Re: limit bandwidth on sftp
On Tue, Mar 16, 2010 at 10:40:35AM -0400, Lowell Gilbert wrote: > krad writes: > > > On 15 March 2010 13:34, Lowell Gilbert < > > freebsd-questions-lo...@be-well.ilk.org> wrote: > > > >> Tsu-Fan Cheng writes: > >> > >> >I need to limit my sftp session bandwidth to 20K, can someone show me > >> how > >> > to do it? thank you! > >> > >> There's no simple way to do that. > >> > >> scp has such a capability, though; maybe using that is your easiest option? > > > > You could limit port 22 with pf, ipfw etc. This would slow all you ssh > > traffic rather than just sftp which may or may not work for you. If you are > > clever with your rule sets you could guarantee bw for certain hosts so they > > dont loose a functional ssh session and/or you could bw limit it by source > > ip, rather than a global limit for port 22. > > Aside from having to configure it, the downside of this approach is that > it involves dropping some traffic and waiting for the retransmit, so it > will be less efficient than a bandwidth limit in the application > itself. TCP's dynamic window resizing (especially with Selective > ACKnowledgements) should keep the firewall from having to drop too many > packets, but changing conditions on the network can keep that from > working as well as you'd like. If using this technique, make sure the > other side supports SACK, preferably for multiple segments. For what it's worth, I think most implementations of sftp/scp do not set the PUSH flag when transmitting data. This, combined with ACK prioritization, could allow you to shape sftp without affecting interactive SSH sessions. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: The question of moving vi to /bin
On Thu, Jun 25, 2009 at 01:28:54PM +0800, Erich Dollansky wrote: > Hi, > > On 25 June 2009 pm 13:03:01 Manish Jain wrote: > > > If you want to make a case for replacing ed(1), you're going > > > to have to come up with some concrete reasons for doing so, > > > not just make a (long and hyperbolic) statement that you > > > don't like it. > > > > requirements of being interactive. That's one reason. Secondly, > > how many times does an average commandline user even think of > > using ed when he needs to edit a file, even in the extreme case > > where there are no alternatives ? > > > isn't there ee in the base system? ee is in /usr/bin, just like vi. > > Till the improvements are in place, we need the alternative of > > having vi under /bin rather than /usr/bin. > > > I do not see any reason to have a monster like vi there. I agree, but for different reasons. Though I love vi(m), I realize that not everyone does. If the point of all of this is to provide an editor which can be used by just about anyone in the event that /usr is unavailable, vi will not fit the bill any more than ex will. ee is a better start, and it's conveniently 1/5 the size of vi. > > But I guess my words are of no use when the people who matter > > just won't listen. So I give any hopes in this regard. > > I hope that they do not listen. > > It would be even better to have an editor like joe in /bin than > anything like vi. Certainly. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Flamewar ( was: Sponsoring FreeBSD)
On Wed, Jun 03, 2009 at 12:34:55AM +0200, Wojciech Puchar wrote: > > Any person might look at people in the community and decide that they > > don't want to be a part of that community after all. That's why it > > Just reread this and, ... don't you think it's quite like a good filter? > > I don't talk about sponsors, but a new potential users. > > If someone needs good unix, he/she will try it and join us. As i said > before if he/she agrees with maillist users personal opinions doesn't > matter at all. Rather if you can get answer to questions about FreeBSD. > You can, even easier if some moderation would be present here. Considering that the mailing list is one of the few places where support exists, I don't know that I can agree with you. Also, I don't think that an artificial filter or barrier-to-entry is desirable, in general. If a person needs good unix, but they don't learn well by reading technical documentation, a good community can be highly beneficial. Personally, I wouldn't want to discriminate against users for this. > Some people may want both, but well you can't have everything. It's not > possible to everyone will agree with everyone on mailing list, and with > every potential new user. I know that disagreeing is inevitable. My position is that a pleasant tone would be nice. An example of a harsh tone (one which I haven't seen on here) is telling someone to RTFM. Another example (which I have seen on here) is people who just enjoy arguing turning reasonable threads into flamewars. > This keeps the system's quality high. I politely disagree. I doubt that a harsh community does anything to maintain a high-quality system. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Flamewar ( was: Sponsoring FreeBSD)
On Wed, Jun 03, 2009 at 12:03:06AM +0200, Wojciech Puchar wrote: > >> ... > >> Even at first post i wrote that i'm not FreeBSD owners and they will > >> decide. > > > > We're all human. The potential sponsors might have missed the line > > where you said that you were not an owner. > > this way - nobody should write anyone. there is always a line that missed > - completely changes a sense of sentence. I'm sure you know that this is an absurd proposition. > >> Do you really mean i have enough power to just dumb any sponsors > >> (potential, not "potential") by writing a post on public mailing > >> list? > > > > Any person might look at people in the community and decide that > > they don't want to be a part of that community after all. That's > > why it would be nice if everyone could be courteous and helpful. > > > > I'm not specifically referring to you, Mr. Puchar. I'm talking > > about the general case. > > You are right. But do you try to say that we should think about > consequences for potential sponsoring every word we say?! > > Is FreeBSD FREE SOFTWARE or commercial product that's selling some > way? > > If first - then we should not care how much more/less money people > will pay as a gift every time we post. > > If second - then please Owners declare it clearly and just add > statement about this. Isn't there a middle-ground? Where we can care about how we present ourselves, yet we do not feel beholden to the possible sponsors? A good example would be to always respond kindly and appropriately, yet not yield to demands made on us by others. > Anyway - Do users of any commercial product support list must think > if their words will lower the selling of the product? i don't think > so. They probably care less about the product. I personally want FreeBSD to succeed because it is, in many ways, superior to all of the alternatives. As such, I hope that when I discuss it, I present it in a good light. For example, if someone asks me, "How do you do in FreeBSD?", I rarely suggest that the go read the fine manual. > But if i'm not right - please add on FreeBSD webpage/mailing list > info > > "Every sentence that can potentially lower the income or core team > are punished with 10 lashes. Erik Osterholm will be the executor". More absurdity. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Flamewar ( was: Sponsoring FreeBSD)
On Tue, Jun 02, 2009 at 11:20:23PM +0200, Wojciech Puchar wrote: > >> just added option to pay by instalments > > > > The original poster several days ago suggested installments. His > > original post suggested $50-$100/month. That is $600-$1200/year. > > You repeatedly said that he would need to "add two zeros". Adding > > "two zeros" would be $60,000 - $120,000/year. > > Yes - i missed this "monthly" and sorry for this. > ... > Even at first post i wrote that i'm not FreeBSD owners and they will > decide. We're all human. The potential sponsors might have missed the line where you said that you were not an owner. Just as you missed the bit where they were interested in monthly contributions. > Do you really mean i have enough power to just dumb any sponsors > (potential, not "potential") by writing a post on public mailing > list? Any person might look at people in the community and decide that they don't want to be a part of that community after all. That's why it would be nice if everyone could be courteous and helpful. I'm not specifically referring to you, Mr. Puchar. I'm talking about the general case. Like it or not, people who post on a mailing list or forum of an open source project often make or break the project and influence people's decisions to use support the project. Ubuntu's success is credited, in part, to the wonderful community. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: PF syntax error
On Wed, Oct 15, 2008 at 12:00:50PM -0500, Peter Clark wrote: > Hello, > > I am not sure if I should be here or over at a pf specific list but here > is my problem. > > I am trying my hand at pf on a 7.0-p5 RELEASE box and one rule is giving > me problems. > > pass in quick on $ext_if proto tcp from any to any port 22 flags S/SA \ > > (max-src-conn 15, max-src-conn-rate 5/3, overload flush > global) > > Actually the "pass in" line does not generate the error. The next line does. > > /etc/pf.conf:71: syntax error > If I remove the line the error goes away (obviously). I have tried using > the exact line from the FreeBSD pf.conf man page: > > (max-src-conn-rate 100/10, overload flush global) > > (I changed to )and that generates the same > error. I tried just using: > (max-src-conn-rate 100/10) > > but that too gives me a syntax error. > > Any help is appreciated. > > Peter Clark The problem seems to be that your rule doesn't have "keep state" in it. I think this is a bug, since state is kept by default in FreeBSD 7.0. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
nmap and Nessus in a jail -- scans fail
Hi all, Running 7.0-RELEASE-p2, I set up a jail from which to perform NMAP and Nessus scans. I set the sysctl security.jail.allow_raw_sockets=1, which I expected to prevent any problems. Unfortunately, I'm getting this whenever I try to NMAP: $ sudo nmap -P0 localhost Starting Nmap 4.76 ( http://nmap.org ) at 2008-10-14 16:56 CDT WARNING: Unable to find appropriate interface for system route to xxx.xx.xx.xx WARNING: Unable to find appropriate interface for system route to 127.0.0.1 nexthost: failed to determine route to 127.0.0.1 QUITTING! Nessus scans fail shortly after being started if port scanning is enabled. If port scanning is disabled, the vulnerability scan succeeds. Identical configurations outside of a jail work just fine, which lead me to believe that the Nessus and NMAP issues are related to the processes being jailed. $ sysctl -a | grep jail security.jail.jailed: 1 security.jail.mount_allowed: 0 security.jail.chflags_allowed: 1 security.jail.allow_raw_sockets: 1 security.jail.enforce_statfs: 2 security.jail.sysvipc_allowed: 0 security.jail.socket_unixiproute_only: 1 security.jail.set_hostname_allowed: 1 Anyone have any hope for me? Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ethernet statistics
On Thu, Sep 25, 2008 at 04:39:35PM +0200, Vonarburg, David wrote: > Hi, > I am using Intel PRO/1000PT Server adaptor with freeBSD 7.0. > How can I read out the statistics of the card from software? > (num bytes received, packets sent and more) > > Thanks in advance > David Is netstat -i what you're looking for? Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: cd and rm a directory with '^M'
On Wed, Sep 03, 2008 at 06:51:11PM -0700, Noah wrote: > Hi there, > > I had rsync create a directory with a '^M' in it. > > how do I rm -rf the directory? > > Cheers, > Noah There are multiple possibilities: 1) Use a shell which supports tab completion, and tab-complete the entry. 2) Embed the '^M' using '^V''^M' (type ctrl-v then ctrl-m.) 3) Use shell globbing (if the file is abra^Mcadabra, type: ls abra* rm abra* (only if the above matched exactly what you want to delete.) Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Unexepcted behavior from read and cat
On Mon, May 12, 2008 at 12:22:48PM -0700, Johan Dowdy wrote: > For loops are your friend. > > I'd do something like: > > for i in `cat iplist` > do dig +short -x $I > done Even better: while read i do dig +short -x $i done < iplist See the Useless Use of Cat Award for more details. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [SSHd] Limiting access from authorized IP's
