Having bad performance issues
I'm having some bad perf issues on a 6.2 server running PostgreSQL 8.2.4. I really don't know too much about this stuff...but it doesn't seem to be related to memory or CPU as they're barely being touched. Which leaves IO. Here's some vmstat output. My only guess is that the numbers under the faults section are pretty high. But I don't really know what that means. I'd appreciate any help. Here's the formatted vmstat output: http://pastie.caboo.se/82165 Pat ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Losing connections/performance with PF turned on
We're doing some stress testing on our server, and noticed that when
we turn PF on, we lose connections and have a drastic reduction in
performance.
We used SIEGE for 120 seconds, 50 connections, on req/conn
Firewall On:
Num Users: 50
Availability: 97.23 %
Transaction rate: 58.02 trans/sec
Concurrency: 3.80
Successful: 6994
Failed: 198
Longest Req: 9.06s
Firewall Off:
Num Users: 50
Availability: 100 %
Transaction rate: 94.62 trans/sec
Concurrency: 1.76
Successful: 11342
Failed: 0
Longest Req: 0.51s
You'll notice that with the firewall off, we don't lose any
connections. We also have a 60% increase in tx/sec, and the longest
request takes 1/20 of the time.
I'm including my complete pf.conf file in the hopes that something
will jump out at someone.
Thanks,
Pat
# --- pf.conf skeleton for server
#
# --- MACRO Section -
EXT_IF=em0
PING = echoreq
# --- allowed incoming services initiated by clients
TCP_IN = { http, 8080, nrpe }
#UDP_IN = { }
SSH_IN = { xxx.xxx.xxx.xxx }
# --- allowed services initiated by server
TCP_OUT = { ssh, smtp, domain, ntp, 3690, , http, ftp, 29125 }
UDP_OUT = { domain, ntp }
ORIGINS = { xxx.xxx.xxx.xxx }
# -- TABLE Section --
# -- OPTIONS Section
set loginterface $EXT_IF
set block-policy return
# - TRAFFIC NORMALIZATION
scrub in all
antispoof for $EXT_IF
# -- TRANSLATION Section (NAT/RDR)
# -- FILTER section
# --- DEFAULT POLICY
block log all
# --- LOOPBACK
pass quick on lo0 all
# --- BRUTE FORCE TABLE
table bruteforce persist
block quick from bruteforce
# === INCOMING
# --- EXTERNAL INTERFACE
# --- TCP
pass in quick on $EXT_IF inet proto tcp from any to $EXT_IF port
$TCP_IN flags S/SA keep state
# Allow postgres connection from db server
pass in quick on $EXT_IF inet proto tcp from xxx.xxx.xxx.xxx to
$EXT_IF port 5432 flags S/SA keep state
# --- SSH with brute force blocking
pass in quick on $EXT_IF inet proto { tcp, udp } from any to $SSH_IN
port ssh flags S/SA keep state (max-src-conn 25, max-src-conn-rate
5/3, overload bruteforce flush global)
# --- UDP
#pass in quick on $EXT_IF inet proto udp from any to $EXT_IF port
$UDP_IN keep state
# --- ICMP
pass in quick on $EXT_IF inet proto icmp from any to $EXT_IF icmp-type
$PING keep state
# === OUTGOING
# --- EXTERNAL INTERFACE
# --- TCP
pass out quick on $EXT_IF inet proto tcp from $EXT_IF to any port
$TCP_OUT flags S/SA keep state
# Allow postgres connection to db server
pass out quick on $EXT_IF inet proto tcp from $EXT_IF to
xxx.xxx.xxx.xxx port 5432 flags S/SA keep state
# Allow any connection to uploaders
pass out quick on $EXT_IF inet proto tcp from $EXT_IF to $ORIGINS
flags S/SA keep state
# --- UDP
pass out quick on $EXT_IF inet proto udp from $EXT_IF to any port
$UDP_OUT keep state
# --- ICMP
pass out quick on $EXT_IF inet proto icmp from $EXT_IF to any
icmp-type $PING keep state
# - end of pf.conf
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Losing connections/performance with PF turned on
We're doing some stress testing on our server, and noticed that when
we turn PF on, we lose connections and have a drastic reduction in
performance.
We used SIEGE for 120 seconds, 50 connections, on req/conn
Firewall On:
Num Users: 50
Availability: 97.23 %
Transaction rate: 58.02 trans/sec
Concurrency: 3.80
Successful: 6994
Failed: 198
Longest Req: 9.06s
Firewall Off:
Num Users: 50
Availability: 100 %
Transaction rate: 94.62 trans/sec
Concurrency: 1.76
Successful: 11342
Failed: 0
Longest Req: 0.51s
You'll notice that with the firewall off, we don't lose any
connections. We also have a 60% increase in tx/sec, and the longest
request takes 1/20 of the time.
I've included my complete pf.conf file, hopefully something will jump
out at someone.
Thanks,
Pat
# --- pf.conf skeleton for server
#
# --- MACRO Section -
EXT_IF=em0
PING = echoreq
# --- allowed incoming services initiated by clients
TCP_IN = { http, 8080, nrpe }
#UDP_IN = { }
SSH_IN = { xxx.xxx.xxx.xxx }
# --- allowed services initiated by server
TCP_OUT = { ssh, smtp, domain, ntp, 3690, , http, ftp, 29125 }
UDP_OUT = { domain, ntp }
ORIGINS = { xxx.xxx.xxx.xxx }
# -- TABLE Section --
# -- OPTIONS Section
set loginterface $EXT_IF
set block-policy return
# - TRAFFIC NORMALIZATION
scrub in all
antispoof for $EXT_IF
# -- TRANSLATION Section (NAT/RDR)
# -- FILTER section
# --- DEFAULT POLICY
block log all
# --- LOOPBACK
pass quick on lo0 all
# --- BRUTE FORCE TABLE
table bruteforce persist
block quick from bruteforce
# === INCOMING
# --- EXTERNAL INTERFACE
# --- TCP
pass in quick on $EXT_IF inet proto tcp from any to $EXT_IF port
$TCP_IN flags S/SA keep state
# Allow postgres connection from db server
pass in quick on $EXT_IF inet proto tcp from xxx.xxx.xxx.xxx to
$EXT_IF port 5432 flags S/SA keep state
# --- SSH with brute force blocking
pass in quick on $EXT_IF inet proto { tcp, udp } from any to $SSH_IN
port ssh flags S/SA keep state (max-src-conn 25, max-src-conn-rate
5/3, overload bruteforce flush global)
# --- UDP
#pass in quick on $EXT_IF inet proto udp from any to $EXT_IF port
$UDP_IN keep state
# --- ICMP
pass in quick on $EXT_IF inet proto icmp from any to $EXT_IF icmp-type
$PING keep state
# === OUTGOING
# --- EXTERNAL INTERFACE
# --- TCP
pass out quick on $EXT_IF inet proto tcp from $EXT_IF to any port
$TCP_OUT flags S/SA keep state
# Allow postgres connection to db server
pass out quick on $EXT_IF inet proto tcp from $EXT_IF to
xxx.xxx.xxx.xxx port 5432 flags S/SA keep state
# Allow any connection to uploaders
pass out quick on $EXT_IF inet proto tcp from $EXT_IF to $ORIGINS
flags S/SA keep state
# --- UDP
pass out quick on $EXT_IF inet proto udp from $EXT_IF to any port
$UDP_OUT keep state
# --- ICMP
pass out quick on $EXT_IF inet proto icmp from $EXT_IF to any
icmp-type $PING keep state
# - end of pf.conf
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: BSDstats Project v2.0 ...
On 8/6/06, Marc G. Fournier [EMAIL PROTECTED] wrote: I've now committed v2.0 of the 300.statistics periodic script ... this one adds the device reporting that we'd talked about previously, and the summary reports now reflect the driver(s) in use for those deciding to report ... This Phase of the script is optional, and not enabled by default ... I can't think of any reason why you wouldn't want to report it, but just in case someone feels it poses a problem, its an opt-in report ... pkg-message updated to reflect the extra line you need to add to /etc/periodic.conf: monthly_statistics_report_devices=yes I've written it to report driver + chip= information from pciconf -l, since even pciconf -lv doesn't seem to use card= ... the summary report will be extended next to show both vendor and chip statistics ... Let me know of any problems ... Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . [EMAIL PROTECTED] MSN . [EMAIL PROTECTED] Yahoo . yscrappy Skype: hub.orgICQ . 7615664 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] For those of us who can't read minds, what's the port to install, and the website where we can view the stats? :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Re[2]: BSDstats Project v2.0 ...
On 8/7/06, Daniel Gerzo [EMAIL PROTECTED] wrote: Hello Pat, Monday, August 7, 2006, 10:42:53 PM, you wrote: For those of us who can't read minds, what's the port to install, and the website where we can view the stats? :) sysutils/bsdstats http://bsdstats.hub.org/ Thanks, added my systems :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portupgrade ruby package
On 7/31/06, jan gestre [EMAIL PROTECTED] wrote: hi guys, portaudit reperoted a vulnerability on the ruby package, so i did the following: # cvsup -L 2 ports-supfile # portsdb -Uu # portupgrade -rR ruby but i encountered this error message, i can't upgrade ruby. --- Upgrading 'ruby-1.8.4_8,1' to 'ruby-1.8.4_9,1' (lang/ruby18) --- Building '/usr/ports/lang/ruby18' === Cleaning for ruby-1.8.4_9,1 NOTE: You can enable pthread support by defining WITH_PTHREADS variable, but not recommended since this might break some ruby apps. === ruby-1.8.4_9,1 has known vulnerabilities: = ruby - multiple vulnerabilities. Reference: http://www.FreeBSD.org/ports/portaudit/76562594-1f19-11db-b7d4-0008743bf21a.html = ruby - multiple vulnerabilities. Reference: http://www.FreeBSD.org/ports/portaudit/76562594-1f19-11db-b7d4-0008743bf21a.html = Please update your ports tree and try again. *** Error code 1 I'm not 100% sure on this, but I think the problem is that even the new Ruby port has the vulnerabilities in it. You won't be able to upgrade until those get patched first. This is the first ML message I've seen about this issue, so I don't have any more info. Pat ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Need some help with PF rule letting two machines access each other
On 6/9/06, Erik Norgaard [EMAIL PROTECTED] wrote: Pat Maddox wrote: 12.34.56.78 runs a server on port 1234 87.65.43.21 should connect to this Both of them have PF rulesets that block off most traffic, keeping open the publically available ports I need open. In this case though, any traffic over this port should only be between these two machines. I've tried to set this up, but I keep getting operation not permitted, connection refused, and connection reset by peer errors. Thanks for any info. It's quite difficult to tell which rule catches your packets without the ruleset. Try this: 1) Add log to all block rules 2) Check you have keep state in pass rules 3) Check you have quick in your pass rules If you have a default block policy, then you should generally have quick in pass rules or you might have packets marked for passing being caught later by a block rule. I generally prefer having the default policy at top without quick, and then set quick on rules taking an explicit action. Cheers, Erik Okay, I got it working. On the client, the rule is pass out quick on $EXT_IF inet proto tcp from $EXT_IF to $SERVER port 7721 keep state and on the server, it's just the opposite pass in quick on $EXT_IF inet proto tcp from $CLIENT to $EXT_IF port 7721 keep state The only difference between that rule and the one I had earlier includes a flags S/SA directive on each. Of course now I just tried adding the flags and it works...I'm guessing because the state was already made. If I add flags S/SA is there any reason that'd cause problems. It seems to work fine right now, but didn't earlier - though perhaps I had a typo or something. Pat ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Need some help with PF rule letting two machines access each other
12.34.56.78 runs a server on port 1234 87.65.43.21 should connect to this Both of them have PF rulesets that block off most traffic, keeping open the publically available ports I need open. In this case though, any traffic over this port should only be between these two machines. I've tried to set this up, but I keep getting operation not permitted, connection refused, and connection reset by peer errors. Thanks for any info. Pat ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ^M
# cd /usr/ports/converters/unix2dos/ make install clean $ dos2unix filename On 5/2/06, FreeBSD Daemon [EMAIL PROTECTED] wrote: Dear list, How can I non-manually remove the ^M line breaks from my text files TIA zheyu ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: repeated ssh login attempts/failure/break-in attempts from kiddy script
Disable password-based logins (use keys instead), move SSH to another port, or install some kind of brute force monitor. First two options are the best, but if for some reason you need to keep it on 22 and password-based logins then look to a BF monitor. Just make sure you actually need it..and do some googling, as this gets talked about a lot (I know, because I asked the same question a few months ago! :) Pat On 3/31/06, Nathan Vidican [EMAIL PROTECTED] wrote: Noted recently in auth.log, a string of connection attempts repeated/failed over and over from one host - looks like a script someone's running, tries all kinds of various usernames, etc... attempts like 100-200 logins, fails and goes away. Few hours go by, and another such attempt, from a different IP comes in. If I'm here and just happen to notice them - simple ipfw add deny... does the trick, but is there not a way to limit the login attempts for a certain period of time? ie: after 4 failed attempts from IP _BLANK_ in less than _BLANK_ minutes, deny all attempts and drop connection from said IP... possible? Any suggestions/ideas? Thus far, no one has managed to login (there are only three accounts which even have a shell or can login via ssh... but still not the point). I'd just like to get rid of the problem and save my auth.log file for perhaps something more useful ;) -- Nathan Vidican [EMAIL PROTECTED] Windsor Match Plate Tool Ltd. http://www.wmptl.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Daily chksetuid script - how to ignore certain dirs/filesystems?
I have a backup script that runs every night, backing up everything to a backup drive. When the security script runs, it finds a bunch of setuid files at /backup - I'd like to ignore those files, so I don't have to wade through them every day. I also back up to a remote server and it results in the same thing. How can I make it skip over the backup dir, or at least ignore it in the output? The cron file in question is /etc/periodic/security/100.chksetuid Pat ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Daily chksetuid script - how to ignore certain dirs/filesystems?
On 3/19/06, Ceri Davies [EMAIL PROTECTED] wrote: On 19/3/06 10:58, Pat Maddox [EMAIL PROTECTED] wrote: I have a backup script that runs every night, backing up everything to a backup drive. When the security script runs, it finds a bunch of setuid files at /backup - I'd like to ignore those files, so I don't have to wade through them every day. I also back up to a remote server and it results in the same thing. How can I make it skip over the backup dir, or at least ignore it in the output? The cron file in question is /etc/periodic/security/100.chksetuid The best way to be to mount /backup nosuid. How about on the other server? The files go to the /home partition (and that's where they have to go). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
rsync script not excluding dirs
I have a backup script that runs nightly, and I want it to exclude
certain dirs (ports, obj, etc). However when I run the script it
doesn't exclude anything, leaving me with pretty massive backups.
Here's the entire script.
/, /var, /usr, and /backup are all on different partitions. The key
part is at the bottom where it calls rsync and excludes dirs. Can
someone tell me what's wrong with the script?
