Server hardware
Hello, I'm getting ready to buy a new server system (running FreeBSD of course) for a small business. I have always before bought off-the-shelf parts and built my own, but am thinking of getting a packaged system this time. I want something fairly horsey. Xeon(s), 8-16gb ram, several terabytes storage, etc. The system will run at least one VM (virtualbox) at all times, and I've been thinking about using an SSD for the system drive and database storage, and a RAID for the rest. My question -- are any server vendors well recommended for FreeBSD? I've looked at some seemingly decently priced Dells/HPs, but would appreciate any advice. Seems there are at times some hardware issues with some Dell controllers. Thanks, Scott ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: BSDstats v3.0 - The Security Rewrite
On Aug 14, 2006, at 4:28 PM, Marc G. Fournier wrote: On Mon, 14 Aug 2006, John Nielsen wrote: This is great! Is the 15-minute first-time waiting period enforced on the server side? Obviously there's nothing to stop an administrator from editing the script locally.. It is enforced on the server side ... in fact, one person just reported to me that they killed the script and re-ran it, and the stats went through ... they didn't, the server side will reject the submission until the first minute time has elapsed ... I've got some ideas on how to better clean that up on the client side ... This just happened to me as well--I installed the port, added lines to periodic.conf and manually ran: /usr/local/etc/periodic/monthly/300.statistics output as follows: # /usr/local/etc/periodic/monthly/300.statistics chown: /var/db/bsdstats: No such file or directory To protect against abuse, the initial challenge/response phase contains a 15 minute pause. Please be patient while this time limit elapses ^C # /usr/local/etc/periodic/monthly/300.statistics Posting monthly OS statistics to bsdstats.org Posting monthly device statistics to bsdstats.org Posting monthly CPU statistics to bsdstats.org I cancelled it to see why it showed the chown error. Scott ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: BSDstats Project v2.0 ...
On Aug 6, 2006, at 11:42 PM, Marc G. Fournier wrote: I've now committed v2.0 of the 300.statistics periodic script ... this one adds the device reporting that we'd talked about previously, and the summary reports now reflect the driver(s) in use for those deciding to report ... This Phase of the script is optional, and not enabled by default ... I can't think of any reason why you wouldn't want to report it, but just in case someone feels it poses a problem, its an opt-in report ... pkg-message updated to reflect the extra line you need to add to / etc/periodic.conf: monthly_statistics_report_devices=yes I've written it to report driver + chip= information from pciconf - l, since even pciconf -lv doesn't seem to use card= ... the summary report will be extended next to show both vendor and chip statistics ... Let me know of any problems ... Just got it installed on two systems--exciting! Any thoughts on adding uptime tracking (ie, desirable or not)? Could be something very simple client side, like: --- /usr/ports/sysutils/bsdstats/files/300.statistics Sun Aug 6 23:35:39 2006 +++ /usr/local/etc/periodic/monthly/300.statistics Mon Aug 7 19:43:47 2006 @@ -20,7 +20,8 @@ HN=`/bin/hostname` SYS=`/usr/bin/uname -r` ARCH=`/usr/bin/uname -m` - /usr/bin/fetch -qo /tmp/getid http://bsdstats.hub.org/scripts/ getid.php?hn=$HN\sys=$SYS\arch=$ARCH + UP=`/usr/bin/uptime | /usr/bin/grep -o up [^,]*,[^,]*,` + /usr/bin/fetch -qo /tmp/getid http://bsdstats.hub.org/scripts/ getid.php?hn=$HN\sys=$SYS\arch=$ARCH\up=$UP case $monthly_statistics_report_devices in [Yy][Ee][Ss]) IFS= Scott ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Howto insert string. (Was: Re: [freebsd-questions] awk quickie.)
