Re: IPFILTER Question
On Tue, 1 Apr 2003, Nevins, Peter wrote: > Hello. I'm a firewall admin and have run into a question regarding your OS. > A client is running IPFILTER and cannot send mail to us here. We're running > a Raptor Firewall for NT (yes, NT). He sends a SYN and my system responds > with an ACK that is more on the lines of 1 million in length over the > expected 1024. His system drops the incoming packet from me thus no email > transfer. Having no working knowledge of IPFILTER, I don't know if it's on > my end or his. Do you have any previous problems noted where Raptor > Firewalls are the common denominator? > > Thanks for any assistance you can provide in this. I have a TCPDUMP if you > would like to see it or know of anyone who could help. > > Pete We had the same problem. That Raptor Firewall SMTP proxy has some sort of spoofing protection which causes this. You can get around it by adding the following rule to IPFilter. Place this before any pass rules, and it should work. block return-rst in on xl0 proto tcp from any to any Marco Radzinschi [EMAIL PROTECTED] "Among those who dislike oppression are many who like to oppress." - Napoleon Bonaparte ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Determine ip address on tun0 for use with ipfw
On Sat, 29 Mar 2003, Martin Moeller wrote:
> Hello, list!
>
> I just read some documentation on ipfw, and also found example
> configuration files that can be used as a template.
>
> Now, I'm sitting in front of such a file and want to adapt it for
> my needs. But the first problem is already there:
>
> The file uses variables for the inside and outside interfaces.
> The inside interface is clear: It uses a normal 192.168.. address. But
> the outside interface is a DSL modem. The ethernet card is vr0 and uses
> 10.0.0.1, but the actual interface needed here is tun0 which gets a new
> ip address every time the PPP connection is established.
>
> How can I get my ip address into my rc.firewall script?
>
> Regards,
> Martin
>
> --
> Martin Möller http://www.bsdsi.com/
> GnuPG/PGP DSA ID: 0x3C979285 ICQ # 82221572
> I do not accept unsolicited commercial mail. Do not spam me!
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
>
ext_if=tun0
ext_if_address=`ifconfig $ext_if | grep "inet " | awk '{print $2}'`
Marco Radzinschi
[EMAIL PROTECTED]
"Among those who dislike oppression are
many who like to oppress." - Napoleon Bonaparte
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Mail Clients
On Tue, 11 Mar 2003, John Umina wrote: > Hi, > > I was wondering what terminal mail clients there are for FreeBSD. > > And which one is best for reply rules or reply opitons. > > Thanks I use PINE, but some people prefer mutt. Marco Radzinschi [EMAIL PROTECTED] "Among those who dislike oppression are many who like to oppress." - Napoleon Bonaparte To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: HELP 3Ware Escalade 7000-2 raid controller
On Thu, 27 Feb 2003, Hal Lynch wrote: > I am trying to install 4.7 on a system which has a > 3Ware Escalade 7000-2 raid controller. > > A look at the GENERIC configuration file shows > a twe controller for 3Ware raid subsystems. A > search of the FreeBSD docs and FAQ didn't offer > a lot of help. Google says it should work. > > Configuration: > ATA cdrom on on-board controller > 3ware 7000-2 raid card with two drives attached. > > The install process hangs when booting after the device > selection menu. > > Does anyone have any words of wisdom on how to make > this thing work? > > can I boot from a raid subsystem? > > hal Did you create a RAID array using the 3ware BIOS ? Yes, you can boot from a RAID subsystem. Marco Radzinschi E-Mail: [EMAIL PROTECTED] Thu Feb 27 22:12:30 EST 2003 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: ipf ftp proxy problem?
