Re: chrooting SSH users into their home directories
On Fri, September 2, 2005 2:50 pm, Brian Kaczynski wrote: I was wondering how you could lock a user into their home with chroot when using SSH, similar to what the /etc/ftpchroot file does for FTP users. The ssh server is sshd. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] off the top of my head use a restricted bash shell ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mouse wheel problem
On Thu, September 1, 2005 10:38 am, Dave McCammon wrote: --- Alejandro Pulver [EMAIL PROTECTED] wrote: On Tue, 30 Aug 2005 11:57:18 -0500 Efren Bravo [EMAIL PROTECTED] wrote: Hi, I've written on /etc/rc.conf : moused_port=/dev/psm0 moused_flags=-r high -z 4 moused_type=auto moused_enable=YES and on /etc/X11/xorg.conf Section InputDevice Identifier Mouse0 Driver mouse Option Protocol auto Option Device /dev/sysmouse Option Buttons 5 Option ZAxisMapping 4 5 EndSection But the scrollwheel doesn't work. I've tried with Kde's Applications. Have I a bad configuration? Thanks... Hello, It works for me without the ZAxisMapping option (and the same options in rc.conf): Identifier Mouse1 Driver mouse Option Protocol Auto Option Device/dev/sysmouse Option Buttons 5 Best Regards, Ale I had a heck of a time getting my wheel to work in RELENG_6. Eventually, starting moused with setting in rc.conf(below) and turning off Emulate3Buttons (had to put line in with the false. commenting out didn't work) and adding the Buttons line worked. The instructions out of the handbook didn't work this time. xorg.conf sections-- Section InputDevice # Identifier and driver Identifier Mouse1 Driver mouse Option Protocolauto Option Device /dev/sysmouse Option Emulate3Buttons false Option Buttons 5 EndSection rc.conf--- moused_enable=YES moused_type=auto moused_flags=-z 4 excerpt from dmesg-- psm0: PS/2 Mouse irq 12 on atkbdc0 psm0: [GIANT-LOCKED] psm0: model IntelliMouse, device ID 3 (It is a Logitech optic mouse.Two button with Wheel) Yeah , this one time at band camp, I had a brand new mouse with a wheel and for the life of me i couldent get the stupid thing to work. I treid everything from new drivers, x configs, etc, etc turned out, my mouse was honestly brokewasted about four hours on that stupid thing... grr. Who needs mice anyways... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: problem with email...
On Wed, August 31, 2005 10:40 am, [EMAIL PROTECTED] wrote: Hello, Thank you in advance for your help. My name is Karen Donathan and I am the Computer Science teacher at George Washington High School in Charleston, WV. (http://gwhs.kana.k12.wv.us). We have been running FreeBSD on our webserver for abuot 5 years. Over the summer, I recently began getting fake email messages from [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],[EMAIL PROTECTED], etc. etc. etc. The subject line is always something like YOUR ACCOUNT IS SUSPENDED, You have successfully updated your password, etc. Each of these contain an attachment, so I know that a virus is trying to get into our server. I need some suggestions on what to do to make this stop. Thank you, Karen Donathan I use clam anti virus , works wonders for that. What do you utilize for an MTA? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: start up command for mysql
Andrew L. Gould wrote: On Thu, 18 Aug 2005 13:53:13 -0700 Mick Wilcoxen [EMAIL PROTECTED] wrote: Ok, really new at this FreeBSD Mysql stuff. Which file do i put the startup command and the location of this ? The startup command is as follows /usr/local/mysql/bin/safe_mysqld . *** Mick Wilcoxen (530)933-2882 If you installed MySQL from the ports, you'll find a start-up file in in /usr/local/etc/rc.d/. Just make sure the file name ends in .sh and MySQL will be started at bootup. Andrew Gould ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Dont forget to place it in the /etc/rc.conf as well.. darn rcsubr ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Aggregated bandwidth
jason wrote: David wrote: Hello, I have an extra box laying around that I would like to experiment with aggregating cable modem bandwidth. I have 3 nics and 3 cable modems and I would to know if there any way or any app that I can use to combine all 3 modems into one 4.5 meg service. What about upstream also? This email is sent as a personal and private communication and is intended for the recipient only. Any divulgence of the contents of this email to persons not addressed is strictly forbidden. Further you or your agent are not authorized to share, rent, or sell this email address to anyone. Violators will be reported. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I know it can be done, search for channel bonding. Also are you paying for the 3 modems? If your isp does not have them in the system you should see no extra bandwidth. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I have read of people doing this with OpenBSD's pf on FreeBSD. If you search through the archived lists you should be able to find that somewhere Otherwise, I think you may only be able to do round robin outgoing connections for maximized bandwidth. Perhaps if you are planning to serv out of these, you may want to think of doing some sort of roundrobin DNS... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: screen grabs
Randy Pratt wrote: On Tue, 16 Aug 2005 15:34:44 +0100 Charles Smyth [EMAIL PROTECTED] wrote: Hi, I wondered if anyone can advise me about how to get screen shots / grabs of the FreeBSD installation screens as shown in the online manual, etc. I can use The Gimp’s resources to do screen shots with everything installed, but this wouldn’t be available at the installation phase. The screenshots in the Handbook were done with vidcontrol: vidcontrol -p /dev/ttyv0 shot.scr See vidcontrol(1) for further detail. There are also tools in the ports tree (graphics/scr2png) if you need to convert to PNG format. scr2png shot.scr shot.png Most of the screenshots were taken post-installation. There are a few screens which have different content post-installation than during installation and those were edited with editors/hexedit to reflect the exact display at installation. A few of the screens were captured using the headless install technique described in the Handbook in Advanced Installation since those screens don't display when running Sysinstall after installation. HTH, Randy I allways wondered how they did that! now I can hop through some installation tutorials for some locals. Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: I need one command
On Wed, August 17, 2005 2:27 pm, Carstea Catalin said: I run squid on my freebsd box and i need to know the free memory. In redhat exist a nice command #free to show the free memory. In FreeBsd how can i get the same result? -- Any help would be greatly appreciated. regards, Carstea Catalin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I usually just use top ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: I have found a pc on the side curb
David Kelly wrote: On Mon, Jul 18, 2005 at 11:46:20AM -0400, Jason Stewart wrote: There are ways to get into a machine without using the password but the only right thing to do in your case would be to reinstall FreeBSD and just use the box that way instead of trying to get at the pre-existing and most likely private installation. Betcha that defeats his purpose. Its not to have a FreeBSD machine but to be nosey to find out what is on the one he found. With physical access to the system its pretty easy to change the root password. Is not as if the filesystems are encrypted. Am sure its in the archives somewhere but I don't intent to make it easy by saying how. Is much harder to force change the password without leaving a significant trail. Kinda reminds me of what the toor acount was really about. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: two default routes
Emanuel Strobl wrote: Am Montag, 18. Juli 2005 05:25 CEST schrieb Jon Falconer: I have two ISP connections, a 45Mb and a 6Mb. Depending on what block of local addresses a packet is coming from will determine which ISP I want to send the packet out. In essence the default route used for a packet depends on its source address (for traffic leaving our campus.) Can someone tell me what package I should read up on (ip,ipf,ipfw,other)? or See IPFWs fwd or PFs route-to and reply-to. -Harry if I should just do this with a real router and not FreeBSD? Thanks for your insights, Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I am an ipfw advocate but I have seen a number of different people do this with OPENBSD's pf on FreeBSD. Google it try load balance pf freebsd. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: illegal user root user failed login attempts
Alex Zbyslaw wrote: Ed Stover wrote: One of my personal favorite things to do is: move ssh to port 1001 Is there a reason behind choosing port 1001? 1024; not registered to anything else useful; reasonably memorable? Well as long as you dont have a service allready running on what ever the port number is. Sure choose a number that you feel is a nice one. Are there any other useful criteria I've missed? Not that I can think of. Let me know if you need any thing else. Thanks, --Alex ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Main web site... egg on my face