On Fri, Apr 18, 2008 at 04:59:07PM +0100, Matthew Seaman wrote: > Paul Schmehl wrote: > > >I have maintained publicly available servers for a small hobby > >domain for almost ten years now. Initially, I bought in to this > >logic and ran a firewall. (At that time we only had one server.) > >What it cost me was CPU and memory. What it gained me was nothing. > >I turned it off. I have never run a firewall on a publicly > >available host since. > > > >Firewalls are for preventing access to running services. By > >definition, if you are running a service, you want it to be > >accessed. So firewalls are self-defeating or completely useless at > >the host level **unless** you don't know what you're doing. For an > >enterprise they make a great deal of sense. No matter what a user > >inside your network might do, you can prevent access by simply not > >allowing traffic on that port. > > On the whole I agree with you -- you should be able to view a > firewall as a luxury rather than a necessity on a well configured > server. However there is one rather nasty loophole that you can > block with a firewall which otherwise is pretty impossible to deal > with, at least on FreeBSD machines. > > It's all to do with the weak routing model -- that is, a network > packet to an IP on one of a host's interfaces will be accepted on > *any* interface on that host[*]. So even though you protect > services that are not meant to be for public consumption by binding > them to the loopback address, some one can still send you a spoofed > packet to 127.0.0.1 that arrives on your external network i/f /and > it will let you connect to the service bound to the loopback/ The > attacker has to have access to the same layer 2 network as your > host, but sending the spoofed packet is as simple as tweaking the > routing table. See eg: > >http://seclists.org/bugtraq/2001/Mar/0042.html > > Blocking this sort of attack against the loopback address can be > done with the following 3 line PF firewall config. Extending this > to back-end networks etc. is left as an exercise for the student: > scrub in all > pass all > antispoof log quick for lo0 > > Cheers, > > Matthew > [*] Which is not without its legitimate uses, as anyone who as ever > configured a load balancer using DSR mode will attest. I don't think that it's enough to say that this is the only case where a firewall is useful. Modern firewalls can do simple DOS protection, and on a multi-user system, they can prevent services from being started by your users. Egress firewalls on servers can stop unprivileged user compromises from wreaking havoc on external hosts. I'm sure that are other circumstances where a firewall is useful. Now I believe that there are other ways to address the above requirements, but they may require tradeoffs. mac_portacl allows restricting binding of ports (though I've never actually heard of anyone using it--this alone may be a reason ot go with a more tride-and-true solution.) This, however, requires compiling a custom kernel, which may be undesirable for other reasons. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD7 + pf + ipsec
On Wed, Apr 16, 2008 at 01:04:39PM +0300, Roman Otsaljuk wrote: > Norman Maurer ?: > > Am Mittwoch, den 16.04.2008, 12:02 +0300 schrieb Roman Otsaljuk: > > > >> hi all. > >> i have two localnets linked over ipsec: > >> > >> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html > >> > >> network schema: > >> > >> 192.168.0.0/24 <---> [192.168.0.12=freebsd=2.2.2.2] <--inet--> > >> [1.1.1.1=freebsd1=10.31.0.5] <>10.31.0.5/26 > >> > >> on both points was 6.2, firewall - pf. > >> after updating to 7.0 vpn doesn't work: > >> 0) pings go normal > >> 0) tcp packets go too, but third packet with R flag: > >>from 192.168.0.12 try: ssh 10.31.0.42, on second console: > >> mail# tcpdump -ni gif0 > >> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > >> listening on gif0, link-type NULL (BSD loopback), capture size 68 bytes > >> 10:49:43.912469 IP 192.168.0.12.63996 > 10.31.0.42.22: S > >> 1756351354:1756351354(0) win 65535 >> 51087105 0> > >> 10:49:43.936245 IP 217.20.174.35 > 195.43.43.238: IP 10.31.0.42.22 > > >> 192.168.0.12.63996: S 4244314344:4244314344(0) ack 1756351355 win 65535 > >> (ipip-proto-4) > >> 10:49:43.936360 IP 192.168.0.12.63996 > 10.31.0.42.22: R > >> 1318200353:1318200353(0) win 0 > >> > >> 0) adding the first rule (pass quick all) on both - without changes; > >> 0) downing pf: in localnet, in wich pf downed - all good. > >> > >> > >> any ideas? > >> > >> > >> p.s. the same if IPsec replaced by vpnd > >> sorry my bad English > >> > > > > Freebsd 7.0 use the "new" ipsec implementation (IPSEC_FAST) so you need > > to allow ipencap protocol too.. > > > > Cheers > > Norman > > > > > > > > > > is not rule "pass quick all" allows ipencap? Try specifying it specifically. I seem to recall that only certain protocols are passed unless specificially specified, though I can't find documentation on that. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Screen inside Jails + su
On Wed, Apr 09, 2008 at 03:05:03AM +0200, Wael Nasreddine wrote: > This One Time, at Band Camp, Erik Osterholm <[EMAIL PROTECTED]> said, On Tue, > Apr 08, 2008 at 07:52:17PM -0500: > > On Wed, Apr 09, 2008 at 12:00:05AM +0200, Wael Nasreddine wrote: > > > The common way for a user to run a program at startup is to use > > cron with the special @reboot directive instead of giving it a > > time to run a job. > > http://www.freebsd.org/doc/en/books/handbook/configtuning-starting-services.html > > Thank you for pointing that out, could you please give me an example > I haven't found on that page... Sure. At your shell prompt, type: man 5 crontab You'll find the man page for the crontab file, which includes multiple examples of cron entries. All of those use the time specification, though, rather than the @reboot keyword. An example using @reboot: @reboot /usr/local/bin/screen -d -m Rtorrent You can edit the crontab for the user with this command at your shell prompt: crontab -u username -e This will dump you into your editor, editing the crontab file for the user "username". Type in the crontab entry (for example, the one I used as an example above), save, and try restarting the jail. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Screen inside Jails + su
On Wed, Apr 09, 2008 at 12:00:05AM +0200, Wael Nasreddine wrote: > Hello, > > I have a FreeBSD server which is Jails based, I have created a special > jail to run 3 rTorrent process for 3 users, I made all the permissions > and added the users, then I launched manually (for testing purpose) > these screen sessions for the 3 users using the below method: > - jexec onto the jail. > - su to the user: su -l wael > - run a detached screen: screen -dmS Rtorrent > I have a .screenrc for each user in place to run one command, > rtorrent > > Now I have 2 questions: > 1) How can I add this procedure to the jail startup?? The common way for a user to run a program at startup is to use cron with the special @reboot directive instead of giving it a time to run a job. http://www.freebsd.org/doc/en/books/handbook/configtuning-starting-services.html > 2) I can't attach the screen, everytime I try to I get an error: > # su -l wael > % screen -Dr Rtorrent > Cannot open your terminal '/dev/ttyp6' - please check. > What's going on? why can't I attach the screen session ?? If you have used jexec to get into the jail, then you won't have a pty within the jail, and anything which relies on one will fail to execute. Start up sshd in the jail, then ssh to it and see if you can attach the screen. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [6.3] How are those daemons started?
On Mon, Mar 31, 2008 at 09:58:50PM +0200, Mel wrote: > On Monday 31 March 2008 21:47:42 Gilles wrote: > > Hello > > > > By running "netstat -an", I notice that some daemons are running, > > even though nothing is listed in either /etc/rc.conf or some > > equivalent in /usr/local/etc/ : > > > > tcp4 0 0 127.0.0.1.25 > > udp4 0 0 *.2727 *.* > > udp4 0 0 *.2727 *.* > > udp4 0 0 *.514 *.* > > > > nmap seems to only handle TCP (TCP2000 = "callbook"?) doesn't say > > which application is opening those ports, and lsof | grep doesn't > > return anything :-/ > > > port 25 is sendmail, enabled by default /etc/defaults/rc.conf. > 514 is syslog, also on by default. > 2727 udp, no idea, but sockstat(1) will tell you. > > -- > Mel Also note /etc/defaults/rc.conf which is /why/ these services are on by default. Entries in /etc/rc.conf override entries in /etc/defaults/rc.conf, so you should never change /etc/defaults/rc.conf. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD-6.3 only detects 3GB of RAM
On Thu, Mar 27, 2008 at 02:26:05PM +, [EMAIL PROTECTED] wrote: > fred writes: > > Hello all, > > > > I am trying to fix an issue with my dual xeon ibm server, it only detects > > 3GB or RAM but I have 4GB: > [...] > > I have seen this problem under Linux on IBM Intellistations (6225). > IBM pointed me to a tech document (the number of which I do not > remember) that says when the machine detects more than 3GB, it uses > some of that memory internally for ... stuff. Still, I find stealing > 1GB quite unacceptable. It's not really stealing it. It has to do with how the computer hardware handles memory mapped IO. A certain amount of memory is allocated per device which needs MMIO; in a typical computer, this could be as much as 1GB. It's mapped from the highest portion of the address space that the computer can handle--in a 32-bit environment, that means that it's mapped from 4GB on down. I haven't looked to see if it's arcitecturally the same on 64-bit machines, but if so, we'll see the same problem once we start putting more than a few terabytes of RAM in computers. Luckily, I think that day is quite a ways off, and who knows what changes will be made in computing by then. An MSDN blog actually has a decent description of the issue, including some points I didn't mention here: http://blogs.msdn.com/hiltonl/archive/2007/04/13/tbhe-3gb-not-4gb-ram-problem.aspx Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD & Linux distro
On Tue, Feb 19, 2008 at 02:39:26AM -0800, Lone Wolf wrote: > Hi. > How FreeBSD differ from any Linx distro like Ubuntu? > Thanks. Others have answered this sufficiently, but I wonder if this shouldn't be made into a FAQ item. It's certainly asked enough. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sysinstall: can't change certain options
On Fri, Feb 15, 2008 at 06:10:32PM -0500, Jeff Gold wrote: > I may be mistaken but it appears that you've got the syntax for > sysinstall wrong. Try this: > > sysinstall configFile=install.cfg loadConfig > > Does that solve the problem? > >Jeff Well, I did have the wrong syntax (though it looks like sysinstall picked up install.cfg as the file to parse anyway, since it dropped me into the options editor even with my bad syntax.) This didn't solve the problem, however. The most concise definition of the problem I can state is that when using an external config file to load the options editor, some of the options aren't editable as they are when using sysinstall without loadConfig. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
sysinstall: can't change certain options
Hi all, I'm trying to set up a scripted sysinstall, and one of my hopes is that I could change the directory where the distributions will be extracted. To that end, I do the following: $ sysinstall loadConfig install.cfg where install.cfg contains only the following: optionsEditor I move over the the Install Root line and hit enter, and nothing happens. sysinstall doesn't hang, it just doesn't let me change the directory. If I start sysinstall without loadConfig, it works just fine. So is there a good way to do what I'm trying to do? If not, is there a better way to extract the dists and partition my disk in a more automated fashion? Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: what happened to linuxflashplugin?
On Wed, Feb 13, 2008 at 04:34:21PM -0500, Gerard wrote: > Interestingly enough, I just did a quick perusal of the URLs I frequent, > and virtually all of them, in one form or another, asked for 'Flash'. > Even 'sourceforge.net' greeted me with this friendly message: > > You need to install the Macromedia Flash Player plug-in to view all > content on this page. Do you want to download this plug-in now? > > IMHO, for an individual to state that Flash is not a relevant issue > simply because they choose not to employ it, is similar to patient > claiming that cancer research is a waste of time simply because they > are not afflicted with the condition. Bad analogies are like a leaky screwdriver. All throughout this thread, there have been people mixing up issues. It's true that Flash is used on many, many websites, but one of the earliest "complaints" I saw regarded Flash-only sites--sites which require Flash in order to navigate. These sites seem fairly rare. It is manipulative and misleading to argue that because so many sites /make use of Flash/, then /Flash has become an integral part of the web/. I browse with Flash disabled all of the time, only enabling it specifically when I need it to use the web site. It certainly happens--but it's not a constant thing. I'm aware that Flash content exists on the pages I view, but most of the time it's supplemental, and the page degrades quite nicely without it. All of this is largely irrelevant, however. If you want Flash on FreeBSD, you have a few options: - Petition Adobe to release an official version and/or reduce the phantom restrictions[1] on the binaries so that they can run under emulation. - Contribute to the Gnash project. - Modify the appropriate files under /usr/ports and install it, as others have pointed out is possible. If you want to use FreeBSD but you don't care about Flash, you have two options: - Complain to companies when their web site uses Flash poorly. - Don't go to those websites. It doesn't do any good to go around complaining on this list, as the people on this list aren't really in any position to do anything[2]. Erik [1] Others have pointed out that this restriction doesn't seem to actually exist anymore. [2] Except remove the restriction from the ports tree, assuming the license is acceptable, and /possibly/ make it easier to install, since so many users seem to have trouble with it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: what happened to linuxflashplugin?
