Re: Squid+Privoxy or Snort?
In a message dated 11/12/04 9:38:59 AM Eastern Standard Time, [EMAIL PROTECTED] writes: I'm trying to investigate some potential solutions to escape from different microsoft specific malware (like gator's software). The two mentioned in subject were found after some Google search. Wonder what are you guys using for this sort of problems. Thanks. Squid can be used if you redirect all web traffic through the squid proxy; we have used squid with SquidGuard to block access to some gator-esque sites. If they get infected, they at least can't phone home and we can see what IP's are trying to phone home so we can clean them up if it's a problem. The issue with proxies is that they are a drag on your network; using squid as a firewall only isnt very smart. If you are already using it fine. But on a large network you are better off using a firewall or some sort of bandwidth management like the stuff on etinc.com. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 5.3 Network performance tests
In a message dated 11/11/04 5:38:34 PM Eastern Standard Time, [EMAIL PROTECTED] writes: On Thu, 11 Nov 2004 [EMAIL PROTECTED] wrote: Given these results, I would conclude that the raw routing stack in 5.3 is 35-40% slower than its 4.x counterpart. The tests are easy enough to duplicate, so there is no reason to question the numbers. Feel free to try it yourself. Obviously different Mobos and CPUs will yield different numbers, but my experience with this test is that the differences between the OS versions are linearly similar on different systems. (was just pointed at this thread, sorry if I missed other posts) FreeBSD 5.3 sees an observably higher per-packet processing costs than the 4.x branch due to in-progress changes to the synchronization and queueing models. Specifically, the SMPng work has changed the interrupt and synchronization models throughout the kernel in order to increase concurrency and preemptibility (i.e., lower latency in interrupt-based processing). However, this has increaseed the overall overhead of synchronization on the stack. Thanks for the truth. I've been trying to get it for several weeks now. As for your tuning suggestions, I can't use anything kludgy or experimental. device polling, while it does increase efficiencies in some ways, adds other inefficiencies. Specifically most controllers don't interrupt on every packet under load anyway, and you have to increase the HZ, etc. But more importantly, the same gains (perhaps 3-5%) can be achieved with 4.x. My point is to see whether moving to 5.3 is worthwhile, and I think that device polling on both would be a wash. My personal opinion is that device polling is a negative, because the trade off of occasional livelock is substantial number of dropped packets, which is unacceptable. When you have the in-progress code solidified I'd be happy to test it. We don't use the native firewall so I really don't have time to test it for you. I've already spent 2 days to determine that we're not going to use 5.x... Tommy ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Squid+Privoxy or Snort?
In a message dated 11/12/04 1:22:56 PM Eastern Standard Time, [EMAIL PROTECTED] writes: The issue with proxies is that they are a drag on your network; using squid as a firewall only isnt very smart. If you are already using it fine. But on a large network you are better off using a firewall or some sort of bandwidth management like the stuff on etinc.com. I thought his issue was more on finding internal systems having problems and blocking the specific sites from getting hit. The proxy should speed up access if the same sites are being hit, as The proxy doesn't speed access, the cache does. So using squidguard without squid enabled, or privoxy or SNORT which are not caches, is what I was referring to. proxy != Cache which is I think is your confusion. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 5.3 Network performance tests
In a message dated 11/11/04 1:36:28 PM Eastern Standard Time, [EMAIL PROTECTED] writes: FreeBSD 4.10: 42% interrupt usage FreeBSD 5.3: 58% interrupt usage Thanks for your test results. Was DEVICE_POLLING enables in the kernel and the sysctl? No, it wasnt ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD 5.3 Network performance tests
