Re: Question about torrents via console

2008-06-11 Thread Norman Maurer
rtorrent should work for you

bye
Norman

2008/6/11 Steve Lake <[EMAIL PROTECTED]>:

>Hi all.  Ok, I'm curious of something.  I've done torrents before
> via the graphical interface before, but I want to setup a way to download
> isos and various FOSS apps via bittorrent, but I want to do it via the
> console so I can start a torrent in screen and then walk away, allowing my
> server to finish the work without having to leave my main workstation
> running to do the work like I normally do.  I'm using bittornado right now,
> and if there's a way to do this, I'd love to know how.
>
>
> Steven Lake
> Owner/Technical Writer
> Raiden's Realm
> www.raiden.net
> Bringing Linux and BSD to the World
>
>
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> [EMAIL PROTECTED]"
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: zfs list and non-root user

2008-05-29 Thread Norman Maurer
Hi,

even if the zfs module is loaded I get the error message:

[EMAIL PROTECTED] ~]$ kldstat | grep zfs
 71 0xfcc1c000 80ee8zfs.ko
[EMAIL PROTECTED] ~]$ zfs list
internal error: failed to initialize ZFS library


Anyway thx for the info.. At least now I know why it "should" not work ;-)

bye
Norman



2008/5/29 Pawel Jakub Dawidek <[EMAIL PROTECTED]>:
> On Fri, Apr 11, 2008 at 01:41:28PM -0500, Mark Kane wrote:
>> On Fri, Apr 11, 2008, at 15:13:16 +0200, Norman Maurer wrote:
>> > Hi all,
>> >
>> > is it normal that I can't do a 'zfs list' ( for example ) as non-root
>> > user ?
>> >
>> > $ zfs list
>> > internal error: failed to initialize ZFS library
>> >
>> > I think there is really a use case for use some zfs commands as
>> > non-root user..
>> >
>> > Thx
>> > Norman
>>
>> Hi.
>>
>> One way to do this as a non-root user is to add the account to the
>> "operator" group. This is what I do on my personal desktop machine
>> and it has worked fine, but I understand that may not be best in all
>> cases.
>>
>> You might also try changing the permissions on /dev/zfs. I don't do
>> this method and I'm not sure if it's a proper way, but from trying it
>> very briefly it seems to work correctly with the user not in the
>> "operator" group.
>
> In Solaris anyone can open /dev/zfs and the kernel side of ZFS decides
> if the user has permission to perform some action or not. In FreeBSD we
> try to be more careful for now, but it will change soon, once we import
> delegated administration functionality.
>
> Although... The error above (failed to initialize ZFS library) most
> likely means that zfs.ko module wasn't loaded. zfs(8) tries to do that
> automatically, but of course it will only succeed if we are root. In
> this case zfs.ko has to be manually loaded by root and then members of
> operator group can use zfs(8) command.
>
> --
> Pawel Jakub Dawidek   http://www.wheel.pl
> [EMAIL PROTECTED]   http://www.FreeBSD.org
> FreeBSD committer Am I Evil? Yes, I Am!
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: FreeBSD crashed

2008-05-25 Thread Norman Maurer
Just type "?" to get the possible values. If this not help use the
livefs cd to start a shell and mount the disk.

Cheers,
Norman

2008/5/25 gahn <[EMAIL PROTECTED]>:
> Hello all:
>
> My FreeBSD crashed. It boots fine but can't mount root directory. Here is the 
> message:
>
> /
> ...
> 
> Trying to mount root from ufs:/dev/ad0s2a
>
> Manual root filesystem specification:
> : Mount  using filesystem 
> eg. ufs:da0s1a
> ?  List valid disk boot devices
>  Abort manual input
>
> mountroot>
>
> ///
>
>
> Could any gurus here help me out this? I just want to save the files in the 
> home directory so that I can rebuild the system.
>
> Regards
>
> Dave
>
>
>
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Fwd: Question about a recent installation

2008-05-07 Thread Norman Maurer
-- Forwarded message --
From: Norman Maurer <[EMAIL PROTECTED]>
Date: 2008/5/7
Subject: Re: Question about a recent installation
To: Mario Vazquez <[EMAIL PROTECTED]>


2008/5/6 Mario Vazquez <[EMAIL PROTECTED]>:

>
 >  On May 5, 2008, at 6:17 PM, doug wrote:
 >
 >
 > > To give limited priviledges I think sudo (as in linux??) would be
 >  > used.
 >
 >
 > I concur that sudo is really a very good way of managing privileges.
 >  I don't even know the root passwords on the systems that I administer
 >  (OK, I do have them stored in a nice secured place if I ever do need
 >  them).
 >
 >  Cheers,
 >
 >  -j
 >
 >
 >  --
 >
 >  In fact, I use sudo for managing too.  My question is not about
sudo itself, it's about the possible risks (if any) of having a
default installation (FreeBSD7-RELEASE) which assigns ownership of the
root folder to root:wheel, thus allowing anyone with wheel privileges
be able to see (and copy btw) root folder contents.
 >

 I still not get the point.. If the files are create the default is a
 umask of 022 anway. So if you want to protect your files in the root
 folder to get accessed, use umask 066 and maybe chmod 700 /root.

 Cheers
 Norman
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: simple network traffic query tool

2008-04-24 Thread Norman Maurer
2008/4/24 AngryWolf <[EMAIL PROTECTED]>:

> Hi,
>
> Perhaps try 'bmon'. It doesn't support displaying peak values though, but
> simple enough.
>
> --
> AngryWolf
> [EMAIL PROTECTED]
>
> On Thursday 24 April 2008 20.10.40 Tobias Kirschstein wrote:
> > unfortunately the network monitor build into superkaramba does not work
> > for freebsd, os i want to write a widget which uses sysctl or any other
> > tool if available got get this information. systat is not appropriate
> > to be used because it does not terminate on its own as i see.
>
>
nload should do the job ...