On Mon, Feb 11, 2008 at 11:04:09PM +0200, Jonathan McKeown wrote: > On Monday 11 February 2008 22:26, Chuck Robey wrote: > > All you folks who are focussing on YouTube are (purposefully? I > > don't know) the fact that with just about half of the entire Web > > using flash in one way or antoehr, not using Flash is a huge > > problem, as anyone who browses without a flashplayer knows. > > Just to provide a counterpoint to this sweeping generalisation, I > browse without a Flash player and it's never caused me any problem > at all. Usually I browse with NoScript, which blocks both Javascript and plugins. > There are a few sites which don't work without Flash. Having checked on a > number of occasions, I've found (and I stress this is a personal opinion) > that heavy use of Flash is a fairly reliable marker of a site I wouldn't be > interested in whatever publishing techniques were used. Flash is almost the de facto standard for video in the browser, because most desktop users have it, it doesn't require much in the way of configuration, and you don't have to worry about codecs. Nine times out of ten, if a site I wish to use requires Flash, it's to stream video. The rest of the time, I usually do just fine without it. > In short, I think ``half of the entire Web using Flash'' may be a bit of an > overstatement even if you count Flash ad banners (which frankly I can do > without), and the small number of Flash-only sites I encounter hasn't caused > me temporary inconvenience, never mind ``a huge problem''. Lots of sites use Flash, but most don't /require/ it. > Jonathan Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: OT: www search engines
On Wed, Feb 06, 2008 at 08:32:44PM -0500, Jonathan Franks wrote: >On Feb 6, 2008, at 7:07 PM, Erik Osterholm wrote: > >. > >Then there's the issue of spam and spam blocking. Google does a great > >job of blocking spam. > >Really? I can't say that I've had the same experience. I'd say that 80 >percent of what ends up in my inbox is unadulterated spam. >I still use it for similar reasons as you, but I can't agree on this >point. >-Jonathan That's pretty interesting. I started keeping statistics on my spam count becuase it was so rare. Since I started using Gmail (shortly after they launched), the most I've gotten in a month is 4 spam messages hitting my inbox. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: OT: www search engines
On Wed, Feb 06, 2008 at 03:25:16PM +0100, Wojciech Puchar wrote: > >not used anything google for several years now. No gmail, no Picassa, > >nothing I can avoid. No deep political reasons, just a personal choice. > > exactly as me. > > i really don't understand people that CAN have normal mail (especially > admins) using gmail. > > it's just strange. Well, to share some reasons There are two issues here. The first is why anyone who runs his/her own mail server would want to use a third-party (webmail) server. The second is why specifically Gmail. To answer the first question, it's largely an issue of availablity and backups. Most services like Gmail handle backups for you. Although most don't give any sort of SLA, they will usually put a lot of thought and effort into keeping your mail, and keeping it available (by being up.) If you have the resources to duplicate this, as someone who runs an ISP might, then webmail itself probably has less of an advantage. The second question, "Why Gmail as opposed to other services?" is answered by how Google differentiates their service. The first, and most obvious difference is in storage space. For my purposes, I'll probably never run out of storage on Google's server. Most other free webmail services, however, aren't adequate. I've got over a gigabyte of mail on my personal mailhost alone. For high-availablity mail (primarily for things I may need in the event that my co-located server goes down, along with other important things that I simply need access to without fail), I have several hundred megabytes. If I'm going to use Webmail, Google fits the bill with its essentially unlimlited storage. Then there's the issue of spam and spam blocking. Google does a great job of blocking spam. I'm sure that I could do almost as good a job, however that would put quite a bit of load on my mail server. That server already hosts mail for many domains and many users--anything I can shove onto Gmail to avoid processing spam on my host is going to be nice. With IMAP, it becomes even nicer. I can manage public mailing lists (who cares if anyone knows that I'm subscribed to those, anyway?) on Google mail with their excellent spam filtering, and my personal mail can go to my personal host. Anyway, that's mostly my thinking, anyway. One of these days, I'm going to set up my personal host to encrypt and forward mail onto Gmail, so that it's all available whenever I want. I'll typically read it on my host, and grab anything from Gmail if something happens to require it. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: OT: www search engines
On Wed, Feb 06, 2008 at 12:46:25AM +0100, Wojciech Puchar wrote: > what search engines, other than Google, do you find useful for general > use? > > google simply don't like to talk with me, when i like to use anything to > protect my privacy. i don't abuse this service, but i don't like google > tracing what i search, when and why. > > it started maybe week ago, so i have to use something else. > > > http://wojtek.3miasto.net.pl/google/goolag.html Google has been tracking search results for years. I'd be shocked if other major search engines weren't doing it--at least Google is being up front about it. You can partially keep them from correlating your searches if you reject the Google cookie. If you do this, the only way that they can "track" you is by IP address. You can also use a Google proxy such as scroogle.org. Again, there's no real guarantee that they aren't tracking things, but it's a way to get Google results without having to use Google, itself. Generally, though, unless you sign in to their services, it's pretty unlikely that they'll ever tie search results to a physical human being. Without an ISP's help, they won't know who owns your IP address. If your ISP is willing to give you up to anyone who asks, I'd be worried about more than just Google. What are the laws in your country like regarding this? Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Switching username using SFTP
On Sun, Jan 13, 2008 at 09:38:21AM -0500, [EMAIL PROTECTED] wrote: > > When I ssh into a system which has different login name from the > system I'm on I use this syntax: ssh -l host.domain.com. > > How does one do this with SFTP on the command line? The -l switch > doesn't work. The man pages on SFTP makes no mention of this. > > -- Joe The man page implies the correct use at the top: sftp [EMAIL PROTECTED]:dir[/]]] So sftp [EMAIL PROTECTED] works. Lower down in the file, it also mentions using options, and it turns out that this works as well: sftp -o User=username host.example.com Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD's problems as seen by the BSDForen.de community
Sorry to cold-CC you on this, yongari--please ignore if this doesn't interest you. On Thu, Jan 10, 2008 at 09:40:50PM +0100, Kris Kennaway wrote: > Erik Osterholm wrote: > >On Thu, Jan 10, 2008 at 11:56:15PM +0900, Adrian Chadd wrote: > >>On 10/01/2008, Dominic Fandrey <[EMAIL PROTECTED]> wrote: > >> > >>This is the thing though. Its working for the developers, its not > >>working for the users, so how do you think it'll get fixed? > >> > >>>The second big problem is the handling of regressions. PRs remain > >>>unanswered or the reporters are told that the regressions they > >>>report do not exist. Some of our members have even suffered the > >>>experience that they developed a patch, but it simply was ignored > >>>or turned down for the reason that it was a "Linux solution". > >>>Especially frustrating for those among us who have never looked at > >>>Linux code. > >>Whats the PR number? > > > >I'm coming in in the middle of this thread, but here's one from July > >2006: > >kern/100839 > > > >No one from the FreeBSD community ever responded on it. I thought > >that I'd even suggested removing the driver entirely, due to this > >showstopping bug, and removing its listing as compatible, but now I > >can't find an archived reference, so maybe it was in my head. > > > >I love FreeBSD, and I used it on a daily basis, but there's an > >example, if you're genuinely interested. > > > >Erik > > Yeah, that's a pretty good example of hardware with no real maintainer > in the FreeBSD community. Actually it does look like yongari@ worked on > it a couple of months ago, so you might want to bring it to his attention. > > Kris I can do that, though it looks like the changes made were quite generic to interfaces in general, and not specific to the TXP. While I was trying to get this to work, it looked pretty likely that the problem was in how the kernel was talking to the device itself--the device would get confused when it was brought down and back up. My recollection is that the Linux driver just stops I/O to the card, but leaves it in its online state, effectively disconnecting it from the TCP/IP stack, in order to bring it down. FreeBSD tries to actually disable the interface, but doesn't re-initialize it correctly when bringing it back up. If someone doesn't want to take accountability for the bug, I'd really like to see it removed from the compatibility list. I could probably find some hardware to donate to the cause of fixing it, if someone was committed to fixing it, though. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: home dir executable (!/bin/sh, chmod+x) shell scripts won't run without "sh
On Mon, Jan 07, 2008 at 09:13:39AM -0700, Steve Franks wrote: > > This is a sort of 'don't shoot yourself in the foot' design. You > > cannot run a script or binary simply by name if you're cwd is the > > directory that contains that script or binary. IIRC, you can't cd / > > usr/bin and run anything in /usr/bin without explicitly calling that > > file with the ./ telling the system THIS ONE. > > Ah! You'd think any one of the many tutorials I read would have > mentioned that little detail ;) > > Thanks, all > Steve You should search your tutorials for the PATH environment variable. In an over-simplified nutshell, when you type a command in your shell, it checks a number of different locations for the place to find the command you're trying to execute. Some of those locations are every directory specified in your PATH variable. My PATH is: /bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin This means that when I type 'ls', the shell looks for an executable named 'ls' in each of those directories (actually, it probably stops right after /bin/ls, since that's the correct one.) If the shell does not find a valid executable in the path, it will say that there is no such file or directory. In this case, you would try specifying the full path by typing /bin/ls, or /home/user/scriptname. '.' and '..' have special meanings--current directory and next-directory-up, specifically--so if your current working directory is /home/user, typing ./scriptname will be largely equivalent to typing /home/user/scriptname. ../scriptname would be largely equivalent to /home/scriptname. This is why some people suggested trying ./scriptname in other e-mails in this thread. The '.' notation for the current working directory enables you to add the current directory you happen to be in as part of your path (thus making it searched when executing a command), however this has serious security implciations, so if you think that it's something you really want to do, you'll have to find out from someone else how to do it. erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: tail does not exit
On Thu, Dec 20, 2007 at 11:02:59AM -0500, Mikhail Teterin wrote: > On ?? 20 ??? 2007, Erik Osterholm wrote: > = The same behavior happens if I use a larger file. I see no > = inconsistent behavior, nor any bugs. > > The inconsistency is in the fact, that the behavior depends on the size of > the > buffer and length of the lines (not the size of the file). > > If the 10 lines, which tail tries to output initially, exceed the size of the > buffer, tail learns about awk going away immediately. If the lines are not > long enough, it does not. > > Also, I would expect a program to be notified (by SIGPIPE?) /immediately/, > when any of its output pipes are closed -- instead of waiting for it to try > to write into the pipe. But this issue is not, it seems, FreeBSD-specific... > > -mi Ah, I see. With very, very long lines, tail doesn't send the output all at once. The cutoff seems to be 65536 bytes on my system. If tail has to write more than this amount, it breaks it up into mutliple writes of a maximum of 65536 characters each. The problem is that after the first 65536 characters, awk has exited, causing the next 65536 characters which tail attempts to write to cause a SIGPIPE. It seems to be working as intended, though. When piping, you have to be aware of these issues, but I do not think that it is a bug. There must be some boundary where tail splits the output into multiple writes. If, after the first write, a \n hasn't been encountered yet, awk will consider at least some portion of the next write (up until the first \n) to be the same line, at least until it hits its own limit. I have not checked to see what this limit might be. As for SIGPIPE, that's just how the POSIX standard works. The signal is sent to the writing process when it attempts to write to a broken or closed pipe, not when the pipe has closed. If you think that this behavior is bad, you might want to contact IEEE. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: tail does not exit
On Thu, Dec 20, 2007 at 05:40:11AM -0500, Mikhail Teterin wrote: > On ?? 20 ??? 2007, Max N. Boyarov wrote: = | MT> Is not that > a bug in itself? = = | Tail write buffer at all, i.e. all 10 lines > writes to pipe. > > So, the behavior depends on the size of the buffer -- and thus the > size of the input lines. > > A bug indeed... I don't understand. aleph:~$ cat test blah1 blah2 blah3 aleph:~$ tail -f test | awk '{print $1; exit 0}' blah1 (hangs) This is expected. Awk printed one time and exited, per the given script. The output from tail/input from awk went all at once, awk printed the first line, exited, and the rest of the input disappeared. 'tail' sent "blah1\nblah2\nblah3\n" to awk, awk printed until the first newline and exited. If I now write to test from another terminal: aleph:~$ echo "blah4" >> test Tail tries to write to the pipe, which it finds closed. It receives a SIGPIPE (tried to write to a pope with no reader--see man signal), and it terminates. The same behavior happens if I use a larger file. I see no inconsistent behavior, nor any bugs. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: PF blocking even if set to pass all
