Ftpd and man pages
Greetings, I'm running FreeBSD 6.2-Release. The man page for ftdp.conf shows some nice features that I am trying to use (e.g. user classification and homedir.) But the man page for ftpd indicates that it does not use an ftpd.conf file, which is probably why those features are not working. The man page for ftpusers also show more features but the man page for ftpd again says that users listed in ftpusers are only denied access. I'm just using the base system ftpd server. Why do the base system man pages seem to show more capablities than the ftpd server supports? What ftpd server matchs with the man pages for ftpusers and ftpd.conf? Thanks for your time, Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
problem creating filesystem snapshot
Greetings, I needed to dump the partitions on a running FreeBSD 6.1R system so I could duplicate them on a test server. The server is a Dell 2850 with the PERC 4e/Di RAID controller with 5 x 73GB disk array. So I thought I would try using the snapshot feature. I used the mksnap_ffs to create a snapshot of a 20GB partition. The command completed in about 15 - 20 seconds. I was then able to run dump against the new snap file and all seemed ok. I then tried the same thing on a 225GB partition. The mksnap_ffs command took over 30 minutes to complete. But every access to that partition after that just hung. I wanted to see the size of the snap file so I typed ls -l /home/.snap (where I had told mksnap_ffs to put the snap file) and it hung. Same thing from several logins. I figured I would have to reset the box so I typed sync, and that hung. All the time, access to other partitions was just fine (/, /usr, /var). All partitions (except /) were created with soft update enables (default when installing.) The questions. Is there anything magic about the /xxx/.snap directory in each partition? When I created the snap file for the 20GB partition, I did not put it inside the /xxx/.snap directory, and it worked fine. Is there some partition size restrictions? Thank you for your thoughts, Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
difference between deinstall and pkg_delete?
Greetings, I see in the man page for ports the following: reinstallUse this to restore a port after using pkg_delete(1) when you should have used deinstall. So I'm wondering what is the difference between pkg_delete and using "make deinstall" from within the ports directory? What does "make deinstall" do that pkg_delete does not do? What does pkg_delete do that "make deinstall" does not do? Thanks, Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
transfer speed of USB on a Dell PE2650
Greetings, I thought that an external USB hard drive would make a good backup device. So I did some trial file copies. Even though the servers USB ports are USB2.0 and the hard drive enclosure is USB2.0 I was getting a little less than 1MByte per second of throughput. I do have the ehci device as well as uhci and ohci configured into the kernel. But looking at the boot messages I do not see that it finds an ehci device, only an ohci. Has anyone gotten a full USB2.0 throughput on Dell PowerEdge server hardware? Thanks, Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
machdep.hlt_logical_cpus being ignored
Greetings All, I have installed FreeBSD 6.1 Release on a Dell 2850. I is has two Xeon CPUs. Seeing the comment in the SMP man page about hyperthreading being a problem in some situations, I added "machdep.hlt_logical_cpus=1" in /boot/loader.conf file. Upon rebooting, the system still finds four CPUs and starts all of them. I would have expected it to start only the two physical CPUs. Am I missunderstanding what machdep.hlt_logical_cpus is supposed to do? Should I even be concerned about the hyperthreading problem. This system will be an email server for a small college campus with about 2000 active accounts. Also, the man page for SMP say that the machdep.hlt_cpus can be used to halt a specific CPU. I have not set this value, but sysctl shows it has a value of 10, even before I set the machdep.hlt_logical_cpus to 1. Why would this be the default value? I would think this would mean that one of the