Re: Patching? Probably a trivial question, but...
Kurt Buff wrote: On Wed, May 27, 2009 at 11:36, Mel Flynn mel.flynn+fbsd.questi...@mailing.thruhere.net wrote: On Wednesday 27 May 2009 17:21:42 Kurt Buff wrote: All, I've gotten a patch for a program in the ports tree from one of the authors of the program - not the port maintainer - to fix a small problem, but don't know how to install the updated port. I cd'ed into the /usr/ports/%CATEGORY%/%PROGRAM%/work/%PROGRAM-VERSION% directory, then performed 'patch patch-name' successfully, AFAICT. Then I did a make, but got no output. So - I'm obviously lacking clue here. Anyone have a spare set? Don't feel like reading the entire thread atm, but for reference: - Patches need to have relative paths, where the root of the path corresponds to the port's notion of $PATCH_WRKSRC - You can find out this directory by running: Â Â Â Â % make -C /usr/ports/category/portname -V PATCH_WRKSRC Â The default is $WRKSRC which is $WRKDIR/$DISTNAME by default. Â Example: Â Â Â Â % make -C /usr/ports/sysutils/nagios-statd -V PATCH_WRKSRC Â Â Â Â /stable/usr/obj/usr/ports/sysutils/nagios-statd/work/nagios-statd-3.12 - Patches are automatically applied if they reside in the port's notion of PATCHDIR and are named patch-* - You can find out this directory by running: Â Â Â Â %make -C /usr/ports/category/portname -V PATCHDIR Â The default is $.CURDIR/files. Â Example: Â Â Â Â % make -C /usr/ports/sysutils/nagios-statd -V PATCHDIR Â Â Â Â /usr/ports/sysutils/nagios-statd/files - In order to apply a new patch after you have previously gone past the patch stage (configure, build, install), either run make clean or: Â Â Â Â % rm $(make -C /usr/ports/category/portname -V PATCH_COOKIE) Â The above can cause problems, with the build. The normal course of action is to make clean. Excellent. I will be trying this tomorrow - I'm leaving work early today to get some things taken care of. Kurt, I had to leave rather hastily the other day, but I did test the patch, and it worked ok. If this is a one-off thing, here is how I did it: # cd /usr/ports/category/program # make clean # ee source.patch (pasted the patch in) # make configure (which preps the source) # cd work/progname # patch ../../source.patch # cd ../.. # make # make install All worked well. Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: Another uptime story
Chris Rees wrote: 2009/5/27 Glen Barber glen.j.bar...@gmail.com: On Tue, May 26, 2009 at 11:23 PM, Polytropon free...@edvax.de wrote: Maybe there's a way of patching the uptime utility that it adds the previous uptime of the system (since last shutdown) to the actual uptime. I know this denies everything uptime stands for, let's call it accumulated uptime. :-) I like that idea, actually.. Not for faking cumulative uptime. It'd be kinda nice knowing how long a particular machine has been 'alive' without looking through service tag records. -- Glen Barber How about: [ch...@amnesiac]~% ls -l /etc/ssh/ssh_host_key.pub -rw-r--r-- 1 root wheel 324 Apr 15 2008 /etc/ssh/ssh_host_key.pub [ch...@amnesiac]~% I think I'd cry if I were to lose 553 days of uptime Not really a biggie, I've got another test box right behind it ;) ww9# uptime 9:09AM up 501 days, 22:20, 1 user, load averages: 0.00, 0.00, 0.00 Due to network restructuring, the test hardware will be coming out... Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: Another uptime story
Glen Barber wrote: On Wed, May 27, 2009 at 9:56 AM, Steve Bertrand st...@ibctech.ca wrote: Not really a biggie, I've got another test box right behind it ;) ww9# uptime 9:09AM up 501 days, 22:20, 1 user, load averages: 0.00, 0.00, 0.00 Due to network restructuring, the test hardware will be coming out... Steve, Just out of curiosity, what function did 'radius' serve? RADIUS ;) ...for a local setup of wireless hotspots (freeradius was current on the box). One of many. Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: something broke last night. www.freebsd.org offline?
Michael Scheidell wrote: none of my freebsd systems can surf to www.freebsd.org anymore. host www.freebsd.org www.freebsd.org has address 69.147.83.33 www.freebsd.org has IPv6 address 2001:4f8:fff6::21 www.freebsd.org mail is handled by 0 . mx1.slpowers.com.ionspam.net# host -t a www.freebsd.org www.freebsd.org has address 69.147.83.33 lynx does this (as an example): socket failed: family 28 addr 2001:4f8:fff6::21 port 80. I don't have any of our servers or workstations compiled WITH_IPV6 Can you provide: # netstat -rn # ifconfig ...on one of the boxes? I have no issues here: pearl# telnet -6 freebsd.org 80 Trying 2001:4f8:fff6::28... Connected to freebsd.org. Escape character is '^]'. ... pearl# telnet freebsd.org 80 Trying 69.147.83.40... Connected to freebsd.org. Escape character is '^]'. Also, after a quick look, it would be handy if you could flush your DNS cache and try again. The IPs I get for FreeBSD.org are different than those in your example. Perhaps they changed, and your DNS has not updated yet. Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: something broke last night. www.freebsd.org offline?
Michael Scheidell wrote: Steve Bertrand wrote: Michael Scheidell wrote: none of my freebsd systems can surf to www.freebsd.org anymore. ah. I see problem.. you didn't look up the host I documented. freebsd.org is different then www.freebsd.org D'oh! In that case then, it doesn't work for me either, v4 or v6. Sorry for the noise. Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: Fwd: Patching? Probably a trivial question, but...
Kurt Buff wrote: On Wed, May 27, 2009 at 09:23, Wojciech Puchar woj...@wojtek.tensor.gdynia.pl wrote: with name patch-something look at existing as an example That didn't seem to work. what exactly doesn't? could you please post error messages? There were no error messages. Then, being the incredibly brilliant person I am, I tried again, this time after taking the blindingly obvious step of deleting the 'work' directory. This seems to be a key part of the process. The patch doesn't install correctly, as the make process generates the following: HttpHeader.cc:127: error: 'ftSTr' was not declared in this scope *** Error code 1 and halts after a few more errors, but at least that indicates that *something* is happening with the patch file. This smells like progress. Can you post the patch, and I'll test it out here? (Forgive me if you've done this and I missed it). Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: Fwd: Patching? Probably a trivial question, but...
Kurt Buff wrote: On Wed, May 27, 2009 at 09:51, Steve Bertrand st...@ibctech.ca wrote: Can you post the patch, and I'll test it out here? (Forgive me if you've done this and I missed it). Steve Sent off-list. Ok, got it. I'm pretty much taking an easy day today to recover my broken -STABLE ZFS system, so while I'm in discussion/learning about ZFS recovery in regards to that problem, I'll give the patch a try on a couple of VMs and see if I can help. Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: Fwd: Patching? Probably a trivial question, but...
Kurt Buff wrote: On Wed, May 27, 2009 at 09:51, Steve Bertrand st...@ibctech.ca wrote: Can you post the patch, and I'll test it out here? (Forgive me if you've done this and I missed it). Steve Sent off-list. Kurt, can you please provide: # uname -a - the default tag you use in your ports supfile, and the last time you 'sup'd the ports tree Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: Fwd: Patching? Probably a trivial question, but...
Kurt Buff wrote: On Wed, May 27, 2009 at 11:02, Steve Bertrand st...@ibctech.ca wrote: Kurt Buff wrote: On Wed, May 27, 2009 at 09:51, Steve Bertrand st...@ibctech.ca wrote: Can you post the patch, and I'll test it out here? (Forgive me if you've done this and I missed it). Steve Sent off-list. Kurt, can you please provide: # uname -a - the default tag you use in your ports supfile, and the last time you 'sup'd the ports tree Steve I csup'ed on May 13, if my examination of the file system is accurate - I noted the date on the relevant file in /usr/ports/distfiles. #uname -a FreeBSD squid.mycompany.com 7.0-STABLE FreeBSD 7.0-STABLE #0: Mon Jun 30 17:27:53 PDT 2008 r...@squid.mycompany.com:/usr/obj/usr/src/sys/GENERIC i386 Ok. I'm building on both a 7.0-RELEASE, and a 7.2-RELEASE box, with ports updated to nearly the same spec as yours. Unfortunately, due to the racking overhaul we're doing in the datacentre, my really good build boxes are shut down, so it's going to take a bit longer ;) Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: FreeBSD Software RAID
Howard Jones wrote: Wojciech Puchar wrote: you are right. you can't be happy of warm house without getting really cold some time :) that's why it's excellent that ZFS (and few other things) is included in FreeBSD but it's COMPLETELY optional. Well, I switched from the heater that doesn't work and is poorly documented (gvinum) to the one that does and is (zfs, albeit mostly documented by Sun), and so far I am warm :-) Once I'd increased kmem, at least. I did get a panic before that, but now I am shuffling data happily and slightly faster than gvinum did, and memory has levelled off at about 160MB for zfs. I'll be keeping my previous hardware RAID in one piece for a little while though, I think, just in case! (old Adaptec card with a 2TB limit on containers). I moved my AMANDA tapeless backup system to ZFS well over a year ago. It's got four 500GB SATA drives. At first, it would panic frequently sometime during the backup. The backups peak at ~400Mbps of network traffic. I adopted the following script to write out the memory usage during the backup, so I could better tune the system (sorry, I can't recall where I found this code snip): #!/bin/sh TEXT=`/sbin/kldstat | /usr/bin/awk 'BEGIN {print 16i 0;} NR1 \ {print toupper($4) +} END {print p}' | dc` DATA=`/usr/bin/vmstat -m | sed -Ee \ '1s/.*/0/;s/.* ([0-9]+)K.*/\1+/;$s/$/1024*p/' | dc` TOTAL=$((DATA + TEXT)) DATE=`/bin/date | awk '{print $4}'` /bin/echo $DATE `/bin/echo $TOTAL | \ /usr/bin/awk '{print $1/1048576}'` /home/steve/mem.usage Cronned every minute, I'd end up with a file like this: 19:16:01 500.205 19:17:02 485.699 19:18:01 474.305 19:19:01 473.265 19:20:01 471.874 19:21:02 471.94 ...the next day, I'd be able to review this file to see what the memory usage was at the time of the panic/reboot. I found that: vm.kmem_size=1536M vm.kmem_size_max=1536M made the system extremely stable, and since then: amanda# uptime 9:01AM up 81 days, 17:06, I'm about to upgrade the system to -STABLE today... Steve smime.p7s Description: S/MIME Cryptographic Signature
Another uptime story
...unfortunately, due to re-racking and upgrade requirements, I have to pull the plug. There is nothing hidden or obfuscated in my output, and I am not ashamed of that. Just a little bit of sadness of having to 'down' it, given this uptime in my relatively hostile environment. *sigh* I know this usually generates flames, but in the past, I've seen these types of messages do more good than harm. Someone have a beer for me as I watch my personal uptime record go bye-bye: radius# uptime 11:01PM up 553 days, 13:38, 1 user, load averages: 0.00, 0.00, 0.00 radius# date Tue May 26 23:01:37 EDT 2009 radius# uname -a FreeBSD radius.eagle.ca 6.2-RELEASE-p5 FreeBSD 6.2-RELEASE-p5 #0: Thu Jun 14 15:16:10 EDT 2007 r...@radius.eagle.ca:/usr/obj/usr/src/sys/RADIUS i386 ...and for archive purposes: radius# cat /var/run/dmesg.boot Copyright (c) 1992-2007 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 6.2-RELEASE-p5 #0: Thu Jun 14 15:16:10 EDT 2007 r...@radius.eagle.ca:/usr/obj/usr/src/sys/RADIUS ACPI APIC Table: D845WD WD84510A Timecounter i8254 frequency 1193182 Hz quality 0 CPU: Intel(R) Pentium(R) 4 CPU 1.50GHz (1495.16-MHz 686-class CPU) Origin = GenuineIntel Id = 0xf12 Stepping = 2 Features=0x3febfbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM real memory = 1073479680 (1023 MB) avail memory = 1041477632 (993 MB) ioapic0: Changing APIC ID to 2 ioapic0 Version 2.0 irqs 0-23 on motherboard kbd1 at kbdmux0 acpi0: D845WD WD84510A on motherboard acpi0: Power Button (fixed) Timecounter ACPI-fast frequency 3579545 Hz quality 1000 acpi_timer0: 24-bit timer at 3.579545MHz port 0x408-0x40b on acpi0 cpu0: ACPI CPU on acpi0 acpi_button0: Power Button on acpi0 acpi_button1: Sleep Button on acpi0 pcib0: ACPI Host-PCI bridge port 0xcf8-0xcff on acpi0 pci0: ACPI PCI bus on pcib0 agp0: Intel 82845 host to AGP bridge mem 0xf800-0xfbff at device 0.0 on pci0 pcib1: PCI-PCI bridge at device 1.0 on pci0 pci1: PCI bus on pcib1 pcib2: ACPI PCI-PCI bridge at device 30.0 on pci0 pci2: ACPI PCI bus on pcib2 fxp0: Intel 82550 Pro/100 Ethernet port 0xde80-0xdebf mem 0xfeafc000-0xfeafcfff,0xfea8-0xfea9 irq 18 at device 12.0 on pci2 miibus0: MII bus on fxp0 inphy0: i82555 10/100 media interface on miibus0 inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto fxp0: Ethernet address: 00:07:e9:9c:df:f3 fxp1: Intel 82550 Pro/100 Ethernet port 0xdd80-0xddbf mem 0xfeafb000-0xfeafbfff,0xfea4-0xfea5 irq 19 at device 13.0 on pci2 miibus1: MII bus on fxp1 inphy1: i82555 10/100 media interface on miibus1 inphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto fxp1: Ethernet address: 00:07:e9:9c:df:f4 atapci0: Promise PDC20267 UDMA100 controller port 0xdff0-0xdff7,0xdfe4-0xdfe7,0xdfa8-0xdfaf,0xdfe0-0xdfe3,0xdf00-0xdf3f mem 0xfeaa-0xfeab irq 22 at device 14.0 on pci2 ata2: ATA channel 0 on atapci0 ata3: ATA channel 1 on atapci0 pci2: display, VGA at device 15.0 (no driver attached) isab0: PCI-ISA bridge at device 31.0 on pci0 isa0: ISA bus on isab0 atapci1: Intel ICH2 UDMA100 controller port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xffa0-0xffaf at device 31.1 on pci0 ata0: ATA channel 0 on atapci1 ata1: ATA channel 1 on atapci1 uhci0: Intel 82801BA/BAM (ICH2) USB controller USB-A port 0xef40-0xef5f irq 19 at device 31.2 on pci0 uhci0: [GIANT-LOCKED] usb0: Intel 82801BA/BAM (ICH2) USB controller USB-A on uhci0 usb0: USB revision 1.0 uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered pci0: serial bus, SMBus at device 31.3 (no driver attached) uhci1: Intel 82801BA/BAM (ICH2) USB controller USB-B port 0xef80-0xef9f irq 23 at device 31.4 on pci0 uhci1: [GIANT-LOCKED] usb1: Intel 82801BA/BAM (ICH2) USB controller USB-B on uhci1 usb1: USB revision 1.0 uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered atkbdc0: Keyboard controller (i8042) port 0x60,0x64 irq 1 on acpi0 atkbd0: AT Keyboard irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] fdc0: floppy drive controller port 0x3f0-0x3f1,0x3f2-0x3f3,0x3f4-0x3f5,0x3f7 irq 6 drq 2 on acpi0 fdc0: [FAST] fd0: 1440-KB 3.5 drive on fdc0 drive 0 sio0: 16550A-compatible COM port port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 sio0: type 16550A sio1: 16550A-compatible COM port port 0x2f8-0x2ff irq 3 on acpi0 sio1: type 16550A ppc0: Standard parallel printer port port 0x378-0x37f irq 7 on acpi0 ppc0: Generic chipset (EPP/NIBBLE) in COMPATIBLE mode ppbus0: Parallel port bus on ppc0 pmtimer0 on isa0 orm0: ISA Option ROMs at iomem 0xc-0xc7fff,0xc8000-0xc8fff,0xc9000-0xd17ff,0xd1800-0xd27ff,0xd2800-0xd37ff on isa0 sc0: System console at flags 0x100 on isa0 sc0: VGA 16 virtual consoles, flags=0x300 vga0:
Re: Another uptime story
Polytropon wrote: On Tue, 26 May 2009 23:14:10 -0400, Steve Bertrand st...@ibctech.ca wrote: ...unfortunately, due to re-racking and upgrade requirements, I have to pull the plug. There is nothing hidden or obfuscated in my output, and I am not ashamed of that. Maybe there's a way of patching the uptime utility that it adds the previous uptime of the system (since last shutdown) to the actual uptime. I know this denies everything uptime stands for, let's call it accumulated uptime. :-) Nah, uptime is uptime. Uptime was never my intention, it just worked. There have been times recently where the re-racking needed to be done, but I wasn't able to get it pulled off. Once it's down, thats it. Just a little bit of sadness of having to 'down' it, given this uptime in my relatively hostile environment. *sigh* What makes it hostile? Small ISP, single 240V electrical supply, enough battery for not-so-long, having to scramble to get the generator in place, etc etc. radius# uptime 11:01PM up 553 days, 13:38, 1 user, load averages: 0.00, 0.00, 0.00 Can't you wait two days more? Just 48 hours? Then you would finish with an uptime of 555 days. Just think about how it would be to finish with an uptime of 666 days, of course at 6:66 o'clock. =^_^= ...nah, no waiting. I'm not interested in any prestige whatsoever. I just wanted to share my grief with the rest of the crew on the list ;) Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: Another uptime story
Steve Bertrand wrote: [..snip..] Just a little bit of sadness of having to 'down' it, [..snip..] radius# uptime 1:19AM up 553 days, 15:56, 1 user, load averages: 0.00, 0.00, 0.00 :( radius# halt smime.p7s Description: S/MIME Cryptographic Signature
Do not copy kernel to kernel.old
Hi all, Many of my routers boot/run from a USB thumb stick. To upgrade these routers, I dd the device onto another one, pop the backup into a build machine, and do the normal build*/install* with a DESTDIR parameter. If the upgraded device does not boot (due to kernel problems), I just wipe it clean and start over. Having a kernel.old in this case is a waste of time and of space. Is there any parameter I can tell the build process to ensure that the kernel.old work does not get done? Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: Do not copy kernel to kernel.old
Lowell Gilbert wrote: Steve Bertrand st...@ibctech.ca writes: Many of my routers boot/run from a USB thumb stick. To upgrade these routers, I dd the device onto another one, pop the backup into a build machine, and do the normal build*/install* with a DESTDIR parameter. If the upgraded device does not boot (due to kernel problems), I just wipe it clean and start over. Having a kernel.old in this case is a waste of time and of space. Is there any parameter I can tell the build process to ensure that the kernel.old work does not get done? Did you look at the makefiles or build(7)? No. I was not in the vicinity of a machine to do that at the time of my post. I was hoping to get the info for later, when I need to do the builds, which you provided: reinstallkernel was what you were looking for. Thanks! Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: How to recover disk space after filesystem full
Luke Dean wrote: Yes, it sounds like a stupid question, but let me tell the story. The log for my dhcp server filled up /var last night, which meant that dhcpd was also unable to hand out new leases, which meant that I had effectively been DOSed. I'll have to look into changing my logging policies. So, to correct the problem, I log into the router, removed the big log and several other files in /var to free up some space, and assumed this would correct the problem. It did not. Several minutes after freeing up a lot of space on /var, I continued to get filesystem full messages and df continued to show the capacity at 100%. I checked df -i for the inodes too. That was fine. I ran a quick fsck to see if that might shock the system into seeing all the space that I'd freed up, but no good. I ended up rebooting the box. Was there any other possible solution I could've tried? You have to restart the service that was holding the log file(s) open. The system does not release the space while an application is 'using' the file, even after it's been deleted. Why wouldn't the free space immediately appear as free? Because technically, the space is not freed. lsof will help identify which process(es) are holding a particular file open, if you see that disk space is not recovered as expected after deletion: # pkg_add -r lsof pearl# lsof | grep auth.log syslogd 850 root 15wVREG 0,127 75199 237484 /var/log/auth.log Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: jail's adjkerntz
alexus wrote: what's weird is that i didn't get 'em before and now I do... Given all that you've ignored already, does that mean that: a) you knew about facts in your current implementation that failed recently in an upgrade b) you neglected to upgrade your documentation throughout the procedure c) you assume that the *manual* will have everything. I'm sure you've read it thoroughly. d) you are prepared to provide everyone on this list with the fact that your Apache server is pretty much wide open... It's more important to understand TFM than it is to read it. Coin and understand that phrase... UTFM... - stevieb smime.p7s Description: S/MIME Cryptographic Signature
Re: net-snmp and IPv6 MIB
Aurélien Ansel wrote: Hi all, sorry in advance for my bad english. I think i have a problem with the MIB of IPv6. I have installed the last port of net-snmp. Can someone give the result of this request, it must be send to a computer with a smp daemon and at least one interface with an IPv6 address. snmpwalk -v 2c -c community_name IP_OF_SNMP_SERVER .1.3.6.1.2.1.4.34 On my FreeBSD 7.1, this command give me : IP-MIB::ipAddressTable = No Such Object available on this agent at this OID But if I execute this command on a Ubuntu with IPv6 addresses and net-snmpd running that return a lot of results, in particulary the list of IPv6 addresses linked to the machine ( it's what i'm looking for ). So i don't know if the problem come from my computer or from the port. It looks like it may be the port. None of my SNMP enabled boxes display the IPv6 addresses of the interface either (I've never noticed, as I don't use SNMP for that ;) However, in the Makefile, I noticed this: @${ECHO_MSG} WITH_INETADDRESS_HACK=yes builds with the inetaddress hack Which I read somewhere by searching Google that it has something to do with 'fixing' the IPv6 address issue. Put: WITH_INETADDRESS_HACK=yes in your /etc/make.conf file, and try rebuilding the port. Let us know if that fixes it. Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: BGP
Michael K. Smith - Adhost wrote: is there a way to have FreeBSD work as BGP router and/or at least failover between 2 different ISPs? I, as some random guy on the Internet, would recommend Quagga and, yes, it will work with 2+ ISP's on single device (server). It's well established and in use for transit-facing Internet connections. I, also as some random guy on the Internet, concur with Mike. I've got numerous FreeBSD/Quagga boxes that have dozens of BGP sessions, peering and transit. The primary reason I chose Quagga was it's similarity with Cisco in regards to the CLI (and it works with RANCID). If you want true failover between two ISPs, you want BGP. Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: Licensing
Chad Perrin wrote: [..huge snip..] I hope you get some value from my rambling. I have gained very much value from what everyone has had to say, and I want to thank everyone. Although I have very much reading to do, I've come to a few conclusions thus far. One thing that did not cross my mind prior was regarding the comments Chad made, use in media other than within the programming scope itself. FYI, almost all of my apps are for systems/network management and automation. I've written an application that bridges our wireless hotspots to our payment bank site (the bank supplied me a Perl module), through to radius, and with an expiry method to automatically remove the users so that the entire process is hands off. Most of my code would have to be changed to make it generic and not so site specific before being put out there. Being that I'm not really a programmer, having my code out there for peer review would make it much, much better if it was useful. (I'd probably be on the receiving end of finger pointing and laughing, but that's ok ;) Thanks all! Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: /etc/ttys
Ian Fitzgerald wrote: Dumb question because of dumb action: can anyone point me to a place where I can find a copy of /etc/ttys? - suitable for FreeBSD v7.2 In it's entirety: http://ibctech.ca/ttys Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Licensing
I've got a question that is likely not suited for this list, but I know that there are people here who can guide me off-list. Being a network engineer, I'm far from a developer. With that said, I've written numerous network automation programs (mostly in Perl), and have developed several small patches for software written in C related to ISP operations (including the OS itself). I'm looking for advice on how I can take all of my code, and license it into the public domain. I'm sure that most people won't have any interest in it, but I really want to ensure that what I have done is freely accessible. All of my code is pretty well separated into different files that contain different functions, so isolating portions of my programs that use modules or functions that are external is not a problem. GPL seems too verbose legally for me. Can the BSD license fit into any code, no matter what language it is in, and if so, can I have my code overlooked by someone who can verify that the BSD license will fit? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Configuring an IPv6 router to assign addresses
af300...@gmail.com wrote: On May 6, 2009 8:56am, John Nielsen li...@jnielsen.net wrote: On Wednesday 06 May 2009 10:39:24 am Odhiambo $B%o%7%s%H%s(B wrote: Is there a reason you need to control the addresses used by your clients (other than the prefix)? I set up IPv6 on my LAN and while I have DHCPd running on the router for IPv4 addresses rtadvd is all I needed for IPv6. Clients assign themselves addresses based on the network prefix they learn from route solicitation and their own MAC address. That's supposed to be one of the reduced administration benefits of the new protocol. :) Thanks for reminding me of the flow in which this happens. Seems like I, at sometime, got the idea that it was the router that dished back a unique IP based on clients MAC and so forth. However, it seems to me now that the router was only supposed to dish out the prefix, ie network id, and the client would take that prefix and generate a unique IP based on its MAC. Have a peruse of this RFC (stateless autoconfig): http://www.ietf.org/rfc/rfc4862.txt Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Quagga problem
Bc. Radek Krejca wrote: Hello, starting this day I have problem with quagga, I get this messages in my log: May 3 19:15:36 gw bgpd[7225]: Assertion `len str_size' failed in file bgp_aspath.c, line 619, function aspath_make_str_count May 3 19:15:36 gw kernel: pid 7225 (bgpd), uid 101: exited on signal 6 May 3 19:15:36 gw bgpd[7225]: No backtrace available on this platform. I have latest verison of port quagga, I looks as bug in quagga, but I dont know. Do you have any idea for solution? Here is a link to a patch within the Quagga code base that resolves this issue: http://tinyurl.com/c8alza Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: bsnmpd vs net-snmp