On Thu, Dec 13, 2007 at 09:19:03AM -0200, Alaor Barroso de Carvalho Neto wrote: > Hi guyz, like I've said in other topic, I'm building a BSD box that'll act > as a gateway between three private networks and the internet. I want that > each private network can ping to each other, and I can do that till I > activate my pf firewall. When I do pfctl -e it stop working. > > The output of pfctl -sr is: > pass in all > pass out all > > So I guess it would pass anything, why it isn't happening? > > Hugs, > Alaor You aren't doing any encapsulation or anything else unusual, are you? Note that unless you specificy a protocol, pass rules will only match tcp, udp, or icmp (or the v6 equivalents, I believe.) Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Advanced Routing/Firewall Interface Options for FreeBSD 7
On Wed, Nov 28, 2007 at 09:08:37PM +0100, Ivan Voras wrote: > [EMAIL PROTECTED] wrote: > > > FreeBSD 7 supports ZFS. From there, NFS and Samba are easy. I've been > > using Solaris for this, but it's rather archaic in many ways, and the > > only reason I use it is for the stable ZFS support. Everything else in > > Solaris - given my needs - is a poor match. > > People have reported problems with ZFS and NFS and Samba in the past. > Test throughly before using (and report problems, if any :) ). > While this is true, recent versions of Samba have addressed the issue. I'm running a ZFS pool with Samba sharing it to my network, and it's working flawlessly. FreeBSD localhost 7.0-BETA1.5 FreeBSD 7.0-BETA1.5 #0: Wed Oct 24 23:17:30 UTC 2007 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC amd64 samba-3.0.26a_1,1 A free SMB and CIFS client and server for UNIX Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: who wrote this
On Sun, Nov 25, 2007 at 05:53:54PM -0600, eBoundHost: Artur wrote: > I would appreciate if someone would help me find the person who can > help to > modify the text on this page. > http://www.freebsd.org/internal/fortunes.html > I think it can be worded differently and get the point accross > without > giving any extra attention to this monster. > > Best Regards, > > Artur Do I understand correctly that you are not concerned so much with the inclusion of quotes by Adolf Hitler, but you don't like the way the web page is presented? If that's the case, my argument for maintaining the current state of the webpage is that it's going to become a repeated issue. Without the notice that Hitler quotes are not automatically considered offensive, a lot of people will probably see a non-offensive Hitler quote and argue that it should be moved to the offensive file simply due to the attribution. Put another way, the quote "What luck for the rulers that men do not think." is not considered offensive. Merely adding the attribution, then, should not cause it to be moved to the "offensive" file. That said, people have argued in the past that it should be, simply because Hitler is in the text. Putting the notice on the webpage at http://www.freebsd.org/internal/fortunes.html is a public expression that the speaker of the quote is not to be the basis for categorizing the quote as offensive. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: PF, bridge, states and window scaling problem
On Tue, Nov 13, 2007 at 03:53:38PM +0200, Alupului Costin wrote: > On Nov 13, 2007 4:20 AM, Girish Venkatachalam > <[EMAIL PROTECTED]> wrote: > > On 22:08:03 Nov 12, Alupului Costin wrote: > > > > > > pass in quick on vlan0 from any to anIP/32 > > > pass out quick on vlan0 from anIP/32 to any keep state queue ul_client > > > pass in quick on vlan1 from anIP/32 to any > > > pass out quick on vlan1 from any to anIP/32 keep state queue dl_client > > > > > > The above rules generate state-mismatches. > > > > Didn't get you. What sort of mismatch? > > When that client tries logging in to Yahoo Messenger I can see an > increase in the number of state-mismatch reported by pfctl -si. There > are states established, but after a while the packets simply do not > match the states created. Also they will not create new states and nor > will they match a catch-all rule which follows. I wonder why it's not creating new states. Could you be running out of kernel memory? Are they actual syn packets? > I will answer here to Erik Osterholm also: > > Performance really is an issue here when I give up statefull > inspection. The firewall contains roughly 2000 filter rules and the > traffic passing through is 20kpps at peak hours. So it is a huge > difference between statefull and stateless filtering. If I drop the > stafefull filtering the machine simply cannot handle all the traffic, > or in the best case scenario it develops quite some latency. I didn't mean to imply that performance wasn't an issue on your part, just mentioning it on ours. I know that keeping state is probably ideal in general, but depending upon your ruleset, it may be possible to optimize it so that keeping state isn't required for performance. For example, if you have many rules which are identical except for the host, you can use a table to keep track of the hosts and then only a few rules. This can speed things up dramatically. (Sorry if I'm telling you things that you already know--I'm not familiar with your level of expertise.) Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: PF, bridge, states and window scaling problem
On Tue, Nov 13, 2007 at 07:25:23PM +0530, Girish Venkatachalam wrote: > On 18:57:34 Nov 13, Girish Venkatachalam wrote: > > I just read the post you linked. Thanks. :) > > I read the post once again and it looks as though I understood what is > mentioned there. > > The 'no-df' in scrub rule clears the Don't fragment bit in the IP > header. When a host wrongly sends fragmented packets with the DF bit > set, this scrub rule "correctly" resets the DF bit. > > Now since the host made the mistake of sending a fragmented packet with > DF bit set ( this is like saying " Please don't fragment my packet, but > I myself have fragmented". Odd...) no-df scrub rule causes trouble. > > Scrub never causes trouble with properly formed packets. > > regards, > Girish Ah, that makes sense! In fact, if I'd done a little more reading, I'd see that OpenBSD suggests the same: http://www.openbsd.org/faq/pf/scrub.html They mention that there are some problems (NFS specifically, and "some online games"). I believe that we've also seen some weird behavior with Active Directory, but I'd have to check to make sure. Thanks for the information! Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: PF, bridge, states and window scaling problem
On Tue, Nov 13, 2007 at 07:50:53AM +0530, Girish Venkatachalam wrote: > On 22:08:03 Nov 12, Alupului Costin wrote: > > I seem to have quite a problem with PF. I have set up a bridge to > > shape my upstream traffic. I use ALTQ with hfsc discipline; but that's > > not really important. My problem comes with the filter rules. I have > > to use keep state because of the speed benefits (really I don't have a > > choice), > > One should always keep state. <...> > > Oh, here is the setup of the bridge from rc.conf, although there > > shouldn't be any problems there (the bridge works fine without pf, or > > with pf stateless): > > Stateful filtering is always recommended. Performance is not the only > reason why you should use it. > > It also adds to security. Have you tried disabling normalization/scrub? > > Best, > Girish My understanding (and please correct me if I'm wrong) is that keeping state requires fragmented packet reassembly, which can break some applications. Also, I've always followed the conventional wisdom that bridges shouldn't keep state. A posting from the maintainer supports this: http://lists.freebsd.org/pipermail/freebsd-pf/2005-September/001481.html Maybe this has changed--I'm not sure, but so far I haven't seen performance issues with pf and if_bridge without keeping state, so I haven't been worried about it. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Determine FreeBSD version of binary
On Thu, Nov 08, 2007 at 03:47:54PM -0600, Dan Nelson wrote: > In the last episode (Nov 08), John Smith said: > > On Nov 8, 2007 6:59 PM, Yuri Pankov <[EMAIL PROTECTED]> wrote: > > > May be not entirely correct, but close: > > > > > > ldd binary | grep libc.so > > > > Yes, that helps somewhat. At least I now know that it's FreeBSD 4.x. > > And before I again forget something I forgot to mention earlier on: I > > also have a file called 'kernel'. Could that somehow give somewhat > > more detailed information about exactly which 4.x kernel it is, and > > if so, how would I go about doing that ? > > Run "strings /kernel | tail" on it. > > There's also a better way to determine the FreeBSD version an > executable was built for. As long as you didn't build world with -O2, > the "file" command can print it. Note that you will need to run a 5.x > or newer version of file, since even though 4.x puts the version in > each binary, its file command doesn't print it. > > $ file /bin/ls > /bin/ls: ELF 32-bit LSB executable, Intel 80386, version 1 (FreeBSD), for > FreeBSD 7.0 (700052), dynamically linked (uses shared libs), FreeBSD-style, > stripped > $ file /mnt/oldsystem/bin/ls > /mnt/oldsystem/bin/ls: ELF 32-bit LSB executable, Intel 80386, version 1, for > FreeBSD 4.2, statically linked, stripped > > If you like building with -O2, apply the patch in PR 101590. Interesting. Does 6.2/amd64 build with -O2 by default? $ file /bin/ls /bin/ls: ELF 64-bit LSB executable, AMD x86-64, version 1 (FreeBSD), dynamically linked (uses shared libs), stripped This was after a buildworld with no special options added, and nothing affecting the kernel in make.conf. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh
On Wed, Oct 31, 2007 at 03:09:36PM +, Daniel Bye wrote: > On Wed, Oct 31, 2007 at 03:23:57PM +0100, Michael Grant wrote: > > > Yeah, I misread your problem. Are you saying that you want to su to root, > > > but still have some variables set as they were on the account you sued > > > from? > > > So you have a user named Michael, say, and you su to root, but when you > > > ssh > > > you want Michael's .ssh to be the effective one? > > > > Well sort of. When I su, $HOME is set to my homedir and $USER set to > > mgrant. This is fine. However, ssh (when sued) doesn't read > > $HOME/.ssh, it reads /root/.ssh. And it's not defaulting to logging > > into the remote machine as $USER, it tries to log in as root. It does > > this because it's hardwired in the code more or less as follows (I've > > extracted the relevant code from ssh.c): > > > > original_real_uid = getuid(); > > pw = getpwuid(original_real_uid); > > sprintf(buf, "%s/%s", pw->pw_dir, "ssh-config"); > > read_config_file(buf); > > options.user = strdup(pw->pw_name); > > > > Like I said, it seems like a bug to me. Personally I would have done > > a getenv("HOME") and getenv("USER") myself instead of depending on the > > userid. Probably they had good reason for doing it the way they did > > it. > > Probably to do with the fact that both $HOME and $USER can be set by the > user to any arbitrary value: > > [EMAIL PROTECTED]:~] --->$ echo $USER $HOME > daniel /home/daniel > [EMAIL PROTECTED]:~] --->$ USER=root > [EMAIL PROTECTED]:~] --->$ HOME=/root > [EMAIL PROTECTED]:/home/daniel] --->$ echo $USER $HOME > root /root > [EMAIL PROTECTED]:/home/daniel] --->$ cd > [EMAIL PROTECTED]:~] --->$ pwd > /root > > Not so good for security! > > Dan But the same effect can be achieved by specifying the identity file: ssh -i /root/.ssh/id_dsa So this file still needs appropriate permissions to prevent misuse by other users. I'm pretty curious to know why the developers chose this path. If it's not actually a bug, but a security concern, then it would be a good learning experience for me! Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Virtualization
On Tue, Oct 30, 2007 at 11:57:20PM +0100, Ivan Voras wrote: > There's a donation box on > http://www.rsync.net/resources/notices/2007cb.html for developers to get > VMWare Workstation working on FreeBSD but the status of the project is > unknown. There's also some indication someone is working on VirtualBox > but that's probably in very early stages (and besides that, VirtualBox > doesn't work reliably). I have to disagree with the last VirtualBox comment. It seems to work quite well for the operating systems it supports (mostly Linux and Windows as guests.) Sadly, FreeBSD as a guest just doesn't seem to fly. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Dangers of using a non-base shell
On Mon, Oct 29, 2007 at 08:50:40PM +, Stephen Allen wrote: > It's been drawn to my attention not to use bash from the ports > collection, because if one of it's dependencies (gettext or libiconv) > fails or is updated significantly, it could break, and prevent login. > The suggested solution was to use a base shell (such as sh) and append > 'bash -l' to .shrc to automatically enter bash. I've only ever heard this advice applied to the root account. Generally speaking, I keep my root accounts using /bin/csh and I run (z|k)sh on my user accounts. If something were ever to break, I'd just log in as root to fix it. > The quite annoying side-effect is having to type 'exit' twice to get out > of a su shell or screen. For screen, you can just change the SHELL environment variable before you run it: SHELL=/usr/local/bin/pdksh screen New screen windows will use the new shell. For a more permanent fix, you can add e.g. "shell /usr/local/bin/pdksh" to your .screenrc file. > Would it be a better idea to use the pre-compiled binary for bash? And > if I did so, could I be alerted to updates as easy as using 'pkg_version > -v' when checking if any ports need updating? There was a pretty long thread on this here: http://lists.freebsd.org/pipermail/freebsd-questions/2007-October/159670.html Another issue that you'll have to contend with is that if your filesystem on which bash lives fails to mount, you'll be in the same boat. You could copy it to /bin (which is usually on the same filesystem as / and /boot, meaning you're almost guaranteed to have it, even if other filesystems fail to mount) but I don't like cluttering up my filesystem. > Many thanks, > Steve Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ifconfig -- how to remove address and mask?