Cheers,
Norman
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: FreeBSD7 + pf + ipsec

2008-04-16 Thread Norman Maurer
Am Mittwoch, den 16.04.2008, 12:02 +0300 schrieb Roman Otsaljuk:
> hi all.
> i have two localnets linked over ipsec:
> 
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html
> 
> network schema:
> 
> 192.168.0.0/24 <---> [192.168.0.12=freebsd=2.2.2.2]  <--inet-->
> [1.1.1.1=freebsd1=10.31.0.5] <>10.31.0.5/26
> 
> on both points was 6.2, firewall - pf.
> after updating to 7.0 vpn doesn't work:
>  0) pings go normal
>  0) tcp packets go too, but third packet with R flag:
>   from 192.168.0.12 try: ssh 10.31.0.42, on second console:
> mail# tcpdump -ni gif0
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on gif0, link-type NULL (BSD loopback), capture size 68 bytes
> 10:49:43.912469 IP 192.168.0.12.63996 > 10.31.0.42.22: S 
> 1756351354:1756351354(0) win 65535  51087105 0>
> 10:49:43.936245 IP 217.20.174.35 > 195.43.43.238: IP 10.31.0.42.22 > 
> 192.168.0.12.63996: S 4244314344:4244314344(0) ack 1756351355 win 65535  1460,[|tcp]> (ipip-proto-4)
> 10:49:43.936360 IP 192.168.0.12.63996 > 10.31.0.42.22: R 
> 1318200353:1318200353(0) win 0
> 
>  0) adding the first rule (pass quick all) on both - without changes;
>  0) downing pf: in localnet, in wich pf downed - all good.
> 
> 
> any ideas?
> 
> 
> p.s. the same if IPsec replaced by vpnd
> sorry my bad English

Freebsd 7.0 use the "new" ipsec implementation (IPSEC_FAST) so you need
to allow ipencap protocol too..

Cheers
Norman


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


zfs list and non-root user

2008-04-11 Thread Norman Maurer
Hi all,

is it normal that I can't do a 'zfs list' ( for example ) as non-root
user ? 

$ zfs list
internal error: failed to initialize ZFS library

I think there is really a use case for use some zfs commands as non-root
user..

Thx
Norman


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: ZFS-Pool is lost after reboot ( amd64 )

2008-04-11 Thread Norman Maurer
Am Donnerstag, den 10.04.2008, 22:50 +0200 schrieb Toni Schmidbauer:
> At Thu, 10 Apr 2008 21:22:42 +0200,
> Norman Maurer wrote:
> > All is fine till I reboot. The pool is just disappearing :-/
> 
> have you tried to import the pool?
> 
> zpool import x1
> 
> or just
> 
> zpool import
> 
> to list pools available to import.
> 
> maybe the pool isn't imported on boot, which should not happen, but
> who knows...
> 
> zfs should remember the import/export status of the pool, so if the
> pool is imported and you reboot, it should also get imported on the
> subsequent boot.
> 
> hth
> toni

Well thats not the case.. I think thats why it is called
experimental ;-)

If I run zpool import x1 it works. But as you say it should do it by its
own. Maybe it whould be the best to open a bugreport ?

Cheers,
Norman


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: ZFS-Pool is lost after reboot ( amd64 )

2008-04-10 Thread Norman Maurer
Am Donnerstag, den 10.04.2008, 20:07 + schrieb Christian Walther:
> On 10/04/2008, Norman Maurer <[EMAIL PROTECTED]> wrote:
> > Hi all,
> >
> [...]
> >  All is fine till I reboot. The pool is just disappearing :-/
> 
> Did you try to import the pool?
> 
> # zpool import x1

hmm this works, but shouldn't it work with run import manually after
reboot ? I just miss something ?

Cheers,
Norman


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


ZFS-Pool is lost after reboot ( amd64 )

2008-04-10 Thread Norman Maurer
Hi all,

we want to use ZFS ( raidz2 without spares ) for store big amount of
data on it. It's just a mirror so we don't give at damn if zfs is
experimental ;-)

I created some pool with the command:
# zpool create x1 raidz2 aacd0 aacd1 aacd2 aacd3 aacd4 aacd5

It shows up correctly:
# zpool status
  pool: x1
  state: ONLINE
  scrub: none requested
  config:

NAMESTATE READ WRITE CKSUM
x1  ONLINE   0 0 0
  raidz2ONLINE   0 0 0
aacd0   ONLINE   0 0 0
aacd1   ONLINE   0 0 0
aacd2   ONLINE   0 0 0
aacd3   ONLINE   0 0 0
aacd4   ONLINE   0 0 0
aacd5   ONLINE   0 0 0

errors: No known data errors

]# zpool list 
NAMESIZEUSED   AVAILCAP  HEALTH ALTROOT
x1  816G230K816G 0%  ONLINE -

All is fine till I reboot. The pool is just disappearing :-/
Here are the relevant config stuff:

# grep "zfs" /etc/rc.conf 
zfs_enable="YES"

# cat /boot/loader.conf 
geom_mirror_load="YES"
zfs_load="YES"
vm.kmem_size_max="512M"
vm.kmem_size="512M"
vfs.zfs.zil_disable=1


After reboot the module is loaded:

# kldstat | grep zfs
 21 0x80bc7000 f5a40zfs.ko

But the pool is loast:
# zpool list
no pools available


Some more infos about the system:
# uname -v
FreeBSD 7.0-RELEASE #0: Sun Feb 24 10:35:36 UTC 2008
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC 

Some parts of dmesg:

WARNING: ZFS is considered to be an experimental feature in FreeBSD.
Timecounters tick every 1.000 msec
hptrr: no controller detected.
aacd0:  on aac0
aacd0: 139890MB (286494720 sectors)
aacd1:  on aac0
aacd1: 139890MB (286494720 sectors)
aacd2:  on aac0
aacd2: 139890MB (286494720 sectors)
aacd3:  on aac0
aacd3: 139890MB (286494720 sectors)
aacd4:  on aac0
aacd4: 139890MB (286494720 sectors)
aacd5:  on aac0
aacd5: 139890MB (286494720 sectors)
aacd6:  on aac0
aacd6: 139890MB (286494720 sectors)
aacd7:  on aac0
aacd7: 139890MB (286494720 sectors)
ZFS filesystem version 6
ZFS storage pool version 6
GEOM_MIRROR: Device mirror/gm0 launched (2/2).
SMP: AP CPU #3 Launched!
SMP: AP CPU #2 Launched!
SMP: AP CPU #1 Launched!
SMP: AP CPU #4 Launched!
SMP: AP CPU #6 Launched!
SMP: AP CPU #7 Launched!


Cheers,
Norman




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


RE: Temperature Monitoring on PowerEdge 1950

2008-04-03 Thread Norman Maurer
Am Donnerstag, den 03.04.2008, 13:28 -0500 schrieb Andy Christianson:
> In response to "Andy Christianson" <[EMAIL PROTECTED]>:
> 
> >We've been able to do this using IPMI.
> 
> Thanks for the fast response. I have installed the ipmitool port, but I
> have no /dev/ipmi. Do I have to manually load the driver?
> 
You have to load the module. Add the following line
to /boot/loader.conf:
ipmi_load="YES"

If you want to load the module without reboot use:
kldload ipmi

Cheers,
Norman



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: FreeBSD 7.0 and pf

2008-03-19 Thread Norman Maurer

Am Mittwoch, den 19.03.2008, 16:18 +0530 schrieb Girish Venkatachalam:
> On 10:30:38 Mar 19, Norman Maurer wrote:
> > 
> > btw, if i remove pf all works fine :-/
> > 
> 
> 
> Are you using any scrub rule?
> 
> Comment those out and try.
> 
> -Girish
> 

I removed the "options IPSEC_FILTERTUNNEL" from kernel config,
recompiled , installed kernel and all seems to work fine again ..