Maxim Khitrov wrote: On Wed, Apr 29, 2009 at 8:35 PM, Brandon Weisz li...@avioc.org wrote: I cant speak to the documentation, but this seems to limit it to listening on a single address: Example.. # open standard SNMP ports begemotSnmpdPortStatus.192.168.2.254.161 = 1 Thanks, but I tried this already. It causes bsnmpd to listen on the given IP as well, but doesn't remove the *:* entry: r...@gw1 [/root]# sockstat -l4 USER COMMANDPID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root bsnmpd 61251 4 udp4 *:* *:* root bsnmpd 61251 5 udp4 127.0.0.1:161 *:* The author suggested using begemotSnmpdPortTable.0.0.0.0.161 = 1 and change the IP there, but this causes the following error: Apr 30 08:59:59 gw1 snmpd[78798]: unknown variable Apr 30 08:59:59 gw1 snmpd[78798]: in file /usr/local/etc/bsnmpd.conf line 20 Apr 30 08:59:59 gw1 snmpd[78798]: error in config file Here's how I limit to a single address: host := 208.70.106.1 # open standard SNMP ports begemotSnmpdPortStatus.[$(host)].161 = 1 begemotSnmpdPortStatus.127.0.0.1.161 = 1 # netstat -na | grep 161 udp4 0 0 208.70.106.1.161 *.* udp4 0 0 127.0.0.1.161 *.* Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: bsnmpd vs net-snmp
Maxim Khitrov wrote: On Thu, Apr 30, 2009 at 9:20 AM, Steve Bertrand st...@ibctech.ca wrote: Maxim Khitrov wrote: On Wed, Apr 29, 2009 at 8:35 PM, Brandon Weisz li...@avioc.org wrote: I cant speak to the documentation, but this seems to limit it to listening on a single address: Example.. # open standard SNMP ports begemotSnmpdPortStatus.192.168.2.254.161 = 1 Thanks, but I tried this already. It causes bsnmpd to listen on the given IP as well, but doesn't remove the *:* entry: r...@gw1 [/root]# sockstat -l4 USER   COMMAND   PID  FD PROTO  LOCAL ADDRESS     FOREIGN ADDRESS root   bsnmpd   61251 4  udp4  *:*          *:* root   bsnmpd   61251 5  udp4  127.0.0.1:161     *:* The author suggested using begemotSnmpdPortTable.0.0.0.0.161 = 1 and change the IP there, but this causes the following error: Apr 30 08:59:59 gw1 snmpd[78798]: unknown variable Apr 30 08:59:59 gw1 snmpd[78798]:  in file /usr/local/etc/bsnmpd.conf line 20 Apr 30 08:59:59 gw1 snmpd[78798]: error in config file Here's how I limit to a single address: host := 208.70.106.1 # open standard SNMP ports begemotSnmpdPortStatus.[$(host)].161 = 1 begemotSnmpdPortStatus.127.0.0.1.161 = 1 # netstat -na | grep 161 udp4    0    0  208.70.106.1.161    *.* udp4    0    0  127.0.0.1.161      *.* Doesn't work for me, the grep command removes *:* entry from the output: r...@gw1 [/root]# netstat -an Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) udp4 0 0 127.0.0.1.161 *.* udp4 0 0 *.**.* snip The 127.0.0.1 entry is added with begemotSnmpdPortStatus.127.0.0.1.161 = 1, but the other entry is always there. Turn the daemon on and off to verify that it's bsnmpd (or use sockstat). I see now what you are saying: # sockstat -l4 root bsnmpd 2857 5 udp4 *:* *:* root bsnmpd 2857 6 udp4 127.0.0.1:161 *:* root bsnmpd 2857 7 udp4 208.70.106.1:161 *:* I don't think I've ever seen a *.* in the local addr field before. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: bsnmpd vs net-snmp
Maxim Khitrov wrote: Hello all, I'm setting up a firewall and would like to monitor certain system parameters like network, cpu, and memory usage. SNMP is an obvious choice to do the monitoring and I'm planning to set up rrdtool to generate graphs of captured data. The question is what SNMP agent to use. I found net-snmp and bsnmpd (which is included in the base system). Has anyone here used both implementations, and if so, what are the basic differences? I use bsnmpd, because I couldn't measure 64-bit counters otherwise. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: bsnmpd vs net-snmp
Steve Polyack wrote: Steve Bertrand wrote: Maxim Khitrov wrote: Hello all, I'm setting up a firewall and would like to monitor certain system parameters like network, cpu, and memory usage. SNMP is an obvious choice to do the monitoring and I'm planning to set up rrdtool to generate graphs of captured data. The question is what SNMP agent to use. I found net-snmp and bsnmpd (which is included in the base system). Has anyone here used both implementations, and if so, what are the basic differences? I use bsnmpd, because I couldn't measure 64-bit counters otherwise. net-snmp has no problems providing 64-bit counters (interface and disk). You must build it with -DWITH_MFD_REWRITES (passes --with-mfd-rewrites to ./configure). I do not know why this is not the default. It works just fine. I also have a PR open to make this define a ports 'make config' option (therefore a persistent setting), but the maintainer has ignored this. I did not know this. Thanks for the heads-up! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Banwidth limited to 800kb per connection
Wojciech Puchar wrote: When downloading files over FTP (proftpd) or HTTP (apache 2.2) I only get about 800kb/s, uploading seems to have the same limit (couldn't test it really, as my line stops at abount 860kb/s). When I start multiple downloads, I get 800kb/s for each transfer, up to about 5000kb/s, which is the limit of my downstream at home. Is there some kind of traffic shaping or QOS somewhere? or ethernet autonegotiation problems - one side gets full duplex other half duplex. I agree. Check the interface on the device that connects into their network. You will likely see all sorts of interface errors. Try having them force to 100/Full, and you do the same at your end. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: mail server/webmail
Frederique Rijsdijk wrote: Liontaur wrote: Hi folks, I was searching around but i'm not quite sure what i'm looking for. I want to have a program that gets the mail from my ISP mail server (pop), stores the mail permanently, allows me webmail access, and also lets me grab the mail with a mail client (Outlook Express). I'd like to be able to sync the mail with outlook express also. Like if I send a mail over webmail, that sent mail will also go into the sent box in outlook express, or conversly, perhaps store all the mail on the server and have outlook express just show the folders and contents stored on the server. But i'd have to somehow upload all of the mail currently in my outlook express. I'll also need some kind of spam functionality as I get a sizable amount of spam. Currently I use K9 for spam and I quite like it. I guess you could start to look in the area of: - /usr/ports/mail/fetchmail (to fetch/store the mail) - /usr/ports/mail/dovecot (for access to the mail via imap) - /usr/ports/mail/squirremail or roundcube (webmail w/ imap) - /usr/ports/www/apache22 for the webmail As you're then using IMAP, any client that connects to dovecot will get the same set of mailfolders (sync). If one is going that far, I'd recommend: http://www.thenetworkpeople.biz/internet/mail/toaster/ I've been using them for many years, for thousands of accounts across hundreds of domains, and it just works. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Freebsd Built-in vacation program does not auto reply
Odhiambo Washington wrote: On Fri, Apr 17, 2009 at 6:00 AM, lyd mc alydi...@yahoo.com wrote: Hi guys, Why Freebsd built-in vacation program (/usr/bin/vacation) does not auto reply? I am using fresh installed Freebsd7.0 and 7.1. here is my configs. Under the home directory of the user (alydio.mc) .forward \alydio.mc, |/usr/bin/vacation alydio.mc .vacation.msg Subject: On vacation message From: alydio...@mydomain.com I'm on vacation and will not be reading my mail for a while. Your mail will be dealt with when I return. . from postfix/sendmail logs: ...sniff (delivered to command: /usr/bin/vacation alydio.mc) after this nothing will happened... no errors no warnings... However the one I installed from ports (/usr/local/bin/vacation) works fine. I want to use the freebsd base vacation program. Did you read the man page fully and understand it? Did you initialize the vacation database? Have you tried to run it in debug mode? Try RTFM again and see if you could figure out the problem yourself. Wow... wait a sec... I recall years ago having to deal with 'vacation' messages along with sendmail, and with thousands of users, I hated doing it manually. Perhaps a ``how I do it'' is warranted here. It is quite apparent that the OP has RTFM, _and_ tried to work it out for himself... Off the top of my head, here is what I had to do to create a vacation message. Perhaps sendmail folk could help me out here: Run the following command to initialize the vacation db: # vacation -i ...now, put your content into a file called .vacation.msg in the user's home directory. The data could resemble something like this: From: m...@email.address (Steve Bertrand) Subject: Out of office Delivered-By-The-Graces-Of: The Vacation program Precedence: bulk I will be out of the office for the rest of my life. Contact someone who cares until I decide I come back. ...then, in a file named .forward within the users home directory, put: \username, | /path/to/vacation username ...as far as I recall, this should kick the vacation program into gear. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Copying files without scp
A. Wright wrote: On Tue, 7 Apr 2009, Steve Bertrand wrote: Can someone recommend a *known good* production quality copy mechanism that will act like scp, but without the overhead? rsh? nc? If you are happy with rsh authentication, then have you looked at plain old rcp? I reviewed carefully all feedback I received, and since then, I loosely benchmarked my options. After all was said and done, using SSH, I found: - across the 100Mbps infrastructure, I could copy at 89Mbps - across the Gi infrastructure, I could copy at ~770Mbps My concern (I found) was coming from my Windows workstation. I was using a Windows binary version of SCP that is clearly lacking somewhere in the stack. FBSD to FBSD produced the above results. The 100Mb infrastructure hops one router and two switches, and the gig makes a hop across one edge router, a core router, and three switches. When I can get 75-90% line rate encrypted, I'll stay with that. I do appreciate all the feedback, as always ;) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: from very early this morning...
Gary Kline wrote: [...big snip...] if i've made any sense so far, great! if not,i'm open for questions. i'm also open for suggestions on how to alter this network configuration. thanks for reading this far. gary It might be simplest to replace my firewall and my server with low-energy-usage i386 computers; is there a better way? What are your requirements for your network ie. are you requiring any fancy trickery, or is this simply trying to NAT a couple of machines behind an ADSL connection? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: questions about Fatal Trap 12
Glen Barber wrote: On Tue, Apr 14, 2009 at 5:23 PM, Ray r...@stilltech.net wrote: I Just had the power supply die on this machine. Could a failing power supply cause this type of issues? Absolutely. Seconded. Power supply issues have caused me this kind of grief more times than memory has over the years. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Copying files without scp
Hi all, To copy data from one server, I normally (always) use scp. I'm looking for a method to perform this copy task without the overhead of encryption for infrequent, high-volume transfers (hundreds to thousands of GB). The data will be transferred server-to-server within a private datacentre. Can someone recommend a *known good* production quality copy mechanism that will act like scp, but without the overhead? rsh? nc? I recall a thread not too long ago regarding this, but I'd like to have a simple working example if possible, without getting into detail why one shouldn't transfer data unencrypted. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Copying files without scp
Doug Hardie wrote: On Apr 7, 2009, at 16:13, Steve Bertrand wrote: Hi all, To copy data from one server, I normally (always) use scp. I'm looking for a method to perform this copy task without the overhead of encryption for infrequent, high-volume transfers (hundreds to thousands of GB). The data will be transferred server-to-server within a private datacentre. Can someone recommend a *known good* production quality copy mechanism that will act like scp, but without the overhead? rsh? nc? In that environment you can use ftp just fine. Make sure to restrict it to the local IP addresses. Thanks, but I've never found a way to copy complete directories with FTP. I'll need to copy entire multi-nested directory structures. Do you have an example how to do this via FTP? (CLI-only). Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Copying files without scp
Chuck Swiger wrote: On Apr 7, 2009, at 4:13 PM, Steve Bertrand wrote: I'm looking for a method to perform this copy task without the overhead of encryption for infrequent, high-volume transfers (hundreds to thousands of GB). The data will be transferred server-to-server within a private datacentre. Can someone recommend a *known good* production quality copy mechanism that will act like scp, but without the overhead? rsh? nc? Install /usr/ports/security/openssh-portable, and set the Enable HPN-SSH patch option. You should then be able to use scp -c none option, which is documented more fully here: http://www.psc.edu/networking/projects/hpn-ssh/none.php You could also use rsync + rsyncd Thanks Chuck, I think I'll just go the rsync route. I'm very familiar with it. I don't particularly want to install it on the boxes I'm concerned with momentarily, but I know how it works. Your other option seems intriguing, but I'd rather not install more software on these boxes if possible. I was hoping for a magical, don't have to install anything-type solution :) Perhaps I left out an important piece... even though I'm copying directory structures, in many cases the bulk of the data will be contained within massively large individual files. (Hence why rsync wasn't my original choice). Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: utility that scans lan for client?
