Pam auth
Hello all, My brother-in-law runs his own business, and his IT guy has recently left, leaving no passwords or anything. The entire network is a complete mickey mouse setup which I'm revamping properly for him. There is a single FBSD 5.2.1 box that I have been working on and the problem is this: I can access everything via the root account when in single-user mode, even change the root password. However, when I reboot and try to get into normal mode (using root and the pass I just changed it to), I get pam errors stating incorrect password. I am not at home to get the exact message. My question is, is there any way in single user mode to switch authentication back to the standard master.password file, without having to try to figure out how to change it elsewhere? TIA, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: I am having problem with network
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew P. Sent: Monday, October 10, 2005 8:36 AM To: Jayesh Jayan Cc: FreeBSD Questions Subject: Re: I am having problem with network On 10/10/05, Jayesh Jayan [EMAIL PROTECTED] wrote: Hi Andrew, Thank you for your mail. Below are the details which is required by you. First, notice this: inet 206.123.101.20 netmask 0xfc00 broadcast 206.123.103.255 Check out the broadcast address...it ends before the 206.123.104.1 address begins. The subnet you used for this entire contiguous block of IP's in human readable form is 255.255.252.0. This will only encompass the 101-103 supernet. There are two possible solutions. The first involves increasing the supernet to include the 104 block. The first ifconfig entry in your /etc/rc.conf file should be changed to this: # ifconfig_em0=inet 206.123.101.20 netmask 255.255.255.248 From: # ifconfig_em0=inet 206.123.101.20 netmask 255.255.255.252 The second option is changing the subnet for the 104 block alias in the rc.conf file. At this point, you have it set to 0x, which is 255.255.255.255. This is fine, so long as the 104 block was inside of the original subnet, but it is not. This is exactly why you are getting these errors in the messages log. You will need to find out how your IP's have been allocated to you. With this second option, you would change the first 104 entry's subnet to something different in the rc.conf file in order for it to be routed properly, such as 255.255.255.0. This subnet mask would encompass the 104 block, and only the 104 block. All of the other 104 entries shall keep their original 255.255.255.255 (or 0x) subnet mask as aliases. Either one of these solutions will work, but it may break other parts of the network if you don't know how the rest of the network looks at this. I'd assume you'd just want to take the first option as I bet that's what you meant. I don't have time to re-read this post, so if it is confusing in any way, my apologies. Feel free to ask questions. Also, any changes in this regard should be done at the console lest you make a mistake. After making changes to rc.conf, simply issue the command: # /etc/netstart To activate the changes. HTH, Steve inet 206.123.101.20 netmask 0xfc00 broadcast 206.123.103.255 inet6 fe80::211:43ff:fee9:327e%em0 prefixlen 64 scopeid 0x1 inet 206.123.103.207 netmask 0x broadcast 206.123.103.207 inet 206.123.103.208 netmask 0x broadcast 206.123.103.208 inet6 fe80::211:43ff:fee9:327e%em0 prefixlen 64 scopeid 0x1 inet 206.123.103.207 netmask 0x broadcast 206.123.103.207 inet 206.123.103.208 netmask 0x broadcast 206.123.103.208 inet 206.123.103.209 netmask 0x broadcast 206.123.103.209 inet 206.123.103.210 netmask 0x broadcast 206.123.103.210 inet 206.123.103.211 netmask 0x broadcast 206.123.103.211 inet 206.123.103.212 netmask 0x broadcast 206.123.103.212 inet 206.123.103.213 netmask 0x broadcast 206.123.103.213 inet 206.123.103.214 netmask 0x broadcast 206.123.103.214 inet 206.123.103.215 netmask 0x broadcast 206.123.103.215 inet 206.123.103.216 netmask 0x broadcast 206.123.103.216 inet 206.123.103.217 netmask 0x broadcast 206.123.103.217 inet 206.123.103.218 netmask 0x broadcast 206.123.103.218 inet 206.123.103.219 netmask 0x broadcast 206.123.103.219 inet 206.123.103.220 netmask 0x broadcast 206.123.103.220 inet 206.123.103.221 netmask 0x broadcast 206.123.103.221 inet 206.123.103.222 netmask 0x broadcast 206.123.103.222 inet 206.123.103.223 netmask 0x broadcast 206.123.103.223 inet 206.123.103.224 netmask 0x broadcast 206.123.103.224 inet 206.123.103.225 netmask 0x broadcast 206.123.103.225 inet 206.123.103.226 netmask 0x broadcast 206.123.103.226 inet 206.123.103.227 netmask 0x broadcast 206.123.103.227 inet 206.123.103.228 netmask 0x broadcast 206.123.103.228 inet 206.123.103.229 netmask 0x broadcast 206.123.103.229 inet 206.123.104.10 netmask 0x broadcast 206.123.104.10 inet 206.123.104.11 netmask 0x broadcast 206.123.104.11 inet 206.123.104.12 netmask 0x broadcast 206.123.104.12 inet 206.123.104.13 netmask 0x broadcast 206.123.104.13 inet 206.123.104.14 netmask 0x broadcast 206.123.104.14 inet 206.123.104.15 netmask 0x broadcast 206.123.104.15 inet
RE: I am having problem with network
I did change the as you had suggested and executed the script /etc/netstart. the server hanged :(( My apologies...I see some typos. Eliminate the # at the beginning, and add a double quote to the end. Hence: ifconfig_em0=inet 206.123.101.20 netmask 255.255.255.248 And you should be good to go. Steve Changed # ifconfig_em0=inet 206.123.101.20 http://206.123.101.20/ netmask 255.255.255.248 http://255.255.255.248/ From: # ifconfig_em0=inet 206.123.101.20 http://206.123.101.20/ netmask 255.255.255.252 http://255.255.255.252/ what can be the issue or what was the wrong step which I took ? On 10/12/05, Steve Bertrand [EMAIL PROTECTED] wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] On Behalf Of Andrew P. Sent: Monday, October 10, 2005 8:36 AM To: Jayesh Jayan Cc: FreeBSD Questions Subject: Re: I am having problem with network On 10/10/05, Jayesh Jayan [EMAIL PROTECTED] wrote: Hi Andrew, Thank you for your mail. Below are the details which is required by you. First, notice this: inet 206.123.101.20 netmask 0xfc00 broadcast 206.123.103.255 Check out the broadcast address...it ends before the 206.123.104.1 address begins. The subnet you used for this entire contiguous block of IP's in human readable form is 255.255.252.0. This will only encompass the 101-103 supernet. There are two possible solutions. The first involves increasing the supernet to include the 104 block. The first ifconfig entry in your /etc/rc.conf file should be changed to this: # ifconfig_em0=inet 206.123.101.20 netmask 255.255.255.248 From: # ifconfig_em0=inet 206.123.101.20 netmask 255.255.255.252 The second option is changing the subnet for the 104 block alias in the rc.conf file. At this point, you have it set to 0x, which is 255.255.255.255 http://255.255.255.255 . This is fine, so long as the 104 block was inside of the original subnet, but it is not. This is exactly why you are getting these errors in the messages log. You will need to find out how your IP's have been allocated to you. With this second option, you would change the first 104 entry's subnet to something different in the rc.conf file in order for it to be routed properly, such as 255.255.255.0. This subnet mask would encompass the 104 block, and only the 104 block. All of the other 104 entries shall keep their original 255.255.255.255 (or 0x) subnet mask as aliases. Either one of these solutions will work, but it may break other parts of the network if you don't know how the rest of the network looks at this. I'd assume you'd just want to take the first option as I bet that's what you meant. I don't have time to re-read this post, so if it is confusing in any way, my apologies. Feel free to ask questions. Also, any changes in this regard should be done at the console lest you make a mistake. After making changes to rc.conf, simply issue the command: # /etc/netstart To activate the changes. HTH, Steve inet 206.123.101.20 netmask 0xfc00 broadcast 206.123.103.255 inet6 fe80::211:43ff:fee9:327e%em0 prefixlen 64 scopeid 0x1 inet 206.123.103.207 netmask 0x broadcast 206.123.103.207 http://206.123.103.207 inet 206.123.103.208 netmask 0x broadcast 206.123.103.208 inet6 fe80::211:43ff:fee9:327e%em0 prefixlen 64 scopeid 0x1 inet 206.123.103.207 netmask 0x broadcast 206.123.103.207 inet 206.123.103.208 http://206.123.103.208 netmask 0x broadcast 206.123.103.208 inet 206.123.103.209 netmask 0x broadcast 206.123.103.209 inet 206.123.103.210 netmask 0x broadcast 206.123.103.210 inet 206.123.103.211 netmask 0x broadcast 206.123.103.211 inet 206.123.103.212 http://206.123.103.212 netmask 0x broadcast 206.123.103.212 inet 206.123.103.213 netmask 0x broadcast 206.123.103.213 inet 206.123.103.214 netmask 0x broadcast 206.123.103.214 inet 206.123.103.215 netmask 0x broadcast 206.123.103.215 inet 206.123.103.216 http
RE: I am having problem with network
I did change the as you had suggested and executed the script /etc/netstart. the server hanged :(( Also, remove any reference to the http entries if they are appearing in your email. The '20' should be directly next to the word netmask, and the 248 should be smack dab beside the last double quote. I don't know if your email app is displaying the http references, but if they are, that is not part of the command. Steve Changed # ifconfig_em0=inet 206.123.101.20 http://206.123.101.20/ netmask 255.255.255.248 http://255.255.255.248/ From: # ifconfig_em0=inet 206.123.101.20 http://206.123.101.20/ netmask 255.255.255.252 http://255.255.255.252/ what can be the issue or what was the wrong step which I took ? On 10/12/05, Steve Bertrand [EMAIL PROTECTED] wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] On Behalf Of Andrew P. Sent: Monday, October 10, 2005 8:36 AM To: Jayesh Jayan Cc: FreeBSD Questions Subject: Re: I am having problem with network On 10/10/05, Jayesh Jayan [EMAIL PROTECTED] wrote: Hi Andrew, Thank you for your mail. Below are the details which is required by you. First, notice this: inet 206.123.101.20 netmask 0xfc00 broadcast 206.123.103.255 Check out the broadcast address...it ends before the 206.123.104.1 address begins. The subnet you used for this entire contiguous block of IP's in human readable form is 255.255.252.0. This will only encompass the 101-103 supernet. There are two possible solutions. The first involves increasing the supernet to include the 104 block. The first ifconfig entry in your /etc/rc.conf file should be changed to this: # ifconfig_em0=inet 206.123.101.20 netmask 255.255.255.248 From: # ifconfig_em0=inet 206.123.101.20 netmask 255.255.255.252 The second option is changing the subnet for the 104 block alias in the rc.conf file. At this point, you have it set to 0x, which is 255.255.255.255 http://255.255.255.255 . This is fine, so long as the 104 block was inside of the original subnet, but it is not. This is exactly why you are getting these errors in the messages log. You will need to find out how your IP's have been allocated to you. With this second option, you would change the first 104 entry's subnet to something different in the rc.conf file in order for it to be routed properly, such as 255.255.255.0. This subnet mask would encompass the 104 block, and only the 104 block. All of the other 104 entries shall keep their original 255.255.255.255 (or 0x) subnet mask as aliases. Either one of these solutions will work, but it may break other parts of the network if you don't know how the rest of the network looks at this. I'd assume you'd just want to take the first option as I bet that's what you meant. I don't have time to re-read this post, so if it is confusing in any way, my apologies. Feel free to ask questions. Also, any changes in this regard should be done at the console lest you make a mistake. After making changes to rc.conf, simply issue the command: # /etc/netstart To activate the changes. HTH, Steve inet 206.123.101.20 netmask 0xfc00 broadcast 206.123.103.255 inet6 fe80::211:43ff:fee9:327e%em0 prefixlen 64 scopeid 0x1 inet 206.123.103.207 netmask 0x broadcast 206.123.103.207 http://206.123.103.207 inet 206.123.103.208 netmask 0x broadcast 206.123.103.208 inet6 fe80::211:43ff:fee9:327e%em0 prefixlen 64 scopeid 0x1 inet 206.123.103.207 netmask 0x broadcast 206.123.103.207 inet 206.123.103.208 http://206.123.103.208 netmask 0x broadcast 206.123.103.208 inet 206.123.103.209 netmask 0x broadcast 206.123.103.209 inet 206.123.103.210 netmask 0x broadcast 206.123.103.210 inet 206.123.103.211 netmask 0x broadcast 206.123.103.211 inet 206.123.103.212 http://206.123.103.212 netmask 0x broadcast 206.123.103.212 inet 206.123.103.213 netmask 0x broadcast 206.123.103.213 inet 206.123.103.214 netmask 0x broadcast 206.123.103.214 inet
FW: Sata drives and FBSD
Hi all, I have had an issue (as many others have) trying to get STABLE, or even CURRENT running on a box with an ICH6R RAID controller. After install (which appears to be successful), when I reboot it just sits there with a blinking cursor in the top left of the screen. I've tried this numerous times over the past couple months to no avail. Today, I tried another box using a 200GB Sata drive w/o RAID, and the exact same thing happens. I've tried all manner of things to no avail. If someone can shed some light on this issue, I would most appreciate it. Tks, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Sata drives and FBSD
Hi all, I have had an issue (as many others have) trying to get STABLE, or even CURRENT running on a box with an ICH6R RAID controller. After install (which appears to be successful), when I reboot it just sits there with a blinking cursor in the top left of the screen. I've tried this numerous times over the past couple months to no avail. Today, I tried another box using a 200GB Sata drive w/o RAID, and the exact same thing happens. I've tried all manner of things to no avail. If someone can shed some light on this issue, I would most appreciate it. Tks, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Sata drives and FBSD
I have had an issue (as many others have) trying to get STABLE, or even CURRENT running on a box with an ICH6R RAID controller. After install (which appears to be successful), when I reboot it just sits there with a blinking cursor in the top left of the screen. I've tried this numerous times over the past couple months to no avail. Today, I tried another box using a 200GB Sata drive w/o RAID, and the exact same thing happens. I've tried all manner of things to no avail. If someone can shed some light on this issue, I would most appreciate it. I'm sorry if this message comes in multiple copies. I was having problems with my server being rejected by FBSD MX's, and there may be a couple queued. Steve Tks, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FW: Sata drives and FBSD
This message failed to go through twice, so I'll try one more time: Hi all, I have had an issue (as many others have) trying to get STABLE, or even CURRENT running on a box with an ICH6R RAID controller. After install (which appears to be successful), when I reboot it just sits there with a blinking cursor in the top left of the screen. I've tried this numerous times over the past couple months to no avail. Today, I tried another box using a 200GB Sata drive w/o RAID, and the exact same thing happens. I've tried all manner of things to no avail. If someone can shed some light on this issue, I would most appreciate it. Tks, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FW: Sata drives and FBSD
Hi all, I have had an issue (as many others have) trying to get STABLE, or even CURRENT running on a box with an ICH6R RAID controller. After install (which appears to be successful), when I reboot it just sits there with a blinking cursor in the top left of the screen. I've tried this numerous times over the past couple months to no avail. Today, I tried another box using a 200GB Sata drive w/o RAID, and the exact same thing happens. I've tried all manner of things to no avail. If someone can shed some light on this issue, I would most appreciate it. Tks, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: FW: Sata drives and FBSD
-Original Message- From: albi [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 05, 2005 12:53 PM To: Steve Bertrand Subject: Re: FW: Sata drives and FBSD hi, This message failed to go through twice, so I'll try one more time: i've since it 2x already, stop it :-) I have had an issue (as many others have) trying to get STABLE, or even CURRENT running on a box with an ICH6R RAID controller. After install (which appears to be successful), when I reboot it just sits there with a blinking cursor in the top left of the screen. I've tried this numerous times over the past couple months to no avail. Today, I tried another box using a 200GB Sata drive w/o RAID, and the exact same thing happens. perhaps a silly question, did you set it in the BIOS to boot from RAID-device rather than IDE ? I've tried all different methods of boot procedure, disabling IDE entirely, disabling RAID...all on both boxes. Tks for the suggestion though! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Explaining FreeBSD features
I think, that really only questions, whose answers cannot readily be found elsewhere, should be asked on this list. I disagree. For those working in a 24x7 uptime situation and a critical problem arises, we all now that time is of the essence. I have no problem someone asking a reasonably descriptive question even if it is somewhat readily available on the 'Net if they can use that 10 minutes of search time to conduct other emergency procedures while waiting an answer from the list. For the most part, yes, only non-readily available answers should be posted to the list, but there are circumstances where the list can provide, as someone else suggested a quick RTFM, here is the link to what you are looking for. A new user may take this as offensive, but it only really takes reading a handful of threads in this FBSD-q list for anyone to realize that people do really get honest, feasable, accurate and friendly help here. Part of the FreeBSD education should consist of informing the user how they can help themselves, and how they should seek help in the event that the self-help fails. If that education scheme was effectively employed, perhaps there wouldn't be as many stupid questions. Yes, but how does one inform the user of the self-help approach. Obviously putting that education in the handbook would be moot as they likely haven't read the handbook anyway ;) Steve Cali ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Explaining FreeBSD features
