RE: My jail can not ssh..
-Original Message- From: Pat Lashley [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 16, 2003 11:18 To: [EMAIL PROTECTED]; maillist bsd Cc: [EMAIL PROTECTED] Subject: Re: My jail can not ssh.. --On Tuesday, September 16, 2003 09:07:15 +0100 Matthew Seaman [EMAIL PROTECTED] wrote: On Tue, Sep 16, 2003 at 04:16:31AM +0800, maillist bsd wrote: I am just testing jail on my FreeBSD4.8-stable box, i found i can not ssh to the jail environment, but i can telnet to jail environment, the sshd is running both inside and outside jail. What's the problem. I suspect that your problem is that the sshd(8) in your host and jail environments are both binding to IN_ADDR_ANY. That means both daemons are fighting over the loopback interface (at least). Another subtle thing that can cause problem is if the jailed SSH can't do DNS resolution. Telnet in and run your favorite DNS query app (host, dnsip, dig, nslookup, etc.). If it fails, check resolv.conf in the jail; and check the access controls on your name server And yet another problem is that ssh needs /dev/[u]random. Try mounting devfs in the jail's /dev and see if it works for you. The error message is something along the line of PRNG not initialized. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Binding MAC to IP Statically
-Original Message-
From: Chuck Swiger [mailto:[EMAIL PROTECTED]
Sent: Sunday, September 07, 2003 23:10
To: Colin Watson
Cc: [EMAIL PROTECTED]
Subject: Re: Binding MAC to IP Statically
Colin Watson wrote:
[ ...rewrapped to 80-columns... ]
Any way to bind a MAC address statically to an IP?. I wish
to do this to
prevent a user from changing his IP address on the subnet,
so if he does he
can't pass traffic. I have experimented with ipfw, but I
can't quite see how
I could accomplish the binding of a IP statically to a
nic's MAC. Any ideas
be appericated.
IPFW2 lets you perform firewall actions on a MAC address,
rather than an IP.
You can configure a DHCP server to staticly allocate an IP
address to that
machine via something like this in {/usr/local}/etc/dhcpd.conf:
host pi.codefab.com {
hardware ethernet 00:00:00:00:00:00;
fixed-address 66.234.138.67;
}
Look for static arp. The basic idea is that you tell your
interface to not use arp (see ifconfig(8) -arp) and give
it a static binding of MAC addresses to IP addresses
(see arp(8) -f).
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Binding MAC to IP Statically
-Original Message-
From: Timur [mailto:[EMAIL PROTECTED]
Sent: Monday, September 08, 2003 12:34
To: Yonatan Bokovza
Cc: [EMAIL PROTECTED]
Subject: Re: Binding MAC to IP Statically
On Mon, Sep 08, 2003 at 12:07:33PM +0300, Yonatan Bokovza wrote:
-Original Message-
From: Chuck Swiger [mailto:[EMAIL PROTECTED]
Sent: Sunday, September 07, 2003 23:10
To: Colin Watson
Cc: [EMAIL PROTECTED]
Subject: Re: Binding MAC to IP Statically
Colin Watson wrote:
[ ...rewrapped to 80-columns... ]
Any way to bind a MAC address statically to an IP?. I wish
to do this to
prevent a user from changing his IP address on the subnet,
so if he does he
can't pass traffic. I have experimented with ipfw, but I
can't quite see how
I could accomplish the binding of a IP statically to a
nic's MAC. Any ideas
be appericated.
IPFW2 lets you perform firewall actions on a MAC address,
rather than an IP.
You can configure a DHCP server to staticly allocate an IP
address to that
machine via something like this in {/usr/local}/etc/dhcpd.conf:
host pi.codefab.com {
hardware ethernet 00:00:00:00:00:00;
fixed-address 66.234.138.67;
}
Look for static arp. The basic idea is that you tell your
interface to not use arp (see ifconfig(8) -arp) and give
it a static binding of MAC addresses to IP addresses
(see arp(8) -f).
This solves the problem, but creates another one - your clients must
statically bound MAC address of your router (default gateway) to IP
address.
Correct. It is best for small, unchanging networks. DMZ for example.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: I need to control a bunch of files.
