RE: Kind OFF Topic. FreeBSD for Blocking URLS? Nanny?
On Tue, 10 Apr 2012 at 05:27:24, Jorge Biquez wrote: > Hello all. > > I am sorry if this is kind OFF Topic. I am looking for help from more > experienced people in these areas. Please let me know if this > question should be moved to FREEBSD-CHAT list. > > As I have mentioned before I am helping a school , non profit with > their IT issues. As always there are some "experts" that controls > everything and do not let you change anything because is their > kingdom. Anyway, there we have Internet service from a cable company > and they have some cisco routers to receive the access and from there > some Cisco Switches. > In the classrooms we have very old PCs running XP. In some of my > classes I am using Freebsd and Ubuntu running on a USB. So each > student have one USB and they work that way booting from their 4GB > USB stick. (it is slow but it has worked until now). > > One of the managers asked me for help to block some web sites were > some students in the other lab and people that helps there waste > bandwithd seeing videos, movies (youtube, cuevana, serieid, etc) and > spend lot of time on facebook also. Our bandwidth is only 4Mb and you > understand that with a few that are seeing movies and videos the rest > of us can not work at all. Thing is that "other manager" (you know > how those things are sometimes) do not want us to do that since his > "guru" and expert is the one that controls all the Network. So the > best we could get until now is that we can do "all we can" without > touching the Cisco routers and until now not administrative password > for change anything on the PCs (that could change one we prove that > we can have the solution and show it to the board of people that runs > the place). > > The Internet provider gives the DNS servers to use and one of the > routers gives the DHCP service. > > First thing I thought was to change the DNS servers and use the one > from my small office (running Freebsd 7.3) using Bind there and > simply block there pointing the sites to nothing in the Apache > configuration. It does not work. Once changed the DNS values the PC > does not resolve anything. It was a quick test but that does not > work. Not sure if Internet provider is blocking in some way that we > can not use other DNS server but theirs. > > Other solution I was thinking while coming home was to convert one > machine there to a freebsd server and use it as a router (if they let > me) so that way I can control from there and do filtering. Issue is > that maybe they do not let me but connect the server as an extra > machine without replacing the main router so in that case I would > have 2 DHCP servers doing the same service in the same lan and could > be conflicts I guess. > > Another solution a friend suggested was to buy one small router (from my > money for sure) and let that small router to receive the internet (RJ45) > and from that with the small 4 port switch included to provide the > internet to the switches to feed the labs , library and administrative > offices. I have never use one of those and I am short on money so I > would like to explore other alternatives before if possible. > > Finally another solution would be to install in each PC a kind of > Nanny software but only if free, otherwise is not a solution (I do > not know of any yet but will do searching the following hours). > > I know all can be solved if the "guru-expert" guy would let me have > passwords from PC's, router, etc but that won't be an option since > they think we would try to take the control of those services (we do > not want that) so the burocracy could be a problem there. He have > told them that to block is not possible (they have been working that > way for years). > > So, in this kind of schema. Do you think FreeBSD (even linux) could > be of help if we do not have access to routers, switches and can not > install new software on the PCs( the ones running XP)? > > Any comments you have that could help me to solve this challenge? You could ask the "guru-expert" guy to implement traffic shaping like weighted fair queuing and prioritizing SYN's etc. That way people can watch all the videos they want without it affecting the work of others. You can also implement it yourself transparently with a FreeBSD box with two adapters bridged and something like ipfw+dummynet, you'd just need to insert it somewhere in the route (before any masquerading is performed though). -- Regards, T. Koeman, MTh/BSc/BPsy; Technical Monk MediaMonks B.V. (www.mediamonks.com) Please quote relevant replies in correspondence. smime.p7s Description: S/MIME cryptographic signature
Which mailinglist is appropriate for discussing uart changes?
Could someone point me to the right mailinglist to discuss adding support for the MCS9904 chip to uart? I'm working on it, but I have some questions regarding FIFO sizes and how they are currently determined. Thanks. -- Regards, T. Koeman, MTh/BSc/BPsy; Technical Monk MediaMonks B.V. (www.mediamonks.com) Please quote relevant replies in correspondence. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: DNS - slaving the root zone