Gavin R. Putland wrote: Ahem... On Wed, 18 May 2005 04:41 pm, Tony Shadwick wrote: Just out of curiousity... cat /etc/resolv.conf That gives the local primary and secondary nameservers of my ISP, as I believe it should. The problem was not likely to be in my machine because I have done a few OS installs in recent days, whereas www.freebsd.org and the underlying releng pages, as seen by me, are several months old. I was familiar with resolv.conf, but not the following: nslookup www.freebsd.org That gives: Server: 203.21.20.20 Address:203.21.20.20#53 Non-authoritative answer: Name: www.freebsd.org Address: 216.136.204.117 The Server is my ISP's primary nameserver. I don't know the significance of the #53, but I can report that it has been consistent for a couple of hours. When I load 216.136.204.117 into a browser, I get the UP-TO-DATE FreeBSD home page. That suggested to me that my ISP uses a proxy which can be bypassed by typing the real IP address instead of the mnemonic version thereof. So I got on a bus, went to an internet cafe and, having established that the cafe didn't use the same ISP, typed in www.freebsd.org... and got the up-to-date version. So I'll take up the matter with my ISP. (Or perhaps I should change to internode.on.net, whose servers apparently run FreeBSD.) :) Indeed. With thanks (and apologies, if amusement is outweighed by annoyance). Gavin R. Putland. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I think all of this maybe some scandalous covert government operation to make people think FreeBSD is not in development any more. ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: illegal user root user failed login attempts
Emanuel Strobl wrote: Am Mittwoch, 18. Mai 2005 22:56 schrieb Kirk Strauser: On Tuesday 17 May 2005 09:36, Peter Kropholler wrote: As things stand, ssh is designed so you can't get at people's passwords and I am leaving it alone. Focussing instead on the task of making sure my passwords are strong, limiting AllowUsers to specific users and trusted ip addresses, and moving ssh off port 22. Alternatively, scrap all that and force RSA authentication after disabling password login. I could give you my root password (and even my personal password) and there isn't jack you can do with it because no services authenticate off it; it's only useful for logging in locally. IMHO that's the only way to cope with these crappy hacked boxes. Additionally that was the original idea of SSH as far as I know. Maybe time to think about disabling ChallangeResponseAtuh in /etc/ssh/sshd_conf by default in FreeBSD? -Harry There is a wealth of things that we can do to for protection: 1:(mentioned earlier) move ssh off port 22 2:use tcp wrappers /etc/hosts.allow 3:don't allow users to have a shell or at least restrict the shell (rbash) 4:firewall incoming ssh connections One of my personal favorite things to do is: move ssh to port 1001 install portsentry have portsentry listen to port 22 log, report to abuse, and repeat you could even finger the machine that is trying to connect. It will tell you who was logged onto it when the incident happened. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ethernet over FireWire: How?
Olivier Nicole wrote: Hi Rob, Can someone give me a layman's answer to how I can use the firewire as the second ethernet card? The backside of the computer has a socket labeled '1394', but this is not a RJ-45 connector. Do I need a converter cable from firewire to RJ-45? Just drop $15 for another NIC. I'd say that Ethernet over Firewire is really what it says it is, Ethernet is encapsulated in Firewire, so at the other end you also need to attach to a Ethernet over Firewire device. Beside, Firewire is much slower than Ethernet I guess. Firewire is essentially twice as fast as 100baseT and almost as fast as 1000baseT (GigaBit) If you build a router for your lab, I'd recommend that you buy proper Ethernet cards, they will prove much more reliable (last longer, deliver higher bandwidth, attach nicely to some weird Ethernet switches...) than cheap solution like over Firewire. over firewire is not a cheap solution, actually it will cost you more upfront and in the long run then ethernet. Is it worth saving 50$ on a machine that is supposed to handle a good share of your lab infrastructure? Remember a decent NIC is $8-$15 .. Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ps: bad namelist
Jerry Bell wrote: Typically this is caused by a kernel and utilities (like ps and w) being out of sync. It sounds like you don't think that is the case, though. I suppose it could be a problem with your procfs, but I'm not sure that would cause this kind of symptom. My suspicion is still on inconsistencies between the kernel and world. ps: bad namelist w: bad namelist Jerry http://www.syslog.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Ok, try the command uptime as well, I bet it will error too. It was a while ago I have had this same problem. I remember I had to remake a /dev/file ... maybe it was /dev/null ... remake /dev/null and see if that clears it up. Try this .. # cd /dev # rm null # mknod null c 2 2 # chmod 666 null ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreebSD 5.3
Richard Verwayen wrote: Am Mittwoch, den 11.05.2005, 16:53 -0700 schrieb Dixit, Viraj: Folks, I have accidentally changed the permissions to my directories on my test system. Now I cannot login either on console using root or any other login account. I simply cannot login, the permissions change has done it. I get the login prompt but this is the message I get from the system when I log in. Help Thanks, An Idiot Here is the message: login: invalid script: /usr/libexec/login_krb-or-pwd Login incorrect What about single-user mode? RIchard ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Look in the archives of this mailing list going back for 5 years.. You will find a bazillion howto's on logging in , in single user mode and mounting the stuff you need to fix. ;) good luck! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Slow DNS
Xian wrote: I have just set up a router and would like DNS caching on it. I have tried to set it up an it kind of works, just computer using it as their nameserver take ages on DNS queries, up to 4-5 seconds. To set up the DNS caching I added the ip of another DNS server to /etc/resolv.conf and added namd_enable=YES to /etc/rc.conf. I also tweaked the following lines in /var/named/etc/namedb/named.conf: listen-on { any; }; forwarders { 192.168.0.1; }; query-source address * port 53; Any ideas on how to make it run better? The DNS server at 192.168.0.1 answers DNS queries in a few milliseconds. Put an entry for your upstream DNS/DNSes as well... That will speed things up. --quote // In addition to the forwarders clause, you can force your name // server to never initiate queries of its own, but always ask its // forwarders only, by enabling the following line: // // forward only; // If you've got a DNS server around at your upstream provider, enter // its IP address here, and enable the line below. This will make you // benefit from its cache, thus reduce overall DNS traffic in the Internet. /* forwarders { 127.0.0.1; }; */ -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Strange kernel messages
Colin J. Raven wrote: Hi all! I occasionally get these in my daily security run output (which is worrying in itself) Limiting closed port RST response from 1629 to 200 packets per second the number of these can range from one or two, to sometimes 25 - 30 although the latter case is rarer. Usually there's about six or so. These don't arrive every day, usually about once per week on average. You get those when someone nmaps you. What I do aside from FreeBSD's builtin anti-DOS stuff is; 1. Blackholeing 2.portsentry (it is kinda a honey pot but has some pretty neat features) Is this an OS response to an attempted attack, limiting potential DDOS damage? yes it is. How heavily loaded is your server? That's how I'm reading it, but of course I'm guessing. If that *is* so, what mechanism is doing this? Others have answered this question allready ;) FreeBSD 4.11 STABLE Regards TIA -Colin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Filesystem was not properly dismounted (5.4-RELEASE)
VnPenguin wrote: Hi all, On my FreeBSD 5.4 system, when I do reboot or shutdown -h and reboot, there is always a warning at boot time: WARNING: / was not properly dismounted and fbsd starts filesystem check over / partition (~5GB) :( Anyone could explain me why this ? Any solution for help ? Thank you, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Why in the world is your / partition ~5Gb ? 256M is what your / should be, 512Mb is even cool... You used to be a Linux guy huh? ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Box Mysteriously Rebooting?