On Sun, Oct 28, 2007 at 09:14:48PM -0700, [EMAIL PROTECTED] wrote: > running 6.1, > > Is there a way to bring an interface down and remove the ipaddr and mask? > I've tried ifconfig destroy with no effect, and I'm getting tired of > twiddling rc.conf and rebooting... > > The problem arises when testing a new configuration where an existing > interface has an assigned ip addr, and is then changed to be used with > pppoe. The routine tables get really confused... > > Thanks, > > Gary Might /etc/rc.d/netif restart resolve this, too? Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Name resolution
On Sat, Oct 27, 2007 at 04:42:02PM -0700, jekillen wrote: > I set up a system with a static ip connection to the internet > I checked inetd.conf and resolv.conf. Just FYI, inetd.conf shouldn't matter here, as it has to do with running a server, not accessing one. > look in resolv.conf, there was no file by that name. > So I created one with my local nameservers and the ISP's nameservers. Are the local nameservers on the same CIDR network? The ISP servers? Did you maybe use hostnames here instead of IP addresses? > But I am not sure whether these changes require that I reboot the > machine. My experience has been that changes to resolv.conf do not require a reboot. > The connection is live and working. I can ping another of my static ip > addresses, and other machines running on the private nework. But > if I ping one of my websites by name the ping cannot find it. so I know > it is a resolver issue, with no name server running on this machine. Are these on the same network? Did you set your gateway correctly? The command "netstat -nrf inet" should probably list a default route. Sometimes people forget this when they use static IPs as you have. > This is because after adding the file /etc/resolv.conf I still get > the above complaints. I occasionally type "resolve.conf" instead of "resolv.conf" when creating this file for the first time. The wonders of tab completion can make me unaware of the problem for awhile. Could this possibly be the problem? Do you have any sort of firewall active on this computer? If so, outgoing connections to port 53 (UDP and TCP) should be allowed for DNS to work. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How do I enable IP forwarding?
On Fri, Oct 19, 2007 at 03:34:11PM -0700, Chuck Swiger wrote: > Hi, Ivan-- > > On Oct 19, 2007, at 2:57 PM, Ivan Dimitrov wrote: > > How do I enable IP forwarding? (on freeBSD 6.2) > > On a temporary basis: > > sysctl net.inet.ip.forwarding=1 > > ...or if you want to make that config permanent: > > echo 'gateway_enable="NO"' >> /etc/rc.conf > > -- > -Chuck Shouldn't that be "YES" instead of "NO"? Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to add rule with pfctl...
On Mon, Sep 17, 2007 at 11:30:03PM -0300, Agus wrote: > Agus wrote: > > > > 2007/9/15, Mel <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>: > > > > On Saturday 15 September 2007 23:18:17 Agus wrote: > > > > I am trying to figure out how to add a firewall rule with pfctl... > > This is what i'm trying to do... > > > > I've got SEC that matches certain pattern and takes the IP from that and > > want to trigger a firewall rule to block that IP > > Then after a couple of hours SEC will trigger the command to un-block > > > > the > > > > IP... > > So what i need is the command to block an IP address from command line, > > > > not > > > > touching any pf.conf > > > > If you don't need to add a rule but an IP, then tables are your friend. > > Example for /etc/pf.conf: > > # Placeholder for spammers table, non-routable network IP. > > table persist { 192.168.111.111 } > > # Block this traffic > > block return-rst in log on $ext_if proto tcp from port smtp > > > > Then on the command line: > > /sbin/pfctl -t spammers -Tadd ip.from.new.spammer > > And to delete: > > /sbin/pfctl -t spammers -Tdel ip.from.old.spammer > > > > -- > > Mel > > ___ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > > > > Hi, > > I put this on /etc/pf.conf > > external_addr="192.168.1.11" which is the address of the only interface. > > This machine isn't a router. > > > > block drop in quick on $ext_if inet proto tcp from 192.168.0.1 to > > $external_addr port ssh > > > > but when i try to connect from 192.168.0.1 i connect with no problems...this > > rule is to block access.. > > What am i doing wrong..is my first time with pf... > > > > Thankss... > > ___ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> > > > > 2007/9/17, Goltsios Theodore <[EMAIL PROTECTED]>: > Well I think that you mean to add this: > > ext_if="rl0" # Or whatever your interface is ifconfig helps to find out > block drop in quick on $ext_if inet proto tcp from 192.168.0.1 to $ext_if > port ssh > > or even: > ext_if="rl0" > external_addr="192.168.1.11" > block drop in quick on $ext_if inet proto tcp from 192.168.0.1 to > $external_addr port ssh > > Think of macros as variables. As long as you don't define them they don't > exist (are empty). > > > > I knowTheodore, i've done it exactly like u put itfirst declare macros > and then the rule > but i couldn't block access to the machinethis rule is supposed to block > all access to port 22 on the machine coming from 192.168.0.1but I can > access from there... > > i checked pfctl -e > pfctl -sa > > and everything seems to be loaded... > > Thanks... Are you sure that you're trying to block only from a specific host? The source address shouldn't change, even if you're doing nat. I would assume that you'd want an 'any' keyword there, rather than a specific IP address. Also, you can add hosts to the table automatically based on number of connections over a given period of time: block quick from pass on $ext_if inet proto tcp from any to $myip port 22 flags S/SA keep state (max-src-conn-rate 5/30, overload flush global) The first rule blocks hosts from the blackhole table. The second adds hosts to the blackhole table and kills their state if they connect more than 5 times in 30 seconds. This is obviously tunable-- 3/30 would be 3 connections in 30 seconds, and 8/60 would be 8 connections in 60 seconds. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Bridging and port mirroring
On Thu, Sep 13, 2007 at 12:29:30PM -0400, Brian McCann wrote: > I've poked around on the web, but come up empty. And I find it hard > to believe there's not a simple way to do this, if it hasn't been done > before. > > I've got a server with two nics configured for bridging and running > bunches of ipfw rules. I'd like to add a 3rd NIC and have it mirror > the 2nd NIC (so all traffic into and out of nic2 goes to nic3), so I > can run an IDS on another server. Yes, I know that has the potential > to overload nic3 if there is a lot of traffic going in and out of > nic2, but that's not an issue for me. > > Has anyone done this before, or know how to do this? Are you using if_bridge? If so, it supports creating span interfaces. It's easy to set up, and it almost does what you describe (instead of only showing traffic into/out of nic2, it's going to show all traffic on bridge0.) Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: chmod / files and directories
On Wed, Sep 12, 2007 at 11:34:31PM +0200, Mel wrote: > On Tuesday 11 September 2007 13:15:55 Zbigniew Komarnicki wrote: > > On Monday 10 of September 2007 17:56:12 Zbigniew Szalbot wrote: > > > Hello, > > > > > > I did read man chmod but I am not really wiser. Is there an option to > > > recursively set 755 permissions for directories and 644 for files? > > > When I just issue > > > chmod -R 755 /usr/local/www/data/wp/ > > > then all files and directories under wp/ are given permissions 755 > > > which is not what I want. > > > > Maybe also in such way: > > # find /usr/local/www/data/wp -type f -exec chmod 644 {} \; > > # chmod -R a+X /usr/local/www/data/wp > > That's the equivalent of chmod -R 755, since it sets exec bit on everything. > Assuming all directories are already executable and files are not, the > shortcut would be: > chmod -R o+w,go-w,a+r /usr/local/www/data/wp > > -- > Mel Mel, According to the man page, using a+X (note the capitalization) should only set the executable bit on directories, or on files which have any executable bit set. A quick test confirms this behavior. I think that the combination of the two commands that Zbigniew Komarnicki listed will result in the desired permissions for the subtree. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Snort with PF as an IPS
On Tue, Sep 11, 2007 at 05:27:50PM +0300, Ovi wrote: > Hello > > I am interested if anybody uses snort with pf to block in realtime ips > detected by snort as viruses, scans and so on. > I saw on mail lists that is working Snort + ipfw (snort_inline) but I > need pf for this setup. > > Also I wonder if it is possible to block p2p traffic using such setup, > with p2p rules defined from Snort. > > Best Regards, > ovidiu We use a simple Perl script to do this with pf. The basic structure is that we maintain a pf table of hosts to block, and the Perl script watches for changes to the snort alert file, parses new entries, adds those entries to the table, and kills all state to that IP address. Of course, this is a pretty drastic measure, so we're very careful about the rules we use in Snort. I believe that snort-inline just blocks the offending packets (with the option to block the host entirely, but there's no way to use snort-inline with pf. with PF at the moment. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Pass all protocols in PF
I've been working with PF for awhile, and this is something that's bugged me for some time. Is there any way to make "pass in all" pass any protocol? Right now, for example, we have a firewall with two bridged (if_bridge) Intel NICs and pf. We need OSPF to pass, and so we have to add an explicit rule to pass it, despite the fact that we have a default pass in any rule. It's the same story for other protocols. Thanks in advance for any replies. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: server was hacked
On Sat, Aug 11, 2007 at 07:20:31AM -0400, Brent wrote: > a compromised mambo site. after getting rid of the program I changed > our router to disallow this type of traffic..& started trying to fix > the box. Im pretty sure that root wasnt compromised but im going to > re-install anyway. my question has anyone run into this problem with > CMS sites, HOw excatly are they getting in ? Lots of CMS have long histories of vulnerabilities. Check out www.securityfocus.com e.g. http://search.securityfocus.com/swsearch?query=mambo&sbm=bid&submit=Search%21&metaname=alldoc&sort=swishrank for some details. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Utility to change a byte in a binary file?