On Sun, 19 Feb 2012 at 01:14:47, Doug Barton wrote: > On 02/18/2012 03:23, Damien Fleuriot wrote: >> >> On 2/18/12 12:57 AM, Doug Barton wrote: >>> >>> To clarify, almost universally the opposition to the idea centers >>> around the problems of users who enable this method, and then don't >>> notice if something changes/breaks, resulting in a stale zone (or >>> zones, depending on what you choose to slave). I have always >>> acknowledged that this is a valid concern, just not one that I think >>> overwhelms the virtues of doing the slaving in the first place. >>> >> >> Could you elaborate on the "something changes/breaks, admin doesn't >> notice, results in a stale zone" bit ? > > Most commonly whatever auth. server the user is axfr'ing from suddenly > stops offering that ability. [snip] I'm just done converting from named.root to slaving the root, I checked which servers allow axfr (at least for me...) and added them all as masters. Multiple masters would substantially decrease the risk of stale zones, yes? I have attached the relevant portion of my config, maybe it's useful. Also, I was wondering, now that I slave . and arpa, is it still beneficial to retain the 'empty zones' that fall within those or are they redundant? I figure they are, as the comments say 'Serving the following zones locally will prevent any queries for these zones leaving your network and going to the root name servers.' and now my server *is* the root as far as it knows. Thanks. -- Regards, T. Koeman, MTh/BSc/BPsy; Technical Monk MediaMonks B.V. (www.mediamonks.com) Please quote relevant replies in correspondence. named.conf Description: Binary data ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: buildkernel not honoring WITH_MODULES from make.conf ? (was: Re: Quick build of stripped-down kernel)
On Fri, 25 Nov 2011 at 19:27:54, Damien Fleuriot wrote: > On 11/24/11 4:17 PM, b. f. wrote: >> >> If you are going to build most of the modules, but only want to exclude >> a few, then add the directories of the modules to be excluded (relative >> to /usr/src/sys/modules) to WITHOUT_MODULES, for example in >> /etc/make.conf. If you are only going to build a few modules, and want >> to exclude the majority of the modules, then add the directories of the >> modules that are to be built to MODULES_OVERRIDE. For no modules at >> all, set NO_MODULES. See /usr/src/sys/modules/Makefile and >> /usr/src/sys/conf/kern.post.mk for details. You may also save some time >> by using one of your faster machines to build the OS for the slower >> machines. >> >> b. > > Have I misunderstood WITH_MODULES' use ? The answer is in the post you quoted: use MODULES_OVERRIDE. -- Regards, T. Koeman, MTh/BSc/BPsy; Technical Monk MediaMonks B.V. (www.mediamonks.com) Please quote relevant replies in correspondence. smime.p7s Description: S/MIME cryptographic signature
RE: Quick build of stripped-down kernel
> -Original Message- > From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd- > questi...@freebsd.org] On Behalf Of Brett Glass > Sent: Thursday, November 24, 2011 15:39 > > Everyone: > > Happy Thanksgiving! This week, I've been building FreeBSD 9.0-RC2 > kernels for various machines, and on some of the older and slower > ones it's been taking quite a long time. One of the reasons for > this is that even if you strip 98% of the drivers out of the > kernel, they are all still built as loadable modules. The machines > in question will NEVER use those modules, so it's a waste of time > and disk space. > > How hard would it be to create a build target for "make" that would > avoid building the loadable modules and just leave them out of the > directory where the new kernel is placed after installation? I am > not intimately familiar with the cascade of makefiles that does the > build I could probably figure out what to tweak, but if someone > who is expert in this can help it would be appreciated. It would > save me countless hours. > Add makeoptions NO_MODULES=yes to your KERNCONF. -- Regards, T. Koeman, MTh/BSc/BPsy; Technical Monk MediaMonks B.V. (www.mediamonks.com) Please quote relevant replies in correspondence. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: Shouldn't GNU tar be ignoring /proc with --one-file-system?
> -Original Message- > From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd- > questi...@freebsd.org] On Behalf Of Daniel Staal > Sent: Friday, November 18, 2011 18:00 > To: freebsd-questions@freebsd.org > Subject: Re: Shouldn't GNU tar be ignoring /proc with --one-file- > system? > > > On Fri, November 18, 2011 10:34 am, Kirk Strauser wrote: > > I use Amanda to make nightly backups of a bunch of servers using GNU > tar. > > However, gtar doesn't seem to respect its --one-file-system flag with > > /proc. Amanda runs a variation of this command: > > > > # /usr/local/bin/gtar --create --file - --directory / > > --one-file-system --sparse --ignore-failed-read --totals . > > /dev/null > > /usr/local/bin/gtar: ./proc: file changed as we read it > > > > Before I file a bug report, can anyone think of a legitimate reason > why > > gtar would be touching /proc at all? > > Just a guess, really but: > > /proc is a file on /. /proc/* are files on /proc. The former is still > on > the root filesystem (if only as a directory stub to be used as a > mountpoint), so reading it isn't leaving that filesystem. Reading > anything *in* it would be. > > Just a thought. > However, the file /proc on fs / should not be changing since a filesystem /proc is mounted over it. The message "./proc: file changed as we read it" indicates whatever /proc it is trying to read did change... -- Regards, T. Koeman, MTh/BSc/BPsy; Technical Monk MediaMonks B.V. (www.mediamonks.com) Please quote relevant replies in correspondence. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: putting "/tmp" to memory
> -Original Message- > From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd- > questi...@freebsd.org] On Behalf Of kellyremo > Sent: Sunday, January 23, 2011 14:47 > To: FreeBSD > Subject: putting "/tmp" to memory > Importance: High > > > "to memory" means: mounting a ~2 GByte filesystem [ tmpfs?, or ramfs? > ], and put the "/tmp" on it. [ e.g.: 4 GByte ram in the pc ]. what to > write in the "/etc/fstab"? > > I would like to collect the [ answers too:P ]: > > Advantages: > - Memory is way faster then HDD/SSD, so it could speed things up > - "SSD amortization" is less > > Disadvantages: > - Security? [ how to set this up to be secure? any clear howtos/links > regarding it? :O ] > > Really thank you for any good help... > In rc.conf: tmpmfs="YES" tmpsize="2G" tmpmfs_flags="-S" That'll do it :) -- Regards, T. Koeman, MTh/BSc/BPsy; Technical Monk MediaMonks B.V. (www.mediamonks.com) Please quote relevant replies in correspondence. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: lightbulb? prob'ly not, but....