Jeff Bethke wrote: Hi All, I have a host that has been super relilable without issues. Then, I had a power outage. After that, the host has stayed stable for anywhere from 6 to 48 hours... Then the host mysteriously reboots itself. I swapped out the power supply (figuring a fried power supply could possibly be the culprit) and yet the problem persist. Where do I look to figure out what's broke? Nothing in the logs. The console log doesn't show anything. dmesg looks kosher. Its as if someone hits the power switch! Anyone have any suggestions on what tools I could use to pinpoint what is causing the reboots? Help? Thanks! -jeff Ok, from my experience this is a power supply issue. monitor your heat specs as well. Sorry I can't be of any more help. Good Luck~! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: monitoring and alerting software ????
Warren Block wrote: On Thu, 12 May 2005, Duane Winner wrote: Does anybody have recommendations for a good solution to alert me while I am not at work if something goes wrong with my infrastucture/network/servers? In other words, if I am at home, I need to be alerted if one of my FreeBSD servers go down, but also if the router, firewall or switches go haywire. Here's something I wrote recently on setting up Nagios on FreeBSD: http://www.wonkity.com/~wblock/nagios.pdf -Warren Block * Rapid City, South Dakota USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I know some people that run big brother and are satisfied by it. http://www.bb4.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: monitoring and alerting software ????
Chuck Swiger wrote: Ed Stover wrote: [ ... ] I know some people that run big brother and are satisfied by it. http://www.bb4.org/ I would second this recommendation. Big brother is relatively simple to configure, although it is by design more of a monitoring tool, and is less active about responding to changes, although it does support lots and lots of types of notifications. BB is also not open source, although the source code is available and you are welcome to use it for yourself or your business for free. But they want you to buy a license if you sell BB's monitoring to other people-- ie, an ISP and clients... You know, I think there was an open source clone of this some where... If i find it, I will post it and see if it in ports as well... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Box Mysteriously Rebooting?
Subhro wrote: On 5/13/2005 8:28, Jeff Bethke wrote: Hi All, I have a host that has been super relilable without issues. Then, I had a power outage. After that, the host has stayed stable for anywhere from 6 to 48 hours... Then the host mysteriously reboots itself. I swapped out the power supply (figuring a fried power supply could possibly be the culprit) and yet the problem persist. Where do I look to figure out what's broke? Nothing in the logs. The console log doesn't show anything. dmesg looks kosher. The first thing I would do is run memtest on the box overnight and check if that fails. Maybe the power outage destroyed the memory? Regards S. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] are you running any pf ? i read somewhere in the archives about pf doing that ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: heavy load proxy+nat server with ipfw ?
Abu Khaled wrote: On 5/10/05, Ed Stover [EMAIL PROTECTED] wrote: S t i n g r a y wrote: i want to replace my microsoft based firewall with a freebsd based firewall + proxy + NAt server based on ipfw , with internet users approx upto 800-1000 simaltanious . i already have the internet link + hardware to support it , do you guys think ipfw + squid with freebsd will be able to handle such loads ? thanks *º¤., ¸¸,.¤º*¨¨¨*¤ Stingray *º¤., ¸¸,.¤º*¨¨*¤ Yes very much so. At a local college they have over 700 PCs surfing the net constintly through a P3 700Mhz 512MB Ram and 10Gb HDD. The machine is running FreeBSD 4.5, squid, squidGuard, ipfw, natd. Transparent content filtering and nat. Simple sweet and fast... I use FreeBSD 5 STABLE as a Router with IPFW, DUMMYNET, Squid, DansGuardian and Bind as a forwarding DNS cache for 100 users. All this is running on an old PIII 500Mhz with 128MB ram and 20GB HDD. 100 users may not be much but I guess with more RAM The FreeBSD box well handle more clients. I only use the BOX to test FreeBSD 5 performance for future plans and so far it rocks except for a few problems (sure thats what STABLE is for). Ed, can you please tell me more about Transparent content filtering. Sounds intresting Ooo yea, this is a good one taught to me by guru master BB of the black hills. Ok all web requests are on port 80 right? I am going to use psuedo commands to try and get this accross. #from natbox 1 allow all traffic on port 80 from localhost out 2 forward all incoming port 80 requests to 8080 or what ever port you run squid on. 3. squidguard or dansguardian server as the content filering. No one can opt out of having there web access content filtered by not using the caching system. They have to use the caching system. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: *_enable = YES for FreeBSD
Foo Ji-Haw wrote: Last time I used FreeBSD (4.3), I can start services with just apache2.sh start. Now everything needs to be explicitly turned on via rc.conf (apache2_enable=YES). Is this rcNG as mentioned in the handbook? Where can I find documentation for this? Is there any way I can still turn start/ stop the services at rc.d/ ? Sorry, one last question: if I changed rc.conf, how can I get the system to reload this script without rebooting? I am not a big fan of rcsubr but every one else likes it lol I thinkhow it is done is 1. modify rc.conf ( add program_enable=YES ) 2. then run /usr/local/etc/rc.d/program.sh start 3. done, with none of that nasty rebooting too. rebooting is for wimps ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: is 4.11 still a good idea?