John Almberg wrote: I've tried googling for this, but I guess I don't know the name of a utility such as this... What I'm looking for is a utility that can scan a LAN for attached clients... i.e., computers that are attached to the LAN. I have one box (an appliance that I have no access to), that is on the LAN but I don't know what IP address it's using. I'd like to complete my network map, and that is the one empty box on my chart. Yes, I am obsessive :-) ...and it is ok to be such. I suspect that you don't have a switch that can port 'mirror' or 'span'. If you do, let us know. Otherwise, if you *really* want to find out what is on your switched Ethernet network, and nmap/arp etc. isn't enough, then I'd recommend an application called 'ettercap'. It runs on the CLI, and a colleague also has a nice GUI for it (under Linux) as well. This will allow you to infiltrate the network at Layer-2 by arp poisoning all connected devices, and intercepting all traffic. Essentially, you perform a MitM, and you become the host (or in a small environment the default gw) that the device is trying to talk to. This way, you can find out not only what the host is, but what it is saying. Please understand that this approach has significant side effects. You can do extensive harm to your local network by using this approach, so read up on it, and be careful. Know what you are doing, and know the ramifications of simply disconnecting yourself from the network prior to stopping the procedure. Not only that, but if you don't own control of the switched environment, this is a very good way to get yourself blocked completely from it. This tactic, and port mirror/span/monitor are the easiest ways to know what is really going on with regards to the wire (if you don't have ACL's and other mitigation/protection strategies already in place). Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Stop all manner of periodic scripts from running
Matthew Seaman wrote: Chuck Swiger wrote: On Mar 17, 2009, at 5:09 PM, Steve Bertrand wrote: Although SMTP is denied, I just realized that there are numerous messages from periodic scripts that are queued up that can't be sent. Can someone advise how to find out each and every periodic script that tries to send out email (given a standard install), and/or how to disable this? Besides the answer to disable sendmail listening on localhost, consider the following to /etc/periodic.conf: daily_clean_hoststat_enable=NO daily_status_mail_rejects_enable=NO daily_status_include_submit_mailq=NO daily_submit_queuerun=NO In answer to the principal question: just divert the periodic script output to a log file: daily_output=/var/log/daily.log daily_status_security_output=/var/log/daily.log weekly_output=/var/log/weekly.log monthly_output=/var/log/monthly.log You'll find those file names are already setup for appropriate log rotations in /etc/newsyslog.conf In the default install, the only things that generate e-mail are the periodic cron jobs, so this change should be all that is necessary. If you have set up your own cron jobs, then you'll have to be careful to redirect all output /dev/null 21 or else set a MAILTO variable in each crontab directing any output to an address that won't send mail outside the specific box. Perhaps something aliased to /dev/null even. Thanks to all who responded. Not only do the methods do what I wanted, I also have quite a bit of flexibility. Cheers! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Booting freebsd 7.1 from Firewire or USB2 drive
Andrew Moran wrote: Hey guys, I was wondering if anyone had any success in installing FreeBSD 7.1 on a USB2 or Firewire 800 drive connected to an intel Mac Mini and successfully booting off of it? I don't know about the Mac Mini part, but I certainly boot FreeBSD 7.1 from USB2 drive: pe-acc-2b# df -h FilesystemSizeUsed Avail Capacity Mounted on /dev/da0a 939M425M439M49%/ devfs 1.0K1.0K 0B 100%/dev /dev/md0 31M 16K 28M 0%/tmp /dev/md1 15M 36K 14M 0%/var/run /dev/md2 31M2.4M 26M 9%/var/log /tmp 31M 16K 28M 0%/var/tmp da0: Flash Drive SK_USB20 1.00 Removable Direct Access SCSI-2 device da0: 974MB (1994752 512 byte sectors: 64H 32S/T 974C) Trying to mount root from ufs:/dev/da0a Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Stop all manner of periodic scripts from running
Hi everyone, Taking the questions regarding my routing boxes one step further, I have strict rules that allow only certain control and management protocols to communicate on the network. Although SMTP is denied, I just realized that there are numerous messages from periodic scripts that are queued up that can't be sent. Can someone advise how to find out each and every periodic script that tries to send out email (given a standard install), and/or how to disable this? Or, is there a way to completely cripple a FreeBSD machine, so the system actually realizes that it can not send any email, and everything it tries to send email will realize this? (preferably a more subtle approach than simply rm'ing the sendmail binary :) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Physical location of cvsup servers
Don Read wrote: On Tue, 17 Mar 2009 18:50:46 -0500 Charles Howse said: Hi, Can anyone point me to a link that shows the physical location of the U.S. cvsup servers? Not physical, but by wire time: localhost# fastest_cvsup -c us ...and for those in Canada: # fastest_cvsup -c ca,us The cvsup.ca.FreeBSD.org server has been the server with least latency for me for months (given I always test against US and CA). Props to the ops at Cogeco. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Physical location of cvsup servers
Charles Howse wrote: On Mar 17, 2009, at 7:31 PM, Steve Bertrand wrote: Don Read wrote: On Tue, 17 Mar 2009 18:50:46 -0500 Charles Howse said: Hi, Can anyone point me to a link that shows the physical location of the U.S. cvsup servers? Not physical, but by wire time: localhost# fastest_cvsup -c us Nope...looking for city,state. Unless you can communicate directly with the people who manage the server, that is not an easy task. You will have to consult whois for the routing information, and then, even still the results may be inaccurate, as IP space allocated to someone in Orlando Florida may be using some of their space in Dallas Texas. Neat little tricks such as MPLS could have you make one hop across the country while you think you are still in one local city. What do you want to achieve? fastest_cvsup will tell you addressing of the servers. You will have to contact those responsible for the IPs to see where they are located to ensure any form of accuracy regarding geo-location. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Physical location of cvsup servers
Charles Howse wrote: On Mar 17, 2009, at 8:40 PM, Steve Bertrand wrote: What do you want to achieve? fastest_cvsup will tell you addressing of the servers. You will have to contact those responsible for the IPs to see where they are located to ensure any form of accuracy regarding geo-location. Mainly, it's curiosity. I know-fer-a-fact I saw a list of physical locations back when 4.x was the latest release. Probably been deleted. fastest_cvsup usually tells me #17 is fastest, but it times out a lot, I mean A LOT, from here. Fastest, (in this case) != most reliable. Can you produce the output of fastest_cvsup, include the top two results (add #17 if it isn't included), and then provide the output of a traceroute to #17? Perhaps you have a faulty asymmetric path to 17... It is important to know that just because a server may be literally located at the building across the street, it doesn't mean that you are guaranteed a path that may not cross the country (and in some situations, across an ocean) and back. I don't know where you are located, but generally, I've found cvsup8 to be extremely quick (in terms of latency) and very reliable for a number of years. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Execute and lock a user into a program upon login
Hi everyone, Although the application of my question focuses on network operation, I believe that the objective fits this list. Mostly irrelevant, I have been working on securing my network perimeter. I have a FreeBSD box that acts as a host-based BGP peer to all edge connected routers. I use this host-based Quagga FBSD router to distribute routes that are to be blackholed by the edge devices. What I want is to set up an environment so that when a specific user logs in to the box via SSH, a command is run, and they immediately get dropped into the environment that the command produces. When they exit this 'command', the login session is dropped. Essentially, I want to 'lock' a user into a program upon SSH login, and drop them from the SSH session when the program terminates. In essence: - user 'router' connects via SSH - user is dropped into the application 'vtysh' - user performs operations - user exits from program - shell drops (ie. user does not have to exit the csh shell to drop the SSH connection) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Execute and lock a user into a program upon login
Steve Bertrand wrote: Hi everyone, Although the application of my question focuses on network operation, I believe that the objective fits this list. Mostly irrelevant, I have been working on securing my network perimeter. I have a FreeBSD box that acts as a host-based BGP peer to all edge connected routers. I use this host-based Quagga FBSD router to distribute routes that are to be blackholed by the edge devices. What I want is to set up an environment so that when a specific user logs in to the box via SSH, a command is run, and they immediately get dropped into the environment that the command produces. When they exit this 'command', the login session is dropped. Essentially, I want to 'lock' a user into a program upon SSH login, and drop them from the SSH session when the program terminates. In essence: - user 'router' connects via SSH - user is dropped into the application 'vtysh' - user performs operations - user exits from program - shell drops (ie. user does not have to exit the csh shell to drop the SSH connection) I probably should have explicitly stated that I'd like help as to how I would go about doing what I want to do, instead of simply stating my goals ;) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Execute and lock a user into a program upon login
Polytropon wrote: On Fri, 13 Mar 2009 21:12:07 -0400, Steve Bertrand st...@ibctech.ca wrote: Steve Bertrand wrote: Hi everyone, Although the application of my question focuses on network operation, I believe that the objective fits this list. Mostly irrelevant, I have been working on securing my network perimeter. I have a FreeBSD box that acts as a host-based BGP peer to all edge connected routers. I use this host-based Quagga FBSD router to distribute routes that are to be blackholed by the edge devices. What I want is to set up an environment so that when a specific user logs in to the box via SSH, a command is run, and they immediately get dropped into the environment that the command produces. When they exit this 'command', the login session is dropped. Essentially, I want to 'lock' a user into a program upon SSH login, and drop them from the SSH session when the program terminates. In essence: - user 'router' connects via SSH - user is dropped into the application 'vtysh' - user performs operations - user exits from program - shell drops (ie. user does not have to exit the csh shell to drop the SSH connection) I probably should have explicitly stated that I'd like help as to how I would go about doing what I want to do, instead of simply stating my goals ;) If the user's shell is csh (FreeBSD's standard dialog shell), you could achieve the goal: ~/.login vtysh logout Only problem: I don't know how the shell will act when the user terminates the vtysh application (^C)... Idea: When the application vtysh is terminated, the next command in the .login file will be executed, which is the logout command that will cause the login shell to exit. This will close the SSH connection as well. (I haven't checked this, sorry.) Thanks! No problem for lack of testing. To be honest, an extra 'exit' command via the shell is acceptable in this case, given that it will be only internal network ops working this anyway. I pretty much just wanted to provide a Cisco-like environment for adding a route upon login (as opposed to having to manually running the vtysh command). Manually logging out of a secure shell session is ok. I'll test the log out portion. If it works, that'd be most handy. Nonetheless, you've helped me out greatly. Cheers! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Execute and lock a user into a program upon login
Jonathan Chen wrote: On Sat, Mar 14, 2009 at 02:18:27AM +0100, Polytropon wrote: [..] If the user's shell is csh (FreeBSD's standard dialog shell), you could achieve the goal: ~/.login vtysh logout Only problem: I don't know how the shell will act when the user terminates the vtysh application (^C)... Change the contents of ~/.login to: exec vtysh This overlays the shell with vtysh. When it exits, the session will be closed. Thank you. This appears to be what I want. I was trying it with the previous setup, but I had to put the user in the wheel group. I haven't yet figured where permissions were going astray. Your procedure will allow me to put the user in the wheel group for now, knowing that logout will occur as soon as the program terminates. This way, I can safely know it works, and make myself a note for Monday to fix the permissions issues ;) Regards, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: kernel #4
Vasadi I. Claudiu Florin wrote: Hello guyz, Here's a short question (was unable to find a google) uname states my kernes as being: Freebsd-7.1-STABLE #4 What exactly is that #4 mean ? Recompiled it 20 min. ago, so I figure it has something to do with maybe, I don't know, some sub-version of the sources ? No. It means that this is the fourth time that you've recompiled the kernel (IIRC). You will see #5 if you do another recompile. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: kernel #4
