Re: Bridge, networking, wireless cards, and ypbind.... (*sigh*

[Wes Santee]

Paul Pathiakis wrote:
 On Saturday 10 June 2006 01:00, you wrote:
 Paul Pathiakis wrote:
 Seems that once I rebooted, both interfaces came up in promiscuous mode, so 
 that's a no go now.  I still believe it to be a frag/UDP/RPC issue.
 
 Wes do you or anyone else have any further insight?
 

Well, I don't run NIS, so I'm not sure I'll be much more help.  I
imagine that by default ypbind is broadcasting to find a server (ayup,
just checked the manpage for it).  Are you seeing those broadcasts come
across the bridge (via tcpdump)?  If not, does the -m switch to ypbind
help at all?

If none of that helps, someone with more NIS experience will probably
need to step in to help.

Cheers,
-Wes






___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Bridge, networking, wireless cards, and ypbind.... (*sigh*

[Wes Santee]

Paul Pathiakis wrote:

 my rc.conf has:
 
 ifconfig_ath0=inet 192.168.1.24 netmask 0xff00 ssid my_ap mode 11g 
 mediaopt adhoc
 defautrouter=192.168.1.12
 nis_client_enable=YES
 
 ifconfig -a shows:
 
 ath0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
 inet6 fe80::213:46ff:fe94:75c3%ath0 prefixlen 64 scopeid 0x1
 ether 00:13:46:94:75:c3
 media: IEEE 802.11 Wireless Ethernet autoselect mode 11g adhoc
 status: associated
 ssid my_ap channel 3 bssid 02:13:46:94:75:c5
 authmode OPEN privacy OFF txpowmax 36 protmode CTS burst bintval 100
 
 I assume that since the bssid shows the MAC address of AP, it is bound.

Why isn't the ath0 card in promisc mode?  I thought it pretty much has
to be in order for the bridge to work (both NICs in my bridge stay in
promisc mode).

I'm not sure if you're using device if_bridge, or options BRIDGE,
but if it's the former, and you're running traffic through pf, take note
of the warning in the if_bridge man page:

The bridge may not forward fragments that have been reassembled by a
packet filter.  In pf(4) fragment reassembly can be disabled in the
scrub option.

That's just my guesses for places to look based on the info you described.

Cheers,
-Wes
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: hosts.allow ?

[Wes Santee]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Karol Kwiatkowski wrote:
 Gerard Seibert wrote:
 Chris Maness wrote:

 Also, sshd can't be started in rc.conf, it has to be started in
 inetd.conf.  Make sure you do a /etc/rc.d/inetd restart after you
 make changes.
 Just out of curiosity, why can 'sshd' not be started from the 
 '/etc/rc.conf' file?
 
 Because Chris wants to limit sshd's connections with 'hosts.allow'
 thing. Correct me if I'm wrong but my understanding is that inetd will
 start ssh daemon every time new connection is made and that's why it's
 not recommended (as written in default hosts.allow file). The
 alternative is running sshd as a daemon and limit connections with,
 say, pf's overload, max-src-conn and max-src-conn-rate.

I'm not sure this is correct.  If you read sshd(8), you'll see in the
FILES section that sshd will read /etc/hosts.allow and /etc/hosts.deny
on its own (i.e. it's compiled/linked with libwrap).  Looking at
/usr/src/crypto/openssh/Makefile.in for the sshd target verifies this.

That's not to say that some work to sshd isn't required to get it to
work outside of inetd.conf.  After hosts.allow is updated, you may need
to send a persistent sshd daemon a HUP to re-read config files, or
something along those lines.  I'm not familiar with whether or not the
functions in libwrap automatically detect changes to the hosts.allow
file, or it's read only when the initialize routines in the library are
called.

Cheers,
- -Wes
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)

iQIVAwUBRB2Ykorq8W17hxGfAQhLbQ//YUH/5DRkecpzl/EwJvwjv0n7N5T3+wU9
u4nzk8We4RGvChcdic5lIbFZxzZbdPQnm9iICAkqgrwC120yTukyD8eb33Awmrdc
CO6FvXnJegvFmf14QONiQRpKj9W6T7RSUq/vhcJJytWSbsYY75JLM7ZEntxp77c6
qQuIYxMpWkopr97xKTw2rGHQbsKW4LxI4ES7U8iAN208F71f9JcFQVB4KiTMdnxD
BdZ+XFHATvHX9OlUTuNE18XP5DrqTJ0n1jPlSH3JuhknaVt+WOVEcG7Zpmewgy+w
GoZJzNJU5+3uLHVUE3APqbQFaBcIZz4VRYVsW0cYWnluQwJcFNF7xwojApvNbGQ+
ojByLHx1Zo3lWdH50us6Cvddrep5iFF03xNpNDxHKDyIq9QopF00uYGCNBU/j238
B/pEj4XlBgduBUsiL7lgegGi95i2XvfIUSJuVQ2gHdvG+DWiFKpMVhumM5E6gj0G
JvKwsfnlBtjzdQ7IeDMrMb0Hlb1x2j4yy7S5xskM/NRcm3dkkVU9kNL9Dwxh5gS0
kA/Sm83hSNaT/Lc11Tqmd2GbQc9jFKhI7l5SM0Camc6ibRK6V2zlMMWWMfT1midQ
qw3gYqXqJ3bxLp5ekvfStbJUG760ILABalytPIDDzK+jfnBRgH7tVBx+Gc2yHest
ayn1YC28zig=
=TMQo
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: How to Stop Bruit Force ssh Attempts?

