Re: (postfix) SPAM filter?
* Once it is setup then it would require no additional maintenance. * Potential spam messages are marked with a special header that can be filtered on user discretion on their local mail client software. Yes, one recommendation for sure. Give up on your first goal. It'll never happen, because fighting spam is an arms race, with new tactics needing to be adopted. Amen (or Ahem, or what BSDie would say). There will *ALWAYS* be maintenance. If you are not developing new regexs and/or solutions to fight the daily produced techniques that make up SPAM, then you are implementing them. If there is anyone who disagrees, then you likely have not dealt with SPAM in an organization larger than a few thousand dispersed and non-educated users. If you have such, and you have no maintenance, then I beg your pardon. Others will talk about other packages. It's worth taking a look at each of them to figure out what works for you. ...agreed. It's also worth taking a look at ALL options, not just 'packages' to figure out what works for you. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
is there a port to 'copy' audio from one soundcard to another in realtime?
Say I have multiple usb audio devices, and I want to make a simple 'mixer' - anyone know how to do that? Thanks, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
copying just / (not /tmp, /usr, etc) (rsync -x failed)
I have / on one slice, and [usr,tmp,var] on others. I want to move just / to a new disk, which seemed to be what rsync -x (do not cross filesystems) was intended for. It failed, however, as df shows 20k blocks in /, and rsync filled up the target slice with 50k blocks, so obviously it blew right past the 'end' of / - did I miss something? Is there no other way except to umount [tmp,usr,var]? Thanks, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
using dd to duplicate disks/partitions of slightly different sizes - works?
I've got two 160GB disks. Different manufacturers, so different # bytes. One is FreeBSD, the other blank. I'd like to backup my system for the fastest possible recovery after a crash - move the plug and power up. I have gmirrored before, but I just wanted to do a quick dd, since I don't want to abuse my cheapo powersupply (has 4 disks already on it). Two questions: (1) If I dd from the smaller to the larger, will it work? What happens to the extra, say 5MB of unused space - will my partition info be messed up? (2) If I dd from the larger to the smaller (df reports only 50% used anyway) is there a way to make sure there is no info in the 5MB at the end that will overflow the smaller, and again, will my partitions be ok? The other option is just to fdisk label the other disk, then rsync everything to it. Is that the wiser choice? Thanks, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD for Sony Playstation3?
I just have a quick question: will FreeBSD.org consider porting FreeBSD to Sony Playstation3? === Stephen E. Sun, Ph.D. Dept of Mat/Cmp/ITE Nassau Community College, SUNY ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ataidle - causing apache cvs timeouts
I'm running ataidle on my personal server to save electricity. However, every time it has to spin up a drive whatever I'm accessing (apache, cvs, etc) gives an error instead of waiting for the disk. If I then access it again after a couple seconds once the disk is active it works fine. Any idea how to fix this? Relevant parts of dmesg: ad7: TIMEOUT - READ_DMA48 retrying (1 retry left) LBA=640790375 ad7: TIMEOUT - READ_DMA48 retrying (0 retries left) LBA=640790375 ad7: FAILURE - READ_DMA48 timed out LBA=640790375 Thanks, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ...WELL, latest adventures of The Gary in the Dell
And this is to all the wizards on-list: Why does Gnome take minutes to load? Yes, I finally got 6.3-PRERELEASE to boot after learning that Dell has problems with its serial ports (and Unix). I did see a few postings about the increased delay time to bring up the windowing system, but didn't know it would apply to 6.3 Since I don't run any windowing system on any of my FBSD boxen, I may be way off here, but could this load time be due to DNS timeouts of some sort? Many things hang if they can not resolve names, perhaps this could be part of the issue? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Secure remote shell
What other solution would you suggest to execute a shell remotely as root, that could be automated in a script (no password required). - have information input into browser - have web server save information to server disk in non-executable format - have script (or admin) authenticate/authorize commands to be performed (recommend doing this manually for a while to ensure you capture as many escape type bugs as possible) - have commands via another script scrubbed/cleaned/tested - have cron perform commands at every X minutes Dirty, but it works. Just ensure that your input variables are very clean during the request, and their storage. All this said, I have an environment that may *semi* relate to what you are doing. It appears you are running your mail with sendmail on one box, RADIUS on another, and perhaps your web interface on yet another. Is this correct? Perhaps it's all on the same box... Can you state: - mail server software - RADIUS software - web interface (server) software ...assuming further, the web interface is custom right? How many users do you have? How many support people? Perhaps you could mail me off-list to discuss, as myself, and my support staff just went through this last year, and are just finishing up the details. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Secure remote shell
ssh using key authentication and sudo configured to allow a certain user to run the needed commands and only the needed commands as root. http://www.gratisoft.us/sudo/ http://sial.org/howto/openssh/publickey-auth/ Yes but in the OP's context, providing this would mean that ANY command supplied via the web interface would be allowed whether SSH or sudo was used to perform the remote execution via the web server. IMHO, there needs to be a distinctive separation as the 'support' persons request comes via the browser. If it is an 'adduser' type request, all aspects (mail, radius etc) need to have their own input-type authentication/authorization check on the input. Although sudo and SSH are part of the solution, providing a web server with full rights on a remote server if they can gain keyless entry is a large mistake. Tunnel via SSH, and escalate via sudo is both a good idea. But I think in the OP's context, there needs to be some intensive checks and bounds in between that make it *harder* for him to achieve his goals than what it could be. I don't think anyone would want the following scenario: - you pass https://url.com?blahblahetc to webserver - webserver, via password-less ssh executes via sudo a command on remote RADIUS/mail to introduce a new user, perhaps in wheel group - owned Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Secure remote shell
Although sudo and SSH are part of the solution, providing a web server with full rights on a remote server if they can gain keyless entry is a large mistake. Steve, at no point does the original email say we need to execute user input. sudo does not equate to providing full rights. I suggest reading the manpage. check yourself before you wreck yourself. I apologize, you are correct. Perhaps I was in a different context. I was assuming that data passed via a web browser was in fact data that needed to be executed as the user (web server context). Registering users is done wia a web page, and the web server will remote execute a script on the mail server to add the users in the aliases and run newaliases, remote execute a script to the radius server to add the user in the radius tables and restart radius, etc. Pardon my ignorance, I don't regularly use sudo. However, depending on how the user is being added to the mail and/or RADIUS server, if the web server has root auth via sudo to adduser, does that not allow the web server to create a user within whatever group it wants to? check yourself before you wreck yourself Fair enough. Strong statement, I'll stand by it if necessary :) A legitimate question: If I add user 'www' to 'sudoers' with the ability to run adduser, does that not give user 'www' to put the added user in a group, perhaps wheel? If said commands are passed via 'user' to web browser to web server, run within context of the web server user, and web server user has sudo rights to the remote box, does that not mean that the server is essentially 'executing user input'? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
how to compile and install a new driver
Hi, I found this thread http://lists.freebsd.org/pipermail/freebsd-stable/2006-August/027445.html to a driver I need for my system. (1) The file extension (http://www.dons.net.au/~darius/ucp-0.01.diff.gz) is .diff, not .c, so what exactly do I do with it to compile it? (2) Assuming I can get it to compile, which I've never done, what do I do with the object/driver file? This driver is long overdue, the part has been in usb devices for several years, and support is in OpenBSD and Linux already (so I'm told by google). I'll happily document the process if someone holds my hand. Oh, and as I'm a hardware engineer, I have at least 6 working (tested with win32 boxes) examples of the actual part to test with - I'll know if the driver is functional immediately. Google found no mention of it, other than the given sites, so I assume it's not being incorporated into 7-release. Thanks, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to compile and install a new driver
On Nov 27, 2007 3:11 PM, Roland Smith [EMAIL PROTECTED] wrote: On Tue, Nov 27, 2007 at 01:48:28PM -0700, Steve Franks wrote: Hi, I found this thread http://lists.freebsd.org/pipermail/freebsd-stable/2006-August/027445.html to a driver I need for my system. (1) The file extension (http://www.dons.net.au/~darius/ucp-0.01.diff.gz) is .diff, not .c, so what exactly do I do with it to compile it? First, use gunzip to extract it. This will leave a file ucp-0.01.diff. Next, su to root and cd to /usr/src/sys. To apply the patch, do 'patch /location/of/ucp-0.01.diff' Note that the patch doesn't apply cleanly (/usr/src/sys/dev/usb/usbdevs) on 7.0-BETA2. If that's also the case on the version you're using, you'll have to look at /usr/src/sys/dev/usb/usbdevs.orig and /usr/src/sys/dev/usb/usbdevs.rej to fix it manually. I'm on 6.2 at the moment. Next, build and install a kernel according to the handbook. ('make kernel' in /usr/src) (2) Assuming I can get it to compile, which I've never done, what do I do with the object/driver file? The 'make kernel' command will install the module automagically. On the next boot, you should be able to load the ucp driver module with kldload(8). So is the kernel the collection of all .ko modules then? I always thought it was some monolithic binary somewhere. If not, is it possible to build just usbdevs alone? I'm a little skittish about fubaring the kernel on my family's main server. My name will be mud if I bring it down for a significant period, and it's my only BSD box at the moment - our data is backed up, but I don't have a tape drive I can just pull / and /usr off in 5 minutes if I kill it. I know this is not relavant to the discussion, but my point is, I don't know enough to know what's relatively safe and what isn't. This driver is long overdue, the part has been in usb devices for several years, and support is in OpenBSD and Linux already (so I'm told by google). I'll happily document the process if someone holds my hand. If it works, submit a PR. A url/handbook page for that, perhaps? I understand the concept of a PR, but not fbsd's specific system (or where to find it). Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: routing problem
Alaor Barroso de Carvalho Neto wrote: If I turn off linux and set the rl0 to 192.168.1.1 it stop resolving names but can ping to anywhere. Help!!! in the rc.conf gateway_enable=YES defaultrouter=X.X.X.X I don't know if I quite understand on which machine things are breaking, but if it is a FreeBSD box, can you post the output to: # cat /etc/resolv.conf ...and # dig @192.168.1.2 google.ca Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: routing problem
Alaor Barroso de Carvalho Neto wrote: Sorry, searchdomain ... nameserver 192.168.1.2 not 192.168.1.1 as I've said before. What about: # dig @192.168.1.2 google.ca Also, I don't know if it has any impact, but my resolv.conf shows just 'search mydomain.com' as opposed to searchdomain. Perhaps you could fix that to see if it helps. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: arbitrary build can't find libs - right way to do this?