On 17 Feb 2003, Shane Hickey wrote: > Howdy all, > I have a freebsd firewall and I want to be able to do make both passive > and active ftp client connections from my inside network to the outside > world. I'm using ipf and ipnat compiled into the kernel. I followed > the IPF HOWTOs that I've read and I'm hitting a brick wall. > My outside interface is dc0 and let's say my outside IP is 1.1.1.1. > I've tried both of the following rules in my /etc/ipnat.rules file with > no success. > > map dc0 0/0 -> 1.1.1.1/32 proxy port 21 ftp/tcp > map dc0 0/0 -> 0/32 proxy port ftp ftp/tcp > > When I say no success, I mean that I am able to establish a remote ftp > connection, but when I do a 'ls' I get a > > 425 Can't build data connection: No route to host > > I'm sure I'm doing something foolish, so any advice would be greatly > appreciated. Oh yeah, I'm running FreeBSD5.0-release and IPF version > 3.4.29. > > Thanks in advance for any help. > > -- > Shane Hickey : Network/System Consultant > GPG KeyID: 777CBF3F > Key fingerprint: 254F B2AC 9939 C715 278C DA95 4109 9F69 777C BF3F > Listening to: MC5 - 12 I Can Only Give you Everyth Place the following BEFORE any other rules, and replace $intsubnet with your internal subnet. The second rule will allow active FTP from the firewall itself. map dc0 $intsubnet -> 1.1.1.1/32 proxy port ftp ftp/tcp map dc0 1.1.1.1/32 -> 1.1.1.1/32 proxy port ftp ftp/tcp Marco Radzinschi E-Mail: [EMAIL PROTECTED] Tue Feb 18 17:07:05 EST 2003 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: IPFW, blocking IM servers
On Tue, 21 Jan 2003, Doug Poland wrote: > Sorry for this slightly off-topic post... Is there a comprehensive > list of IM servers (names, IPs) available? I'd like to block IM > servers from certain users on my network. > > >From what I've gathered on google, the only effective stragegy is to > use firewall (in my case, IPFW) rules to block IP's, names. > > -- > Regards, > Doug Block everything going out, and set up a Squid proxy server for web access. Furthermore, only allow the Squid proxy access to HTTP port 80 and SSL port 443, and any others like gopher or FTP which you want to allow. This will take care of most rogue programs, with the exception of the newer ones like MSN, Yahoo, and AOL Messenger programs, which will use an HTTP proxy. The way to get around this is to only allow the Squid Proxy server access to the internet, run an internal nameserver, and use Squid access control lists (ACL). With ACL's, one can block entire domains, subdomains, or hosts. ACL's will also allow you to give some users full access and restrict others. Squid will do reverse DNS lookups if a user were to use an IP address instead of a domain name to bypass a block, and it will block it as well. This is where running an internal nameserver is key, and denying external DNS lookups from user machines. Since the user machines will use a Squid proxy, the proxy will do DNS lookups on their behalf. I have a text file on the Squid proxy which contains a list of blocked sites, which I include below. Only a technically astute user would be able to bypass this setup. S1ince this would require very deliberate and complicated steps, such as setting up a VPN tunnel through SSL, this would be clear grounds for termination. Here is my Squid deny list, which has blocked MSN messenger, AOL Instant Messenger, Yahoo Messenger, and various other annoyances. .login.oscar.aol.com .bucp1-vip-m.blue.aol.com .bucp2-vip-m.blue.aol.com .aim.com .messenger.hotmail.com .messenger.msn.com .messenger.microsoft.com .icq.com .csa.yahoo.com .pager.yahoo.com .msg.edit.yahoo.com .cs.yahoo.com .messenger.yahoo.com .messenger.yahoo.akadns.net .msg.yahoo.com .chat.yahoo.com .chat.sc5.yahoo.com .kazaa.com .kazaa.net .weatherbug.com .winmx.com .morpheus.com .filetopia.com .filetopia.net .filetopia.org .gnutella.com .gnutella.net .gnutella.org .jabber.com .jabber.net .jabber.org Marco Radzinschi E-Mail: [EMAIL PROTECTED] Sat Jan 25 09:39:53 EST 2003 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: DNS and DHCPD
On Thu, 9 Jan 2003 [EMAIL PROTECTED] wrote: > I would like to configure my dhcpd server (isc-dhcpd3 from ports). I would > also like to have the "options domainnameservers" (or somewhat similar) to > be dynamic, as my fBSD box is my own router. (I run a local network). The > WAN side is DHCP'd, so my IP and DNS servers are set differently each time. > > I was wondering how to set the domainname servers option in my dhcpd.conf > dynamically. Like, it would get edited each time upon bootup, and before > dhcpd even loads. > > I don't know how to even start approaching this problem, except for asking > you guys. > > Thanks so much, > > lattera Forget your ISP's DNS servers and run your own. I use bind on my firewall, and have the DHCP server hand out the firewall address as the DNS server. Not what you asked originally, but it works like a charm, especially when Comcast's DNS servers suddenly stop working. Try running /usr/sbin/named to get started. Otherwise, man named. Marco Radzinschi E-Mail: [EMAIL PROTECTED] Sat Jan 11 11:38:01 EST 2003 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: ipfilter/ipmon log msgs
On Fri, 10 Jan 2003, JoeB wrote: > I am using ipfilter for my firewall and ipmon to capture firewall > error msgs. > Where can I find description of the format of the ipmon msg text so > I can decipher what the msgs are saying? > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message > man ipmon Marco Radzinschi E-Mail: [EMAIL PROTECTED] Sat Jan 11 11:50:58 EST 2003 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Can't route past gateway
On Wed, 25 Dec 2002, Adam Lofstedt wrote:
> > yes, your message was posted. keppt it easy, it's a
> > world-wide holiday,
> > so the answers can take while. :)
> >
> Thanks... Sorry about this. I didn't mean to make it
> seem hysterical or anything.
>
> > >
> > > I have a freeBSD machine with two NICS that I am
> > using
> > > as a NAT gateway. No matter what I do, clients on
> > my
> > > LAN can't get past the gateway. They can ping
> > both
> > > the interal and external interfaces of the
> > gateway,
> > > but can't get outside.
> >
> > Either NAT is not working or the filter are blocking
> > the packets. try doing an
> > 'ipnat -l' and post the output. If the rules are
> > loaded, drop the
> > filters ('ipf -Fa') and try again from one client.
> >
> #ipnat -l
> List of active MAP/redirect filters:
> map x10 192.168.1.0/24 -> 0.0.0.0/32 portmap tcp/udp
> 4:6
> map x10 192.168.1.0/24 -> 0.0.0.0/32
>
> List of active sessions:
>
> I've tried ipf -Fa, but no luck yet.