system CPUs is halted. But dmesg output claims it launched four CPUs. Can someone fill me in on what this all means? Thanks, Jon %dmesg Copyright (c) 1992-2006 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 6.1-RELEASE #0: Thu May 18 18:49:35 PDT 2006 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/ECF Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel(R) Xeon(TM) CPU 3.00GHz (2992.70-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0xf43 Stepping = 3 Features=0xbfebfbff Features2=0x641d> AMD Features=0x2010 Logical CPUs per core: 2 real memory = 2147221504 (2047 MB) avail memory = 2100469760 (2003 MB) ACPI APIC Table: FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 cpu2 (AP): APIC ID: 6 cpu3 (AP): APIC ID: 7 ioapic0: Changing APIC ID to 8 ioapic1: Changing APIC ID to 9 ioapic1: WARNING: intbase 32 != expected base 24 ioapic2: Changing APIC ID to 10 ioapic2: WARNING: intbase 64 != expected base 56 ioapic3: Changing APIC ID to 11 ioapic3: WARNING: intbase 96 != expected base 88 ioapic0 irqs 0-23 on motherboard ioapic1 irqs 32-55 on motherboard ioapic2 irqs 64-87 on motherboard ioapic3 irqs 96-119 on motherboard kbd1 at kbdmux0 acpi0: on motherboard acpi0: Power Button (fixed) Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0 cpu0: on acpi0 cpu1: on acpi0 cpu2: on acpi0 cpu3: on acpi0 <...cut...> SMP: AP CPU #1 Launched! SMP: AP CPU #3 Launched! SMP: AP CPU #2 Launched! Trying to mount root from ufs:/dev/amrd0s1a Accounting enabled em0: link state changed to UP % %sysctl -a | grep -i cpu kern.threads.virtual_cpu: 4 kern.sched.ipiwakeup.onecpu: 0 kern.ccpu: 1948 kern.smp.maxcpus: 16 kern.smp.cpus: 4 debug.cpufreq.lowest: 0 debug.cpufreq.verbose: 0 debug.kdb.stop_cpus: 1 debug.PMAP1changedcpu: 0 hw.model: Intel(R) Xeon(TM) CPU 3.00GHz hw.ncpu: 4 hw.acpi.cpu.cx_supported: C1/0 hw.acpi.cpu.cx_lowest: C1 hw.acpi.cpu.cx_usage: 100.00% machdep.cpu_idle_hlt: 1 machdep.hlt_cpus: 10 machdep.hlt_logical_cpus: 1 machdep.logical_cpus_mask: 10 dev.cpu.0.%desc: ACPI CPU dev.cpu.0.%driver: cpu dev.cpu.0.%location: handle=\_PR_.CPU0 dev.cpu.0.%pnpinfo: _HID=none _UID=0 dev.cpu.0.%parent: acpi0 dev.cpu.1.%desc: ACPI CPU dev.cpu.1.%driver: cpu dev.cpu.1.%location: handle=\_PR_.CPU1 dev.cpu.1.%pnpinfo: _HID=none _UID=0 dev.cpu.1.%parent: acpi0 dev.cpu.2.%desc: ACPI CPU dev.cpu.2.%driver: cpu dev.cpu.2.%location: handle=\_PR_.CPU2 dev.cpu.2.%pnpinfo: _HID=none _UID=0 dev.cpu.2.%parent: acpi0 dev.cpu.3.%desc: ACPI CPU dev.cpu.3.%driver: cpu dev.cpu.3.%location: handle=\_PR_.CPU3 dev.cpu.3.%pnpinfo: _HID=none _UID=0 dev.cpu.3.%parent: acpi0 % ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
openldap-2.3 won't start on a 6.1R system
Greetings, I had a server running FreeBSD 6.0 Release with openldap 2.3.20 running fine (along with postfix, cyrus-sasl, courier-imap, bdb-4.3, etc.) I needed to move the system to new hardware, so I rebuild it using 6.1 Release. The ports tree has been updated so openldap 2.3.23 is current. After building and installing this port, and copying my config files from my 6.0 system, openldap server will not start. It silently quits with no error or log entries when run using /usr/local/etc/rc.d/slapd start. However typing: /usr/local/libexec/slapd -Tt yields: /libexec/ld-elf.so.1: /usr/local/lib/libldap_r-2.3.so.2: Undefined symbol "pthread_getconcurrency" My build options for openldap are: %cat /var/db/ports/openldap23/options # This file is auto-generated by 'make config'. # No user-servicable parts inside! # Options for openldap-server-2.3.23 _OPTIONS_READ=openldap-server-2.3.23 WITH_SASL=true WITHOUT_PERL=true WITH_SHELL=true WITHOUT_ODBC=true WITHOUT_SLP=true WITHOUT_SLAPI=true WITH_TCP_WRAPPERS=true WITH_BDB=true WITHOUT_ACCESSLOG=true WITHOUT_AUDITLOG=true WITHOUT_DENYOP=true WITHOUT_DYNGROUP=true WITHOUT_DYNLIST=true WITHOUT_LASTMOD=true WITHOUT_PPOLICY=true WITHOUT_PROXYCACHE=true WITHOUT_REFINT=true WITHOUT_RETCODE=true WITHOUT_RWM=true WITHOUT_SYNCPROV=true WITHOUT_TRANSLUCENT=true WITHOUT_UNIQUE=true WITHOUT_VALSORT=true WITHOUT_ACI=true WITH_DYNAMIC_BACKENDS=true % I don't know if this is a problem with the db43 library or something else. Any pointers are welcome. Thanks, Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
