Re: Vexing IPF problem
On Fri, 17 Jun 2005 08:12:45 -0700 (PDT) DH [EMAIL PROTECTED] wrote: I'm having a problem with IPF blocking packets that appear should be let through. I've sent quite a bit of time going through the Handbook, man pages, etc I must be missing something so any help is greatly appriciated. uname -a freebsd 4.11-release #0 SMP kernel, dual PIII processor, 512 MB ECC RAM, SCSI HDs execerpt from rule set: Kernel compiled with default allow until I finish getting the ruleset rewritten. Rule #1 block in log from any to any pass in quick on lo0 pass out quick on lo0 block in log quick on fxp0 from any to any with ipopts block in log quick proto tcp from any to any with short ... pass in log first proto tcp from any to any port = 80 flags S keep state pass in log first proto tcp from any port = 80 to any flags S keep state pass out log first proto tcp from any to any port = 80 flags S keep state netstat -m = 129/576/16384 9% of mb_map in use Proxy Server - Squid 2.5.stable10 The behavior I'm seeing is out going connections to websites on port 80 are being passed but the in bound traffic is being blocked. The ipflog entries look like this: my ip = s theirs = d @0:390 p s.s.s.s,3601 - d.d.d.d,80 PR tcp len 20 60 -S K-S OUT @0:1 b d.d.d.d,80 - s.s.s.s,3601 PR tcp len 20 43 -AR IN Thanks in advance to those giving their time to lend a hand, I know you time is valuable. Please CC my address in your reply. David Hutchens III Network Technician - Yahoo! Sports Rekindle the Rivalries. Sign up for Fantasy Football ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Any reason you avoid 'quick' keywords in rules around 390 ? Also, from my vague memory 'first' should not be necessary with 'quick'. horio shoichi ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NFS freeze
On Thu, 12 May 2005 22:03:40 -0500 Kelly D. Grills [EMAIL PROTECTED] wrote: On Fri, May 13, 2005 at 02:52:52AM +0200, Pietro Cerutti wrote: Kelly D. Grills wrote: Have a look at section 23.3.5 of the handbook. -r=1024 cured my problems. Thank you, this solves the problem when mounting manually. What if I used amd to automatically mount the NFS share? I didn't find how to set mount specific options in amd. Well, I've no experience with amd. I took a quick look at amd.conf(5), the selectors_on_default parameter looks like it may be relevant. -- Kelly D. Grills [EMAIL PROTECTED] An excerpt from /usr/src/contrib/amd/doc/am-utils.texi: For example, if the default options specified were @example opts:=rw,nosuid,intr,rsize=1024,wsize=1024,quota,posix @end example You get the idea how to set rsize into opts:=. horio shoichi ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS issue
On Sun, 10 Oct 2004 12:55:06 -1000 William Bierman [EMAIL PROTECTED] wrote: Hello. I have searched the archives for this, to no avail. I am attempting to setup an NIS domain. I have followed the steps in the handbook, and have succesfully setup my master and clients (I have no slave server, as this is a small domain). The relevant information is propogated correctly to all slave servers, with the exception of master.passwd. This contains very old information. I do have * in my /etc/master.passwd file on each client machine. /var/yp/master.passwd is chmod 600 on the master machine Can anyone shed some light on this issue? Thanks, Bill ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Be hot on typo. My case : % sudo tail -1 /etc/ma*d +: % sudo tail -1 /etc/ma*d|wc -c 11 % As you see, nine colons are necessary after plus. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to begin ???
On Wed, 29 Sep 2004 23:42:01 +0100 Mike Woods [EMAIL PROTECTED] wrote: Bill Moran wrote: If you're looking to start understanding the FreeBSD codebase, probably the best thing for you to do is buy and read _The_Design_and_Implementation_ _of_FreeBSD_. It seems the register have a special offer on that very book atm :) http://www.pearsoned.co.uk/bookshop/detail.asp?affid=TREt=59item=210066 Mike Woods IT Technician ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Looks like Amazon is the winner this time. E.g., Bookpool: List Price: $59.99 Our Price: $41.95 You Save: $18.04 (30% Off) Amazon: List Price: $59.99 Price: $40.79 This item ships for FREE with Super Saver Shipping. You Save: $19.20 (32%) horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Netscape navigator for FreeBSD5.1
On Thu, 23 Sep 2004 15:29:49 -0700 Virupaksh Honnur [EMAIL PROTECTED] wrote: Hello, I have a PC installed with FreeBSD5.1 and I would like to install netscape on it but can't find a suitable netscape version that can run on FreeBSD5.1. I downloaded communicator-v476-us.x86-unknown-freebsd.tar.gz and installed this version but when I execute this it gives a exec format error. I am wondering which would be the compatible version of netscape on FreeBSD5.1 and from where I can download. (I spent some time on Google for this but no help!). Thanks, -Viru ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] You have a plenty of them. % ls -d /usr/ports/www/netscape* /usr/ports/www/netscape-remote /usr/ports/www/netscape48-communicator /usr/ports/www/netscape-wrapper/usr/ports/www/netscape48-navigator /usr/ports/www/netscape47-communicator /usr/ports/www/netscape7 /usr/ports/www/netscape47-navigator % As far as I see none of them has OS version dependency. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IP Firewall blocks cvsup
On Sun, 19 Sep 2004 06:45:28 -0700 Rob [EMAIL PROTECTED] wrote: Seems to work with everything else incl. ftp. What am I doing wrong? Thanks, Rob. block in log all pass out all pass out on lo all pass in on lo all pass out quick on bfe0 proto tcp/udp from any to any port 1024 For quick answer, replace above line with: pass out quick on bfe0 proto tcp/udp from any to any port 1024 keep state pass in quick on bfe0 proto icmp all icmp-type 0 pass in quick on bfe0 proto icmp all icmp-type 3 pass in quick on bfe0 proto icmp all icmp-type 11 block in on bfe0 proto tcp all flags S/SA block out on bfe0 proto tcp all flags SA/SA pass in quick on bfe0 proto tcp from any to any port = 22 flags S/SA keep state pass in quick on bfe0 proto tcp from any to any port = 25 flags S/SA keep state pass out on bfe0 proto tcp all keep state I don't think this line makes tcp connections below stateful. You must write down keep state phrase on every tcp (and udp, icmp) line you write. block return-rst in on bfe0 proto tcp from any to any port = 113 pass in on bfe0 proto tcp/udp from any port = 53 to any pass in on bfe0 proto tcp/udp from any port = 67 to any pass out on bfe0 proto tcp/udp from any port = 68 to any pass in on bfe0 proto tcp from any port = 80 to any Or, add the following line here: pass in on bfe0 proto tcp from any port = 5999 to any horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Resolution problems
On Mon, 20 Sep 2004 14:17:12 -0600 Tom Connolly [EMAIL PROTECTED] wrote: Hello list, I am currently running 4.10 with the latest version of xfree86. My video card is an integrated ATI Rage Pro and I can't seem to get resolutions above 800 X 600 (at least I think that's what it is). I want 1280 x 1024 and I'm sure the hardware is capable of this. I am using the generic ATI driver. Could this be my problem? Any help would be greatly appreciated. Thank you, Thomas ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Not the answers but hints for display resolution problems. Google with 'VideoModes.doc' ; will lead you to Eric Raymond's famous tutorial. If that's not enough google with 'Eric Raymond diplay resolution' ; same but with more examples. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to tell source code versions?
On Fri, 10 Sep 2004 23:07:39 -0400 rob gabaree [EMAIL PROTECTED] wrote: hi guys: im pretty new and just recompiled my kernel with cvsup (using src-all) and uname -a prints: FreeBSD xxx 4.10-RELEASE-p2 FreeBSD 4.10-RELEASE-p2 #1: Fri Sep 10 18:01:49 EST 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/XCAGE2 i386 i used the RELENG_4_10 tag to do this, but im wondering if someone could tell me where to go to find out the latest source code, ex the above was -RELEASE-p2.. is p2 the latest? where can i find the latest info so i know i ahve the most up to date one? thanks -- robg [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Yes, it appears so, as far as 4.10-RELEASE concerns. Assuming you have setenv CVSROOT /somewhere, where /somewhere has tolerably recent cvs repository, % cd /tmp % cvs get -r RELENG_4_10 src/sys/conf/newvers.sys U src/sys/conf/newvers.sh % ls -l src/sys/conf/newvers.sh -rw-r--r-- 1 horio wheel 3400 Jul 1 02:33 src/sys/conf/newvers.sh % grep ^BRANCH src/sys/conf/newvers.sys BRANCH=RELEASE-p2 % horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: named[353]: sysquery: no addrs found for root NS ..........