Garance A Drosihn wrote: At 12:02 PM +0800 5/9/05, Foo Ji-Haw wrote: Can I get some feedback on whether development and/ or support on 4.11 is still active and updated? I've spent quite some time on the 4.x series, so I am quite comfortable with it. Let me also mention that 5.3-release was a little rocky for some users, but works well for most people. And, more importantly, we are a very few days away from 5.4-release. 5.4-release includes many fixes over 5.3-release. When, I am waiting to get the official release none of this release candidate stuff but they wont release the turd yet. I like 4.x but 5.4 is hopefully going to guide me into the new millennium of FreeBSD computing ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OT how to register with google ?
Fabian Keil wrote: S t i n g r a y [EMAIL PROTECTED] wrote: Well i have a opensource softwares website which i use to promote open software such as freebsd in my region, i have registered with google so many time sine soo long time , stil Google uses dmoz alot for it's spidering, get your site listed there. Good META Tags are a good idea as well. Here is a tutorial i snapped off of google real quick. http://searchenginewatch.com/webmasters/article.php/2167931 Making your site and index page with your robots.txt file is a good idea too Here is a tutorial for that too. http://www.searchengineworld.com/robots/robots_tutorial.htm Most of all like google says is that it takes a little while to get into there spidering list... PS use your robots.txt to block microsoft's spider it can easily consume every ounce of your bandwidth on any type of interactive pages ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: heavy load proxy+nat server with ipfw ?
S t i n g r a y wrote: i want to replace my microsoft based firewall with a freebsd based firewall + proxy + NAt server based on ipfw , with internet users approx upto 800-1000 simaltanious . i already have the internet link + hardware to support it , do you guys think ipfw + squid with freebsd will be able to handle such loads ? thanks *º¤., ¸¸,.¤º*¨¨¨*¤ Stingray *º¤., ¸¸,.¤º*¨¨*¤ Yes very much so. At a local college they have over 700 PCs surfing the net constintly through a P3 700Mhz 512MB Ram and 10Gb HDD. The machine is running FreeBSD 4.5, squid, squidGuard, ipfw, natd. Transparent content filtering and nat. Simple sweet and fast... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: is 4.11 still a good idea?
Glenn Dawson wrote: At 06:26 PM 5/9/2005, Ed Stover wrote: When, I am waiting to get the official release none of this release candidate stuff but they wont release the turd yet. I like 4.x but 5.4 is hopefully going to guide me into the new millennium of FreeBSD computing ;) It's was released about 5 hours ago. -Glenn ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] YAY!, hip hip hoorah! DL iso now.. must install 5.4 ... I checked this morning Yay! ooo oo.. mmMMMmmmMm aaarrrlll mmmMMmm FreeBSD 5.4.. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Spontaneous reboots
Mac Mason wrote: Have you considered hardware issues? Random reboots might be caused by cooling issues, or other such things. --Mac I have had a number FreeBSD servers do this when HD gets hot. Kinda strange when you see it even in the 4.x branch. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: installing big qmail server ... where to start?
Matthias F. Brandstetter wrote: Hi all, I have to plan and setup a mail solution for about 50.000 users, here are some key features requested by our customer: - self coded webfrontend w/ webmail and administration (filter, alias etc) - 100MB quota per user - autoresponder - about 50.000 user - online backup of data - some more featuers for web frontend Since I happily use qmail for some other (but smaller) installations, I want to try it with qmail here for this project as well. My only problem is, I have no clue where to start ... beginning from should I use 2 redundant and really strong or some more but cheaper servers? to which qmail distributions and patches should I use (ldap, mysql, ...)? and how to store data (mails) and do online backup w/o downtime?. Some possible tutorials to help you on your way are: QMR (qmail rocks) FreeBSD http://freebsd.qmailrocks.org/ ( Has Mysql, vpopmail, clam-av, spamassin, ) Mail Toaster http://www.tnpi.biz/internet/mail/toaster/index.shtml (has mysql) An honest 50,000 users an mysql implementation might be a little more hardware intensive then an ldap in the long run so you might want to drop a mail to freebsd-isp mailing list and ask around there too for ldap stuff. Dont forget to if you plan on using maildir as a mail storage solution then remember that inodes become very important because you WILL run out of them. A solution can be found in the existing man pages, read man tuning before proceeding onto building your server. You might want to stay away from old school imap software like imap-uw because they lack the advanced features like quota support that you will need to enforce quotas for your users. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dynamically limit ip connections to ports over time?
Alex Teslik wrote: Hi all, I have been running a FreeBSD box for a few years. Over this time spammers and other unfriendlies have found my box and have been attacking at a slowly increasing rate. Every night the daily periodic scripts run and report to me the number of rejected mail hosts. Last week, one of the rejected mail hosts had the number of rejections listed at 3000. My hard drive has been getting louder and louder as it gets busier rejecting and logging all of these and now I would like to do something about it... but I'm not sure what I can do. When the hard drive is at its busiest I see mail being virus and spam scanned at a dizzying rate (tail -f /var/log/maillog), hence the hard drive grinding. What I would LIKE to do is allow any ip to connect to a port for a specified number of times per minute. If they connect too many times than I would like to freeze them out for a specified amount of time. This solution should be dynamic so that I don't need to constantly monitor the offending ip addresses. snipped Here is an idea, try grey listing for denying spam and portsentry to keep the un-friendlies blocked. Both programs are fairly simple to setup and maintain. Greylisting will deny incoming email for a set amount of retries and time, thus you only get mail from real mail servers because spammers don't usually try resending the spam after the initially list has run. Portsentry is designed to detect incoming scans and block deny the IP afterwards. It is kinda like a honey pot but funner ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: My BIND is tWisted!!!
On Sun, 2005-05-01 at 05:32 -0500, Fafa Diliha Romanova wrote: I haven't done anything out of the ordinary. /etc/rc.d/named reload (or stop or start) doesn't say anything weird. Thanks, -- Fafa - Original Message - From: Ed Stover [EMAIL PROTECTED] To: Fafa Diliha Romanova [EMAIL PROTECTED] Subject: Re: My BIND is tWisted!!! Date: Sat, 30 Apr 2005 20:11:28 -0600 On Sat, 2005-04-30 at 09:19 -0500, Fafa Diliha Romanova wrote: hey! My BIND just stopped working! 1) My domain is still registered 2) My configuration hasn't changed since it stopped working. prior to that, it has been running flawlessly for months. There is nothing in my /var/named/log, so I am totally clueless. /etc/rc.conf contains named_enable=YES Since my /var/named/etc/namedb configuration is in fact 100% operational, I've decided to rule that out in this plea for help. The problem must lie elsewhere. Anyone able to help? All the best, -- Fafa First off, what have you done with that machine before it stopped working? when you try to start named does it produce any error messages? You are not being helpful. lol, try this /usr/local/etc/rc.d/bind start ps -ax |grep named Now is there a named running? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Moving /var
Hi On Sat, 2005-04-30 at 06:28 +0200, Christian Hiris wrote: On Saturday 30 April 2005 01:59:01, Lisa Casey wrote: Hi, I could have sworn I've seen some info on moving var onto it's own hard drive but I vcan't seem to find it now. Would anyone happen to know a url? Thanks, Lisa http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/disks.html#NEW-HUGE-DISK Cheers, ch Hi, How I put various partitions on larger drives is 1.format the drive (some times /stand/sysintall, sometimes by hand) 2.mount the new drive some where as what ever. (mount /dev/ad3s1e /mnt) 3.Copy over the data from the folder ( usually use cpio) 4. change fstab to fit 5. reboot as far as I know that is KISS (keep it simple stupid) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: My BIND is tWisted!!!
