Re: lang/php5 port
Brett Davidson wrote: Steve Bertrand wrote: Brett Davidson wrote: Run make config on the php port to see if any configuration options you need are mentioned there. I normally utlise the php-extensions port - run make config in there for options. One of the reasons I've had to edit Makefile manually was because a client needed JPEG support. At the time, `make config' didn't provide that option. You make a couple of valuable points however. It would be easier if the OP's demands could be met with your method. php-extensions supports jpg in the make config options - I use that too. It's a really elegant way of configuring almost every php option we need. Thanks Brett, Even though I wasn't the original poster, I certainly learnt something here. This is a perfect example of how external application support can be provided willingly and thoughtfully through our mailing list, via members who do actually care. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD 7 load hangs on boot
ThinkDifferently wrote: ...some more interesting errors from bootup...My biz partner seemed interested in these (don't know why)... hptrr: HPT RocketRAID controller driver v1.1 (Feb 24 2008 10:34:18) acpi0: 052008 RSDT1050 on motherboard acpi0: [ITHREAD] acpi0: Power Button (fixed) acpi0: reservation of free0, 1000 (3) failed acpi0: reservation of 0, a (3) failed acpi0: reservation of 10, c7f0 (3) failed AFAIK, your RocketRAID should be picked up by the 'twe' driver. If you run a FreeBSD install disk (as opposed to boot-only), are you provided with an install location (via sysinstall) as far as hard disks are concerned? Is this RAID array something that you can afford to risk losing through troubleshooting? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: lang/php5 port
Paul Schmehl wrote: --On December 16, 2008 7:33:31 PM -0600 Steve Bertrand st...@ibctech.ca wrote: One of the reasons I've had to edit Makefile manually was because a client needed JPEG support. At the time, `make config' didn't provide that option. You should *never* need to edit a Makefile in a port. (Well, extremely rarely.) Usually the options are provided. Optionally you can add them on the commandline like this: make -dwith_enable-foo -dwith_disable-bar. These are the questions that I never would ask, as for years, I always installed from source, never ports. If you don't find something you're expecting in a port, and you can't get an answer on this list, email the port maintainer, whose email address will always be in the port's Makefile. I'm glad there are people who still answer 3rd party software questions here. Normally, I'd just hack about until it worked. It's great to know there is such wide-spread support here. Hopefully, new questions will always be asked, and there will always be those dedicated people who are always lying low, reading, ready to provide a response in their field... (seriously) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD 7 load hangs on boot
ThinkDifferently wrote: This system is so spankin' new, there's nothing loaded on it. This RAID array is just something I setup in the BIOS. It's not even been initialized yet...because I can't even load the OS to install anything. Well, still no joy. :-( I have tried booting from Boot-only, Disc1, LiveFS. Additionally, I've tried the default boot, with ACPI disabled, Safe Mode, single user mode, and verbose logging. Every CD and every boot type gives me the exact same errors... at the beginning: ... acpi0: reservation of fee0, 1000 (3) failed acpi0: reservation of 0, a (3) failed acpi0: reservation of 10, c7f0 (3) failed and at the end: ... hptrr: no controller detected. acd0: DVDROM SAMSUNG DVD-ROM SD-616F/F104 at ata0-master UDMA33 acd0: FAILURE READ_BIG MEDIUM ERROR asc=0x11 ascq=0x00 GEOM_LABEL: Label for provider acd0 is iso9660/FreeBSD_xxx (where xxx is the disc I'm using). acd0: FAILURE - READ_BIG MEDIUM ERROR asc=0x11 ascq=0x00 *** HANG *** BTW, the *** HANG *** requires a hard reset. Also, I read some hearsay in other forums that the READ_BIG error could be caused by the write speed when the ISO is burned to CD. So, I tried downgrading the burn speed from 52x to 16x. No joy. It didn't change a thing. Out of pure sheer curiosity, does the machine boot ok with the boot-only if you pull the RAID card out of its slot? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Performance benchmarks pitting FreeBSD against Windows
Odhiambo Washington wrote: No one in their right senses would spend time benchmarking FreeBSD (or any Unix variant) against Windows (oh, which version?). It's a waste of time. Let those who use Windows use it and those who like living in a world where they are allowed to use their brains use Unix. Ahem.. Just for the record, I believe that those who like living in a world where they are allowed to use their brain use whatever OS gets the job done for a particular task or task set. Those who are allowed to use their brain, but don't, will often use a pair of pliers as a hammer, because no matter what, their belief is that the pliers are the best tool...even when it takes 10 times longer to bend those pliers in ways that another tool will work with no changes necessary. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPFW Firewall Question
G magicman wrote: 1. I need help to reconfigure my firewall on the server using BSD's ipfw What part do you need to reconfigure? 2. short of a reboot how do you start stop and restart the firewall Very, very carefully. Until I gained some extensive experience with IPFW, I would wrap the firewall restart within a sleep/undo of some sort. That said, now I use table(s) and set(s), so I can update rules without having to restart the firewall entirely. Below is an example, that also will guide you in answering your next two questions. The man page and Google will explain how to use tables and sets. To answer your question however, depending on where your firewall script is, simply execute it at the command line, like this: # /etc/ipfw.rules Here is what i want : 1. i want all ports open to the ipaddresses in line 4 clearaddresses 2. I want to be able to control access to port 25 sendmail to be able to deny whole A B and C addresses #!/bin/sh flush=/sbin/ipfw -q flush cmd=/sbin/ipfw add table=/sbin/ipfw table $flush # Tables # Client/infrastructure IPs for allowing access $table 1 add 208.70.104.0/21 $table 1 add 64.39.160.0/19 $table 1 add 67.158.64.0/20 #...etc # SMTP ALLOWED OUTBOUND TABLE $table 2 add 208.70.104.202/32 $table 2 add 208.70.104.203/32 $table 2 add 208.70.104.205/32 #...etc # Block all inbound and outbound traffic for certain sites # ...review periodically to see if they are still valid $table 3 add 91.203.4.146/32# phishing # set 3 = specific deny/allow by ids # set 4 = SSH access # set 29 = for counting/testing traffic patterns # set 30 = forwarding # SET 3 # SQL $cmd 2 set 3 deny all from any to any 1433,1434 # NetBIOS $cmd 20100 set 3 allow tcp from 208.70.104.0/24 to 208.70.104.0/24 135,139,445,593 keep-state $cmd 20105 set 3 allow udp from 208.70.104.0/24 to 208.70.104.0/24 135,139,445,593 $cmd 20110 set 3 deny all from any to any 135,139,445,593 # SET 4 $cmd 4 set 4 allow tcp from table(1) to any 22 keep-state $cmd 40005 set 4 deny tcp from any to any 22 # SET 29 #$cmd 59000 set 29 count log logamount 100 tcp from any to any # SET 30 $cmd 6 set 30 fwd 208.70.104.3,53 all from any to 209.167.16.10 53 $cmd 60005 set 30 fwd 208.70.106.59,53 all from any to 209.167.16.30 53 $cmd 64998 deny all from table(3) to any $cmd 64999 deny all from any to table(3) ### end dummy ruleset ...if you want specific rule examples, just let me know. The above does pretty much what you want it to do. I've purposely left it up to you to do some further research. Tweaking a non-forgiving firewall remotely is not something you want to learn the hard way. The benefit of tables is that you can have one rule, but manually add/remove specific addresses or prefixes on the fly without having to reload the rule. With sets, you can disable an entire block of rules, modify it, and reload it without restarting IPFW, therefore destroying your existing established rules. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Server Freezing Solid
Michael Powell wrote: Chris Maness wrote: [snip] For this reason, I'd advise that either you leave the PC unplugged for 10 minutes or so after you've cleaned it to let any residual moisture dry, or purchase an inline water filter. Should always put a drier on a compressor. You'll learn the hard way if you invest in pneumatic tools; you will kill them if you don't. ...but...how can I convince my wife that I need new tools when my existing ones last forever? Steve (just joking of course) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Server Freezing Solid
Ted Mittelstaedt wrote: I atually bought a small portable compressor (designed for running a nailgun, basically) for this purpose. $80 at Harbor Freight for a new one, you can get them cheaper used. The canned air is really expensive, you end up using a half a can on a PC. If you do the compressor, make sure you put a regulator on your blow gun: 80-120 psi of air coming out of a blowgun is capabable of blowing components off the circuit boards along with the dust. The compressor is also very useful for blowing out the air conditioner coils every year, as well as the refrigerator coils on the refrigerator. Doing just this will pay for the compressor in a few years in energy savings. The compressor suggestion is a great idea Ted. I would like to point out that there is usually a considerable amount of moisture that condenses as the air is being compressed into the tank. For this reason, I'd advise that either you leave the PC unplugged for 10 minutes or so after you've cleaned it to let any residual moisture dry, or purchase an inline water filter. The compressor also makes it quite a bit more convenient for topping up your vehicles tire air pressure (you know you don't do this regularly enough ;) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: root | su
