried the following rules, to no avail. I have IPFIREWALL_FORWARD in my kernel (4.10), and # ipfw show reports the hits to the rule. # ipfw add 1000 fwd 216.209.x.x tcp from any to me 8080 # ipfw add 1000 fwd 216.209.x.x,8080 tcp from any to me 8080 # ipfw add 1000 fwd 216.209.x.x tcp from any to me 8080 # ipfw add 1000 fwd 216.209.x.x,8080 from any to any 8080 I can not see the packets going back out of the machine, nor does ipfw log anything at the other end. # tcpdump at the remote end does not pick up any traffic. Does this have something to do with the fact that I am going across the Internet, and it is trying to route the packets back to itself (I understand the dest does not get changed). If so, how could I re-write the packets so they will get delivered? Tks for any help on this Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to [EMAIL PROTECTED] - End forwarded message - You have answered yourself why doesn't forwarding work at this situation. If you want to forward http traffic you may try squid (www/squid) in accelerator mode. -- Dancho Penev GnuPG public key: http://www.mnet.bg/~dpenev/gnupg.asc Key fingerprint: E88D 8B7B 3EF6 E9C8 C5D2 7554 2AA8 C347 71A1 4277 pgpJHXRaqQyqF.pgp Description: PGP signature
Re: Unable to boot FreeBSD (dual-boot)
On Sun, Jun 27, 2004 at 12:25:24AM +1000, Gautam Gopalakrishnan wrote: Date: Sun, 27 Jun 2004 00:25:24 +1000 From: Gautam Gopalakrishnan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Unable to boot FreeBSD (dual-boot) Hi, Hello I have a dual boot with Windows 2000 (ad0s1 is windows, ad0s2 is FreeBSD 5.2.1). I trashed a working dual-boot somehow. Now the problem is, I get the boot menu listing both Windows and FreeBSD, but only Windows boots (with F1). Pressing F2 for FreeBSD just gives a beep.I booted from the fixit cd and ran the commands seen in the handbook: # fdisk -B -b /hd/boot/boot0 /dev/ad0 # disklabel -B -b /hd/boot/boot0 /dev/ad0s2 For label use /boot/boot file, /boot/boot0 is for mbr. /hd is the temporary directory I created to mount /dev/ad0s2a, so I guess my slice is still ok. Please help! Thanks Gautam ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Dancho Penev GnuPG public key: http://www.mnet.bg/~dpenev/gnupg.asc Key fingerprint: E88D 8B7B 3EF6 E9C8 C5D2 7554 2AA8 C347 71A1 4277 pgpfXg7R6il6I.pgp Description: PGP signature
Re: Identifying traffic logged by ipfw
On Fri, Apr 16, 2004 at 12:51:31PM -0500, Ben Beuchler wrote: Date: Fri, 16 Apr 2004 12:51:31 -0500 From: Ben Beuchler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Identifying traffic logged by ipfw I'm working on a new bridging firewall using ipfw on FBSD 5.1. The goal is to default to closed with a few exceptions. To test my ruleset, I end with this rule: add 420 allow log ip from any to any The idea is that by watching the logs I could see what protocols I forgot to create rules for. This is what I'm getting in the logs: Apr 16 16:43:40 bfw kernel: ipfw: 420 Accept MAC in via em2 I'm guessing this means it's matching non-ip traffic, but I couldn't find any info to confirm this. Is there any sort of trick I could use to log the entire packet? Since nothing about the source or destination was logged, I don't have enough info to create a tcpdump filter. Perhaps some sort of divert rule? I don't now about FreeBSD 5.1, but on -CURRENT I use follow patch for /sys/netinet/ip_fw2.c : --- ip_fw2.c.orig Fri Dec 26 15:21:46 2003 +++ ip_fw2.cSun Jan 25 22:45:45 2004 @@ -577,6 +577,16 @@ if (hlen == 0) {/* non-ip */ snprintf(SNPARGS(proto, 0), MAC); + if (eh != NULL) + snprintf(SNPARGS(proto, 3), +%02x:%02x:%02x:%02x:%02x:%02x %02x:%02x:%02x:%02x:%02x:%02x 0x%04x, + eh-ether_dhost[0], eh-ether_dhost[1], + eh-ether_dhost[2], eh-ether_dhost[3], + eh-ether_dhost[4], eh-ether_dhost[5], + eh-ether_shost[0], eh-ether_shost[1], + eh-ether_shost[2], eh-ether_shost[3], + eh-ether_shost[4], eh-ether_shost[5], + ntohs(eh-ether_type)); } else { struct ip *ip = mtod(m, struct ip *); /* these three are all aliases to the same thing */ Thanks! -Ben -- Ben Beuchler There is no spoon. [EMAIL PROTECTED]-- The Matrix ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Dancho Penev GnuGP public key: http://www.mnet.bg/~dpenev/gnupg.key Key fingerprint: E88D 8B7B 3EF6 E9C8 C5D2 7554 2AA8 C347 71A1 4277 pgp0.pgp Description: PGP signature
Re: FreeBSD mirror in Bulgaria
On Tue, Mar 16, 2004 at 02:06:57PM +, Matthew Seaman wrote: Date: Tue, 16 Mar 2004 14:06:57 + From: Matthew Seaman [EMAIL PROTECTED] To: Lyubomir Russev [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: FreeBSD mirror in Bulgaria On Tue, Mar 16, 2004 at 11:20:14AM +0200, Lyubomir Russev wrote: What criterias should be met and what should be done in order to establish FreeBSD mirror site in Bulgaria? Give this document a read through: http://www.freebsd.org/doc/en_US.ISO8859-1/articles/hubs/index.html which should answer most of your questions. Anything else, try asking on the [EMAIL PROTECTED] mailing list. But basically it boils down to providing a sufficiently powerful machine with good network bandwidth and plenty of free space and agreeing to certain conditions on how you configure and manage the thing. Always good to see a new mirror in previously uncharted territory. Well, it's not quite right. There was one ({www|ftp}.bg.freebsd.org), but I can't see it these days, so I suppose that it's down (may be forever). It seems that I must change MASTER_SITE_BACKUP... Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK -- Dancho Penev GnuGP public key: http://www.mnet.bg/~dpenev/gnupg.key Key fingerprint: E88D 8B7B 3EF6 E9C8 C5D2 7554 2AA8 C347 71A1 4277 pgp0.pgp Description: PGP signature
Re: Running Linux binaries
