Re: Bridge, networking, wireless cards, and ypbind.... (*sigh*
Paul Pathiakis wrote: On Saturday 10 June 2006 01:00, you wrote: Paul Pathiakis wrote: Seems that once I rebooted, both interfaces came up in promiscuous mode, so that's a no go now. I still believe it to be a frag/UDP/RPC issue. Wes do you or anyone else have any further insight? Well, I don't run NIS, so I'm not sure I'll be much more help. I imagine that by default ypbind is broadcasting to find a server (ayup, just checked the manpage for it). Are you seeing those broadcasts come across the bridge (via tcpdump)? If not, does the -m switch to ypbind help at all? If none of that helps, someone with more NIS experience will probably need to step in to help. Cheers, -Wes ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bridge, networking, wireless cards, and ypbind.... (*sigh*
Paul Pathiakis wrote: my rc.conf has: ifconfig_ath0=inet 192.168.1.24 netmask 0xff00 ssid my_ap mode 11g mediaopt adhoc defautrouter=192.168.1.12 nis_client_enable=YES ifconfig -a shows: ath0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet6 fe80::213:46ff:fe94:75c3%ath0 prefixlen 64 scopeid 0x1 ether 00:13:46:94:75:c3 media: IEEE 802.11 Wireless Ethernet autoselect mode 11g adhoc status: associated ssid my_ap channel 3 bssid 02:13:46:94:75:c5 authmode OPEN privacy OFF txpowmax 36 protmode CTS burst bintval 100 I assume that since the bssid shows the MAC address of AP, it is bound. Why isn't the ath0 card in promisc mode? I thought it pretty much has to be in order for the bridge to work (both NICs in my bridge stay in promisc mode). I'm not sure if you're using device if_bridge, or options BRIDGE, but if it's the former, and you're running traffic through pf, take note of the warning in the if_bridge man page: The bridge may not forward fragments that have been reassembled by a packet filter. In pf(4) fragment reassembly can be disabled in the scrub option. That's just my guesses for places to look based on the info you described. Cheers, -Wes ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: hosts.allow ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Karol Kwiatkowski wrote: Gerard Seibert wrote: Chris Maness wrote: Also, sshd can't be started in rc.conf, it has to be started in inetd.conf. Make sure you do a /etc/rc.d/inetd restart after you make changes. Just out of curiosity, why can 'sshd' not be started from the '/etc/rc.conf' file? Because Chris wants to limit sshd's connections with 'hosts.allow' thing. Correct me if I'm wrong but my understanding is that inetd will start ssh daemon every time new connection is made and that's why it's not recommended (as written in default hosts.allow file). The alternative is running sshd as a daemon and limit connections with, say, pf's overload, max-src-conn and max-src-conn-rate. I'm not sure this is correct. If you read sshd(8), you'll see in the FILES section that sshd will read /etc/hosts.allow and /etc/hosts.deny on its own (i.e. it's compiled/linked with libwrap). Looking at /usr/src/crypto/openssh/Makefile.in for the sshd target verifies this. That's not to say that some work to sshd isn't required to get it to work outside of inetd.conf. After hosts.allow is updated, you may need to send a persistent sshd daemon a HUP to re-read config files, or something along those lines. I'm not familiar with whether or not the functions in libwrap automatically detect changes to the hosts.allow file, or it's read only when the initialize routines in the library are called. Cheers, - -Wes -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBRB2Ykorq8W17hxGfAQhLbQ//YUH/5DRkecpzl/EwJvwjv0n7N5T3+wU9 u4nzk8We4RGvChcdic5lIbFZxzZbdPQnm9iICAkqgrwC120yTukyD8eb33Awmrdc CO6FvXnJegvFmf14QONiQRpKj9W6T7RSUq/vhcJJytWSbsYY75JLM7ZEntxp77c6 qQuIYxMpWkopr97xKTw2rGHQbsKW4LxI4ES7U8iAN208F71f9JcFQVB4KiTMdnxD BdZ+XFHATvHX9OlUTuNE18XP5DrqTJ0n1jPlSH3JuhknaVt+WOVEcG7Zpmewgy+w GoZJzNJU5+3uLHVUE3APqbQFaBcIZz4VRYVsW0cYWnluQwJcFNF7xwojApvNbGQ+ ojByLHx1Zo3lWdH50us6Cvddrep5iFF03xNpNDxHKDyIq9QopF00uYGCNBU/j238 B/pEj4XlBgduBUsiL7lgegGi95i2XvfIUSJuVQ2gHdvG+DWiFKpMVhumM5E6gj0G JvKwsfnlBtjzdQ7IeDMrMb0Hlb1x2j4yy7S5xskM/NRcm3dkkVU9kNL9Dwxh5gS0 kA/Sm83hSNaT/Lc11Tqmd2GbQc9jFKhI7l5SM0Camc6ibRK6V2zlMMWWMfT1midQ qw3gYqXqJ3bxLp5ekvfStbJUG760ILABalytPIDDzK+jfnBRgH7tVBx+Gc2yHest ayn1YC28zig= =TMQo -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to Stop Bruit Force ssh Attempts?