Steve Franks wrote: On Nov 20, 2007 4:16 PM, Roland Smith [EMAIL PROTECTED] wrote: On Tue, Nov 20, 2007 at 03:34:29PM -0700, Steve Franks wrote: I'm trying to compile a non-port application for the first time ever. The associated library built and installed just fine - I can see them right in /usr/local/lib and usr/local/include/libnamefoo.h However, when I run ./configure for the application, it clearly can't find the libs. So my question is, should I be changing my path, is there a standard variable I need to export, or what? Obviously for ports this just works, so I've never had to do it. I'm sure there's a standard way, so I thought I'd get in the habit of doing that right from the start... The best way would be to write a port makefile and submit it. That way you only have to figure it out once. Especially if the app needs patches to work correctly on FreeBSD. And in case of a free software app, others can use it as well, _and_ help you with bugfixing. :-) For closed source stuff submitting a port would probably be useless. I'd love to (submit a port), but how do I make a port if I can't even get it to work the first time myself? configure --includedir=/usr/local/include doesn't work; export CPATH =/usr/local/include doesn't work; export CPPFLAGS -l/usr/local/include doesn't work; I've checked the permissions, and I can see the file right there, but configure/gcc can't. The developer swears something must be 'different' about freebsd because his gcc finds the same file in /usr/local/include. Appears his system is gentoo You don't givec me really enoough for me to go on, but I think really you need to know about 3 options to gcc (at least one of which you should be using, but you aren't) -v = means for gcc (which is really a smallish driver program for the real compiler) to show all of the subprograms that it kicks off, including all of the parameters it uses, and specifically for you, it shows the entire lib and include file search path it knows aboout. You aren't using this, so far as I can see. The other two are options to add to the default search path. Above, it seems like you are using -l to add an include file path, this is wrong, you should use -I, -l is to specify specific libraries to link in, not a path to search for the libs in. To add a library search path, you use -L. Well, after several permutations, I believe the magic string was: export CPPFLAGS='-I/usr/local/include' Near as I can tell, double quotes, CFLAGS, and CPATH were all failures, but I ain't the expert in these matters. Novices replace 'export' with 'setenv' if they are on csh instead of bash, right? Anyway, thanks for all the replies - now to start reading that 'porter's handbook'... Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
cups openoffice...bad mojo?
Save me! The wife can't print, so I've been spooled to the couch! Originally installed OO around 2.0. Wouldn't print. Finally found some esoteric blog somewhere that said link /usr/local/bin/lpd to /usr/local/sbin/lpd - voila! prints. When I upgraded X to 7.3, OO got upgraded to 2.3, and it stopped printing again. Now the magical ln lpd command won't fix it either. FYI, cups-base is 1.1.3 Thanks, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
arbitrary build can't find libs - right way to do this?
I'm trying to compile a non-port application for the first time ever. The associated library built and installed just fine - I can see them right in /usr/local/lib and usr/local/include/libnamefoo.h However, when I run ./configure for the application, it clearly can't find the libs. So my question is, should I be changing my path, is there a standard variable I need to export, or what? Obviously for ports this just works, so I've never had to do it. I'm sure there's a standard way, so I thought I'd get in the habit of doing that right from the start... Thoughts? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Data management (devel) and network size increase
I know there are quite a few members here who have grown through ranks and network size increases since I've joined this list, hence I'll ask my question here. Pardon the length, but if you follow through, I'm certain I'll get good feedback. Problem: Our network has grown exponentially in the last few years (without extensive forward-looking thought), and I have development work, data files etc on each server that has been implemented. Todo: Overhaul the entire network from Layer 1 up. Need: To be able to access data very quickly no matter what box I am on, and to do it securely. More in depth: Let's assume I have 30 servers, all within one PoP. Instead of having to SSH into server 'A' from server 'C' to look for a file I need for a program I have written (or just a normal data file), I want a way that I can have one source of ALL my data, then from ALL servers, be able to: # find /home/steve -name file.name Instead, I have to either remember (yeah, good luck), or guess what server the file is on, look for it remotely, then scp it over. For development, I had CVS set up at one point, but I found it to be too much effort for my simple tasks (I was probably using it beyond what I needed). I know about NFS, but I've heard it is a hassle to initially configure and relatively insecure. (This is not my stand, and I'm willing to be corrected). Does anyone have some recommendations on how I can consolidate my data (including development (almost all Perl)), so that it can be accessed as I would a local directory tree? Beyond that, also a suggestion on particularly the development files. If CVS is the way for that, I'll do it, but file management/access is more important. A key factor will be the ease of implementation of a new server into the mix. I have no problem throwing up a box with GELI, but it's gaining the access to the data like it were a local drive I want to make easy. Make sense? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: arbitrary build can't find libs - right way to do this?
On Nov 20, 2007 4:16 PM, Roland Smith [EMAIL PROTECTED] wrote: On Tue, Nov 20, 2007 at 03:34:29PM -0700, Steve Franks wrote: I'm trying to compile a non-port application for the first time ever. The associated library built and installed just fine - I can see them right in /usr/local/lib and usr/local/include/libnamefoo.h However, when I run ./configure for the application, it clearly can't find the libs. So my question is, should I be changing my path, is there a standard variable I need to export, or what? Obviously for ports this just works, so I've never had to do it. I'm sure there's a standard way, so I thought I'd get in the habit of doing that right from the start... The best way would be to write a port makefile and submit it. That way you only have to figure it out once. Especially if the app needs patches to work correctly on FreeBSD. And in case of a free software app, others can use it as well, _and_ help you with bugfixing. :-) For closed source stuff submitting a port would probably be useless. I'd love to (submit a port), but how do I make a port if I can't even get it to work the first time myself? configure --includedir=/usr/local/include doesn't work; export CPATH =/usr/local/include doesn't work; export CPPFLAGS -l/usr/local/include doesn't work; I've checked the permissions, and I can see the file right there, but configure/gcc can't. The developer swears something must be 'different' about freebsd because his gcc finds the same file in /usr/local/include. Appears his system is gentoo... Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: arbitrary build can't find libs - right way to do this?
I'd love to (submit a port), but how do I make a port if I can't even get it to work the first time myself? configure --includedir=/usr/local/include doesn't work; export CPATH =/usr/local/include doesn't work; export CPPFLAGS -l/usr/local/include doesn't work; I've checked the permissions, and I can see the file right there, but configure/gcc can't. The developer swears something must be 'different' about freebsd because his gcc finds the same file in /usr/local/include. Appears his system is gentoo... Would you be able to provide access to a tarball of what you are trying to compile/install for external testing so more eyeballs can see? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: arbitrary build can't find libs - right way to do this?