en0f wrote: Jos Chrispijn wrote: Is there a way of stopping root from su'ing to another user? what kind of question is this? Obviously one that brings out of the woodwork the type of people with closed and non-inquisitive minds... probably the type of people who think that they have all of life's questions answered :) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: root | su
Jos Chrispijn wrote: Since the person asking didn't give any details of what he wants to do, it's hard to say, but your point is correct regardless. The idea behind my question is this: I am responsible for a server on which an(other) idiot keeps loggin in as user root, allthough he has his own user account and is part of the wheel group. To prevent this nub to change any other user account in God mode, I am searching for a solutions on this. Instead of using the root account, could you make him use sudo, without the ability to su? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Using global environment variables inside a subshell
Hi everyone, I've fudged together a quick disk space monitor that I will run from cron. Running the script works fine from the command line, but when I run it from cron, the environment variable is empty. Can someone point out the err of my ways?: #!/bin/sh /bin/df | \ /usr/bin/awk '{if($5 ~ % $6 !~ proc) {used=$5} else {used=}; \ sub(/%/, , used); \ if(used 95) print $6 is at used% on ENVIRON[HOSTNAME]!}' | \ mail -s Disk usage action required [EMAIL PROTECTED] Cheers! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Iterate through directories and search into files
Steve Bertrand wrote: Hi everyone, I have a list of directories: - a..z and 2003..2008 ...inside of a single directory. Can someone advise what the shortest shell pipeline would be to search for two words (on two separate lines) within all files located only the alpha directories, and then print the filename to STDOUT? ...what I meant to say was that both patterns will be on the SAME line, as a single instance example, I would do: cat a/file.fil | grep -i comment | grep 355 Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Iterate through directories and search into files
Hi everyone, I have a list of directories: - a..z and 2003..2008 ...inside of a single directory. Can someone advise what the shortest shell pipeline would be to search for two words (on two separate lines) within all files located only the alpha directories, and then print the filename to STDOUT? I know this is very efficient, but since I don't need to do this often, it will be easier than maintaining but yet another Perl script. Thanks, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Iterate through directories and search into files
Mel wrote: On Friday 26 September 2008 14:22:27 Steve Bertrand wrote: Steve Bertrand wrote: Hi everyone, I have a list of directories: - a..z and 2003..2008 ...inside of a single directory. Can someone advise what the shortest shell pipeline would be to search for two words (on two separate lines) within all files located only the alpha directories, and then print the filename to STDOUT? ...what I meant to say was that both patterns will be on the SAME line, as a single instance example, I would do: cat a/file.fil | grep -i comment | grep 355 find ./[a-z]* -type f -exec grep -il 'comment.*355' {} + Beautiful, thanks! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Syslogd - Different Files
Laurence Mayer wrote: Hi, Over the last couple of days I have been trying to get syslogd to log messages received from remote hosts to different files. I have read the man pages: http://www.freebsd.org/cgi/man.cgi?query=syslog.confsektion=5manpath=FreeBSD+7.0-RELEASE However it is very confusing what exactly to add to the syslog.conf file. I have tried numerous variations but still no success. Could someone please tell me or send an example of their syslog.conf file showing how this is done. Granted that there is likely more than one way to do it, heres how I do it (in the servers syslogd.conf): local6.*/var/log/lanx.log local7.*/var/log/fortigate.log mail.debug /var/log/barracuda.log ...each log file represents a different remote host delivering the log data. So, on lanx.domain.com, I point the syslog service to the IP of the server, and tell it to use local6 as the facility. I then start syslogd on the server as such: /usr/sbin/syslogd -a 208.70.104.202/32:514 -a 208.70.104.205/32:514 \ -a 208.70.104.1/32:514 -f /etc/syslogd.conf Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Syslogd - Different Files
Laurence Mayer wrote: Ok so you dont use `+host' etc as per the man pages. Can you please send the relevant parts of syslog.conf on a remote server on lanx.domain.com. Do you mean remote server syslog.config: local6.* @208.70.104.202 Looking further into this, I only send one facility to the remote server from the clients. I can't configure it to send multiple facilities from a client to server in a single file. A quick Google apparently tells me that you need syslog-ng in order to do more fancy trickwork like you want to do. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipv6
Da Rock wrote: Excuse me for jumping in on this thread, I'm only just starting to look into IPv6 for myself. My ISP has informed me that it doesn't support IPv6 yet, and won't for some time. I have a DNS server and sites on IPv4, but I'd like to be able to support IPv6- does the fact that my ISP doesn't support it stop me from serving on IPv6? I'd think it does, but some clarity from experts might help... If you only need IPv6 essentially for testing (ie. low bandwidth requirements no SLA), then I can provide you a tunnel into our network, and provide you with as much IPv6 space to play with as you like. You will need a router (Cisco, FreeBSD, Juniper etc) at your edge in order to establish an IPv6IP tunnel to one of my routers. Email me off-list if you are interested in further details. BTW, to answer your question, no... even if your ISP is not IPv6 compliant, that does not stop you from implementing IPv6 on your public servers. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: file recovery
fighter92 wrote: Can anyone help please? Boot the laptop with this: http://www.nu2.nu/pebuilder/ ...and then copy the data you want to either external media, or the network. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ThinkPad 3.0GHz: can anybody verify?
Gary Kline wrote: On Wed, Sep 03, 2008 at 11:00:19PM -0400, Steve Bertrand wrote: Gary Kline wrote: Folks, I'm looking at a 3GHz ThinkPad w/out any OS. It's got at most 512M memory and only 40G drive. The guy I'm going to have upgrade this l'top thinks it will take a 160GB drive easily. Also that the RAM might max out at just 2GB. Any fellow TP-people onlist who know if my friend is right? If you specify the model of the laptop, a quick Google or search on IBM (Lenovo) website will inform you what the maximum upgrade path on hardware is on the box. So if this 3GHz was an X-41 or a T-41, there'll be someplace online with the exact specs? Or is there more to the model designation. I have tried to find some specs on upgrade when I had my 600E. Found nothing. As an example (T-41): http://www-307.ibm.com/pc/support/site.wss/MIGR-58183.html In the past, when dealing with business client purchases, what upgrade paths I could not find on a website or via documentation, I was always able to call up and ask via telephone. GVood point! I'll find what what this guy's quals are. No sense in blowing $400-500 out the window, then going Oh, S**t! This could lead me way into off-topic-ness, so I'm going to leave it alone ;) Cheers, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ThinkPad 3.0GHz: can anybody verify?
Gary Kline wrote: Folks, I'm looking at a 3GHz ThinkPad w/out any OS. It's got at most 512M memory and only 40G drive. The guy I'm going to have upgrade this l'top thinks it will take a 160GB drive easily. Also that the RAM might max out at just 2GB. Any fellow TP-people onlist who know if my friend is right? If you specify the model of the laptop, a quick Google or search on IBM (Lenovo) website will inform you what the maximum upgrade path on hardware is on the box. With the resources the manufacturers put out freely regarding documentation, I say that if you have someone who *thinks* the ThinkPad will take certain hardware, you need to walk away, and pay someone different who knows how to find out _for sure_ what hardware the box can take, and who will be confident in saying and showing why if asked. Once you have a confident hardware tech, then you will be confident/comfortable spending your money there... Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
IPFW: Is keep/check-state inherent?
Hi everyone, I can't recall for certain, but not so long ago, I either read or heard about IPFW having implicit keep-state and check-state. Is it true that I can now omit these keywords in my rulesets? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Spam sent to me from my own mail server ?
Peter Ulrich Kruppa wrote: Hello, for some time now I keep receiving spam mails from my own (small) mail server, some of them with faked usernames some of them even with my own ([EMAIL PROTECTED]). How have you identified that they are actually being delivered by your server itself? It is my experience that this is likely not the case, and it is only your addresses that are being forged. The only way to tell for certain is to review the headers of the message. If you wish, send the email headers (privately if you want), and we can identify whether or not it is in fact your server delivering these messages. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configure lagg0 into /etc/rc.conf file ?