Strange...

bye
Norman


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: FreeBSD 7.0 and pf

2008-03-19 Thread Norman Maurer

Am Mittwoch, den 19.03.2008, 09:40 +0100 schrieb Norman Maurer:
> Am Mittwoch, den 19.03.2008, 14:04 +0530 schrieb Girish Venkatachalam:
> > On 07:56:48 Mar 19, Norman Maurer wrote:
> > > Hi all,
> > > 
> > > im using freebsd 7.0  + gif interfaces + racoon + pf to filter stuff on
> > > my box. After upgrading to freebsd 7.0 I see some strange behavior. I
> > > see packets get dropped because of bad hdr length. The problems only
> > > seems to happen on traffic between the local nets and nets routed via
> > > ipsec. Here is a tcpdump snipped:
> > > 
> > > block in on em5: 192.168.175.4.1107 > 192.168.116.6.22:  tcp 544 [bad
> > > hdr length 12 - too short, < 20]
> > > 
> > > gif interface:
> > > gif5: flags=8051 metric 0 mtu 1402
> > > tunnel inet 213.157.17.67 --> 213.23.198.131
> > > inet 192.168.116.1 --> 192.168.175.1 netmask 0xff00 
> > > 
> > > 
> > > Any help is welcome.
> > 
> > A TCP header can never be less than 20 bytes.
> > 
> > And 12 is odd since all headers are a multiple of 4 bytes (word
> > boundary).
> > 
> > Check your MTU of the PPPoE/PPPoA/Ethernet/WiFi or whatever datalink
> > layer. I bet there is a problem there.
> > 
> > Best,
> > Girish
> > 
> Maybe the problem is the mtu of the gif interface ( 1402 ) ?
> I have a 4 mbit broadband connection ( no dsl ).
> 
> bye
> Norman

btw, if i remove pf all works fine :-/

Cheers,
Norman


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: FreeBSD 7.0 and pf

2008-03-19 Thread Norman Maurer

Am Mittwoch, den 19.03.2008, 14:04 +0530 schrieb Girish Venkatachalam:
> On 07:56:48 Mar 19, Norman Maurer wrote:
> > Hi all,
> > 
> > im using freebsd 7.0  + gif interfaces + racoon + pf to filter stuff on
> > my box. After upgrading to freebsd 7.0 I see some strange behavior. I
> > see packets get dropped because of bad hdr length. The problems only
> > seems to happen on traffic between the local nets and nets routed via
> > ipsec. Here is a tcpdump snipped:
> > 
> > block in on em5: 192.168.175.4.1107 > 192.168.116.6.22:  tcp 544 [bad
> > hdr length 12 - too short, < 20]
> > 
> > gif interface:
> > gif5: flags=8051 metric 0 mtu 1402
> > tunnel inet 213.157.17.67 --> 213.23.198.131
> > inet 192.168.116.1 --> 192.168.175.1 netmask 0xff00 
> > 
> > 
> > Any help is welcome.
> 
> A TCP header can never be less than 20 bytes.
> 
> And 12 is odd since all headers are a multiple of 4 bytes (word
> boundary).
> 
> Check your MTU of the PPPoE/PPPoA/Ethernet/WiFi or whatever datalink
> layer. I bet there is a problem there.
> 
> Best,
> Girish
> 
Maybe the problem is the mtu of the gif interface ( 1402 ) ?
I have a 4 mbit broadband connection ( no dsl ).

bye
Norman


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


FreeBSD 7.0 and pf

2008-03-18 Thread Norman Maurer
Hi all,

im using freebsd 7.0  + gif interfaces + racoon + pf to filter stuff on
my box. After upgrading to freebsd 7.0 I see some strange behavior. I
see packets get dropped because of bad hdr length. The problems only
seems to happen on traffic between the local nets and nets routed via
ipsec. Here is a tcpdump snipped:

block in on em5: 192.168.175.4.1107 > 192.168.116.6.22:  tcp 544 [bad
hdr length 12 - too short, < 20]

gif interface:
gif5: flags=8051 metric 0 mtu 1402
tunnel inet 213.157.17.67 --> 213.23.198.131
inet 192.168.116.1 --> 192.168.175.1 netmask 0xff00 


Any help is welcome.

Thx
Norman



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: pf.conf -> diagramm

2008-03-12 Thread Norman Maurer

Am Mittwoch, den 12.03.2008, 10:41 +0100 schrieb Arek Czereszewski:
> Norman Maurer pisze:
> > Hi all,
> > 
> > anyone knows some tool to generate some diagramm from a pf.conf ?
> > 
> > I whould like to generate some diagramm from my pf.conf every day to add
> > to the docs..
> > 
> You can use pfstat
> 
> Port:   pfstat-2.2_3
> Path:   /usr/ports/sysutils/pfstat
> Info:   Utility to render graphical statistics for pf
> 
> Regards
> Arek

Hi I need something which displays me the rules in a diagramm :-/

Thx
Norman


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


pf.conf -> diagramm

2008-03-12 Thread Norman Maurer
Hi all,

anyone knows some tool to generate some diagramm from a pf.conf ?

I whould like to generate some diagramm from my pf.conf every day to add
to the docs..

Thx
Norman


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: kernel error when upgrading to 7.0

2008-03-10 Thread Norman Maurer
Hi,

you have to exec "make installworld" before exec "make installkernel"
..

bye
Norman

Am Montag, den 10.03.2008, 21:11 -0400 schrieb Dave:
> Hello,
> I've got a 6.2 or 3 box that i'm wanting to update to 7.0. I've cvsupped 
> my source, made world, and built a kernel, all went successfully. This is 
> the GENERIC kernel. When i do a make installkernel i am getting the error
> 
> kldxref: file isn't dynamically linked
> 
> Is this a show stopping error/ if so is there a workaround?
> Thanks.
> Dave.
> 
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: strange issue with carp interface aliases

