Re: Cannot build jdk16
Thanks a lot for the help guys! On Fri, Mar 4, 2011 at 5:51 PM, Ruslan Mahmatkhanov wrote: > 04.03.2011 14:23, Redd Vinylene пишет: > > Hello! >> >> /usr/ports/java/jdk16 instructs me to manually fetch >> tzupdater-1_3_34-2010o.zip and put it in /usr/ports/distfiles - this file >> however is no longer available and has been replaced by >> tzupdater-1_3_35-2011b. So what's the best way of installing jdk16 despite >> of this? Rename tzupdater-1_3_35-2011b to tzupdater-1_3_34-2010o.zip and >> "make -DNO_CHECKSUM"? >> >> Many thanks! >> > > http://www.freebsd.org/cgi/query-pr.cgi?pr=155270 > > > -- > Regards, > Ruslan > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Cannot build jdk16
Hello! /usr/ports/java/jdk16 instructs me to manually fetch tzupdater-1_3_34-2010o.zip and put it in /usr/ports/distfiles - this file however is no longer available and has been replaced by tzupdater-1_3_35-2011b. So what's the best way of installing jdk16 despite of this? Rename tzupdater-1_3_35-2011b to tzupdater-1_3_34-2010o.zip and "make -DNO_CHECKSUM"? Many thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Kernel compiling problems
Heya! Anybody know what's wrong with this? ## make buildworld buildkernel KERNCONF=NINJA cc -c -O2 -pipe -fno-strict-aliasing -std=c99 -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef -Wno-pointer-sign -fformat-extensions -nostdinc -I. -I/usr/src/sys -I/usr/src/sys/contrib/altq -D_KERNEL -DHAVE_KERNEL_OPTION_HEADERS -include opt_global.h -fno-common -finline-limit=8000 --param inline-unit-growth=100 --param large-function-growth=1000 -mno-align-long-strings -mpreferred-stack-boundary=2 -mno-mmx -mno-3dnow -mno-sse -mno-sse2 -mno-sse3 -ffreestanding -fstack-protector -Werror /usr/src/sys/kern/sysv_msg.c /usr/src/sys/kern/sysv_msg.c:163: error: invalid application of 'sizeof' to incomplete type 'struct freebsd7_msgctl_args' /usr/src/sys/kern/sysv_msg.c:163: error: 'freebsd7_msgctl' undeclared here (not in a function) /usr/src/sys/kern/sysv_msg.c:1463: error: initializer element is not constant /usr/src/sys/kern/sysv_msg.c:1463: error: (near initialization for 'msgcalls[0]') cc1: warnings being treated as errors /usr/src/sys/kern/sysv_msg.c:1507: warning: function declaration isn't a prototype /usr/src/sys/kern/sysv_msg.c: In function 'freebsd7_msgctl': /usr/src/sys/kern/sysv_msg.c:1516: error: dereferencing pointer to incomplete type /usr/src/sys/kern/sysv_msg.c:1516: error: request for member 'cmd' in something not a structure or union /usr/src/sys/kern/sysv_msg.c:1516: warning: comparison between pointer and integer /usr/src/sys/kern/sysv_msg.c:1517: error: dereferencing pointer to incomplete type /usr/src/sys/kern/sysv_msg.c:1517: error: request for member 'buf' in something not a structure or union /usr/src/sys/kern/sysv_msg.c:1532: error: dereferencing pointer to incomplete type /usr/src/sys/kern/sysv_msg.c:1532: error: request for member 'msqid' in something not a structure or union /usr/src/sys/kern/sysv_msg.c:1532: error: dereferencing pointer to incomplete type /usr/src/sys/kern/sysv_msg.c:1532: error: request for member 'cmd' in something not a structure or union /usr/src/sys/kern/sysv_msg.c:1532: warning: passing argument 2 of 'kern_msgctl' makes integer from pointer without a cast /usr/src/sys/kern/sysv_msg.c:1532: warning: passing argument 3 of 'kern_msgctl' makes integer from pointer without a cast /usr/src/sys/kern/sysv_msg.c:1535: error: dereferencing pointer to incomplete type /usr/src/sys/kern/sysv_msg.c:1535: error: request for member 'cmd' in something not a structure or union /usr/src/sys/kern/sysv_msg.c:1535: warning: comparison between pointer and integer /usr/src/sys/kern/sysv_msg.c:1548: error: dereferencing pointer to incomplete type /usr/src/sys/kern/sysv_msg.c:1548: error: request for member 'buf' in something not a structure or union *** Error code 1 Stop in /usr/obj/usr/src/sys/NINJA. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. ## /usr/obj/usr/src/sys/NINJA cpu I586_CPU ident NINJA options SCHED_ULE options PREEMPTION options FFS options SOFTUPDATES options UFS_ACL options UFS_DIRHASH options UFS_GJOURNAL options MD_ROOT options MSDOSFS options CD9660 options PROCFS options PSEUDOFS options COMPAT_43 options COMPAT_FREEBSD4 options COMPAT_FREEBSD5 options COMPAT_FREEBSD6 options KTRACE options SYSVSHM options SYSVMSG options SYSVSEM options KBD_INSTALL_CDEV options _KPOSIX_PRIORITY_SCHEDULING device pci device sio device ata device atadisk device atapicd options ATA_STATIC_ID device fdc device atkbdc device atkbd device psm device vga device splash device sc device sound device ether device miibus device rl device ep device loop device random device tun device pty device md options AUDIT options INET options INET6 device gif device faith device bpf device pf device pflog device pfsync options ALTQ options ALTQ_CBQ options ALTQ_RED options ALTQ_RIO options ALTQ_HFSC options ALTQ_PRIQ ## uname -v FreeBSD 7.0-STABLE #0: Thu Jul 24 18:57:08 CEST 2008 ## /etc/cvsupfile *default host=cvsup.no.FreeBSD.org *default base=/var/db *default prefix=/usr *default release=cvs tag=RELENG_8 *default delete use-rel-suffix src-all doc-all tag=. Many thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Simple command to reset / clear all logs?
On Wed, Jan 12, 2011 at 8:58 PM, Polytropon wrote:
> # for FILE in /var/log/*; do cat /dev/null > ${FILE}; done
>
> That would be better than my first suggestion. You can exchange
> the part "/var/log/*" for any `find ...` command that specifies
> the intended target(s) of your operation better than the builtin
> shell expansion of the * expression.
>
>
Now that's just beautiful, man :-)
Thanks a lot :-)
Please accept this gift
Re: Simple command to reset / clear all logs?
Will the logs automatically create themselves? I mean, I picture I have to manually touch a lotta them in order to avoid "cannot find" error messages? On Wed, Jan 12, 2011 at 8:19 PM, Bernt Hansson wrote: > 2011-01-12 17:04, Redd Vinylene: > > Hi, >> >> Is there a simple command to reset / clear everything in my /var/log? I've >> done a lot of testing, configuring, trial and error and most of my logs >> are >> just full of bullshit and I'd like a fresh start :-) >> >> Thanks! >> > > Sometimes I use rm /var/log/* > > Use with utmost caution! > -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Simple command to reset / clear all logs?
Hi, Is there a simple command to reset / clear everything in my /var/log? I've done a lot of testing, configuring, trial and error and most of my logs are just full of bullshit and I'd like a fresh start :-) Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: vsftpd + SSL not working
On Thu, Dec 9, 2010 at 2:46 PM, Redd Vinylene wrote:
> On Thu, Dec 9, 2010 at 1:16 PM, Odhiambo Washington wrote:
>
>>
>>
>> On Thu, Dec 9, 2010 at 3:10 PM, Redd Vinylene wrote:
>>
>>> I'm trying to set up a virtual vsftpd-ssl-2.3.2 server (FreeBSD
>>> 8.2-PRERELEASE) so my band can share new tracks, production material and
>>> what not, but my SSL certificate keeps messing it up:
>>> http://pastie.org/1358536 - anybody know why? It works just fine when I
>>> disable the SSL. I have no firewalls running.
>>>
>>> I hope this is not too off-topic. I just don't know where else to ask.
>>>
>>>
>> Would it not be better if you posted your configuration and debug logs for
>> those willing to help you out to see?
>>
>
> It's all in http://pastie.org/1358536, but incase you don't want to click
> the link:
>
> ## /var/log/vsftpd.conf (FTPRush)
>
> Wed Dec 8 11:21:07 2010 [pid 38781] CONNECT: Client "161.149.221.220"
> Wed Dec 8 11:21:07 2010 [pid 38781] DEBUG: Client "161.149.221.220", "SSL
> version: TLSv1/SSLv3, SSL cipher: DES-CBC3-SHA, not reused, no cert"
> Wed Dec 8 11:21:08 2010 [pid 38780] [bruner] OK LOGIN: Client
> "161.149.221.220"
> Wed Dec 8 11:21:08 2010 [pid 38781] [bruner] DEBUG: Client
> "161.149.221.220", "SSL version: TLSv1/SSLv3, SSL cipher: DES-CBC3-SHA, not
> reused, no cert"
> Wed Dec 8 11:21:08 2010 [pid 38781] [bruner] DEBUG: Client
> "161.149.221.220", "SSL shutdown state is: NONE"
> Wed Dec 8 11:21:08 2010 [pid 38781] [bruner] DEBUG: Client
> "161.149.221.220", "SSL shutdown state is: SSL_SENT_SHUTDOWN"
>
> And then the directory listing after 3 minutes:
>
> Wed Dec 8 11:24:29 2010 [pid 38781] [bruner] DEBUG: Client
> "161.149.221.220", "SSL shutdown state is: 3"
>
> ## /var/log/vsftpd.conf (FlashFXP)
>
> Wed Dec 8 11:33:50 2010 [pid 56557] [bruner] OK LOGIN: Client
> "161.149.221.220"
> Wed Dec 8 11:33:51 2010 [pid 56558] [bruner] DEBUG: Client
> "161.149.221.220", "SSL version: TLSv1/SSLv3, SSL cipher: DES-CBC3-SHA,
> reused, no cert"
> Wed Dec 8 11:33:51 2010 [pid 56558] [bruner] DEBUG: Client
> "161.149.221.220", "SSL shutdown state is: NONE"
> Wed Dec 8 11:33:51 2010 [pid 56558] [bruner] DEBUG: Client
> "161.149.221.220", "SSL shutdown state is: SSL_SENT_SHUTDOWN"
> Wed Dec 8 11:33:51 2010 [pid 56558] [bruner] DEBUG: Client
> "161.149.221.220", "SSL shutdown state is: SSL_SENT_SHUTDOWN"
> Wed Dec 8 11:33:51 2010 [pid 56558] [bruner] DEBUG: Client
> "161.149.221.220", "SSL shutdown state is: SSL_SENT_SHUTDOWN"
> Wed Dec 8 11:33:51 2010 [pid 56558] [bruner] DEBUG: Client
> "161.149.221.220", "SSL ret: 18446744073709551615, SSL error:
> error::lib(0):func(0):reason(0), errno: 22"
> Wed Dec 8 11:33:53 2010 [pid 56559] [bruner] OK DELETE: Client
> "161.149.221.220", "/bruner_december_2010/track_1.mp3"
> Wed Dec 8 11:33:53 2010 [pid 56559] [bruner] OK DELETE: Client
> "161.149.221.220", "/bruner_december_2010/tracks.sfv"
> Wed Dec 8 11:33:53 2010 [pid 56559] [bruner] OK DELETE: Client
> "161.149.221.220", "/bruner_december_2010/tracks.txt"
> Wed Dec 8 11:33:53 2010 [pid 56559] [bruner] OK DELETE: Client
> "161.149.221.220", "/bruner_december_2010/tracks.m3u"
>
> And in FlashFXP:
>
> [R] 200 PORT command successful. Consider using PASV.
> [R] STOR tracks.m3u
> [R] Transfer Failed!
> [R] Connection lost: bruner
>
> I tried installing OpenSSL 1.0.0b from ports over 0.9.8p that came with
> FreeBSD - and then recompiling vsftpd (commenting out the .if ${OSVERSION} <
> 70 and the .endif below it in the Makefile to force it to link to the
> port) - but it made no difference.
>
> ## openssl s_client -state -connect :800 (remote box)
>
> CONNECTED(0003)
> SSL_connect:before/connect initialization
> SSL_connect:SSLv2/v3 write client hello A
> SSL_connect:error in SSLv2/v3 read server hello A
> 3280:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:567:
>
> ## openssl s_client -tls1 -state -connect :800 (remote box)
>
> CONNECTED(0003)
> SSL_connect:before/connect initialization
> SSL_connect:SSLv3 write client hello A
> SSL3 alert write:fatal:protocol version
> SSL_connect:error in SSLv3 read server hello A
> 3392:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
Postfix and Gmail
Anybody hooked their Postfix servers up with Gmail to use it as a client? I'm tired of all this using mutt on several boxes, setting up virtual MySQL accounts and domains with crap webapps. Figured I'd just use Gmail for it all and be done with it. Curious what sort of experiences y'all have though. Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: vsftpd + SSL not working
On Thu, Dec 9, 2010 at 1:16 PM, Odhiambo Washington wrote:
>
>
> On Thu, Dec 9, 2010 at 3:10 PM, Redd Vinylene wrote:
>
>> I'm trying to set up a virtual vsftpd-ssl-2.3.2 server (FreeBSD
>> 8.2-PRERELEASE) so my band can share new tracks, production material and
>> what not, but my SSL certificate keeps messing it up:
>> http://pastie.org/1358536 - anybody know why? It works just fine when I
>> disable the SSL. I have no firewalls running.
>>
>> I hope this is not too off-topic. I just don't know where else to ask.
>>
>>
> Would it not be better if you posted your configuration and debug logs for
> those willing to help you out to see?
