Re: Same MAC address in 2 different VLANs
I think you maybe ok. Ive just looked at my esx config and the esx management interfaces use their own generated macs, not the physical interfaces ones. All the vms obviously use generated macs as well. However I only looked over it at a superficial level. Have you considered using a tap or spare phyical interface on your flex box and not linking it to the network? Thank you, that was a brilliant idea: Flex only needs that one interface, with the specific MAC, exists on the host, it does not specifically try to use that interface for managing licenses, so a tap hanging to nowhere is the solution. Best regards, Olivier On 19 July 2013 10:29, Olivier Nicole olivier.nic...@cs.ait.ac.th wrote: Hello, Could any one comment about the use of the same MAC address in 2 separate VLANs? All my machines are connected to 2 VLANs (one public and one private) with no routing in between the VLANs. I used to run a FLEX license manager to a physical machine. When I virtualized that service, I had to use the MAC address of that physical machine for the virtual machine (FLEX is linked to the MAc address and I coul dnot issue new license as licensed the pproduct is not supported anymore). The virtual NIC that has the old MAC address is connected to the public VLAN. Now I want to reuse the physical machine as a VMware server. Dell nor VMware offer a solution to change the MAC address (like ifconfig em0 link xx:xx:xx:xx:xx:xx would do). So I plan to connect the NIC with the incriminated MAC to the private VLAN. Most (if not all) my servers are FreeBSD. Most will access the virtual machine running FLEX and may access the VMware server also. The servers are not VLAN aware. Will this be an issue? Best regars, Olivier -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Same MAC address in 2 different VLANs
Hello, Could any one comment about the use of the same MAC address in 2 separate VLANs? All my machines are connected to 2 VLANs (one public and one private) with no routing in between the VLANs. I used to run a FLEX license manager to a physical machine. When I virtualized that service, I had to use the MAC address of that physical machine for the virtual machine (FLEX is linked to the MAc address and I coul dnot issue new license as licensed the pproduct is not supported anymore). The virtual NIC that has the old MAC address is connected to the public VLAN. Now I want to reuse the physical machine as a VMware server. Dell nor VMware offer a solution to change the MAC address (like ifconfig em0 link xx:xx:xx:xx:xx:xx would do). So I plan to connect the NIC with the incriminated MAC to the private VLAN. Most (if not all) my servers are FreeBSD. Most will access the virtual machine running FLEX and may access the VMware server also. The servers are not VLAN aware. Will this be an issue? Best regars, Olivier -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Same MAC address in 2 different VLANs
I think you maybe ok. Ive just looked at my esx config and the esx management interfaces use their own generated macs, not the physical interfaces ones. All the vms obviously use generated macs as well. However I only looked over it at a superficial level. Have you considered using a tap or spare phyical interface on your flex box and not linking it to the network? On 19 July 2013 10:29, Olivier Nicole olivier.nic...@cs.ait.ac.th wrote: Hello, Could any one comment about the use of the same MAC address in 2 separate VLANs? All my machines are connected to 2 VLANs (one public and one private) with no routing in between the VLANs. I used to run a FLEX license manager to a physical machine. When I virtualized that service, I had to use the MAC address of that physical machine for the virtual machine (FLEX is linked to the MAc address and I coul dnot issue new license as licensed the pproduct is not supported anymore). The virtual NIC that has the old MAC address is connected to the public VLAN. Now I want to reuse the physical machine as a VMware server. Dell nor VMware offer a solution to change the MAC address (like ifconfig em0 link xx:xx:xx:xx:xx:xx would do). So I plan to connect the NIC with the incriminated MAC to the private VLAN. Most (if not all) my servers are FreeBSD. Most will access the virtual machine running FLEX and may access the VMware server also. The servers are not VLAN aware. Will this be an issue? Best regars, Olivier -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Same MAC address in 2 different VLANs
Hello, Could any one comment about the use of the same MAC address in 2 separate VLANs? [...] Will this be an issue? You might run into problems if the two (virtual) systems are attached to a different port on your switch. Some switches don't take the vlan into account when learning on which port a mac address exists. These switches will see the mac address jumping between ports all the time. Joost. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OT: rsync on Mac OSX
On Jul 12, 2013, at 2:57 PM, kpn...@pobox.com wrote: I thought MacOS X's rsync did handle resource forks if you gave it the proper option. The resource fork is reported by rsync in the usual convention of having ._ prefixed to the filename. My understanding was that the files named ._foo were plain files that included the metadata that makes up the resource fork. The ._ file is not really the resource fork, but a workaround for filesystems that do not support resource forks. As such, they would be copied by rsync just fine. Now as to the Mac OS X rsync understanding resource forks, that I cannot speak to, but it should be easy to test. Copy a directory from an HFS+ volume to a non-Mac OS X volume (NFS for example) using rsync and see if it creates the ._ files to go with the data. -- Paul Kraus Deputy Technical Director, LoneStarCon 3 Sound Coordinator, Schenectady Light Opera Company ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OT: rsync on Mac OSX
On Fri, Jul 12, 2013 at 11:25 AM, Chris Maness ch...@chrismaness.comwrote: Thank you for the detailed description of what resource forks are. One more clue in this mystery is that appending .mov extension to it fixes the problem. That makes some sense, since without the resource fork some MacOS software would have trouble identifying the type of the file. The extension provides that information in another way. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OT: rsync on Mac OSX
On Tue, Jul 2, 2013 at 3:11 PM, Chris Maness ch...@chrismaness.com wrote: Since you are going to wait anyway, why don't you try peeking at some of the file checksums while this is running? MacOS X comes with a shasum utility which implements SHA-256 checksums, so you should be able to look at a few random samples of these files, e.g. by running on the source disk: shasum -a 256 source_directory/file/path/to/some/file.ext shasum -a 256 copied_directory/file/path/to/some/file.ext If these are the same, then the applications look elsewhere, e.g. in the 'hidden' .DS_Store stuff some MacOS directories contain. But if the checksums are different, well, then there's your problem. Checksums are the same. All other files still work however the HUGE rendered Final Cut Pro output, so I guess it is something in .DS_Store. Last time I just gave up and recopied everything by a simple cut and paste and that solved the problem. I made a small change on the project today, and I don't want to have to copy the WHOLE thing again just for a small delta. I already synced the directories, but the new rendered files are still un-openable in any application even though the checksums match. Really weird. However, the project will still open and work on FCP. Just the 12Gb rendered movie files will not play on anything even FCP. If I delete .DS_Store will the system regenerate it with the appropriate file associations? I know this is a little off topic, but Mac OSX is based on BSD. You guys are also the smartest around :D Thanks, Chris Maness ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OT: rsync on Mac OSX
On 12 July 2013, at 10:49, Chris Maness ch...@chrismaness.com wrote: On Tue, Jul 2, 2013 at 3:11 PM, Chris Maness ch...@chrismaness.com wrote: Since you are going to wait anyway, why don't you try peeking at some of the file checksums while this is running? MacOS X comes with a shasum utility which implements SHA-256 checksums, so you should be able to look at a few random samples of these files, e.g. by running on the source disk: shasum -a 256 source_directory/file/path/to/some/file.ext shasum -a 256 copied_directory/file/path/to/some/file.ext If these are the same, then the applications look elsewhere, e.g. in the 'hidden' .DS_Store stuff some MacOS directories contain. But if the checksums are different, well, then there's your problem. Checksums are the same. All other files still work however the HUGE rendered Final Cut Pro output, so I guess it is something in .DS_Store. Last time I just gave up and recopied everything by a simple cut and paste and that solved the problem. I made a small change on the project today, and I don't want to have to copy the WHOLE thing again just for a small delta. I already synced the directories, but the new rendered files are still un-openable in any application even though the checksums match. Really weird. However, the project will still open and work on FCP. Just the 12Gb rendered movie files will not play on anything even FCP. If I delete .DS_Store will the system regenerate it with the appropriate file associations? I know this is a little off topic, but Mac OSX is based on BSD. You guys are also the smartest around :D Rsync on the Mac only opens and copies the data forks. It does not copy the resource forks. There are still a few applications that use resource forks. Likewise the checksum apps work on the data forks only. There is a utility that is a modified rsync that does handle resource forks. I no longer remember what its name is. Its been a number of years since I last used it. I normally rsync from FreeBSD systems to Mac systems. I use Minis as off-site backups. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OT: rsync on Mac OSX