Tim Judd wrote: On Sat, Feb 28, 2009 at 8:12 AM, Steve Bertrand st...@ibctech.ca wrote: Vasadi I. Claudiu Florin wrote: Hello guyz, Here's a short question (was unable to find a google) uname states my kernes as being: Freebsd-7.1-STABLE #4 What exactly is that #4 mean ? Recompiled it 20 min. ago, so I figure it has something to do with maybe, I don't know, some sub-version of the sources ? No. It means that this is the fourth time that you've recompiled the kernel (IIRC). Actually this is the 5th time --- computers start counting at zero. Wow, what a nice technicality you have found! If computers start counting at zero, and if the system-installed kernel starts at zero, how many times has the user taken the bus? ;) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ping stucks/hangs on PCI 3com NIC sk0 interface but works on builtin NIC
Faizan ul haq Muhammad wrote: After the ping is done (whether it works or not), stop the tcpdump and email the output to the list if you can. If you can't email it, at least type out the IP addresses captured, and the direction the data is attempting to flow eg: 208.70.104.210.22 208.70.104.100.50885 208.70.104.100.50885 208.70.104.210.22 arp who-has 208.70.104.206 tell 208.70.104.193 etc. I have just checked this: it says nothing ... except: listening on bridge0, link-type EN10MB (Ethernet), capture size 96 bytes I think it is unable to receive any packet . DO i miss something in the configuration ? Provide the output to ifconfig bridge0, and kldstat. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ping stucks/hangs on PCI 3com NIC sk0 interface but works on builtin NIC
Faizan ul haq Muhammad wrote: Provide the output to ifconfig bridge0, and kldstat. ifconfig bridge0 bridge0: flags=8843UP, BROADCAST, RUNNING, SIMPLEX, MULTICAST metric 0 mtu 1500 ther 0e:04:7b:09:e7:b0 inet 192.168.0.1 network 0xff00 broadcast 192.168.0.255 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 kldstat: id REfs AddressSize Name 1 7 0xc040 9111ec kernel 2 1 0xc0d12000 6a32c acpi.ko 3. 1 0xc4628000 22000 lunux.ko That is what I kind of thought... ...One more thing: do i need to enable bridging through some SCTL command. somthing like sysctl net.link.ether.bridge.config=sk0:0, sk1:0 by the way this command generates this error: unknown oid net.link.ether.bridge.config Put: if_bridge_load=YES in /boot/loader.conf. You can also load the module with: kldload if_bridge IIRC, your settings in rc.conf should be enough to configure the bridge, so if you choose to load dynamically while running, try a /etc/netstart to configure the bridge. If that doesn't work, a reboot should. If you can't get it to work, supply the same output I asked for above, and then I'll set up a quick lab here to test it. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ping stucks/hangs on PCI 3com NIC sk0 interface but works on builtin NIC
Faizan ul haq Muhammad wrote: Now i assume that in order to configure the NICs with the same NETWORK and make them working i need to configure the System as router. No. A router's responsibility is to route packets between DISSIMILAR network prefixes. In essence, trying to do what you want is similar to this: - you live at 100 John St - you need to go to 50 John St - the street is addressed in a way that a 50 John street is to your left AND to the right Which way do you go? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ping stucks/hangs on PCI 3com NIC sk0 interface but works on builtin NIC
Faizan ul haq Muhammad wrote: Which way do you go? In this case I can take any of them Perhaps you will freeze in your tracks indefinitely due to confusion. Or perhaps you will go around the entire block a few times before making a decision ;) Anyways,- Today i got some time to play around and i tried to configure the machine as bridge. I added device if_bridge to kernel then i added the code to the rc.conf cloned_interfaces=bridge0 ifconfig_bridge0=addm sk0 addm sk1 up ifconfig_sk0=up ifconfig_sk1=up now, i dun have any network address assigned to any of the interface and connect the two lan cards to two other machines and try to ping those machines from each other. but no success. Did the bridge interface actually come up? ... do you think, this is as expected..? (i think bridge does not need to have any IP address..) It depends. Are you doing any sort of firewalling? What is the IP addressing info on the two end hosts? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ping stucks/hangs on PCI 3com NIC sk0 interface but works on builtin NIC
Faizan ul haq Muhammad wrote: It depends. Are you doing any sort of firewalling? What is the IP addressing info on the two end hosts? well, in this configuration i havent enabled any firewalling. the Ips are: 192.168.0.4 and 192.168.0.5 for the other two hosts and to the bridge i assigned IP 192.168.0.1 Ok. On the box with the bridge, su to root and start a tcpdump session: # tcpdump -n -i bridge0 ...and then, on 192.168.0.4, ping 192.168.0.5 After the ping is done (whether it works or not), stop the tcpdump and email the output to the list if you can. If you can't email it, at least type out the IP addresses captured, and the direction the data is attempting to flow eg: 208.70.104.210.22 208.70.104.100.50885 208.70.104.100.50885 208.70.104.210.22 arp who-has 208.70.104.206 tell 208.70.104.193 etc. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: When is there going to be a USB install and run iso iamge for FreeBSD?
Formula 1 wrote: Is there going to be a possibility for FreeBSD, in the future or now, that there will be a release of it that allows for install and running of the operating system off of a USB memory stick? What is your objective? ie. What will this box be designed to do once it is booted from USB stick? I boot from USB stick with numerous machines, but AFAICT, there is no one single 'install method' to suit all needs. Determine what the system will do, and then post back to the list. Machines inside of my network that boot from USB: - /boot on USB with GELI encrypted system and data on hard disk, in which the USB key can be removed after boot (the USB contains the encryption key) - /boot on USB with large scale ZFS, so I don't have to shave off a UFS piece from one of the drives - routers that run RO from USB with /var /tmp in memory devices so no hard disks need to be present - devices that boot and 'copy' the OS into a memory drive prior to further loading, so no hard drive is required, and the USB stick can be removed after the boot process Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: off topic: reporting attempts to access computers
Andrew Gould wrote: Yes, it's probably time to move to certificates. Thanks for the suggestion. If you realize this, then you also want to look at devising an allow-allow-deny_by_default approach for other critical protocols that you can't employ certificates for... Instead of blocking huge netblocks with your firewall (possibly causing a denial of service on legitimate hosts), it's easier and more resource friendly to create access rules that deny by default in ANY case. (Those who provide transit or hosting services can obviously ignore this). Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ipv6 aliases in rc.conf
Reinhard Haller wrote: Hi, I'm trying to add ipv6 aliases for my jails (7.1) in rc.conf. ifconfig_lo0_alias0=inet 192.168.64.1 netmask 255.255.255.0 ifconfig_lo0_alias1=inet 192.168.64.2 netmask 255.255.255.255 ipv6_ifconfig_lo0_alias0=inet6 fd08:2548:a3e8:40::1 prefixlen 48 ipv6_ifconfig_lo0_alias1=inet6 fd08:2548:a3e8:40::2 prefixlen 128 ifconfig_lo0=inet 192.168.64.1 netmask 255.255.255.0 ifconfig_lo0_alias0=inet 192.168.64.2 netmask 255.255.255.255 ifconfig_lo0_alias1=inet6 fd08:2548:a3e8:40::1 prefixlen 48 ifconfig_lo0_alias2=inet6 fd08:2548:a3e8:40::2 prefixlen 128 ...works for me. I want to add to my post that it is not advisable to use your primary loopback interface for anything other than localhost. Keep lo0 as is, and use loN interfaces instead. To add new loopback interfaces, in rc.conf add: cloned_interfaces=lo1 lo2 lo3 #etc ...and then, add an 'UP' entry to ifconfig prior to interface use: ifconfig_lo1=UP ifconfig_lo1=inet ... ifconfig_lo1_alias0=inet6 ... # etc. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ipv6 aliases in rc.conf
Reinhard Haller wrote: Hi, I'm trying to add ipv6 aliases for my jails (7.1) in rc.conf. ifconfig_lo0_alias0=inet 192.168.64.1 netmask 255.255.255.0 ifconfig_lo0_alias1=inet 192.168.64.2 netmask 255.255.255.255 ipv6_ifconfig_lo0_alias0=inet6 fd08:2548:a3e8:40::1 prefixlen 48 ipv6_ifconfig_lo0_alias1=inet6 fd08:2548:a3e8:40::2 prefixlen 128 ifconfig_lo0=inet 192.168.64.1 netmask 255.255.255.0 ifconfig_lo0_alias0=inet 192.168.64.2 netmask 255.255.255.255 ifconfig_lo0_alias1=inet6 fd08:2548:a3e8:40::1 prefixlen 48 ifconfig_lo0_alias2=inet6 fd08:2548:a3e8:40::2 prefixlen 128 ...works for me. Technically, IPv6 is designed for multiple addresses on each interface, so the secondary (alias) parameter should not be needed at all. However, using ifconfig, we must abide by it's methods of usage. IPv6 addresses should be put inline with the IPv4 addresses under the alias numbering scheme, and things will hold together. Out of curiosity, why are you using a /48 prefixlen? I understand the /128 (when it is not inside of another assigned prefix), but IMHO, you should only use a /64 on an interface. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ipv6 and freebsd
gahn wrote: Thanks Steve: the router that sending RA is juniper and the protocol router-advertisement has been activated: g...@lab_1 show interfaces fe-0/0/3 ... Logical interface fe-0/0/3.170 (Index 70) (SNMP ifIndex 59) ... Addresses, Flags: Is-Preferred Destination: fe80::/64, Local: fe80::214:f600:aa2c:d403 Addresses, Flags: Is-Preferred Is-Primary Destination: fec0:10:5::/64, Local: fec0:10:5:0:214:f600:aa2c:d403 fec0::/10 was deprecated per RFC3879. Perhaps the Juniper unit is obeying this and just not sending the prefix in the advertisement? Everything else looks good, so lets test that possibility (as remote as it is). Take your tcpdump one step further: lab# tcpdump -n -i bge1 ip6 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on bge1, link-type EN10MB (Ethernet), capture size 96 bytes 17:55:44.027565 IP6 fe80::214:f600:aa2c:3c03 ff02::1: ICMP6, router advertisement, length 24 18:02:46.283353 IP6 fe80::214:f600:aa2c:d403 ff02::1: ICMP6, router advertisement, length 24 # tcpdump -n -i bge1 -s 0 -w /path/to/file.pcap ip6 After a time of that running (there won't be any STDOUT output), stop the capture, and open the file in Wireshark. (I've never figured out how to get tcpdump to read the data portion of the packets from a file). With the -s0, it will capture the headers and the data of each packet, so you should be able to tell whether the RA announcements do actually contain the prefix you are trying to get configured. Something that I should have asked from the get-go...do you have any sort of firewall running on the box? I'll set this up in my lab here today. Although we don't have any Juniper units, I'll see if I can recreate the problem with Cisco hardware. You may also want to test using a non-deprecated address space. The documentation address may work for instance. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ipv6 and freebsd
gahn wrote: Thanks Steve: We use fec0::... as global unique IPv6 address in the lab environment. the IPv6 routers in our lab uses fec0:0:5::/64 with eui-64 addressing scheme (for testing). From the host lab (freebsd) machine, it clearly sees two link-local addresses for two IPv6 routers via RA messages. the IP routers also sent But why not the host lab configure itself with global unique address with prefix fec0:0:5:0::/64 (provided by the routers)? What shall I do to accomplish this on FreeBSD? Well, I got this working with no issues. The router I used is an old Cisco 2651XM, and my box is FreeBSD 7.1. I even went as far to use space out of fec0::/10. Were you able to get a full pcap to ensure your global prefix is within the RA messages? If the global accept_rtadv is set to 1, and the interface is also told to accept the advertisements, then I can't explain why this is not working for you, other than a firewall on the host blocking inbound ICMP (which is very bad for IPv6, for this reason, and due to the havoc breaking PMTUd can cause). Remember that tcpdump will capture the RA's on the wire before they are dropped by any packet filter. Can you ping6 the lab host from the router, using its link-local address? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ipv6 and freebsd
gahn wrote: What shall I do to accomplish this on FreeBSD? For clarification and completeness, here is exactly what I did: First, config the router (Cisco): interface FastEthernet0/0 ip address 192.168.3.2 255.255.255.0 duplex auto speed auto ipv6 address 2607:F118:A::1/64 ipv6 address FEC0:10::1/64 ipv6 nd ra-lifetime 210 ipv6 nd prefix 2607:F118:A::/64 ipv6 nd prefix FEC0:10::/64 Next, on the host, ensure we are properly prepared: # sysctl -a net.inet6.ip6.accept_rtadv net.inet6.ip6.accept_rtadv: 1 # ndp -i fxp0 linkmtu=1500, maxmtu=1500, curhlim=64, basereachable=30s0ms, reachable=39s, retrans=1s0ms Flags: nud accept_rtadv Ensure there is not a blanket ICMP filter on the host, by pinging the link local address from the router (even if you can ping, it is still possible that ICMP type 9 are being blocked): # ping fe80::20d:60ff:fe4c:81ca Output Interface: FastEthernet0/0 Packet sent with a source address of FE80::20A:F4FF:FE0B:B109 ! Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms Ensure we see RAs on the wire: # tcpdump -n -i fxp0 ip6 listening on fxp0, link-type EN10MB (Ethernet), capture size 96 bytes 09:30:50.820717 IP6 fe80::20a:f4ff:fe0b:b109 ff02::1: ICMP6, router advertisement, length 96 Capture the entire packet with the RA information to make sure that the router is actually sending the prefixes we want to autoconf. Dump this info into a file, so we can scp it to our workstation to read it into Wireshark: # tcpdump -n -i fxp0 -s 0 -w /var/log/test.pcap ip6 What does Wireshark tell us about the advertisement: ICMPv6 Option (Prefix information) Type: Prefix information (3) Length: 32 Prefix length: 64 Flags: 0xc0 1... = Onlink .1.. = Auto ..0. = Not router address ...0 = Not site prefix Valid lifetime: 2592000 Preferred lifetime: 604800 Prefix: 2607:f118:a:: *** ICMPv6 Option (Prefix information) Type: Prefix information (3) Length: 32 Prefix length: 64 Flags: 0xc0 1... = Onlink .1.. = Auto ..0. = Not router address ...0 = Not site prefix Valid lifetime: 2592000 Preferred lifetime: 604800 Prefix: fec0:10:: *** So by this point, we've confirmed that everything is in order. I don't know if FreeBSD will autoconf if the 'L' bit (Onlink) flag is set to 0, so check that too. Let's see our ifconfig output: # ifconfig fxp0 inet6 fe80::20d:60ff:fe4c:81ca%fxp0 prefixlen 64 scopeid 0x1 inet 192.168.3.1 netmask 0xff00 broadcast 192.168.3.255 inet6 2607:f118:a:0:20d:60ff:fe4c:81ca prefixlen 64 autoconf inet6 fec0:10::20d:60ff:fe4c:81ca prefixlen 64 autoconf The last thing to try, is to ping6 the known IPv6 address of the router from the host. Perhaps ifconfig is not displaying the learnt addressing information until it is used. (This situation did come up for me, but it may have been a coincidence in timing. I haven't been able to reproduce it). Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Assigning static ip address
