Re: RSync exclusion
On 18/04/2013 9:30 PM, Jos Chrispijn wrote: rsync -avrz -e ssh /files/ backupr@x.x.x.x:/vol1/FreeBSD/$DATE/ Just a thought, but have you looked at rsnapshot? http://www.rsnapshot.org/ http://www.freshports.org/sysutils/rsnapshot/ It uses rsync, but manages a directory tree with hard links to unchanged files. It would solve your problem, but in a different way. regards, Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Fwd: how access inside from outside when nat is done from inside to outside
On 4/04/2013 6:41 PM, s m wrote: request packets: src:192.168.2.1 dst: 192.168.1.1 reply packets: src: 192.168.2.50 dst:192.168.2.1 This sort of thing tends to happen when the the packets are not being sent via divert socket properly. Look carefully, step by step, at your ipfw rules which send packets to natd. Also, run natd -v in a separate window instead of running it as a daemon, and it will show you the packets which go through natd, and what is done with them. regards, Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Where's the metadata?
On 29/03/2013 12:29 PM, Ronald F. Guilmette wrote: So what_is_ the best tool for just simply taking some sort of drive... like a USB flash drive, or any other kind of drive for that matter... and returning it to it's actual size? Did you try using fdisk? It is probably a standard MBR boot record, not a GEOM one. Just a thought... Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Copying memstick image to a USB (flash/thumb) drive
On 28/03/2013 8:10 AM, Ronald F. Guilmette wrote: Question: Why exactly is conv=sync is there? I found this on http://www.mkssoftware.com/docs/man1/dd.1.asp If you specified conv=sync and this input block is smaller than the specified input block size, dd pads it to the specified size with null bytes. When you also specify a block or unblock conversion, dd uses spaces instead of null bytes. So the last block of output gets padded with 0x00 at the end to fill the input block size (from bs=...) Question: Why exactly is the bs=10240 is there? Wouldn't the default of 512 do just as well? It would, but then you would have FILESIZE/512 reads and writes instead of FILESIZE/10240 reads and writes - 20 times more. The end result is the same, but the large bs makes the operation go faster. I routinely use bs=655360 simply because it is a big number divisible by 512, which I can easily remember. 512000 would do just as well, though... Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Client Authentication
On 27/03/2013 4:18 AM, Joseph Olatt wrote: Any ideas/suggestions on this will be appreciated. Thanks, -- Doug A little while back I wrote a system to do a simple Two Factor Authentication and dynamic manipulation of PF (Packet Filter) Tables. I created it to prevent brute-force attacks on the servers that I have exposed on the Internet. I'm happy to share a program I wrote which slows down the brute force attackers. It simply counts the SYN packets from a given IP and limits the rate per minute by dropping the packet if they are coming too fast. Uses ipfw divert sockets, so would work if you prefer ipfw over pf. If you have a known set of OK IP addresses, you can allow them in ipfw rules before the packets get passed through ratelimit. ratelimit usage: -p size maximum packet size (default: 16384 bytes) -d port divert port number (default: 1) -r rate rate at which 50% of packets are dropped (default: 4) -f rate rate at which 100% of packets are dropped (default: 8) -l secs number of seconds to sleep between syslog() calls (default: 30) -z path path of pidfile (default: /var/run/ratelimit.pid) -hthis message Have you looked at simply using a non-standard port? Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Client Authentication
On 27/03/2013 10:37 AM, Michael Ross wrote: I'm happy to share a program I wrote which slows down the brute force attackers. It simply counts the SYN packets from a given IP and limits the rate per minute by dropping the packet if they are coming too fast. Uses ipfw divert sockets, so would work if you prefer ipfw over pf. Me Me Me! ...ahem. I do prefer IPFW over PF and would very much like to try it out, so please do share. OK, here 'tis https://secure.clari.net.au/ratelimit2.tgz Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Client Authentication
On 27/03/2013 12:59 PM, Michael Ross wrote: I'd like to be able to change the time window: http://gurder.ross.cx/misc/ratelimit.patch Neat. Thanks for that. Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Remote IP to script over inetd