Pat
#!/bin/sh
HOME=/
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
export HOME PATH STAGE DAY MONTH YEAR DAY2 DAY1 PERMS SVR PRE ARG
PERMS=`date +%Y%m%d`
SVR=cantona
# forward dating
DAY1=`date +%Y/${SVR}/%m/%d`
# reverse dating for removal of old backup
DAY2=`date -j -v-1w +%Y/${SVR}/%m/%d`
PRE=/usr/local/bin/rsync
ARG=`ps -ax | grep ${PRE} | grep -v grep | wc -l | awk '{ print $1 }'`
if [ $ARG -gt 0 ]; then
echo $PRE is running
return $?
fi
# Remount the filesystem for writing
mount -u -o rw /backup
# snapshot of the perms
ls -lRafh /* /backup/perms_snaps/${PERMS}.${SVR}.perms.snap
tar -czf /backup/perms_snaps/${PERMS}.${SVR}.perms.snap.tar.gz
/backup/perms_snaps/${PERMS}.${SVR}.perms.snap
rm /backup/perms_snaps/${PERMS}.${SVR}.perms.snap
chmod 400 /backup/perms_snaps/*
# create the backup dirs for the day/week/year
mkdir -p /backup/${DAY1}/
# rm the old backups
rm -rf /backup/${DAY2}
${PRE} -bapoguLxSRC --exclude=*.core --exclude=*~* / --exclude=/dev
--exclude=/backup /backup/${DAY1}/
${PRE} -bapoguLxSRC --exclude=*.core --exclude=*~* /var /backup/${DAY1}/
${PRE} -bapoguLxSRC --exclude=*.core --exclude=*~* --exclude=/usr/src
--exclude=/usr/ports --exclude=/usr/obj /usr /backup/${DAY1}/
# Make the file system read only again
mount -u -o ro /backup
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
/home is symlinked to /usr/home - question about backups
I got a dedicated server a while ago, and it came with /home symlinked to /usr/home. I'm not entirely sure why, to tell you the truth, but it's never posed a problem. However if I run rsync -avz to back up my server, it creates something like this: /backup/march/19/home - /usr/home So if I were to go to /backup/march/19 and rm -rf * wouldn't it go and delete everything in /usr/home? That's obviously not my intended result. I've read all the symlink options in man rsync but honestly am not sure what it is that I need to do. Ideally I'd like to have symlinks reference the relative file..so something like /backup/march/19/home - /backup/march/19/usr/home That way I don't lose all my stuff if I remove the file from backup. Right now I'm just ignoring /home when I rsync, but it makes me kind of worried that if I ever backup without ignoring /home and then delete my backup I might lose my live data...I could really use some info. Pat ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to Stop Bruit Force ssh Attempts?
The best thing you can do is move SSH to another port and disable password authentication, and use keys instead. Pat On 3/18/06, Chris Maness [EMAIL PROTECTED] wrote: In my auth log I see alot of bruit force attempts to login via ssh. Is there a way I can have the box automatically kill any tcp/ip connectivity to hosts that try and fail a given number of times? Is there a port or something that I can install to give this kind of protection. I'm still kind of a FreeBSD newbie. Thanks, Chris Maness ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Updating ports
Hi Lisa, The supfile just upgrades the sources. You actually have to build and install it for it to make any changes. Using the standard supfile, you can just do portupgrade -arR and it will only upgrade your ports, it won't touch the base system at all. Then when you want to upgrade the base system, you have the sources available and can do that. But don't worry, there's nothing wrong with having the most up to date base source, even if you haven't upgraded in a couple months. I use portsnap for updating my ports tree. I wish I could tell you the advantages, but I've been using it for over a year now and don't really remember to be perfectly honest :) Anyway, I run portsnap nightly, and then do a weekly update of my base system source using cvsup. I wrote a simple article that shows you how to install and configure portsnap, if you're interested. http://www.flpr.org/articles/2005/08/24/configuring-freebsd Pat On 3/14/06, Lisa Casey [EMAIL PROTECTED] wrote: Hi Folks, I might be a bit confused here. If so, I'm sure you'll tell me about it ;-) I'm running FreeBSD 5.3. I want to update my ports. So I went to the FreeBSD handbook and started reading up on how to do that. According to what I read, I need to install cvsup then create a supfile. OK, so far so good. I just now installed cvsup-without-gui (I'm not running any kind of gui - this is a server). I don't want to update my entire system from FreeBSD 5.3 to something else then do all the make world stuff (although it would be a good idea for me to learn how to do that someday - I just want to update my ports). I got started on this because I wanted to install webmin but I noticed that, in my ports collection the version of webmin is 1.150 whereas the current webmin port at Freshports is version 1.260_2. I figured it would be a good idea just to go ahead and update my ports first before installing webmin so I could install the latest version from ports rather than downloading the tar.gz and installing it that way. Next I need the supfile. I took a look at /usr/share/examples/cvsup/standard-supfile (I think that's what I want) but that looks like something that is going to upgrade the entire system (as I said - probably a good idea but I just don't want to do that now, I just want to update my ports). Can't I just update the ports without updating the entire system? If so, am I going about it the right way or am I just plain confused? If I am going about it the right way then I think there's something about the supfile that I obviously don't understand. I'ld appreciate it if someone on this list could straighten out my thinking. Thanks, Lisa Casey ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Updating ports
Nope, you're good to go On 3/14/06, Lisa Casey [EMAIL PROTECTED] wrote: Hi again, One last question and I think I'll be good to go: In my ports-supfile, I've changed the host to one that is local to me in the USA. Do I need to make any changes to *default release=cvs tag=. *default delete use-rel-suffix Or can I just leave these as the defaults? I understand everything else in ports-supfile. Thanks again, Lisa Casey ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail backup solution?
On 3/13/06, Chuck Swiger [EMAIL PROTECTED] wrote: Carlos Silva, yourdot-internet.com wrote: I have my email stored at a reseller account (via imap) on a server. My intention is that my server at home, download all the emails via imap to backup automatically everyday. But, I dont want that my server download repeated messages (because i have thousands of emails...). Someone has a solution? Your mail hosting provider should have working backups, although it is worth checking. I have a server running postfix/courier-imap, and I'd like to know how to make those working backups. I've asked a couple places but haven't found anything useful. Pat ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail backup solution?
On 3/13/06, Chuck Swiger [EMAIL PROTECTED] wrote: Pat Maddox wrote: On 3/13/06, Chuck Swiger [EMAIL PROTECTED] wrote: [ ... ] Your mail hosting provider should have working backups, although it is worth checking. I have a server running postfix/courier-imap, and I'd like to know how to make those working backups. I've asked a couple places but haven't found anything useful. The two most common styles of mailboxes are mbox and maildir, and both of those can be backed up at the filesystem level using dump, tar, or anything else. I've got it set up using maildir. In the past to back up the mail I just copied the files. At one point I had to restore from the backup, so I just copied the files back into the original location. Logging in via imap though, there were no emails to be found. I've gotten vague I think you just copy the files responses, but that didn't work in my case, and I'm not sure what I need to do. Pat ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
A question on permissions
I want to make a directory writable by one user, and readable by another. It should be owned by the web server UID, and the group should be the gid of my normal login user. %ls -ld /home/pergesu/logs drwxr-x--- 6 www pergesu 512 Feb 23 13:05 /home/pergesu/logs However, the www user apparently can't read/write to that dir. I gave 'www' a real shell just to try it out: %sudo su www %ls -ld /home/pergesu/logs ls: /home/pergesu/logs: Permission denied I don't get why it's doing Permission denied there. www has r/w/x access to that dir. It doesn't, however, have read access to /home/pergesu, so that's my only guess. I don't want to make /home/pergesu readable by everyone though of course. Isn't that what permissions are all about? I'd appreciate any help. Pat ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
lighttpd does 26 req/s on a static file
I'm getting 26 req/s on a static file. Not sure why it's so slow, I could really use some help. Running lighty 1.4.10 on FreeBSD 6.0. Server is a basically unused AMD Barton 3000+ with a gig of RAM, hosted at a data center. -bash-2.05b$ ab -c 9 -n 500 http://72.21.52.134/hello.html Benchmarking 72.21.52.134 (be patient) ... Finished 500 requests Server Software:lighttpd Server Hostname:72.21.52.134 Server Port:80 Document Path: /hello.html Document Length:13 bytes Concurrency Level: 9 Time taken for tests: 19.78523 seconds Complete requests: 500 Failed requests:0 Write errors: 0 Total transferred: 119500 bytes HTML transferred: 6500 bytes Requests per second:26.21 [#/sec] (mean) Time per request: 343.413 [ms] (mean) Time per request: 38.157 [ms] (mean, across all concurrent requests) Transfer rate: 6.08 [Kbytes/sec] received Here's the lighty config: server.modules = ( mod_access, mod_accesslog ) server.document-root = /usr/local/www/data server.port= 80 server.username= www server.groupname = clients server.pid-file= /var/run/lighttpd.pid server.tag = lighttpd accesslog.filename = /var/log/lighttpd.access.log server.errorlog= /var/log/lighttpd.error.log server.indexfiles = ( index.php, index.html, index.htm, default.htm ) url.access-deny= ( ~, .inc ) mimetype.assign = ( .html = text/html, .htm = text/html, ) weigon_ on #lighttpd had me run ktrace, and here's the part he found relevant 22.577040 CALL accept(0x4,0xbfbfea40,0xbfbfea3c) 22.577583 CALL close(0x8) 75740 lighttpd 22.577632 CALL poll(0x806ec00,0x2,0x3e8) 75740 lighttpd 22.614031 RET poll 1 So it's .5ms to handle a request, but 40ms waiting for the next request. I'm not entirely sure what any of this means. Thanks for any help, Pat ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 6.0, lighttpd not starting up on boot
On 19 Nov 2005 08:39:19 -0500, Lowell Gilbert [EMAIL PROTECTED] wrote: Pat Maddox [EMAIL PROTECTED] writes: I've got a 6.0 system with lighttpd installed. I have a lighttpd_enable=YES line in /etc/rc.conf, but lighttpd doesn't start up when the machine boots. I have another machine with the same config (though apparently not exactly the same), and lighttpd starts up with it. There's nothing in the lighttpd error log, and if I use the rc script to start it up it starts fine. How do I find out why it's not starting on boot, and how do I make it start on boot? Is it executable? Try putting an echo or touch command early in the script to see if it's getting run at boot at all. It's definitely executable..it's getting run when I run /etc/rc.d/localpkgs, so it really just makes no sense. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 6.0, lighttpd not starting up on boot
On 19 Nov 2005 08:59:32 -0500, Lowell Gilbert [EMAIL PROTECTED] wrote: Pat Maddox [EMAIL PROTECTED] writes: On 19 Nov 2005 08:39:19 -0500, Lowell Gilbert [EMAIL PROTECTED] wrote: Pat Maddox [EMAIL PROTECTED] writes: I've got a 6.0 system with lighttpd installed. I have a lighttpd_enable=YES line in /etc/rc.conf, but lighttpd doesn't start up when the machine boots. I have another machine with the same config (though apparently not exactly the same), and lighttpd starts up with it. There's nothing in the lighttpd error log, and if I use the rc script to start it up it starts fine. How do I find out why it's not starting on boot, and how do I make it start on boot? Is it executable? Try putting an echo or touch command early in the script to see if it's getting run at boot at all. It's definitely executable..it's getting run when I run /etc/rc.d/localpkgs, so it really just makes no sense. Well, try my suggestion anyway. Alright, I put a touch in the rc script, and it touched the file. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 6.0, lighttpd not starting up on boot
On 19 Nov 2005 09:49:15 -0500, Lowell Gilbert [EMAIL PROTECTED] wrote: Pat Maddox [EMAIL PROTECTED] writes: On 19 Nov 2005 08:59:32 -0500, Lowell Gilbert [EMAIL PROTECTED] wrote: Pat Maddox [EMAIL PROTECTED] writes: On 19 Nov 2005 08:39:19 -0500, Lowell Gilbert [EMAIL PROTECTED] wrote: Pat Maddox [EMAIL PROTECTED] writes: I've got a 6.0 system with lighttpd installed. I have a lighttpd_enable=YES line in /etc/rc.conf, but lighttpd doesn't start up when the machine boots. I have another machine with the same config (though apparently not exactly the same), and lighttpd starts up with it. There's nothing in the lighttpd error log, and if I use the rc script to start it up it starts fine. How do I find out why it's not starting on boot, and how do I make it start on boot? Is it executable? Try putting an echo or touch command early in the script to see if it's getting run at boot at all. It's definitely executable..it's getting run when I run /etc/rc.d/localpkgs, so it really just makes no sense. Well, try my suggestion anyway. Alright, I put a touch in the rc script, and it touched the file. Okay, good. Seriously puzzling, but eliminates a lot of things. Does it start if you call the script with a completely clean environment? [*Something* is different between calling it from the command line and having the rc scripts do it.] I'm really not sure what you mean by a clean environment. I can use the rc script to start it, but that's after the machine boots up. lighttpd doesn't want to start during bootup. I can also start it fine by calling the lighttpd binary. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