>
It's all in http://pastie.org/1358536, but incase you don't want to click
the link:
## /var/log/vsftpd.conf (FTPRush)
Wed Dec 8 11:21:07 2010 [pid 38781] CONNECT: Client "161.149.221.220"
Wed Dec 8 11:21:07 2010 [pid 38781] DEBUG: Client "161.149.221.220", "SSL
version: TLSv1/SSLv3, SSL cipher: DES-CBC3-SHA, not reused, no cert"
Wed Dec 8 11:21:08 2010 [pid 38780] [bruner] OK LOGIN: Client
"161.149.221.220"
Wed Dec 8 11:21:08 2010 [pid 38781] [bruner] DEBUG: Client
"161.149.221.220", "SSL version: TLSv1/SSLv3, SSL cipher: DES-CBC3-SHA, not
reused, no cert"
Wed Dec 8 11:21:08 2010 [pid 38781] [bruner] DEBUG: Client
"161.149.221.220", "SSL shutdown state is: NONE"
Wed Dec 8 11:21:08 2010 [pid 38781] [bruner] DEBUG: Client
"161.149.221.220", "SSL shutdown state is: SSL_SENT_SHUTDOWN"
And then the directory listing after 3 minutes:
Wed Dec 8 11:24:29 2010 [pid 38781] [bruner] DEBUG: Client
"161.149.221.220", "SSL shutdown state is: 3"
## /var/log/vsftpd.conf (FlashFXP)
Wed Dec 8 11:33:50 2010 [pid 56557] [bruner] OK LOGIN: Client
"161.149.221.220"
Wed Dec 8 11:33:51 2010 [pid 56558] [bruner] DEBUG: Client
"161.149.221.220", "SSL version: TLSv1/SSLv3, SSL cipher: DES-CBC3-SHA,
reused, no cert"
Wed Dec 8 11:33:51 2010 [pid 56558] [bruner] DEBUG: Client
"161.149.221.220", "SSL shutdown state is: NONE"
Wed Dec 8 11:33:51 2010 [pid 56558] [bruner] DEBUG: Client
"161.149.221.220", "SSL shutdown state is: SSL_SENT_SHUTDOWN"
Wed Dec 8 11:33:51 2010 [pid 56558] [bruner] DEBUG: Client
"161.149.221.220", "SSL shutdown state is: SSL_SENT_SHUTDOWN"
Wed Dec 8 11:33:51 2010 [pid 56558] [bruner] DEBUG: Client
"161.149.221.220", "SSL shutdown state is: SSL_SENT_SHUTDOWN"
Wed Dec 8 11:33:51 2010 [pid 56558] [bruner] DEBUG: Client
"161.149.221.220", "SSL ret: 18446744073709551615, SSL error:
error::lib(0):func(0):reason(0), errno: 22"
Wed Dec 8 11:33:53 2010 [pid 56559] [bruner] OK DELETE: Client
"161.149.221.220", "/bruner_december_2010/track_1.mp3"
Wed Dec 8 11:33:53 2010 [pid 56559] [bruner] OK DELETE: Client
"161.149.221.220", "/bruner_december_2010/tracks.sfv"
Wed Dec 8 11:33:53 2010 [pid 56559] [bruner] OK DELETE: Client
"161.149.221.220", "/bruner_december_2010/tracks.txt"
Wed Dec 8 11:33:53 2010 [pid 56559] [bruner] OK DELETE: Client
"161.149.221.220", "/bruner_december_2010/tracks.m3u"
And in FlashFXP:
[R] 200 PORT command successful. Consider using PASV.
[R] STOR tracks.m3u
[R] Transfer Failed!
[R] Connection lost: bruner
I tried installing OpenSSL 1.0.0b from ports over 0.9.8p that came with
FreeBSD - and then recompiling vsftpd (commenting out the .if ${OSVERSION} <
70 and the .endif below it in the Makefile to force it to link to the
port) - but it made no difference.
## openssl s_client -state -connect :800 (remote box)
CONNECTED(0003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:error in SSLv2/v3 read server hello A
3280:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:567:
## openssl s_client -tls1 -state -connect :800 (remote box)
CONNECTED(0003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL3 alert write:fatal:protocol version
SSL_connect:error in SSLv3 read server hello A
3392:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
number:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_pkt.c:284:
## openssl s_server -cert vsftpd.pem -key vsftpd.pem -accept 4443
(localhost)
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
-BEGIN SSL SESSION PARAMETERS-
MHUCAQECAgMBBAIAOQQgMAQ7m6+qXFxEjTGqANwiHnptuHDkR+55xtbmzAhtHDwE
MLF1LRUOLLBlR8J9QrkZkiCtBgWC88NwFVX4p9wYtt09Ms0MQm/EuzMB1Jm7uquC
taEGAgRM/7XlogQCAgEspAYEBAE=
-END SSL SESSION PARAMETERS-
Shared
ciphers:DHE-RSA-AES256-SHA:DHE
vsftpd + SSL not working
I'm trying to set up a virtual vsftpd-ssl-2.3.2 server (FreeBSD 8.2-PRERELEASE) so my band can share new tracks, production material and what not, but my SSL certificate keeps messing it up: http://pastie.org/1358536 - anybody know why? It works just fine when I disable the SSL. I have no firewalls running. I hope this is not too off-topic. I just don't know where else to ask. Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTPD not working properly on jail
I'll create a new post. This subject is misleading. On Thu, Dec 9, 2010 at 12:55 PM, Redd Vinylene wrote: > On Wed, Dec 8, 2010 at 11:24 PM, krad wrote: > >> >> >> On 8 December 2010 20:07, Joseph Bashe wrote: >> >>> But he mentioned he needs some sort of 'virtual' (I'm assuming chroot) >>> feature; this is not possible with sftp afaik. >>> . >>> >> >> >> Its totally possble to chroot the sftp, and I have done it several times. >> Something like the below will isolate each user >> >> Match Group sftponly >> ChrootDirectory /home/chroot/%u >> >> X11Forwarding no >> AllowTcpForwarding no >> ForceCommand internal-sftp >> >> >> he might need something more like this so they can share data >> >> Match Group sftponly >> >> ChrootDirectory /home/chroot/ >> >> X11Forwarding no >> AllowTcpForwarding no >> ForceCommand internal-sftp >> >> >> > I would love to try that sometime - but right now I have to get this > regular ftp working. > > Just to recap - I'm trying to set up a virtual vsftpd-ssl-2.3.2 server so > my band can share new tracks, production material and what not, but my SSL > certificate keeps messing it up: http://pastie.org/1358536 - anybody know > why? It works just fine when I disable the SSL. > > Many thanks! > -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTPD not working properly on jail
On Wed, Dec 8, 2010 at 11:24 PM, krad wrote: > > > On 8 December 2010 20:07, Joseph Bashe wrote: > >> But he mentioned he needs some sort of 'virtual' (I'm assuming chroot) >> feature; this is not possible with sftp afaik. >> . >> > > > Its totally possble to chroot the sftp, and I have done it several times. > Something like the below will isolate each user > > Match Group sftponly > ChrootDirectory /home/chroot/%u > > X11Forwarding no > AllowTcpForwarding no > ForceCommand internal-sftp > > > he might need something more like this so they can share data > > Match Group sftponly > > ChrootDirectory /home/chroot/ > X11Forwarding no > AllowTcpForwarding no > ForceCommand internal-sftp > > > I would love to try that sometime - but right now I have to get this regular ftp working. Just to recap - I'm trying to set up a virtual vsftpd-ssl-2.3.2 server so my band can share new tracks, production material and what not, but my SSL certificate keeps messing it up: http://pastie.org/1358536 - anybody know why? It works just fine when I disable the SSL. Many thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTPD not working properly on jail
On Wed, Dec 8, 2010 at 5:49 PM, krad wrote: > > do you have a personal firewall or are natting at any point on your pc (not > the ftp server), as if you do and are using active, the firewall ftp proxy > wont be able to read the data stream in SSL mode as its encrypted, and hence > setup the needed forwarding rules. > > WHy not try sftp? Probably more secure and a dam site easier to setup. > Nope, nothing like that. Thanks though. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTPD not working properly on jail
On Wed, Dec 8, 2010 at 5:31 PM, Bjoern A. Zeeb < bzeeb-li...@lists.zabbadoz.net> wrote: > application or configuration issue unrelated to jails. > > > Absolutely. Thanks for making me realize it though. Peace! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTPD not working properly on jail
On Wed, Dec 8, 2010 at 5:24 PM, krad wrote: > > are you sure its not a passive/active ftp issue? > Yep, not this time :-) Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTPD not working properly on jail
On Wed, Dec 8, 2010 at 4:52 PM, Bjoern A. Zeeb < bzeeb-li...@lists.zabbadoz.net> wrote: > > a) have you tried without SSL? > b) have you tried ftpd from base? > > It pretty much smells like a bug in vsftpd. > > Out of curiosity - which version of freebsd is that? > > /bz > > Greetings! a) Good question. Just tested - without a doubt, yes it works perfectly without SSL. But we need SSL though. b) No, because as far as I know, it doesn't allow the kind of virtual setup vsftpd does. The FreeBSD version is 8.2-PRERELEASE. Thanks man. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
FTP not working in jail
Hello! I'm trying to set up a virtual vsftpd-ssl-2.3.2 server so my band can share new tracks, production material or what not, but I'm getting all kinds of strange errors: http://pastie.org/1358536 Anybody know why? I'm using a jail. There are no firewalls on either the host or the jail. I've tried other ftpd's and gotten similar results, so I don't think there's vsftpd there's something wrong with here. Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Can I run a 32-bit jail (or software) on a 64-bit server?
How do I create a 32-bit jail on a 64-bit machine then? http://forums.freebsd.org/showthread.php?t=3744 did not tell me much. Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Can I run a 32-bit jail (or software) on a 64-bit server?
Thanks a lot guys - I really appreciate it. Redd ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Can I run a 32-bit jail (or software) on a 64-bit server?
On Mon, Dec 6, 2010 at 7:25 PM, Nerius Landys wrote: > I've had success running [at least some] 32 bit software on 64 bit > FreeBSD without even using a jail. > Do you have /usr/lib32 on your system? This would get installed for > example if you rebuild world/kernel following this: > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html > and if you don't inhibit the installation of /usr/lib32 by setting > some conf file flag somewhere. > > There are probably other ways to "get" /usr/lib32 on your system, but > I usually rebuild world to make it happen. > Hey man! Matter of fact - yeah - I do have /usr/lib32. So that's all I need or do I need to activate something in rc.conf or whatever? Much obliged! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Can I run a 32-bit jail (or software) on a 64-bit server?
Greetings! Can I run a 32-bit jail (or software) on a 64-bit server? I need to use some software that only works on 32-bit. Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Destination host unreachable
Hi, I'm on my NAT workstation here (192.168.187.2), behind my FreeBSD pf firewall (80.X.X.X + 192.168.187.1), and everything works just fine except this one overseas IP that I just can't seem to reach: - C:\Documents and Settings\Administrator> ping 91.X.X.X Pinging 91.X.X.X with 32 bytes of data: Destination host unreachable. - I can reach it just fine from my FreeBSD pf firewall though. My pf.conf and rc.conf can be found here: http://pastie.org/453644 My NAT workstation's netmask is 255.255.255.0 and that of my FreeBSD pf firewall is 255.255.255.248. Thanks! -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: "No route to host" when trying to connect to FTP server on the Internet
On Tue, Apr 21, 2009 at 10:27 PM, Chuck Swiger wrote: > On Apr 21, 2009, at 1:25 PM, Redd Vinylene wrote: > >> Yeah, the default route is set. Routing works just fine. In fact, it's >> been working for years. It's just this one FTP server that it won't connect >> to. >> > > Then it could be a legitimate error being returned by a remote router, > also. traceroute/mtr to the problematic host could be helpful > > -- > -Chuck > > I think I just got some help on IRC: is it on the local network of your firewall and not this computer? yes! thats why you can't connect to it Suggestions on how to fix this problem using pf would be greatly appreciated though. Many thanks! -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: "No route to host" when trying to connect to FTP server on the Internet
On Tue, Apr 21, 2009 at 9:13 PM, Chuck Swiger wrote: > On Apr 21, 2009, at 11:40 AM, Redd Vinylene wrote: > >> I'm trying to connect to my friend's FTP server but I'm getting a "No >> route >> to host" when trying from my NAT workstation. It works just fine when I >> connect from my NAT server though. >> >> Internet -> NAT server (192.168.187.1) -> NAT workstation (192.168.187.2) >> > > Presumably you should have a default route set? (Check netstat -r.) If > not, consider: > > route add default 192.168.187.1 > > Regards, > -- > -Chuck > > Yeah, the default route is set. Routing works just fine. In fact, it's been working for years. It's just this one FTP server that it won't connect to. -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
"No route to host" when trying to connect to FTP server on the Internet
Hi, I'm trying to connect to my friend's FTP server but I'm getting a "No route to host" when trying from my NAT workstation. It works just fine when I connect from my NAT server though. Internet -> NAT server (192.168.187.1) -> NAT workstation (192.168.187.2) I've been suggested ftp-proxy. It didn't work though. You can see my setup and hopefully other relevant info here: http://pastie.org/453644 Thanks! -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
FreeBSD and Xen in paravirtualized mode
Why doesn't FreeBSD support Xen in paravirtualized mode? Imagine the increase in ISPs being able to offer FreeBSD to its customers. I just got my heart broken today: http://forum.slicehost.com/comments.php?DiscussionID=3191/ -- http://www.myspace.com/soultanisyourfriend ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: a "strange" question about OSs
On Mon, Feb 23, 2009 at 9:06 AM, Valentin Bud wrote: > Hello Community, > > The following question may sound very ackward but was OS is suitable from > the following list > to replace FBSD: > > - OpenSUSE 10.3 > - Debian 4.0 > - CentOS 5 > > The company i work for wants to change the provider because of the > economical crisis to > save some money. The actual provider gave us the chance to install our OS > but the one > they chose as a replacement doesn't give any other choice besides the above > mentioned. > > I work for 2 years in IT and FBSD is the only OS i have ever used in > production. I like it and > learned it a little bit. It is going to be a steep learning curve with the > new OS which I'm not afraid > of but i would like to chose a suitable OS and one that has some > similarities with FBSD. > > thank you, > v > > I doubt you'll find anything suitable after getting accustomed to FreeBSD. -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Could we get rid of the extra blank line in the MOTD?
On Wed, Feb 4, 2009 at 7:12 PM, Rajarajan Rajamani wrote: > > I'm sorry Rajarajan, but you misread my question. > > > > -- > > http://www.home.no/reddvinylene > > > > Ok, sorry for the hurried reply, is the extra line coming from > /etc/COPYRIGHT then ? > Whats there in /etc/login.conf which says about where your copyright > file resides - like > :copyright=/etc/COPYRIGHT:\ > Great idea. A reference to /etc/COPYRIGHT is indeed under :default in /etc/login.conf, but /etc/COPYRIGHT doesn't exist on my system. I might have deleted it. -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Could we get rid of the extra blank line in the MOTD?