[Wes Santee]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Chris Maness wrote:
 In my auth log I see alot of bruit force attempts to login via ssh.  Is
 there a way I can have the box automatically kill any tcp/ip
 connectivity to hosts that try and fail a given number of times?  Is
 there a port or something that I can install to give this kind of
 protection.  I'm still kind of a FreeBSD newbie.

security/bruteforeceblocker (requires pf as the firewall)

security/denyhosts (uses tcp_wrappers and /etc/hosts.allow)

security/sshit (requires ipfw as firewall)

I rolled my own solution and haven't used any of these, so I don't know
how well they work in practice.  They probably all require some initial
setup and configuration.

Cheers,
- -Wes



-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)

iQIVAwUBRBxKu4rq8W17hxGfAQh0cQ/+NjUEnYUHJgrLiq49OLvqbsH8XxXecEN0
pL2XnZ8ACv5SIVR7/ng2SO2o4HwRpc0Oio+r5GKRionnkDja4+fxxSr1hwlnQ/cC
ifm00QwSR21m8kCFnKKyl6GfrQAOa8aBXLx1+xT/FYY/wxNB5I2Otoj0BcuGrIMq
3qqhh7DT4ABVYVEtJiu3PcUr6hTU+oNnj/gvlF+lUlEI0m5WbcZPqs8cZXKFwTfa
XuK7X2LvyZMjlibfFPsVWnpCyV31L8dRfy7CrZpfe3y/RsVuww9/tC2ErzNLPlZX
6h9g41G50WNzGsv/DU6VbdiqnHEaKfmtECPH0dL/YSUYqIzC/Jj8i8IeUsL1MoIy
gLaAafy1yPGGFJlkq1erBc/KUQFcPCIoNI0ENvKMwOcbq+c+U+McdmXUqOfggKMZ
aXyklduBAF98+NewIVdAVrv69ImHVbouDj6WsyByGM9qkxFlJ5/vp6n410WUEsmd
+EkAM3h9I47xJ5/MQ/QM4mVuqY+Uqv4hkRR2xrSSXk5yquztCBvKQ94peawOZEQ9
6V6x0MfI9xNqGWvcS2cGVTbrs/TLtAa5yGLyn+TXbfIXVV8gdb9X7scWLW62TePb
b16uiRclzwBmwSyZBcZNDizchpJ9bYBVjDjt1r60PDDyBp4T9swqufdA7ypQVGzh
R7/orRajLkE=
=ztIl
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: hosts.allow ?

[Wes Santee]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Chris Maness wrote:

   
 I tried running sshd off of inetd instead of in daemon mode.  It still
 didn't work.
 
 here is the file:

Notice anything strange about the top?

 # Start by allowing everything (this prevents the rest of the file
 # from working, so remove it when you need protection).
 # The rules here work on a First match wins basis.
 ALL : ALL : allow

You haven't set your hosts.allow policy...this is just letting
everything connect.

Cheers,
- -Wes

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)

iQIVAwUBRBy60orq8W17hxGfAQifJQ/6A6hyzDX4lRU4V0ruCatIWU4pYBG2UkOX
J/zK4ywpjeueUCbpqHYjMZi2SV2xluYgdTgw0ycK6XYme0g5S5jn5N5bo3oemmVQ
8Ba8bnDG533VSKndgbVknfJVGZ3Xg9fE1vyYPgElFECdTUXb5vZLM6sYpZrrAxj+
l4iD5nPVJ/ik57ztYzFTEdxdVn5G006Cmif2mBRiufiYkKJPGgOfAjEderPrs4Ql
OX0IbwLqJbiZTe+ALZu4mWrGG9aARczLzCsQI1f5a+MhMzB4E1Qb0lotHLlb2djM
vPncFhqru14UWIzku/ekvOYfVKCnFhuNRYgZ2SFjGkxbVx0PCH6EFFhfUb1fpPr5
oBdwOEjErP9iYc3OFlvibWTOY6GtQ+fBlREo6fd2kgdFfUHDZMK2htWsPG0NXfgP
ySw9axWrejqYlirC4QC0z6ooau3jPG0it/qVUBxx99ivCzmOCRTUWQ3F9lR3q6f/
QQ/0WIp7fpXAMCvyQkahZLTeYa8cFLyFpRr0KyaDsnAl5s3NvMNTls+AYdE/zl4B
mIP5nFcGKIW5/w0boUwJ//ZXywUamnVSx0sSeKNG73/RxFPmSxnXfK4hi6uEwmv1
M0U8QMHlU3b8Z7NTWgf94aR8tu6seiL51YPylaMRy2RV0krWiLoq5TA3Gpje8hps
kgJGJkzHw/E=
=3vxM
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

cbq not borrowing fully from parent queue

[Wes Santee]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Greetings.

I'm running 6-STABLE using pf and altq/cbq to manage bandwidth on my
wireless adapter.