Frank Bonnet wrote: I'm trying to configure the lagg0 device using /etc/rc.conf file but I haven't much luck with it. What I want to do is ifconfig lagg0 create ifconfig lagg0 up laggproto lacp laggport bge0 laggport bge1 What does the following command output?: # uname -a Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Updating a minimal install
Hi all, I have minimal (base) system of 6.2 that I run entirely from thumb drive. It has nothing extra (man pages etc). This system needs to be upgraded to 7.0. Is there an easy way to upgrade this installation so that ONLY the information that is currently installed is upgraded? I don't want anything additional installed during the upgrade. I'm certain that by default a make buildworld/installworld will install too much. Will a binary upgrade 'do the right thing'? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Zebra Installation and config
Farooq Hussain wrote: Can anyone tell me about Zebra router installation # pkg_add -r quagga and configuration http://www.quagga.net/docs/docs-info.php Regards, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sed/awk, instead of Perl
Oliver Fromme wrote: Walt Pawley wrote: I guess getting old, nearly blind and mind numbing close to brain dead is better than the alternative. Try this (sooner or later I've got to get it right)... perl -pe 's/(.*?)\.(.*)\t.*/[EMAIL PROTECTED]/' input_file output_file I think your attempts show very well why Steve wanted to avoid perl. :-) LOL...actually, I use Perl for almost everything, but I don't think I've ever used it on the command line. For things that I need to do on a repeated basis where most of the variables are consistent, or for automation tasks I always use Perl. - tr, sed, awk etc. are part of the FreeBSD base system, while perl is not. This is another reason. I do have a couple of machines that do not have Perl installed on them, so when I need to do a quick change to multiple entries in a file, I'm quite used to using sed/awk. It had just been a while since I've used it to make more than one change per entry (well, since my tcpdump file example). Oliver posted yesterday three examples using sed, awk and tr. The one that I will stick with and will not have any difficulty remembering was this one: # tr '.\t' '_@' | sed 's/@.*/@example.com/' I am the most familiar with that one as I use sed on almost an every day basis. I appreciate all of the feedback. There have been some excellent methods that have been very wide ranging. As the saying goes, TIMTOWTDI ;) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Tailing logs
DAve wrote: I would love to have a way to tail a log, like piping to grep, except I see every line and the lines I would normally grep for are highlighted. That would be cool. Anyone know of a bash command or tool that will do this? Side note, I am tailing sendmail after changes to my outbound queue runners. I want to highlight my sm-mta-out lines but still see all lines. A little late to the party now, but the following Perl script will 'highlight' the lines containing $pattern with a blank line above and below, surrounded by . The lines not matching will be printed normally. Note, File::Tail must be installed: #!/usr/bin/perl # grep.pl use warnings; use strict; use File::Tail; my $pattern = submission; my $log = /var/log/maillog; my $ref=tie *FH,File::Tail,(name=$log, maxinterval=3); while (FH) { if ($_ =~ /$pattern/) { chop ($_); print \n $_ \n\n; } else { print $_; } } pearl# ./grep.pl Aug 22 11:30:45 pearl vpopmail[65893]: vchkpw-submission: (CRAM-MD5) login success [EMAIL PROTECTED]:2607_f118__5 Aug 22 11:31:19 pearl spamd[32860]: spamd: connection from localhost [127.0.0.1] at port 57092 Aug 22 11:31:19 pearl spamd[32860]: spamd: processing message 6e3e383b080822071 [EMAIL PROTECTED] for [EMAIL PROTECTED]:58 Aug 22 11:31:46 pearl vpopmail[66048]: vchkpw-submission: (CRAM-MD5) login success [EMAIL PROTECTED]:2607_f118__5 Aug 22 11:31:56 pearl spamd[95770]: prefork: child states: II ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: xargs
Marcel Grandemange wrote: I need to copy an entire BSD installation except the /mnt directory to /mnt/pc # rsync -arcvv --exclude=/mnt / /mnt/pc Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
sed/awk, instead of Perl
I'm frequently having to modify/convert email addresses from one format/domain to another. Usually, I slap together a quick Perl script to do this for me. I don't do it frequently enough to keep track which one of my scripts does this for me, so I'm continuously re-inventing the wheel. Some of the time, I use sed/awk to do this, but that usually requires a few passes over a few files. To put it plainly, can anyone, if it's possible, provide a single line sed/awk pipeline that can: - read email addresses from a file in the format: user.name TAB domain.tld - convert it to: [EMAIL PROTECTED] - write it back to either a new file, the original file, or to STDOUT Regards, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sed/awk, instead of Perl
Steve Bertrand wrote: To put it plainly, can anyone, if it's possible, provide a single line sed/awk pipeline that can: To answer my own post, I found in some past notes something I drummed up quite a while ago that I can most certainly modify to suit my needs: # Cat the tcpdump output file # confirm that the source IP is NOT the mail server, and print the source IP/port # separate the IP/port entries # eliminate only the port and print IP # clean out the spaces in the IP cat tcpdump.txt | awk '{if ($3 != 192.168.100.204.25) print $3}' | \ awk '{FS = .} {print $1,.,$2,.,$3,.$4}' | sed s/ //g Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sed/awk, instead of Perl
Barry Byrne wrote: Quoting Steve Bertrand [EMAIL PROTECTED]: few passes over a few files. To put it plainly, can anyone, if it's possible, provide a single line sed/awk pipeline that can: - read email addresses from a file in the format: user.name TAB domain.tld - convert it to: [EMAIL PROTECTED] - write it back to either a new file, the original file, or to STDOUT Regards, cat file.txt | ( while read user domain; do echo [EMAIL PROTECTED]; done ) Thanks, but I don't think I was overly clear in my OP. - the domain needs to change from domain.tld to example.com - the user.name needs to be modified to user_name Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sed/awk, instead of Perl
Joseph Olatt wrote: Try the following: cat t.txt | awk -F\t '{split($1, arr, .); printf([EMAIL PROTECTED], arr[ 1], arr[2], $2);}' where t.txt: john.doeexample.com This did the job, the only modification I needed to make was manually replace $2 with the string of the domain I needed it changed to. Fantastic! Thanks everyone for such quick responses! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sed/awk, instead of Perl
Matthias Apitz wrote: El día Thursday, August 21, 2008 a las 05:54:29AM -0700, Joseph Olatt escribió: Try the following: cat t.txt | awk -F\t '{split($1, arr, .); printf([EMAIL PROTECTED], arr[ 1], arr[2], $2);}' where t.txt: john.doeexample.com Despite of the magic awk(1) or while-loops: this is all UUOC Award; http://en.wikipedia.org/wiki/Cat_(Unix)#Useless_use_of_cat Yeah, yeah :) I know that: # grep username /var/log/radius.log ...is much, much better than: # cat /var/log/radius.log | grep username ...but that is just semantics, relative to the intent and purpose of this excercise. Besides, our mail servers don't do enough work, so using cat in the wrong context when modifying tens of thousands of lines in a file is good exercise for my boxes ;) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sed/awk, instead of Perl
Wojciech Puchar wrote: Try the following: cat t.txt | awk -F\t '{split($1, arr, .); printf([EMAIL PROTECTED], arr[ 1], arr[2], $2);}' and third If you have nothing nice to say, or can't contribute or point out more efficient ways of doing things in a polite manner, then 'don't say nothin'. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sed/awk, instead of Perl
Wojciech Puchar wrote: ...but that is just semantics, relative to the intent and purpose of this no. using cat make one more pipe, one more process and is noticably slower Yes it's agreed... I was joking around with Matthias for kind-heartedly pointing out the err of our ways. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sed/awk, instead of Perl
Anton Shterenlikht wrote: On Thu, Aug 21, 2008 at 09:17:43AM -0400, Steve Bertrand wrote: Wojciech Puchar wrote: Try the following: cat t.txt | awk -F\t '{split($1, arr, .); printf([EMAIL PROTECTED], arr[ 1], arr[2], $2);}' a shorter way: sed s/\\./_/g inputfile | awk '{print $1 @example.com}' outputfile Nice! Although Joseph's line works perfectly, your sed method is much more inline with the way I'm used to using things, and I'll remember it easier without having to review notes next time ;) Thanks, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Free Graphical Netflow Analyzer for FreeBSD / Windows
World of Open Source wrote: Dear all, I would like to know seek any advices from all people here about any free tools for analyzing netflow data which can generate nice management report (chart, graph) like SolarWinds/any commercial products, that can be run either or Windows or FreeBSD (prefer). cflowd flowscan http://www.canarie.ca/canet4/monitoring/cflowd.html Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Best SMTP Gateway Program and Reporting Tools
Robby Balona wrote: I love qmail also.. but didn't do well under heavy smtp load in my environment. I put qmail +vpopmail + qmailadmin +clamav+dovecot+spamassasin + assap +squirrelmail together. I use Qmail on almost all of our SMTP servers. On the ones that only house a couple hundred email addresses, your setup works flawlessly in our environment. On the boxes with 10k+ email accounts, I do away with all of the filtering stuff, and front-end the Qmail/Vpopmail boxes with third party appliances. From what I can tell, it's the filtering processes that are the bottleneck under heavy load. Take them out of the equation and load is no longer an issue. Just my .02. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IP alias/routing question
David Allen wrote: On Fri, Jul 25, 2008 at 10:12 AM, Matthew Seaman [EMAIL PROTECTED] wrote: Chris Pratt wrote: Carefully not answering the 'why do these packets come from the wrong address' question, Deliberately addressing the question of 'why do these packets come from the wrong address' question which Mr. Seaman avoided ...heh, heh heh. Good job with the wording guys. I smiled brightly when I went through this ;) Since I've replied but clipped out any further context, I'll add a bit... I agree with David in that this is purely a routing issue. What (IMHO) it comes down to is 'source address selection'. I've been more focused in this scope within IPv6, but it is apparently a problem as well with IPv4, in a different manner. Perhaps this will become more of an issue as more people get used to the understanding that having multiple addresses per interface is the design goal, not an alias workaround. At one point I was advised that there is the ability to use multiple route tables within -current. If the box is being designed for only one application, could you try the new implementation of routing as opposed to making the application fit? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: connecting to a secured Windows 2003 terminal server
Wojciech Puchar wrote: doubt, since even after googling for nearly five days I couldn't find any solution. Recently my company has updated their server to Windows 2003. The earlier 2000 server didn't have SSL enabled, so rdp/rdesktop worked for me without any problem. But now, as I try to connect to the server, it simply gives me ERROR: recv: Connection reset by peer why such questions are on FreeBSD list ? rdp/rdesktop is not FreeBSD specific at all, and FreeBSD is not Windows. search the rdesktop mailing list etc. and ask there! Did you even consider the possibility that the OP is connecting to a terminal/rdp server from a FreeBSD workstation? I know I've done it numerous times in the past. I think that if this is the case, its very FreeBSD related. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: connecting to a secured Windows 2003 terminal server