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chris Maness wrote: In my auth log I see alot of bruit force attempts to login via ssh. Is there a way I can have the box automatically kill any tcp/ip connectivity to hosts that try and fail a given number of times? Is there a port or something that I can install to give this kind of protection. I'm still kind of a FreeBSD newbie. security/bruteforeceblocker (requires pf as the firewall) security/denyhosts (uses tcp_wrappers and /etc/hosts.allow) security/sshit (requires ipfw as firewall) I rolled my own solution and haven't used any of these, so I don't know how well they work in practice. They probably all require some initial setup and configuration. Cheers, - -Wes -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBRBxKu4rq8W17hxGfAQh0cQ/+NjUEnYUHJgrLiq49OLvqbsH8XxXecEN0 pL2XnZ8ACv5SIVR7/ng2SO2o4HwRpc0Oio+r5GKRionnkDja4+fxxSr1hwlnQ/cC ifm00QwSR21m8kCFnKKyl6GfrQAOa8aBXLx1+xT/FYY/wxNB5I2Otoj0BcuGrIMq 3qqhh7DT4ABVYVEtJiu3PcUr6hTU+oNnj/gvlF+lUlEI0m5WbcZPqs8cZXKFwTfa XuK7X2LvyZMjlibfFPsVWnpCyV31L8dRfy7CrZpfe3y/RsVuww9/tC2ErzNLPlZX 6h9g41G50WNzGsv/DU6VbdiqnHEaKfmtECPH0dL/YSUYqIzC/Jj8i8IeUsL1MoIy gLaAafy1yPGGFJlkq1erBc/KUQFcPCIoNI0ENvKMwOcbq+c+U+McdmXUqOfggKMZ aXyklduBAF98+NewIVdAVrv69ImHVbouDj6WsyByGM9qkxFlJ5/vp6n410WUEsmd +EkAM3h9I47xJ5/MQ/QM4mVuqY+Uqv4hkRR2xrSSXk5yquztCBvKQ94peawOZEQ9 6V6x0MfI9xNqGWvcS2cGVTbrs/TLtAa5yGLyn+TXbfIXVV8gdb9X7scWLW62TePb b16uiRclzwBmwSyZBcZNDizchpJ9bYBVjDjt1r60PDDyBp4T9swqufdA7ypQVGzh R7/orRajLkE= =ztIl -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: hosts.allow ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chris Maness wrote: I tried running sshd off of inetd instead of in daemon mode. It still didn't work. here is the file: Notice anything strange about the top? # Start by allowing everything (this prevents the rest of the file # from working, so remove it when you need protection). # The rules here work on a First match wins basis. ALL : ALL : allow You haven't set your hosts.allow policy...this is just letting everything connect. Cheers, - -Wes -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBRBy60orq8W17hxGfAQifJQ/6A6hyzDX4lRU4V0ruCatIWU4pYBG2UkOX J/zK4ywpjeueUCbpqHYjMZi2SV2xluYgdTgw0ycK6XYme0g5S5jn5N5bo3oemmVQ 8Ba8bnDG533VSKndgbVknfJVGZ3Xg9fE1vyYPgElFECdTUXb5vZLM6sYpZrrAxj+ l4iD5nPVJ/ik57ztYzFTEdxdVn5G006Cmif2mBRiufiYkKJPGgOfAjEderPrs4Ql OX0IbwLqJbiZTe+ALZu4mWrGG9aARczLzCsQI1f5a+MhMzB4E1Qb0lotHLlb2djM vPncFhqru14UWIzku/ekvOYfVKCnFhuNRYgZ2SFjGkxbVx0PCH6EFFhfUb1fpPr5 oBdwOEjErP9iYc3OFlvibWTOY6GtQ+fBlREo6fd2kgdFfUHDZMK2htWsPG0NXfgP ySw9axWrejqYlirC4QC0z6ooau3jPG0it/qVUBxx99ivCzmOCRTUWQ3F9lR3q6f/ QQ/0WIp7fpXAMCvyQkahZLTeYa8cFLyFpRr0KyaDsnAl5s3NvMNTls+AYdE/zl4B mIP5nFcGKIW5/w0boUwJ//ZXywUamnVSx0sSeKNG73/RxFPmSxnXfK4hi6uEwmv1 M0U8QMHlU3b8Z7NTWgf94aR8tu6seiL51YPylaMRy2RV0krWiLoq5TA3Gpje8hps kgJGJkzHw/E= =3vxM -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
cbq not borrowing fully from parent queue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Greetings. I'm running 6-STABLE using pf and altq/cbq to manage bandwidth on my wireless adapter. The setup from pf.conf is this: altq on $ext_if bandwidth 54Mb cbq queue { internal, external } queue internal bandwidth 53104Kb priority 7 cbq(borrow) queue external bandwidth 896Kb priority 4 cbq { highq, defaultq, lowq } queue highqbandwidth 40% priority 3 cbq(borrow) queue defaultq bandwidth 40% priority 2 cbq(default borrow) queue lowq bandwidth 20% priority 1 qlimit 300 cbq(borrow) The internal queue is for wireless traffic