Re: jail specific mailinglist?
Oliver Peter wrote: > Dear, > > According to my previous email (ezjail / 6.2-RELEASE-p3) I would > like to ask where to post such messages (for best results :-P ). > > What's about having a jail secific mailinglist like > [EMAIL PROTECTED] ? For ezjail related questions (and sometimes just jail related questions) there is already a mainlinglist: [EMAIL PROTECTED] (archive: https://elektropost.org/ezmlm-cgi?iss::) greetings, philipp ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Virally licensed code in FreeBSD kernel
Chad Perrin wrote: > On Sat, Apr 14, 2007 at 06:55:39PM +0200, Philipp Wuensche wrote: >> Brett Glass wrote: >> >> So CDDL does not require to license add-ons under CDDL, GPL does. In >> this terms, FreeBSD is basically an add-on to the ZFS module ;-). > > The most relevant part of the CDDL seems to be section 3.6, "Larger > Works": > > You may create a Larger Work by combining Covered Software with other > code not governed by the terms of this License and distribute the > Larger Work as a single product. In such a case, You must make sure the > requirements of this License are fulfilled for the Covered Software. > > The term "Covered Software" is defined in a sufficiently ambiguous > manner that a court battle over whether or not a "Larger Work" would be > subject, in full, to the terms of the CDDL would probably be decided in > favor of the guy with more money: > > "Covered Software" means (a) the Original Software, or (b) > Modifications, or (c) the combination of files containing Original > Software with files containing Modifications, in each case including > portions thereof. But the rest of the BSD system does not fall under "Original Software", "Modifications" or combination of both as they are defined in this licsense. As I see it, it just states that everything under CDDL in the "Larger Work" has to be handled like that, this does not include the rest of the "Larger Work" which would be "code not governed by the terms of this License". They explicitly state: "In such a case, You must make sure the requirements of this License are fulfilled for the _Covered Software_." So the requirements must be fullfilled for software under CDDL, and not for "code not governed by the terms of this License" (code under BSD in our case). greetings, philipp ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Virally licensed code in FreeBSD kernel
Brett Glass wrote: > At 10:55 AM 4/14/2007, Philipp Wuensche wrote: > >> Example: >> You create a binary from two source files. >> >> 1. one BSD one CDDL. If you distribute this binary, you have to provide >> the CDDL part (and all modifications to it) as source under CDDL >> license. You are not required to provide the source of the BSD part. > > Yes, you are. Because it appears that the whole thing is now covered > by the CDDL. I can't see any signs for that in the CDDL license, not if you read 3.1 with the Definitions in point 1. greetings, philipp ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Virally licensed code in FreeBSD kernel
Brett Glass wrote: > There is a huge problem in that the CDDL is "viral." It "infects" > products with which it is combined. You can read the text of the > CDDL at > > http://www.opensource.org/licenses/cddl1.php > > Section 3.1 of the CDDL is the portion which is essentially equivalent > to the GPL. It basically states that you have to provide the source code for the stuff that already is under CDDL license if you distribute binaries and you have to keep the CDDL license for all the code that is already under CDDL license. I'm no lawyer but I don't see where this is as viral as GPL. The viral part is limited to the already CDDL licensed source. Example: You create a binary from two source files. 1. one BSD one CDDL. If you distribute this binary, you have to provide the CDDL part (and all modifications to it) as source under CDDL license. You are not required to provide the source of the BSD part. 2. one BSD one GPL. If you distribute the binary, you have to provide the source of both files (and I think you even have to do that under GPL). That is because GPL requires that all work descended from it falls under GPL too and all binaries that include GPL code require the distribution of the source. Thats why it is called viral. So CDDL does not require to license add-ons under CDDL, GPL does. In this terms, FreeBSD is basically an add-on to the ZFS module ;-). greetings, philipp ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Virally licensed code in FreeBSD kernel
Brett Glass wrote: > I just read with some concern the announcement that Sun's ZFS has been > integrated into the FreeBSD kernel. This would mean, unfortunately, that > FreeBSD is now covered by the CDDL, which is a viral license similar to > the GPL. Has FreeBSD abandoned its longstanding practice of keeping the > kernel truly free? Maybe this blog entry brings some light: http://blogs.sun.com/chandan/entry/copyrights_licenses_and_cddl_illustrated I don't see a problem. If you use CDDL licensed stuff like ZFS, you need to provide the source, thats it. greetigns, philipp ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: remote install of 6.2
