Re: DVD Writer problems
On 05/06/2008, at 3:14 AM, Julien Cigar wrote: I have also this problem on almost all my machines .. the only solution I found is to disable DMA (atapi_dma), but then performances are very poor .. If you find a solution please let us know :) I tried disabling DMA 'atacontrol mode acd0 nodma' and re-initialized the channel, but it doesn't work in PIO mode either.. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
DVD Writer problems
Hello, I'v been having problems getting this DVD drive working at all, I'm running on 6.3 p1.. On boot it is detected as: acd0: DMA limited to UDMA33, controller found non-ATA66 cable acd0: DVDR at ata0-master UDMA33 Which is the first sign of trouble, it is connected by an ATA66 capable cable and I'v tried swapping over the cable to rule out a faulty cable and the message is the same. It is connected to: atapci0: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xffa0-0xffaf irq 16 at device 31.1 on pci0 ata0: on atapci0 ata1: on atapci0 When trying to use burncd on it, the drives light flashes for a while then after a delay I get: acd0: FAILURE - READ_TRACK_INFO ILLEGAL REQUEST asc=0x24 ascq=0x00 On the console and any further attempt to use the drive results in that message being repeated without any delay, also trying to use the atapiscsi device results in a similar message: acd0: FAILURE - INQUIRY ILLEGAL REQUEST asc=0x24 ascq=0x00 Any thoughts on what problem here is? It seems that the controller isn't working properly with it? Cheers, J. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Storing a copy of queued mail?
Hi, I have a 6.3 system running as a mail server, offering imap, pop3 and smtp. The smtp server can be used from anywhere because all users are required to authenticate with SMTP AUTH and it supports TLS. This is using sendmail 8.14.2. What I would like to do is have any mail submitted to the SMTP server to get automatically stored into an imap mailbox (I'm using mbox format currently) for that user, preferably based on the username they supplied to authenticate, but it could also be by the 'mail from:' field. Previously I have been configuring the users mail clients to do this, but they have proven completely unreliable and of course they may use different clients at different locations etc. Obviously having the server do this is still not 100% reliable, since they could still possibly use a different SMTP server, but I'm not going to worry about that currently as it's unlikely to happen often. It's sort of an unusual thing to have the MTA do, so I'v not been able to find anything about how I can get this to happen.. I thought maybe there might be a way to get the sent mail to be processed through procmail or something first.. Any thoughts on the best way to make this happen? Cheers, J. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Problem with rsync to smbfs over vpn
Hello all, I'm getting a lot of time out problems using rsync between a local filesystem and a remote smb filesystem that is mounted with mount_smbfs over an encrypted wan tunnel. The following are the most common error messages: rsync: recv_generator: failed to stat "somefile": Operation timed out (60) rsync: writefd_unbuffered failed to write x bytes [sender]: Broken pipe (32) io timeout after 30 seconds -- exiting rsync error: timeout in data send/receive (code 30) at io.c(180) [sender=2.6.8] rsync: writefd_unbuffered failed to write x bytes [generator]: Broken pipe (32) rsync error: error in rsync protocol data stream (code 12) at io.c(1124) [generator=2.6.8] rsync error: error in file IO (code 11) at receiver.c(253) [receiver=2.6.8] rsync: connection unexpectedly closed (x bytes received so far) [generator] What would be the likely cause of these? I'm thinking it is either some issue with the wan or tunneling, as I'v had no issues with the exact same set up over lan.. Also these errors are intermittent (though regular) and sometimes it works. The longer it takes to sync the greater the chance for errors it would seem. Thanks, Jerahmy. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Sendmail: "exposed" root, why?
On 09/01/2008, at 5:26 AM, Philip M. Gollucci wrote: There is no directive, but you can edit the resultant .cf file and remove the line C{E}root or root from that line if more than one user. Be warned, you _will_ break /etc/crontab and periodic scripts mail delivery. The reason it needs to be exposed is probably these scripts because other wise the from address for daily security scripts will be root@ rather than [EMAIL PROTECTED] Now, it so happens that most of these e-mails have the machine name in the subject or what not. I guess I will just try not exposing root and see what happens.. I don't really see why the crontab and periodic mail would get broken though? Other than it having the wrong host in the From: field, the subject line would still say the correct host.. Or will it break it in some other way? Cheers, J. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Sendmail: "exposed" root, why?
Hello, From the sendmail documentation: "There are always users that need to be "exposed" -- that is, their internal site name should be displayed instead of the masquerade name. Root is an example (which has been "exposed" by default prior to 8.10)." Is there actually any reason why root needs to be "exposed"? Root is set to an external address in aliases and it really needs to be masqueraded in order to for it to get delivered, but would that cause problems with anything? How do you stop sendmail from doing this, I don't see any directive to NOT expose root, only options to expose other addresses as well.. Perhaps there is a better way to send system mailed logs to an external address that doesn't send them from root? Thanks for any info! J. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Sendmail: sub-domain masquerade as top level
On 04/01/2008, at 7:11 PM, Jonathan McKeown wrote: On Friday 04 January 2008 01:11, Jerahmy Pocott wrote: On 04/01/2008, at 12:59 AM, Barry Byrne wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jerahmy Pocott I'm having an issue with getting sendmail to masquerade as the top level domain when the host is a sub domain. You don't say what you've tried already. I use postfix these days, but from memory, something like the following should work for you: MASQUERADE_AS(`domain.com') MASQUERADE_DOMAIN(`sub.domain.com') Sorry, I should have mentioned what I had tried: I have tried the above and the above in combination with FEATURE(`masquerade_entire_domain') and pretty much every combination of those statements all to no effect. For some reason when the masquerade domain is the top level of the actual domain, it won't change it even with those options set.. This is from my live .mc file, which definitely works: MASQUERADE_AS(`hst.org.za')dnl MASQUERADE_DOMAIN(`hst.org.za')dnl FEATURE(`masquerade_envelope')dnl FEATURE(`masquerade_entire_domain')dnl MASQUERADE_EXCEPTION(`lists.hst.org.za barley.hst.org.za akima.hst.org.za')dnl Adding FEATURE(`masquerade_envelope') fixed the issue I was having, thanks! Cheers, J. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Sendmail: sub-domain masquerade as top level