On Tue, Mar 09, 2004 at 03:16:12PM +0300, Dmitry wrote: To: [EMAIL PROTECTED] From: Dmitry [EMAIL PROTECTED] Date: Tue, 09 Mar 2004 15:16:12 +0300 Subject: Running Linux binaries Hi all. I'm trying to run a Linux binary in FreeBSD 5.2. I have Linux compat installed and kld module linux.ko loaded I'm getting this error message: $ ./breve ./breve: error while loading sharing libraries: libglut.so.3: cannot open shared object file: No such file or directory It looks like it need libglut.so.3. I have it. I copy it from /usr/X11R6/lib to /compat/linux/lib and try to run the binary again: $ ./breve ./breve: error while loading sharing libraries: libglut.so.3: ELF file OS ABI invalid I tried branding it as written in Handbook but it changes nothing. Is there any way to use FreeBSD libraries to run Linux binaries or No. I have to get the Linux versions of them? Yes. And how to cross-compile libraries if i have sources? Install devel/linux_devtools port. And the last question. If a binary uses a Linux proc filesystem will it be anought to mount linprocfs to /compat/linux/proc Thanks. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Dancho Penev GnuGP public key: http://www.mnet.bg/~dpenev/gnupg.key Key fingerprint: E88D 8B7B 3EF6 E9C8 C5D2 7554 2AA8 C347 71A1 4277 pgp0.pgp Description: PGP signature
Re: out of file descriptors
On Tue, Mar 09, 2004 at 11:14:57AM -0500, Chris Strzelczyk wrote: Date: Tue, 09 Mar 2004 11:14:57 -0500 From: Chris Strzelczyk [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: out of file descriptors Hello, I am trying to start big brother on FreeBSD 5.2.1 as the bb user. When I run runbb.sh I get the following message: Out of file descriptors sysctl reports: kern.maxfiles: 1 kern.maxusers: 256 I can change the kern.maxfiles attribute but not the maxusers. Maxusers tells me it is not writable. What is the proper way to correct this problem; Set kern.maxusers=xxx in /boot/loader.conf. See /boot/defaults/loader.conf for more details. . Thanks in advance for any help. -cs ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Dancho Penev GnuGP public key: http://www.mnet.bg/~dpenev/gnupg.key Key fingerprint: E88D 8B7B 3EF6 E9C8 C5D2 7554 2AA8 C347 71A1 4277 pgp0.pgp Description: PGP signature
Re: How do I add a local patch to a port?
On Tue, Mar 09, 2004 at 02:44:26PM -0500, Shaun T. Erickson wrote: Date: Tue, 09 Mar 2004 14:44:26 -0500 From: Shaun T. Erickson [EMAIL PROTECTED] To: Alexander Haderer [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: How do I add a local patch to a port? Alexander Haderer wrote: Just another guess: Probably it makes a difference if the patchfile patches ./dir/tobepatched and dir/tobepatched. A brief look into other ports shows me that the latter is used. I don't know if it have to be this way or not. Ok. I'm trying to patch /usr/ports/security/cyrus-sasl2-saslauthd/work/cyrus-sasl-2.1.17/saslauthd/auth_pam.c. The patchfile is named patch-aa and is located in /usr/ports/security/cyrus-sasl2-saslauthd/files. Here is the contents of the patchfile that works manually, when I cd to /usr/ports/security/cyrus-sasl2-saslauthd/work/cyrus-sasl-2.1.17 and run patch /usr/ports/security/cyrus-sasl2-saslauthd/files/patch-aa: Index: saslauthd/auth_pam.c diff -u saslauthd/auth_pam.c.orig saslauthd/auth_pam.c --- saslauthd/auth_pam.c.orig Sat May 31 13:00:24 2003 +++ saslauthd/auth_pam.cTue Mar 9 11:53:44 2004 @@ -178,7 +178,7 @@ const char *login, /* I: plaintext authenticator */ const char *password,/* I: plaintext password */ const char *service, /* I: service name */ - const char *realm __attribute__((unused)) + const char *realm /* END PARAMETERS */ ) { @@ -186,17 +186,25 @@ pam_appdata my_appdata;/* application specific data */ struct pam_conv my_conv; /* pam conversion data */ pam_handle_t *pamh;/* pointer to PAM handle */ +char user[256]; int rc;/* return code holder */ /* END VARIABLES */ -my_appdata.login = login; +strlcpy(user, login, 256); + +if (realm) { +strlcat(user, @, 256); +strlcat(user, realm, 256); +} + +my_appdata.login = user; my_appdata.password = password; my_appdata.pamh = NULL; my_conv.conv = saslauthd_pam_conv; my_conv.appdata_ptr = my_appdata; -rc = pam_start(service, login, my_conv, pamh); +rc = pam_start(service, user, my_conv, pamh); if (rc != PAM_SUCCESS) { syslog(LOG_DEBUG, DEBUG: auth_pam: pam_start failed: %s, pam_strerror(pamh, rc)); It all looks right to me, but when I do a make clean follwed by a make, the file does not get patched. What am I doing wrong? Put the patch in security/cyrus-sasl2/files directory. Take a look in port's Makefile where ${PATCHDIR} is set to different location. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Dancho Penev GnuGP public key: http://www.mnet.bg/~dpenev/gnupg.key Key fingerprint: E88D 8B7B 3EF6 E9C8 C5D2 7554 2AA8 C347 71A1 4277 pgp0.pgp Description: PGP signature
Re: forwarding with ttl=1
On Thu, Feb 05, 2004 at 03:17:04PM +0200, Alexander Botov wrote: From: Alexander Botov [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Thu, 5 Feb 2004 15:17:04 +0200 Subject: forwarding with ttl=1 Hi All I am newbie with configuring networks under FreeBSD . I have small network with gateway running on FreeBSD 5.2 Release .My ISP offers me pppoe service for connecting to Internet . I didn't have problems with configuring ppp with pppoe . I used nat option wchich works fine for masquerading the local network from the world . The problem is that the ISP's gateway returns every time packets with ttl=1 which makes further forwarding impossible . My gateway returns icmp error mesage time exceeded and discards packets . I want to know if I made some mistake with configuring nat service or if not what is the solution of the problem ? Is there any service that can increment ttl and process the packet ? I tried to avoid the checking of ttl in the ip_forward() function in ip_input.c and skipping the decrement of ttl and everything works fine but i think that this is very ugly kernel hack . Probably there is an easy and elegant solution . Any ideas ? You don't need to hack the kernel because this was already did. Add options IPSTEALTH in your kernel configuration file, build the new kernel and set net.inet.ip.ipstealt sysctl variable to 1. For more information see /usr/src/sys/conf/NOTES and /usr/src/sys/netinet/ip_input.c. please excuse my English ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Dancho Penev ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: smbmount problem
