Re: Patching? Probably a trivial question, but...

[Steve Bertrand]

Kurt Buff wrote:
 On Wed, May 27, 2009 at 11:36, Mel Flynn
 mel.flynn+fbsd.questi...@mailing.thruhere.net wrote:
 On Wednesday 27 May 2009 17:21:42 Kurt Buff wrote:
 All,

 I've gotten a patch for a program in the ports tree from one of the
 authors of the program - not the port maintainer - to fix a small
 problem, but don't know how to install the updated port.

 I cd'ed into the
 /usr/ports/%CATEGORY%/%PROGRAM%/work/%PROGRAM-VERSION% directory, then
 performed 'patch patch-name' successfully, AFAICT.

 Then I did a make, but got no output.

 So - I'm obviously lacking clue here. Anyone have a spare set?
 Don't feel like reading the entire thread atm, but for reference:
 - Patches need to have relative paths, where the root of the path corresponds
 to the port's notion of $PATCH_WRKSRC
 - You can find out this directory by running:
 Â  Â  Â  Â % make -C /usr/ports/category/portname -V PATCH_WRKSRC
 Â The default is $WRKSRC which is $WRKDIR/$DISTNAME by default.
 Â Example:
 Â  Â  Â  Â % make -C /usr/ports/sysutils/nagios-statd -V PATCH_WRKSRC
 Â  Â  Â  Â 
 /stable/usr/obj/usr/ports/sysutils/nagios-statd/work/nagios-statd-3.12

 - Patches are automatically applied if they reside in the port's notion of
 PATCHDIR and are named patch-*
 - You can find out this directory by running:
 Â  Â  Â  Â %make -C /usr/ports/category/portname -V PATCHDIR
 Â The default is $.CURDIR/files.
 Â Example:
 Â  Â  Â  Â % make -C /usr/ports/sysutils/nagios-statd -V PATCHDIR
 Â  Â  Â  Â /usr/ports/sysutils/nagios-statd/files

 - In order to apply a new patch after you have previously gone past the patch
 stage (configure, build, install), either run make clean or:
 Â  Â  Â  Â % rm $(make -C /usr/ports/category/portname -V PATCH_COOKIE)
 Â The above can cause problems, with the build. The normal course of action 
 is
 to make clean.
 
 Excellent. I will be trying this tomorrow - I'm leaving work early
 today to get some things taken care of.

Kurt,

I had to leave rather hastily the other day, but I did test the patch,
and it worked ok. If this is a one-off thing, here is how I did it:

# cd /usr/ports/category/program
# make clean
# ee source.patch (pasted the patch in)
# make configure (which preps the source)
# cd work/progname
# patch  ../../source.patch
# cd ../..
# make
# make install

All worked well.

Steve



smime.p7s
Description: S/MIME Cryptographic Signature

Re: Another uptime story

[Steve Bertrand]

Chris Rees wrote:
 2009/5/27 Glen Barber glen.j.bar...@gmail.com:
 On Tue, May 26, 2009 at 11:23 PM, Polytropon free...@edvax.de wrote:
 Maybe there's a way of patching the uptime utility that it adds
 the previous uptime of the system (since last shutdown) to the
 actual uptime. I know this denies everything uptime stands for,
 let's call it accumulated uptime. :-)

 I like that idea, actually.. Not for faking cumulative uptime.  It'd
 be kinda nice knowing how long a particular machine has been 'alive'
 without looking through service tag records.

 --
 Glen Barber
 
 How about:
 
 [ch...@amnesiac]~% ls -l /etc/ssh/ssh_host_key.pub
 -rw-r--r--  1 root  wheel  324 Apr 15  2008 /etc/ssh/ssh_host_key.pub
 [ch...@amnesiac]~%
 
 I think I'd cry if I were to lose 553 days of uptime

Not really a biggie, I've got another test box right behind it ;)

ww9# uptime
 9:09AM  up 501 days, 22:20, 1 user, load averages: 0.00, 0.00, 0.00

Due to network restructuring, the test hardware will be coming out...

Steve


smime.p7s
Description: S/MIME Cryptographic Signature

Re: Another uptime story

[Steve Bertrand]

Glen Barber wrote:
 On Wed, May 27, 2009 at 9:56 AM, Steve Bertrand st...@ibctech.ca wrote:
 Not really a biggie, I've got another test box right behind it ;)

 ww9# uptime
  9:09AM  up 501 days, 22:20, 1 user, load averages: 0.00, 0.00, 0.00

 Due to network restructuring, the test hardware will be coming out...

 
 Steve,
 
 Just out of curiosity, what function did 'radius' serve?

RADIUS ;)

...for a local setup of wireless hotspots (freeradius was current on the
box).

One of many.

Steve



smime.p7s
Description: S/MIME Cryptographic Signature

Re: something broke last night. www.freebsd.org offline?

[Steve Bertrand]

Michael Scheidell wrote:
 none of my freebsd systems can surf to www.freebsd.org anymore.
 
 host www.freebsd.org
 www.freebsd.org has address 69.147.83.33
 www.freebsd.org has IPv6 address 2001:4f8:fff6::21
 www.freebsd.org mail is handled by 0 .
 mx1.slpowers.com.ionspam.net# host -t a  www.freebsd.org
 www.freebsd.org has address 69.147.83.33
 
 
 lynx does this (as an example):
 
 socket failed: family 28 addr 2001:4f8:fff6::21 port 80.
 
 
 I don't have any of our servers or workstations compiled WITH_IPV6

Can you provide:

# netstat -rn
# ifconfig

...on one of the boxes?

I have no issues here:

pearl# telnet -6 freebsd.org 80
Trying 2001:4f8:fff6::28...
Connected to freebsd.org.
Escape character is '^]'.

...

pearl# telnet freebsd.org 80
Trying 69.147.83.40...
Connected to freebsd.org.
Escape character is '^]'.

Also, after a quick look, it would be handy if you could flush your DNS
cache and try again. The IPs I get for FreeBSD.org are different than
those in your example. Perhaps they changed, and your DNS has not
updated yet.

Steve


smime.p7s
Description: S/MIME Cryptographic Signature

Re: something broke last night. www.freebsd.org offline?

[Steve Bertrand]

Michael Scheidell wrote:
 
 
 Steve Bertrand wrote:
 Michael Scheidell wrote:
   
 none of my freebsd systems can surf to www.freebsd.org anymore.
 
   
 ah. I see problem.. you didn't look up the host I documented.
 
 freebsd.org is different then www.freebsd.org

D'oh!

In that case then, it doesn't work for me either, v4 or v6.

Sorry for the noise.

Steve


smime.p7s
Description: S/MIME Cryptographic Signature

Re: Fwd: Patching? Probably a trivial question, but...

[Steve Bertrand]

Kurt Buff wrote:
 On Wed, May 27, 2009 at 09:23, Wojciech Puchar
 woj...@wojtek.tensor.gdynia.pl wrote:
 with name patch-something

 look at existing as an example
 That didn't seem to work.
 what exactly doesn't? could you please post error messages?
 
 There were no error messages.
 
 Then, being the incredibly brilliant person I am, I tried again, this
 time after taking the blindingly obvious step of deleting the 'work'
 directory.
 
 This seems to be a key part of the process.
 
 The patch doesn't install correctly, as the make process generates the
 following:
 
  HttpHeader.cc:127: error: 'ftSTr' was not declared in this scope
  *** Error code 1
 
 and halts after a few more errors, but at least that indicates that
 *something* is happening with the patch file.
 
 This smells like progress.

Can you post the patch, and I'll test it out here? (Forgive me if you've
done this and I missed it).

Steve


smime.p7s
Description: S/MIME Cryptographic Signature

Re: Fwd: Patching? Probably a trivial question, but...

[Steve Bertrand]

Kurt Buff wrote:
 On Wed, May 27, 2009 at 09:51, Steve Bertrand st...@ibctech.ca wrote:
 Can you post the patch, and I'll test it out here? (Forgive me if you've
 done this and I missed it).

 Steve

 
 Sent off-list.

Ok, got it.

I'm pretty much taking an easy day today to recover my broken -STABLE
ZFS system, so while I'm in discussion/learning about ZFS recovery in
regards to that problem, I'll give the patch a try on a couple of VMs
and see if I can help.

Steve



smime.p7s
Description: S/MIME Cryptographic Signature

Re: Fwd: Patching? Probably a trivial question, but...

[Steve Bertrand]

Kurt Buff wrote:
 On Wed, May 27, 2009 at 09:51, Steve Bertrand st...@ibctech.ca wrote:
 Can you post the patch, and I'll test it out here? (Forgive me if you've
 done this and I missed it).

 Steve

 
 Sent off-list.

Kurt, can you please provide:

# uname -a
- the default tag you use in your ports supfile, and the last time you
'sup'd the ports tree

Steve


smime.p7s
Description: S/MIME Cryptographic Signature

Re: Fwd: Patching? Probably a trivial question, but...

[Steve Bertrand]

Kurt Buff wrote:
 On Wed, May 27, 2009 at 11:02, Steve Bertrand st...@ibctech.ca wrote:
 Kurt Buff wrote:
 On Wed, May 27, 2009 at 09:51, Steve Bertrand st...@ibctech.ca wrote:
 Can you post the patch, and I'll test it out here? (Forgive me if you've
 done this and I missed it).

 Steve

 Sent off-list.
 Kurt, can you please provide:

 # uname -a
 - the default tag you use in your ports supfile, and the last time you
 'sup'd the ports tree

 Steve

 
 I csup'ed on May 13, if my examination of the file system is accurate
 - I noted the date on the relevant file in /usr/ports/distfiles.
 
 #uname -a
 FreeBSD squid.mycompany.com 7.0-STABLE FreeBSD 7.0-STABLE #0: Mon Jun
 30 17:27:53 PDT 2008
 r...@squid.mycompany.com:/usr/obj/usr/src/sys/GENERIC  i386

Ok. I'm building on both a 7.0-RELEASE, and a 7.2-RELEASE box, with
ports updated to nearly the same spec as yours.

Unfortunately, due to the racking overhaul we're doing in the
datacentre, my really good build boxes are shut down, so it's going to
take a bit longer ;)

Steve


smime.p7s
Description: S/MIME Cryptographic Signature

Re: FreeBSD Software RAID

[Steve Bertrand]

Howard Jones wrote:
 Wojciech Puchar wrote:
 you are right. you can't be happy of warm house without getting really
 cold some time :)

 that's why it's excellent that ZFS (and few other things) is included
 in FreeBSD but it's COMPLETELY optional.

 Well, I switched from the heater that doesn't work and is poorly
 documented (gvinum) to the one that does and  is (zfs, albeit mostly
 documented by Sun), and so far I am warm :-)
 
 Once I'd increased kmem, at least. I did get a panic before that, but
 now I am shuffling data happily and slightly faster than gvinum did, and
 memory has levelled off at about 160MB for zfs. I'll be keeping my
 previous hardware RAID in one piece for a little while though, I think,
 just in case! (old Adaptec card with a 2TB limit on containers).

I moved my AMANDA tapeless backup system to ZFS well over a year ago.
It's got four 500GB SATA drives.

At first, it would panic frequently sometime during the backup. The
backups peak at ~400Mbps of network traffic. I adopted the following
script to write out the memory usage during the backup, so I could
better tune the system (sorry, I can't recall where I found this code snip):

#!/bin/sh

TEXT=`/sbin/kldstat | /usr/bin/awk 'BEGIN {print 16i 0;} NR1 \
{print toupper($4) +} END {print p}' | dc`

DATA=`/usr/bin/vmstat -m | sed -Ee \
'1s/.*/0/;s/.* ([0-9]+)K.*/\1+/;$s/$/1024*p/' | dc`

TOTAL=$((DATA + TEXT))
DATE=`/bin/date | awk '{print $4}'`

/bin/echo $DATE `/bin/echo $TOTAL | \
/usr/bin/awk '{print $1/1048576}'`  /home/steve/mem.usage

Cronned every minute, I'd end up with a file like this:

19:16:01 500.205
19:17:02 485.699
19:18:01 474.305
19:19:01 473.265
19:20:01 471.874
19:21:02 471.94

...the next day, I'd be able to review this file to see what the memory
 usage was at the time of the panic/reboot.

I found that:

vm.kmem_size=1536M
vm.kmem_size_max=1536M

made the system extremely stable, and since then:

amanda# uptime
 9:01AM  up 81 days, 17:06,

I'm about to upgrade the system to -STABLE today...

Steve


smime.p7s
Description: S/MIME Cryptographic Signature

Another uptime story

[Steve Bertrand]

...unfortunately, due to re-racking and upgrade requirements, I have to
pull the plug. There is nothing hidden or obfuscated in my output, and I
am not ashamed of that.

Just a little bit of sadness of having to 'down' it, given this uptime
in my relatively hostile environment. *sigh*

I know this usually generates flames, but in the past, I've seen these
types of messages do more good than harm.