On Nov 20, 2007 5:33 PM, Steve Bertrand [EMAIL PROTECTED] wrote: I'd love to (submit a port), but how do I make a port if I can't even get it to work the first time myself? configure --includedir=/usr/local/include doesn't work; export CPATH =/usr/local/include doesn't work; export CPPFLAGS -l/usr/local/include doesn't work; I've checked the permissions, and I can see the file right there, but configure/gcc can't. The developer swears something must be 'different' about freebsd because his gcc finds the same file in /usr/local/include. Appears his system is gentoo... Would you be able to provide access to a tarball of what you are trying to compile/install for external testing so more eyeballs can see? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Well, the app is http://roadnav.sourceforge.net/downloads.php - I haven't tweaked it at all, so you can get the .tar right from them. It's a 2-part app, part one is the library, it installed fine after I symlinked wxgtk2-2.85-config to wx-config. Make install then put a bunch of stuff in /usr/local/include/libroadnav, and libroadnav.a into /usr/local/lib Then running configure on the main app complains that it can't find Map.h, which is right there where the lib's makefile installed it. I thought it was a permissions problem, but I can't see how. I've run all the commands as a sudoer, and the permissions/owner/etc on libroadnav look just like all the other libs/includes... Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD router and WCCP
Andrew Pantyukhin wrote: On Fri, Nov 16, 2007 at 12:48:52PM -0500, Steve Bertrand wrote: Does anyone know of a way to configure WCCP redirect support into a FreeBSD based router without having to install squid? I've only used FreeBSD as a WCCPv1/v2 sink (receiver), but you can try sending out packets out of gre(4). That should probably work. If you're trying to redirect traffic to another machine running squid, consider avoiding WCCP, it's not a very bright protocol.j Thanks for the response. We are deploying a commercial appliance as a content filter, so I can only assume that it is running a customized version of Squid but I don't know. Do you have any recommendation on what I should use if WCCP is not recommended? The filter will not be inline, and it will be an opt-in type service, so only certain traffic will need to be redirected. Tks, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD router and WCCP
ipfw forwarding is a very easy way to redirect traffic without changing it. PF has similar functionality. It all depends on what the appliance supports. If wccp is the only way it can eat packets, try playing with gre(4). But maybe it'll consume just plain packets with wrong IP destinations arriving on its MAC address, just the way squid on FreeBSD does. BTW, if the appliance supports ICAP, you'll be much better off running squid on a FreeBSD box and filtering content through ICAP. The appliance does indeed have ICAP capabilities, but I have never dabbled with it before. I am familiar with IPFW, but I'd like to know all options in order to choose the best one. I would very much prefer to do this in a way without having to have Squid running on the box, but will if I have to. The filter will not be inline, and it will be an opt-in type service, so only certain traffic will need to be redirected. You'll be able to use ipfw or pf to tune the policies to a very fine degree. Thanks for your help! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD router and WCCP
I am familiar with IPFW, but I'd like to know all options in order to choose the best one. I would very much prefer to do this in a way without having to have Squid running on the box, but will if I have to. If filtering is all you want, you don't have to set up squid as a caching proxy. I.e. it won't need much RAM and disk space. I have yet to set up ICAP (with c-icap) in our workshop, but from discussions on squid mailing lists it seems ICAP is in a pretty usable state, both in squid 2.x and 3.x. Essentially, I simply need a method to redirect layer 3/4 traffic destined for anything:80 from the router to the appliance. I've got a few options now, so I'll be testing all of them in the coming days. Thanks for your suggestions. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
permissions for www acting strangely
Few weeks ago, I installed apache22. Just wanted to put up some family photos. Whenever I tried to connect, got a apache doesn't have permisson to acess ~/. on this system or somesuch. The only way to get around it appeared to be a chmod 777 on my pic folder (no luck with 775!). Now I restored some stuff from a backup over my photos, and now 777 won't work either. Is there something fundamental about permissions I am totally missing? Thanks, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
launch x app from non-x tty?
Is there a way to log in from ssh and pop up a program on the local xterminal? I tried, and got complaints that there was no x, so I presume they are locked in tty0, which is a good thing, usually... Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: multihome network
Girish Venkatachalam wrote: On 00:18:42 Nov 16, alexus wrote: Hello, I have two NICs on my box, one (primary) connected to switch and have private IP. that IP also have a static route on Cisco PIX for accessing this box from outside. the other interface has public IP that is connected to another switch, i configure both IPs through /etc/rc.conf, but I can not for some reason access my box through that public IP, no firewall rules would prevent me from doing so. here is my output for netstat -rn -- snip Your default route is 192.168.1.1 and not 216.112.241.24 Yes, but if he changes that, then he won't be able to access the box via the PIX (private) connection. I will make these assumptions, then elaborate: The box in question is at your office. You are at home trying to access it. The connection works by connecting to the public IP of the PIX (that gets port-forwarded back), but does not work when accessing the direct Internet facing port. I'm willing to bet that if you run a tcpdump on your machine at home you are attempting the connection to the 216.112.241.x IP, you will actually find that the machine is getting back to you just fine. However, many OS's will drop a 'spoofed' packet. Essentially what is likely happening is this: - you send from home a packet to 216.112.241.x. - the office router/box accepts it - the office router looks up in it's routing table a path back to your home IP - it has no particular route, so it sends it out the default gateway (192.168.1.1) - your pc at home notices that the packet was sent to a destination IP, but it came back from a different one (the outside IP of the PIX) - the packet is dropped as the source address is spoofed There are a couple ways to fix this. The first and easiest is if you are only trying to connect to this box's public IP from one location, add a static route on the office box to that network that routes to it's public upstream The other way is to utilize policy-based routing. IPFW can do this, and (from what I understand) so can PF. (In Cisco-land, you would use a route-map). Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD router and WCCP
Does anyone know of a way to configure WCCP redirect support into a FreeBSD based router without having to install squid? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: multihome network
alexus wrote: my private IP that eventually resolves to public IP through PIX is different then coming from my other public IP that assigned on my fxp1 that comes from another ISP, the fxp1 IP already configured this way so it pass everything to my box what i've tried is adding route on my box route add 216.112.241.24 216.112.241.25 255.255.255.248 Wait a minute...this doesn't look right... Try this: # route add $homeIP/$netmask $gateway Where: - if you have a static IP at 'home', $netmask should be /32, otherwise, you'll need to shorten the prefix (such like /24) This will depend on your 'home' Internet provider setup - $gateway is the next hop upstream on the interface that has 216.112.241.x address on it. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: multihome network
alexus wrote: i dont see any difference as at the end i still get this 216.112.241.24/29 216.112.241.25 UGS 00 fxp1 in my netstat -rn, and no its still doesn't work... This is not the point. You need a route via the gateway that 216 is connected to for the REMOTE IP/network. Say for instance your 'home' connection is: 64.39.177.22, then you need a route like this: route add 64.39.177.22/32 $isp_gateway What you have: 216.112.241.24/29 216.112.241.25 UGS 00 fxp1 ...says '206.112.241.24/29 should be routed to 216.112.241.25. That is ALL it will route via that path. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cron/send mail question
zbigniew szalbot wrote: Dear all, What command (when using cron) should I invoke to automatically sent /var/log/exim/rejectlog file to a specified email address? I just need to analyze it and would best prefer to have it in my inbox in the morning. The following should be on one line in crontab : 1 * * * * mail -s File contents [EMAIL PROTECTED] /home/steveb/file.name It will send your file to you inline in an email ad one minute after midnight every day. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OT: Beastie 3D-rendered
cpghost wrote: On Mon, 12 Nov 2007 06:50:40 + Tino Engel [EMAIL PROTECTED] wrote: http://www.tilolit.de/images/tb/wallpapers/teufel.jpg [snip] Nevertheless I can check out the author (he is german, too) and ask him about the license issues... It would be *really* great if the author not only agreed to put the rendering under a permissive license, but also considered releasing and licensing the (graphics/povray?) source code too. I'd love to experiment a little bit with that! ;) Anyway, whatever comes out of it, kudos for the great find! :-))) Amen to that! I just would like to put it on my desktop/use it legally! Seriously, if someone here can gain the free rights to it and pass it along, then we all can say 'yay beastie!'. /* will keep hidden on desktop * until told not to. * Would be nice if someone says * that we can use it!!! */ Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
apache: you don't have acess to /
I just rsync'd a bunch of directories from an old backup on top of my web root, which was functional a minute ago. Ok, so I admit that was stupid. Suddenly, 'no acess to / on this server'. No problem, I just chmod -R 775, right? Only that didn't work, now I'm pretty much stuck Best, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ports with GUI configs
Not to mention, as a novice, I've discovered that for 20-60% of all ports, messing with the defaults makes the port fail to build Steve On Nov 12, 2007 8:26 AM, Ashley Moran [EMAIL PROTECTED] wrote: Hi I was just wondering, what is the motivation behind the GUI configuration for some ports? Simply put, they drive me up the wall. I've lost count of the number of times I've come back to a big install to find it hanging on a config screen. Possibly I'm missing something. The apache22 port is the latest one to join this crowd, although there is an option to skip the GUI. I'm much happier using WITH_PROXY_MODULES or whatever, and managing everything in pkgtools.conf. What is the best way to pre-configure GUI-configured ports? For example, if I want to script an installation of several ports. I've seen this: http://www.freshports.org/misc/dotfile/, is it what I'm after? Thanks for any advice Ashley -- blog @ http://aviewfromafar.net/ linked-in @ http://www.linkedin.com/in/ashleymoran currently @ work ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Steve Franks, KE7BTE Staff Engineer La Palma Devices, LLC http://www.lapalmadevices.com (520) 312-0089 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OT: Beastie 3D-rendered
Tino Engel wrote: Look what happened to Beastie: http://www.tilolit.de/images/tb/wallpapers/teufel.jpg COOL!!! Can I use it?!? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OT: Beastie 3D-rendered
Marc G. Fournier wrote: --On Sunday, November 11, 2007 20:55:18 + Tino Engel [EMAIL PROTECTED] wrote: Look what happened to Beastie: http://www.tilolit.de/images/tb/wallpapers/teufel.jpg Reminds me of a character from one of my kids tv shows ... cute :) It's much better than what we have! What license does it fall under? What do the elders think? Yay BSDie! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OT: Beastie 3D-rendered
Well, a couple of people think, I made this rendering. That is wrong... I just found it... (I NEVER mentioned having made it...) Though I do not know what license it falls under... I just wanted you to see it, cause I regarded it as beautiful... Nevertheless I can try to check out the license issues... LOL You post, and they will come... At least you are honest about it :) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OT: disk clone app
Jean-Paul Natola wrote: Hi everyone, sorry for the off-topic, but im ready to pull the last hairs off my head- a few months I downloaded an open source disk clone program for a friend of mine but it was like 3 am, it worked great booted from floppy and cloned the drive- g4u? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: New FreeBSD art?