On Tue, 7 Sep 2004 14:24:37 +0300 Toomas Aas [EMAIL PROTECTED] wrote: Hi! From time to time I get this: Sep 7 12:57:44 it named[353]: sysquery: no addrs found for root NS (d.root-servers.net) Sep 7 12:57:44 it named[353]: sysquery: no addrs found for root NS (a.root-servers.net) Sep 7 12:57:44 it named[353]: sysquery: no addrs found for root NS (c.root-servers.net) Sep 7 12:57:45 it named[353]: sysquery: no addrs found for root NS (h.root-servers.net) Sep 7 12:57:45 it named[353]: sysquery: no addrs found for root NS (f.root-servers.net) Sep 7 12:57:45 it named[353]: sysquery: no addrs found for root NS (b.root-servers.net) This problem plagued me for a long time on several FreeBSD 4 servers running BIND 8 from the base system. Google finds numerous discussions on this problem in various lists/newsgroups but a solution is rarely offered. Finally, I found someone's theory in a NetBSD (or was it OpenBSD) forum. I can't tell whether it is true or not, but it makes sense to me. If your BIND is configured to use a forwarder and this forwarder is really good then BIND (almost) never needs to contact the root servers. The root zone times out in memory and it is not reloaded from disk. It is only loaded when BIND is started. Thus, if your BIND finally needs to contact a root name server after a long time of getting all responses from forwarder, it turns out that the data for root zone is not available... Now, as I said, I cannot tell whether this theory is true or not. What I can say is that on all 4 machines where I run BIND I configured one of two workarounds: - use forward only so you *never* need to check the root zone - do not use forwarders at all so you check the root zone fairly frequently. I did this almost a year ago, and after that I never have had this problem again. HTH. -- Toomas Aas | [EMAIL PROTECTED] | http://www.raad.tartu.ee/~toomas/ * Press any key to continue or any other key to quit. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Hmm, then the easiest cure against OP's would be periodically (say, per week) requesting purposely wrong request (e.g., nslookup example.heh) ? horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 3Com Etherlink III ISA support [was Question]
On Mon, 30 Aug 2004 19:28:03 -0700 (PDT) stheg olloydson [EMAIL PROTECTED] wrote: it was said: the version of FreeBsd that i've tried does not support the network card i have on the computer which is a 3Com Etherlink III ISA (3C509b-TPO) in PnP mode i would like to know which versions of FreeBsd supports this network card. Assuming you are going to use i386 machine.. The interface is supported by many versions. See it yourself from http://www.freebsd.org/releases/index.html. In my experience, (the last version I used was on 4.4-STABLE), pnp mode never worked for me. As others say, I had to configure them with dos. Hello, (snip) [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: compiling openoffice
On Fri, 27 Aug 2004 16:56:21 -0400 Osmany Guirola Cruz [EMAIL PROTECTED] wrote: is it posible compile openoffice without install java i do this %make WITHOUT_JAVA=yes but the port still try to download tha java files apache-ant etc etc etc i can not download the java files due to restrictions of Sun with my domain .cu what can i do binaries of openoffice does not work because i have 5.3 beta xorg what should i do ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] 1. Don't hijack unrelated thread. 2. You should have told us exactly what you did. What you typed, what you see on screen, the content of related files, etc. Now, if my guess hits, it could be your choice of openoffice. % grep JAVA /usr/ports/editors/openoffice*/Makefile /usr/ports/editors/openoffice-1.0/Makefile:BUILD_DEPENDS+= ${JAVAVM}:${PORTSDIR}/java/linux-sun-jdk13 /usr/ports/editors/openoffice-1.0/Makefile:BUILD_DEPENDS+= ${JAVAVM}:${PORTSDIR}/java/jdk13 /usr/ports/editors/openoffice-1.0/Makefile:JAVAVM= ${JDK13DIR}/bin/java /usr/ports/editors/openoffice-1.1-devel/Makefile:.if !defined(WITHOUT_JAVA) /usr/ports/editors/openoffice-1.1-devel/Makefile:USE_JAVA= 1.4+ /usr/ports/editors/openoffice-1.1-devel/Makefile:NO_RUN_DEPENDS_JAVA= yes /usr/ports/editors/openoffice-1.1-devel/Makefile:.if defined(WITHOUT_JAVA) /usr/ports/editors/openoffice-1.1-devel/Makefile:.if defined(WITHOUT_JAVA) /usr/ports/editors/openoffice-1.1-devel/Makefile:CONFIGURE_ARGS+= --with-jdk-home=${JAVA_HOME} /usr/ports/editors/openoffice-1.1/Makefile:.if !defined(WITHOUT_JAVA) /usr/ports/editors/openoffice-1.1/Makefile:USE_JAVA=1.4+ /usr/ports/editors/openoffice-1.1/Makefile:NO_RUN_DEPENDS_JAVA= yes /usr/ports/editors/openoffice-1.1/Makefile:.if defined(WITHOUT_JAVA) /usr/ports/editors/openoffice-1.1/Makefile:.if defined(WITHOUT_JAVA) /usr/ports/editors/openoffice-1.1/Makefile:CONFIGURE_ARGS+= --with-jdk-home=${JAVA_HOME} % As you see, there is no WITHOUT_JAVA knob for openoffice-1.0. Neither for openoffice-2.0-devel, which could be the cause of mysterious make behavior. You should have chosen openoffice-1.1-devel or openoffice-1.1 in this case. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [UPDATED]sick and tired of freebsd resolving problems
On Thu, 26 Aug 2004 21:34:55 -0500 (CDT) Jorge Mario G. [EMAIL PROTECTED] wrote: -Original Message- From: Jorge Mario G. (snip) the problem is this: I CAN NOT RESOLV It's amazing this thread lives so long. So far, no new things are found, except for corrections of typos, beyond initial vague problem statement. What you are trying to do is damn simple thing, once it starts running. So, you are having dumb simple error somewhere. Now help us see the most elementary network characteristics of your machine. 1. Run the following script. Run it to the complesion, whatever happens. Just copy and paste your input and the machine responce. Don't try add anything, don't try remove anything, don't try change anything. % cat checknet.sh #!/bin/sh echo 0=$0 set -x ifconfig -a netstat -rn traceroute 216.136.204.21 traceroute freebsd.org echo done % 2. Run the following script for at least four seconds but not more than sixteen seconds. Just copy and paste your input and the machine responce. Don't try add anything, don't try remove anything, don't try change anything. % cat checkping.sh #!/bin/sh echo 0=$0 set -x ping 216.136.204.21 echo done % 3. Run the following script. Run it to the complesion, whatever happens. Just copy and paste your input and the machine responce. Don't try add anything, don't try remove anything, don't try change anything. % cat checkresolver.sh #!/bin/sh echo 0=$0 set -x nslookup freebsd.org nslookup freebsd.org 200.13.224.8 echo done % 4. Finally, if any change in /etc/hosts or /etc/resolv.conf, cat them. Just copy and paste your input and the machine responce. Don't try add anything, don't try remove anything, don't try change anything. If you still haven't found yourself what's wrong during those checkings, post the input and output. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: make package-recursive
On Mon, 23 Aug 2004 09:59:52 +0700 User [EMAIL PROTECTED] wrote: there should some way to tell make that if ports have been made package, the next time that ports should not have been made again in the make package-recursive from some other ports. Unfortunately, no. Change CFLAGS and remake, change some of make options and remake, ... They give (for the most part) single same package name. This problem (no straightforward way to indicate what exactly the outcome is) is inherent even in compilations (or file naming conventions we have). Since make package has undergone build process, and doesn't know if it is being repackaged with the same set of files, it probably took the safest path, which is the right thing, I guess. -- with best regards, psr http://www.thai-aec.org http://www.thai.net/makham ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Is promiscuous mode bad?