On Sat, Sep 13, 2003 at 11:22:57AM +0200, sebastian ssmoller wrote: From: sebastian ssmoller [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: 13 Sep 2003 11:22:57 +0200 Subject: smbmount problem hi, i am running fbsd 5.1. when i try to mount a samba share on a debian system i get : smbfs: server name x.y too long the server name is 16 chars long and i found out (looking at the sources) that there is a limit of 15. my question: why is there such a limit? (i used this share from several In Windows world computer's NetBIOS names are limited to 15 bytes, so I suppose that the author of mount_smbfs is conform with that. linux distros without any problem). does this mean i have to change the hostname of the debian system (which could not be really a solution...) No, just use netbios name option in smb.conf, and attend name to be no more than 15 chars long. or is there any other workaround ? thx for ur help seb ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Dancho Penev ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: smbmount problem
On Sat, 2003-09-13 at 15:04, Dancho Penev wrote: On Sat, Sep 13, 2003 at 11:22:57AM +0200, sebastian ssmoller wrote: From: sebastian ssmoller [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: 13 Sep 2003 11:22:57 +0200 Subject: smbmount problem hi, i am running fbsd 5.1. when i try to mount a samba share on a debian system i get : smbfs: server name x.y too long the server name is 16 chars long and i found out (looking at the sources) that there is a limit of 15. my question: why is there such a limit? (i used this share from several In Windows world computer's NetBIOS names are limited to 15 bytes, so I suppose that the author of mount_smbfs is conform with that. linux distros without any problem). does this mean i have to change the hostname of the debian system (which could not be really a solution...) No, just use netbios name option in smb.conf, and attend name to be no more than 15 chars long. i tried that but i found out that the netbios name in the smb.conf (client and server) is already shorter than 15 chars. the problem seems to be that the full qualified name hostname.domain (as used in the mount command line and as returned by the nameserver) is longer than 15 chars. but this should be ok, shouldn't it ? Yes, this isn't problem. What command you use to mount the share? any ideas ? thx seb or is there any other workaround ? thx for ur help seb ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] --- Dancho Penev ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Default ACL entries.
On Sat, Aug 02, 2003 at 06:37:24PM +0200, Grzegorz Czaplinski wrote: Date: Sat, 2 Aug 2003 18:37:24 +0200 From: Grzegorz Czaplinski [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Default ACL entries. Hi there! Does anyone know how to set default ACL entries? Any examples how to use -d, -k, -X switches with setfacl? # setfacl -dm u::rwx,u:nobody:rwx,m::rwx,g::rx,o::rx /foo There are three required ACL entries: u::,g::,o::, that unlike files acls doesn't exist when you set default acl for first time, so don't forget to set them. (BTW I have patch for setfacl somewhere that check default acl for missing entries) # setfacl -k /foo This will remove default acl for foo directory. # setfacl -dX acls /foo Where acls file contains entries like these: u:nobody:rwx g:somegroup:rx This is all different to Solaris... ;) Thanks, gregory -- Grzegorz Czaplinski gregory at prioris.mini.pw.edu.pl The Power to Serve, Right for the Power Users! - http://www.FreeBSD.org/ Fingerprint: EB77 E19D CFA2 5736 810F 847C A70F A275 2489 469F -- Dancho Penev ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Serial Console Port Settings ?
On Tue, Jun 17, 2003 at 05:29:03AM -0700, Dave Bloodgood wrote: From: Dave Bloodgood [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Tue, 17 Jun 2003 05:29:03 -0700 Subject: Serial Console Port Settings ? In order to trouble shoot booting a newer pc, I have tried to configure a serial console...Unfortunately, I dont know what port settings ( baud rate, # bits, parity etc ) to use on the receiving machine...Ive tried lots of combinations at get gibberish at low settingslots of @ signs at 9600 and nothing at speeds above 9600. Is there an auto-baud routine ? FreeBSD Handbook is your friend http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/serialconsole-setup.html 9600 baud, 8 bits, no parity, 1 stop bit. Dave ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Regards, Dancho Penev ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to ignore arp error message
On Fri, Apr 04, 2003 at 10:04:21AM +1000, Carl Morley wrote: From: Carl Morley [EMAIL PROTECTED] To: [EMAIL PROTECTED], 'Dancho Penev' [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: How to ignore arp error message Date: Fri, 4 Apr 2003 10:04:21 +1000 Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Murphy Sent: Friday, 4 April 2003 09:52 To: Dancho Penev Cc: [EMAIL PROTECTED] Subject: Re: How to ignore arp error message Dancho Penev [EMAIL PROTECTED] wrote: On Thu, Apr 03, 2003 at 07:14:24AM +1000, Carl Morley wrote: From: Carl Morley [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Thu, 3 Apr 2003 07:14:24 +1000 Subject: How to ignore arp error message arp: 10.1.21.80 moved from 00:03:47:f1:b8:3b to 00:03:47:f1:b8:3a on fxp2 arp: 10.1.21.80 moved from 00:03:47:f1:b8:3a to 00:03:47:f1:b8:3b on fxp2 is it possible to ignore these messages? # sysctl net.link.ether.inet.log_arp_movements=0 Where ISP = blueyonder.co.uk that is a very useful sysctl. Many Thanks. John. Yes I agree! Thanks to Dancho. But I am actually having problems running it; sysctl: unknown oid 'net.link.ether.inet.log_arp_movements'; But I suspect that I am due to do a cvsup etc. Will see what happens after that! Sorry I forgot to say that this sysctl variable is for 5.0, I don't know is it exist in 4.x branch. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Regards, Dancho Penev ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to ignore arp error message