On Aug 6, 2006, at 6:47 PM, Gary Kline wrote: Thanks much! I *did* learn that with just FS, no need END. Maybe you can help me figure out what I'm trying to do because I'm wedged!! I've got 80 or so html/php files. Most do have BODY BGCOLOR=#FF but a whole slew do not/are missing the BG color code. So is there some scripto-magic way of finding out which fles are missing the above string? I know how, using an ed/ex script to insert this string. My hacker brain seems to be on strike! gary Not 100% sure this is what you're wanting, but you can just do something like: grep myregex * | awk -F ':' '{print $1}' This will print out the first column (ie, whatever comes before the first colon). if the options are either BODY or BODY BGCOLOLR=#FF I guess you could do something like: grep BODY * | grep -v BGCOLOR | awk -F ':' '{print $1}' to get the files that have a body line sans BGCOLOR (you might need to account for case in the tags also) Scott ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsnap oddities
I might just add that I had similar corruption issues using portsnap behind a transparent squid proxy. Not 100% of the time corruption, but fairly often. Changed the router rules to not proxy for this server and all has been well. Scott On Aug 4, 2006, at 11:49 PM, Gary Newcombe wrote: Yes, nail on the head methinks. This server is behind a proxy and portsnap works fine with it disabled. With combination of advproxy, havp and privoxy: [mesh:/var/db/portsnap]# l *[3d].gz -rw-r--r-- 1 root wheel64B 5 Aug 12:51 ad06d1f7b82db9ebcb496e7d48a754932622f1c8d6166564e61666d059f1b8fd.gz -rw-r--r-- 1 root wheel64B 5 Aug 12:51 ad3d51001a264245eab5894cece6c902d073841143e9ffc7ee8379948a44aae3.gz Without: [mesh:/var/db/portsnap]# portsnap --debug fetch Looking up portsnap.FreeBSD.org mirrors... 2 mirrors found. Fetching snapshot tag from portsnap1.FreeBSD.org... latest.ssl100% of 256 B 685 kBps done. Fetching snapshot metadata... d82061f1c680d235d7c08c340e9c25e42b4a133e2ca1c1100% of 299 B 533 kBps done. Updating from Thu 3 Aug 2006 04:45:32 EST to Sat 5 Aug 2006 11:22:38 EST. Fetching 0 metadata patches... done. Applying metadata patches... done. Fetching 0 metadata files... done. Fetching 2 patches... /usr/libexec/phttpget portsnap1.FreeBSD.org bp/7c2d57a2388d4d5cd20e935c57727b5019fbdf06210ebf9b8f0b7c01bf072db5- ad06d1f7 b82db9ebcb496e7d48a754932622f1c8d6166564e61666d059f1b8fd bp/352d16ab1731729d4542c9c126034d6f27ce2830f297effb8831e6eb6a46cb31- ad3d5100 1a264245eab5894cece6c902d073841143e9ffc7ee8379948a44aae3 http://portsnap1.FreeBSD.org/bp/ 7c2d57a2388d4d5cd20e935c57727b5019fbdf06210e bf9b8f0b7c01bf072db5- ad06d1f7b82db9ebcb496e7d48a754932622f1c8d6166564e61666d 059f1b8fd: 200 OK http://portsnap1.FreeBSD.org/bp/ 352d16ab1731729d4542c9c126034d6f27ce2830f297 effb8831e6eb6a46cb31- ad3d51001a264245eab5894cece6c902d073841143e9ffc7ee83799 48a44aae3: 200 OK done. Applying patches... done. Fetching 0 new ports or files... done. [mesh:/var/db/portsnap]# l *[3d].gz -rw-r--r-- 1 root wheel64B 5 Aug 13:32 ad06d1f7b82db9ebcb496e7d48a754932622f1c8d6166564e61666d059f1b8fd.gz -rw-r--r-- 1 root wheel64B 5 Aug 13:32 ad3d51001a264245eab5894cece6c902d073841143e9ffc7ee8379948a44aae3.gz So the files did seem to be intact initially anyway? Just clearing the cache for the proxy didn't seem to solve the problem btw. Thanks, Gary -Original Message- From: Colin Percival [mailto:[EMAIL PROTECTED] Sent: Saturday, 5 August 2006 1:24 PM To: Gary Newcombe Cc: freebsd-questions@freebsd.org Subject: Re: portsnap oddities Gary Newcombe wrote: Fetching 2 new ports or files... /usr/libexec/phttpget portsnap1.FreeBSD.org f/ad06d1f7b82db9ebcb496e7d48a754932622f1c8d6166564e61666d059f1b8fd.gz f/ad3d51001a264245eab5894cece6c902d073841143e9ffc7ee8379948a44aae3.gz http://portsnap1.FreeBSD.org/f/ ad06d1f7b82db9ebcb496e7d48a754932622f1c8d6166 564e61666d059f1b8fd.gz: 200 OK http://portsnap1.FreeBSD.org/f/ ad3d51001a264245eab5894cece6c902d073841143e9f fc7ee8379948a44aae3.gz: 200 OK gunzip: stdin: not in gzip format snapshot is corrupt. Strange. I've checked on portsnap1.freebsd.org, and those files are definitely intact. Are you using an HTTP proxy? It's possible that it might have cached a broken version of those files. Could you look in /var/db/ portsnap and tell me how large those two files are? Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Network Design