-Original Message- From: Mark Terribile [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 21:33 To: [EMAIL PROTECTED] Subject: Re: I need to control a bunch of files. Vitali Malicky writes I need to control a bunch of files. As soon as any of these files changes it should be immediately rechecked and correct chmod and chown reset on this file(s). I'd like them to be controlled by a process which would monitor any possible changes in these files and would do the job upon the event. If it's a local file system, you may be able to do it with the kqueue(2)/kevent(2) mechanism. and check out ports/sysutils/wait_on. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Problem Tuning Maxsockets
-Original Message- From: Company 2210 [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 02, 2003 14:49 To: [EMAIL PROTECTED] Subject: Problem Tuning Maxsockets I am trying to alter the number of maxsockets allocated from the default of 2022 to 8192 on a FreeBSD 4.8 box. However, when I try to perform this operation via sysctl I'm informed the oid (kern.ipc.maxsockets) is read only. Does this mean I need to recompile the kernel? I've tried 'options MAXSOCKETS=8192' in a kernel recompile - but that was rejected by the inital parse, so either the option is different to the sysctl name or their is another way to do this? Could someone shed some light? according to init_maxsockets in sys/kern/uips_socket2.c you should recompile your kernel with a different NMBCLUSTERS. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: tcp keepalive?
-Original Message- From: Daniel Nielsen [mailto:[EMAIL PROTECTED] Sent: Sunday, August 10, 2003 16:04 To: [EMAIL PROTECTED] Subject: tcp keepalive? Hi. I'm behind a NAT (over which I have no control), And it seems to kill idle tcp connections quite fast. Is there anyway to make freeBSD 5.1 send tcp keepalives with smaller intervals? It was possible in linux with sysctl net/ipv4/tcp_keepalive_time=300... In freeBSD I have not been able to locate the equivalent option. Any help is appreciated. net.inet.tcp.keepintvl more info at src/sys/netinet/tcp_timer.c ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: KDE startup slow
-Original Message- From: Paul Everlund [mailto:[EMAIL PROTECTED] Sent: Monday, March 31, 2003 15:20 To: [EMAIL PROTECTED] Subject: KDE startup slow Hi all! After I got ADSL for my FreeBSD box the startup of KDE takes very long time. It stops at Initializing System Services, then after a while the splash screen disappears, and after some more waiting (about two minutes) the Desktop appears. It almost looks like a DNS query timeout, but I'm not sure, as I really do not know what Initializing System Services actually do. Do anyone know? Please open another terminal and use tcpdump to sniff your local interface (lo0). Do you see packets to port 111 ? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: [OT] file synchronization between two machines
-Original Message- From: Doug Hardie [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 25, 2003 18:10 To: [EMAIL PROTECTED] Subject: Re: [OT] file synchronization between two machines On Tuesday, Mar 25, 2003, at 08:01 US/Pacific, Louis LeBlanc wrote: Hey all. Sorry for the OT question, but here goes. Anyone know of a tool or method that can check the last modification date of two files under these conditions and keep them in sync? I've never tried this, but you might give rsync with the -u option a try (test it first on unimportant files). I believe you would need to run it on both machines as it would only update in one direction. rsync (from ports/net/rsync) does not need a peer on the other side. You can think of is as a clever scp- you can copy to/from one server to/from another server, only rsync can sync files on the block level, so it's supposed to be more efficient than merely copying the files over. For your case, I'd say run a cron job at the firewalled machine to rsync the files over to the other one. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: [OT] file synchronization between two machines
-Original Message- From: Louis LeBlanc [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 25, 2003 18:57 To: [EMAIL PROTECTED] Subject: Re: [OT] file synchronization between two machines On 03/25/03 06:40 PM, Yonatan Bokovza sat at the `puter and typed: On Tuesday, Mar 25, 2003, at 08:01 US/Pacific, Louis LeBlanc wrote: Hey all. Sorry for the OT question, but here goes. Anyone know of a tool or method that can check the last modification date of two files under these conditions and keep them in sync? I've never tried this, but you might give rsync with the -u option a try (test it first on unimportant files). I believe you would need to run it on both machines as it would only update in one direction. rsync (from ports/net/rsync) does not need a peer on the other side. You can think of is as a clever scp- you can copy to/from one server to/from another server, only rsync can sync files on the block level, so it's supposed to be more efficient than merely copying the files over. For your case, I'd say run a cron job at the firewalled machine to