Mark Messier wrote: > I have a remote machine running 4.8-p21. The system has two disks in > it, but only one is used on a daily basis (the other is filled via dd > every now and then). > > I want to get this remote machine running 6.2, so I figured I'ld > install the new OS on the second disk, then boot off the second disk, > leaving the original first disk with all the user data on it (plus as > a way to back out). > > When I try to use /stand/sysinstall for this it seg-faults > early in the installation, but after the "Commit" step. You could try to mount a 6.2 iso-file and use the sysinstall from there, if that does not work due to library dependencies you could partition the disk by hand using fdisk and disklabel (or do that with the 4.8 sysinstall). After mounting the new disk to /mnt etc. you can extract the kernel and userland using the install.sh script you will find at the set directories in ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/6.2-RELEASE/. I think you only need base and a kernel. Only drawback is you will not be able to use UFS2 I guess, because the 4.8 newfs doesn't know about that. But maybe someone has a solution to that. You could also use qemu to prepare a freebsd6 system and use dd to write it onto the second disk. greetings, philipp ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: problems with jail
Jim Stapleton wrote: > > Issue not confused, but it did give me some "try this" tests. > Unfortunately I still cant connect to anything outside of the jail, > not even to the host. > SSHing into jail does not work, into host does. > [EMAIL PROTECTED] 07:54:40 (0) /usr/ports > jail /jail/ legolas 92.168.1.85 > /bin/csh > %ssh -x 192.168.1.84 > ^C > > And as a last test I should have thought of before: > [EMAIL PROTECTED] 07:59:13 (0) /usr/ports > sysctl > security.jail.allow_raw_sockets > security.jail.allow_raw_sockets: 1 > [EMAIL PROTECTED] 07:59:26 (0) /usr/ports > jail /jail/ legolas 92.168.1.85 > /bin/csh > %ping 127.0.0.1 > PING 127.0.0.1 (127.0.0.1): 56 data bytes > ^C There is missing a 1 in front of 92.168.1.85 If you do ifconfig inside the jail and you don't see the ipaddr. of the jail configured on any of the network interfaces, you did something wrong. Either forgot to configure the ipaddr. or used the wrong in the jail command. greetings, philipp ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: problems with jail
Jim Stapleton wrote: > new host rc.conf: > > hostname="elrond.ameritech.net" > #ifconfig_nve0="inet 192.168.1.84 netmask 255.255.255.0" > ipv4_addrs_nve0="192.168.1.84-85/24 netmask 255.255.255.0" /24 is already the netmask. Can you ping the ipaddr. from another host in your network? greetings, philipp ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: problems with jail
Jim Stapleton wrote: > Jail: > [EMAIL PROTECTED] 14:04:11 (0) ~ > sudo jail /jail/ legolas 192.168.1.85 > /bin/csh > %telnet 192.168.1.4 25 > Trying 192.168.1.4... > ^Z > Suspended > %kill %1 > [1]Terminatedtelnet 192.168.1.4 25 > %ifconfig -a > nve0: flags=8843 mtu 1500 >ether 00:13:d4:2e:2f:62 >media: Ethernet autoselect (100baseTX ) >status: active > plip0: flags=108810 mtu 1500 > lo0: flags=8049 mtu 16384 > > > OK, from host: > [EMAIL PROTECTED] 14:02:11 (0) ~ > ifconfig -a > nve0: flags=8843 mtu 1500 >inet 192.168.1.84 netmask 0xff00 broadcast 192.168.1.255 >ether 00:13:d4:2e:2f:62 >media: Ethernet autoselect (100baseTX ) >status: active > plip0: flags=108810 mtu 1500 > lo0: flags=8049 mtu 16384 >inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 >inet6 ::1 prefixlen 128 >inet 127.0.0.1 netmask 0xff00 > [EMAIL PROTECTED] 14:04:08 (0) ~ > jls > JID IP Address Hostname Path > 1 192.168.1.85legolas /jail > > > > Is that what you needed You only have configured the 192.168.1.84 ipaddr on your nve0 interface, you need to configure the 192.168.1.85 ipaddr. on the interface too. Delete the ifconfig_nve0="inet 192.168.1.84 netmask 255.255.255.0" line in rc.conf and replace it with ipv4_addrs_nve0="192.168.1.84-85/24" and do a reboot. If you don't want to reboot, use "ifconfig nve0 alias 192.168.1.85/32" to configure the alias while the system is running. You could also use the jail_example_interface="nve0" option in rc.conf and reboot, but I don't recommend that because it is somewhat broken and poorly implemented. greetings, philipp ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: problems with jail
Jim Stapleton wrote: > Thank you, that's at least useful testing, but it did not work. Jail > is definetly not getting any network action. > > Would a host netstat output be useful? I looks pretty cryptic. Can you please post the output of ifconfig and jls. From your rc.conf it seems the ipaddr. for the jail is not or wrong configured on your interface. greetings, philipp ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: PF and MAC-Filtering ?