Nikolaj Thygesen wrote: Hi list, I've been experimenting and googling for hours w/ no luck. All I want to do is run dhcp and then replace the ip address of the interface with a new static ip afterwards. I've been following this thread all day, but I still don't understand exactly what you are trying to accomplish. From what I understand (and correct me if I'm wrong): - you are working on a FreeBSD host system - you have a DHCP server on the network, but it is not on this host - you want to use all of the DHCP assigned parameters on the host, but you want to have a static IP on the host you are working on that is different than the one assigned to you If that is correct, then you really only have two options: - do an #ifconfig, and in the configuration on the DHCP server, specify a directly assigned IP address to your MAC address. This way, DHCP server will feed you the same 'static' (aka permanent lease) address to you, and will also provide you with all other configuration parameters, or; - do not configure the IP address on the host via rc.conf. Let dhclient do its job, and have the system run a script at bootup with the requirement that 'network' setup is done, and that will set ONLY the IP address. It would help if you could specify what platform the DHCP server is running on, and whether you have control of it or not. It is important that you don't set a static IP address on your host that the DHCP server has in its lease pool. If you do, it may/will cause IP conflicts on the network. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ipv6 and freebsd
gahn wrote: Ok, i meant the configuration of ipv6_network_interface=fxp0 alone doesn't seem to be working: [...] how could I enable IPv6 only on the interface fxp0 instead of every interface? It is possible to completely disable IPv6 on an interface, but man (8) ndp recommends against doing this manually. However, you can pretty well achieve the same effect by informing the interfaces to not accept RAs. First (and to answer your next question), enable 'auto config'. You can put the next line in /etc/sysctl.conf to enable it at boot (without the word 'sysctl'): pearl# sysctl net.inet6.ip6.accept_rtadv=1 Now, you can disable acceptance of rtadv messages on individual interfaces by: pearl# ndp -i fxp1 -- -accept_rtadv ...or re-enable: pearl# ndp -i fxp1 -- accept_rtadv So, I think that this will suit your requirements. The only difference being is that although the unused interfaces won't accept RAs, they will still have a link-local address. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ipv6 and freebsd
gahn wrote: Thanks for the tips. But i still only see the fe80::..., link-local address, not the fec0:... something as I expected. Provide the output to: # sysctl -a net.inet6.ip6.accept_rtadv # ndp -i fxp0 # ifconfig fxp0 ...and, run a tcpdump on fxp0 capturing only IPv6 packets. Eventually you should see the router advertisements: # tcpdump -n -i fxp0 ip6 If you don't see them, check your router config. What type of router is it? Most routers have RAs disabled by default. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: please remove all search results with name Constantin Stalzer
Chris Knight wrote: On Tue, Feb 10, 2009 at 4:41 PM, Jerry McAllister jerr...@msu.edu wrote: To make fun of someone's ignorance is not humorous. It is offensive and small. We are going to have to agree to disagree. I read in a posting recently by a very, very prominent and respected member of the Internet community that agreeing to disagree is very disrespectful. In other words, you are accepting the fact that someone is wrong without finding a solution. Jerry made a very valid point. Jerry has made countless hundreds of posts to this list, many of which are directed at helping the newcomer settle in. _Any_ poking fun at someone whatsoever is unacceptable, and that is non-disputable. It is my opinion that to make fun of someone's _stupidity_ is offensive. Stupidity, like the lack of a sense of humor, is a disability that can not be cured. Ignorance, which is easily cured, is something that we all suffer from time to time and is therefore a more universal point of humor. It is not a point of humour to those who do not know any better. A softer, more gentle approach would be appropriate here. Even if *you* think it is humorous, have you ever known anyone, or had any children with any sort of anxiety issues? I'm sure you haven't, or you wouldn't be arguing with Mr. McAllister, and you surely wouldn't be defending your post. Perhaps by have to agree to disagree means that you will rephrase a response to the OP directly that explains the 'hows' and 'whys' of the non-feasibility of the request... Cheers, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: please remove all search results with name Constantin Stalzer
michael copeland wrote: on a side note, i can't believe this has kept going Either can I. It's a flame-war, and I became part of it (tsk). I just so want this list to be a good place for newcomers as I once was, that I'd rather try to keep the list clean, and very much dislike it when someone tries to challenge the integrity of a very well respected, long term member of the list. This thread is done for me now. Bring back on the IPv6 questions Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Bridge setup at boot
Da Rock wrote: I feel like a real newbie asking this one, but the answer is still eluding me :( I have a system where I'm separating my servers for distinction so I'm running qemu. I have a bridge setup which works occasionally, but I need it to work 100% of the time. I also need this to run at boot time, which is where it seems to fall short (not to mention that on occasion even the re driver fails to load- not sure if its hardware or software yet, but appears to have no bearing on the bridge problem; I could still get an ip address via dhcp when the bridge is not working). My loader.conf looks like this: snd_hda_load=YES if_bridge_load=YES if_tap_load=YES My rc.conf looks like this: cloned_interfaces=bridge0 tap0 autobridge_interface=bridge0 autbridge_bridge0=re0 tap0 ifconfig_re0=up ifconfig_tap0=up ifconfig_bridge0=DHCP If I tell re0 to use DHCP as well, I can access the host, but not the guest. If I run qemu in a script, the guest cannot get a DHCP address. This seems to happen intermittently- one problem then the other. If the bridge fails to get an ip from dhcp, I find re going down just after bridge0 starts looking for an ip- re comes up again after that starts. If bridge0 does get an ip, the tap0 will go down and qemu guest can't get an ip. I feel like I'm going round in circles now. Using rc.conf nothing appears to be happening in order- things seem to be going up and down when they feel like instead of when they should. I need this to be stable, not a cross your fingers and toes, we're going in scenario- which is what bridging appears to be like at startup. Manually I can get it working off the bat, but I'm trying to get this working within the framework provided. For reference the sysctl.conf settings mentioned in some circles are useless in 7.1- net.link.ether.bridge_cfg and net.link.ether.bridge.enable aren't recognized. Can you stabilize the bridge at boot, without any other software starting up? If not, does re0 get set up consistently with the same config with a basic setup? I had similar issues a while back (pre 7.1) in which sometimes 're' devices didn't start up at the proper speed/duplex. Every once in a while, it would show up at 10 or 100 half, when it should have been auto set at full 100 or 1000. If I forced proper speed/duplex, other outside programs began to work properly. However, I haven't witnessed those issues since 7.1 Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sendmail to Relay different domains to different hosts
greg.st...@sungard.com wrote: I am using Sendmail on a FreeBSD7.0 server as a mail relay for some of our servers. These servers relay messages to both internal recipients and external customers. I need to be able to relay mail destined to our internal domain recipients to our corporate mail servers but relay everything else out to our usual smart host. So basically, I am looking to relay emails destined for a certain domain to one host and the rest of the mail to another. Does anyone know how I could configure sendmail to accomplish this? Yes. Take a look at the `mailertable.sample' file. Create an empty 'mailertable' file in /etc/mail, and add the domain-to-server maps to it: corporate.com smtp:relay.corporate.com other.com smtp:some.other.server.com ...and then IIRC: # cd /etc/mail # makemap hash mailertable mailertable Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: insert new line in files
Adam Vande More wrote: Dan Nelson wrote: You want: sed -e '5i\ test' test.txt i.e. a linebreak after the backslash. I had actually tried that too: sed -e '5i\ ? test' text.txt sed: 1: 5i test : command i expects \ followed by text Try: # sed -e 5i\\ ? test text.txt Note the double-quotes and two \\. I just ran into this today ;) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: insert new line in files
Adam Vande More wrote: Dan Nelson wrote: I had actually tried that too: sed -e '5i\ ? test' text.txt sed: 1: 5i test : command i expects \ followed by text I don't see a backslash in the error message, which means something ate it. Are you running this command from something other than the commandline or a plain sh script? If you're calling this from another scripting language (via system() or popen() or something similar), you probably have to double the backslash so whatever's parsing it out passes one through to sed. This is being executed from stock tcsh Progress is being made as it works in the test now with the \\ however I'm running into more things I don't understand in regards to what I need to escape in my input string. sed -e '5i\\ include(\'/usr/home/www/imp-sites/default_inventory.php\');' test.txt Unmatched '. I also tried escaping ( ) . / to no avail. I don't know for sure under tcsh, but did you try double quotes as I suggested? Using them may prevent the normally special characters from being interpolated. If it doesn't work, then hopefully escaping them will. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: insert new line in files
Adam Vande More wrote: I also tried escaping ( ) . / to no avail. nevermind I see I have to \\ that as well. Okay now I'm going to try to find a way to do this with find and xargs IMHO, this has become a job for Perl :) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Backup to spare drive (rsync / crontab)
drc...@yahoo.com wrote: I am using rsync and crontab to perform scheduled backups on FreeBSD AMD64 Rel. 7.0 I am following process described here for rsync : http://samba.anu.edu.au/rsync/examples.html I have a backup script's created for daily, weekly, monthly. This is one example - the daily (/backup is a seperate physical drive) : #daily backup script rsync -a --delete /usr/home/data/Access/ /backup/daily/Access rsync -a --delete /usr/home/data/Templates/ /backup/daily/Templates rsync -a --delete /usr/home/QBdata/ /backup/daily/QBdata rsync -a --delete /usr/home/reception1/ /backup/daily/reception1 rsync -a --delete /usr/home/reception2/ /backup/daily/reception2 rsync -a --delete /usr/home/reception3/ /backup/daily/reception3 rsync -a --delete /usr/home/data/Files/ /backup/daily/Files Try putting the full path to rsync in your script: # whereis rsync Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Looking for a Good FreeBSD and General Unix Backup System
Martin McCormick wrote: Several months ago, I started using dar to backup a number of FreeBSD and Linux systems to one FreeBSD box. It worked fine once one got the syntax of the remote commands working, but then it all died when I moved it to a new FreeBSD6.3 system. I feel for you. What we plan to do is backup a bunch of Unix systems to one FreeBSD box and then use a commercial package to back that box up to an enterprise-wide system we use. The archiver we need must be able to make 1 full backup of each system like tar and then incrementals until we are ready for another full backup. I am an AMANDA advocate. You seem to have a decent understanding of the difference between 'backup' and 'archive'. rsync does not fit your bill here, IMHO. Given that you need a 'standard' method of recovery, AMANDA conforms to dump(8) and restore(8) if you don't have easy/direct access to its internal amrecover(8) command set. The initial learning curve isn't bad for a sys admin who is familiar with performing proper network backups, and once initially configured, just does it's job. Since you can have all of your FreeBSD boxes backed up to a single hierarchical directory structure via AMANDA, your enterprise server should have no problem sweeping that single directory up, fulfilling that portion of the criteria. Any suggestions as to what is best? Dar seemed to be okay until the incrementals would hang each time with some error messages about the format version being too high which is bogus because we are using the same version for all the effected systems. My suggestion is to use something that conforms to age-old and tried-and-true dump/restore routines. A backup (as I can tell you already know) is as good as the time it takes to restore from it. The archive files should use tar or some other common storage method so we could unpack an archive from a Linux system in to a FreeBSD directory or vice versa. http://amanda.org Not only will it use tar, but you can define, on a partition level basis, which tar to use, whether to compress, etc etc. Any backup packages using tar would be fine as long as they can do incremental backups and use ssh as the transport. If you do use AMANDA, it is trivial to copy the backups over SSH whether it be after they are done or during backup. HTH. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Edit user groups