2008-03-07 Thread Norman Maurer

Am Freitag, den 07.03.2008, 18:45 +0100 schrieb Wouter de Jong:
> Hi,
> 
> We have 2 FreeBSD machines running as a firewall in a CARP+pf+pfsync setup.
> Worked great, however . today I noticed something weird.
> 
> I had to reboot the master machine, and when it came back ...
> one of the CARP addresses no longer worked.
> 
> Looking in the logs, I got carp4: incorrect hash
> 
> And looking at the carp interface  both machines were running MASTER for 
> this interface.
> 
> Looking closer, I noticed my primary machine had this configuration :
> 
> carp4: flags=49 metric 0 mtu 1500
> inet 213.206.xx.62 netmask 0xfff0
> inet 213.206.xx.49 netmask 0xfff0
> carp: MASTER vhid 4 advbase 1 advskew 100
> 
> and my secondary :
> 
> carp4: flags=49 metric 0 mtu 1500
> inet 213.206.xx.49 netmask 0xfff0
> inet 213.206.xx.62 netmask 0xfff0
> carp: MASTER vhid 4 advbase 1 advskew 100
> 
> It swapped the carp alias alias (213.206.xx.62) to be the first address on 
> the interface.
> This was the only interface it happened.
> 
> The config :
> 
> primary:
> ##
> defaultrouter="213.206.yy.193"
> hostname="fw01.xxx.yyy"
> 
> cloned_interfaces="carp0 carp1 carp2 carp3 carp4 carp5 carp6 carp7 carp8 
> carp9 carp10 carp11 carp12 carp13 carp14 carp15 carp16 carp17 carp18 carp19 
> carp20 carp21 carp22 carp23 carp24 carp25 carp26 carp27 carp28"
> 
> ifconfig_bge0="inet 213.206.yy.194  netmask 255.255.255.240"
> ifconfig_bge1="inet 213.206.xx.2  netmask 255.255.255.240"
> ifconfig_bge1_alias0="inet 213.206.xx.18  netmask 255.255.255.240"
> ifconfig_bge1_alias1="inet 213.206.xx.34  netmask 255.255.255.240"
> ifconfig_bge1_alias2="inet 213.206.xx.50  netmask 255.255.255.240"
> ifconfig_bge1_alias3="inet 213.206.xx.66  netmask 255.255.255.240"
> ifconfig_bge1_alias4="inet 213.206.xx.82  netmask 255.255.255.240"
> 
> ifconfig_carp0="vhid 255 pass blubVIP0255 213.206.yy.206/28"
> ifconfig_carp1="vhid 1 pass blubVIP0001 213.206.xx.1/28"
> ifconfig_carp2="vhid 2 pass blubVIP0002 213.206.xx.17/28"
> ifconfig_carp2_alias0="vhid 2 pass blubVIP0002 213.206.xx.30/28"
> ifconfig_carp3="vhid 3 pass blubVIP0003 213.206.xx.33/28"
> ifconfig_carp4="vhid 4 pass blubVIP0004 213.206.xx.49/28"
> ifconfig_carp4_alias0="vhid 4 pass blubVIP0004 213.206.xx.62/28"
> ifconfig_carp5="vhid 5 pass blubVIP0005 213.206.xx.65/28"
> ifconfig_carp6="vhid 6 pass blubVIP0006 213.206.xx.81/28"
> ##
> 
> secondary:
> ##
> defaultrouter="213.206.yy.193"
> hostname="fw02.xxx.yyy"
> 
> cloned_interfaces="carp0 carp1 carp2 carp3 carp4 carp5 carp6 carp7 carp8 
> carp9 carp10 carp11 carp12 carp13 carp14 carp15 carp16 carp17 carp18 carp19 
> carp20 carp21 carp22 carp23 carp24 carp25 carp26 carp27 carp28"
> 
> ifconfig_bge0="inet 213.206.yy.195  netmask 255.255.255.240"
> ifconfig_bge1="inet 213.206.xx.3  netmask 255.255.255.240"
> ifconfig_bge1_alias0="inet 213.206.xx.19  netmask 255.255.255.240"
> ifconfig_bge1_alias1="inet 213.206.xx.35  netmask 255.255.255.240"
> ifconfig_bge1_alias2="inet 213.206.xx.51  netmask 255.255.255.240"
> ifconfig_bge1_alias3="inet 213.206.xx.67  netmask 255.255.255.240"
> ifconfig_bge1_alias4="inet 213.206.xx.83  netmask 255.255.255.240"
> 
> ifconfig_carp0="vhid 255 advskew 100 pass blubVIP0255 213.206.yy.206/28"
> ifconfig_carp1="vhid 1 advskew 100 pass blubVIP0001 213.206.xx.1/28"
> ifconfig_carp2="vhid 2 advskew 100 pass blubVIP0002 213.206.xx.17/28"
> ifconfig_carp2_alias0="vhid 2 advskew 100 pass blubVIP0002 213.206.xx.30/28"
> ifconfig_carp3="vhid 3 advskew 100 pass blubVIP0003 213.206.xx.33/28"
> ifconfig_carp4="vhid 4 advskew 100 pass blubVIP0004 213.206.xx.49/28"
> ifconfig_carp4_alias0="vhid 4 advskew 100 pass blubVIP0004 213.206.xx.62/28"
> ifconfig_carp5="vhid 5 advskew 100 pass blubVIP0005 213.206.xx.65/28"
> ifconfig_carp6="vhid 6 advskew 100 pass blubVIP0006 213.206.xx.81/28"
> ##
> 
> After rebooting the secondary, it still gave me incorrect hash.
> But, it gave me the same thing on carp2 now. ... however, here the secondary 
> had the carp2_alias0 listed as first,
> where as the primary had the carp2 as first, and the carp2_alias0 as second 
> address.
> 
> How can this ever happen ?
> 
> Now I'm redundant  but I must pray that the addresses will come up in 
> the same order.
> 
> Never had this issue on FreeBSD 6.x(p*)-RELEASE, but now I'm running FreeBSD 
> 7.0-RELEASE.
> 
> Help ! :)
> 
> 
> Kind regards,
> 
> Wouter de Jong
> The Netherlands 

Same happend to me :-/ But with 6.3-p* and 7.0 ... No idea yet.

Any help is welcome :-)

Thx
Norman

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Is there a Relay proxy port can do this?

2008-03-04 Thread Norman Maurer
Hi,

maybe mod_proxy can help you ( apache module ) or rinetd.

Cheers
Norman

Am Dienstag, den 04.03.2008, 01:49 -0800 schrieb Abdullah Ibn Hamad
Al-Marri:
> Hello Network Gurus,
>  
> I have Adobe Flex 2 application which hosts the flash applet on apache 2.2.8, 
> then flash applet will connect to port 28001 but users who are behind 
> firewalls and proxies which only allow connections to port 80.
> 
> So I need a daemon to work around this problem and allow these users to 
> connect to my application.
> 
> Is there a port can do this?
> 
> 
> Regards,
> 
> -Abdullah Ibn Hamad Al-Marri
> Arab Portal
> http://www.WeArab.Net/
> 
> 
> 
> 
> 
>   
> 
> Never miss a thing.  Make Yahoo your home page. 
> http://www.yahoo.com/r/hs
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Kernel compilation error for 7.0 ( with IPSEC )