coming from and going to the internal network. The external queue (and its children) are for traffic going upstream to my ISP. The external queue is set to my max upstream bandwidth to my ISP, so it can't borrow from the root queue. All the child queue's under external can (and should) borrow against the available upstream bandwidth amount if available. The problem is that packets in lowq are filling up the queue, even though there is plenty of bandwidth available to borrow from the parent queue. Here's a snapshot from pfctl -vvsqueue: queue internal bandwidth 53.10Mb priority 7 cbq( borrow ) [ pkts:401 bytes: 216532 dropped pkts:0 bytes: 0 ] [ qlength: 0/ 50 borrows: 0 suspends: 0 ] [ measured: 0.0 packets/s, 0 b/s ] queue external bandwidth 896Kb priority 4 {highq, defaultq, lowq} [ pkts: 0 bytes: 0 dropped pkts:0 bytes: 0 ] [ qlength: 0/ 50 borrows: 0 suspends: 0 ] [ measured: 0.0 packets/s, 0 b/s ] queue highq bandwidth 358.40Kb priority 3 cbq( borrow ) [ pkts: 0 bytes: 0 dropped pkts:0 bytes: 0 ] [ qlength: 0/ 50 borrows: 0 suspends: 0 ] [ measured: 0.0 packets/s, 0 b/s ] queue defaultq bandwidth 358.40Kb priority 2 cbq( borrow default ) [ pkts: 7397 bytes:3230740 dropped pkts:0 bytes: 0 ] [ qlength: 0/ 50 borrows: 10 suspends: 9 ] [ measured: 1.0 packets/s, 4.16Kb/s ] queue lowq bandwidth 179.20Kb qlimit 300 cbq( borrow ) [ pkts: 41643 bytes: 48966175 dropped pkts:0 bytes: 0 ] [ qlength: 117/300 borrows: 31513 suspends: 6282 ] [ measured:21.1 packets/s, 193.23Kb/s ] Notice that queue external, the parent of lowq, has plenty of available bandwidth. However, lowq has still got a backlog of 117 packets, and refuses to go over 193Kbit/sec. It is borrowing, but not enough to keep the queue in check. Is there a reason the cbq implementation in pf will not aggressively borrow against the parent queue if the bandwidth is available? I had to set the qlimit up to 300 because at 200 it was still dropping packets even though there was *plenty* of available bandwidth to borrow from the parent. Cheers, - -Wes -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBRBcMmIrq8W17hxGfAQi2HA//cnrbFvZIzOnzKYIsV2GE4IlNA4lC8Wyg XaZq1yEvqkuA6BgF0V029bgkuCOrKEe6qrOKpygINWLvsCgdNS2RXbgyxSXOkZQ2 IC9giWLV9aZtapR7yo8sK9aKLwhM/ppOtQc1q1tlR4q0NX4El6fKj6QBVqDx2D1Q qykpAvV23Ew1f7Sl6iqFmOA3d/NUq0knJQCNUD3R3X8cz1N5Cx19hx15Sjb+A1Sg XRTlo0OzFgwJ67vVS79BAmceZO0gni7VxHbKBdGTklFFIYcykKB+Lv3TLmxJY2l8 CRyfG1ozc7VRQAa1RsbocQfAQ0BTHJ2X0gXd8CfZFIB343Go/4bwWVQrLtpniKnk Uen8eIlpC0BeCFlDhPOhUT4MapaJxnLgRtVvyqoBJC6J6c54t7K9wrU5PQ8jBbgL 6fhXh/qi5rjTTIPtszDYWI/bZmvYlyOMXAz5zUkFxcHQGkmonizoB2ADonloc3Aw qQfRjnyc8B+YnYu9F+HyCo0baQylbrmMjb1b0rZbBm2UlXRK7xQKMg0BdWLC3tZH tFSOXVprx9iKSQL7w7OAuLo2Nyts95eJ/hLLdUF9D1RyHuJWVgys9dnaT3BM/Hge A3UsmWjcazWJgEk6uy/hRBfB6o0O4GoNRdf7lu5DWStNdxY1HN8c5jSvPUbYZfyB 8g2LTD8CIlI= =d1NF -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Building a Jail in FreeBSD or NetBSD for a hosting environment
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Nick Larsen wrote: [snip] Also do I need an individual IP for each jail? because each physical server will have 1 IP unless the customer requests a dedicated IP. Any help would be appreciated, and I have tried to research it but end up going round in circles. I found sysutils/ezjail in the ports tree to be very helpful in setting up jails. Just needed an up to date buildworld and it did the rest. http://erdgeist.org/arts/software/ezjail/ On my 6.0 machine it's worked like a charm. Once you get the hang of it, you can use the Flavours feature to cut down on post-jail configuration. As far as I know, you do need 1 IP per jail, which is aliased off the interface the jail is running under (check out the ifconfig_iface_alias example in /etc/defaults/rc.conf if you've not done this before). Hope that helps. Cheers, - -Wes -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBRAPdcorq8W17hxGfAQgTfw/8C9VAXS45AeNJQC8R1wQyqKgrke7PybrG X9vWjqiZXFPY/LGgx0Nlpc5IkZRK+M7GM4LBmF75/A09hMwj6DS82s89gQMfsC/1 