On Fri, Jul 12, 2013 at 11:12 AM, Paul Kraus p...@kraus-haus.org wrote: Dropping the list … On Jul 12, 2013, at 1:49 PM, Chris Maness ch...@chrismaness.com wrote: Checksums are the same. All other files still work however the HUGE rendered Final Cut Pro output, so I guess it is something in .DS_Store. Last time I just gave up and recopied everything by a simple cut and paste and that solved the problem. I made a small change on the project today, and I don't want to have to copy the WHOLE thing again just for a small delta. I already synced the directories, but the new rendered files are still un-openable in any application even though the checksums match. Really weird. However, the project will still open and work on FCP. Just the 12Gb rendered movie files will not play on anything even FCP. If I delete .DS_Store will the system regenerate it with the appropriate file associations? The .DS_Store files are created by the Finder when you view a directory. Are both source and destination on Mac HFS+ volumes ? If so, then you are probably missing the resource forks. Back in the very old days of Mac OS (way before 10.x), Mac OS files had two parts, the data part that contained the, well, data, and the resource fork that contained the meta-data that Mac OS used to associate a file with an application. HFS+ volumes on Mac OS X still include the resource forks, but foreign filesystems (NFS, UFS, FAT, etc.) do not. The work around that Apple came up with is to create .DS_Store and ._foo files to store this metadata on non HFS+ volumes. You could try using ditto instead of rsync. ditto is a BSD derived copy utility similar to rysnc, but I know that the Mac OS X version understands resource forks and copies them as necessary. ditto may not be able to just copy changed blocks within a file, so you may still have to recopy the entire file. But…. I am also a little puzzled because applications on Mac OS X do not NEED the resource fork to open a file, just to know which application to use (and what options to hand it) to open a given file. A complete video file, even without resource forks, should be able to be opened if you explicitly telly he application to File - Open …. With the checksums matching it is even odder. I expect that the large sizes (over 4 GB) are a contributing factor. Good luck and let me know what you find. -- Paul Kraus Deputy Technical Director, LoneStarCon 3 Sound Coordinator, Schenectady Light Opera Company Thank you for the detailed description of what resource forks are. One more clue in this mystery is that appending .mov extension to it fixes the problem. I have never ran into this before, and I have even used rsync to back up movie projects before. It is not a big deal, but I always try to take the time to understand why things behave the way they do. I also suspect it has something to do with file size since all of the smaller files do not have this issue. Thanks, Chris Maness ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
will freebsd run on a mac osx 10.8.4
send reply to; rob777reed@gmail .com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: will freebsd run on a mac osx 10.8.4
Maybe! Do you mean as a virtual machine, or *instead of* OS X? If you mean as a virtual machine, almost certainly. If you mean instead of OS X, please provide some details about the computer hardware itself. Even When did you buy it? iMac, Mac Pro, MacBook? etc will help us answer your question. JB On Thu, Jul 4, 2013 at 10:10 PM, robert reed rob777r...@gmail.com wrote: send reply to; rob777reed@gmail .com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: will freebsd run on a mac osx 10.8.4
I assume you are running Mac OS X 10.8.4 on Intel CPU. I assume it must be 64-bits, so you would want amd64 version of FreeBSD, though you could also run i386 version. I don't know if you could install FreeBSD on same hard disk with Mac OS X, but you ought to be able to install FreeBSD on a separate disk. Tom ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
OT: rsync on Mac OSX
I have been using rsync with Mac OSX with no issues until today. I generally use it instead of the copy command because if the copy fails on large files, I can pick up where I left off. I have backed up entire Final Cut Pro projects this way with no issues. However, I recently synced a drive to a folder in another drive, and the OS does not recognize the final rendered files as quicktime files. The files work fine in the parent drive. I have no idea what might be going on. I used the flags: rsync -vaur like I always do. Any suggestions? Thanks, Chris Maness ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OT: rsync on Mac OSX
On Tue, 2 Jul 2013 13:35:00 -0700, Chris Maness ch...@chrismaness.com wrote: I have been using rsync with Mac OSX with no issues until today. I generally use it instead of the copy command because if the copy fails on large files, I can pick up where I left off. I have backed up entire Final Cut Pro projects this way with no issues. However, I recently synced a drive to a folder in another drive, and the OS does not recognize the final rendered files as quicktime files. The files work fine in the parent drive. I have no idea what might be going on. I used the flags: rsync -vaur like I always do. Any suggestions? This is a FreeBSD list, so any issues rsync may have with MacOS X are not very relevant to what FreeBSD is doing or would do. Having said that though, can you try without the -u option? Maybe modification times are newer on the target drive and rsync skips everything. You should probably also enable --stats and have a look at the final report of rsync, to see if it actually sync'ed any files, or skipped all of them because of mtime checks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OT: rsync on Mac OSX
On Tue, Jul 2, 2013 at 2:30 PM, Giorgos Keramidas keram...@ceid.upatras.grwrote: On Tue, 2 Jul 2013 13:35:00 -0700, Chris Maness ch...@chrismaness.com wrote: I have been using rsync with Mac OSX with no issues until today. I generally use it instead of the copy command because if the copy fails on large files, I can pick up where I left off. I have backed up entire Final Cut Pro projects this way with no issues. However, I recently synced a drive to a folder in another drive, and the OS does not recognize the final rendered files as quicktime files. The files work fine in the parent drive. I have no idea what might be going on. I used the flags: rsync -vaur like I always do. Any suggestions? This is a FreeBSD list, so any issues rsync may have with MacOS X are not very relevant to what FreeBSD is doing or would do. Having said that though, can you try without the -u option? Maybe modification times are newer on the target drive and rsync skips everything. You should probably also enable --stats and have a look at the final report of rsync, to see if it actually sync'ed any files, or skipped all of them because of mtime checks. Yep, the files copied, and I used touch to force them to recopy. However, the files that were copied are not recognizable by their native aps. Just big junk files. I have no clue what happened. I am just copying everything by a simple cut and paste this time. However, this directory is HUGE and I won't know until about 18 hours from now. Thanks, Chris Maness ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OT: rsync on Mac OSX
On Tue, 2 Jul 2013 14:48:03 -0700, Chris Maness ch...@chrismaness.com wrote: On Tue, Jul 2, 2013 at 2:30 PM, Giorgos Keramidas keram...@ceid.upatras.grwrote: On Tue, 2 Jul 2013 13:35:00 -0700, Chris Maness ch...@chrismaness.com wrote: I have been using rsync with Mac OSX with no issues until today. I generally use it instead of the copy command because if the copy fails on large files, I can pick up where I left off. I have backed up entire Final Cut Pro projects this way with no issues. However, I recently synced a drive to a folder in another drive, and the OS does not recognize the final rendered files as quicktime files. The files work fine in the parent drive. I have no idea what might be going on. I used the flags: rsync -vaur like I always do. Any suggestions? This is a FreeBSD list, so any issues rsync may have with MacOS X are not very relevant to what FreeBSD is doing or would do. Having said that though, can you try without the -u option? Maybe modification times are newer on the target drive and rsync skips everything. You should probably also enable --stats and have a look at the final report of rsync, to see if it actually sync'ed any files, or skipped all of them because of mtime checks. Yep, the files copied, and I used touch to force them to recopy. However, the files that were copied are not recognizable by their native aps. Just big junk files. I have no clue what happened. I am just copying everything by a simple cut and paste this time. However, this directory is HUGE and I won't know until about 18 hours from now. Since you are going to wait anyway, why don't you try peeking at some of the file checksums while this is running? MacOS X comes with a shasum utility which implements SHA-256 checksums, so you should be able to look at a few random samples of these files, e.g. by running on the source disk: shasum -a 256 source_directory/file/path/to/some/file.ext shasum -a 256 copied_directory/file/path/to/some/file.ext If these are the same, then the applications look elsewhere, e.g. in the 'hidden' .DS_Store stuff some MacOS directories contain. But if the checksums are different, well, then there's your problem. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OT: rsync on Mac OSX
Since you are going to wait anyway, why don't you try peeking at some of the file checksums while this is running? MacOS X comes with a shasum utility which implements SHA-256 checksums, so you should be able to look at a few random samples of these files, e.g. by running on the source disk: shasum -a 256 source_directory/file/path/to/some/file.ext shasum -a 256 copied_directory/file/path/to/some/file.ext If these are the same, then the applications look elsewhere, e.g. in the 'hidden' .DS_Store stuff some MacOS directories contain. But if the checksums are different, well, then there's your problem. That could be the issue. I did see some permission warnings with .DS_Store. However, to make space I had to dump all of it, so no files to do a post mortem on. I will have to check that out if things go awry this time. Thanks, Chris Maness ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
MAC and Xorg on FBSD 9.1-p4 (re-sending)