The setup from pf.conf is this:

altq on $ext_if bandwidth 54Mb cbq queue { internal, external }
queue internal bandwidth 53104Kb priority 7 cbq(borrow)
queue external bandwidth 896Kb priority 4 cbq { highq, defaultq, lowq }
   queue highqbandwidth 40% priority 3 cbq(borrow)
   queue defaultq bandwidth 40% priority 2 cbq(default borrow)
   queue lowq bandwidth 20% priority 1 qlimit 300 cbq(borrow)

The internal queue is for wireless traffic coming from and going to the
internal network.  The external queue (and its children) are for traffic
going upstream to my ISP.  The external queue is set to my max
upstream bandwidth to my ISP, so it can't borrow from the root queue.
All the child queue's under external can (and should) borrow against
the available upstream bandwidth amount if available.

The problem is that packets in lowq are filling up the queue, even
though there is plenty of bandwidth available to borrow from the parent
queue.

Here's a snapshot from pfctl -vvsqueue:

queue  internal bandwidth 53.10Mb priority 7 cbq( borrow )
  [ pkts:401  bytes: 216532  dropped pkts:0 bytes:   0 ]
  [ qlength:   0/ 50  borrows:  0  suspends:  0 ]
  [ measured: 0.0 packets/s, 0 b/s ]
queue  external bandwidth 896Kb priority 4 {highq, defaultq, lowq}
  [ pkts:  0  bytes:  0  dropped pkts:0 bytes:   0 ]
  [ qlength:   0/ 50  borrows:  0  suspends:  0 ]
  [ measured: 0.0 packets/s, 0 b/s ]
queue   highq bandwidth 358.40Kb priority 3 cbq( borrow )
  [ pkts:  0  bytes:  0  dropped pkts:0 bytes:   0 ]
  [ qlength:   0/ 50  borrows:  0  suspends:  0 ]
  [ measured: 0.0 packets/s, 0 b/s ]
queue   defaultq bandwidth 358.40Kb priority 2 cbq( borrow default )
  [ pkts:   7397  bytes:3230740  dropped pkts:0 bytes:   0 ]
  [ qlength:   0/ 50  borrows: 10  suspends:  9 ]
  [ measured: 1.0 packets/s, 4.16Kb/s ]
queue   lowq bandwidth 179.20Kb qlimit 300 cbq( borrow )
  [ pkts:  41643  bytes:   48966175  dropped pkts:0 bytes:   0 ]
  [ qlength: 117/300  borrows:  31513  suspends:   6282 ]
  [ measured:21.1 packets/s, 193.23Kb/s ]


Notice that queue external, the parent of lowq, has plenty of
available bandwidth.  However, lowq has still got a backlog of 117
packets, and refuses to go over 193Kbit/sec.  It is borrowing, but not
enough to keep the queue in check.

Is there a reason the cbq implementation in pf will not aggressively
borrow against the parent queue if the bandwidth is available?  I had to
set the qlimit up to 300 because at 200 it was still dropping packets
even though there was *plenty* of available bandwidth to borrow from the
parent.

Cheers,
- -Wes
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)

iQIVAwUBRBcMmIrq8W17hxGfAQi2HA//cnrbFvZIzOnzKYIsV2GE4IlNA4lC8Wyg
XaZq1yEvqkuA6BgF0V029bgkuCOrKEe6qrOKpygINWLvsCgdNS2RXbgyxSXOkZQ2
IC9giWLV9aZtapR7yo8sK9aKLwhM/ppOtQc1q1tlR4q0NX4El6fKj6QBVqDx2D1Q
qykpAvV23Ew1f7Sl6iqFmOA3d/NUq0knJQCNUD3R3X8cz1N5Cx19hx15Sjb+A1Sg
XRTlo0OzFgwJ67vVS79BAmceZO0gni7VxHbKBdGTklFFIYcykKB+Lv3TLmxJY2l8
CRyfG1ozc7VRQAa1RsbocQfAQ0BTHJ2X0gXd8CfZFIB343Go/4bwWVQrLtpniKnk
Uen8eIlpC0BeCFlDhPOhUT4MapaJxnLgRtVvyqoBJC6J6c54t7K9wrU5PQ8jBbgL
6fhXh/qi5rjTTIPtszDYWI/bZmvYlyOMXAz5zUkFxcHQGkmonizoB2ADonloc3Aw
qQfRjnyc8B+YnYu9F+HyCo0baQylbrmMjb1b0rZbBm2UlXRK7xQKMg0BdWLC3tZH
tFSOXVprx9iKSQL7w7OAuLo2Nyts95eJ/hLLdUF9D1RyHuJWVgys9dnaT3BM/Hge
A3UsmWjcazWJgEk6uy/hRBfB6o0O4GoNRdf7lu5DWStNdxY1HN8c5jSvPUbYZfyB
8g2LTD8CIlI=
=d1NF
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Building a Jail in FreeBSD or NetBSD for a hosting environment

[Wes Santee]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Nick Larsen wrote:
 [snip]
 Also do I need an individual IP for each jail? because each physical server
 will have 1 IP unless the customer requests a dedicated IP.
 
 Any help would be appreciated, and I have tried to research it but end up
 going round in circles.

I found sysutils/ezjail in the ports tree to be very helpful in setting
up jails.  Just needed an up to date buildworld and it did the rest.

http://erdgeist.org/arts/software/ezjail/

On my 6.0 machine it's worked like a charm.  Once you get the hang of
it, you can use the Flavours feature to cut down on post-jail configuration.

As far as I know, you do need 1 IP per jail, which is aliased off the
interface the jail is running under (check out the ifconfig_iface_alias
example in /etc/defaults/rc.conf if you've not done this before).