As promised, I've tested the basic network stack for 5.3 -RELEASE The results follow: Hardware: Celeron 1.7Ghz processor Dual onboard Intel NICs, fxp driver Intel 845G chipset 256MB Ram, 120MB allocated to the kernel. Setup: Traffic Generator - FreeBSD System - Server The FreeBSD system is set up to route between the traffic generator and the server on the other side. A unidirectional stream of ~34000 UDP packets/second (a full 100Mb/s ethernet load) was sent through the system. The unidirecitonal flow avoids random bus contention of return traffic, and the server was discarding the packets. The routing table was minimal. The test measures raw throughput through a minimal system with a minimal routing table, or more precisely it measures the raw abilty of the kernel to move packets from one interface to another through the normal IP stack. Setup 1: Generic Kernel FreeBSD 4.10: 40% interrupt usage FreeBSD 5.3: 55% interrupt usage Setup 2: The systems were stripped of all hooks, including firewalls, gif and bpf inputs. FreeBSD 4.10: 35% interrupt usage FreeBSD 5.3: 48% interrupt usage Setup 3: We typically use Freebsd with IPFIREWALL and IPDIVERT enabled. The setup had only 1 allow rule in the ruleset: FreeBSD 4.10: 42% interrupt usage FreeBSD 5.3: 58% interrupt usage Given these results, I would conclude that the raw routing stack in 5.3 is 35-40% slower than its 4.x counterpart. The tests are easy enough to duplicate, so there is no reason to question the numbers. Feel free to try it yourself. Obviously different Mobos and CPUs will yield different numbers, but my experience with this test is that the differences between the OS versions are linearly similar on different systems. TM ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Two NICs with one IP address each on the same subnet
In a message dated 11/9/04 9:58:07 PM Eastern Standard Time, [EMAIL PROTECTED] writes: I have a FreeBSD 5.x box with two NICs that I'd like to set up on the same subnet. The purpose is to run separate services on each NIC. I have the box set up with my rc.conf containing the following lines: defaultrouter=... hostname=... ifconfig_xl0=inet ... netmask 255.255.255.224 ifconfig_sk0=inet ... netmask 255.255.255.224 mtu 9000 The router and IP addresses are all on the same subnet, as I previously mentioned. Unfortunately, the first IP address seems not to work (I can ssh to the second, but not the first). Is there something special I need to do to the routing to get this to work? Anything to the kernel? --- You are breaking the rules. The entire point of routing is that each segment is a different network. So you'll have to further subnet to do what you want. Or set up Bridging ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: difference between releases
In a message dated 11/9/04 5:24:53 PM Eastern Standard Time, [EMAIL PROTECTED] writes: I'm not saying that's how it works, but when this thread started, that's how it was depicted. It most certainly wasn't. SInce it was me who said that releases are 'points in time', which is what you have built your arguments upon since then, let me add that the releases are 'points in time extracted from the STABLE branch' Lets let it go. You're never going to admit that your explanation wasn't perfect, so lets forget it please. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: re bittorrent
In a message dated 11/9/04 1:10:57 AM Eastern Standard Time, [EMAIL PROTECTED] writes: don't believe in democracy but in this case it could come handy. Somebody could propose like: let's get this fuck off the list and we'd say ... well ... I say YES! wow, i think both name-calling and using 4 letter words is against the charter. Lets see if they only practice selective enforcement. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: difference between releases
In a message dated 11/8/04 4:46:24 PM Eastern Standard Time, [EMAIL PROTECTED] writes: By the way, Ive tested our competitions printers. HPs printers are far better designed than anything else Ive worked with. The point is programming and computer technologies are very young fields. Youre going to find problems whether its closed or open source. Just dont get bitter about it. Work instead to make it better instead of complaining about everything. Like I said previously, lets see some helpful suggestions Two words: Paper Paths. Feeding has always been an issue. Your post script sucks wind too. But I digress... The technologies are not in question, its the controls and the methods. And I'm not sure why you keep harping on open source, because this thread has nothing to do with it. BSDi vs FreeBSD is a good example. BSDi had a set of features and objectives, and when they were done (ie fully tested) they released it. Personally I think BSDi took it to extremes by making releases way too comprehensive and would have preferred sub-relreases rather than their annoying patch system, but it illustrates the difference between having a meaningful, documented release structure rather than just slapping out a snapshot because its time. At some point you have to stop working on stuff, hammer out a release, and then start working again. It shouldn't just be a moment in time of -current, with all the uncertainty that entails. I'm not saying that's how it works, but when this thread started, that's how it was depicted. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: difference between releases