On 04/01/2008, at 12:59 AM, Barry Byrne wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jerahmy Pocott I'm having an issue with getting sendmail to masquerade as the top level domain when the host is a sub domain. For example I want server.exmaple.com to send mail as [EMAIL PROTECTED] rather than [EMAIL PROTECTED], how ever the masquerade options don't seem to work for this.. It works fine if the server is a different domain, but not when it's a sub domain.. How do I get this behavior? Jerahmy, You don't say what you've tried already. I use postfix these days, but from memory, something like the following should work for you: MASQUERADE_AS(`domain.com') MASQUERADE_DOMAIN(`sub.domain.com') Sorry, I should have mentioned what I had tried: I have tried the above and the above in combination with FEATURE(`masquerade_entire_domain') and pretty much every combination of those statements all to no effect. For some reason when the masquerade domain is the top level of the actual domain, it won't change it even with those options set.. Maybe a virtualusertable entry could do the trick? Thanks! Jerahmy. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Sendmail: sub-domain masquerade as top level
Hello, I'm having an issue with getting sendmail to masquerade as the top level domain when the host is a sub domain. For example I want server.exmaple.com to send mail as [EMAIL PROTECTED] rather than [EMAIL PROTECTED], how ever the masquerade options don't seem to work for this.. It works fine if the server is a different domain, but not when it's a sub domain.. How do I get this behavior? Thanks, J. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Difficulties establishing VPN tunnel with IPNAT
On 27/11/2007, at 5:49 PM, Ted Mittelstaedt wrote: -Original Message- From: Jerahmy Pocott [mailto:[EMAIL PROTECTED] Sent: Sunday, November 25, 2007 4:48 AM To: Ted Mittelstaedt Cc: FreeBSD Questions Subject: Re: Difficulties establishing VPN tunnel with IPNAT Perhaps, but I'v heard a lot of good things about IPF and IPNAT, especially since the nat is all in kernel where as natd is userland, so there is a slight performance boost possibly there as well.. I will address this one point here since it's enough to make someone scream, it's such an old chestnut. natd is always criticized because going to userland is slow. So, people who have slowness problems think that is the issue. In reality, the problem is that the DEFAULT setup and man page examples for natd use the following ipfw divert rule: /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via ed0 /sbin/ipfw add pass all from any to any This produces a rule such as the following: 00050 divert 8668 ip from any to any via de0 The problem though, is this is wrong. What it is doing is that ALL traffic that comes into and out of the box - no matter what the source and destination is - will be passed to the natd translator. What you SHOULD be using is a set of commands such: ipfw add divert natd ip from any to [outside IP address] in recv [outside interface] ipfw add divert natd ip from not [outside IP address] to any out recv [inside interface] xmit [outside interface] That does make a lot of sense! How ever the 2nd rule is slightly confusing me.. Shouldn't it be something like: divert natd ip from [internal net range] to any out via [outside if]? Cheers, J. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Difficulties establishing VPN tunnel with IPNAT
On 26/11/2007, at 4:47 AM, Roger Olofsson wrote: Hello Jerahmy, Some progress it seems? Why not set it to allow gre from VPN server only? Ie pass in quick on fxp1 proto gre from to any? The way you ask your question, 'make it work without static ip or allowing all traffic', isn't that contradictory? As for the frag part, I'd say that if gre needs frag, then you will have to enable it. About the CVS, I seem to have misunderstood your question. I assumed 10.0.0.2 wanted to recieve CVS inbound and not serve it outbound, or am I mistaking again? /Roger Yes, that is what I meant by 'static ip' I could allow all gre from the specific ip address but I would prefer that gre traffic be allowed from a host only when an existing connection has been opened to it.. 10.0.0.2 is a CVS server. It seems to me that natd works better with ipsec ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Difficulties establishing VPN tunnel with IPNAT
On 26/11/2007, at 1:00 AM, Roger Olofsson wrote: Hello Jerahmy, (sorry for top-posting, btw). Gre is protocol 47. In your firewall rules you only allow/block protocols tcp/udp/icmp. If you want to use PPTP you will need to allow both the port and the protocol for it. I put: pass out quick on fxp1 proto gre from any to any keep state This allowed the PPTP connection to establish, how ever trying to use apps over that connection resulted in: fxp1 (block all rule) b x.x.x.x -> 10.0.0.3 PR gre len 20 (53) (frag 57516:[EMAIL PROTECTED]) IN bad NAT By placing to rule: pass in quick on fxp1 proto gre from any to any and allowing frags everything started working properly, but allowing all gre traffic in doesn't seem like a good idea.. Is there any way to make this work without putting static ip address rules or allowing all traffic? In your original question you mentioned having problems with CVS. From the looks of it, you redirect CVS to 10.0.0.2, meaning that all users on that machine can use CVS. The redirect rule is supposed to redirect connections to CVS on the external interface to 10.0.0.2 on the internal lan, where the CVS server is actually running. Cheers, J. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Difficulties establishing VPN tunnel with IPNAT
Perhaps, but I'v heard a lot of good things about IPF and IPNAT, especially since the nat is all in kernel where as natd is userland, so there is a slight performance boost possibly there as well.. It is not difficult to switch back to my old set up, but I thought I would give it a chance, since I'v not used IPF before I figured it was likely something I'v done wrong rather than something wrong with the program! I like the rule format in ipf and how simple it is to change ipnat rules on the fly without dumping current mappings. And it SHOULD work just as well as natd? On 25/11/2007, at 10:42 PM, Ted Mittelstaedt wrote: That's an absolutely terrible reason. On FreeBSD and the other open source operating systems there are always multiple ways to solve a problem. While in a few situations it can definitively be stated that one program is better (for example, sendmail is obviously superior to qmail) in most situations the different programs are merely different. The "better" one is the one that works for YOUR problem the best. Not the one that works for someone else's problem. ipf is no better than ipfw for most purposes, it's just different. In this case, you had a working solution and now you don't. So, clearly, in your case, it's WORSE. Ted -Original Message- From: Jerahmy Pocott [mailto:[EMAIL PROTECTED] Sent: Sunday, November 25, 2007 2:12 AM To: Ted Mittelstaedt Cc: Roger Olofsson; FreeBSD Questions Subject: Re: Difficulties establishing VPN tunnel with IPNAT Well the main reason is that it was part of IPF, and IPF seemed to be better than IPFW? So when trying out IPF I also used IPNAT.. I had no problems with natd but it seemed I should use the IPNAT if I was using IPF? On 25/11/2007, at 8:00 PM, Ted Mittelstaedt wrote: The other thing you can do is simply switch back to natd. You didn't say why you decided to switch in the first place. A lot of times people switch because they are having problems with natd. Are you? If not, you should be aware that natd does support more kinds of protocol translations. Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Roger Olofsson Sent: Saturday, November 24, 2007 2:09 PM To: Jerahmy Pocott Cc: FreeBSD Questions Subject: Re: Difficulties establishing VPN tunnel with IPNAT Hello again Jerahmy, I would suggest that you verify what port(s) and protocol(s) 'Sonic Wall Global VPN Client' needs to work. I would also suggest that you look in the logfile from ipf to see what it's blocking and when. My guess is that the VPN client is using a protocol like IPSEC (IP protocol 50) and possibly port 500 (IKE) for which you will have to activate the ipnat proxy. map WAN internal_ip/24 -> 0.0.0.0/32 proxy port 500 ipsec/udp You might also try to disable the blocking of fragged packets. For some VPN clients this can cause problems. Good luck! /Roger Jerahmy Pocott skrev: Sorry let me clarify.. There are two issues, one is connecting to any external VPN, with no filter I can establish a connection to PPTP VPN, but the 'Sonic Wall Global VPN Client' still fails to connect even with no filter rules. The redirect for the CVS server has an ipf rule to allow traffic on that port, but users are getting connection refused messages. I will include my ipf rules, I clearly need some sort of rule to allow inbound for the VPN to work, though I think the ipnat is breaking the Sonic Wall client. Which is strange because everything worked fine with ipfw/natd. Here are my ipf rules: # Allow all in/out on internel interface pass in quick on fxp0 all pass out quick on fxp0 all # Allow all in/out on loopback interface pass in quick on lo0 all pass out quick on lo0 all # Allow all out-going on public interface and keep state pass out quick on fxp1 proto tcp from any to any flags S keep state pass out quick on fxp1 proto udp from any to any keep state pass out quick on fxp1 proto icmp from any to any keep state # Block all inbound traffic from non-routable or reserved address spaces block in quick on fxp1 from 192.168.0.0/16 to any#RFC 1918 private IP block in quick on fxp1 from 172.16.0.0/12 to any #RFC 1918 private IP block in quick on fxp1 from 10.0.0.0/8 to any#RFC 1918 private IP block in quick on fxp1 from 127.0.0.0/8 to any #loopback block in quick on fxp1 from 0.0.0.0/8 to any #loopback block in quick on fxp1 from 169.254.0.0/16 to any#DHCP auto- config block in quick on fxp1 from 192.0.2.0/24 to any #reserved for docs block in quick on fxp1 from 204.152.64.0/23 to any #Sun cluster interconnect block in quick on fxp1 from 224.0.0.0/3 to any #Class D & E multicast # Block frags block in quick on fxp1 all with frags # Block short tcp packets block in quick on fxp1 proto tcp all with short # block source routed packets block in quick o
Re: Difficulties establishing VPN tunnel with IPNAT
The Sonic Wall client doesn't trigger ANY firewall rules, which is why I thought there must be something going wrong with the NAT. It actually establishes the tunnel okay but never gets an IP address, from my understanding this client uses some sort of dhcp over ipsec to provision the client address.. What I am getting using the standard PPTP method are a bunch of hits: fxp1 @0:25 b x.x.x.x -> 10.0.0.3 PR gre len 20 (93) IN NAT (rule @0:25 is the final 'block all' rule) What is protocol 'gre'? Why is a NAT'd packet getting blocked?! Thanks! J. On 25/11/2007, at 9:09 AM, Roger Olofsson wrote: Hello again Jerahmy, I would suggest that you verify what port(s) and protocol(s) 'Sonic Wall Global VPN Client' needs to work. I would also suggest that you look in the logfile from ipf to see what it's blocking and when. My guess is that the VPN client is using a protocol like IPSEC (IP protocol 50) and possibly port 500 (IKE) for which you will have to activate the ipnat proxy. map WAN internal_ip/24 -> 0.0.0.0/32 proxy port 500 ipsec/udp You might also try to disable the blocking of fragged packets. For some VPN clients this can cause problems. Good luck! /Roger Jerahmy Pocott skrev: Sorry let me clarify.. There are two issues, one is connecting to any external VPN, with no filter I can establish a connection to PPTP VPN, but the 'Sonic Wall Global VPN Client' still fails to connect even with no filter rules. The redirect for the CVS server has an ipf rule to allow traffic on that port, but users are getting connection refused messages. I will include my ipf rules, I clearly need some sort of rule to allow inbound for the VPN to work, though I think the ipnat is breaking the Sonic Wall client. Which is strange because everything worked fine with ipfw/natd. Here are my ipf rules: # Allow all in/out on internel interface pass in quick on fxp0 all pass out quick on fxp0 all # Allow all in/out on loopback interface pass in quick on lo0 all pass out quick on lo0 all # Allow all out-going on public interface and keep state pass out quick on fxp1 proto tcp from any to any flags S keep state pass out quick on fxp1 proto udp from any to any keep state pass out quick on fxp1 proto icmp from any to any keep state # Block all inbound traffic from non-routable or reserved address spaces block in quick on fxp1 from 192.168.0.0/16 to any#RFC 1918 private IP block in quick on fxp1 from 172.16.0.0/12 to any #RFC 1918 private IP block in quick on fxp1 from 10.0.0.0/8 to any#RFC 1918 private IP block in quick on fxp1 from 127.0.0.0/8 to any #loopback block in quick on fxp1 from 0.0.0.0/8 to any #loopback block in quick on fxp1 from 169.254.0.0/16 to any#DHCP auto- config block in quick on fxp1 from 192.0.2.0/24 to any #reserved for docs block in quick on fxp1 from 204.152.64.0/23 to any #Sun cluster interconnect block in quick on fxp1 from 224.0.0.0/3 to any #Class D & E multicast # Block frags block in quick on fxp1 all with frags # Block short tcp packets block in quick on fxp1 proto tcp all with short # block source routed packets block in quick on fxp1 all with opt lsrr block in quick on fxp1 all with opt ssrr # Block anything with special options block in quick on fxp1 all with ipopts # Block public pings block in quick on fxp1 proto icmp all icmp-type 8 # Block ident block in quick on fxp1 proto tcp from any to any port = 113 # Block all Netbios service. 137=name, 138=datagram, 139=session # Block MS/Windows hosts2 name server requests 81 block in quick on fxp1 proto tcp/udp from any to any port = 137 block in quick on fxp1 proto tcp/udp from any to any port = 138 block in quick on fxp1 proto tcp/udp from any to any port = 139 block in quick on fxp1 proto tcp/udp from any to any port = 81 # Allow CVS access pass in quick on fxp1 proto tcp/udp from any to any port = 2401 # Logged Blocking Rules # # Block nmap OS fingerprint attempts block in log first quick on fxp1 proto tcp from any to any flags FUP # Block all other in coming traffic block in log first quick on fxp1 all Thanks for the help! J. On 25/11/2007, at 12:50 AM, Roger Olofsson wrote: Hello Jerahmy, Assuming you want to connect from the outside to your VPN. Have you made sure that port 2401 is open for inbound traffic in your ipf.rules? You might also want to do 'ipnat -C -f '. Man ipnat ;^) Greeting from Sweden /Roger Jerahmy Pocott skrev: Hello, I recently decided to give ipf and ipnat a try, previously I had always been using ipfw and natd. Since switching over I can no longer establish a VPN tunnel from any system behind the gateway. I did 'ipf -F a' to flush all rules but I was still unable to connect so I think it's a problem with ipnat? Also my redirect from ipnat doesn't seem to work either. These are the only ipnat rules