Paul Schmehl wrote: --On July 22, 2008 9:17:45 PM -0400 Simon Chang [EMAIL PROTECTED] wrote: Recently my company has updated their server to Windows 2003. The earlier 2000 server didn't have SSL enabled, so rdp/rdesktop worked for me without any problem. But now, as I try to connect to the server, it simply gives me ERROR: recv: Connection reset by peer Did you make sure that the server has remote administration enabled? I believe that, by default, Win2k3 Servers have RDP disabled. Check with your admins about that. Umm..it's a terminal server ...ummm, in Windows-land, Terminal Services == rdp (port 3389 TCP). To the OP: If NMap is installed on the FBSD box, try: # nmap -sS -P0 -p 3389 ip_of_rdp_box ..if the port appears open, try: # telnet ip_of_rdp_box 3389 ...and see what you get. If you see nothing, refer to the logs of the 2k3 server (Event Viewer I believe it is called). Failing that, see if there is a 'feature' to drop back to non-SSL mode for RDP for the time being, to at least get the FBSD boxen to 'see' the service. Troubleshooting can commence from there. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: connecting to a secured Windows 2003 terminal server
Paul Schmehl wrote: Umm..no. In Windows-land, Terminal Services == rdp (port 3389 TCP) but a terminal *server* is used specifically to allow mutliple (as in more than the default limit of two) concurrent sessions and requires the purchase of additional licenses. Now, *maybe* the OP really meant terminal *services* but he wrote secured Windows 2003 terminal *server*, and that is a different animal altogether. Ok, fair enough. I was hasty in reading the OP's original post. Failing that, see if there is a 'feature' to drop back to non-SSL mode for RDP for the time being, to at least get the FBSD boxen to 'see' the service. Troubleshooting can commence from there. If you like sending your credentials across the internet in clear text, be my guest. I wouldn't suggest to the OP that he ask his enterprise to expose themselves to that level of risk. I'll rephrase... if there is the possibility to adding a temporary, non-privileged user to the enterprise network that you are currently testing that only has specific rights to authenticate via Terminal Server and no rights otherwise whatsoever, then I would try that. Commencing the test, I would immediately remove the user account. Otherwise, I would configure a separate Windows 2k3 box, exactly the same as the one that was upgraded, and test the scenario in a closed, less-sensitive environment. The logs should provide guidance to the cause of the problem. I'm more familiar with FreeBSD, so I would start there. However, perhaps the Windows logging system has something to offer. I would still try nmap and telnet, and the other tests. Especially given the fact that OP never specified that he would be sending credentials over a public network at all. Besides... in the original post, it was clarified that the old server did NOT have any encryption whatsoever. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: connecting to a secured Windows 2003 terminal server
Paul Schmehl wrote: To the OP - here's what I get when testing from a FreeBSD box to one of our servers: [EMAIL PROTECTED] telnet hostname.utdallas.edu 3389 Connection closed by foreign host. Does your server have SSL enabled? The OP stated that prior to upgrade, the box did NOT have SSL enabled. The access denied message you cited appears to be a firewall or acl issue that prevents the server from accepting connections from your FreeBSD box. Perhaps from a Service Pack whereas Microsoft could have enabled it's inbound 'firewall', thinking it was appropriate. # nmap -sS -P0 -p 3389 ip_of_rdp_server Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Calculating disk space with ZFS
Hi all, I'm configuring Amanda over ZFS, with plans for a five 'tape' diskless cycle. When I'm calculating the size of each 'tape', should I divide up my dedicated backup space based on a 'df -h', or a 'zpool list'? Assume that if I go by the 'zpool list' command, I'd like to allocate 1.8TB, divided by five to tapes. Should I use this number, or would it be more appropriate to slice up the space based on the 'df -h' below? I'm assuming the latter, but I'd just like to ask for clarification. amanda# zpool list NAMESIZEUSED AVAILCAP HEALTH ALTROOT storage1.82T 2.86G 1.82T 0% ONLINE - amanda# df -h FilesystemSizeUsed Avail Capacity Mounted on storage 1.3T2.1G1.3T 0%/ devfs 1.0K1.0K 0B 100%/dev Regards, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPv6 Auto Discovery
Doug Hardie wrote: Mac OS-X does a form of auto discovery on IPv6 where the machines on a local network add the machine name to the ndp table when they see activity from that machine. ...FreeBSD does this as well (Neighbor Discovery). pearl# ndp -a NeighborLinklayer Address Netif ExpireS Flags lanx.eagle.ca 0:b:46:3e:f3:41 fxp0 23h59m41s S R vandetta.ibctech.ca 0:f:b5:80:58:77 fxp0 15s R v6.ibctech.ca 0:e:c:6c:e9:62 fxp0 permanent R v6.ibctech.ca 0:e:c:6c:e9:62 fxp0 permanent R ...etc, etc. If you don't have DNS configured, or you do not have reverse DNS entries for the host IPs you are talking to, then only the IP will be listed above. So far I only have a rudimentary IPv6 configuration on FreeBSD 7 running and it only sees the IP address, and then only after I ping the other end. What you see above is normal functionality of the IPv6 Neighbor Discovery Protocol (RFC-4861). The 'neighbor cache' only gets populated with entries when IP communication takes place, or you receive/accept a router advertisement with a list of prefixes (ndp -p). The fact that names are not appearing is due to (mis|non) configuration of DNS either for the resolver on the box itself, or reverse DNS missing for the LAN IPs as stated above. To add a DNS server in FreeBSD, simply: # echo nameserver ip.of.name.server /etc/resolv.conf I couldn't find anything in /etc/defaults that seems to address auto discovery. Is this something I have missed or what? Perhaps you are referring to 'Auto Configuration' (RFC-4862)? Neighbor Discovery and Auto Configuration perform different tasks, but the former is required by the latter. Can you describe exactly what you want to achieve? Is it only the name resolution problem you described above? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Disk configuration recommendations
Hi everyone, We've just built a new network storage box that will replace an existing unit. The device is purely for storing a hot backup of server images. The motherboard has four SATA ports, which I have connected to four 500GB SATA drives. I had full intentions on using either GEOM or ZFS (I'm just reading up on the latter now) to span the drives together (I don't care about redundancy on this unit). I did not realize until yesterday that the motherboard my colleague went with has onboard RAID. What I'm looking for are opinions on a solution to make this box as resilient as possible for the long term (eg: if the motherboard dies, it would be nice to drop the disks into another box). Do you have any recommendations on how I should proceed? Hardware RAID, ZFS or GEOM? Some info that may help guide recommendations: - 4GB of memory - dual core 2.2Ghz - I have no problem having /boot on a USB key - preferably /backup to be ~1.6TB - like to have a small piece of the disk encrypted (directory or partition) - would be nice to be able to easily (ie: dynamically) add storage capacity without wiping existing data - three GigE NICs, so would like to pursue the possibility of perhaps using disk space of other nodes (or at least mounting it remotely) - would consider a RAID 5 setup if a recommendation meets other (non-listed) design objectives Thanks all! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Can't connect to local MySQL server through socket '/tmp/mysql.sock
Òàðàñ wrote: Hi! I need two MySQL servers run simultaneously. But when I try to run server I have ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2) Does this happen when you try to start the first instance, or starting the second instance when you already have one started. If the latter is the case, you are going to have to tell the second instance to use a different socket file. # touch /tmp/mysql.sock2 # chmod mysql_user:mysql_group /tmp/mysql.sock2 and then, I believe if you add this to your /etc/my.cnf file: [mysqld] socket=/tmp/mysql.sock2 This should start at least one of your instances on the new socket, leaving the other one alone. Note: I have not tested the above, its off the top of my head. Be worth Googling for verification. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Can't connect to local MySQL server through socket '/tmp/mysql.sock
Steve Bertrand wrote: Òàðàñ wrote: Hi! I need two MySQL servers run simultaneously. But when I try to run server I have and then, I believe if you add this to your /etc/my.cnf file: [mysqld] socket=/tmp/mysql.sock2 ...after thinking about it, this would likely cause both daemons to use the new socket file. Perhaps a better approach would be to start mysqld with the --socket=/tmp/mysql.sock2 argument, leaving /etc/my.cnf as is. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Disk configuration recommendations
Steve Bertrand wrote: Hi everyone, Do you have any recommendations on how I should proceed? Hardware RAID, ZFS or GEOM? To answer my own post... After a day of research, I decided upon ZFS. I configured a raidz pool using all four entire disks. I've put /boot on a USB thumb stick which I boot from, which allows me to mount / and the rest of the system directly from the ZFS pool. This prevents me from having to have a UFS slice on one of the disks, or install another hard drive just to run the system from. The idea was essentially copied from how I run my GELI systems. Boot from USB stick that contains the encryption key. Once the system is booted, I take the USB stick with me, which prevents access to the data if the machine is shut down. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring an older server for speed...
Matthew Seaman wrote: should we use 7 or think about going with 6.3? I'd go with 7.x every time. It wipes the floor with 6.3 performance-wise and it is just as stable and bug-free as you'ld expect from FreeBSD. You've seen it works for you: there's no conceivable reason to downgrade. I agree with Matthew here. We have a few production 7 boxes now, some being re-deployed completely from 4.x, and a couple that have come from 6.x. Although I don't have any documentation to show a performance increase, it certainly hasn't gotten worse. (I went to 7 for testing for particular reasons very early on). Any issues I've run into with 7 are just as prevalent in 6, so my vote would be to follow the 7 train. (Note: the only issues that I have *personally* run into so far are related to the 're' driver, which is out of context here). IMHO, more eyes are on the 7 track, so if you have the choice to build a new box, why 'downgrade' right off the bat (its not my intention to knock 6.x BTW)? Eventually you will be forced to jump a major revision which in some cases given user applications can be a bit of a headache. Stick with what is here and now, and leave 6.x as your upgrade path for your current 6.x boxen until you can get those boxes upgraded too. BTW, to the OP I would suspect that your initial delay that causes the 'Internet to be slow' is related to DNS somehow. Hit a webserver by its IP and see if the problem goes away. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OpenNTPd howto?