In a message dated 11/8/04 5:46:59 AM Eastern Standard Time, [EMAIL PROTECTED] writes: Releases are fixed points in time. They are marked on their respective branch of development and that's it. A x.y-RELEASE version is effectively a symbolic name for a specific moment in time. Wow, thats what a snapshot used to be. How discouraging. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: re bittorrent
In a message dated 11/8/04 2:22:59 AM Eastern Standard Time, [EMAIL PROTECTED] writes: Lets do the math... you'll note that http://torrents.freebsd.org:8080/ at this moment says there's been 1978 completed downloads. Lets pick an arbitrary average size for each file downloaded: 388MB 388 * 1978 = 767.5GB 11/[EMAIL PROTECTED]:30PM: Now 11/[EMAIL PROTECTED]:00PM: Official availability of 5.3 27.5 Hours 767.5 / 27.5 = 27.9GB/h / 60 = 465MB/m / 60 = 7.75MB/s Your math doesnt include the tremendous overhead associated with the protocol Of course anyone with an ISP that has a bandwidth management device, bittorrent (a cancerous protocol which wastes others bandwdith in the process of possibly saving yours) will likely either not work well or be very slow. No reputable organization would promote bittorrant for getting a release. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: difference between releases
In a message dated 11/8/04 10:12:47 AM Eastern Standard Time, [EMAIL PROTECTED] writes: In a message dated 11/8/04 5:46:59 AM Eastern Standard Time, [EMAIL PROTECTED] writes: Releases are fixed points in time. They are marked on their respective branch of development and that's it. A x.y-RELEASE version is effectively a symbolic name for a specific moment in time. Wow, thats what a snapshot used to be. How discouraging. A release is a snapshot - just one that everything (including most ports, although since the release team may not have control over all ports, some may fall by the wayside) has been brought up to that point of development and generaly checked out at that point.A mere snapshot that is not a release is just the current (momentary) development collection without necessarily making sure everything is at any particular level. How discouraging for you not to understand that. Its discouraging, because a Release should be a completed set of features that have been tested and thought to be bug-free Thats what a release is for a real product, and perhaps is the reason why so many people are confused? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: re bittorrent
Its become widely used for sharing in the same way as Kazaa and other point to point as they're called protocols. Many ISPs block it, or at least substantially slow it down. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: difference between releases
In a message dated 11/8/04 10:49:14 AM Eastern Standard Time, [EMAIL PROTECTED] writes: How discouraging for you not to understand that. Its discouraging, because a Release should be a completed set of features that have been tested and thought to be bug-free You know that this isn't exactly true. I have yet to see one release of any product that does not have bugs. I probably never will. I think the thought to be bug-free covers that, but I know that english is a difficult language. The problem with getting over it is that people think that a release is thought to be well-tested, but its apparently no different from any other beta release. I think its rather important. When you get a release, you don't expect that some unknown set of features is still in some sort of Beta stage. The purpose of a release is to get what you're doing done, and then start on new stuff based on the release, which should be a known, completed code base. All part of the experience I suppose. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: difference between releases
In a message dated 11/8/04 11:54:37 AM Eastern Standard Time, [EMAIL PROTECTED] writes: on the release, which should be a known, completed code base. All part of the experience I suppose. The whole world is in beta. Get over it. Only the open-source world. I notice the same 3 losers answering over and over. Maybe its YOU that should get over me, since everything I say seems to irritate you. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: re bittorrent