Hi all, as you can see from the footer I've already posted this on the list trustedbsd-disc...@freebsd.org but because that one seems to be dead to me I apologise if I'm trying to get some hint here. Briefly, I'm trying to run X on my FreeBSD 9.1 with the following MAC modules enabled: mac_biba mac_mls mac_seeotheruids mac_partition I'm still actually in the learning process of this very granular but complex security system but I'm learning fast as I found it very interesting. Unfortunately when it comes to X it seems to be more complicated. I cannot run it not even as root. I get: .. Unable to map MMIO aperture. Permission denied (13) Memory map the MMIO region failed .. until the timeout and back to prompt. I get the same error with root which is the default login class and on an ad-hoc restricted user. As soon as I disable the modules everything works well. I know this is a very brief description but it should be enough for now to know if this is a known issue and/or the X system is known as NOT WORKING/HAVING PROBLEMS with MAC. And as MAC on FreeBSD is dark matter (googling is basically useless if not for basic conf.) any hint would be highly appreciated. Thanks a lot. ___ trustedbsd-disc...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/trustedbsd-discuss To unsubscribe, send any mail to trustedbsd-discuss-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
MAC and Xorg on FBSD 9.1-p4
Hi all, as you can see from the footer I've already posted this on the list trustedbsd-disc...@freebsd.org but because that one seems to be dead to me I apologise if I'm trying to get some hint here. Briefly, I'm trying to run X on my FreeBSD 9.1 with the following MAC modules enabled: mac_biba mac_mls mac_seeotheruids mac_partition I'm still actually in the learning process of this very granular but complex security system but I'm learning fast as I found it very interesting. Unfortunately when it comes to X it seems to be more complicated. I cannot run it not even as root. I get: .. Unable to map MMIO aperture. Permission denied (13) Memory map the MMIO region failed .. until the timeout and back to prompt. I get the same error with root which is the default login class and on an ad-hoc restricted user. As soon as I disable the modules everything works well. I know this is a very brief description but it should be enough for now to know if this is a known issue and/or the X system is known as NOT WORKING/HAVING PROBLEMS with MAC. And as MAC on FreeBSD is dark matter (googling is basically useless if not for basic conf.) any hint would be highly appreciated. Thanks a lot. ___ trustedbsd-disc...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/trustedbsd-discuss To unsubscribe, send any mail to trustedbsd-discuss-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
problems with MAC labels on files
Hi,? I'm trying to set up an Biba policy but I'm unable to label files This is the command : # setfsmac cy but I'm unable to label files-ef ut /etc/policy-biba.context /s???$?AC??? This is the error : setfsmac: /etc/policy-biba.context: need label # uname -a FreeBSD localhost.localdomain 9.0-RELEASE FreeBSD 9.0-RELEASE # setfmac biba/high test setfmac: labeling not supported in test I've read all the documentation and man pages but I cannot find what else do I have to do to get it working. Could you please tell what can I do ? thanks in advance Mohamed ALsheikh ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Unknown IP address shows FreeBSD server MAC in arp cache
Hi, I'm experiencing a weird problem and I have no idea where to begin with this one! Basically what's happening is that I did a host scan from my NetBSD box running Cacti in order to 'Auto Discover' machines on my network; a php script on the Cacti server added an IP address xxx.xxx.1.52. Seeing this as odd since I haven't configured any machine with this IP as it's in the DHCP range on my network and there aren't any machines running on DHCP on the particular VLAN either as everything is statically configured; I proceeded to check the arp cache of my NetBSD box which pointed to the MAC address of my FreeBSD server? Having a look round my network and servers each ping attempt to xxx.xxx.1.52 gives me a response and in the arp cache of each machine/device shows the FreeBSD server. Long ago I may have had this machine on xxx.xxx.1.52 but I can't recall and all settings in /etc/rc.conf for interfaces and Jails are fine and consistent with my Network Spec. My network has also had a massive overhaul since then as I've changed switches and router in the meantime too I have thought about arp poisoning but then again no other machine is connected to my network that I don't know about and since it's a home network there's really only me connected to it. Also I'm running OpenBSD as a firewall/router gateway which I've also checked thoroughly including Packet Filter and haven't found any issues. I also thought about RARP and bootparamd since I'm running a bunch of Sun SPARC systems in which I NetBooted but nothing on that front either showed any result. I additionally have checked the /etc/hosts files of all my systems and even my local DNS db files but nothing shows xxx.xxx.1.52 at all. The BSD version that I'm running on my FreeBSD server is 8.2 x64. Would anyone be able to help me out with this one? Basically why is a rogue or unknown IP address pointing to my FreeBSD box's NIC? Regards, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Fwd: Unknown IP address shows FreeBSD server MAC in arp cache
Well I managed to find the answer!! Scanning through /etc/defaults/rc.conf I noticed this: dhclient_program=/sbin/dhclient # Path to dhcp client program. dhclient_flags= # Extra flags to pass to dhcp client. Then I went back to check my DHCP server's log files and indeed a DHCP request came through from the server even though the IP's are all statically configured on it. Now all I have to do is tell the system not to use the dhclient program and then all will be sorted :-) Few. Regards, Kaya Original Message Subject:Unknown IP address shows FreeBSD server MAC in arp cache Date: Thu, 25 Apr 2013 02:52:21 +0100 From: Kaya Saman kayasa...@gmail.com To: freebsd-questions@freebsd.org Hi, I'm experiencing a weird problem and I have no idea where to begin with this one! Basically what's happening is that I did a host scan from my NetBSD box running Cacti in order to 'Auto Discover' machines on my network; a php script on the Cacti server added an IP address xxx.xxx.1.52. Seeing this as odd since I haven't configured any machine with this IP as it's in the DHCP range on my network and there aren't any machines running on DHCP on the particular VLAN either as everything is statically configured; I proceeded to check the arp cache of my NetBSD box which pointed to the MAC address of my FreeBSD server? Having a look round my network and servers each ping attempt to xxx.xxx.1.52 gives me a response and in the arp cache of each machine/device shows the FreeBSD server. Long ago I may have had this machine on xxx.xxx.1.52 but I can't recall and all settings in /etc/rc.conf for interfaces and Jails are fine and consistent with my Network Spec. My network has also had a massive overhaul since then as I've changed switches and router in the meantime too I have thought about arp poisoning but then again no other machine is connected to my network that I don't know about and since it's a home network there's really only me connected to it. Also I'm running OpenBSD as a firewall/router gateway which I've also checked thoroughly including Packet Filter and haven't found any issues. I also thought about RARP and bootparamd since I'm running a bunch of Sun SPARC systems in which I NetBooted but nothing on that front either showed any result. I additionally have checked the /etc/hosts files of all my systems and even my local DNS db files but nothing shows xxx.xxx.1.52 at all. The BSD version that I'm running on my FreeBSD server is 8.2 x64. Would anyone be able to help me out with this one? Basically why is a rogue or unknown IP address pointing to my FreeBSD box's NIC? Regards, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
ale0: could not disable Tx/Rx MAC(0x00000004)!
Hello, I got the following problem today: 66nneewwnnffss sseerrvveerr 119922..116688..00..225544:://hhoommee//mmaaggee:: nnoto t rreespsopnonddiinngg newnfs server 192.168.0.254:/home/mage: not responding ale0: could not disable Tx/Rx MAC(0x0004)! ale0: link state changed to DOWN ale0: could not disable Tx/Rx MAC(0x0004)! ale0: link state changed to UP in6_purgeaddr: err=65, destination address delete failed Nov 15 22:08:02 rivendell dhclient[1186]: short write: wanted 20 got 0 bytes Nov 15 22:08:02 rivendell dhclient[1186]: exiting. Only a hard reboot fixed the issue (the network was completely frozen) This is with: ale0@pci0:2:0:0:class=0x02 card=0x83041043 chip=0x10261969 rev=0xb0 hdr=0x00 vendor = 'Atheros Communications' device = 'AR8121/AR8113/AR8114 Gigabit or Fast Ethernet' class = network subclass = ethernet on: FreeBSD rivendell 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #0: Thu Nov 1 18:35:54 CET 2012 root@rivendell:/usr/obj/usr/src/sys/CUSTOM amd64 Any idea what could be the cause of this ? Thank you, Julien ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Mac Issue
Hi, Tell me how create shadow file of Boot Volume(on which OS is running) under MAC OS. Thanks Regards CS Disclaimer: The information contained in this e-mail, including any attachments to it, is confidential and intended only for the person(s) to whom it is addressed. Any examination, distribution, disclosure, printing, or copying of this information, or reliance upon this information by any person other than the intended recipient(s) is strictly prohibited. If this e-mail has been misdirected and you are not the intended recipient, please notify the sender immediately and delete this e-mail from your system. The views and opinions contained in this transmission represent those of the author and do not necessarily reflect those of Stellar Information Systems. Stellar Information Systems may monitor incoming and outgoing e-mails. By replying to this message, you consent to this monitoring. This e-mail has been scanned by antivirus prior to transmission. However, recipients are advised to apply their own antivirus detection measures to this e-mail and any attachments upon receipt. Stellar Inf ormation Systems does not accept liability for any damage or losses arising as a result of receiving this e-mail. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: mac powerpc ibook g3 blank screen on start up