Hi Radek, On 25/03/2013 10:09 PM, Radek Krejc(a wrote: #!/bin/sh echo $REMOTEHOST getpeername() info is not available in Bourne shell directly. You need to use perl or C or So you can do something like this: -- #!/usr/bin/perl # Example code from http://perldoc.perl.org/functions/getpeername.html use Socket; $hersockaddr= getpeername(SOCK); ($port, $iaddr) = sockaddr_in($hersockaddr); $herhostname= gethostbyaddr($iaddr, AF_INET); $herstraddr = inet_ntoa($iaddr); # $herstraddr is of form 12.34.56.78 # Now you know the remote IP address, do what we want to do # eg run a shell script and put IP into $1 $cmd = /root/redirects.sh $herstraddr; exec($cmd); -- PS, if you are just sending an HTTP redirect or similar, you don't need to run the script as root. Cheers, Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: route BGP
Hi, On 22/03/2013 12:28 PM, just man man wrote: do you have configuration routing BGP in freebsd ? thank you I use quagga, because that's what I have been using for the last 10 years. http://www.freshports.org/net/quagga-re/ http://www.freshports.org/net/quagga/ You might also like to try OpenBGPD http://www.freshports.org/net/openbgpd/ Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Leaking disk space
On 21/03/2013 3:55 AM, Dan Thomas wrote: Stopping Postgres doesn't fix it, but rebooting does which points at Have you used fstat to identify the big growing file which is taking up the space, and which process has the file open? A file which has been unlinked from all directories won't be seen by du, but it does not free disk space until no process has it open. USER CMD PID FD MOUNT INUM MODE SZ|DV R/W root syslogd476488 /4317027 -rw-r--r-- 19776 w root syslogd476489 /4317041 -rw--- 63 w That might help to track it down. Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Jail question
Bernt Hansson wrote: I would like to install an old version of freebsd let's say 4.6 in a jail. Is that possible. Host is 8.3-stable amd64 Things like ps won't run, but you can copy static binaries from host:/rescue to jail:/{bin,sbin} as appropriate and that helps a lot. I just installed a 5.4-RELEASE/i386 jail on a 9.1-STABLE/amd64 system. Mysqld would not run (dumped core), so I relocated that to a separate jail running 9.1-STABLE/amd64 One gotcha I found is that while you can run an old i386 system in a jail on an amd64 host, you can't build an amd64 kernel with COMPAT_AOUT, so if you have an a.out binary from days of old, you need an i386 kernel. Devin Teske wrote: Yes, this is possible. When I get into work, I'll share with you the recipe (I have a script called update4.sh which I run after building [or rsync'ing] a 4.x box to an 8.x box to become a vimage; note that I didn't say jail -- 4.x runs better as a VNET jail than a regular jail). We've not had much luck in running 4.x as a non-vnet jail under 8.x whereas vnet-jail works wonders (with a couple binaries replaced, like netstat, ifconfig, ps, and top for example). Devin, Please share your script with us all (especially me :-) ) Thanks, Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: I made a mess. libc
On 22/02/2013 4:44 PM, Shane Ambler wrote: You missed the earlier suggestion - at the single user prompt for a shell don't just hit enter - type in /rescue/sh This suggestion was gold for me, but in a different way. I have for years lamented the passing of static binaries in /bin and /sbin. I forget who mentioned that /rescue/* are statically linked - I had never known that. Today I have just built a 5.4-RELEASE jail on a 9.1-STABLE system, and being able to include a statically linked 9.1-STABLE 'ps' is very useful. The 5.4 version of ps is useless in this jail. And just in case the significance is lost on Bernt, /rescue/sh does not rely on libc, so it won't care if libc is broken. Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: http://localhost/phpmyadmin
On 21/02/2013 9:09 AM, Armando Palax wrote: sorry as I can access my localhost from my phpmyadmin, what happens is that I need to create a database and I can not enter because the strip http://localhost/phpmyadmin error. would help me thanks More information is needed. What error do you get? Is httpd running? Do you get the phpmyadmin login page? Have you looked in the httpd error log? What do you get if you visit http://localhost/ Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
amd64 and COMPAT_AOUT
I'm migrating a lot of services to a new server running 9.1 amd64. I have a VMWare FreeBSD 3.3 server I want to decommission, which is running a client's website with a shopping cart system in an a.out binary (source code lost long ago). I have just tried to build a new kernel on the 9.1/amd64 machine with COMPAT_AOUT added to /usr/src/sys/amd64/conf/NEWKERNEL but ... root@corella:/usr/src/sys/amd64/conf # config NEWKERNEL NEWKERNEL: unknown option COMPAT_AOUT COMPAT_AOUT is recognised in i386/conf The funny thing is that in amd64/conf/NOTES is device gzip#Exec gzipped a.out's. REQUIRES COMPAT_AOUT! Is it possible to get 9.1/amd64 to run i386 a.out binaries? What might I be missing? Thanks, Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org