rsync the files over to the other one. That sounds right, but what if the file last changed on the remote machine? Will rsync copy the newer remote copy to the local machine when necessary and copy the newer local copy to the remote machine when necessary? This is the problem, really. Running rsync on both machines won't do any good, because the remote machine can't come thru the firewall. I had already thought of another recommendation to use CVS, but that wouldn't work because the files are M$ Word (eww). Read it's man page: http://www.freebsd.org/cgi/man.cgi?query=rsyncapropos=0sektion=0manpath=FreeBSD+Ports+4.7-RELEASEformat=html you can do this at the firewalled machine (examples only, not real commands) : rsync -u [EMAIL PROTECTED]:file file rsync -u file [EMAIL PROTECTED]:file This will guarantee that file is the same on both machines. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: help with firewall log message
-Original Message- From: Darryl Hoar [mailto:[EMAIL PROTECTED] Sent: Monday, March 24, 2003 17:35 To: [EMAIL PROTECTED] Subject: help with firewall log message Greetings, snip what does it mean ? Also, is there a good reference that would allow a user to break down the message and understand it ? /usr/share/examples/ipfilter/ipf-howto.txt To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: Security Report
-Original Message- From: Rus Foster [mailto:[EMAIL PROTECTED]] Sent: Monday, January 13, 2003 13:17 To: [EMAIL PROTECTED] Subject: Security Report Hi, Is it my imagination or should FreeBSD automatically make run a cron job to generate a security report? If so does anyone have the cron line? daily_status_security_enable=YES is the default, from /etc/defaults/periodic.conf. If you didn't change that in /etc/periodic.conf it should run as a part of the periodic daily. The periodic daily line in /etc/crontab is (by default): 1 3 * * * rootperiodic daily To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: O T Longest uptime ever recorded ?
-Original Message- From: faisal gillani [mailto:[EMAIL PROTECTED]] Sent: Sunday, December 08, 2002 13:15 To: [EMAIL PROTECTED] Subject: O T Longest uptime ever recorded ? Hello there Can anyone tell me is there any sort of record in the histroy of servers wat is the longest uptime of the server ever recorded ? http://uptime.netcraft.com/up/today/top.avg.html To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: spoof mac address
-Original Message- From: Brian Henning [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 19:41 To: [EMAIL PROTECTED] Subject: spoof mac address Hello, I want to be able to spoof a mac address of a nic in my machine so i can run a router(bsd) parralel to my router (LRP). The reason i want to spoof the mac address is because i don't want to call my isp and have them change my mac address. can someone tell me where to look or howto spoof a mac address in bsd? man ifconfig To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: Easter Eggs
-Original Message- From: Stijn Hoop [mailto:stijn;win.tue.nl] Sent: Thursday, November 07, 2002 13:22 To: Ceri Davies Cc: Lord Raiden; [EMAIL PROTECTED] Subject: Re: Easter Eggs On Thu, Nov 07, 2002 at 10:02:49AM +, Ceri Davies wrote: On Thu, Nov 07, 2002 at 02:13:40AM -0500, Lord Raiden wrote: This might sound like a silly question, but does Freebsd or any of it's component programs have known easter eggs? Just curious. :) The binaries don't, although there is some level of amusement to be found in the source code, fsvo amusement. I was alerted yesterday (from a post here on -questions iirc) to the aptly named void die_you_gravy_sucking_pig_dog(); in /usr/src/usr/sbin/shutdown.c on -STABLE. This got a chuckle out of me :) More 'jokes' are certainly to be found somewhere within /usr/src -- got any pointers? A small amount of funnyness lies in the man pages too: http://www.freebsd.org/cgi/man.cgi?query=ntpdate To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: Bad checksums on NIC packests
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 01, 2002 09:54 To: [EMAIL PROTECTED] Subject: Bad checksums on NIC packests Hello, snip 08:59:40.863411 ozlerplastik.com.telnet ertank.1700: P [bad tcp cksum a310!] 1:28(27) ack 0 win 65535 (DF) [tos 0x10] (ttl 64, id 57149, len 67, bad cksum 0!) snip Did you, perhaps, set CFLAGS to O2 in /etc/make.conf, like they say you shouldn't ? This really should be in the FAQ. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: Upgrading to ipfw2?
-Original Message- From: Michael [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 26, 2002 00:35 To: [EMAIL PROTECTED] Subject: Upgrading to ipfw2? Could anyone explain or direct me to any procedures for upgrading to ipfw2? Assuming you already have options IPFW in your kernel, your world, kernel and sources are synced, and that you run i386: Lines may be broken: echo options IPFW2 /usr/src/sys/i386/conf/MYKERN cd /usr/src/sbin/ipfw make -DIPFW2 all make -DIPFW2 install cd /usr/src/lib/libalias make -DIPFW2 all make -DIPFW2 install cd /usr/src make kernel KERCONF=MYKERN reboot. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