On Mon, 16 Aug 2004 14:24:00 +0200 Ruben de Groot [EMAIL PROTECTED] wrote: On Sun, Aug 15, 2004 at 07:53:10PM -0700, Kevin Stevens typed: A lot of network scanners also trigger on NICS in promiscuous mode (there's a way to detect them, I forget the details at the moment) because admins want to know if any hosts are out there sniffing. How sure are you about that? AFAIK there's no way to detect a NIC in promiscuous mode *from the outside*. I would be very interested in a network scanner that could. Ruben ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Ping it with wrong mac. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: propolice patch on 4.10
On Sat, 14 Aug 2004 18:10:15 +0530 Siddhartha Jain [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I wanted the propolice protection for my 4.10 FreeBSD install. So I downloaded the latest available propolice patch (for 4.8) and patched the source (seemed to go ok). Now after going thru the entire rebuild process, how do I verify that the propolice thing is active and fine? thanks, Siddhartha -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBHgguOGaxOP7knVwRAs5DAJ428pXMgtLhqdPWdQIG7jp3FyaAFwCfTV0L TjWCWx5GeRDAZGBuDLBbQFk= =xoKI -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Following code (and the instruction) has been snatched from somewhere discussing Solaris propolice. If you need the credibility, or better solution please search them yourself. % cat test-propolice.c /* test-propolice.c */ #define OVERFLOW This is longer than 10 bytes int main (int argc, char *argv[]) { char buffer[10]; strcpy(buffer, OVERFLOW); return 0; } % cc test-propolice.c % ./a.out Abort (core dumped) % tail -2 /var/log/messages Aug 15 08:15:48 hydra a.out: stack overflow in function main Aug 15 08:15:48 hydra /kernel: pid 75040 (a.out), uid 100: exited on signal 6 (core dumped) % cc -fno-stack-protector test-propolice.c % ./a.out Segmentation fault (core dumped) % tail -3 /var/log/messages Aug 15 08:15:48 hydra a.out: stack overflow in function main Aug 15 08:15:48 hydra /kernel: pid 75040 (a.out), uid 100: exited on signal 6 (core dumped) Aug 15 08:19:05 hydra /kernel: pid 75051 (a.out), uid 100: exited on signal 11 (core dumped) % Above test is done on 4.9-STABLE. Note the propolice produced messages: o Abort on terminal, and o stack overflow in log file. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: what's wrong with my ports???
if this is the problem, but missing delete may be keeping stale files sing aloud ? If adding delete doesn't solve your problem, save the problem port(s) somewhere before zapping /usr/ports, and compare before and after. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Help Debugging Kshell Script???
On Sun, 08 Aug 2004 11:37:01 -0400 Hakim Z. Singhji [EMAIL PROTECTED] wrote: do # Use the bc utility in a here document to calculate the percentage of # free and used swap space PERCENT_USED=$(bc EOF scale=4 ($SW_USED / $SW_TOTAL) * 100 EOF ) PERCENT_FREE=$(bc EOF scale=4 ($SW_FREE / $SW_TOTAL) * 100 EOF ) ## Which ksh are you running (/usr/local/bin/ksh{,93)) ? If you are really new to this sort of things, test them interactively with 'set -ux' options. horio shoichi BTW., it gave me a thing like this on 4.9-STABLE with /usr/local/bin/ksh. % ksh $ SW_USED=1 $ SW_TOTAL=3 $ PERCENT_USED=$(bc EOF scale=4 ($SW_USED / $SW_TOTAL) * 100 EOF ) $ echo $PERCENT_USED 33.3300 $ ^D % ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Using syslog(3) after chroot-ing
On Wed, 30 Jun 2004 15:06:39 -0400 Charles Swiger [EMAIL PROTECTED] wrote: On Jun 30, 2004, at 3:00 PM, Mikhail Teterin wrote: =What happens if you set TZ in the environment which syslogd is started =up from? That's an idea. Can I just call tzset() (or tzsetwall()?) prior to chroot-ing? I suspect that you could indeed. Again, just to be clear: the timestamps are produced by syslogd, not by the program doing the logging, so you'd have to change syslogd itself. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] The tzset() alone doesn't fill the gap. You need fill /chrootedplace/etc/localtime with valid local time information. For syslogd to catch logs, the socket must be captured by it: /chrootedplace/{dev/log,var/run/log}, depending on your preference. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Using syslog(3) after chroot-ing
On Thu, 1 Jul 2004 08:50:42 +0900 horio shoichi [EMAIL PROTECTED] wrote: On Wed, 30 Jun 2004 15:06:39 -0400 Charles Swiger [EMAIL PROTECTED] wrote: On Jun 30, 2004, at 3:00 PM, Mikhail Teterin wrote: =What happens if you set TZ in the environment which syslogd is started =up from? That's an idea. Can I just call tzset() (or tzsetwall()?) prior to chroot-ing? I suspect that you could indeed. Again, just to be clear: the timestamps are produced by syslogd, not by the program doing the logging, so you'd have to change syslogd itself. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] The tzset() alone doesn't fill the gap. You need fill /chrootedplace/etc/localtime with valid local time information. For syslogd to catch logs, the socket must be captured by it: /chrootedplace/{dev/log,var/run/log}, depending on your preference. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] My keyboard seems too slippery today. Please read the whole of my message as: syslog expresses local time through ctime_r() which means tzset() will be done via /etc/localtime. So, it's sufficient to set /etc/localtime in the chrooted environment. (The second paragraph is completely redundant; it's only needed to bring the syslog messages out of chrooted environment. Sorry.) horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: native xpdf vs static xpdf for linux (couldn't create a font for...)
On Fri, 11 Jun 2004 23:08:46 +0300 Paulius Bulotas [EMAIL PROTECTED] wrote: Hello, I would like to use native xpdf (compiled from ports) for viewing pdf files, but it's almost impossible,, since for many pdf's it can't find used fonts and of course doesn't show any text. The question would be, why? ;) BTW, statically linked xpdf for linux which I downloaded from foolabs.com (ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00-linux.tar.gz) shows everything. Everything looks like: $ xpdf ~/sample.pdf Error: Couldn't create a font for 'BA+TimesNewRomanPSMT' $ ~/tmp/xpdf-3.00-linux/xpdf ~/sample.pdf $ I've put this pdf (generated with StarOffice) at: http://devnull.lt/files/sample.pdf $ ldd `which xpdf` /usr/X11R6/bin/xpdf: libt1.so.5 = /usr/local/lib/libt1.so.5 (0x28123000) libfreetype.so.9 = /usr/local/lib/libfreetype.so.9 (0x28173000) libXm.so.3 = /usr/X11R6/lib/libXm.so.3 (0x281df000) libXt.so.6 = /usr/X11R6/lib/libXt.so.6 (0x28429000) libXp.so.6 = /usr/X11R6/lib/libXp.so.6 (0x2847a000) libXext.so.6 = /usr/X11R6/lib/libXext.so.6 (0x28482000) libXpm.so.4 = /usr/X11R6/lib/libXpm.so.4 (0x28491000) libSM.so.6 = /usr/X11R6/lib/libSM.so.6 (0x284a) libICE.so.6 = /usr/X11R6/lib/libICE.so.6 (0x284a9000) libX11.so.6 = /usr/X11R6/lib/libX11.so.6 (0x284c) libstdc++.so.4 = /usr/lib/libstdc++.so.4 (0x28588000) libm.so.2 = /lib/libm.so.2 (0x28644000) libc.so.5 = /lib/libc.so.5 (0x2865d000) libz.so.2 = /lib/libz.so.2 (0x2873e000) libXau.so.0 = /usr/X11R6/lib/libXau.so.0 (0x2874c000) I'm running 5.2-CURRENT, if this means something ;) TIA Paulius ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] What is your /usr/X11R6/etc/xpdfrc like ? It seems a lot of lines necessary for font handling are commented out in default install. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPFILTER Rules
On Wed, 02 Jun 2004 22:54:22 + Randy Babb [EMAIL PROTECTED] wrote: On Wed, 2004-06-02 at 20:39, Giorgos Keramidas wrote: The delay seems suspiciously like a DNS timeout. Since you haven't mentioned any rules to explicitly allow DNS traffic below, I assume you don't have any. Just add the following rules before your groups: pass out quick proto udp from any to any keep state block return-icmp-as-dest(port-unr) in log proto udp from any to any Thanks, that fixed it. I also had another problem which stopped a lot of outgoing traffic working which seems to have been fixed by adding keep state to pass out on rl0 all head 100. Thanks, Randy ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Possibly a dumb question. Do /etc/make.conf (or /etc/defaults/make.conf) match on both of machines ? horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NFS server fail-over - how do you do it?