Someone have a beer for me as I watch my personal uptime record go bye-bye:

radius# uptime
11:01PM  up 553 days, 13:38, 1 user, load averages: 0.00, 0.00, 0.00

radius# date
Tue May 26 23:01:37 EDT 2009

radius# uname -a
FreeBSD radius.eagle.ca 6.2-RELEASE-p5 FreeBSD 6.2-RELEASE-p5 #0: Thu
Jun 14 15:16:10 EDT 2007
r...@radius.eagle.ca:/usr/obj/usr/src/sys/RADIUS  i386

...and for archive purposes:

radius# cat /var/run/dmesg.boot

Copyright (c) 1992-2007 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 6.2-RELEASE-p5 #0: Thu Jun 14 15:16:10 EDT 2007
r...@radius.eagle.ca:/usr/obj/usr/src/sys/RADIUS
ACPI APIC Table: D845WD WD84510A
Timecounter i8254 frequency 1193182 Hz quality 0
CPU: Intel(R) Pentium(R) 4 CPU 1.50GHz (1495.16-MHz 686-class CPU)
  Origin = GenuineIntel  Id = 0xf12  Stepping = 2

Features=0x3febfbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM
real memory  = 1073479680 (1023 MB)
avail memory = 1041477632 (993 MB)
ioapic0: Changing APIC ID to 2
ioapic0 Version 2.0 irqs 0-23 on motherboard
kbd1 at kbdmux0
acpi0: D845WD WD84510A on motherboard
acpi0: Power Button (fixed)
Timecounter ACPI-fast frequency 3579545 Hz quality 1000
acpi_timer0: 24-bit timer at 3.579545MHz port 0x408-0x40b on acpi0
cpu0: ACPI CPU on acpi0
acpi_button0: Power Button on acpi0
acpi_button1: Sleep Button on acpi0
pcib0: ACPI Host-PCI bridge port 0xcf8-0xcff on acpi0
pci0: ACPI PCI bus on pcib0
agp0: Intel 82845 host to AGP bridge mem 0xf800-0xfbff at
device 0.0 on pci0
pcib1: PCI-PCI bridge at device 1.0 on pci0
pci1: PCI bus on pcib1
pcib2: ACPI PCI-PCI bridge at device 30.0 on pci0
pci2: ACPI PCI bus on pcib2
fxp0: Intel 82550 Pro/100 Ethernet port 0xde80-0xdebf mem
0xfeafc000-0xfeafcfff,0xfea8-0xfea9 irq 18 at device 12.0 on pci2
miibus0: MII bus on fxp0
inphy0: i82555 10/100 media interface on miibus0
inphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp0: Ethernet address: 00:07:e9:9c:df:f3
fxp1: Intel 82550 Pro/100 Ethernet port 0xdd80-0xddbf mem
0xfeafb000-0xfeafbfff,0xfea4-0xfea5 irq 19 at device 13.0 on pci2
miibus1: MII bus on fxp1
inphy1: i82555 10/100 media interface on miibus1
inphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp1: Ethernet address: 00:07:e9:9c:df:f4
atapci0: Promise PDC20267 UDMA100 controller port
0xdff0-0xdff7,0xdfe4-0xdfe7,0xdfa8-0xdfaf,0xdfe0-0xdfe3,0xdf00-0xdf3f
mem 0xfeaa-0xfeab irq 22 at device 14.0 on pci2
ata2: ATA channel 0 on atapci0
ata3: ATA channel 1 on atapci0
pci2: display, VGA at device 15.0 (no driver attached)
isab0: PCI-ISA bridge at device 31.0 on pci0
isa0: ISA bus on isab0
atapci1: Intel ICH2 UDMA100 controller port
0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xffa0-0xffaf at device 31.1 on pci0
ata0: ATA channel 0 on atapci1
ata1: ATA channel 1 on atapci1
uhci0: Intel 82801BA/BAM (ICH2) USB controller USB-A port
0xef40-0xef5f irq 19 at device 31.2 on pci0
uhci0: [GIANT-LOCKED]
usb0: Intel 82801BA/BAM (ICH2) USB controller USB-A on uhci0
usb0: USB revision 1.0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
pci0: serial bus, SMBus at device 31.3 (no driver attached)
uhci1: Intel 82801BA/BAM (ICH2) USB controller USB-B port
0xef80-0xef9f irq 23 at device 31.4 on pci0
uhci1: [GIANT-LOCKED]
usb1: Intel 82801BA/BAM (ICH2) USB controller USB-B on uhci1
usb1: USB revision 1.0
uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
atkbdc0: Keyboard controller (i8042) port 0x60,0x64 irq 1 on acpi0
atkbd0: AT Keyboard irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
fdc0: floppy drive controller port
0x3f0-0x3f1,0x3f2-0x3f3,0x3f4-0x3f5,0x3f7 irq 6 drq 2 on acpi0
fdc0: [FAST]
fd0: 1440-KB 3.5 drive on fdc0 drive 0
sio0: 16550A-compatible COM port port 0x3f8-0x3ff irq 4 flags 0x10 on
acpi0
sio0: type 16550A
sio1: 16550A-compatible COM port port 0x2f8-0x2ff irq 3 on acpi0
sio1: type 16550A
ppc0: Standard parallel printer port port 0x378-0x37f irq 7 on acpi0
ppc0: Generic chipset (EPP/NIBBLE) in COMPATIBLE mode
ppbus0: Parallel port bus on ppc0
pmtimer0 on isa0
orm0: ISA Option ROMs at iomem
0xc-0xc7fff,0xc8000-0xc8fff,0xc9000-0xd17ff,0xd1800-0xd27ff,0xd2800-0xd37ff
on isa0
sc0: System console at flags 0x100 on isa0
sc0: VGA 16 virtual consoles, flags=0x300
vga0: 

Re: Another uptime story

[Steve Bertrand]

Polytropon wrote:
 On Tue, 26 May 2009 23:14:10 -0400, Steve Bertrand st...@ibctech.ca wrote:
 ...unfortunately, due to re-racking and upgrade requirements, I have to
 pull the plug. There is nothing hidden or obfuscated in my output, and I
 am not ashamed of that.
 
 Maybe there's a way of patching the uptime utility that it adds
 the previous uptime of the system (since last shutdown) to the
 actual uptime. I know this denies everything uptime stands for,
 let's call it accumulated uptime. :-)

Nah, uptime is uptime. Uptime was never my intention, it just worked.
There have been times recently where the re-racking needed to be done,
but I wasn't able to get it pulled off. Once it's down, thats it.

 Just a little bit of sadness of having to 'down' it, given this uptime
 in my relatively hostile environment. *sigh*
 
 What makes it hostile?

Small ISP, single 240V electrical supply, enough battery for
not-so-long, having to scramble to get the generator in place, etc etc.

 radius# uptime
 11:01PM  up 553 days, 13:38, 1 user, load averages: 0.00, 0.00, 0.00
 
 Can't you wait two days more? Just 48 hours? Then you would
 finish with an uptime of 555 days. Just think about how it
 would be to finish with an uptime of 666 days, of course at
 6:66 o'clock. =^_^=

...nah, no waiting. I'm not interested in any prestige whatsoever. I
just wanted to share my grief with the rest of the crew on the list ;)

Steve


smime.p7s
Description: S/MIME Cryptographic Signature

Re: Another uptime story

[Steve Bertrand]

Steve Bertrand wrote:

[..snip..]

 Just a little bit of sadness of having to 'down' it, 

[..snip..]

radius# uptime
 1:19AM  up 553 days, 15:56, 1 user, load averages: 0.00, 0.00, 0.00

:(

radius# halt


smime.p7s
Description: S/MIME Cryptographic Signature

Do not copy kernel to kernel.old

[Steve Bertrand]

Hi all,

Many of my routers boot/run from a USB thumb stick. To upgrade these
routers, I dd the device onto another one, pop the backup into a build
machine, and do the normal build*/install* with a DESTDIR parameter.

If the upgraded device does not boot (due to kernel problems), I just
wipe it clean and start over.

Having a kernel.old in this case is a waste of time and of space. Is
there any parameter I can tell the build process to ensure that the
kernel.old work does not get done?

Steve


smime.p7s
Description: S/MIME Cryptographic Signature

Re: Do not copy kernel to kernel.old

[Steve Bertrand]

Lowell Gilbert wrote:
 Steve Bertrand st...@ibctech.ca writes:
 
 Many of my routers boot/run from a USB thumb stick. To upgrade these
 routers, I dd the device onto another one, pop the backup into a build
 machine, and do the normal build*/install* with a DESTDIR parameter.

 If the upgraded device does not boot (due to kernel problems), I just
 wipe it clean and start over.

 Having a kernel.old in this case is a waste of time and of space. Is
 there any parameter I can tell the build process to ensure that the
 kernel.old work does not get done?
 
 Did you look at the makefiles or build(7)?  

No. I was not in the vicinity of a machine to do that at the time of my
post.

I was hoping to get the info for later, when I need to do the builds,
which you provided:

 reinstallkernel was what you were
 looking for.

Thanks!

Steve


smime.p7s
Description: S/MIME Cryptographic Signature

Re: How to recover disk space after filesystem full

[Steve Bertrand]

Luke Dean wrote:
 
 Yes, it sounds like a stupid question, but let me tell the story.
 
 The log for my dhcp server filled up /var last night, which meant that
 dhcpd was also unable to hand out new leases, which meant that I had
 effectively been DOSed.  I'll have to look into changing my logging
 policies.
 
 So, to correct the problem, I log into the router, removed the big
 log and several other files in /var to free up some space, and assumed
 this would correct the problem.
 
 It did not.
 Several minutes after freeing up a lot of space on /var, I continued
 to get filesystem full messages and df continued to show the
 capacity at 100%.  I checked df -i for the inodes too.  That was
 fine.  I ran a quick fsck to see if that might shock the system into
 seeing all the space that I'd freed up, but no good.
 
 I ended up rebooting the box.
 
 Was there any other possible solution I could've tried?

You have to restart the service that was holding the log file(s) open.
The system does not release the space while an application is 'using'
the file, even after it's been deleted.

 Why wouldn't the free space immediately appear as free?

Because technically, the space is not freed. lsof will help identify
which process(es) are holding a particular file open, if you see that
disk space is not recovered as expected after deletion:

# pkg_add -r lsof

pearl# lsof | grep auth.log

syslogd 850 root   15wVREG  0,127  75199  237484
/var/log/auth.log

Steve


smime.p7s
Description: S/MIME Cryptographic Signature

Re: jail's adjkerntz

[Steve Bertrand]

alexus wrote:

 what's weird is that i didn't get 'em before and now I do...

Given all that you've ignored already, does that mean that:

a) you knew about facts in your current implementation that failed
recently in an upgrade

b) you neglected to upgrade your documentation throughout the procedure

c) you assume that the *manual* will have everything. I'm sure you've
read it thoroughly.

d) you are prepared to provide everyone on this list with the fact that
your Apache server is pretty much wide open...

It's more important to understand TFM than it is to read it.

Coin and understand that phrase... UTFM...

- stevieb


smime.p7s
Description: S/MIME Cryptographic Signature

Re: net-snmp and IPv6 MIB

[Steve Bertrand]

Aurélien Ansel wrote:
 Hi all,
 
 sorry in advance for my bad english.
 
 I think i have a problem with the MIB of IPv6.
 
 I have installed the last port of net-snmp.
 
 Can someone give the result of this request, it must be send to a
 computer with a smp daemon and at least one interface with an IPv6 address.
snmpwalk -v 2c -c community_name IP_OF_SNMP_SERVER 
 .1.3.6.1.2.1.4.34
 
 On my FreeBSD 7.1, this command give me : IP-MIB::ipAddressTable = No
 Such Object available on this agent at this OID
 But if I execute this command on a Ubuntu with IPv6 addresses and
 net-snmpd running that return a lot of results, in particulary the list
 of IPv6 addresses linked to the machine ( it's what i'm looking for ).
 
 So i don't know if the problem come from my computer or from the port.

It looks like it may be the port. None of my SNMP enabled boxes display
the IPv6 addresses of the interface either (I've never noticed, as I
don't use SNMP for that ;)

However, in the Makefile, I noticed this:

@${ECHO_MSG} WITH_INETADDRESS_HACK=yes builds with the inetaddress hack

Which I read somewhere by searching Google that it has something to do
with 'fixing' the IPv6 address issue. Put:

WITH_INETADDRESS_HACK=yes

in your /etc/make.conf file, and try rebuilding the port.

Let us know if that fixes it.

Steve




smime.p7s
Description: S/MIME Cryptographic Signature

Re: BGP

[Steve Bertrand]

Michael K. Smith - Adhost wrote:
 is there a way to have FreeBSD work as BGP router and/or at least
 failover between 2 different ISPs?

 I, as some random guy on the Internet, would recommend Quagga and, yes, it 
 will work with 2+ ISP's on single device (server).  It's well established and 
 in use for transit-facing Internet connections.

I, also as some random guy on the Internet, concur with Mike.

I've got numerous FreeBSD/Quagga boxes that have dozens of BGP sessions,
peering and transit.

The primary reason I chose Quagga was it's similarity with Cisco in
regards to the CLI (and it works with RANCID).

If you want true failover between two ISPs, you want BGP.

Steve


smime.p7s
Description: S/MIME Cryptographic Signature

Re: Licensing

[Steve Bertrand]

Chad Perrin wrote:

[..huge snip..]

 I hope you get some value from my rambling.

I have gained very much value from what everyone has had to say, and I
want to thank everyone.

Although I have very much reading to do, I've come to a few conclusions
thus far.

One thing that did not cross my mind prior was regarding the comments
Chad made, use in media other than within the programming scope itself.

FYI, almost all of my apps are for systems/network management and
automation. I've written an application that bridges our wireless
hotspots to our payment bank site (the bank supplied me a Perl module),
through to radius, and with an expiry method to automatically remove the
users so that the entire process is hands off.

Most of my code would have to be changed to make it generic and not so
site specific before being put out there. Being that I'm not really a
programmer, having my code out there for peer review would make it much,
much better if it was useful. (I'd probably be on the receiving end of
finger pointing and laughing, but that's ok ;)

Thanks all!

Steve



smime.p7s
Description: S/MIME Cryptographic Signature

Re: /etc/ttys

[Steve Bertrand]

Ian Fitzgerald wrote:
 Dumb question because of dumb action: can anyone point me to a place
 where I can find a copy of /etc/ttys? - suitable for FreeBSD v7.2

In it's entirety:

http://ibctech.ca/ttys

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Licensing

[Steve Bertrand]

I've got a question that is likely not suited for this list, but I know
that there are people here who can guide me off-list.

Being a network engineer, I'm far from a developer. With that said, I've
written numerous network automation programs (mostly in Perl), and have
developed several small patches for software written in C related to ISP
operations (including the OS itself).

I'm looking for advice on how I can take all of my code, and license it
into the public domain. I'm sure that most people won't have any
interest in it, but I really want to ensure that what I have done is
freely accessible.

All of my code is pretty well separated into different files that
contain different functions, so isolating portions of my programs that
use modules or functions that are external is not a problem.

GPL seems too verbose legally for me. Can the BSD license fit into any
code, no matter what language it is in, and if so, can I have my code
overlooked by someone who can verify that the BSD license will fit?

Steve


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Configuring an IPv6 router to assign addresses

[Steve Bertrand]

af300...@gmail.com wrote:
 On May 6, 2009 8:56am, John Nielsen li...@jnielsen.net wrote:
 On Wednesday 06 May 2009 10:39:24 am Odhiambo $B%o%7%s%H%s(B wrote:
 
 
 Is there a reason you need to control the addresses used by your clients
 
 (other than the prefix)? I set up IPv6 on my LAN and while I have DHCPd
 
 running on the router for IPv4 addresses rtadvd is all I needed for IPv6.
 