Fafa, I've seen these kinds of efforts before and they are all generally doomed to failure. You see, the problem is that FreeBSD is not a general computer operating system product. It is a very specific product in fact. Now, the USES that FreeBSD can be put to are VERY general. BUT, do NOT make the mistake of confusing the fact that just because FreeBSD can be put to general use, that somehow it is a general product. It is not. FreeBSD is targeted at 2 main groups of people: 1) Very knowledgeable people who are using it for personal, or in-house corporate projects. 2) Very knowledgeable people who are using it to construct turnkey systems for customers who couldn't care less what is under the hood. By contrast, Windows and Linux are in fact, general computer operating system products. They are targeted at groups #1 and #2, but they are also targeted at group #3 which are: 3) People who barely know how to push a button who have a problem they need to fix with a computer operating system, and they really don't care if they understand how the fix works as long as it works. This gives rise to a rather serious Catch-22 with FreeBSD: You need to really understand intimately how FreeBSD works and how computer software that runs on it works in order to get it to work well enough for you to learn intimately how it works. Windows and Linux solved this Catch-22 by dumbing-down the interface to their operating systems. Thus, an ignoramus can get up and running with both of these systems, and that person can remain fat, dumb, and happy, completely ignorant of what he is doing, and those systems will still work enough to get the job done. It may be a half-assed fix, but it is better than nothing. FreeBSD by contrast, long ago decided not to do this. For starters, if you dumbed-down the FreeBSD interface, then to most people FreeBSD wouldn't be any different than Linux or Windows, so why mess with it? But, most importantly, a dumbed-down interface gets in the way of a knowledgeable person, and over time becomes a tremendous liability. With FreeBSD, the only way that a newbie can break the Catch-22 is old-fashioned mental elbow grease. In short, by learning a bit at a time, expanding on that, and repeating the process. It is a long slow way to get to know anything, but once you get there, you really do know everything in intimate detail. This isn't a popular thing to tell newbies. Just going through this list as I do every few days and came across this thread. I just want to say thank you Ted, your comments made for a very decent, informative and realistic read ;) Steve Ted Thanks. -- Fafa Hafiz Krantz Research Designer @ http://www.home.no/barbershop Enlightened @ http://www.home.no/barbershop/smart/sharon.pdf -- ___ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Explaining FreeBSD features
On Wed, 22 Jun 2005 12:36:48 +0800 Erich Dollansky [EMAIL PROTECTED] wrote: Hi, Vulpes Velox wrote: Ignorant useless users should be supported by commercial ventures, not community ones. They will just drag the community down with their weight if they don't help out. This would be the real tough one. There should also be a way to write some kind of descripton for the people between. I found the handbook to be useful in this area. Yes, if you understand it. It is written be serious IT professionals for serious IT professionals. Even a serious none IT professional has problems understanding it. Our problem is that we all do not know the people who would speak the language none IT professionals understand. The original writer sounds like being skilled enough to have serious try on this one if he gets the information he needs for this. I also had too read up on various unix tutorials as well. I would personally assume that anyone who has ventured seriously into FreeBSD (I started with Linux for a week, then jumped right into FBSD and now run an entire ISP with it) has had their head into several books. My opinion is that most who run FBSD, run it because they like it, enjoy it and completely appreciate it's features, rock-solid reliability, and excellent documentation (IMHO) and help networks. Most who use it to this extent have no problem reading the books, as others have said because they want/need to learn whats under the hood. There have been times where I have been in a jam, and didn't RTFM before making a post, but on the other hand, there have been times where I have helped someone out on FBSD areas I had to research on my own time just so I could familiarize myself with it to help them. It's my belief that you must be serious to get a FBSD box running at full tilt, tuned right out, but you need not be an expert to get one up and running. There's no way I would use a butter knife to cut down a tree (use Windows for infrastructure), nor would I use a chainsaw to cut the butter (use a full scale FBSD server to browse the web). It's all in what you want and/or need. The docs are there. As it was pointed out, you need not be a developer, but this is meant to be a serious OS for serious people. If one wants to learn the ways of FreeBSD, in reality, the handbook, google and the lists are your friends. Most everyone I know who uses FBSD document their learning and experiences, and post it on websites for everyone to learn from (including myself). Sometimes it is clear cut and dry, and other times (especially with new, unprecedented procedures), you must piece-meal different peoples experiences into your own. My .02 Steve I feel the handbook could be made clearer in some areas, but I believe it is good in general. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Explaining FreeBSD features
After all, someone is trying to do something good for freebsd, by making freebsd known by more and more people. It's not worth getting the word out if those new people who are hearing about it just rant and bitch that the documentation is 'no good', when something doesn't work the first time they try it. Most people are lazy, we tend to prefer immediate results rather than a long term process and commitment. I think this is understandable. I agree, and it falls perfectly well in with my comment above. Of course, there will be a lot of newbies coming, some of them will stay and some of them will find it too difficult, and leave. That's the way it is. ...and most likely because they are the type who don't want to learn 'how' it works, they just want it to work. Bill Gates knows this, and counts on it. Linux is trying to make itself more 'user friendly' to compete with Microsoft. I hope FreeBSD never tries to make itself 'simpler' to operate to gain market share. Myself, I find it easy to operate, moreover, I can type faster than I can move the mouse and point/click, so being able to do something in Windows or Linux rather than at the command line is only in the eye of the beholder. (Note that I use XP as my workstation, but I usually have 10 or 12 SSH sessions open ;) Same goes with linux. If it just sounds powerful, and hard for people to get their hands dirty by just setting one up and see what it looks like and maybe how it works, then linux wouldn't be this popular now. Linux has come a long way from 10 years ago. It's just as easy, if not in some cases easier than Windows to set up. However, with sysinstall, I can get a FBSD system up in less than 8 minutes, with custom FW ruleset, online, updating with cvsup and preparing to install a custom kernel. No gooey crap to waste resources, nothing extra I don't want, just straight up what I want. Sure the first couple installs may take some time to read and find out about, but I much rather spending 20 average per box with FreeBSD than the hour and a half to get a Window server up and installed for Internet use for a client. You would hear that Someone has burned a linux CD and just don't have time to install it, but linux is easy and sounds really cool and makes people curious, and you wouldn't hear the same thing about freebsd. Most of the none unix IT friends I have all had a EXTREMELY HARD impression on Freebsd, and they found linux extremely easy. Sure. FreeBSD I don't think is meant to be cool and appeal to the UNIX IT personnel. It's designed to work, and work hard. Those who spend their work hours maintaining a large core infrastructure aren't interested in cool. Business managers and clients are interested in 'make it work, make it work reliably without downtime'. Words like 'cool' generally don't impress them, and 'cool' generally means that I have to respond to frequent problems, errors, crashes. My cool is less work, less time spent so I can do more important things :) That's indeed not true. It really only takes a normal person several hours to flip through the HANDBOOK to at least know his/her way around, and this is really as easy as linux. Agreed. I even read the FM's for new devices/purchases I make. I want to ensure I get full value out of things that I use/buy/aquire. It's those who buy a new camera, throw the manual out with the box as soon as it's opened, and get angry because x feature won't work, or they can't figure out how to do something so they bitch about it. IMHO, the handbook will get a box set up even for a reasonable newbie. But, it make sence, that people would like to see the product, before using it or even know more about it. Much like a person would prefer trying out a service for free before he/she decides to invest more money and time into it. That's what the docs, lists and other professionals that use FBSD are for. Myself, I'll answer any question about FBSD that I can, because so much info was so freely given to me. They didn't build Rome in a day, nor can you expect to get a full picture of the usefulness of FBSD in a day either. Also, one must first be a newbie in something, then become more and more professional while he/she is learning. Of course. Many of my clients call themselves stupid for making a mistake. I disagree with them. Although there are many, many incoherent users I feel like choking sometimes, I generally tell them no one knows everything. If one wants to learn they must educate themselves...this goes for everything. A lot of you might be good at Freebsd, but very new to something else. Would you prefer to hear someone telling you, Hey! This is only for Professional! There is not even a newbie version for you! So don't slow us down by getting out of our way! That's not friendly at all, right? It's not friendly, but no one has said that. Most will say to a newbie that it takes time, patience and RTFM'ing. It's the people who
RE: support for ICH6R controller and Broadcom ethernet
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Mozley Sent: Wednesday, June 22, 2005 12:13 PM To: freebsd-questions@freebsd.org Subject: Re: support for ICH6R controller and Broadcom ethernet [EMAIL PROTECTED] wrote: Hi Jim, I think it's not a answer to you but here is my recent experience. I've installed FBSD 5.4 in a box with Intel ICH5R chipset. It's working, no hangs, no panics, but the disk performance on the second IDE disk (I'm not using RAID, just simple master/slave setup), is terrible. It's like the DMA was not correctly set on the second disk. I read somewhere, that FreeBSD has full support to ICH5 chipset but NOT for ICH5R. Even when running in compatibility mode set on BIOS, the performance is the same. Someone told me the follwing on the performance list: I remember a commit to the ata driver to fix misprogramming of DMA timing on an Intel chipset for devices and/or channels other than the first. I'm not sure if 5.4 has the bug or the fix. To me it still has the bug. OK thanks for that help. If anyone knows anything more definitive I'd be grateful (no criticism of the helpful reply intended). I have a box with the same chipset. I have 2 160GB SATA drives in a RAID1 config, which FBSD 5.4 sees 2 disks, as opposed to the single RAID subsystem. I install on one of the disks. However, when I reboot the box, I get a flashing cursor in the top left corner of the screen as if it's going to boot, but it stays there. No errors nothing. I'll be trying this out again tomorrow, so I'll let you know if I find anything. Steve Thanks, Jim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Yet another RAID Question (YARQ)
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of P.U.Kruppa Sent: Monday, June 20, 2005 9:28 AM To: Ted Mittelstaedt Cc: P.U.Kruppa; freebsd-questions@freebsd.org Subject: RE: Yet another RAID Question (YARQ) On Mon, 20 Jun 2005, Ted Mittelstaedt wrote: On Sun, 19 Jun 2005, Ted Mittelstaedt wrote: What model of Proliant? ML 350 G4 Oh good, we have a customer that has been looking at one of these for FreeBSD and I'm glad to hear that you didn't have problems with it. Absolutely smooth - and I am really no kind of computer expert. With these all you get is hot-swap support although you might have to do a camcontrol rescan after swapping the disk. Yes, I have read that in some recent thread. Actually, the Windows management tools for this raid controller on a server are observational as well. There is no rebuild tool or anything like that. When we set these systems up for customers (All the recent Proliants use the same RAID controller) we usually configure them RAID-5 with 4 physical disks, the setup will set 3 of the disks in the array, and one a hot-spare. And in the event of a disk failure, which you can tell by looking at the disk drive lights, or going into the management interface, you simply pull out the bad disk and put in the replacement and the RAID card takes care of the rest of it. The City of Wuppertal couldn't buy me a third disc, because that would have superceded the limit of 2.5 kEURO, which would have required some special administrative act ... :-) . As for knowing if a disk has failed, I think the only way to know is to watch the little lights on the disk front. After reading Alex' story about running a RAID 1 with a defect disc for three years, I believe it will suffice, when I check things with every system upgrade. I know this technique isn't feasable in all situations, but I try to have duplicate hardware. Especially with my IDE RAID1 servers, I'll from time to time during a maintenance window pop one of the RAID disks out, throw it in another box and ensure BOTH machines boot up with individual disks. This is a sure test to ensure RAID is working. Mind you, I also back up using rsync for critical stuff to another box, and to tape as well. Steve Uli. * * Peter Ulrich Kruppa - Wuppertal - Germany * * ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Booting with multiple RAID1 configs
You might use loader(8) to set the root device (rootdev variable) explicitly to ar1s1a. Then you should also update fstab to reflect the numbering change. I don't know of any way to change the ata numbering scheme. Mainboard controllers always seem to be probed (and numbered) first. I think there is no way to get your original raid back to ar0 if you also use your mainboard controllers. Thank you so, so much. After trying to mount / to ufs:/dev/ar1s1a at the MountRoot prompt and it failing, I thought something more serious was the problem, so: - I added kern.rootdev=/dev/ar1s1a to sysctl.conf - Changed the / fs in /etc/fstab to point to /dev/ar1s1a At that point, the system loaded the root filesystem, but since that was the only one I changed, it errored out mounting the rest (which was expected). I simply mounted them manually /dev/ar1s1N to /usr /var and /home, remounted the / filesystem rw, ee the /etc/fstab and changed all the mountpoints to ar1, rebooted, and all is well! I now have 2 RAID1 configs on the same box, and am successfully booting off of the promise raid properly before the motherboard disks!! Thanks to all who provided feedback! I hope this situation can help someone else who wants to boot off of an arbitrary disk before the motherboard disk in the future! Steve Cheers Titus ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Booting with multiple RAID1 configs
You might use loader(8) to set the root device (rootdev variable) explicitly to ar1s1a. Then you should also update fstab to reflect the numbering change. I don't know of any way to change the ata numbering scheme. Mainboard controllers always seem to be probed (and numbered) first. I think there is no way to get your original raid back to ar0 if you also use your mainboard controllers. Hence, the aftermath on a properly booted system: pearl# atacontrol status 1 ar1: ATA RAID1 subdisks: ad4 ad6 status: READY pearl# atacontrol status 0 ar0: ATA RAID1 subdisks: ad2 ad0 status: READY pearl# df -h FilesystemSize Used Avail Capacity Mounted on /dev/ar1s1a 246M 185M41M82%/ /dev/ar1s1g38G 9.7G26G27%/home /dev/ar1s1e38G 3.3G32G 9%/usr /dev/ar1s1f29G 7.9G19G30%/var procfs4.0K 4.0K 0B 100%/proc I must add that atacontrol is such a much simpler RAID manipulation tool than vinum. I haven't done any redundancy checks or anything as of yet, but it almost seems too good to be in the base system :) Steve Cheers Titus ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Booting with multiple RAID1 configs