On Sun, 30 May 2004 02:43:37 -0500 adp [EMAIL PROTECTED] wrote: I am running a FreeBSD 4.9-REL NFS server. Once every several hours our main NFS server replicates everything to a backup FreeBSD NFS server. We are okay with the gap in time between replication. What we aren't sure about is how to automate the fail-over between the primary to the secondary NFS server. This is for a web cluster. Each client mounts several directories from the NFS server. Let's say that our primary NFS server dies and just goes away. What then? Are you periodically doing a mount or a file look-up of a mounted filesystem to check if your NFS server died? If so are you just unmounting and remounting everything using the backup NFS server? Just curious how this problem is being solved. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Have you looked into amd (or, am-utils) ? I haven't used its failover feature, but it certainly does have it. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Install IPFILTER question
On Fri, 21 May 2004 19:35:01 +0800 (CST) Stephen Liu [EMAIL PROTECTED] wrote: Hi folks, FreeBSD 5.2 === I tried to install and run IPFILTER but met with following problems; # which ipfilter ipfilter: Command not found. # whereis ipfilter ipfilter: /usr/src/contrib/ipfilter # ls /usr/share/examples/ | grep ipfilter ipfilter # pkg_info | grep -i ipfilter No printout # cd /usr/ports/ # make search -i name=ipfilter # make search name=ipfilter Both with no printout # ee /usr/src/sys/conf/NOTES, searchig for 'IPFILTER' and found follows; options MROUTING# Multicast routing options PIM # Protocol Independent Multicast options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #enable logging to syslogd(8) options IPFIREWALL_VERBOSE_LIMIT=100#limit verbosity options IPFIREWALL_DEFAULT_TO_ACCEPT#allow everything by default options IPV6FIREWALL#firewall for IPv6 options IPV6FIREWALL_VERBOSE options IPV6FIREWALL_VERBOSE_LIMIT=100 options IPV6FIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT#divert sockets options IPFILTER#ipfilter support options IPFILTER_LOG#ipfilter logging options IPFILTER_DEFAULT_BLOCK #block all packets by default options IPSTEALTH #support for stealth forwarding options PFIL_HOOKS #required by IPFILTER options TCPDEBUG Kindly advise how to install IPFILTER and/or edit kernel option to enable it. TIA B.R. Stephen Liu ___ Do You Yahoo!? Get your free @yahoo.com.hk address at http://mail.english.yahoo.com.hk ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ipf is what ipfw is for ipfirewall. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: vim make install error
On Mon, 3 May 2004 15:58:57 +0300 Petre Bandac [EMAIL PROTECTED] wrote: after a cvsup today - when portupgrading rm -rf *.out *.rej *.orig test.log tiny.vim small.vim mbyte.vim test.ok X* rm -f *.o objects/* core vim.core vim xxd/*.o rm -f xxd/xxd auto/osdef.h auto/pathdef.c auto/if_perl.c rm -f conftest* *~ auto/link.sed if test -d po; then cd po; make prefix= clean; fi make: don't know how to make clean. Stop *** Error code 2 Stop in /usr/ports/editors/vim/work/vim62/src. *** Error code 1 Stop in /usr/ports/editors/vim. please cc to me, as this address is not subscribed thanks, petre -- Login: petre Name: Petre Bandac Directory: /home/petreShell: /usr/local/bin/zsh On since Wed Apr 28 09:00 (EEST) on ttyv0, idle 5 days 6:57 (messages off) On since Sun May 2 19:31 (EEST) on ttyp8, idle 16:06, from gate New mail received Fri Feb 20 10:38 2004 (EET) Unread since Tue Feb 17 12:31 2004 (EET) No Plan. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] This problem is already discussed in [EMAIL PROTECTED] It worked for me. If you are really in a hurry, do the following: % cd $PORTSDIR/editors/vim % make patch % rm -rf work/vim62/src/po % make build % However, due to the nature of the error (missing src/po/Makefile), you might want to await for a few days for repair. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Cutting the power without unmounting the filesystem
On Sun, 18 Jan 2004 11:40:53 +0100 Rickard Dahlstrand [EMAIL PROTECTED] wrote: Hi, I have a computer that will have it's power removed quite often. In other word It will not unmount the file system. What kind of implications does this have in the long term? I have discovered that the start-up takes much longer because of having to clean the file system. Is there a way to prevent this and what harm can cutting the power have on the system? I know of some installations that use read-only mounting. Is it possible to mount / RO and /etc and /var RW? Will that speed up the boot process? Best Regards, Rickard. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] If you have / readonly, you cannot make /etc RW since they cannot be separate partitions. (As an exercise, consider a problem how to mount /etc when /etc/fstab isn't mounted.) However, having /var partition separate is quite common and I think is a recommended practice. And, of course, it must be a read/write partition. Now, a dumb question... Are you terminating your machine with halt or shutdown command ? Does your machine cleanly stop ? horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: arp problem in /var/log/messages
On Sun, 18 Jan 2004 20:14:29 +0800 Spades [EMAIL PROTECTED] wrote: hi all, i got flooded by these msgs like 1000+ lines, any idea? my kernel is dated Nov-30 FreeBSD 4.9-stable # tail -f /var/log/messages Jan 18 19:43:23 xb /kernel: arp: 202.79.180.1 moved from 00:04:5a:49:eb:74 to 00:50:0f:4f:c0:00 on rl0 Jan 18 19:45:06 xb /kernel: arp: 202.79.180.1 moved from 00:50:0f:4f:c0:00 to 00:04:5a:49:eb:74 on rl0 Jan 18 19:45:18 xb /kernel: arp: 202.79.180.1 moved from 00:04:5a:49:eb:74 to 00:50:0f:4f:c0:00 on rl0 Jan 18 19:45:41 xb /kernel: arp: 202.79.180.1 moved from 00:50:0f:4f:c0:00 to 00:04:5a:49:eb:74 on rl0 Jan 18 19:45:45 xb /kernel: arp: 202.79.180.1 moved from 00:04:5a:49:eb:74 to 00:50:0f:4f:c0:00 on rl0 thanks and regards, John ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] # sysctl net.link.ether.inet.log_arp_wrong_iface=1 should mask the messages. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (2) rsh and rcp problems between Solaris and FreeBSD
On Wed, 31 Dec 2003 10:20:23 -0500 (EST) John Von Essen [EMAIL PROTECTED] wrote: One more thing. Apparently, if I do 'rsh -n host cmd' on the Solaris box, it no longer hangs, and I can do it back to back indefinitely. Say I do ten of them, 5 secs apart. I still see the following 10 times in netstat: snip This doesn't affect rcp, so those are still slow. The only other thing is that I am going through a firewall, from an internal network to a dmz. -John snip A couple of comments: o The rcp in stock FreeBSD has changed its behavior somewhere 4.7 - 4.9, to as you see it. It has been behaving more 'standard' way before. Self installing krb4 or heimdal from kth seems provides better rcp. o How does the firewall treat backward connections ? (Ipfilter proxy ?) Depending on it, ports may not be properly 'diffused' (this again might be due to 'odd' rcp, though). As far as I can tell, rcp with said makes on both ends over ipfilter with r-* proxy works well (not very well, unfortunately). Closely watching FreeBSD's rcp behaviors at the connections would reveal something more. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: firewall question...