On 08/12/2012 07:00, Andy Recker wrote: thanks for the help but there is no CD icon there is no anything to click on my computer is very unresponsive let e know if u have any other ideas? On Thu, Aug 9, 2012 at 12:50 AM, Jamie Paul Griffinja...@kode5.net wrote: == Jeff Tipton wrote on Thu 9.Aug'12 at 8:36:12 +0300 == On 08/09/2012 06:22, Andy Recker wrote: i installed the power PC version of free BSD and put it on my mac i book g3 i was in the insulation process when i couldn't get it to work because of a few errors and i decided to turn it off and restart when i turned it back on it only booted to a blank white screen it has nothing on it and nothing is responsive i have tried to reboot the same CD i had the first thing and still just a blank screen what can i do to get BSD to work on my computer? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org When you are trying to reboot into the installation CD, are you sure you have the right boot sequence selected (CD, not HDD)? I guess on your mac it might mean restarting, holding down the option key, choosing the CD icon and the arrow on the right side. -Jeff Yes, it's either the 'option' key or the 'C' key; can' recall which. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Try to understand what's going on. You were installing FreeBSD on your harddisk, interrupted the process somewhere in the middle because you had errors, restarted and booted from that harddisk (right?) with half-installed operating system, and now you have a blank screen, which is no wonder. If your hardware isn't damaged per se (hopefully), then you may try once more to boot from the FreeBSD installation CD instead of harddisk, and you need to find a way how to do that. Of cource, your blank screen doesn't have any icons to click or command line prompts. The boot choice should be done at the first moments of your computer startup. If the boot menu is gone, you may still try to enter Open Firmware and type your boot command from there (see, for example, http://mac.linux.be/content/booting-open-firmware). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: mac powerpc ibook g3 blank screen on start up
thanks for the help but there is no CD icon there is no anything to click on my computer is very unresponsive let e know if u have any other ideas? On Thu, Aug 9, 2012 at 12:50 AM, Jamie Paul Griffin ja...@kode5.net wrote: == Jeff Tipton wrote on Thu 9.Aug'12 at 8:36:12 +0300 == On 08/09/2012 06:22, Andy Recker wrote: i installed the power PC version of free BSD and put it on my mac i book g3 i was in the insulation process when i couldn't get it to work because of a few errors and i decided to turn it off and restart when i turned it back on it only booted to a blank white screen it has nothing on it and nothing is responsive i have tried to reboot the same CD i had the first thing and still just a blank screen what can i do to get BSD to work on my computer? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org When you are trying to reboot into the installation CD, are you sure you have the right boot sequence selected (CD, not HDD)? I guess on your mac it might mean restarting, holding down the option key, choosing the CD icon and the arrow on the right side. -Jeff Yes, it's either the 'option' key or the 'C' key; can' recall which. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
mac powerpc ibook g3 blank screen on start up
i installed the power PC version of free BSD and put it on my mac i book g3 i was in the insulation process when i couldn't get it to work because of a few errors and i decided to turn it off and restart when i turned it back on it only booted to a blank white screen it has nothing on it and nothing is responsive i have tried to reboot the same CD i had the first thing and still just a blank screen what can i do to get BSD to work on my computer? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: mac powerpc ibook g3 blank screen on start up
On 08/09/2012 06:22, Andy Recker wrote: i installed the power PC version of free BSD and put it on my mac i book g3 i was in the insulation process when i couldn't get it to work because of a few errors and i decided to turn it off and restart when i turned it back on it only booted to a blank white screen it has nothing on it and nothing is responsive i have tried to reboot the same CD i had the first thing and still just a blank screen what can i do to get BSD to work on my computer? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org When you are trying to reboot into the installation CD, are you sure you have the right boot sequence selected (CD, not HDD)? I guess on your mac it might mean restarting, holding down the option key, choosing the CD icon and the arrow on the right side. -Jeff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: mac powerpc ibook g3 blank screen on start up
== Jeff Tipton wrote on Thu 9.Aug'12 at 8:36:12 +0300 == On 08/09/2012 06:22, Andy Recker wrote: i installed the power PC version of free BSD and put it on my mac i book g3 i was in the insulation process when i couldn't get it to work because of a few errors and i decided to turn it off and restart when i turned it back on it only booted to a blank white screen it has nothing on it and nothing is responsive i have tried to reboot the same CD i had the first thing and still just a blank screen what can i do to get BSD to work on my computer? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org When you are trying to reboot into the installation CD, are you sure you have the right boot sequence selected (CD, not HDD)? I guess on your mac it might mean restarting, holding down the option key, choosing the CD icon and the arrow on the right side. -Jeff Yes, it's either the 'option' key or the 'C' key; can' recall which. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
something wrong of ifconfig bridge0 addr - mac address appears on wrong interface
( untrust ) --- ( em0 , bridge0 , em1 ) --- ( trust ) Sometimes , I cannot connect to trust server from untrust. I log some information from ifconfig bridge0 addr. It seems some thing wrong of trust server's mac appear on em0. trust serv1's mac: 00:50:56:af:2e:43 trust serv2's mac: 00:50:56:af:75:63 STEP1: The serv2 is not shown in bridge addr. table tp-fw [~] -root- ifconfig bridge0 addr 00:50:56:af:2e:43 Vlan1 em1 1200 flags=0 64:9e:f3:06:52:03 Vlan1 em0 1192 flags=0 70:ca:9b:e3:a5:83 Vlan1 em0 1192 flags=0 70:ca:9b:e3:a5:c3 Vlan1 em0 1200 flags=0 STEP2: I ping the serv2's ip from untrust , and I got 100% packet loss. STEP3: show bridge addr. table again tp-fw [~] -root- ifconfig bridge0 addr 00:50:56:af:75:63 Vlan1 em0 1198 flags=0 00:50:56:af:2e:43 Vlan1 em1 1200 flags=0 64:9e:f3:06:52:03 Vlan1 em0 1150 flags=0 70:ca:9b:e3:a5:83 Vlan1 em0 1150 flags=0 70:ca:9b:e3:a5:c3 Vlan1 em0 1200 flags=0 OMG! It's wrong of the 00:50:56:af:75:63 is shown with em0 interface. STEP4: I ping the serv2's ip from tp-fw , and I got icmp reply. STEP5: show bridge addr. table again tp-fw [~] -root- ifconfig bridge0 addr 00:50:56:af:75:63 Vlan1 em1 1197 flags=0 00:50:56:af:2e:43 Vlan1 em1 1199 flags=0 64:9e:f3:06:52:03 Vlan1 em0 1170 flags=0 70:ca:9b:e3:a5:83 Vlan1 em0 1170 flags=0 70:ca:9b:e3:a5:c3 Vlan1 em0 1200 flags=0 The 00:50:56:af:75:63 is shown with em1 interface correctly. Why does STEP2 cause the wrong bridge addr table? How to solve it? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to allow by MAC
On Wed, Jun 13, 2012 at 4:56 PM, Ian Smith smi...@nimnet.asn.au wrote: On Mon, 11 Jun 2012 15:18:18 -0700, Randal L. Schwartz wrote: Bill == Bill Yuan byc...@gmail.com writes: Bill I want to create a white list MAC address, Only the machine which it's MAC Bill in the white list will be allowed, all others will be blocked. Bad idea. Since (a) every MAC address that *is* allowed is transmitted in the clear and (b) it's trivial to spoof a MAC address. This. is. no. security. Indeed, that's right Randal. But I got the impression from Bill's mails that this is more likely just something inside his internal network. Filtering by MAC is not secure, I agree. but at least secure enough for a internal network. And I am quite sure what I want to archive. I am really want to know how to FILTER BY MAC . Please stop even trying. Well I don't think learning how to use ipfw properly at layer2 is a bad idea in itself, and I wouldn't want to discourage anyone from that. For some years I ran a filtering transparent bridge with ipfw + dummynet for a small network of about 20 mostly W98, XP and Mac boxes sharing one slow ADSL gateway between various assorted community groups (talk about herding cats! :) and MAC filtering was one of the handiest tools when some box or other got owned (again!) by some virus and started spewing spam, provider complains and/or cuts access .. you know the deal. In that sort of environment, none of the punters had any clue about forging MACs or anything vaguely like that, and it stopped people randomly plugging boxes into the network. Horses for courses. I replied in more detail to another from Bill privately, copy follows. Thanks. I saw your email already .very helpful . I will continue to try in that way . and share with all here in the feature.:) cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to allow by MAC
On Mon, 11 Jun 2012 15:18:18 -0700, Randal L. Schwartz wrote: Bill == Bill Yuan byc...@gmail.com writes: Bill I want to create a white list MAC address, Only the machine which it's MAC Bill in the white list will be allowed, all others will be blocked. Bad idea. Since (a) every MAC address that *is* allowed is transmitted in the clear and (b) it's trivial to spoof a MAC address. This. is. no. security. Indeed, that's right Randal. But I got the impression from Bill's mails that this is more likely just something inside his internal network. Please stop even trying. Well I don't think learning how to use ipfw properly at layer2 is a bad idea in itself, and I wouldn't want to discourage anyone from that. For some years I ran a filtering transparent bridge with ipfw + dummynet for a small network of about 20 mostly W98, XP and Mac boxes sharing one slow ADSL gateway between various assorted community groups (talk about herding cats! :) and MAC filtering was one of the handiest tools when some box or other got owned (again!) by some virus and started spewing spam, provider complains and/or cuts access .. you know the deal. In that sort of environment, none of the punters had any clue about forging MACs or anything vaguely like that, and it stopped people randomly plugging boxes into the network. Horses for courses. I replied in more detail to another from Bill privately, copy follows. cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to allow by MAC
Bill == Bill Yuan byc...@gmail.com writes: Bill I want to create a white list MAC address, Only the machine which it's MAC Bill in the white list will be allowed, all others will be blocked. Bad idea. Since (a) every MAC address that *is* allowed is transmitted in the clear and (b) it's trivial to spoof a MAC address. This. is. no. security. Please stop even trying. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 mer...@stonehenge.com URL:http://www.stonehenge.com/merlyn/ Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.posterous.com/ for Smalltalk discussion ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