On 2/4/09, Rajarajan Rajamani wrote: > The messages are from /etc/motd > > Edit is to display what you'd like. I'm sorry Rajarajan, but you misread my question. -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Could we get rid of the extra blank line in the MOTD?
My MOTD is like this (- marks beginning and end): - AUTHORIZED ACCESS ONLY - But in FreeBSD it displays with an extra blank line on top: - Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. AUTHORIZED ACCESS ONLY r...@vinylene:~% ps x - Why is it there? Could we get rid of it? This would look so much better: - Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. AUTHORIZED ACCESS ONLY r...@vinylene:~% ps x - Thank you. -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Locked myself out.. AGAIN!!
Thanks guys. But I guess I'm all outta luck: $ sudo -s /libexec/ld-elf.so.1: Shared object "libutil.so.5" not found, required by "sudo" On Sun, Dec 7, 2008 at 11:07 AM, Glen Barber <[EMAIL PROTECTED]> wrote: > On Sun, Dec 7, 2008 at 5:04 AM, Redd Vinylene <[EMAIL PROTECTED]> wrote: >> On this dedicated box here I made the mistake of adding a comment to >> root's entry in my password file: >> >> root:*:0:0::/root:/bin/sh # What I thought would be a harmless comment. >> > > This is why you shouldn't edit password files directly. > >> Now I can't su to root. And my ISP is closed on Sundays. Is there any >> way I can fix this on my own? >> > > Do you have sudo installed? If not, your only other option is to boot > into single user mode. But that won't help if you're not at the > console. > > > -- > Glen Barber > > > "If you have any trouble sounding condescending, find a Unix user to > show you how it's done." > --Scott Adams > -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Locked myself out.. AGAIN!!
On this dedicated box here I made the mistake of adding a comment to root's entry in my password file: root:*:0:0::/root:/bin/sh # What I thought would be a harmless comment. Now I can't su to root. And my ISP is closed on Sundays. Is there any way I can fix this on my own? Thanks y'all! -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD not stable enough for Xen environments?
On Fri, Nov 14, 2008 at 4:11 PM, Outback Dingo <[EMAIL PROTECTED]> wrote: > depends on how they do their installs, i know of a couple hosting companies > doing it already > > On Fri, Nov 14, 2008 at 5:42 PM, Redd Vinylene <[EMAIL PROTECTED]> > wrote: >> >> Hello. I want this hosting company to offer FreeBSD but they claim >> it's not yet stable enough for their Xen setup. Is there anything I >> can do to prove them wrong? Much obliged y'all. Peace. >> >> -- >> http://www.home.no/reddvinylene Hey! Which ones? -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
FreeBSD not stable enough for Xen environments?
Hello. I want this hosting company to offer FreeBSD but they claim it's not yet stable enough for their Xen setup. Is there anything I can do to prove them wrong? Much obliged y'all. Peace. -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
FreeBSD not stable enough for Xen?
Hello hello. I want this hosting company to offer FreeBSD but they claim it's not yet stable enough for their Xen setup. Is there anything I can do to prove them wrong? Much obliged, Redd Vinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Funny slogans to put on tshirts
On Fri, Oct 31, 2008 at 10:51 AM, Mel <[EMAIL PROTECTED]> wrote: > On Friday 31 October 2008 10:29:35 you wrote: > >> It's my friend's birthday tomorrow. I was thinking I'd make him a >> tshirt with some funny slogan on it or something. Preferably something >> UNIX related. But I'm all outta ideas. Perhaps y'all can help? >> Alright, much obliged, thanks. > > http://shop.cafepress.com/design/6684711 > > -- > Mel Hahaha -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Funny slogans to put on tshirts
Hello guys, It's my friend's birthday tomorrow. I was thinking I'd make him a tshirt with some funny slogan on it or something. Preferably something UNIX related. But I'm all outta ideas. Perhaps y'all can help? Alright, much obliged, thanks. -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Problems moving my jails (mv: Operation not permitted)
Yes, this worked perfectly. Thank y'all so much. May this post be of help to others in the future as well. -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Problems moving my jails (mv: Operation not permitted)
On Sat, Oct 4, 2008 at 10:36 PM, <[EMAIL PROTECTED]> wrote: > > 1st of all, (re)design your system. > 2nd, create separate partition for your jail(s) > 3rd, if (I were you, and) the jail is not too complex, recreate from > scratch. (You get a clean jail :)) ) > Actually I can't do that. I use Bjoern A. Zeeb's multi-IP patch which currently doesn't compile, so. Besides my ISP charges way too much for a reinstall and I can't afford that. -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Problems moving my jails (mv: Operation not permitted)
On Sat, Oct 4, 2008 at 9:22 PM, George Hartzell <[EMAIL PROTECTED]> wrote: > Redd Vinylene writes: > > On Sat, Oct 4, 2008 at 9:02 PM, George Hartzell <[EMAIL PROTECTED]> wrote: > > > > > > If you do an ls -lo /home/jail/box/usr/bin/chpass, you'll probably see > > > the schg flag set. Man chflags for more info and instructions on how > > > to unset it > > > > > > g. > > > > > > > Yes: > > > > -r-sr-xr-x 6 root wheel schg 18468 Aug 2 19:47 > /usr/jail/box/usr/bin/chpass > > > > So I'd simply have to "chflags noschg /usr/jail/box/usr/bin/chpass" > > and then "cp /usr/jail/box/usr/bin/chpass > > /home/jail/box/usr/bin/chpass"? > > I think that you ought to be able to cp it as is. You're just not > allowed to change the original (e.g. remove it), which is why your mv > and rm failed. > > g. > I've been told that changing flags might seriously mess things up. Is there any way to copy the remaining files from /usr/jail into /home/jail, or do I have to rebuild everything from scratch? Much obliged. -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Problems moving my jails (mv: Operation not permitted)
On Sat, Oct 4, 2008 at 9:10 PM, Redd Vinylene <[EMAIL PROTECTED]> wrote: > On Sat, Oct 4, 2008 at 9:04 PM, Wojciech Puchar > <[EMAIL PROTECTED]> wrote: >>> mv: /usr/jail/camel/sbin: Directory not empty >>> mv: /usr/jail/camel/var/empty: Operation not permitted >>> mv: /usr/jail/camel/var: Directory not empty >>> mv: /usr/jail/camel: Directory not empty >>> mv: /usr/jail: Directory not empty >>> mv: /bin/rm /usr/jail: terminated with 1 (non-zero) status >>> >>> I guess I ain't gotta worry about the sockets but what about the rest? >>> >> you need >> >> chflags -R noschg yourdir >> > > So just "chflags -R /usr/jail" and then copy things the normal way? > Sure that won't mess up my jails? Sorry, what I meant to write was "chflags -R noschg /usr/jail". I apologize for the inconvenience. -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Problems moving my jails (mv: Operation not permitted)
On Sat, Oct 4, 2008 at 9:04 PM, Wojciech Puchar <[EMAIL PROTECTED]> wrote: >> mv: /usr/jail/camel/sbin: Directory not empty >> mv: /usr/jail/camel/var/empty: Operation not permitted >> mv: /usr/jail/camel/var: Directory not empty >> mv: /usr/jail/camel: Directory not empty >> mv: /usr/jail: Directory not empty >> mv: /bin/rm /usr/jail: terminated with 1 (non-zero) status >> >> I guess I ain't gotta worry about the sockets but what about the rest? >> > you need > > chflags -R noschg yourdir > So just "chflags -R /usr/jail" and then copy things the normal way? Sure that won't mess up my jails? -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Problems moving my jails (mv: Operation not permitted)
On Sat, Oct 4, 2008 at 9:02 PM, George Hartzell <[EMAIL PROTECTED]> wrote: > > If you do an ls -lo /home/jail/box/usr/bin/chpass, you'll probably see > the schg flag set. Man chflags for more info and instructions on how > to unset it > > g. > Yes: -r-sr-xr-x 6 root wheel schg 18468 Aug 2 19:47 /usr/jail/box/usr/bin/chpass So I'd simply have to "chflags noschg /usr/jail/box/usr/bin/chpass" and then "cp /usr/jail/box/usr/bin/chpass /home/jail/box/usr/bin/chpass"? -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Problems moving my jails (mv: Operation not permitted)
On Sat, Oct 4, 2008 at 8:53 PM, Redd Vinylene <[EMAIL PROTECTED]> wrote: > On Sat, Oct 4, 2008 at 8:40 PM, Redd Vinylene <[EMAIL PROTECTED]> wrote: >> On Sat, Oct 4, 2008 at 8:38 PM, Rodrigo Gonzalez <[EMAIL PROTECTED]> wrote: >>> >>> Are the jails stopped? >>> >>> >> >> Yes, they are. Sorry, I should have mentioned this. >> >> -- >> http://www.home.no/reddvinylene >> > > Should I just do like this? > > cp /usr/jail/box/usr/bin/chpass /home/jail/box/usr/bin/chpass > cp /usr/jail/box/usr/bin/chfn /home/jail/box/usr/bin/chfn > cp /usr/jail/box/usr/bin/chsh /home/jail/box/usr/bin/chsh > [...] > rm -rf /usr/jail > > -- > http://www.home.no/reddvinylene > My bad, that's not permitted either. -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Problems moving my jails (mv: Operation not permitted)
On Sat, Oct 4, 2008 at 8:40 PM, Redd Vinylene <[EMAIL PROTECTED]> wrote: > On Sat, Oct 4, 2008 at 8:38 PM, Rodrigo Gonzalez <[EMAIL PROTECTED]> wrote: >> >> Are the jails stopped? >> >> > > Yes, they are. Sorry, I should have mentioned this. > > -- > http://www.home.no/reddvinylene > Should I just do like this? cp /usr/jail/box/usr/bin/chpass /home/jail/box/usr/bin/chpass cp /usr/jail/box/usr/bin/chfn /home/jail/box/usr/bin/chfn cp /usr/jail/box/usr/bin/chsh /home/jail/box/usr/bin/chsh cp /usr/jail/box/usr/bin/ypchpass /home/jail/box/usr/bin/ypchpass cp /usr/jail/box/usr/bin/ypchfn /home/jail/box/usr/bin/ypchfn cp /usr/jail/box/usr/bin/ypchsh /home/jail/box/usr/bin/ypchsh cp /usr/jail/box/usr/bin/login /home/jail/box/usr/bin/login cp /usr/jail/box/usr/bin/opieinfo /home/jail/box/usr/bin/opieinfo cp /usr/jail/box/usr/bin/opiepasswd /home/jail/box/usr/bin/opiepasswd cp /usr/jail/box/usr/bin/passwd /home/jail/box/usr/bin/passwd cp /usr/jail/box/usr/bin/yppasswd /home/jail/box/usr/bin/yppasswd cp /usr/jail/box/usr/bin/rlogin /home/jail/box/usr/bin/rlogin cp /usr/jail/box/usr/bin/rsh /home/jail/box/usr/bin/rsh cp /usr/jail/box/usr/bin/su /home/jail/box/usr/bin/su cp /usr/jail/box/usr/bin/crontab /home/jail/box/usr/bin/crontab cp /usr/jail/box/usr/lib/libkse.so.3 /home/jail/box/usr/lib/libkse.so.3 cp /usr/jail/box/usr/lib/librt.so.1 /home/jail/box/usr/lib/librt.so.1 cp /usr/jail/box/usr/sbin/sliplogin /home/jail/box/usr/sbin/sliplogin cp /usr/jail/box/var/empty /home/jail/box/var/empty cp /usr/jail/box/bin/rcp /home/jail/box/bin/rcp cp /usr/jail/box/dev/fd /home/jail/box/dev/fd cp /usr/jail/box/lib/libc.so.7 /home/jail/box/lib/libc.so.7 cp /usr/jail/box/lib/libcrypt.so.4 /home/jail/box/lib/libcrypt.so.4 cp /usr/jail/box/lib/libthr.so.3 /home/jail/box/lib/libthr.so.3 cp /usr/jail/box/libexec/ld-elf.so.1 /home/jail/box/libexec/ld-elf.so.1 cp /usr/jail/box/sbin/init /home/jail/box/sbin/init cp /usr/jail/camel/usr/bin/chpass /home/jail/camel/usr/bin/chpass cp /usr/jail/camel/usr/bin/chfn /home/jail/camel/usr/bin/chfn cp /usr/jail/camel/usr/bin/chsh /home/jail/camel/usr/bin/chsh cp /usr/jail/camel/usr/bin/ypchpass /home/jail/camel/usr/bin/ypchpass cp /usr/jail/camel/usr/bin/ypchfn /home/jail/camel/usr/bin/ypchfn cp /usr/jail/camel/usr/bin/ypchsh /home/jail/camel/usr/bin/ypchsh cp /usr/jail/camel/usr/bin/login /home/jail/camel/usr/bin/login cp /usr/jail/camel/usr/bin/opieinfo /home/jail/camel/usr/bin/opieinfo cp /usr/jail/camel/usr/bin/opiepasswd /home/jail/camel/usr/bin/opiepasswd cp /usr/jail/camel/usr/bin/passwd /home/jail/camel/usr/bin/passwd cp /usr/jail/camel/usr/bin/yppasswd /home/jail/camel/usr/bin/yppasswd cp /usr/jail/camel/usr/bin/rlogin /home/jail/camel/usr/bin/rlogin cp /usr/jail/camel/usr/bin/rsh /home/jail/camel/usr/bin/rsh cp /usr/jail/camel/usr/bin/su /home/jail/camel/usr/bin/su cp /usr/jail/camel/usr/bin/crontab /home/jail/camel/usr/bin/crontab cp /usr/jail/camel/usr/lib/libkse.so.3 /home/jail/camel/usr/lib/libkse.so.3 cp /usr/jail/camel/usr/lib/librt.so.1 /home/jail/camel/usr/lib/librt.so.1 cp /usr/jail/camel/usr/sbin/sliplogin /home/jail/camel/usr/sbin/sliplogin cp /usr/jail/camel/bin/rcp /home/jail/camel/bin/rcp cp /usr/jail/camel/dev/fd /home/jail/camel/dev/fd cp /usr/jail/camel/lib/libc.so.7 /home/jail/camel/lib/libc.so.7 cp /usr/jail/camel/lib/libcrypt.so.4 /home/jail/camel/lib/libcrypt.so.4 cp /usr/jail/camel/lib/libthr.so.3 /home/jail/camel/lib/libthr.so.3 cp /usr/jail/camel/libexec/ld-elf.so.1 /home/jail/camel/libexec/ld-elf.so.1 cp /usr/jail/camel/sbin/init /home/jail/camel/sbin/init cp /usr/jail/camel/var/empty /home/jail/camel/var/empty rm -rf /usr/jail -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Problems moving my jails (mv: Operation not permitted)
On Sat, Oct 4, 2008 at 8:38 PM, Rodrigo Gonzalez <[EMAIL PROTECTED]> wrote: > > Are the jails stopped? > > Yes, they are. Sorry, I should have mentioned this. -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Problems moving my jails (mv: Operation not permitted)