On Thu, Aug 09, 2007 at 06:02:54PM -0400, Jerry McAllister wrote: > On Thu, Aug 09, 2007 at 08:25:17PM +, V.I.Victor wrote: > > > > > It sure seems that this should be simple, but my searches have only > > turned up inter-active hex/disk editors. I'm probably "asking" wrong. > > > > I have a large binary file (>700 meg) and I know that there is a > > single wrong byte. I also know it's exact location in the file. > > > > Is there a command-line utility to write a byte at a specified offset > > into a file? > > You could try 'dd' and manipulate the skip/offset and size arguments. > > jerry If you use vim, you can do this using vim and xxd: http://www.vim.org/htmldoc/usr_23.html#23.4 Skip down to the section entitled "USING XXD." Don't forget to convert it back before you save! Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Convince me, please! - too much about "GUI"
On Thu, Aug 09, 2007 at 08:20:13PM +0200, Rolf G Nielsen wrote: > >My ten year old niece has been brainwashed by the GUI quagmire. She saw > >my FreeBSD 6-STABLE console on my amd64 3000+ and wanted to know why i > >was using such an "old" computer. She had the visual aspect of the user > >interface ingrained as a measure of the capabilities of the machine. > >Granted, it could be only because she's ten, but I think we'd find a lot > >of people think that something has to have more blinky lights and chrome > >to be better or faster. > > I seriously doubt that it's only because she's ten. A friend of mine > (who's 37) defines user-friendliness based on the number of tasks he can > complete through a GUI. I used to think like that too, but not any > longer. I first tried FreeBSD in 1998, but I couldn't get anything > running. I just had no idea how, and I was expecting a nice > "user-friendly" GUI, like Windoze, but without the constant crashes. > Where most Windoze users find Windoze user-friendly, I find it > user-hostile, because it hides the simplest things under tons of graphics. > > For some applications, like image manipulation, a good GUI is a must (at > least that's my point of view), but good doesn't mean complex. And a GUI > is certainly not needed for running a computer. > > My friend, whom I mentioned above, says my computer looks like a green > screen from 1970's movies. I once tried to guide him over the phone > through downloading a file using Windoze's built-in cli FTP client. He > didn't even know that such a procedure was possible; he had the idea, > that downloading a file required a graphical progress bar. After the > file was downloaded (a GUI FTP client), he said it was the most horrible > thing he'd ever done, and had comments about this being the 21st > century. So, I doubt your niece's comment was just about her being a child. > > -- > Sincerly, > Rolf Nielsen User-friendliness is obviously subjective. Some people consider a system to be user-friendly if it doesn't require reading documentation to start using it. Some people consider a system to be user-friendly if there is a simply, efficient interface. It's rare to find software where both of these are true. In business, you simply can't forget the learning curve. Learning how to efficiently use Unix may not be the best use of epmployee time, since most of them know how to use Windows already. This is especially true with high-turnover rates--how much time do you want to spend training someone who will just jump ship for a better paying job in 2 years? Personally, I'm with you. I'm much more efficient on the command-line, but that's only because I've spent a not-insignificant portion of my life using it. I saw the benefits long ago, and even though there was a learning curve (imagine having to actually read documentation rather than going in blindly and clicking!), I feel that it was worth it. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: restart network without shutdown
> >-Original Message- > > >From: [EMAIL PROTECTED] > > >[mailto:[EMAIL PROTECTED] On Behalf Of Xihong Yin > > >Sent: Tuesday, August 07, 2007 6:02 PM > > >To: freebsd-questions@freebsd.org > > >Subject: restart network without shutdown > > > > > >How can I restart my network card without shutdown/reboot? I use DHCP. > > > > > >Thanks, > On Aug 7, 2007, at 10:19 AMAug 7, 2007, Narek Gharibyan wrote: > >I think the best way is > > > >/etc/netstart > > > >but when you try it via ssh connection it outputs an fatal error > >and your > >ssh hangs up. You cannot connect again via ssh. > > > >But you can do it via console and everything will ok. > > On Tue, Aug 07, 2007 at 10:42:11AM -0500, Eric Crist wrote: > Install screen from ports, run it from within screen. > > You'll still get disconnected, but you should be able to reconnect > after it's done. Screen will allow the script to complete, whereas > your ssh session is killing it half/part way through... > > HTH > > Eric Crist I'm generally a big screen advocate, but in this case, wouldn't nohup work as well? And it's in base. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: flash
On Tue, Jul 03, 2007 at 02:45:58PM +0100, RW wrote: > Can anyone comment on how well Flash9 works in a real Linux > distribution? > > In particular does it have the problem where the flash item turns > into a blank box after a few seconds. If that problem exists in Linux > there's a decent chance it will get fixed by Adobe. I get this occasionally, usually when I have multiple tabs open with Flash items on each page. Of course, I usually run Firefox with Flash Block, so I don't tend to see this frequently in that browser--only when I forget to close tabs when I'm done with them. In Opera, it's much more common, because I don't have that plugin. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Stable many-port SATA controller recommendations
On Mon, May 14, 2007 at 08:24:34PM +0200, Peter Schuller wrote: > > My main candidate is the AOC-SAT2-MV8. Can anyone offer input on the > > stability of this card in FreeBSD? It would be perfect because it is > > priced very well. > > I ended up getting an AOC-SAT2-MV8. Preliminary results are encouraging > but I have not yet run with it for that long... I'll try to remember to > post an update for interested parties and/or the archives when I have > tested it more. I'm definitely interested in hearing your results. Also, what is the model of the drives you're using with this card? Thanks! Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to find HorizSync / VertRefresh rates?
On Mon, Apr 30, 2007 at 08:33:03PM +0200, Victor Engmark wrote: > On 4/30/07, J65nko <[EMAIL PROTECTED]> wrote: > >Follow the FBSD handbook to do a 'Xorg -configure' and a test run of > >X with the generated Xorg.conf file. > > > I did. > > Then have a look at your your '/var/log/Xorg.0.log'. You will find a > >log of X using DDC to interrogate your LCD screen for it's > >capabilities and the acceptable modelines > > > Nope. Already tried that, and the capabilities were /not/ listed in the log, > the way it was described in several tutorials. > > This is starting to look like one of the most common problems in > F/OSS: Theory != Practice. In theory, any one of the methods already tried > and suggested here should work. In practice, the "documentation" > (MonitorsDB) is wrong (at least according to x.org), and none of the quoted > methods work the way they should. An interesting result is that there are > several fundamentally different tutorials for several closely related > *nixes, all of which work only on a small subset of installations. Could you post your Xorg.0.log and xorg.conf? When Theory != Practice, it's often helpful to have information like this to help determine what went wrong, so that in the future, Theory can == Practice. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Tagging email subject line with something like [fbsd-questions]
On Wed, Apr 25, 2007 at 03:47:49PM -0600, Chad Perrin wrote: > On Wed, Apr 25, 2007 at 10:38:52PM +0100, N.J. Mann wrote: > ># > > Right. In an earlier message you mentioned mutt and procmail, so > > here > > is a procmail/mutt solution. First off write a procmail recipe > > that > > matches the mail list(s) you wish to "flag". In the action line > > of said > > recipe use formail to add the header X-Status. Configure mutt to > > "high > > light" message which contain the X-Status header. ># > That's an excellent idea. Thank you. You don't need to add the header. You can "highlight" using ~C, which checks the To: or Cc: for a string. I have tested a rule in my .muttrc which does this: color index red black '(~C freebsd-question)' It seems to correctly color messages to the freebsd-questions list. In theory, you should be able to use other mutt patterns as per http://www.mutt.org/doc/manual/manual-4.html#ss4.2 This could allow you to search for the List-ID header and color/highlight based upon that. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Defending against SSH attacks with pf
On Sun, Apr 15, 2007 at 08:02:55PM -0400, Bill Moran wrote: > > There was some discussion on this list not too long ago, and someone > asked if I was willing to make my pf config and the associated scripts > I wrote for it public. I would have posted on the original thread, > but I can't find it now. > > Here is the information: > http://www.potentialtech.com/cms/node/16 > > -- > Bill Moran > http://www.potentialtech.com Hi Bill, I hope you don't mind some suggestions! Your table names (and anything else enclosed in less-than/greater-than symbols) got lost, so using the appropriate escape characters in HTML would be useful. Also, pf tables can be loaded from files containing a list of IP addresses or hostnames, one per line. My table line is as follows: table file "/etc/bruteforce_ssh" I periodically save blocked hosts to this file using a script to format and maintain uniqueness. In this way, my blocks persist across reboots. I'm just as draconian as you are in my blocking policy! Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Virally licensed code in FreeBSD kernel
On Sun, Apr 15, 2007 at 11:52:04AM -0600, Chad Perrin wrote: > On Sat, Apr 14, 2007 at 03:46:31PM -0500, Erik Osterholm wrote: > > On Sat, Apr 14, 2007 at 02:36:24PM -0600, Chad Perrin wrote: > > > > > > We're discussing what constitutes "code not goverened by the > > > terms of this license", so until that's settled you can't really > > > use that phrase as justification for your argument. Note, for > > > instance, that it makes no reference to "code that was not > > > already governed by this license". Thus, we don't know from > > > that statement whether additional code as part of a "Larger > > > Work" is excluded by that statement. > > > > Except that "code not governed by the terms of this license" seems > > obvious. If code is not released under the CDDL, it is not > > governed by the CDDL. FreeBSD is not released under the CDDL. > > FreeBSD is not governed by the CDDL. > > It may seem obvious to you. It may also seem obvious to someone > else who has a stake in believing the opposite -- and your two > obvious perceptions may not agree with one another. If your goal is to prevent lawsuits, stop now. You've already lost. You can be sued (in the US, at least) for just about anything or for any reason. If your goal is to win, should someone file a frivolous lawsuit, your above statement is irrelevant. My beliefs on the subject will not win it for me. > Look at it this way: including GPLed code in a larger codebase, > compiled as a single binary, renders the entire thing "code . . . > governed by the terms of this license", where "this license" in this > case would mean the GPL. The very fact of inclusion of the source > code changes the necessary licensing of the entire codebase. Thus, > the question of whether the larger project is "code (not) goverened > by the terms of this license" must be decided *outside of the > statement* "code not governed by the terms of this license". The GPL differs due to the wording. I think someone else already pointed this out. > > But 3.6 only requires that the "requirements of the License are > > fulfilled for the Covered Software." It doesn't say that the > > requirements of the License must be fulfilled for the Larger Work. > > The term "Covered Software" is another one of those statements like > "code not goverened by the terms of this license" which, in and of > itself, does not tell you whether or not the code in question is > govered by the terms of the license. In other words, a statement > within the license telling you what you may or may not do with > "Covered Software" doesn't, in and of itself, tell you whether a > given block of code is considered "Covered Software". It just tells > you what you may or may not do with it *if it is* "Covered > Software". > > > > Covered Software is clearly defined, and the other parts of > > FreeBSD do not fall under this definition. > > Please quote for me the relevant definitive passage. 1.3. "Covered Software" means (a) the Original Software, or (b) Modifications, or (c) the combination of files containing Original Software with files containing Modifications, in each case including portions thereof. The source files for FreeBSD are not Original Software, Modifications, and therefore cannot be the combination of files containing Original Software with files containing Modifications (as it is neither). If you need the definitions of any of the rest of the terms, feel free to visit http://www.sun.com/cddl/cddl.html Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Virally licensed code in FreeBSD kernel
On Sat, Apr 14, 2007 at 02:36:24PM -0600, Chad Perrin wrote: > On Sat, Apr 14, 2007 at 09:09:46PM +0200, Philipp Wuensche wrote: > > Chad Perrin wrote: > > > On Sat, Apr 14, 2007 at 06:55:39PM +0200, Philipp Wuensche wrote: > > >> Brett Glass wrote: > > >> > > >> So CDDL does not require to license add-ons under CDDL, GPL does. In > > >> this terms, FreeBSD is basically an add-on to the ZFS module ;-). > > > > > > The most relevant part of the CDDL seems to be section 3.6, "Larger > > > Works": > > > > > > You may create a Larger Work by combining Covered Software with other > > > code not governed by the terms of this License and distribute the > > > Larger Work as a single product. In such a case, You must make sure the > > > requirements of this License are fulfilled for the Covered Software. > > > > > > The term "Covered Software" is defined in a sufficiently ambiguous > > > manner that a court battle over whether or not a "Larger Work" would be > > > subject, in full, to the terms of the CDDL would probably be decided in > > > favor of the guy with more money: > > > > > > "Covered Software" means (a) the Original Software, or (b) > > > Modifications, or (c) the combination of files containing Original > > > Software with files containing Modifications, in each case including > > > portions thereof. > > > > But the rest of the BSD system does not fall under "Original Software", > > "Modifications" or combination of both as they are defined in this > > licsense. As I see it, it just states that everything under CDDL in the > > "Larger Work" has to be handled like that, this does not include the > > rest of the "Larger Work" which would be "code not governed by the terms > > of this License". > > We're discussing what constitutes "code not goverened by the terms of > this license", so until that's settled you can't really use that phrase > as justification for your argument. Note, for instance, that it makes > no reference to "code that was not already governed by this license". > Thus, we don't know from that statement whether additional code as part > of a "Larger Work" is excluded by that statement. Except that "code not governed by the terms of this license" seems obvious. If code is not released under the CDDL, it is not governed by the CDDL. FreeBSD is not released under the CDDL. FreeBSD is not governed by the CDDL. > > They explicitly state: "In such a case, You must make sure the > > requirements of this License are fulfilled for the _Covered Software_." > > So the requirements must be fullfilled for software under CDDL, and not > > for "code not governed by the terms of this License" (code under BSD in > > our case). > > The question here is whether code previously "not governed by the terms > of this license" is now "governed by the terms of this license". As > things currently stand, and with the ambiguous phrasing of the license, > it appears to me that this issue cannot be definitively settled without > a judicial decision (or alteration of the CDDL to clarify the matter). But 3.6 only requires that the "requirements of the License are fulfilled for the Covered Software." It doesn't say that the requirements of the License must be fulfilled for the Larger Work. Covered Software is clearly defined, and the other parts of FreeBSD do not fall under this definition. It could definitely use some clarification just to prevent silly arguments like this one, but it seems clear enough to me that FreeBSD is still free, and that the ZFS modules and source are still CDDL. Erik ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Should sudo be used?