Hey all, I've been running my 4.11 box on a Promise RAID one card with no difficulty. Today I added 2 new disks to the regular IDE chain, and used atacontrol to create a second RAID1 configuration for those 2 new disks. After I created with atacontrol, it successfully told me an 'ar1' had been created. (ar0 is the promise card). However, after reboot, FBSD is trying to configure the new disks as ar0, and the originals as ar1, causing a mountroot problem. Manually typing ufs:/dev/ar1s1a fails as well with Root Mount Failed: 22. This can be fixed simply by removing the 2 new disks. In the docs, I found how to boot by telling the os something like this: 1:ad(2,a)kernel, however I don't want to boot from an individual disk. It must be the promise card. I'd appreciate it if someone can help me sort this out! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Booting with multiple RAID1 configs
Please clarify. You said you added two new disks to the 'regular ide chain' and then created another RAID1 config for those disks. Are the new drives connected to the Promise RAID controller, or the motherboard's IDE controllers? The original RAID, 2 ide drives connected to the Promise card, which right from the beginning were labelled ar0 by FreeBSD. They show up initially in dmesg as ad4 and ad6. 2 new IDE drives were added today, Primary Master on IDE1 and Secondary Master on IDE2 chain (motherboard IDE). It sounds like you connected them to the other channel on the Promise card. The card should label the channels IDE 1 and IDE 2 or something similar. Nope, that is not the case. On the promise card, both channels (1 and 2) have been in use with the ar driver from the start. The new drives are both connected to the motherboard IDE connection. Did you perhaps have your original drives plugged onto the IDE 2 channel and add the new drives to the IDE 1 channel? Nope :) see above. That's about the only thing I can think of that would make the new drives take priority over the old drives. Yeah, I understand what you mean, but that's not the case. Here is what I did, and the subsequent effect: (Remember, ad4 and ad6 (promise drives) make up the bootable ar0): # after 2 brand new drives installed: - atacontrol create RAID1 ad0 ad2 ...at which point it said it was successful, and designated the new RAID config as ad1. After reboot, the server comes up, identifies ad0, ad2, ad4 and ad6 as expected. Then it tries to load up the ar driver. It clearly says ar0 has 2 disks, ad0 and ad2, and ad1 now has ad4 and ad6, which is backwards from how it should be. Then it baffs with a mountroot error, and no manner of trying to point to any disk or array is successful. Mountroot errors 16 and 22 come up. I pull the new drives back off the motherboard IDE connections, box goes back to exactly how it was before this mess started. I tried to do an atacontrol delete on the new array, but of course it can't find it because the drives are unplugged. Are there any config files that store this information? Sorry for the long winded post. Hopefully it was a little more clear! STeve If that's the case, just switch IDE cables plugging into the Promise controller. Thanks, Ken Ebling ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Outsourcing a modem pool for dialup? Any advice?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Philip Hallstrom Sent: Thursday, June 09, 2005 1:38 PM To: freebsd-questions@freebsd.org Subject: Outsourcing a modem pool for dialup? Any advice? Hi all - Our company has a product such that a small server is installed at each customer site. This server dials up to the Internet every night and exchanges some content with a central server in our data center. Total transaction takes about 5 minutes. Customers can have multiple sites. Our largets to date has three, but some potentials have several hundred. In the cases where the site does not have an existing Internet connection we currently use dialup via a major ISP. This works for now, but won't for the long haul for a couple of reasons: - they all are all sharing the same username and password (yes yes, I know...) - we're moving into canada and this ISP doesn't have many local numbers up there. - Dealing with local numbers and their somewhat frequent changing is a real headache. What I want is a modem pool with one local number (tied into an 800 number) where I can create as many username/password pairs as needed. I want that local number to never change :-) Now... to make it fun... - No, I can't install a dialup server in our corporate datacenter. - No, I can't setup a freebsd server in satellite office. That leaves me with an outsourced solution that needs to work with FreeBSD's PPP. Anyone know of anyone that does this sort of thing? Or an ISP that has a service geared towards this (our current one does not). Bell Canada can sell you *virtual* dial up ports, and provide you with a realm (@domain.com). They handle all the dial-up connections for you, and they handle all the bandwidth as well (on exception of the data that crosses into your data centre from the clients devices). All you need is a FBSD box running FreeRADIUS, as when the user dials in, they will only pass a RADIUS request to you, and your RADIUS server will allow/deny the login attempt. They have flexible plans as your needs grow. If you move, it still doesn't matter. Everything is on their end, on exception of your RADIUS server. So if you move, you inform them of the new IP for your RAD server, they redirect the requests for your realm to the new IP and voila, back in business again. So, technically, you can go cross border or wherever. The changes are minimal, and since you control the CPE equipment, you can prepare for changes in your data storage server (or cluster) IP address(es) on your client equipment any time. Saves you from having to handle changes, as well as takes the headache of managing RAS equipment off your shoulders. For instance, this is how AOL Canada provides country wide service, without having a single equipment room in the country. It's all virtually done, through the big Telco's, and the data simply flows via TCP/IP to their servers/equipment in the US. Steve Thanks! -philip ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
MK3 patch
Hi all, I just got a new box that contains a ICH6R chipset. Freebsd 5.4 (as downloaded last week) will not detect the RAID array I have configured. I have searched and found much ado about the MK3 patch, however can't find any documentation on where to download it, and how to get FBSD to see the drives as a single array when installing from the CD. Any help is GREATLY appreciated. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Req: Good virtual mail server howto
Hello Chris, On Thu, Nov 18, 2004 at 07:07:40PM + or thereabouts, Chris Smith wrote: Has anyone got any good resources for configuring a virtual pop3/imap server under FreeBSD 5.x? I need to host mail for more than one domain and do not wish to give users system accounts. Go for http://high5.net/howto/, where you can find decent mail solution. I have used Matt Simerson's mail-toaster for a couple of years, and I can't say enough about it. http://www.tnpi.biz/internet/mail/toaster/ All virtual, no system accounts needed at all. Has pretty well any features you could ask for. Steve Cheers, Martin -- martin hudec * 421 907 303 393 * [EMAIL PROTECTED] * http://www.aeternal.net Nothing travels faster than the speed of light with the possible exception of bad news, which obeys its own special laws. Douglas Adams, The Hitchhiker's Guide to the Galaxy ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: squid
how can i deny websites in squid? for example: i don`t want that clients could connect to www.example.com how can i do this? Install squidGuard, or better yet, dansguardian. I believe both are in ports, however, dansguardian requires a license for commercial use. Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
restore -- set owner/mode
I had a head crash on a disk the other day, so I ``cloned'' the other good one of the mirror onto a temp drive until my new disk arrives. Doing a dump piped to restore, for each partition copied, it asked me if I'd like to set owner/mode. There is no apparent way to do this automatically, until I read this: http://mail-index.netbsd.org/netbsd-bugs/2004/04/27/0014.html Has this patch been introduced into anything above 4.10? If not, will it be? Are there any other workarounds that are known to work with FBSD? Tks, Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ifconfig on 4.10
I'm moving our mail server from 4.4 to 4.10. When I try to add addresses to the NIC, ifconfig doesn't seem to want to cooperate... s2ROOT[/var/CommuniGate] ifconfig fxp0 add 63.82.200.42/24 ifconfig: ioctl (SIOCAIFADDR): File exists This is the same command that I used on the 4.4 machine. Has something changed? If this is a security thing, can it be disabled via sysctl? This looks like an error generated if you are adding an IP alias within the same subnet of an already configured IP. If this is the case, apply it like this: # ifconfig fxp0 63.82.200.42/32 or # ifconfig fxp0 63.82.200.42 netmask 255.255.255.255 You weren't very clear if this is an alias or not, but it's my first guess. Regards, Steve Thanks! Scott ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: antivirus
On Thu, Oct 14, 2004 at 03:46:56PM +, Alexandr wrote: On Thu, Oct 14, 2004 at 04:40:05PM +0400, metallarch wrote: Does freebsd support any antivirus programs(server) for windows computers? clamav - this is antivirus for unix clamwin - this is antivirus for windows. It use databases for clamav. Kaspersky Antivirus (http://avp.ru) . I known admin who use it on the freebsd. But didn't know why... Possibly because the box was a mail server, or perhaps a file server that housed files for a network of Windows machines. Viruses can spread through NetBIOS shares, and I'm certain the ones that replicate this way could just as easily infect Samba shares just as it could MS shares. Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Daily reboots...
Hello all, I don't know why, but my system keeps restarting at about 14:00 or 14:30 every day. Really starting to p!ss me off. Any ideas what could be causing this, or how I could find it? As someone else suggested, I had a box like this late last year, and found that when more than a normal amount of email came into the box, clamav and SA would burn up the CPU, and it would just reboot. Solution: I put the drive(s) into another box, and voila, problem was solved. Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FTP-Installation
Hi There ! Is there a way to use a bootable CD instead of a bootable floppy to start the FTP-Installation ? I simply don't have a Floppy-drive any more Sure, download your distro, boot off the CD, and select FTP as your installation source. However, I thought the point of the CD was to NOT have to download via FTP... ;o) Steve -- Florian Haas [EMAIL PROTECTED] or [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Email redirects
I need to accept an email to a specific address, then forward it to several several external addresses. virtusertable will do that for a single recipient. Is there a way to do that for multiple recipients? Sure, you could dump it to an alias (/etc/mail/aliases) which contains several users in it's list, or simply put a .forward file in the users /home directory, and add each email address that it is going to on separate lines, which would forward the mail to that user to all recipients listed in the .forward file. HTH, Steve Thanks, Sandy Keathley ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
[OT] Re: FTP-Installation
Steve Bertrand wrote: Hi There ! Is there a way to use a bootable CD instead of a bootable floppy to start the FTP-Installation ? I simply don't have a Floppy-drive any more You can either download the full CD ISO images, or the mini-iso, either of which is bootable. Sure, download your distro, boot off the CD, and select FTP as your installation source. Did you just call FreeBSD a distro? shame on you! ;) My sincerest apologies...I should have said release. Remember however, this past weekend was Thanksgiving in Canada, so this morning I was just trying to shake the cobwebs of the long weekend away. ;o) Steve -Frank ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How do you duplicate a drive?
I have a RAID mirror (2x 160GB) which I would like to back up onto a spare 160GB drive. I do not have a hot-swap caddy so I was planning on powering down the system to get the backup drive in and out. But once I have the new blank drive in, what is the best way to duplicate the RAID? Ideally I would like to create a disk that could boot the system (and rebuild the RAID) in case disaster strikes. Can dd do this? # man rsync Steve I am new to Unix disk operations... Many thanks in advance for the help. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: firefox help
I'm a newbie who is trying to install a recent release of firefox under version 4.9 of FreeBSD. I downloaded the installer (for linux since there doesn't appear to be a FreeBSD version, yet) from Mozilla, but when I try to execute it, I get the message error while loading shared libraries: libgtk-x11-2.0.so.0. I've tried finding a package that includes this library, but haven't been successful. Can somebody help? The method I used was: # cd /usr/ports/www/firefox # make # make install I first updated my ports tree though. Everything went perfectly slick. Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How can I route through a pc that is also using a router??
My workstation and the testmachine both belongs to the same subnet: Here are the details: workstation -- 10.10.8.110 testmachine -- 10.10.8.111 Gateway -- 10.10.8.254 DNS --- 202.90.128.3 202.90.158.101 Proxy --- 202.90.128.14 Port: 3128 First, enable bridging in your kernel, by adding: options BRIDGE Then add the following to /etc/sysctl.conf: net.link.ether.bridge.enable=1 net.link.ether.bridge_ipfw=1 net.link.ether.bridge_cfg=xl0,xl1 ...assuming xl0 and xl1 are your two physical interfaces. If you do not have IPFW enabled on the test gateway, leave out the line that says bridge_ipfw=1 in sysctl.conf. You can't route through the test gateway, as it is on the same subnet as everything else (both sides of it), so you must bridge it. Now you are in a position to tap into the bitstream for ALL network traffic. HTH, Steve --- Andrew [EMAIL PROTECTED] wrote: Hi! Describe the test-machine, please. If both workstations are on the same subnet, you should probably configure the test-machine as an ip-forwarder or even as an ethernet-level bridge. If your personal workstation is on a different subnet, which is not serviced by proxy or dns, you should configure NAT on the test-machine. In general, there's little problem in cascading gateway installations. Regards, Andrew P. Good day! I have two workstations at work, 1 my personal, and the other, a test machine. My boss told me to configure a pcrouter, that is, the testmachine and let my personal pc connect through the internet through the testmachine: Here's the scenario: The testmachine already knows how to connect through the outside world but, also through a gateway testmachine(10.10.8.111)---gateway(10.10.8.254)[proxy][DNS]-- --internet And to let my pc connect to the internet through the testmachine, I've set its default gateway to the ip of the test machine. But it doesn't seem to work. When I tried to lauch my browser, the error indicates that it cannot seem to find its way to the proxy server. I've tried adding another line in my routing table like this: Destination Gateway proxy(202.90.128.14) testmachine(10.10.8.111) But it still won't work. Do you know what i've been missing here? I'm thinking perhaps the test machine should connect to the internet directly without using a gateway anymore.. Any idea? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dns-more than I ever wanted to know...
I've come across a ton of DNS tutorials on the web. Everything I've found so far is very lengthy. I need to setup a simple small office/home office network with DNS so that it resolves my inside network among the machines and hides it from the greater internet. I'm open to suggestions of a quick fix that won't take me a day and half reading full time. # cd /etc/namedb # chmod 744 make-localhost # ./make-localhost # ee named.conf Change or add the following: forwarders { 142.77.2.36; 142.77.1.1; 142.77.1.5; }; ... and then add a record for a domain. zone domain.com { type master; file domain.com.zone; allow-transfer { 192.168.0.3; }; // This is your secondary DNS allow-update { none; }; }; ...Now you have to create a zone file: # ee domain.com.zone --- start zone file --- $TTL 360 domain.com. IN SOA ns1.domain.com. admin.domain.com. ( 2004090801 ; Serial 7200 ; Refresh 3600; Retry every hour 1728000 ; Expire every 20 days 172800 ); Minimum 2 days ; ; Set the name servers to whatever was used when registered IN NS ns1.domain.com. IN NS ns2.domain.com. @ IN A x.x.x.x ; Set the Mail Exchange record @ IN MX 10 mail.domain.com. @ IN MX 20 mail2.domain.com. ; Host records ; Core ns1 IN Ax.x.x.x ns2 IN Ax.x.x.x www IN Ax.x.x.x --- end zone file --- ... now: # chown bind:bind * # /usr/sbin/named -u bind -g bind should get you resolving for your domain, as well as for external domains. To start up the daemon at startup, add the following to /etc/rc.conf: # ee /etc/rc.conf named_enable=YES named_program=/usr/sbin/named named_flags=-u bind -g bind ...all off the top of my head, so forgive me if I left something out. If you don't have a domain internally and you want to resolve only external names, skip adding the domain entry and the zone file pieces of this email. Let me know if I missed something or it doesn't work as expected. HTH, Steve Thanks, Alex - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Alexander Sendzimir (owner)802 863 5502 MacTutor: Apple Mac OS X Consulting [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dns-more than I ever wanted to know...