It's just coincidence, but the many rack-mounted servers I've put a Beastie sticker on tend to run much smoother and reliably LOL, I thought there was a trick to it! I'll take about three dozen ;) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: New FreeBSD art?
Giorgos Keramidas wrote: On 2007-11-07 13:49, James [EMAIL PROTECTED] wrote: I know for sure. We shall rue the day beastie was ever demoted to mere mascot. RUE I TELL YOU The beastie is here[1] to stay, no worries... [1] 'Here' as in anywhere I can attach a sticker :-) ...and now I'll elaborate on my last reply... After I had thought about my comment, I realized that it might of implied that some of my boxen were unreliable because of FreeBSD. Of course that is the farthest from the truth, due to the fact that I have never had a failure due to the FreeBSD OS itself [1], but always problems occur because hardware failures. I still have boxen that run FBSD 4.3 for legacy purposes, and it has *never* failed. FreeBSD 4.3 - FreeBSD 6.2 currently in production. 7.0 in testing. It just works. I was just hoping the BSDie logo's would make my hardware think twice about failing ;) [1] -- unless it was my negligence or -current testing that I was doing on non-production gear. Yay for BSDie! This thread will eventually turn into a flame war, so I may as well put in my piece now! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: C compiler cannot create executables
Rod Person wrote: I seem to have really hosed up my system somehow and I'm not sure what I did. I'm running FreeBSD 7 Beta 1 i386. I was going to upgrade to Beta 2, but when ever I compile anything it fails and the last line is always: configure: error: C compiler cannot create executables I googled for awhile and found the suggestion to reinstall libtool, but that also fails with the same error. I had this exact problem with a production box quite a while ago. This was on a machine that was running 5.x. What I did was remove one of the mirrored drives, booted it in another machine. I put in a 6.x CD, ran sysinstall and did a binary upgrade. This was the only way I could fix the problem. Since then, the same box after being put back into production is currently running fine at 6.2 If you have good backups, or even better, a RAID1 system, a binary upgrade may be the easiest fix. It was for me. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: curious DNS behavior on a 7.0...
however, right now new every website i browse is penalized with a 10-20 second delay before the page finally starts loading. tcpdump is full of these: wouldn't it be your browser requesting the IPv6 address? you can check easy enough by pinging any website (which you haven't resolved yet) and see if u get the same calls. Good observation. unless you are pointing your resolver to localhost, and your local named is requesting the v6 records. Look into disabling this behaviour @ named.conf. I don't personally believe disabling this is the right approach. For instance, I set up a test IPv6 IP on an interface on a 100Mbps LANx WAN fast Ethernet connection. I then added an record to a named server. Working from another server on the same physical network (albeit different subnet across separate interfaces), the query time for both is exactly the same. Note that my resolver on 'cohiba' points to 208.70.104.3. cohiba# dig lanx-fa1.ibctech.ca lanx-fa1.ibctech.ca.7087IN 3ffe:ff00:1::1 ;; Query time: 0 msec cohiba# dig lanx-fa1.ibctech.ca ;lanx-fa1.ibctech.ca. IN A ;; Query time: 0 msec ...Now, performing the same test, from the same server, using the same DNS box looking for the exact same www site that the OP stated that was a problem originally: # INITIAL DNS LOOKUP cohiba# dig www.srh.noaa.gov ; DiG 9.3.2 www.srh.noaa.gov ;; ANSWER SECTION: www.srh.noaa.gov. 86400 IN A 216.38.80.20 ;; Query time: 210 msec ;; SERVER: 208.70.104.3#53(208.70.104.3) # SPECIFIC IPv6 LOOKUP (no answer) cohiba# dig www.srh.noaa.gov ; DiG 9.3.2 www.srh.noaa.gov ;www.srh.noaa.gov. IN ;; Query time: 102 msec CONCLUSION: If the last poster is right and it's only the browser is failing because it uses it's own faulty internal DNS resolver, then this is obviously a serious hindrance to the implementation of IPv6. Of course most 'users' aren't on the 'Internet' if their MSN page doesn't display, and will take the path of least cost to make it work ;) I'm not a protocol expert, but from what I can tell, a web browser DNS resolver/cache that works this way may also have quite an impact on the view regarding usability of any OS as IPv6 becomes more prevalent, not just FreeBSD. I've never noticed these problems before. Running Portable Firefox on my Windows XP workstation, I see the IPv6 and IPv4 address of all sites I go to, if they are v6 enabled. However, I have 16^N variables involved that make that an unfair evaluation. -- Does anyone else have issues in this regard? Particularly, does anyone else have IPv6 enabled, or better yet in use that can provide any feedback? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: curious DNS behavior on a 7.0...
Jonathan Horne wrote: reading the /etc/defaults/rc.conf, ipv6 appears disabled by default: ### IPv6 options: ### ipv6_enable=NO# Set to YES to set up for IPv6. however, right now new every website i browse is penalized with a 10-20 second delay before the page finally starts loading. tcpdump is full of these: 20:38:57.915695 IP athena.dfwlp.com.59056 castor.dfwlp.com.domain: 3505+ ? www.srh.noaa.gov. (34) arent 's ipv6 lookups? as i mentioned in another thread, i cant get the kernel to compile right now (thus eliminating the INET6 line), so im trying to figure another way out to stop this behavior). It's not required you remove IPv6 from the kernel in order to receive proper DNS A record responses, and even if IPv6 name services take precedence, it shouldn't cause such a delay (unless all of your boxen/DNS servers point to the same forwarders that cause this issue). I have several machines under 4.10 to 6.2, and at least two running 7.0 that are v6 enabled that don't have this issue. I do run IPv6 in my network with a legitimate block, however, I do not have any IPv6 name servers that contain any outside DNSv6 records. That said, more particulars are needed to find out what is happening. The most important thing to know in order to break this down is what name server(s) are you using on this particular server to resolve names. If you can post the output from the following whilst logged into one of the problematic machines, it will likely help: # cat /etc/resolv.conf If your box is a DHCP client, I won't know what to look for in that output. If by chance your box attains it's IP information via DHCP, then the next following output (particularly the last few lines) will help: # dig www.srh.noaa.gov Your queries may or may not be detrimental to the time in which you receive your DNS responses. I would personally lean toward the latter, given the lack of information. Don't go about recompiling the kernel without v6 support yet. It seems DNS is timing out for you somewhere, so post the above requested info and it can go from there. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: memory pool, rfc
I have some free time and want to do an memory pool. The idea is to have a memory zone of N KB (or several MB) compressed in memory. I have fast compression algorithms now that can release under BSD licence that are faster than hd i/o, so it take less compress/decompress a memory zone than read/write it to disk. I don't know if it already exist for FreeBSD, so if it's already done i'll try to improve it. Perhaps you should try the freebsd-hackers list... this list is generally for user operational questions. Don't point me to zlib or libbzip2, they are on another league and are much slower than my code. Ouch! ...you are not trying to sell anything are you? It may be in your best interest if you proceed to the hackers list, to initiate conversation in a way that explains how your code will benefit a cause, not slam other people (and their work) that are already established! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: memory pool, rfc
I think that in this list are FreeBSD *gurus*/hacks too which could say a try it or a are you crazy? answer. If other developers thinks that they need my rfc i'll add my code to FreeBSD. Agreed, so could it be added as a port, or can you license the code with the BSD license and post a link to it? To be honest, from what you say about your application, it sounds beneficial. I personally would be willing to try it on one of the boxes that I boot from removable USB disk and run the entire OS in memory, with no hard disk whatsoever. The point to zlib / libbzip2 is because when i talk about compression *always* someone says Why don't use zlib? Short answer No, Medium Answer: deflate is 15 years old and there are better and faster algs now. Understood. Can you provide a compilable product with reasonable documentation that can be tested? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: memory pool, rfc
And is it better than bzip? This is in essence why I tried to lead this thread off of this list. The OP stated nothing of being 'better'. On top of that, the OP was referencing libraries, not applications. The OP is trying to get his own code under the BSD license and that is great. Asking whether his app is 'better' than something else is a VERY relative question. 'Better' or 'faster' is something that you will have to answer for yourself after you've implemented it and given it appropriate benchmarks within your particular environment. Just like everything else in FreeBSD, there are always multiple ways to do it. This, as anything else, could possibly prove to be a way to do it 'better' for what you need it for. This truly was not meant to be a flame war. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: memory pool, rfc
No, i don't want to sell anything to anyone. I'm already on hackers list but has very low traffic (9 messages last 5 days) and this is a question list no ? ;-) I think that in this list are FreeBSD *gurus*/hacks too which could say a try it or a are you crazy? Even though you might get a little critized for being slightly off topic (at least until you add your code) try -current I apologize if I came across as critical, I did not intend it that way. Perhaps if the OP goes to -current with it, this thread could be referenced (in addition to the inclusion of code). Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: csup broken on -currnet amd64?