Re: Difficulties establishing VPN tunnel with IPNAT
Well the main reason is that it was part of IPF, and IPF seemed to be better than IPFW? So when trying out IPF I also used IPNAT.. I had no problems with natd but it seemed I should use the IPNAT if I was using IPF? On 25/11/2007, at 8:00 PM, Ted Mittelstaedt wrote: The other thing you can do is simply switch back to natd. You didn't say why you decided to switch in the first place. A lot of times people switch because they are having problems with natd. Are you? If not, you should be aware that natd does support more kinds of protocol translations. Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Roger Olofsson Sent: Saturday, November 24, 2007 2:09 PM To: Jerahmy Pocott Cc: FreeBSD Questions Subject: Re: Difficulties establishing VPN tunnel with IPNAT Hello again Jerahmy, I would suggest that you verify what port(s) and protocol(s) 'Sonic Wall Global VPN Client' needs to work. I would also suggest that you look in the logfile from ipf to see what it's blocking and when. My guess is that the VPN client is using a protocol like IPSEC (IP protocol 50) and possibly port 500 (IKE) for which you will have to activate the ipnat proxy. map WAN internal_ip/24 -> 0.0.0.0/32 proxy port 500 ipsec/udp You might also try to disable the blocking of fragged packets. For some VPN clients this can cause problems. Good luck! /Roger Jerahmy Pocott skrev: Sorry let me clarify.. There are two issues, one is connecting to any external VPN, with no filter I can establish a connection to PPTP VPN, but the 'Sonic Wall Global VPN Client' still fails to connect even with no filter rules. The redirect for the CVS server has an ipf rule to allow traffic on that port, but users are getting connection refused messages. I will include my ipf rules, I clearly need some sort of rule to allow inbound for the VPN to work, though I think the ipnat is breaking the Sonic Wall client. Which is strange because everything worked fine with ipfw/natd. Here are my ipf rules: # Allow all in/out on internel interface pass in quick on fxp0 all pass out quick on fxp0 all # Allow all in/out on loopback interface pass in quick on lo0 all pass out quick on lo0 all # Allow all out-going on public interface and keep state pass out quick on fxp1 proto tcp from any to any flags S keep state pass out quick on fxp1 proto udp from any to any keep state pass out quick on fxp1 proto icmp from any to any keep state # Block all inbound traffic from non-routable or reserved address spaces block in quick on fxp1 from 192.168.0.0/16 to any#RFC 1918 private IP block in quick on fxp1 from 172.16.0.0/12 to any #RFC 1918 private IP block in quick on fxp1 from 10.0.0.0/8 to any#RFC 1918 private IP block in quick on fxp1 from 127.0.0.0/8 to any #loopback block in quick on fxp1 from 0.0.0.0/8 to any #loopback block in quick on fxp1 from 169.254.0.0/16 to any#DHCP auto- config block in quick on fxp1 from 192.0.2.0/24 to any #reserved for docs block in quick on fxp1 from 204.152.64.0/23 to any #Sun cluster interconnect block in quick on fxp1 from 224.0.0.0/3 to any #Class D & E multicast # Block frags block in quick on fxp1 all with frags # Block short tcp packets block in quick on fxp1 proto tcp all with short # block source routed packets block in quick on fxp1 all with opt lsrr block in quick on fxp1 all with opt ssrr # Block anything with special options block in quick on fxp1 all with ipopts # Block public pings block in quick on fxp1 proto icmp all icmp-type 8 # Block ident block in quick on fxp1 proto tcp from any to any port = 113 # Block all Netbios service. 137=name, 138=datagram, 139=session # Block MS/Windows hosts2 name server requests 81 block in quick on fxp1 proto tcp/udp from any to any port = 137 block in quick on fxp1 proto tcp/udp from any to any port = 138 block in quick on fxp1 proto tcp/udp from any to any port = 139 block in quick on fxp1 proto tcp/udp from any to any port = 81 # Allow CVS access pass in quick on fxp1 proto tcp/udp from any to any port = 2401 # Logged Blocking Rules # # Block nmap OS fingerprint attempts block in log first quick on fxp1 proto tcp from any to any flags FUP # Block all other in coming traffic block in log first quick on fxp1 all Thanks for the help! J. On 25/11/2007, at 12:50 AM, Roger Olofsson wrote: Hello Jerahmy, Assuming you want to connect from the outside to your VPN. Have you made sure that port 2401 is open for inbound traffic in your ipf.rules? You might also want to do 'ipnat -C -f '. Man ipnat ;^) Greeting from Sweden /Roger Jerahmy Pocott skrev: Hello, I recently decided to give ipf and ipnat a try, previously I had always been using ipfw and natd. Since switching over I can no longer establish a VPN tunnel from any system behind the gateway. I did 'ipf -F a' to flush all r
Re: Difficulties establishing VPN tunnel with IPNAT
Sorry let me clarify.. There are two issues, one is connecting to any external VPN, with no filter I can establish a connection to PPTP VPN, but the 'Sonic Wall Global VPN Client' still fails to connect even with no filter rules. The redirect for the CVS server has an ipf rule to allow traffic on that port, but users are getting connection refused messages. I will include my ipf rules, I clearly need some sort of rule to allow inbound for the VPN to work, though I think the ipnat is breaking the Sonic Wall client. Which is strange because everything worked fine with ipfw/natd. Here are my ipf rules: # Allow all in/out on internel interface pass in quick on fxp0 all pass out quick on fxp0 all # Allow all in/out on loopback interface pass in quick on lo0 all pass out quick on lo0 all # Allow all out-going on public interface and keep state pass out quick on fxp1 proto tcp from any to any flags S keep state pass out quick on fxp1 proto udp from any to any keep state pass out quick on fxp1 proto icmp from any to any keep state # Block all inbound traffic from non-routable or reserved address spaces block in quick on fxp1 from 192.168.0.0/16 to any#RFC 1918 private IP block in quick on fxp1 from 172.16.0.0/12 to any #RFC 1918 private IP block in quick on fxp1 from 10.0.0.0/8 to any#RFC 1918 private IP block in quick on fxp1 from 127.0.0.0/8 to any #loopback block in quick on fxp1 from 0.0.0.0/8 to any #loopback block in quick on fxp1 from 169.254.0.0/16 to any#DHCP auto-config block in quick on fxp1 from 192.0.2.0/24 to any #reserved for docs block in quick on fxp1 from 204.152.64.0/23 to any #Sun cluster interconnect block in quick on fxp1 from 224.0.0.0/3 to any #Class D & E multicast # Block frags block in quick on fxp1 all with frags # Block short tcp packets block in quick on fxp1 proto tcp all with short # block source routed packets block in quick on fxp1 all with opt lsrr block in quick on fxp1 all with opt ssrr # Block anything with special options block in quick on fxp1 all with ipopts # Block public pings block in quick on fxp1 proto icmp all icmp-type 8 # Block ident block in quick on fxp1 proto tcp from any to any port = 113 # Block all Netbios service. 