On Wed, 31 Dec 2003 09:59:10 -0500 Xpression [EMAIL PROTECTED] wrote: Hi list, I've two servers running some services, now I want to firewall both them, do I need to build it on router or in the FreeBSD box...thanks. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Although it depends, use your spare time to install on both, i.e. on three boxen. I say this the firewall(s) on router cannot always do fine grained host by host setups, connections from/to internal lan in particular. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail
On Wed, 31 Dec 2003 15:46:33 -0600 Chad Albert [EMAIL PROTECTED] wrote: I am writing a script that mails me when certain events occur. I am using mail(1) to notify me by email when some things happen. I have read the man page and I don't see a way to attach a file, does anyone know how to use mail(1) to attach a file? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Depends on how you invoke mail, but one method: cat file1 file2 ... filen|mail -s a lot of files $USER horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: arp request problem with firewall
On Mon, 29 Dec 2003 16:30:40 -0800 (PST) Terry Singh [EMAIL PROTECTED] wrote: this is my first post to freebsd questions. MY NETWORK Internet -- WAN_IF | FIREWALL - 5.1 RELASE | LAN_IF -- LAN network The WAN_IF has several public addresses as aliases. I have about 20 servers in the LAN that require various services allowed to the public Internet. I basically am doing a bimap one to one mapping per server in the LAN. This all works great, meaning I can surf etc etc from any LAN server to the Internet and also, from the Internet I can get published services on LAN servers. Here's the problem: I already mentioned that each server with a 192.168.50.x address is bimaped to a public address. The problem is that if I am on any of the LAN servers, and want to connect to the public address of a server in the LAN, I CANNOT. Now first of, I could connect using private addresses and of course this works like it should. But our applications have real DNS names coded in the apps so I need this to work. I know it has something to be with proxy arp so I even tried placing this line in sysctl.conf: net.link.ether.inet.proxyall=1.\ no luck. ANY IDEAS? -- Second problem One of the LAN servers is a FTP server. From the Internet, I can only connect using ACTIVE MODE even though I allow both 20/21/tcp inbound. Here's what happens when passive mode is used: The initial connection is accepted, but then the server sends its private address instead of its proper public address! Of course it's not gonna work! So I forced active mode and voila! it worked. What's the fix for this bugger? I now outbound FTP has some built-in proxy ftp in freebsd but what about inbound? thanks, tsingh. __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] 1. The network configuration like yours is known not to work. The reason and workarounds are best detailed here. http://www.openbsd.org/faq/pf/rdr.html#reflect 2. The wu-ftp and proftp have the ability to advertize arbitrary address. There may be others, but I don't know. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: RTS/CTS DTR/DSR with stty
On Tue, 30 Dec 2003 23:26:52 +0200 (EET) Lefteris Tsintjelis [EMAIL PROTECTED] wrote: Hi, I need to control manually the output signals of a serial port. Can this be done with stty? I seem to fail to do so by using stty (-)crtscts. Thank you, Lefteris Tsintjelis ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Maybe you are bit by initial-state and lock-state, which idea is I think devil's invention. See sio(4) and /etc/rc.serial. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 4.9 Can't find second CPU ...
On Thu, 25 Dec 2003 18:54:26 +0200 "Vahric MUHTARYAN" [EMAIL PROTECTED] wrote: Hi , I checked LINT it said that I have to disabke I386 AND I486 from kernel .. I marked those values from GENERIC and LINT too and recompile it . But I can't see any changes Then I checked my messages file Dec 25 20:30:33 freebsdcgp /kernel: FreeBSD/SMP: Multiprocessor motherboard: 2 CPUs Dec 25 20:30:33 freebsdcgp /kernel: cpu0 (BSP): apic id: 3, version: 0x00040011, at 0xfee0 Dec 25 20:30:33 freebsdcgp /kernel: cpu1 (AP): apic id: 0, version: 0x00040011, at 0xfee0 Dec 25 20:30:33 freebsdcgp /kernel: io0 (APIC): apic id: 4, version: 0x000f0011, at 0xfec0 Dec 25 20:30:33 freebsdcgp /kernel: io1 (APIC): apic id: 5, version: 0x000f0011, at 0xfec01000 Dec 25 20:30:33 freebsdcgp /kernel: SMP: AP CPU #1 Launched! And this is my sysctl out freebsdcgp# sysctl hw.ncpu hw.ncpu: 2 But when I run top utulity there is only one CPU there .. Now I will try cvsup RELENG_4 ... Maybe I can handle it ... Does anybody have advise ?! Vahri__... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of fbsd_user Sent: Thursday, December 25, 2003 5:28 PM To: Vahric MUHTARYAN; [EMAIL PROTECTED] Subject: RE: FreeBSD 4.9 Can't find second CPU ... Answer to your ? 1. 98% of FBSD users do not have 2 cpu motherboards so default GENERIC kernel is configured for them and not for you. Answer to your ? 2. Read through the LINT kernel source to see if you missed some other kernel option needed to enable the kind of 2 cpu motherboard you have. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Vahric MUHTARYAN Sent: Thursday, December 25, 2003 10:18 AM To: [EMAIL PROTECTED] Subject: FreeBSD 4.9 Can't find second CPU ... Hi Everybody , I have two question about SMP . First Why FreeBSD is installing OS with single Cpu default ?!! Why it can't enable SMP support at installation time ?! Second when I compile kernel with SMP Support FreeBSD 4.9 can find second CPU ?! What do I have to check why it can't find it ?! I'm using DUAL PIII 933 CPU and INTEL Server BOARD I tested it with DUAL INTEL 1.0B too Vahric ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" You seem to have missed the remaining, Mandatory, lines in LINT... # SMP OPTIONS: # # SMP enables building of a Symmetric MultiProcessor Kernel. # APIC_IO enables the use of the IO APIC for Symmetric I/O. # # Notes: # # An SMP kernel will ONLY run on an Intel MP spec. qualified motherboard. # # Be sure to disable 'cpu I386_CPU' 'cpu I486_CPU' for SMP kernels. # # Check the 'Rogue SMP hardware' section to see if additional options # are required by your hardware. # # Mandatory: options SMP # Symmetric MultiProcessor Kernel options APIC_IO # Symmetric (APIC) I/O There are other such as ACPI if you want to try. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: fixit.flp or fixit via live filesystem CD
On Thu, 18 Dec 2003 02:23:39 -0800 (PST) Peter Leftwich [EMAIL PROTECTED] wrote: RE: http://www.freebsd.org/relnotes/CURRENT/installation/i386/trouble.html Is there a manpage or FAQ explaining the basic commands available to users during a fixit session? I understand how to change to that terminal using Alt-F4 but then the following commands are the only ones that seem to work: pwd echo quit while the following list of commands do NOT work: ls (YES!!! That's what -I- said too, ls doesn't work?!?!) whoami mount /sbin/mount ./mount man Could someone shed some light on where one can go to RTFM about fixitting? Thanks, please CC my email address in your reply... -- Peter Leftwich, President Founder Video2Video Services Box 13692, La Jolla, CA, 92039, USA http://Www.Video2Video.Com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Hello, Since echo is available, and the shell on you has glob feature, echo * will lighten your nearby. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Router/Gateway
On Thu, 11 Dec 2003 13:45:56 +0200 Extech [EMAIL PROTECTED] wrote: Hello I have looked through the archives and I have read the manual (Advance Networking) but could not find specific to address my question. I want to set up a FreeBSD 5.x box as a router/gateway on a permanent connection with a fixed IP address, there will also be other machines with fixed IP addresses (not 192.168.x.x but proper IP's) on this network. something like this: To internet exchange on T1 Leased Line | | | dc0 (196.x.x.1) - FreeBSD router/ gateway - | lr0 | | | - switch/hub - | | | | 196.x.x.2 | | 196.x.x.3 Server 1Server 2 Obviously I have to have two network cards in the router/gateway (dc0 and lr0), I assume that I will configure dc0 with my fixed IP, but what do I do with lr0? Can somebody please point me in the right direction. Thanks extech ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] A popular solution is the route/gateway not have ip addresses that belong to allocated global ips, and use bridge configuration. If bridging is inadequate in your case, the thing pretty much depends on the cloud one hop away from dc0 interface. Describe it (modem/router, configuable/not, etc). horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: chroot environment
On Sat, 6 Dec 2003 13:18:13 -0800 Nick Twaddell [EMAIL PROTECTED] wrote: I am trying to setup a chroot environment for some users. I rebuilt the environment inside their userdir, copied all the appropriate binaries, libs, etc. The part I am stumped on, is how do you make it so their account gets chrooted on login. Since chroot can only be executed by root. Some of the docs I found created a shell script that would sudo chroot and run it on login. I am just wondering what everyone else recommends. Thanks Nick Twaddell ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Answer1: security/chrootuid. Answer2: Build jail(8) environment, install sshd, for example, on each jail. Let each user login to the respective account. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: fetch and portinstall
On Sat, 6 Dec 2003 00:09:02 -0700 mike bueide [EMAIL PROTECTED] wrote: When I install or upgrade a port, all attempts to an HTTP URL fetch are timing out. Typically I'll just sudo portupgrade a port I wish to install. I am behind a firewall that uses nat and stateful rules. Ftp fetches work just fine. I just would like to speed things up a bit by either causing the HTTP attempts to time out sooner or authorize them somehow. I have done digging via man fetch. It mentions some environment variables that can be set: HTTP_AUTH (man 3 fetch) HTTP_TIMEOUT (man 1 fetch) I don't understand what user-name / password combination for HTTP_AUTH could be set to enable HTTP fetches. Is it the same as the anonymous/email_address used when manually logging into ftp sites as a guest? And, if I set these ENVIRONMENT VARIABLES, do I need them set it in the root shell, or the user running sudo? Thanks to any who might respond. -- Michael Bueide mbueide (at) charter (dot) net . ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] The site is misconfigured, or is simply down for a moment ? Can you ping or traceroute to the host ? If the site seems running, try with FETCH_BEFORE_ARGS=-vv and see what the real complaints are meant. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Realtek 8139 unstable?