On Thu, Apr 03, 2003 at 07:14:24AM +1000, Carl Morley wrote: From: Carl Morley [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Thu, 3 Apr 2003 07:14:24 +1000 Subject: How to ignore arp error message Hi, I have a server on a network which is inhabited by an Intel rack-mount box running Win2k. The Intel server has got two of it's NIC's 'teamed' - the Intel redundant NIC method. Problem is that to the FreeBSD box, it looks like the MAC address of that IP address keeps changing, so I get endless kernel messages like the ones below. You can see the swap from 3a to 3b, and can probably guess the next in the sequence! Yeah, back to 3a arp: 10.1.21.80 moved from 00:03:47:f1:b8:3b to 00:03:47:f1:b8:3a on fxp2 arp: 10.1.21.80 moved from 00:03:47:f1:b8:3a to 00:03:47:f1:b8:3b on fxp2 1. Does anyone know if my fellow admin (who looks after the Intel box) has configured incorrectly? Or is this a symptom of all 'teamed' NIC's? 2. If nothing can be done on the Intel box, is it possible to ignore these messages? # sysctl net.link.ether.inet.log_arp_movements=0 Cheers, Carl. ___ Webize Pty Ltd ph: (03) 9561 3353 fx: (03) 9561 4583 [EMAIL PROTECTED] ___ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Regards, Dancho Penev ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw question
On Fri, Mar 28, 2003 at 10:34:16AM -0500, Walter wrote: Date: Fri, 28 Mar 2003 10:34:16 -0500 From: Walter [EMAIL PROTECTED] To: Questions [EMAIL PROTECTED] Subject: ipfw question Hi all, I see a strange entry in my mail log from the ipfw log output. I don't really have a firm grasp on ipfw yet and need help understanding how this log entry came about (17 times), below: ipfw: 1700 Deny TCP 0.0.0.0:80 192.168.xxx.xxx:49339 in via fxp0 The output of ipfw list starts as: 00100 allow ip from any to any via lo0 00200 deny log logamount 100 ip from any to 127.0.0.0/8 00300 deny log logamount 100 ip from 192.168.1.0/24 to any in recv fxp0 00400 deny log logamount 100 ip from 24.170.166.0/24 to any in recv ep0 00500 deny log logamount 100 ip from any to 10.0.0.0/8 via fxp0 00600 deny log logamount 100 ip from any to 172.16.0.0/12 via fxp0 00700 deny log logamount 100 ip from any to 192.168.0.0/16 via fxp0 00800 deny log logamount 100 ip from any to 0.0.0.0/8 via fxp0 00900 deny log logamount 100 ip from any to 169.254.0.0/16 via fxp0 01000 deny log logamount 100 ip from any to 192.0.2.0/24 via fxp0 01100 deny log logamount 100 ip from any to 224.0.0.0/4 via fxp0 01200 deny log logamount 100 ip from any to 240.0.0.0/4 via fxp0 01300 divert 8668 ip from any to any via fxp0 01400 deny log logamount 100 ip from 10.0.0.0/8 to any via fxp0 01500 deny log logamount 100 ip from 172.16.0.0/12 to any via fxp0 01600 deny log logamount 100 ip from 192.168.0.0/16 to any via fxp0 01700 deny log logamount 100 ip from 0.0.0.0/8 to any via fxp0 01800 deny log logamount 100 ip from 169.254.0.0/16 to any via fxp0 01900 deny log logamount 100 ip from 192.0.2.0/24 to any via fxp0 02000 deny log logamount 100 ip from 224.0.0.0/4 to any via fxp0 02100 deny log logamount 100 ip from 240.0.0.0/4 to any via fxp0 remaining omitted My question is how come rule 00700 did not kick out the prober, rather falling to rule 01700?? I realize the log Because the original packet was from 0.0.0.0 to YOUR_PUBLIC_IP and natd (rule 1300) rewrite destination address YOUR_PUBLIC_IP with your private IP address. You should have to find who sends this kind of packets from your net to outside world, because they are not very regular. amounts are limited, but how did rule 01700 get activated when rule 00700, seems to me, should have knocked out the packet? Is this evidence of someone having broken into my FBSD router, as there are no other entries I've seen to other possible internal IP's, or was someone just lucky? Thanks. Walter ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Regards, Dancho Penev ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: your mail
On Wed, Mar 26, 2003 at 02:55:00PM +, Tiago Andre wrote: From: Tiago Andre [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Wed, 26 Mar 2003 14:55:00 + Subject: Hi there iam trying to establish a tunnnel ip6 on my pc.. but when i try to #route add -inte6 default -interface gif0 it gave me this route: writing to routing socket: File exists add net default: gateway gif0: File exists What does it means?? I'm not ipv6 expert but this message means that you already have default route (you have ipv6_defaultroute in rc.conf). And when i try to ping6 3ffe:31ff:0:::82 that is my end tunnel (not my ipv6 address) it doesn get any packet received my public ip4 193.137.232.35 my public ip6 3ffe:31ff:0:::83 what is append? this is my rc.config: # -- sysinstall generated deltas -- # Mon Dec 9 10:52:02 2002 # Created: Mon Dec 9 10:52:02 2002 # Enable network daemons for user convenience. # Please make all changes to this file, not to /etc/defaults/rc.conf. # This file now contains just the overrides from /etc/defaults/rc.conf. defaultrouter=193.137.232.1 font8x14=iso-8x14 font8x16=iso-8x16 font8x8=iso-8x8 gateway_enable=YES hostname=samaell.ipg.pt ifconfig_xl0=inet 193.137.232.35 netmask 255.255.255.0 ipv6_enable=YES ipv6_firewal_enable=NO ipv6_firewal_type=simple ipv6_ifconfig_xl0=3ffe:31ff:0:::83/127 ipv6_ifconfig_xl1=3ffe:31ff:0:::84/127 ipv6_static_routes=xl1 xl0 ipv6_defaultrouter=3ffe:31ff:0:::82 ipv6_gateway_enable=YES kern_securelevel_enable=NO keymap=pt.iso.acc linux_enable=YES moused_enable=YES nfs_reserved_port_only=YES nisdomainname=NO ntpdate_enble=YES ntpdate_flags=leeloo.ipg.pt hal.ipg.pt router_enable=YES router=/usr/local/sbin/mrtd router_flags= rtadvd_enable=YES rtadvd_interfaces=-s -c /etc/rtadvd.conf xl0 xl1 saver=logo scrnmap=NO sendmail_enable=YES sshd_enable=YES usbd_enable=YES Thanks Tiago Camilo _ MSN Hotmail, o maior webmail do Brasil. http://www.hotmail.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Regards, Dancho Penev ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: a bit confused with new rc.d system in 5.0