6.0, lighttpd not starting up on boot
I've got a 6.0 system with lighttpd installed. I have a lighttpd_enable=YES line in /etc/rc.conf, but lighttpd doesn't start up when the machine boots. I have another machine with the same config (though apparently not exactly the same), and lighttpd starts up with it. There's nothing in the lighttpd error log, and if I use the rc script to start it up it starts fine. How do I find out why it's not starting on boot, and how do I make it start on boot? Thanks, Pat ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Install ruby-postgres binding with postgres 8.1
I want to install the ruby-postgres binding (ports/databases/ruby-postgres), and I've got postgres 8.1 installed on my machine. When I do 'make install', it starts to download postgresql-client-7.4.9, and then fails because that conflicts with postgresql-client-8.1.0, which I have installed. I'd like to somehow remove the dependency on 7.4.9 and compile against 8.1.0...how can I do this? Thanks, Pat ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Install ruby-postgres binding with postgres 8.1
I managed to get this working. If anyone's interested, I wrote up a short guide to upgrading to 8.1 http://www.flpr.org/articles/2005/11/16/upgrading-to-postgresql-8-1 On 11/16/05, Pat Maddox [EMAIL PROTECTED] wrote: I want to install the ruby-postgres binding (ports/databases/ruby-postgres), and I've got postgres 8.1 installed on my machine. When I do 'make install', it starts to download postgresql-client-7.4.9, and then fails because that conflicts with postgresql-client-8.1.0, which I have installed. I'd like to somehow remove the dependency on 7.4.9 and compile against 8.1.0...how can I do this? Thanks, Pat ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Out of range starting Xorg on dual display
I've got a dual display setup, and it had been working fine once I finally got the config done. They're two displays running off one graphics card, one through the DVI output and one through the D-SUB. Today I had to switch the inputs that the monitors use, and it just doesn't work anymore. I get a message on my left display that says Out of range. This isn't an Xorg or FreeBSD error, it's a message from the displays built-in HUD. This doesn't make any sense because as far as Xorg is concerned, there shouldn't be any difference. The D-SUB display should be on the left, and the DVI one should be on the right. I really don't understand what could be causing a problem, but for what it's worth, the display now connected to the D-SUB has always been more finicky than my other display. They're a ViewSonic vp201 (D-SUB) and Dell 2001fp (DVI). Here's my config: Section ServerLayout Identifier Dual Head Screen 0 Screen0 0 0 Screen 1 Screen1 RightOf Screen0 InputDeviceMouse0 CorePointer InputDeviceKeyboard0 CoreKeyboard Option Xinerama true Option Clone off EndSection Section Files RgbPath /usr/X11R6/lib/X11/rgb ModulePath /usr/X11R6/lib/modules FontPath /usr/X11R6/lib/X11/fonts/misc/ FontPath /usr/X11R6/lib/X11/fonts/TTF/ FontPath /usr/X11R6/lib/X11/fonts/Type1/ FontPath /usr/X11R6/lib/X11/fonts/CID/ FontPath /usr/X11R6/lib/X11/fonts/75dpi/ FontPath /usr/X11R6/lib/X11/fonts/100dpi/ EndSection Section Module Load dbe #Load dri Load extmod Load glx Load record Load xtrap Load freetype Load type1 EndSection Section InputDevice Identifier Keyboard0 Driver kbd EndSection Section InputDevice Identifier Mouse0 Driver mouse Option Protocol auto Option Device /dev/sysmouse Option ZAxisMapping 4 5 EndSection Section Monitor Identifier Monitor0 VendorName Vendor Name ModelName Model Name EndSection Section Device Identifier Card0 Driver nvidia VendorName nVidia Corporation BoardName NV25 [GeForce4 Ti 4600] BusID PCI:1:0:0 Screen 0 Option RenderAccel true Option AllowGLXWithComposite true EndSection Section Device Identifier Card1 Driver nvidia VendorName nVidia Corporation BoardName NV25 [GeForce4 Ti 4600] BusID PCI:1:0:0 Screen 1 Option RenderAccel true Option AllowGLXWithComposite true EndSection Section Screen Identifier Screen0 Device Card0 MonitorMonitor0 DefaultDepth 24 SubSection Display Viewport 0 0 Depth 24 Modes 1600x1200 EndSubSection EndSection Section Screen Identifier Screen1 Device Card1 Monitor Monitor0 DefaultDepth 24 SubSection Display Viewport 0 0 Depth 24 EndSubSection EndSection ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Out of range starting Xorg on dual display
On 11/10/05, Garrett Cooper [EMAIL PROTECTED] wrote: On Nov 10, 2005, at 3:10 AM, Pat Maddox wrote: I've got a dual display setup, and it had been working fine once I finally got the config done. They're two displays running off one graphics card, one through the DVI output and one through the D-SUB. Today I had to switch the inputs that the monitors use, and it just doesn't work anymore. I get a message on my left display that says Out of range. This isn't an Xorg or FreeBSD error, it's a message from the displays built-in HUD. This doesn't make any sense because as far as Xorg is concerned, there shouldn't be any difference. The D-SUB display should be on the left, and the DVI one should be on the right. I really don't understand what could be causing a problem, but for what it's worth, the display now connected to the D-SUB has always been more finicky than my other display. They're a ViewSonic vp201 (D-SUB) and Dell 2001fp (DVI). Here's my config: Section ServerLayout Identifier Dual Head Screen 0 Screen0 0 0 Screen 1 Screen1 RightOf Screen0 InputDeviceMouse0 CorePointer InputDeviceKeyboard0 CoreKeyboard Option Xinerama true Option Clone off EndSection Section Files RgbPath /usr/X11R6/lib/X11/rgb ModulePath /usr/X11R6/lib/modules FontPath /usr/X11R6/lib/X11/fonts/misc/ FontPath /usr/X11R6/lib/X11/fonts/TTF/ FontPath /usr/X11R6/lib/X11/fonts/Type1/ FontPath /usr/X11R6/lib/X11/fonts/CID/ FontPath /usr/X11R6/lib/X11/fonts/75dpi/ FontPath /usr/X11R6/lib/X11/fonts/100dpi/ EndSection Section Module Load dbe #Load dri Load extmod Load glx Load record Load xtrap Load freetype Load type1 EndSection Section InputDevice Identifier Keyboard0 Driver kbd EndSection Section InputDevice Identifier Mouse0 Driver mouse Option Protocol auto Option Device /dev/sysmouse Option ZAxisMapping 4 5 EndSection Section Monitor Identifier Monitor0 VendorName Vendor Name ModelName Model Name EndSection Section Device Identifier Card0 Driver nvidia VendorName nVidia Corporation BoardName NV25 [GeForce4 Ti 4600] BusID PCI:1:0:0 Screen 0 Option RenderAccel true Option AllowGLXWithComposite true EndSection Section Device Identifier Card1 Driver nvidia VendorName nVidia Corporation BoardName NV25 [GeForce4 Ti 4600] BusID PCI:1:0:0 Screen 1 Option RenderAccel true Option AllowGLXWithComposite true EndSection Section Screen Identifier Screen0 Device Card0 MonitorMonitor0 DefaultDepth 24 SubSection Display Viewport 0 0 Depth 24 Modes 1600x1200 EndSubSection EndSection Section Screen Identifier Screen1 Device Card1 Monitor Monitor0 DefaultDepth 24 SubSection Display Viewport 0 0 Depth 24 EndSubSection EndSection The issue is with your refresh rates on one of the monitors is out of range. So what you need to do is go online, search for the maximum resolution for your monitors, and match it with the maximum supported resolution for your card along with the individual monitor's maximum resolution. -Garrett Thanks for the reply. I checked out what refresh rates they're using in Windows, and both monitors are set to 60. The finicky monitor apparently can run at 60, 70, or 72. I set the VertRefresh to 60, start up Xorg, and now I'm not getting the error, but it's really flickery. Really, it's more like a bunch of lines are scrolling down very quickly, it's not flicker, so something definitely isn't right. If I set the VertRefresh to a range, like 60-72, I still get that Out of Range error. I haven't been able to find out exactly what refresh rates to use, because these are LCDs and the refresh rates given in ms, not Hertz. Not really sure what that means. Thanks for the reply, seems like I'm getting closer...I'd appreciate any more help you can give me. Pat ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Out of range starting Xorg on dual display
On 11/10/05, Garrett Cooper [EMAIL PROTECTED] wrote:
On Nov 10, 2005, at 11:07 AM, Pat Maddox wrote:
On 11/10/05, Garrett Cooper [EMAIL PROTECTED] wrote:
On Nov 10, 2005, at 3:10 AM, Pat Maddox wrote:
I've got a dual display setup, and it had been working fine once I
finally got the config done. They're two displays running off one
graphics card, one through the DVI output and one through the D-SUB.
Today I had to switch the inputs that the monitors use, and it just
doesn't work anymore. I get a message on my left display that says
Out of range. This isn't an Xorg or FreeBSD error, it's a message
from the displays built-in HUD. This doesn't make any sense because
as far as Xorg is concerned, there shouldn't be any difference. The
D-SUB display should be on the left, and the DVI one should be on
the
right. I really don't understand what could be causing a
problem, but
for what it's worth, the display now connected to the D-SUB has
always
been more finicky than my other display. They're a ViewSonic vp201
(D-SUB) and Dell 2001fp (DVI). Here's my config:
Section ServerLayout
Identifier Dual Head
Screen 0 Screen0 0 0
Screen 1 Screen1 RightOf Screen0
InputDeviceMouse0 CorePointer
InputDeviceKeyboard0 CoreKeyboard
Option Xinerama true
Option Clone off
EndSection
Section Files
RgbPath /usr/X11R6/lib/X11/rgb
ModulePath /usr/X11R6/lib/modules
FontPath /usr/X11R6/lib/X11/fonts/misc/
FontPath /usr/X11R6/lib/X11/fonts/TTF/
FontPath /usr/X11R6/lib/X11/fonts/Type1/
FontPath /usr/X11R6/lib/X11/fonts/CID/
FontPath /usr/X11R6/lib/X11/fonts/75dpi/
FontPath /usr/X11R6/lib/X11/fonts/100dpi/
EndSection
Section Module
Load dbe
#Load dri
Load extmod
Load glx
Load record
Load xtrap
Load freetype
Load type1
EndSection
Section InputDevice
Identifier Keyboard0
Driver kbd
EndSection
Section InputDevice
Identifier Mouse0
Driver mouse
Option Protocol auto
Option Device /dev/sysmouse
Option ZAxisMapping 4 5
EndSection
Section Monitor
Identifier Monitor0
VendorName Vendor Name
ModelName Model Name
EndSection
Section Device
Identifier Card0
Driver nvidia
VendorName nVidia Corporation
BoardName NV25 [GeForce4 Ti 4600]
BusID PCI:1:0:0
Screen 0
Option RenderAccel true
Option AllowGLXWithComposite true
EndSection
Section Device
Identifier Card1
Driver nvidia
VendorName nVidia Corporation
BoardName NV25 [GeForce4 Ti 4600]
BusID PCI:1:0:0
Screen 1
Option RenderAccel true
Option AllowGLXWithComposite true
EndSection
Section Screen
Identifier Screen0
Device Card0
MonitorMonitor0
DefaultDepth 24
SubSection Display
Viewport 0 0
Depth 24
Modes 1600x1200
EndSubSection
EndSection
Section Screen
Identifier Screen1
Device Card1
Monitor Monitor0
DefaultDepth 24
SubSection Display
Viewport 0 0
Depth 24
EndSubSection
EndSection
The issue is with your refresh rates on one of the
monitors is out
of range. So what you need to do is go online, search for the maximum
resolution for your monitors, and match it with the maximum supported
resolution for your card along with the individual monitor's maximum
resolution.
-Garrett
Thanks for the reply.
I checked out what refresh rates they're using in Windows, and both
monitors are set to 60. The finicky monitor apparently can run at 60,
70, or 72.
I set the VertRefresh to 60, start up Xorg, and now I'm not getting
the error, but it's really flickery. Really, it's more like a bunch
of lines are scrolling down very quickly, it's not flicker, so
something definitely isn't right. If I set the VertRefresh to a
range, like 60-72, I still get that Out of Range error. I haven't
been able to find out exactly what refresh rates to use, because these
are LCDs and the refresh rates given in ms, not Hertz. Not really
sure what that means.
Thanks for the reply, seems like I'm getting closer...I'd appreciate
any more help you can give me.
Pat
Pat,
That's not the actual refresh range for the monitor, it's just the
currently used range.
What you want to do is search for {maker} {model} horizontal
refresh in google; the pages which come up are the ones you want to
refer to for your xorg.conf configuration.
Also, just as a sidenote, setting
Upgrading to pgsql 8.1 via ports
So PostgreSQL 8.1 was released a few days ago, and I was looking forward to upgrading to it. Figured it might take a day or two before the changes were made in ports, and was surprised to see that my postgresql packages are still up to date. The packages I have installed are postgresql-server and postgresql-client...which according to freshports.org don't exist! Right now I'm running 8.0, but I guess I have some outdated packages that may have been deleted? I don't know, to be honest. So I've got a few questions. First, should I not be using postgresql-server and postgresql-client? They don't seem to be in /usr/ports/databases anymore, and I definitely installed them from ports. Should I use postgresql81-server now instead? What do I need to do in order to upgrade my system to use pgsql 8.1? Thanks, Pat ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
What packages can I deinstall?