On Thu, Apr 05, 2007 at 06:54:06PM -0700, Garrett Cooper wrote: > b) sudo can run commands directly instead of having to type in su, and > then run the command from the su'ed shell. >From man su: If the optional args are provided on the command line, they are passed to the login shell of the target login. Note that all command line argu- ments before the target login name are processed by su itself, everything after the target login name gets passed to the login shell. This lets you run commands without obtaining a full shell. > Unless you're trying to get root access and fall under point b., and > this is your own personal machine, there's basically no use in using > sudo. Besides, one less binary on your machine with those sorts of > privileges offers less methods of attacking your machine in order to get > elevated privileges. I like the logging ability. If I fatfinger a command line, I can easily go back and see exactly what I did(in case the output of the command doesn't make it obvious), and when. It's all personal preference, though. > -Garrett Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Linux "equivalent" to freebsd
On Fri, Mar 02, 2007 at 08:55:41AM +1100, Norberto Meijome wrote: > On Thu, 01 Mar 2007 11:17:10 -0800 Simon Gao <[EMAIL PROTECTED]> > wrote: > > > Why not give Gentoo Linux (www.gentoo.org) a try. By using Gentoo > > Linux, you not only get the similar port system, portage, as with > > FreeBSD, but also enjoy all the benefits Linux can provide. Gentoo > > Linux is very flexible and has a very good support community. > > risking making this a discussion about linux : I've used gentoo... > portage is OK but is nowhere near as good as the ports > collection, IMHO. First, you need to build everything from scratch, > no binary packages. There is an annoying split of portage sections > (dev | production | good | bad | pink ..whatever), that someone else > puts on you, rather than allow you to chose what to use. And masked > ports?! -USE flags are confusing, to me (global? local? ) > Anyway..maybe I haven't got the patience needed for linuxi > rather get on with life :D No binary packages? Could have fooled me. From: http://www.gentoo.org/doc/en/faq.xml#ebuilds "For full ISO releases, we create a full suite of binary packages in an enhanced .tbz2 format, which is .tar.bz2 compatible with meta-information attached to the end of the file. These can be used to install a working (though not fully optimized) version of the package quickly and efficiently." Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Problem with if_bridge and PF
On Mon, Feb 19, 2007 at 07:05:31PM +, Fab wrote: > Hello all, > > I miss, > > I have created an bridge with freebsd 6.2, I have compiled a new > kernel with if_bridge option. But I cannot ping my second > interface, the tunnel works great because packets can transit > between the two interfaces. > > Someone have an idea for resolve this problem of ping??? > > Thanks. Can you draw out a network diagram, including the bridge, the interfaces on the bridge, and the IPs? The output of ifconfig may also be useful. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
PF + if_bridge + rdr: rdr to bridge?
Hi all, I have a network set up as such: 192.168.12.14 -em1-em0- | A |---| B |---| C | - - - 192.168.12.13 192.168.12.15 B is bridging with if_bridge. C hosts a webserver. A is the client. I'm trying to selectively redirect connections from A -> C to instead talk to a service listening on B's bridge0. Nothing I try seems to work, though I could have sworn that I'd gotten this working before. Currently, connections simply hang when the rdr rule is in effect. They pass through fine if I remove the rule or disable pf. pf.conf: ext_if="em0" int_if="em1" bridge_if="bridge0" local_addr="(bridge0)" rdr pass on $int_if proto tcp from any to any port 80 -> $local_addr port 80 pass in all pass out all output of ifconfig: --- em0: flags=8943 mtu 1500 options=8 ether 00:30:48:43:7d:f8 media: Ethernet autoselect (1000baseTX ) status: active em1: flags=8943 mtu 1500 options=8 ether 00:30:48:43:7d:f9 media: Ethernet autoselect (1000baseTX ) status: active plip0: flags=108810 mtu 1500 lo0: flags=8049 mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff00 bridge0: flags=8843 mtu 1500 inet 192.168.12.14 netmask 0xff00 broadcast 192.168.12.255 ether ce:ea:e5:cd:48:bb priority 32768 hellotime 2 fwddelay 15 maxage 20 member: em1 flags=3 member: em0 flags=3 rc.conf: usbd_enable="YES" sendmail="NONE" cloned_interfaces="bridge0" ifconfig_bridge0="inet 192.168.12.14 addm em0 addm em1 up" ifconfig_em0="up" ifconfig_em1="up" pf_enable="YES" And I'll attach my dmesg. Does anyone have any ideas or suggestions? Thanks, Erik Copyright (c) 1992-2007 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 6.2-RELEASE #0: Fri Jan 12 10:40:27 UTC 2007 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC ACPI APIC Table: Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel(R) Celeron(R) CPU 2.00GHz (2000.35-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0xf29 Stepping = 9 Features=0xbfebfbff Features2=0x4400> real memory = 528416768 (503 MB) avail memory = 507670528 (484 MB) ioapic0 irqs 0-23 on motherboard kbd1 at kbdmux0 ath_hal: 0.9.17.2 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413) acpi0: on motherboard acpi0: Power Button (fixed) Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0 cpu0: on acpi0 acpi_button0: on acpi0 pcib0: port 0xcf8-0xcff on acpi0 pci0: on pcib0 agp0: mem 0xe000-0xe7ff,0xec10-0xec17 irq 16 at device 2.0 on pci0 agp0: detected 8060k stolen memory agp0: aperture size is 128M uhci0: port 0xb800-0xb81f irq 16 at device 29.0 on pci0 uhci0: [GIANT-LOCKED] usb0: on uhci0 usb0: USB revision 1.0 uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1: port 0xb000-0xb01f irq 19 at device 29.1 on pci0 uhci1: [GIANT-LOCKED] usb1: on uhci1 usb1: USB revision 1.0 uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2: port 0xb400-0xb41f irq 18 at device 29.2 on pci0 uhci2: [GIANT-LOCKED] usb2: on uhci2 usb2: USB revision 1.0 uhub2: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0: mem 0xec18-0xec1803ff irq 23 at device 29.7 on pci0 ehci0: [GIANT-LOCKED] usb3: EHCI version 1.0 usb3: companion controllers, 2 ports each: usb0 usb1 usb2 usb3: on ehci0 usb3: USB revision 2.0 uhub3: Intel EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 uhub3: 6 ports with 6 removable, self powered pcib1: at device 30.0 on pci0 pci1: on pcib1 em0: port 0xa000-0xa03f mem 0xec00-0xec01 irq 22 at device 5.0 on pci1 em0: Ethernet address: 00:30:48:43:7d:f8 em1: port 0xa400-0xa43f mem 0xec02-0xec03 irq 23 at device 6.0 on pci1 em1: Ethernet address: 00:30:48:43:7d:f9 isab0: at device 31.0 on pci0 isa0: on isab0 atapci0: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xcc00-0xcc0f mem 0xec181000-0xec1813ff at device 31.1 on pci0 ata0: on atapci0 ata1: on atapci0 pci0: at device 31.3 (no driver attached) acpi_tz0: on acpi0 fdc0: port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0 fdc0: [FAST] fd0: <1440-KB 3.5" drive> on fdc0 drive 0 sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 sio0: type 16550A sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0 sio1: type 16550A ppc0: port 0x378-0x37f,0x778-0x77b irq 7 drq 3 on acpi0 ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPA
Re: temporary IP addition to firewall rules
On Sun, Feb 04, 2007 at 10:51:58PM +0100, Erik Norgaard wrote: > Noah wrote: > > >the servers and clients are not on the same LAN segment. capturing MAC > >has nothing to do with this scenario. > > You haven't exactly told a lot about the network you want to setup. The > logic thing is to authenticate against the firewall connected to the > same subnet - and that will know the mac address. The same setup is > assumed in the scenario using pfauth (or is it authpf). It sounded a little bit like perhaps he wants to dynamically allow services temporarily, but firewall them off (using a local machine firewall rather than a dedicated firewall) all other times. Hazarding a guess, maybe this is due to the common SSH brute force attacks? :) If the firewall is PF, it's simple enough to include a table of IPs for which the service is allowed, and make the CGI on the webpage issue a "pfctl -t -T add $ENV{REMOTE_IP}" command. A separate process could watch the logs for an ssh logout and remove the IP from the table when a logout from that IP occurs. It's a dirty solution. If the problem is specifically the SSH attacks, there are better ones (denyhosts, or pf rules to block IPs dynamically when they connect too frequently), but you're right--it's hard to give good answers when the problem is so ill-defined. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Mail etiquette (was: What is this mean by this term)
On Thu, Jan 18, 2007 at 03:24:44PM -0800, Greg Albrecht wrote: > On 18/01/07, Greg 'groggy' Lehey <[EMAIL PROTECTED]> wrote: > >"Top posting" is only one issue. Others of great importance are > >trimming your posts, not breaking the lines into tiny fragments, and > >not writing one-line paragraphs. Your .sig is a good example of > >things that people should remove from replies. > > i've been wanting to chime in on this. perhaps it should be taken into > consideration that a good number of MODERN email clients support > automatic threading of messages. this allows me to see each reply to a > message after the original message, in succession. i understand that > different people configure and use their email clients in different > ways, but why is there such a pandering towards one versus the other. > my email software (gmail right now but has been mutt and thunderbird > in the past) makes it really easy for me to get the context of a > message as soon as it arrives. perhaps it's time for the rest of the > world to step up and add auto-threading to their mta's? Just a nitpick: wouldn't it be the MUA's job? Also, threading in the MUA isn't perfect because sometimes the headers are munged and the threading gets broken. The MUA can try to correct this, though it may well be unable to. Gmail, itself, appears susceptible--haven't you ever seen singleton messages that are clearly part of a mail thread? > ps: there's no need to reiterate how 'hard' it is for you to have to > 'scroll down' to read the original message in a reply, how is that any > different than me having to scroll down to read your reply? Two points here: 1) Inconsistent top/bottom posting within the same thread is a pain for everyone to read through. This almost demands that consistency be maintained, and that consistency must be determined by the community. This community generally prefers bottom-posting. which leads to: 2) As an outsider coming into a new group, it's generally considered nice to follow that group's conventions, /especially/ when it's not particularly hard to do so. While you're right that scrolling to read the original is not difficult, if the majority of people on the list (including the list admins) prefer bottom-posting, it would seem appropriate to change your own behavior rather than to expect everyone else to change theirs. Etiquette is generally just a way of showing respect for other people while interacting with them. It's not required, and it's not always easy (certainly it's harder than just doing whatever we want) but in general, I think the world is a nicer place when everyone is respectful of other people's (and their community's) wishes, as long as the wishes aren't too onerous. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Anyone using the txp interface driver?