virtual not looking up quota for all accounts
Greetings, I am setting up a new email server using postfix 2.2.10 with LDAP for lookups and courier-imap. I have two accounts setup in LDAP. One is [EMAIL PROTECTED] and the other is [EMAIL PROTECTED] The logs show that for messages sent to test, there is an LDAP lookup for the maildir quota, but messages sent to test2 there is no LDAP lookup for the maildir quota. Below is my postconf -n output. Message delivery is being done with virtual that has the VDA patches. Is this a bug in the VDA patches or something more fundamental or my config messed up? Thanks for your input, Jon - %postconf -n alias_maps = command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix daemon_directory = /usr/local/libexec/postfix debug_peer_level = 2 default_destination_concurrency_limit = 2 home_mailbox = Maildir/ html_directory = no inet_interfaces = all mail_owner = postfix mail_spool_directory = /var/mail mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man message_size_limit = 1 mydestination = localhost.$mydomain, localhost mydomain = puc.edu mynetworks = 10.0.0.0/8, 192.168.0.0/16, 67.134.132.0/23 myorigin = $mydomain newaliases_path = /usr/local/bin/newaliases queue_directory = /var/spool/postfix readme_directory = no sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop unknown_local_recipient_reject_code = 550 virtual_alias_maps = ldap:/usr/local/etc/postfix/ldap_virtual_alias virtual_create_maildirsize = yes virtual_gid_maps = static:5000 virtual_mailbox_base = /home/mail virtual_mailbox_domains = puc.edu, ecf3.puc.edu virtual_mailbox_limit = 11000 virtual_mailbox_limit_maps = ldap:/usr/local/etc/postfix/ldap_vquota virtual_mailbox_limit_override = yes virtual_mailbox_maps = ldap:/usr/local/etc/postfix/ldap_virtual_acct virtual_maildir_extended = yes virtual_minimum_uid = 5000 virtual_uid_maps = static:5000 % ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
portsnap question
Greetings, Is there a utility that whould show what ports will be updated from the current "fetched" files? The man page does not indicate that there is a "show what would happen but don't do it" option. Thanks, Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Using 'incorrect' HD geometry.
On Thu, 16 Mar 2006, John Murphy wrote: > Thanks Lila, your success encouraged me to try and you were quite right > that "your win partition is pretty safe with freebsd fdisk." > > Unfortunately the install failed saying: > > Write failure on transfer! (wrote 77187 bytes of 1425408 bytes) > > And loads of errors like the following were shown on the Alt F2 screen: > > /stand/cpio: invalid header: checksum error > /stand/cpio: warning: skipped 723757 bytes of junk > /stand/cpio: : No such file or directory > /stand/cpio: invalid header: checksum error > /stand/cpio: warning: skipped 4096 bytes of junk > /stand/cpio: : No such file or directory > [...] > acd0: FAILURE - READ_BIG HARDWARE ERROR asc=0x08 ascq=0x03 error=0 > > I tried leaving the partitions (within the ad0s2 slice) as they were > first. Then I tried 'Auto defaults for all' and lastly some partition > sizes of my own. I even tried installing 5.3 which only managed to > write -1 bytes. Which is odd because it must have worked before. > > Presumably I would need to change the drive geometry in fdisk to the > figures which the BIOS indicates. Any one know the implications of > doing so for the non bsd slices? > > Thanks again. > > -- > John. > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > John, I had a similar problem while installing FreeBSD on an old HP NetServer. It looked like a hard disk problem but it turned out to be the CD drive could not read the install CD very well. Changed CD drives and everything was fine. The message about write failure I guess is due to layers of scripting not being able to pass back enough information. Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
slapd and bdb-4.2.52