Hello hello! I need to move my jails from /usr/jail to /home/jail. The latter is where all my diskspace is. Not all files seem to want to move though? # mv /usr/jail /home mv: /usr/jail/camel/var/spool/postfix/private/scache is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/rewrite is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/bounce is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/defer is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/trace is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/verify is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/proxymap is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/proxywrite is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/smtp is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/relay is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/error is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/retry is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/discard is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/local is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/virtual is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/lmtp is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/anvil is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/tlsmgr is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/public/cleanup is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/public/flush is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/public/showq is a socket (not copied). mv: /usr/jail/box/usr/bin/chpass: Operation not permitted mv: /usr/jail/box/usr/bin/chfn: Operation not permitted mv: /usr/jail/box/usr/bin/chsh: Operation not permitted mv: /usr/jail/box/usr/bin/ypchpass: Operation not permitted mv: /usr/jail/box/usr/bin/ypchfn: Operation not permitted mv: /usr/jail/box/usr/bin/ypchsh: Operation not permitted mv: /usr/jail/box/usr/bin/login: Operation not permitted mv: /usr/jail/box/usr/bin/opieinfo: Operation not permitted mv: /usr/jail/box/usr/bin/opiepasswd: Operation not permitted mv: /usr/jail/box/usr/bin/passwd: Operation not permitted mv: /usr/jail/box/usr/bin/yppasswd: Operation not permitted mv: /usr/jail/box/usr/bin/rlogin: Operation not permitted mv: /usr/jail/box/usr/bin/rsh: Operation not permitted mv: /usr/jail/box/usr/bin/su: Operation not permitted mv: /usr/jail/box/usr/bin/crontab: Operation not permitted mv: /usr/jail/box/usr/bin: Directory not empty mv: /usr/jail/box/usr/lib/libkse.so.3: Operation not permitted mv: /usr/jail/box/usr/lib/librt.so.1: Operation not permitted mv: /usr/jail/box/usr/lib: Directory not empty mv: /usr/jail/box/usr/sbin/sliplogin: Operation not permitted mv: /usr/jail/box/usr/sbin: Directory not empty mv: /usr/jail/box/usr: Directory not empty mv: /usr/jail/box/var/empty: Operation not permitted mv: /usr/jail/box/var: Directory not empty mv: /usr/jail/box/bin/rcp: Operation not permitted mv: /usr/jail/box/bin: Directory not empty mv: /usr/jail/box/dev/fd: Operation not supported mv: /usr/jail/box/dev: Device busy mv: /usr/jail/box/lib/libc.so.7: Operation not permitted mv: /usr/jail/box/lib/libcrypt.so.4: Operation not permitted mv: /usr/jail/box/lib/libthr.so.3: Operation not permitted mv: /usr/jail/box/lib: Directory not empty mv: /usr/jail/box/libexec/ld-elf.so.1: Operation not permitted mv: /usr/jail/box/libexec: Directory not empty mv: /usr/jail/box/sbin/init: Operation not permitted mv: /usr/jail/box/sbin: Directory not empty mv: /usr/jail/box: Directory not empty mv: /usr/jail/camel/usr/bin/chpass: Operation not permitted mv: /usr/jail/camel/usr/bin/chfn: Operation not permitted mv: /usr/jail/camel/usr/bin/chsh: Operation not permitted mv: /usr/jail/camel/usr/bin/ypchpass: Operation not permitted mv: /usr/jail/camel/usr/bin/ypchfn: Operation not permitted mv: /usr/jail/camel/usr/bin/ypchsh: Operation not permitted mv: /usr/jail/camel/usr/bin/login: Operation not permitted mv: /usr/jail/camel/usr/bin/opieinfo: Operation not permitted mv: /usr/jail/camel/usr/bin/opiepasswd: Operation not permitted mv: /usr/jail/camel/usr/bin/passwd: Operation not permitted mv: /usr/jail/camel/usr/bin/yppasswd: Operation not permitted mv: /usr/jail/camel/usr/bin/rlogin: Operation not permitted mv: /usr/jail/camel/usr/bin/rsh: Operation not permitted mv: /usr/jail/camel/usr/bin/su: Operation not permitted mv: /usr/jail/camel/usr/bin/crontab: Operation not permitted mv: /usr/jail/camel/usr/bin: Directory not empty mv: /usr/jail/camel/usr/lib/libkse.so.3: Operation not permitted mv: /usr/jail/camel/usr/lib/librt.so.1: Operation not permitted mv: /usr/jail/camel/usr/lib: Directory not empty mv: /usr/jail/camel/usr/sbin/sliplogin: Operation not permitted m
Re: Jail, pf and ftpd: Connection refused
> On Fri, Oct 3, 2008 at 11:56 AM, Max Laier <[EMAIL PROTECTED]> wrote: > > See ftp-proxy(8). > > Note that active works with the ruleset you provided (due to the "pass out > keep state"-rule), but there is obviously a firewall problem on the client > preventing that. > Nevermind, I think the "Transport endpoint is not connected" is most likely due to lftp. Nonetheless, much obliged for the assistance! -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Jail, pf and ftpd: Connection refused
On Fri, Oct 3, 2008 at 11:56 AM, Max Laier <[EMAIL PROTECTED]> wrote: > > See ftp-proxy(8). > > Note that active works with the ruleset you provided (due to the "pass out > keep state"-rule), but there is obviously a firewall problem on the client > preventing that. > Are you sure I need ftp-proxy? I opened the datarange 49152:65535 and now I no longer get a connection refused. I seem to be able to list, download, you know the usual stuff. I still get the "getpeername(control_sock): Transport endpoint is not connected" though. If I do need ftp-proxy, I take it it's the "FTP Server Protected by an External PF Firewall Running NAT" at http://www.openbsd.org/faq/pf/ftp.html that applies to my setup? I can't quite comprehend the nat/rdr rules in that example, as I ain't really got an int_if. As I stated earlier, I have a FreeBSD server running pf and two jails, and I'm trying to get ftpd running smoothly inside one of those jails. Thank you so much. -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Jail, pf and ftpd: Connection refused
Greetings ladies and gentlemen!
Why does the below pf.conf (run from box1) give me
"getpeername(control_sock): Transport endpoint is not connected,
Socket error (Connection refused) - reconnecting" when trying to log
onto box3 via passive FTP? Active FTP gives me "425 Can't build data
connection: Connection refused." (box2 and box3 are jails running off
box1)
-
[EMAIL PROTECTED] cat /etc/pf.conf
box1 = "80.203.2.2"
box2 = "80.203.2.3"
box3 = "{ 80.203.2.4 [...] 80.203.2.127 }"
ext_if = "rl0"
set block-policy return
set skip on { lo0 }
scrub in
pass out keep state
block in
pass in on $ext_if inet proto tcp from any to any port { 22 } keep state
pass in on $ext_if inet proto tcp from any to $box2 port { 25, 53, 80,
110 } keep state
pass in on $ext_if inet proto udp from any to $box2 port 53 keep state
pass in on $ext_if inet proto tcp from any to $box3 port { 20, 21, 113
} keep state
pass in on $ext_if inet proto icmp from any to any keep state
-
[EMAIL PROTECTED] cat /etc/inetd.conf
ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l
-
I hope I've been verbose enough. Thank you!
--
http://www.home.no/reddvinylene
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf to block against DDoS?
On Mon, Sep 22, 2008 at 10:36 AM, Lars Noodén <[EMAIL PROTECTED]>wrote: > Redd Vinylene wrote: > >> ... > >> You can also use two tables so that the first overload gets shunted to a > >> slow queue and given a second chance before ending up in the second > >> table which gets blocked. > > ... > > Lars Noodin: Would you happen to have an example of that? > > Not really, here is an illustration of how it might be approached: > > > http://www-personal.umich.edu/~lars/PF/pf.ssh-2tables.conf<http://www-personal.umich.edu/%7Elars/PF/pf.ssh-2tables.conf> > > I expect that the last-rule-matched takes care of the decision. The > However, there might be some divergence between what I think it does and > what it really does. > > Another question is, in which cases is that useful? > > Regards > -Lars > This has been a very interesting example, Lars. Thanks a lot for sharing! As for your last question though, I think I know what you mean. It is to say, should a rapist really be given a second chance? -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf to block against DDoS?
> > > > From: Redd Vinylene <[EMAIL PROTECTED]>
> > > > To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> > > > Subject: pf to block against DDoS?
> > > > Date: Thursday, September 4, 2008 - 3:23 pm
> > > >
> > > > Hello hello!
> > > >
> > > > I was quite shocked today when I heard I could use pf to block
against DDoS
> > > > attacks, using Stateful Tracking Options,
> > > > http://www.openbsd.org/faq/pf/filter.html#stateopts.
> > > >
> > > > But does anybody have any nice setups of this they'd want to share?
> > > >
> > >
> > > From: Oliver Peter <[EMAIL PROTECTED]>
> > > To: Redd Vinylene <[EMAIL PROTECTED]>
> > > Cc: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> > > Subject: Re: pf to block against DDoS?
> > > Date: Thursday, September 4, 2008 - 4:20 pm
> > >
> > > ... nice cross-post.
> > >
> > > I can recommend reading through this as well:
> > > http://www.bgnett.no/~peter/pf/en/bruteforce.html
> > >
> > > --
> > > Oliver PETER, email: [EMAIL PROTECTED], ICQ# 113969174
> > > "If it feels good, you're doing something wrong."
> > > -- Coach McTavish
> > >
> >
> > From: Peter N. M. Hansteen <[EMAIL PROTECTED]>
> > To: Oliver Peter <[EMAIL PROTECTED]>
> > Cc: Redd Vinylene <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, <[EMAIL
> > PROTECTED]>
> > Subject: Re: pf to block against DDoS?
> > Date: Friday, September 5, 2008 - 1:54 am
> >
> > Thanks for recommending that! However I would generally recommend the
> > maintained version which is up at <http://home.nuug.no/~peter/pf/>
;,
> > with the direct link to the part about state tracking and bruteforcers
> > at <http://home.nuug.no/~peter/pf/en/bruteforce.html>;.
> >
> > (and of course there's the book, nudge, nudge)
> >
> > - P
> > --
> > Peter N. M. Hansteen, member of the first RFC 1149 implementation team
> > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
> > "Remember to set the evil bit on all malicious network traffic"
> >
> From: Lars Noodén <[EMAIL PROTECTED]>
> To: Oliver Peter <[EMAIL PROTECTED]>
> Cc: Redd Vinylene <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> Subject: Re: pf to block against DDoS?
> Date: Thursday, September 4, 2008 - 4:50 pm
>
> You can also use two tables so that the first overload gets shunted to a
> slow queue and given a second chance before ending up in the second
> table which gets blocked.
>
> -Lars
Sorry, _this_ is my webserver's pf.conf (the other one was my home
firewall's):
-
mad = "80.202.2.3"
doom = "{ 80.202.2.4 - 80.202.2.127 }"
ext_if = "rl0"
set block-policy return
set skip on { lo0 }
scrub in
table persist
pass out keep state
block in
block quick from
pass in on $ext_if inet proto tcp from any to any port 22 keep state
(max-src-conn 15, max-src-conn-rate 5/3, overload flush global)
pass in on $ext_if inet proto tcp from any to $mad port { 25, 53, 80, 110 }
keep state (max-src-conn 100, max-src-conn-rate 15/5, overload
flush global)
pass in on $ext_if inet proto udp from any to $mad port 53 keep state
pass in on $ext_if inet proto tcp from any to $doom port { 20, 21, 113,
6000: } keep state (max-src-conn 100, max-src-conn-rate 15/5, overload
flush global)
pass in on $ext_if inet proto icmp from any to any keep state
-
I hope the design adheres to: http://en.wikipedia.org/wiki/KISS_principle
--
http://www.home.no/reddvinylene
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf to block against DDoS?
> > > > From: Redd Vinylene <[EMAIL PROTECTED]>
> > > > To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> > > > Subject: pf to block against DDoS?
> > > > Date: Thursday, September 4, 2008 - 3:23 pm
> > > >
> > > > Hello hello!
> > > >
> > > > I was quite shocked today when I heard I could use pf to block
against DDoS
> > > > attacks, using Stateful Tracking Options,
> > > > http://www.openbsd.org/faq/pf/filter.html#stateopts.
> > > >
> > > > But does anybody have any nice setups of this they'd want to share?
> > > >
> > >
> > > From: Oliver Peter <[EMAIL PROTECTED]>
> > > To: Redd Vinylene <[EMAIL PROTECTED]>
> > > Cc: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> > > Subject: Re: pf to block against DDoS?
> > > Date: Thursday, September 4, 2008 - 4:20 pm
> > >
> > > ... nice cross-post.
> > >
> > > I can recommend reading through this as well:
> > > http://www.bgnett.no/~peter/pf/en/bruteforce.html
> > >
> > > --
> > > Oliver PETER, email: [EMAIL PROTECTED], ICQ# 113969174
> > > "If it feels good, you're doing something wrong."
> > > -- Coach McTavish
> > >
> >
> > From: Peter N. M. Hansteen <[EMAIL PROTECTED]>
> > To: Oliver Peter <[EMAIL PROTECTED]>
> > Cc: Redd Vinylene <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, <[EMAIL
> > PROTECTED]>
> > Subject: Re: pf to block against DDoS?
> > Date: Friday, September 5, 2008 - 1:54 am
> >
> > Thanks for recommending that! However I would generally recommend the
> > maintained version which is up at <http://home.nuug.no/~peter/pf/>
;,
> > with the direct link to the part about state tracking and bruteforcers
> > at <http://home.nuug.no/~peter/pf/en/bruteforce.html>;.