>
> Thanks and happy holidays.
>
> Adam Lofstedt
Have you issued an "ipf -y" command to synchronize IPFilter's address with
the 0/32 rule?
Marco Radzinschi
E-Mail: [EMAIL PROTECTED]
Wed Dec 25 17:12:14 EST 2002
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
Re: Help with IPF and IPNAT
On Wed, 25 Dec 2002, [EMAIL PROTECTED] wrote: > Argh! I've been pulling my hair out trying to get my NAT gateway going. > > I have two interfaces, one external and internal, servicing a private LAN. > From the LAN I can ping the internal interface and the external interface, > but I can't get past the ext. interface. For testing my rules are pass in > all and pass out all. From the gateway itself I can ping anywhere outside > or inside. > > I have tried loading IPNAT and IPF as loadable kernel modules by adding the > following to /etc/rc.conf: > > gateway_enable="YES" > network_interfaces="x10 dc0 lo0" > ifconfig x10... > ifconfig dc0... > ipfilter_enable="YES" > ipfilter_rules="/etc/ipf.rules" > ipfilter_program="/sbin/ipf" > ipfilter_flags="" > ipnat_enable="YES" > ipnat_program="/sbin/ipnat" > ipnat_flags="" > > Each interface is up and running. My default gateway in /etc/rc.conf is > the gateway of the external NIC. > > Can anyone see anything wrong with what I am doing, or something missing? > Do I need routed installed and running? I also tried > forward_sourceroute="YES", but that didn't seem to help. > > Thanks, > Adam Lofstedt You need a MAP rule in your ipnat.rules file to map the private subnet into your public IP address (that of the gateway). If you don't have this in there, then you are not doing NAT, just packet filtering. man ipnat man 5 ipnat Marco Radzinschi E-Mail: [EMAIL PROTECTED] Wed Dec 25 17:08:12 EST 2002 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Going from Windows to X - suggestions
On Wed, 18 Dec 2002, Raphaël Dingé wrote: > >> Install KDE and/or gnome. Your call. > > > > I'm new to FreeBSD myself, having used blackbox window > > manager on a P133 with 48MB of RAM. Though it's not > > impossible, with only 16MB or RAM, GNOME or KDE would > > probably be pushing it; you'd be using your swap slice > > continuously. I recommend blackbox, though it's not > > as full-featured as the above. However, it's quite > > easy to set up. > > I'm not sure that this won't do it either. I had made an > installation of FreeBSD on old laptop with 32MB Ram. > X was taking about all of it, I did put WMaker on top of it, > which did not take too much memory itself. > I had seen that 32MB was definitively not enough, but even 48MB > would have been great ! > > Anyway, If you find some solutions with 16 MB Ram, I would be > happy to know it, since I can't use my old laptop for now. > > Thanks, > > Raphael I imagine that FVWM would work. KDE and GNOME were too slow for my taste on my Pentium II 400 machine with 384 MB RAM, so I don't want to imagine how that would run with 16 MB RAM. On the other hand, that was with XFree86 4, but it might have run well had I tried it with XFree86 3. You may want to consider not running XFree86 4. http://www.fvwm.org Marco Radzinschi E-Mail: [EMAIL PROTECTED] Wed Dec 18 09:15:47 EST 2002 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: gateway on different subnet
You need a gateway for the 10.17.47.0 network. Your cable modem should have a second, internal interface with a different IP address. Find out what that IP address is, and do a "route add -net 10.17.47.0 " Marco Radzinschi E-Mail: [EMAIL PROTECTED] Mon Dec 16 18:49:15 EST 2002 On Mon, 16 Dec 2002, J. W. Ballantine wrote: > > When I do the route add default, I get: > > tinlizzie# route -v add -net default 10.17.47.37 > u: inet 0.0.0.0; u: inet 10.17.47.37; u: inet 0.0.0.0; RTM_ADD: Add Route: len > 128, pid: 0, seq 1, errno 0, flags: > > locks: inits: > sockaddrs: > default 10.17.47.37 default > route: writing to routing socket: Network is unreachable > add net default: gateway 10.17.47.37: Network is unreachable > > > -- In Response to your message - > > > Date: Mon, 16 Dec 2002 14:46:12 -0500 (EST) > > To: "J. W. Ballantine" <[EMAIL PROTECTED]> > > From: Marco Radzinschi <[EMAIL PROTECTED]> > > Subject: Re: gateway on different subnet > > > > > > On Mon, 16 Dec 2002, J. W. Ballantine wrote: > > > > > Hi, > > > > > > In order to save the internet address space, my cable co has setup their > > > network with a live address for my > > > PC but an address on a private 10.0.0.0 network for the cable modem. > > > Now of course, this is also the > > > gateway and dhcp server. The problem is trying to get FreeBSD to use > > > this private address as the gateway for > > > the live address.This