Akenner wrote: Hi, I'm using FreeBSD 7.1-RELEASE and I have multiple user accounts set up. I made about 4 for myself to use and do various testing with, and made some for my Wife as well because She knows UNIX better than I do anyway heh. Anyway, one of the things I forgot about, was that FreeBSD by default doesn't allow just anyone to use su. I come from mainly using Linux, where you can log in and then whenever you need to open a root xterm or even a root shell, you just type the password and go. I looked up how to do this but most of my results came back with setting up user accounts, and other things. I did add another user that was in the wheel group so I could do it, but I'd really like to be able to add my main user account to the wheel group so I can su from this one instead of doing su otheruser and then su again to root. I found while searching for this something that MIGHT be what I'm looking for, but after reading it over, it seems I'd have to read through the whole man page first and then, it could be bad if I mistype something, or I could even screw up an account, which I can't risk. Is there an exact way to take a user account on my system, and add it to the wheel group? Yes. # ee /etc/group ...and add your username to the list of users after the wheel group. For instance, by default, the entry will appear as such: wheel:*:0:root ...and if my username is steve, you will append the line like this: wheel:*:0:root,steve ...then hit ESC, then ENTER twice. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: / mounted read-only after error in /etc/rc.conf
Pieter Donche wrote: I made a typing error when chanign /etc/rc.conf (linux_enable=YES) when rebooting the system, the boot stops /etc/rc.conf: 22: Syntax error: Unterminated quote string Enter full pathname of shell or RETURN for /bin/sh: # this leaves me with /dev/ds0s1a on / (ufs, local, read-only) since / is read-only I can not edit /etc/rc.conf to correct the error. How to solve this? Try: # mount -u / Which will try to re-mount the / partition as read/write. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Launching Vim
Rem P Roberti wrote: Can someone give me a heads up on this. I just installed vim, but when I try to launch the program I get this error message: /libexec/ld-elf.so.1: Shared object libperl.so not found, required by vim Is this a path problem? The actual file libperl.so recides in /usr/local/lib/perl5/5.8.9/mach/CORE/libperl.so First, run: # /etc/periodic/weekly/310.locate Then, provide the output to: # locate libperl.so # echo $PATH Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Blocking very many (tens of thousands) ip addresses in ipfw
Artem Kuchin wrote: I need to block around 15 ip addreses from acccess the server at all at any port. The addesses are random, they are not nets. These are the spammer i want to block for 24 hours. The list is dynamically generated and regenerated every hour or so. What is the most efficient way to do it? At first i thought doing ipfw rules using 5 ips per rule, that would result in 3 rules! This will be too slow! I need to something really quick and smart. Like matching the first number from ip (195 from 192.1.2.3), if it does not match - skip, if it does - compare the next one and so on. Use tables. They are efficient, and easy to manipulate. # ipfw table 1 add xx.xx.xx.xx/xx # ipfw deny all from table(1) to any It would be best if you allowed only legitimate IP addresses to pass traffic in/out of your network, and then deny all else, but the way your message reads, this is SMTP traffic inbound, so 'allow some, deny the rest' doesn't work too well here. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Blocking very many (tens of thousands) ip addresses in ipfw
Pieter de Goeje wrote: On Wednesday 14 January 2009 17:23:25 Artem Kuchin wrote: I need to block around 15 ip addreses from acccess the server at all at any port. The addesses are random, they are not nets. These are the spammer i want to block for 24 hours. The list is dynamically generated and regenerated every hour or so. What is the most efficient way to do it? At first i thought doing ipfw rules using 5 ips per rule, that would result in 3 rules! This will be too slow! I need to something really quick and smart. Like matching the first number from ip (195 from 192.1.2.3), if it does not match - skip, if it does - compare the next one and so on. Quoting ipfw(8): LOOKUP TABLES Lookup tables are useful to handle large sparse address sets, typically from a hundred to several thousands of entries. There may be up to 128 different lookup tables, numbered 0 to 127. net.inet.ip.fw.dyn_buckets should probably also be increased to efficiently handle 150k IPs. Please correct me if I'm wrong, but if the OP is going to drop all traffic immediately from the 150k IPs, then dyn_buckets shouldn't come into play, as there is no dynamic rule generated. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd encrypted hard disk?
Johann Hasselbach wrote: I read the encrypting disk partitions section of the Handbook. What is the preferred method nowdays, geli or gbde? Is there another method that would be better? I don't know what is best, but for quite some time I've used GELI to encrypt my entire hard disk, including the / partition. I then copy /boot to a USB thumb drive with the encryption key so I don't need any portion of the hard disk unencrypted. This setup also allows me to pull the USB key from the machine after it has been booted, taking the encryption key with me. I've never had a problem. pearl# df -h Filesystem SizeUsed Avail Capacity Mounted on /dev/ar0.elia504M377M 87M81%/ devfs1.0K1.0K 0B 100%/dev /dev/ar0.elie 47G9.6G 34G22%/usr /dev/ar0.elif 47G7.2G 36G17%/var /dev/ar0.elig 47G 25G 19G57%/home Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Performing installed ports upgrade / leaving some software intact
Zbigniew Szalbot wrote: Dear all, I am now full into planning the 7.0-RELEASE to 7.1-RELEASE upgrade. I know that at the end of the day it will also mean upgrading all ports (portupgrade -af). I have one port - mailman - which I have customized a lot and do not really want to upgrade it as it will most likely mean I will have to hack a few files again. What options do I have so that I do not break the setup? I am thinking of: 1/ backing up the hacked files and restoring them later (but I will overwrite the newer files with older ones perhaps breaking something). 2/ making them read only (but the end result will be the same and upgrading as root I will overwrite them anyway). And that would be it. My wisdom ends here. Is there any option to survive the ports upgrade? :) If not, I guess I will just have to hack Mailman files again after the upgrade... Can you verify that the original copy of the files you've hacked have indeed been modified in the upgraded version? Perhaps you could download the source for both the new version in ports, and the original version, and find out exactly what, if any changes have been made to your modified files. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: PHP setup question
stan wrote: If you want to see what I have, It's reachable at http://beachcave/net/ampache/ I can't reach it :) Reply with the proper URL and I'll have a look. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD Boot Manager
Kurt Buff wrote: On Thu, Jan 8, 2009 at 5:17 PM, Grant Peel gp...@thenetnow.com wrote: On that drive, there was about 100 GB of free space, so I decided to try putting FreeBSD 6.4 on it. During the install, I opted to use the Free BSD boot manage. The install went flawlessly. Any idea what I might need to do to make windows work again? It may be worth mentioning, I had Norton GoBack running on the disk before I installed FreeBSD, although I am not aware if it does anything to the booting system. www.bootdisk.com Find a bootable floppy image there that includes a DOS fdisk, and write it out to a floppy disk. Boot your machine with that floppy, and at the DOS prompt, type 'fdisk /mbr' - it will write a standard boot sector, and Windows should boot again. Of course, this will not allow you to boot to your new FreeBSD installation, but with other folks' help, you can probably overcome that - probably with GRUB, or another boot manager. Technically (theoretically) speaking, using a Win32 boot disk to fdisk /mbr, he should be able to re-initialize the FBSD boot loader by going through the steps he did initially. AFAIR, Symantec GoBack, along with many other 'in-disk' restoration programs, overwrite the boot sector with its own code. If the OP can boot back into Windows with the fdisk /mbr, he has likely done both: - broke his GoBack program's ability to recover, and; - made it possible to restore the FBSD boot manager If Windows boots after following Kurt's recommendation of restoring the Windows MBR, back up your Windows system, then try FreeBSD again. You sound courageous, give 'er! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: issue with extra top level domain appened to mail
Matthew Davidson [DATACOM] wrote: Do you have unusual options like FEATURE(always_add_domain ...) set up? I haven't made any changes to the sendmail configuration. It's straight out of the CD vanila 6.3 Standard install. I'm completetly stumped. If I build with 6.1, I don't have any issue. If I build with 6.4, same problem. I might try rebuilding as 'matdav.datacom.com'. Perhaps it's some bug specific to the '.nz' TLD, but that seems unlikely. Show output for: # ifconfig # dig @localhost matdav.datacom.net Then, get the nameserver IP address out of /etc/resolv.conf, and assuming that $IP is equal to the IP address of the nameserver,: # dig @$IP matdav.datacom.net This problem resembles an issue with a missing '.' trailer somewhere within a naming application... Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD Boot Manager
Grant Peel wrote: So then, IF we are able to restore the Windows MBR, and boot into windows, should we not be able to boot the machine with a bootable FreeBSD disk, then, use Sysinstall to restore the FreeBSD boot manager? Yes, that is exactly what I was getting at. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD Boot Manager
Grant Peel wrote: Can I use a windows install cd's R option to do the fdisk /mbr ? I don't know. It's been $years since I've had to use a Windows install CD for such a thing. If it's win32, my experience would have me recommend just booting from a floppy of a win boot disk to restore the MBR. It's just quick that way. If my memory serves right, even a win98 boot disk should work. Why load up all of the unneeded Windows device drivers and other stuff, if you can just 'fix' it? IIRC, just to get to the `Recovery Console' (if you please) takes many, many minutes. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sun sucks
RW wrote: On Thu, 8 Jan 2009 17:10:10 -0500 Ansar Mohammed ans...@gmail.com wrote: After registering Sun complains that they don't like my ID and I need to provide more information. I create another account. Same problem. After 3 months I finally get an email saying they want clarification on the acronym for my company. Well there's your problem. You gave them too much information in the first place. I usually just make-up a name as a matter of principle. Just create a new account for some made-up name, don't specify any company, download your file, and then (if you really care) go through the hoops afterwards. Improper subject, wrong attitude. If one wishes to use a license from another product that is outside of the BSD license scope, then follow it properly. FreeBSD ( personnel) does a magnificent job of keeping outside-licensed code and objects separate from itself, and I'd rather jump through burning hoops of flame to 'add on' to the system to mend it to my needs, as opposed to having the system, and possibly its users, face legal ramifications later... If you need outside software that requires reading any sort of an 'Agreement', then follow the 'Agreement' until you get rights to use the software. FreeBSD isn't about 'easy'. It's about 'right'. Installation methods print out information about external licenses for a reason. Ask those external places how to get around their sign-ups...don't ask here. For that matter, don't answer such questions here, either. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: PHP setup question
stan wrote: I'll describe the test setup that I used within a VM to configure things inline. The software does not necessarily match the version number exactly to yours. OK, here goes: black# uname -a FreeBSD black.fas.com 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #0: Sat Dec 27 19:11:47 EST 2008 root@:/usr/obj/usr/src/sys/GENERIC amd64 FreeBSD testweb.eagle.ca 7.1-RELEASE FreeBSD 7.1-RELEASE #0: Thu Jan 1 14:37:25 UTC 2009 r...@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 ports of interest: My ports tree is the one from the FBSD 7.1 install as noted above. I literally just downloaded the .iso yesterday. ampache-3.4.3 mysql-client-5.0.75 MySQL was installed with: # pkg_add -r mysql51 testweb# mysql -V mysql Ver 14.14 Distrib 5.1.28-rc, for portbld-freebsd7.1 (i386) using 5.2 mysql-server-5.0.75 Server version: 5.1.28-rc FreeBSD port: mysql-server-5.1.28_1 apache-2.2.11 Apache installed via: # pkg_add -r apache2 testweb# apachectl -v Server version: Apache/2.2.9 (FreeBSD) Server built: Sep 8 2008 13:27:11 PHP was installed from ports (lang/php5). The only changes I made were enabling the Apache module and enabling sessions (which BTW is required for Ampache, as is mysql pcre iconv). php-extensions was also installed via ports. Other than GD, the only other option that I enabled was MySQL. Once you have these installed add the folloowing lines to /usr/local/etc/apache22httpd.conf Directory /usr/local/www/ampache/ Order allow,deny Allow from all /Directory Alias /ampache /usr/local/www/ampache Normally I set up websites in a different fashion than above, but to keep things consistent, I followed the documentation as above. Edit /usr/local/www/ampache/config/ampache.cfg.php.dist and put doubel quotes around the names of the rss* bairables (to work around a known bug Complete step 1 of the install process Go to step 2, when you press write config file you will be prompted to download this fle instead (not cerrtain wh the directory it goes in is writbale by the www user). Donwload this file and install it as: /usr/local/www/ampache/config/ampache.cfg Done. I scp'd the file from my Windows workstation to the box, and put it into the ampache/config directory. I then chown'ed the file to my web servers UID. Try to proced to step 3. You should get an error message saying that Ampache is already configured (but it's not0. At this point, (Step 3), I am presented with a 'Create Admin Account' screen...I receive no errors or warnings. Clicking on 'Check config' claims everything is ok... ...and now I am presented with: http://208.70.104.27/ampache/login.php ...in which I use the admin account I just created, and it directs me into the application. I beleive this is a repeatvle bug. I'm willing to bet that you have a permissions error within the filesystem, but that is just a guess. Provide the output to: # ls -l /usr/local/www # ls -l /usr/local/www/ampache/config Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: PHP setup question