B. Cook wrote: Hello All, Hey, [EMAIL PROTECTED] [/usr/local/etc]# 32 ntpdate -b clock.nyc.he.net 1 Jul 12:49:57 ntpdate[70917]: step time server 209.51.161.238 offset 358.732506 sec Why when it was running did it not update the clock on the server? My first guess, which is only a guess, is that your secure level is too high for this to work. If your securelevel is set above zero, then your clock can only be adjusted by a maximum of one second (please correct me if this has changed since 4.x). Check the output of: sysctl -a kern.securelevel Strange thing two: From a different computer I can not get the time from the server running openntpd. # ntpdate -b 10.20.0.16 1 Jul 12:50:23 ntpdate[679]: no server suitable for synchronization found Have you confirmed that a clock server runs on that IP? Is the IP reachable? If securelevel still has its place with affecting time changes, I'd try 'breaking' that to see if the time will actually update. Note that securelevel must be changed via a startup variable of some sort, and a reboot is required. Then I would proceed to ensure that 10.20.0.16 is actually running a timeserver that the network can reach. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Searching for development project [was: Hello]
Vince Hoffman wrote: Chance Hoggan wrote: Even if you do not have any projects if you could give me some tasks that would equally be great. I believe http://www.freebsd.org/projects/ideas/ is a good place to start. Also try asking on the -current or -hackers mailing lists. I've noticed that if you find something that seems interesting and start work on it then ask specific questions you are more likely to get useful replies than if you ask more general questions. That said i'm not a developer so don't feel you need to pay too much attention to my suggestions as they are purely based on observation not instruction/experience :) Might I also kindly suggest that you take a look at the following link, courtesy of Greg Lehey, in order for you to make the best of your endeavors?: http://www.freebsd.org/doc/en/articles/freebsd-questions/ Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Wipe a drive clean
Andrew Falanga wrote: Hi, I'm having no luck finding hits for wipe drive or zero drive in the mail list archives and I can't believe I'm the first to ask this question but here it is anyway. How can I simply write 0's across a USB thumb drive? I'd rather not install a port, if I can avoid it. I was thinking that something like dd would work, but everything I've tried thus far is not working. What suggestions does everyone have? Will... dd if=/dev/zero of=/dev/disk ...work? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Installation error. Command returned status 36
Jerry McAllister wrote: On Tue, Jun 24, 2008 at 01:55:51AM +0300, Viacheslav Chumushuk wrote: And at the start of installation process I have warning about wrong disk geometry. Probably your best bet is to ignore the geometry stuff and just let it do its own thing. Do not try to set the geometry. In reality, geometry is generally 'virtual' nowdays. I concur with Roland and Jerry about ignoring the geometry warning. I've been doing so for as long as I can remember and I've never had an issue. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /var full
Paul Schmehl wrote: --On June 18, 2008 11:59:49 PM -0400 Sahil Tandon [EMAIL PROTECTED] wrote: Also, what is the output of 'df -i /var'? # df -i /var/ Filesystem 1K-blocksUsed Avail Capacity iusedifree %iused Mounted on /dev/da1s1d 283737842 5397568 255641248 2% 20350 366736640% /var See recent thread on FreeBSD Forums for context: http://www.freebsdforums.org/forums/printthread.php?t=58071 Thanks. At least I know I'm not the only one to have run into this oddity. I'm not that knowledgeable of inodes. My understanding is they are destroyed once a file is no longer in use. Is that correct? Is there any sort of history kept of file system activity that would identify what filename was identified by the inumbers listed in dmesg.today? Or is that vain hope? This is a 6.2 RELEASE system. (Looks like it's time to upgrade to 7.0 STABLE.) I am not in any which way certain changing major revision numbers will affect the file system in any which way. I am also not very knowledgeable in regards to inodes, but I do know that they can run out before disk space does. From what I understand, 1MB of filespace will take up X inodes. If 1MB of file size is fragmented, it could take up X multiplied by N number of inodes, that could include a large portion of wasted whitespace. Please correct me if I am wrong. Off the top of my head, with no testing or researching behind me, what happens if: - stop mysqld - note perms of filesystem - cp -R /var/db /another/location/with/space - rm -r /var/db/* - fsck /dev/location-of-var - cp -R /copy/of/db/dir /var/db - reset perms - start mysqld ... does that free up some inodes? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /var full
Steve Bertrand writes: I am not in any which way certain changing major revision numbers will affect the file system in any which way. I am also not very knowledgeable in regards to inodes, but I do know that they can run out before disk space does. It is my understanding that is certainly possible. However, it is usually limited to a small set of well-known cases of that generate many small files; the canonical example is a news server (e.g. inn) though a mail server (or the database back-end thereto) might also qualify. Off the top of my head, with no testing or researching behind me, what happens if: - stop mysqld - note perms of filesystem - cp -R /var/db /another/location/with/space - rm -r /var/db/* - fsck /dev/location-of-var Ahem - dismount partition before fsck, yes? Well, of course as you please ;) Thanks for pointing out my mis-step. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Fixing a RAID
Ryan Coleman wrote: Is there a way to figure out what order drives were supposed to go in for a RAID 5? Using a hex tool? Do you mean that you physically unplugged them, and they were not labeled? What kind of disk controller is it? Technically, AFAIK, the order should not matter. The stripe on the disk should know what is where and simply run with it. In practice however... I have time to figure all this out. What happens when you try it? Is FreeBSD in use in any form or fashion at all on these drives, or is this a generalized hardware question? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Fixing a RAID
Ryan Coleman wrote: Ryan Coleman wrote: Is there a way to figure out what order drives were supposed to go in for a RAID 5? Using a hex tool? Do you mean that you physically unplugged them, and they were not labeled? What kind of disk controller is it? It's a HighPoint pATA controller, one drive went kaput so I replaced it with another 250G drive and went to rebuild and it wouldn't go. The drive itself wasn't actually dead, I did some running tests on it and it spun up OK in an enclosure and then in another machine. So I tried to put the drive back on the array and it doesn't believe in having data anymore. Ok. The errors you were witnessing after attempting to re-insert it into the controller, were they generated at BIOS level within the controller bootup, or in FreeBSD. I'm completely assuming that your running OS was ON these disks, so the former is true. This is a 4x250G R5 (so ~750G logical) that does have data on it that I would very much like to recover somehow. I know this is very likely a fruitless endeavor, ah, ah ah, never say never, ever. I just need to try. OnTrack and other recovery places are just too expensive for this. Recover from backup ;) I'm kidding. It's too late for that, isn't it. read on... I can dig up the old logs (I think) from when she was firing errors two weeks ago. Yes. Post the logs. If they are extensive, perhaps you could email them off-list, with a notice to the list that you have them in the event others would like to review them as well. The drive was formatted UFS2 as one large logical drive in sysinstall. ..so if I understand correctly, you had a RAID-5 with three operational physical disks, and one hot spare? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Fixing a RAID
Ryan Coleman wrote: Ryan Coleman wrote: Oh, I completely forgot to ask... Does the RAID still operate even though one disk is bad? After all, that is the purpose of RAID-5. stripe, with parity. One fails, the other two (or N) keep right on going... Or, is it a RAID-5 card that you put into operation as a RAID-0 span? If the latter is the case, good luck ;) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Fixing a RAID
Ryan Coleman wrote: Ryan Coleman wrote: and my tech said that's a bad sign, you're toast and left me hanging. Knowing you spanned the drives without parity or backup, there is no need for me to review the errors. I agree with your tech. Unless there is a miracle (or you outsource the entire array to a recovery location), good luck. Sorry I couldn't be more help. FYI...when you span drives, your single point of failure is an exponential factor of how many drives you are spanning. I have done low level disk data recovery before, but describing it is beyond what I can do via email. Even still, said disk recovery still relied on the ability for the heads to read off the platter. If I were you, I'd consider your backup strategy now for that 7TB array you are building. Thats a lot of data. You need to be able to go back more than one day. If nobody else has a suggestion to retrieve the info, you will send it away. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Fixing a RAID
Ryan Coleman wrote: Ryan Coleman wrote: Ryan Coleman wrote: Oh, I completely forgot to ask... Does the RAID still operate even though one disk is bad? After all, that is the purpose of RAID-5. stripe, with parity. One fails, the other two (or N) keep right on going... Or, is it a RAID-5 card that you put into operation as a RAID-0 span? If the latter is the case, good luck ;) No, I'm not that stupid. :) My old job, we had the big LaCie drives and one of the 4 250Gs in it would fail and they were f*ed. I went to replace the drive right away so I wouldn't be in that situation. When I went to rebuild in the BIOS it failed at 2%, no matter what 250G drive I put in to fill the spot. Hrm... I didn't implicitly attempt to call you stupid. I was asking a question, and laying out info for others that may not know as they follow the thread... Besides...if you are seriously considering a 7TB storage facility, then you already know that building a proper RAID solution should include controllers that are hot-swappable, and will rebuild the array either as soon as you pop a new drive in, or with a hot-spare, without having to reboot and waste three hours rebuilding via a BIOS software. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [freebsd-questions] Re: Fixing a RAID
Tuc at T-B-O-H.NET wrote: Ryan Coleman wrote: Ryan Coleman wrote: Oh, I completely forgot to ask... Does the RAID still operate even though one disk is bad? A year later, and I finally decided to buy a few more disks off ebay to see if my final theory is right. I win (hopefully) the auction in 5 days... If the cage really is bad, I previously sourced a new case/cage, and decided even though its a 4G Dual Xenon system I probably could get a new system cheaper thats faster. I would be extremely interested to know if your diligence in testing your theory pays off in this case. Please post your results ;) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Replacing tape changer with USB disk drives.