Steve, Thanks a bunch! This is a great help. I'm not clear on the use of allow-transfer. Reading the manpage for named.conf(5), I'm tempted to leave it out. But, I'm not fully understanding the use of it. The manpage says, allow-transfer Specifies which hosts are allowed to receive zone transfers from the server. allow-transfer may also be specified in the zone statement, in which case it overrides the options allow-transfer statement. If not specified, the default is to allow transfers from all hosts. You most likely don't need it. If you have 2 DNS servers, allow-transfer states which other servers are allowed to receive the DNS changes. This is likely not the case for you, so leave it out. I'm taking which hosts are allowed to receive zone transfers from the server to mean hosts on my local network and the server is the DNS server I'm setting up now. I don't want my zone information going out to the internet (my isp), but I do want to let it in (of course). I'll try to clarify. Most of my domains DNS info is hosted on a ``master'' server. This server is responsible for telling the Internet what IP's are for what servers. If you don't have a domain, then you will not have this set up. Now, what happens if my master DNS server goes down for my domain? Well, I have a backup server (secondary) that contains the same zone files, so it as well knows about my domain. If I make a change on the master, for instance if I need to change the IP of my web server, I make the change on the master, and eventually that change gets replicated to the secondary. Allow-transfer is like an authorization for which IP addresses the master is allowed to send the updated DNS info to. I expect you are wanting to use a ``caching-only'' type server now. If you have no domain to set up, then what is happening is your DNS server downloads DNS info from the Internet. Client sends DNS request to your server...your server looks up the DNS info from the proper server on the Internet...DNS info is passed back to the client. Now your DNS server has those records cached, so lookups after that of those same domains are almost instantaneous. You can play with BIND and set up your own domains, even if they are not registered. Using my example of the zones, you can create a phony one like 'internal.com'. No one on the Internet will know you are using it. If you want to do this, just edit named.conf as described, and create a zone file with some names for you PC's. ie: workstation IN A 10.0.0.10 ; your computer gateway IN A 10.0.0.1 filesrv IN A 10.0.0.20 Note that anything after ; is a comment. Now, once your pc's are pointing DNS at the new box, you will be able to ping your inside network by name, AND IP. You got it right. Unless firewalled off, bind will listen by default on all Interfaces, but point the clients to 10.0.0.1 as the DNS server. Hope I was able to clarify not too badly. I'm very busy today, so I'm rushed to reply so forgive any errors, omissions and/or bad clarification. If you have more questions, fire away. Steve I failed to mention that the machine acting as DNS inside my network is/will be configured as a gateway. (QUESTION: I have vr0 and vr1. Does it matter which interface I face toward the internet?) Perhaps this doesn't matter as long as the DNS server is pointing to/resolving for the inside (local) network interface (10.0.0.1). Let me make this more clear. I have the following (typical?) small office setup: - ISP--- monopolists + | | | (vr1) --- DHCP'd from ISP -- FreeBSD 4.10 gateway -- (vr0) --- 10.0.0.1 | DNS,ipfw,natd,httpd | | {... local network ...} So, all this just to clarify allow-transfer. :) My questions go deeper than DNS. But, I'm trying to figure out the rest myself. Thanks, Alex On Sep 24, 2004, at 9:57 AM, Steve Bertrand wrote: snip ... and then add a record for a domain. zone domain.com { type master; file domain.com.zone; allow-transfer { 192.168.0.3; }; // This is your secondary DNS allow-update { none; }; }; snip - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Alexander Sendzimir (owner)802 863 5502 MacTutor: Apple Mac OS X Consulting [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Crontab file (root user)
Hi all, I'm wondering where the crontab is located for the root user. I know there is the system crontab in /etc, however doing a #crontab -e when su'd to root, it comes up with a different crontab. Is there a file on the system that actually contains the root users crontab entries? Tks. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Crontab file (root user)
On Fri, 17 Sep 2004 09:36:01 -0400 (EDT), Steve Bertrand [EMAIL PROTECTED] wrote: Hi all, I'm wondering where the crontab is located for the root user. I know there is the system crontab in /etc, however doing a #crontab -e when su'd to root, it comes up with a different crontab. Is there a file on the system that actually contains the root users crontab entries? In /var/cron/tabs you have a file named root for root crontab. Indeed...thanks greatly! Steve -- Renato Botelho ICQ: 54596223 AIM: RBGargaBR ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bandwidthd web access
So, I just installed bandwidthd on FreeBSD 5.3-Beta. I don't have Apache installed on this system, however, and maybe that's why I can't access the web page for this from another computer. I was thinking that it maybe provided it's own web engine as I would like to avoid installing apache on this system. Nonetheless, if I go to /usr/local/bandwidthd/htdocs and use lynx to view the html pages there, then I see bandwidthd is working and collecting information as it should. So, what is it that I'm missing to get these pages served internal to our LAN? # cd /usr/ports/www/apache13 # make make install # cd /usr/local/etc/apache -- edit httpd.conf to taste ie. Change hostname, etc -- # cd /usr/local/www/data # ln -s /usr/local/bandwidthd/htdocs bandwidthd # /usr/local/bin/apachectl start Now...go to a workstation and type in a browser addr bar: http://ip_of_bandwidthd_server/bandwidthd Hope I didn't miss anything ;o) Apache is not as bad as people think. Generally, for bandwidthd, it should actually work right out of the box, without changing anything... Steve Curtis ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
/usr/ports/databases/mysql(-devel)?
I'm attempting to install freeradius from ports, but it heavily relies upon mysql-devel being installed. In 4.7 it was actually in ports. Now, it does not appear to be there. There is however, an option in the makefile which is disabled (--without-debug). If I enable this configure option, is this effectively installing all the devel stuff for MySQL? Tks, Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /usr/ports/databases/mysql(-devel)?
In the last episode (Sep 14), Steve Bertrand said: I'm attempting to install freeradius from ports, but it heavily relies upon mysql-devel being installed. In 4.7 it was actually in ports. Now, it does not appear to be there. There is however, an option in the makefile which is disabled (--without-debug). If I enable this configure option, is this effectively installing all the devel stuff for MySQL? There was never a mysql-devel port afaik; the mysql ports have always been numbered. The freeradius port currently depends on mysql 4.0.x, which should get built and installed automatically by the ports system when you try and build freeradius. Ok, I thought there was one. Yesterday, I was trying to install FreeRADIUS on a box that already had MySQL installed on it (from source, not ports) and it was having a problem locating rlm_sql_mysql.so. Searching, I found I had to install mysql-devel. This morning, I am installing on a fresh install (5.2.1), and actually never crossed my mind to install freeradius port first, and let it handle the mysql dependencies. I am trying that now... Tks for the reminder, that ports will build in their own dependencies ;o) Steve -- Dan Nelson [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Installing ports with OPTIONS
Hi all, I am attempting to install /usr/ports/security/snort, but I want MySQL support. I've uncommented OPTIONS and the line that states MYSQL=on in the Makefile, however, when I run: # script # make the resulting script shows no indication that MySQL was included. How can I verify that support for MySQL was included? If I run: # make -DWITH_MYSQL will I be certain that it is included, even if the output from make shows no indication of MySQL? Tks, Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Installing ports with OPTIONS
Hi all, I am attempting to install /usr/ports/security/snort, but I want MySQL support. I've uncommented OPTIONS and the line that states MYSQL=on in the Makefile, however, when I run: # script # make the resulting script shows no indication that MySQL was included. How can I verify that support for MySQL was included? If I run: # make -DWITH_MYSQL will I be certain that it is included, even if the output from make shows no indication of MySQL? Sorry to reply my own post, but: # make -DWITH_MYSQL appears to be working. The port is building in MySQL now. Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Installing ports with OPTIONS
On Fri, Sep 10, 2004 at 10:02:37AM -0400, Steve Bertrand wrote: I am attempting to install /usr/ports/security/snort, but I want MySQL support. I've uncommented OPTIONS and the line that states MYSQL=on in the Makefile, however, when I run: # script # make Don't do that: the OPTIONS stuff is commented out for a reason. Not entirely sure what reason, but if it worked, it wouldn't be commented out now, would it? Well, I thought it was commented out so things don't get compiled in by default, but it certainly does not appear to work. the resulting script shows no indication that MySQL was included. How can I verify that support for MySQL was included? If I run: # make -DWITH_MYSQL will I be certain that it is included, even if the output from make shows no indication of MySQL? Using: # make -DWITH_MYSQL is the correct thing to do. However, you should make sure that you aren't stumbling over the remains of previous compilation sessions. First run: # make clean then run # make -DWITH_MYSQL and you should certainly see mysql mentioned during the configuration and compilation steps. Yes, as per my own reply, this is what I did, and it is compiling with MySQL. Thanks Matt, Tom for your suggestions. Steve Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Packet filter statistics
Please bear with me... I've got a Windows 2000 web server that is spewing out over 2Mbps of data which is going out round robin over my 3 T-1 connections. Although there is still more throughput available, this is seemingly rediculous. I've got a fortigate box in front of the server now, but the details it gives aren't quite what I need. What I'd like to have is a FBSD filter (transparent bridge) setup in front of the box, with software that can chart for me what type of packets are being sent/rec'd to/from this box, as well as each packets frequency and size. Any graph would do. I believe this is legit HTTP traffic, but I can't identify packet size (or the size of a single entire HTTP session etc). Seeing this in graphical form would help me immensely. Anyone familiar with available software that I could dump on my filter box that can potentially do something similar like I am looking for? I was contemplating on asking this on -ipfw, however technically it's not a direct IPFW question. Tks everyone for any suggestions. Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Packet filter statistics
Steve Bertrand wrote: Please bear with me... I've got a Windows 2000 web server that is spewing out over 2Mbps of data which is going out round robin over my 3 T-1 connections. Although there is still more throughput available, this is seemingly rediculous. I've got a fortigate box in front of the server now, but the details it gives aren't quite what I need. What I'd like to have is a FBSD filter (transparent bridge) setup in front of the box, with software that can chart for me what type of packets are being sent/rec'd to/from this box, as well as each packets frequency and size. Any graph would do. I believe this is legit HTTP traffic, but I can't identify packet size (or the size of a single entire HTTP session etc). Seeing this in graphical form would help me immensely. Anyone familiar with available software that I could dump on my filter box that can potentially do something similar like I am looking for? I was contemplating on asking this on -ipfw, however technically it's not a direct IPFW question. Tks everyone for any suggestions. Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] You may want to check out Ethereal (free packet sniffer) www.ethereal.com. I have used this successfully on FreeBSD. Also, FreeBSD has a program called tcpdump that will show packets without the added bells and whistles of Ethereal. One note: if you are using level 2 or higher switches, the sniffer will not pickup all the traffic coming out of your Win2k box unless you configure a management port on your switch or use a hub with both the sniffer box and the server connected to it. Alternatively, you may be able to run Ethereal on you Win2k box Hope this helps. Thanks for the info...I use ethereal as well as tcpdump quite frequently, but I need something a little different here. I don't need to worry about ``sniffing'' as it's normally used, because the FBSD box will be put right in-line between the affected box and the core network switch, so ALL packets will travel right through the box so I can manipulate every single packet as required. It was suggested (off list unfortuneatly) to check out bandwidthd and ipaudit. I'm going to give bandwidthd a try, as it looks very close to what I want. Tks, STeve Norm ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Packet filter statistics
My email domain is just a strange coincidence, I am not associated with the people at ethereal.com, just like the product (and name :) You do not need X, use tethereal, it is a command line program. With regards to inserting the box inline, It should be possible, I have not been successful at doing it (yet). I am trying to build a NIPS which I would like to put inline between my ISP and my wireless router. I am using ipfw, If I get it to work, I will let you know. Tks for the input. I've done inline boxes with FreeBSD several times in bridge mode (I work at an ISP). If you have any questions, feel free to ask. If they are off topic to this list, just email me at [EMAIL PROTECTED] Cheers, Steve Norm ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: i cant enter su
i cant enter su in my machine.i controled and i found master.passwd files mode is 700. how can i change this files chmoýd.please help. i cant enter su What error do you get? Can you log in as root at the console? (This would validate the root passwd). If you've lost the root password, reboot the system, and hit any other key than ENTER when it starts up, then type boot -s to enter single user mode. You automatically are logged in as root, where you can change his password, by using ``passwd''. If you know the root password, open up the file /etc/group in your favorite editor, and make sure your username is listed beside 'wheel'. ...and ahhh, chmodding the /etc/master.passwd file? Personally, I wouldn't recommend this, but if you must, read ``man chmod''. steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Moving MySQL database
On Fri, Sep 03, 2004 at 09:42:36AM -0400, Bart Silverstrim wrote: I have a server that is rapidly filling the var partition with a MySQL database. I'd like to move it to a subdirectory somewhere under /usr. Is there a document that would outline a best practices approach to doing this? My first instinct was to stop the mysqld, do a mv on /var/db to /var/db2 to rename it, copy the data to a /usr/local/db folder and alter permissions on it to match /var/db, then make a softlink between /usr/local/db and /var/db and restart mysqld so mysqld wouldn't need any reconfiguring and everything, I would *think*, should keep working...only now it will be working off a far more spacious partition. I'd do it this way: i) Stop mysql ii) Remove (pkg_delete) the mysql-server package iii) Move the database files to their new location, taking care to preserve ownership, permissions, timestamps etc. iv) Reinstall the mysql-server port setting a different DB_DIR on the make command line: # make DB_DIR=/usr/local/db install v) Make sure that the home directory of the mysql user account is the same as you set DB_DIR to. The port should take care of that, but it won't hurt to double check. % grep mysql /etc/passwd mysql:*:88:88:MySQL Daemon:/usr/local/db:/sbin/nologin vi) Restart the mysql server. Verify that your data survived the move. And that's it: you're done. Won't a simple symlink of /var/db/mysql to a new location (ie. /usr/db/mysql) after the directory is moved perform the same task, without the need to re-install? I've never done this, but it may work, and save some troubles. Steve Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Enabling Serial Console
Wish to enable the serial console on my servers so that I can remotely view a reboot when it crashes ... I know to plug the serial cable into COM1 ... and I know I have to add something to /boot.config, but, if I want to set it so that even if the keyboard is plugged in, the serial console works, what do I need to add? I always thought -P, but reading the man page, I'm not so sure :( I believe what you are looking for is: # echo '-h' /boot.config Also ... I'm going to cross-connect the servers for now ... ServerA/COM1-ServerB/COM2, ServerB/COM1-ServerC/COM2, etc ... what happens if all machines come up at once? I see nothing in the man page about 'detecting serial', so I'm assuming that the serial console will still work, even if there is nothing at the other end 'listening' yet? Thanks ... Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email: [EMAIL PROTECTED] Yahoo!: yscrappy ICQ: 7615664 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: is there a how-to for : postfix + mysql + sasl + courier_IMAP + postfix admin using ports tree?