config works for windows and they claim mac > > > OS, but I can't get it to work for FreeBSD. I've tried ifconfig > > > default, but that returns NO ROUTE TO HOST, and I've thougth about using > > > an alias on the > > > NIC, but that would send it out with the private network address and not > > > be able to find its way home. > > > > > > Any of you network wizards out there have the proper spell to get this > > > working??? > > > > > > Thanks > > > > > > Jim Ballantine > > > > As lnog as your internal subnet is different from the cable modem's > > subnet, you should be fine, as the DHCP client ought to set up the default > > route for you. > > > > Otherwise, "route add default " should do it. It is my understanding > > that the default route should not be the cable modem though, since it is > > supposed to act like a bridge. > > > > AT least this is how it works for me, except that the cable modem has a > > 192.168.100.* address as well as a 10/8, but I don't have either as a > > default route. > > > > Marco Radzinschi > > E-Mail: [EMAIL PROTECTED] > > > > Mon Dec 16 14:42:22 EST 2002 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: gateway on different subnet
On Mon, 16 Dec 2002, J. W. Ballantine wrote: > Hi, > > In order to save the internet address space, my cable co has setup their > network with a live address for my > PC but an address on a private 10.0.0.0 network for the cable modem. > Now of course, this is also the > gateway and dhcp server. The problem is trying to get FreeBSD to use > this private address as the gateway for > the live address.This config works for windows and they claim mac > OS, but I can't get it to work for FreeBSD. I've tried ifconfig > default, but that returns NO ROUTE TO HOST, and I've thougth about using > an alias on the > NIC, but that would send it out with the private network address and not > be able to find its way home. > > Any of you network wizards out there have the proper spell to get this > working??? > > Thanks > > Jim Ballantine As lnog as your internal subnet is different from the cable modem's subnet, you should be fine, as the DHCP client ought to set up the default route for you. Otherwise, "route add default " should do it. It is my understanding that the default route should not be the cable modem though, since it is supposed to act like a bridge. AT least this is how it works for me, except that the cable modem has a 192.168.100.* address as well as a 10/8, but I don't have either as a default route. Marco Radzinschi E-Mail: [EMAIL PROTECTED] Mon Dec 16 14:42:22 EST 2002 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Silly cvsup question.
On 8 Dec 2002, Lowell Gilbert wrote: > mike <[EMAIL PROTECTED]> writes: > > > Hello. i use cvsup to backup certain critical folders on the machine labs, > > to the machine labs2 automatically every night. My question is this. If i > > add new stuff to say, /home/mike (or wherever) then that gets mirrored at > > night and everything does its job as i want it to. However, if i DELETE > > something from /home/mike (or whereever) It never gets deleted from labs2. > > So its not "synching" correctly. For example i just went to zip -r > > cvsup-backup cvsup-backup on labs2, so i can pull it to XP and burn it, > > and i realized it had my library still in there which i deleted months > > ago. > > cvsup isn't going to be very good at tracking which files have been > deleted on the original, unless you are pulling from a cvs repository > (that's where it keeps information on directory contents). Otherwise, > it won't know whether a file has been deleted from the original > machine, or is a local modification on the duplicate. > > Given that you're not using cvs, you'd probably do better with rsync > for this job. You could also use other tools that can keep metadata, > like dump(8) or even use the incremental facilities of Gnu tar. This is not accurate, as the cvsup CLIENT keeps directory information for the repository. When the client is run, if a file has been added on the server, it will download it. If a file has changed on the server, it will use the rsync algorithm to synchronize the files. If the client is set to delete files, it will also delete any files that it has and which the server does not. I know because I use it at work to synchronize tens of thousands of images. Rsync works, but it does not scale very well. I had to use cvsupd and cvsup because the memory usage of rsync would grow past 512 MB and it would eventually core dump. Marco Radzinschi E-Mail: [EMAIL PROTECTED] Sun Dec 8 22:13:51 EST 2002 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Silly cvsup question.