> -Original Message- > From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd- > questi...@freebsd.org] On Behalf Of Gary Kline > Sent: Sunday, January 23, 2011 00:26 > To: Terrence Koeman > Cc: Gary Kline; freebsd-questions@freebsd.org > > On Sat, Jan 22, 2011 at 11:22:51PM +0100, Terrence Koeman wrote: > > > -Original Message- > > > questi...@freebsd.org] On Behalf Of Gary Kline > > > Sent: Saturday, January 22, 2011 22:33 > > > > > [snip] > > > > > > > > # telnet 10.47.0.230 > > > Trying ... > > > telnet: connect to addr n.n.n.n: Connection refused > > > telnet: Unable to connect to remotr host > > > > > > Does the "Connection refused" signify anything in the bind/dns > world. [snip] > > > > Seeing as you're not resolving any hostname it's not DNS. > > > > You also have not specified a port for telnet to connect to so it'll > default to 23, which you probably don't want. Try 'telnet 10.47.0.230 > 80' (80 is the standard port for http). > > YES. I get into ethic as with a normal telnet; when i hit > return, I > see index.php; the source, not the web file that lynx of firefox > shows. I'll KVM over to my desktop and cut/paste from there. That is what is supposed to happen. This step is just to see what telnet returns: timeout, connection refused or some page. If you get some page then there's a webserver on port 80 that is serving you *something* at least. > > > > BTW, the 'Connection Refused' message means that the port is closed > and sending a RST, which means that either nothing is listening on the > port or that the system is sending RST's because of a firewall rule. If > you haven't setup such rules you can assume the first to be the case. > > > > wHat _should_ be listening on port 80 that isn't? Well, if you saw page source then there's a webserver listening on port 80. -- Regards, T. Koeman, MTh/BSc/BPsy; Technical Monk MediaMonks B.V. (www.mediamonks.com) Please quote relevant replies in correspondence. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: lightbulb? prob'ly not, but....
> -Original Message- > From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd- > questi...@freebsd.org] On Behalf Of Gary Kline > Sent: Saturday, January 22, 2011 22:33 > To: FreeBSD Mailing List > Subject: lightbulb? prob'ly not, but > [snip] > > # telnet 10.47.0.230 > Trying ... > telnet: connect to addr n.n.n.n: Connection refused > telnet: Unable to connect to remotr host > > Does the "Connection refused" signify anything in the bind/dns world. > ? > > BEfore i portupgraded to bind97 from bind9, this kind of stuff worked. > Seeing as you're not resolving any hostname it's not DNS. You also have not specified a port for telnet to connect to so it'll default to 23, which you probably don't want. Try 'telnet 10.47.0.230 80' (80 is the standard port for http). BTW, the 'Connection Refused' message means that the port is closed and sending a RST, which means that either nothing is listening on the port or that the system is sending RST's because of a firewall rule. If you haven't setup such rules you can assume the first to be the case. -- Regards, T. Koeman, MTh/BSc/BPsy; Technical Monk MediaMonks B.V. (www.mediamonks.com) Please quote relevant replies in correspondence. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: no apache22, php5 cores
> -Original Message- > From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd- > questi...@freebsd.org] On Behalf Of Brad Mettee > Sent: Saturday, January 22, 2011 00:16 > To: Gary Kline; FreeBSD Mailing List > Subject: Re: no apache22, php5 cores [snip] > Post your output from this: > netstat -an | grep tcp > > This should show current connections AND current listening sockets. If > you don't see anything on *.80, then httpd isn't running, or at least > isn't listening on the right port. > Might also want to try 'lsof -nPi |grep LISTEN', that shows what process is listening as well. Maybe not really added value here, but it sure helps when you're troubleshooting address/port in use errors and such. -- Regards, T. Koeman, MTh/BSc/BPsy; Technical Monk MediaMonks B.V. (www.mediamonks.com) Please quote relevant replies in correspondence. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: no apache22, php5 cores
> -Original Message- > From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd- > questi...@freebsd.org] On Behalf Of Da Rock > Sent: Saturday, January 22, 2011 02:22 > To: freebsd-questions@freebsd.org > Subject: Re: no apache22, php5 cores > [snip] > Apache will work with php, but some sites may be coded with it, so they > will simply show the code- careful with security! Better stop apache to > be sure until it works with php, OR comment out the sites using it. Afaik it's possible to protect yourself against this problem by configuring Apache to refuse serving some types of files (.php, etc.) as static. This provides a safeguard against serving up config files with passwords and whatnot. As I don't run Apache any longer I can't help with the details, but I remember it being quite simple to accomplish. There's also a script floating around on the internet that will detect a php load failure, send a mail about it, switch config files and start up apache without PHP and have it serve up a PHP load error page for all PHP requests. -- Regards, T. Koeman, MTh/BSc/BPsy; Technical Monk MediaMonks B.V. (www.mediamonks.com) Please quote relevant replies in correspondence. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: sendmail && resolv.conf changes