137=name, 138=datagram, 139=session # Block MS/Windows hosts2 name server requests 81 block in quick on fxp1 proto tcp/udp from any to any port = 137 block in quick on fxp1 proto tcp/udp from any to any port = 138 block in quick on fxp1 proto tcp/udp from any to any port = 139 block in quick on fxp1 proto tcp/udp from any to any port = 81 # Allow CVS access pass in quick on fxp1 proto tcp/udp from any to any port = 2401 # Logged Blocking Rules # # Block nmap OS fingerprint attempts block in log first quick on fxp1 proto tcp from any to any flags FUP # Block all other in coming traffic block in log first quick on fxp1 all Thanks for the help! J. On 25/11/2007, at 12:50 AM, Roger Olofsson wrote: Hello Jerahmy, Assuming you want to connect from the outside to your VPN. Have you made sure that port 2401 is open for inbound traffic in your ipf.rules? You might also want to do 'ipnat -C -f '. Man ipnat ;^) Greeting from Sweden /Roger Jerahmy Pocott skrev: Hello, I recently decided to give ipf and ipnat a try, previously I had always been using ipfw and natd. Since switching over I can no longer establish a VPN tunnel from any system behind the gateway. I did 'ipf -F a' to flush all rules but I was still unable to connect so I think it's a problem with ipnat? Also my redirect from ipnat doesn't seem to work either. These are the only ipnat rules I have: (fxp1 is the external interface) # ipnat built in ftp proxy rules map fxp1 10.0.0.0/24 -> 0/32 proxy port 21 ftp/tcp map fxp1 0.0.0.0/0 -> 0/32 proxy port 21 ftp/tcp # CVS Server on Fileserv rdr fxp1 0/32 port 2401 -> 10.0.0.2 port 2401 tcp/udp # nat all out going traffic on fxp1 from internal lan map fxp1 10.0.0.0/24 -> 0/32 I can post my firewall rules too if that would help, however with NO rules set it still didn't work so I don't think that would help.. (I'm using the klm which is default to accept?) Thanks! J. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions- [EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions- [EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Difficulties establishing VPN tunnel with IPNAT
Sorry, the issue is connecting TO any out side VPN, not connecting from outside. I tested with ipf set to accept all and it still failed, so I figured it must be ipnat.. I had no issues when using ipfw/natd. On 25/11/2007, at 12:50 AM, Roger Olofsson wrote: Hello Jerahmy, Assuming you want to connect from the outside to your VPN. Have you made sure that port 2401 is open for inbound traffic in your ipf.rules? You might also want to do 'ipnat -C -f '. Man ipnat ;^) Greeting from Sweden /Roger Jerahmy Pocott skrev: Hello, I recently decided to give ipf and ipnat a try, previously I had always been using ipfw and natd. Since switching over I can no longer establish a VPN tunnel from any system behind the gateway. I did 'ipf -F a' to flush all rules but I was still unable to connect so I think it's a problem with ipnat? Also my redirect from ipnat doesn't seem to work either. These are the only ipnat rules I have: (fxp1 is the external interface) # ipnat built in ftp proxy rules map fxp1 10.0.0.0/24 -> 0/32 proxy port 21 ftp/tcp map fxp1 0.0.0.0/0 -> 0/32 proxy port 21 ftp/tcp # CVS Server on Fileserv rdr fxp1 0/32 port 2401 -> 10.0.0.2 port 2401 tcp/udp # nat all out going traffic on fxp1 from internal lan map fxp1 10.0.0.0/24 -> 0/32 I can post my firewall rules too if that would help, however with NO rules set it still didn't work so I don't think that would help.. (I'm using the klm which is default to accept?) Thanks! J. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions- [EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions- [EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Difficulties establishing VPN tunnel with IPNAT
Hello, I recently decided to give ipf and ipnat a try, previously I had always been using ipfw and natd. Since switching over I can no longer establish a VPN tunnel from any system behind the gateway. I did 'ipf -F a' to flush all rules but I was still unable to connect so I think it's a problem with ipnat? Also my redirect from ipnat doesn't seem to work either. These are the only ipnat rules I have: (fxp1 is the external interface) # ipnat built in ftp proxy rules map fxp1 10.0.0.0/24 -> 0/32 proxy port 21 ftp/tcp map fxp1 0.0.0.0/0 -> 0/32 proxy port 21 ftp/tcp # CVS Server on Fileserv rdr fxp1 0/32 port 2401 -> 10.0.0.2 port 2401 tcp/udp # nat all out going traffic on fxp1 from internal lan map fxp1 10.0.0.0/24 -> 0/32 I can post my firewall rules too if that would help, however with NO rules set it still didn't work so I don't think that would help.. (I'm using the klm which is default to accept?) Thanks! J. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
rsync to lacie disk (via samba?)
Hello, I'm wanting to use rsync from FreeBSD to some lacie ethernet disks, they have a number of access options including ftp and windows file sharing.. Would mounting the shares with samba then using rsync on the mounted samba share as though it was syncing between two local disks work properly? The other option would be to build the OS on the lacie with rsync and ssh, as it is linux based OS under GPL but I would probably rather not have to mess with it.. Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Install problems on Dell Vostro
On 11/11/2007, at 1:55 AM, Olivier GARNIER wrote: Hi, I tried with FreeBSD and FreeSBIE when I received my vostro 1700 (on septembre), and the network wasn't working well. Network, Some Xorg problems and so on ... So I installed Ubuntu 7.04 witch was the less worth (network/video worked with some adaptations). Now I've got an Ubuntu 7.10 witch is working well. If you make FreeBSD work on Vostro I'm interested. I'm going to try putting a network card in and disabling the on-board one.. The probe shows a lot of 'unknown' in relation to the ACPI, which I think is the root of all this evil. Unfortunately if I disable it the drives are no longer found.. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Install problems on Dell Vostro
On 10/11/2007, at 1:57 PM, McCy Ron wrote: I was able to get 6.2 to install on a Vostro with stock BIOS settings but couldn't get the system to recognize the network card. network. Just for reference - Knoppix, Ubuntu, FreesBie live CDs, and a straight install of Ubuntu 7.04 didn't work either. There is something strange about this computer.Windows XP, ofcourse, works. So solution is to stick another network card in it? Has anyone had this onboard card work? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
USB Console?