2008-03-03 Thread Norman Maurer
Be sure to have this stuff in kernel config file:

options IPSEC
options IPSEC_FILTERTUNNEL
device crypto


Cheers
Norman

Am Montag, den 03.03.2008, 15:15 +0300 schrieb Leonid Satanovsky:
> Hi, people!
> I've just "CvsUP"ed the "src-all" collection for "RELENG_7_0"
> [This is a 7.0-RELEASE, as I understand, am I correct? ]
> 
> trying to compile the source with IPSEC reselts in the following:
> ---   
> <...>
> 
> xform_ipcomp.o(.text+0xcac):/usr/src/sys/netipsec/xform_ipcomp.c:570: 
> undefined reference to `M_XDATA'
> xform_ipcomp.o(.text+0xcbc):/usr/src/sys/netipsec/xform_ipcomp.c:571: 
> undefined reference to `crypto_freereq'
> xform_ipcomp.o(.text+0xda6):/usr/src/sys/netipsec/xform_ipcomp.c:584: 
> undefined reference to `M_XDATA'
> xform_ipcomp.o(.text+0xdb6):/usr/src/sys/netipsec/xform_ipcomp.c:585: 
> undefined reference to `crypto_freereq'
> *** Error code 1
> 
> Stop in /usr/obj/usr/src/sys/TKLGW_7.
> *** Error code 1
> 
> Stop in /usr/src.
> *** Error code 1
> 
> Stop in /usr/src.
> 
> --
> The question: what may be wrong with that?
> 
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Using ZFS on FreeBSD 7.0

2008-02-27 Thread Norman Maurer

Am Donnerstag, den 28.02.2008, 07:52 +0100 schrieb Wojciech Puchar:
> > On Wed, Feb 27, 2008 at 4:13 PM, Wojciech Puchar
> > <[EMAIL PROTECTED]> wrote:
> >>> will replace all other FS's -ya all others!!!
> >>  how sure you are?
> > I would second this.  Just as a "fun" test, setup a test machine with
> > hotswap drives in a RAID 10 zfspool.  Add a hot spare for good
> 
> ZFS looks for me like windows - it solves some problems (2/3 of them 
> imaginary) creating more others. UFS was just too good  :)
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"

ZFS kicks ass but I whould stay with solaris for using it under
production... 

bye
Norman


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: CARP and FreeBSD 6.3

2008-02-19 Thread Norman Maurer

Am Donnerstag, den 24.01.2008, 22:45 -0800 schrieb shinny knight:
> Rakhesh Sasidharan <[EMAIL PROTECTED]> wrote: 
> > Hi,
> >
> > I have two machines. Each have two interfaces, xl0 and fxp0. And each have 
> > two carp interfaces -- carp1 (xl0 of both) and carp2 (fxp0 of both). One of 
> > the machines is master, the other is backup.
> >
> > I also have the following sysctl set: net.inet.carp.preempt -> 1
> >
> > My understanding is that if I down one of the interfaces on the master 
> > machine (say ''ifconfig xl0 down''), then both carp interfaces on the 
> > master 
> > will be marked as down. And the backup will become the new master. Later, 
> > when the interface is marked up (''ifconfig xl0 up''), the old master will 
> > resume control. This is my understanding and that's how things were till 
> > yesterday (when I was on FreeBSD 6.2/i386 with both machines).
> >
> > Today morning I upgraded both machines to FreeBSD 6.3 and that does not 
> > seem 
> > to be the case any more.
> >
> > Now, on the master machine when I down the xl0 interface, only carp1 (the 
> > group containing xl0) goes into init state (and the other machine's carp1 
> > interface becomes the new master). Ditto for fxp0 and carp2. So in essence, 
> > the net.inet.carp.preempt=1 sysctl does not seem to be working as expected 
> > which is unlike how things were in FreeBSD 6.2.
> >
> > Has something changed with regards to carp between FreeBSD 6.2 and 6.3? Any 
> > one else encountering a similar problem?
> 
> I happened to reboot the machines now while sitting at the console. And I 
> noticed that the master machine emits an error like ''carp2: incorrect 
> hash'' while booting up. Checking the console logs showed me that the 
> errors have been appearing ever since I upgraded the machine. Most of the 
> times it was to do with carp2, once it was to do with carp1.
> 
> Here's the relevant bits of my rc.conf file from the master machine.
> 
> ---8<--
> ifconfig_fxp0="inet 192.168.10.10 netmask 255.255.255.0 polling"
> ifconfig_fxp0_alias0="inet 192.168.10.11 netmask 255.255.255.255"
> 
> ifconfig_xl0="inet 192.168.20.20 netmask 255.255.255.0 polling"
> 
> cloned_interfaces="carp1 carp2"
> ifconfig_carp1="vhid 1 pass password advskew 0 192.168.10.2 netmask 
> 255.255.255.0"
> ifconfig_carp2_alias0="vhid 2 pass password advskew 0 192.168.20.1 netmask 
> 255.255.255.0"
> ifconfig_carp2_alias1="vhid 2 pass password advskew 0 192.168.20.2 netmask 
> 255.255.255.0"
> ---8<--
> 
> Its the same on the backup machine, except for the different IPs for fxp0 
> and xl0.
> 
> Thanks,
> Rakhesh
> 
> ---
> http://rakhesh.net/
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
> Hello Rakhesh,
> 
> I never had hash errors on startup for CARP, but for demote, promote you 
> should try /usr/ports/net/ifstated. It's working fine for me.
> 
> 
> 
> Best Regards,
> Catalin

Any news on this ? I see the same problem on our freebsd + pf + carp
installation...

Cheers,
Norman 

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: 32 bit and 64 bit freebsd binary compatiblty

2008-02-18 Thread Norman Maurer

Am Montag, den 18.02.2008, 20:42 +0530 schrieb navneet Upadhyay:
> it and 64 bit RHEL.
> 
> We are porting the product to FreeBSD and when we tried the same,
> i.erunning binaries compiled on 32 bit FreeBSD
> 6.2 on 64 bit FreeBSD system they produce *core dump.*
> 
> 
> Any known reasons, do we have to compile binaries on 64 bit machine.
> 
> Thanks,

Do you have the lib32's installed ?

bye
Norman


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: LDAP user authentication?