I'm helping a small business expand their networking. right now they have one office location (with a freebsd firewall box, and a freebsd box running db, web, samba, etc). Their main office location has: - 3 external static IPs on a DSL connection (all aliased on one nic) - an internal network of 10.0.0.0/255.0.0.0 - a wireless network with IP range 192.168.1.0/255.255.255.0 (nat'ed and running off the firewall box) They are adding a second warehouse location. It will also have one static IP address (running on dsl also). I'd like to get a IPsec connection going between the location so all warehouse traffic goes through the main branch. I've done this much before. They also want to subdivide up the network at their main location so some terminals can be on gige and some are on 100. I believe I've read you shouldn't mix and match 100/1000? I don't really have any experience with how subnetting and IP ranges should work for a configuration like this (local network, remote ipsec location, wireless network, etc). Looking for any assistance (advice, links, anything!) on how to setup a sane and well designed network. Scott ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Network Design
On May 28, 2006, at 11:49 PM, Atom Powers wrote: Their main office location has: - 3 external static IPs on a DSL connection (all aliased on one nic) - an internal network of 10.0.0.0/255.0.0.0 How many computers are on this network? Probably less than 253. Make sure your DHCP server is only giving out leases in, say, 10.0.0.1-254 range and then change it to a /24 subnet, or whatever fits your environment. Small network--about 20 at the main location, and maybe 2-3 at the secondary location, once it's up. - a wireless network with IP range 192.168.1.0/255.255.255.0 (nat'ed and running off the firewall box) NATed from the 10/8 network too? You may want to just route between the wired and wireless, it will save you some headaches troubleshooting things later. Security policies between the networks should be implemented by the firewall. Yeah, it was setup this way a couple years ago, and hasn't been changed in the meanwhile. I was thinking it would probably be a good idea to just do normal routing, which it sounds like you've confirmed :) They are adding a second warehouse location. It will also have one static IP address (running on dsl also). I'd like to get a IPsec connection going between the location so all warehouse traffic goes through the main branch. I've done this much before. They also want to subdivide up the network at their main location so some terminals can be on gige and some are on 100. I believe I've read you shouldn't mix and match 100/1000? Do you know what your bandwidth usage is? Chances are very good that the peak usage for the workstations is around 8-10Mbps. In other words, you almost certainly don't need GigE. Even my file servers, that service several hundred roaming profiles, peak around 70-80MBps. Find out what your bandwidth usage is before you go out and spend several thousand dollars on an upgrade that won't do you any good. ( I use cacti and SNMP agents to watch my bandwidth usage. ) It's not an issue for most of the workstations, but there are several workstations that do large file transfers (working with graphics, etc) on a regular basis. They support gige already (macs), the fileserver has gige (em interface) and there's an unused SMC switch available. I thought it was more complicated I think. Assuming you have a switched network, you should have no problems mixing your 10/100Base network with your 10/100/1000Base network. Even if you were using hubs you shouldn't have a problem. (Do they even make 1000Base Ethernet hubs?) That's good to know. I had been unsure if there were issues relating to MTU issues--like if I enabled jumbo frames (the switch I have available supports jumbo