On Sat, 2005-04-30 at 09:19 -0500, Fafa Diliha Romanova wrote: hey! My BIND just stopped working! 1) My domain is still registered 2) My configuration hasn't changed since it stopped working. prior to that, it has been running flawlessly for months. There is nothing in my /var/named/log, so I am totally clueless. /etc/rc.conf contains named_enable=YES Since my /var/named/etc/namedb configuration is in fact 100% operational, I've decided to rule that out in this plea for help. The problem must lie elsewhere. Anyone able to help? All the best, -- Fafa First off, what have you done with that machine before it stopped working? when you try to start named does it produce any error messages? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: longest uptime
Hi all, On Thu, 2005-04-28 at 22:26 +0200, Nico Meijer wrote: Hi Stevan, Question: Is there a possiblity to run the system inclusive patching it, without rebooting? Goal is to run a system maybe longer than a year!!! Short answer: no. Long answer: don't think like that. Uptime is not important. It is not a pissing contest. Bye... Nico ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] What is every very cool is that the top 25 longest uptime on netcraft are of BSD origin and that thirteen of which are FreeBSD. With proper power conditioning I get around 2 years of uptime before rebooting a firewall. Usually the only reason I reboot is to completely roll to the a later production release. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: building good custom kernel
On Thu, 2005-04-21 at 14:48 +0500, [EMAIL PROTECTED] wrote: hi , i tried building the freebsd 5.3 kernel and it works fine, but can u people give me some tips regarding optimizing kernel during build, even saving a single cpu cycle would mean a lot. i would like to have a kernel that is really optimized. And what do you people do to fine tune the kernel? thanks, ananth.g ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Depends on what you are fine tuning a kernel for. Like for a firewall nat box i do things like turn up the HZ and for mail servers I increase the max users? What is your machine's intended application? A good reference is man tuning ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 5.4-RC2: Unexpected reboots
Hi On Sat, 2005-04-23 at 12:39 +0200, Erik Nrgaard wrote: Hi, I have had problems recently keeping my 5.3 up, then I upgraded to 5.4-RC2. Things seemed stable, but then I just ran last: norgaard ttyp1charmSat 23 Apr 12:05 still logged in norgaard ttyp0charmSat 23 Apr 11:57 still logged in norgaard ttyp0charmSat 23 Apr 00:39 - 00:57 (00:17) reboot ~ Fri 22 Apr 22:36 reboot ~ Fri 22 Apr 21:03 reboot ~ Fri 22 Apr 20:59 reboot ~ Fri 22 Apr 20:52 reboot ~ Fri 22 Apr 20:33 reboot ~ Fri 22 Apr 20:30 reboot ~ Fri 22 Apr 20:07 reboot ~ Fri 22 Apr 19:17 reboot ~ Fri 22 Apr 18:00 reboot ~ Fri 22 Apr 17:57 reboot ~ Fri 22 Apr 17:00 norgaard ttyp0xxx.xxx.xxx.xxx Fri 22 Apr 14:44 - 15:17 (00:32) reboot ~ Fri 22 Apr 14:16 norgaard ttyp0xxx.xxx.xxx.xxx Fri 22 Apr 12:35 - 14:05 (01:30) reboot ~ Fri 22 Apr 12:24 norgaard ttyp0xxx.xxx.xxx.xxx Fri 22 Apr 12:05 - crash (00:18) reboot ~ Fri 22 Apr 10:56 reboot ~ Fri 22 Apr 10:27 reboot ~ Fri 22 Apr 10:00 norgaard ttyp0xxx.xxx.xxx.xxx Fri 22 Apr 09:57 - crash (00:03) reboot ~ Fri 22 Apr 09:55 norgaard ttyp0xxx.xxx.xxx.xxx Fri 22 Apr 09:27 - 09:48 (00:20) reboot ~ Thu 21 Apr 23:09 reboot ~ Thu 21 Apr 22:03 reboot ~ Thu 21 Apr 18:41 norgaard ttyp0xxx.xxx.xxx.xxx Thu 21 Apr 17:52 - 18:04 (00:12) reboot ~ Thu 21 Apr 17:18 reboot ~ Thu 21 Apr 17:11 norgaard ttyp0xxx.xxx.xxx.xxx Thu 21 Apr 16:55 - crash (00:16) reboot ~ Thu 21 Apr 16:10 norgaard ttyp0xxx.xxx.xxx.xxx Thu 21 Apr 15:38 - crash (00:32) I didn't realise the crashes while locked in with ssh, I thought it was due to an unstable DSL. But even disregarding crashes, I have no idea why all these reboots, there is no hint in /var/log/critical, /var/log/kernel, /var/log/console.log, /var/log/auth.log or others. The only thing I have noticed is a new error message in /var/log/messages, happening regularly every 9 minutes: Apr 22 15:08:14 top postfix/smtpd[874]: warning: TLS library problem: \ 874:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown \ protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_srvr.c:585: However, it does not seem to sync with the reboots, and I think this is due to postfix being built on the 5.3. Any ideas what causes this? Any ideas how I can tune syslog to grap the events? Thanks, Erik Just a thought, but check your power supply fan ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: what kind of BBS software on freebsd work well
What ever happend to the old telnet style bb shells? I would much rather run one of those ;) On Wed, 2005-04-20 at 11:08 +0400, Andrew P. wrote: Graham Bentley wrote: And has more security problems than Carter has liver pills If more people are using a project like phpBB surely there is more chance that bugs / problems will be sorted out i.e. more 'reporters' If you have had problems with phpBB surely its better to submit them to the phpBB team rather than complain about them on a list - thats how things get better isnt it ? I would be interested to hear about the security problems you are referring to ? I think Paul was right about poor security of phpbb. It's just that there are no alternatives now. I wonder if we should move to -chat... Best wishes, Andrew P. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: unclean filesystem refusing to salvage
Is this on one computer or across multiple machines running 5.4? My first thought is of a dying hard drive. Run low level disk repair tools from your hard drives' manufacturer. On Thu, 2005-04-21 at 15:28 +1000, Warren wrote: im running FreeBSD 5.4 and have /var as well as all the other filesystems not clean and when going to single user mode mounting all and running fsck -y ... it refuses to slvage anything and is causing multiple hassles with my computers stablity and running. How do i fix this or what may be causing this ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to enable the root in telnet