On Sat, 7 Dec 2002, mike wrote: > Hello. i use cvsup to backup certain critical folders on the machine labs, > to the machine labs2 automatically every night. My question is this. If i > add new stuff to say, /home/mike (or wherever) then that gets mirrored at > night and everything does its job as i want it to. However, if i DELETE > something from /home/mike (or whereever) It never gets deleted from labs2. > So its not "synching" correctly. For example i just went to zip -r > cvsup-backup cvsup-backup on labs2, so i can pull it to XP and burn it, > and i realized it had my library still in there which i deleted months > ago. Any help on this is appreciated, and no need to CC me, as my website > mirrors your archives and they will soon span across multiple pages as > well as be searchable. Add the following line to your supfile: *default delete Marco Radzinschi E-Mail: [EMAIL PROTECTED] Sun Dec 8 18:36:02 EST 2002 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Xwindow configuration
On Fri, 6 Dec 2002, Alvaro Rosales R. wrote: > Hi fellows I've installed Xfree withouth problems , my mouse deamon works fine , > but when the system loads Gnome my mouse goes crazy, I cant control it, > but in text mode my mouse works fine.Any Ideas? > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message > Use "Auto" mouse type and "MouseMan" when you run xf86config. Marco Radzinschi E-Mail: [EMAIL PROTECTED] Fri Dec 6 20:20:27 EST 2002 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: booting using NT boot loader
On Thu, 5 Dec 2002, Paul Root wrote: > Hi, > I used to have this working then I reimaged my > Windows 2000. > > Anyway, I have Windows 2000 on the C: (first partition) > and FreeBSD on the second. VMWare is installed on Win2000. FreeBSD > is 4.7-Stable of not that long ago. > > If switch the active partion to be the FreeBSD > partition it boots fine. However, I get a failure if I > go thru the NT boot loader. > > I copied boot1 from /boot to C:\ and called it bootsect.bsd > I do a sum on FreeBSD and on Win 2000 (cygwin what a lifesaver) and > They come up the same: > > proot@PTROOT /cygdrive/c > $ sum bootsect.bsd > 30147 1 > > proot@PTROOT /cygdrive/c > $ cat boot.ini > [boot loader] > timeout=5 > default=multi(0)disk(0)rdisk(0)partition(1)\WINNT > [operating systems] > multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 > Professional" > /fastdetect > C:\bootsect.bsd="FreeBSD" > C:\="Microsoft Windows" > > > What am I doing wrong here? I tried copying the file to a peerless > drive when just booted in FreeBSD and then moving it over with Explorer, > then I copied it in FreeBSD, gzipped it, copied it over, gunziped it in > cygwin and used mv in cygwin to rename. > > Sorry, I'm not currently on the list, don't have time to read. Any help > would be appreciated. > > Thanks, > Paul. > > > > -- > Paul T. RootE/Mail: [EMAIL PROTECTED] > 600 Stinson Blvd, Fl 1S PAG: +1 (877) 693-7155 > Minneapolis, MN 55413 WRK: +1 (612) 664-3385 > NIC:PTR FAX: +1 (612) 664-4779 Just use bootpart, and run it under windows. Tell it which partition is your FreeBSD one, and it will create the appropriate bootsector file (and entry). http://www.winimage.com/bootpart.htm Marco Radzinschi E-Mail: [EMAIL PROTECTED] Thu Dec 5 20:17:38 EST 2002 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: 4.7: Odd 'man' behavior
On Mon, 2 Dec 2002, Clint Olsen wrote: > It's possible this is cockpit fog, but I didn't notice this until I > upgraded to 4.7. Certain manpages are being rendered in such a way that > when I type 'q' to exit my PAGER (less), the pager returns to the beginning > of the document as if it doesn't exit. But what appears to be happening is > that I'm getting multiple streams of output to the TTY: > > clint 37083 0.0 0.6 1116 588 p1 S+2:24AM 0:00.03 man thttpd > clint 37084 0.0 0.3 628 308 p1 S+2:24AM 0:00.00 sh -c /usr/bin/zcat >/usr/local/man/cat8/thttpd.8.gz | less > clint 37085 0.0 0.2 604 216 p1 S+2:24AM 0:00.01 /usr/bin/zcat >/usr/local/man/cat8/thttpd.8.gz > > So, it appears that both 37084 and 37085 are writing to my TTY, which is > why it looks like it doesn't exit... > > -Clint I can second this strange behavior, but since it only happens on my firewall machine, which I rarely use interactively, I never bothered to diagnose it. As such, the only insight that I can offer is that it happens on only one of my 4.7-STABLE machines. Marco Radzinschi E-Mail: [EMAIL PROTECTED] Mon Dec 2 22:23:20 EST 2002 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: port forwarding
On Thu, 21 Nov 2002, Shvetima Gulati wrote: > > Hi all, > > What is the easiest way of forwarding a port in FreeBSD. Suppose I want > my server to listen on port 8280, but want all connection attempts to port > 80 to be forwarded to this port ... can that be done? > > Thanks, > Shv Yes, with IPFilter. In particular, you want to look at the ipnat part of IPFilter, and the rdr (redirect) keyword. Be sure to redirect to the loopback interface (lo0). man ipf man 5 ipf man ipnat man 5 ipnat Marco Radzinschi E-Mail: [EMAIL PROTECTED] Thu Nov 21 22:56:35 EST 2002 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Power off problem
On Sun, 17 Nov 2002, Vidor Demeter wrote: > Hi all, > > I used to be a SuSE user but I've decided to install FreeBSD instead, which > I do not regret. > I had some great surprises compared to Linux, and I've decided to stay with > FreeBSD! :-) > So I'm quite new to FreeBSD and I will have some questions until I get the > system run after my > whishes. The first problem is that I can not manage to configure the system > shutdown with > power off option. I've compiled the kernel with the apm option and I changed > the rc.conf > file as well, with ' apm_enable="YES" ', but no luck. After the shutdown I > have to power > off the system with the Power Off button! :-( > I can not find any further help on this but what I described here. Did I > missed something? > I have an AMD 1800+ XP CPU, with 256MB RAM and 40GB HD, Asus mobo. > Can somebody help me ? > TIA Vidor You need apmd_enable="YES" in rc.conf, and you need to recompile the kernel. There is a line in the kernel config file that reads device apm0 at nexus? disable flags 0x20 Delete the disable, rebuild kernel, and reboot. If apmd is running, which the apmd_enable line should take care of, it should work. Marco Radzinschi E-Mail: [EMAIL PROTECTED] Sun Nov 17 11:10:29 EST 2002 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: firewall