I've got a bunch of packages installed on my machine and I'd like to know if I can deinstall any of them. I know what a lot of them do, and know what will happen if I deinstall them. Others, I'm not really sure. For example I've got a package named cclient (http://www.freshports.org/mail/cclient/) installed. If I run pkg_deinstall -n cclient, it says that it'd be removed without any problems. So evidently no other package is depending on this...perhaps it's just an artifact from a package I installed a while back but deinstalled? Basically I'd like to clear out any unused packages. Is it safe to just run on pkg_deinstall -n on any package I don't recognize, and if it isn't required as a dependency for another package go ahead and delete it? Thanks, Pat ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Backing up postgresql data
I've got postgresql 8 running on my system, and want to do nightly backups of the database. I took a look at the docs, and there are a few methods of doing backups - pg_dump, file system level, and using WAL. I just want to be able to rsync my data every night, maybe every few hours, so that I can recover it if there are any problems...so what's the best way to do this. Are there any scripts or utilities available to make my life easy? Thanks, Pat ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Segmentation fault when building kdelibs
On 19 Sep 2005 16:17:03 -0400, Lowell Gilbert [EMAIL PROTECTED] wrote: Pat Maddox [EMAIL PROTECTED] writes: I'm trying to upgrade my system, and the build of kdelibs always fails because of some segmentation fault. I have absolutely no idea what all this means, so I'll try to post as much of the error as I can determine is relevant. Hopefully somebody can help me out. In file included from kjanuswidget.cpp:24: /usr/X11R6/include/qheader.h:207: internal compiler error: Segmentation fault Please submit a full bug report, with preprocessed source if appropriate. See URL:http://gcc.gnu.org/bugs.html for instructions. gmake[3]: *** [kjanuswidget.lo] Error 1 gmake[3]: Leaving directory `/usr/ports/x11/kdelibs3/work/kdelibs-3.4.2/kdeui' gmake[2]: *** [all-recursive] Error 1 gmake[2]: Leaving directory `/usr/ports/x11/kdelibs3/work/kdelibs-3.4.2/kdeui' gmake[1]: *** [all-recursive] Error 1 gmake[1]: Leaving directory `/usr/ports/x11/kdelibs3/work/kdelibs-3.4.2' gmake: *** [all] Error 2 *** Error code 2 Stop in /usr/ports/x11/kdelibs3. ** Command failed [exit code 1]: /usr/bin/script -qa /tmp/portupgrade31298.0 make ** Fix the problem and try again. ** Listing the failed packages (*:skipped / !:failed) ! x11/kdelibs3 (kdelibs-3.4.0_1)(segmentation fault) --- Packages processed: 0 done, 0 ignored, 0 skipped and 1 failed The obvious question is: does it always fail at the same point? If not, then it's almost certainly a hardware problem. If it does, then a bit more information on your system would be needed, including how you updated the ports skeletons, and whether you tried updating them again since you first saw the problem. And if you aren't already, try using the system compiler to build the port. I've had a couple people suggest that it may be a hardware problem - what should I be looking for? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Segmentation fault when building kdelibs
On 9/19/05, Charles Swiger [EMAIL PROTECTED] wrote: On Sep 19, 2005, at 6:04 PM, Pat Maddox wrote: The obvious question is: does it always fail at the same point? If not, then it's almost certainly a hardware problem. If it does, then a bit more information on your system would be needed, including how you updated the ports skeletons, and whether you tried updating them again since you first saw the problem. And if you aren't already, try using the system compiler to build the port. I've had a couple people suggest that it may be a hardware problem - what should I be looking for? Pretty much what was quoted above. :-) If you run the same build twice, does the compiler crash at the same place, or in a different place? If the crash happens somewhere else each time, it's probably hardware. -- -Chuck Happens in different spots, so I guess it's a hardware problem. But what exactly am I looking for? Is it bad ram, a bad disk? How do I find out what's messed up? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Segmentation fault when building kdelibs
I'm trying to upgrade my system, and the build of kdelibs always fails because of some segmentation fault. I have absolutely no idea what all this means, so I'll try to post as much of the error as I can determine is relevant. Hopefully somebody can help me out. In file included from kjanuswidget.cpp:24: /usr/X11R6/include/qheader.h:207: internal compiler error: Segmentation fault Please submit a full bug report, with preprocessed source if appropriate. See URL:http://gcc.gnu.org/bugs.html for instructions. gmake[3]: *** [kjanuswidget.lo] Error 1 gmake[3]: Leaving directory `/usr/ports/x11/kdelibs3/work/kdelibs-3.4.2/kdeui' gmake[2]: *** [all-recursive] Error 1 gmake[2]: Leaving directory `/usr/ports/x11/kdelibs3/work/kdelibs-3.4.2/kdeui' gmake[1]: *** [all-recursive] Error 1 gmake[1]: Leaving directory `/usr/ports/x11/kdelibs3/work/kdelibs-3.4.2' gmake: *** [all] Error 2 *** Error code 2 Stop in /usr/ports/x11/kdelibs3. ** Command failed [exit code 1]: /usr/bin/script -qa /tmp/portupgrade31298.0 make ** Fix the problem and try again. ** Listing the failed packages (*:skipped / !:failed) ! x11/kdelibs3 (kdelibs-3.4.0_1)(segmentation fault) --- Packages processed: 0 done, 0 ignored, 0 skipped and 1 failed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Configuring multiple monitors
I've spent a lot of time looking into how to set up multiple monitors, and I'm kind of clueless. I'm not great with configuring stuff in the first place, so that's probably why I'm having trouble. Anyway I've got a Dell 2001fp and a Viewsonic vp201, hooked up to a GeForce4 Ti4600. Right now I've got Xorg set up to use the 2001fp connected to the D-Sub output, and I want to use the other display on the DVI output. I'd like to just be able to have one big desktop, like I can on Windows. If I just run Xorg -configure, it only sets up one of the displays. Are there any instructions on setting this up or anything? Thanks, Pat ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring multiple monitors
Hey Mario, Thanks for the response. I installed nvidia-driver and changed the conf file as you suggested, but I get the error: NVRM: Detected agp.ko, aborting NVIDIA AGP setup! X still starts up, but only with one screen. Not really sure what to do - any ideas? Thanks, Pat On 9/17/05, Mario Hoerich [EMAIL PROTECTED] wrote: # Pat Maddox: Anyway I've got a Dell 2001fp and a Viewsonic vp201, hooked up to a GeForce4 Ti4600. You'll need to run the binary nvidia-driver (~ports/x11/nvidia-driver) for this to work. Once that works, the xorg.conf-entries are rather simple: # see /usr/X11R6/share/doc/NVIDIA_GLX-1.0 for nVidia-specific docs Section Device Identifier NV AGP Driver nvidia BusID PCI:1:0:0 Option TwinView on Option MetaModes 1280x1024,1280x1024 Option SecondMonitorHorizSync 28-64 Option SecondMonitorVertRefresh 60 Option TwinViewOrientation LeftOf # Or RightOf Option RenderAccel true EndSection Section Screen Identifier Screen 1 Device NV AGP Monitor samsung DefaultDepth 24 Subsection Display Depth 24 Modes 1280x1024 EndSubsection EndSection Section ServerLayout Identifier Layout 1 Screen Screen 1 InputDevice Mouse 1 CorePointer InputDevice Keyboard 1 CoreKeyboard EndSection The screen-section sets up the primary display, the other is set up with the SecondMonitorXXX-options in the Device Section. ServerLayout sets the screen-section to use. HTH Mario ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring multiple monitors
I did some searching and disabled agp.ko in the device.hints file. Still I get this error (twice), and I have no idea what it means: Symbol __glXGetActiveScreen from module /usr/X11R6/lib/modules/extensions/libdri.a is unresolved! On 9/17/05, Pat Maddox [EMAIL PROTECTED] wrote: Hey Mario, Thanks for the response. I installed nvidia-driver and changed the conf file as you suggested, but I get the error: NVRM: Detected agp.ko, aborting NVIDIA AGP setup! X still starts up, but only with one screen. Not really sure what to do - any ideas? Thanks, Pat On 9/17/05, Mario Hoerich [EMAIL PROTECTED] wrote: # Pat Maddox: Anyway I've got a Dell 2001fp and a Viewsonic vp201, hooked up to a GeForce4 Ti4600. You'll need to run the binary nvidia-driver (~ports/x11/nvidia-driver) for this to work. Once that works, the xorg.conf-entries are rather simple: # see /usr/X11R6/share/doc/NVIDIA_GLX-1.0 for nVidia-specific docs Section Device Identifier NV AGP Driver nvidia BusID PCI:1:0:0 Option TwinView on Option MetaModes 1280x1024,1280x1024 Option SecondMonitorHorizSync 28-64 Option SecondMonitorVertRefresh 60 Option TwinViewOrientation LeftOf # Or RightOf Option RenderAccel true EndSection Section Screen Identifier Screen 1 Device NV AGP Monitor samsung DefaultDepth 24 Subsection Display Depth 24 Modes 1280x1024 EndSubsection EndSection Section ServerLayout Identifier Layout 1 Screen Screen 1 InputDevice Mouse 1 CorePointer InputDevice Keyboard 1 CoreKeyboard EndSection The screen-section sets up the primary display, the other is set up with the SecondMonitorXXX-options in the Device Section. ServerLayout sets the screen-section to use. HTH Mario ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring multiple monitors
Okay I managed to get it working, here's my entire xorg.conf file. Everything look alright there? Anything I may want to change? Thanks for all the help, seems to be working fine. If you have any other suggestions I'd appreciate them. Section ServerLayout Identifier Dual Head Screen 0 Screen0 0 0 Screen 1 Screen1 RightOf Screen0 InputDeviceMouse0 CorePointer InputDeviceKeyboard0 CoreKeyboard Option Xinerama true Option Clone off EndSection Section Files RgbPath /usr/X11R6/lib/X11/rgb ModulePath /usr/X11R6/lib/modules FontPath /usr/X11R6/lib/X11/fonts/misc/ FontPath /usr/X11R6/lib/X11/fonts/TTF/ FontPath /usr/X11R6/lib/X11/fonts/Type1/ FontPath /usr/X11R6/lib/X11/fonts/CID/ FontPath /usr/X11R6/lib/X11/fonts/75dpi/ FontPath /usr/X11R6/lib/X11/fonts/100dpi/ EndSection Section Module Load dbe Load extmod Load glx Load record Load xtrap Load freetype Load type1 EndSection Section InputDevice Identifier Keyboard0 Driver kbd EndSection Section InputDevice Identifier Mouse0 Driver mouse Option Protocol auto Option Device /dev/sysmouse EndSection Section Monitor Identifier Monitor0 VendorName Dell ModelName 2001FP EndSection Section Device Identifier Card0 Driver nvidia VendorName nVidia Corporation BoardName NV25 [GeForce4 Ti 4600] BusID PCI:1:0:0 Screen 0 Option RenderAccel true Option AllowGLXWithComposite true EndSection Section Device Identifier Card1 Driver nvidia VendorName nVidia Corporation BoardName NV25 [GeForce4 Ti 4600] BusID PCI:1:0:0 Screen 1 Option RenderAccel true Option AllowGLXWithComposite true EndSection Section Screen Identifier Screen0 Device Card0 MonitorMonitor0 DefaultDepth 24 SubSection Display Viewport 0 0 Depth 24 Modes 1600x1200 EndSubSection EndSection Section Screen Identifier Screen1 Device Card1 Monitor Monitor0 DefaultDepth 24 SubSection Display Viewport 0 0 Depth 24 EndSubSection EndSection ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
portsnap segmentation fault
When I run portsnap update, I get the following error after it extracts the files: Building new INDEX files... Segmentation fault (core dumped) This is occuring on three different machines, so I'm guessing it's a problem with portsnap, not my one machine. But they all have similar configurations, so it could be my setup, I don't know. Any ideas what's going on? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsnap segmentation fault
I just updated it, and now get the error: Building new INDEX files... make_index: Circular dependency loop found: timidity++-2.13.2_1 depends upon itself. Is that a problem with the database file or something? Do I just wait for Colin to fix it? Thanks for the reply. Pat On 9/17/05, martin hudec [EMAIL PROTECTED] wrote: Hello, On Sat, Sep 17, 2005 at 02:56:11PM -0600 or thereabouts, Pat Maddox wrote: When I run portsnap update, I get the following error after it extracts the files: Building new INDEX files... Segmentation fault (core dumped) This is occuring on three different machines, so I'm guessing it's a problem with portsnap, not my one machine. But they all have similar configurations, so it could be my setup, I don't know. Any ideas what's going on? You are probably correct in your guess. Colin Percival commited fix and update to portsnap (current version is 0.9.5) today, which fixes make index coredumping when encounter a circular dependency is made. So upgrade your portsnap installation and I hope it will solve your problem. Cheers, Martin -- martin hudec * 421 907 303 393 * [EMAIL PROTECTED] * http://www.aeternal.net Nothing travels faster than the speed of light with the possible exception of bad news, which obeys its own special laws. Douglas Adams, The Hitchhiker's Guide to the Galaxy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Forwarding mail to another server
My ISP (Bresnan) blocks outgoing traffic on port 25. I'd like to make it so that the mail program automatically forwards requests to my ISP's mail server, instead of trying to directly send mail to the appropriate server. For example, if I did mail [EMAIL PROTECTED] And sent a message, my machine would send that to mail.bresnan.net and have them pass it on. Is it possible to do that? If so, how? Thanks, Pat ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Forwarding mail to another server
Awesome, that worked great, thanks. On 8/26/05, Björn König [EMAIL PROTECTED] wrote: Pat Maddox wrote: My ISP (Bresnan) blocks outgoing traffic on port 25. I'd like to make it so that the mail program automatically forwards requests to my ISP's mail server, instead of trying to directly send mail to the appropriate server. For example, if I did mail [EMAIL PROTECTED] And sent a message, my machine would send that to mail.bresnan.net and have them pass it on. Is it possible to do that? If so, how? I use the port mail/ssmtp for this purpose. This is a small program that sends all mails via a relay server. After you have installed it you will find some example configuration files in /usr/local/etc/ssmtp. Alter also the entries in /etc/mail/mailer.conf to sendmail/usr/local/sbin/ssmtp send-mail /usr/local/sbin/ssmtp mailq /usr/local/sbin/ssmtp newaliases /usr/local/sbin/ssmtp hoststat/usr/bin/true purgestat /usr/bin/true Regards Björn ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Forwarding mail to another server
Hey guys, thanks for all the advice so far. I initially went with ssmtp, that seemed to be working alright, but some of my emails are getting...lost. They probably bounce, but because I don't have an SMTP server running on my machine, I'm not getting those bounces. I wanted to try Daniel's method, using SMART_HOST. So I removed the ssmtp port and, made the changes back to /etc/mail/mailer.conf, and followed his instructions. None of the messages go through, they always end up on my local machine with the message Failed to route address. Any ideas on what to do? On 8/26/05, Joe Auty [EMAIL PROTECTED] wrote: You can setup an MTA like Postfix to respond to an alternate port in addition to port 25. So, for me, I send mail on port 2525 to my SMTP server which requires authentication over SSL. If this sort of setup is not feasible for you, would a .forward file in your home directory do what you want? On Aug 26, 2005, at 6:08 AM, Pat Maddox wrote: My ISP (Bresnan) blocks outgoing traffic on port 25. I'd like to make it so that the mail program automatically forwards requests to my ISP's mail server, instead of trying to directly send mail to the appropriate server. For example, if I did mail [EMAIL PROTECTED] And sent a message, my machine would send that to mail.bresnan.net and have them pass it on. Is it possible to do that? If so, how? Thanks, Pat ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Re[2]: how to enable altq to use with ipfw
If you're using IPFW, there's no reason to enable PF. But here's the code to enable in your kernel config: # pf support device pf device pflog device pfsync Here's the handbook page on PF and ALTQ: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-pf.html On 8/24/05, vladone [EMAIL PROTECTED] wrote: Thanks! And pf how it's enabled? I think need some device in /dev This is created when compiling kernel with these options or need to compile and options for pf? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Security warning with sshd
Hey guys, thanks for the help so far. I'm going to post this to the
freebsd-pf list to see if anyone has any ideas...but I'm using PF, and
here's the config. Hopefully you can take a look and see what the
problem may be. As I said earlier, I'm not positive why I'm getting
those errors, but I believe it's because my SSH connection is getting
cut off whenever I enable the firewall. I've also been looking for a
way to not be cut off (since it's very annoying), and it seems like
figuring out and correcting these errors will also fix the second
problem.
# --- pf.conf skeleton for server
#
# --- MACRO Section -
EXT_IF=fxp0
PING = echoreq
# --- allowed incoming services initiated by clients
TCP_IN = { 3000, ssh, ftp, smtp, domain, pop3, imap, http, https,
3690, 5001, 5002, 5003, 5004, 5005 }
UDP_IN = { domain, 3690 }
# --- allowed services initiated by server
TCP_OUT = { ssh, smtp, ftp, domain, http, https, ntp, 5999 }
UDP_OUT = { domain, ntp }
# -- TABLE Section --
# -- OPTIONS Section
set loginterface $EXT_IF
# - TRAFFIC NORMALIZATION
scrub in all
# -- TRANSLATION Section (NAT/RDR)
# -- FILTER section
# --- DEFAULT POLICY
block log all
# --- LOOPBACK
pass quick on lo0 all
# === INCOMING
# --- EXTERNAL INTERFACE
# --- TCP
pass in quick on $EXT_IF inet proto tcp from any to $EXT_IF port
$TCP_IN flags S/SA keep state
# --- UDP
pass in quick on $EXT_IF inet proto udp from any to $EXT_IF port
$UDP_IN keep state
# --- ICMP
pass in quick on $EXT_IF inet proto icmp from any to $EXT_IF icmp-type
$PING keep state
# === OUTGOING
# --- EXTERNAL INTERFACE
# --- TCP
pass out quick on $EXT_IF inet proto tcp from $EXT_IF to any port
$TCP_OUT flags S/SA keep state
# --- UDP
pass out quick on $EXT_IF inet proto udp from $EXT_IF to any port
$UDP_OUT keep state
# --- ICMP
pass out quick on $EXT_IF inet proto icmp from $EXT_IF to any
icmp-type $PING keep state
# - end of pf.conf
On 8/23/05, Alexander Leidinger [EMAIL PROTECTED] wrote:
Stephen Major [EMAIL PROTECTED] wrote:
The issue he is having I had the exact same problems, as soon as I changed
my config to the one below poof no more problems. You can set your firewall
however you want. I was just saying what gets rid of the problem he is
having with ssh.
I wasn't commenting the ssh issue, since it isn't clear why the problem
exists. At least I haven't seen a problem analysis where the cause of this
was shown. Maybe I missed it. So your posting may be the right solution or
not. I don't know yet, and I don't care about this in this mail, since I
wasn't talking about the ssh issue (see below).
So instead of ripping apart what I have said why do you not provide a better
solution to the original question asked.
I wasn't ripping apart what you said. I just wanted to be helpful and share a
little bit of knowledge. You're mixing stateful with non-stateful rules and
this may result in unwanted packets traveling through the firewall. I
thought you (and maybe others) may be interested in this.
BTW.: in some environments this is a hole in the firewall and needs to be
fixed, so one shouldn't use this part of your example. Since the security
mailinglist is in the CC, we can't let this problem be uncommented.