I sent a PR in for a problem in if_txp.c back in July and haven't seen any activity on it. Now I'm not complaining--I know that the developers are pretty busy. I'm just wondering if anyone else sees this problem or if I'm just going crazy. Basically, on a clean install of 6.1-RELEASE with a 3Com 3cR990-TX-97, the card can be brought up and will talk on the network as expected. If the interface is ever brought down and then back up, it fails to talk anymore. I tested it a bit more and found that various combinations of bringing that interface up and down can eventually trigger an interrupt storm, though I have yet to learn how to consistently reproduce this. So my question--does anyone even use these cards, and if so, do you also see this behavior? Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Ctrl+Alt+number terminal switching stopped working
On Sat, Jan 28, 2006 at 10:58:10PM +1030, Ian Moore wrote: > Hi, > I've just noticed I can't switch from my X session back to the other vtty > screens using Ctrl+Alt+1, Ctrl+Alt+2 etc. > I can't seem to find any info on this - is it a known issue or is it just my > system? It seems to happen when running both kde & twm, so it's not window > manger related. > > I'm running 5.4-RELEASE and Xorg6.9 built from ports about a week ago. All > ports up to date as of 3 nights ago. > > Cheers, For starters, isn't it usually Ctrl+Alt+F1, Ctrl+Alt+F2, etc? Second, there's an option in your xorg.conf file for "DontVTSwitch". Could that have accidentally been turned on? man xorg.conf Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Share desktop with XOrg
On Wed, Jan 18, 2006 at 06:15:55PM +0100, User Gandalf wrote: > Kilian Hagemann wrote: > > >On Wednesday 18 January 2006 18:08, User Gandalf pondered: > > > > > >>Is it possible to share a desktop under the XOrg server? Is there a port > >>for this? I'm aware of the -display option of X based programs. What I > >>need is not a remote desktop connection. I would like to share my > >>desktop to another user so he can see what I see. > >> > >> > > > >Yes, the stock Xorg server doesn't though. You could use VNC, but in my > >experience that just opens up another X display where you login separately > >using kdm/gdm/xdm or whatever. > > > >I suggest you use KDE's desktop sharing (krfb, in the menu under "System", > >part of the "kdenetwork" package, tested on 3.4.1). Does what you want. > > > > > I hoped there is a more native solution. I prefer gtk over kde but what > can I do? > Thanks, The x11vnc port may do what you want. Give that a look. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD Wireless Acces Point
On Thu, Nov 24, 2005 at 05:11:04PM -0500, Tim Holmes wrote: > > I just picked up a LinkSys WMP55AG, and installed it. I added the > wlan and ath options to the kernel and rebuilt it with out fail. > I'm running 5.4-STABLE, and this machine is my gateway. It already > had 2 NICs to handle this. I know want it to handle any wireless > traffic as well. > > I've searched for Wireless Access Point HOW-TOs, and they all seem > to have out dated information. Suggesting commands that are > depreciated. None of them show how to set this up in /etc/rc.conf > either, so everything runs at boot. > > Does anybody have a recent HOW-TO that will help me set this and > wireless security up? Or any sort of notes anybody's used in the past. > > Thanks in advance for the help. > > Happy Holidays! > tdh I just did this on FreeBSD 6.0, so maybe my experiences can help. My setup: ziggy --- wireless __ inet | |==| wifinet| -|fbsd | -- | 6.0 |--| wirednet | --- wired -- ziggy serves DHCP over the wired and wireless links, and gets dhcp from inet. Obviously I have two nics and a wireless card, which happens to use the Atheros chipset. In my rc.conf, I set up my wireless card: ifconfig_ath0="ssid airport01 media autoselect mode 11g mediaopt \ hostap wepmode on wepkey `cat /etc/wepkey` channel 1 up" ifconfig_ath0_alias0="inet 192.168.1.1 netmask 255.255.255.0" and I enable ziggy as a gateway (I assume you're doing this already anyway): gateway_enable="YES" Then I bridge my wireless and wired connections. I use the new if_bridge, which isn't available in 5.4. You could probably use netgraph bridging or the deprecated kernel bridge interface. An example of netgraph bridging is in /usr/share/examples/netgraph/ether.bridge Once the interfaces are bridged, you should be golden. I run dhcpd on ath0 to server DHCP on my wired and wireless lans. Of course, the important part is the bridge. You could assign the IP to your wired and bridge the wireless to that just fine, if you already have some of that set up. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How the heck do you burn a VCD?
On Wed, Nov 23, 2005 at 10:11:57PM -0800, Michael C. Shultz wrote: > On Wednesday 23 November 2005 21:56, Louis LeBlanc wrote: > > On 11/23/05 09:35 PM, Michael C. Shultz sat at the `puter and typed: > > > On Wednesday 23 November 2005 21:20, Louis LeBlanc wrote: > > > > Hey folks. This may be slightly OT, but I just downloaded the > > > > StarWreck spoof (http://www.starwreck.com), and I'd like to get it > > > > burned to a VCD. It's in xvid/avi format, and I'm not sure what's the > > > > best way to burn this. with the following: > > > > > > > > burncd -f /dev/acd1 -d vcd > > > > star_wreck_in_the_pirkinning_subtitled_xvid.avi > > > > > > > > but it doesn't seem to play anywhere - not even my FreeBSD box - which > > > > is the only machine I can get the avi file to play in the first place > > > > (MacOs X & Windoze won't play it). How's that for FreeBSD being a > > > > better multimedia box? > > > > > > > > I have checked the disk, and it *does* appear to have been burned - so > > > > this is a coaster now. I'm guessing I just didn't understand the > > > > burncd manpage in regards to vcd burning. I also couldn't find > > > > anything but 'doze and MacOs X commercial software ads on google, even > > > > though I required either "FreeBSD" or "Linux" in my search. > > > > > > > > Anyway, I'm really a newbie with this vcd stuff, so a little leg up > > > > would be appreciated. > > > > > > > > TIA > > > > Lou > > > > > > Look in the handbook under opticle drives on how to make ISO's > > > > What, really? I haven't been able to find any indication that the VCD > > format was nothing more than an xvid AVI file in an iso filesystem. > > VCD format isn't xvid. For the most part, anything you burn to a DVD or > CD should be done as an ISO file, especially if you want the CD to > work with other OS's or DVD players :) VCD format is 1150 kbit/sec MPEG-1 at 352x288 pixels (PAL) or 352x240 pixels (NTSC). If the file isn't in this format--and given that it's an Xvid, that seems unlikely--he won't be able to make a VCD out of that file without conversion. > > Figures it would be so painfully simple - that'll play on my DVD > > player? > > Depends on your DVD player and the codecs used for the VCD. If > its encoded right it should, if not then start learning mencoder and the > art of re-encoding. Mencoder comes with mplayer and you should find a mail > list that caters to that sort of thing if your interested. I don't think codecs really come into play with VCDs. They must be mpeg1 video (and a few other limitations on audio--Google can probably help find all the specifics.) No DVD player I know of will accept a "VCD formatted" cd with mpeg-4-like content. Some DVD players will play CDs with a standard ISO filesystem that includes an xvid file, but these are generally the odd cases. As stated earlier in the thread, this would require making an ISO using mkisofs and burning that with burncd. Unless he has one of these special case players, then he'll almost certainly have to learn how to use mencoder, as you suggest. > > > > Thanks for the pointer. > > Your welcome :) > > -Mike Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: if_bridge interface confuses Windows Small Business Server 2000
On Tue, Nov 15, 2005 at 08:43:18AM -0500, Steve Bertrand wrote: > > > FreeBSD 6 came at the perfect time for me. I've just > > switched my primary desktop from Win2k to FreeBSD, and I put > > the Windows boot disk in an old machine that was heading for the skip. > > > > I wanted to access the W2k machine (fred) over VNC without > > flooding our switch, so I thought let's take advantage of the > > new features in REL 6... I added a second ethernet card to > > my FreeBSD box (alfie) and configured a bridge in /etc/rc.conf: > > > > ifconfig_rl0="DHCP" > > ifconfig_rl1="up" > > cloned_interfaces="bridge0" > > ifconfig_bridge0="addm rl0 addm rl1 up" > > gateway_enable="YES" > > > > SBS is configured to give a static DHCP lease of > > 192.168.0.181 to alfie; fred is dynamic and is currently 192.168.0.35. > > > > At first everything seemed fine, and fred operates as if it > > was plugged straight into the network. > > > > But... > > > > 1) SBS sees both machines as alfie, even though it correctly > > reports the MAC addresses of each machine > > > > 2) On alfie, when I want to make a VNC connection to fred I > > have to type "vnc viewer alfie"(!) > > > > 3) On fred, if I ping alfie it returns 192.168.0.35 as the IP > > number, not 181 which is the static lease. > > > > > > I assume this is a bug in if_bridge, only because I assumed > > that bridge > > interfaces should be transparent (and act like a physical switch). > > > > When we get some small switches in I'll use one to connect > > the two machines > > together, but I'd still like to work out what's going on > > here. Am I doing > > something wrong? > > I'm a wee bit confused here, but I do understand what you are trying to > do. > > First, did you compile a new kernel with the following option?: > > options BRIDGE This should not be necessary with if_bridge. A kernel module must be loaded before if_bridge will work, but seems to load automatically when creating the bridge interface. Alternatively, if_bridge can be compiled into the kernel with the following line: device if_bridge I've even read where the bridge(4) bridging mode is deprecated. Does anyone know if this is accurate? > Second, try giving both PC's a static IP address, and disconnect the > FBSD box entirely from the network (so you essentially have a 2 pc > network), then commence testing. > > HTH, > > Steve > > > > > > > Ashley Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"