On Fri, 05 Dec 2003 13:01:15 +0300 den [EMAIL PROTECTED] wrote: Greg 'groggy' Lehey wrote: On Friday, 5 December 2003 at 8:51:30 +0200, Chris Visser wrote: Hi, I'm running FreeBSD 5.1, on a box with a Digi Sync 570 card and a Realtek 8139 network card. The Machine runs fine, most of the time, but every now and again my network card stops working for no reason. Rebooting the box fixes this for a while, but the it starts again. There have been reports of instabilities with the 8139. I don't know if it's really the hardware to blame or the driver, but the documentation for the hardware is apparently so terrible that it's difficult to say. I'm using an 8139 in a number of places, including (currently) my main server machine. The switch notes a large number of errors under load, and I'm thinking of changing to a different card the next time I have to reboot. Rather than reboot your machine, you'll probably find that the following sequence unwedges the card: ifconfig rl0 down ifconfig rl0 up I had this in a cron job at one point. Greg -- When replying to this message, please copy the original recipients. If you don't, I may ignore the reply or reply to the original recipients. For more information, see http://www.lemis.com/questions.html See complete headers for address and phone numbers. I have had the problem with this card on FreeBSD 5.0. Problem was resolved by recompiling of kernel with new drivers from Realtec. It seems there is many modification of 8139 chipset that have a postfix ( D, C,...). When I choose driver that match my chipset all become ok. I don't know whether this driver was included in 5.1, so this is only assumption, and it doesn't help to you. -- Denis. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I found ftp://152.104.125.40/cn/nic/rtl8139abcd8130810xseries/freebsd-8139(110).zip via www.realtek.com.tw, which is for FreeBSD. However, it is for 4.5. Could you give me (us) your reference to 5.0 (or 5.x) ? horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfilter traffic blocking and tcpdump snort etc
On Fri, 5 Dec 2003 00:24:12 + Jez Hancock [EMAIL PROTECTED] wrote: Hi, I've blocked a dozen or so addresses using ipfilter: block in quick on fxp0 from 208.186.60.116 to any block in quick on fxp0 from 216.230.149.11 to any etc but I still see a lot of traffic those hosts in trafshow, snort and other packet capturing utils. Why is this? Is there any alternative method of blocking access from certain hosts so that this traffic is not 'seen' by higher level /userland apps? As background, the blocked hosts were part of a denial of service attack which has been going on for a few hours now. The attack was aimed at port 80, although an odd artifact is that no httpd log entries were made for any of the hosts attempting to connect on port 80. A cursory nmap scan of a few of the hosts shows that all hosts had both port 25 and 80 open, but none of the hosts accepted connections on either of those ports. Any idea what kind of attack this could be? -- Jez Hancock - System Administrator / PHP Developer http://munk.nu/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] You are probably seeing the supposedly blocked packets on the outside of network. Observe them on inside, i.e., on the interface not fxp0. What you are seeing are packets ipfilter is just about to handle. I don't understand your second question. Are you thinking about tcp wrapper, reset feature of snort, etc ? horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfilter traffic blocking and tcpdump snort etc
On Fri, 5 Dec 2003 10:58:39 + Jez Hancock [EMAIL PROTECTED] wrote: Hi Horio, Cheers for reply. On Fri, Dec 05, 2003 at 07:33:49PM +0900, horio shoichi wrote: On Fri, 5 Dec 2003 00:24:12 + Jez Hancock [EMAIL PROTECTED] wrote: Hi, I've blocked a dozen or so addresses using ipfilter: block in quick on fxp0 from 208.186.60.116 to any block in quick on fxp0 from 216.230.149.11 to any etc but I still see a lot of traffic those hosts in trafshow, snort and other packet capturing utils. Why is this? You are probably seeing the supposedly blocked packets on the outside of network. Observe them on inside, i.e., on the interface not fxp0. Not sure what you mean here, what command would you issue via tcpdump or snort to do what you suggest? Um, that's my bad assumption ! I thought your box is a filtering router, and has at least two interfaces. What you are seeing are packets ipfilter is just about to handle. Right - it's just I would have thought that ipfilter handled packets before they reached any traffic dumping utils. I see what you're getting at. Presumably snort for example uses the bpf driver via pcap(?) to capture network traffic... actually reading bpf(4) clears things up a little: Associated with each open instance of a bpf file is a user-settable packet filter. Whenever a packet is received by an interface, all file descriptors listening on that interface apply their filter. Each descriptor that accepts the packet receives its own copy. The log keyword on blocking rules would have helped... Is there any alternative method of blocking access from certain hosts so that this traffic is not 'seen' by higher level /userland apps? I don't understand your second question. Are you thinking about tcp wrapper, reset feature of snort, etc ? Let me rephrase that one :P I meant is there a method - for example such as adding some kind of routing via arp - so that packets are dropped on the floor even quicker than they would be via the firewall method? In my observation, packet filters are the quickest since blocked packets die in ip_input(), below which is where ethernet interrupt handlers are laid out. horio shoichi -- Jez Hancock - System Administrator / PHP Developer http://munk.nu/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: amd documentation: why is it so confusing?
On Wed, 03 Dec 2003 11:54:12 +0900 Rob [EMAIL PROTECTED] wrote: Hi, I have exported directories successfully. Thus I moved on to use amd for having the system mount this as it is needed. However, I am getting totally stuck in the amd manuals. Are the amd manuals really that bad, or is it me? For example: The FreeBSD handbook mentions amd in one sentence, by referring to the manual pages of amd and amd.conf. So all I have are the manual pages on the amd commands and files. The amd manual talks about a map file, but there's nowhere information to be found on what the structure of such a map file is. Is the creation of the amd-map file too trivial, or so complicated that nobody dares explaining it? Anyone who can point me to better help on this? Thanks! Rob. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Two places: /usr/src/contrib/amd/doc has texi sources. http://www.cs.columbia.edu/~ezk/am-utils/ is the current maintainer's page. See Documentation and Information there. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SCSI Disk not found
On Wed, 03 Dec 2003 00:12:06 -0500 Michael E. Mercer [EMAIL PROTECTED] wrote: Ok. I have what looks to be two host adapters. The one on the motherboard and a PCI? card. Not sure what exactly I am supposed to do for I have never had a PC with SCSI before... Any help is appreciated. Thanks MeM On Tue, 2003-12-02 at 23:57, Mike Maltese wrote: I was given a Compaq Proliant 800 machine...its a pentium pro 200 MHz. I got 4.9-Stable installed and everything is running smooth. However, I noticed that is does indeed have two scsi disks, but freebsd only finds one. Attached is the dmesg... notice the sym0 and sym1. Does this supposed to tell me anything? Yes, it is. Either the host adapter has two channels or you have two host adapters in the machine. I'm not sure what card you have exactly, but my guess is that it's the former. I would crack the box open and see what's what with the SCSI configuration. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Having two (or more) controllers is just a common practice. It is by no means any wrong per se. And, hooking drives in whatever controllers you have in any order is, again, no wrong, PROVIDED each controller sees the drives connected to it have respective distinguishing signatures, i.e., each drive has distinct target id (and unit id, but somehow disks are always assigned unit id zero). Looking back the thread, my guess is that you connected the two drives in one controller (whichever, I don't know) giving the drives identical target id (i.e., zero). So you violated the last condition. See target id on one of the drives (maybe 3-4 dipswitches if the drives are internal ones). Change it within [1 - 6] range. (Leave one drive with target zero (to speed up bootstrapping, doh) and seven since it is the id controller has assigned to itself). horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SCSI Disk not found
On Thu, 4 Dec 2003 10:49:05 +0900 horio shoichi [EMAIL PROTECTED] wrote: On Wed, 03 Dec 2003 00:12:06 -0500 Michael E. Mercer [EMAIL PROTECTED] wrote: Ok. I have what looks to be two host adapters. The one on the motherboard and a PCI? card. Not sure what exactly I am supposed to do for I have never had a PC with SCSI before... Any help is appreciated. Thanks MeM On Tue, 2003-12-02 at 23:57, Mike Maltese wrote: I was given a Compaq Proliant 800 machine...its a pentium pro 200 MHz. I got 4.9-Stable installed and everything is running smooth. However, I noticed that is does indeed have two scsi disks, but freebsd only finds one. Attached is the dmesg... notice the sym0 and sym1. Does this supposed to tell me anything? Yes, it is. Either the host adapter has two channels or you have two host adapters in the machine. I'm not sure what card you have exactly, but my guess is that it's the former. I would crack the box open and see what's what with the SCSI configuration. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Having two (or more) controllers is just a common practice. It is by no means any wrong per se. And, hooking drives in whatever controllers you have in any order is, again, no wrong, PROVIDED each controller sees the drives connected to it have respective distinguishing signatures, i.e., each drive has distinct target id (and unit id, but somehow disks are always assigned unit id zero). Looking back the thread, my guess is that you connected the two drives in one controller (whichever, I don't know) giving the drives identical target id (i.e., zero). So you violated the last condition. See target id on one of the drives (maybe 3-4 dipswitches if the drives are internal ones). Change it within [1 - 6] range. (Leave one drive with target zero (to speed up bootstrapping, doh) and seven since it is the id controller has assigned to itself). horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Not that what I wrote doesn't work, I might have overlooked the possibility of vendor conspir..er..discretion. It might be that you are expected to hook each disk into respective controller, thus all the drives have target id zero. This would make sense if the vendor counted the failure of one of controllers, in raid (1 ?) configuration. Try connect disks as such if you could locate another connector and one more scsi cable. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FBSD web site man lookup ipfilter
On Sat, 22 Nov 2003 13:49:33 -0500 fbsd_user [EMAIL PROTECTED] wrote: IPFILTER is built into the base release of FBSD. I can do (man ipf) or (man ipnat) on a fresh install of FBSD and get the manual info. But when I go to http://www.freebsd.org/cgi/man.cgi to look up the manuals on ipfilter they are all missing. Is there some good reason for this, or has it just been missed? Who should I notify to get this fixed? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Tried to find 'ipf' in sections 5 and 8, for a few versions. Seems ok. How did you submitted your requests ? horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to find our what version of ports your running?