Hello, Firstly sorry for my recent double post mx1.freebsd.org was rejecting my mail for some reason.. I was wondering if there is any way to put the console on a USB port? Since serial and parallel ports are becoming things of the past and many systems don't come with them any more.. Serial console on USB? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Install problems on Dell 'Vostro'
Hello, I'm having difficulties getting 6.2 installed on these new Dell 'Vostro' systems. The BIOS is a Phoenix - AwardBIOS and it reports the version as 1.0.3. With the SATA controller set to IDE mode (default) in the BIOS booting FreeBSD will hang just before entering sysinstall, booting with ACPI disabled stops this but then no disk drives are found! I got around this by setting the SATA mode to RAID in the BIOS (this seems to make the disk appear as SCSI), then it doesn't crash with ACPI enabled (with ACPI disabled no disks are found still) and the disk is found. The system only has USB inputs (8 of them) and with the USB Controller set to 'High Speed' in the BIOS, the keyboard stops working once sysinstall starts (though it works in the boot menu), however setting it to 'Full/Low Speed' makes it work in sysinstall. I probably don't care about using High Speed USB devices any way, but it would be nice if they could work, but this isn't the major issue. Now finally I can get into sysinstall and partition the disk, but the network interface is not detected. It says it is an 'Intel 82562V-2' (on board), but I see no probes about it on booting FreeBSD. Is this interface supported? Any ideas on getting it detected? I feel the ACPI might be a problem? On booting it is reported as 'ACPI: Dell FX 09' Thanks! J. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Install problems on Dell Vostro
Hello, I'm having difficulties getting 6.2 installed on these new Dell 'Vostro' systems. The BIOS is a Phoenix - AwardBIOS and it reports the version as 1.0.3. With the SATA controller set to IDE mode (default) in the BIOS booting FreeBSD will hang just before entering sysinstall, booting with ACPI disabled stops this but then no disk drives are found! I got around this by setting the SATA mode to RAID in the BIOS (this seems to make the disk appear as SCSI), then it doesn't crash with ACPI enabled (with ACPI disabled no disks are found still) and the disk is found. The system only has USB inputs (8 of them) and with the USB Controller set to 'High Speed' in the BIOS, the keyboard stops working once sysinstall starts (though it works in the boot menu), however setting it to 'Full/Low Speed' makes it work in sysinstall. I probably don't care about using High Speed USB devices any way, but it would be nice if they could work, but this isn't the major issue. Now finally I can get into sysinstall and partition the disk, but the network interface is not detected. It says it is an 'Intel 82562V-2' (on board), but I see no probes about it on booting FreeBSD. Is this interface supported? Any ideas on getting it detected? I feel the ACPI might be a problem? On booting it is reported as 'ACPI: Dell FX 09' Thanks! J. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: BASH as root shell (static linking)
On 07/10/2007, at 12:56 AM, andrew clarke wrote: On Sat, Oct 06, 2007 at 04:54:26AM +1000, Jerahmy Pocott wrote: I'm wanting to use BASH as my root shell, so I compiled a statically linked version then tried to log in with only / mounted. But I was locked out because elf.ld.so could not be found.. I though elf was the native binary format these days? But it needs a library to run them? Is it possible to statically link against elf? Or do standalone binary have to be in aout format? I'm a bit confused as to why it requires this dynamic library.. I'm not sure if this helps at all, but you can build a static version of bash from the Ports tree: cd /usr/ports/shells/bash make WITH_STATIC_BASH=1 You'll need to cp bash to /bin. Thanks, that was the information I was looking for! I didn't know about that option to the port.. The problem seemed to be with the dependancies, libintl is dynamically linked to libiconv and some how that was causing it to build with a dynamic link.. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: BASH as root shell (static linking)
On 06/10/2007, at 3:25 PM, Old Ranger wrote: Hey look, BASH is not a UNIX shell. BASH occurred with Linux then carried over into FreeBSD. While it has "some" advantages, it is still a bastard. UNIX is written in "C" Want the best you can get? Use "tcsh" as a shell and let the linux community do whatever they want. I know a lot of elitists detest BASH, especially in the Linux camp (probably because zomg we can't use the default shell, we might be conforming to something and that's totally un-linuxy). But BASH is an excellent shell with most of the features from csh and ksh as well as the ability to run sh scripts. It was built to be POSIX compliant, not built for linux.. But this is all besides the point, I didn't ask what people think of BASH >.< I didn't ask how to set it as the root shell, what I asked about was creating a statically linked binary of BASH so that I COULD use it as the root shell! So that it could be used without /usr mountable.. Oh well.. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: BASH as root shell (static linking)
On 06/10/2007, at 4:59 AM, Brian A. Seklecki wrote: On Sat, 2007-10-06 at 04:54 +1000, Jerahmy Pocott wrote: Hello, I'm wanting to use BASH as my root shell, so I compiled a statically linked version then tried to log in with only / mounted. But I was locked out because elf.ld.so could not be found.. JP: Did: $ ldd /bin/bash Return anything? It should not. It's saying: libintl.so.6 => /usr/local/lib/libintl.so.6 (0x2819d000) libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x281a6000) Why is it linking these dynamically? It's not linking ncurses or libc dynamically.. Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: BASH as root shell (static linking)
On 06/10/2007, at 5:45 AM, RW wrote: On Sat, 6 Oct 2007 04:54:26 +1000 Jerahmy Pocott <[EMAIL PROTECTED]> wrote: Hello, I'm wanting to use BASH as my root shell, so I compiled a statically linked I would suggest using bash as your toor shell instead. toor exist precisely for this purpose. Yeah, I'v done that in the past, but I really dislike csh, I don't want to use it EVER =p ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
BASH as root shell (static linking)
Hello, I'm wanting to use BASH as my root shell, so I compiled a statically linked version then tried to log in with only / mounted. But I was locked out because elf.ld.so could not be found.. I though elf was the native binary format these days? But it needs a library to run them? Is it possible to statically link against elf? Or do standalone binary have to be in aout format? I'm a bit confused as to why it requires this dynamic library.. Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Files have no version after csup?