2008-02-15 Thread Norman Maurer

Am Freitag, den 15.02.2008, 09:45 +0700 schrieb Olivier Nicole:
> Hi,
> 
> >  >I have googled for a very long time, but I haven't found any useful
> >  > howto on this issue. Well, there is
> >  > 
> > http://www.cultdeadsheep.org/FreeBSD/docs/Quick_and_dirty_FreeBSD_5_x_and_nss_ldap_mini-HOWTO.html
> >  > but that seems to be a bit confusing an not up-to-date. I guess it
> >  > _should_ be possible - and indeed very useful (especially combinde
> >  > with Samba PDC and an easily maintainlable mail server). So please, if
> 
> I read through the link you gave. My first impression is:
> 
> - pam-ldap is used for authentication: allow the user to login to the
>   machine
> 
> - nss-ldap is used by the system when it needs to resolve things like
>   gid<->group name, user home directory, etc.
> 
> I will give it a try soon.
> 
> Though I am looking one step ahead, how to allow a user to
> authenticate to this machine and not that machine, using the same ldap
> directory.
> 
> Bests,
> 
> Olivier
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"

You can use the pam_filter option for this..

bye
Norman 

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: FreeBSD 6.3 racoon cpu 99,9% after some time workin

2008-01-29 Thread Norman Maurer

Am Dienstag, den 29.01.2008, 10:24 +0100 schrieb Norman Maurer:
> Am Dienstag, den 29.01.2008, 00:04 -0800 schrieb Christopher Cowart:
> > On Tue, Jan 29, 2008 at 08:46:18AM +0100, Norman Maurer wrote:
> > > I have some strange problem.. After racoon works some hours it seems to
> > > "freeze" and get a cpu usage of 99,9%. The vpns don't work anymore too..
> > > Any idea ?
> > 
> > By any chance do you have a large number of tunnels? We went so far as
> > to write a daemon to watch racoon and restart it automatically. We
> > finally ended up bumping up buffer sizes in the ipsec-tools sources and
> > sysctl.
> > 
> > See this thread from -net:
> > http://lists.freebsd.org/pipermail/freebsd-net/2007-August/015046.html
> > 
> 
> We have about 15 tunnels.. Can you please show me the changes you did
> ( maybe a diff ) and the shell script ?
> 
> Thx
> Norman

btw, can you show me your relevant sysctl settings ?

sysctl -a net.key

Thx
Norman

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: FreeBSD 6.3 racoon cpu 99,9% after some time workin

2008-01-29 Thread Norman Maurer

Am Dienstag, den 29.01.2008, 00:04 -0800 schrieb Christopher Cowart:
> On Tue, Jan 29, 2008 at 08:46:18AM +0100, Norman Maurer wrote:
> > I have some strange problem.. After racoon works some hours it seems to
> > "freeze" and get a cpu usage of 99,9%. The vpns don't work anymore too..
> > Any idea ?
> 
> By any chance do you have a large number of tunnels? We went so far as
> to write a daemon to watch racoon and restart it automatically. We
> finally ended up bumping up buffer sizes in the ipsec-tools sources and
> sysctl.
> 
> See this thread from -net:
> http://lists.freebsd.org/pipermail/freebsd-net/2007-August/015046.html
> 

We have about 15 tunnels.. Can you please show me the changes you did
( maybe a diff ) and the shell script ?

Thx
Norman


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


FreeBSD 6.3 racoon cpu 99,9% after some time workin

2008-01-28 Thread Norman Maurer
Hi all,

I have some strange problem.. After racoon works some hours it seems to
"freeze" and get a cpu usage of 99,9%. The vpns don't work anymore too..
Any idea ?

bye
Norman


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: passive ftp transfer with pkg_add

2008-01-27 Thread Norman Maurer

Am Montag, den 28.01.2008, 07:19 +0100 schrieb Zbigniew Szalbot:
> Hello,
> 
> I have been trying to install KDE by using pkg_add -r kde but the
> download is always failing. Reading man pkg_add I see a reference to
> change the FTP mode to passive if the download constantly fails.
> However, man does not say which file should be edited to change it. I
> tried pkgtools.conf but I have not found anything about FTP transfer
> mode in there.
> 
> Can you advise which file needs to be edited?
> 
> Also:
> 
> "Note: If you wish to use passive mode ftp in such transfers, set the
>  variable FTP_PASSIVE_MODE to some value in your environment."
> 
> What value should be set for FTP_PASSIVE_MODE? Any value?
> 
> Many thanks!
> 
> Zbigniew Szalbot

Yes just do something like that:

# export FTP_PASSIVE_MODE=true


bye
Norman



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: dell 1950 hangs on reboot

2008-01-25 Thread Norman Maurer

Am Freitag, den 25.01.2008, 14:53 +0200 schrieb Link:
> Hi all.
> I have problem described in
> http://lists.freebsd.org/pipermail/freebsd-stable/2006-October/029108.html
> I`ve been googling for about 2 days, but i did not found any fix of this
> problem.
> I have freeBSD-6.2-p10 and dell 1950.
> As described it hangs on reboot. But not every time.
> 
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Maybe upgrade the raid firmware ?

Cheers
Norman


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: VM Options

2008-01-23 Thread Norman Maurer

Am Mittwoch, den 23.01.2008, 13:11 -0600 schrieb Jack Barnett:
> Are there any good VM Options for FreeBSD?
> 
> There is VMWare in ports; which I really like - but it's a few years old 
> and still stuck on version 3 the last time I tried it.
> 
> Are there any other options available?

If you just want to run other FreeBSD's I whould try jail ( man jail ).
It's covered in the handbook too..

Cheer,
Norman

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Dell PowerEdge 1900

2008-01-18 Thread Norman Maurer
We use a Poweredge 1950... works without probs..

bye
Norman

Am Freitag, den 18.01.2008, 01:43 -0800 schrieb Doug Hardie:
> Has anyone used the 1900 with FreeBSD?  The NIC is listed as a IntelĀ®  
> PRO 1000PT Dual Port Server Adapter.  I didn't find any reference to  
> that device in the 6.3 hardware 
> information.___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: some help please

2008-01-16 Thread Norman Maurer
Hi,

please reread the handbook I think all you need is explained there
in detail

bye
Norman

Am Mittwoch, den 16.01.2008, 09:46 +0200 schrieb Moazzar Battah:
> Dear Sir,
> 
> I need some help , I am a new user for Linux and freebsd so I need your help
> I need to know how to install the freebsd in the best way and how I can
> install the ports like gnome and openmail interface ? also I will be
> thankful if you send me the commands and what every command mean and how I
> can use it ?
> 
> I already get in the directory /usr/ports/gnome2 & /usr/ports/www and make
> install and its start downloading but nothing happened after that
> installation done ???
> 
> I also need to now how to configure the hostname and ip addresses like local
> ip and fixed ip to trait the local lan and I real lan in the same way..
> 
> Thank u very much   
> 
>  
> 
> -
> 
> Regards,
> 
> Moazzer Battah
> 
> IT Support
> 
> Medical Supply & Services.
> 
> Fax: 02-2959375
> 
> Tel : 02-2959372/1
> 
> Jawwal : 0598-919658
> 
>  
> 
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


RE: newest security patch and custom kernel

2008-01-15 Thread Norman Maurer
Well it depends ... If you know it only change the version string i
whould say no on a production server.