frames, which I had read were good to enable) I don't really have any experience with how subnetting and IP ranges should work for a configuration like this (local network, remote ipsec location, wireless network, etc). Simple subnetting alone won't *really* separate two network if they share physical infrastructure. You would need to either completely separate the physical networks or do something with 802.1q VLANs. Either way you will need a router. Looking for any assistance (advice, links, anything!) on how to setup a sane and well designed network. Head down to your local privately owned book store and grab the biggest book on TCP/IP that you can find. Chances are it will be terribly dry and not very useful, but it is a place to start. This book is very good, but probably way too technical for what you are trying to do: The Protocols (TCP/IP Illustrated, Volume 1) (Hardcover) by W. Richard Stevens Thanks for all your advice, I'll check that book out. thanks, Scott ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Intel Mac experiences
On May 26, 2006, at 1:36 AM, vayu wrote: On May 25, 2006, at 9:13 PM, Ted Mittelstaedt wrote: James, you missed the point. If you have an Intel MAC it came with MacOS X (tiger) and that is basically the same operating system as FreeBSD. Meaning, what are you trying to gain? If anything, your worse off with FreeBSD since MacOS X comes with a gorgeous user interface that FreeBSD does not have. Ted I can understand the desire. OS X does have a polished and beautiful desktop environment, but it is not FreeBSD. If money were no object for me, I would want a Macbook Pro with a triple boot of OS X, Win XP and FreeBSD. Back to the original topic: James, I'm curious that you had any results booting with any BSD or Linux. The Intel Macs have no BIOS, I have read of hacks that got Linux (and Windows before Apple offered it) to work, but it didn't seem straight forward based on the accounts I read. This is not true--how do you think Bootcamp works? It provides BIOS emulation for booting windows, and whatever else. Secondly, why do people keep saying that OSX and FreeBSD are basically the same operating system -- if by basically the same you mean have a unix base, then sure. OSX runs on a hybrid mach microkernel (and with all the performance baggage this comes with). A great deal of the userland utilities originate from NetBSD or even OpenBSD in addition to FreeBSD. There is no ports system (sure, darwinports is similiar, though far less extensive). Boot system is entirely different. There's no way to buildworld or buildkernel, etc. Directory services are done completely differently than in Freebsd (netinfo?). There's not even an /etc/fstab. One could go on... Scott ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
SMBus and mbmon
First time I've tried to access smb devices or used mbmon, so apologies if this is very stupid. Running 6.0-stable (from awhile ago, December) on an Intel server motherboard. In the boot dmesg I get this line: pci0: serial bus, SMBus at device 31.3 (no driver attached) I have nothing relating to SMB compiled in my kernel. I do kldload ichsmb ichsmb0: Intel 6300ESB (ICH) SMBus controller port 0x400-0x41f irq 17 at device 31.3 on pci0 ichsmb0: [GIANT-LOCKED] smbus0: System Management Bus on ichsmb0 then kldload smb smb1: SMBus generic I/O on smbus0 smb0: SMBus generic I/O on smbus0 There are now the twoce devices in /dev, however, whenever I try to run mbmon I get # mbmon -S -s0 -d ioctl(smb0:writebyte): Device not configured (same result for s1 to try smb1) If I unload all the SMB related modules and run mbmon, I get # mbmon -d ioctl(smb0:open): No such file or directory SMBus[Intel8XX(ICH/ICH2/ICH3/ICH4/ICH5/ICH6)] found, but No HWM available on it!! Using ISA-IO access method!! * Winbond Chip W83627HF/THF/THF-A found. and just running mbmon gives an output # mbmon ioctl(smb0:open): No such file or directory Temp.= 127.0, 115.0, 127.0; Rot.=0, 1834, 2812 Vcore = 0.00, 1.17; Volt. = 3.33, 5.00, 12.22, 1.62, 0.23 [etc] So I'm not sure what's going on. Is the existence of smb devices important? Do I get better monitoring? Scott ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Apache auth question