On Thu, Nov 01, 2007 at 03:06:54AM +, Aryeh Friedman wrote: monster# uname -a FreeBSD monster 8.0-CURRENT FreeBSD 8.0-CURRENT #0: Tue Oct 30 18:07:21 UTC 2007 root@:/usr/obj/usr/src/sys/GENERIC amd64 monster# csup -h cvsup8.us.freebsd.org /usr/share/examples/cvsup/ports-supfile Connected to 216.165.129.134 Updating collection ports-all/cvs Checkout ports/UPDATING Receiver: Connection reset by peer Will retry at 23:04:37 monster# csup -h cvsup9.us.freebsd.org /usr/share/examples/cvsup/ports-supfile Connected to 128.205.32.21 Updating collection ports-all/cvs Edit ports/UPDATING^M Receiver: Connection reset by peer Will retry at 23:05:17 Works for me. csup built from source less than 18 hours old. -- Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to provide fail-over capability for servers?
I will have 3 net-facing servers which must be available 24/7. I had planned to have an additional box located in a different building on the same site (in case of part power-outage) that will run VMware server and host all the fail-over servers. Is it safe to assume that both boxes, albeit being in different buildings on the same site are located within the same logical network? If that is the case, you may want to see if CARP will do what you want: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/carp.html Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ifconfig -- how to remove address and mask?
[EMAIL PROTECTED] wrote: I tried delete, but it only works for *additional* ip addresses added using the alias command, not the original, primary one. I can't remember the error message. Are you specifying the primary IP as an argument to delete? It works here for me with a primary IP ok: # ifconfig fxp1 delete 192.168.0.3 Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
xorg 7.3 module vesa does not exist
I thought I followed the upgrading instructions explicitly. vesa, i810, mouse and keyboard modules all don't exist. Path problem, or am I missing some key component? Or wipe my system and start over? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
port xyz: the grey screen with all the checkboxes is wrong and won't come back
Obviously, 'make clean' doesn't reset the configure screen. Don't know why. I recall there was a faster way to fix this than 'portsnap extract' but I'll be damned if I can remember, and the ports section of the handbook doesn't even mention configure dialogs... I'd love to add a snippet to the handbook to cover this, but the last time I made an offer like that on [EMAIL PROTECTED], it appears to have gone into dev/null... Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
cp --verify?
I don't see a --verify switch on cp, so I presume it does not. Is there an automated way to ensure a copy has gone well byte-for-byte without writing a script to filter diff? I want to be relatively sure my family pics are in the destination and not currupted before I wipe my flash card - got burned by ms windows on that bigtime last year... Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: port xyz: the grey screen with all the checkboxes is wrong and won't come back
You're not talking about make configure, are you? I tried 'make configure', but that just throws the same error back at me: 'blah can't continue because of conflicting options'. Is there a make configure clean? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: port xyz: the grey screen with all the checkboxes is wrong and won't come back
so where, phyisically, on the disk, does the data from make config go then? I looked in port/. after make clean, and it's as clean as fresh snow... Steve On 10/28/07, Erik Trulsson [EMAIL PROTECTED] wrote: On Sun, Oct 28, 2007 at 10:13:24AM -0700, Steve Franks wrote: Obviously, 'make clean' doesn't reset the configure screen. Don't know why. Because it is not designed to do that. I recall there was a faster way to fix this than 'portsnap extract' but I'll be damned if I can remember, and the ports section of the handbook doesn't even mention configure dialogs... 'make rmconfig' should remove a previously set configuration. 'make config' should display the configscreen again if it had already been set before. These are described in the ports(7) manpage (which contains lots of useful information regarding the ports system - not least the BUGS section. :-)) I'd love to add a snippet to the handbook to cover this, but the last time I made an offer like that on [EMAIL PROTECTED], it appears to have gone into dev/null... -- Insert your favourite quote here. Erik Trulsson [EMAIL PROTECTED] -- Steve Franks, KE7BTE Staff Engineer La Palma Devices, LLC http://www.lapalmadevices.com (520) 312-0089 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Booting a GELI encrypted hard disk
Pawel Jakub Dawidek wrote: On Thu, Oct 25, 2007 at 12:46:53AM +0800, Daniel Marsh wrote: Even if all data on a drive is encrypted, the partition table is not. Software based disk encryption works on partitions. That's not true. One can configure full disk encryption using GELI. To do it you need to have a small USB pen-drive or CD-ROM with /boot/ directory, but that's all you need. Then you actually boot from your unencrypted pen-drive, but mount all file systems from encrypted disk. The pen-drive is not needed for your system to run and you can be easly take it with you, which is not always the case for your laptop. This is EXACTLY what I have now. Soon as the machine is booted, my thumb disk comes with me. The ONLY information on the thumb drive is /boot, a directory /keys and an /etc that has only an fstab (to mount the .eli partitions from the hard disk) and a loader.conf file to locate the keys. This was originally my objective and have got it in place. Now the machine is nearly upgraded to 7.0. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Booting a GELI encrypted hard disk
The ONLY information on the thumb drive is /boot, a directory /keys and an /etc that has only an fstab (to mount the .eli partitions from the hard disk) and a loader.conf file to locate the keys. My bad, my bad. loader.conf is located under /boot of course. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Booting a GELI encrypted hard disk
The boot directory is different that root file system. /boot/ directory is only accessed by loader before root file system is mounted. Ah, right. I forgot that the /boot directory is only accessed by the boot blocks and loader(8) during boot, but not by the kernel, so it isn't actually mounted. Once the kernel mounts its root file system, it will be the real one from the encrypted disk. I don't know if this is absolutely true. I haven't tried it yet, but I don't think that /boot on the encrypted disk is necessary. I will rename the directory and reboot and see if it barfs. On the same track, upgrading this system has been easy so far. I do a build/install kernel into /boot on the encrypted disk, then simply copy the /boot/kernel directory over to the thumb drives /boot directory. However, making a mistake such as building and installing the wrong kernel config without crypto and GEOM_ELI leads to all sorts of problems. Relatively easy to recover from, but a waste of time to track down (I posted about this to -stable this AM). Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Booting a GELI encrypted hard disk
Oliver Fromme wrote: Steve Bertrand wrote: I haven't tried it yet, but I don't think that /boot on the encrypted disk is necessary. I will rename the directory and reboot and see if it barfs. It shouldn't be necessary. Once the kernel is loaded, the system never looks at /boot again. Unless, of course, you want to load a kernel module. Those are located in /boot/kernel by default, but you can change the if needed (see sysctl kern.module_path). Also, some system utilities that use KVM functions (vmstat, top, ps) might require access to the kernel file. But that can be changed, too: sysctl kern.bootfile. Other than that, the /boot directory isn't used at all during normal operation. This is correct, I tested it. Also, this system (with GEOM_ELI built into kernel) successfully upgraded from 6.2 to 7.0 with ULE scheduler enabled with no problems at all. Cheers! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sendmail error mesage
What does 451 Could not complete sender verify callout mean ? I have seen this before when a mail server is trying to send email from itself but does not listen on port 25. Do you have an SMTP server running on port 25 that at least the localhost can reach? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sendmail and SMTP AUTH, I need a hand
Hi, I tried to activate the SMTP AUTH in Sendmail following the steps of the man page (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth. html). Everythigns was ok, but... If on the client (Outlook Express or MS Outlook) is activated My server requires authentication the SMTP AUTH occurs and the mail is sent but if this option is disabled the mail is sent too. I can't really help on the config side of things, but: Are all of your clients under the domain you have listed in the access file? That essentially (AFAIR) means allow anyone sending from this domain to relay through me, no matter what, which (again AFAIR) means that any domain listed in that file can relay through you, even if I slap your domain into my mail client on my own IP address (please correct if wrong). If this is the case, remove the domain from access, and if it's in relaydomains, remove it from there too. After it's removed from access, do this: # cd /etc/mail # makemap hash access access I don't think you have to restart sendmail, but I can't remember. You should be able to eliminate all entries from both files after AUTH is enabled (again, AFAIR. I haven't used sendmail other than for system messages for a long time). Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
do I *really* need xorg 7.x?
Seems every time I try to install a pkg or make a port lately, I get this: ===Verifying install for /usr/local/libdata/xorg/libraries in /usr/ports/x1 1/xorg-libraries /usr/X11R6 exists, but it is not a symlink. Installation cannot proceed. This looks like an incompletely removed old version of X. In the current versio n, /usr/X11R6 must be a symlink if it exists at all.Please read /usr/ports/UPDAT ING (entry of 20070519) for the procedure to upgrade X.org related ports.*** Err or code 1 My system is just fine as is, thanks, am I stuck not installling any of these ports unless I upgrade X? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Booting a GELI encrypted hard disk
I am voraciously attempting to get a FreeBSD system to boot from a GELI encrypted hard disk, but am having problems. You don't need to encrypt the whole harddisk. You can encrypt separate slices. There is no need to encrypt stuff like / or /usr; what is there that needs to be kept secret? Maybe not encryption, but integrity protection is very important for laptops. GELI supports integrity protection for a while now. If you don't protect integrity of your entire laptop disk, it is trivial to trojan userland utilities and/or kernel and steal your password. If someone needs your data, he can dump encrypted partition, trojan your system and once you connect to the internet and attach your encrypted partition, the trojan will send the password to the attacker. Many people often leave their laptops in hotels rooms, for example. I don't quite grasp in what level you are using the term 'integrity' here. My knowledge of encryption at the storage level is limited at best... I'm just finding out all the finer points (temp directories, swap etc). However, I'll throw out what I wanted, what I have and then a question: Want: - a FreeBSD system that runs from a fully encrypted disk with passphrase and an encryption key on a removable thumb disk that can be removed so that upon reboot, can not be started Have: - a FreeBSD system that runs from a fully encrypted disk with NO passphrase (due to known, seemingly unsolved keyboard interaction problems) that boots from a thumb drive that has an encryption key so that when rebooted, does not boot (thumb drive can be removed once boot procedure complete)) Question: - if the disk (PC) is stolen, having the entire disk encrypted so no one can even tell what OS is on it, does it make it secure to the point that no one will know what to look for anyway (eg: what is in /usr)? If someone does not know the OS, then it makes it more difficult to know what string or text attacks to perform, right? (I'm not trying to start a security via obscurity/bikeshed war, I seriously wouldn't mind opinion). I think it's fantastic. I'm not a disk forensic specialist, but it's good enough for what I want. Again...thanks to everyone who worked on the GEOM infrastructure. Performance is adequate in my benches so far for what I need, so long as one has adequate memory as to not have to run a disk-based swap space. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Is it difficult to move from Linux?