TFrPJqmoDK1rDoMe1YMiCR2UcyvD7MEdWOQ9WMmrBK1vgPIBEybbhB+mQWz3tt1f vZr/wGh113xDDIJqmop7VPPs6AW2py6cpEvrV2NB3vi6YmkX9xBRU+fYQoyN1NPU pq1HwkqcyG9zbgqnC4L7vyvrmw8d4CpS0VCw6vjx7NY5ZGAWDcPqL+LRpf4X0OpH KI38jXQBTFJF9SIwVz0pPl/yp85kj0Js3BEmr+OmD3rbuyRZTbXyaxO9LiHiirvl ZTgeDoDZTx28b4glyV+QRXrk4h4ak/aJ2Pgp7BYIfaYhRppDCKncdGcseDazSQX1 H40Gqnb6DRdVlW4bC9wYdv8ekvVrkPiVWfr3caipi4brzUrewjL7aoMEdt8M+PD7 Kml/gDLWX8tioUhM666q3kvJPPgk9rGfwSRuPtarJ6SYKQbyN/YXb89AeB0wU1P+ ILxl1tvjw15nd32Po9xpuySMIJoEuPoJMTOrRfDEEiM8tj9bJf5HG4mLBPGqKpUi Ucxbp506LRIvGe9zOHz5rMgXl4UAbAZr7IDYlzjbfR6/wvIT6aNm6BBl6V0uWtBf 9P+dTHFEvZo= =iRN+ -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dovecot-1.0.alpha5 + mysql
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 fa wrote: Hi. Sorry if this is a wrong place to ask. I've just compiled dovecot-1.0.alpha5 with mysql support.from freebsd ports (FreeBSD 6.0-RELEASE). It looks like dovecot has problems connecting to mysql. In the log I'm getting: dovecot: Feb 24 16:57:41 Error: auth-worker(default): mysql: Connect failed to (null) (exim): Access denied for user 'root'@'localhost' (using password: YES) - waiting for 5 seconds before retry dovecot: Feb 24 16:57:41 Error: auth-worker(default): sql([EMAIL PROTECTED],127.0.0.1): Password query failed: Not connected to database dovecot: Feb 24 16:57:44 Info: pop3-login: Aborted login: user=[EMAIL PROTECTED], method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured This is my dovecot-mysql.conf: connect = host=localhost dbname=exim user=root password=qwer default_pass_scheme = PLAIN password_query = SELECT password FROM auth WHERE username = '%u' AND domain = '%d' http://www.dovecot.org/list/dovecot/2005-November/01.html Check this thread. If it's the same thing that happened to me, you have to use OLD_PASSWORD(), not PASSWORD() in MySQL (assuming you're using 5.0) to set your password that dovecot uses to connect. Cheers, - -Wes -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBQ/+cO4rq8W17hxGfAQhmIhAAmRpyrCY9731s7CKRtOvaOfExZiFekZRj 1S7YVz4op3BdHmhs5iydvhjLRaLSVYKKDRmubaPWOZbjDsAPdoAsPjyhOTHBTvuA vzRaiR2XFj8m77qhYDnzd031RZz7MPUCXYkxOXs5NBa5hRQSvaxWJOYDXO81/p4i wMUnyUaht974OurWaZaT56JIEg1AnJRY7wurx5Q1i6ZcNLBIkM39neVbkkI18rMS rFUbc2L2l27745ttKLW1xqX7dkkyAKW+M/cz2n3IDIjfa31cue5u4ddFS2RYMD+f 1sMt2M5UMsxwPlLpBdI7kZYw7j5nwVuoYlsSShbKKyZBoTCgDKHUomIiuYIjwkrP 3DB3DH1R+yUZcvrR92JDZ2t80QpzyM7gckRCR5ig7aQdNg667SaFhvrpOlbDw9JJ rfryHhtsK6mKqMd8J+y14PTGDzvUZTYF6UIhDJFEvJos+XBDeG7Co82ZlgH7MY/f /QZ0fTH6YOonfy5KY0UL+HUCv/VHwrSMpp/wZsLh1A7Y2xJC8yFsOKUIy42DkARH 2Yg4Z4GwxFRt7bUvcVeeutBQrVNLBf5/vOpq2SlGbJtzKPPhCAz7FIGAbw4qF2TE 1TLTPcDum/ugJeKRcv6/PaIIgvdHJ+ZU9Ydl2hmXMafI90e16RLO5XGjr0EJHTyF Lvk1CpyOxME= =nKqV -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
linux-expat fails to install
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello! I'm doing a general ports update using portmanager -u on my 6-STABLE box. This is from a portsnap updated today. Portmanager updated linux-base to 8.8.0_12, and is now trying to update linux-expat (no version change, just because it was built with an old dependency). However, during the install phase, I get this... === Installing for linux-expat-1.95.7 === linux-expat-1.95.7 depends on file: /compat/linux/etc/redhat-release - found /bin/rm -rf /usr/ports/textproc/linux-expat/work/expat-1.95.7/tmp /bin/mkdir -p /usr/ports/textproc/linux-expat/work/expat-1.95.7/tmp cd /usr/ports/textproc/linux-expat/work/expat-1.95.7/tmp; rpm2cpio /usr/ports/distfiles/rpm/expat-1.95.7-4.i386.rpm | /usr/bin/cpio -div; /usr/bin/find * -type f -o -type l /usr/ports/textproc/linux-expat/work/plist ./usr/bin/xmlwf ./usr/lib/libexpat.so.0 ./usr/lib/libexpat.so.0.5.0 ./usr/share/doc/expat-1.95.7 ./usr/share/doc/expat-1.95.7/COPYING ./usr/share/doc/expat-1.95.7/README ./usr/share/man/man1/xmlwf.1.gz 307 blocks echo @dirrm usr/share/doc/expat-1.95.7 /usr/ports/textproc/linux-expat/work/plist === Generating temporary packing list === Checking if textproc/linux-expat already installed expat-1.95.7-4.i386.rpm ELF binary type 3 not known. execution of expat-1.95.7-4 script failed, exit status 255 ELF binary type 3 not known. /compat/linux/sbin/ldconfig: 1: Syntax error: ( unexpected *** Error code 2 Stop in /usr/ports/textproc/linux-expat. *** Error code 1 Stop in /usr/ports/textproc/linux-expat. - restoring original port from backup MGPMrUpdate 0.4.1_4 command: #12 of 14!! ***Emergancy restore*** pkg_add /tmp/linux-expat-1.95.7.tgz Anyone know where I might find the script it's trying to run, or have any idea what's going on? First time I've ever seen anything like this happen. Cheers, - -Wes -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBQ+Q0R4rq8W17hxGfAQgrEw//UsSYWeWqguVosHQiZ+ngsEHJBQLfv9UZ bDHkbM27GXFzirQoGwpXCoKF7oBZzr9+P9MGLzoXOnao038rw1CQUE5l3g9vR7Qq aIL6uDBxYG1P41arNTyIm7PQ50ZvxU0nC8ok6KYS81/81bNmA84ZkbcPoxRxvyfX 6wvgBMAUeisPs7MR4FSgNGi4MfGRAmxnsRmV0n/4Sxax4ZQSpYx4jMl3GvyVDeMc jAYYXL9LRqlgN6Y3zW6g7+cfW9dAhaoJz/Zu9v4W64G5H1fmzipllNMDE5Y38e7E EGXCS7iFUyhD045FhPrHEXMb+RsLTJVGQdE94bzmjg/UQVtAtPqFC7yyhrAT7A5q 07K7lrSjnfv2xRT2/52HmK+yuMc5VOltL+6zBrNJpwQ52a4cuJqssfP5UkCmJ/dc Pu6gji4dh8bg1uhu1UI9s2qIteME+dG9gCtkMsfcp77KUp+Hwl4pC9KVpHW0P08b 1yPuxyXMGYpLiOCUmX2U22fXR4hK+N4canvuIZjtmRDu6N4lzRRrdZxswtrHV2/t Z72je1TqL9csTM+C+PQqqD7oOt90P2DZGTAoS4tx202w61ZpDwgrZH9ZIEAt5a3z q5IdIZIRacx/HhNhN/MOvgbQ4wwq4fThZ9+wTntwsFbxwQQPdG7IvrmeQSxSlqP6 Mxy9f8AK3A8= =ZwCW -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Gnome port forcing Apache 2.0 on me during install
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Greetings, I run Apache 1.3+ssl on a computer that I'm installing Gnome 2.12.2 via the meta-port in x11/gnome2. As part of that install, it builds and installs www/gnome-user-share. *That* port forces the www/apache20 port upon me. Since my version of Apache conflicts with the version it wants, portmanager dutifully uninstalls my version and installs 2.0 in an unconfigured state. Seems to me there should be some sort of warning, opt-out choice, or choice to pick a different http server (if gnome-user-share permits it) before doing this to a user. There are a lot of http servers listed and maintained in the ports tree. Are my only options to either suck it up and configure Apache 2.0 for my ~ machine, or ditch gnome-user-share and tell portmanager to never install it so I can run the web server I want? Cheers, - -Wes -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBQ6G2p4rq8W17hxGfAQh1Gg//VkWExdYQGrR4rKjHjaK6G8t7sxi5CNgL JTnq55ihSzK6PK40GuHn2UIhfXFm7kY3lst7GSkN2QxtyhHRRyOWM6Z3+pOm6G6q +L3RUmpqDtqJP5AeyIJcK7LPvgyRX2nRT1DEcbwNfxGWd5XVJhvK7pOASL+MElq7 xrjcBaaZgVuLXa0lv2fdd8EXiuE/xRGWPw0vTc/AdXJS4B/koa6iOVXism20g6ML 1uJMdHM3N+hvi5+NAPaKauDUDG2+DbmfDLBxJXS/S+Y24YrmCDYOSxlpgvW9os4L dyeChyCBL0TV75CIM+CuYp3oSXfIkFwHgzhFqEyDDkQj2GUR3G1o/yDoqObaYj5y 2/4N+7DLGeaMxwmGZLxIYvopyqmW/mAPnj2QuNlJLPQY6kywllwsBt0xi9ET18Qo Fof2vS8ptxbSNPNjNrcgikonyKe2tksOXv4ixOw3p4Ps6rY9ANJl1MkHZZ7ELhdd oigU9/P5bGNbT9EEvBOac6OaVuLyin0g/mZObA9xuNNnVyzQQCfNhRcwct5U/UkM v/45PMmayDHGMBG4NRgg6fOps5+JYNduZk2InEYyHYCO3DDZC0lrYh3comQVQ4iY 2SnCw+WQfo9xTpEOwMrxK+WTuF1IaQ2HNsyp7oVzYVfrMWMX91/n8Yj0A+teVS2w uUlwJypBMf4= =0eM8 -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Gnome port forcing Apache 2.0 on me during install
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Michael C. Shultz wrote: | On Thursday 15 December 2005 10:32, Wes Santee wrote: | |Greetings, | |I run Apache 1.3+ssl on a computer that I'm installing Gnome 2.12.2 via |the meta-port in x11/gnome2. As part of that install, it builds and |installs www/gnome-user-share. *That* port forces the www/apache20 port |upon me. |[snip] | | The only gnome port I can find that as that port as a dependency is | x11/gnome2-power-tools, not x11/gnome2. | | -Mike You're right. Originally when I installed Gnome2, I used the gnome2-lite meta-port. It lists other ports to install to get the more full featured