I am dealing with a company LAN that lives behind an OpenBSD based firewall+NAT machine. All internal machines have 10.x.x.x addresses. One of the internal machines acts as an intranet webserver. Everyone in the building should be able to access it. I would ALSO like to expose it to the outside, and have outside requests authenticate. So everyone with a 10.x.x.x still has no limits, and external addresses after authenticating with a username/ password have full access. Is this possible to do with apache2 config files? Scott ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Apache auth question
On Mar 6, 2006, at 6:52 AM, Glenn Dawson wrote: At 03:56 AM 3/6/2006, Scott Sipe wrote: I am dealing with a company LAN that lives behind an OpenBSD based firewall+NAT machine. All internal machines have 10.x.x.x addresses. One of the internal machines acts as an intranet webserver. Everyone in the building should be able to access it. I would ALSO like to expose it to the outside, and have outside requests authenticate. So everyone with a 10.x.x.x still has no limits, and external addresses after authenticating with a username/ password have full access. Is this possible to do with apache2 config files? Something like this should do what you want: Directory /docroot AuthType basic AuthName foo AuthUserFile /path/to/htpasswds Order Deny,Allow Deny from all Require valid-user Allow from 10.0.0.0/16 Satisfy any /Directory That got it perfectly, adding the Satisfy any line was what I had been missing.. thanks much! Scott ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Redirecting Traffic with PF
Well, I don't use PF on FreeBSD (only on OpenBSD--and am no expert by any means) but I would write that rule as rdr pass on $extif inet proto udp from any to any port 27902 - 192.168.2.11 port 27902 the difference being the addition of the pass keyword. IF you have a block, then allow ruleset in PF (allowing in only known good traffic) then you need to allow traffic on port 27902. alternatively you could add another line pass on any proto udp port 27902 keep state you do NOT need to specify $intif on the rdr line. you can also use the utility pftop (which is in the ports) tree to monitor livetime what's going on. Similiar to doing pfctl -ss Scott On Feb 24, 2006, at 2:13 PM, Frank Staals wrote: Hey, I have an FreeBSD server/firewall running 5-Stable with PF. I want to redirect all udp traffic on port 27902 from the internet to a computer in my network. I used this rule but I have some problem with it: sometimes connections on that port are refused and I can't connect with other players ( it's for a online game ) : rdr on $extif inet proto udp from any port 27902 - 192.168.2.11 port 27902 I think the problem might have something to do with the different network interfaces since the traffic is comming in on $extif and has to go to an computer connected to $intif ? And how can I do that ? Can I change it to: rdr on $extif inet proto udp from any port 27902 - $intif 192.168.2.11 port 27902 ? Or what do I have to do to fix it. Thanks in advance, -- -Frank Staals ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Softupdates Question
Hi, At work we're running some rather old accounting software that tells us to disable oplocks and all caheing on our file server (and our clients)--Samba/FreeBSD isn't officially supported (the only platforms that are are Windows Server and Novell--yes, it's old) but we've been running fine on this configuration. The software is sensitive to data caching issues etc, and corruption is occasionally an issue. I have all oplocks disabled for the share in samba, and at the moment I have softupdates disabled on the accounting software mount. My question is, does activating softupdates add any risk of data loss? My guess is no, but I've wanted to play it safe. Our other samba shares all have softupdates enabled and do fine, and speed is becoming somewhat of an issue. thanks, Scott ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]