On 03/10/2007, at 10:31 PM, Jerahmy Pocott wrote: Hello, After doing a csup on src-all with tag RELENG_6_2, the source files all have their version set to $FreeBSD$ with no other information.. (This was from au mirror) Is this an error? What is going on? It seems both cvsup.au.FreeBSD.org and cvsup4.au.FreeBSD.org are missing version strings for RELENG_6_2 branch at least, the others were full so I couldn't check them.. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Files have no version after csup?
Hello, After doing a csup on src-all with tag RELENG_6_2, the source files all have their version set to $FreeBSD$ with no other information.. (This was from au mirror) Is this an error? What is going on? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Creating Custom Install Media
Hello, I'm wanting to make a custom install cd that will load up on the serial console, the documentation says all that is required is the addition of a file named boot.config with the single line "/boot/loader -h" in it. However it doesn't actually say how to then create a bootable cd image! I'm assuming the boot strap used is /boot/cdboot, but what other settings are used when creating the bootable cd image? Also does anyone know how to create one using OSX? It doesn't have mkisofs but hdiutil can create all sorts of images, including iso, however it seems to create joilet extensions differently and the filenames are all uppercase.. Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Booting to Sysinstall
On 25/09/2007, at 1:57 AM, Manolis Kiagias wrote: Jerahmy Pocott wrote: Hello, Okay so here is the situation: Server has dead fd and cd drives, or maybe none at all. You want to install FreeBSD on it. The idea I had was to create a small partition, copy the contents of a cd into, set it to boot off that partition, reboot and it would boot up into sysinstall. Would this be possible? Or is it a dumb idea? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions- [EMAIL PROTECTED]" The problem with this approach is, you actually need to boot the FreeBSD kernel to continue with the install. Just by marking a partition as bootable, will not make it boot, and neither copying the FreeBSD CD contents will. You have to write a suitable boot sector that will load the rest of the OS, be it DOS, Windows, FreeBSD or whatever. And the fact remains, to install FreeBSD you have to boot into the FreeBSD kernel. Okay, well say I used some tools to create a UFS partition, put the contents of the Boot Only iso on it and put the FreeBSD boot loader program into the MBR (it's boot0?) how could I get it to load the kernel? There seem to be a number of different boot straps, boot, cdboot, pxeboot etc, on this iso image.. I experimented with this on an existing installation and for some reason the slice I created to boot into the basic environment to install from ended up booting the existing installation instead of the version in the slice it was booting from?! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Booting to Sysinstall
Hello, Okay so here is the situation: Server has dead fd and cd drives, or maybe none at all. You want to install FreeBSD on it. The idea I had was to create a small partition, copy the contents of a cd into, set it to boot off that partition, reboot and it would boot up into sysinstall. Would this be possible? Or is it a dumb idea? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Teamspeak Server
Hello, I recently tried running the Teamspeak linux server on a 4.7ish something box with linux compat installed but all I got was "daemon failed to start" or a message similar to that with no reason or errors.. Has anyone had any success running the linux binary on FreeBSD? Would upgrading perhaps help? There is no source for it that I'm aware of, so kinda relying on the compat stuff.. Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: freebsd on memory card
On 08/09/2005, at 6:36 AM, Damon Blom wrote: Hi Still no go. will boot (very slowly) from external usb hard drive. da0 maxtor scsi -0 device 194481 mb will not boot da1 hp digital drive 976 mb (whole disk) da1s1a / da1s1d /usr I disabled hitachi drive and external maxtor drive get F1 Freebsd F5 drive1 will not let me press enter Phoenix Bios version F.35 Thank's (I can still mount it and r/w from it) Damon I would say, and this is just a guess, that the bios doesn't recognise it as a bootable device or it is unable to find/use the boot block? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Limiting closed port
On 01/09/2005, at 7:20 PM, Dark Star wrote: Hello all, Im on FreeBSD 4.8-R my logs since over 4 months always complaining from th follow: /kernel: Limiting closed port RST response from 243 to 200 packets per second /kernel: Limiting closed port RST response from 222 to 200 packets per second /kernel: Limiting closed port RST response from 238 to 200 packets per second I think its sometype of scan or attack. A scan.. If someone tries to connect to a port that has no service attached to it, by default the server will send a RST (reset) packet back (for TCP).. Someone is trying to scan you very quickly, so generating a lot of RST packets (probably scanning a very large range of ports) and the kernel is reducing the amount it will send per second.. This isn't really a problem, you can also set it so that connections to closed ports will not generate a RST response, but you would no longer be compliant with the RFCs regarding TCP connections.. If you aren't running a firewall you should probably be running one anyway since it seems your system is exposed to the outside world.. Personally I wouldn't be worried about the above log, unless you are running services which allow connections from the outside and which are possibly not very secure (public ftp, old versions of named, etc).. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How do I get packages with tgz files
On 24/08/2005, at 4:10 PM, Bharma wrote: Hi I am working with a machine with FreeBSD 4.2.8 version. I am not allowed to change the version on the machine. I want to install some packages - in particular the KDE package on the machine pkg_add ftp://pub/FreeBSD/ports/packages/kde/kde.tbz results in pkg_add responding that it does not understand tgz files. It may be that pkg_add for FreeBSD 4.2.8 is old. How do I get tgz files then. Well 4.2 is pretty old now.. But tgz files are the same as .tar.gz, it is just an abbreviation of it, it means the file has been tar'd then gzipped.. You can extract it with tar using the -z option or run gunzip on it first.. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Where to FreeBSD Boot Manager?
On 22/08/2005, at 11:22 AM, Garrett Cooper wrote: Yes, XP does have a boot manager, and I suppose I should have listed some available options when I originally replied to the email. Just thought that someone was making a split decision during an install and needed quick help. You have a few choices: 1. FreeBSD boot manager Pro: Can install just one boot manager out of the box and it takes care of detecting all of the partitions Con: If you don't like FreeBSD anymore, no more boot manager. 2. GRUB Pro: Plays nicely with Linux. Con: Still need to install FreeBSD bootloader in the boot sector of the FreeBSD partition. 3. NT bootloader Pro: Stuff's managed through XP (if you like that). Con: Still need to install FreeBSD bootloader in the boot sector of the FreeBSD partition. As to 3s Con, I'm not entirely sure you have to install the bootloader.. I think you can install a standard bootstrap, then using dd copy it and have the NT loader use it to boot the system, removing the two layers of boot manager.. I did this before with NT, but it was a while ago and I don't really remember the exact steps you need to take, but there is probably something about it you can google.. Of course using the FreeBSD manager is the much easier and simpler option, just some people seem to like the NT one better.. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Where to FreeBSD Boot Manager?