I came across this site yesterday: http://www.high5.net/howto/ I would like to know if anyone has gotten this setup working by installing everything via the fbsd ports tree. Is there possibly a how-to already out there in order to do this? I don't know how firm you are on using postfix, but if your just in the preliminary stages of deciding how to set up a complete mail server, check out the Mail-Toaster... http://www.tnpi.biz/internet/mail/toaster/index.shtml Cheers, Steve Thanks Dan ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re:
Deferred: Name server: mail.mailserver.com.: host name lookup failure Can you verify proper DNS functionality on the box? Try: # dig mail.mailserver.com and; # dig freebsd.org Do these return IP addresses? Steve What is odd is this .forward worked before I updated the box to 5.3, and the same account and setup still works for the other 3 unix boxes in the basement. If I change the .forward on the broken box to point to my gmail account the mail goes right through. Any ideas out there on what might have changed with sendmail between 5.2.1 and 5.3 Beta2? -Will ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: port redirection from 2 public ips - natd to a single service.
I'm using natd and doing port redirection with a natd.conf file. I have a mission to accomplish this week last sec. O NO... Ok, off the top of the head... Can you run a separate instance of natd, on a separate port, and use IPFW to properly filter? For instance: ipfw 10 divert 8669 all from any to $secondIP # 2nd instance natd ipfw 20 divert 8668 all from any to any out via $outside_interface ipfw 30 divert 8669 all from $mailserver to any out via $outside_if ipfw 40 divert 8668 all from any to any in via $outside_interface natd could be started like this (for the standard natting): # /usr/sbin/natd -a primary_ip and the second instance (for the mail server) # /usr/sbin/natd -a secondary_ip -i 8669 -redirect_port 10.0.0.10:25 25 etc..etc. I have no idea if this will actually work, but it sounds good in my head as far as theory is concerned. Steve We have to change our IP address on the mail server and they run this mail server off a windows machine.. (placeing the windows machine one the Internet with out firewall is out of the question) we need 2 public IP addresses to redirect to a single machine behind them. The firewall in place now allows DMZ hosting. However, it will not allow us to alias an address outside of its network. plan is to place a freebsd machine in the middle and configure natd with ipfw and so on... well we got the machine working as the gateway and redirected traffic for 110 and 25. as well as a test port 8384. That was great.. more like a good time!! ;-) well the challenge was to alias an address to the public interface and see if that would work. results are .. we could see port redirection working on the Primary address and not the secondary. all though the machine was responding for both IPs. (made connections to the freebsd machine on both IPs) Just the port forwarding would not work. we also tried placing the IP address where we had the interface name to enable nat and listed it twice. one for each address. same results.. we then tried to place another physical interface into the machine and muk with nat in that way. no luck... to be honest the brain had series pain at the moment and I cant remember much more.. Wondering if there is someone out there who maybe able to answer this one or place me ina direction. This could save a us from a future migraine from the ear full we will get.. hehe :-) Thanks for your time.. Shawn PC's are like air conditioners.. They are both useless with windows open ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sandisk sd 256MB freebsd install
Greetings: My goal is to make a minimal install of FBSD on a 256 MB sandisk memory card. I have a usb card reader and I was wondering if there exists any instructions on how to perform the install out on the web. I tried googling for it and found nothing useful. I've performed this: http://neon1.net/misc/minibsd.html a few times, and it's great. Takes some getting used to, but you can customize and do almost anything with it. Note that in order for it to boot, you must be able to boot from USB on your motherboard, or buy a flash card - IDE converer. Good luck! Steve Any thoughts, Brian ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: setup firewall/router/proxy
Hi, What are the best firewall - routing and proxy packages for FreeBSD ? FW/Routing: IPFW + natd (both have man pages) Proxy: squid (/usr/ports/www/squid) IMHO. Steve Have only experience with debian/proxy/masquerading/iptables. Thansks in advance for the help. mess-mate ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: setup firewall/router/proxy
It's been a long time since I've played with Linux in general, last one was RH. If Mandrake has ipchains or ipfw, I'd say go with either and still use squid. It's popular, easy to configure, works well and has support. It shouldn't need any routing daemon as long as none of the advanced routing protocols are needed. I assumed by ``routing'', you meant Network Address Translation (NAT), which is called natd and is included as part of the base system. `routed', is a router _discovery_ protocol, and used if your router has multiple routes and the network is configured to share this information. If you simply want an internal network translated to a public IP, use natd+IPFW (my choice), and if you have more than the default route for the internal network, for simplicity sake you can manipulate your routing table and specify static routes using the route(8) command. ...and as I and others have said, squid is probably the best choice for proxy. Using IPFW with a squid proxy, you can even configure it for transparent mode, so you don't have to modify the browsers at all. There are a few docs out there for this... Steve -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: fw.sh question
I installed freebsd 4.5 and am trying to use a firewall rules set to load upon bootup. I put a file called fw.sh in /usr/local/etc/rc.d/ but it doesn't load up when I restart. I got the impression that all .sh files in this folder are supposed to load up. You should instead put your script into /etc or somewhere (perhaps /root), and load it from rc.conf instead...like this: firewall_script=/etc/fw.sh This will ensure it gets loaded, and will get loaded sooner in the boot cycle, before the services get loaded up. my $.02 Steve Any ideas? I am logged in as root. __ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
disklabel
Hi all, I have 6 GB left on an already production disk drive, that I want to label and use. In sysinstall, using disklabel, I get the following: Disk: ar0 Partition name: ar0s1 Free: 12218275 blocks (5965MB) Part Mount Size Newfs Part Mount Size Newfs - - - - ar0s1anone250MB * ar0s1bswap 1024MB SWAP ar0s1enone 4MB * ar0s1fnone 3MB * ar0s1gnone 4MB * If I create another partition and then write with the 'w' command, will this destroy any data? Or would I be better off using the disklabel command, and entering in the following: h: * 4.2BSD and then doing a newfs? What is the safest or most recommended way? Tks, Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /etc/make.conf
Hi all. Please also reply to my mailbox, as I'm not on the list. Thank you! Can anybody tell me about /etc/make.conf in FreeBSD-5.2.1 ?? Yesterday I moved away /etc/make.conf that looked like this: pcm2028.dti.supsi.ch# cat /etc/make.conf.back # -- use.perl generated deltas -- # # Created: Thu Nov 13 18:49:33 2003 # Setting to use base perl from ports: PERL_VER=5.6.1 PERL_VERSION=5.6.1 PERL_ARCH=mach NOPERL=yo NO_PERL=yo NO_PERL_WRAPPER=yo I must admit, that I don't quite follow what you are getting at in this post, but something blatantly stuck it's finger out at me... NOPERL=yo NO_PERL=yo NO_PERL_WRAPPER=yo Is yo kind of like maybe? ;o) Perhaps this could be related to the problem you are having. The values should either be yes, or no. Steve then I went on on upgrading my ports system as described in /usr/ports/UPDATING.. # portupgrade -o lang/perl5.8 -f perl-5.6.1_15 # portupgrade -f p5-\* and all the rest till # portupgrade -rf textproc/expat2 today, I went on to do make buildworld and checked /etc/make.conf and guess what? It is again there: pcm2028.dti.supsi.ch# cat /etc/make.conf # -- use.perl generated deltas -- # # Created: Tue Aug 10 16:35:06 2004 # Setting to use base perl from ports: PERL_VER=5.6.1 PERL_VERSION=5.6.1 PERL_ARCH=mach NOPERL=yo NO_PERL=yo NO_PERL_WRAPPER=yo so.. I just upgraded perl to 5.8, but somehow in /etc/make.conf it says to use version 5.6.1.. why? pcm2028.dti.supsi.ch# which perl /usr/bin/perl pcm2028.dti.supsi.ch# perl --version This is perl, v5.6.1 built for i386-freebsd pcm2028.dti.supsi.ch# pkg_info|grep perl p5-DBI-1.41 The perl5 Database Interface. Required for DBD::* modules p5-Test-Harness-2.40 Run perl standard test scripts with statistics p5-Test-Simple-0.47_1 Basic utilities for writing tests in perl p5-Time-HiRes-1.55,1 A perl5 module implementing High resolution time, sleep, an perl-5.6.1_15 Practical Extraction and Report Language perl-5.8.2_5Practical Extraction and Report Language Thank you. -- Roberto Nunnari -software engineer- mailto:[EMAIL PROTECTED] Scuola Universitaria Professionale della Svizzera Italiana Dipartimento Tecnologie Innovative http://www.dti.supsi.ch SUPSI-DTI Via Cantonaletel: +41-91-6108561 6928 Mannofax: +41-91-6108570 Switzerland (o o) ===oOO==(_)==OOo ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Vinum clarification
I am wanting to set up a vinum configuration so that I have a spanned volume containing a large partition on one drive, and a second entire disk. I am a little confused whether I need to build a striped or concat volume. The usable size on one disk is different from the usable size on the other disk. From what I gather from the man pages and some howto's found on the 'net, does this look like a reasonable config, or should I use type stripe instead? drive d1 device /dev/ad1s1e drive d2 device /dev/ad2e volume span plex org concat sd length 4m drive d1 plex org concat sd length 118000m drive d2 Unfortunately, I am not in a position to try this on a test network, so this will be done on a hot production box. I understand that it will wipe out data, but in this instance, both areas to be used are currently empty. Tks for any advice. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Alternative to 'get'? Trying to download a file via HTTP
I am running FreeBSD 4.9R. My goal is to download an .tar.gz file from an HTTP site? I thought get would do that, but it's not installed (unless the command is not get). Any suggestions? # fetch http://www.someserver/somedir/somefil.tar.gz Steve Thank you, ...D ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Alternative to 'get'? Trying to download a file via HTTP
I am running FreeBSD 4.9R. My goal is to download an .tar.gz file from an HTTP site? I thought get would do that, but it's not installed (unless the command is not get). Any suggestions? ...also: # wget http://www.server.com/dir/file.tar.gz or: # wget -b http://www.server.com/dir/file.tar.gz to run it in the background. Steve Thank you, ...D ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
rsync(1) and the -l(inks) option
I am confused as to the -l option with rsync. If I am to not use this option, does this mean that any symlinks will be followed, and the entire directory structure of the location pointed to by the link will be copied? eg... # rsync -acr /home/steve [EMAIL PROTECTED]:/home/steve/backup If /home/steve had a symlink: /home/steve/tmp - /var/tmp would all the contents of /var/tmp be copied to the destination? Now, what would be the best set of options to use if I want to ``clone'' one server onto another server so that everything is exactly the same? Tks, Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
[Fwd: Re: natd -redirect_address]
OP forgot to Cc: list... thank you so much. I found that for some reason natd was not loading at boot so I typed this ipfw -f flush ipfw add divert natd all from any to any via xl0 ipfw add pass all from any to any natd -n xl0 -redirect_address 192.168.0.10 24.97.250.203 and it works like a dream Steve Bertrand [EMAIL PROTECTED] wrote: Hello all, I am probably missing something really stupid but here it goes. I've read the man pages, the handbook and even googled the problem to no avail. I am trying to set up natd to redirect public ips to my private addresses. This is what I have set up in rc.conf defaultrouter=24.97.250.201 gateway_enable=YES hostname=gir.visionpayments.net ifconfig_rl0=inet 192.168.0.13 netmask 255.255.255.0 ifconfig_xl0=inet 24.97.250.202 netmask 255.255.255.248 linux_enable=YES sshd_enable=YES usbd_enable=YES firewall_enabled=YES firewall_type=OPEN natd_enabled=YES natd_interface=xl0 natd_flags=-f /etc/natd.conf This is what I have in natd.conf redirect_address 192.168.0.10 24.97.250.203 From what I read in the man pages and handbook this should be all I need, however, I cannot even ping 24.97.250.203. So I typed in -bash-2.05b$ natd -redirect_address 192.168.0.10 24.97.250.203 and got natd: aliasing address not given So I added ifconfig_xl0_alias0 inet 24.97.250.203 to rc.conf and now I am able to ping that public addy but it is doesn't seem to be redirecting me to 192.168.0.10. So I typed in -bash-2.05b$ natd -redirect_address 192.168.0.10 24.97.250.203 again to see what was happens and got natd: aliasing address not given Oh, and to further... when using -redirect_address as above, you must supply the -i (-interface) or an -alias_address statement. Try this: # natd -i rl0 -redirect_address 192.168.0.10 0.0.0.0 or this: # natd -a 24.97.250.203 -redirect_address 192.168.0.10 0.0.0.0 Cheers, Steve again. am I just being a dumb n00b? wtf am I doing wrong? First off, have you confirmed natd to be functional? Can the internal machines get out to the net? At what point of your firewall ruleset are you diverting to natd? Have you tried this: redirect_address 192.168.0.10 0.0.0.0 to see if incoming traffic destined to any public IP gets redirected? Steve - Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] - Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! thank you so much. I found that for some reason natd was not loading at boot so I typed this ipfw -f flush ipfw add divert natd all from any to any via xl0 ipfw add pass all from any to any natd -n xl0 -redirect_address 192.168.0.10 24.97.250.203 and it works like a dream Steve Bertrand [EMAIL PROTECTED] wrote: Hello all, I am probably missing something really stupid but here it goes. I've read the man pages, the handbook and even googled the problem to no avail. I am trying to set up natd to redirect public ips to my private addresses. This is what I have set up in rc.conf defaultrouter=24.97.250.201 gateway_enable=YES hostname=gir.visionpayments.net ifconfig_rl0=inet 192.168.0.13 netmask 255.255.255.0 ifconfig_xl0=inet 24.97.250.202 netmask 255.255.255.248 linux_enable=YES sshd_enable=YES usbd_enable=YES firewall_enabled=YES firewall_type=OPEN natd_enabled=YES natd_interface=xl0 natd_flags=-f /etc/natd.conf This is what I have in natd.conf redirect_address 192.168.0.10 24.97.250.203 From what I read in the man pages and handbook this should be all I need, however, I cannot even ping 24.97.250.203. So I typed in -bash-2.05b$ natd -redirect_address 192.168.0.10 24.97.250.203 and got natd: aliasing address not given So I added ifconfig_xl0_alias0 inet 24.97.250.203 to rc.conf and now I am able to ping that public addy but it is doesn't seem to be redirecting me to 192.168.0.10. So I typed in -bash-2.05b$ natd -redirect_address 192.168.0.10 24.97.250.203 again to see what was happens and got natd: aliasing address not given Oh, and to further... when using
Re: natd -redirect_address
Hello all, I am probably missing something really stupid but here it goes. I've read the man pages, the handbook and even googled the problem to no avail. I am trying to set up natd to redirect public ips to my private addresses. This is what I have set up in rc.conf defaultrouter=24.97.250.201 gateway_enable=YES hostname=gir.visionpayments.net ifconfig_rl0=inet 192.168.0.13 netmask 255.255.255.0 ifconfig_xl0=inet 24.97.250.202 netmask 255.255.255.248 linux_enable=YES sshd_enable=YES usbd_enable=YES firewall_enabled=YES firewall_type=OPEN natd_enabled=YES natd_interface=xl0 natd_flags=-f /etc/natd.conf This is what I have in natd.conf redirect_address 192.168.0.10 24.97.250.203 From what I read in the man pages and handbook this should be all I need, however, I cannot even ping 24.97.250.203. So I typed in -bash-2.05b$ natd -redirect_address 192.168.0.10 24.97.250.203 and got natd: aliasing address not given So I added ifconfig_xl0_alias0 inet 24.97.250.203 to rc.conf and now I am able to ping that public addy but it is doesn't seem to be redirecting me to 192.168.0.10. So I typed in -bash-2.05b$ natd -redirect_address 192.168.0.10 24.97.250.203 again to see what was happens and got natd: aliasing address not given Oh, and to further... when using -redirect_address as above, you must supply the -i (-interface) or an -alias_address statement. Try this: # natd -i rl0 -redirect_address 192.168.0.10 0.0.0.0 or this: # natd -a 24.97.250.203 -redirect_address 192.168.0.10 0.0.0.0 Cheers, Steve again. am I just being a dumb n00b? wtf am I doing wrong? First off, have you confirmed natd to be functional? Can the internal machines get out to the net? At what point of your firewall ruleset are you diverting to natd? Have you tried this: redirect_address 192.168.0.10 0.0.0.0 to see if incoming traffic destined to any public IP gets redirected? Steve - Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: natd -redirect_address
Hello all, I am probably missing something really stupid but here it goes. I've read the man pages, the handbook and even googled the problem to no avail. I am trying to set up natd to redirect public ips to my private addresses. This is what I have set up in rc.conf defaultrouter=24.97.250.201 gateway_enable=YES hostname=gir.visionpayments.net ifconfig_rl0=inet 192.168.0.13 netmask 255.255.255.0 ifconfig_xl0=inet 24.97.250.202 netmask 255.255.255.248 linux_enable=YES sshd_enable=YES usbd_enable=YES firewall_enabled=YES firewall_type=OPEN natd_enabled=YES natd_interface=xl0 natd_flags=-f /etc/natd.conf This is what I have in natd.conf redirect_address 192.168.0.10 24.97.250.203 From what I read in the man pages and handbook this should be all I need, however, I cannot even ping 24.97.250.203. So I typed in -bash-2.05b$ natd -redirect_address 192.168.0.10 24.97.250.203 and got natd: aliasing address not given So I added ifconfig_xl0_alias0 inet 24.97.250.203 to rc.conf and now I am able to ping that public addy but it is doesn't seem to be redirecting me to 192.168.0.10. So I typed in -bash-2.05b$ natd -redirect_address 192.168.0.10 24.97.250.203 again to see what was happens and got natd: aliasing address not given again. am I just being a dumb n00b? wtf am I doing wrong? First off, have you confirmed natd to be functional? Can the internal machines get out to the net? At what point of your firewall ruleset are you diverting to natd? Have you tried this: redirect_address 192.168.0.10 0.0.0.0 to see if incoming traffic destined to any public IP gets redirected? Steve - Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Back-up on remote machine
On Thu, Aug 05, 2004 at 05:58:24PM +0700, Roger Merritt wrote: One example I found on the WWW is: tar -czf - /some/file | \ ssh host.name tar -xzf - -C /destination. That's not quite what I want, because I don't see any need to untar everything at the far end, but I can't send a file without using some command to ssh. If all you need is somthing at the other end capturing the data try ... | ssh remotehost cat - myfile Remember though, that the remote file will be a tarball itself. Here is the command I use frequently, to get exactly what you want...a tarball of a local file system on a remote machine: # tar -cvzf - /home/steve | ssh [EMAIL PROTECTED] 'cat tarball.tar.gz' Regards, Steve -- greetz Joost [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Finding out what ran when...