Gnome. After I while I removed the gnome2-lite port and installed the gnome2 full port since I was slowly adding the add-on ports it mentioned anyway. I assumed the bits I had already added were part of the full port. Guess I can just delete the port and be done with it. That solution doesn't really address the larger issue of a port that will toss your HTTP server out without so much as a how-do-you-do, but at least I can go back to my known configuration easily enough. Cheers, - -Wes -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBQ6HHz4rq8W17hxGfAQhZjQ/9HDsPaj5efTxIG2LTXxIDgU/f1Zr47XKG /Z0rV+VJ5VLhNfNnwy67cFJ2OgriucgToY0BbN0KjWk+uvRPaLV8w2ca/UvHp6HX IY4VvfCyrx0QIpjKHhB4aCBjcHy8zvWCnvNlUriUzM26dnZ38Vs2gvKgkcBPmVwH 9GvqX/dPk5r0MnOA8FlfszWFfuLvLZFUTBbd3ZxCE7HlFa4JdhWLm5oC50KqG1Wt +PzIjwundw3HLr/v9SaVEP1KYngpFQbL9e0VzxXEv1L+1GEwQpv2zeNs9yU/qUzK ny/tH7L80XZ36n/pNPwfMTmPDIJY4IR9GcWI1RUmHFrdf7h3OglA79Ucdf+JTLpT UJt05cqW4wtVcyqnWzYY6rgul4ehCD79+OOiZEJwq6xBbsAZtkuLg0G4p6dsrOKp RLqJ3XylIzxFQK6JvXfs2lPFkygxk40iq31+cOU0z/cfM9Z27+LoXy8A8ct7SjDE OiV9etK5I6q8nXCKfRxzHGl+fvfhIdjltKpaqxdj2PBFhl7UkE88azgElscxw5QD HTMLCj0eJQB+h4xFd4BV4QduZZFnng3P2ArtDAEA9Eg3BPa5JwnktpnXo4UYsdRP 4p6XcUL03xztxce7xqzfLBEMujSkvkoUH+gEK0omiRYcbk18MyFWCeW2ZCMVWIGN HZKDvlqpdMA= =752p -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Portmanager 0.3.9 asserting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Just updated to portmanager 0.3.9 from 0.3.7 and now every command (except --help) is causing an assert: $ sudo portmanager --version rParseCommandLine 0.3.9_1 $ sudo portmanager --status MGdbRead error: unable to open file /usr/local/share/portmanager/pkgtools.db system message: No such file or directory Assertion failed: (0), function MGdbRead, file MGdbRead.c, line 65. Abort trap: 6 (core dumped) Sure enough, there is no pkgtools.db. Since this doesn't get installed with the port, I'm assuming it's supposed to be dynamically created. Just using the default pm-020.conf file installed with the updated port: $ sudo cp pm-020.conf.SAMPLE pm-020.conf Anyone else having problems? I'm on 6.0-RELEASE, BTW. Cheers, - -Wes -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBQ4fNLYrq8W17hxGfAQj/lw//R/AzvgyR1xaxCq8j6jaJqxQeq+X1SEL9 YgV3FXkcZC9SmqWbWaFxRBfsXJ1w9h516Y0wIUOMANme+Ee5Vx8AQ6w/AxP9O88+ pyAaUEKSjrub43m0krPL9hW6gELg8K1KqxKopbVNxdELg8d46WVTXSNnwR+NIR1a cWqu9CmNpjlKHdmj+Ub4X6K7z85H9/t3elECn+fqBC2iNgrD1PPrmhi9+S0Jm9SR dGBt1PNv4GhTFfbGLXC/xeHnPrlAnBvgGBIoA2NE5Hull6KWNJ7febXkyAn3Vie2 B5jLNA9tX1bCvSPwOgbSOCTOG5T+Qri8LPC//JjMtSy0lVwNJiXH/YLBqThIlODA 3QFeFDanITVIoHVLLjbhCey11SixJskqryWXQyB+vZi7MVTTeYYx9Jbrr0ww1gpd 061w3EiRQwwoVTM6RlbyDC4SjEkK3ljaRTPJ14qivHgouO7lAPlBE+nuNJvuVS3C HA1T4TqmmZino2fvlwAe3Ld43pWPcZW5t9Kt9KZb20uLMgYW27PH62m+wSGPGlYl F2FBNjKhbZfWNFaxGA0bjxC3EPbmPI4ggub1189EEz7cXGViGy65ldvd73TvIzn4 i2OAE1saEdCAsj7QrfQSnJ/muFHdx7q1lu+OtpWrQVDOB90rYWZkYAiVV1ENRC9c LZ4j0RDyLl8= =+oq0 -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Removing pre-6.0 libraries
Greetings! I've done a buildworld/kernel/installworld/mergemaster update from 5.4-STABLE to 6.0-RELEASE. Everything went without a hitch. I'm in the process of completely rebuilding all my installed ports (portmanager -u -f). After that, I'll be removing 'options COMPAT_FREEBSD5' from my kernel. Once that is done, is there a command or some other way to remove all the 5.x compatibility libraries from /usr/lib and other places? Is there anything else I'll need to do to make sure I'm not still dependent on 5.x libraries? Cheers, -Wes ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Removing pre-6.0 libraries