Hope that helps.

Cheers,
- -Wes

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)

iQIVAwUBRAPdcorq8W17hxGfAQgTfw/8C9VAXS45AeNJQC8R1wQyqKgrke7PybrG
X9vWjqiZXFPY/LGgx0Nlpc5IkZRK+M7GM4LBmF75/A09hMwj6DS82s89gQMfsC/1
TFrPJqmoDK1rDoMe1YMiCR2UcyvD7MEdWOQ9WMmrBK1vgPIBEybbhB+mQWz3tt1f
vZr/wGh113xDDIJqmop7VPPs6AW2py6cpEvrV2NB3vi6YmkX9xBRU+fYQoyN1NPU
pq1HwkqcyG9zbgqnC4L7vyvrmw8d4CpS0VCw6vjx7NY5ZGAWDcPqL+LRpf4X0OpH
KI38jXQBTFJF9SIwVz0pPl/yp85kj0Js3BEmr+OmD3rbuyRZTbXyaxO9LiHiirvl
ZTgeDoDZTx28b4glyV+QRXrk4h4ak/aJ2Pgp7BYIfaYhRppDCKncdGcseDazSQX1
H40Gqnb6DRdVlW4bC9wYdv8ekvVrkPiVWfr3caipi4brzUrewjL7aoMEdt8M+PD7
Kml/gDLWX8tioUhM666q3kvJPPgk9rGfwSRuPtarJ6SYKQbyN/YXb89AeB0wU1P+
ILxl1tvjw15nd32Po9xpuySMIJoEuPoJMTOrRfDEEiM8tj9bJf5HG4mLBPGqKpUi
Ucxbp506LRIvGe9zOHz5rMgXl4UAbAZr7IDYlzjbfR6/wvIT6aNm6BBl6V0uWtBf
9P+dTHFEvZo=
=iRN+
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: dovecot-1.0.alpha5 + mysql

[Wes Santee]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

fa wrote:
 Hi. Sorry if this is a wrong place to ask. I've just compiled
 dovecot-1.0.alpha5 with mysql support.from freebsd
 ports (FreeBSD 6.0-RELEASE). It looks like dovecot has problems connecting
 to mysql. In the log I'm getting:
 
 dovecot: Feb 24 16:57:41 Error: auth-worker(default): mysql: Connect failed
 to (null) (exim): Access denied for user 'root'@'localhost' (using
 password:
 YES) - waiting for 5 seconds before retry
 dovecot: Feb 24 16:57:41 Error: auth-worker(default):
 sql([EMAIL PROTECTED],127.0.0.1): Password query failed: Not connected to
 database
 dovecot: Feb 24 16:57:44 Info: pop3-login: Aborted login:
 user=[EMAIL PROTECTED], method=PLAIN, rip=127.0.0.1, lip=127.0.0.1,
 secured
 
 This is my dovecot-mysql.conf:
 connect = host=localhost dbname=exim user=root password=qwer
 default_pass_scheme = PLAIN
 password_query = SELECT password FROM auth WHERE username = '%u' AND domain
 = '%d'

http://www.dovecot.org/list/dovecot/2005-November/01.html

Check this thread.  If it's the same thing that happened to me, you have
to use OLD_PASSWORD(), not PASSWORD() in MySQL (assuming you're using
5.0) to set your password that dovecot uses to connect.

Cheers,
- -Wes


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)

iQIVAwUBQ/+cO4rq8W17hxGfAQhmIhAAmRpyrCY9731s7CKRtOvaOfExZiFekZRj
1S7YVz4op3BdHmhs5iydvhjLRaLSVYKKDRmubaPWOZbjDsAPdoAsPjyhOTHBTvuA
vzRaiR2XFj8m77qhYDnzd031RZz7MPUCXYkxOXs5NBa5hRQSvaxWJOYDXO81/p4i
wMUnyUaht974OurWaZaT56JIEg1AnJRY7wurx5Q1i6ZcNLBIkM39neVbkkI18rMS
rFUbc2L2l27745ttKLW1xqX7dkkyAKW+M/cz2n3IDIjfa31cue5u4ddFS2RYMD+f
1sMt2M5UMsxwPlLpBdI7kZYw7j5nwVuoYlsSShbKKyZBoTCgDKHUomIiuYIjwkrP
3DB3DH1R+yUZcvrR92JDZ2t80QpzyM7gckRCR5ig7aQdNg667SaFhvrpOlbDw9JJ
rfryHhtsK6mKqMd8J+y14PTGDzvUZTYF6UIhDJFEvJos+XBDeG7Co82ZlgH7MY/f
/QZ0fTH6YOonfy5KY0UL+HUCv/VHwrSMpp/wZsLh1A7Y2xJC8yFsOKUIy42DkARH
2Yg4Z4GwxFRt7bUvcVeeutBQrVNLBf5/vOpq2SlGbJtzKPPhCAz7FIGAbw4qF2TE
1TLTPcDum/ugJeKRcv6/PaIIgvdHJ+ZU9Ydl2hmXMafI90e16RLO5XGjr0EJHTyF
Lvk1CpyOxME=
=nKqV
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

linux-expat fails to install

[Wes Santee]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hello!

I'm doing a general ports update using portmanager -u on my 6-STABLE
box.  This is from a portsnap updated today.  Portmanager updated
linux-base to 8.8.0_12, and is now trying to update linux-expat (no
version change, just because it was built with an old dependency).