 Clients assign themselves addresses based on the network prefix they
 
 learn from route solicitation and their own MAC address. That's supposed
 
 to be one of the reduced administration benefits of the new
 
 protocol. :)
 
 
 Thanks for reminding me of the flow in which this happens. Seems like I,
 at sometime, got the idea that it was the router that dished back a
 unique IP based on clients MAC and so forth. However, it seems to me now
 that the router was only supposed to dish out the prefix, ie network id,
 and the client would take that prefix and generate a unique IP based on
 its MAC.

Have a peruse of this RFC (stateless autoconfig):

http://www.ietf.org/rfc/rfc4862.txt

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Quagga problem

[Steve Bertrand]

Bc. Radek Krejca wrote:
 Hello,
 
   starting this day I have problem with quagga, I get this messages
   in my log:
 
 May  3 19:15:36 gw bgpd[7225]: Assertion `len  str_size' failed in file 
 bgp_aspath.c, line 619, function aspath_make_str_count
 May  3 19:15:36 gw kernel: pid 7225 (bgpd), uid 101: exited on signal 6
 May  3 19:15:36 gw bgpd[7225]: No backtrace available on this platform.
 
I have latest verison of port quagga, I looks as bug in quagga,
but I dont know. Do you have any idea for solution?

Here is a link to a patch within the Quagga code base that resolves this
issue:

http://tinyurl.com/c8alza

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: bsnmpd vs net-snmp

[Steve Bertrand]

Maxim Khitrov wrote:
 On Wed, Apr 29, 2009 at 8:35 PM, Brandon Weisz li...@avioc.org wrote:

 I cant speak to the documentation, but this seems to limit it to listening
 on a single address:

 Example..

 # open standard SNMP ports
 begemotSnmpdPortStatus.192.168.2.254.161 = 1
 
 Thanks, but I tried this already. It causes bsnmpd to listen on the
 given IP as well, but doesn't remove the *:* entry:
 
 r...@gw1 [/root]# sockstat -l4
 USER COMMANDPID   FD PROTO  LOCAL ADDRESS FOREIGN ADDRESS
 root bsnmpd 61251 4  udp4   *:*   *:*
 root bsnmpd 61251 5  udp4   127.0.0.1:161 *:*
 
 The author suggested using begemotSnmpdPortTable.0.0.0.0.161 = 1 and
 change the IP there, but this causes the following error:
 
 Apr 30 08:59:59 gw1 snmpd[78798]: unknown variable
 Apr 30 08:59:59 gw1 snmpd[78798]:   in file /usr/local/etc/bsnmpd.conf line 20
 Apr 30 08:59:59 gw1 snmpd[78798]: error in config file

Here's how I limit to a single address:

host := 208.70.106.1

# open standard SNMP ports
begemotSnmpdPortStatus.[$(host)].161 = 1
begemotSnmpdPortStatus.127.0.0.1.161 = 1

# netstat -na | grep 161
udp4   0  0  208.70.106.1.161   *.*
udp4   0  0  127.0.0.1.161  *.*

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: bsnmpd vs net-snmp

[Steve Bertrand]

Maxim Khitrov wrote:
 On Thu, Apr 30, 2009 at 9:20 AM, Steve Bertrand st...@ibctech.ca wrote:
 Maxim Khitrov wrote:
 On Wed, Apr 29, 2009 at 8:35 PM, Brandon Weisz li...@avioc.org wrote:
 I cant speak to the documentation, but this seems to limit it to listening
 on a single address:

 Example..

 # open standard SNMP ports
 begemotSnmpdPortStatus.192.168.2.254.161 = 1
 Thanks, but I tried this already. It causes bsnmpd to listen on the
 given IP as well, but doesn't remove the *:* entry:

 r...@gw1 [/root]# sockstat -l4
 USER Â  Â  COMMAND Â  Â PID Â  FD PROTO Â LOCAL ADDRESS Â  Â  Â  Â  FOREIGN 
 ADDRESS
 root     bsnmpd     61251 4  udp4   *:*                   *:*
 root     bsnmpd     61251 5  udp4   127.0.0.1:161         *:*

 The author suggested using begemotSnmpdPortTable.0.0.0.0.161 = 1 and
 change the IP there, but this causes the following error:

 Apr 30 08:59:59 gw1 snmpd[78798]: unknown variable
 Apr 30 08:59:59 gw1 snmpd[78798]: Â  in file /usr/local/etc/bsnmpd.conf 
 line 20
 Apr 30 08:59:59 gw1 snmpd[78798]: error in config file
 Here's how I limit to a single address:

 host := 208.70.106.1

 # open standard SNMP ports
 begemotSnmpdPortStatus.[$(host)].161 = 1
 begemotSnmpdPortStatus.127.0.0.1.161 = 1

 # netstat -na | grep 161
 udp4 Â  Â  Â  0 Â  Â  Â 0 Â 208.70.106.1.161 Â  Â  Â  *.*
 udp4 Â  Â  Â  0 Â  Â  Â 0 Â 127.0.0.1.161 Â  Â  Â  Â  Â *.*
 
 Doesn't work for me, the grep command removes *:* entry from the output:
 
 r...@gw1 [/root]# netstat -an
 Active Internet connections (including servers)
 Proto Recv-Q Send-Q  Local Address  Foreign Address(state)
 udp4   0  0 127.0.0.1.161  *.*
 udp4   0  0 *.**.*
 snip
 
 The 127.0.0.1 entry is added with
 begemotSnmpdPortStatus.127.0.0.1.161 = 1, but the other entry is
 always there. Turn the daemon on and off to verify that it's bsnmpd
 (or use sockstat).

I see now what you are saying:

# sockstat -l4

root bsnmpd 2857  5  udp4   *:*   *:*
root bsnmpd 2857  6  udp4   127.0.0.1:161 *:*
root bsnmpd 2857  7  udp4   208.70.106.1:161  *:*

I don't think I've ever seen a *.* in the local addr field before.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: bsnmpd vs net-snmp

[Steve Bertrand]

Maxim Khitrov wrote:
 Hello all,
 
 I'm setting up a firewall and would like to monitor certain system
 parameters like network, cpu, and memory usage. SNMP is an obvious
 choice to do the monitoring and I'm planning to set up rrdtool to
 generate graphs of captured data. The question is what SNMP agent to
 use. I found net-snmp and bsnmpd (which is included in the base
 system). Has anyone here used both implementations, and if so, what
 are the basic differences?

I use bsnmpd, because I couldn't measure 64-bit counters otherwise.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: bsnmpd vs net-snmp

[Steve Bertrand]

Steve Polyack wrote:
 Steve Bertrand wrote:
 Maxim Khitrov wrote:
  
 Hello all,

 I'm setting up a firewall and would like to monitor certain system
 parameters like network, cpu, and memory usage. SNMP is an obvious
 choice to do the monitoring and I'm planning to set up rrdtool to
 generate graphs of captured data. The question is what SNMP agent to
 use. I found net-snmp and bsnmpd (which is included in the base
 system). Has anyone here used both implementations, and if so, what
 are the basic differences?
 

 I use bsnmpd, because I couldn't measure 64-bit counters otherwise.

   
 net-snmp has no problems providing 64-bit counters (interface and
 disk).  You must build it with -DWITH_MFD_REWRITES (passes
 --with-mfd-rewrites to ./configure).  I do not know why this is not the
 default.  It works just fine.  I also have a PR open to make this define
 a ports 'make config' option (therefore a persistent setting), but the
 maintainer has ignored this.

I did not know this.

Thanks for the heads-up!

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Banwidth limited to 800kb per connection

[Steve Bertrand]

Wojciech Puchar wrote:

 When downloading files over FTP (proftpd) or HTTP (apache 2.2) I only
 get about 800kb/s, uploading seems to have the same limit (couldn't
 test it really, as my line stops at abount 860kb/s). When I start
 multiple downloads, I get 800kb/s for each transfer, up to about
 5000kb/s, which is the limit of my downstream at home.

 Is there some kind of traffic shaping or QOS somewhere?

 
 or ethernet autonegotiation problems  - one side gets full duplex other
 half duplex.

I agree.

Check the interface on the device that connects into their network. You
will likely see all sorts of interface errors.

Try having them force to 100/Full, and you do the same at your end.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: mail server/webmail

[Steve Bertrand]

Frederique Rijsdijk wrote:
 Liontaur wrote:
 Hi folks, I was searching around but i'm not quite sure what i'm looking
 for. I want to have a program that gets the mail from my ISP mail server
 (pop), stores the mail permanently, allows me webmail access, and also
 lets
 me grab the mail with a mail client (Outlook Express). I'd like to be
 able
 to sync the mail with outlook express also. Like if I send a mail over
 webmail, that sent mail will also go into the sent box in outlook
 express,
 or conversly, perhaps store all the mail on the server and have outlook
 express just show the folders and contents stored on the server. But i'd
 have to somehow upload all of the mail currently in my outlook
 express. I'll
 also need some kind of spam functionality as I get a sizable amount of
 spam.
 Currently I use K9 for spam and I quite like it.
 I guess you could start to look in the area of:
 
 - /usr/ports/mail/fetchmail (to fetch/store the mail)
 - /usr/ports/mail/dovecot (for access to the mail via imap)
 - /usr/ports/mail/squirremail or roundcube (webmail w/ imap)
 - /usr/ports/www/apache22 for the webmail
 
 As you're then using IMAP, any client that connects to dovecot will get
 the same set of mailfolders (sync).

If one is going that far, I'd recommend:

http://www.thenetworkpeople.biz/internet/mail/toaster/

I've been using them for many years, for thousands of accounts across
hundreds of domains, and it just works.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Freebsd Built-in vacation program does not auto reply

[Steve Bertrand]

Odhiambo Washington wrote:
 On Fri, Apr 17, 2009 at 6:00 AM, lyd mc alydi...@yahoo.com wrote:
 
 Hi guys,

 Why Freebsd built-in vacation program (/usr/bin/vacation) does not auto
 reply?

 I am using fresh installed Freebsd7.0 and 7.1. here is my configs.

 Under the home directory of the user (alydio.mc)

 .forward
 \alydio.mc, |/usr/bin/vacation alydio.mc

 .vacation.msg
Subject: On vacation message
From: alydio...@mydomain.com
I'm on vacation and will not be reading my mail for a while.
   Your mail will be dealt with when I return.
 .
 from postfix/sendmail logs:

 ...sniff
  (delivered to command: /usr/bin/vacation alydio.mc)

 after this nothing will happened... no errors no warnings...

 However the one I installed from ports (/usr/local/bin/vacation) works
 fine.


 I want to use the freebsd base vacation program.
 
 
 Did you read the man page fully and understand it?
 Did you initialize the vacation database?
 Have you tried to run it in debug mode?
 Try RTFM again and see if you could figure out the problem yourself.

Wow... wait a sec...

I recall years ago having to deal with 'vacation' messages along with
sendmail, and with thousands of users, I hated doing it manually.
Perhaps a ``how I do it'' is warranted here.

It is quite apparent that the OP has RTFM, _and_ tried to work it out
for himself...

Off the top of my head, here is what I had to do to create a vacation
message. Perhaps sendmail folk could help me out here:

Run the following command to initialize the vacation db:

# vacation -i

...now, put your content into a file called .vacation.msg in the
user's home directory. The data could resemble something like this:

From: m...@email.address (Steve Bertrand)
Subject: Out of office
Delivered-By-The-Graces-Of: The Vacation program
Precedence: bulk

I will be out of the office for the rest of my life. Contact someone who
cares until I decide I come back.

...then, in a file named .forward within the users home directory, put:

\username, | /path/to/vacation username

...as far as I recall, this should kick the vacation program into gear.

Steve






___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Copying files without scp

[Steve Bertrand]

A. Wright wrote:
 On Tue, 7 Apr 2009, Steve Bertrand wrote:
 
 Can someone recommend a *known good* production quality copy mechanism
 that will act like scp, but without the overhead? rsh? nc?
 
 If you are happy with rsh authentication, then have you looked at
 plain old rcp?

I reviewed carefully all feedback I received, and since then, I loosely
benchmarked my options.

After all was said and done, using SSH, I found:

- across the 100Mbps infrastructure, I could copy at 89Mbps
- across the Gi infrastructure, I could copy at ~770Mbps

My concern (I found) was coming from my Windows workstation. I was using
a Windows binary version of SCP that is clearly lacking somewhere in the
stack. FBSD to FBSD produced the above results. The 100Mb infrastructure
hops one router and two switches, and the gig makes a hop across one
edge router, a core router, and three switches.

When I can get 75-90% line rate encrypted, I'll stay with that.

I do appreciate all the feedback, as always ;)

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: from very early this morning...

[Steve Bertrand]

Gary Kline wrote:

[...big snip...]

   if i've made any sense so far, great!  if not,i'm open for
   questions.  i'm also open for suggestions on how to alter this
   network configuration.  
 
   thanks for reading this far.
 
   gary
 
 
 It might be simplest to replace my firewall and my server with
 low-energy-usage i386 computers; is there a better way?

What are your requirements for your network ie. are you requiring any
fancy trickery, or is this simply trying to NAT a couple of machines
behind an ADSL connection?

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: questions about Fatal Trap 12

[Steve Bertrand]

Glen Barber wrote:
 On Tue, Apr 14, 2009 at 5:23 PM, Ray r...@stilltech.net wrote:
 I Just had the power supply die on this machine. Could  a failing power 
 supply
 cause this type of issues?
 
 Absolutely.

Seconded. Power supply issues have caused me this kind of grief more
times than memory has over the years.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Copying files without scp

[Steve Bertrand]

Hi all,

To copy data from one server, I normally (always) use scp.

I'm looking for a method to perform this copy task without the overhead
of encryption for infrequent, high-volume transfers (hundreds to
thousands of GB).

The data will be transferred server-to-server within a private datacentre.

Can someone recommend a *known good* production quality copy mechanism
that will act like scp, but without the overhead? rsh? nc?

I recall a thread not too long ago regarding this, but I'd like to have
a simple working example if possible, without getting into detail why
one shouldn't transfer data unencrypted.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Copying files without scp

[Steve Bertrand]

Doug Hardie wrote:
 
 On Apr 7, 2009, at 16:13, Steve Bertrand wrote:
 
 Hi all,

 To copy data from one server, I normally (always) use scp.

 I'm looking for a method to perform this copy task without the overhead
 of encryption for infrequent, high-volume transfers (hundreds to
 thousands of GB).

 The data will be transferred server-to-server within a private
 datacentre.

 Can someone recommend a *known good* production quality copy mechanism
 that will act like scp, but without the overhead? rsh? nc?
 