> >
> > (and of course there's the book, nudge, nudge)
> >
> > - P
> > --
> > Peter N. M. Hansteen, member of the first RFC 1149 implementation team
> > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
> > "Remember to set the evil bit on all malicious network traffic"
> >
> From: Lars Noodén <[EMAIL PROTECTED]>
> To: Oliver Peter <[EMAIL PROTECTED]>
> Cc: Redd Vinylene <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> Subject: Re: pf to block against DDoS?
> Date: Thursday, September 4, 2008 - 4:50 pm
>
> You can also use two tables so that the first overload gets shunted to a
> slow queue and given a second chance before ending up in the second
> table which gets blocked.
>
> -Lars
Much obliged to all y'all gentlemen for your valuable design insight.
Now, is there anything more I can do to secure my webserver from attacks? Or
perhaps my pf.conf can be simplified / beautified?
Peter N. M. Hansteen: Did I follow your tutorial correctly?
Lars Noodén: Would you happen to have an example of that?
My pf.conf now looks like this:
-
ext_if = "rl0"
int_if = "ep0"
set block-policy return
set skip on { lo0 }
scrub in
table persist
nat on $ext_if from $int_if:network to any -> ($ext_if)
rdr on $ext_if proto tcp from any to any port 3 -> 192.168.187.2 port
3
pass out keep state
pass quick on $int_if
block in
block quick from
pass in on $ext_if inet proto tcp from any to any port { 20, 21, 25, 53,
113, 3:35000 } keep state (max-src-conn 100, max-src-conn-rate 15/5,
overload flush global)
pass in on $ext_if inet proto tcp from any to any port 22 keep state
(max-src-conn 15, max-src-conn-rate 5/3, overload flush global)
pass in on $ext_if inet proto udp from any to any port 53 keep state
pass in on $ext_if inet proto icmp from any to any keep state
-
Have a great week! Cheers!
--
http://www.home.no/reddvinylene
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
pf to block against DDoS?
Hello hello! I was quite shocked today when I heard I could use pf to block against DDoS attacks, using Stateful Tracking Options, http://www.openbsd.org/faq/pf/filter.html#stateopts. But does anybody have any nice setups of this they'd want to share? Much obliged, and thanks. -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to test the uptime of a webserver?
On Thu, Sep 4, 2008 at 9:05 PM, Redd Vinylene <[EMAIL PROTECTED]>wrote: > On Thu, Sep 4, 2008 at 8:58 PM, Redd Vinylene <[EMAIL PROTECTED]>wrote: > >> >> On Sun, Aug 31, 2008 at 4:59 PM, Matthew Seaman < >> [EMAIL PROTECTED]> wrote: >> >>> Redd Vinylene wrote: >>> >>>> On Sun, Aug 31, 2008 at 2:22 AM, Moises Castellanos <[EMAIL PROTECTED]> >>>> wrote: >>>> >>>>> >>>>> On Sun, Aug 31, 2008 at 7:05 PM, Redd Vinylene <[EMAIL PROTECTED] >>>>> > >>>>> wrote: >>>>> >>>> >>> I got this dedicated server which is exposed to DDoS attacks quite >>>>>> frequently. Say I need to host a website on it, is there any way of >>>>>> telling how often it is actually online (to the rest of the world)? >>>>>> >>>>>> Maybe make some sort of ping script from a remote server? >>>>>> >>>>> >>> You can install nagios and monitor the web server. It will send you >>>>> an >>>>> email when >>>>> the server is down and when is up again. With this information you can >>>>> know >>>>> the uptime >>>>> of the web server. >>>>> >>>> >>> I'd have to install Nagios on a different server then, right? I doubt >>>> the actual server knows when its ISP's link drops (or just slows down) >>>> due to an attack. >>>> >>> >>> Not necessarily. You can install nagios on your web server and use it >>> to monitor a server at the other end of your wan link -- usually a >>> machine in your ISPs infrastructure[*] -- on the basis that if you can >>> get packets out, then other people can get packets in. The trick is to >>> monitor something that isn't too far away, or you'll end up monitoring the >>> availability of other people's networks, rather than your own. >>> >>> There's a lot more can be done than just monitoring connectivity by >>> sending ICMP ping packets every so often. There are any number of >>> ways a web server can go wrong -- processes can crash, critical disk >>> partitions can fill up, load spikes can overwhelm the machine's capacity. >>> You can develop a range of different nagios tests that should tell you >>> pretty much at a glance just what has gone wrong. Takes all the fun out >>> of diagnosing the problems perhaps, but it does mean you'll be back to >>> bed sooner when the pager goes off in the small hours. >>> >>>Cheers, >>> >>>Matthew >>> >>> [*] Some ISPs provide machines specifically for this purpose. >>> >>> -- >>> Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard >>> Flat 3 >>> PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate >>> Kent, CT11 9PW >>> >>> >> Thank you guys. I'm looking for the simplest solution though, like a >> simple oneliner, or a shell script. >> >> Anybody have an idea? >> >> -- >> http://www.home.no/reddvinylene >> > > I'll try to write a simple shell script and report back to y'all. > > -- > http://www.home.no/reddvinylene > Perfection is achieved, not when there's nothing left to add, but when there's nothing left to take away :) while sleep 555; do wget http:// -O /dev/null -t 1 || mail -s "" <<< "Host is down"; done -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to test the uptime of a webserver?
On Thu, Sep 4, 2008 at 8:58 PM, Redd Vinylene <[EMAIL PROTECTED]>wrote: > > On Sun, Aug 31, 2008 at 4:59 PM, Matthew Seaman < > [EMAIL PROTECTED]> wrote: > >> Redd Vinylene wrote: >> >>> On Sun, Aug 31, 2008 at 2:22 AM, Moises Castellanos <[EMAIL PROTECTED]> >>> wrote: >>> >>>> >>>> On Sun, Aug 31, 2008 at 7:05 PM, Redd Vinylene <[EMAIL PROTECTED]> >>>> wrote: >>>> >>> >> I got this dedicated server which is exposed to DDoS attacks quite >>>>> frequently. Say I need to host a website on it, is there any way of >>>>> telling how often it is actually online (to the rest of the world)? >>>>> >>>>> Maybe make some sort of ping script from a remote server? >>>>> >>>> >> You can install nagios and monitor the web server. It will send you an >>>> email when >>>> the server is down and when is up again. With this information you can >>>> know >>>> the uptime >>>> of the web server. >>>> >>> >> I'd have to install Nagios on a different server then, right? I doubt >>> the actual server knows when its ISP's link drops (or just slows down) >>> due to an attack. >>> >> >> Not necessarily. You can install nagios on your web server and use it >> to monitor a server at the other end of your wan link -- usually a >> machine in your ISPs infrastructure[*] -- on the basis that if you can get >> packets out, then other people can get packets in. The trick is to monitor >> something that isn't too far away, or you'll end up monitoring the >> availability of other people's networks, rather than your own. >> >> There's a lot more can be done than just monitoring connectivity by >> sending ICMP ping packets every so often. There are any number of >> ways a web server can go wrong -- processes can crash, critical disk >> partitions can fill up, load spikes can overwhelm the machine's capacity. >> You can develop a range of different nagios tests that should tell you >> pretty much at a glance just what has gone wrong. Takes all the fun out >> of diagnosing the problems perhaps, but it does mean you'll be back to >> bed sooner when the pager goes off in the small hours. >> >>Cheers, >> >>Matthew >> >> [*] Some ISPs provide machines specifically for this purpose. >> >> -- >> Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard >> Flat 3 >> PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate >> Kent, CT11 9PW >> >> > Thank you guys. I'm looking for the simplest solution though, like a simple > oneliner, or a shell script. > > Anybody have an idea? > > -- > http://www.home.no/reddvinylene > I'll try to write a simple shell script and report back to y'all. -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to test the uptime of a webserver?
On Sun, Aug 31, 2008 at 4:59 PM, Matthew Seaman < [EMAIL PROTECTED]> wrote: > Redd Vinylene wrote: > >> On Sun, Aug 31, 2008 at 2:22 AM, Moises Castellanos <[EMAIL PROTECTED]> >> wrote: >> >>> >>> On Sun, Aug 31, 2008 at 7:05 PM, Redd Vinylene <[EMAIL PROTECTED]> >>> wrote: >>> >> > I got this dedicated server which is exposed to DDoS attacks quite >>>> frequently. Say I need to host a website on it, is there any way of >>>> telling how often it is actually online (to the rest of the world)? >>>> >>>> Maybe make some sort of ping script from a remote server? >>>> >>> > You can install nagios and monitor the web server. It will send you an >>> email when >>> the server is down and when is up again. With this information you can >>> know >>> the uptime >>> of the web server. >>> >> > I'd have to install Nagios on a different server then, right? I doubt >> the actual server knows when its ISP's link drops (or just slows down) >> due to an attack. >> > > Not necessarily. You can install nagios on your web server and use it > to monitor a server at the other end of your wan link -- usually a > machine in your ISPs infrastructure[*] -- on the basis that if you can get > packets out, then other people can get packets in. The trick is to monitor > something that isn't too far away, or you'll end up monitoring the > availability of other people's networks, rather than your own. > > There's a lot more can be done than just monitoring connectivity by > sending ICMP ping packets every so often. There are any number of > ways a web server can go wrong -- processes can crash, critical disk > partitions can fill up, load spikes can overwhelm the machine's capacity. > You can develop a range of different nagios tests that should tell you > pretty much at a glance just what has gone wrong. Takes all the fun out > of diagnosing the problems perhaps, but it does mean you'll be back to > bed sooner when the pager goes off in the small hours. > >Cheers, > >Matthew > > [*] Some ISPs provide machines specifically for this purpose. > > -- > Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard > Flat 3 > PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate > Kent, CT11 9PW > > Thank you guys. I'm looking for the simplest solution though, like a simple oneliner, or a shell script. Anybody have an idea? -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to test the uptime of a webserver?
On Sun, Aug 31, 2008 at 2:22 AM, Moises Castellanos <[EMAIL PROTECTED]> wrote: > > > On Sun, Aug 31, 2008 at 7:05 PM, Redd Vinylene <[EMAIL PROTECTED]> > wrote: >> >> Hello hello! >> >> I got this dedicated server which is exposed to DDoS attacks quite >> frequently. Say I need to host a website on it, is there any way of >> telling how often it is actually online (to the rest of the world)? >> >> Maybe make some sort of ping script from a remote server? >> >> >> -- >> http://www.home.no/reddvinylene >> ___ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "[EMAIL PROTECTED]" > > >Hello, > > You can install nagios and monitor the web server. It will send you an > email when > the server is down and when is up again. With this information you can know > the uptime > of the web server. I'd have to install Nagios on a different server then, right? I doubt the actual server knows when its ISP's link drops (or just slows down) due to an attack. -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
How to test the uptime of a webserver?
Hello hello! I got this dedicated server which is exposed to DDoS attacks quite frequently. Say I need to host a website on it, is there any way of telling how often it is actually online (to the rest of the world)? Maybe make some sort of ping script from a remote server? -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: I can't make world without the "games" group?
> Ok, this may be a bug in the makefiles then. My apologies if you have > already written all that. I caught the email thread some time after it > started, and I replied while being offline on a trip. Welcome back, I hope you had a pleasant journey! > * Which branch/version of the source tree are you building? I was going from 7.0-RELEASE to 7.0-STABLE. > * How did you build everything? I put WITHOUT_GAMES="YES" in /etc/src.conf. > * What was the _exact_ error message you saw? I don't remember exactly what it said. But it was just the same as it's always been -- make world erroring out because group `games' doesn't exist. > I have just fired up a buildworld + buildkernel run of 8.0-CURRENT here, > to see if I can reproduce this. The build runs with: > ># export WITHOUT_GAMES=yes ># mv /usr/games /usr/games.old ># rm -fr /usr/src/games > > AFAIK, this should work fine, but I will have to wait a bit for the > build to finish and report back. I'll post my results in a couple of > hours, because that's roughly how long it takes for my laptop to go > through a full build & install run. Cool. I appreciate that! >> I don't see why the FreeBSD team has to insist on keeping this, pardon >> my language, bullshit. If some sorry guy actually needs this, why >> can't he load it as a module, or install a port? > > Insist on keeping what? The fortune cookies and `/usr/src/games'? And all the other old stuff you can disable in in src.conf. > This is one of the nice quotes of Antoine de Saint Exupery, but in our > case perfection is also achieved when FreeBSD empowers you to choose the > bits that _you_ want to keep. I'm not entirely sure I understand what you're saying here, but it's certainly not related to what Mr. Exupery was saying. You can't sell someone a new car full of obsolete parts, saying "now you have the freedom to choose what parts _you_ want to keep", that's just ridiculous. Next thing you know the person will die in a car crash. Let me give you another quote. I trust you'll be able to track down the author for this one as well: "Vigorous writing is concise. A sentence should contain no unnecessary words, a paragraph no unnecessary sentences, for the same reason that a drawing should have no unnecessary lines and a machine no unnecessary parts. This requires not that the writer make all his sentences short, or that he avoid all detail and treat his subjects only in outline, but that every word tell." I understand you're saying that people are free to pick apart excess weight from their systems. But only a small percentage actually needs this excess weight. So wouldn't it be better to take it out, and instead, give the ones who need it the freedom put it back in? > We also understand that it is often very difficult, even outright > impossible to satisfy _everyone_ with one flavor of beer, so we try to > give everyone a BSD flavored brew that seems to have worked nicely for a > lot of people and all the tools to build your own custom flavor. Alcohol is bad for your health. >> I worry slightly as I watch FreeBSD become bigger and bigger, fearing >> that some day it'll all come tumbling down! > > Well, there's a very good way to avoid this. You can *help* us keep BSD > in shape. Reports about bugs, problems and issues like the one you are > reporting in this thread are an _excellent_ way to do that. > > If nobody reports a bug, then it won't get solved... By reporting it > and helping us track it down, find the fix and commit it to the source > tree you are doing everyone (including the FreeBSD Project and yourself) > a great service :-) I appreciate the invitation. I hope I'll be able to devote large parts of my life to the improvement of FreeBSD. > > Cheers, > Giorgos > > -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: I can't make world without the "games" group?