stan wrote: Complete step 1 of the install process Go to step 2, when you press write config file you will be prompted to download this fle instead (not cerrtain wh the directory it goes in is writbale by the www user). Donwload this file and install it as: /usr/local/www/ampache/config/ampache.cfg Oh, I missed this my first pass through... If what you claim above is not a typo, then the system surely can not find a configuration, as it should be named: ampache.cfg.php ...not ampache.cfg Small point, but could be a critical one. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD USB Install
Matthias Apitz wrote: El día Wednesday, January 07, 2009 a las 03:17:02PM +0100, Polytropon escribió: On Wed, 7 Jan 2009 08:25:45 -0500, Brian McCann bjmcc...@gmail.com wrote: Hi all. I'm trying to install FreeBSD 7.1 off the CD to a USB thumb drive, but every time I try it fails. sysinstall says Unable to make new root filesystem on /dev/da0s1a1. Command returned status 38. When I switch to the debug console, I get cg 0: bad magic number. This thumb drive was being used on my Windows machine previously, then I re-formatted it as UFS to use it on a FreeBSD machine...so I know the thumb drive itself works. Can someone shed some light on this problem? I could only suggest to eliminate all slices and partitions on the thumb drive (such as it was a new disk right from the factory) and let sysinstall put slice and partitions onto it. The problem is that 'from the factory' sometimnes they come already Windows-like formated; I've wiped out all with: # dd if=/dev/zero of=/dev/da0 bs=1m (double check that /dev/da0 is really the device you want to clean) sysinstall will provide you an option to erase any existing 'partitions' that exist on the drive during install, so the 'dd' is redundant. I've never installed directly to a thumbdrive before. Normally I'd install to a hard disk, pear it down, and then effectively copy the system to the thumb drive manually. I end up with a system as such (so I don't need a hard disk): router# df -h FilesystemSizeUsed Avail Capacity Mounted on /dev/da0a 939M410M454M47%/ devfs 1.0K1.0K 0B 100%/dev /dev/md0 31M 20K 28M 0%/tmp /dev/md1 15M 36K 14M 0%/var/run /dev/md2 31M318K 28M 1%/var/log /tmp 31M 20K 28M 0%/var/tmp That said, installing to a USB disk through sysinstall should technically (AFAIK) be no different than installing to a standard SCSI hard disk (da0). What options are you supplying when you reach the 'FDISK Partition Editor' screen? Also, if you are installing the system via sysinstall that is running on an already installed FreeBSD, you must use the 'w' option before 'q'. Quit within the disk editor while running under FreeBSD does not imply 'write'. (This being opposed to booting from a CD to install). Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: PHP setup question
stan wrote: On Wed, Jan 07, 2009 at 09:33:46AM -0500, Steve Bertrand wrote: stan wrote: I'll describe the test setup that I used within a VM to configure things inline. The software does not necessarily match the version number exactly to yours. Thanks for puting in all this effort!! No problem. $ ls -l /usr/local/www/ampache/config total 24 -r--r--r-- 1 www www 19352 Jan 5 16:38 ampache.cfg.php.dist -r--r--r-- 1 www www141 Aug 31 02:20 motd.php.dist -r--r--r-- 1 www www 96 Aug 31 02:20 registration_agreement.php.dist $ Does this look corect? No. You did not put the downloaded ampache.cfg.php file in the ampache/config directory. Your /usr/local/www/ampache/config should look like this: testweb# ll /usr/local/www/ampache/config/ total 46 -r--r--r-- 2 www www 14 Aug 31 02:20 .htaccess -rw-r--r-- 1 www www 19366 Jan 7 09:23 ampache.cfg.php -r--r--r-- 2 www www 19352 Jan 7 09:19 ampache.cfg.php.dist -r--r--r-- 2 www www141 Aug 31 02:20 motd.php.dist -r--r--r-- 2 www www 96 Aug 31 02:20 registration_agreement.php Note the ampache.cfg.php file. It is the one that I downloaded during install to my local workstation. I then uploaded it back to the server, and put it in the config directory per the documentation. Cheers, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Upgrade a USB-stick contained system
Hi everyone, I run numerous systems (mostly networking gear) from 2GB USB thumb sticks. These systems do not have hard disks. To update one of these systems, I'd generally copy the thumb drive filesystem to a hard disk in another PC, upgrade it, and then transfer the necessary data back to the USB drive. I'd like to change this approach. What I'd like to do, is boot the USB drive in another machine that has a hard drive, and mount any necessary directories for the duration of the upgrade into the USB drive (such as /usr/src, /usr/ports etc) from the hard drive. When I'm done, the cruft stays on the physical hard disk, while the upgraded system on the USB drive is physically replaced back into the original system. This is purely a disk-space issue on the USB disk. What I want to know, is *exactly* what _working_ directories/filesystems are required to build a new system... working directories that can be dissolved with no repercussions by using umount. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: PHP setup question
stan wrote: On Mon, Jan 05, 2009 at 09:45:23PM -0600, Kelly D. Grills wrote: On Mon, Jan 05, 2009 at 04:51:08PM -0500, stan wrote: Clearly I am still confused. :-( I just duid as you sugested, and all went well untill I pushed the Write Config button at Step 2. At this point I was offered teh option fo downlaoding to the machine that I was running the web browser on this config file. Since this is where I got hung up last. I stoped to ask what I am doing wrong. If I download this file, and put it in the config directory, based upon previous behavior the setup process will refuse to run, because the config file exists. What basic misunderstanding do I ahve here? This thread represents an exmaple of exactly the problem I am facing. It appears as though this behavior can be triggered by running the wrong version of ampache. Can anyone confirm that the version in ports actually works? Stan, It appears as though you are bouncing off the walls to find a solution. Did you contact the appropriate list as prescribed by Kelly? Can you document a well-defined approach in regards to the installation methods you need to follow to reach the goal you are after? If so, email it to the list, starting with your base OS version. I'll help you out with a test platform if you can get things organized. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Urgent help needed please: Gvinum problem
Ian Lord wrote: Hi, We had a power lost even though we have ups and generators (still investigating it) and when the machine rebooted one of the disk seems to be failed : The system complains about fsck repaired failed and that I must run it manually. It then boots in single user mode. I entered gvinum and pressed “l” to see the status of the drive and I get this: My volume is UP My plex is shown as degraded I have 3 of the 4 subdisks shown as UP the 4th is shown as down. Running “gvinum /dev/gvinum/RAID5” which is the name of my volume gets me this error: ** /dev/gvinum/RAID5 Cannot find file system superblock Ioctl (GCINFO): Inapropriate ioctl for device fsck_ufs: /dev/gvinum/RAID5: can’t read disk label I tried “bsdlabel gvinum/RAID5” it tells me there is no valid label found Does anyone knows what I can try to try to put back system online (at least, so I can restore a backup on the disk) I'm trying to find my vinum notes, but can't as of yet... What does a: # fsck -y /dev/gvinum/RAID5 ...yield...anything? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Using HDD's for ZFS: 'desktop' vs 'raid / enterprise' -edition drives?
dick hoogendijk wrote: On Fri, 2 Jan 2009 15:17:30 -0500 stan st...@panix.com wrote: On Fri, Jan 02, 2009 at 05:48:27PM +0100, Wojciech Puchar wrote: think twice before doing. Could you elaborate please ? ZFS still doesn't work as described ... Is that comment FreeBSD specifc, or aimed at ZFS in general? Mind you, ZFS on FreeBSD is not the same as on OpenSolaris-2008.11, Nevada or even Solaris 10. On those platforms ZFS generally does what it is supposed to do, other than it's still a developing FS. On *BSD related systems that is not always the case. Do a good readup. I had problems with ZFS about a year ago (or so). Since then, for me, ZFS has been quite reliable: amanda# zpool list NAMESIZEUSED AVAILCAP HEALTH ALTROOT storage1.82T 1.21T623G66% ONLINE - amanda# zpool status NAMESTATE READ WRITE CKSUM storage ONLINE 0 0 0 raidz1ONLINE 0 0 0 ad0 ONLINE 0 0 0 ad2 ONLINE 0 0 0 ad4 ONLINE 2 0 0 ad6 ONLINE 0 1 0 ...with four drives as such (I'd call them 'resi' or 'home-user' quality: ad2: 476940MB WDC WD5000AAKS-00A7B0 01.03B01 at ata1-master SATA300 This machine, which runs AMANDA backup archiver, backing up ~8 FreeBSD servers at about 120Mbps network every night is: amanda# uname -a FreeBSD amanda.x 7.0-STABLE FreeBSD 7.0-STABLE #0: Thu Jul 17 15:24:40 UTC 2008 st...@x:/usr/obj/usr/src/sys/GENERIC i386 I've pushed the machine to 686Mbps network @225kpps, including FBSD SCP and Windows NetBIOS clients while running iperf on other boxen and was still able to write/read to the storage. Instead of this one-liner crap 'don't do it' information to the users of this list, lets begin explaining *why* its not working, and start providing coherent solutions as to how the OP can work around the issue, huh? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Using HDD's for ZFS: 'desktop' vs 'raid / enterprise' -edition drives?
Steve Bertrand wrote: dick hoogendijk wrote: On Fri, 2 Jan 2009 15:17:30 -0500 stan st...@panix.com wrote: On Fri, Jan 02, 2009 at 05:48:27PM +0100, Wojciech Puchar wrote: think twice before doing. Could you elaborate please ? ZFS still doesn't work as described ... Is that comment FreeBSD specifc, or aimed at ZFS in general? Mind you, ZFS on FreeBSD is not the same as on OpenSolaris-2008.11, Nevada or even Solaris 10. On those platforms ZFS generally does what it is supposed to do, other than it's still a developing FS. On *BSD related systems that is not always the case. Do a good readup. I had problems with ZFS about a year ago (or so). Since then, for me, ZFS has been quite reliable: I forgot to mention... the Since then should have also included that at the time of unreliability, I was testing a new NVidia motherboard. Since then, I've swapped out the board to an Intel hardware platform. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Snow in my Server
prad wrote: i'm surprised that people actually still live in southern ontario. despite all the imaginative suggestions, this is obviously an issue that should be submitted through the form here: http://www.freebsd.org/send-pr.html you will note that beastie is using something like a shovel in the pic, so you can use this fact to strengthen your case. Ouch! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Snow in my Server
Roger Olofsson wrote: Gary Hartl skrev: Help, I'm in southern Ontario and I have 20cm of snow on my freebsd 7-release server. IT seems to be causeing some http outages. My FBSD 6-.0 doesn't seem to be affected thou. Locate roof in ports and build roof! Better yet, do what they do just west of me in Toronto... call in the Army ;) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: lang/php5 port
Tom Worster wrote: is there any documentation or a helpful website for how to use ports to install php5? i'm used to compiling it with a pretty long configuration command for all the optional bits i need, e.g. --with-dom --with-dom-xslt --enable-dom --with-pear --with-gd etc. etc. on and on. i'm unclear how these options are handled in freebsd ports. is it a matter of identifying lots of individual ports, one for each of the configuration command options i'd normally use? From what I can tell (and how I normally do it) is simply put your familiar command line compile args in the Makefile within the ports tree. If you follow the flow of the existing Makefile, it should become clear as to how to add your custom args. Simply: # cd /usr/ports/lang/php5 # ee (or if you please 'vi') Makefile # make install [clean] ...any problems, report back. Ironically, I just did this type of PHP install today. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: lang/php5 port
Brett Davidson wrote: Tom Worster wrote: is there any documentation or a helpful website for how to use ports to install php5? i'm used to compiling it with a pretty long configuration command for all the optional bits i need, e.g. --with-dom --with-dom-xslt --enable-dom --with-pear --with-gd etc. etc. on and on. i'm unclear how these options are handled in freebsd ports. is it a matter of identifying lots of individual ports, one for each of the configuration command options i'd normally use? Run make config on the php port to see if any configuration options you need are mentioned there. I normally utlise the php-extensions port - run make config in there for options. One of the reasons I've had to edit Makefile manually was because a client needed JPEG support. At the time, `make config' didn't provide that option. You make a couple of valuable points however. It would be easier if the OP's demands could be met with your method. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org