On Sat, 16 Nov 2002, nathan owens wrote: > my teacher is needing a firewall server and i thought freebsd would be > best and she thinks that it will conflict with the central servers, > where we get internet from. they have a proxy server to connect and > filter out innapropriate matieral, and i was wondering if it really > would conflict with the main servers. > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message > You can use IPFilter for firewall, and squid to connect to your internet service provider's proxy server. That is, of course, if it is an HTTP or HTTPS proxy. I don't see how it would conflict, but without further information, I can't say for sure. Marco Radzinschi E-Mail: [EMAIL PROTECTED] Sat Nov 16 19:51:17 EST 2002 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Installation of FreeBSD using volume manager
But it could be a kernel compile option, such as NetBSD's and OpenBSD's RAIDFrame. I set up a server with NetBSD with the root partition on RAID the other day - works fine. Only problem is that I had to have the kernel in a non-RAID partition. In the case of vinum, I suppose one would have to have the kernel and modules on a non-RAID partition. That is, assumming Mr. Lehey add support for this. :-) Marco Radzinschi E-Mail: [EMAIL PROTECTED] "Whoever fights monsters should see to it that in the process he does not become a monster. And when you look long into an abyss, the abyss also looks into you." -- Friedrich Nietzsche (Beyond Good and Evil) On Tue, 12 Nov 2002, Toomas Aas wrote: > Hi! > > > I would like to ask you if is possible, and after which version, > > install FreeBSD using virtual disks (like Veritas Volume Manager or VINUM). > > Is this possible? > > It seems that Greg Lehey hasn't got the time to read lists right now, > so I'll just chime in and say that TTBOMK it is not possible to have > root partition on vinum volume, at least in FreeBSD 4.x. > > It seems to me that this is kind of chicken-and-egg problem - if the > support for vinum volumes is implemented as a module (vinum.ko), then > you need to load this module before you can access the logical volume. > Hence, vinum.ko itself can't be on a vinum volume :-) > -- > Toomas Aas | [EMAIL PROTECTED] | http://www.raad.tartu.ee/~toomas/ > * ASCII stupid question, get a stupid ANSI! > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
RE: Adding additional HD space
On Sun, 10 Nov 2002, Mike Loiterman wrote: > > > The 10 GB Hard Disk should have a "BIOS Limitation" jumper that > > will make the BIOS think it is a 508 MB drive. Set that jumper, > > and the system should boot. > > I thought so too. I tried setting it, but I couldn't get it to boot. > I guess the drive *could* be damaged, but I just pulled it out of a > Windows box where it was working fine. It still has XP on it. Would > that make a difference? I never reformatted it after I pulled it > out. > You might want to check the BIOS settings. Instead of having it "autodetect" the hard disk, for example, set it to the highest that the hard disk's documentation suggests. > > Once you have that drive in there, you could create the file system > > structure on it however you want, but place the / and /boot > > partitions below 500 MB so that the system will boot when you take > > out the old drive. > > Do you mean make the / and /boot partitions *less* then 500 MB or > *below*. If you mean below, I'm not sure how to do that. Make the / and /boot partitions the first ones, and make them LESS than 500 MB, combined. Technically, the / partition includes /boot, but so you could get away with just making a / partition. Also, the limit is 504 MB, but I prefer to make / around 256 MB. > > Note that you will have to tell fdisk the correct geometry of the > > disk. > > I don't know how to do this or at least I don't remeber. When you run fdisk, you can set the correct geometry. If you are not comfortable with fdisk, then you can just run /stand/sysinstall and do it from there. Sysinstall is the FreeBSD installer, and has a menu driven partition feature. You can select it under "Configure," then "Fdisk" and "Label" appropriately. > > Otherwise, create the partitions exactly how you have them on your > > 2 GB drive, making them larger as you wish, and dump + restore the > > files from one disk to the other. > > When you say "dump + restore" you mean do a level 0 dump and then a > restore? Is that correct? Dump level 0 is the correct one, but in your particular case, you may want to use tar instead. It is up to you. Marco Radzinschi E-Mail: [EMAIL PROTECTED] "Whoever fights monsters should see to it that in the process he does not become a monster. And when you look long into an abyss, the abyss also looks into you." -- Friedrich Nietzsche (Beyond Good and Evil) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Adding additional HD space