I have rrdtool plotting graphs for me for system performance, memory, cpu etc, and about 4:30 AM, my cpu utilization goes through the roof. I know this is amanda (backup) doing this as it runs at this time, but I am curious to know if there are any utilities that can *watch* the system at night and report what did what and when. Perhaps something that can report if something uses xx% of cpu, or xxMB of memory? Tks, Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Finding out what ran when...
Steve Bertrand [EMAIL PROTECTED] wrote: I have rrdtool plotting graphs for me for system performance, memory, cpu etc, and about 4:30 AM, my cpu utilization goes through the roof. I know this is amanda (backup) doing this as it runs at this time, but I am curious to know if there are any utilities that can *watch* the system at night and report what did what and when. Perhaps something that can report if something uses xx% of cpu, or xxMB of memory? Sounds like you want process accounting. Check out the man pages for acct(2), accton(8), sa(8) and lastcomm(1) Excellent, this is exactly what I was looking for. Thanks very much Bill. Cheers! Steve -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd How do you restart rc.conf without rebooting
- Original Message - From: Dan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, July 30, 2004 3:28 PM Subject: freebsd How do you restart rc.conf without rebooting How do you restart rc.conf without rebooting your machine. Dan /etc/netstart if I recall will reload and execute the settings within rc.conf without rebooting. IIRC, /etc/netstart will reload the network only. I don't think it reloads everything in /etc/rc.conf. As a matter of fact, I just performed this command, and from what I can tell, it only reloaded the IP networking, and the fw rulesets. It did not HUP, or otherwise restart any of my daemons. YMMV. Steve Steve -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd How do you restart rc.conf without rebooting
- Original Message - From: Dan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, July 30, 2004 3:28 PM Subject: freebsd How do you restart rc.conf without rebooting How do you restart rc.conf without rebooting your machine. Dan /etc/netstart if I recall will reload and execute the settings within rc.conf without rebooting. IIRC, /etc/netstart will reload the network only. I don't think it reloads everything in /etc/rc.conf. As a matter of fact, I just performed this command, and from what I can tell, it only reloaded the IP networking, and the fw rulesets. It did not HUP, or otherwise restart any of my daemons. To add, I left work, got home, and found my default route did not get reloaded properly after this ``test'' of the command. Don't know why yet, all I do know is that I couldn't reach the box from home so I had to ssh into another box on the same subnet, and add the default route back. All of the IP's and IP aliases did load correctly, as did the IPFW firewall rules, but the defaultrouter=x.x.x.x statement did not take effect as it would have after a reboot. Steve -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [OT] Firewall Rule Set not allowing access to DNS servers?
There are many ways in which your ruleset might break. Two of the most important comments I wanted to make when I first saw the posts of this thread are: a) Why do you use static rule numbers? You'd only have to use static rule numbers if your ruleset had more than 65536/100 = 655 rules. This limit is relatively hard to hit in a SOHO installation (Small Office, Home Office). If you do reach such limits, there's definitely something weird going on with the way your ruleset is written ;-) Giorgos, I am interested in where I can get more information about this. Are you suggesting that IPFW reads the ruleset and formulates a rule number according to position in the script? (I always use custom scripts). If this is true, how does this ``dynamic'' feature get affected when one houses multiple rule _sets_? Can you please provide any links to information that I can gain valuable information on this? This would certainly make ruleset creation much easier ;o) Also, links to any information on how/what/why on the 16b/100 limit on the dynamic rules, so I (we) can learn more about this? I must admit, I've never even come within 1/15 of this number, but it is interesting. All my rules have always been simply, allow, allow, allow, DENY. Tks much, Steve b) Why do you use so many rules that 'filter' outgoing traffic? I saw smtp, pop3, time, http, https and many others. You don't need to explicitly allow outgoing connections unless the users in the internal LAN are not to be trusted at all and even then IPFW is most of the time not the right way to do it. I'd probably just use something of this form in the /etc/ipfw.rules file and let rc.firewall find it by setting firewall_type=/etc/ipfw.rules in my rc.conf file: # First clean up all the rules of ipfw. flush # Packets should be passed to natd *before* any other rule as # mentioned in the natd(8) manpage, unlike your current script. add divert natd all from any to any via dc1 # Allow only lo0 interface to use the 127.0.0.1 address. add allow ip from 127.0.0.1 to 127.0.0.1 via lo0 add deny ip from 127.0.0.1 to any add deny ip from any to 127.0.0.1 # Add only the dc0 interface to receive or send packets in the # 192.168.0.0/16 address range. add allow ip from 192.168.0.0/16 to 192.168.0.0/16 via dc0 add deny ip from 192.168.0.0/16 to any add deny ip from any to 192.168.0.0/16 # Block packets with addresses that are used in private networks # and should not appear in any of our interfaces below this point. add deny ip from 10.0.0.0/8 to any add deny ip from any to 10.0.0.0/8 add deny ip from 172.16.0.0/12 to any add deny ip from any to 172.16.0.0/12 # Allow DNS and NTP through. add allow udp from any to any 53,123 keep-state out # Pass all ICMP messages through. They're rate limited by the # kernel if sysctl net.inet.icmp.icmplim is enabled, so this is # not very unsafe to do. add allow icmp from any to any # # Stateful tcp filtering. # add check-state add deny tcp from any to any established # All outgoing and incoming connections are allowed in dc0 (private iface). # Only outgoing connections are allowed on dc1 (external iface). add allow tcp from any to any keep-state out xmit dc0 setup add allow tcp from any to any keep-state in recv dc0 setup add allow tcp from any to any keep-state out xmit dc1 setup # Only selected services are allowed to pass through external iface. add allow tcp from any to any 22 keep-state in recv dc1 setup add allow tcp from any to any 113 keep-state in recv dc1 setup # The default firewall policy. add deny log logamount 0 ip from any to any No inline numbers, a simpler layout and a logic that you can hopefully extend at the second from last paragraph to allow more services through your external interface (the `in recv dc1 setup' rules). Note that I haven't tested this, so it might contain syntax errors because it's based on the ruleset I'm using at home but it also includes some modifications. Instead of untangling the ruleset you're now trying to use which seemed unnecessarily complex to me, I'm posting this just in case it's useful but it's up to you to bring it to shape for your setup if it doesn't Just Work(TM) when you load it. - Giorgos ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To
RE: Firewall Rule Set not allowing access to DNS servers?
My LAN is configured with static IP addresses, 192.168.1.x. I have no problems communicating within the LAN. I have full connectivity with the internet from every machine on my LAN when the firewall is open. When I use the rule set in question, I can ping and send mail but I cannot access the DNS servers listed in resolv.conf. These are the same DNS servers placed in resolv.conf when the firewall is open. I'm sorry, but I never said dc1 was my inside nic. Again, I appreciate any help with this. The files you requested follow. Must admit, I'm in a hurry to leave for the day, so I haven't read the ruleset etc, but what happens if you use the following entries, just after the divert rule?: ...allow udp from any to any 53 keep-state ...allow udp from any 53 to any keep-state ...allow tcp from any to any 53 keep-state Steve Here's my ifconfig - a: sara# ifconfig -a dc0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255 inet6 fe80::204:5aff:fe76:55f0%dc0 prefixlen 64 scopeid 0x1 ether 00:04:5a:76:55:f0 media: Ethernet autoselect (100baseTX full-duplex) status: active dc1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet6 fe80::2a0:ccff:fe33:e1f6%dc1 prefixlen 64 scopeid 0x2 inet 68.105.58.150 netmask 0xfe00 broadcast 68.105.59.255 ether 00:a0:cc:33:e1:f6 media: Ethernet autoselect (100baseTX full-duplex) status: active lp0: flags=8810POINTOPOINT,SIMPLEX,MULTICAST mtu 1500 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff00 ppp0: flags=8010POINTOPOINT,MULTICAST mtu 1500 sl0: flags=c010POINTOPOINT,LINK2,MULTICAST mtu 552 faith0: flags=8002BROADCAST,MULTICAST mtu 1500 Here's resolv.conf: sara# more /etc/resolv.conf search pn.at.cox.net nameserver 68.105.161.20 nameserver 68.1.18.25 nameserver 68.10.16.30 Here's the entire rule set I'm trying to use. I did follow the comments. Please note the variable pif is set to dc1, my outside nic. Start of IPFW rules file ### # Flush out the list before we begin. ipfw -q -f flush # Set rules command prefix cmd=ipfw -q add skip=skipto 800 pif=dc1 # public interface name of Nic card # facing the public internet # # No restrictions on Inside Lan Interface for private network # Change xl0 to your Lan Nic card interface name # $cmd 005 allow all from any to any via dc0 # # No restrictions on Loopback Interface # $cmd 010 allow all from any to any via lo0 # # check if packet is inbound and nat address if it is # $cmd 014 divert natd ip from any to any in via $pif # # Allow the packet through if it has previous been added to the # the dynamic rules table by a allow keep-state statement. # $cmd 015 check-state # # Interface facing Public internet (Outbound Section) # Interrogate session start requests originating from behind the # firewall on the private network or from this gateway server # destine for the public internet. # # Allow out access to my ISP's Domain name server. # x.x.x.x must be the IP address of your ISP's DNS # Dup these lines if your ISP has more than one DNS server # Get the IP addresses from /etc/resolv.conf file $cmd 020 $skip UDP from any to 68.105.161.20 53 out via $pif setup keep-state $cmd 021 $skip UDP from any to 68.1.18.25 53 out via $pif setup keep-state $cmd 022 $skip UDP from any to 68.10.16.30 53 out via $pif setup keep-state # Allow out access to my ISP's DHCP server for cable/DSL configurations. $cmd 030 $skip udp from any to 172.19.17.22 67 out via $pif keep-state # Allow out non-secure standard www function $cmd 040 $skip tcp from any to any 80 out via $pif setup keep-state # Allow out secure www function https over TLS SSL $cmd 050 $skip tcp from any to any 443 out via $pif setup keep-state # Allow out send get email function $cmd 060 $skip tcp from any to any 25 out via $pif setup keep-state $cmd 061 $skip tcp from any to any 110 out via $pif setup keep-state # Allow out FBSD (make install CVSUP) functions # Basically give user root GOD
Re: R/W mount of / denied
Why don't you do what the message says: run fsck ? I get from the OP's message that it is a 'headless' (quote terminal-less) server, and it's difficult for him to run fsck. I believe he is asking how to mitigate this problem so it doesn't continue to happen (fix so fsck runs by itself?). We have ~15 FBSD servers, and I only ever had one do this to me. I never did find out the problem, but the box was with old hardware and we simply replaced it. I'm curious to know if someone else has an answer. OP, I hope I understand what you are saying properly. Steve On Mon, Jul 26, 2004 at 12:12:26AM +0200, Lutz Petersen typed: After a system crash (e.g. a power failure), the terminal-less FreeBSD 5.2.1-RELEASE I run does not boot up properly any more. Here is an excerpt from /var/log/messages: Jul 25 20:18:04 server kernel: Mounting root from ufs:/dev/ad0s1a Jul 25 20:18:04 server kernel: WARNING: / was not properly dismounted Jul 25 20:18:04 server kernel: WARNING: R/W mount of / denied. Filesystem is not clean - run fsck Jul 25 20:18:04 server kernel: WARNING: R/W mount of / denied. Filesystem is not clean - run fsck Jul 25 20:18:04 server kernel: WARNING: /home was not properly dismounted Jul 25 20:18:04 server kernel: WARNING: /tmp was not properly dismounted Jul 25 20:18:04 server kernel: WARNING: /usr was not properly dismounted Jul 25 20:18:04 server kernel: WARNING: /var was not properly dismounted As a result, BIND does not start up any more, which leaves my FreeBSD box in an unusable state (no internet connection, no network connections that use DNS). I did not experience this behaviour with 4-STABLE. What's wrong here? The other day I read about a misconfiguration of /etc/fstab (wrong fs_passno), which prevented FreeBSD from doing the usual consistency checking at startup time. My fstab is looking fine however. Any help is greatly appreciated, Lutz ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: what does it mean?