Another helpful suggestion: Please don't quote everything and please write
your comments below the parts where they belong. This is common behavior in
the FreeBSD lists and doing the opposide will result in less (useful)
responses from some members of the lists (because it makes the mail harder
to read and people may decide to not spend the time to read the mail and
point out problem solutions or small bugs in your offering of a solution).
Bye,
Alexander.
--
http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137
To add insult to injury.
-- Phaedrus
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Illegal access attempt - FreeBSD 5.4 Release - please advise
It's not that big of a deal...they didn't get in or anything. If you've got a server that's always connected to the internet, you'll see people trying to break in all the time. The more popular your server, the more frequent the attempts. This is just someone trying to log in via SSH - so as long as you have good passwords on all your accounts, and disable remote root login, you're fine. You may consider denying access after X failed login attempts. On 8/23/05, ro ro [EMAIL PROTECTED] wrote: Hi All, I was browsing through my log files and noticed that someone (or many people) is trying to gain illegal access to my server (see snippet from log files below). The below log file clearly indicates someone trying to hackaway at my personal server. I performed the following steps: nmap -v 210.0.142.153 and noticed that this person/institution had port 80 and 21 open. I visited their website and it appears to be someone from hongkong. http://www.chkpcc.edu.hk/ HERE IS THEIR CONTACT INFORMATION AS IT APPEARS ON THEIR WEBSITE - Confucian Ho Kwok Pui Chun College 孔 教 學 院 何 郭 佩 珍 中 學 Address 地址: Fu Shin Est., Taipo, N.T., HKSAR 香港新界大埔富善村 Tel 電話: 852-2666-5926 Fax 傳真: 852-2660-7988 E-mail 電郵: [EMAIL PROTECTED] - When I saw the logs for the first time. I took the following steps: 1) AllowUsers in sshd contained only users that I wanted to have access to my ssh 2) Created a decent rulest within ipfw that permitted incoming access to only two ports ssh and http I took the issue of creating a good firewall quite lightly and now I regret that decision.. now I have learnt... Can someone provide me with guidance on this issue and advise me on next steps to take action against such losers. Thanks RV Aug 23 08:19:03 free sshd[22519]: Illegal user lp from 210.0.142.153 Aug 23 08:19:06 free sshd[22521]: Illegal user admin from 210.0.142.153 Aug 23 08:19:08 free sshd[22523]: Illegal user admin from 210.0.142.153 Aug 23 08:19:10 free sshd[22525]: Illegal user admin from 210.0.142.153 Aug 23 08:19:12 free sshd[22527]: Illegal user admin from 210.0.142.153 Aug 23 08:19:15 free sshd[22529]: Illegal user admin from 210.0.142.153 Aug 23 08:19:17 free sshd[22531]: Illegal user admin from 210.0.142.153 Aug 23 08:19:19 free sshd[22533]: Illegal user admin from 210.0.142.153 Aug 23 08:19:22 free sshd[22535]: User root not allowed because not listed in AllowUsers Aug 23 08:19:24 free sshd[22537]: User root not allowed because not listed in AllowUsers Aug 23 08:19:27 free sshd[22539]: User root not allowed because not listed in AllowUsers Aug 23 08:19:29 free sshd[22541]: User root not allowed because not listed in AllowUsers Aug 23 08:19:33 free sshd[22543]: User root not allowed because not listed in AllowUsers Aug 23 08:19:35 free sshd[22545]: User root not allowed because not listed in AllowUsers Aug 23 08:19:37 free sshd[22547]: Illegal user apache from 210.0.142.153 Aug 23 08:19:40 free sshd[22549]: Illegal user dan from 210.0.142.153 Aug 23 08:19:42 free sshd[22551]: Illegal user electra from 210.0.142.153 Aug 23 08:19:44 free sshd[22553]: Illegal user student from 210.0.142.153 Aug 23 08:19:47 free sshd[22555]: Illegal user school from 210.0.142.153 Aug 23 08:19:49 free sshd[22557]: User mysql not allowed because not listed in AllowUsers Aug 11 20:16:10 free sshd[21585]: Illegal user test from 210.245.197.16 Aug 11 20:16:12 free sshd[21587]: Illegal user guest from 210.245.197.16 Aug 11 20:16:14 free sshd[21589]: Illegal user admin from 210.245.197.16 Aug 11 20:16:16 free sshd[21591]: Illegal user admin from 210.245.197.16 Aug 11 20:16:23 free sshd[21593]: Illegal user user from 210.245.197.16 Aug 11 20:16:32 free sshd[21601]: Illegal user test from 210.245.197.16 Aug 14 03:39:21 free sshd[32377]: Illegal user 1 from 61.145.222.10 Aug 14 03:39:26 free sshd[32379]: Illegal user a from 61.145.222.10 Aug 14 03:39:31 free sshd[32381]: Illegal user a from 61.145.222.10 Aug 14 03:39:38 free sshd[32383]: Illegal user abuse from 61.145.222.10 Aug 14 10:47:49 free sshd[33623]: Illegal user admin from 64.222.146.197 Aug 14 10:47:51 free sshd[33625]: Illegal user administrator from 64.222.146.197 Aug 14 10:47:52 free sshd[33627]: Illegal user jack from 64.222.146.197 Aug 14 10:47:53 free sshd[33629]: Illegal user marvin from 64.222.146.197 Aug 14 10:47:58 free sshd[33631]: Illegal user andres from 64.222.146.197 Aug 14 10:47:59 free sshd[33633]: Illegal user barbara from 64.222.146.197 Aug 14 10:48:01 free sshd[33635]: Illegal user adine from 64.222.146.197 Aug 14 10:48:02 free sshd[33637]: Illegal user test from 64.222.146.197 Aug 14 10:48:04 free sshd[33639]: Illegal user guest from 64.222.146.197 Aug 14 10:48:07 free sshd[33641]: Illegal user db from 64.222.146.197
Re: how to enable altq to use with ipfw
Hey Vladone, I was looking for the same thing a while back, wanting to use ALTQ for PF. Enable support in the kernel by adding the following lines: # ALTQ support options ALTQ options ALTQ_CBQ# Class Bases Queuing (CBQ) options ALTQ_RED# Random Early Detection (RED) options ALTQ_RIO# RED In/Out options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC) options ALTQ_PRIQ # Priority Queuing (PRIQ) options ALTQ_NOPCC # Required for SMP build You may not need the NOPCC option, depends on your system. On 8/23/05, vladone [EMAIL PROTECTED] wrote: Hi! I want to enable altq to use in conjunction with ipfw. How can do that? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
rkhunter gives warning for lsof
I ran rkhunter and got this warning: lsof: WARNING: compiled for FreeBSD release 5.4-RELEASE; this is 5.4-RELEASE-p6. I'm guessing what it means is that when I upgraded the base system that lsof wasn't rebuilt along with it? Is that going to cause a problem at all? How do I rebuild it so that I don't get that warning every time I run rkhunter? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: rkhunter gives warning for lsof
It never fails that when I work on something for an hour, and can't figure it out so I post to the list..I figure it out two minutes later. I thought lsof was part of the base system, turns out it's a port. (brain dead) On 8/21/05, Pat Maddox [EMAIL PROTECTED] wrote: I ran rkhunter and got this warning: lsof: WARNING: compiled for FreeBSD release 5.4-RELEASE; this is 5.4-RELEASE-p6. I'm guessing what it means is that when I upgraded the base system that lsof wasn't rebuilt along with it? Is that going to cause a problem at all? How do I rebuild it so that I don't get that warning every time I run rkhunter? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Security warning with sshd
In my recent security email, I got the following errors: cantona.dnswatchdog.com login failures: Aug 20 02:37:19 cantona sshd[9444]: fatal: Write failed: Operation not permitted Aug 20 04:30:42 cantona sshd[16142]: fatal: Write failed: Operation not permitted Aug 20 21:21:51 cantona sshd[45716]: fatal: Write failed: Operation not permitted So three questions: What is it? Should I be worried? How can I fix it? Thanks, Pat ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Security warning with sshd
On 8/21/05, Remko Lodder [EMAIL PROTECTED] wrote: Pat Maddox wrote: In my recent security email, I got the following errors: cantona.dnswatchdog.com login failures: Aug 20 02:37:19 cantona sshd[9444]: fatal: Write failed: Operation not permitted Aug 20 04:30:42 cantona sshd[16142]: fatal: Write failed: Operation not permitted Aug 20 21:21:51 cantona sshd[45716]: fatal: Write failed: Operation not permitted So three questions: What is it? Should I be worried? How can I fix it? Thanks, Pat A couple of messages that i read when searching through google appear to indicate that it might rely on your firewall, bad packets that are not in state anymore and such and then gets blocked by your firewall. Could you provide some more details of events happening around the same time of the messages you posted here? Perhaps something else precedes the message which gives more information on what might have happened... Url with some information: http://lists.freebsd.org/pipermail/freebsd-pf/2005-August/001337.html (and related messages) Cheers, Remko -- Kind regards, Remko Lodder ** [EMAIL PROTECTED] FreeBSD** [EMAIL PROTECTED] Reporter DSINET** [EMAIL PROTECTED] I don't know what exactly was happening, but after looking at that link my guess is that it occurred when I enabled the firewall. If I'm logged in and enable it, my ssh connection is dropped...except I don't get disconnected, the ssh connection is simply unresponsive. Which makes sense since the firewall just went up. But maybe that's part of the problem? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IMAP Server suggestions
I run courier-imap, works really well for me. On Sat, 20 Aug 2005 02:27:54 -0400 Tim Holmes [EMAIL PROTECTED] wrote: It's been a while since I've set up an IMAP server, but I would like to do so again. Can anybody recommend which IMAP server to install? Any suggestions on the matter would be greatly appreciated. Thank you! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
lighttpd + fastcgi socket connection error
I've managed to get lighttpd with fastcgi working on FreeBSD 5.3 a couple times, but every time I restart lighttpd, it doesn't work anymore. I get the following message in my error log: 2005-05-06 23:55:05: (mod_fastcgi.c.1466) connect failed: 8 Connection refused 61 0 /tmp/rails.socket-3 I've never been able to figure out what causes that problem. And it really frustrates me that sometimes it'll run fine, but usually not. Can anyone tell me how to make it work, and explain to me what's going on so I know how to do things right in the future? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: lighttpd + fastcgi socket connection error
Also, I occasionally get a 500 Internal Server Error, with the following in the logs: 2005-05-07 00:32:01: (mod_fastcgi.c.1921) unexpected end-of-file (perhaps the fastcgi process died): pid: 6342 fcgi-fd: 8 remote-fd: 6 2005-05-07 00:32:01: (mod_fastcgi.c.2743) child exited, pid: 6342 status: 0 2005-05-07 00:32:01: (mod_fastcgi.c.2782) response not sent, request sent: 960 connection-fd: 6 fcgi-fd: 8 On 5/7/05, Pat Maddox [EMAIL PROTECTED] wrote: I've managed to get lighttpd with fastcgi working on FreeBSD 5.3 a couple times, but every time I restart lighttpd, it doesn't work anymore. I get the following message in my error log: 2005-05-06 23:55:05: (mod_fastcgi.c.1466) connect failed: 8 Connection refused 61 0 /tmp/rails.socket-3 I've never been able to figure out what causes that problem. And it really frustrates me that sometimes it'll run fine, but usually not. Can anyone tell me how to make it work, and explain to me what's going on so I know how to do things right in the future? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: make installworld (remotely)
http://layer0.layeredtech.com/showthread.php?t=2 Walks you through upgrading remotely. On 5/3/05, Lauri Anteploon / ctrl-L [EMAIL PROTECTED] wrote: Hi. Im running FreeBSD 5.3-Release #0 and would like to do buildworld and buildkernel. The problem is that the machine is a remote one. Handbook states that to run mergemaster and make installworld I should boot into single user mode. That would mean that I can't access the machine remotely anymore am I correct? Would it be okey to run make installworld when running in multiuser mode and being the only person whos logged on and maby shutting down most of the network services (leaving my sshd running though) ? Lauri Anteploon HYPERLINK mailto:[EMAIL PROTECTED][EMAIL PROTECTED] 5056999 HYPERLINK http://www.bitifarm.ee/; -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.11.2 - Release Date: 2.05.2005 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: make installworld (remotely)
Huh? How about the many many production machines located at remote datacenters? How do people upgrade those? I've personally done hundreds of remote upgrades without ever rendering a machine unrecoverable. In fact, the only problems I've run into are with a noexec /tmp, but that's easily fixable when doing an upgrade. On 5/3/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Doing a remote buildworld is just too dangerous for an production box and expensive in backups because you have all the source files to deal with. The more popular method of updating a remote system is to have an local development box that has same components and do a fresh install to a empty ata hard drive and them ship new HD to remote site and swap for old one. If needed, you recover by swapping old one back in. Or another popular way is after populating new HD, build an bootable system on a cdrom then ship cdrom to remote site and swap that. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Lauri Anteploon / ctrl-L Sent: Tuesday, May 03, 2005 5:30 PM To: freebsd-questions@freebsd.org Subject: make installworld (remotely) Hi. Im running FreeBSD 5.3-Release #0 and would like to do buildworld and buildkernel. The problem is that the machine is a remote one. Handbook states that to run mergemaster and make installworld I should boot into single user mode. That would mean that I can't access the machine remotely anymore am I correct? Would it be okey to run make installworld when running in multiuser mode and being the only person whos logged on and maby shutting down most of the network services (leaving my sshd running though) ? Lauri Anteploon HYPERLINK mailto:[EMAIL PROTECTED][EMAIL PROTECTED] 5056999 HYPERLINK http://www.bitifarm.ee/; -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.11.2 - Release Date: 2.05.2005 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FastCGI on FreeBSD 5.3
I've read that FastCGI 0.8.5 has a memory leak, which is fixed in 0.8.6. However, 0.8.6 isn't in ports yet, so I can't just upgrade. Someone mentioned a way to patch it to fix the leak, but I haven't been able to find any patch info for FreeBSD. Anyone know how I can patch/upgrade on FreeBSD 5.3? Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Installing portupgrade without X.org
The only thing that matters is that WITHOUT_X11 is defined. The value itself doesn't matter. On Apr 9, 2005 2:37 PM, Sergei Gnezdov [EMAIL PROTECTED] wrote: On 2005-04-09, Lewis Thompson [EMAIL PROTECTED] wrote: On Sat, Apr 09, 2005 at 12:26:48PM +0100, Paul Waring wrote: I'm currently trying to get portupgrade onto my new FreeBSD system by running make install clean from /usr/ports/sysutils/portupgrade (after doing a recent cvsup). Everything seems to go along fine, it starts fetching all the packages it requires and then suddenly I see a download for X.org. It is not portupgrade that needs X but a dependent port. Which specific port? In general just with WITHOUT_X11=1 to /etc/make.conf. I think it is WITHOUT_X11=YES Does it make any difference? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Build kernel vs build world