> -Original Message- > From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd- > questi...@freebsd.org] On Behalf Of tomasz dereszynski > Sent: Tuesday, September 14, 2010 11:28 AM > To: Matthias Apitz; freebsd-questions@freebsd.org > Subject: Re: sendmail && resolv.conf changes > > > > El día Tuesday, September 14, 2010 a las 09:15:49AM +0100, tomasz > > dereszynski escribió: > > > >> > >> > > >> > Hello, > >> > > >> > When using a laptop it is normal that there are some changes in > >> > resolv.conf during the live, for example: > >> > > >> > boot time: no network available > >> > start of PPP over UMTS: resolv.conf from provider > >> > start VPN to connect to company: resolv.conf from company > >> > ... > >> > > >> > it seems that sendmail is not aware of such changes in the > resolv.conf > >> > and always get stuck with the old DNS and ofc does not work on > >> incoming > >> > mails (provided by fetchmail). A restart helps, but is there some > >> better > >> > way to let sendmail switch to the new DNS environment when > resolv.conf > >> > changes? > >> > > >> > Thanks > >> > > >> My very wide guess would be that Sendmail starts before system > obtain > >> network settings from DHCP. > > > > Your guess is correct :-) > > > > What I wanted to say: sendmail runs and DHCP changes in certain > > situations the IP, routing and DNS, and sendmail does not adopt on > these > > changes. > > > delay Sendmail start to after network settings loaded from DHCP. > > not sure if there is any 'documentation correct' way of doing that but > 'home crafted' one would be to move /etc/rc.sendmail to > /usr/local/etc/rc.d/blah.sendmail.sh and remove it from rc.config > > hope someone here knows more proper way and can advise. > It might be an idea to (mis)use the "script" option in dhclient.conf to restart sendmail (/etc/rc.d/sendmail restart) after a lease has been aquired. See 'man dhclient.conf'. -- Regards, T. Koeman, MTh/BSc/BPsy; Technical Monk MediaMonks B.V. (www.mediamonks.com) Please quote all replies in correspondence. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: BSD logo
> -Original Message- > From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd- > questi...@freebsd.org] On Behalf Of Chip Camden > Sent: Wednesday, July 28, 2010 12:10 AM > To: freebsd-questions@freebsd.org > Subject: Re: BSD logo > > Quoth Paul Schmehl on Tuesday, 27 July 2010: > > --On Tuesday, July 27, 2010 15:49:47 -0500 Reid Linnemann > > wrote: > > > > >On final analysis, I think the OP should abandon any desire for > > >FreeBSD in favor of this: http://pudge.net/jesux/ > > > > Sheesh. Now I really have seen everything. > > Not quite. Someone needs to come out with an OS named Atheix, and > another called Agnostix. Then we'll be complete. > I'm imagining Agnostix would need uncertain values for true and false, and Atheix wouldn't believe in the PATH and therefore won't look for it. -- Regards, T. Koeman, MTh/BSc/BPsy; Technical Monk MediaMonks B.V. (www.mediamonks.com) Please quote all replies in correspondence. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: BSD logo
> Subject: Re: BSD logo > > On final analysis, I think the OP should abandon any desire for > FreeBSD in favor of this: http://pudge.net/jesux/ Is this real? It looks like a page from landoverbaptist.com or something. I'm still deciding whether to laugh or cry... -- Regards, T. Koeman, MTh/BSc/BPsy; Technical Monk MediaMonks B.V. (www.mediamonks.com) Please quote all replies in correspondence. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: BSD logo
[snip] > > > Perhaps there are some ancient depictions/sculptures of the greek god > Pan (god of the shepherds) around? Pan partially resembles a goat. > This page has some articles on the subject: http://www.helium.com/knowledge/112455-where-did-the-image-used-to-represent-satan-come-from -- Regards, T. Koeman, MTh/BSc/BPsy; Technical Monk MediaMonks B.V. (www.mediamonks.com) Please quote all replies in correspondence. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: Backing up freebsd to 1 file?
> -Original Message-
> From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-
> questi...@freebsd.org] On Behalf Of J.D. Bronson
> Sent: Sunday, April 18, 2010 3:23 PM
> To: freebsd-questions@freebsd.org
> Subject: Backing up freebsd to 1 file?
>
> I have a freebsd 8.0 install and was wondering if it is possible to tar
> up the entire install...for backup purposes.
>
> # cd /
> # tar -cvf backup.tar {list of directories}
>
> then I can ftp the tar file out to another machine.
>
> This works in theory, but if I need to do a restore tar complains
> on 'tar -xpf backup.tar'.
>
> Under OpenBSD, this works as expected. It has given me an easy way
> to backup/move/restore or anything I want to do w/o complaining.
>
> I am running Freebsd on a machine that has no other drives/tapes or
> anything so my options for backup are limited.
>
> All I am trying to do is get a complete image (or snapshot) of my
> entire
> install on this machine and then if I needed to reload or reinstall, I
> could do a bare bones freebsd install, copy over the tar'd up file and
> extract it from within / and then reboot an I would be go to go.
>
> Thoughts on this would be appreciated...
>
Perhaps http://ra.phid.ae/stuff/mm-backup-0.9.sh.txt has something that you
like.
--
Regards,
T. Koeman, MTh/BSc/BPsy; Technical Monk
MediaMonks B.V. (www.mediamonks.com)
Please quote all replies in correspondence.
smime.p7s
Description: S/MIME cryptographic signature
RE: licence question
> -Original Message- > From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd- > questi...@freebsd.org] On Behalf Of M. Aschhoff > Sent: Wednesday, April 14, 2010 4:22 PM > To: freebsd-questions@freebsd.org > Subject: licence question > > hey there, > > hope everythings all right? > i´m using your devil image on my website. > www.little-devil.de > someone tould me that this image is not under bsd licence. > am i allowed to use this image? > i´ll would be pleased to use it. > this is my private website i´m providing free software. > thank you very much. > hope to hear from you soon. > See: http://www.mckusick.com/beastie/mainpage/copyright.html -- Regards, T. Koeman, MTh/BSc/BPsy; Technical Monk MediaMonks B.V. (www.mediamonks.com) Please quote all replies in correspondence. smime.p7s Description: S/MIME cryptographic signature
RE: Force reboot after kernel panic.