The 10 GB Hard Disk should have a "BIOS Limitation" jumper that will make the BIOS think it is a 508 MB drive. Set that jumper, and the system should boot. Once you have that drive in there, you could create the file system structure on it however you want, but place the / and /boot partitions below 500 MB so that the system will boot when you take out the old drive. Note that you will have to tell fdisk the correct geometry of the disk. Otherwise, create the partitions exactly how you have them on your 2 GB drive, making them larger as you wish, and dump + restore the files from one disk to the other. Once everything is copied over, you can install the boot sector on the new drive with "fdisk -B -b /boot/mbr" NOTE: Replace /boot/mbr with the path of the new hard disk! For example, /mnt/boot/mbr if you mounted the new disk under /mnt. After this is done, you can set the jumpers on the new drive to match the position of the old one (master, for example) and simply swap it out. Reboot, and enjoy. Marco Radzinschi E-Mail: [EMAIL PROTECTED] On Sat, 9 Nov 2002, Mike Loiterman wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > My current 2GB HD is reaching maximum capacity, is fairly old and > probably about to die. What is the best way to go about replacing > the drive? > > Few points to keep in mind: > 1. The system cannot deal with HD drives over, I believe, 8 gigs. > 2. I suppose it goes without saying, but I'll say it anyway: its > critical to maintain the existing data! The machine is my web, mail, > ssh, vpn, and ftp server. Needles to say I do a full backup every > night. > > Ideally I'd like to buy new drive and do a "ghost" of the old drive > onto the new drive. If you're not familiar with the term "ghost" -- > in the Windows world there is a piece of software the allows you to > do a bit for bit copy of one drive to another and accordingly its > called Norton Ghost. > > Would doing a full restore from my backup be equivalent to this? If > so, how do I preserve the partition structure and how do I actually > perform the task? Do I boot using the old HD, do the restore onto > the new drive, shutdown, unhook the old drive and reboot? How do I > know the data is unaltered and is an exact copy? > > My last question -- How can I get the system to recognize larger hard > drives? I have been successful getting older systems to recognize > large drives using utilities such as MaxBlaster from Maxtor, but that > was using Windows. Are there similar utilities for FreeBSD? > > I tried adding a 10 gig drive the system in question but the system > refused to boot with that drive in any place on the IDE chain. I was > also unsuccessful in using the MaxBlaster to enable the drive for use > on the system. Maybe I was doing something wrong? > > Thanks in advance. > > ... > Randomly Generated Quote: > 'A government that is big enough to > give you all you want is big enough to > take it all away.' -- Barry Goldwater > > Mike Loiterman > PGP Key 0xD1B9D18E > http://www.ascendency.net > > > -BEGIN PGP SIGNATURE- > Version: PGP 7.0.4 > Comment: Message digitally signed by Mike Loiterman > > iQA/AwUBPczK9WjZbUnRudGOEQI5cwCgtUceNvjBESBz1WE2Oh0U1oKy+TEAnj5q > P00iJZZ6WyVf1EvckZlcWr8v > =gRXu > -END PGP SIGNATURE- > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: FreeBSD filesystem 1TB Limit
Pity I didn't know about this before I built two 1200 MB arrays. Linux and FreeBSD both died past 1 TB, so I had to make the array smaller. I have used NetBSD before, so this would not have been a problem. I should have done my homework. :-) Marco Radzinschi E-Mail: [EMAIL PROTECTED] On Tue, 5 Nov 2002, Walter wrote: > This is no doubt heresy coming from a newbie especially, > but I was reading that NetBSD can support at least up to > 4TB: >http://www.netbsd.org/Misc/features.html#large-filesystems > > Walter > > Lowell Gilbert wrote: > > > "Joseph Gleason" <[EMAIL PROTECTED]> writes: > > > > > IIRC There was a 1TB limit on the size of any filesystem (or actually of any > > > block device) in FreeBSD based the kernel internaly using a 512 byte block > > > size and having a max of 2^31 blocks. (512*2^31 = 2^40 = 1TB) > > > > > > Do I remember correctly? > > > > Close, but not quite. The kernel doesn't deal with blocks internally, > > and the block size used by the filesystem is 16k by default. > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: FreeBSD filesystem 1TB Limit
I was unable to get past 1 TB on 4.6.2-Release on i386. Marco Radzinschi E-Mail: [EMAIL PROTECTED] On Mon, 4 Nov 2002, Joseph Gleason wrote: > IIRC There was a 1TB limit on the size of any filesystem (or actually of any > block device) in FreeBSD based the kernel internaly using a 512 byte block > size and having a max of 2^31 blocks. (512*2^31 = 2^40 = 1TB) > > Do I remember correctly? > > Is this still the case? > > A client wants to build a system with over 1TB on a single filesystem and I > need to see if FreeBSD can support it. > > Thanks for your time. > > --Joe Gleason > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Resolving hostname takes too long
I am not certain why resolving external names from that machine go slow, but the reason ssh and ftp connections to that machine may be taking a while to establish is that it does a reverse dns lookup (address resolution) on the clients connecting to it. You can speed this up by allowing dynamic DNS updates on your internal DNS server and setting up your DHCP server to perform the updates as it hands out IP addresses. man dhcpd man named man named.conf man dhcpd.conf Marco Radzinschi E-Mail: [EMAIL PROTECTED] AOL IM: CrackedBoy "Whoever fights monsters should see to it that in the process he does not become a monster. And when you look long into an abyss, the abyss also looks into you." -- Friedrich Nietzsche (Beyond Good and Evil) On Mon, 21 Oct 2002, Ihsan Junaidi Ibrahim wrote: > Hello all, > > I have quite a niggling problem with my box. It takes too long to resolve > hostname; ranges between 15 to 30 secs. My box serves as a gateway and ipfw > machine. Other machines on this network that connects to this machine don't > exhibit this particular problem, resolving