In a message dated 11/8/04 11:33:41 AM Eastern Standard Time, [EMAIL PROTECTED] writes: Its become widely used for sharing in the same way as Kazaa and other point to point as they're called protocols. Many ISPs block it, or at least substantially slow it down. Well. Of course it can be abused for w4r3z aswell as used for legal purposes. If my ISP would block it or noticably slow it down, I would consider changing to a different ISP. And I think there's still a difference in quality compared to things like edonkey, which are used exclusively for illegal filesharing. Its not a legal/illegal issue. Its a using more bandwidth than you are paying for issue. Im sure if you were running bittorrent all day long your ISP would be very glad to see you go. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: difference between releases
In a message dated 11/8/04 2:41:38 PM Eastern Standard Time, [EMAIL PROTECTED] writes: As far as open-open source being the only one in beta, I work in development where our code is closed-source. Even we have to admit that our releases fit better into the category of BETA than RELEASE. Which is pretty-much why I haven't bought or recommended anything from HP since the LaserJet Plus. I wonder how they feel about you revealing that? Please lets not get into yet-another open-source discussion. My only point was that a Release should not be just another snapshot, there should be some plan. If the 4 bozos who jump on everything I say will just cut back on the coffee there wouldn't be so much BS. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Integrated NIC support
In a message dated 11/8/04 1:49:35 PM Eastern Standard Time, [EMAIL PROTECTED] writes: the Gigabytes K8NSNXP-939 motherboard have the Marvell 8001 Gigabit Ethernet controller and the ICS 1883 LAN PHY chip integrated. Are they supported? http://www.giga-byte.com/Motherboard/Products/Products_Spec_GA-K8NSNXP-939.htm Get a different MB and run Windows on that one. You dont want to use a marginally supported NIC, do you? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: re bittorrent
In a message dated 11/8/04 1:23:40 PM Eastern Standard Time, [EMAIL PROTECTED] writes: Its not a legal/illegal issue. Its a using more bandwidth than you are paying for issue. Im sure if you were running bittorrent all day long your ISP would be very glad to see you go. I'm paying for a flatrate (ADSL) at home. I don't use the bandwidth most of the time, simply because I have no interest in leeching movies without end, but a lot of others do. In fact, the ISP has just upped the downstream from 768 to 1024 kbit/s at no extra cost. Many people I know have p2p-stuff running day and night. I mean, the company isn't giving you the bandwidth for altruistic reasons either, you pay them money for it. This is a technical forum? Yikes! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: difference between releases
In a message dated 11/8/04 5:31:33 PM Eastern Standard Time, [EMAIL PROTECTED] writes: So when will you switch to decaf? Seriously though, in case you didn't notice this IS an open source discussion list, FreeBSD 5 is not just another snapshot it has undergone qualification and is in my experience and opinion very stable. If you would refrain from insulting people's intelligence, name calling and trolling people would not need to respond to your posts as they do. Well I think we're talking about 5.3-RELEASE, and I don't think that freebsd-questions is an open-source discussion list. so what are you talking about anyhow? No one needs to respond to my posts. Other people don't need to respond. I wouldn't mind if they made a technical point once in a while, but all THEY do is call ME names. At least we know what a release really is now, since the guy who originally answered the question was just plain wrong, as I pointed out. Too bad those guys that always answer me didn't feel it necessary to correct him. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: re bittorrent
In a message dated 11/8/04 4:59:07 PM Eastern Standard Time, [EMAIL PROTECTED] writes: This is a technical forum? Yikes! Is it, Mr./Ms. [EMAIL PROTECTED]? Well then why don't you fill Mr. I pay my ISP so I should be able to use all the bandwidth I want how things really work, because I don't have the energy. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: difference between releases
In a message dated 11/8/04 4:46:25 PM Eastern Standard Time, [EMAIL PROTECTED] writes: So we went from three losers to four bozos Well I had to add you now, didn't I, Mrs. Butterworth? Now this is something we can discuss. What is more insulting, being called a Loser or a Bozo? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mac Address Spoofing(!)