I have been using Linux for over 10 years, but have for a number of reasons become very interested in learning to use FreeBSD. Are there any ex or current Linux users here and could you tell me how hard it is to make the shift from Linux? Is there anything in particular which has been written which would be useful to read? I have had a reason to run Linux, and have been running FreeBSD for nearly 10 years, so I'm backwards to your situation. Personally, I find it difficult to operate under a Linux platform, and I'll explain why without trying to start a flame war. My boxes that run FreeBSD do not have a GUI. I found that many of the Linux commands, start up scripts, configuration files et-al were in the Wrong Place (relative). Essentially, it's as simple as that. If you want to cross platforms like I've had to do from time to time, the majority of stuff comes near-naturally, and what doesn't, Google will take up the slack. You have come to a good place if you need to move forward with FBSD, and especially with a 10 yr background in *nix to begin with, a little time in frustration of learning the new locations of files it should be a cakewalk. What to read? Start with the FreeBSD handbook. One could say that it's TFM to begin with ;) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How To Change Email Addr?
[EMAIL PROTECTED] wrote: Hi; I need to update the email address to which emails from the server are sent ([EMAIL PROTECTED], cron stuff, etc.). I created a file: /root/.foreward and added the new address, but that didn't do it? How? If you are running sendmail, check for the root: line in: # /etc/mail/aliases Change the second parameter to what email address you want root's mail to go to, and then run: # newaliases Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gtn bot ?
Does anyone know where I might find some info on 'gtn'?? It would be advisable to review the thread entitled Strange perl script that is currently active on the list, dated from Oct 17th. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How To Change Email Addr?
[EMAIL PROTECTED] wrote: chmod 644 /etc/mail/aliases I tried that and checked the permissions on /etc/mail/aliases.db but nothing works :( Any other ideas? Try this: # cd /etc/mail # makemap hash aliases aliases Then post to this list output from: # ls -la | grep aliases If the timestamp of aliases.db had not been updated, post output to the list from: # whoami # ls -la /etc/mail Regards, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
GELI and shutdown
A quick question: Is it necessary or even advisable to unmount and/or detach GELI partitions prior to performing a halt or shutdown? If so, what is the best way to go about automating it? I've got a FreeBSD 6.2 system finally running on a fully encrypted disk now. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sendmail problems
Duane Winner wrote: Hello, I need help to resolve a problem with my sendmail server. Usually when 'sendmail' is in a subject line, one can usually expect Giorgos respond :) This is not a Sendmail issue, per-se. If we can take this back one step to re-evaluate the entire situation it may help: - what is the domain you are seeing issues with (are there more than one? If so, are they on the same box/IP?) - what IP is this domain's mail operating on - examples of domains you see problems with, and examples of those you don't - is it only mailing lists you have problems with - do you receive this email I am sending on the problematic server Do you have another site that you can confirm working/not working? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ahd0 Transmission error [was: can you help me?]
I am beyond confident that there are people here that can help, but you must certainly wrap this in context: # uname -a ...would be a start, more importantly, what context is this in (boot?). This is beyond me, but with more context and a better subject line, you have a MUCH better chance of the busy people that offer their time to work with the hardware/drivers in question will review your request and possibly offer a response, or notice the need to file a PR. I don't have Greg's 'howto get good responses from the list' monthly post handy, but take a look in Google for how to submit a question to a mailing list to get a good response. Even a subject line of Hardware _insert-vendor-product_ causes fault on boot would help attract attention of people that selflessly claim responsibility for it's operation (and therefore communication with the people that take care of it's lower-level workings). I don't personally recognize many of the drivers in question, so hopefully someone else who does know will help out. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: GELI and shutdown
Is it necessary or even advisable to unmount and/or detach GELI partitions prior to performing a halt or shutdown? This will be done automatically. Thank you. This is good, and important to know. My appreciation goes out to everyone who has ever had a say in the development of the GEOM framework. It has come very far and continues to accumulate value to users at all levels. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Strange perl script
Jack Raats wrote: HI Can anyone explain this after ps -ax | grep perl 21893 ?? I 1:02.37 sploger (perl5.8.8) 29536 ?? R184:14.94 sploger (perl5.8.8) 29538 ?? R184:36.44 sploger (perl5.8.8) 30668 ?? R168:56.54 sploger (perl5.8.8) What is sploger? # locate sploger # head /path/to/sploger If the first line states something similar to: #!/usr/bin/perl Post a chunk of the code here and someone should be able to tell you what it is, or at least attempting to do. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Strange perl script
Looks sort of like a Perl script running. That, of course, doesn't say what it is doing. The stangest thing is that I cann't find sploger on my system. After a reboot sploger doesn't appear anymore, which makes it more stranger. Post output of: # last # cat /root/.history # ls -la /root # ls -la /tmp # ls -la /var/tmp # ps aux Ensure you leave the command you perform with the associated output, and leave a few newlines between each command for ease of reading. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Dual Routers
Is it possible to run two routers? I have an ADSL modem 192.168.1.1 and a wireless router 192.168.2.1. The both are accessed using dhcp. I would like to be able to switch from one the the other, or have both available. Is this possible? If I understand you correctly, you could do this: Change the LAN IP of the wireless unit to 192.168.1.2. Plug the ADSL modems ethernet port to the LAN side of the wireless router. Plug your PC's into the remaining LAN ports on the wireless unit. Essentially, this turns your wireless 'router' into a bridged access point. You will have to disable DHCP on the wireless router, and let the ADSL modem hand out addresses. You will surf just fine, and you will be able to access the wireless router for maintenance at 1.2, and the ADSL modem at 1.1 Hope this is what you were after. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Booting a GELI encrypted hard disk
That's a heck of a lot of trouble to go to, considering someone would have to steal your drive, alter it and put it back without you knowing it! Essentially, what I'm looking for is thus: - someone breaks into my always-locked equipment room - someone steals the box(es) in question, which obviously means shutting down the unit I don't want said thief to be able to retrieve the data after the box is stolen, which is why I'd like a passphrase, and a removable key. Even if the passphrase is captured, the data will still be protected because I have the only key to the system 35 miles away on my person. If the intruder has physical access to the machine, it would be much easier to put a keylogger device between the keyboard and the machine. There is no possible way this would go unnoticed. Anyone that could gain access to the already secured room would have a window of about 15 seconds to break into the building after hours (secured/alarmed), smash in the secured equipment room door, grab the box (out of about 40) and run. It's questionable though, whether you should leave your computer in an environment where this can happen undetected and probably better solved by increasing real life security. Like I said, it won't go undetected. The equipment is in a very secure equipment area, inside of a secured and alarmed building. All equipment is monitored 24/7, so if the box was physically altered, I would be alerted via SMS/email immediately. An important point that too many people forget. I agree, but this is not the case here. I just want the data protected if the box goes down, whether by physical intruder, or I force it down myself. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Booting a GELI encrypted hard disk
As you can see only /home is encrypted because the rest doesn't hold data worth encrypting. Well, on mine it will. I was talking about my system. Yours will of course be different. :-) I know. I was not trying to be sarcastic in any way. Sorry if it seemed that way :) You can even encrypt /tmp with a one-time key (see 'geli onetime'). I will likely do this with /tmp and swap. Also have a look at the geli_* variables in /etc/defaults/rc.conf. Will do. It only needs to be present during creation of the GELI devices (geli attach). The rc scripts know they have to load GELI and attach the devices if they see an .eli device in /etc/fstab. Geli will ask for the passphrase(s) during boot-up if you're using them. You can specify which key-file to use in the geli_[devicename]_flags variable in /etc/rc.conf However using a USB device presents it's own problems. If you plug-in a USB stick there's no telling which device node it ends up with, depending on how many other USB devices are on the bus. To make device recognition easier, you should use a GEOM label on the USB stick, so you'll know which /dev/label/* device node it gets. And you'd probably have to hack an rc script to mount the USB stick _before_ the system tries to attach the GELI device(s). Getting around these issues is trivial. The only requirement is that my thumbdrive comes with me after the machine is reloaded. And remember that this USB stick is another thing you have to back-up and store in a safe place. It would be bad if you lost your data because your USB stick died or got lost. Understood. This has been considered, and it's exactly what I do with my TrueCrypt encrypted information on my Windows workstation. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Booting a GELI encrypted hard disk