bye
Norman

Am Dienstag, den 15.01.2008, 16:57 + schrieb John Clement:
> > The -p10 includes no kernel updates so restarting is not neccesarry.
> 
> Would it not be advisable to reboot after installing a new kernel
> anyway, to make sure it restarts ok... better that than finding out it
> doesn't boot next time to reboot...
> 
> 
> > bye
> > Norman
> > 
> > Am Dienstag, den 15.01.2008, 08:52 +0100 schrieb zbigniew szalbot:
> > > Hello again,
> > >
> > > Norman Maurer pisze:
> > > > It should be enough to just building and installing the kernel.
> The
> > > > freebsd-update should have patched the kernel src files anyway.
> > > >
> > > Thank you for very helpful advice. One last question, is it
> necessary
> > > to restart the machine? Or can I keep it online after building and
> > > installing the kernel? I don't care about uname -a details not being
> > > updated unless the machine needs restarting to include the updates.
> > >
> > > Thank you!
> > >
> > > Zbigniew Szalbot
> > > > bye
> > > > Norman
> > > >
> > > >
> > > > Am Dienstag, den 15.01.2008, 07:24 +0100 schrieb zbigniew szalbot:
> > > > > Hello,
> > > > >
> > > > >
> > > > > Norman Maurer pisze:
> > > > > > Hi,
> > > > > >
> > > > > > the /usr/src/sys* stuff should be patched anyway. But you need
> > to build
> > > > > > your kernel again and install it to reflect the changes. Even
> > if i think
> > > > > > it only update the -p10 label in the case of -p10 patch set.
> > > > > >
> > > > > OK. So this page applies to me now?
> > > > > http://www.freebsd.org/doc/en_US.ISO8859-
> > 1/books/handbook/kernelconfig-building.html
> > > > >
> > > > >1.
> > > > >
> > > > >   Change to the /usr/src directory:
> > > > >
> > > > >   # cd /usr/src
> > > > >
> > > > >
> > > > >2.
> > > > >
> > > > >   Compile the kernel:
> > > > >
> > > > >   # make buildkernel KERNCONF=/MYKERNEL/
> > > > >
> > > > >
> > > > >3.
> > > > >
> > > > >   Install the new kernel:
> > > > >
> > > > >   # make installkernel KERNCONF=/MYKERNEL/
> > > > >
> > > > >
> > > > > *Note:* It is required to have full FreeBSD source tree to
> > build the
> > > > > kernel.
> > > > >
> > > > >
> > > > > I am interested if I need to download latest FBSD sources then?
> I
> > have
> > > > > not touched them since I built a custom kernel.
> > > > >
> > > > > Thank you!
> > > > >
> > > > > Zbigniew Szalbot
> > > > >
> > > > > > cheers
> > > > > > Norman
> > > > > >
> > > > > >
> > > > > > Am Dienstag, den 15.01.2008, 07:03 +0100 schrieb zbigniew
> > szalbot:
> > > > > > > Hello,
> > > > > > >
> > > > > > > Using freebsd-update I applied the latest security patches
> > which were
> > > > > > > announced yesterday. However, I then notice this message:
> > > > > > >
> > > > > > > The following files will be updated as part of updating to
> > 6.2-RELEASE-p10:
> > > > > > > /boot/GENERIC/kernel
> > > > > > >
> > > > > > > My question is whether my update missed the point because I
> > have a
> > > > > > > custom kernel? If so, do I need to apply it manually as
> > described in the
> > > > > > > security advisory? If I still want to go down the binary
> > road, how can I
> > > > > > > make sure my custom kernel gets patched, too?
> > > > > > >
> > > > > > > Thank you very much!
> > > > > > >
> > > > > > > Zbigniew Szalbot
> > > > > > > ___
> > > > > > > freebsd-questions@freebsd.org mailing list
> > > > > > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > > > > > > To unsubscribe, send any mail to "freebsd-questions-
> > [EMAIL PROTECTED]"
> > > > > >
> > > > > >
> > > >
> > > >
> > 
> > ___
> > freebsd-questions@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to "freebsd-questions-
> > [EMAIL PROTECTED]"

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: newest security patch and custom kernel

2008-01-15 Thread Norman Maurer
The -p10 includes no kernel updates so restarting is not neccesarry.

bye
Norman

Am Dienstag, den 15.01.2008, 08:52 +0100 schrieb zbigniew szalbot:
> Hello again,
> 
> Norman Maurer pisze: 
> > It should be enough to just building and installing the kernel. The
> > freebsd-update should have patched the kernel src files anyway.
> >   
> Thank you for very helpful advice. One last question, is it necessary
> to restart the machine? Or can I keep it online after building and
> installing the kernel? I don't care about uname -a details not being
> updated unless the machine needs restarting to include the updates.
> 
> Thank you!
> 
> Zbigniew Szalbot
> > bye
> > Norman
> > 
> > 
> > Am Dienstag, den 15.01.2008, 07:24 +0100 schrieb zbigniew szalbot:
> > > Hello,
> > > 
> > > 
> > > Norman Maurer pisze:
> > > > Hi,
> > > >
> > > > the /usr/src/sys* stuff should be patched anyway. But you need to build
> > > > your kernel again and install it to reflect the changes. Even if i think
> > > > it only update the -p10 label in the case of -p10 patch set.
> > > >   
> > > OK. So this page applies to me now?
> > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-building.html
> > > 
> > >1.
> > > 
> > >   Change to the /usr/src directory:
> > > 
> > >   # cd /usr/src
> > >   
> > > 
> > >2.
> > > 
> > >   Compile the kernel:
> > > 
> > >   # make buildkernel KERNCONF=/MYKERNEL/
> > >   
> > > 
> > >3.
> > > 
> > >   Install the new kernel:
> > > 
> > >   # make installkernel KERNCONF=/MYKERNEL/
> > >   
> > > 
> > > *Note:* It is required to have full FreeBSD source tree to build the
> > > kernel.
> > > 
> > > 
> > > I am interested if I need to download latest FBSD sources then? I have 
> > > not touched them since I built a custom kernel.
> > > 
> > > Thank you!
> > > 
> > > Zbigniew Szalbot
> > > 
> > > > cheers
> > > > Norman
> > > >
> > > >
> > > > Am Dienstag, den 15.01.2008, 07:03 +0100 schrieb zbigniew szalbot:
> > > > > Hello,
> > > > > 
> > > > > Using freebsd-update I applied the latest security patches which were 
> > > > > announced yesterday. However, I then notice this message:
> > > > > 
> > > > > The following files will be updated as part of updating to 
> > > > > 6.2-RELEASE-p10:
> > > > > /boot/GENERIC/kernel
> > > > > 
> > > > > My question is whether my update missed the point because I have a 
> > > > > custom kernel? If so, do I need to apply it manually as described in 
> > > > > the 
> > > > > security advisory? If I still want to go down the binary road, how 
> > > > > can I 
> > > > > make sure my custom kernel gets patched, too?
> > > > > 
> > > > > Thank you very much!
> > > > > 
> > > > > Zbigniew Szalbot
> > > > > ___
> > > > > freebsd-questions@freebsd.org mailing list
> > > > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > > > > To unsubscribe, send any mail to "[EMAIL PROTECTED]"
> > > >
> > > >   
> > 
> >   