You're right, building the world is building all the base binaries. It should be done while you're building the kernel: # make buildworld # make buildkernel kernconf=CONF # make installkernel kernconf=CONF # make installworld # mergemaster Here's a good guide on everything you need to do to update your machine: http://layer0.layeredtech.com/showthread.php?t=2 On Apr 8, 2005 10:00 AM, Joshua Lewis [EMAIL PROTECTED] wrote: Is there a difference between building a world and building a kernel? Common sence is telling me building world rebuilds all the execuables and config files or something a little more intense then just the kernel. However I have not been able to find any instructions on how to build world not even in the handbook. I found building a kernel and was able to do that with no problems. But I would like to update my system with any security updates that have occured since 5.3 has come out. Thanks for any tips. Thank you, Joshua Lewis ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Build kernel vs build world
Are you sure you've never installed world? You generally have problems when the kernel and world are out of synch, and I've heard that mixing a 5.4/5.3 kernel and world causes real havoc. In any case, yeah, you should just cvsup, build the kernel and world. Pat On Apr 8, 2005 10:25 AM, Joshua Lewis [EMAIL PROTECTED] wrote: I was getting ready to build world and I noticed (to my utmost suprise) that my system is running 5.4-PRERELEASE. I must have had the wrong tag in my supfile and downloaded the src for 5.4. So I am already running 5.4 I guess I will upgrade totaly. Are there any gotcha's I should now about. At this point I think I am running 5.4 kernel with 5.3 binaries. So should I just to a CVSup with the 5.4 tag and then use the instructions below from Pat? Thank you, Joshua Lewis Pat Maddox You're right, building the world is building all the base binaries. It should be done while you're building the kernel: # make buildworld # make buildkernel kernconf=CONF # make installkernel kernconf=CONF # make installworld # mergemaster Here's a good guide on everything you need to do to update your machine: http://layer0.layeredtech.com/showthread.php?t=2 On Apr 8, 2005 10:00 AM, Joshua Lewis [EMAIL PROTECTED] wrote: Is there a difference between building a world and building a kernel? Common sence is telling me building world rebuilds all the execuables and config files or something a little more intense then just the kernel. However I have not been able to find any instructions on how to build world not even in the handbook. I found building a kernel and was able to do that with no problems. But I would like to update my system with any security updates that have occured since 5.3 has come out. Thanks for any tips. Thank you, Joshua Lewis ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Can't control PostgreSQL with RC scripts
I installed PostgreSQL 8.0.1 from ports, and now I'd like to control it with the RC scripts. I wasn't able to run initdb with the scripts, I had to do that manually with the regular initdb command. Now I've got the db dir as /usr/local/pgsql/data, which is what it looks like pgsql expects, but the scripts still won't start it or stop it. They don't produce any output either. Any ideas on what to do? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Maintaining a Minimal Installation for a Small HDD
Yep, that's pretty much right. Use one of the systems to build everything as packages, and then install all those packages onto your other machines. You'll still need to compile the kernel and source on each individual machine. On Apr 6, 2005 4:18 PM, Iain Dooley [EMAIL PROTECTED] wrote: hi lowell, The recommended path is to do a binary upgrade. 5.4 will be out in a few weeks, and release candidate builds are available now. to what extent does building the sources on my machine affect the resulting binaries? to be more specific: i read the freebsd handbook section on maintaining multiple systems from one 'build machine'. if i were to allocate one of the machines on my network to build sources into binaries, say my HP PII, would those binaries be appropriate to install on my thinkpad? my understanding is that i could take a subset of those binaries and install them on my laptop, and then build the kernel from the thinkpad and this would work (assuming i got all the binaries right). is that correct? cheers iain _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Permission denied in make installworld
I'm upgrading to 5.3-p7, and the buildworld, buildkernel, and installkernel all went fine. Now when I try installworld, I get this error: lalas# make installworld mkdir -p /tmp/install.Zzqwwvov for prog in [ awk cap_mkdb cat chflags chmod chown date echo egrep find grep ln make mkdir mtree mv pwd_mkdb rm sed sh sysctl test true uname wc zic; do cp `which $prog` /tmp/install.Zzqwwvov; done cd /usr/src; MAKEOBJDIRPREFIX=/usr/obj MACHINE_ARCH=i386 MACHINE=i386 CPUTYPE= GROFF_BIN_PATH=/usr/obj/usr/src/i386/legacy/usr/bin GROFF_FONT_PATH=/usr/obj/usr/src/i386/legacy/usr/share/groff_font GROFF_TMAC_PATH=/usr/obj/usr/src/i386/legacy/usr/share/tmac PATH=/usr/obj/usr/src/i386/legacy/usr/sbin:/usr/obj/usr/src/i386/legacy/usr/bin:/usr/obj/usr/src/i386/legacy/usr/games:/usr/obj/usr/src/i386/usr/sbin:/usr/obj/usr/src/i386/usr/bin:/usr/obj/usr/src/i386/usr/games:/tmp/install.Zzqwwvov make -f Makefile.inc1 reinstall make: Permission denied *** Error code 126 Stop in /usr/src. *** Error code 1 Stop in /usr/src. That error shows up on two different machines I use, using the same upgrade procedure. Any ideas on what to do? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Permission denied in make installworld
Btw, I had already googled and saw that I needed to umount /tmp. I just kept getting Device Busy errors when I tried. After a while I was able to. Kinda freaked out, cause I've been told that if you don't do it quickly, then it really screws up your machine. Is that true? On Apr 5, 2005 12:03 AM, Pat Maddox [EMAIL PROTECTED] wrote: I'm upgrading to 5.3-p7, and the buildworld, buildkernel, and installkernel all went fine. Now when I try installworld, I get this error: lalas# make installworld mkdir -p /tmp/install.Zzqwwvov for prog in [ awk cap_mkdb cat chflags chmod chown date echo egrep find grep ln make mkdir mtree mv pwd_mkdb rm sed sh sysctl test true uname wc zic; do cp `which $prog` /tmp/install.Zzqwwvov; done cd /usr/src; MAKEOBJDIRPREFIX=/usr/obj MACHINE_ARCH=i386 MACHINE=i386 CPUTYPE= GROFF_BIN_PATH=/usr/obj/usr/src/i386/legacy/usr/bin GROFF_FONT_PATH=/usr/obj/usr/src/i386/legacy/usr/share/groff_font GROFF_TMAC_PATH=/usr/obj/usr/src/i386/legacy/usr/share/tmac PATH=/usr/obj/usr/src/i386/legacy/usr/sbin:/usr/obj/usr/src/i386/legacy/usr/bin:/usr/obj/usr/src/i386/legacy/usr/games:/usr/obj/usr/src/i386/usr/sbin:/usr/obj/usr/src/i386/usr/bin:/usr/obj/usr/src/i386/usr/games:/tmp/install.Zzqwwvov make -f Makefile.inc1 reinstall make: Permission denied *** Error code 126 Stop in /usr/src. *** Error code 1 Stop in /usr/src. That error shows up on two different machines I use, using the same upgrade procedure. Any ideas on what to do? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
arplookup failed
I've got a system running 5.3-p6, and am getting this error every 20 minutes or so: kernel: arplookup 69.61.54.33 failed: host is not on local network I get that the host isn't on the network, but I don't have any idea where the message is coming from. It's in /var/log/messages, shows up about every 20 minutes. Any ideas? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: arplookup failed
Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default69.61.54.161 UGS 0 838rl0 69.61.54.160/29link#1 UC 00rl0 69.61.54.161 00:02:85:0d:7c:80 UHLW10rl0156 127.0.0.1 127.0.0.1 UH 00lo0 Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UH lo0 fe80::%rl0/64 link#1UC rl0 fe80::20c:6eff:fe44:4391%rl0 00:0c:6e:44:43:91 UHL lo0 fe80::%lo0/64 fe80::1%lo0 U lo0 fe80::1%lo0 link#2UHL lo0 ff01::/32 ::1 U lo0 ff02::%rl0/32 link#1UC rl0 ff02::%lo0/32 ::1 UC lo0 On Apr 4, 2005 5:48 AM, Andrew P. [EMAIL PROTECTED] wrote: Pat Maddox wrote: I've got a system running 5.3-p6, and am getting this error every 20 minutes or so: kernel: arplookup 69.61.54.33 failed: host is not on local network I get that the host isn't on the network, but I don't have any idea where the message is coming from. It's in /var/log/messages, shows up about every 20 minutes. Any ideas? Maybe a direct route to that host is specified in your routing table. Provide the output of `netstat -rn` please. Best wishes, Andrew P. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Which mail server is the best for me?
I think it'd be worth it to check out postfix. sendmail is insecure, and qmail is just too much of a pain in the ass to get working. postfix can take a bit of time, but it runs well once you've got it working. The only thing I've found is that whenever I upgrade ports, it breaks. It's actually something things it depends on (authlibmysql, authdaemon) that break, because certain config files get overwritten. Never figured that out, and it always causes me a headache when I upgrade. On Apr 2, 2005 2:09 AM, Kiffin Gish [EMAIL PROTECTED] wrote: I would like to setup a mail server but am a little confused about whether to use sendmail, qmail, postfix or whatever. Basically my web server is a simple one to be used for personal use with maybe no more than a 10-20 mail accounts. What are the advantages and/or disadvantages of each choice, and where can I find more information comparing them? -- Kiffin Rex Gish Gouda, The Netherlands ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Which mail server is the best for me?
My main complaint with qmail is that it's not very standard. The core of qmail hasn't been updated in a couple years (I think that's right, correct me if I'm wrong), so in order to update it or add functionality, you have to apply a bunch of patches from a bunch of sources. I like the fact that postfix is all centralized. On Apr 2, 2005 3:01 AM, Orb [EMAIL PROTECTED] wrote: On Sat, 2005-04-02 at 02:57 -0700, Pat Maddox wrote: I think it'd be worth it to check out postfix. sendmail is insecure, and qmail is just too much of a pain in the ass to get working. postfix can take a bit of time, but it runs well once you've got it working. The only thing I've found is that whenever I upgrade ports, it breaks. It's actually something things it depends on (authlibmysql, authdaemon) that break, because certain config files get overwritten. Never figured that out, and it always causes me a headache when I upgrade. On Apr 2, 2005 2:09 AM, Kiffin Gish [EMAIL PROTECTED] wrote: I would like to setup a mail server but am a little confused about whether to use sendmail, qmail, postfix or whatever. Basically my web server is a simple one to be used for personal use with maybe no more than a 10-20 mail accounts. What are the advantages and/or disadvantages of each choice, and where can I find more information comparing them? -- Kiffin Rex Gish Gouda, The Netherlands Hey, All i can say is http://www.qmailrocks.org it has very simple guide for freebsd and linux distro's. its very easy to follow and there is a very helpful mailing list if you get stuck... So for my vote its Qmail :) See ya. Grant. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problem with PF
I found it out, just didn't have pf.ko loaded up. On Mar 31, 2005 11:50 PM, Peter N. M. Hansteen [EMAIL PROTECTED] wrote: Pat Maddox [EMAIL PROTECTED] writes: FreeBSD 5.3-RELEASE-p5. I'm not sure how to check the pf version. One possible source of trouble is running pf from ports on 5.3-release or newer. That could happen if you were running, say, 5.2.something with the port, upgraded your system to 5.3 but left the port in place. I just started getting this error a couple days ago, and I've got absolutely no clue why. I don't recall making any significant changes to the box. That probably takes care of the incompatible port theory, then. Strange. The error message looks like the network interface has not been properly configured. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ First, we kill all the spammers The Usenet Bard, Twice-forwarded tales ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problem with PF
FreeBSD 5.3-RELEASE-p5. I'm not sure how to check the pf version.
I just started getting this error a couple days ago, and I've got
absolutely no clue why. I don't recall making any significant changes
to the box. Anyway, here's pf.conf:
# --- pf.conf skeleton for server
#
# --- MACRO Section -
EXT_IF=fxp0
PING = echoreq
# --- allowed incoming services initiated by clients
TCP_IN = { ssh, smtp, ftp, imap, http, 5001, 5002, 5003, 5004, 5005 }
UDP_IN = { domain }
# --- allowed services initiated by server
TCP_OUT = { ssh, smtp, ftp, http, ntp, 5999 }
UDP_OUT = { domain, ntp }
# -- TABLE Section --
# -- OPTIONS Section
set loginterface $EXT_IF
# - TRAFFIC NORMALIZATION
scrub in all
# -- TRANSLATION Section (NAT/RDR)
# -- FILTER section
# --- DEFAULT POLICY
block log all
# --- LOOPBACK
pass quick on lo0 all
# === INCOMING
# --- EXTERNAL INTERFACE
# --- TCP
pass in quick on $EXT_IF inet proto tcp from any to $EXT_IF port
$TCP_IN flags S/SA keep state
# --- UDP
pass in quick on $EXT_IF inet proto udp from any to $EXT_IF port
$UDP_IN keep state
# --- ICMP
pass in quick on $EXT_IF inet proto icmp from any to $EXT_IF icmp-type
$PING keep state
# === OUTGOING
# --- EXTERNAL INTERFACE
# --- TCP
pass out quick on $EXT_IF inet proto tcp from $EXT_IF to any port
$TCP_OUT flags S/SA keep state
# --- UDP
pass out quick on $EXT_IF inet proto udp from $EXT_IF to any port
$UDP_OUT keep state
# --- ICMP
pass out quick on $EXT_IF inet proto icmp from $EXT_IF to any
icmp-type $PING keep state
# - end of pf.conf
On Thu, 31 Mar 2005 12:31:13 +0200, Peter N. M. Hansteen
[EMAIL PROTECTED] wrote:
Pat Maddox [EMAIL PROTECTED] writes:
I'm trying to set up PF on a server, and when I run pfctl -nf
/etc/pf.conf, I get the following error:
pfctl: ifa_load: pfi_get_ifaces: Bad file descriptor
More info is required.
Which FreeBSD and PF versions (not all permutations of pf and FreeBSD
will work, see the handbook), pf relevant rc.conf lines, your pf.conf,
ifconfig output
Google doesn't come up with anything, I've got no clue what that is. Any
help?
Check your ruleset for obvious errors, such as trying to address a
non-existent interface. Then again, this is guesswork based on very
little information.
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
First, we kill all the spammers The Usenet Bard, Twice-forwarded tales
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problem with PF
Sorry, I grabbed pf.conf from the wrong machine. I basically just
copied the previous one, made the couple changes I needed. The real
difference is that there's no UDP in, and not as many TCP ins are
allowed:
# --- pf.conf skeleton for server
#
# --- MACRO Section -
EXT_IF=rl0
PING = echoreq
# --- allowed incoming services initiated by clients
TCP_IN = { ssh }
#UDP_IN = { }
# --- allowed services initiated by server
TCP_OUT = { ssh, ftp, http, ntp, 5999 }
UDP_OUT = { domain, ntp }
# -- TABLE Section --
# -- OPTIONS Section
set loginterface $EXT_IF
# - TRAFFIC NORMALIZATION
scrub in all
# -- TRANSLATION Section (NAT/RDR)
# -- FILTER section
# --- DEFAULT POLICY
block log all
# --- LOOPBACK
pass quick on lo0 all
# === INCOMING
# --- EXTERNAL INTERFACE
# --- TCP
pass in quick on $EXT_IF inet proto tcp from any to $EXT_IF port
$TCP_IN flags S/SA keep state
# --- UDP
#pass in quick on $EXT_IF inet proto udp from any to $EXT_IF port
$UDP_IN keep state
# --- ICMP
pass in quick on $EXT_IF inet proto icmp from any to $EXT_IF icmp-type
$PING keep state
# === OUTGOING
# --- EXTERNAL INTERFACE
# --- TCP
pass out quick on $EXT_IF inet proto tcp from $EXT_IF to any port
$TCP_OUT flags S/SA keep state
# --- UDP
pass out quick on $EXT_IF inet proto udp from $EXT_IF to any port
$UDP_OUT keep state
# --- ICMP
pass out quick on $EXT_IF inet proto icmp from $EXT_IF to any
icmp-type $PING keep state
# - end of pf.conf
On Thu, 31 Mar 2005 10:30:53 -0700, Pat Maddox [EMAIL PROTECTED] wrote:
FreeBSD 5.3-RELEASE-p5. I'm not sure how to check the pf version.