how to allow by MAC
Hi, how to allow by MAC in ipfw currently i set the rule like below 1 allow ip from any to any MAC any to MAC Address 1 1 allow ip from any to any MAC MAC Address 1 any 2 deny all from any to any i want to only allow the mac address to go through the freebsd firewall, but I found it is not working on my freebsd but it works on pfsense! so maybe that means the environment is not the same ? and how to setup the ipfw properly to support this ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to allow by MAC
come on , someone help please, On Sun, Jun 10, 2012 at 5:43 PM, Bill Yuan byc...@gmail.com wrote: Hi, how to allow by MAC in ipfw currently i set the rule like below 1 allow ip from any to any MAC any to MAC Address 1 1 allow ip from any to any MAC MAC Address 1 any 2 deny all from any to any i want to only allow the mac address to go through the freebsd firewall, but I found it is not working on my freebsd but it works on pfsense! so maybe that means the environment is not the same ? and how to setup the ipfw properly to support this ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to allow by MAC
Hi, Reference: From: Bill Yuan byc...@gmail.com Date: Sun, 10 Jun 2012 21:09:01 +0800 Message-id: CAC+JH2ySQVCSXY+3Grh+Qe=li3wzsyu8czq3sa1w3azgpjp...@mail.gmail.com Bill Yuan wrote: come on , someone help please, On Sun, Jun 10, 2012 at 5:43 PM, Bill Yuan byc...@gmail.com wrote: Hi, how to allow by MAC in ipfw currently i set the rule like below 1 allow ip from any to any MAC any to MAC Address 1 1 allow ip from any to any MAC MAC Address 1 any 2 deny all from any to any i want to only allow the mac address to go through the freebsd firewall, but I found it is not working on my freebsd but it works on pfsense! so maybe that means the environment is not the same ? and how to setup the ipfw properly to support this ? Maybe others ignored it for the same reason I did: blocking by MAC number seems weird of no interest, I block pass by IP net number. Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below not above, cumulative like a play script, indent with . Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. Mail from @yahoo dumped @berklix. http://berklix.org/yahoo/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to allow by MAC
Julian H. Stacey wrote: Bill Yuan wrote: come on , someone help please, On Sun, Jun 10, 2012 at 5:43 PM, Bill Yuan byc...@gmail.com wrote: Hi, how to allow by MAC in ipfw currently i set the rule like below 1 allow ip from any to any MAC any to MAC Address 1 1 allow ip from any to any MAC MAC Address 1 any 2 deny all from any to any i want to only allow the mac address to go through the freebsd firewall, but I found it is not working on my freebsd but it works on pfsense! so maybe that means the environment is not the same ? and how to setup the ipfw properly to support this ? Maybe others ignored it for the same reason I did: blocking by MAC number seems weird of no interest, I block pass by IP net number. as shown by ifconfig MAC : 6 byte IP : 4 byte (IPV4) Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below not above, cumulative like a play script, indent with . Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. Mail from @yahoo dumped @berklix. http://berklix.org/yahoo/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to allow by MAC
In freebsd-questions Digest, Vol 418, Issue 18, Message: 1 On Sun, 10 Jun 2012 17:43:39 +0800 Bill Yuan byc...@gmail.com wrote: how to allow by MAC in ipfw currently i set the rule like below 1 allow ip from any to any MAC any to MAC Address 1 1 allow ip from any to any MAC MAC Address 1 any 2 deny all from any to any i want to only allow the mac address to go through the freebsd firewall, but I found it is not working on my freebsd but it works on pfsense! so maybe that means the environment is not the same ? and how to setup the ipfw properly to support this ? Bill, you did get some good clues in the earlier thread, but it's not clear if you took note of them. There's also been some confusion .. Firstly, read up on layer2 (ethernet, MAC-level) filtering options in ipfw(8). Thoroughly, several times, until you've got it. Seriously. After enabling sysctl net.link.ether.ipfw=1 (add it to /etc/sysctl.conf) ipfw will be invoked 4 times instead of the normal 2, on every packet. Read carefully ipfw(8) section 'PACKET FLOW', and see that only on the inbound pass invoked from ether_demux() and the outbound pass invoked from ether_output_frame() can you test for MAC addresses (or mac-types); the 'normal' layer3 passes examine packets that have no layer2 headers. You could just add 'layer2' to any rules filtering on MAC addresses, and omit MAC addresses from all layer 3 (IP) rules, but I'd recommend using a method like shown there to separate layer2 and layer3 flows early on: # packets from ether_demux ipfw add 10 skipto 1000 all from any to any layer2 in # packets from ip_input ipfw add 10 skipto 2000 all from any to any not layer2 in # packets from ip_output ipfw add 10 skipto 3000 all from any to any not layer2 out # packets from ether_output_frame ipfw add 10 skipto 4000 all from any to any layer2 out So at (eg) 1000 and 4000 place your incoming and outgoing MAC filtering rules (remembering the reversed order of MAC addresses vs IP addresses, and to allow broadcasts as well), pass good guys and/or block bad guys, then deal with your normal IPv4|v6 traffic in a separate section(s). Or you could just split the flows into two streams, one for layer2 for your MAC filtering, the other for layer3, ie the rest of your ruleset. HTH, Ian [please cc me on any reply] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to allow by MAC
Hi Lan, Thanks for your reply, I am reading some old emails which you sent in 2008 while other place asked a same question as mine, On Mon, Jun 11, 2012 at 1:53 AM, Ian Smith smi...@nimnet.asn.au wrote: In freebsd-questions Digest, Vol 418, Issue 18, Message: 1 On Sun, 10 Jun 2012 17:43:39 +0800 Bill Yuan byc...@gmail.com wrote: how to allow by MAC in ipfw currently i set the rule like below 1 allow ip from any to any MAC any to MAC Address 1 1 allow ip from any to any MAC MAC Address 1 any 2 deny all from any to any i want to only allow the mac address to go through the freebsd firewall, but I found it is not working on my freebsd but it works on pfsense! so maybe that means the environment is not the same ? and how to setup the ipfw properly to support this ? Bill, you did get some good clues in the earlier thread, but it's not clear if you took note of them. There's also been some confusion .. Firstly, read up on layer2 (ethernet, MAC-level) filtering options in ipfw(8). Thoroughly, several times, until you've got it. Seriously. After enabling sysctl net.link.ether.ipfw=1 (add it to /etc/sysctl.conf) ipfw will be invoked 4 times instead of the normal 2, on every packet. Read carefully ipfw(8) section 'PACKET FLOW', and see that only on the inbound pass invoked from ether_demux() and the outbound pass invoked from ether_output_frame() can you test for MAC addresses (or mac-types); the 'normal' layer3 passes examine packets that have no layer2 headers. You could just add 'layer2' to any rules filtering on MAC addresses, and omit MAC addresses from all layer 3 (IP) rules, but I'd recommend using a method like shown there to separate layer2 and layer3 flows early on: # packets from ether_demux ipfw add 10 skipto 1000 all from any to any layer2 in # packets from ip_input ipfw add 10 skipto 2000 all from any to any not layer2 in # packets from ip_output ipfw add 10 skipto 3000 all from any to any not layer2 out # packets from ether_output_frame ipfw add 10 skipto 4000 all from any to any layer2 out So at (eg) 1000 and 4000 place your incoming and outgoing MAC filtering rules (remembering the reversed order of MAC addresses vs IP addresses, and to allow broadcasts as well), pass good guys and/or block bad guys, then deal with your normal IPv4|v6 traffic in a separate section(s). Or you could just split the flows into two streams, one for layer2 for your MAC filtering, the other for layer3, ie the rest of your ruleset. HTH, Ian [please cc me on any reply] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to allow by MAC
forget to po the link here http://lists.freebsd.org/pipermail/freebsd-questions/2008-June/177636.html On Mon, Jun 11, 2012 at 11:16 AM, Bill Yuan byc...@gmail.com wrote: Hi Lan, Thanks for your reply, I am reading some old emails which you sent in 2008 while other place asked a same question as mine, On Mon, Jun 11, 2012 at 1:53 AM, Ian Smith smi...@nimnet.asn.au wrote: In freebsd-questions Digest, Vol 418, Issue 18, Message: 1 On Sun, 10 Jun 2012 17:43:39 +0800 Bill Yuan byc...@gmail.com wrote: how to allow by MAC in ipfw currently i set the rule like below 1 allow ip from any to any MAC any to MAC Address 1 1 allow ip from any to any MAC MAC Address 1 any 2 deny all from any to any i want to only allow the mac address to go through the freebsd firewall, but I found it is not working on my freebsd but it works on pfsense! so maybe that means the environment is not the same ? and how to setup the ipfw properly to support this ? Bill, you did get some good clues in the earlier thread, but it's not clear if you took note of them. There's also been some confusion .. Firstly, read up on layer2 (ethernet, MAC-level) filtering options in ipfw(8). Thoroughly, several times, until you've got it. Seriously. After enabling sysctl net.link.ether.ipfw=1 (add it to /etc/sysctl.conf) ipfw will be invoked 4 times instead of the normal 2, on every packet. Read carefully ipfw(8) section 'PACKET FLOW', and see that only on the inbound pass invoked from ether_demux() and the outbound pass invoked from ether_output_frame() can you test for MAC addresses (or mac-types); the 'normal' layer3 passes examine packets that have no layer2 headers. You could just add 'layer2' to any rules filtering on MAC addresses, and omit MAC addresses from all layer 3 (IP) rules, but I'd recommend using a method like shown there to separate layer2 and layer3 flows early on: # packets from ether_demux ipfw add 10 skipto 1000 all from any to any layer2 in # packets from ip_input ipfw add 10 skipto 2000 all from any to any not layer2 in # packets from ip_output ipfw add 10 skipto 3000 all from any to any not layer2 out # packets from ether_output_frame ipfw add 10 skipto 4000 all from any to any layer2 out So at (eg) 1000 and 4000 place your incoming and outgoing MAC filtering rules (remembering the reversed order of MAC addresses vs IP addresses, and to allow broadcasts as well), pass good guys and/or block bad guys, then deal with your normal IPv4|v6 traffic in a separate section(s). Or you could just split the flows into two streams, one for layer2 for your MAC filtering, the other for layer3, ie the rest of your ruleset. HTH, Ian [please cc me on any reply] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to allow by MAC