um hi On Sun, 2005-04-24 at 18:53 +0800, kylin wrote: thank u for your advise! but now i am in a very save local network ,and the su return sorry in my telnet, so is that mean i have to go to ssh? or can i chage some file to enable it thank u and best wishes On 4/24/05, Roland Smith [EMAIL PROTECTED] wrote: On Sun, Apr 24, 2005 at 06:09:38PM +0800, kylin wrote: i find it difficult to use root account when i telnet to freebsd 5.3 release , anything need to change? You're not supposed to log in as root over telnet. It would expose the root password to anybody intercepting your IP traffic. It would be advisable to log in as a normal user via ssh (secure shell) and then su to root. Even if your ssh keys were compromised, an attacker would only gain access as a normal user. And since all communications are encrypted, it would be hard for an listener to get the root password. Roland -- R.F. Smith /\ASCII Ribbon Campaign r s m i t h @ x s 4 a l l . n l \ /No HTML/RTF in e-mail http://www.xs4all.nl/~rsmith/ X No Word docs in e-mail public key: http://www.keyserver.net / \Respect for open standards Ok, I would advise you to not use telnet to login as root as others have said previously. If you absolutely have to log in has root use secure shell. If you have ssh running already then uncomment and change the #PermitRootLogin no line to PermitRootLogin yes in your /etc/ssh/sshd_config file and restart secure shell. I tend to change the port that secure shell runs on as well to provide an additional level of security. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: squid + antivirus plugin
Hi, On Tue, 2005-04-19 at 19:01 +0400, Vyacheslav Druzhinin wrote: Hello freebsd-questions, I have a problem to scan all http proxy traffic for a viruses. Does exist some open source antivirus plugin for squid? I have been checked the ports collection and I can't find any solution. With best regards, [MCP, MCSD] Vyacheslav mailto:[EMAIL PROTECTED] Origin: --= DVG_Lab =-- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Check out http://www.clamav.net/3rdparty.html and find Web/FTP Proxy + ClamAV on the pages and it will list several of the type of programs that you are looking for. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: NATD server problem on 5.3 ?
And I would like to add these questions to On Tue, 2005-04-19 at 07:44 -0400, [EMAIL PROTECTED] wrote: Saying it's not working is way to vague. You need to post more details about what is not working. Like can the 5.3 server ping the public internet? Can it ping PCs on the LAN? Can a win LAN PC ping the server? What does the firewall log contain? Does nat start up? do a ps -ax |grep nat Are you sure your natd.conf is correctly formatted? Have you tested with firewall out of the way by having only single rule to pass all packets? /sbin/ipfw -f flush /sbin/ipfw add allow all from any to any Generally if it is your first firewall try the rc.conf option of firewall_type=OPEN and here is what my /etc/natd.cf looks like. ##/etc/natd.cf log yes deny_incoming no use_sockets yes same_ports yes verbose no port8668 interface ep0 unregistered_only yes ##EOF -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of faisal gillani Sent: Tuesday, April 19, 2005 4:08 AM To: freebsd-questions@freebsd.org Subject: NATD server problem on 5.3 ? Well i recently installed my first natd server on freebsd 5.3, but its not working ? here is wat i did .. 1. compiles kernal with the following options options IPFIREWALL options IPV6FIREWALL options IPDIVERT 2. made the following entries in rc.conf defaultrouter=10.0.0.1 gateway_enable=YES hostname=natserver ifconfig_fxp0=inet 192.168.0.1 netmask 255.255.255.0 ifconfig_xl0=inet 10.0.0.5 netmask 255.255.255.0 firewall_enable=yes natd_enable=yes natd_interface=xl0 natd_flags=-f /etc/natd.conf 3. made the following entries in rc.firewall /sbin/ipfw -f flush /sbin/ipfw add allow all from any to any via fxp0 /sbin/ipfw add allow icmp from any to any out via xl0 /sbin/ipfw add allow all from any to any via lo0 /sbin/ipfw add divert natd ip from any to any via xl0 /sbin/ipfw add allow ip from any to 10.0.0.5 in recv xl0 /sbin/ipfw add allow ip from 10.0.0.5 to any out xmit xl0 4. configure the windows clients as follows ipaddress = 192.168.0.3 subnet = 255.255.255.0 gateway = 192.168.0.1 dns server = 192.168.0.2 dns server capable of resolving internet local address this is all that i have done but still interet is not working on clients , what should i do now ? *:$., 88,.$:*(((*$ Allah-hu-Akber*:$., 88,.$:*((*$ God is the Greatest __ Do you Yahoo!? Make Yahoo! your home page http://www.yahoo.com/r/hs ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cd-rom sysinstall fixit utility
On Mon, 2005-04-18 at 13:05 -0400, Darrel wrote: Having mistyped changes with the 'pw' command, giving my User and Root a bad path to their shells might required a new installation. I can not log in at all. Is there actually a way to change the shell of root while logged in with the fixit utility on the cd-rom? Just boot into single user mode, mount root, use vipw to fix the path, and then reboot. done. Darrel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: too many illegal connection attempts through ssh
Forgive the top posting (long message) ;) A quick way to make that crap go away is to run your ssh on a different port. quick, simple, effective. I used to have those brute force attacks every day and fill my logs and I would go in and create and entry that that entire Netmask in the ipfw and hosts.allow files but that got tedious real quick. Changing the port made my life easier. ssh -p 99 -l yournamehere 192.168.1.10 On Wed, 2005-04-06 at 07:15 +, Edwin D. Vinas wrote: hello, shown below is snapshot of too many illegal attempts to login to my server from a suspicious hacker. this is taken from the /var/log/auth.log. my question is, how do i automatically block an IP address if it is attempting to guess my login usernames? can i configure the firewall to check the instances a certain IP has attempted to access/ssh the sevrer, and if it has failed to login for about x number of attempts, it will be blocked automatically? thank you in advance! -edwin Mar 26 05:00:00 pawikan newsyslog[11879]: logfile turned over due to size100K Mar 26 22:49:29 pawikan sshd[66637]: Illegal user test from 211.176.33.46 Mar 26 22:49:32 pawikan sshd[66639]: Illegal user guest from 211.176.33.46 Mar 26 22:49:35 pawikan sshd[66641]: Illegal user admin from 211.176.33.46 Mar 26 22:49:37 pawikan sshd[66643]: Illegal user admin from 211.176.33.46 Mar 26 22:49:40 pawikan sshd[66645]: Illegal user user from 211.176.33.46 Mar 26 22:49:50 pawikan sshd[66654]: Illegal user test from 211.176.33.46 Mar 27 02:50:12 pawikan sshd[69369]: Illegal user test from 210.0.141.89 Mar 27 02:50:14 pawikan sshd[69463]: Illegal user guest