I just started getting this error a couple days ago, and I've got
absolutely no clue why. I don't recall making any significant changes
to the box. Anyway, here's pf.conf:
# --- pf.conf skeleton for server
#
# --- MACRO Section -
EXT_IF=fxp0
PING = echoreq
# --- allowed incoming services initiated by clients
TCP_IN = { ssh, smtp, ftp, imap, http, 5001, 5002, 5003, 5004, 5005 }
UDP_IN = { domain }
# --- allowed services initiated by server
TCP_OUT = { ssh, smtp, ftp, http, ntp, 5999 }
UDP_OUT = { domain, ntp }
# -- TABLE Section --
# -- OPTIONS Section
set loginterface $EXT_IF
# - TRAFFIC NORMALIZATION
scrub in all
# -- TRANSLATION Section (NAT/RDR)
# -- FILTER section
# --- DEFAULT POLICY
block log all
# --- LOOPBACK
pass quick on lo0 all
# === INCOMING
# --- EXTERNAL INTERFACE
# --- TCP
pass in quick on $EXT_IF inet proto tcp from any to $EXT_IF port
$TCP_IN flags S/SA keep state
# --- UDP
pass in quick on $EXT_IF inet proto udp from any to $EXT_IF port
$UDP_IN keep state
# --- ICMP
pass in quick on $EXT_IF inet proto icmp from any to $EXT_IF icmp-type
$PING keep state
# === OUTGOING
# --- EXTERNAL INTERFACE
# --- TCP
pass out quick on $EXT_IF inet proto tcp from $EXT_IF to any port
$TCP_OUT flags S/SA keep state
# --- UDP
pass out quick on $EXT_IF inet proto udp from $EXT_IF to any port
$UDP_OUT keep state
# --- ICMP
pass out quick on $EXT_IF inet proto icmp from $EXT_IF to any
icmp-type $PING keep state
# - end of pf.conf
On Thu, 31 Mar 2005 12:31:13 +0200, Peter N. M. Hansteen
[EMAIL PROTECTED] wrote:
Pat Maddox [EMAIL PROTECTED] writes:
I'm trying to set up PF on a server, and when I run pfctl -nf
/etc/pf.conf, I get the following error:
pfctl: ifa_load: pfi_get_ifaces: Bad file descriptor
More info is required.
Which FreeBSD and PF versions (not all permutations of pf and FreeBSD
will work, see the handbook), pf relevant rc.conf lines, your pf.conf,
ifconfig output
Google doesn't come up with anything, I've got no clue what that is. Any
help?
Check your ruleset for obvious errors, such as trying to address a
non-existent interface. Then again, this is guesswork based on very
little information.
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
First, we kill all the spammers The Usenet Bard, Twice-forwarded tales
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
How to find needed modules for rebuilding kernel
In rebuilding a kernel, how do you know exactly what modules you need? The Handbook is a good start, and a lot of them are obvious (i.e. if I have no SCSI disks, disable all SCSI modules). Others aren't so easy, particularly serial devices, and the pseudo devices. How can I find out exactly what I need to enable, so I can make the kernel as tight as possible? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to find needed modules for rebuilding kernel
Thanks for the info. My terminology is off...apparently what I really meant is I'm wondering what drivers I need to compile into the kernel. I've done what you've suggested - removed SCSI support, all of the NIC drivers besides the one I need, etc. I'm just wondering how I can find out EXACTLY what I need in there, so I can have as little as possible. It's a server, so it has a pretty narrow purpose, and I'd like to keep the kernel as small and fast as I can. On Fri, 1 Apr 2005 00:31:36 +0200, Danny Pansters [EMAIL PROTECTED] wrote: On Thursday 31 March 2005 19:43, Pat Maddox wrote: In rebuilding a kernel, how do you know exactly what modules you need? The Handbook is a good start, and a lot of them are obvious (i.e. if I have no SCSI disks, disable all SCSI modules). Others aren't so easy, particularly serial devices, and the pseudo devices. How can I find out exactly what I need to enable, so I can make the kernel as tight as possible? Modules are not your concern, they get built anyway (or mostly .. not sure but probably not each and every possible module gets built). The idea is that if you for example need support for a new soundcard, you can just load the module (loader.conf) without needing to recompile the kernel. On an IDE/ATA system I generally turn down the scsi delay (I always do) and remove: - all scsi raid cards and support - all ethernet cards, both pci/isa and usb except the one(s) I have (most can be loaded as a module also); beware whether it needs mii too - from the pseudo devices ppp/tun/slip as I'm connected via ethernet (cable) sometimes I disable ipv6 and gif/faith, sometimes I don't - all CPUs except the one you actually have (performance!) I also remove most scsi support but beware that cdrecord (atapicam) requires the basic scsi devices, as does umass (camera's, cf fards, usb scanners, ..). Generally unless you need to _add_ something to your kernel you don't really need to stray from GENERIC at all. If you want to have a kernel at least tuned for your CPU and without a lot of stuff you don't have anyway, do the above). But depending on the purpose of the box you can strip out quite a lot. Check NOTES, both in /usr/src/sys/conf and /usr/src/sys/yourarch/conf. (on FreeBSD4 that is LINT). Also most if not all drivers and devices have manual pages and from the synopsis you can see which other devices or options come with them. HTH, Dan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Problem with PF
I'm trying to set up PF on a server, and when I run pfctl -nf /etc/pf.conf, I get the following error: pfctl: ifa_load: pfi_get_ifaces: Bad file descriptor Google doesn't come up with anything, I've got no clue what that is. Any help? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
cvsup, portupgrade, installing ports, and firewalls
I've got the pf firewall installed, and every time I run cvsup, portupgrade or try to install ports, I have to disable it. What outgoing and incoming ports do I need to allow in order to run these without disabling the firewall? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Using portupgrade
What are some considerations to make before upgrading the ports? Does upgrading them overwrite the existing config files? I've got a number of ports that aren't up-to-date, but this is running on a server, so I don't want to muck up the software and configs that are currently running. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Moving a directory hierarchy - best practice?
What's wrong with a %mv /home/user/level1 / %mv /level1 /root On Fri, 4 Mar 2005 22:13:05 +0100, Joachim Dagerot [EMAIL PROTECTED] wrote: Thanks for your suggestion. Unfortunately your commands will not affect the root folder of the hierarchy. I must create a directory in the destination path with the same name of the folder where my data is in. example: /home/user/level1/l2/l3/l4 I would like to move level1 to a new location: mvdir /home/user/level1 /root/ That would be awsome! The best suggestion was from http://badgertronics.com/knowledge/one.adp?parent=25: To move /tmp/blarg to /var: % cd /tmp % tar cvf - blarg | (cd /var; tar xf -) I bet there must be atleast one utils like a binary named mvdir or similar that simply taked two directory names as argument. But I can't find any. How do you guys move around your directory structures from prompt? I have used the following many times, with very good results: # cd /source/path # find . | cpio -p -dmvu /destination/dir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Moving a directory hierarchy - best practice?
Or even in one command... % mv /home/user/level1 /root/ On Fri, 4 Mar 2005 14:29:57 -0700, Pat Maddox [EMAIL PROTECTED] wrote: What's wrong with a %mv /home/user/level1 / %mv /level1 /root On Fri, 4 Mar 2005 22:13:05 +0100, Joachim Dagerot [EMAIL PROTECTED] wrote: Thanks for your suggestion. Unfortunately your commands will not affect the root folder of the hierarchy. I must create a directory in the destination path with the same name of the folder where my data is in. example: /home/user/level1/l2/l3/l4 I would like to move level1 to a new location: mvdir /home/user/level1 /root/ That would be awsome! The best suggestion was from http://badgertronics.com/knowledge/one.adp?parent=25: To move /tmp/blarg to /var: % cd /tmp % tar cvf - blarg | (cd /var; tar xf -) I bet there must be atleast one utils like a binary named mvdir or similar that simply taked two directory names as argument. But I can't find any. How do you guys move around your directory structures from prompt? I have used the following many times, with very good results: # cd /source/path # find . | cpio -p -dmvu /destination/dir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Running vsftpd standalone vs inetd
Is it better to run vsftpd standalone or using inetd? A friend of mine told me that it's more secure to do it standalone, and apparently that's the recommended method now. If that's the case, how do I go about getting vsftpd to run when the machine boots up? It doesn't look like there's a vsftpd_enable that I can use, like I can with other services. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ICMP in Java
I'm writing an app that needs to send out ICMP packets. ICMP isn't supported in Java until 1.5, and it looks like 1.5 is alpha and shouldn't be used for production. Is that correct? From what I've read, I'll need to use a JNI implementation. Does anybody know of any preexisting ones for FreeBSD 5.3? Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Documentation Error?
I don't know what the difference is between passing inet and alias, but all my configs have inet, and it works fine. On Mon, 28 Feb 2005 15:07:26 -0500, Jason D. Montgomery [EMAIL PROTECTED] wrote: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-v irtual-hosts.html states that adding a virtual address is done in rc.conf like this: ifconfig_fxp0=inet 10.1.1.1 netmask 255.255.255.0 ifconfig_fxp0_alias0=inet 10.1.1.2 netmask 255.255.255.255 Shouldn't it be this instead? ifconfig_fxp0=inet 10.1.1.1 netmask 255.255.255.0 ifconfig_fxp0_alias0=alias 10.1.1.2 netmask 255.255.255.255 (keyword passed to ifconfig is alias instead of inet) later, jason -=-=-=-=-=-=-=-=-=-=- jason d. montgomery ATGi -=-=-=-=-=-=-=-=-=-=- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Received mail timestamp is off by 7 hours
It doesn't only happen when I receive mail from my gmail account - it's with all email that passes through this server. On Sun, 27 Feb 2005 17:54:56 +1000, Timothy Smith [EMAIL PROTECTED] wrote: check your gmail account it's set to the wrong time zone or something. if date gives the correct time then thats what your server is using. Pat Maddox wrote: I forgot to give a bit of info. My local machine has the correct time of 10:05PM, and the server has the correct time of 11:05PM. If I send an email from a mail account on the server to gmail, it has the correct time. If I send an email from gmail back to the server, that's when it has the weird time offset. On Sat, 26 Feb 2005 21:00:49 -0800, Kent Stewart [EMAIL PROTECTED] wrote: On Saturday 26 February 2005 08:38 pm, Pat Maddox wrote: I've been having a weird problem lately...when I download an email from my mailserver, the time is off by 7 hours. For example, if I receive an email at 9:30pm, it lists the time as 2:30pm in my mail client. I've determined that it's just a problem on received messages, because if I use my client with a different mail server, the time is fine, and if I send mail to another server, the time is fine. It's annoying to me because messages will show up somewhere in the middle of my 300+ message inbox, and users have been complaining about it. What's going on, and how do I fix it? I'm using postfix and courier-imap. For starters, it looks like you are running PDT. You have a -0700 offset and it should be -800. It could be on gmail.com but you can test your end :). So, I don't have any idea other than type date and see if you have the right date and timezone. Kent -- Kent Stewart Richland, WA http://users.owt.com/kstewart/index.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Rebooting removes libauthmysql.so
Whenever I reboot my machine, libauthmysql.so gets deleted, so I can't use courier-imap anymore. I can't figure out why it's doing it, and it's bugging the hell out of me. Anyone familiar with this? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Received mail timestamp is off by 7 hours
I've included the headers of messages from both Gmail and Hotmail, to show that it's not on Gmail's end. Also, here's the output from date: %date Sun Feb 27 02:42:21 CET 2005 They should show up in my inbox as being received at 1:40am or so, but they show up as 6:40pm instead. From Gmail: Return-Path: [EMAIL PROTECTED] X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.198]) by cantona.dnswatchdog.com (Postfix) with ESMTP id 3161733C1B for [EMAIL PROTECTED]; Sun, 27 Feb 2005 02:38:52 +0100 (CET) Received: by wproxy.gmail.com with SMTP id 67so1650347wri for [EMAIL PROTECTED]; Sun, 27 Feb 2005 00:37:53 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=hjLLSBpqixF9ZtT/yR/J0KR8cULmdWnOLmaYIsYKg99SQKXa7dEdESLtnPeg2N+mOL9Pf9PWdu6tQMDHpg97lKTqEJuoBNNeYb6oqh55yJglvxbCSHCKf+pJ6uKBdDlBXbK70uk9AKXugjD2VXjpYJN9jXploX3xgtWtU06wgVE= Received: by 10.54.57.1 with SMTP id f1mr19787wra; Sun, 27 Feb 2005 00:37:53 -0800 (PST) Received: by 10.54.42.28 with HTTP; Sun, 27 Feb 2005 00:37:53 -0800 (PST) Message-ID: [EMAIL PROTECTED] Date: Sun, 27 Feb 2005 01:37:53 -0700 From: Pat Maddox [EMAIL PROTECTED] Reply-To: Pat Maddox [EMAIL PROTECTED] To: Pat Maddox [EMAIL PROTECTED] Subject: test Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit From Hotmail: Return-Path: [EMAIL PROTECTED] X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from hotmail.com (bay103-f18.bay103.hotmail.com [65.54.174.28]) by cantona.dnswatchdog.com (Postfix) with ESMTP id A660C33C1B for [EMAIL PROTECTED]; Sun, 27 Feb 2005 02:39:59 +0100 (CET) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sun, 27 Feb 2005 00:39:00 -0800 Message-ID: [EMAIL PROTECTED] Received: from 65.54.174.205 by by103fd.bay103.hotmail.msn.com with HTTP; Sun, 27 Feb 2005 08:38:25 GMT X-Originating-IP: [65.54.174.205] X-Originating-Email: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] From: Patrick Maddox [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: test from hotmail Date: Sun, 27 Feb 2005 08:38:25 + Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-OriginalArrivalTime: 27 Feb 2005 08:39:00.0233 (UTC) FILETIME=[C8B4B790:01C51CA7] On Sun, 27 Feb 2005 09:34:17 +0100, Anthony Atkielski [EMAIL PROTECTED] wrote: Pat Maddox writes: I forgot to give a bit of info. My local machine has the correct time of 10:05PM, and the server has the correct time of 11:05PM. If I send an email from a mail account on the server to gmail, it has the correct time. If I send an email from gmail back to the server, that's when it has the weird time offset. Can you post the complete headers of one of the messages that has the incorrect time? -- Anthony ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Received mail timestamp is off by 7 hours