> -Original Message- > From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd- > questi...@freebsd.org] On Behalf Of Paul Halliday > Sent: Tuesday, April 13, 2010 3:17 PM > To: questi...@freebsd.org > Subject: Force reboot after kernel panic. > > How can I enforce this? Presently the system just hangs. Add to kernconf: options KDB_UNATTENDED -- Regards, T. Koeman, MTh/BSc/BPsy; Technical Monk MediaMonks B.V. (www.mediamonks.com) Please quote all replies in correspondence. smime.p7s Description: S/MIME cryptographic signature
RE: ipfw weirdness after csup/buildworld
I've seen the same, see: http://forums.freebsd.org/showthread.php?p=75765 -- Regards, T. Koeman, MTh/BSc/BPsy; Technical Monk MediaMonks B.V. (www.mediamonks.com) Please quote all replies in correspondence. > -Original Message- > From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd- > questi...@freebsd.org] On Behalf Of Tim Gustafson > Sent: Thursday, April 01, 2010 7:12 PM > To: freebsd-questions@freebsd.org > Subject: ipfw weirdness after csup/buildworld > > I am running: FreeBSD 8.0-STABLE amd64 > > After recently csup'ing to the latest sources and then a build/install > cycle, my ipfw started misbehaving badly. I'm seeing lots of: > > ipfw: install_state: entry already present, done > > and also lots of: > > ipfw: ouch!, skip past end of rules, denying packet > > When I did an "ipfw list", I got something like this: > > 0 ip from any to any > > Note the rule number is all zeros, and there's no "allow" or "deny". > Adding rules or removing rules didn't fix anything, nor did an "ipfw > flush". Once it was in that state, attempting to "kldunload ipfw" > caused the system to hang. The only fix for now was to disable the > firewall. > > When I went into single user mode, and did: > > kldload ipfw > ipfw /etc/firewall.rules (which is the same ruleset I had loaded on > boot) > > everything worked fine, but when I went into multi-user mode and did > the same thing, it failed with the symptoms listed above. > > Just to be sure, a day after this started happening I did a csup again > and another build/install cycle but got exactly the same results. > > Any ideas? > > Tim Gustafson > Baskin School of Engineering > UC Santa Cruz > t...@soe.ucsc.edu > 831-459-5354 > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: Faking multiple physical adapters for DHCPDISCOVER
> -Original Message- > From: Chuck Swiger [mailto:[EMAIL PROTECTED] > Sent: Tuesday, April 11, 2006 6:17 PM > Subject: Re: Faking multiple physical adapters for DHCPDISCOVER > > Terrence Koeman wrote: > [ ... ] > > I need to 'clone' the xl1 adapter to appear as three adapters, each > > with a distinct MAC address. This because my provider has assigned me > > three semi-static addresses of which I want to use 1 for outbound > > NAT-traffic and two for static NAT. > > > > These addresses are semi-static because they are basically MAC-based > > reservations on the providers DHCP server, and it happens to be that > > I'm required to aquire a DHCP lease for all three addresses for > > routing to work properly. If I configure the addresses statically the > > connectivity 'disappears' after a while. > > The reason why your ISP has configured their system in such a fashion is to prevent people from claiming multiple static IPs from a single machine. > > If you're not happy with their AUP, use another provider, or pay for a dedicated IP allocation of whatever size you need. > > -- > -Chuck That's not the case here, I'm actually trying to use less IP's. And besides that my ISP allows up to 16 IP's to be used in their AUP. I have about 5 clients that can share 1 IP with NAT and I have 2 other clients that need to have an IP of their own. If I can have all IP's bound to the server then I can simply NAT the 5 clients and static-NAT the remaining 2. Otherwise I'd need to bridge/route and do NAT at the same time, which is not possible here, because then the 5 NAT-ed clients would need to get their IP's from the local DHCP server and the 2 bridged clients would need to get them from the ISP DHCP server. I could block DHCP from being bridged and do DHCP proxying for the other 2 clients, but it'd make it all much more complicated. -- Regards, Terrence Koeman MediaMonks B.V. (www.mediamonks.com) Please quote all replies in correspondence. smime.p7s Description: S/MIME cryptographic signature
Faking multiple physical adapters for DHCPDISCOVER
Hi, I'm trying to 'fake' multiple phisical adapters in my FreeBSD 6.1-PRERELEASE system, but I'm not getting anywhere. -There are two 3Com 905C cards in the system (xl0 and xl1). -xl1 is assigned a static private IP address and xl0 aquires an address from my provider using DHCP. -The system does NAT for several clients having private addresses. I need to 'clone' the xl1 adapter to appear as three adapters, each with a distinct MAC address. This because my provider has assigned me three semi-static addresses of which I want to use 1 for outbound NAT-traffic and two for static NAT. These addresses are semi-static because they are basically MAC-based reservations on the providers DHCP server, and it happens to be that I'm required to aquire a DHCP lease for all three addresses for routing to work properly. If I configure the addresses statically the connectivity 'disappears' after a while. I tried using netgraph as suggested here: http://ezine.daemonnews.org/200406/netgraph.html ifconfig xl1 delete ngctl mkpeer . eiface hook ether ifconfig ngeth0 up ngctl mkpeer ngeth0: bridge lower link0 ngctl name ngeth0:lower mybridge ngctl connect xl1: mybridge: lower link1 ngctl connect xl1: mybridge: upper link2 ngctl connect ngeth0: mybridge: upper link3 ngctl msg xl1: setautosrc 0 ngctl msg xl1: setpromisc 1 ifconfig ngeth0 link 00:50:04:32:8a:6b At this point everything seems OK, the MAC-address is correctly set and xl1 is in promiscous mode. However, when I try 'dhclient ngeth0' the adapter does not get any response/lease. I also tried using a vlan interface as following: ifconfig vlan create ngctl msg xl1: setautosrc 0 ifconfig vlan0 vlan 0 vlandev xl1 ifconfig vlan0 link 00:50:04:32:8a:6b The same here, 'dhclient vlan0' fails. I also thought that it'd be much simpler to have a dhcp client that I could instruct to spoof the MAC-addresses so that it would aquire leases for 3 distinct mac-addresses, and run as a daemon so that it renews them when they expire. I could then just configure the addresses statically and don't have to clone any adapters. However, I haven't found any client that could do this... At the moment I'm out of ideas and I was hoping that someone here could point me in the right direction with this problem. -- Regards, Terrence Koeman MediaMonks B.V. (www.mediamonks.com) Please quote all replies in correspondence. smime.p7s Description: S/MIME cryptographic signature
RE: Network configuration
I had to do one more thing: I needed to bind the IP the box got to the other adapter too. So now the ip is bound twice, but once with a netmask of 255.255.255.255. It was needed to let the clients ping the bridge by its external ip. -- Regards, Terrence Koeman MediaMonks B.V. (www.mediamonks.com) Please quote all replies in correspondence. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Terrence Koeman > Sent: Sunday, July 11, 2004 17:38 > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; > [EMAIL PROTECTED]; [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Subject: RE: Network configuration > > Hi, > > Thank you all for the help and time. I finally got it all > working with bits > from most emails. > > I'll include my configuration here for others in the same > situation (any > comments are welcome): > > It's now: > > -- > | SDSL Modem | > | Bridged | > -- >| >-- >| xl1: 217.1.1.155, DHCP | >| Freebsd Box | >|xl0: UP, no ip | >-- >| >-- >|---| SWITCH |---| >| -- | >| || > --- --- --- > | C1: 217.1.1.156 | | C2: 217.1.1.157 | | C3: 217.1.1.158 | > --- --- --- > > (Notice the switch of xl1 and xl0, this made it work). > > xl1 and xl0 are bridged so that all clients have full > internet connectivity. > Additionally the clients share the available bandwidth > fairly, with ssh, > telnet, dns and http having a higher priority than other traffic. > > Using a private ip on xl0 and adding natd is still possible > for use in the > future. > > > FreeBSD samsara.mediamonks.net 5.2-CURRENT FreeBSD > 5.2-CURRENT #5: Sat Jul > 10 22:13:16 CEST 2004 > [EMAIL PROTECTED]:/usr/obj/usr/src/sys/SAMSARA i386 > > > /sys/i386/conf/SAMSARA: > machine i386 > cpu I686_CPU > ident SAMSARA > > options SCHED_ULE # ULE scheduler > options INET# InterNETworking > options FFS # Berkeley Fast Filesystem > options SOFTUPDATES # Enable FFS soft > updates support > options UFS_DIRHASH # Improve performance on big > directories > options CD9660 # ISO 9660 Filesystem > options PROCFS # Process filesystem (requires > PSEUDOFS) > options PSEUDOFS# Pseudo-filesystem framework > options COMPAT_43 # Compatible with BSD > 4.3 [KEEP > THIS!] > options KBD_INSTALL_CDEV# install a CDEV entry in /dev > > options HZ=5000 > options ATA_STATIC_ID # Static device numbering > > options IPFIREWALL > options IPFIREWALL_DEFAULT_TO_ACCEPT > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=100 > options DUMMYNET > options BRIDGE > > device isa > device pci > > device fdc > device ata > device atadisk # ATA disk drives > device atapicd # ATAPI CDROM drives > device atkbdc # AT keyboard controller > device atkbd # AT keyboard > device vga # VGA video card driver > device sc > device npx > > device miibus # MII bus support > device xl # 3Com 3c90x (``Boomerang'', > ``Cyclone'') > > device random # Entropy device > device loop# Network loopback > device ether # Ethernet support > device pty # Pseudo-ttys (telnet etc) > > device bpf # Berkeley packet filter > > > /etc/rc.conf: > hostname="samsara.mediamonks.net" > > ifconfig_xl1="DHCP" > ifconfig_xl0="UP" > > jail_enable="NO" > kldxref_enable="NO" >
RE: Network configuration
f #ssh, telnet, dns, http queue 12 config pipe 1 weight 40 mask dst-ip 0x #all other ip #outgoing queues, group on src-host queue 20 config pipe 2 weight 50 mask src-ip 0x #icmp queue 21 config pipe 2 weight 99 mask src-ip 0x #ssh, telnet, dns, http queue 22 config pipe 2 weight 40 mask src-ip 0x #all other ip #queues for local system queue 30 config pipe 1 weight 50 mask dst-ip 0x queue 31 config pipe 2 weight 50 mask src-ip 0x #allow traffic on loopback interface add 00100 allow ip from any to any via lo0 #deny lost/hostile packets to the loopback addresses, return host unreach add 00110 unreach host log logamount 20 ip from any to 127.0.0.0/8 via any #deny any private address, return host unreach add 00301 unreach host log logamount 20 ip from 10.0.0.0/8 to any in via any add 00302 unreach host log logamount 20 ip from 172.16.0.0/12 to any in via any add 00303 unreach host log logamount 20 ip from 192.168.0.0/16 to any in via any #deny windows networking, return RST add 00500 reset log logamount 20 ip from any to any 135,137-139 via any #for bridged traffic, skip add skipto 2 ip from any to any via any bridged #** natd divert is possible here, if xl0 gets a private IP. ** #deny packets with a source address known on a different interface, return host unreach add 00800 unreach host log logamount 20 ip from any to any not verrevpath