On Sat, Aug 23, 2008 at 10:14 AM, Giorgos Keramidas <[EMAIL PROTECTED]> wrote: > On Fri, 1 Aug 2008 17:31:22 +0200, "Redd Vinylene" <[EMAIL PROTECTED]> wrote: >> Why can't I make world without the "games" group? I run a serious >> server, not a kindergarten ;) >> >> I don't want the games group there, I just don't need it! > > Have you tried building with an src.conf file that includes: > >WITHOUT_GAMES='yes' > > It' not a matter of `kindergarten or not', but a matter of providing a > predictable `base system' by default and all the knob and documentation > to customize it at will. That's why you can find a lot of customization > options in the manpage of src.conf(5). > > For example, on a `production server' that is a bit limited in space, > and doesn't really need compilers, debuggers, profiling tools, or three > different firewalls, I would probably build with: > >WITHOUT_CVS=yes >WITHOUT_GAMES='yes' >WITHOUT_GCOV=yes >WITHOUT_GDB=yes >WITHOUT_IPFILTER=yes >WITHOUT_IPX=yes >WITHOUT_OBJC=yes >WITHOUT_PROFILE=yes >WITHOUT_SHAREDOCS=yes > > I would also use WITHOUT_TOOLCHAIN=yes during `make installworld' runs, > to skip installing all the gcc, g++ and debugger tools. > > The default `base system' still installs all these parts, but you are > definitely *not* obliged to always install all of them. > > - Giorgos > > Hello hello! Yeah I actually tried that, but I got the same error. I don't see why the FreeBSD team has to insist on keeping this, pardon my language, bullshit. If some sorry guy actually needs this, why can't he load it as a module, or install a port? To quote some Frenchman: "Perfection is achieved, not when there's nothing left to add, but when there's nothing left to take away." I worry slightly as I watch FreeBSD become bigger and bigger, fearing that some day it'll all come tumbling down! -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
How to best communicate with my users
Hello hello! Pardon me for asking such a simple questions, but what is the best way of 1) messaging offline users on my system? No e-mail please, I want something more concrete, something displayed immediately upon login, no need to go via a third party app. 2) talking to users logged onto my system? I find ntalk too frustrating, and ytalk too ASCII artsy. Anything else out there under the sun? Much obliged, ladies and gentlemen. Redd -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to stop my services from trying to bind to IPv6?
I just don't want my logs filling up with useless error messages ;) Thanks! On Mon, Aug 11, 2008 at 3:42 PM, Curt Micol <[EMAIL PROTECTED]> wrote: > On Mon, Aug 11, 2008 at 9:38 AM, Redd Vinylene <[EMAIL PROTECTED]> wrote: >> I use the default sshd config file, I'd rather not maintain one. >> >> As for my named.conf, I haven't enabled no IPv6 setting there either. >> >> Perhaps an ipv6_enable="NO" in rc.conf will do the trick? >> >> Honestly though, shouldn't FreeBSD assume I don't use IPv6 unless I >> tell it that I do? > > Nope, quite the opposite. IPv6 is in a lot of services, and keeping > it on is a good idea (at least imho). In rc.conf you can set many > *_flags to listen on IPv4. For example: > > sshd_flags="-4" > > You could also simply block all traffic on IPv6 (in pf): > block all inet6 > > HTH, > > -- > # Curt Micol > -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to stop my services from trying to bind to IPv6?
I use the default sshd config file, I'd rather not maintain one. As for my named.conf, I haven't enabled no IPv6 setting there either. Perhaps an ipv6_enable="NO" in rc.conf will do the trick? Honestly though, shouldn't FreeBSD assume I don't use IPv6 unless I tell it that I do? On Mon, Aug 11, 2008 at 3:36 PM, Robert Huff <[EMAIL PROTECTED]> wrote: > Redd Vinylene writes: > > >> I haven't enabled IPv6, yet many of my processes are trying to bind to it. >> >> Aug 11 16:19:13 camel named[1562]: couldn't add command channel >> ::1#953: socket already bound >> Aug 11 16:19:20 camel sshd[1757]: error: Bind to port 22 on :: failed: >> Invalid argument. >> >> Is there an easy way to stop these services from trying to bind to >> IPv6, other than explicitly telling each and every one not to do so? > >In both cases, the first place to check would be the config > files. > > >Robert Huff > > -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
How to stop my services from trying to bind to IPv6?
Hello-hello! I haven't enabled IPv6, yet many of my processes are trying to bind to it. Aug 11 16:19:13 camel named[1562]: couldn't add command channel ::1#953: socket already bound Aug 11 16:19:20 camel sshd[1757]: error: Bind to port 22 on :: failed: Invalid argument. Is there an easy way to stop these services from trying to bind to IPv6, other than explicitly telling each and every one not to do so? Thanks! -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: BIND won't resolve my IPs (not upstream or something?)
I'm pretty sure I do, though my apologies if I'm wrong, did you check my pastie? On Sat, Aug 9, 2008 at 1:48 PM, Derek Ragona <[EMAIL PROTECTED]> wrote: > At 05:41 AM 8/9/2008, Redd Vinylene wrote: > > I got this FreeBSD server called mother (80.252.2.2). On it, I've made > two jails, camel (80.252.2.3) and box (80.252.2.4 through to > 80.252.2.127). The problem is that reverse lookups for any of the IPs > preceding .4 on box fails. If I connect to IRC with .5 for instance, > it times out and reverts back to .4, whose lookup works just fine. > BIND runs on camel. Maybe the problem is that BIND is not upstream for > all those IPs? (I don't know what that means, a friend just told me) > Or that I haven't configured the reverse for any of the other IPs? I > would really like to keep BIND running on camel, as its dedicated to > all my vital network services, whereas box is the home of all my > users, and thus expendable ;) Is there any way to modify BIND on > camel, or must I set up an additional one on box? My (hopefully) > relevant configuration files can be found here -- > http://pastie.org/250469 -- much obliged, and thanks! > > You need to check that you have zone files for both forward and reverse > lookups, and those zones are defined in named.conf > > -Derek > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: BIND won't resolve my IPs (not upstream or something?)
Maybe mother's /etc/pf.conf could also be of relevance?
-
camel="80.252.2.3"
box="80.252.2.4"
ext_if="rl0"
set block-policy return
set skip on { lo0 }
scrub in
pass out keep state
block in
pass in on $ext_if inet proto tcp from any to any port { 22 } keep state
pass in on $ext_if inet proto tcp from any to $camel port { 25, 80,
110 } keep state
pass in on $ext_if inet proto udp from any to $camel port 53 keep state
pass in on $ext_if inet proto tcp from any to $box port { 113,
6000: } keep state
pass in on $ext_if inet proto icmp from any to any keep state
-
Thanks.
On Sat, Aug 9, 2008 at 12:41 PM, Redd Vinylene <[EMAIL PROTECTED]> wrote:
> I got this FreeBSD server called mother (80.252.2.2). On it, I've made
> two jails, camel (80.252.2.3) and box (80.252.2.4 through to
> 80.252.2.127). The problem is that reverse lookups for any of the IPs
> preceding .4 on box fails. If I connect to IRC with .5 for instance,
> it times out and reverts back to .4, whose lookup works just fine.
> BIND runs on camel. Maybe the problem is that BIND is not upstream for
> all those IPs? (I don't know what that means, a friend just told me)
> Or that I haven't configured the reverse for any of the other IPs? I
> would really like to keep BIND running on camel, as its dedicated to
> all my vital network services, whereas box is the home of all my
> users, and thus expendable ;) Is there any way to modify BIND on
> camel, or must I set up an additional one on box? My (hopefully)
> relevant configuration files can be found here --
> http://pastie.org/250469 -- much obliged, and thanks!
>
> --
> http://www.home.no/reddvinylene
>
--
http://www.home.no/reddvinylene
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
BIND won't resolve my IPs (not upstream or something?)
I got this FreeBSD server called mother (80.252.2.2). On it, I've made two jails, camel (80.252.2.3) and box (80.252.2.4 through to 80.252.2.127). The problem is that reverse lookups for any of the IPs preceding .4 on box fails. If I connect to IRC with .5 for instance, it times out and reverts back to .4, whose lookup works just fine. BIND runs on camel. Maybe the problem is that BIND is not upstream for all those IPs? (I don't know what that means, a friend just told me) Or that I haven't configured the reverse for any of the other IPs? I would really like to keep BIND running on camel, as its dedicated to all my vital network services, whereas box is the home of all my users, and thus expendable ;) Is there any way to modify BIND on camel, or must I set up an additional one on box? My (hopefully) relevant configuration files can be found here -- http://pastie.org/250469 -- much obliged, and thanks! -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
identd on jail with multiple IPs
Greetings! I cannot seem to make identd work on a jail with multiple IPs (Bjoern Zeeb's patch): jail # cat /etc/inetd.conf auth stream tcp nowait root internal auth -r -f -n -o UNKNOWN -t 30 - jail # grep inetd /etc/rc.conf inetd_enable="YES" - host # grep jail /etc/rc.conf jail_enable="YES" jail_list="box" jail_box_ip="80.252.2.4,80.252.2.5,80.252.2.6,80.252.2.7,80.252.2.8,80.252.2.9,80.252.2.10,80.252.2.11,80.252.2.12,80.252.2.13,80.252.2.14,80.252.2.15,80.252.2.16,80.252.2.17,80.252.2.18,80.252.2.19,80.252.2.20,80.252.2.21,80.252.2.22,80.252.2.23,80.252.2.24,80.252.2.25,80.252.2.26,80.252.2.27,80.252.2.28,80.252.2.29,80.252.2.30,80.252.2.31,80.252.2.32,80.252.2.33,80.252.2.34,80.252.2.35,80.252.2.36,80.252.2.37,80.252.2.38,80.252.2.39,80.252.2.40,80.252.2.41,80.252.2.42,80.252.2.43,80.252.2.44,80.252.2.45,80.252.2.46,80.252.2.47,80.252.2.48,80.252.2.49,80.252.2.50,80.252.2.51,80.252.2.52,80.252.2.53,80.252.2.54,80.252.2.55,80.252.2.56,80.252.2.57,80.252.2.58,80.252.2.59,80.252.2.60,80.252.2.61,80.252.2.62,80.252.2.63,80.252.2.64,80.252.2.65,80.252.2.80,80.252.2.67,80.252.2.68,80.252.2.69,80.252.2.70,80.252.2.71,80.252.2.72,80.252.2.73,80.252.2.74,80.252.2.75,80.252.2.76,80.252.2.77,80.252.2.78,80.252.2.79,80.252.2.80,80.252.2.81,80.252.2.82,80.252.2.83,80.252.2.84,80.252.2.85,80.252.2.86,80.252.2.87,80.252.2.88,80.252.2.89,80.252.2.90,80.252.2.91,80.252.2.92,80.252.2.93,80.252.2.94,80.252.2.95,80.252.2.96,80.252.2.97,80.252.2.98,80.252.2.99,80.252.2.100,80.252.2.101,80.252.2.102,80.252.2.103,80.252.2.104,80.252.2.105,80.252.2.106,80.252.2.107,80.252.2.108,80.252.2.109,80.252.2.110,80.252.2.111,80.252.2.112,80.252.2.113,80.252.2.114,80.252.2.115,80.252.2.116,80.252.2.117,80.252.2.118,80.252.2.119,80.252.2.120,80.252.2.121,80.252.2.122,80.252.2.123,80.252.2.124,80.252.2.125,80.252.2.126,80.252.2.127" jail_box_rootdir="/usr/jail/box" jail_box_hostname="box.fox-host.net" jail_box_devfs_enable="YES" jail_box_devfs_ruleset="devfsrules_jail" - It worked when I had just one IP in jail_box_ip. Is there a way to make auth listen to all my IPs, or should I switch to oidentd or pidentd? Many thanks! -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Jails, IPs and identd
On Tue, Aug 5, 2008 at 6:02 PM, <[EMAIL PROTECTED]> wrote: > ah - above my pay grade. > > On Tue, 5 Aug 2008, Redd Vinylene wrote: > >> Yeah but I'm using Bjoern Zeeb's multiple IP patch... >> >> On Tue, Aug 5, 2008 at 4:43 PM, doug <[EMAIL PROTECTED]> wrote: >>> >>> >>> On Tue, 5 Aug 2008, Redd Vinylene wrote: >>> >>>> Hello! >>>> >>>> I have a jail with multiple IPs. It runs identd, however it only works >>>> from the jail's main IP: >>>> >>>> auth stream tcp nowait root internal auth -r -f -n -o UNKNOWN -t 30 >>>> >>>> How do I make it work from absolutely all IPs? >>>> >>>> Perhaps: auth stream tcp nowait root internal auth -r -f -n -o UNKNOWN >>>> -t 30 -a ? >>>> >>>> Thank you all! >>>> >>>> # man identd >>>> >>>> -a Specify one specific IP address to bind to. Alternatively, a >>>> hostname can be specified, in which case the IPv4 or IPv6 >>>> address >>>> which corresponds to that hostname is used. Usually a >>>> hostname >>>> is specified when inetd is run inside a jail(8), in which case >>>> the hostname corresponds to that of the jail(8) environment. >>>> >>>> When the hostname specification is used and both IPv4 and IPv6 >>>> bindings are desired, one entry with the appropriate protocol >>>> type for each binding is required for each service in >>>> /etc/inetd.conf. For example, a TCP-based service would need >>>> two >>>> entries, one using ``tcp4'' for the protocol and the other >>>> using >>>> ``tcp6''. See the explanation of the /etc/inetd.conf protocol >>>> field below. >>>> >>> It is my understanding you get one IP/jail and that multiple IPs are a >>> work >>> in progress. See >>> >>> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-intro.html >>> >>> A jail is characterized by four elements: >>> : >>> * An IP address -- this will be assigned to the jail and cannot be >>> changed >>> in >>> any way during the jail's life span. The IP address of a jail is usually >>> an >>> alias address for an existing network interface, but this is not >>> strictly >>> necessary. >>> >>> >>> >> >> >> >> -- >> http://www.home.no/reddvinylene >> > > _ > Douglas Denault > http://www.safeport.com > [EMAIL PROTECTED] > Voice: 301-469-8766 > Fax: 301-469-0601 > heheh.. no worries. i think im better off asking this on the freebsd-jails mailinglist anyhow. have a great day! -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Jails, IPs and identd
Yeah but I'm using Bjoern Zeeb's multiple IP patch... On Tue, Aug 5, 2008 at 4:43 PM, doug <[EMAIL PROTECTED]> wrote: > > > On Tue, 5 Aug 2008, Redd Vinylene wrote: > >> Hello! >> >> I have a jail with multiple IPs. It runs identd, however it only works >> from the jail's main IP: >> >> auth stream tcp nowait root internal auth -r -f -n -o UNKNOWN -t 30 >> >> How do I make it work from absolutely all IPs? >> >> Perhaps: auth stream tcp nowait root internal auth -r -f -n -o UNKNOWN >> -t 30 -a ? >> >> Thank you all! >> >> # man identd >> >>-a Specify one specific IP address to bind to. Alternatively, a >>hostname can be specified, in which case the IPv4 or IPv6 >> address >>which corresponds to that hostname is used. Usually a hostname >>is specified when inetd is run inside a jail(8), in which case >>the hostname corresponds to that of the jail(8) environment. >> >>When the hostname specification is used and both IPv4 and IPv6 >>bindings are desired, one entry with the appropriate protocol >>type for each binding is required for each service in >>/etc/inetd.conf. For example, a TCP-based service would need >> two >>entries, one using ``tcp4'' for the protocol and the other >> using >>``tcp6''. See the explanation of the /etc/inetd.conf protocol >>field below. >> > It is my understanding you get one IP/jail and that multiple IPs are a work > in progress. See > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-intro.html > > A jail is characterized by four elements: > : > * An IP address -- this will be assigned to the jail and cannot be changed > in > any way during the jail's life span. The IP address of a jail is usually an > alias address for an existing network interface, but this is not strictly > necessary. > > > -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Jails, IPs and identd
Hello! I have a jail with multiple IPs. It runs identd, however it only works from the jail's main IP: auth stream tcp nowait root internal auth -r -f -n -o UNKNOWN -t 30 How do I make it work from absolutely all IPs? Perhaps: auth stream tcp nowait root internal auth -r -f -n -o UNKNOWN -t 30 -a ? Thank you all! # man identd -a Specify one specific IP address to bind to. Alternatively, a hostname can be specified, in which case the IPv4 or IPv6 address which corresponds to that hostname is used. Usually a hostname is specified when inetd is run inside a jail(8), in which case the hostname corresponds to that of the jail(8) environment. When the hostname specification is used and both IPv4 and IPv6 bindings are desired, one entry with the appropriate protocol type for each binding is required for each service in /etc/inetd.conf. For example, a TCP-based service would need two entries, one using ``tcp4'' for the protocol and the other using ``tcp6''. See the explanation of the /etc/inetd.conf protocol field below. -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Did a makeworld now my jails won't start!! Uh oh..