 In that environment you can use ftp just fine.  Make sure to restrict it
 to the local IP addresses.

Thanks, but I've never found a way to copy complete directories with FTP.

I'll need to copy entire multi-nested directory structures.

Do you have an example how to do this via FTP? (CLI-only).

Steve

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Copying files without scp

[Steve Bertrand]

Chuck Swiger wrote:
 On Apr 7, 2009, at 4:13 PM, Steve Bertrand wrote:
 I'm looking for a method to perform this copy task without the overhead
 of encryption for infrequent, high-volume transfers (hundreds to
 thousands of GB).

 The data will be transferred server-to-server within a private
 datacentre.

 Can someone recommend a *known good* production quality copy mechanism
 that will act like scp, but without the overhead? rsh? nc?
 
 Install /usr/ports/security/openssh-portable, and set the Enable
 HPN-SSH patch option.  You should then be able to use scp -c none
 option, which is documented more fully here:
 
   http://www.psc.edu/networking/projects/hpn-ssh/none.php
 
 You could also use rsync + rsyncd

Thanks Chuck,

I think I'll just go the rsync route. I'm very familiar with it. I don't
particularly want to install it on the boxes I'm concerned with
momentarily, but I know how it works.

Your other option seems intriguing, but I'd rather not install more
software on these boxes if possible.

I was hoping for a magical, don't have to install anything-type solution :)

Perhaps I left out an important piece... even though I'm copying
directory structures, in many cases the bulk of the data will be
contained within massively large individual files. (Hence why rsync
wasn't my original choice).

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: utility that scans lan for client?

[Steve Bertrand]

John Almberg wrote:
 I've tried googling for this, but I guess I don't know the name of a
 utility such as this...
 
 What I'm looking for is a utility that can scan a LAN for attached
 clients... i.e., computers that are attached to the LAN.
 
 I have one box (an appliance that I have no access to), that is on the
 LAN but I don't know what IP address it's using. I'd like to complete my
 network map, and that is the one empty box on my chart.
 
 Yes, I am obsessive :-)

...and it is ok to be such.

I suspect that you don't have a switch that can port 'mirror' or 'span'.
If you do, let us know.

Otherwise, if you *really* want to find out what is on your switched
Ethernet network, and nmap/arp etc. isn't enough, then I'd recommend an
application called 'ettercap'. It runs on the CLI, and a colleague also
has a nice GUI for it (under Linux) as well.

This will allow you to infiltrate the network at Layer-2 by arp
poisoning all connected devices, and intercepting all traffic.

Essentially, you perform a MitM, and you become the host (or in a small
environment the default gw) that the device is trying to talk to.

This way, you can find out not only what the host is, but what it is saying.

Please understand that this approach has significant side effects. You
can do extensive harm to your local network by using this approach, so
read up on it, and be careful. Know what you are doing, and know the
ramifications of simply disconnecting yourself from the network prior to
stopping the procedure. Not only that, but if you don't own control of
the switched environment, this is a very good way to get yourself
blocked completely from it.

This tactic, and port mirror/span/monitor are the easiest ways to know
what is really going on with regards to the wire (if you don't have
ACL's and other mitigation/protection strategies already in place).

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Stop all manner of periodic scripts from running

[Steve Bertrand]

Matthew Seaman wrote:
 Chuck Swiger wrote:
 On Mar 17, 2009, at 5:09 PM, Steve Bertrand wrote:
 Although SMTP is denied, I just realized that there are numerous
 messages from periodic scripts that are queued up that can't be sent.

 Can someone advise how to find out each and every periodic script that
 tries to send out email (given a standard install), and/or how to
 disable this?

 Besides the answer to disable sendmail listening on localhost,
 consider the following to /etc/periodic.conf:

 daily_clean_hoststat_enable=NO
 daily_status_mail_rejects_enable=NO
 daily_status_include_submit_mailq=NO
 daily_submit_queuerun=NO
 
 In answer to the principal question: just divert the periodic script
 output to a log file:
 
 daily_output=/var/log/daily.log
 daily_status_security_output=/var/log/daily.log
 weekly_output=/var/log/weekly.log
 monthly_output=/var/log/monthly.log
 
 You'll find those file names are already setup for appropriate log
 rotations in /etc/newsyslog.conf
 
 In the default install, the only things that generate e-mail are the
 periodic cron jobs, so this change should be all that is necessary.  If
 you have set up your own cron jobs, then you'll have to be careful to
 redirect all output /dev/null 21  or else set a MAILTO variable in
 each crontab directing any output to an address that won't send mail
 outside the specific box.  Perhaps something aliased to /dev/null even.

Thanks to all who responded.

Not only do the methods do what I wanted, I also have quite a bit of
flexibility.

Cheers!

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Booting freebsd 7.1 from Firewire or USB2 drive

[Steve Bertrand]

Andrew Moran wrote:
 
 Hey guys,
 
 I was wondering if anyone had any success in installing FreeBSD 7.1 on a
 USB2 or Firewire 800 drive connected to an intel Mac Mini and
 successfully booting off of it?

I don't know about the Mac Mini part, but I certainly boot FreeBSD 7.1
from USB2 drive:

pe-acc-2b# df -h
FilesystemSizeUsed   Avail Capacity  Mounted on
/dev/da0a 939M425M439M49%/
devfs 1.0K1.0K  0B   100%/dev
/dev/md0   31M 16K 28M 0%/tmp
/dev/md1   15M 36K 14M 0%/var/run
/dev/md2   31M2.4M 26M 9%/var/log
/tmp   31M 16K 28M 0%/var/tmp

da0: Flash Drive SK_USB20 1.00 Removable Direct Access SCSI-2 device
da0: 974MB (1994752 512 byte sectors: 64H 32S/T 974C)
Trying to mount root from ufs:/dev/da0a

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Stop all manner of periodic scripts from running

[Steve Bertrand]

Hi everyone,

Taking the questions regarding my routing boxes one step further, I have
strict rules that allow only certain control and management protocols to
communicate on the network.

Although SMTP is denied, I just realized that there are numerous
messages from periodic scripts that are queued up that can't be sent.

Can someone advise how to find out each and every periodic script that
tries to send out email (given a standard install), and/or how to
disable this?

Or, is there a way to completely cripple a FreeBSD machine, so the
system actually realizes that it can not send any email, and everything
it tries to send email will realize this? (preferably a more subtle
approach than simply rm'ing the sendmail binary :)

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Physical location of cvsup servers

[Steve Bertrand]

Don Read wrote:
 On Tue, 17 Mar 2009 18:50:46 -0500 Charles Howse said:
 
 Hi,
 Can anyone point me to a link that shows the physical location of the  
 U.S. cvsup servers?


 
 Not physical, but by wire time:
 
 localhost# fastest_cvsup -c us

...and for those in Canada:

# fastest_cvsup -c ca,us

The cvsup.ca.FreeBSD.org server has been the server with least latency
for me for months (given I always test against US and CA). Props to the
ops at Cogeco.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Physical location of cvsup servers

[Steve Bertrand]

Charles Howse wrote:
 
 On Mar 17, 2009, at 7:31 PM, Steve Bertrand wrote:
 
 Don Read wrote:
 On Tue, 17 Mar 2009 18:50:46 -0500 Charles Howse said:

 Hi,
 Can anyone point me to a link that shows the physical location of the
 U.S. cvsup servers?



 Not physical, but by wire time:

 localhost# fastest_cvsup -c us
 
 Nope...looking for city,state.

Unless you can communicate directly with the people who manage the
server, that is not an easy task.

You will have to consult whois for the routing information, and then,
even still the results may be inaccurate, as IP space allocated to
someone in Orlando Florida may be using some of their space in Dallas
Texas. Neat little tricks such as MPLS could have you make one hop
across the country while you think you are still in one local city.

What do you want to achieve? fastest_cvsup will tell you addressing of
the servers. You will have to contact those responsible for the IPs to
see where they are located to ensure any form of accuracy regarding
geo-location.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Physical location of cvsup servers

[Steve Bertrand]

Charles Howse wrote:
 
 On Mar 17, 2009, at 8:40 PM, Steve Bertrand wrote:

 What do you want to achieve? fastest_cvsup will tell you addressing of
 the servers. You will have to contact those responsible for the IPs to
 see where they are located to ensure any form of accuracy regarding
 geo-location.
 
 Mainly, it's curiosity.  I know-fer-a-fact I saw a list of physical
 locations back when 4.x was the latest release.  Probably been deleted.
 
 fastest_cvsup usually tells me #17 is fastest, but it times out a lot, I
 mean A LOT, from here.

Fastest, (in this case) != most reliable.

Can you produce the output of fastest_cvsup, include the top two results
(add #17 if it isn't included), and then provide the output of a
traceroute to #17?

Perhaps you have a faulty asymmetric path to 17...

It is important to know that just because a server may be literally
located at the building across the street, it doesn't mean that you are
guaranteed a path that may not cross the country (and in some
situations, across an ocean) and back.

I don't know where you are located, but generally, I've found cvsup8 to
be extremely quick (in terms of latency) and very reliable for a number
of years.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Execute and lock a user into a program upon login

[Steve Bertrand]

Hi everyone,

Although the application of my question focuses on network operation, I
believe that the objective fits this list.

Mostly irrelevant, I have been working on securing my network perimeter.
I have a FreeBSD box that acts as a host-based BGP peer to all edge
connected routers.

I use this host-based Quagga FBSD router to distribute routes that are
to be blackholed by the edge devices.

What I want is to set up an environment so that when a specific user
logs in to the box via SSH, a command is run, and they immediately get
dropped into the environment that the command produces.

When they exit this 'command', the login session is dropped.

Essentially, I want to 'lock' a user into a program upon SSH login, and
drop them from the SSH session when the program terminates.

In essence:

- user 'router' connects via SSH
- user is dropped into the application 'vtysh'
- user performs operations
- user exits from program
- shell drops (ie. user does not have to exit the csh shell to drop the
SSH connection)

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Execute and lock a user into a program upon login

[Steve Bertrand]

Steve Bertrand wrote:
 Hi everyone,
 
 Although the application of my question focuses on network operation, I
 believe that the objective fits this list.
 
 Mostly irrelevant, I have been working on securing my network perimeter.
 I have a FreeBSD box that acts as a host-based BGP peer to all edge
 connected routers.
 
 I use this host-based Quagga FBSD router to distribute routes that are
 to be blackholed by the edge devices.
 
 What I want is to set up an environment so that when a specific user
 logs in to the box via SSH, a command is run, and they immediately get
 dropped into the environment that the command produces.
 
 When they exit this 'command', the login session is dropped.
 
 Essentially, I want to 'lock' a user into a program upon SSH login, and
 drop them from the SSH session when the program terminates.
 
 In essence:
 
 - user 'router' connects via SSH
 - user is dropped into the application 'vtysh'
 - user performs operations
 - user exits from program
 - shell drops (ie. user does not have to exit the csh shell to drop the
 SSH connection)

I probably should have explicitly stated that I'd like help as to how I
would go about doing what I want to do, instead of simply stating my
goals ;)

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Execute and lock a user into a program upon login

[Steve Bertrand]

Polytropon wrote:
 On Fri, 13 Mar 2009 21:12:07 -0400, Steve Bertrand st...@ibctech.ca wrote:
 Steve Bertrand wrote:
 Hi everyone,

 Although the application of my question focuses on network operation, I
 believe that the objective fits this list.

 Mostly irrelevant, I have been working on securing my network perimeter.
 I have a FreeBSD box that acts as a host-based BGP peer to all edge
 connected routers.

 I use this host-based Quagga FBSD router to distribute routes that are
 to be blackholed by the edge devices.

 What I want is to set up an environment so that when a specific user
 logs in to the box via SSH, a command is run, and they immediately get
 dropped into the environment that the command produces.

 When they exit this 'command', the login session is dropped.

 Essentially, I want to 'lock' a user into a program upon SSH login, and
 drop them from the SSH session when the program terminates.

 In essence:

 - user 'router' connects via SSH
 - user is dropped into the application 'vtysh'
 - user performs operations
 - user exits from program
 - shell drops (ie. user does not have to exit the csh shell to drop the
 SSH connection)
 I probably should have explicitly stated that I'd like help as to how I
 would go about doing what I want to do, instead of simply stating my
 goals ;)
 
 If the user's shell is csh (FreeBSD's standard dialog shell), you
 could achieve the goal:
 
   ~/.login
   vtysh
   logout
 
 Only problem: I don't know how the shell will act when the user
 terminates the vtysh application (^C)...
 
 Idea: When the application vtysh is terminated, the next command
 in the .login file will be executed, which is the logout command
 that will cause the login shell to exit. This will close the SSH
 connection as well.
 
 (I haven't checked this, sorry.)

Thanks!

No problem for lack of testing. To be honest, an extra 'exit' command
via the shell is acceptable in this case, given that it will be only
internal network ops working this anyway.

I pretty much just wanted to provide a Cisco-like environment for adding
a route upon login (as opposed to having to manually running the vtysh
command). Manually logging out of a secure shell session is ok.

I'll test the log out portion. If it works, that'd be most handy.

Nonetheless, you've helped me out greatly.

Cheers!

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Execute and lock a user into a program upon login

[Steve Bertrand]

Jonathan Chen wrote:
 On Sat, Mar 14, 2009 at 02:18:27AM +0100, Polytropon wrote:
 
 [..]
 If the user's shell is csh (FreeBSD's standard dialog shell), you
 could achieve the goal:

  ~/.login
  vtysh
  logout

 Only problem: I don't know how the shell will act when the user
 terminates the vtysh application (^C)...
 
 Change the contents of ~/.login to:
 
 exec vtysh
 
 This overlays the shell with vtysh. When it exits, the session will
 be closed.

Thank you.

This appears to be what I want.

I was trying it with the previous setup, but I had to put the user in
the wheel group. I haven't yet figured where permissions were going astray.

Your procedure will allow me to put the user in the wheel group for now,
knowing that logout will occur as soon as the program terminates. This
way, I can safely know it works, and make myself a note for Monday to
fix the permissions issues ;)

Regards,

Steve

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: kernel #4

[Steve Bertrand]

Vasadi I. Claudiu Florin wrote:
 
 Hello guyz,
 
 Here's a short question (was unable to find a google)
 
 uname states my kernes as being: Freebsd-7.1-STABLE #4
 
 What exactly is that #4 mean ?
 
 Recompiled it 20 min. ago, so I figure it has something to do with
 maybe, I don't know, some sub-version of the sources ?