Subject: Cron [EMAIL PROTECTED] /usr/local/sbin/update_dat mv: *.tar: No such file or directory ftp: Error retrieving file - `404 Object Not Found' what it mean? what I need to do and where can I find out information about it? Well, your program: '/usr/local/sbin/update_dat' Appears to be uploading files but can't find the file to upload. Open up the program file and take a look around. Your answer is sure to be in there (assuming that it is not a compiled program). Steve Thanks as ever ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problems after IP change
Hi all! I recently got a new IP on my outside interface, and I replaced the old IP with the new one in my IPFW ruleset, and restarted natd. Now everything was alright until my network clients (on the inside interface) started complaining that they can't connect to remote servers. Ping still works, but they can't fetch their mail or surf the net. It looks like something is wrong with my firewall, but I changed nothing but the old address. Are there other processes that need to be restarted? Did you actually change the IP on the interface itself? If not: edit /etc/rc.conf and change the IP/Netmask, then: # /etc/netstart Steve Regards, Daniela ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problems after IP change
On Wednesday 28 July 2004 14:03, Steve Bertrand wrote: Hi all! I recently got a new IP on my outside interface, and I replaced the old IP with the new one in my IPFW ruleset, and restarted natd. Now everything was alright until my network clients (on the inside interface) started complaining that they can't connect to remote servers. Ping still works, but they can't fetch their mail or surf the net. It looks like something is wrong with my firewall, but I changed nothing but the old address. Are there other processes that need to be restarted? Did you actually change the IP on the interface itself? If not: edit /etc/rc.conf and change the IP/Netmask, then: # /etc/netstart Yes, the IP was changed. I ran /etc/netstart, but it didn't help. As I said, ping works as normal, and the packet sniffer shows normal TCP connections and there are even answers from the remote servers, so I really have no clue what could be wrong. I don't think it would do this with a wrong IP. Do you have an ``alias_address'' statement in your natd.conf file? Usually, you will specify the interface that natd operates on, but in some situations, some will specify an alias address instead. Check the file, and ensure that you are not aliasing the old address. Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problems after IP change
Do you have an ``alias_address'' statement in your natd.conf file? I have no natd.conf file. At least I never touched it. But it always worked like a dream. BTW, natd is started with the command line natd -n rl0. Try shutting down natd and load it with: # natd -a x.x.x.x where x.x.x.x == your_new_ip Does this help? Also, post the relevant ``natd'' line entries in your /etc/natd.conf file. Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problems after IP change
On Wednesday 28 July 2004 14:21, Steve Bertrand wrote: Did you actually change the IP on the interface itself? If not: edit /etc/rc.conf and change the IP/Netmask, then: # /etc/netstart Yes, the IP was changed. I ran /etc/netstart, but it didn't help. As I said, ping works as normal, and the packet sniffer shows normal TCP connections and there are even answers from the remote servers, so I really have no clue what could be wrong. I don't think it would do this with a wrong IP. Do you have an ``alias_address'' statement in your natd.conf file? I have no natd.conf file. At least I never touched it. But it always worked like a dream. BTW, natd is started with the command line natd -n rl0. Also, I forget if you said whether you actually reloaded your firewall rules or not. Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problems after IP change
On Wednesday 28 July 2004 14:36, Steve Bertrand wrote: Do you have an ``alias_address'' statement in your natd.conf file? I have no natd.conf file. At least I never touched it. But it always worked like a dream. BTW, natd is started with the command line natd -n rl0. Try shutting down natd and load it with: # natd -a x.x.x.x where x.x.x.x == your_new_ip Does this help? No, it's still the same. Also, post the relevant ``natd'' line entries in your /etc/natd.conf file. natd.conf doesn't exist. Do you mean rc.conf? Here it is: natd_interface=rl0 natd_enable=YES But I didn't change anything here, and it always worked. Indeed, I did mean rc.conf...sorry ;o) Now would be a good time to post your fw ruleset. Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problems after IP change
On Wednesday 28 July 2004 14:49, Steve Bertrand wrote: Also, post the relevant ``natd'' line entries in your /etc/natd.conf file. natd.conf doesn't exist. Do you mean rc.conf? Here it is: natd_interface=rl0 natd_enable=YES But I didn't change anything here, and it always worked. Indeed, I did mean rc.conf...sorry ;o) Now would be a good time to post your fw ruleset. add 00300 divert 8668 ip from any to any add 01300 unreach port tcp from any to any 6699 add 01400 allow log all from any to any via lo0 add 01600 check-state Well, I would hate to do this, but for testing purposes, add a rule (very briefly)... add 00300 divert 8668 ip from any to any add 01300 unreach port tcp from any to any 6699 add 01400 allow log all from any to any via lo0 add 1500 allow log logamount 1000 all from any to any and check to see if things are working. Your security log file may indicate where traffic is going whether it is or not. Also, I know you haven't changed anything, but what does the output from this command state?: # sysctl net.inet.ip.forwarding Steve add 01700 allow log logamount 1000 tcp from any to me 22 in setup keep-state add 01701 allow log logamount 1000 tcp from me 22 to any out add 01702 allow log logamount 1000 tcp from any to me 21 in setup keep-state add 01703 allow log logamount 1000 tcp from me 21 to any out add 01900 deny log tcp from any to any in established add 11700 allow tcp from any to any out setup keep-state add 11701 allow udp from 212.33.32.160 53 to any in recv rl0 add 11702 allow udp from any to 212.33.32.160 53 add 11703 allow udp from 212.33.55.5 53 to any in recv rl0 add 11704 allow udp from any to 212.33.55.5 53 add 11705 allow udp from 212.0.0.0/8 67 to 255.255.255.255 68 in recv rl0 add 11801 allow icmp from any to any icmptypes 3 add 11802 allow icmp from any to any icmptypes 4 add 11803 allow icmp from any to any icmptypes 8 out add 11804 allow icmp from any to any icmptypes 0 in add 11805 allow icmp from any to any icmptypes 9 out add 11806 allow log icmp from any to any icmptypes 11 in add 11807 allow log icmp from any to any icmptypes 11 out add 11900 allow icmp from me to 224.0.0.1 icmptypes 9 in via rl0 add 11901 allow icmp from 10.0.0.1 to 224.0.0.1 icmptypes 9 in via rl1 add 11902 allow all from me to 224.0.0.2/24 out via rl0 add 11903 allow all from 10.0.0.1 to 224.0.0.2/24 out via rl1 add 11904 allow udp from me 520 to 81.10.248.255 520 out via rl0 add 11905 allow udp from me 520 to 81.10.248.255 520 in via rl0 add 11906 allow udp from 10.0.0.1 520 to 10.255.255.255 520 in via rl1 add 11907 allow udp from 10.0.0.1 520 to 10.255.255.255 520 out via rl1 add 11908 allow udp from me 520 to 10.255.255.255 520 out via rl1 add 11909 allow udp from me 520 to 10.255.255.255 520 in via rl1 add 11910 allow ip from any to 224.0.0.9/24 in via rl0 add 2 allow all from 10.0.0.0/24 to any in recv rl1 add 20001 allow all from any to 10.0.0.0/24 out xmit rl1 keep-state add 20002 count log all from 10.0.0.0/24 to any add 20003 count log all from any to 10.0.0.0/24 add 65534 deny log ip from any to any ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problems after IP change
On Wednesday 28 July 2004 15:06, Steve Bertrand wrote: On Wednesday 28 July 2004 14:49, Steve Bertrand wrote: Also, post the relevant ``natd'' line entries in your /etc/natd.conf file. natd.conf doesn't exist. Do you mean rc.conf? Here it is: natd_interface=rl0 natd_enable=YES But I didn't change anything here, and it always worked. Indeed, I did mean rc.conf...sorry ;o) Now would be a good time to post your fw ruleset. add 00300 divert 8668 ip from any to any add 01300 unreach port tcp from any to any 6699 add 01400 allow log all from any to any via lo0 add 01600 check-state Well, I would hate to do this, but for testing purposes, add a rule (very briefly)... add 00300 divert 8668 ip from any to any add 01300 unreach port tcp from any to any 6699 add 01400 allow log all from any to any via lo0 add 1500 allow log logamount 1000 all from any to any and check to see if things are working. Your security log file may indicate where traffic is going whether it is or not. Yes, it works, but of course I can't leave this rule in all the time. The SYN/ACK packet that comes back from the remote server is denied by rule 01900. But it should be allowed by the check-state rule. Also, I know you haven't changed anything, but what does the output from this command state?: # sysctl net.inet.ip.forwarding It is set to 1. I changed this a long time ago. I figured so...what happens if you add 'keep-state' to rules 2, 20002 and 20003? Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problems after IP change
On Wednesday 28 July 2004 15:23, Steve Bertrand wrote: Yes, it works, but of course I can't leave this rule in all the time. The SYN/ACK packet that comes back from the remote server is denied by rule 01900. But it should be allowed by the check-state rule. Also, I know you haven't changed anything, but what does the output from this command state?: # sysctl net.inet.ip.forwarding It is set to 1. I changed this a long time ago. I figured so...what happens if you add 'keep-state' to rules 2, 20002 and 20003? Nothing. BTW, here we have the problem: The initial SYN packet isn't matched by rule 11700 (setup keep-state). Setup means the SYN flag is set, right? AFAIK, setup means the SYN bit MUST be set. Try these rules: add 01900 deny log tcp from any to any in established add 2000 allow log all from any to any in via rl1 keep-state add 2002 allow log all from any to any out via rl0 keep-state So why is it not matched? If I remove the setup keyword to match all outgoing packets, the SYN/ACK from the server is still denied by rule 01900. I'll go over the ruleset again here and see if I can find a misplaced 'out' or 'in'. Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problems after IP change
On Wednesday 28 July 2004 15:53, Steve Bertrand wrote: I figured so...what happens if you add 'keep-state' to rules 2, 20002 and 20003? Nothing. BTW, here we have the problem: The initial SYN packet isn't matched by rule 11700 (setup keep-state). Setup means the SYN flag is set, right? AFAIK, setup means the SYN bit MUST be set. Try these rules: add 01900 deny log tcp from any to any in established add 2000 allow log all from any to any in via rl1 keep-state add 2002 allow log all from any to any out via rl0 keep-state So why is it not matched? If I remove the setup keyword to match all outgoing packets, the SYN/ACK from the server is still denied by rule 01900. I'll go over the ruleset again here and see if I can find a misplaced 'out' or 'in'. Now it is getting funny. I played around with the ruleset, adding and removing count log rules. Suddenly it worked. I removed all extra count log rules, and compared the resulting ruleset file with the backup I made before. Nothing changed! Was that a bug? I'd like to see the difference. Could you post this output? (The contents of rules.patch). # diff orig_rules_file new_rules_file rules.patch Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problems after IP change
On Wednesday 28 July 2004 16:18, Steve Bertrand wrote: On Wednesday 28 July 2004 15:53, Steve Bertrand wrote: I figured so...what happens if you add 'keep-state' to rules 2, 20002 and 20003? Nothing. BTW, here we have the problem: The initial SYN packet isn't matched by rule 11700 (setup keep-state). Setup means the SYN flag is set, right? AFAIK, setup means the SYN bit MUST be set. Try these rules: add 01900 deny log tcp from any to any in established add 2000 allow log all from any to any in via rl1 keep-state add 2002 allow log all from any to any out via rl0 keep-state So why is it not matched? If I remove the setup keyword to match all outgoing packets, the SYN/ACK from the server is still denied by rule 01900. I'll go over the ruleset again here and see if I can find a misplaced 'out' or 'in'. Now it is getting funny. I played around with the ruleset, adding and removing count log rules. Suddenly it worked. I removed all extra count log rules, and compared the resulting ruleset file with the backup I made before. Nothing changed! Was that a bug? I'd like to see the difference. Could you post this output? (The contents of rules.patch). # diff orig_rules_file new_rules_file rules.patch Nothing! That produces an empty file. Well, at least it's working. I have no idea what the problem could of been. :o) Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Odd /etc/hosts entry
So, I just debugged a majorly annoying problem doing port forwarding with SSH. Thanks to some creative Googling, I realized I had a weird entry in my hosts file. What does this ::1 entry mean? #::1 localhost localhost.my.domain It's an entry for IPv6, and it is commented out (not used). ::1 is the IP for localhost with IPv6, exactly the same as 127.0.0.1 is for v4. Steve -Clint ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
setuid diffs...
Hi all, Late yesterday, I ``cloned'' my single, primary IDE FreeBSD hard disk onto a larger one. Then, using a Promise ATA IDE RAID controller I built a RAID-1 array. Everything went as planned, the box is now back up using the 'ar' driver for the array. However, in the security run output last night, I got this: Checking setuid files and devices: pearl.ibctech.ca setuid diffs: 1,73c1,73 106 -r-sr-xr-x 1 root wheel 251444 Jul 16 12:07:10 2004 /bin/rcp 15904 -r-xr-sr-x 1 root kmem 66216 Jul 16 12:07:25 2004 /sbin/ccdconfig 15949 -r-sr-xr-x 1 root wheel 203992 Jul 16 12:07:28 2004 /sbin/ping and down further: - 1036 -r-sr-xr-x 1 root wheel 251444 Jul 16 12:07:10 2004 /bin/rcp - 1292 -r-xr-sr-x 1 root kmem 66216 Jul 16 12:07:25 2004 /sbin/ccdconfig - 1339 -r-sr-xr-x 1 root wheel 203992 Jul 16 12:07:28 2004 /sbin/ping Did this happen because the files were transferred from one disk to another and the system knew it? Or should I be concerned of a possible 'coincidental' invasion? Tks for any help! Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Perl split() question (OT)...
Perl hackers -- Figured someone would have a reasonably quick, easy answer for this: I am trying to read through a file, line-by-line, and I want to extract the text in between the [ and ] characters. I would normally half the line by split() - ing the line first by [ as follows: if ($logLine =~ /$struct$structStart/) { @lineArray = split (/[/, $logLine); and then further, half again later using the ]. However, Perl does not like it when I search for [, as it thinks I am trying to use a regex. I have tried to escape the pattern, to no avail. Is there a 'special' escape for this, and more importantly, is there an easier way to extract data from a line of a file without having to split it up twice? An example of the line I'm trying to get the contents out of is this: | LRED[Conversation started on 03 Feb 21:51:11] and I need the data between [ ... ]. I know it's OT, but hopefully someone can help me out. Tks! Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: setuid diffs...
Hi all, Late yesterday, I ``cloned'' my single, primary IDE FreeBSD hard disk onto a larger one. Then, using a Promise ATA IDE RAID controller I built a RAID-1 array. Everything went as planned, the box is now back up using the 'ar' driver for the array. However, in the security run output last night, I got this: Checking setuid files and devices: pearl.ibctech.ca setuid diffs: 1,73c1,73 106 -r-sr-xr-x 1 root wheel 251444 Jul 16 12:07:10 2004 /bin/rcp 15904 -r-xr-sr-x 1 root kmem 66216 Jul 16 12:07:25 2004 /sbin/ccdconfig 15949 -r-sr-xr-x 1 root wheel 203992 Jul 16 12:07:28 2004 /sbin/ping and down further: - 1036 -r-sr-xr-x 1 root wheel 251444 Jul 16 12:07:10 2004 /bin/rcp - 1292 -r-xr-sr-x 1 root kmem 66216 Jul 16 12:07:25 2004 /sbin/ccdconfig - 1339 -r-sr-xr-x 1 root wheel 203992 Jul 16 12:07:28 2004 /sbin/ping Did this happen because the files were transferred from one disk to another and the system knew it? Or should I be concerned of a possible 'coincidental' invasion? Thanks all for the replies. I assumed it was just due to the move, but always better safe than sorry ;o) Steve Tks for any help! Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Perl split() question (OT)...