Frank Staals wrote: > I'm trying to get my FreeBSD gateway with PF firewall to only allow > acces to my network and internet from a couple computers through MAC > filtering. I couldn't realy find out what rules I should use; From the > information I found on google I tried something like this but it seems > that PF doesn't see the entrie(s) in my mac-table as a mac adres: ( only > pasted the related rules ) : > > block log > > ### Only allow WLAN connections from trusted Systems:: > table persist file "/usr/local/etc/pf/wlanmacs" > pass in on $wlanif from src to any keep state > pass out on $wlanif from any to src keep state > > with in /usr/local/etc/pf/wlanmacs one Mac adres on each line; example: > > 00:0b:7b:23:33:25 > > As I said it doesn't seem that PF gets that it should treat the entries > in the table as mac-adresses. How can I do that ? Or is there a better > way to achieve the same result ? Just filter by ip-addr. on your gateway, it gives you the same level of security as filtering by mac-addr. and configure your basestation to only accept clients with mac-addr. you have allowed. If you need some kind of authentication, take a look at authpf. greetings, philipp ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Disable syslogd 514..
Agus wrote: > Hi > doing a netstat -an i see that syslog is listening in UDP port 514.i am > trying to disable it, but no luck > i checked the rc.conf but there is nothing there.what do u > recommend? to > disable it or to leave it? > I do not use the machine as a remote syslog server so i cant see the > use.but who knows.. The -ss option of syslogd will disable all network sockets, so setting this in rc.conf will help: syslogd_flags="-ss" Don't forget to restart syslogd of course. greetings philipp ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: IPMI on SuperMicro PDSMi+ Motherboard
Philipp Wuensche wrote: > Hi, > > I lately aquired an SuperMicro PDSMi+ motherboard and the IPMI > AOC-IPMI20-E daughterboard. I can report that the ipmi driver in 6.2 is > working just fine and I can use ipmitool to access the module from the > hostsystem. The only problem is that the IPMI module loses its network > connection and is not reachable via IP some times, this espacially > happens after a SOL session. > > If the server is up I can issue a cold reset for the module and I can > reach it again, I'm not sure if this has anything todo with freebsd and > problems with the em driver or if it is just the firmware of the module > but if anyone has experience with this stuff maybe he can give me a hint > what could causing this problems at all. > > Currently it is configured with a different MAC and a different IP than > the host system, haven't tried same MAC and IP yet. Shouldn't make a > difference, should it? It makes a difference! If I use the same MAC as the hostsystem, access to the IPMI module is unavailable when booting single-user or until the first ifconfig em0 up, this could be either be a problem with the em driver or maybe the eeprom issue Jack Vogel described on freebsd-stable, but I haven't had the chance yet to test the update tool he mentions. Using the same IP as the hostsystem makes no difference of course. I now have it mostly running okay but again running with a different MAC and IP as the system. I now did _not_ use the MAC address from the sticker on the IPMI socket and instead just took one random. This is of course not good and one should use the MAC address from the IPMI socket, maybe I will give it another try. Just to document my findings so other don't have to get to the same pain again, some of my experience: 1. There are basically three modes of MAC/IP configuration for IPMI 1.1 same MAC and same IP as hostsystem 1.2 same MAC as hostsystem but different IP 1.3 different MAC and different IP as hostsystem 2. Get console access working 2.1 The IPMI module connects to the onboard com2 port via a straigt cable with 10pin connectors on both sides. You have to enable bios-redirection in the BIOS and use port B. 2.2 To make the second serial port the console port (default is the first), you have to set hint.sio.1.flags="0x10" in "/boot/device.hints", maybe setting "BOOT_COMCONSOLE_PORT=0x2f8" in /etc/make.conf and rebuilding/installing the boot-loader will do the same. 2.3 To change the speed of the serial port you have to set "BOOT_COMCONSOLE_SPEED=115200" in /etc/make.conf and rebuild/install your boot-loader. One advise if you want to use a different baudrate for the serial console than 19200.. stay away from the IPMIView tool, it resets the baudrate of the IPMI module back to the default 19200 every time you try to establish a SOL session. Use the ipmitool from the ports. (has some issues too but works for access from the hostsystem and most of the remote stuff.) 3. Local IPMI access via OpenIPMI (needs FreeBSD 6.2) 3.1 To get access to the IPMI module via the hostsystem you need "device ipmi" in your kernel configuration. 3.2 Accessing the IPMI module is done by using "ipmitool -I open", you have to compile ipmitool from ports on at least FreeBSD 6.2 (needs some headerfiles to enable OpenIPMI support) Maybe a section in the Handbook would be helpful, should write that up once I get it working reliable. greetings, philipp ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
IPMI on SuperMicro PDSMi+ Motherboard
Hi, I lately aquired an SuperMicro PDSMi+ motherboard and the IPMI AOC-IPMI20-E daughterboard. I can report that the ipmi driver in 6.2 is working just fine and I can use ipmitool to access the module from the hostsystem. The only problem is that the IPMI module loses its network connection and is not reachable via IP some times, this espacially happens after a SOL session. If the server is up I can issue a cold reset for the module and I can reach it again, I'm not sure if this has anything todo with freebsd and problems with the em driver or if it is just the firmware of the module but if anyone has experience with this stuff maybe he can give me a hint what could causing this problems at all. Currently it is configured with a different MAC and a different IP than the host system, haven't tried same MAC and IP yet. Shouldn't make a difference, should it? greetings, philipp ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