I would ask what problem do you want to solve here; is it preventing a userjust from getting out unless they are using their assigned address, or something else? On Jun 10, 2012 8:16 PM, Bill Yuan byc...@gmail.com wrote: Hi Lan, Thanks for your reply, I am reading some old emails which you sent in 2008 while other place asked a same question as mine, On Mon, Jun 11, 2012 at 1:53 AM, Ian Smith smi...@nimnet.asn.au wrote: In freebsd-questions Digest, Vol 418, Issue 18, Message: 1 On Sun, 10 Jun 2012 17:43:39 +0800 Bill Yuan byc...@gmail.com wrote: how to allow by MAC in ipfw currently i set the rule like below 1 allow ip from any to any MAC any to MAC Address 1 1 allow ip from any to any MAC MAC Address 1 any 2 deny all from any to any i want to only allow the mac address to go through the freebsd firewall, but I found it is not working on my freebsd but it works on pfsense! so maybe that means the environment is not the same ? and how to setup the ipfw properly to support this ? Bill, you did get some good clues in the earlier thread, but it's not clear if you took note of them. There's also been some confusion .. Firstly, read up on layer2 (ethernet, MAC-level) filtering options in ipfw(8). Thoroughly, several times, until you've got it. Seriously. After enabling sysctl net.link.ether.ipfw=1 (add it to /etc/sysctl.conf) ipfw will be invoked 4 times instead of the normal 2, on every packet. Read carefully ipfw(8) section 'PACKET FLOW', and see that only on the inbound pass invoked from ether_demux() and the outbound pass invoked from ether_output_frame() can you test for MAC addresses (or mac-types); the 'normal' layer3 passes examine packets that have no layer2 headers. You could just add 'layer2' to any rules filtering on MAC addresses, and omit MAC addresses from all layer 3 (IP) rules, but I'd recommend using a method like shown there to separate layer2 and layer3 flows early on: # packets from ether_demux ipfw add 10 skipto 1000 all from any to any layer2 in # packets from ip_input ipfw add 10 skipto 2000 all from any to any not layer2 in # packets from ip_output ipfw add 10 skipto 3000 all from any to any not layer2 out # packets from ether_output_frame ipfw add 10 skipto 4000 all from any to any layer2 out So at (eg) 1000 and 4000 place your incoming and outgoing MAC filtering rules (remembering the reversed order of MAC addresses vs IP addresses, and to allow broadcasts as well), pass good guys and/or block bad guys, then deal with your normal IPv4|v6 traffic in a separate section(s). Or you could just split the flows into two streams, one for layer2 for your MAC filtering, the other for layer3, ie the rest of your ruleset. HTH, Ian [please cc me on any reply] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to allow by MAC
Hi Brian, Thanks for your care, Execute me for my English is not that good , I am from Singapore :) I want to create a white list MAC address, Only the machine which it's MAC in the white list will be allowed, all others will be blocked. Thanks On Mon, Jun 11, 2012 at 11:21 AM, Brian W. br...@brianwhalen.net wrote: I would ask what problem do you want to solve here; is it preventing a userjust from getting out unless they are using their assigned address, or something else? On Jun 10, 2012 8:16 PM, Bill Yuan byc...@gmail.com wrote: Hi Lan, Thanks for your reply, I am reading some old emails which you sent in 2008 while other place asked a same question as mine, On Mon, Jun 11, 2012 at 1:53 AM, Ian Smith smi...@nimnet.asn.au wrote: In freebsd-questions Digest, Vol 418, Issue 18, Message: 1 On Sun, 10 Jun 2012 17:43:39 +0800 Bill Yuan byc...@gmail.com wrote: how to allow by MAC in ipfw currently i set the rule like below 1 allow ip from any to any MAC any to MAC Address 1 1 allow ip from any to any MAC MAC Address 1 any 2 deny all from any to any i want to only allow the mac address to go through the freebsd firewall, but I found it is not working on my freebsd but it works on pfsense! so maybe that means the environment is not the same ? and how to setup the ipfw properly to support this ? Bill, you did get some good clues in the earlier thread, but it's not clear if you took note of them. There's also been some confusion .. Firstly, read up on layer2 (ethernet, MAC-level) filtering options in ipfw(8). Thoroughly, several times, until you've got it. Seriously. After enabling sysctl net.link.ether.ipfw=1 (add it to /etc/sysctl.conf) ipfw will be invoked 4 times instead of the normal 2, on every packet. Read carefully ipfw(8) section 'PACKET FLOW', and see that only on the inbound pass invoked from ether_demux() and the outbound pass invoked from ether_output_frame() can you test for MAC addresses (or mac-types); the 'normal' layer3 passes examine packets that have no layer2 headers. You could just add 'layer2' to any rules filtering on MAC addresses, and omit MAC addresses from all layer 3 (IP) rules, but I'd recommend using a method like shown there to separate layer2 and layer3 flows early on: # packets from ether_demux ipfw add 10 skipto 1000 all from any to any layer2 in # packets from ip_input ipfw add 10 skipto 2000 all from any to any not layer2 in # packets from ip_output ipfw add 10 skipto 3000 all from any to any not layer2 out # packets from ether_output_frame ipfw add 10 skipto 4000 all from any to any layer2 out So at (eg) 1000 and 4000 place your incoming and outgoing MAC filtering rules (remembering the reversed order of MAC addresses vs IP addresses, and to allow broadcasts as well), pass good guys and/or block bad guys, then deal with your normal IPv4|v6 traffic in a separate section(s). Or you could just split the flows into two streams, one for layer2 for your MAC filtering, the other for layer3, ie the rest of your ruleset. HTH, Ian [please cc me on any reply] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to filter network by MAC and IP at the same time
hi Bill, afaik, in your case the packets checked twice against the ipfw-rules - once for the layer2-filtering part and 2nd time for the ip-filtering part. 1st enable filtering on ethernet demux/eth. output frame: # sysctl net.link.ether.ipfw=1 then start your fw-script: # -- sniplet from fw-script -- # iif=em0 ip_client=192.168.123.45 ether_client=88:99:aa:bb:cc:dd ether_broadcast=ff:ff:ff:ff:ff:ff ${fwcmd} add 10 pass MAC ${ether_broadcast} ${ether_client} via ${iif} ${fwcmd} add 20 pass MAC any ${ether_client} via ${iif} ${fwcmd} add 21 pass MAC ${ether_client} any via ${iif} ${fwcmd} add 30 pass ip from ${ip_client} to any via ${iif} ${fwcmd} add 31 pass ip from any to ${ip_client} via ${iif} # -- sniplet from fw-script -- # this results in: # ipfw show 00010 128 allow ip from any to any MAC ff:ff:ff:ff:ff:ff \ 88:99:aa:bb:cc:dd via em0 00020 74 9564 allow ip from any to any MAC any 88:99:aa:bb:cc:dd via em0 00021 87 85336 allow ip from any to any MAC 88:99:aa:bb:cc:dd any via em0 00030 74 9564 allow ip from 192.168.123.45 to any via em0 00031 86 85290 allow ip from any to 192.168.123.45 via em0 65535 487 35078 deny ip from any to any Most of this logic is described in the section PACKET FLOW section in man ipfw. Note that as packets flow through the stack, headers can be stripped or added to it, and so they may or may not be available for inspection. E.g., incoming packets will include the MAC header when ipfw is invoked from ether_demux(), but the same packets will have the MAC header stripped off when ipfw is invoked from ip_input() or ip6_input(). Cheers ch On Saturday 09 June 2012, Bill Yuan wrote: rule like below #allow the traffic which source mac is belong to the machine ipfw add 1 allow all from any to any MAC MAC ADDR1 any #allow the .. destination mac is that machine ipfw add 1 allow all from any to any MAC any MAC ADDR1 ipfw add 1 deny all from any to any it is not working , all the traffic will be block by the deny !!! how come ? On Sat, Jun 9, 2012 at 4:30 AM, Lowell Gilbert freebsd-questions-lo...@be-well.ilk.org wrote: Bill Yuan byc...@gmail.com writes: i am using freebsd 9.0 as a firewall and i want to filter the traffic by the mac and the ip at the same time, for example, i only allow my laptop MAC Address 1 can go throught the firewalll when it's using IP IP Address 1 for how to config the firewall rules? I tried to configure the firewall by the rule below , but it doesnt work ipfw add 1 allow all from IP Address 1 to any MAC MAC Address 1 any ipfw add 1 allow all from any to IP Address 1 MAC any MAC Address 1 Well, for one thing if I understand your intent, you have the MAC addresses in the wrong order. Unless your firewall is acting as a bridge, you also need to keep in mind that the MAC addresses are changed when passing through, so those rules will only work on one side (i.e., you'll need in via type rules). but it doesnt work. also found the explanation on google, someone already asked this question before. I don't understand. Was there a suggested approach or not? but I did not find the solution for this requirement. can someone tell me how ? thanks in advance. I can't guarantee this will work, and I don't have any way to test it, but my above comments would suggest something more like: ipfw add 1 allow all from IP Address 1 to any MAC any MAC Address in via $iif ipfw add 1 allow all from any to IP Address 1 MAC MAC Address 1 any out via $oif Good luck. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to filter network by MAC and IP at the same time