On Fri, 23 Jul 2004, Steve Bertrand wrote: Perl hackers -- Figured someone would have a reasonably quick, easy answer for this: I am trying to read through a file, line-by-line, and I want to extract the text in between the [ and ] characters. This is a job for..capturing parens!!! Try this: if ($_=~/\[(.+)\]/) { $var=$1; } $1 would be the string matched by the regex between ( and ) Absolutely perfect!! This worked excellent: while ($_ = LOGFILE) { if ($_ =~ /$struct/ $_ =~ /$structStart/) { if ($_ =~ /\[(.+)\]/) { $string = $1; print $string -- $struct$structStart\n; # ... do other stuff, snipped } } else { Thank-you so much! Steve Fer ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Is it possible to migrate raid 5 array to another controller?
If i am running raid5 on 3ware can i use the same disk array as raid5 on, for example, high point controller without rebuilding the array, just reattching disks to a new controller? Basically, i am asking if raid5 is a industrially standard or every manufacturer adds something to its specs. First off, most of the people in the FreeBSD lists can get fairly upset when they see people cross-posting to more than one list at a time. Generally, if you ask a question, it is pretty much list etiquette to ask one list, and be redirected to another if necessary. I have removed hardware from this reply. Technically speaking, this isn't really FreeBSD related, but I'll take a crack at it. Manufacturers of RAID disk arrays generally have their own disk configuration techniques. I have found that moving disks from one RAID controller to another does not work, and the array has to be re-created. I don't know if this is standard across the board, but my experience tells me that it may be the case. You'd be better off cloning the RAID array, say to perhaps a single IDE disk, migrating the disks to the new controller and creating the array on that controller, and if the machine does not come back up, clone back from the IDE backup onto the new array. HTH, Steve Artem ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Review of what I need to install
On Wednesday 21 July 2004 04:43 am, Peter Ryan wrote: Hi, In my first install of freeBSD 4.10, i selected X-developer and installed all the sources - not really knowing what I might need. I have 6 Gigs, and I keep running out of disk space when installing ports. I think I need to start again and select a smaller install. Eventually, I want to use freeBSD for 2 separate things - a server and a client. I am trying to get the client going first, and have selected KDE and am in the process of getting OpenOffice sorted out. I hope to convert an existing Excel application into a server component (written in java) and a client component (probably OO Calc with basic macros talking via some sort of SOAP implementation) Can I get some recommendations as to which install option I should choose for the client. (and the server too I guess) Specifically, which sets of source code would be best, if any. I hope to keep everything as vanilla as possible. Thanks to everyone who has been helping. Peter How did you partition the hard drive? ie...perform: # df -h and send the output back to the list. Steve Andrew Gould ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Review of what I need to install
I am using outlook to get to the list. I havent figured out how to do email on the freeBSD machine yet, let alone copy the output from those sort of commands. (only been using it for a week or so) Here's a quick and dirty method of producing your output that we need, and quickly mailing it to us. Note that because your machine will send the email out with an unreachable address, send it to yourself first, then send it out after (from Outlook) to the list: # df -h /tmp/diskpart.tmp # mail -s Disk Partitioning [EMAIL PROTECTED] /tmp/diskpart.tmp # rm /tmp/diskpart.tmp Now hop back into Outlook, download your mail, cut/paste into a fresh message to the list. Regards, Steve I guess I should put that up the priority list a bit :) Thanks Peter ie...perform: # df -h and send the output back to the list. Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Review of what I need to install
Anyway, here is the output of the df -h command FilesystemSize Used Avail Capacity Mounted on /dev/ad0s1a 126M44M72M38%/ /dev/ad0s1f 252M 254K 232M 0%/tmp /dev/ad0s1g 5.2G 2.8G 2.0G59%/usr /dev/ad0s1e 252M20M 212M 9%/var procfs4.0K 4.0K 0B 100%/proc First off, KDE and openoffice can require up to 3Gig space to install from ports. This is an unfortunate situation. Someone has mentioned that openoffice can be installed via packages. Do a quick search through the archives and you should find out how to do that. If you have another hard disk laying around, you could put that in the system and symlink (or reinstall) to it. Sorry I don't have a better solution. Installing your software (the large ones) as packages may get around this problem, or someone else may have a decent solution for this problem. Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Firewall, OpenVPN and Squid question
There are 3 remote sites connecting to our network using GATEWAY to GATEWAY VPN and around 25 remote VPN users that must be dealt with also. Last item, there is a chance that I will have to connect 3 more remote sites into the picture within the next 6 months, so this needs to be scalable to handle the load.. My question is, what is the best way to set this up. Here are my thoughts, but not sure what is the best way. * Setup one FreeBSD box that contains FIREWALL, SQUID and OPENVPN or * Setup 3 separate boxes to break up the work load. What will the load requirements be? (How many users will require the use of squid). I have a FBSD PIII 800 w/256M RAM as a firewall for one of our clients, with 3 OpenVPN instances running simultaneously (Two are site-site, and one is an XP-client-site). The box is also performing NAT (ipfw/natd) for the internal users, which when all are accounted for equal ~120, and I find it works great. There are about 30 users through the VPN's, though usually never on all at the same time. Depending on caching requirements though, you might be better off splitting that off onto it's own box, especially if you have the hardware readily available as you suggest. YMMV. Steve Many thanks in advance for being patient with what I am sure is stupid beginner questions to most of you. When giving your choice of which setup, please point me in the direction of the best resource to put it all together and the hardware requirement you would recommend. I have a truck load of PII 300 - 450's due to upgrades, so if I can use them great, if not, time to go on a spending spree. Thanks again Paul ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Firewall, OpenVPN and Squid question
I have around 100 users at our site that would require the use of squid, we house are own webserver, mail server, public DNS servers in the DMZ and 2 private DNS servers on the internal network, used by both Internal and VPN users. Sites connecting Gateway to Gateway, there are apprx as follows; Site 1 - 25 users Site 2 - 5 users Site 3 - 12 users Our site VPN users are Apprx 25, and about 50% of them are connected at any given time. My first thought is to put up a Firewall box that can the load of publishing many internal boxes and publish a box with OpenVPN and another for SQUID and just keep them all separate. Will this setup put to much strain on the FIREWALL box or will it have no problem handling the NAT/ROUTING in this configuration. I'll go as far as to say that it should have no problem. At the ISP I am currently working full time for, we recently deployed an ipfw bridge configured firewall (internally) to protect our core servers from improper access. There's 8 servers in all (mail, web, mysql, ftp, radius, ssh and dns). We have about 6000 users, and the FBSD firewall never ever hiccup'ed. I could even run tcpdump for hours, and it would rarely ever drop even a single packet. Sounds like a good setup you are planning. I would set it up, implement it (with the old setup on standby), and if you find performance problems, pull the drive out of the P3 and do as you say, go on a 'spending spree', and put the drive directly into a p4 with a gig of memory, and drop it back in place. Please note that natd is NOT running on the ISP firewall, but on the other such setup it is, and Ive never seen any performance problems at all. Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Firewall, OpenVPN and Squid question
We have about 6000 users, and the FBSD firewall never ever hiccup'ed. I could even run tcpdump for hours, and it would rarely ever drop even a single packet. What size hardware is your firewall running on to handle the potential of 6000 users accessing your internal servers for mail, etc... The best I can come up with is a P4 1.8Ghz with 768MB memory, other than that I have PII's with around 384MB memory. I would have to assume the Squid server would be the best place for the P4? This one is a P4 2.0 Ghz with 1024M memory. I'd try the P3 as the firewall and the P4 as the squid server initially (all things considered so far). Sounds like a good setup you are planning. I would set it up, implement it (with the old setup on standby), and if you find performance problems, pull the drive out of the P3 and do as you say, go on a 'spending spree', and put the drive directly into a p4 with a gig of memory, and drop it back in place. Okay, the tough question, due you know of any good resources that I can use to put this together. Any pitfalls that I might want to think about in this design? Well, searching ipfw+natd+howto in google is a great place to start. I did not use one single definitive guide, I used a variety of sources, man pages, sample rules, and finally conjured up what works for us. In planning rules, I placed each openvpn connections rules in it's own ruleset, as to allow a reload of each connections rules individually if they needed to be changed. I also would set up a 'fwd' rule, to forward all packets destined to ``any 80'' from the Internal net to be passed directly to the squid box, as then you would have a transparent proxy. This will prevent you from having to change browser settings. Please note that natd is NOT running on the ISP firewall, but on the other such setup it is, and Ive never seen any performance problems at all. I am assuming that I will have to use NATD on the firewall in this scenario, am I thinking right here? It appears so, yes. natd(8) is quite flexible, and will allow you to many things, including port forward etc. By the sounds of it, you are planning on ridding yourself of a DMZ, which means your mail(etc) servers will be behind the NAT router. natd will take care of this, however, another option is to put in a third NIC into the box, connect it to a switch, plug in the servers into the switch. Give each server it's own IP, and route packets as nessicary to the servers. Effectively, this will still allow you to keep your DMZ, but eliminating one entire firewall server, and thus, one license of MS ISA server (and the headaches that comes with it :o) Sounds like you'll want to do some testing in a lab first. Hopefully all your P3's you have available are still loaded with Windows so you can test effectively and ensure everything works properly. Steve Thanks again Paul ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Firewall, OpenVPN and Squid question
I have around 100 users at our site that would require the use of squid, we house are own webserver, mail server, public DNS servers in the DMZ and 2 private DNS servers on the internal network, used by both Internal and VPN users. Sites connecting Gateway to Gateway, there are apprx as follows; Site 1 - 25 users Site 2 - 5 users Site 3 - 12 users Our site VPN users are Apprx 25, and about 50% of them are connected at any given time. My first thought is to put up a Firewall box that can the load of publishing many internal boxes and publish a box with OpenVPN and another for SQUID and just keep them all separate. Will this setup put to much strain on the FIREWALL box or will it have no problem handling the NAT/ROUTING in this configuration. Thanks in advance Paul Considering that many of the current hardware firewall solutions aren't much more than either a BSD or Linux kernel in a ROM chip, with a 486 or 586 based cpu, memory, and a nice gui (Windows or Internal Web interface), I can't see why a similar system on a PC would be any different. Yes, but take into consideration disk reads/writes. It is possible to eliminate these tasks, and I have even done setups where everything was flashed onto a CF card (ro) (obviously w/o logging capabilities). I did a custom build, frequently referring to: http://neon1.net/misc/minibsd.html and put the system on an IDE-CF card converter. Steve -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Firewall, OpenVPN and Squid question
I would have to guess if a hardware firewall like Watchguard that offers VPN also, that it would have to be beefer than that. Steve going back to your initial response about the PIII 800MHz network, are you using a proxy for the internal users or are they connecting directly to the firewall as their only means of getting out? [At the main site] (Selected) users go to a content filter (squid+dansguardian) and it goes out to the net (through the fw). The content filter has a private IP, and in itself, it is protected with it's own localized ipfw rules for protection. The rest of the clients go directly through the pipe unrestricted through the firewall to the net. (I know I shouldn't do this with our own proxy, but that's how it is for now). It seems most hardware firewalls do not include a proxy server, just NAT/VPN, which in this case the proxy would be on a separate internal machine anyway. Depends. I once used a Nortel dial-up NAT router box that had it's own built in web cache. Very small cache mind you, but it worked ok, especially on a 26.4Kb link. Comment about the ISA Server setup, which I actually like and not sure if I can pull off the same type of setup with FreeBSD. The setup is like this: Yes, you can. Either with 2 BSD boxes replacing the ISA boxen, or with one BSD box configured with 3 NIC's -- 1 for Internet connection, 1 for Internal LAN, and the other from the DMZ. The DMZ NIC can have all sorts of good rules applied to it, and the internal net can be absolutely cut off for inbound traffic except for the VPN's. External ISA Server (not actual ips) ISP / 10.10.10.6 | |- Postfix Relay Server10.10.10.5 |- TinyDNS for internet publishing 10.10.10.4 |- TinyDNS for internet publishing 10.10.10.3 |- Webserver 10.10.10.2 | |- Internal ISA Server 10.10.10.1 / 10.0.0.1 | |- Exchange Server 10.0.0.2 |- TinyDNS internal publishing 10.0.0.3 |- TinyDNS internal publishing 10.0.0.4 |- Rest of internal servers and network etc... External sites are actually creating a VPN tunnel with a VPN tunnel and it works good, but the ISA Server gets to flaky after about a month of use. I have rebuilt them more than ever thought I would. At this point I will be happy to just get the firewall and VPN to work, but I like the additional layer someone would have to break through in the above scenario. Like I said above, 2 boxes, or one box with 3 NIC's. Steve Yes, but take into consideration disk reads/writes. It is possible to eliminate these tasks, and I have even done setups where everything was flashed onto a CF card (ro) (obviously w/o logging capabilities). I did a custom build, frequently referring to: http://neon1.net/misc/minibsd.html and put the system on an IDE-CF card converter. Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Daily FreeBSD updates (was: Re: priority on rc script caused panic)
From: Giorgos Keramidas [EMAIL PROTECTED] To: pura life CR [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Daily FreeBSD updates (was: Re: priority on rc script caused panic) Date: Tue, 20 Jul 2004 10:57:24 +0300 On 2004-07-19 10:58, pura life CR [EMAIL PROTECTED] wrote: Giorgos Keramidas [EMAIL PROTECTED] wrote: I regularly (almost daily) upgrade my CURRENT installation and the set of commands I use when the single user shell fires up is: adjkerntz -i # allow system time updates to work swapon -a # enable all swap partitions fsck -p # check any filesystems that need it mount -u / # remount root fs as read-write mount /usr # mount /usr as read-write cd /usr/src # upgrade sequence make installworld # - // - mergemaster # - // - This should not be done. You dont really need to upgrade daily, you are just overloading freebsd cvsup servers. That's not true... I'm running FreeBSD 5.2-CURRENT. Keeping a local CVS mirror which is updated once a day and test build/run on my machine is the least I can do to help in testing the -CURRENT branch. The mirror I use is the one that is closest to me (cvsup2.gr.freebsd.org). [snip] My comment is still applicable. If you just run a cvs mirror, just fetch the source code. You dont need to test to know whether if compiles or not. I think noone really helps to freebsd by compiling the source code every day looking for errors. Maybe I'm way off here because I do not do any such testing as Giorgos suggests, but how are the developers supposed to supply patches for problems if -CURRENT builds are in fact not built, and build-errors not found? I would think that it would be easier to mirror the tree, and build daily/weekly etc to find build errors than it would be to review the source code line-for-line to find the bugs. It is better to test and contribute code. How do you suggest testing without building? I believe that Giorgos is suggesting that *is* what he is doing...building, locating bugs, fixing (contributing/committing code). Could someone with more experience clarify this? This is quite a confusing thread. Steve _ MSN Amor [1]Busca tu ½ naranja References 1. http://g.msn.com/8HMBES/2752??PS=47575 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]