Hi all, I am voraciously attempting to get a FreeBSD system to boot from a GELI encrypted hard disk, but am having problems. All of my searches lead to the same problem...GELI passphrase can not be entered correctly upon boot. I have tried everything I have found on the web (including disabling 'kbdmux' in the kernel) to no avail. Is there any chance that anyone here has found a resolution to this problem, in the 6.x branch, and if not, has it been looked/resolved within -current? Does anyone have a suggestion for a workaround? Thanks for any advice. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Booting a GELI encrypted hard disk
Daniel Marsh wrote: On 10/10/07, Steve Bertrand [EMAIL PROTECTED] wrote: Hi all, I am voraciously attempting to get a FreeBSD system to boot from a GELI encrypted hard disk, but am having problems. All of my searches lead to the same problem...GELI passphrase can not be entered correctly upon boot. I have tried everything I have found on the web (including disabling 'kbdmux' in the kernel) to no avail. Is there any chance that anyone here has found a resolution to this problem, in the 6.x branch, and if not, has it been looked/resolved within -current? Does anyone have a suggestion for a workaround? You could always use a key without a passphrase... unsafe as it is, put the key on a usb device that you remove once the machine has booted? That is what I was going to try next. The 'howtos' I've been reading require putting many of the boot files on the thumb drive, so would it even be possible to unmount/remove the usb stick after the machine is booted up? If I was to do it this way, I would likely use two separate key files, on two separate USB sticks. Reference: http://www.proportion.ch/index.php?page=31 Thanks for your feedback. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Booting a GELI encrypted hard disk
Put all the data that really needs to be encrypted on a separate slice, and encrypt that. Leave the rest unencrypted, especially /boot. As a rule of thumb; don't bother encrypting anything that you can just download from the internet. :-) Fair enough, this makes sense. Thank you. As you can see only /home is encrypted because the rest doesn't hold data worth encrypting. Well, on mine it will. If you encrypted / and /usr, you might actually make the system more vulnerable to a known-plaintext attack, because there are a lot of files with well-known contents there. I can get away with not having / encrypted, but I need /var encrypted for databases and logs etc, /tmp so any temporary files are secured and the swap file (swap very rarely gets used). So, I will test it as you suggested, however, would it be possible to still house my key on a removable USB stick, and after the slices are mounted into the file system successfully to then unmount and remove the USB drive and have the box remain in operation, or does the key need to be accessed throughout all disk reads/writes? Essentially, I'd like it so that if the box reboots while I am gone, or if I want to reboot it remotely there is theoretically no way for someone at the console to re-mount the encrypted slices? Thank you for all of this info! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Managing very large files
The reason for the massive file size was my haste in running out of the office on Friday and forgetting to kill the tcpdump process before the weekend began. Sounds like you may want a Perl script to automate managing your tcpdumps. 99% of the time I use tcpdump for less than one minute to verify the presence or lack thereof of ingress/egress traffic on a box or network. This was the one time that I actually left the shell to continuously let it capture. I will next time however wrap it with something to stop this from happening, or simply use the functions within the program itself: -c Exit after receiving count packets. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Managing very large files
Check out Tie::File on CPAN. This Perl module treats every line in a file as an array element, and the array element is loaded into memory when it's being requested. In other words: This will work great with huge files such as these, as not the entire file is loaded into memory at once. http://search.cpan.org/~mjd/Tie-File-0.96/lib/Tie/File.pm Thanks everyone who replied to me regarding this issue. The above appears to be my best approach. Although I have not the time yet to look into Tie::Find (and I've never used that module before) but I will. So long as I can read chunks of the file, load the data into variables (I like the array approach above) and process each array independently without loading all of them at once into memory, and without having to load the entire file into memory. Tks! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Managing very large files
Heiko Wundram (Beenic) wrote: Am Donnerstag 04 Oktober 2007 14:43:31 schrieb Steve Bertrand: Is there any way to accomplish this, preferably with the ability to incrementally name each newly created file? man 1 split Thanks. Sheesh it really was that easy. *puts head in sand* Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Managing very large files
Hi all, I've got a 28GB tcpdump capture file that I need to (hopefully) break down into a series of 100,000k lines or so, hopefully without the need of reading the entire file all at once. I need to run a few Perl processes on the data in the file, but AFAICT, doing so on the entire original file is asking for trouble. Is there any way to accomplish this, preferably with the ability to incrementally name each newly created file? TIA, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Managing very large files
man 1 split (esp. -l) That's probably the best option for a one-shot deal like this. On the other hand, Perl itself provides the ability to go through a file one line at a time, so you could just read a line, operate, write a line (to a new file) as needed, over and over, until you get through the whole file. The real problem would be reading the whole file into a variable (or even multiple variables) at once. This is what I am afraid of. Just out of curiosity, if I did try to read the entire file into a Perl variable all at once, would the box panic, or as the saying goes 'what could possibly go wrong'? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Managing very large files
Heiko Wundram (Beenic) wrote: Am Donnerstag 04 Oktober 2007 22:16:29 schrieb Steve Bertrand: This is what I am afraid of. Just out of curiosity, if I did try to read the entire file into a Perl variable all at once, would the box panic, or as the saying goes 'what could possibly go wrong'? Perl most certainly wouldn't make the box panic (at least I hope so :-)), but would barf and quit at some point in time when it can't allocate any more memory (because all memory is in use). Meanwhile, your swap would've filled up completely, and your box would've become totally unresponsive, which goes away instantly the second Perl is dead/quits. Try it. ;-) (at your own risk) LOL, on a production box?...nope. Hence why I asked here, probing if someone has made this mistake before I do ;) The reason for the massive file size was my haste in running out of the office on Friday and forgetting to kill the tcpdump process before the weekend began. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
bsnmp and UCD-SNMP-MIB
Is it possible to use the UCD-SNMP-MIB with bsnmp? If so how? If not, are there plans for this? I'd prefer to use bsnmp instead of installing net-snmp, but I need the UCD MIB. Thanks, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBsd e-mail question
Is there anyway to have rmuser remover the mail drop file associated with that account also, or am I just going to have to remove these manually? It really depends on what version of rmuser you have. In /usr/sbin/rmuser, do you have something similar to this code snippet?: if [ -f ${MAILSPOOL}/${login}.pop ]; then verbose echo -n ${MAILSPOOL}/${login}.pop || echo -n pop3 rm ${MAILSPOOL}/${login}.pop fi ...if so, try putting a . character before each instance of ${login}.pop. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
anyone have a favorite laptop?
The freebsd laptop page is a nice resource, but it's a bit heavy on specifics (i.e. I have a laptop I want to install on), not so good generally (want to buy a laptop). So anyone have realworld advice? I'm not against something used in the 1GHz+ range. I have a compaq that is %#*!^$. The pcmcia will not work, the ndiswrapper for the broadcom panics, etc. So, compaq is right out (the've always maintained their poor reputation, no?) - so compaq is out. Seems gateway has an equally bad rap Thanks, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
cron jobs not done during sleep
Correct me if I'm wrong, but cron doesn't keep track of the last time something was done, does it? Which is to say if my system is crashed, was asleep, or powered off when a job is supposed to happen, it will not happen the next time the system is successfully operational, will it? It's not obvious to me for sure either way from any sources I've read (man crontab, google), and unix tends towards k.i.s.s. (which is why we like it) ...I understand why that would be important behavior if something would cause problems executed other than 9am on Mondays... Is there a tool or setting to implement this functionality? I want something to happen weekly, I don't care when. Assume I am off the commercial power grid and I'm not going to leave my system powered on just to make sure my backups get run. I use it when I need it, then I turn it off. More people should. Electricity is not free from a economic, social, or environmental perspective, and promises to be less so with time. Thanks, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Good FreeBSD Supported Gigabit Ethernet Card?
Oliver Hansen wrote: I'm looking to eventually upgrade my home network to all gigabit so I'm going to start by purchasing a few NICs for some old servers I just received. I know there are quite a few supported by FreeBSD6 which I found ( http://www.freebsd.org/releases/6.0R/hardware-i386.html#ETHERNET ) but I'm wondering if there is any real benefit in buying a $40 or $50 NIC like the Netgear GA311 or just get a $20 NIC like the D-Link DFE-530TX+. The use will probably be a firewall, proxy, file server, and DVR. http://www.EagleBit.com/Netgear_GA311_Gigabit_PCI_Card_p/eb-400-00357.htm I have a few Netgear GA311's in production, and although I haven't done any benchmarking, I know that they work rock solid operating atop the re driver in my backup infrastructure: backup# uname -a FreeBSD backup 6.2-RELEASE-p2 FreeBSD 6.2-RELEASE-p2 #0: Mon Mar 5 16:57:55 EST 2007 backup# ifconfig re0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=1bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING I can't speak of D-Link however. Aside from the NIC's, I have found some performance issues with NetGear GigE managed switches though, whereas they seem to slowly loose throughput width after a few months without a reboot. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Good FreeBSD Supported Gigabit Ethernet Card?