On Sun, Mar 16, 2003 at 07:05:56AM -0500, Jorge Mario G. wrote: Date: Sun, 16 Mar 2003 07:05:56 -0500 (EST) Subject: a bit confused with new rc.d system in 5.0 From: Jorge Mario G. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Hi there I just installed 5.0 the first thing I noticed is the new rc system yeah looks good but I'm totally lost! so what is the difference between /etc/rc.sendmail and /erc/rc.d/sendmail I tried the handbook but there is no info about how to properly use this new system!. I like to integrate my scripts with the system so I would like to learn this new stuff so please if anyone could point me to some kind of doc/info I'll appreciate it rc man page is pretty well starting point, also look at NetBSD site: http://www.netbsd.org/Documentation/rc/ (because rc.d system is imported from netbsd). Thanks Jorge To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Regards, Dancho Penev To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: How to enable ACL support in 5.0?
On Mon, Mar 10, 2003 at 01:48:23PM +0100, Gabriel Ambuehl wrote: Date: Mon, 10 Mar 2003 13:48:23 +0100 From: Gabriel Ambuehl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: How to enable ACL support in 5.0? Hello, I might appear stupid or not having read the manual, but whatever I try, I can't get setfacl to work (keeps failing: setfacl: acl_get_file() failed: Operation not supported). I read the manual and it says I should add acls as option to fstab which I did: /dev/ad7s1g /home ufs rw,acls 2 2 What version is this filesystem: UFS1 or UFS2 ? UFS2 has full support for acls but with UFS1 you must enable extended attributes. If you have kernel source files I'll suggest you to read /usr/src/sys/ufs/ufs/README.acls. or use tunefs to set the flag statically in the superblock but tunefs man page knows nothing at all about ACL. From tunefs man page: -a enable | disable Turn on/off the administrative ACL enable flag. So what do I need to do to get ACLs to work? Also, I was wondering when to use ugidfw (more exotic stuff, I presume) and when just basic ACLs. I think the whole ACL stuff could use some more docs, anyway. For most users, this could be the single most visible change to the system (SMPng etc are mostly under the hood so that's not as obvious to most). I'd appreciate any comments or pointers on this issue. TIA regards, Gabriel To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Regards, Dancho Penev To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Where did I go wrong?
On Fri, Feb 28, 2003 at 12:56:56PM -0500, Sam Drinkard wrote: Date: Fri, 28 Feb 2003 12:56:56 -0500 From: Sam Drinkard [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Where did I go wrong? For some time, I've been seeing all these entries in my console log, the dmesg, and in the security logs. I don't remember when or what change I made to create them, but looking thru what I thought would turn them off, I see nothing. Can somebody refresh my memory and tell me where I need to make the change? System is 4.7-Stable, no ipfilter, only ipfw. Most likely you was put in /etc/rc.conf: log_in_vain=1 vortex.wa4phy.net kernel log messages: 127.0.0.1:2725 from 127.0.0.1:53 Connection attempt to UDP 127.0.0.1:2936 from 127.0.0.1:53 Connection attempt to TCP 69.1.2.172:445 from 24.73.116.177:1724 Connection attempt to TCP 69.1.2.172:445 from 24.73.116.177:1724 Connection attempt to TCP 69.1.2.172:445 from 24.73.116.177:1724 Connection attempt to UDP 127.0.0.1:3055 from 127.0.0.1:53 Connection attempt to UDP 127.0.0.1:3185 from 127.0.0.1:53 Connection attempt to UDP 127.0.0.1:3235 from 127.0.0.1:53 Connection attempt to UDP 127.0.0.1:3307 from 127.0.0.1:53 Thanks... Sam PS.. would appreciate a CC: as I'm not subscribed to -questions To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Regards, Dancho Penev To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: mount_ntfs fails
On Fri, Feb 21, 2003 at 02:26:02PM +0100, Wiroth Didier wrote: From: Wiroth Didier [EMAIL PROTECTED] Subject: Re: mount_ntfs fails To: [EMAIL PROTECTED] Date: Fri, 21 Feb 2003 14:26:02 +0100 On Fri, 21 Feb 2003 13:15:03 + Daniel Bye [EMAIL PROTECTED] wrote: On Fri, Feb 21, 2003 at 01:54:57PM +0100, Didier Wiroth wrote: Hey, I have two harddisks: 1) ad0 with 1 slice containing Windows XP pro 2) ad2 with two slices s1 is ntfs and s2 is freebsd 4.7-release I can mount_ntfs without problems ad2s1 from freebsd! BUT I can't mount_ntfs ad0s! When I try to mount it with the following command: mount_ntfs /dev/ad0s1 /mnt I get the following error: mount_ntfs: /dev/ad0s1: Invalid argument And in /var/log/messages I see this: Feb 21 13:46:39 lucifer /kernel: ad0s1: slice extends beyond end of disk: truncating from 78140097 to 4408785 sectors Feb 21 13:46:39 lucifer /kernel: ntfs_loadntnode: BREAD FAILED Feb 21 13:46:39 lucifer /kernel: ntfs_vget: CAN'T LOAD ATTRIBUTES FOR INO: 0 1) What is the problem with ad0? 2) What can I do to resolve the problem so that I'm able to mount_ntfs ad0s1? Does mount_ntfs /dev/ad0s1c /mnt work? I have had similar moments of darkness, and seem to recall that was one way out. I'm not sure of the reason for this - it is something to do with the way Windows installs itself on the disk, and with the BSD disk name convention, the c partition represents the whole slice. That's my theory, anyway ;-) Nope, does not work :-( Any other ideas are welcome! :-)) Yet another idea ;-) Did you change first disk from basic to dynamic with WinXP? The dynamic disks in XP world uses different way to store information for slices and are incompatible with mbr. Thanks anyway! Didier To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Regards, Dancho Penev To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: mount_smbfs password file
On Tue, Feb 18, 2003 at 10:49:16AM -0600, Brian Henning wrote: From: Brian Henning [EMAIL PROTECTED] To: freebsd [EMAIL PROTECTED] Subject: mount_smbfs password file Date: Tue, 18 Feb 2003 10:49:16 -0600 Hello- i log into samba share alot in bsd so i put some entries in my fstab to automate the process a little. is there a password file i can store my smb share password in so fstab can find and and not prompt me for it each time? Edit /etc/nsmb.conf file. Look in mount_smbfs man page for more details. thanks, b To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Regards, Dancho Penev To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Supress ARP messages?