in # for non-bridged traffic, skip add skipto 3 ip from any to any via any #push bridged traffic in appropriate queues add 2 queue 10 icmp from any to any in recv xl1 add 20100 queue 11 ip from any 22,23,53,80 to any in recv xl1 add 20200 queue 11 ip from any to any 22,23,53,80 in recv xl1 add 20300 queue 12 ip from any to any in recv xl1 add 21000 queue 20 icmp from any to any in recv xl0 add 21100 queue 21 ip from any to any 22,23,53,80 in recv xl0 add 21200 queue 21 ip from any 22,23,53,80 to any in recv xl0 add 21300 queue 22 ip from any to any in recv xl0 add skipto 5 log logamount 20 ip from any to any via any #push non-bridged (local) traffic in appropriate queues add 3 queue 30 icmp from any to any in recv xl1 add 30100 queue 30 ip from any to any in recv xl1 add 31000 queue 31 icmp from any to any out xmit xl1 add 31100 queue 31 ip from any to any out xmit xl1 add 5 pass all from any to any I hope this helps someone in the future :) -- Regards, Terrence Koeman MediaMonks B.V. (www.mediamonks.com) Please quote all replies in correspondence. > -Original Message- > From: Randy Grafton [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 08, 2004 21:04 > To: [EMAIL PROTECTED] > Subject: RE: Network configuration > > I setup a little home network using my FreeBSD box as the > 'router'. There > are two boxes on my internal LAN that I wanted to have access > to from the > internet as well as provide full internet access to all internal > clients/servers. > > Like I said, I recompiled my kernel with the nat options. > I'll list the > steps here, if you've already performed them then at least I > got in some > typing practice. > > Install the kernel sources. Insert your install disk and from > the command > line run /stand/sysinstall. > Select the Configure option then the Distributions option then src and > finally sys. > Once the sources are installed you will go to > /usr/src/sys/i386/conf. Within > this directory are two files, GENERIC and LINT. Make a copy > of GENERIC with > a name of your choosing. Edit the GENERIC copy and add the > following lines: > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=10 > options IPDIVERT > > Save the modified file and compile your kernel. This is done by doing: > config > cd ../../ > make > make install > reboot > > Now you'll edit your /etc/rc.conf file. > Add these lines to it: > gateway_enable="YES" > ifconfig_xl0="inet 217.1.1.155 netmask " > ifconfig_xl0_alias0="inet 217.1.1.155 netmask " > ifconfig_xl0_alias1="inet 217.1.1.156 netmask " > ifconfig_xl0_alias2="inet 217.1.1.157 netmask " > ifconfig_xl0_alias3="inet 217.1.1.158 netmask " > ifconfig_xl1="inet 192.168.1.1 netmask 255.255.255.0" > firewall_type="OPEN" > firewall_quiet="YES" > firewall_logging="YES" > natd_enable="YES" > natd_interface="xl0" > natd_flags="-f /etc/natd.conf" (explained below) > > Now create the /etc/natd.conf file with these lines: > same ports yes > dynamic yes > redirect_port tcp 192.168.1.2 217.1.1.156 > redirect_port udp 192.168.1.2 217.1.1.156 > redirect_port tcp 192.168.1.3 217.1.1.157
RE: Network configuration
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Nathan Kinkade > Sent: Thursday, July 08, 2004 19:49 > To: Terrence Koeman > Cc: [EMAIL PROTECTED] > Subject: Re: Network configuration > > On Thu, Jul 08, 2004 at 05:10:28PM +0200, Terrence Koeman wrote: > > Hi, > > > > I have been busy setting up a network the last 3 days, but > I cannot get it > > working. > > > > Basically I have no clue what has to be setup etc. and if I > need bridging or > > not. > > > > The situation is as follows: > > > > -- > > | SDSL Modem | > > | Bridged | > > -- > >| > > -- > > |xl0: 217.1.1.155| > > || > > |Freebsd Box | > > || > > | xl1 | > > -- > > | > > -- > > |---| SWITCH |---| > > | -- | > > || | > > --- --- --- > > | C1: 217.1.1.156 | | C2: 217.1.1.157 | | C3: 217.1.1.158 | > > --- --- --- > > > > > > The FreeBSD box has full internet connectivity and I can > also get NAT > > working, but the thing is that I need those non-private > IP's bound to the > > clients and I need ipfw between the clients and the modem. > Also I need the > > FreeBSD machine to have a non-private IP address. I have no > clue as to > > getting the packets from those clients to the internet. I > tried bridging xl0 > > and xl1 and using 217.1.1.155 as gateway, but that didn't work. > > > > Maybe someone that knows how to do something like this can > shed some light > > on it for me? > > > > Thanks in advance. > > > > -- > > Regards, > > Terrence Koeman > > You could make the FreeBSD box a bridge and still use IFPW. It really > depends on whether you will have other clients that will NOT > have public > IP addresses that will need NAT - you don't specify whether > this is the > case. For FreeBSD to be setup as a bridge/IPFW machine you will > minimally need a kernel compiled with the following options: > > options IPFIREWALL > options BRIDGE > > After you have built and installed this kernel add the > following entries > to /etc/sysctl.conf: > > net.link.ether.bridge=1 > net.link.ether.bridge_cfg=xl0,xl1 > net.link.ether.bridge_ipfw=1 > net.inet.ip.fw.enable=0 > > You will probably want to add the following lines to /etc/rc.conf so > that some IPFW rules will be loaded at boot: > > firewall_enable="YES" > firewall_type="" > > Read the firewall(7) manpage for more information. > > If you don't have console access to the FreeBSD machine > beware that the > default rule is to deny packets. Therefore if you build IPFW into the > kernel and don't allow for some basic rules to be added at > boot you will > likely be locked out from anything but console access. > There might be more clients that will require nat later. I tried this with: -217.1.1.155 bound to xl0 -nothing bound to xl1 -xl0 and xl1 bridged. -no ipfw rules and default to accept. When I try this the box is dead, no connectivity out and 217.1.1.155 is not reachable. If I try the exact same setup and bind 192.168.0.1 to xl1 I can connect to it when bridged, but the rest remains the same. -- Regards, Terrence Koeman MediaMonks B.V. (www.mediamonks.com) Please quote all replies in correspondence. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: IP Aliasing Question