Knowledgeable Ones, I'm setting up a FreeBSD 6.0 RELEASE system. I've installed from ports: courier-authlib-0.58_1 courier-imap-4.0.6_1,1 cyrus-sasl-2.1.21_2 db42-4.2.52_4 openldap-sasl-client-2.2.30 openldap-sasl-server-2.2.30 openssl-stable-0.9.7i postfix-2.2.8_2,1 and other related ports. While starting slapd I get the following log entries: Feb 15 15:24:38 ecf3 slapd[23761]: @(#) $OpenLDAP: slapd 2.2.30 (Feb 2 2006 17:42:01) $ [EMAIL PROTECTED]:/usr/ports/net/openldap22-sasl-server/work/openldap-2.2.30/servers/slapd Feb 15 15:24:38 ecf3 slapd[23761]: bdb_db_init: Initializing BDB database Feb 15 15:24:38 ecf3 slapd[23762]: slapd starting Feb 15 15:25:06 ecf3 slapd[23762]: conn=0 fd=10 ACCEPT from IP=127.0.0.1:55323 (IP=0.0.0.0:389) Feb 15 15:25:06 ecf3 slapd[23762]: conn=0 op=0 BIND dn="cn=admin,dc=ds,dc=puc,dc=edu" method=128 Feb 15 15:25:06 ecf3 slapd[23762]: conn=0 op=0 BIND dn="cn=admin,dc=ds,dc=puc,dc=edu" mech=SIMPLE ssf=0 Feb 15 15:25:06 ecf3 slapd[23762]: conn=0 op=0 RESULT tag=97 err=0 text= Feb 15 15:25:06 ecf3 slapd[23762]: conn=0 op=1 SRCH base="dc=ds,dc=puc,dc=edu" scope=2 deref=0 filter="(objectClass=*)" Feb 15 15:25:06 ecf3 slapd[23762]: bdb(dc=ds,dc=puc,dc=edu): illegal flag specified to txn_begin Feb 15 15:25:06 ecf3 slapd[23762]: bdb_txn_get: BerkeleyDB 4.2.52 library needs TXN patch! Feb 15 15:25:06 ecf3 slapd[23762]: conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=7 text= Feb 15 15:25:06 ecf3 slapd[23762]: conn=0 op=2 UNBIND Feb 15 15:25:06 ecf3 slapd[23762]: conn=0 fd=10 closed Note the complaint about needing a TXN patch. I looked at the four available patched for db-4.2.52 on sleepycat.com and none seemed related to TXN. Can this error be ignored? does anyone know how to fix it? TIA Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
sendmail, sasl, ldap
Greetings, I'm trying to implement authenticated sending of email. But I want sasl to authenticate against my LDAP server. The how-to in the FreeBSD handbook is good but assumes only local authentication. The cyrus-sasl2 and openldap ports give hints that it is possible, but I'm just not quite getting it. Are there other how-to sites that others have used successfully? Do I need to use PAM or does cyrus-sasl know how to directly query an LDAP server? I'm running a fresh FreeBSD 6.0-Release system. TIA, Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: HP NetRAID 1Si trouble [SOLVED]
On Thu, 12 Jan 2006, warren schreiner wrote: > Jon Falconer wrote: > > >Hi Everyone, > > > >I'm trying to recycle an old HP NetServer LC2000r P3/733 with 256MB RAM. > >It's been running MS Win2K for several years with no problems, but has > >become too slow for that task. I need to setup an email server for > >faculty/staff/students to do authenticated sending of email, seemed a > >perfect fit. So I started installing FreeBSD 6.0-Release like I've done > >many times before. After committing the changes, newfs claims to have > >succeeded for all partitions. But while extracting the install files it > >does not make the usual progress and fails with "Write failure on > >transfer! (wrote -1 bytes of 1425408 bytes)". Pressing alt-F2 shows the > >following messages: > > > >/stand/cpio: invalid header: checksum error > >/stand/cpio: warning: skipped 1024 bytes of junk > >/stand:cpio: :No such file or directory > > > >... ... > > > >/stand/gunzip: : invalid stored block lengths > >/stand/cpio: premature end of file > > > >I've installed 6.0-Release on several other computers with this same CD so > >I think the CD is good. The system is booting ok from the CD so I would > >think that the CD drive is ok. > > > >I've updated the firmware on the 1Si card from F.02.05 to F.02.09, the > >latest I could find on HP's web site. I tried to install FBSD 5.4-Release > >with the same results. I ran a memory test, and it made three passes of > >eleven different test with no problems found. I installed 5.4-Release on > >an HP lp1000r with a NetRAID controller several months ago and it is > >working fine. > > > >I've run out of ideas of what to try next. Does anyone else have any > >suggestions? > > > >Thanks for your time, > > > >Jon > > > >___ > >freebsd-questions@freebsd.org mailing list > >http://lists.freebsd.org/mailman/listinfo/freebsd-questions > >To unsubscribe, send any mail to "[EMAIL PROTECTED]" > > > > > > > > > > > John: > > I run both lpr's and llp2000r's had the same problem I think it is the > cd drive. for some reason the drive just does not read some cd's. I've > replaced the origional drive with an hp DVD and works like a champ. The > DVD also can be used for backup. > > warren schreiner > delta healthcare partners llc > Warren, You are absolutely right. I had begun to suspect that last night, even scrounged up another CD drive. But it was late and I had to get home. This morning I had forgetten about that until I read your note. Swapped in a different CD drive and the install completed normally. Thanks! Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
HP NetRAID 1Si trouble
Hi Everyone, I'm trying to recycle an old HP NetServer LC2000r P3/733 with 256MB RAM. It's been running MS Win2K for several years with no problems, but has become too slow for that task. I need to setup an email server for faculty/staff/students to do authenticated sending of email, seemed a perfect fit. So I started installing FreeBSD 6.0-Release like I've done many times before. After committing the changes, newfs claims to have succeeded for all partitions. But while extracting the install files it does not make the usual progress and fails with "Write failure on transfer! (wrote -1 bytes of 1425408 bytes)". Pressing alt-F2 shows the following messages: /stand/cpio: invalid header: checksum error /stand/cpio: warning: skipped 1024 bytes of junk /stand:cpio: :No such file or directory ... ... /stand/gunzip: : invalid stored block lengths /stand/cpio: premature end of file I've installed 6.0-Release on several other computers with this same CD so I think the CD is good. The system is booting ok from the CD so I would think that the CD drive is ok. I've updated the firmware on the 1Si card from F.02.05 to F.02.09, the latest I could find on HP's web site. I tried to install FBSD 5.4-Release with the same results. I ran a memory test, and it made three passes of eleven different test with no problems found. I installed 5.4-Release on an HP lp1000r with a NetRAID controller several months ago and it is working fine. I've run out of ideas of what to try next. Does anyone else have any suggestions? Thanks for your time, Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Changing maximum number of groups in FBSD - is it feasible?
On Wed, 7 Dec 2005, Ian Moore wrote: > Hi, > > I'm toying with the idea of increasing the maximum number of groups a user > can > belong to on one of my servers - we have a rather complex organisation and > we're hitting the 15 group limit for some people. > > There seems to be differing opinions on how to do this and if it's actually > feasible. One post I found said: > > > in src/sys/sys/syslimits.h there is a constant named 'NGROUPS_MAX'. > > change it to however many you need (within reason), rebuild/install world > > and kernel. > > Another said you have to change all sorts of things in the source, modify a > kernel parameter, rebuild world and rebuild any port that uses NGROUPS - > which probably means a portupgrade -fa. > > There is talk of a maxgroups() parameter in the kernel, but NOTES makes no > mention of this. > > I wonder too if some apps would need their own configuration altered to allow > them to work with the higher limit. > > So I just wanted to ask if anyone has successfully raised the NGROUPS_MAX > limit, especially when running samba & nfs on the system? > > If not, I'll work around the problem a different way. > > (BTW I'm running 5.4-RELEASE) > > Cheers, > -- > Ian > gpg key: http://home.swiftdsl.com.au/~imoore/no-spam.asc > Ian, Since you are running FreeBSD 5.x, have you considered using ACLs? See the handbook section 14.12. Jon pgpRQFNRzSigg.pgp Description: PGP signature
trying to use ACLs
Hi, I'm running FreeBSD 5.4-Release and trying to make use of the ACLs feature. I've enabled it on the partition I'm using. I can set access ACLs on a directory just fine, but whenever I try to set a default ACL, I get the following: %setfacl -dn -m g:PR:rwx test setfacl: warning: no mask entry setfacl: acl_set_file() failed for test: Invalid argument % The group PR does exist as I can change the group owner for test to PR. It complains that there is no default mask. So I try: %setfacl -d -m m::rwx test setfacl: acl_set_file() failed for test: Invalid argument % I'm guessing that the default ACLs are what are assigned to any file created inside the directory. Is this correct? If so, that is useful. Any ideas what I can try next? Thanks, Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ipfw loads with forwarding disabled