However, during the install phase, I get this...


===  Installing for linux-expat-1.95.7
===   linux-expat-1.95.7 depends on file:
/compat/linux/etc/redhat-release - found
/bin/rm -rf /usr/ports/textproc/linux-expat/work/expat-1.95.7/tmp
/bin/mkdir -p /usr/ports/textproc/linux-expat/work/expat-1.95.7/tmp
cd /usr/ports/textproc/linux-expat/work/expat-1.95.7/tmp;  rpm2cpio 
/usr/ports/distfiles/rpm/expat-1.95.7-4.i386.rpm | /usr/bin/cpio -div;
/usr/bin/find * -type f -o -type l 
/usr/ports/textproc/linux-expat/work/plist
./usr/bin/xmlwf
./usr/lib/libexpat.so.0
./usr/lib/libexpat.so.0.5.0
./usr/share/doc/expat-1.95.7
./usr/share/doc/expat-1.95.7/COPYING
./usr/share/doc/expat-1.95.7/README
./usr/share/man/man1/xmlwf.1.gz
307 blocks
echo @dirrm usr/share/doc/expat-1.95.7 
/usr/ports/textproc/linux-expat/work/plist
===   Generating temporary packing list
===  Checking if textproc/linux-expat already installed
expat-1.95.7-4.i386.rpm
ELF binary type 3 not known.
execution of expat-1.95.7-4 script failed, exit status 255
ELF binary type 3 not known.
/compat/linux/sbin/ldconfig: 1: Syntax error: ( unexpected
*** Error code 2

Stop in /usr/ports/textproc/linux-expat.
*** Error code 1

Stop in /usr/ports/textproc/linux-expat.
- 
restoring original port from backup
MGPMrUpdate 0.4.1_4 command: #12 of 14!! ***Emergancy restore***
pkg_add /tmp/linux-expat-1.95.7.tgz


Anyone know where I might find the script it's trying to run, or have
any idea what's going on?  First time I've ever seen anything like this
happen.

Cheers,
- -Wes
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)

iQIVAwUBQ+Q0R4rq8W17hxGfAQgrEw//UsSYWeWqguVosHQiZ+ngsEHJBQLfv9UZ
bDHkbM27GXFzirQoGwpXCoKF7oBZzr9+P9MGLzoXOnao038rw1CQUE5l3g9vR7Qq
aIL6uDBxYG1P41arNTyIm7PQ50ZvxU0nC8ok6KYS81/81bNmA84ZkbcPoxRxvyfX
6wvgBMAUeisPs7MR4FSgNGi4MfGRAmxnsRmV0n/4Sxax4ZQSpYx4jMl3GvyVDeMc
jAYYXL9LRqlgN6Y3zW6g7+cfW9dAhaoJz/Zu9v4W64G5H1fmzipllNMDE5Y38e7E
EGXCS7iFUyhD045FhPrHEXMb+RsLTJVGQdE94bzmjg/UQVtAtPqFC7yyhrAT7A5q
07K7lrSjnfv2xRT2/52HmK+yuMc5VOltL+6zBrNJpwQ52a4cuJqssfP5UkCmJ/dc
Pu6gji4dh8bg1uhu1UI9s2qIteME+dG9gCtkMsfcp77KUp+Hwl4pC9KVpHW0P08b
1yPuxyXMGYpLiOCUmX2U22fXR4hK+N4canvuIZjtmRDu6N4lzRRrdZxswtrHV2/t
Z72je1TqL9csTM+C+PQqqD7oOt90P2DZGTAoS4tx202w61ZpDwgrZH9ZIEAt5a3z
q5IdIZIRacx/HhNhN/MOvgbQ4wwq4fThZ9+wTntwsFbxwQQPdG7IvrmeQSxSlqP6
Mxy9f8AK3A8=
=ZwCW
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Gnome port forcing Apache 2.0 on me during install

[Wes Santee]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Greetings,

I run Apache 1.3+ssl on a computer that I'm installing Gnome 2.12.2 via
the meta-port in x11/gnome2.  As part of that install, it builds and
installs www/gnome-user-share.  *That* port forces the www/apache20 port
upon me.

Since my version of Apache conflicts with the version it wants,
portmanager dutifully uninstalls my version and installs 2.0 in an
unconfigured state.

Seems to me there should be some sort of warning, opt-out choice, or
choice to pick a different http server (if gnome-user-share permits it)
before doing this to a user.  There are a lot of http servers listed and
maintained in the ports tree.

Are my only options to either suck it up and configure Apache 2.0 for my
~ machine, or ditch gnome-user-share and tell portmanager to never
install it so I can run the web server I want?