Wojciech Puchar wrote: Do the tapes get taken off-site, or do they sit in the same location that the servers will burn when a fire breaks out? probably sits on place, if not he wouldn't need tape changer, but would change manually :) ...not always. A tape changer in some cases is the difference between someone getting off of their a**, and not. Once the network backup is complete, cycle this complete backup to tape which can be taken off site for longer term storage (after the network backup to 'hot' storage is done, the tape backup time becomes irrelevant). today tapes are so expensive (not just drives, but tapes) that it's better to just have many disks and swap them. Expensive is in the eye of the beholder. I have DDS-1 tapes, in the drawer above my head that are from pre-2001 that I can still pull data from. As a matter of fact, I've never (knock on wood) experienced a bad tape (numerous types). In that meantime, I've electro-magnetized dozens of platter-based hard disk drives that just went 'bad' (and subsequently recovered/restored servers from live, and tape-based backup for). I personally don't think that swapping hard-disks (one, or many per day) is a viable, feasible or cost effective approach as a backup solution for long-term data storage, especially if you prefer to be able to recover the data. Here: - network to live storage (hourly perhaps) - live storage to tape - daily - weekly - monthly - yearly ...cycle them in that manner. No matter what anyone says, experience states that I will bet on my monthly and yearly tapes as opposed to hard disk every time when the CFO is under pressure to get that directory that was 'overlooked' at last fiscal tax time. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Replacing tape changer with USB disk drives.
Steve Bertrand wrote: Wojciech Puchar wrote: - monthly - yearly ...cycle them in that manner. No matter what anyone says, experience states that I will bet on my monthly and yearly tapes as opposed to hard disk every time when the CFO is under pressure to get that directory that was 'overlooked' at last fiscal tax time. I've just realized that after being awake for far too long, some people may be reconsidering their use of tapes and replacing them with hard disks now ;) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Replacing tape changer with USB disk drives.
Christopher Sean Hilton wrote: I run FreeBSD 7.0-STABLE on a file server and until recently used a Tape Changer for backups. I'm considering my options for a new backup solution. I'm actually thinking of ditching tape and using an externally attached USB or Firewire disk drive. Do the tapes get taken off-site, or do they sit in the same location that the servers will burn when a fire breaks out? My experimentation isn't giving me good feelings about doing this with FreeBSD. To start this off I installed an Adaptec USB 2.0 interface into my server. In the time that I've been working with it I notice that it periodically bogs down and that it has the potential to panic the kernel and cause a reboot. I recognize that this could be: The USB card that I'm using. The chipset in the USB enclosure that I'm testing with. Has anyone gone this route? If so what was your experience? Yes, I use external USB 2.0 external disks for backup for workstations that are encrypted with either GELI or TrueCrypt on the fly. The problem with USB hard disks is that they A) are prone to failure very quickly (as has been pointed out); and B) they never get taken off-site on a routine basis as they should. My recommendation (FWIW) would be to build/buy/acquire a network storage device with a 1000Mbps Ethernet interface that you back up your entire network to. Depending on the size of your network, it may be advisable to pop an extra NIC (gigE) in every box that requires a backup and create yourself a private backup subnet, as to not disturb the production network. Once the network backup is complete, cycle this complete backup to tape which can be taken off site for longer term storage (after the network backup to 'hot' storage is done, the tape backup time becomes irrelevant). This setup provides an always-on, live-as-of-yesterday recovery mechanism without having to load tape. Also, depending on the amount of data that requires backup, and the throughput capacity/cost of your Internet link(s), it is always a benefit to do an rsync (or equivalent) copy to a remote location, in order to best accommodate a 'hot spare' location (ie, users migrate to remote temporary location, and have to change as little as possible). USB disks are as useful as the people that you put in charge of taking them off-site, multiplied by the number of drives you cycle, divided by the life expectancy of the disks (and/or the people taking them offsite ;) One more thing...a good backup is not measured in how far back the backup goes...a good backup is measured in the amount of time it takes to recover from it Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Tried to symlink /etc to another disk, now stuck
Glenn Gillis wrote: Now, I cannot log in as a privileged user to copy or move /new/etc back to /etc. (Because the password files were also in /etc.) I've tried booting into Single User mode with boot -s at the boot prompt, only to receive a mountroot prompt wanting to know where to find the root filesystem. What type of disk(s) do you have in the box? I can't remember the exact syntax of the mountroot prompt, but I'll break one of my machines here to 'remind' myself if you know what driver you use for your root partition. ad (IDE) ar (RAID) da (SCSI) ...etc. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPv6 jails for FreeBSD (6.* preferably)
Daniel Gerzo wrote: Tuesday, June 3, 2008, 8:27:56 PM, you wrote: does patch exist for it? http://sources.zabbadoz.net/freebsd/jail.html Trying to apply the aforementioned patches, I ran into this during buildkernel. I'll remove src, re csup and rebuild and try again. If there is a more appropriate list for this, please let me know... build# uname -a FreeBSD build.ibctech.ca 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Fri Feb 29 11:53:16 EST 2008 root@:/usr/obj/usr/src/sys/GENERIC i386 /usr/src/sys/kern/kern_jail.c: In function 'jail': /usr/src/sys/kern/kern_jail.c:174: error: 'ip4' undeclared (first use in this function) /usr/src/sys/kern/kern_jail.c:174: error: (Each undeclared identifier is reported only once /usr/src/sys/kern/kern_jail.c:174: error: for each function it appears in.) /usr/src/sys/kern/kern_jail.c:179: error: 'ip6' undeclared (first use in this function) cc1: warnings being treated as errors /usr/src/sys/kern/kern_jail.c:227: warning: label 'e_free_ip' defined but not used *** Error code 1 Stop in /usr/obj/usr/src/sys/GENERIC. *** Error code 1 Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Tried to symlink /etc to another disk, now stuck
Dan Nelson wrote: To make a long story shorter, is there any hope for getting a privileged user account on this machine to move /etc back to where it should be? It may be easiest to boot a live CD (FreeSBIE, or a FreeBSD-7 install disc 1 should work), mount both of your hard drives from it, and put /etc back where it belongs that way. This is a very good point, but in this case, if its only /etc that has been relocated, the system is at mountroot because fstab can't be found. If the disk type is known, it is as simple as typing the appropriate location of the root fs at that prompt and the system will come up. Under single user, the OP would have full access to everything to revert the changes (perhaps other disk areas with binaries may have to be mounted manually as well)... I'm off to try it. I've got a system here with a da device. I'll fsck up /etc/fstab, reboot, and report back with the appropriate mountroot prompt entry... Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Tried to symlink /etc to another disk, now stuck
Steve Bertrand wrote: Dan Nelson wrote: I'm off to try it. I've got a system here with a da device. I'll fsck up /etc/fstab, reboot, and report back with the appropriate mountroot prompt entry... # cat /etc/fstab # DeviceMountpoint FStype Options Dump Pass# /dev/da0a / ufs rw,noatime 1 1 md /tmpmfs rw,-s32M,nosuid,noatime 0 0 (..snip..) ..change /etc/fstab to mount root to /dev/ad15a, reboot: mountroot # mountrootufs:/dev/da0a {ENTER} ...machine boots up. To the OP...if you know what your disk type is, you CAN get it to continue to mount root at the mountroot prompt. Furthering that, you can also fsck and mount your other disk mountpoints in order to gain access to your editing binaries. There is no need to use an external resource to boot the machine from if you are already aware that the only thing that got fsck'd up is the mountpoints in the fstab (or, like in this case, the file was unavailable entirely). The disk structure is still the same, and the system can see this with manual intervention. OP: at the mountroot prompt, try this: ufs:/dev/ad0s1a and see if you get anywhere. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Tried to symlink /etc to another disk, now stuck
To the OP...if you know what your disk type is, you CAN get it to continue to mount root at the mountroot prompt. Furthering that, you can also fsck and mount your other disk mountpoints in order to gain access to your editing binaries. I'm sorry to reply to my own posts, but I'd like to point out that this exact scenario is a very good reason as to why I make either a digital or printout copy of my /etc/fstab file of every machine I run. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPv6 jails for FreeBSD (6.* preferably)
Wojciech Puchar wrote: exist in FreeBSD 6.*, everything else patched we will see after compiling. Did it work? Did it work? Did it work? (Or is the absence of a giant WOOOHOOO! the indicator that it didn't work at all?) unfortunately not with 6.*, i was unable to complete patching by hand. but it works in 7.* WOH!!! ;) (running off to try it) This is a HUGE step in aiding with implementing/debugging software that needs to be patched for IPv6 conformance (for me anyway). Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OT: lots of IPv6 DNS requests