On Mon, Feb 17, 2003 at 11:34:03AM +0100, Lasse Laursen wrote: From: Lasse Laursen [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Supress ARP messages? Date: Mon, 17 Feb 2003 11:34:03 +0100 Hi all, We have a clustered setup of FreeBSD machines and we get a load of there messages: arp: 10.0.0.254 moved from 00:d0:b7:7e:b1:6d to 00:d0:b7:a0:07:2f on fxp0 arp: 10.0.0.254 moved from 00:d0:b7:a0:07:2f to 00:d0:b7:7e:b1:6d on fxp0 arp: 10.0.0.254 moved from 00:d0:b7:7e:b1:6d to 00:d0:b7:a0:07:2f on fxp0 arp: 10.0.0.254 moved from 00:d0:b7:a0:07:2f to 00:d0:b7:7e:b1:6d on fxp0 each time a machine takes over another machines IP addresses. Are there any way to supress these messages? # sysctl net.link.ether.inet.log_arp_movements=0 Regards -- Lasse Laursen [EMAIL PROTECTED] - Systems Developer NetGroup A/S, St. Kongensgade 40H, DK-1264 K?benhavn K, Denmark Phone: +45 3370 1526 - Fax: +45 3313 0066 - Web: www.netgroup.dk - We don't surf the net, we make the waves. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Regards, Dancho Penev To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: arplookup going mad
On Sun, Feb 16, 2003 at 06:47:47PM +0100, Marc Schneiders wrote: Date: Sun, 16 Feb 2003 18:47:47 +0100 (CET) From: Marc Schneiders [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: arplookup going mad I have posted a question about this earlier, without getting an answer. Then the problem was occasionally. Now the machine is going mad over the same thing. It gives this every second in messages: Feb 16 18:35:06 voo /kernel: arpresolve: can't allocate llinfo for 13.16.2.97rt Feb 16 18:35:06 voo /kernel: arplookup 213.196.2.97 failed: host is not on local network Feb 16 18:35:06 voo /kernel: arpresolve: can't allocate llinfo for 13.16.2.97rt Feb 16 18:35:06 voo /kernel: arplookup 213.196.2.97 failed: host is not on local network Feb 16 18:35:06 voo /kernel: arpresolve: can't allocate llinfo for 13.16.2.97rt Feb 16 18:35:06 voo /kernel: arplookup 213.196.2.97 failed: host is not on local network Feb 16 18:35:06 voo /kernel: arpresolve: can't allocate llinfo for 13.16.2.97rt Feb 16 18:35:06 voo /kernel: arplookup 213.196.2.97 failed: host is not on local network Feb 16 18:35:06 voo /kernel: arpresolve: can't allocate llinfo for 13.16.2.97rt Feb 16 18:35:06 voo /kernel: arplookup 213.196.2.97 failed: host is not on local network Feb 16 18:35:06 voo /kernel: arpresolve: can't allocate llinfo for 13.16.2.97rt Feb 16 18:35:06 voo /kernel: arplookup 213.196.2.97 failed: host is not on local network Feb 16 18:35:06 voo /kernel: arpresolve: can't allocate llinfo for 13.16.2.97rt How do I put an end to this? The IP mentioned is NOT on the local network. I do NOT tell it anywhere it is. Nothing has changed in my config. Why does it do this, and why every second all of a sudden? How do I stop it? man llinfo gives 0, apropos llinfo gives 0. man arplookup: nothing, apropos arplookup: nothing. man 4 arp (not an answer but may be help you to resolve the problem) I rebooted, to no avail. It came back within half an hour. Since the machine is colocated (and not next door) I do not want to lock myself out by trying funny things with arp -s. And I tried that on a machine here, and it refused it anyway for a host not on the local network. As it should, I am sure. Any really good ideas? uname -a: FreeBSD [hostname] 4.7-STABLE FreeBSD 4.7-STABLE #13: Sat Nov 16 16:09:35 CET 2002 marc@[hostname]:/usr/obj/usr/src/sys/FUCHSIA i386 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Regards, Dancho Penev To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Wrong Timestamps in /var/log/messages from ipmon
On Fri, Feb 14, 2003 at 04:10:42PM +1100, Murray Taylor wrote: From: Murray Taylor [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Wrong Timestamps in /var/log/messages from ipmon Date: Fri, 14 Feb 2003 16:10:42 +1100 Using ipmon -Dsv We were seeing timestamps in /var/log/messages that were 11 hours out from our real timezone... other messages (interspersed) from other programs were correctly timestamped. Date was returning the correct time, and we are running xntpd against our timeserver. We reset the /etc/locatime via /stand/sysinstall then killed ipmon and restarted it and all the timestamps are now correct.. Any ideas.. ? Which timestamps ? Can you show messages ? Note that in log message you have two timestamps: 1. The time when ipmon log to syslogd 2. The time when ipfilter log to /dev/ipl When ipmon is run it read ipl buffer and log messages if there is any, and they may be from 11 seconds, 11 hours or 11 days ... FreeBSD 4.7-STABLE Murray Taylor Special Projects Engineer - Bytecraft Systems Entertainment Phone: 61 3 8710 2555 Fax: 61 3 8710 2599 Direct: 61 3 9238 4275 Mobile: 61 0417 319 256 Email: [EMAIL PROTECTED] or visit us on the web http://www.bytecraftsystems.com http://www.bytecraftentertainment.com This Email has been scanned for Viruses by MailMarshal. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Regards, Dancho Penev To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: squid and ipfw ... fwd ...