hostname is pretty quick. > > I've tried many things; amongst them putting an open firewall just to see if > ipfw has anything to do with it; resolving still takes too much time. This > machine also serves as a private name server but I doubt that would get in > the way as I've disabled the private name server in resolv.conf; only > pointing to my ISP name servers. > > I have another problem which I think is related. Establishing SSH and FTP > sessions (the only traffics I tested) from another machine to this machine > slow down to a crawl. Only after the establishments did everything ie: > transferring files is running smooth. Before this everything is fast, > connecting to my private FTP is blazingly fast, I did't even have the time to > read the displayed log. Now when I'm doing it I can read and speak out loudly > every single word while they are displaying. Even connecting to my ISP FTP > server is quicker. Connecting is just too slow for convenience sake. Ditto > SSH. > > I implement DHCP in addition to the name server which use UDP traffic *which* > I think, after reading the pertinent man pages, *may* have something to do > with UDP timeout or something like that. To change this default attribute, > I'd have to edit a kernel variable through sysctl. How do I know the right > variable? > > I'm really at a loss over this. This box serve as my main desktop machine, no > longer using Windows and hope to become a convert. > __ > Do You Yahoo!? > Sign up for SBC Yahoo! Dial - First Month Free > http://sbc.yahoo.com > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: multiple_file_downloading
Use ncftp (in the ports) to download an entire directory. You can use the -R switch with get, as in "get -R " to fetch a directory and everything in it. If you want to download it from Windows, you can use an ftp client like WS_FTP, which can be found on www.download.com. Marco Radzinschi E-Mail: [EMAIL PROTECTED] AOL IM: CrackedBoy "Whoever fights monsters should see to it that in the process he does not become a monster. And when you look long into an abyss, the abyss also looks into you." -- Friedrich Nietzsche (Beyond Good and Evil) On Tue, 15 Oct 2002, harsha godavari wrote: > I would like to try and install FreeBSD 2.11 on a i386 with 4MB RAM. > FreeBSD 2.11 is available from ftp://moe.2bsd.com/pub/2.11BSD. > > Unfortunatly, there are several hundred small files in this directory.At > present I am using Netscape and shift_clicking on each name is slow and > painful :-) . > > unfortunately I am unfamiliar with FTP :-( Can I use FTP to download > an entire directory (several hundred files[small]). There seem to be > several FTP programs. Any recommendations of a simple to use > ftp-program. Thanks. > > Regards > Harsha Godavari > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: internet news question
I use tin. It is in the ports collection. Marco Radzinschi E-Mail: [EMAIL PROTECTED] AOL IM: CrackedBoy "Whoever fights monsters should see to it that in the process he does not become a monster. And when you look long into an abyss, the abyss also looks into you." -- Friedrich Nietzsche (Beyond Good and Evil) On Mon, 22 Jul 2002, AZN Unix wrote: > i can't find a program for internet news, do you guys know a web site that > distributes unix programs or freebsd programs or just a free internet news > program? > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Backup Exec Agent?
Just posting this for posterity, for the next guy searching the google usenet archives. Matthew's instructions worked perfectly the first time and I was able to do a backup and restore without any trouble. Thank you, Marco Radzinschi [EMAIL PROTECTED] On Tue, 9 Jul 2002, Matthew Bettinger wrote: > On Monday 08 July 2002 08:46 pm, Marco Radzinschi wrote: > > Hello: > > > > Is anyone successfully running the Backup Exec agent for unix on > > FreeBSD? > > > > I have to build a file server for work tomorrow and I have been given the > > go-ahead to use FreeBSD, so long as I can get the backup exec agent to > > run. > > > > The backup server runs Veritas backup-exec 8.5 on Netware. > > I am running the backupexec client on freebsd machines here at work. The > veritas server is running on an old novell machine. > > you need to do the following: > > edit /etc/rc.conf and insert the line > linux_enable="YES" > > tar xvf the backupexec unix agent file > > create the directory /usr/local/bkupexec > > we are going to use agent.linux. > > copy agent.cfg agent.cfg.bak agent.linux from the newly untarred > bkupexec directory (or whatever it untars too I forgot) .. copy these files > to the /usr/local/bkupexec directory you created. > > Edit /usr/local/bkupexec/agent.cfg > > here is a sample of a working agent.cfg > > name tester > password blahblah > export /general as GENERAL include_remote > export /depot as DEPOT include_remote > export /Drawings as DRAWINGS include_remote > export /bob_home as BOB_HOME include_remote > export /brad_home as BRAD_HOME include_remote > export /michel_home as MICHEL_HOME include_remote > exclude_dir /proc > tell 201.201.2.9 > tell 201.201.2.14 > tell_interval 30 > follow_symdirs > exclude_dir /proc > > The first line is the name of the machine. > the exported directories are directories on the tester machine which will show > up in the veritas server under Unix Agents. Don't forget to put > include_remote to include the subdirectories. > > tell 201.201.2.9 and tell 201.201.2.14 is letting the veritas servers be > aware of us. > > Edit /etc/services and add the following > > grfs 6101/tcp#backup exec > > Edit /etc/rc.local > > #!/bin/sh > /usr/local/bkupexec/agent.linux -c /usr/local/bkupexec/agent.cfg > /dev/null > > > You'll have to enter root/blahblah from the veritas server. > > Good Luck! > > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