No. It means that this is the fourth time that you've recompiled the
kernel (IIRC).

You will see #5 if you do another recompile.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: kernel #4

[Steve Bertrand]

Tim Judd wrote:
 On Sat, Feb 28, 2009 at 8:12 AM, Steve Bertrand st...@ibctech.ca wrote:
 
 Vasadi I. Claudiu Florin wrote:
 Hello guyz,

 Here's a short question (was unable to find a google)

 uname states my kernes as being: Freebsd-7.1-STABLE #4

 What exactly is that #4 mean ?

 Recompiled it 20 min. ago, so I figure it has something to do with
 maybe, I don't know, some sub-version of the sources ?
 No. It means that this is the fourth time that you've recompiled the
 kernel (IIRC).


 Actually this is the 5th time --- computers start counting at zero.

Wow, what a nice technicality you have found!

If computers start counting at zero, and if the system-installed
kernel starts at zero, how many times has the user taken the bus?

;)

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: ping stucks/hangs on PCI 3com NIC sk0 interface but works on builtin NIC

[Steve Bertrand]

Faizan ul haq Muhammad wrote:

 After the ping is done (whether it works or not), stop the tcpdump and
 email the output to the list if you can. If you can't email it, at least
 type out the IP addresses captured, and the direction the data is
 attempting to flow eg:

 208.70.104.210.22  208.70.104.100.50885
 208.70.104.100.50885  208.70.104.210.22
 arp who-has 208.70.104.206 tell 208.70.104.193

 etc.

 I have just checked this:
 it says nothing ... except:
 listening on bridge0, link-type EN10MB (Ethernet), capture
 size 96 bytes
 I think it is unable to receive any packet . DO i miss something in the
 configuration ?

Provide the output to ifconfig bridge0, and kldstat.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: ping stucks/hangs on PCI 3com NIC sk0 interface but works on builtin NIC

[Steve Bertrand]

Faizan ul haq Muhammad wrote:

 Provide the output to ifconfig bridge0, and kldstat.
 
 ifconfig bridge0
 
 bridge0: flags=8843UP, BROADCAST, RUNNING, SIMPLEX, MULTICAST metric 0
 mtu 1500
 ther 0e:04:7b:09:e7:b0
 inet 192.168.0.1 network 0xff00 broadcast 192.168.0.255
 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
 
 kldstat:
 id REfs   AddressSize Name
 1  7   0xc040  9111ec kernel
 2  1   0xc0d12000  6a32c   acpi.ko
 3. 1   0xc4628000  22000   lunux.ko
 
 

That is what I kind of thought...

 ...One more thing: do i need to enable bridging through some SCTL command.
 somthing like sysctl net.link.ether.bridge.config=sk0:0, sk1:0
 
 by the way this command generates this error: unknown oid
 net.link.ether.bridge.config 

Put:

if_bridge_load=YES in /boot/loader.conf.

You can also load the module with:

kldload if_bridge

IIRC, your settings in rc.conf should be enough to configure the bridge,
 so if you choose to load dynamically while running, try a
/etc/netstart to configure the bridge.

If that doesn't work, a reboot should.

If you can't get it to work, supply the same output I asked for above,
and then I'll set up a quick lab here to test it.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: ping stucks/hangs on PCI 3com NIC sk0 interface but works on builtin NIC

[Steve Bertrand]

Faizan ul haq Muhammad wrote:

 Now i assume that in order to configure the NICs with the same NETWORK and 
 make them working i need to configure the System as router.

No.

A router's responsibility is to route packets between DISSIMILAR network
prefixes.

In essence, trying to do what you want is similar to this:

- you live at 100 John St
- you need to go to 50 John St
- the street is addressed in a way that a 50 John street is to your left
AND to the right

Which way do you go?

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: ping stucks/hangs on PCI 3com NIC sk0 interface but works on builtin NIC

[Steve Bertrand]

Faizan ul haq Muhammad wrote:

 Which way do you go?
 In this case I can take any of them  

Perhaps you will freeze in your tracks indefinitely due to confusion. Or
perhaps you will go around the entire block a few times before making a
decision ;)

 Anyways,- Today i got some time to play around and i tried to configure
 the machine as bridge.
 I added device if_bridge to kernel
 then i added the code to the rc.conf
  
 cloned_interfaces=bridge0
 ifconfig_bridge0=addm sk0 addm sk1 up
 ifconfig_sk0=up
 ifconfig_sk1=up
 now, i dun have any network address assigned to any of the interface and
 connect the two lan cards to two other machines and try to ping those
 machines from each other. but no success.

Did the bridge interface actually come up?

 ... do you think, this is as expected..? (i think bridge does not need
 to have any IP address..)

It depends. Are you doing any sort of firewalling? What is the IP
addressing info on the two end hosts?

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: ping stucks/hangs on PCI 3com NIC sk0 interface but works on builtin NIC

[Steve Bertrand]

Faizan ul haq Muhammad wrote:

 It depends. Are you doing any sort of firewalling? What is the IP
 addressing info on the two end hosts?
 well, in this configuration i havent enabled any firewalling.
 the Ips are: 192.168.0.4 and 192.168.0.5 for the other two hosts and to
 the bridge i assigned IP 192.168.0.1

Ok. On the box with the bridge, su to root and start a tcpdump session:

# tcpdump -n -i bridge0

...and then, on 192.168.0.4, ping 192.168.0.5

After the ping is done (whether it works or not), stop the tcpdump and
email the output to the list if you can. If you can't email it, at least
type out the IP addresses captured, and the direction the data is
attempting to flow eg:

208.70.104.210.22  208.70.104.100.50885
208.70.104.100.50885  208.70.104.210.22
arp who-has 208.70.104.206 tell 208.70.104.193

etc.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: When is there going to be a USB install and run iso iamge for FreeBSD?

[Steve Bertrand]

Formula 1 wrote:
 Is there going to be a possibility for FreeBSD, in the future or now, that 
 there will be a release of it that allows for install and running of the 
 operating system off of a USB memory stick?

What is your objective? ie. What will this box be designed to do once it
is booted from USB stick?

I boot from USB stick with numerous machines, but AFAICT, there is no
one single 'install method' to suit all needs. Determine what the system
will do, and then post back to the list.

Machines inside of my network that boot from USB:

- /boot on USB with GELI encrypted system and data on hard disk, in
which the USB key can be removed after boot (the USB contains the
encryption key)

- /boot on USB with large scale ZFS, so I don't have to shave off a UFS
piece from one of the drives

- routers that run RO from USB with /var  /tmp in memory devices so no
hard disks need to be present

- devices that boot and 'copy' the OS into a memory drive prior to
further loading, so no hard drive is required, and the USB stick can be
removed after the boot process

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: off topic: reporting attempts to access computers

[Steve Bertrand]

Andrew Gould wrote:

 Yes, it's probably time to move to certificates.  Thanks for the suggestion.

If you realize this, then you also want to look at devising an
allow-allow-deny_by_default approach for other critical protocols that
you can't employ certificates for...

Instead of blocking huge netblocks with your firewall (possibly causing
a denial of service on legitimate hosts), it's easier and more resource
friendly to create access rules that deny by default in ANY case. (Those
who provide transit or hosting services can obviously ignore this).

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: ipv6 aliases in rc.conf

[Steve Bertrand]

 Reinhard Haller wrote:
 Hi,

 I'm trying to add ipv6 aliases for my jails (7.1) in rc.conf.

 ifconfig_lo0_alias0=inet 192.168.64.1 netmask 255.255.255.0
 ifconfig_lo0_alias1=inet 192.168.64.2 netmask 255.255.255.255
 ipv6_ifconfig_lo0_alias0=inet6 fd08:2548:a3e8:40::1 prefixlen 48
 ipv6_ifconfig_lo0_alias1=inet6 fd08:2548:a3e8:40::2 prefixlen 128

 ifconfig_lo0=inet 192.168.64.1 netmask 255.255.255.0
 ifconfig_lo0_alias0=inet 192.168.64.2 netmask 255.255.255.255
 ifconfig_lo0_alias1=inet6 fd08:2548:a3e8:40::1 prefixlen 48
 ifconfig_lo0_alias2=inet6 fd08:2548:a3e8:40::2 prefixlen 128

 ...works for me.

I want to add to my post that it is not advisable to use your primary
loopback interface for anything other than localhost.

Keep lo0 as is, and use loN interfaces instead.

To add new loopback interfaces, in rc.conf add:

cloned_interfaces=lo1 lo2 lo3 #etc

...and then, add an 'UP' entry to ifconfig prior to interface use:

ifconfig_lo1=UP
ifconfig_lo1=inet ...
ifconfig_lo1_alias0=inet6 ...
# etc.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: ipv6 aliases in rc.conf

[Steve Bertrand]

Reinhard Haller wrote:
 Hi,
 
 I'm trying to add ipv6 aliases for my jails (7.1) in rc.conf.
 
 ifconfig_lo0_alias0=inet 192.168.64.1 netmask 255.255.255.0
 ifconfig_lo0_alias1=inet 192.168.64.2 netmask 255.255.255.255
 ipv6_ifconfig_lo0_alias0=inet6 fd08:2548:a3e8:40::1 prefixlen 48
 ipv6_ifconfig_lo0_alias1=inet6 fd08:2548:a3e8:40::2 prefixlen 128

ifconfig_lo0=inet 192.168.64.1 netmask 255.255.255.0
ifconfig_lo0_alias0=inet 192.168.64.2 netmask 255.255.255.255
ifconfig_lo0_alias1=inet6 fd08:2548:a3e8:40::1 prefixlen 48
ifconfig_lo0_alias2=inet6 fd08:2548:a3e8:40::2 prefixlen 128

...works for me.

Technically, IPv6 is designed for multiple addresses on each interface,
so the secondary (alias) parameter should not be needed at all. However,
using ifconfig, we must abide by it's methods of usage.

IPv6 addresses should be put inline with the IPv4 addresses under the
alias numbering scheme, and things will hold together.

Out of curiosity, why are you using a /48 prefixlen? I understand the
/128 (when it is not inside of another assigned prefix), but IMHO, you
should only use a /64 on an interface.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: ipv6 and freebsd

[Steve Bertrand]

gahn wrote:
 Thanks Steve:
 
 the router that sending RA is juniper and the protocol router-advertisement 
 has been activated:
 
 g...@lab_1 show interfaces fe-0/0/3
 ...
 
   Logical interface fe-0/0/3.170 (Index 70) (SNMP ifIndex 59) 
 ...
   Addresses, Flags: Is-Preferred
 Destination: fe80::/64, Local: fe80::214:f600:aa2c:d403
   Addresses, Flags: Is-Preferred Is-Primary
 Destination: fec0:10:5::/64, Local: fec0:10:5:0:214:f600:aa2c:d403

fec0::/10 was deprecated per RFC3879. Perhaps the Juniper unit is
obeying this and just not sending the prefix in the advertisement?

Everything else looks good, so lets test that possibility (as remote as
it is). Take your tcpdump one step further:

 lab# tcpdump -n -i bge1 ip6
 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
 listening on bge1, link-type EN10MB (Ethernet), capture size 96 bytes
 17:55:44.027565 IP6 fe80::214:f600:aa2c:3c03  ff02::1: ICMP6, router 
 advertisement, length 24
 18:02:46.283353 IP6 fe80::214:f600:aa2c:d403  ff02::1: ICMP6, router 
 advertisement, length 24

# tcpdump -n -i bge1 -s 0 -w /path/to/file.pcap ip6

After a time of that running (there won't be any STDOUT output), stop
the capture, and open the file in Wireshark. (I've never figured out
how to get tcpdump to read the data portion of the packets from a file).

With the -s0, it will capture the headers and the data of each packet,
so you should be able to tell whether the RA announcements do actually
contain the prefix you are trying to get configured.

Something that I should have asked from the get-go...do you have any
sort of firewall running on the box?

I'll set this up in my lab here today. Although we don't have any
Juniper units, I'll see if I can recreate the problem with Cisco
hardware. You may also want to test using a non-deprecated address
space. The documentation address may work for instance.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: ipv6 and freebsd

[Steve Bertrand]

gahn wrote:
 Thanks Steve:
 
 We use fec0::... as global unique IPv6 address in the lab environment. the 
 IPv6 routers in our lab uses fec0:0:5::/64 with eui-64 addressing scheme (for 
 testing).
 
From the host lab (freebsd) machine, it clearly sees two link-local 
addresses for two IPv6 routers via RA messages. the IP routers also sent But 
why not the host lab configure itself with global unique address with 
prefix fec0:0:5:0::/64 (provided by the routers)?
 
 What shall I do to accomplish this on FreeBSD?

Well, I got this working with no issues. The router I used is an old
Cisco 2651XM, and my box is FreeBSD 7.1. I even went as far to use space
out of fec0::/10.

Were you able to get a full pcap to ensure your global prefix is
within the RA messages?

If the global accept_rtadv is set to 1, and the interface is also told
to accept the advertisements, then I can't explain why this is not
working for you, other than a firewall on the host blocking inbound ICMP
(which is very bad for IPv6, for this reason, and due to the havoc
breaking PMTUd can cause).

Remember that tcpdump will capture the RA's on the wire before they are
dropped by any packet filter.

Can you ping6 the lab host from the router, using its link-local address?

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: ipv6 and freebsd

[Steve Bertrand]

gahn wrote:

 What shall I do to accomplish this on FreeBSD?