Cheers,
- -Wes
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)

iQIVAwUBQ6G2p4rq8W17hxGfAQh1Gg//VkWExdYQGrR4rKjHjaK6G8t7sxi5CNgL
JTnq55ihSzK6PK40GuHn2UIhfXFm7kY3lst7GSkN2QxtyhHRRyOWM6Z3+pOm6G6q
+L3RUmpqDtqJP5AeyIJcK7LPvgyRX2nRT1DEcbwNfxGWd5XVJhvK7pOASL+MElq7
xrjcBaaZgVuLXa0lv2fdd8EXiuE/xRGWPw0vTc/AdXJS4B/koa6iOVXism20g6ML
1uJMdHM3N+hvi5+NAPaKauDUDG2+DbmfDLBxJXS/S+Y24YrmCDYOSxlpgvW9os4L
dyeChyCBL0TV75CIM+CuYp3oSXfIkFwHgzhFqEyDDkQj2GUR3G1o/yDoqObaYj5y
2/4N+7DLGeaMxwmGZLxIYvopyqmW/mAPnj2QuNlJLPQY6kywllwsBt0xi9ET18Qo
Fof2vS8ptxbSNPNjNrcgikonyKe2tksOXv4ixOw3p4Ps6rY9ANJl1MkHZZ7ELhdd
oigU9/P5bGNbT9EEvBOac6OaVuLyin0g/mZObA9xuNNnVyzQQCfNhRcwct5U/UkM
v/45PMmayDHGMBG4NRgg6fOps5+JYNduZk2InEYyHYCO3DDZC0lrYh3comQVQ4iY
2SnCw+WQfo9xTpEOwMrxK+WTuF1IaQ2HNsyp7oVzYVfrMWMX91/n8Yj0A+teVS2w
uUlwJypBMf4=
=0eM8
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Gnome port forcing Apache 2.0 on me during install

[Wes Santee]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Michael C. Shultz wrote:
| On Thursday 15 December 2005 10:32, Wes Santee wrote:
|
|Greetings,
|
|I run Apache 1.3+ssl on a computer that I'm installing Gnome 2.12.2 via
|the meta-port in x11/gnome2.  As part of that install, it builds and
|installs www/gnome-user-share.  *That* port forces the www/apache20 port
|upon me.
|[snip]
|
| The only gnome port I can find that as that port as a dependency is
| x11/gnome2-power-tools, not x11/gnome2.
|
| -Mike

You're right.  Originally when I installed Gnome2, I used the
gnome2-lite meta-port.  It lists other ports to install to get the more
full featured Gnome.  After I while I removed the gnome2-lite port and
installed the gnome2 full port since I was slowly adding the add-on
ports it mentioned anyway.  I assumed the bits I had already added were
part of the full port.

Guess I can just delete the port and be done with it.  That solution
doesn't really address the larger issue of a port that will toss your
HTTP server out without so much as a how-do-you-do, but at least I can
go back to my known configuration easily enough.

Cheers,
- -Wes
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)

iQIVAwUBQ6HHz4rq8W17hxGfAQhZjQ/9HDsPaj5efTxIG2LTXxIDgU/f1Zr47XKG
/Z0rV+VJ5VLhNfNnwy67cFJ2OgriucgToY0BbN0KjWk+uvRPaLV8w2ca/UvHp6HX
IY4VvfCyrx0QIpjKHhB4aCBjcHy8zvWCnvNlUriUzM26dnZ38Vs2gvKgkcBPmVwH
9GvqX/dPk5r0MnOA8FlfszWFfuLvLZFUTBbd3ZxCE7HlFa4JdhWLm5oC50KqG1Wt
+PzIjwundw3HLr/v9SaVEP1KYngpFQbL9e0VzxXEv1L+1GEwQpv2zeNs9yU/qUzK
ny/tH7L80XZ36n/pNPwfMTmPDIJY4IR9GcWI1RUmHFrdf7h3OglA79Ucdf+JTLpT
UJt05cqW4wtVcyqnWzYY6rgul4ehCD79+OOiZEJwq6xBbsAZtkuLg0G4p6dsrOKp
RLqJ3XylIzxFQK6JvXfs2lPFkygxk40iq31+cOU0z/cfM9Z27+LoXy8A8ct7SjDE
OiV9etK5I6q8nXCKfRxzHGl+fvfhIdjltKpaqxdj2PBFhl7UkE88azgElscxw5QD
HTMLCj0eJQB+h4xFd4BV4QduZZFnng3P2ArtDAEA9Eg3BPa5JwnktpnXo4UYsdRP
4p6XcUL03xztxce7xqzfLBEMujSkvkoUH+gEK0omiRYcbk18MyFWCeW2ZCMVWIGN
HZKDvlqpdMA=
=752p
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Portmanager 0.3.9 asserting

[Wes Santee]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Just updated to portmanager 0.3.9 from 0.3.7 and now every command
(except --help) is causing an assert:

$ sudo portmanager --version

rParseCommandLine 0.3.9_1

$ sudo portmanager --status
MGdbRead error: unable to open file /usr/local/share/portmanager/pkgtools.db
system message: No such file or directory
Assertion failed: (0), function MGdbRead, file MGdbRead.c, line 65.
Abort trap: 6 (core dumped)

Sure enough, there is no pkgtools.db.  Since this doesn't get installed
with the port, I'm assuming it's supposed to be dynamically created.

Just using the default pm-020.conf file installed with the updated port:

$ sudo cp pm-020.conf.SAMPLE pm-020.conf

Anyone else having problems?  I'm on 6.0-RELEASE, BTW.