Alright, I got it all working now. Not sure how to change the time zone with config files, so I just used sysinstall to change it to MST (time zone is arbitrary, but since this is the zone I live in, it's convenient for me). Then I used ntpdate to sync it, and it's working well now. Thanks for pointing that out to me. I just thought that CET was central time :) On Sun, 27 Feb 2005 10:36:35 +0100, Anthony Atkielski [EMAIL PROTECTED] wrote: Pat Maddox writes: I've included the headers of messages from both Gmail and Hotmail, to show that it's not on Gmail's end. Also, here's the output from date: %date Sun Feb 27 02:42:21 CET 2005 That can't be right. You sent your message in reply to a message I sent at 9:34 CET. The time on your local machine is incorrect by seven hours. It should be one hour ahead of UTC right now. They should show up in my inbox as being received at 1:40am or so, but they show up as 6:40pm instead. And 1:40 is exactly seven hours later than 18:40. The disparity is visible in the timestamps, too: From Gmail: Return-Path: [EMAIL PROTECTED] X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.198]) by cantona.dnswatchdog.com (Postfix) with ESMTP id 3161733C1B for [EMAIL PROTECTED]; Sun, 27 Feb 2005 02:38:52 +0100 (CET) Notice that the timestamp on your local e-mail server corresponds to 1:38:52 UTC, but the timestamp on Gmail's server ... Received: by wproxy.gmail.com with SMTP id 67so1650347wri for [EMAIL PROTECTED]; Sun, 27 Feb 2005 00:37:53 -0800 (PST) ... corresponds to 8:37:53 UTC, which is correct. The other timestamps for intermediate servers are also correct, but the timestamp generated by your machine on the original message is not ... Date: Sun, 27 Feb 2005 01:37:53 -0700 -0700 corresponds to MST (Mountain Standard Time in the U.S.), not CET (Central European Time). So the solution is to set the time and time _zone_ correctly on your machine. For a UNIX machine, the CMOS real-time clock should be set to UTC (what many people still call GMT), and then your time zone should be set to whatever is appropriate for your location (CET would correspond to most of Europe outside of the UK--here in France we are on CET). Are you by any chance running a dual-boot configuration? Windows expects the CMOS RTC to be set to local time. UNIX expects it to be set to UTC. If you are running only FreeBSD, you can just reset the CMOS to UTC and fix your time zone to match your location. If you are also running a boot of Windows or something like that, you'll have to leave the CMOS clock set to local time, and make appropriate adjustments. Unfortunately, I'm not sure which variables to change in FreeBSD, as I've always just set the time at installation time (when I'm asked if the local clock is UTC and what time zone I'm in). Maybe someone else can explain what needs to change in your FreeBSD configuration to set it to the correct time. In general, setting the time incorrectly on a local client machine in the SMTP protocol will produce seemingly random errors in the time on received messages, depending on the path they follow on their way to you (this is true even for messages you send to yourself). The local machine is almost always the one with the time set incorrectly (incorrect time on mail servers tends to be noticed by users very quickly, especially if more than one time zone is involved). -- Anthony ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Received mail timestamp is off by 7 hours
I've been having a weird problem lately...when I download an email from my mailserver, the time is off by 7 hours. For example, if I receive an email at 9:30pm, it lists the time as 2:30pm in my mail client. I've determined that it's just a problem on received messages, because if I use my client with a different mail server, the time is fine, and if I send mail to another server, the time is fine. It's annoying to me because messages will show up somewhere in the middle of my 300+ message inbox, and users have been complaining about it. What's going on, and how do I fix it? I'm using postfix and courier-imap. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Received mail timestamp is off by 7 hours
I forgot to give a bit of info. My local machine has the correct time of 10:05PM, and the server has the correct time of 11:05PM. If I send an email from a mail account on the server to gmail, it has the correct time. If I send an email from gmail back to the server, that's when it has the weird time offset. On Sat, 26 Feb 2005 21:00:49 -0800, Kent Stewart [EMAIL PROTECTED] wrote: On Saturday 26 February 2005 08:38 pm, Pat Maddox wrote: I've been having a weird problem lately...when I download an email from my mailserver, the time is off by 7 hours. For example, if I receive an email at 9:30pm, it lists the time as 2:30pm in my mail client. I've determined that it's just a problem on received messages, because if I use my client with a different mail server, the time is fine, and if I send mail to another server, the time is fine. It's annoying to me because messages will show up somewhere in the middle of my 300+ message inbox, and users have been complaining about it. What's going on, and how do I fix it? I'm using postfix and courier-imap. For starters, it looks like you are running PDT. You have a -0700 offset and it should be -800. It could be on gmail.com but you can test your end :). So, I don't have any idea other than type date and see if you have the right date and timezone. Kent -- Kent Stewart Richland, WA http://users.owt.com/kstewart/index.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: recommended trouble ticketing system
My favorite one is Kayako eSupport - www.kayako.com Another popular one is Cerberus HelpDesk - www.cerberusweb.com On Wed, 23 Feb 2005 01:16:15 -0800 (PST), Mark Jayson Alvarez [EMAIL PROTECTED] wrote: Hi, I'm looking for a software that we can use for trouble ticketing system. We are using Open Ticket Request System(OTRS) before but my superiors, told me that I can search for another better software for this purpose. Can you suggest me some of the trouble ticketing systems you have used before aside from OTRS and if there's any problem you have encountered using it or its advantages over OTRS. I did a quick search on google and freebsd ports and found Request Tracker(RT), also Trouble Ticket System from Freshmeat, and lastly WebTTS, but I'm having a hard time deciding which one to use. Suggestions are very much welcome. Thanks! __ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Good rentable servers?
I rent a server from www.layeredtech.com They've been great so far. I'm not sure what exactly you need - it's obviously different if you're hosting a couple sites versus just having a machine to play with. The cheapest server they've got is $65/mo, though you might be able to talk em down a couple more bucks. You could also try getting a VPS from a place like servint, and have them install FreeBSD for you. Check out www.webhostingtalk.comYou can ask some questions there and get great responses as to your various options. On Mon, 21 Feb 2005 10:12:21 +0100, Uwe Doering [EMAIL PROTECTED] wrote: bsdnooby wrote: Instead of getting a fixed IP address at my house, and having a noisy machine running all the time - I think I might want to try renting a dedicated FreeBSD server. It would be used for running Apache, phpBB, email, listserv, and a few other services. I found several places that have dedicated FreeBSD machines to rent, their prices seems to all be $99 a month. Is there a cheaper or better option? Maybe a virtualized server or a jail? There are indeed less expensive solutions available. For instance, you may want to take a look at my signature below. ;-) Uwe -- Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers [EMAIL PROTECTED] | http://www.escapebox.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring PF
On Sun, 20 Feb 2005 06:23:39 -0800, Loren M. Lang [EMAIL PROTECTED] wrote: On Mon, Feb 14, 2005 at 09:32:25PM -0700, Pat Maddox wrote: I want to install a firewall on my system. First of all, is PF the one I should be using? It seems to get the most recommendations. I don't actually seem to have any problems configuring it - I just have some problems testing the configuration. I can ssh to the box, and I can access port 80...but I'd like to be able to just scan it to quickly see what's up. When PF is disabled, I can nmap it in about 9 seconds. When I turn it on, it takes over 3 minutes to do. These machines are on the same network, so the connection is obviously fast. This is a good thing, IMHO. Think about all those script kiddies sitting out there looking for a nice, juicy server to compromise. If it takes them 3 minutes to port scan your machine, they'll probably cancel it before it's finished and move on. That makes sense to me. I'd still like to be able to scan it the first time around to make sure everything's working, then I can just set it to drop packets, so it takes longer. I'd still like to find a good example config file that works well for a web server. I believe what's happening is that all ports that aren't open are configured to drop packets instead of reject them like is default. Reject means send back an error message saying port is closed where dropping just ignores it. The port scanner sends out a request and waits for a response, either Hello, or Sorry, I'm closed. It will wait quite a while before it decides that nothings there. Are there any good, pretty simple guides on setting up PF? I'm having a tough time understanding what the rulesets all mean. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- I sense much NT in you. NT leads to Bluescreen. Bluescreen leads to downtime. Downtime leads to suffering. NT is the path to the darkside. Powerful Unix is. Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc Fingerprint: B3B9 D669 69C9 09EC 1BCD 835A FAF3 7A46 E4A3 280C ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring PF
Can you guys let me know if this looks like a good conf file? I've
got web, mail, ftp, ssh, and DNS that I need to have open.
# Macros
ext_if=fxp0
SYN_ONLY=S/FSRA
tcp_services = { 21, 22, 25, 53, 80, 143 }
icmp_types = echoreq
# Default deny
block all
## Filtering rules
# Default TCP policy
block return-rst in log on $ext_if proto TCP all
pass in log quick on $ext_if proto TCP from any to $ext_if port
$tcp_services flags $SYN_ONLY keep state
# Default UDP policy
block in log on $ext_if proto udp all
pass in log quick on $ext_if proto UDP from any to $ext_if port 53 keep state
# Default ICMP policy
block in log on $ext_if proto icmp all
pass in inet proto icmp all icmp-type echoreq keep state
block out log on $ext_if all
pass out log quick on $ext_if from $ext_if to any keep state
# Allow the local interface to talk unrestricted
pass in quick on lo0 all
pass out quick on lo0 all
On Fri, 18 Feb 2005 03:17:30 +0100, J65nko BSD [EMAIL PROTECTED] wrote:
On Wed, 16 Feb 2005 19:18:17 -0700, Pat Maddox [EMAIL PROTECTED] wrote:
I've managed to come up with something that works so far. I am having
two problems though.
The first is that I can't authenticate for IMAP anymore. No clue why,
it just keeps rejecting my password. maillog shows imapd: LOGIN
FAILED, that's it.
Also, after enabling pf, all my UDP ports show as open. I've got a ruleset
of
block in log on $ext_if proto udp all
So all UDP ports should be shown as closed. Doesn't really make any
sense to me. Anyone care to help?
Thanks for the help so far.
Pat
Start with a default policy to block and log all traffic
# --- default policy
block log from any to any
Now you only have to open ports to let traffic in. If you don't know
which port to open for a certain protocol, you can run tcpdump -eni
pfl0g. tcpdump will show which rule blocked, and on which port
address combination.
=Adriaan=
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: installing java on a box?
Hi Ken, The best thing I saw on installing Java is below. It worked flawlessly. http://www.brettsbsd.net/~estrabd/blog/index.php?/archives/21_Java_1.4_on_FreeBSD_4.10_in_8_steps.html Pat On Wed, 16 Feb 2005 11:20:04 -0500, Ken Hawkins [EMAIL PROTECTED] wrote: I have seen a few things on how to do this however I can't find the java file:j2sdk-1_3_1_14-linux-i586.bin on any of sun's servers. in lieu of what I have been doing how can i install java on a FreeBSD box? thanks, ken; ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring PF
I've managed to come up with something that works so far. I am having
two problems though.
The first is that I can't authenticate for IMAP anymore. No clue why,
it just keeps rejecting my password. maillog shows imapd: LOGIN
FAILED, that's it.
Also, after enabling pf, all my UDP ports show as open. I've got a ruleset of
block in log on $ext_if proto udp all
So all UDP ports should be shown as closed. Doesn't really make any
sense to me. Anyone care to help?
Thanks for the help so far.
Pat
On Wed, 16 Feb 2005 13:26:37 +0100, Volker Kindermann [EMAIL PROTECTED] wrote:
Hi Pat,
Is there any place I can find a good default ruleset for a server, and
just change what ports I want open?
pf originates at openbsd. There you'll find lots of documentation, the
pf-faq, and the (as always in the BSD world) excellent manpages.
In addition there's the pf-repository at: https://solarflux.org/pf/
And there are some books which include examples.
Also, I've noticed that some rulesets will have different flags and
keep state on for certain TCP ports, but not others. For example, at
https://www.section6.net/help/pf.php I found:
#WebServer, HTTPS, 8000
pass in on $extif proto tcp from any to any port 80 flags S/SA
pass in on $extif proto tcp from any to any port $tcp_services flags
S/SA synproxy state
tcp_services is {22, 443}
I don't understand why they use synproxy state for 22 and 443, but not 80
Because synproxy as a security feature has a drawback: speed. Do you
understand what synproxy does? It completes the three-way-handshake at
the firewall first and only if this succeds it forwards the connection
to the (web)server. This takes some small amount of time.
Acceptable with protocolls like ssh and https but mostly unacceptable
with http.
-volker
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
IMAP no longer authorizing
I've had Courier-IMAP working great with a MySQL database for over a week now. I just rebooted my machine for the first time, and now I can't auth at all. It just rejects every password, maillog says that the login attempt failed every time. I've got no idea at all why this is happening. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IMAP no longer authorizing
It turns out that the authlibmysql.so file wasn't there anymore...it doesn't get deleted every time the machine reboots, does it? That wouldn't make any sense. On Wed, 16 Feb 2005 19:35:08 -0700, Pat Maddox [EMAIL PROTECTED] wrote: I've had Courier-IMAP working great with a MySQL database for over a week now. I just rebooted my machine for the first time, and now I can't auth at all. It just rejects every password, maillog says that the login attempt failed every time. I've got no idea at all why this is happening. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Configuring PF
I want to install a firewall on my system. First of all, is PF the one I should be using? It seems to get the most recommendations. I don't actually seem to have any problems configuring it - I just have some problems testing the configuration. I can ssh to the box, and I can access port 80...but I'd like to be able to just scan it to quickly see what's up. When PF is disabled, I can nmap it in about 9 seconds. When I turn it on, it takes over 3 minutes to do. These machines are on the same network, so the connection is obviously fast. Are there any good, pretty simple guides on setting up PF? I'm having a tough time understanding what the rulesets all mean. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring PF
Is there any place I can find a good default ruleset for a server, and
just change what ports I want open?
Also, I've noticed that some rulesets will have different flags and
keep state on for certain TCP ports, but not others. For example, at
https://www.section6.net/help/pf.php I found:
#WebServer, HTTPS, 8000
pass in on $extif proto tcp from any to any port 80 flags S/SA
pass in on $extif proto tcp from any to any port $tcp_services flags
S/SA synproxy state
tcp_services is {22, 443}
I don't understand why they use synproxy state for 22 and 443, but not 80
On Mon, 14 Feb 2005 23:44:32 -0500, chip [EMAIL PROTECTED] wrote:
quickly see what's up. When PF is disabled, I can nmap it in about 9
seconds. When I turn it on, it takes over 3 minutes to do. These
machines are on the same network, so the connection is obviously fast.
I believe this is becuase nmap is having to wait on the connections to
time out. If you tell PF to 'reject' instead of 'drop' it may go a
bit faster.
--
Just my $.02, your mileage may vary, batteries not included, etc
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Best JDK for performance?
Hi Chad, I wrestled with this for a while, I didn't find much useful information. I've got a website on FreeBSD and JBoss4, with the native JDK, and it runs really well. No crashes and no memory issues that I can see so far. Pat On Tue, 8 Feb 2005 12:16:11 -0500, Chad Morland [EMAIL PROTECTED] wrote: Which JDK gives the best performance on FreeBSD? I have the following installed from ports: /usr/local/jdk1.4.2 /usr/local/linux-sun-jdk1.4.2 -CM ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