Have you tried using: ifconfig vr0 alias 10.0.38.237 netmask 255.0.0.0 broadcast 10.255.255.255 ifconfig vr0 alias 10.255.38.237 netmask 255.255.255.255 broadcast 10.255.255.255 -- Regards, Terrence Koeman MediaMonks B.V. (www.mediamonks.com) Please quote all replies in correspondence. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Andrew Kilpatrick > Sent: Thursday, July 08, 2004 18:58 > To: [EMAIL PROTECTED] > Subject: IP Aliasing Question > > Hey, > > What I'm trying to do involves FreeBSD and IP aliases. > Hopefully someone has some ideas. Here's the general idea of > what I'm trying to do: > > I've got vr0, which is assigned to some IP address... let's > say: 192.168.1.90 with a subnet mask of 255.255.255.0. This > is all fine, and everything works. > > I'm implementing a protcol called ArtNet (which I didn't > design) which uses 10.x.x.x network for controlling lighting. > It's all UDP, and uses broadcast packets to 10.255.255.255. > IP addresses of hosts are determined by a sort of shitty > algorithm based on the MAC address, and can appear anywhere > in the class A. This allows: a) IPv4 (yes, I know IPv6 would > be better) and b) autoconfiguration without the need for a > DHCP server. I didn't make it up, I'm just trying to make my > stuff work with it. > > So, here's the deal I want to add 2 aliases to vr0 so > that I can run 2 ArtNet services on the same machine. So, the > aliases would look something like this: > > 10.0.38.237 netmask 255.0.0.0 > 10.255.38.237 netmask 255.0.0.0 > > Adding the first one like this works: ipconfig vr0 inet > 10.0.38.237 netmask 255.0.0.0 alias > > However, adding the second fails, I'm assuming because the > netmasks overlap. I can understand why this is so, but for my > application I actually want this. > Because programs listening on both addresses both need to > receive broadcast packets sent to 10.255.255.255. > > So, how can this be done? Adding a second NIC is not an option. > > > Cheers, > > Andrew > > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" > > ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Network configuration
I haven't got any real config right now as I'm not sure about how to start with this. -- Regards, Terrence Koeman MediaMonks B.V. (www.mediamonks.com) Please quote all replies in correspondence. > -Original Message- > From: JJB [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 08, 2004 17:58 > To: [EMAIL PROTECTED] > Subject: RE: Network configuration > > Post the full content of your rc.conf file and your ipfw rule set. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > Terrence Koeman > Sent: Thursday, July 08, 2004 11:10 AM > To: [EMAIL PROTECTED] > Subject: Network configuration > > Hi, > > I have been busy setting up a network the last 3 days, but I > cannot get it working. > > Basically I have no clue what has to be setup etc. and if I > need bridging or not. > > The situation is as follows: > > -- > | SDSL Modem | > | Bridged | > -- >| > -- > |xl0: 217.1.1.155| > || > |Freebsd Box | > || > | xl1 | > -- > | > -- > |---| SWITCH |---| > | -- | > || | > --- --- --- > | C1: 217.1.1.156 | | C2: 217.1.1.157 | | C3: 217.1.1.158 | > --- --- --- > > > The FreeBSD box has full internet connectivity and I can also > get NAT working, but the thing is that I need those > non-private IP's bound to the clients and I need ipfw between > the clients and the modem. Also I need the FreeBSD machine to > have a non-private IP address. I have no clue as to getting > the packets from those clients to the internet. I tried > bridging xl0 and xl1 and using 217.1.1.155 as gateway, but > that didn't work. > > Maybe someone that knows how to do something like this can > shed some light on it for me? > > Thanks in advance. > > -- > Regards, > Terrence Koeman > > MediaMonks B.V. (www.mediamonks.com) > Please quote all replies in correspondence. > > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" > > > ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Network configuration
Hi, I have been busy setting up a network the last 3 days, but I cannot get it working. Basically I have no clue what has to be setup etc. and if I need bridging or not. The situation is as follows: -- | SDSL Modem | | Bridged | -- | -- |xl0: 217.1.1.155| || |Freebsd Box | || | xl1 | -- | -- |---| SWITCH |---| | -- | || | --- --- --- | C1: 217.1.1.156 | | C2: 217.1.1.157 | | C3: 217.1.1.158 | --- --- --- The FreeBSD box has full internet connectivity and I can also get NAT working, but the thing is that I need those non-private IP's bound to the clients and I need ipfw between the clients and the modem. Also I need the FreeBSD machine to have a non-private IP address. I have no clue as to getting the packets from those clients to the internet. I tried bridging xl0 and xl1 and using 217.1.1.155 as gateway, but that didn't work. Maybe someone that knows how to do something like this can shed some light on it for me? Thanks in advance. -- Regards, Terrence Koeman MediaMonks B.V. (www.mediamonks.com) Please quote all replies in correspondence. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