OP said: The use will probably be a firewall, proxy, file server, and DVR. No offence meant, but why would you like to upgrade a home network to Gbit? Is it required at all? Say for instance you have three 'items' on your home network trying to communicate with a central box on your 'home' LAN, and said LAN was operating on 100Mpbs NIC's. The 'home server' is also on a 100Mbps NIC. That gives the home server a theoretical up/down throughput at 200Mpbs. If all three items at home are trying to connect with/through this central box simultaneously, then you now have theoretically 600Mpbs in/out all at the same time. The central server can't handle this, nor can any 10/100 layer-2 equipment in between. Upgrade all the NIC's in all the items on the home network to GigE, throw in a GigE switch, and now you can see how you just cut open the garden hose and now have a small river. Even on the smallest of networks, if you've ever tried to transfer multiple-gigabyte files across it, you will very quickly appreciate the exponential transfer rate when it comes to the relatively cheap 'upgrade' to GigE equipment in the home. Just make sure you're not still using that old Cat3 cable ;) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Service providers using Quagga
First off, sorry to cross-post, but *isp@ does not see much traffic. I'm wondering if there are any network service providers here that run any of their routing infrastructure within Quagga running on FreeBSD. I'd like to know what software alternatives are deployed out in the field, and how large a shop utilizes such software methods instead/combined with standard hardware router offerings. If this is a relatively common practice out there, what size environment do you run it in, and at what level within your network? Cheers, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Scripting question
I don't have the perl skills, though that would be ideal. -- snip -- Another approach in Perl would be: #!/usr/bin/perl my (%names, %dups); while () { my ($key) = split; $dups{$key} = 1 if $names{$key}; $names{$key} = 1; } delete @names{keys %dups}; # # keys %names is now an unordered list of only non-repeated elements # keys %dups is an unordered list of only repeated elements split splits on whitespace, returning a list of fields which can be assigned to a list of variables. Here we only want to capture the first field: split is more efficient for this than using a regex. The first occurrence of $key is in parens because it's actually a list of one variable name. We build two hashes, one, %name, keyed by the original names (this is the classic way to reduce duplicates to single occurrences, since the duplicated keys overwrite the originals), and one, %dup, whose keys are names already appearing in %names - the duplicated entries. Having done that we use a hash slice to delete from %names all the keys of %dups, which leaves the keys of %names holding all the entries which only appear once (and the keys of %dups all the duplicated entries if that's useful). I don't know if this is completely relevant, but it appears as though it may help. Bob Showalter once advised me on the Perl Beginners list as such, quoted, but snipped for clarity: see perldoc -q duplicate If the array elements can be compared with string semantics (as you are doing here), the following will work: my @array = do { my %seen; grep !$seen{$_}++, @clean }; Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Good FreeBSD Supported Gigabit Ethernet Card?
No offence meant, but why would you like to upgrade a home network to Gbit? Is it required at all? This is a useless response. Why do you feel the need to question his intentions? Maybe he wants faster throughput. Maybe he'd like to utilize GigE speeds on a switch he bought. Maybe he wants to learn more about gigabit networking. At any rate, why really doesn't matter. Why really does matter. It was a genuine inquisitive inquiry. There was nothing wrong with his question...it was relatively polite and quoted in context properly as to emphasize why this sort of upgrade would need to be done in a particular location. Perhaps the poster was questioning the OP because he wanted to learn about GigE himself, and why it may/would be needed/wanted... Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: http://www.freebsd.org site unreachable
[EMAIL PROTECTED] wrote: I am unable to get to freebsd.org is this on my end only ? Failing from Southern Ontario, Canada as well. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Service providers using Quagga
I just want to say thank you very much to everyone who has replied to me thus far, on this list, and on other groups. From what I can tell, I should have no performance issues whatsoever in my relatively small environment. To be honest, I do prefer the Cisco IOS like command structure of Quagga, however, the documentation I found to be not overly friendly. I've received more recommendations for OpenBGPD and OpenOSPFD so I will install and test with them next week. They even appear to handle IPv6 natively, which is a requirement in my case. Again, thanks to everyone who posted back to me, and if anyone has anything else to add, or any more known large sites as examples, by all means, please keep them coming! Regards, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: kernel log messages
+pid 85092 (httpd), uid 80: exited on signal 11 pid 85097 (httpd), uid +80: exited on signal 11 pid 85099 (httpd), uid 80: exited on signal 11 Is this something I should care about ? First time I see this, and since the os mention it to me, I guess it's something important :-) In almost every case I've seen posted to this list regarding sig 11 problems, the response has nearly always been replace memory. Even in a case of my own a few years back, said recommendation fixed my problem. (I think mine was during a buildworld). Aside from that, I've also heard of heat (as already stated this thread), and flaky power supply. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: http://www.freebsd.org site unreachable
John Fitzgerald wrote: New York is down ICMP and telnet 80 are OK Still down for me. Not only HTTP, but ICMP and telnet. A trace hangs at the following for about 90 seconds: traceroute to www.freebsd.org (69.147.83.33), 30 hops max, 40 byte packets 1 cisco-lanx-srv (208.70.104.1) 1.415 ms 1.437 ms 1.570 ms 2 208.113.10.210 (208.113.10.210) 4.737 ms 4.933 ms 4.513 ms 3 if-1-103.core1.TNK-Toronto.teleglobe.net (63.243.175.193) 4.507 ms 4.665 ms 4.909 ms 4 if-9-0.mcore3.TTT-Scarborough.teleglobe.net (216.6.98.53) 5.878 ms 5.504 ms 5.488 ms 5 if-4-0.mcore4.NJY-Newark.teleglobe.net (216.6.98.2) 23.318 ms 23.553 ms 23.401 ms 6 if-7-0.core2.NJY-Newark.teleglobe.net (216.6.63.6) 23.642 ms 23.264 ms 23.347 ms 7 if-3-2.mcore3.NJY-Newark.teleglobe.net (216.6.57.29) 23.429 ms 24.179 ms 24.604 ms 8 216.6.97.37 (216.6.97.37) 24.239 ms 24.090 ms 24.050 ms ...probably due to DNS lookup, but then breaks here: 9 if-1-0-0.core3.AEQ-Ashburn.teleglobe.net (216.6.51.5) 29.478 ms 29.716 ms 29.771 ms 10 ix-14-2.core3.AEQ-Ashburn.teleglobe.net (63.243.149.110) 28.604 ms 39.023 ms 28.556 ms 11 so-0-0-0.pat1.pao.yahoo.com (216.115.101.128) 87.663 ms 87.225 ms 87.382 ms 12 g-1-0-0-p140.msr1.sp1.yahoo.com (216.115.107.53) 88.111 ms g-1-0-0-p150.msr2.sp1.yahoo.com (216.115.107.77) 87.821 ms g-0-0-0-p150.msr2.sp1.yahoo.com (216.115.107.73) 87.739 ms 13 ge-1-42.bas-b2.sp1.yahoo.com (209.131.32.35) 88.383 ms ge-1-43.bas-b2.sp1.yahoo.com (209.131.32.37) 87.973 ms ge-1-47.bas-b2.sp1.yahoo.com (209.131.32.53) 89.173 ms 14 * * * Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Bertrand Sent: Friday, September 14, 2007 4:03 PM To: [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Subject: Re: http://www.freebsd.org site unreachable [EMAIL PROTECTED] wrote: I am unable to get to freebsd.org is this on my end only ? Failing from Southern Ontario, Canada as well. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
fastest way to ghost/image multiple machines?
I'm interested in how to specify a release and a bunch of packages, and squirt it to multiple machines. Or perhaps I'd like to spec the current binary contents of my machine (sans config files) so I could rebuild it from scratch later, without backups, or perhaps install another machine with my current set of packages, but 7.x instead of 6.2, etc. Permutations on this theme seem endless, and don't appear to be focused on in the handbook. Also interested in installing to a spare disk in my system, then putting said disk in another system. I always get errors after label'ing when I try it, presumably because I already have a filesystem mounted as root, and it trys to mount the new one as root to copy onto... Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: snapshot is corrupt
This happens to me from time to time on a few older (6.1) systems. Typically, re-running portsnap fetch clears the issue. Steve On 9/8/07, Jeffrey Goldberg [EMAIL PROTECTED] wrote: I just got the following when trying a portsnap. Any ideas? I really don't understand how portsnap works, so for me the error message isn't that useful. $ sudo portsnap fetch update Password: Looking up portsnap.FreeBSD.org mirrors... 4 mirrors found. Fetching snapshot tag from portsnap3.FreeBSD.org... done. Fetching snapshot metadata... done. Updating from Fri Sep 7 04:51:41 CDT 2007 to Sat Sep 8 05:50:59 CDT 2007. Fetching 4 metadata patches... done. Applying metadata patches... done. Fetching 0 metadata files... done. Fetching 1285 patches. 102030405060708090100110120. ... 13014015016017018019020021022023 0240250260270280290300310320330. ... 34035036037038039040041042043044 0450460470480490500510520530540. ...550560570580590 done. Applying patches... done. Fetching 708 new ports or files... /usr/sbin/portsnap: cannot open e34b76c53bfd361a3defe2a9a884c0aa4f10da8b845ddf8e991fc419b3109f09.gz: No such file or directory snapshot is corrupt. $ Thanks, -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]