For clarification and completeness, here is exactly what I did:

First, config the router (Cisco):

interface FastEthernet0/0
 ip address 192.168.3.2 255.255.255.0
 duplex auto
 speed auto
 ipv6 address 2607:F118:A::1/64
 ipv6 address FEC0:10::1/64
 ipv6 nd ra-lifetime 210
 ipv6 nd prefix 2607:F118:A::/64
 ipv6 nd prefix FEC0:10::/64

Next, on the host, ensure we are properly prepared:

# sysctl -a net.inet6.ip6.accept_rtadv
net.inet6.ip6.accept_rtadv: 1

# ndp -i fxp0
linkmtu=1500, maxmtu=1500, curhlim=64, basereachable=30s0ms,
reachable=39s, retrans=1s0ms
Flags: nud accept_rtadv

Ensure there is not a blanket ICMP filter on the host, by pinging the
link local address from the router (even if you can ping, it is still
possible that ICMP type 9 are being blocked):

# ping fe80::20d:60ff:fe4c:81ca
Output Interface: FastEthernet0/0
Packet sent with a source address of FE80::20A:F4FF:FE0B:B109
!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms

Ensure we see RAs on the wire:

# tcpdump -n -i fxp0 ip6
listening on fxp0, link-type EN10MB (Ethernet), capture size 96 bytes
09:30:50.820717 IP6 fe80::20a:f4ff:fe0b:b109  ff02::1: ICMP6, router
advertisement, length 96

Capture the entire packet with the RA information to make sure that the
router is actually sending the prefixes we want to autoconf. Dump this
info into a file, so we can scp it to our workstation to read it into
Wireshark:

# tcpdump -n -i fxp0 -s 0 -w /var/log/test.pcap ip6

What does Wireshark tell us about the advertisement:

ICMPv6 Option (Prefix information)
Type: Prefix information (3)
Length: 32
Prefix length: 64
Flags: 0xc0
1...  = Onlink
.1..  = Auto
..0.  = Not router address
...0  = Not site prefix
Valid lifetime: 2592000
Preferred lifetime: 604800
Prefix: 2607:f118:a:: ***

ICMPv6 Option (Prefix information)
Type: Prefix information (3)
Length: 32
Prefix length: 64
Flags: 0xc0
1...  = Onlink
.1..  = Auto
..0.  = Not router address
...0  = Not site prefix
Valid lifetime: 2592000
Preferred lifetime: 604800
Prefix: fec0:10:: ***

So by this point, we've confirmed that everything is in order. I don't
know if FreeBSD will autoconf if the 'L' bit (Onlink) flag is set to 0,
so check that too.

Let's see our ifconfig output:

# ifconfig fxp0
inet6 fe80::20d:60ff:fe4c:81ca%fxp0 prefixlen 64 scopeid 0x1
inet 192.168.3.1 netmask 0xff00 broadcast 192.168.3.255
inet6 2607:f118:a:0:20d:60ff:fe4c:81ca prefixlen 64 autoconf
inet6 fec0:10::20d:60ff:fe4c:81ca prefixlen 64 autoconf

The last thing to try, is to ping6 the known IPv6 address of the router
from the host. Perhaps ifconfig is not displaying the learnt addressing
information until it is used. (This situation did come up for me, but it
may have been a coincidence in timing. I haven't been able to reproduce it).

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Assigning static ip address

[Steve Bertrand]

Nikolaj Thygesen wrote:
 Hi list,
 
I've been experimenting and googling for hours w/ no luck. All I want
 to do is run dhcp and then replace the ip address of the interface with
 a new static ip afterwards. 

I've been following this thread all day, but I still don't understand
exactly what you are trying to accomplish.

From what I understand (and correct me if I'm wrong):

- you are working on a FreeBSD host system
- you have a DHCP server on the network, but it is not on this host
- you want to use all of the DHCP assigned parameters on the host, but
you want to have a static IP on the host you are working on that is
different than the one assigned to you

If that is correct, then you really only have two options:

- do an #ifconfig, and in the configuration on the DHCP server, specify
a directly assigned IP address to your MAC address. This way, DHCP
server will feed you the same 'static' (aka permanent lease) address to
you, and will also provide you with all other configuration parameters, or;

- do not configure the IP address on the host via rc.conf. Let dhclient
do its job, and have the system run a script at bootup with the
requirement that 'network' setup is done, and that will set ONLY the IP
address.

It would help if you could specify what platform the DHCP server is
running on, and whether you have control of it or not.

It is important that you don't set a static IP address on your host that
the DHCP server has in its lease pool. If you do, it may/will cause IP
conflicts on the network.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: ipv6 and freebsd

[Steve Bertrand]

gahn wrote:
 Ok, i meant the configuration of ipv6_network_interface=fxp0 alone 
 doesn't seem to be working:

[...]

 how could I enable IPv6 only on the interface fxp0 instead of every interface?

It is possible to completely disable IPv6 on an interface, but man (8)
ndp recommends against doing this manually.

However, you can pretty well achieve the same effect by informing the
interfaces to not accept RAs.

First (and to answer your next question), enable 'auto config'. You can
put the next line in /etc/sysctl.conf to enable it at boot (without the
word 'sysctl'):

pearl# sysctl net.inet6.ip6.accept_rtadv=1

Now, you can disable acceptance of rtadv messages on individual
interfaces by:

pearl# ndp -i fxp1 -- -accept_rtadv

...or re-enable:

pearl# ndp -i fxp1 -- accept_rtadv

So, I think that this will suit your requirements. The only difference
being is that although the unused interfaces won't accept RAs, they will
still have a link-local address.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: ipv6 and freebsd

[Steve Bertrand]

gahn wrote:
 Thanks for the tips.
 
 But i still only see the fe80::..., link-local address, not the fec0:... 
 something as I expected.

Provide the output to:

# sysctl -a net.inet6.ip6.accept_rtadv
# ndp -i fxp0
# ifconfig fxp0

...and, run a tcpdump on fxp0 capturing only IPv6 packets. Eventually
you should see the router advertisements:

# tcpdump -n -i fxp0 ip6

If you don't see them, check your router config. What type of router is
it? Most routers have RAs disabled by default.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: please remove all search results with name Constantin Stalzer

[Steve Bertrand]

Chris Knight wrote:
 On Tue, Feb 10, 2009 at 4:41 PM, Jerry McAllister jerr...@msu.edu wrote:
 To make fun of someone's ignorance is not humorous.
 It is offensive and small.
 
 We are going to have to agree to disagree.  

I read in a posting recently by a very, very prominent and respected
member of the Internet community that agreeing to disagree is very
disrespectful.

In other words, you are accepting the fact that someone is wrong without
finding a solution.

Jerry made a very valid point. Jerry has made countless hundreds of
posts to this list, many of which are directed at helping the newcomer
settle in. _Any_ poking fun at someone whatsoever is unacceptable, and
that is non-disputable.

 It is my opinion that to
 make fun of someone's _stupidity_ is offensive.  Stupidity, like the
 lack of a sense of humor, is a disability that can not be cured.
 Ignorance, which is easily cured, is something that we all suffer from
 time to time and is therefore a more universal point of humor.

It is not a point of humour to those who do not know any better. A
softer, more gentle approach would be appropriate here.

Even if *you* think it is humorous, have you ever known anyone, or had
any children with any sort of anxiety issues? I'm sure you haven't, or
you wouldn't be arguing with Mr. McAllister, and you surely wouldn't be
defending your post.

Perhaps by have to agree to disagree means that you will rephrase a
response to the OP directly that explains the 'hows' and 'whys' of the
non-feasibility of the request...

Cheers,

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: please remove all search results with name Constantin Stalzer

[Steve Bertrand]

michael copeland wrote:

 on a side note, i can't believe this has kept going

Either can I. It's a flame-war, and I became part of it (tsk).

I just so want this list to be a good place for newcomers as I once was,
that I'd rather try to keep the list clean, and very much dislike it
when someone tries to challenge the integrity of a very well respected,
long term member of the list.

This thread is done for me now. Bring back on the IPv6 questions

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Bridge setup at boot

[Steve Bertrand]

Da Rock wrote:
 I feel like a real newbie asking this one, but the answer is still
 eluding me :(
 
 I have a system where I'm separating my servers for distinction so I'm
 running qemu.
 
 I have a bridge setup which works occasionally, but I need it to work
 100% of the time. I also need this to run at boot time, which is where
 it seems to fall short (not to mention that on occasion even the re
 driver fails to load- not sure if its hardware or software yet, but
 appears to have no bearing on the bridge problem; I could still get an
 ip address via dhcp when the bridge is not working).
 
 My loader.conf looks like this:
 
 snd_hda_load=YES
 if_bridge_load=YES
 if_tap_load=YES
 
 My rc.conf looks like this:
 
 cloned_interfaces=bridge0 tap0
 autobridge_interface=bridge0
 autbridge_bridge0=re0 tap0
 ifconfig_re0=up
 ifconfig_tap0=up
 ifconfig_bridge0=DHCP
 
 If I tell re0 to use DHCP as well, I can access the host, but not the
 guest. If I run qemu in a script, the guest cannot get a DHCP address.
 
 This seems to happen intermittently- one problem then the other. If the
 bridge fails to get an ip from dhcp, I find re going down just after
 bridge0 starts looking for an ip- re comes up again after that starts.
 If bridge0 does get an ip, the tap0 will go down and qemu guest can't
 get an ip.
 
 I feel like I'm going round in circles now. Using rc.conf nothing
 appears to be happening in order- things seem to be going up and down
 when they feel like instead of when they should. I need this to be
 stable, not a cross your fingers and toes, we're going in scenario-
 which is what bridging appears to be like at startup. Manually I can get
 it working off the bat, but I'm trying to get this working within the
 framework provided.
 
 For reference the sysctl.conf settings mentioned in some circles are
 useless in 7.1- net.link.ether.bridge_cfg and
 net.link.ether.bridge.enable aren't recognized.

Can you stabilize the bridge at boot, without any other software
starting up?

If not, does re0 get set up consistently with the same config with a
basic setup?

I had similar issues a while back (pre 7.1) in which sometimes 're'
devices didn't start up at the proper speed/duplex. Every once in a
while, it would show up at 10 or 100 half, when it should have been auto
set at full 100 or 1000. If I forced proper speed/duplex, other outside
programs began to work properly.

However, I haven't witnessed those issues since 7.1


Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Sendmail to Relay different domains to different hosts

[Steve Bertrand]

greg.st...@sungard.com wrote:
 I am using Sendmail on a FreeBSD7.0 server as a mail relay for some of
 our servers.  These servers relay messages to both internal recipients
 and external customers.  I need to be able to relay mail destined to our
 internal domain recipients to our corporate mail servers but relay
 everything else out to our usual smart host.   So basically, I am
 looking to relay emails destined for a certain domain to one host and
 the rest of the mail to another.  

 Does anyone know how I could configure
 sendmail to accomplish this?

Yes.

Take a look at the `mailertable.sample' file. Create an empty
'mailertable' file in /etc/mail, and add the domain-to-server maps to it:

corporate.com   smtp:relay.corporate.com
other.com   smtp:some.other.server.com

...and then IIRC:

# cd /etc/mail
# makemap hash mailertable  mailertable

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: insert new line in files

[Steve Bertrand]

Adam Vande More wrote:
 Dan Nelson wrote:

 You want:

 sed -e '5i\
 test' test.txt

 i.e. a linebreak after the backslash.

   
 I had actually tried that too:
 
 sed -e '5i\
 ? test' text.txt
 sed: 1: 5i
 test
 : command i expects \ followed by text

Try:

# sed -e 5i\\
? test text.txt

Note the double-quotes and two \\.

I just ran into this today ;)

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: insert new line in files

[Steve Bertrand]

Adam Vande More wrote:
 Dan Nelson wrote:
 I had actually tried that too:

   sed -e '5i\
 ? test' text.txt
 sed: 1: 5i
 test
 : command i expects \ followed by text
 

 I don't see a backslash in the error message, which means something
 ate it. Are you running this command from something other than the
 commandline or a
 plain sh script?  If you're calling this from another scripting language
 (via system() or popen() or something similar), you probably have to
 double
 the backslash so whatever's parsing it out passes one through to sed.
   
 This is being executed from stock tcsh
 
 Progress is being made as it works in the test now with the \\ however
 I'm running into more things I don't understand in regards to what I
 need to escape in my input string.
 
 sed -e '5i\\
 include(\'/usr/home/www/imp-sites/default_inventory.php\');' test.txt
 Unmatched '.
 
 I also tried escaping ( ) . / to no avail.

I don't know for sure under tcsh, but did you try double quotes as I
suggested? Using them may prevent the normally special characters from
being interpolated.

If it doesn't work, then hopefully escaping them will.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: insert new line in files

[Steve Bertrand]

Adam Vande More wrote:

 I also tried escaping ( ) . / to no avail.
 nevermind I see I have to \\ that as well.  Okay now I'm going to try to
 find a way to do this with find and xargs

IMHO, this has become a job for Perl :)

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Backup to spare drive (rsync / crontab)

[Steve Bertrand]

drc...@yahoo.com wrote:
 I am using rsync and crontab to perform scheduled backups on FreeBSD AMD64 
 Rel. 7.0
 I am following process described here for rsync :
 http://samba.anu.edu.au/rsync/examples.html
 
 I have a backup script's created for daily, weekly, monthly.
 This is one example  -  the daily  (/backup is a seperate physical drive) :
 
 #daily backup script
 rsync -a --delete /usr/home/data/Access/ /backup/daily/Access
 rsync -a --delete /usr/home/data/Templates/ /backup/daily/Templates
 rsync -a --delete /usr/home/QBdata/ /backup/daily/QBdata
 rsync -a --delete /usr/home/reception1/ /backup/daily/reception1
 rsync -a --delete /usr/home/reception2/ /backup/daily/reception2
 rsync -a --delete /usr/home/reception3/ /backup/daily/reception3
 rsync -a --delete /usr/home/data/Files/ /backup/daily/Files

Try putting the full path to rsync in your script:

# whereis rsync

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Looking for a Good FreeBSD and General Unix Backup System

[Steve Bertrand]

Martin McCormick wrote:
   Several months ago, I started using dar to backup a
 number of FreeBSD and Linux systems to one FreeBSD box. It
 worked fine once one got the syntax of the remote commands
 working, but then it all died when I moved it to a new
 FreeBSD6.3 system. 

I feel for you.

   What we plan to do is backup a bunch of Unix systems to
 one FreeBSD box and then use a commercial package to back that
 box up to an enterprise-wide system we use. The archiver we need
 must be able to make 1 full backup of each system like tar and
 then incrementals until we are ready for another full backup.

I am an AMANDA advocate. You seem to have a decent understanding of the
difference between 'backup' and 'archive'. rsync does not fit your bill
here, IMHO.

Given that you need a 'standard' method of recovery, AMANDA conforms to
dump(8) and restore(8) if you don't have easy/direct access to its
internal amrecover(8) command set.

The initial learning curve isn't bad for a sys admin who is familiar
with performing proper network backups, and once initially configured,
just does it's job.

Since you can have all of your FreeBSD boxes backed up to a single
hierarchical directory structure via AMANDA, your enterprise server
should have no problem sweeping that single directory up, fulfilling
that portion of the criteria.

   Any suggestions as to what is best? Dar seemed to be
 okay until the incrementals would hang each time with some error
 messages about the format version being too high which is bogus
 because we are using the same version for all the effected
 systems.