from 210.0.141.89 Mar 27 02:50:15 pawikan sshd[69650]: Illegal user admin from 210.0.141.89 Mar 27 02:50:17 pawikan sshd[69745]: Illegal user admin from 210.0.141.89 Mar 27 02:50:18 pawikan sshd[69858]: Illegal user user from 210.0.141.89 Mar 27 02:50:24 pawikan sshd[70319]: Illegal user test from 210.0.141.89 Mar 27 04:10:58 pawikan sshd[5171]: Illegal user test from 218.188.9.202 Mar 27 04:10:59 pawikan sshd[5173]: Illegal user guest from 218.188.9.202 Mar 27 04:11:00 pawikan sshd[5175]: Illegal user admin from 218.188.9.202 Mar 27 04:11:01 pawikan sshd[5190]: Illegal user admin from 218.188.9.202 Mar 27 04:11:02 pawikan sshd[5192]: Illegal user user from 218.188.9.202 Mar 27 04:11:07 pawikan sshd[5200]: Illegal user test from 218.188.9.202 Mar 27 12:13:21 pawikan sshd[9236]: Did not receive identification string from 61.59.143.27 Mar 27 12:23:03 pawikan sshd[13482]: Illegal user jordan from 61.59.143.27 Mar 27 12:23:07 pawikan sshd[13484]: Illegal user michael from 61.59.143.27 Mar 27 12:23:11 pawikan sshd[13486]: Illegal user nicole from 61.59.143.27 Mar 27 12:23:14 pawikan sshd[13488]: Illegal user daniel from 61.59.143.27 Mar 27 12:23:18 pawikan sshd[13490]: Illegal user andrew from 61.59.143.27 Mar 27 12:23:21 pawikan sshd[13492]: Illegal user nathan from 61.59.143.27 Mar 27 12:23:25 pawikan sshd[13494]: Illegal user matthew from 61.59.143.27 Mar 27 12:23:29 pawikan sshd[13496]: Illegal user magic from 61.59.143.27 Mar 27 12:23:33 pawikan sshd[13498]: Illegal user lion from 61.59.143.27 Mar 27 12:23:37 pawikan sshd[13500]: Illegal user david from 61.59.143.27 Mar 27 12:23:41 pawikan sshd[13502]: Illegal user jason from 61.59.143.27 Mar 27 12:23:45 pawikan sshd[13504]: Illegal user ben from 61.59.143.27 Mar 27 12:23:49 pawikan sshd[13506]: Illegal user carmen from 61.59.143.27 Mar 27 12:23:53 pawikan sshd[13510]: Illegal user justin from 61.59.143.27 Mar 27 12:23:57 pawikan sshd[13512]: Illegal user charlie from 61.59.143.27 Mar 27 12:24:02 pawikan sshd[13514]: Illegal user steven from 61.59.143.27 Mar 27 12:24:06 pawikan sshd[13517]: Illegal user brandon from 61.59.143.27 Mar 27 12:24:09 pawikan sshd[13519]: Illegal user brian from 61.59.143.27 Mar 27 12:24:13 pawikan sshd[13521]: Illegal user stephen from 61.59.143.27 Mar 27 12:24:17 pawikan sshd[13523]: Illegal user william from 61.59.143.27 Mar 27 12:24:21 pawikan sshd[13525]: Illegal user angel from 61.59.143.27 Mar 27 12:24:27 pawikan sshd[13527]: Illegal user emily from 61.59.143.27 Mar 27 12:24:31 pawikan sshd[13529]: Illegal user eric from 61.59.143.27 Mar 27 12:24:36 pawikan sshd[13531]: Illegal user joe from 61.59.143.27 Mar 27 12:24:39 pawikan sshd[13533]: Illegal user tom from 61.59.143.27 Mar 27 12:24:43 pawikan sshd[13535]: Illegal user billy from 61.59.143.27 Mar 27 12:24:47 pawikan sshd[13537]: Illegal user buddy from 61.59.143.27 Mar 27 12:24:50 pawikan sshd[13540]: Illegal user jeremy from 61.59.143.27 Mar 27 12:24:54 pawikan sshd[13542]: Illegal user vampire from 61.59.143.27 Mar 27 12:24:57 pawikan sshd[13544]: Illegal user betty from 61.59.143.27 Mar 27 12:25:00 pawikan sshd[13546]: Illegal user henry from 61.59.143.27 Mar 27 12:25:04 pawikan sshd[13749]: Illegal user max from 61.59.143.27 Mar 27 12:25:07 pawikan sshd[14024]: Illegal user nicholas
RE: How to interpret ipfw log?
On Tue, 2005-04-12 at 23:28 -0400, [EMAIL PROTECTED] wrote: Your ipfw rule 2500 is denying those outbound packets 192.168.0.200:65117 is your ip address: port number 65.87.165.45:5800 is the remote target ip address and port number and this is leaving your pc on NIC named tx0 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Sergei Gnezdov Sent: Tuesday, April 12, 2005 11:08 PM To: freebsd-questions@freebsd.org Subject: How to interpret ipfw log? The following firewall log seems to make very little sense to me. What could it possibly mean? Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:65117 65.87.165.45:5800 out via tx0 Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:49761 65.87.165.45:1003 out via tx0 Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:50116 65.87.165.45:1362 out via tx0 Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:50055 65.87.165.45:6101 out via tx0 Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:62352 65.87.165.45:888 out via tx0 Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:61272 65.87.165.45:969 out via tx0 Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:58267 65.87.165.45:471 out via tx0 Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:54164 65.87.165.45:1496 out via tx0 Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:61306 65.87.165.45:5716 out via tx0 Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:64970 65.87.165.45:281 out via tx0 Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:64115 65.87.165.45:106 out via tx0 Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:62007 65.87.165.45:284 out via tx0 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] looks like nmap ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: weird problem with ipfw and ftp
On Tue, 2005-04-12 at 09:05 +0200, Clement Twine wrote: hi freebsd users, i have a problem with users accessing my ftp service from the internet. everything was working well until i changed from Linux/shorewall to freebsd/ipfw as my firewall. my setup is briefly as follows: FTP_Server (10.0.0.1) --- Firewall (IPFW) - INTERNET The linux rules were just two (and were working): allow tcp from any to 10.0.0.1 21 allow tcp from 10.0.0.1 21 to any I have the following in ipfw but they have refused to work! ipfw add 00010 allow tcp from any to 10.0.0.1 21 ipfw add 00011 allow tcp from 10.0.0.1 21 to any The problem is that an ftp session is established, but when the session enters passive mode, the ftp session hangs. Are there any other ports that need to be opened? Has anyone had such a problem before? I can see in the logs that unprivileged ports are responding from the ftp server to the requestor - but have tried all combinations of rules to no avail! Please help! Regards, Clem. I usually do port forwarding from my natd.cf on my open type firewalls and it works fine. #/etc/natd.cf log yes deny_incoming no use_sockets yes same_ports yes verbose no port8668 interface xl1 unregistered_only no redirect_port tcp 10.1.1.1:20 20 redirect_port udp 10.1.1.1:20 20 redirect_port tcp 10.1.1.1:21 21 redirect_port udp 10.1.1.1:21 21 #EOF ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: all ports open ?