I tried changing "camel_ruleset" and "box_ruleset" to "devfsrules_jail" in rc.conf, it got rid of the "devfs_set_ruleset: you must specify a ruleset number" but whenever I try to SSH into one of my jails I seem to have logged onto the main system. I'm confused :( On Sat, Aug 2, 2008 at 10:34 PM, Redd Vinylene <[EMAIL PROTECTED]> wrote: > Greetings, i just did a makeworld of my main system and both my jails > (http://pastie.org/246273) but now my jails won't run. i get > > Starting jails:/etc/rc.d/jail: WARNING: devfs_set_ruleset: you must > specify a ruleset number > devfs rule: ioctl DEVFSIO_SAPPLY: No such process > > here's my main system's rc.conf http://pastie.org/246272 > > thanks! > > -- > http://www.home.no/reddvinylene > -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Did a makeworld now my jails won't start!! Uh oh..
Greetings, i just did a makeworld of my main system and both my jails (http://pastie.org/246273) but now my jails won't run. i get Starting jails:/etc/rc.d/jail: WARNING: devfs_set_ruleset: you must specify a ruleset number devfs rule: ioctl DEVFSIO_SAPPLY: No such process here's my main system's rc.conf http://pastie.org/246272 thanks! -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: jail_box_ip=""
Actually: jail_box_ip=$( jot -w "66.252.2.%d" -s "," 124 4 ) gives me: Aug 2 20:10:50 mother root: /etc/rc: WARNING: devfs_set_ruleset: you must specify a ruleset number Aug 2 20:10:58 mother root: /etc/rc: ERROR: jail: No IP address has been defined for box On Sat, Aug 2, 2008 at 9:16 PM, Lars Kristiansen <[EMAIL PROTECTED]> wrote: > Redd Vinylene skrev: >> >> Can something similar be used for my >> >> ifconfig_rl0_aliasN="inet 66.252.2.N netmask 255.255.255.255" >> >> as well? >> > > This is not as elegant, but may help in a similar way: > > alia=-1; > while [ "$alia" -lt '123' ] ; do > alia=$(($alia+1)) ; > ips=$(($alia+4)) ; > echo "ifconfig_rl0_alias$alia=\"inet 66.252.2.$ips netmask > 255.255.255.255\"" ; > done > > > Regards > Lars, > arbeidsøkende, Oslo > > >> On Sat, Aug 2, 2008 at 8:07 PM, Redd Vinylene <[EMAIL PROTECTED]> >> wrote: >>> >>> jail_box_ip=$( jot -w "66.252.2.%d" -s "," 124 4 ) >>> >>> What a gorgeous solution ;) >>> >>> Thanks man! >>> >>> On Sat, Aug 2, 2008 at 7:37 PM, Matthew Seaman >>> <[EMAIL PROTECTED]> wrote: >>>> >>>> Redd Vinylene wrote: >>>>> >>>>> Hey, I got a couple of hundred IPs, is there an easy way to add them >>>>> all to jail_box_ip="ip1,ip2,ip3" without making like the longest line >>>>> ever? >>>>> >>>>> Like this? >>>>> >>>>> jail_box_ip="66.252.2.4,\ >>>>> 66.252.2.5,\ >>>>> 66.252.2.6,\ >>>>> >>>>> Unfortunately that doesn't look too good. >>>>> >>>>> Nor does: >>>>> >>>>> export x=$(cat ips);export jail_ips=''; for ip in $x; do export >>>>> jail_ips="$jail_ips,$ip"; done; export jail_ips=$(echo $jail_ips | sed >>>>> s/,$/''/ | sed s/^,//); >>>>> >>>>> Is there a more beautiful alternative? >>>> >>>> /etc/rc.conf is just /bin/sh code. All you need to do is set >>>> the variables -- usually by assigning a static string, but you >>>> can use whatever constructs you want. Well - within reason. Making >>>> something as critical as the system boot process depend on a bunch of >>>> other files or processes is not a good idea on the whole. >>>> >>>> You can include multi-line whitespace in the variables by using single >>>> quotes: >>>> >>>> jail_box_ip='66.252.2.4, >>>>66.252.2.5, >>>>66.252.2.6, >>>> 66.252.2.7' >>>> >>>> Assuming that the init script that processes this data isn't phased >>>> by the inclusion of a bit of whitespace. >>>> >>>> Or you can generate the required numbers, assuming they are >>>> consecutive: >>>> >>>> jail_box_ip=$( jot -w "66.252.2.%d" -s "," 5 4 ) >>>> >>>> Cheers, >>>> >>>> Matthew >>>> >>>> -- >>>> Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard >>>>Flat 3 >>>> PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate >>>>Kent, CT11 9PW >>>> >>>> >>> >>> >>> -- >>> http://www.home.no/reddvinylene >>> >> >> >> > > -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Reducing 124 ifconfig lines in rc.conf to just 1
On Sat, Aug 2, 2008 at 9:24 PM, Polytropon <[EMAIL PROTECTED]> wrote:
> Hi!
>
> On Sat, 2 Aug 2008 21:11:47 +0200, "Redd Vinylene" <[EMAIL PROTECTED]> wrote:
>> Greetings!
>>
>> I got 124 ifconfig lines going from ifconfig_rl0_alias0="inet
>> 80.252.2.3 netmask 255.255.255.255" to ifconfig_rl0_alias124="inet
>> 80.252.2.127 netmask 255.255.255.255".
>>
>> Is it possible reducing it all to just 1 line using a for loop or jot
>> or something?
>
> I'm thinking of a "two stage procedure" that can be implemented
> well with /etc/rc.conf. Stupid idea, I know, but it should work,
> allthough you could make it more tidy:
>
> # First create /etc/ifconfig.conf if not already there
> if [ ! -f /etc/ifconfig.conf ]; then
>echo "#!/bin/sh" > /etc/ifconfig.conf
>ALIAS=0
>while [ ${ALIAS} -lt 125 ]; do
>echo 'ifconfig_rl0_alias${ALIAS}="inet 80.252.2.`expr ${ALIAS}
> + 4` netmask 255.255.255.255" >> /etc/ifconfig.conf
>ALIAS=`expr ${ALIAS} + 1`
>done
> fi
>
> # Now source it into /etc/rc.conf
> . /etc/ifconfig.conf
>
> # Done.
>
>
> --
> Polytropon
> From Magdeburg, Germany
> Happy FreeBSD user since 4.0
> Andra moi ennepe, Mousa, ...
>
That will probably work. Looks a bit messy though, I'll use it if
nobody else knows of a simpler solution.
Thanks!
--
http://www.home.no/reddvinylene
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Reducing 124 ifconfig lines in rc.conf to just 1
Cool! But isn't that to define the entire class? In my case it's just *.3 to *.127, do you mean I can just ifconfig_rl0_aliases="inet 80.252.2.3/127 netmask 255.255.255.255" or something? Probably not but worth a try ;) On Sat, Aug 2, 2008 at 9:44 PM, Robert Huff <[EMAIL PROTECTED]> wrote: > > Redd Vinylene writes: > >> I got 124 ifconfig lines going from ifconfig_rl0_alias0="inet >> 80.252.2.3 netmask 255.255.255.255" to ifconfig_rl0_alias124="inet >> 80.252.2.127 netmask 255.255.255.255". >> >> Is it possible reducing it all to just 1 line using a for loop or jot >> or something? > >Have you examined CIDR notation? ifconfig supports it. > > >Robert Huff > > -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: The best way to upgrade my FreeBSD and its jails
Sorry,
JAILS=/usr/jail
for jail in $JAILS/*; do
mergemaster -p -D $jail
make installworld delete-old delete-old-libs DESTDIR=$jail
mergemaster -i -U -D $jail
done
:)
On Sat, Aug 2, 2008 at 9:55 PM, Redd Vinylene <[EMAIL PROTECTED]> wrote:
> Sorry,
>
> JAILS=/usr/jail
>
> for jail in $JAILS/*; do
>
> mergemaster -p -D $jail
>
> make installworld delete-old delete-old-libs DESTDIR=$jail
>
> mergemaster -i -U -D $jail
>
> done
>
> :)
>
> On Sat, Aug 2, 2008 at 4:26 PM, Redd Vinylene <[EMAIL PROTECTED]> wrote:
>> Slight improvement, set -e replaces all the && \:
>>
>> -
>>
>> # FreeBSD/i386 mother.naoshige.net
>>
>> set -e
>>
>> csup /etc/cvsupfile
>>
>> cd /usr/src
>>
>> make buildworld buildkernel
>>
>> mergemaster -p
>>
>> make installworld installkernel delete-old delete-old-libs
>>
>> mergemaster -i -U
>>
>> JAILS=/usr/local/jails
>>
>> for jail in $JAILS/*; do
>>
>> mergemaster -p -D $JAILS/$jail
>>
>> make installworld delete-old delete-old-libs DESTDIR=$JAILS/$jail
>>
>> mergemaster -i -U -D $JAILS/$jail
>>
>> done
>>
>> chflags -R noschg /usr/obj/*
>>
>> rm -rf /usr/obj/*
>>
>> -
>>
>> Peace!
>>
>> On Sat, Aug 2, 2008 at 12:03 PM, Redd Vinylene <[EMAIL PROTECTED]> wrote:
>>> Thanks a lot guys for your great design insight!
>>>
>>> I hope others will find this thread interesting as well. Here's the
>>> final upgrade script I decided to use (my shell is zsh):
>>>
>>> -
>>>
>>> # FreeBSD/i386 mother.naoshige.net
>>>
>>> csup /etc/cvsupfile
>>>
>>> cd /usr/src
>>>
>>> make buildworld buildkernel && \
>>>
>>> mergemaster -p && \
>>>
>>> make installworld installkernel delete-old delete-old-libs && \
>>>
>>> mergemaster -i -U && \
>>>
>>> JAILS=/usr/local/jails
>>>
>>> cd /usr/src
>>>
>>> for jail in $JAILS/*; do
>>>
>>> mergemaster -p -D $JAILS/$jail && \
>>>
>>> make installworld delete-old delete-old-libs DESTDIR=$JAILS/$jail && \
>>>
>>> mergemaster -i -U -D $JAILS/$jail && \
>>>
>>> done
>>>
>>> chflags -R noschg /usr/obj/*
>>>
>>> rm -rf /usr/obj/*
>>>
>>> -
>>>
>>> Much obliged!
>>>
>>> On Sat, Aug 2, 2008 at 9:28 AM, Miroslav Lachman <[EMAIL PROTECTED]> wrote:
>>>> Mikhail Goriachev wrote:
>>>>>
>>>>> Redd Vinylene wrote:
>>>>>
>>>>>> My dedicated server is mother, its two jails are camel and box. Is
>>>>>> this the best way to upgrade all of them?
>>>>>
>>>>>
>>>>> We probably should keep this to freebsd-jail@ only.
>>>>>
>>>>> Had a look at http://pastie.org/245821 and have a few notes for you:
>>>>>
>>>>> 1.- As Miroslav already mentioned - it is not a good idea to daisy chain
>>>>> everything. You should break the procedure into two steps. Firstly upgrade
>>>>> the host and make sure the upgrade went well. Once you're certain that
>>>>> everything is ok, then proceed upgrading jails.
>>>>>
>>>>> I personally disable jails (jail_enable="NO"), then reboot (to avoid any
>>>>> zombie jails), perform upgrade on all jails and then enable them back on.
>>>>>
>>>>> 2.- Your upgrading sequence is a bit off. Have a look at /usr/src/Makefile
>>>>> for further details and correct sequence:
>>>>>
>>>>> # make buildworld
>>>>> # make buildkernel
>>>>> # make installkernel
>>>>> # reboot
>>>>> # mergemaster -p
>>>>> # make installworld
>>>>> # make delete-old
>>>>> # mergemaster
>>>>> # reboot
>>>>> # make delete-old-libs
>>>>>
>>>>> 3.- You don't need kernels inside your jails. Having them won't hurt you,
>>>>> but they consume space. In other words, you shouldn't execute the
>>>>> following
>>>>> (or similar):
>>>>>
>>>>> # make DESTDIR=$D installkernel
>>>>>
>>>>> 4.- The "make distribution DESTDIR=$D" should be executed only once - when
>>>>> a jail is created. Otherwise you're nuking your configurations in jail's
>>>>> /etc and probably somewhere else.