My suggestion is to use something that conforms to age-old and
tried-and-true dump/restore routines. A backup (as I can tell you
already know) is as good as the time it takes to restore from it.

   The archive files should use tar or some other common
 storage method so we could unpack an archive from a Linux system
 in to a FreeBSD directory or vice versa.

http://amanda.org

Not only will it use tar, but you can define, on a partition level
basis, which tar to use, whether to compress, etc etc.

   Any backup packages using tar would be fine as long as
 they can do incremental backups and use ssh as the transport.

If you do use AMANDA, it is trivial to copy the backups over SSH whether
it be after they are done or during backup.

HTH.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Edit user groups

[Steve Bertrand]

Akenner wrote:
 Hi,
 
 I'm using FreeBSD 7.1-RELEASE and I have multiple user accounts set up.
 I made about 4 for myself to use and do various testing with, and made
 some for my Wife as well because She knows UNIX better than I do anyway
 heh.
 
 Anyway, one of the things I forgot about, was that FreeBSD by default
 doesn't allow just anyone to use su.
 
 I come from mainly using Linux, where you can log in and then whenever
 you need to open a root xterm or even a root shell, you just type the
 password and go. I looked up how to do this but most of my results came
 back with setting up user accounts, and other things. I did add another
 user that was in the wheel group so I could do it, but I'd really like
 to be able to add my main user account to the wheel group so I can su
 from this one instead of doing su otheruser and then su again to root.
 
 I found while searching for this something that MIGHT be what I'm
 looking for, but after reading it over, it seems I'd have to read
 through the whole man page first and then, it could be bad if I mistype
 something, or I could even screw up an account, which I can't risk.
 
 Is there an exact way to take a user account on my system, and add it to
 the wheel group?

Yes.

# ee /etc/group

...and add your username to the list of users after the wheel group. For
instance, by default, the entry will appear as such:

wheel:*:0:root

...and if my username is steve, you will append the line like this:

wheel:*:0:root,steve

...then hit ESC, then ENTER twice.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: / mounted read-only after error in /etc/rc.conf

[Steve Bertrand]

Pieter Donche wrote:
 I made a typing error when chanign /etc/rc.conf
 (linux_enable=YES)
 when rebooting the system, the boot stops
 /etc/rc.conf: 22: Syntax error: Unterminated quote string
 Enter full pathname of shell or RETURN for /bin/sh:
 #
 this leaves me with
 /dev/ds0s1a on / (ufs, local, read-only)
 
 since / is read-only I can not edit /etc/rc.conf to correct the error.
 
 How to solve this?

Try:

# mount -u /

Which will try to re-mount the / partition as read/write.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Launching Vim

[Steve Bertrand]

Rem P Roberti wrote:
 Can someone give me a heads up on this.  I just installed vim, but when
 I try to launch
 the program I get this error message:
 
 /libexec/ld-elf.so.1: Shared object libperl.so not found, required by
 vim
 
 Is this a path problem?  The actual file libperl.so recides in
 /usr/local/lib/perl5/5.8.9/mach/CORE/libperl.so

First, run:

# /etc/periodic/weekly/310.locate

Then, provide the output to:

# locate libperl.so
# echo $PATH

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Blocking very many (tens of thousands) ip addresses in ipfw

[Steve Bertrand]

Artem Kuchin wrote:
 I need to block around 15 ip addreses from acccess the server at all
 at any port.  The addesses are random, they are not nets.
 These are the spammer i want to block for 24 hours.
 The list is dynamically generated and regenerated every hour or so.
 What is the most efficient way to do it?
 At first i thought doing ipfw rules using 5 ips per rule, that would
 result in 3 rules! This will be too slow!
 I need to something really quick and smart. Like matching the first
 number from ip (195 from 192.1.2.3),
 if it does not match - skip, if it does - compare the next one
 and so on.

Use tables. They are efficient, and easy to manipulate.

# ipfw table 1 add xx.xx.xx.xx/xx
# ipfw deny all from table(1) to any

It would be best if you allowed only legitimate IP addresses to pass
traffic in/out of your network, and then deny all else, but the way your
message reads, this is SMTP traffic inbound, so 'allow some, deny the
rest' doesn't work too well here.

Steve

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Blocking very many (tens of thousands) ip addresses in ipfw

[Steve Bertrand]

Pieter de Goeje wrote:
 On Wednesday 14 January 2009 17:23:25 Artem Kuchin wrote:
 I need to block around 15 ip addreses from acccess the server at all
 at any port.  The addesses are random, they are not nets.
 These are the spammer i want to block for 24 hours.
 The list is dynamically generated and regenerated every hour or so.
 What is the most efficient way to do it?
 At first i thought doing ipfw rules using 5 ips per rule, that would
 result in 3 rules! This will be too slow!
 I need to something really quick and smart. Like matching the first
 number from ip (195 from 192.1.2.3),
 if it does not match - skip, if it does - compare the next one
 and so on.
 
 Quoting ipfw(8):
 LOOKUP TABLES
  Lookup tables are useful to handle large sparse address sets, typically
  from a hundred to several thousands of entries.  There may be up to 128
  different lookup tables, numbered 0 to 127.
 
 net.inet.ip.fw.dyn_buckets should probably also be increased to efficiently 
 handle 150k IPs.

Please correct me if I'm wrong, but if the OP is going to drop all
traffic immediately from the 150k IPs, then dyn_buckets shouldn't come
into play, as there is no dynamic rule generated.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: freebsd encrypted hard disk?

[Steve Bertrand]

Johann Hasselbach wrote:
 I read the encrypting disk partitions section of the Handbook. What
 is the preferred method nowdays, geli or gbde?
 
 Is there another method that would be better?

I don't know what is best, but for quite some time I've used GELI to
encrypt my entire hard disk, including the / partition.

I then copy /boot to a USB thumb drive with the encryption key so I
don't need any portion of the hard disk unencrypted. This setup also
allows me to pull the USB key from the machine after it has been booted,
taking the encryption key with me.

I've never had a problem.

pearl# df -h
Filesystem   SizeUsed   Avail Capacity  Mounted on
/dev/ar0.elia504M377M 87M81%/
devfs1.0K1.0K  0B   100%/dev
/dev/ar0.elie 47G9.6G 34G22%/usr
/dev/ar0.elif 47G7.2G 36G17%/var
/dev/ar0.elig 47G 25G 19G57%/home

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Performing installed ports upgrade / leaving some software intact

[Steve Bertrand]

Zbigniew Szalbot wrote:
 Dear all,
 
 I am now full into planning the 7.0-RELEASE to 7.1-RELEASE upgrade. I
 know that at the end of the day it will also mean upgrading all ports
 (portupgrade -af). I have one port - mailman - which I have customized
 a lot and do not really want to upgrade it as it will most likely mean
 I will have to hack a few files again.
 
 What options do I have so that I do not break the setup?
 
 I am thinking of:
 
 1/ backing up the hacked files and restoring them later (but I will
 overwrite the newer files with older ones perhaps breaking something).
 2/ making them read only (but the end result will be the same and
 upgrading as root I will overwrite them anyway).
 
 And that would be it. My wisdom ends here. Is there any option to
 survive the ports upgrade? :)
 
 If not, I guess I will just have to hack Mailman files again after the
 upgrade...

Can you verify that the original copy of the files you've hacked have
indeed been modified in the upgraded version?

Perhaps you could download the source for both the new version in ports,
and the original version, and find out exactly what, if any changes have
been made to your modified files.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: PHP setup question

[Steve Bertrand]

stan wrote:

 If you want to see what I have, It's reachable at
 http://beachcave/net/ampache/

I can't reach it :)

Reply with the proper URL and I'll have a look.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: FreeBSD Boot Manager

[Steve Bertrand]

Kurt Buff wrote:
 On Thu, Jan 8, 2009 at 5:17 PM, Grant Peel gp...@thenetnow.com wrote:

 On that drive, there was about 100 GB of free space, so I decided to try 
 putting FreeBSD 6.4 on it.

 During the install, I opted to use the Free BSD boot manage. The install 
 went flawlessly.

 Any idea what I might need to do to make windows work again?

 It may be worth mentioning, I had Norton GoBack running on the disk before I 
 installed FreeBSD, although I am not aware if it does anything to the 
 booting system.

 www.bootdisk.com
 
 Find a bootable floppy image there that includes a DOS fdisk, and
 write it out to a floppy disk.
 
 Boot your machine with that floppy, and at the DOS prompt, type 'fdisk
 /mbr' - it will write a standard boot sector, and Windows should boot
 again.
 
 Of course, this will not allow you to boot to your new FreeBSD
 installation, but with other folks' help, you can probably overcome
 that - probably with GRUB, or another boot manager.

Technically (theoretically) speaking, using a Win32 boot disk to fdisk
/mbr, he should be able to re-initialize the FBSD boot loader by going
through the steps he did initially.

AFAIR, Symantec GoBack, along with many other 'in-disk' restoration
programs, overwrite the boot sector with its own code.

If the OP can boot back into Windows with the fdisk /mbr, he has likely
done both:

- broke his GoBack program's ability to recover, and;
- made it possible to restore the FBSD boot manager

If Windows boots after following Kurt's recommendation of restoring the
Windows MBR, back up your Windows system, then try FreeBSD again.

You sound courageous, give 'er!


Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: issue with extra top level domain appened to mail

[Steve Bertrand]

Matthew Davidson [DATACOM] wrote:
 Do you have unusual options like FEATURE(always_add_domain ...) set up?
 
 
 I haven't made any changes to the sendmail configuration.  It's straight
 out of the CD vanila 6.3 Standard install.  I'm completetly stumped.
 If I build with 6.1,  I don't have any issue.  If I build with 6.4,
 same problem.
 
 I might try rebuilding as 'matdav.datacom.com'.  Perhaps it's some bug
 specific to the '.nz' TLD,  but that seems unlikely.

Show output for:

# ifconfig
# dig @localhost matdav.datacom.net

Then, get the nameserver IP address out of /etc/resolv.conf, and
assuming that $IP is equal to the IP address of the nameserver,:

# dig @$IP matdav.datacom.net

This problem resembles an issue with a missing '.' trailer somewhere
within a naming application...

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: FreeBSD Boot Manager

[Steve Bertrand]

Grant Peel wrote:
 So then,
 
 IF we are able to restore the Windows MBR, and boot into windows, should
 we not be able to boot the machine with a bootable FreeBSD disk, then,
 use Sysinstall to restore the FreeBSD boot manager?

Yes, that is exactly what I was getting at.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: FreeBSD Boot Manager

[Steve Bertrand]

Grant Peel wrote:
 Can I use a windows install cd's R option to do the fdisk /mbr ?

I don't know.

It's been $years since I've had to use a Windows install CD for such a
thing.

If it's win32, my experience would have me recommend just booting from a
floppy of a win boot disk to restore the MBR. It's just quick that way.
If my memory serves right, even a win98 boot disk should work.

Why load up all of the unneeded Windows device drivers and other stuff,
if you can just 'fix' it?

IIRC, just to get to the `Recovery Console' (if you please) takes many,
many minutes.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Sun sucks

[Steve Bertrand]

RW wrote:
 On Thu, 8 Jan 2009 17:10:10 -0500
 Ansar Mohammed ans...@gmail.com wrote:
 
 
 After registering Sun complains that they don't like my ID and I need
 to provide more information. I create another account. Same problem.
 After 3 months I finally get an email saying they want clarification
 on the acronym for my company. 
 
 
 Well there's your problem. You gave them too much information in the
 first place. I usually just make-up a name as a matter of principle.
 
 Just create a new account for some made-up name, don't specify any
 company, download your file, and then (if you really care) go through
 the hoops afterwards.

Improper subject, wrong attitude.

If one wishes to use a license from another product that is outside of
the BSD license scope, then follow it properly.

FreeBSD (  personnel) does a magnificent job of keeping
outside-licensed code and objects separate from itself, and I'd rather
jump through burning hoops of flame to 'add on' to the system to mend it
to my needs, as opposed to  having the system, and possibly its users,
face legal ramifications later...

If you need outside software that requires reading any sort of an
'Agreement', then follow the 'Agreement' until you get rights to use the
software.

FreeBSD isn't about 'easy'. It's about 'right'. Installation methods
print out information about external licenses for a reason. Ask those
external places how to get around their sign-ups...don't ask here.

For that matter, don't answer such questions here, either.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: PHP setup question

[Steve Bertrand]

stan wrote:

I'll describe the test setup that I used within a VM to configure things
inline. The software does not necessarily match the version number
exactly to yours.

 OK, here goes:
 
 black# uname -a
 FreeBSD black.fas.com 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #0: Sat Dec 27
 19:11:47 EST 2008 root@:/usr/obj/usr/src/sys/GENERIC  amd64

FreeBSD testweb.eagle.ca 7.1-RELEASE FreeBSD 7.1-RELEASE #0: Thu Jan  1
14:37:25 UTC 2009
r...@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386


 ports of interest:

My ports tree is the one from the FBSD 7.1 install as noted above. I
literally just downloaded the .iso yesterday.

 ampache-3.4.3  

 mysql-client-5.0.75 

MySQL was installed with:

# pkg_add -r mysql51

testweb# mysql -V
mysql  Ver 14.14 Distrib 5.1.28-rc, for portbld-freebsd7.1 (i386) using  5.2

 mysql-server-5.0.75 

Server version: 5.1.28-rc FreeBSD port: mysql-server-5.1.28_1

 apache-2.2.11 

Apache installed via:

# pkg_add -r apache2

testweb# apachectl -v
Server version: Apache/2.2.9 (FreeBSD)
Server built:   Sep  8 2008 13:27:11

PHP was installed from ports (lang/php5). The only changes I made were
enabling the Apache module and enabling sessions (which BTW is required
for Ampache, as is mysql pcre iconv).

php-extensions was also installed via ports. Other than GD, the only
other option that I enabled was MySQL.

 Once you have these installed add the folloowing lines to 
 /usr/local/etc/apache22httpd.conf  
 
 Directory /usr/local/www/ampache/
 Order allow,deny
   Allow from all
   /Directory
 
 Alias /ampache /usr/local/www/ampache

Normally I set up websites in a different fashion than above, but to
keep things consistent, I followed the documentation as above.