In a message dated 11/6/04 4:59:05 PM Eastern Standard Time, [EMAIL PROTECTED] writes: Hello guys, I've set out to spoof my gateway's mac address so that I can get a new ip address from my cable ISP without having to unplug my modem for 24 hours as they suggested (and is understandable, thats how long their DHCP lease last). I've tried several things, one of which is following the instructions here http://ezine.daemonnews.org/200406/netgraph.html - I also tried doing: ifconfig xl0 hw ether 00:00:00:00:00 to no avail. I'm just wondering if anyone on this list knows of a way to do it successfully or can provide me with a link to some useful documentation. It is YOUR gateway? Just use a different port, or swap out the ethernet card. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Don't feed the (your word here): (was: Compatible NIC)
[EMAIL PROTECTED] writes: A member of the Gustapo said: This is offensive. get over it already. Nobody really cares anyway. Its easy to dismiss people who ask hard questions as trolls. Its a lot more difficult to answer the questions credibly. I don't think we should dignify your behaviour as a troll. But there's one thing you have in common with a troll: if we ignore you, you will lose interest. I'd ask all other people on the list to take any correspondence with our nameless one offline. Better would be no correspondence at all. Greg Thats where you're wrong. I couldn't care less about you or the other 6 guys that pipe in with your whining time after time. Because somewhere there are people that want to read my comments, so that they can accept or reject them or at least consider that my experience has some value. Somewhere someone is reading my entire message, rather than just looking for a half sentence to attack out of context like yourself and the other bozos on here that waste just as much time as the people they criticize. The liberals have been ridiculing great men since the beginning of time, but they keep winning elections. No matter how true your words there will always be hecklers and fools. Dismissing them is easy, because they don't have anything useful to say themselves. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Compatible NIC
In a message dated 11/3/04 12:42:27 PM Eastern Standard Time, [EMAIL PROTECTED] writes: 1) Wasted my time and everyone elses who read this crap. 2) Tried to give certain freebsd developers a bad name. 3) Discredited several others on the list. 4) Contributed NO facts or hard evidence to back your claims. I provided many facts, and since no one provided any opposition to my facts, why do you categorically reject them? I can't come to any conclusion other than you don't understand the subject matter. Because if you did you wouldn't think I wasted anyone's time. The start of this thread: I want to buy a NIC and I want it to be compatible with FreeBSD. Is RealTek 8139 compatible with FreeBsd ? The answer: Yes, it will work. The rl0 driver works fine. Be advised it's not the greatest NIC and you may drop packets under heavy load. I've never experienced packet loss, but I've read about it and others on the list have hinted at it before. Well lets see. If a driver drops packets, it doesn't work fine, now does it? Not only is the not the greatest NIC, its probably the worst, evidenced by the author's own comments. So I don't see what facts you are looking for. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dummynet
yeah, I also didn't notice his return address at first. That already explains much :). I think I actually sorta, kinda got it working. I'll do some tests and update if my observations are valid. Drew Tomlinson wrote: On 10/28/2004 9:30 AM [EMAIL PROTECTED] wrote: Why don't you guys stop torturing yourself and wasting $1000s worth of your time and get yourself some real bandwidth management software? Its cheaper in the long run. FWIW, I've taken this suggestion with a grain of salt, based upon the general tone of this person's previous posts on a variety of subjects. I suggest you search the archives and draw your own conclusion. Drew Well kinda, sorta is the best you can hope for. Enjoy! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Compatible NIC
In a message dated 11/1/04 4:37:09 PM Eastern Standard Time, [EMAIL PROTECTED] writes: Don't use 5.x because its slow IS technical help. You guys just dont want anyone to say it. You guys? I wasn't aware that I was representing anyone but myself. It seems all you want to do is contradict people, and without any data to back yourself up Actually, I'm the only one who HAS presented my test data. And as for this subject, everyone knows that the realtek chip is a piece of garbage, so Im not sure who you're accusing me of contradicting. You don't even know what this thread was about to start with apparently, so YOU are the one wasting people's time here. Try reading entire messages instead of one line that suits you. You might learn something. I promise that I know a lot more than you do about the subjects at hand. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]