Cheers,
- -Wes
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)

iQIVAwUBQ4fNLYrq8W17hxGfAQj/lw//R/AzvgyR1xaxCq8j6jaJqxQeq+X1SEL9
YgV3FXkcZC9SmqWbWaFxRBfsXJ1w9h516Y0wIUOMANme+Ee5Vx8AQ6w/AxP9O88+
pyAaUEKSjrub43m0krPL9hW6gELg8K1KqxKopbVNxdELg8d46WVTXSNnwR+NIR1a
cWqu9CmNpjlKHdmj+Ub4X6K7z85H9/t3elECn+fqBC2iNgrD1PPrmhi9+S0Jm9SR
dGBt1PNv4GhTFfbGLXC/xeHnPrlAnBvgGBIoA2NE5Hull6KWNJ7febXkyAn3Vie2
B5jLNA9tX1bCvSPwOgbSOCTOG5T+Qri8LPC//JjMtSy0lVwNJiXH/YLBqThIlODA
3QFeFDanITVIoHVLLjbhCey11SixJskqryWXQyB+vZi7MVTTeYYx9Jbrr0ww1gpd
061w3EiRQwwoVTM6RlbyDC4SjEkK3ljaRTPJ14qivHgouO7lAPlBE+nuNJvuVS3C
HA1T4TqmmZino2fvlwAe3Ld43pWPcZW5t9Kt9KZb20uLMgYW27PH62m+wSGPGlYl
F2FBNjKhbZfWNFaxGA0bjxC3EPbmPI4ggub1189EEz7cXGViGy65ldvd73TvIzn4
i2OAE1saEdCAsj7QrfQSnJ/muFHdx7q1lu+OtpWrQVDOB90rYWZkYAiVV1ENRC9c
LZ4j0RDyLl8=
=+oq0
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Removing pre-6.0 libraries

[Wes Santee]

Greetings!

I've done a buildworld/kernel/installworld/mergemaster update from
5.4-STABLE to 6.0-RELEASE.  Everything went without a hitch.

I'm in the process of completely rebuilding all my installed ports
(portmanager -u -f).  After that, I'll be removing 'options
COMPAT_FREEBSD5' from my kernel.  Once that is done, is there a command
or some other way to remove all the 5.x compatibility libraries from
/usr/lib and other places?

Is there anything else I'll need to do to make sure I'm not still
dependent on 5.x libraries?

Cheers,
-Wes
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Removing pre-6.0 libraries

[Wes Santee]

dick hoogendijk wrote:

On Sat, 12 Nov 2005 12:35:51 -0800
Wes Santee [EMAIL PROTECTED] wrote:
  

I'm in the process of completely rebuilding all my installed ports
(portmanager -u -f).  After that, I'll be removing 'options
COMPAT_FREEBSD5' from my kernel.
Is there anything else I'll need to do to make sure I'm not still
dependent on 5.x libraries?


[snip example]

And this is just one example. So, afaik, you can't be sure you don't
need compat5x Maybe it's not a bad idea to leave the compat5x option
alone (?).
  


Looks like my attempt to be concise ending up being too terse. :)  I
have no software on my system that I cannot rebuild from sources.  If I
were to acquire such software, I'd rather have to add the compat libs as
as port (and re-add the options flag to the kernel) then have them as
legacy libs hanging around after an upgrade.

That does give me an idea, however.  I can probably use the contents of
the compat5 port to find out what libs are specific to that version.

Cheers,
-Wes

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

LAN unreachable after 5.3 install

[Wes Santee]

Greetings all,

I've just completed update from 4.9 to 5.3 and so far not much is
working.  I went the format and install route to minimize
incompatibilities.  After the install, the first thing I wanted to do
was get my network up and running.

I've got a pretty standard setup: LAN on one NIC, PPPoE Internet on
the other NIC with NAT addressing.  Ignore the PPPoE and gateway side
of things for a bit, my problem is that after install, I can't see my
LAN.  From the FreeBSD box I try this:

ping -S 10.0.0.1 10.0.0.254

but none of the pings are responded to.  From 10.0.0.254, I try
pinging 10.0.0.1, but the result is the same.

Okay, here is the WEIRD part:  When I run tcpdump to see what's going
on, all of a sudden everything starts working!  It's as if going into
promiscuous mode shuts off some kind of block that I can't figure out.
 When I kill tcpdump, it goes back to not working again.

Any ideas what is causing this or how to fix it?  I strolled through
the install notes, but I don't even know what I'm looking for.  That
makes searching the mailing list archives difficult also.

Cheers,
-Wes
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: LAN unreachable after 5.3 install

[Wes Santee]

On Mon, 15 Nov 2004 12:39:49 +, Josh Paetzel [EMAIL PROTECTED] wrote:
 On Monday 15 November 2004 18:22, Wes Santee wrote:
  my problem is that after install, I can't
  see my LAN.  From the FreeBSD box I try this:
 
  ping -S 10.0.0.1 10.0.0.254
 
  but none of the pings are responded to.  From 10.0.0.254, I try
  pinging 10.0.0.1, but the result is the same.
 
  Okay, here is the WEIRD part:  When I run tcpdump to see what's
  going on, all of a sudden everything starts working!  It's as if
  going into promiscuous mode shuts off some kind of block that I
  can't figure out. When I kill tcpdump, it goes back to not working
  again.
 