On 22/08/2005, at 12:17 AM, Soo-Hyun Choi wrote: Hi, I'm trying to install FreeBSD on my system which has two separate HDD (each has 40GB). I am already using the first drive (e.g., C drive) only for Window XP and now would like to install FreeBSD on the second drive (e.g., D drive). Which drive should I install the FreeBSD Boot Manager? That really depends on how you want to do it.. If you want the use boot manager that comes with FreeBSD you will need to install it on the primary disk (C drive).. I don't really know much about XP, but isn't it based on NT? The NT system also has its own boot manager which you could use instead.. But XP might not have it.. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Long Uptime
On 20/08/2005, at 11:34 AM, Nikolas Britton wrote: You can keep a windows 2000 system secure without patching!: * Uninstall Outlook Express and IE ( http://www.litepc.com/ ), Install Firefox and Thunderbird. * Install Perl, Uninstall WSH. * Hardware (m0n0wall) and software (stealth mode, deny all (Kerio, ZoneAlarm, etc.)) firewalls. * Virus scanner. * Remove MS JVM, install Sun's. * MS Office replaced with OpenOffice (Don't install Outlook!!!). * Subscribe to CERT advisories list. I had a running average of 30-40 days between reboots, I think the highest was 90+ days, on my main do everything and anything desktop PC (it runs FreeBSD, 6-STABLE, now). Many updates are for core things that require reboots though.. As a desktop you can get away with it.. As a server I don't think I would take the risk.. Also, in my experience windows systems start running quite slow after about 3 days of heavy load due to memory leaks and the like, which isn't so noticeable with just a web server, but on databases it gets horrible.. When I used windows I pretty much rebooted every 3-5 days due to loss in performance.. I guess newer versions might have less leaks.. But it is just as likely they have more! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Question
On 15/08/2005, at 11:04 AM, jon freddy wrote: When I get my new computer and I am going to run FreeBSD, also, I want to still run the browser Firefox. But if you go to Firefox's website it also lists other OS, but not FreeBSD. But I see that a lot of my friends that run FreeBSD use firefox. Would I install the Linux package because it is also a Unix System? The systems you see on the firefox website are just binary packages they have made for various systems. It is actually better to compile the source yourself on your own system in a lot of cases, since you can specify optimizations that they probably didn't put into their binary packages so as to make them work on lots of systems.. Just about every single application you ever want to use can be found in the ports collection, which if installed is found in /usr/ports by default.. The very lastest build of firefox may not be in a port yet (is it?) in which case if you really want it you can just download the source from their website and compile it (they probably have instructions on how to do this but generally it is just a matter of decompressing the archive and running 'configure' then 'make install' in the base directory of the archive). The linux binary package possibly will also work if you have installed the linux compatibility stuff and have the module loaded, but it is better to use native where possible! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Counter-Strike, Wine and FreeBSD
On 16/08/2005, at 5:00 AM, Andrew P. wrote: Hello! I'm sorry to bother you all guys, but this issue has really become a crusade for me :) I'm trying to play Counter-Strike 1.5 on FreeBSD - over network The easy part was to install wine, closed-source nvidia drivers, launch CS1.5 - and even play on the local listen server with some bots. Mouse was not very responsive, but overall performance was great. It should be noted that CS1.5 did not need any native dll's - only wine's built in modules. The problems start when you try to connect to a network server. It would just hang. It took me three days of messing with wine, googling, and meditating - to finally decide to ask for help at freebsd-questions :) Well my first thought is that if it works on a local server it should work on a remote one.. Perhaps you can try to connect to a server on your local network? What I'm thinking is that perhaps the remote server you are connecting to is doing something different, perhaps trying to use "punkbuster" or what ever counterstrike has as its anti cheat thing or it could be trying to download maps/textures/sounds/etc.. Have you tried different servers? When you say it hangs, what exactly happens? The program completely stops responding? Does it say anything prior to hanging? How far does the remote connection get before it stops? What if any messages are in the wine console when this happens? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Newbie needs help setting up rackmount server
On 12/08/2005, at 6:23 AM, Maude User wrote: Hello -- I recently installed FreeBSD 5.3 on my laptop and now I want to install it onto a rackmount server (hardware specs below). I hate to ask a silly question but here goes: Do I need to get a USB CD-ROM drive (and keyboard and monitor) for the server in order to install FreeBSD... or is there some way I can install onto the rackmount server from the laptop? (There's no CD-ROM on the rackmount server, but the laptop has a CD- RW/DVD+-RW.) It is possible your BIOS will actually direct display to a serial console.. I'm not sure if yours does, so if it doesn't you will probably need a keyboard/ monitor if you want to configure your BIOS, of course if you are happy with the defaults you should be able to do it all with a laptop or other system.. You will want to set your boot floppies to use the serial console, which you can read about doing here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install- advanced.html You will need a null modem cable to do this, also you will need to make sure the cable is plugged into si0 on the server (com1).. I noticed that the server has an LCD display which is possibly driven via a serial port, this could occupy si0 already.. Getting it to boot the serial console on a different port to si0 is more complex, so hopefully you won't have to.. From this point on the laptop will act like the keyboard and monitor for the system and you can install.. I would recommend using an NFS mount on your local network to install the files from since it would be the fastest (without installing a CD drive), otherwise use ftp, which will be pretty slow (depending on your internet connection) but the only other viable method for you really.. Let me know if you have any queries, it is usually pretty straight forward though =) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: fsck says "UNEXPECTED SOFT UPDATE INCONSISTENCY"
THE FOLLOWING DISK SECTORS COULD NOT BE READ: 66322510, Sounds like a HW issue to me. Anyway to confirm this? It is not a very old drive and the filesystem is still readable, I suppose it could have developed some bad sectors.. Is there a way to flag them as bad without formating the drive? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
fsck says "UNEXPECTED SOFT UPDATE INCONSISTENCY"
Hello everyone, After a server lost power unexpectedly (read: someone pulled the plug out), on reboot the automatic fsck failed with "UNEXPECTED SOFT UPDATE INCONSISTENCY" as the message. Running fsck interactively doesn't seem to be able to fix it.. Every time in phase one it says: CANNOT READ: BLK 66322496 UNEXPECTED SOFT UPDATE INCONSISTENCY CONTINUE? [yn] THE FOLLOWING DISK SECTORS COULD NOT BE READ: 66322510, and the file system is marked as dirty still.. It isn't the root partition or anything, so I can boot the system and mount it read only but I can't repair the damage.. Any ideas on what I could try to fix this? Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"