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: newest security patch and custom kernel

2008-01-14 Thread Norman Maurer
It should be enough to just building and installing the kernel. The
freebsd-update should have patched the kernel src files anyway.

bye
Norman


Am Dienstag, den 15.01.2008, 07:24 +0100 schrieb zbigniew szalbot:
> Hello,
> 
> 
> Norman Maurer pisze:
> > Hi,
> >
> > the /usr/src/sys* stuff should be patched anyway. But you need to build
> > your kernel again and install it to reflect the changes. Even if i think
> > it only update the -p10 label in the case of -p10 patch set.
> >   
> OK. So this page applies to me now?
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-building.html
> 
>1.
> 
>   Change to the /usr/src directory:
> 
>   # cd /usr/src
>   
> 
>2.
> 
>   Compile the kernel:
> 
>   # make buildkernel KERNCONF=/MYKERNEL/
>   
> 
>3.
> 
>   Install the new kernel:
> 
>   # make installkernel KERNCONF=/MYKERNEL/
>   
> 
> *Note:* It is required to have full FreeBSD source tree to build the
> kernel.
> 
> 
> I am interested if I need to download latest FBSD sources then? I have 
> not touched them since I built a custom kernel.
> 
> Thank you!
> 
> Zbigniew Szalbot
> 
> > cheers
> > Norman
> >
> >
> > Am Dienstag, den 15.01.2008, 07:03 +0100 schrieb zbigniew szalbot:
> > > Hello,
> > > 
> > > Using freebsd-update I applied the latest security patches which were 
> > > announced yesterday. However, I then notice this message:
> > > 
> > > The following files will be updated as part of updating to 
> > > 6.2-RELEASE-p10:
> > > /boot/GENERIC/kernel
> > > 
> > > My question is whether my update missed the point because I have a 
> > > custom kernel? If so, do I need to apply it manually as described in the 
> > > security advisory? If I still want to go down the binary road, how can I 
> > > make sure my custom kernel gets patched, too?
> > > 
> > > Thank you very much!
> > > 
> > > Zbigniew Szalbot
> > > ___
> > > freebsd-questions@freebsd.org mailing list
> > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > > To unsubscribe, send any mail to "[EMAIL PROTECTED]"
> >
> >   

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: newest security patch and custom kernel

2008-01-14 Thread Norman Maurer
Hi,

the /usr/src/sys* stuff should be patched anyway. But you need to build
your kernel again and install it to reflect the changes. Even if i think
it only update the -p10 label in the case of -p10 patch set.

cheers
Norman


Am Dienstag, den 15.01.2008, 07:03 +0100 schrieb zbigniew szalbot:
> Hello,
> 
> Using freebsd-update I applied the latest security patches which were 
> announced yesterday. However, I then notice this message:
> 
> The following files will be updated as part of updating to 6.2-RELEASE-p10:
> /boot/GENERIC/kernel
> 
> My question is whether my update missed the point because I have a 
> custom kernel? If so, do I need to apply it manually as described in the 
> security advisory? If I still want to go down the binary road, how can I 
> make sure my custom kernel gets patched, too?
> 
> Thank you very much!
> 
> Zbigniew Szalbot
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Network monitoring program.

2008-01-10 Thread Norman Maurer
trafshow ...

bye
Norman

Am Donnerstag, den 10.01.2008, 09:47 -0600 schrieb Eric Crist:
> tcpdump and pump that through ethereal?
> 
> 
> On Jan 10, 2008, at 9:14 AM, Darryl Hoar wrote:
> 
> > Greetings,
> > I need to monitor the network traffic from specific IP addresses.
> > I need to be able to deduce the applications that are running
> > that are generating the traffic.
> >
> > What software in the ports collection will allow me to do this ?
> >
> > thanks,
> > Darryl
> > ___
> > freebsd-questions@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to "[EMAIL PROTECTED] 
> > "
> 
> -
> Eric F Crist
> Secure Computing Networks
> 
> 
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: dell Power Edge 2950

2008-01-09 Thread Norman Maurer


Am Mittwoch, den 09.01.2008, 11:24 -0500 schrieb Brian A. Seklecki:
> On Thu, 27 Dec 2007, Olivier Nicole wrote:
> 
> > Hello,
> >
> > This is just to confirm that Dell Power Edge 2950, with Quad Core Xeon
> > E5420 is OK with FreeBSD 6.2/6.3.
> 
> Make sure that you get a Revision 2 (R2).  We had some serious stability 
> issues with two R1s.  Yay for beta testing $6k servers.
> 
> You'll want to read the entire thread about mfi(4) and bce(4) instability 
> on RELENG_6.  Someone just reported a geometry size reporting error with 
> the new PERC/6 that Dell is pushing, so stick with PERC/5.
> 
> My personal recommendation is to use em(4) and disable onboard Broadcom 
> and forget that Dell ever started shipping Broadcom.
> 
> ~BAS

We using 6.2-p9 on two Dell Power Edge 2950 without problems yet.

bye
Norman


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


ipsec with dynamic ip clients

2008-01-06 Thread Norman Maurer
Hi all,

im using ipsec-tools + gif interfaces for connection some diffrent
offices via ipsec. This works perfectly!
Now I want to setup some config which allow some people to connection
via ipsec client to this ipsec router. They have a dynamic ip so I think
a certificate is the way to go. But im not sure how i need to setup the
gif interface because the ip address will change probally.

So any idea ? I couldn't find any docu :-/

bye
Norman


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


PF and fitering statefull on GIF interface

2008-01-05 Thread Norman Maurer
Hi all,

im using FreeBSD 6.2-p9 on my server which acts as IPSec router using 
ipsec-tools. This works fine...
But now i need to filter traffic which comes from the local private network to 
the vpn private network. I tried todo this with pf and using keep state. The 
return packets just get dropped. 
So I reread the gif manpage and read about the IPSEC_FILTERGIF option. I 
rebuilded the kernel with the option and tried it again. No luck!

So I suspect this option is only valid for ipfw and ipf ? 

Any idea how i can use pf + ipsec ( over gif interface ) to filter the needed 
stuff.
This for example not work:

LOCAL_NET = 10.0.0.0/24
VPN_REMOTE_NET = 192.168.10.0/28

pass proto tcp from $LOCAL_NET to $VPN_REMOTE_NET port 22 flags S/SA keep state


This works:

LOCAL_NET = 10.0.0.0/24
VPN_REMOTE_NET = 192.168.10.0/28

pass proto tcp from $LOCAL_NET to $VPN_REMOTE_NET port 22
pass proto tcp from $VPN_REMOTE_NET port 22 to $LOCAL_NET

Thx for the help

bye
Norman


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"