On Tue, 2005-04-12 at 08:26 -0700, faisal gillani wrote: Well i port scanned couple of internet websites got all ports open from that site , is that a security measure ? if yes how can i do that ? :) thanks Faisal *., ,.** Allah-hu-Akber*., ,.** God is the Greatest __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] portsentry is the program you are looking for. It is in ports and fairly simple to setup, it has some really nice features as well. cd /usr/ports/security/portsentry/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Can't control PostgreSQL with RC scripts
On Fri, 2005-04-08 at 10:59 +0300, Volodymyr Kostyrko wrote: Pat Maddox wrote: I installed PostgreSQL 8.0.1 from ports, and now I'd like to control it with the RC scripts. I wasn't able to run initdb with the scripts, I had to do that manually with the regular initdb command. Now I've got the db dir as /usr/local/pgsql/data, which is what it looks like pgsql expects, but the scripts still won't start it or stop it. They don't produce any output either. Any ideas on what to do? echo 'postgresql_enable=YES' /etc/rc.conf that Darn rcsubr again ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Which mail server is the best for me?
On Sat, 2005-04-02 at 11:09 +0200, Kiffin Gish wrote: I would like to setup a mail server but am a little confused about whether to use sendmail, qmail, postfix or whatever. Basically my web server is a simple one to be used for personal use with maybe no more than a 10-20 mail accounts. What are the advantages and/or disadvantages of each choice, and where can I find more information comparing them? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] For my home stuff and a couple of production servers I use Sendmail +imap-uw (imap, pop)+squirrelmail+popassd+clamav_milter+spamassasin. I is very simple and fast to setup, plus easy to trouble shoot. If the MX is pointing at the address already it might take me about 20 minutes to make it start accepting and sending mail. One of these days I want to release a small tutorial on how to do this. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Creating a socket file by hand
On Mon, 2005-04-11 at 15:03 -0700, Joshua Lewis wrote: Dear list, I am setting up a Mail Server with postfix and trying to add spam filtering and anti virus filtering. The ClamAV program is trying to read /var/run/clamav/clamd. The directory is there but the socket file is not. How do I create a socket file by hand/ Thanks Joshua ___ freebsd-questions@freebsd.org mailing list Make sure your permisions are ok on your /var/run/clamav/ directory, clam av usually creates it's own sock file. Check the path specified in you clam conf as well. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: help
On Sun, 2005-04-10 at 22:46 -0700, angelito munez wrote: Hi,. i have a quick question. i have a 4.9 box running as gateway. as well as domain controller windows on the network. now can anybody help how i can see the domain controller from remote desktop? thnks - Do you Yahoo!? Yahoo! Small Business - Try our new resources site! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] So you want to be able to remote desktop in from outside the gateway to access your domain controller? Are you running nat on your gateway? do you use ipfw for firewalling on your gateway? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: question about mysql-server.sh
rcsubr is the culprit, when you added the line in the rc.conf then all was well. You can add a line in the rc.conf and then run the /usr/local/etc/rc.d/mysql-server.sh start command with out having to reboot. Personally I really dislike rcsubr, makes me think that FreeBSD is drifting toward linux's overly comlexness... a script to start a script that starts a script that starts a script, blah blah blah On Tue, 2005-04-05 at 10:36 -0400, Christopher Lane wrote: Hi, Long story made short: The mysql-server.sh that came with mysql-server-4.1.10a (installed from cvsup'ed ports) wouldn't work until after I rebooted the server. It's working now, so I know I shouldn't complain, but anyone know what happened? Long story: 1. Minimum installation, added ports distribution, cvsup to latest ports. 2. cd /usr/ports/mysql41-server; make install 3. '/usr/local/etc/rc.d/mysql-server.sh start' does nothing. 4. I noticed that rc_subr wasn't installed, even though freshports says it is required. So I installed rc_subr from ports, but still no love. 5. I put mysql_enable=YES in rc.conf (since I would soon want it there anyway) and restarted the server. 6. mysql-server.sh works like a charm now. Thanks in advance to anyone who can help shine some light on what might have changed that made mysql-server.sh work. Chris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Copying files off Samba Server - freezes/very slow
Let us take a look at you smbd.conf, that might help. On Tue, 2005-04-05 at 12:13 +0200, Gareth Bailey wrote: I have just upgraded the hardware of our development server. I thought that our file server used to be slow due to slow hardware, but now that we have upgraded I am a bit puzzled. Samba seems to slow or hang (top reports smbd CPU usage as 40%) when files are copied off the server using windows explorer on the client. Can anyone sugeest a reason for this behaviour? Thanks, Gareth ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Hyperthreading not working on my 5.3 FreeBSD
don't you need apic as well ? device apic# I/O APIC On Sun, 2005-04-03 at 13:42 +0200, Anthony Atkielski wrote: faisal gillani writes: Well the output of my dmesg command is only showing 1 processor , HT is enabled in bios , working on windows XP on the same PC. what can be wrong ? is there anyway to enable it ? Recompile the kernel with options SMP You should then see the second logical processor come online with no problems after installing the new kernel and rebooting. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sendmail
Ok, you could try something like this ;) # # cat movie.mpg | mail [EMAIL PROTECTED] -s This wont work ;) # On Fri, 2005-04-01 at 02:47 +0200, Gert Cuykens wrote: i want to send a movie to a friend ? How do you do that with sendmail ? I know i know i read the man but its like this [] long ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Trouble Compiling courier-authlib-0.55
I can't get courier-authlib-0.55 from source package to compile on FreeBSD4.11 any have any pointers? Your time and help is appreciated. ./configure --prefix=/usr/local --exec-prefix=/usr/local\ --with-authvchkpw --without-authldap --without-authmysql \ --disable-root-check --with-ssl \ --with-authchangepwdir=/usr/local/libexec/authlib courier-authlib-0.55 source package error on make: HAVE_CONFIG_H -I. -I. -I. -g -O2 -c -o testbdb.o testbdb.C Linking testbdb rm -f libshbdbobj.a cd .libs ar rl ../libshbdbobj.a bdbobj.$(OBJEXT) bdbobj2.$(OBJEXT) bdbobj3.$(OBJEXT) OBJEXT: not found OBJEXT: not found OBJEXT: not found /usr/libexec/elf/ar: bdbobj.: No such file or directory *** Error code 1 It also fails in ports. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]