On Fri, 22 Jul 2005, Abu Khaled wrote: > On 7/22/05, Jon Falconer <[EMAIL PROTECTED]> wrote: > > I'm running FreeBSD 5.4-RELEASE. When I load ipfw.ko I get: > > > > ipfw2 initialized, divert disabled, rule-based forwarding disabled, > > default to deny, logging disabled > > > > I want to use the forward action in the rule set, logging would be nice > > too. When I try to add a rule which uses the forward action, I get: > > > > Line 2: getsockopt(IP_FW_ADD): Invalid argument > > > > and line 2 looks similar to: > > > > add 1200 forward ##.##.##.1 src-ip ##.##.##.0/23 in recv dc1 > > > > At this point I'm guessing that "rule-based forwarding disabled" has > > something to do with it no liking my rule. I tried adding "options > > IPFIREWALL_FORWARD" to the kernel config and rebuilt the kernel. But I > > still get the same message as above when loading ipfw (kernel module). > > I've perused all the relevant sections of the handbook that I could find > > without finding any more clues. What does it take to change the default > > feature set of the ipfw kernel module? Or do I have to compile it into the > > kernel to alter this? > > > > Thanks for your suggestions, > > > > Jon > > > > What value does sysctl net.inet.ip.forwarding has? > #sysctl net.inet.ip.forwarding > > -- > Regards. > Abu Khaled > sysctl values: net.inet.ip.forwarding: 1 net.inet.ip.check_interface: 0 net.inet.ip.fw.enable: 1 net.inet.ip.fw.autoinc_step: 100 net.inet.ip.fw.one_pass: 1 net.inet.ip.fw.debug: 1 net.inet.ip.fw.verbose: 1 net.inet.ip.fw.verbose_limit: 0 net.inet.ip.fw.dyn_buckets: 256 net.inet.ip.fw.curr_dyn_buckets: 256 net.inet.ip.fw.dyn_count: 0 net.inet.ip.fw.dyn_max: 4096 net.inet.ip.fw.static_count: 2 net.inet.ip.fw.dyn_ack_lifetime: 300 net.inet.ip.fw.dyn_syn_lifetime: 20 net.inet.ip.fw.dyn_fin_lifetime: 1 net.inet.ip.fw.dyn_rst_lifetime: 1 net.inet.ip.fw.dyn_udp_lifetime: 10 net.inet.ip.fw.dyn_short_lifetime: 5 net.inet.ip.fw.dyn_keepalive: 1 rc.conf values: firewall_enable="YES" firewall_script="/etc/rc.firewall" firewall_type="/root/fw-rules" firewall_quiet="NO" firewall_logging="YES" firewall_flags="" --Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
ipfw loads with forwarding disabled
I'm running FreeBSD 5.4-RELEASE. When I load ipfw.ko I get: ipfw2 initialized, divert disabled, rule-based forwarding disabled, default to deny, logging disabled I want to use the forward action in the rule set, logging would be nice too. When I try to add a rule which uses the forward action, I get: Line 2: getsockopt(IP_FW_ADD): Invalid argument and line 2 looks similar to: add 1200 forward ##.##.##.1 src-ip ##.##.##.0/23 in recv dc1 At this point I'm guessing that "rule-based forwarding disabled" has something to do with it no liking my rule. I tried adding "options IPFIREWALL_FORWARD" to the kernel config and rebuilt the kernel. But I still get the same message as above when loading ipfw (kernel module). I've perused all the relevant sections of the handbook that I could find without finding any more clues. What does it take to change the default feature set of the ipfw kernel module? Or do I have to compile it into the kernel to alter this? Thanks for your suggestions, Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
two default routes
I have two ISP connections, a 45Mb and a 6Mb. Depending on what block of local addresses a packet is coming from will determine which ISP I want to send the packet out. In essence the default route used for a packet depends on its source address (for traffic leaving our campus.) Can someone tell me what package I should read up on (ip,ipf,ipfw,other)? or if I should just do this with a real router and not FreeBSD? Thanks for your insights, Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