On Thu, Feb 13, 2003 at 06:44:24PM +0100, P. U. Kruppa wrote: Date: Thu, 13 Feb 2003 18:44:24 +0100 (CET) From: [EMAIL PROTECTED] (P. U. Kruppa) To: [EMAIL PROTECTED] Subject: squid and ipfw ... fwd ... Hi! I am trying to setup a transparent proxy with Squid. Proxying and caching itself works fine (thanks to the help of this list!) - my Squid is listening on port 80. I have got the ipfw kernel module running and seem to be able to change all kinds of rules via ipfw or from bootup via some firewall configuration file. As all kinds of manuals advise I do # ipfw add 200 allow tcp from 192.168.10.1 to any and still everything works fine. But when I try the next line # ipfw add 300 fwd 127.0.0.1 tcp from any to any 80 I keep receiving access denied messages from squid. Put in squid config file something like this (change ip address and netmask): acl permitednet src 192.168.0.0/255.255.0.0 http_access allow permitednet Take a look at ACCESS CONTROLS section in squid.conf for more details. In fact if you keep above two ipfw rules transparent proxy will not work for 192.168.10.1 . I found several emails about this problem in Google but no solution. What can be done now? Thanks for any ideas, Uli. *---* *Peter Ulrich Kruppa* * - Wuppertal - * * Germany * *---* To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Regards, Dancho Penev To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Questions
On Wed, Jan 15, 2003 at 09:15:05AM -0500, Alvaro Rosales R. wrote: From: Alvaro Rosales R. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Wed, 15 Jan 2003 09:15:05 -0500 Subject: Questions Hi fellows . Is it posible to have a box with 2 default gateways?, if thew answer is No. FreeBSD box can have only one default gateway. yes, is it posible to route the packages based on the IP source address Take a look to ipfw manual page for fwd rule action. of the clients? .For example: bsd BOX with 2 nics ( actin as router) nic1 10.10.1.10 default gw 10.10.1.1 nic2 200.37.53.5 default gw 200.37.53.1 client1 10.10.1. 5 default gw 10.10.1.1 client2 10.10.1.22 default gw 10.10.1.1 If client1 connects to 10.10.1.1 the packets sould be routed trough nic2 of the multihomed BSD BOX If client2 connects to 10.10.1.1 the packets sould be routed trough nic1 of the multihomed BSD BOX. Thanks in advance for your help To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Regards, Dancho Penev To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: ipfilter/ipmon log msgs
On Mon, Jan 13, 2003 at 05:23:52PM -0500, JoeB wrote: From: JoeB [EMAIL PROTECTED] To: Wayne Pascoe [EMAIL PROTECTED] Cc: FBSDQ [EMAIL PROTECTED] Subject: RE: ipfilter/ipmon log msgs Date: Mon, 13 Jan 2003 17:23:52 -0500 Did ipf -V and the which command on both ipf ipmon and they are both in same directory. The only thing that look questionable is ipf -V says log flags: 0 = none set. This mean that you haven't enable default logging of packets. (man 8 ipf search for -l option) And now to you original question: The author of ipmon man page when say that day, month and year are removed from messages he means that they are removed from messages that are taken from /dev/ipl, not that they aren't logged in log files. What you see in yours log files from beginning of line to colon character is appended from syslog and it's day, month and time of sending messages to system logger. We have two distinct events: 1. The date and time when packets are blocked or passed, the time when they are logged to /dev/ipl (what is actually removed, without time it's always logged) 2. The date and time when ipmon logs messages, the time when ipmon reads /dev/ipl and logs via syslog or write to console) Between this two events we have some time interval, so you must not mix up them. Does this mean ipfilter_flags= or ipmon_flags=-Ds What is this talking about?? In rc.conf I have ipfilter_enable=YES ipfilter_flags= ipnat_enable=YES ipmon_enable=YES ipmon_flags=-Ds Is there a ipfilter web site that I can check man info page on ipmon to see if it has newer information that what FBSD has in it's man ipmon which would mean that the new man info was not updated into the new FBSD release of ipfilter which happened in FBSD 4.7 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Wayne Pascoe Sent: Monday, January 13, 2003 4:35 PM To: [EMAIL PROTECTED] Cc: FBSDQ Subject: Re: ipfilter/ipmon log msgs JoeB [EMAIL PROTECTED] writes: Man ipmon says than when option -s is selected to send ipfilter log messages to syslogd the day, month, year prefix is removed from the message before posting to syslogd. This does not happen. Firstly, ensure you're starting ipmon with the -Ds flags. This will put it in daemon mode and log through syslogd. I've had a problem with logfile formats in the past and this was because I was not running the correct version of ipmon. do sudo ipf -V Check the version. Then do which ipf Then check to see that the ipmon is running is in the same directory. Otherwise, post a sample log line... Regards, -- - Wayne Pascoe You know, it's simply not true that wars never settle anything - James Burnham To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Regards, Dancho Penev To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: IPFW Help