 Edit /usr/local/www/ampache/config/ampache.cfg.php.dist and put doubel
 quotes around the names of the rss* bairables (to work around a known bug

 Complete step 1 of the install process
 Go to step 2, when you press write config file you will be prompted to
 download this fle instead (not cerrtain wh the directory it goes in is
 writbale by the www user). Donwload this file and install it as: 
 
 /usr/local/www/ampache/config/ampache.cfg

Done. I scp'd the file from my Windows workstation to the box, and put
it into the ampache/config directory. I then chown'ed the file to my web
servers UID.

 Try to proced to step 3. You should get an error message saying that
 Ampache is already configured (but it's not0.

At this point, (Step 3), I am presented with a 'Create Admin Account'
screen...I receive no errors or warnings. Clicking on 'Check config'
claims everything is ok...

...and now I am presented with:

http://208.70.104.27/ampache/login.php

...in which I use the admin account I just created, and it directs me
into the application.

 I beleive this is a repeatvle bug.

I'm willing to bet that you have a permissions error within the
filesystem, but that is just a guess.

Provide the output to:

# ls -l /usr/local/www
# ls -l /usr/local/www/ampache/config

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: PHP setup question

[Steve Bertrand]

stan wrote:

 Complete step 1 of the install process
 Go to step 2, when you press write config file you will be prompted to
 download this fle instead (not cerrtain wh the directory it goes in is
 writbale by the www user). Donwload this file and install it as: 
 
 /usr/local/www/ampache/config/ampache.cfg

Oh, I missed this my first pass through...

If what you claim above is not a typo, then the system surely can not
find a configuration, as it should be named:

ampache.cfg.php

...not ampache.cfg

Small point, but could be a critical one.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: FreeBSD USB Install

[Steve Bertrand]

Matthias Apitz wrote:
 El día Wednesday, January 07, 2009 a las 03:17:02PM +0100, Polytropon 
 escribió:
 
 On Wed, 7 Jan 2009 08:25:45 -0500, Brian McCann bjmcc...@gmail.com wrote:
 Hi all.  I'm trying to install FreeBSD 7.1 off the CD to a USB thumb
 drive, but every time I try it fails.  sysinstall says Unable to make
 new root filesystem on /dev/da0s1a1.  Command returned status 38.
 When I switch to the debug console, I get cg 0: bad magic number.
 This thumb drive was being used on my Windows machine previously, then
 I re-formatted it as UFS to use it on a FreeBSD machine...so I know
 the thumb drive itself works.  Can someone shed some light on this
 problem?
 I could only suggest to eliminate all slices and partitions on the
 thumb drive (such as it was a new disk right from the factory)
 and let sysinstall put slice and partitions onto it.
 
 The problem is that 'from the factory' sometimnes they come already 
 Windows-like
 formated; I've wiped out all with:
 
 # dd if=/dev/zero of=/dev/da0 bs=1m
 
 (double check that /dev/da0 is really the device you want to clean)

sysinstall will provide you an option to erase any existing 'partitions'
 that exist on the drive during install, so the 'dd' is redundant.

I've never installed directly to a thumbdrive before. Normally I'd
install to a hard disk, pear it down, and then effectively copy the
system to the thumb drive manually. I end up with a system as such (so I
don't need a hard disk):

router# df -h
FilesystemSizeUsed   Avail Capacity  Mounted on
/dev/da0a 939M410M454M47%/
devfs 1.0K1.0K  0B   100%/dev
/dev/md0   31M 20K 28M 0%/tmp
/dev/md1   15M 36K 14M 0%/var/run
/dev/md2   31M318K 28M 1%/var/log
/tmp   31M 20K 28M 0%/var/tmp

That said, installing to a USB disk through sysinstall should
technically (AFAIK) be no different than installing to a standard SCSI
hard disk (da0).

What options are you supplying when you reach the 'FDISK Partition
Editor' screen?

Also, if you are installing the system via sysinstall that is running on
an already installed FreeBSD, you must use the 'w' option before 'q'.
Quit within the disk editor while running under FreeBSD does not imply
'write'. (This being opposed to booting from a CD to install).

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: PHP setup question

[Steve Bertrand]

stan wrote:
 On Wed, Jan 07, 2009 at 09:33:46AM -0500, Steve Bertrand wrote:
 stan wrote:

 I'll describe the test setup that I used within a VM to configure things
 inline. The software does not necessarily match the version number
 exactly to yours.

 Thanks for puting in all this effort!!

No problem.

 $  ls -l /usr/local/www/ampache/config
 total 24
 -r--r--r--  1 www  www  19352 Jan  5 16:38 ampache.cfg.php.dist
 -r--r--r--  1 www  www141 Aug 31 02:20 motd.php.dist
 -r--r--r--  1 www  www 96 Aug 31 02:20 registration_agreement.php.dist
 $ 
 
 Does this look corect?

No.

You did not put the downloaded ampache.cfg.php file in the
ampache/config directory.

Your /usr/local/www/ampache/config should look like this:


testweb# ll /usr/local/www/ampache/config/
total 46
-r--r--r--  2 www  www 14 Aug 31 02:20 .htaccess
-rw-r--r--  1 www  www  19366 Jan  7 09:23 ampache.cfg.php
-r--r--r--  2 www  www  19352 Jan  7 09:19 ampache.cfg.php.dist
-r--r--r--  2 www  www141 Aug 31 02:20 motd.php.dist
-r--r--r--  2 www  www 96 Aug 31 02:20 registration_agreement.php

Note the ampache.cfg.php file. It is the one that I downloaded during
install to my local workstation. I then uploaded it back to the server,
and put it in the config directory per the documentation.

Cheers,

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Upgrade a USB-stick contained system

[Steve Bertrand]

Hi everyone,

I run numerous systems (mostly networking gear) from 2GB USB thumb
sticks. These systems do not have hard disks.

To update one of these systems, I'd generally copy the thumb drive
filesystem to a hard disk in another PC, upgrade it, and then transfer
the necessary data back to the USB drive. I'd like to change this approach.

What I'd like to do, is boot the USB drive in another machine that has a
hard drive, and mount any necessary directories for the duration of the
upgrade into the USB drive (such as /usr/src, /usr/ports etc) from the
hard drive. When I'm done, the cruft stays on the physical hard disk,
while the upgraded system on the USB drive is physically replaced back
into the original system.

This is purely a disk-space issue on the USB disk. What I want to know,
is *exactly* what _working_ directories/filesystems are required to
build a new system... working directories that can be dissolved with no
repercussions by using umount.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: PHP setup question

[Steve Bertrand]

stan wrote:
 On Mon, Jan 05, 2009 at 09:45:23PM -0600, Kelly D. Grills wrote:
 On Mon, Jan 05, 2009 at 04:51:08PM -0500, stan wrote:
 Clearly I am still confused. :-(

 I just duid as you sugested, and all went well untill I pushed the Write
 Config button at Step 2. At this point I was offered teh option fo
 downlaoding to the machine that I was running the web browser on this config
 file. Since this is where I got hung up last. I stoped to ask what I am 
 doing
 wrong. If I download this file, and put it in the config directory, based
 upon previous behavior the setup process will refuse to run, because the
 config file exists.

 What basic misunderstanding do I ahve here?
 This thread represents an exmaple of exactly the problem I am facing. It
 appears as though this behavior can be triggered by running the wrong
 version of ampache.
 
 Can anyone confirm that the version in ports actually works?

Stan,

It appears as though you are bouncing off the walls to find a solution.

Did you contact the appropriate list as prescribed by Kelly?

Can you document a well-defined approach in regards to the installation
methods you need to follow to reach the goal you are after?

If so, email it to the list, starting with your base OS version. I'll
help you out with a test platform if you can get things organized.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Urgent help needed please: Gvinum problem

[Steve Bertrand]

Ian Lord wrote:
 Hi,
 
 We had a power lost even though we have ups and generators (still
 investigating it) and when the machine rebooted one of the disk seems to be
 failed :
 
 The system complains about fsck repaired failed and that I must run it
 manually. It then boots in single user mode.
 
 I entered gvinum and pressed “l” to see the status of the drive and I get
 this:
 My volume is UP
 My plex is shown as degraded
 I have 3 of the 4 subdisks shown as UP the 4th is shown as down.
 
 Running “gvinum /dev/gvinum/RAID5” which is the name of my volume gets me
 this error:
 ** /dev/gvinum/RAID5
 Cannot find file system superblock
 Ioctl (GCINFO): Inapropriate ioctl for device
 fsck_ufs: /dev/gvinum/RAID5: can’t read disk label
 
 I tried “bsdlabel gvinum/RAID5” it tells me there is no valid label found
 
 Does anyone knows what I can try to try to put back system online (at least,
 so I can restore a backup on the disk)

I'm trying to find my vinum notes, but can't as of yet...

What does a:

# fsck -y /dev/gvinum/RAID5

...yield...anything?

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Using HDD's for ZFS: 'desktop' vs 'raid / enterprise' -edition drives?

[Steve Bertrand]

dick hoogendijk wrote:
 On Fri, 2 Jan 2009 15:17:30 -0500
 stan st...@panix.com wrote:
 
 On Fri, Jan 02, 2009 at 05:48:27PM +0100, Wojciech Puchar wrote:
 think twice before doing.
 Could you elaborate please ?
 ZFS still doesn't work as described ...
 Is that comment FreeBSD specifc, or aimed at ZFS in general?
 
 Mind you, ZFS on FreeBSD is not the same as on OpenSolaris-2008.11,
 Nevada or even Solaris 10. On those platforms ZFS generally does what it
 is supposed to do, other than it's still a developing FS.
 On *BSD related systems that is not always the case. Do a good readup.

I had problems with ZFS about a year ago (or so).

Since then, for me, ZFS has been quite reliable:

amanda# zpool list
NAMESIZEUSED   AVAILCAP  HEALTH ALTROOT
storage1.82T   1.21T623G66%  ONLINE -

amanda# zpool status

NAMESTATE READ WRITE CKSUM
storage ONLINE   0 0 0
  raidz1ONLINE   0 0 0
ad0 ONLINE   0 0 0
ad2 ONLINE   0 0 0
ad4 ONLINE   2 0 0
ad6 ONLINE   0 1 0

...with four drives as such (I'd call them 'resi' or 'home-user' quality:

ad2: 476940MB WDC WD5000AAKS-00A7B0 01.03B01 at ata1-master SATA300

This machine, which runs AMANDA backup archiver, backing up ~8 FreeBSD
servers at about 120Mbps network every night is:

amanda# uname -a
FreeBSD amanda.x 7.0-STABLE FreeBSD 7.0-STABLE #0: Thu Jul 17 15:24:40
UTC 2008 st...@x:/usr/obj/usr/src/sys/GENERIC  i386

I've pushed the machine to 686Mbps network @225kpps, including FBSD SCP
and Windows NetBIOS clients while running iperf on other boxen and was
still able to write/read to the storage.

Instead of this one-liner crap 'don't do it' information to the users of
this list, lets begin explaining *why* its not working, and start
providing coherent solutions as to how the OP can work around the issue,
huh?

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Using HDD's for ZFS: 'desktop' vs 'raid / enterprise' -edition drives?

[Steve Bertrand]

Steve Bertrand wrote:
 dick hoogendijk wrote:
 On Fri, 2 Jan 2009 15:17:30 -0500
 stan st...@panix.com wrote:

 On Fri, Jan 02, 2009 at 05:48:27PM +0100, Wojciech Puchar wrote:
 think twice before doing.
 Could you elaborate please ?
 ZFS still doesn't work as described ...
 Is that comment FreeBSD specifc, or aimed at ZFS in general?
 Mind you, ZFS on FreeBSD is not the same as on OpenSolaris-2008.11,
 Nevada or even Solaris 10. On those platforms ZFS generally does what it
 is supposed to do, other than it's still a developing FS.
 On *BSD related systems that is not always the case. Do a good readup.
 
 I had problems with ZFS about a year ago (or so).
 
 Since then, for me, ZFS has been quite reliable:

I forgot to mention... the Since then should have also included that
at the time of unreliability, I was testing a new NVidia motherboard.

Since then, I've swapped out the board to an Intel hardware platform.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Snow in my Server

[Steve Bertrand]

prad wrote:

 i'm surprised that people actually still live in southern ontario.
 
 despite all the imaginative suggestions, this is obviously an issue that
 should be submitted through the form here:
 http://www.freebsd.org/send-pr.html
 you will note that beastie is using something like a shovel in the pic,
 so you can use this fact to strengthen your case.

Ouch!

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Snow in my Server

[Steve Bertrand]

Roger Olofsson wrote:

 Gary Hartl skrev:
 Help, I'm in southern Ontario and I have 20cm of snow on my freebsd
 7-release server.

 IT seems to be causeing some http outages.

 My FBSD 6-.0 doesn't seem to be affected thou.

 Locate roof in ports and build roof!

Better yet, do what they do just west of me in Toronto... call in the
Army ;)

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: lang/php5 port

[Steve Bertrand]

Tom Worster wrote:
 is there any documentation or a helpful website for how to use ports to
 install php5?
 
 i'm used to compiling it with a pretty long configuration command for all
 the optional bits i need, e.g. --with-dom --with-dom-xslt --enable-dom
 --with-pear --with-gd etc. etc. on and on.
 
 i'm unclear how these options are handled in freebsd ports. is it a matter
 of identifying lots of individual ports, one for each of the configuration
 command options i'd normally use?

From what I can tell (and how I normally do it) is simply put your
familiar command line compile args in the Makefile within the ports tree.

If you follow the flow of the existing Makefile, it should become clear
as to how to add your custom args.

Simply:

# cd /usr/ports/lang/php5
# ee (or if you please 'vi') Makefile
# make install [clean]

...any problems, report back. Ironically, I just did this type of PHP
install today.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: lang/php5 port

[Steve Bertrand]

Brett Davidson wrote:
 
 Tom Worster wrote:
  
 is there any documentation or a helpful website for how to use ports to
 install php5?

 i'm used to compiling it with a pretty long configuration command for
 all
 the optional bits i need, e.g. --with-dom --with-dom-xslt --enable-dom
 --with-pear --with-gd etc. etc. on and on.

 i'm unclear how these options are handled in freebsd ports. is it a
 matter
 of identifying lots of individual ports, one for each of the
 configuration
 command options i'd normally use?
 

   
 Run make config on the php port to see if any configuration options you
 need are mentioned there.
 I normally utlise the php-extensions port - run make config in there for
 options.

One of the reasons I've had to edit Makefile manually was because a
client needed JPEG support.

At the time, `make config' didn't provide that option.

You make a couple of valuable points however. It would be easier if the
OP's demands could be met with your method.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org