dick hoogendijk wrote: On Sat, 12 Nov 2005 12:35:51 -0800 Wes Santee [EMAIL PROTECTED] wrote: I'm in the process of completely rebuilding all my installed ports (portmanager -u -f). After that, I'll be removing 'options COMPAT_FREEBSD5' from my kernel. Is there anything else I'll need to do to make sure I'm not still dependent on 5.x libraries? [snip example] And this is just one example. So, afaik, you can't be sure you don't need compat5x Maybe it's not a bad idea to leave the compat5x option alone (?). Looks like my attempt to be concise ending up being too terse. :) I have no software on my system that I cannot rebuild from sources. If I were to acquire such software, I'd rather have to add the compat libs as as port (and re-add the options flag to the kernel) then have them as legacy libs hanging around after an upgrade. That does give me an idea, however. I can probably use the contents of the compat5 port to find out what libs are specific to that version. Cheers, -Wes ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
LAN unreachable after 5.3 install
Greetings all, I've just completed update from 4.9 to 5.3 and so far not much is working. I went the format and install route to minimize incompatibilities. After the install, the first thing I wanted to do was get my network up and running. I've got a pretty standard setup: LAN on one NIC, PPPoE Internet on the other NIC with NAT addressing. Ignore the PPPoE and gateway side of things for a bit, my problem is that after install, I can't see my LAN. From the FreeBSD box I try this: ping -S 10.0.0.1 10.0.0.254 but none of the pings are responded to. From 10.0.0.254, I try pinging 10.0.0.1, but the result is the same. Okay, here is the WEIRD part: When I run tcpdump to see what's going on, all of a sudden everything starts working! It's as if going into promiscuous mode shuts off some kind of block that I can't figure out. When I kill tcpdump, it goes back to not working again. Any ideas what is causing this or how to fix it? I strolled through the install notes, but I don't even know what I'm looking for. That makes searching the mailing list archives difficult also. Cheers, -Wes ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: LAN unreachable after 5.3 install
On Mon, 15 Nov 2004 12:39:49 +, Josh Paetzel [EMAIL PROTECTED] wrote: On Monday 15 November 2004 18:22, Wes Santee wrote: my problem is that after install, I can't see my LAN. From the FreeBSD box I try this: ping -S 10.0.0.1 10.0.0.254 but none of the pings are responded to. From 10.0.0.254, I try pinging 10.0.0.1, but the result is the same. Okay, here is the WEIRD part: When I run tcpdump to see what's going on, all of a sudden everything starts working! It's as if going into promiscuous mode shuts off some kind of block that I can't figure out. When I kill tcpdump, it goes back to not working again. The output of ifconfig may be useful in tracking down your problem Sure, here it is. xl1 is the LAN interface, tun0-xl0 is the PPPoE interface: [EMAIL PROTECTED]:/etc] 7 $ ifconfig -a xl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=8VLAN_MTU ether 00:60:97:a7:c9:01 media: Ethernet autoselect (100baseTX full-duplex) status: active xl1: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 options=9RXCSUM,VLAN_MTU inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255 ether 00:10:5a:9a:11:8c media: Ethernet autoselect (100baseTX full-duplex) status: active lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff00 tun0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1492 inet 216.113.200.107 -- 216.113.192.225 netmask 0x Opened by PID 1895 Notice there are no IPv6 configurations. I put net.inet6.ip6.auto_linklocal=0 in /etc/sysctl.conf as part of a troubleshooting test to get PPPoE to work(*). I left it in after I got PPPoE working because I don't use IPv6, but removing options INET6 from the kernel makes pf, ipfilter, and ipfw klds complain loudly. Cheers, -Wes (*) Long story. It took over 8 hours to get the PPPoE connection working after the install. tcpdump would segfault during the PPP handshaking do I couldn't even figure out what was going on. I finally got it to work by putting disable ipv6cp in my ppp.conf file. Otherwise it would sit and wait for carrier forever after the first attempt. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [SOLVED] LAN unreachable after 5.3 install