On Tue, 11 Nov 2003 21:14:23 +0800 Paul Hamilton [EMAIL PROTECTED] wrote: Hi, Is it possible to print out the base version of when you last installed the ports base, or cvs'ed it? cheers, Paul Hamilton ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] If $PORTSDIR/CVS/Tag exists cat $PORTSDIR/CVS/Tag will give you the idea. If it doesn't exist you have current. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: jdk14 port
On 06 Nov 2003 20:17:11 -0500 Frank Laszlo [EMAIL PROTECTED] wrote: Ok, I figured out what the problem was. It's really quite interesting. you see, I was building this via ssh to my server. My server has had network issues (due to the connection) all day, and my ssh sessions were lagging horribly. it would freeze for a long amount of time. I noticed the build always seemed to error at a different point. So I thought to myself, maybe the ssh freezing is causing a problem so i fired screen and ran: cd /usr/ports/java/jdk14 script jdk14-out.log make package then i detached from the screen, and ran xtail jdk14-out.log to keep an eye on it. and sure enough, it built with no problems whatsoever. I have NEVER seen anything like this, but I guess it makes sense. Oh well.. -Frank Laszlo On Thu, 2003-11-06 at 12:49, Frank Laszlo wrote: It seems this port wont build, I do have linux_base installed and the linprocfs is mounted. here is my uname and error message. ([EMAIL PROTECTED] /usr/ports/java/jdk14)% uname -a FreeBSD ritamari.vonostingroup.com 4.9-RC FreeBSD 4.9-RC #0: Thu Oct 16 14:19:39 EDT 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/RITAMARI i386 Exception in thread main java.lang.IllegalMonitorStateException at java.lang.ref.Finalizer.add(Finalizer.java:42) at java.lang.ref.Finalizer.init(Finalizer.java:67) at java.lang.ref.Finalizer.register(Finalizer.java:72) at sun.tools.java.ClassFile.getInputStream(ClassFile.java:60) at com.sun.tools.javah.oldjavah.JavahEnvironment.getClass(JavahEnvironment.java:171) at com.sun.tools.javah.oldjavah.JavahEnvironment.getAllFields(JavahEnvironment.java:89) at com.sun.tools.javah.oldjavah.JNI.write(JNI.java:38) at com.sun.tools.javah.oldjavah.Gen.run(Gen.java:149) at com.sun.tools.javah.oldjavah.Main.run(Main.java:174) at com.sun.tools.javah.oldjavah.Main.main(Main.java:41) at com.sun.tools.javah.Main.main(Main.java:40) gmake[4]: *** [/usr/home/ports/java/jdk14/work/control/build/bsd-i586/tmp/java/java.lang/java/obj_g/.class.headers.i586] Error 1 Any help would be greatly sppriciated. Thanks -Frank Laszlo ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to [EMAIL PROTECTED] I have seen the same (or similar named) exception on 4.8-STABLE. Since it was made on Oct.30, the log file on /var/tmp has been flushed. Last night, I tried to reproduce the log but (unfortunately) have succeeded this time. So the sameness or similarity is only in my vague memory. The differences in my case are: o when failed, I was complained there was no linprocfs. I tried to remake without flushing $WRKDIR after mounting it, o last night, there were other heavy metals, such as 'make buildworld' and 'make release' so the loads were constantly high. Remake is done on a new $WRKDIR, though. Um, neither seem to have any significance. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: upgrade named
On Thu, 6 Nov 2003 08:13:07 -0500 Arnason, Arni [EMAIL PROTECTED] wrote: 8.3.3 is in /usr/sbin 9 went into /usr/local/sbin modified rc.conf to point to the new binary named_program=/usr/local/sbin/named but I'm still stuck with 8.3.3 ps shows my named up and running but a which named still points to my 8.3.3 version doesn't make sense to me, should be working any ideas? Arni -Original Message- From: Wes Zuber [mailto:[EMAIL PROTECTED] Sent: Wednesday, 05 November, 2003 14:46 To: Jonathan Chen Cc: '[EMAIL PROTECTED]'; Arnason, Arni Subject: Re: upgrade named We had the same issue. The named binary on our 8.3.3 set up was in /usr/local/bin When we installed 9 that went into /usr/sbin I suspect that you are just calling the old binary. --Wes On Nov 5, 2003, at 11:35 AM, Jonathan Chen wrote: On Wed, Nov 05, 2003 at 11:38:55AM -0500, Arnason, Arni wrote: I've been trying to upgrade named to version 9 but seem to be missing something Currently have: FreeBSD 4.6.2 with named 8.3.3 downloaded, configured and installed version 9 - updated rc.conf to point to the new location, rebooted and I'm still running 8.3.3 I've got the same setup and it works fine. What's in your /etc/rc.conf and what's the output of ps ax | grep named? -- Jonathan Chen [EMAIL PROTECTED] -- When you don't know what you are doing, do it neatly. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] To see the running bind version: host -t txt -c chaos version.bind (and the variants of nslookup, dig). This may not work on 9.x bind correctly, since ) zone file for bind must be correctly maintained. Also this may not work if your bind installation prohibits such retrievals. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: securelevel problems
On Tue, 4 Nov 2003 20:25:57 + Wayne Pascoe [EMAIL PROTECTED] wrote: Hi all, I'm trying to upgrade a 4.7-RELEASE machine to 4.9. The make buildworld has gone ok, but installworld failed. At first, it appeared that this was because the machine was running in securelevel 1. I had the following in /etc/rc.conf: kern_securelevel_enable=YES kern_securelevel=1 I changed that to kern_securelevel_enable=NO kern_securelevel=-1 and rebooted the machine. sysctl -a | grep secure shows kern.securelevel: -1 however a make installworld is still failing with: Stop in /usr/src/include. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. I then tried touching my kernel, which also fails, with: # touch kernel touch: kernel: Operation not permitted I'm at a bit of a loss as to how to proceed as the only thing I could think to do was to disable securelevel in /etc/rc.conf :( does anyone know what I may have missed or how I might rectify this issue ? Thanks, -- Wayne Pascoe 'tis far easier to get forgiveness than it is to get permission - probably someone famous, but more often, my Dad. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] You must reset all the flags. Securelevel=-1 itself does not toggle off (invalidate) any flags. So, setting flags at securelevel=-1 still makes some sense. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd port for MRTG
On Tue, 4 Nov 2003 07:51:50 +0200 Mantas Smelevi蓍us [EMAIL PROTECTED] wrote: cd /usr/ports make search name="mrtg" Antradienis 04 Lapkri蓍o 2003 07:00, DanB ra韜: Is there a port for MRTG? Also a step by step instruction for setup for FREEBSD only. Dan ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" -- Mantas Smelevi蓍us Komp. tinklo administratorius UAB "Transekspedicija" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" Whichever - o locate mrtg o ls -d /usr/ports/*/*mrtg* horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: 486SX, 100MB HDD - need FreeBSD, how?