On Mon, Nov 25, 2002 at 08:57:15PM -0500, Phierce wrote: From: Phierce [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: IPFW Help Date: Mon, 25 Nov 2002 20:57:15 -0500 Hello All, New to the FreeBSD os, but learning... havint some trouble with IPFW below is what it looks like I can sh rc.firewall with no errors, but yet my root account is still unable to ping out I recieve permission denied. Wondering if anyone could help me out. How did you run script? I suposse you forgot parameter and in rc.conf firewall_type is not set. # sh /etc/rc.firewall custom or in /etc/rc.conf firewall_type=custom # # Suck in the configuration variables. if [ -z ${source_rc_confs_defined} ]; then if [ -r /etc/defaults/rc.conf ]; then . /etc/defaults/rc.conf source_rc_confs elif [ -r /etc/rc.conf ]; then . /etc/rc.conf fi fi # if [ -n ${1} ]; then firewall_type=${1} fi # Set quiet mode if requested # case ${firewall_quiet} in [Yy][Ee][Ss]) fwcmd=/sbin/ipfw -q ;; *) fwcmd=/sbin/ipfw ;; esac ### # Flush out the list before we begin. # ${fwcmd} -f flush case ${firewall_type} in [Cc][Uu][Ss][Tt][Oo][Mm]) # set these to your network netmask and ip net=192.168.1.1 mask=255.255.255.0 ip=192.168.1.10 # Deny all fragments as bogus packets ${fwcmd} add 00100 deny log all from any to any frag #Allow any TCP UDP traffic from my own net. ${fwcmd} add 00200 allow all from any to any via lo0 ${fwcmd} add 00300 deny log ip from any to 127.0.0.1/8 #We should allow inout some TCP and udp ports. ${fwcmd} add 00400 allow tcp from any to any 32000-65535 ${fwcmd} add 00500 allow udp from any to any 32000-65535 #Allow TCP through if setup succeeded ${fwcmd} add 00600 allow tcp from any to any established #Allow access to FTPD ${fwcmd} add 00700 allow tcp from any to ${ip} 21 ${fwcmd} add 00800 allow tcp from any 20 to any 1024-49151 out #Allow access to OPENSSH ${fwcmd} add 00900 allow tcp from any to ${ip} 22 #Allow access to SENDMAIL ${fwcmd} add 01000 allow tcp from any to any 25 #Allow access to BIND ${fwcmd} add 01100 allow udp from ${ip} to any ${fwcmd} add 01200 allow udp from any to ${ip} #Allow access to FINGER ${fwcmd} add 01300 allow tcp from any to any 79 #Allow access to HTTP ${fwcmd} add 01400 allow tcp from any to any 80 #Allow access to POP3 ${fwcmd} add 01500 allow tcp from any to any 110 #Allow access to IDENT ${fwcmd} add 01600 allow tcp from any to any 113 ${fwcmd} add 01700 allow udp from any to any 113 #Allow access to IMAP ${fwcmd} add 01800 allow tcp from any to any 143 #Allow access to HTTPS ${fwcmd} add 01900 allow tcp from any to any 443 #Allow access to SUBMISSION ${fwcmd} add 02000 allow udp from any to any 512 ${fwcmd} add 02100 allow udp from any to any 520 #Allow access to IRC ${fwcmd} add 02200 allow tcp from any to any 6667 ${fwcmd} add 02300 allow tcp from any to any 6668 ${fwcmd} add 02400 allow tcp from any to any 6669 #Extended account access ${fwcmd} add 02500 allow all from any to any uid USERNAME ${fwcmd} add 02600 allow icmp from any to any uid USERNAME ${fwcmd} add 02700 allow tcp from any to any uid USERNAME ${fwcmd} add 02800 allow icmp from any to any uid USERNAME #root access non-restrictive ${fwcmd} add 02900 allow all from any to any uid root ${fwcmd} add 03000 allow icmp from any to any uid root #lastly we deny everything by default here as well as in the kernel. ${fwcmd} add 03100 deny log all from any to any ;; esac Thanks -Zack --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.419 / Virus Database: 235 - Release Date: 11/13/2002 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Regards, D. Penev To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Kerberos is set up - now what?
On Sun, Nov 24, 2002 at 05:48:22AM +0100, Peter Much wrote: From: Peter Much [EMAIL PROTECTED] Subject: Re: Kerberos is set up - now what? To: [EMAIL PROTECTED] Date: Sun, 24 Nov 2002 05:48:22 +0100 (CET) Hi all, as it seems to me, Kerberos5 is mostly unsupported in FreeBSD. It's not very correct(it's totally incorrect). If kerberos is installed (port or one in the base system) you have all services that you want to use. They are not enabled by default but it isn't mean that FreeBSD hasn't support for kerberos. Scroll down in inetd.conf and look for kerberos services. I use pam_krb5 and MIT Kerberos for a year without any problems, with single login to workstation and access to other computers via telnet, rlogin etc. If you can't configure kerberos services to work then ask for help and don't make conclusion has or hasn't FreeBSD support for something. BTW Kerberos5 access control file is .k5login(5) not .klogin. Yes, this is going to be a rant. If you have an appropriate Kerberos support, no rsh, rlogin, ftp, telnet or elsewhat will ever ask you for a password, if you login to an account where you are allowed to do so via its .klogin file. This means, that support for Kerberos5 needs to be built into the servers and clients for ftp, telnet, rsh, rlogin, etc. It is not enough to just run a kerberos5 server (aka kdc) and make logins kerberos-aware via PAM. This was already implemented with FreeBSD 2.2 and kerberos4 at least for rsh and rlogin, but now(*) with Kerberos5, if I connect to the kshell port, I just get: rshd[8654]: usage: rshd [-alnDL] Furthermore, it is possible to do session encryption based on the principal, so essentially we could throw ssh etc. and all that crap completely into the wastebasket, and instead had a third-party based authentication scheme with single-sign-on over the whole network and a central (and replicateable) server that can optionally be adminstered remotely. (Supposed the crypt stuff inside kerberos5 is hardened enough for today's purposes.) Ok, I do not know of any unix distribution that actually engages these possibilities, but they are there. Well, AIX got fairly far with 4.3.3, telnet and ftp and all the rsh stuff actually works without passwords there, and K4 and K5 and standard logins all do work simultaneously. But when I asked the support how to run telnet with session encryption based on my DCE/K5 principal (aka packet-level privacy as documented for DCE and practically used in DFS), they shrugged and suggested me to install ssh! (*) now means FreeBSD 4.4, I didnt get the time to upgrade further yet. No doubt the PAM integration has evolved since then, but it doesnt look like a really substantial progress to what I described above. PMc To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Regards, D. Penev To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message