Wojciech Puchar wrote: i'm getting lots of things like this in logs: Jun 10 17:13:50 wojtek named[909]: client 2610:130:101:100:214:22ff:fe12:241#60282: query (cache) 'wojtek.tensor.gdynia.pl/MX/IN' denied Post: # ifconfig -a # netstat -na | grep 53 Looks like named may be listening publicly on IPv6, but then refusing the requests. Is dns.tensor.gdynia.pl the same box as wojtek.tensor.gdynia.pl? Did you make any addressing changes around the time you started noticing this? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OT: lots of IPv6 DNS requests
Wojciech Puchar wrote: dns.tensor.gdynia.pl. 10800 IN 2001:4070:101::1 or dns2.tensor.gdynia.pl. 10732 IN 2001:4070:101:1::2 no it is not! that's why i'm asking. Oh, for heaven's sake. We all know you like to shoot off your mouth. Now go back to my mail and read it ALL THE WAY THROUGH BEFORE YOU ANSWER AGAIN. Jeez. so maybe you should explain clearer because i do read what you write. my computer isn't 2001:4070:101::1 nor 2001:4070:101:1::2 Do a netstat -na | grep 53. This will help. Something is wrong with your setup if you are seeing undesirable results. A couple of questions... are you using ONLY /64 prefixes? Whether they do or not, do: 2001:4070:101:1:: and 2001:4070:101:2:: ...share a common physical local link? What flags of Neighbor Discovery are enabled on the devices on this link, and what on-link prefixes do you see (ndp -i interface, ndp -p)? This: Jun 10 17:13:50 wojtek named[909]: client 2610:130:101:100:214:22ff:fe12:241#60282: query (cache) 'wojtek.tensor.gdynia.pl/MX/IN' denied ...is someone within the 'Iowa Communications Network' trying to find an MX for what appears to be your workstation/mail server, by targeting your workstation directly for the DNS lookup. I don't have time to go research it myself right now, but do you use a registrar that provides IPv6 glue? What does your zone file state for NS servers? Do you have a rogue NS server on your network that was for development that got left on, and could be supplying incorrect results? It is very difficult to identify where this is broken if you don't respond with suggested output. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OT: lots of IPv6 DNS requests
Jon Radel wrote: dns3.tensor.gdynia.pl. 28800 IN 2001:4070:101:2::1 Sorry Jon, I completely missed that the first time through ;) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OT: lots of IPv6 DNS requests
Wojciech Puchar wrote: no it is not! that's why i'm asking. Oh, for heaven's sake. We all know you like to shoot off your mouth. Now go back to my mail and read it ALL THE WAY THROUGH BEFORE YOU ANSWER AGAIN. Jeez. so maybe you should explain clearer because i do read what you write. In summary, what he means is this: You have a (perhaps legacy) DNS server running as dns3.tensor.gdynia.pl (RRs snipped for brevity): pearl# dig dns3.tensor.gdynia.pl dns3.tensor.gdynia.pl. 21682 IN 2001:4070:101:2::1 ...which appears to be the same IP address as your workstation. pearl# dig wojtek.tensor.gdynia.pl wojtek.tensor.gdynia.pl. 4732 IN 2001:4070:101:2::1 ...however, any attempt to gather information from dns3. simply fails, due to your administrative policy (named not allowing outside networks). I'm willing to bet that you will see attempts from 2607:f118::b6 (or ::b7) in your workstation logs as rejected for lookups. I don't see any reference to dns3. in the WHOIS, so perhaps it has been removed recently. Any provider who still has this dns3 server listed as a possible authoritative name server may round-robin to it and produce the logs on your workstation you are witnessing. It is very possible that this server is still listed as a NS for the domain and I just didn't look hard enough for it. FYI (IMHO), this type of question would be better suited for [EMAIL PROTECTED] You would likely have far more eyes on your question over there by people who focus primarily on this sort of thing. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: wireless help
ifconfig This looks ok. Mind you, I'm not all that up on wireless, so I don't know if that could be part of your issue. arp ? (192.168.1.3) at (incomplete) on ath0 [ethernet] ? (192.168.1.254) at (incomplete) on ath0 [ethernet] This is generally telling you that you have recently attempted to communicate to the IP's, and address resolution is in progress (and in your case, most likely will timeout). The rest of your message is irrelevant at this point, since you can't even resolve the layer 2 addresses on the local link. I'd have to say at this point that either there is a problem with the wireless config on the FreeBSD machine, or there is a firewall on the machine blocking your traffic. Does the linksys show you as connected? If you enable DHCP on the linksys, does it register a client lease for the box? If you cable yourself directly to the Linksys (as opposed to wireless) with the same IP configuration, does it work then? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: wireless help
topology: wall--bellsouth router--linksys AP linksys has a static IP of 192.168.1.3 bellsouth router has a static IP of 192.168.1.254 You need to configure different prefixes (aka subnets) on each side of the Linksys router: LAN side on Bellsouth: 192.168.1.254 255.255.255.0 WAN side on Linksys:192.168.1.3 255.255.255.0 LAN (wifi) side of Linksys: 192.168.2.1 255.255.255.0 Laptop: 192.168.2.2 255.255.255.0 Laptop gateway: 192.168.2.1 A trick I recommend very frequently to our ADSL subs that want to implement a wireless router into their network who are already using our equipment that has NAT enabled (to avoid double-NAT), is to disable DHCP on the LAN side of the Linksys, disable the WAN interface, and connect the ADSL modem to one of the LAN ports on the Linksys. Essentially, your access point will then be just that. Hope I understood your problem properly. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: wireless help
erpa1119 wrote: Why would I change something that is known to function correctly? Pardon my ignorance... It was my understanding that the reason you posted to the list was to get help with an issue where you could not communicate with other network devices. Are you saying it does work? Are you saying that perhaps you have other hosts on your network use this same setup successfully? Are you saying that your Linksys router is not at all a gateway device (does not NAT and forward packets)? # ifconfig -a # netstat -rn # ping ip.of.linksys # ping ip.of.bellsouth # arp -a ...post them. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Jails and IPv6
Hi everyone, Through all the information I've read (and after testing for myself), it appears as though IPv6 is still not possible inside of a jail. Is this correct? Is there any way that this can be accomplished? Regards, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Upgrading Kernel on a Remote Server
A nice trick for easily recovering from unbootable kernels is nextboot(8). Try man nextboot I certainly concur with Sean on the co-ordinate a time theory, especially if it includes them being on standby for a clean recovery, but this nextboot(8) tactic that I never knew about before seems *very* worthwhile looking into! Thanks, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Need to build a new mail server
I'd personally vouch for Qmail myself. So would I, for my environment. Having been an administrator now for mail servers in general for nearly 15 years, with experience with most notable mailers, Qmail by far lends itself to be the most highly configurable mailer assuming you know what you want ahead of time. Agreed. Most experienced sysadmins, once they know what they want, can apply those patches to qmail with ease and roll out additional Qmail installations with a single package. Very easy indeed. Yep. Bob, as for 'backscaatter spam' (assuming I understood you), that's rubbish: http://www.interazioni.it/opensource/chkusr/ (as an example) ...which works very well. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Looking for gurus willing to help write Freebsd tutorials
Thanks for taking the time to read this. And if you can help out, I'd appreciate it. Also, I'm not advertising the site. Just asking for some help. Since open source is about sharing, it only stands to reason that some sharing can and should be done as well on the web. :) The majority of people on this list help immensely. Most of the work and documentation regarding FreeBSD that has been produced by anyone reading this list can be found publicly by your best friend... http://google.ca ...or, for those inclined: http://google.com/bsd Good luck with your site ;) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD based router ...
Marc G. Fournier wrote: Does anyone know of anyone make an enterprise level router based off of FreeBSD? In all seriousness, if you want to roll your own based on FreeBSD, I have a couple of these units that I've been testing internally with that run FreeBSD off of a thumb drive. They are being used to test the Quality of Quagga's implementation of BGP, and seem to run very well. I haven't gone as far to really test them for pps or throughput yet, but they hold up well, no moving parts, not much more $ than a decent whitebox, and much smaller. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD based router ...
Steve Bertrand wrote: Marc G. Fournier wrote: Does anyone know of anyone make an enterprise level router based off of FreeBSD? In all seriousness, if you want to roll your own based on FreeBSD, I have a couple of these units that I've been testing internally with that run FreeBSD off of a thumb drive. Darn it, I forgot to send the link: http://www.mikrotikrouter.com Using the thumb drive allows me to swap out router configs quickly, without having to open the box up. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD based router ...