Thanks very much, According to your description , I changed my firewall settings , ( Because I already tried add the via em0 or via em1, it's not working, so I remove it , my FreeBSD is WAN is em0 ,LAN is em1 ) and made it like this below and I still cannot download things through it , and i found the result Seems some place still not working properly , the traffic has been block by some reason! On Sat, Jun 9, 2012 at 5:12 PM, Christian Hiris 4...@chello.at wrote: hi Bill, afaik, in your case the packets checked twice against the ipfw-rules - once for the layer2-filtering part and 2nd time for the ip-filtering part. 1st enable filtering on ethernet demux/eth. output frame: # sysctl net.link.ether.ipfw=1 then start your fw-script: # -- sniplet from fw-script -- # iif=em0 ip_client=192.168.123.45 ether_client=88:99:aa:bb:cc:dd ether_broadcast=ff:ff:ff:ff:ff:ff ${fwcmd} add 10 pass MAC ${ether_broadcast} ${ether_client} via ${iif} ${fwcmd} add 20 pass MAC any ${ether_client} via ${iif} ${fwcmd} add 21 pass MAC ${ether_client} any via ${iif} ${fwcmd} add 30 pass ip from ${ip_client} to any via ${iif} ${fwcmd} add 31 pass ip from any to ${ip_client} via ${iif} # -- sniplet from fw-script -- # this results in: # ipfw show 00010 128 allow ip from any to any MAC ff:ff:ff:ff:ff:ff \ 88:99:aa:bb:cc:dd via em0 00020 74 9564 allow ip from any to any MAC any 88:99:aa:bb:cc:dd via em0 00021 87 85336 allow ip from any to any MAC 88:99:aa:bb:cc:dd any via em0 00030 74 9564 allow ip from 192.168.123.45 to any via em0 00031 86 85290 allow ip from any to 192.168.123.45 via em0 65535 487 35078 deny ip from any to any Most of this logic is described in the section PACKET FLOW section in man ipfw. Note that as packets flow through the stack, headers can be stripped or added to it, and so they may or may not be available for inspection. E.g., incoming packets will include the MAC header when ipfw is invoked from ether_demux(), but the same packets will have the MAC header stripped off when ipfw is invoked from ip_input() or ip6_input(). Cheers ch On Saturday 09 June 2012, Bill Yuan wrote: rule like below #allow the traffic which source mac is belong to the machine ipfw add 1 allow all from any to any MAC MAC ADDR1 any #allow the .. destination mac is that machine ipfw add 1 allow all from any to any MAC any MAC ADDR1 ipfw add 1 deny all from any to any it is not working , all the traffic will be block by the deny !!! how come ? On Sat, Jun 9, 2012 at 4:30 AM, Lowell Gilbert freebsd-questions-lo...@be-well.ilk.org wrote: Bill Yuan byc...@gmail.com writes: i am using freebsd 9.0 as a firewall and i want to filter the traffic by the mac and the ip at the same time, for example, i only allow my laptop MAC Address 1 can go throught the firewalll when it's using IP IP Address 1 for how to config the firewall rules? I tried to configure the firewall by the rule below , but it doesnt work ipfw add 1 allow all from IP Address 1 to any MAC MAC Address 1 any ipfw add 1 allow all from any to IP Address 1 MAC any MAC Address 1 Well, for one thing if I understand your intent, you have the MAC addresses in the wrong order. Unless your firewall is acting as a bridge, you also need to keep in mind that the MAC addresses are changed when passing through, so those rules will only work on one side (i.e., you'll need in via type rules). but it doesnt work. also found the explanation on google, someone already asked this question before. I don't understand. Was there a suggested approach or not? but I did not find the solution for this requirement. can someone tell me how ? thanks in advance. I can't guarantee this will work, and I don't have any way to test it, but my above comments would suggest something more like: ipfw add 1 allow all from IP Address 1 to any MAC any MAC Address in via $iif ipfw add 1 allow all from any to IP Address 1 MAC MAC Address 1 any out via $oif Good luck. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to filter network by MAC and IP at the same time
Bill Yuan byc...@gmail.com writes: i am using freebsd 9.0 as a firewall and i want to filter the traffic by the mac and the ip at the same time, for example, i only allow my laptop MAC Address 1 can go throught the firewalll when it's using IP IP Address 1 for how to config the firewall rules? I tried to configure the firewall by the rule below , but it doesnt work ipfw add 1 allow all from IP Address 1 to any MAC MAC Address 1 any ipfw add 1 allow all from any to IP Address 1 MAC any MAC Address 1 Well, for one thing if I understand your intent, you have the MAC addresses in the wrong order. Unless your firewall is acting as a bridge, you also need to keep in mind that the MAC addresses are changed when passing through, so those rules will only work on one side (i.e., you'll need in via type rules). but it doesnt work. also found the explanation on google, someone already asked this question before. I don't understand. Was there a suggested approach or not? but I did not find the solution for this requirement. can someone tell me how ? thanks in advance. I can't guarantee this will work, and I don't have any way to test it, but my above comments would suggest something more like: ipfw add 1 allow all from IP Address 1 to any MAC any MAC Address in via $iif ipfw add 1 allow all from any to IP Address 1 MAC MAC Address 1 any out via $oif Good luck. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to filter network by MAC and IP at the same time
rule like below #allow the traffic which source mac is belong to the machine ipfw add 1 allow all from any to any MAC MAC ADDR1 any #allow the .. destination mac is that machine ipfw add 1 allow all from any to any MAC any MAC ADDR1 ipfw add 1 deny all from any to any it is not working , all the traffic will be block by the deny !!! how come ? On Sat, Jun 9, 2012 at 4:30 AM, Lowell Gilbert freebsd-questions-lo...@be-well.ilk.org wrote: Bill Yuan byc...@gmail.com writes: i am using freebsd 9.0 as a firewall and i want to filter the traffic by the mac and the ip at the same time, for example, i only allow my laptop MAC Address 1 can go throught the firewalll when it's using IP IP Address 1 for how to config the firewall rules? I tried to configure the firewall by the rule below , but it doesnt work ipfw add 1 allow all from IP Address 1 to any MAC MAC Address 1 any ipfw add 1 allow all from any to IP Address 1 MAC any MAC Address 1 Well, for one thing if I understand your intent, you have the MAC addresses in the wrong order. Unless your firewall is acting as a bridge, you also need to keep in mind that the MAC addresses are changed when passing through, so those rules will only work on one side (i.e., you'll need in via type rules). but it doesnt work. also found the explanation on google, someone already asked this question before. I don't understand. Was there a suggested approach or not? but I did not find the solution for this requirement. can someone tell me how ? thanks in advance. I can't guarantee this will work, and I don't have any way to test it, but my above comments would suggest something more like: ipfw add 1 allow all from IP Address 1 to any MAC any MAC Address in via $iif ipfw add 1 allow all from any to IP Address 1 MAC MAC Address 1 any out via $oif Good luck. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
how to filter network by MAC and IP at the same time
hi all, i am using freebsd 9.0 as a firewall and i want to filter the traffic by the mac and the ip at the same time, for example, i only allow my laptop MAC Address 1 can go throught the firewalll when it's using IP IP Address 1 for how to config the firewall rules? I tried to configure the firewall by the rule below , but it doesnt work ipfw add 1 allow all from IP Address 1 to any MAC MAC Address 1 any ipfw add 1 allow all from any to IP Address 1 MAC any MAC Address 1 but it doesnt work. also found the explanation on google, someone already asked this question before. but I did not find the solution for this requirement. can someone tell me how ? thanks in advance. Best Regards, BYCN82 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
newbie- install to i-mac from usb
hi, I hope this is the correct mailing list for this question. I am a newbie. I want to install FreeBSD 9.0 to an i-mac g3/g4 which doesn't have a working cd drive. I want to use a usb stick to do this. My question is what relevant doc explains how to do this? I searched google and could not find an answer that worked, even for NetBSD. I tried issuing a dd command to cp the powerpc memstick image to usb, but I can't figure out how to get openfirmware to boot the usb. It is openfirmware version 3. I welcome any help and/or suggestions. Thanks, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Single boot EFI Mac install
Has anyone successfully installed FreeBSD as a single boot system on an EFI Mac? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Single boot EFI Mac install
Carsten Mattner writes: Has anyone successfully installed FreeBSD as a single boot system on an EFI Mac? I'm not sure exactly what you mean by a single boot system. I have Mac Pro that runs Mac OS on on disk (actually a pair in a software RAID) and FreeBSD from another pair (gmirror RAID). I suspect that I could pull the MacOS disks from the system and it would happily run as a FreeBSD only machine. I believe that I set up the disks using the mac tools and then did an install from a DVD, but it's been a while. The only particularly trick-ish part is that I had to partition the FreeBSD disks using MBR style partitions, that's (part of?) what the Mac firmware uses to decide to turn on it's PC-style BIOS emulation, which FreeBSD needs before it can get itself going. GPT partitions will not work. Every once in a while the machine hangs at boot time but I haven't seen it in a while. What happens if you just throw a FreeBSD DVD in the drive? g. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Single boot EFI Mac install
On Wed, Mar 7, 2012 at 6:13 PM, George Hartzell hartz...@alerce.com wrote: Carsten Mattner writes: Has anyone successfully installed FreeBSD as a single boot system on an EFI Mac? I'm not sure exactly what you mean by a single boot system. I have Mac Pro that runs Mac OS on on disk (actually a pair in a software RAID) and FreeBSD from another pair (gmirror RAID). I suspect that I could pull the MacOS disks from the system and it would happily run as a FreeBSD only machine. I believe that I set up the disks using the mac tools and then did an install from a DVD, but it's been a while. The only particularly trick-ish part is that I had to partition the FreeBSD disks using MBR style partitions, that's (part of?) what the Mac firmware uses to decide to turn on it's PC-style BIOS emulation, which FreeBSD needs before it can get itself going. GPT partitions will not work. Every once in a while the machine hangs at boot time but I haven't seen it in a while. What happens if you just throw a FreeBSD DVD in the drive? I'm pretty sure I can install FreeBSD. The real question is: Are there EFI bootable FreeBSD images? rEFIt works but cannot be convinced to stop delaying the boot process by ~20 seconds (even after deleting PRAM and bless'ing the partition). That's why I've been looking for native (EFI) boot options. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Problems with EFI / partitioning with FreeBSD ONLY mac mini ... from USB drive ...