On Mon, 15 Nov 2004 11:02:11 -0800, Wes Santee [EMAIL PROTECTED] wrote: On Mon, 15 Nov 2004 12:39:49 +, Josh Paetzel [EMAIL PROTECTED] wrote: On Monday 15 November 2004 18:22, Wes Santee wrote: my problem is that after install, I can't see my LAN. From the FreeBSD box I try this: ping -S 10.0.0.1 10.0.0.254 but none of the pings are responded to. From 10.0.0.254, I try pinging 10.0.0.1, but the result is the same. Okay, here is the WEIRD part: When I run tcpdump to see what's going on, all of a sudden everything starts working! It's as if going into promiscuous mode shuts off some kind of block that I can't figure out. When I kill tcpdump, it goes back to not working again. The output of ifconfig may be useful in tracking down your problem Sure, here it is. xl1 is the LAN interface, tun0-xl0 is the PPPoE interface: [EMAIL PROTECTED]:/etc] 7 $ ifconfig -a xl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=8VLAN_MTU ether 00:60:97:a7:c9:01 media: Ethernet autoselect (100baseTX full-duplex) status: active xl1: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 options=9RXCSUM,VLAN_MTU inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255 ether 00:10:5a:9a:11:8c media: Ethernet autoselect (100baseTX full-duplex) status: active lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff00 tun0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1492 inet 216.113.200.107 -- 216.113.192.225 netmask 0x Opened by PID 1895 Well, I've solved this, kind of. I noticed that hosts on my LAN had no problems pinging each other. Only pinging 10.0.0.1 or originating a ping from 10.0.0.1 would fail. Then I swapped the interfaces (made xl0 internal, and xl1 the PPPoE interface). The problem swapped with it. Now I could see my LAN (ping from 10.0.0.1 to all LAN hosts, and vice versa), but I couldn't connect to my ISP. I din't really suspect the card as it did work if I did the tcpdump trick. So then I thought it might be some weird IRQ/PCI conflict and took out an unused PCI card (SB Live), and moved the NICs so they wouldn't be sharing IRQs. This didn't solve the problem either. You notice that PROMISC in the flags for xl1 above? That's because I took the ifconfig while tcpdump was running on that interface. As a desperation move, I just tacked promisc on to the end of the interface configuration in rc.conf and rebooted. Now everything works fine. I don't know why, but the interface must be in promiscious mode to work. It worked fine as is on my FreeBSD 4.9 machine, so I really have no idea what's up. A look at dmesg shows this: xl0: 3Com 3c905-TX Fast Etherlink XL port 0xa400-0xa43f irq 15 at device 10.0 on pci0 xl1: 3Com 3c905B-TX Fast Etherlink XL port 0xa000-0xa07f mem 0xdd80-0xdd80 007f irq 10 at device 11.0 on pci0 Any clues here as to what might be up? Perhaps this is something to do with the RXCSUM flag? Maybe I should turn it off? I don't really want to continue blindly trying things without some idea of what I'm trying to affect. If anyone has any other intellegent ideas, I'm all ears. If not, I'll leave it as is. Cheers, -Wes ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to make bind listen only to 127.0.0.1
On Mon, Jan 06, 2003 at 11:20:53PM +0100, Wiroth Didier wrote: Hey, I would like to run bind as a caching only server (v 8.3.3 from 4.7-release). I would also like that it only listens on port 127.0.0.1, but how? I tried this entry in named.conf, but it didn't work: query-source address 127.0.0.1 port 53; It still listens on the real ip address? sockstat -4 shows: root named 296 20 udp4 192.168.0.2:53 root named 296 21 tcp4 192.168.0.2:53 root named 296 22 udp4 127.0.0.1:53 What do I have to change so it named only listens to 127.0.0.1? 'man named.conf', and look for the 'listen-on' directive. options { // Your options listen-on { 127.0.0.1; }; }; // Other BIND directives Cheers, -Wes To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message