>>>>
>>>> One thing to note - If you do delete-old delete-old-libs you probably need
>>>> to recompile all installed ports because of lib dependencies.
>>>>
>>>>> Have a go at this, you might find some use for it:
>>>>>
>>>>> ---
>>>>> JAILSDIR=/usr/local/jails
>>>>>
>>>>> cd /usr/src
>>>>>
>>>>> for jail in `ls ${JAILSDIR}`; do
>>>>>mergemaster -pD ${JAILSDIR}/${jail}
>>>>>make installworld DESTDIR=${JAILSDIR}/${jail}
>>>>>mergemaster -iD ${JAILSDIR}/${jail}
>>>>> done
>>>>> ---
>>>>
>>>
>>
>
>
>
> --
> http://www.home.no/reddvinylene
>
--
http://www.home.no/reddvinylene
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Reducing 124 ifconfig lines in rc.conf to just 1
Greetings! I got 124 ifconfig lines going from ifconfig_rl0_alias0="inet 80.252.2.3 netmask 255.255.255.255" to ifconfig_rl0_alias124="inet 80.252.2.127 netmask 255.255.255.255". Is it possible reducing it all to just 1 line using a for loop or jot or something? -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: jail_box_ip=""
Can something similar be used for my ifconfig_rl0_aliasN="inet 66.252.2.N netmask 255.255.255.255" as well? On Sat, Aug 2, 2008 at 8:07 PM, Redd Vinylene <[EMAIL PROTECTED]> wrote: > jail_box_ip=$( jot -w "66.252.2.%d" -s "," 124 4 ) > > What a gorgeous solution ;) > > Thanks man! > > On Sat, Aug 2, 2008 at 7:37 PM, Matthew Seaman > <[EMAIL PROTECTED]> wrote: >> Redd Vinylene wrote: >>> >>> Hey, I got a couple of hundred IPs, is there an easy way to add them >>> all to jail_box_ip="ip1,ip2,ip3" without making like the longest line >>> ever? >>> >>> Like this? >>> >>> jail_box_ip="66.252.2.4,\ >>> 66.252.2.5,\ >>> 66.252.2.6,\ >>> >>> Unfortunately that doesn't look too good. >>> >>> Nor does: >>> >>> export x=$(cat ips);export jail_ips=''; for ip in $x; do export >>> jail_ips="$jail_ips,$ip"; done; export jail_ips=$(echo $jail_ips | sed >>> s/,$/''/ | sed s/^,//); >>> >>> Is there a more beautiful alternative? >> >> /etc/rc.conf is just /bin/sh code. All you need to do is set >> the variables -- usually by assigning a static string, but you >> can use whatever constructs you want. Well - within reason. Making >> something as critical as the system boot process depend on a bunch of >> other files or processes is not a good idea on the whole. >> >> You can include multi-line whitespace in the variables by using single >> quotes: >> >> jail_box_ip='66.252.2.4, >> 66.252.2.5, >> 66.252.2.6, >>66.252.2.7' >> >> Assuming that the init script that processes this data isn't phased >> by the inclusion of a bit of whitespace. >> >> Or you can generate the required numbers, assuming they are >> consecutive: >> >> jail_box_ip=$( jot -w "66.252.2.%d" -s "," 5 4 ) >> >>Cheers, >> >>Matthew >> >> -- >> Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard >> Flat 3 >> PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate >> Kent, CT11 9PW >> >> > > > > -- > http://www.home.no/reddvinylene > -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: jail_box_ip=""
jail_box_ip=$( jot -w "66.252.2.%d" -s "," 124 4 ) What a gorgeous solution ;) Thanks man! On Sat, Aug 2, 2008 at 7:37 PM, Matthew Seaman <[EMAIL PROTECTED]> wrote: > Redd Vinylene wrote: >> >> Hey, I got a couple of hundred IPs, is there an easy way to add them >> all to jail_box_ip="ip1,ip2,ip3" without making like the longest line >> ever? >> >> Like this? >> >> jail_box_ip="66.252.2.4,\ >> 66.252.2.5,\ >> 66.252.2.6,\ >> >> Unfortunately that doesn't look too good. >> >> Nor does: >> >> export x=$(cat ips);export jail_ips=''; for ip in $x; do export >> jail_ips="$jail_ips,$ip"; done; export jail_ips=$(echo $jail_ips | sed >> s/,$/''/ | sed s/^,//); >> >> Is there a more beautiful alternative? > > /etc/rc.conf is just /bin/sh code. All you need to do is set > the variables -- usually by assigning a static string, but you > can use whatever constructs you want. Well - within reason. Making > something as critical as the system boot process depend on a bunch of > other files or processes is not a good idea on the whole. > > You can include multi-line whitespace in the variables by using single > quotes: > > jail_box_ip='66.252.2.4, > 66.252.2.5, > 66.252.2.6, >66.252.2.7' > > Assuming that the init script that processes this data isn't phased > by the inclusion of a bit of whitespace. > > Or you can generate the required numbers, assuming they are > consecutive: > > jail_box_ip=$( jot -w "66.252.2.%d" -s "," 5 4 ) > >Cheers, > >Matthew > > -- > Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard > Flat 3 > PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate > Kent, CT11 9PW > > -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: jail_box_ip=""
Here's what I got so far: http://pastie.org/246189 And this is just wishful thinking I guess: http://pastie.org/246190 On Sat, Aug 2, 2008 at 7:08 PM, Redd Vinylene <[EMAIL PROTECTED]> wrote: > Hey, I got a couple of hundred IPs, is there an easy way to add them > all to jail_box_ip="ip1,ip2,ip3" without making like the longest line > ever? > > Like this? > > jail_box_ip="66.252.2.4,\ > 66.252.2.5,\ > 66.252.2.6,\ > > Unfortunately that doesn't look too good. > > Nor does: > > export x=$(cat ips);export jail_ips=''; for ip in $x; do export > jail_ips="$jail_ips,$ip"; done; export jail_ips=$(echo $jail_ips | sed > s/,$/''/ | sed s/^,//); > > Is there a more beautiful alternative? > > Thanks! > -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
jail_box_ip=""
Hey, I got a couple of hundred IPs, is there an easy way to add them all to jail_box_ip="ip1,ip2,ip3" without making like the longest line ever? Like this? jail_box_ip="66.252.2.4,\ 66.252.2.5,\ 66.252.2.6,\ Unfortunately that doesn't look too good. Nor does: export x=$(cat ips);export jail_ips=''; for ip in $x; do export jail_ips="$jail_ips,$ip"; done; export jail_ips=$(echo $jail_ips | sed s/,$/''/ | sed s/^,//); Is there a more beautiful alternative? Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: I can't make world without the "games" group?
Adding WITHOUT_GAMES="YES" to /etc/src.conf most certainly didn't work. Why does FreeBSD pack so much, pardon my language, bullshit anyway? Yes, one or two (out of one or two million) might need it, but can't we make it available to them in some other way? As a module or a port or something? Thanks! On Fri, Aug 1, 2008 at 11:47 PM, darko gavrilovic <[EMAIL PROTECTED]> wrote: > On Fri, Aug 1, 2008 at 11:31 AM, Redd Vinylene <[EMAIL PROTECTED]> wrote: >> Hello! >> >> Why can't I make world without the "games" group? I run a serious >> server, not a kindergarten ;) >> > > .. but you will miss out on all the murphy's law quotes.. one of the > few enjoyments a sysadmin has left in this world. > > > > > > -- > regards, > dg > > "..but the more you use clever tricks, the less support you'll get > ..." -- M.W.Lucas > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: The best way to upgrade my FreeBSD and its jails
Whatever version you know, right now it's an old 7.0-STABLE to a newer 7.0-STABLE. Improved the script a little though: http://pastie.org/245821 Enjoy! On Fri, Aug 1, 2008 at 9:00 PM, Miroslav Lachman <[EMAIL PROTECTED]> wrote: > Redd Vinylene wrote: > >> My dedicated server is mother, its two jails are camel and box. Is >> this the best way to upgrade all of them? >> >> Pretty cool huh? >> >> - >> >> # FreeBSD/i386 mother.reddvinylene.no >> >> csup /etc/cvsupfile && \ >> >> cd /usr/src && \ >> >> make buildworld && \ >> >> make buildkernel && \ >> >> make installworld && \ >> >> make installkernel && \ >> >> make delete-old && \ >> >> make delete-old-libs && \ >> >> mergemaster -U&& \ >> >> export D=/usr/jail/camel && \ >> >> make installworld DESTDIR=$D && \ >> >> make installworld installkernel DESTDIR=$D && \ >> >> make delete-old DESTDIR=$D && \ >> >> make delete-old-libs DESTDIR=$D && \ >> >> cd etc/ && \ >> >> make distribution DESTDIR=$D && \ >> >> cd .. && \ >> >> mergemaster -U -D $D && \ >> >> export D=/usr/jail/box && \ >> >> make installworld DESTDIR=$D && \ >> >> make installworld installkernel DESTDIR=$D && \ >> >> make delete-old DESTDIR=$D && \ >> >> make delete-old-libs DESTDIR=$D && \ >> >> cd etc/ && \ >> >> make distribution DESTDIR=$D && \ >> >> cd .. && \ >> >> mergemaster -U -D $D && \ >> >> chflags -R noschg /usr/obj/* && \ >> >> rm -rf /usr/obj/* > > > It would be better if you post what version you are running and to what > version you want to update / upgrade. If you want to use some RELEASE, you > can user freebsd-update command for binary update of base and jails. > > Also it is not good to do all the above steps as one chained command. > > Miroslav Lachman > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
src.conf: There's no WITHOUT_IPFW?
There's WITHOUT_IPFILTER and WITHOUT_PF, but no WITHOUT_IPFW? /usr/src/UPDATING doesn't mention IPFW being removed. Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
The best way to upgrade my FreeBSD and its jails
My dedicated server is mother, its two jails are camel and box. Is this the best way to upgrade all of them? Pretty cool huh? - # FreeBSD/i386 mother.reddvinylene.no csup /etc/cvsupfile && \ cd /usr/src && \ make buildworld && \ make buildkernel && \ make installworld && \ make installkernel && \ make delete-old && \ make delete-old-libs && \ mergemaster -U&& \ export D=/usr/jail/camel && \ make installworld DESTDIR=$D && \ make installworld installkernel DESTDIR=$D && \ make delete-old DESTDIR=$D && \ make delete-old-libs DESTDIR=$D && \ cd etc/ && \ make distribution DESTDIR=$D && \ cd .. && \ mergemaster -U -D $D && \ export D=/usr/jail/box && \ make installworld DESTDIR=$D && \ make installworld installkernel DESTDIR=$D && \ make delete-old DESTDIR=$D && \ make delete-old-libs DESTDIR=$D && \ cd etc/ && \ make distribution DESTDIR=$D && \ cd .. && \ mergemaster -U -D $D && \ chflags -R noschg /usr/obj/* && \ rm -rf /usr/obj/* - Redd Vinylene http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
The best way to upgrade my FreeBSD and its jails
My dedicated server is mother, its two jails are camel and box. Is this the best way to upgrade all of them? Pretty cool huh? - # FreeBSD/i386 mother.reddvinylene.no csup /etc/cvsupfile && \ cd /usr/src && \ make buildworld && \ make buildkernel && \ make installworld && \ make installkernel && \ make delete-old && \ make delete-old-libs && \ mergemaster -U&& \ export D=/usr/jail/camel && \ make installworld DESTDIR=$D && \ make installworld installkernel DESTDIR=$D && \ make delete-old DESTDIR=$D && \ make delete-old-libs DESTDIR=$D && \ cd etc/ && \ make distribution DESTDIR=$D && \ cd .. && \ mergemaster -U -D $D && \ export D=/usr/jail/box && \ make installworld DESTDIR=$D && \ make installworld installkernel DESTDIR=$D && \ make delete-old DESTDIR=$D && \ make delete-old-libs DESTDIR=$D && \ cd etc/ && \ make distribution DESTDIR=$D && \ cd .. && \ mergemaster -U -D $D && \ chflags -R noschg /usr/obj/* && \ rm -rf /usr/obj/* - Redd Vinylene http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
src.conf: WITHOUT_SOMETHING
Let's say I add WITHOUT_SOMETHING to /etc/rc.conf, and remake and reinstall my world. What will happen to the previous install of SOMETHING? Will it be removed or just left there to rot? Thank you! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
src.conf: WITHOUT_SOMETHING
Let's say I add WITHOUT_SOMETHING to /etc/rc.conf, and remake and reinstall my world. What will happen to the previous install of SOMETHING? Will it be removed or just left there to rot? Thank you! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: I can't make world without the "games" group?
That is so cool! Thanks! On Fri, Aug 1, 2008 at 5:35 PM, Curt Micol <[EMAIL PROTECTED]> wrote: > man src.conf(5) > > On Fri, Aug 1, 2008 at 11:31 AM, Redd Vinylene <[EMAIL PROTECTED]> wrote: >> Hello! >> >> Why can't I make world without the "games" group? I run a serious >> server, not a kindergarten ;) >> >> I don't want the games group there, I just don't need it! >> >> Thanks! >> ___ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "[EMAIL PROTECTED]" >> > > > > -- > # Curt Micol > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
I can't make world without the "games" group?
Hello! Why can't I make world without the "games" group? I run a serious server, not a kindergarten ;) I don't want the games group there, I just don't need it! Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Jails and multiple IPs
Big ups to Bjoern A. Zeeb for his multiple IP patch as well as his friendly support service ;) I'd just like to confirm, however, if this is how it's done? # cd /usr/src # wget http://people.freebsd.org/~bz/bz_jail7-20080727-11-at146062.diff # patch -p6 < bz_jail7-20080727-11-at146062.diff # make buildworld # make buildkernel KERNCONF=GENERIC # make installworld # make installkernel KERNCONF=GENERIC # mergemaster -U Now to the jail part (this is exactly how I created the jail in the first place) # export D=/usr/jail/camel # mkdir -p $D # make world DESTDIR=$D # cd etc/ # make distribution DESTDIR=$D # mount -t devfs devfs $D/dev Also, under jail_X_ip in rc.conf, must I enter the IPs one by one or can I specify an entire range? Thank you all! Redd Vinylene http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