Wojciech Puchar wrote: Does anyone know of anyone make an enterprise level router based off of FreeBSD? define what enterprise level router is Something that doesn't say 'Vista capable' on the box? :) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Multiple instances of BIND at startup
Well, BIND is up to 28 published security advisories: http://www.isc.org/sw/bind/bind-security.php#matrix ...which not only have included cache poisoning (2003-0914), but many of them allowed for arbitrary code execution, often as root. Ok, then I'll ask the obvious... For those who are, or have been network ops within an Internet Service Provider environment, what DNS server do you recommend for reliability, functionality, and most importantly, ease of use so the helpdesk can make slight changes to client domains when required (hopefully without having to su to root). The latter point is why I went from BIND to TinyDNS (VegaDNS) in the first place, but it's seriously lacking with IPv6 support. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bind DNS
Is it possible in BIND DNS to block images in a certain sites? like for example the popular friends site ( friendster), i want to block most images in that site so that client will be irritated that their images don't load perfectly. but s till they can visit their site? Any idea guys? DNS is a name to address resolution protocol. It has no knowledge of web content. What you are after is some sort of web content filter. For home use, I use Squid and DansGuardian (both in ports). Still though, it's very difficult to block only *certain* images, and not others from a particular site. Regards, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bind DNS
Derek Ragona wrote: At 09:10 PM 5/22/2008, Ruel Luchavez wrote: Hi ALL, Is it possible in BIND DNS to block images in a certain sites? like for example the popular friends site ( friendster), i want to block most images in that site so that client will be irritated that their images don't load perfectly. but s till they can visit their site? Any idea guys? thans define in your hosts any host or URL you want to block as the localhost, 127.0.0.1 You can google for whole host files to use to block a bunch of different annoying sites. I assumed by the OP's original message that this was a workplace-type environment, and figured that he wouldn't want to hand-manage this type of thing. Also, pardon my ignorance, but if you were to DNS redirect a domain name to a specific IP with BIND, wouldn't you have to create a DNS zone for each domain name? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Multiple instances of BIND at startup
The match-destination inspects the DNS address used by the client to query to determine which view to use. Would this suit your purpose? Well, yes, it would suit the purpose, but my fear was exactly that of what Matthew states below about 'leaking'. I believe that the problem is this: even if configured to be an authoritative server, BIND will respond to a query about zones outside what it has authoritative data for with data from its cache if that data is present. As there is only one cache per instance of BIND, enabling any sort of recursive capability on a server that is otherwise meant to be entirely authoritative can lead to data leaking between the authoritative and recursive parts. This opens up the possibility of tricking a server into caching false data and responding with it as if it was authoritative. In answer to the OPs original question -- yes you can start two instances of BIND given the obvious requirement that they have distinct network addresses and ports, pid files etc. You just have to copy the startup script to a new name and modify the variable prefix internally -- eg. This chunk at the beginning of the script: This is exactly what I'm after. Thank you for all the help! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Multiple instances of BIND at startup
Hi everybody, I am attempting to configure a BIND 9 name server that will be authoritative for certain domains which will listen exclusively on IPv6. This same box will also be a caching server for a handful of networks (IPv6 and IPv4). The way I have it set up is that the authoritative and caching services each run a single instance of BIND on it's own IP address, with both instances each doing exactly what they are supposed to do. However, how can I make the FreeBSD (7.0) startup scripts load both instances of BIND, each with it's own configuration? I've read through the Administrators handbook for BIND and numerous newsgroup postings about 'views', but I don't think this is what I want. It seems 'views' are more for split-DNS, segregating internal access and external access to the same service. That is not what I am after. Any pointers much appreciated. Regards, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Multiple instances of BIND at startup
However, how can I make the FreeBSD (7.0) startup scripts load both instances of BIND, each with it's own configuration? I did something very similar. Run one of the bind instances in a jail -- especially with a little firewall rdr rules and similar trickery to redirect traffic into the appropriate instance (which gets you past the lack of IPv6 support in jail(8)). Works beautifully. Thanks Matthew for the response. In all honesty, I want to stay away from jails as much as possible. Once testing is complete, I'll have numerous DNS servers to roll this out to, and I want the least amount of complexity as possible. A few years ago I switched our entire infrastructure from BIND to DJBDNS (with VegaDNS as a web front-end), and now I'm looking to go back. Again, I'd rather do this without jails if possible, and at the same time, be able to use the built in FBSD startup scripts if possible. If not, heres another question: If I need to create my own custom script to do this sort of thing, where should it be loaded from? Some of my firewall rulesets rely on DNS to be up prior to them. Regards, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Multiple instances of BIND at startup
Jonathan Chen wrote: On Wed, May 21, 2008 at 06:52:36PM -0400, Steve Bertrand wrote: Again, I'd rather do this without jails if possible, and at the same time, be able to use the built in FBSD startup scripts if possible. Can you not make use of BIND 9's view features? Possibly each view using a match-destinations block to map to either the authoritative or the caching services. Well, from what I read (I can't remember where), if I use views to do this with only a single instance running, the problem arises that even though the 'external' (requests for authoritative answers) clients can and will get responses from the caching side of the server if the result they are after is already cached. I want the two services to be completely disparate, and more precise, I'd like to have the recursive instance to have to query the authoritative instance for a result from the same box. I have this setup already working fine. I just can't get it to start properly with both instances :) If I am missing something, and you have a config example, it would be appreciated. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Unusual use of ssh
Sure enough, ssh packets are received by the host. The problem is that it does not respond on the right interface. The routing table uses a default route through the T1. Thats where the sshd responses are being sent. If I understand correctly, this is only one box you need a correction for. Read on. Since I have no a priori knowledge what IPs I would have available when I need to use this back door, I can't pre-setup the routing table. Fair enough. I need sshd to respond on the same interface it receives the packets from. I don't believe that is possible using IPv4 routing. Not at the layer-3 level directly. To do this dynamically you will need to perform some sort of policy based routing. I think that it is using IPv6 but none of the networks involved support that yet. Well, that's a topic up for review. Technically, in IPv6, there is no correlation between how a host selects it's source address for an IP packet based on it's destination address. I've been trying to understand and follow the consequences of this for some time: http://www.ietf.org/internet-drafts/draft-ietf-v6ops-addr-select-ps-06.txt ...or: http://tinyurl.com/64l9pn I don't find any option in sshd to force it to respond on the right interface either. Is there something I have missed? Most likely, if this is a single machine you are speaking of, a script that will check for connectivity to a remote address periodically (eg every five minutes) and then dynamically change it's default gateway at kernel level (not userland level) prior to SSH incoming may fix your problem. This is a little difficult to do without dynamic routing, but relatively simple if you can put up with manually changing back the route once the T1 comes back up. A script that does: - ping remote addr - if fail, route delete default, route add default (ADSL gw) There was a very good discussion on fbsd-net@ last week regarding progress with multiple routing tables. I didn't get right into it so I don't know if it will help, but your true three options are: - dynamic routing (co-operation with ISP's) - IPFW (or equivalent) policy based routing (source routing) - periodic check via a script Regards, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Multiple instances of BIND at startup
Well, from what I read (I can't remember where), if I use views to do this with only a single instance running, the problem arises that even though the 'external' (requests for authoritative answers) clients can and will get responses from the caching side of the server if the result they are after is already cached. I didn't quite parse this, could you please elaborate? I want the two services to be completely disparate, and more precise, I'd like to have the recursive instance to have to query the authoritative instance for a result from the same box. The same result can be achieved by using the same master zone file in your caching and authoritative views. Not quite what you wanted, but the end result should be the same. I'm beginning to feel that I'm on a different page here. I understand 'views' as far as BIND is concerned as thus (I may be misguided): Internet | external clients looking for resolution | | | external view (accept from acl x.x.x.x) | BIND DNS Server | internal view (accept from acl x.x.x.x) | | | internal clients looking for resolution | A private LAN perhaps My authoritative name server (service, eventually cluster) will eventually house about 500 domains, which I want only recursive DNS servers that come from the root .tld down to see (no caching). The caching name server (service, and eventually cluster) will see tens of thousands of our clients requests (we are an ISP) to use as their DNS lookup, which will perform recursive lookups that we are not authoritative for. I'm sorry, I don't know how to put it into other words, other than I want complete separation from dns authoritative and dns caching services to be disparate. The same thing I get when I run tinydns and dnscache on two separate IP's via ucspi. Again, example configs are welcome. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Mounting USB CD-ROM manually, after boot
Hi everyone, To get right to the chase, FBSD 7.0, I plug in an external USB CD-ROM device with a CD (of FreeBSD 7.0) and I want to mount it manually into the filesystem. The device shows up with a label, and appears as /dev/cd0 (in dmesg). # mount /dev/cd0 /cdrom ...fails, with a: mount: /dev/cd0 : Invalid Argument I have nothing else in /dev that would indicate any new device was attached. I know for fact the .iso is burned correctly, because I can boot from the same CD on another PC. Even still, a bad ISO burn still shouldn't prevent me from mounting AFAIK. I've also tried all manner of cd0a etc, but they don't exist. (I can confirm cd0 is the only entry that appears in /dev after USB insertion). Can anyone shed some quick light onto the solution that I am likely purely overlooking? Thanks, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mounting USB CD-ROM manually, after boot
mount: /dev/cd0 : Invalid Argument Can anyone shed some quick light onto the solution that I am likely purely overlooking? Try this: mount_cd9660 /dev/cd0 /mnt Thank you for the very quick reply. The above command that David stated worked immediately. Thanks everyone, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [SSHd] Increasing wait time?
ssh stream tcp nowait/20/4/10 root /usr/sbin/sshd sshd -i into /etc/inetd.conf set a limit of * 20 overall ssh connections * 4 connection attempts per minute * at most 10 connections from a single IP This works very well on a personal server, not sure how it scales up. So if I copy over some files via scp, I can lock myself out. Fun stuff ;) Come on... The comment was based on a 'personal' server for logins. How 'bout you explain why SCP would break this so the OP understands... Otherwise, explain why running an FTP session through one of the server's SSH tunnels wouldn't be equally viable to running an unlimited number of SCP sessions over normal TCP ;) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Change gateway
I'm trying to set the gateway 10.0.253.1 to the host 10.0.253.161/27 but i've received the answer: # route flush # route add default 10.0.253.1 route: writing to routing socket: Network is unreachable The gateway and the host are connected in the same switch Even though the physical connection is the same, the .1 address is in a different subnet entirely than .161, due to the /27 prefix length. 10.0.253.160/27 encompasses 161-190. It's a good thing FreeBSD breaks in this case ;) You will need to change your prefix length to /24 on the host, or add a secondary IP from the 160/27 range to the gateway to make this work. Regards, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: PPPoe trick?
We(An ISP) have already established PPPoe internet connection and have many users. PPPoE...you mean that you are an established Internet Provider that supplies xDSL connections that require authentication to several users, to which your termination point resides on a FreeBSD box? I want my users to view our web site very first time of their web cruzing progress. Sure, whats the site? We can make sure of it. Is there any possibility of it? Absolutely. There are numerous solutions to this issue, but it would help significantly if you let us know what services you have running under the guidance of FreeBSD that you need help with. For instance, are you trying to hijack all of your user traffic destined for port 80 at the transport layer as soon as they log in? Any information regarding FreeBSD would be most beneficial. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: network configuration problem
I've bought a router/gateway from my provider (Telekom/T-Online) which is called Speedport W 502V Typ A an has the ip address 192.168.2.1; it is connectet to an ethernet card (rl0). 192.168.2.1/24 is in a different network than 192.168.10.1/24. Your gateway and your workstation will not be able to communicate with one another. Then I assigned an address (e. g. 192.168.10.1) to the ethernet card with the help of and made it the default route: route add default 192.168.10.1 You essentially gave yourself an address outside of the gateways LAN address scope, and then proceeded to route all unknown traffic to yourself. You probably want: # ifconfig rl0 192.168.2.100 255.255.255.0 ...and # route add default 192.168.2.1 Then, for name resolution: # echo nameserver ip.of.isp.dns /etc/resolv.conf Regards, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]