On Sun, 14 Sep 2003 18:44:55 +0300 Alex Zivenko [EMAIL PROTECTED] wrote: How to install freebsd on this machine? (Intel486SX-25Mhz, 8 Mb Memory, 100Mb HDD). There isn't cdrom. Maby I can setup it from other system, the recompile kernel for that processor, or what? Without x, witout any cool programs. I just need to do it log-server. Are you, and the environment the box will be placed, ready for network boot ? If so, it's the simplest. The other extreme, if you must use full standalone, is like this : o build your own release ('make release'). o repackage 'bin' and 'crypto' directories in ftp directory of the release to trim the size (disk requirement will go well below 20mb). o using this release, do 'minimum' install using ftp or nfs. With whopping 100mb given, there are many schemes in between (say boot from disk, nfs mount /usr and others). Thank's all! Good luck horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: nis security (DES passwords)
On Sat, 13 Sep 2003 17:01:31 +0200 Guy Van Sanden [EMAIL PROTECTED] wrote: I was looking arround for this, and I found that Kerberos uses DES encryption, John (on my sytem) reports it rather weak: clip Yet it seems the consensus that Kerberos is secure, am I missing something? 1. Krb5 uses default salted 3DES. In addition, as Tillman wrote, krb5 allows other ciphers. 2. Even krb4, which uses unsalted DES, is considered difficult to crack because it does not expose ciphered text (i.e., passwd). On the wire, on the local files. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: host and hostname
On Sat, 6 Sep 2003 17:30:50 +0900 Rommel B. Ikeda [EMAIL PROTECTED] wrote: - Original Message - From: horio shoichi [EMAIL PROTECTED] To: Rommel B. Ikeda [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, September 05, 2003 9:01 PM Subject: Re: host and hostname On Fri, 5 Sep 2003 10:46:25 +0900 Rommel B. Ikeda [EMAIL PROTECTED] wrote: Thanks very much for the reply, my apologies for not replying so soon Actually, I posted my question on host and hostname, because, I have been trying to find out if my Internet Settings is correct or not...I am having problems with cvsup for a very long long time now... Actually, I did tried: # host freebsd.org Host not found, Try again I know that their is something wrong with our internet connection in our company...but, I do not think that the person in-charge of our Computer Room can help me...Unfortunately, Although we are an NGO, Nobody knows about FreeBSD yet in our Organization... Anyways, about my comments on Can someone point me to some information about it aside from the man pages..., I do read the man pages, everytime, but on the time that I was reading about the host and hostname, I was a little in a hurry and those technical terms just made my head ached so, I though maybe I would ask everybody, just for this time...My head was really full with the problems I have with cvsup... Thanks anyway... Rommel B. Ikeda OISCA-International http://www.oisca.org/ Looks like you don't have /etc/resolv.conf file. The content would be like this, assuming your site has no other name servers: domain oisca.org nameserver 164.46.1.1 nameserver 211.10.162.68 BTW, the nameservers are taken from whois database for oisca.org. NS1.FIRSTSERVER.NE.JP164.46.1.1 NS2.FIRSTSERVER.NE.JP211.10.162.68 horio shoichi Thank you very much for the reply and also for looking up our nameserver...I tried to find out this numbers but I was told that our ISP dynamically provides us this numbers...So, if I will be using the nameserver that can be found in our Server Machine...when it disconnects...it will use a new nameserver dynamically provided by our ISP...That is what I was told... You are probably told about the nameservers given by DHCP reply packets. O.k., they should work, too. I just received an Email from the Mailing List advicing me to create a /etc/resolv.conf... He was also kind enough to provide me our DNS... domain oisca.org nameserver 164.46.1.1 nameserver 211.10.162.68 I created a /etc/resolv.conf with this one as what you have suggested When my system starts: The booting process halts for a few minutes saying continuing vi sessions: and then boots and starts gdm... after gdm starts, I can log in but I can use my built-in mouse... after logging in...it halts for a few minutes before I can use my built-in mouse... I think I forgot to tell you adding, deleting, changing /etc/resolv.conf don't need reinitializing anything other than the file itself so you don't have to reboot... when i invoked this command: # host freebsd.org halts for a few minutes to read and then... #host not found, try again Any suggestions on what happened... Either you can't reach the nameservers or the servers refuse to answer. The resolver (a library function that contacts name servers and maps between domain names and ip addresses) thinks name services are unavailable. Following tests are irrelevant to /etc/resolv.conf file, unless specifically referenced. 1. servers really suck ? host freebsd.org 164.46.1.1 host freebsd.org 211.10.162.68 ask the servers directly. Worked for me, like: % host freebsd.org 164.46.1.1 Using domain server 164.46.1.1: freebsd.org has address 216.136.204.21 freebsd.org mail is handled (pri=10) by mx1.freebsd.org % host freebsd.org 211.10.162.68 Using domain server 211.10.162.68: freebsd.org has address 216.136.204.21 freebsd.org mail is handled (pri=10) by mx1.freebsd.org % Try them, and against the servers you are told. If they work as my example shows, then /etc/resolv.conf is wrong (not too sure, but the domain name may have to match the one from DHCP server). 2. talking to servers ? ping 164.46.1.1 traceroute 164.46.1.1 Two prime candidate reasons you have to come here are: o You don't have default route, o Firewall blocks direct outgoing, Anyway traceroute will tell you where you can get responces up to. horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: host and hostname
On Fri, 5 Sep 2003 10:46:25 +0900 Rommel B. Ikeda [EMAIL PROTECTED] wrote: Thanks very much for the reply, my apologies for not replying so soon Actually, I posted my question on host and hostname, because, I have been trying to find out if my Internet Settings is correct or not...I am having problems with cvsup for a very long long time now... Actually, I did tried: # host freebsd.org Host not found, Try again I know that their is something wrong with our internet connection in our company...but, I do not think that the person in-charge of our Computer Room can help me...Unfortunately, Although we are an NGO, Nobody knows about FreeBSD yet in our Organization... Anyways, about my comments on Can someone point me to some information about it aside from the man pages..., I do read the man pages, everytime, but on the time that I was reading about the host and hostname, I was a little in a hurry and those technical terms just made my head ached so, I though maybe I would ask everybody, just for this time...My head was really full with the problems I have with cvsup... Thanks anyway... Rommel B. Ikeda OISCA-International http://www.oisca.org/ Looks like you don't have /etc/resolv.conf file. The content would be like this, assuming your site has no other name servers: domain oisca.org nameserver 164.46.1.1 nameserver 211.10.162.68 BTW, the nameservers are taken from whois database for oisca.org. NS1.FIRSTSERVER.NE.JP164.46.1.1 NS2.FIRSTSERVER.NE.JP211.10.162.68 horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: can't login as anyone - not even as root!
On Thu, 28 Aug 2003 21:40:20 -0700 (PDT) Dave Banning [EMAIL PROTECTED] wrote: Thanks, Sunil for the steps, but I have tried that already. When I get to the # prompt in single user mode, I cannot use the passwd command. I get the error;; passwd: error opening database: /etc/pwd.db: Permission denied passwd: /etc/master.passwd: unchanged and permissions are as follows; # ls -tld /etc drwxr-xr-x 17 root wheel 2560 Aug 28 09:16 /etc # ls -tld /etc/pwd.db drw---r-- 1 root wheeel 40960 Aug 28 09:12 /etc/pwd.db I -can- execute vipw and change passwords. It updates all the files master.passwd, spwd.db, passwd, and pwd.db without error. I think the /etc/pwd.db line should contain at least two errors. If they aren't transcription errors one of them can be disastrous. 1) is there wheeel group, really ? 2) pwd.db is, as the name suggests, a file. The line should start with '-'. If it is a directory, it would have at least one permission 'x'. Mine is like this: %ls -l /etc/pwd.db -rw-r--r-- 1 root wheel 40960 Jun 24 15:11 /etc/pwd.db If pwd.db is indeed like that try remove it and do pwd_mkdb. horio shoichi __ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]