 The output of ifconfig may be useful in tracking down your problem

Sure, here it is.  xl1 is the LAN interface, tun0-xl0 is the PPPoE interface:

[EMAIL PROTECTED]:/etc] 7 $ ifconfig -a
xl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
options=8VLAN_MTU
ether 00:60:97:a7:c9:01
media: Ethernet autoselect (100baseTX full-duplex)
status: active
xl1: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
options=9RXCSUM,VLAN_MTU
inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255
ether 00:10:5a:9a:11:8c
media: Ethernet autoselect (100baseTX full-duplex)
status: active
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff00
tun0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1492
inet 216.113.200.107 -- 216.113.192.225 netmask 0x
Opened by PID 1895

Notice there are no IPv6 configurations.  I put
net.inet6.ip6.auto_linklocal=0 in /etc/sysctl.conf as part of a
troubleshooting test to get PPPoE to work(*).  I left it in after I
got PPPoE working because I don't use IPv6, but removing options
INET6 from the kernel makes pf, ipfilter, and ipfw klds complain
loudly.

Cheers,
-Wes

(*) Long story.  It took over 8 hours to get the PPPoE connection
working after the install.  tcpdump would segfault during the PPP
handshaking do I couldn't even figure out what was going on.  I
finally got it to work by putting disable ipv6cp in my ppp.conf
file.  Otherwise it would sit and wait for carrier forever after the
first attempt.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: [SOLVED] LAN unreachable after 5.3 install

[Wes Santee]

On Mon, 15 Nov 2004 11:02:11 -0800, Wes Santee [EMAIL PROTECTED] wrote:
 On Mon, 15 Nov 2004 12:39:49 +, Josh Paetzel [EMAIL PROTECTED] wrote:
  On Monday 15 November 2004 18:22, Wes Santee wrote:
   my problem is that after install, I can't
   see my LAN.  From the FreeBSD box I try this:
  
   ping -S 10.0.0.1 10.0.0.254
  
   but none of the pings are responded to.  From 10.0.0.254, I try
   pinging 10.0.0.1, but the result is the same.
  
   Okay, here is the WEIRD part:  When I run tcpdump to see what's
   going on, all of a sudden everything starts working!  It's as if
   going into promiscuous mode shuts off some kind of block that I
   can't figure out. When I kill tcpdump, it goes back to not working
   again.
 
  The output of ifconfig may be useful in tracking down your problem
 
 Sure, here it is.  xl1 is the LAN interface, tun0-xl0 is the PPPoE interface:
 
 [EMAIL PROTECTED]:/etc] 7 $ ifconfig -a
 xl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
 options=8VLAN_MTU
 ether 00:60:97:a7:c9:01
 media: Ethernet autoselect (100baseTX full-duplex)
 status: active
 xl1: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
 options=9RXCSUM,VLAN_MTU
 inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255
 ether 00:10:5a:9a:11:8c
 media: Ethernet autoselect (100baseTX full-duplex)
 status: active
 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384
 inet6 ::1 prefixlen 128
 inet 127.0.0.1 netmask 0xff00
 tun0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1492
 inet 216.113.200.107 -- 216.113.192.225 netmask 0x
 Opened by PID 1895
 

Well, I've solved this, kind of.  I noticed that hosts on my LAN had
no problems pinging each other.  Only pinging 10.0.0.1 or originating
a ping from 10.0.0.1 would fail.

Then I swapped the interfaces (made xl0 internal, and xl1 the PPPoE
interface).  The problem swapped with it.  Now I could see my LAN
(ping from 10.0.0.1 to all LAN hosts, and vice versa), but I couldn't
connect to my ISP.  I din't really suspect the card as it did work if
I did the tcpdump trick.

So then I thought it might be some weird IRQ/PCI conflict and took out
an unused PCI card (SB Live), and moved the NICs so they wouldn't be
sharing IRQs.  This didn't solve the problem either.

You notice that PROMISC in the flags for xl1 above?  That's because I
took the ifconfig while tcpdump was running on that interface.  As a
desperation move, I just tacked promisc on to the end of the
interface configuration in rc.conf and rebooted.  Now everything works
fine.  I don't know why, but the interface must be in promiscious mode
to work.  It worked fine as is on my FreeBSD 4.9 machine, so I really
have no idea what's up.

A look at dmesg shows this:

xl0: 3Com 3c905-TX Fast Etherlink XL port 0xa400-0xa43f irq 15 at device 10.0
on pci0
xl1: 3Com 3c905B-TX Fast Etherlink XL port 0xa000-0xa07f mem 0xdd80-0xdd80
007f irq 10 at device 11.0 on pci0

Any clues here as to what might be up?  Perhaps this is something to
do with the RXCSUM flag?  Maybe I should turn it off?  I don't really
want to continue blindly trying things without some idea of what I'm
trying to affect.  If anyone has any other intellegent ideas, I'm all
ears.  If not, I'll leave it as is.

Cheers,
-Wes
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: how to make bind listen only to 127.0.0.1

[Wes Santee]

On Mon, Jan 06, 2003 at 11:20:53PM +0100, Wiroth Didier wrote:
 Hey,
 I would like to run bind as a caching only server (v 8.3.3
 from 4.7-release). I would also like that it only listens
 on port 127.0.0.1, but how? I tried this entry in
 named.conf, but it didn't work:
 query-source address 127.0.0.1 port 53;
 
 It still listens on the real ip address?
 sockstat -4 shows:
 root named  296   20 udp4   192.168.0.2:53
 
 root named  296   21 tcp4   192.168.0.2:53
root named  296   22 udp4   127.0.0.1:53
  
 
 What do I have to change so it named only listens to
 127.0.0.1?
 

'man named.conf', and look for the 'listen-on' directive.

options {
// Your options

listen-on {
  127.0.0.1;
};
};

// Other BIND directives

Cheers,
-Wes

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message