I booted the 8.2-RELEASE CD on my Intel mac mini, which has a thumb drive plugged into USB. I promptly entered FIXIT and used dd to zero out the ENTIRE internal hard drive. I may use it, I may not, but for now I want to reduce variables and I don't want remnants of OSX on that disk tripping me up. I exited FIXIT and proceeded with a plain old install of FreeBSD 8.2 onto the thumb drive, which was seen as da0. Upon rebooting, I see a folder icon with a question mark inside of it, blinking on the screen. The mac mini cannot see an OS to boot. I have tried to solve this by: - same as above, but plain old loader instead of FreeBSD boot manager. Both failed - During install, in FDISK, using the T option to change the type to 238 Still failing. Any idea what the missing part of this recipe is ? NOTE: I see something of an answer here: http://lists.freebsd.org/pipermail/freebsd-current/2011-September/027585.html But I do not know how to put a dummy MBR there even if using GPT layout ... so if that is the answer, some additional details, please :) Just trying to boot FreeBSD, and only FreeBSD, off of the thumb drive plugged into a mac mini with no other disks. Any help appreciated. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD VMWare Mac screen resulution and keyboard map
On 11-04-09 17:17, Warren Block wrote: On Fri, 8 Apr 2011, Sascha Vieweg wrote: As a curious beginner I am running FreeBSD on VMWare Fusion 3.1.2 on a MacBook Pro 13'' i5, and I want to do two things on the normal (startup) console: (1) use my apple keyboard, especially, scroll through console output man syscons | less -p'Back Scrolling' ... Says: press the `slock' key (with some PC keyboard description). However, I have got a MB Pro where no such key is available. Thus, I may repeat my question: How can I get console scolling working on my MacBook Pro 13''? (2) have a screen resolution of at least 800x600. vidcontrol(1) can set different modes, potentially including VESA_800x600. What's available depends on the video card BIOS and you'll probably have to build a kernel with SC_PIXEL_MODE. Both things seem to be no particular problem in X11, however, I cannot find advices for the normal console. Unless you're trying to emulate a machine without X11 for a particular purpose, xterms are more versatile than consoles. It's probably possible to get a console-like stack of fullscreen xterms with one of the mouseless window managers. Thanks, the vidcontrol tip helped a lot. *S* -- Sascha Vieweg, saschav...@gmail.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD VMWare Mac screen resulution and keyboard map
On Apr 18, 2011, at 11:35 AM, Sascha Vieweg wrote: man syscons | less -p'Back Scrolling' ... Says: press the `slock' key (with some PC keyboard description). However, I have got a MB Pro where no such key is available. Thus, I may repeat my question: How can I get console scolling working on my MacBook Pro 13''? slock is the key above the home key; on an Apple A1048 USB keyboard, that is labelled F15. I don't think the 13 Macbook Pro has that key available, so you might have to attach an external USB keyboard. Try dmesg | less instead, or using SSH from a handy terminal emulator with scrolling windows (like Terminal.app from the base MacOS X) is likely to be easier... Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD VMWare Mac screen resulution and keyboard map
On Apr 18, 2011, at 2:45 PM, Chuck Swiger wrote: On Apr 18, 2011, at 11:35 AM, Sascha Vieweg wrote: man syscons | less -p'Back Scrolling' ... Says: press the `slock' key (with some PC keyboard description). However, I have got a MB Pro where no such key is available. Thus, I may repeat my question: How can I get console scolling working on my MacBook Pro 13''? slock is the key above the home key; on an Apple A1048 USB keyboard, that is labelled F15. I don't think the 13 Macbook Pro has that key available, so you might have to attach an external USB keyboard. fn-shift-f12 should be scroll lock. At least, it is when the hardware runs windows___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD VMWare Mac screen resulution and keyboard map
On Fri, 8 Apr 2011, Sascha Vieweg wrote: As a curious beginner I am running FreeBSD on VMWare Fusion 3.1.2 on a MacBook Pro 13'' i5, and I want to do two things on the normal (startup) console: (1) use my apple keyboard, especially, scroll through console output man syscons | less -p'Back Scrolling' (2) have a screen resolution of at least 800x600. vidcontrol(1) can set different modes, potentially including VESA_800x600. What's available depends on the video card BIOS and you'll probably have to build a kernel with SC_PIXEL_MODE. Both things seem to be no particular problem in X11, however, I cannot find advices for the normal console. Unless you're trying to emulate a machine without X11 for a particular purpose, xterms are more versatile than consoles. It's probably possible to get a console-like stack of fullscreen xterms with one of the mouseless window managers. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FreeBSD VMWare Mac screen resulution and keyboard map
As a curious beginner I am running FreeBSD on VMWare Fusion 3.1.2 on a MacBook Pro 13'' i5, and I want to do two things on the normal (startup) console: (1) use my apple keyboard, especially, scroll through console output (2) have a screen resolution of at least 800x600. Both things seem to be no particular problem in X11, however, I cannot find advices for the normal console. And: does anybody know what vertical and horizontal refresh rates my VMWare display have? According to the user handbook I need to specify this information in the X11 config file -- the current X11 display does not look very sharp. Thanks for help *S* -- Sascha Vieweg, saschav...@gmail.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD VMWare Mac screen resulution and keyboard map
On Apr 8, 2011, at 12:22 PM, Sascha Vieweg wrote: As a curious beginner I am running FreeBSD on VMWare Fusion 3.1.2 on a MacBook Pro 13'' i5, and I want to do two things on the normal (startup) console: (1) use my apple keyboard, especially, scroll through console output (2) have a screen resolution of at least 800x600. Both things seem to be no particular problem in X11, however, I cannot find advices for the normal console. And: does anybody know what vertical and horizontal refresh rates my VMWare display have? According to the user handbook I need to specify this information in the X11 config file -- the current X11 display does not look very sharp. Thanks for help *S* You should be able find the screen dimensions for that MacBook Pro somewhere on the net. If my memory is correct and it's like my 13 acrylic MacBook then it will be something either 1280x800 or, less likely, 1280x720. I'm really old so I use an config file in the standard location: /etc/X11/xorg.conf configuration file to control X. If I understand correctly this is not longer strictly necessary. You can generate a base config by running: # X -configure That will write a file: xorg.conf.new into the current directory. For monitor setting I've never found anything on VMware Fusion, or the MacBook line that gives those numbers. I've been using: Section Monitor Identifier Apple MacBook Pro A1286 Display VendorName Apple HorizSync 27.0-86.0 VertRefresh 50.0-72.0 Modeline 1440x900 106.47 1440 1520 1672 1904 900 901 904 932 -HSync +Vsync Modeline 1280x800 83.46 1280 1344 1480 1680 800 801 804 828 EndSection I'm using the Vesa Driver rather than the native vmware one so I'm pretty sure that the MacBook is actually handling the display settings. Again, there are instructions on the net for hacking xorg.conf specifically for VMWare Fusion and or Parallels to get a crisp display on a FreeBSD VM on a Mac. - I haven't found a way to map a key to Scroll Lock. I would imagine that the syscons driver is the place to look. -- Chris There will be an answer, Let it be. e: chris -at- vindaloo -dot- com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD VMWare Mac screen resulution and keyboard map
On Apr 8, 2011, at 12:22 PM, Sascha Vieweg wrote: As a curious beginner I am running FreeBSD on VMWare Fusion 3.1.2 on a MacBook Pro 13'' i5, and I want to do two things on the normal (startup) console: (1) use my apple keyboard, especially, scroll through console output The Apple Keyboard should just work. The FreeBSD console has a special mode where you can scroll back and forth in console output after hitting Scroll Lock. I'm just not sure what key on the Apple Keyboard VMware maps to Scroll Lock. (2) have a screen resolution of at least 800x600. To start, the X log file: /var/log/Xorg.0.log file is a good source of information about what X is doing if you are trying to tune things. Getting a good screen resolution should just be a matter of setting the refresh rates to match your monitor. You may be able to put any values you like in there since your screen and video adapter are virtual. All of this gets configured in /etc/X11/xorg.conf. I believe it's considered gauche to hand configure this anymore but since many modern displays, the Apple laptops included, don't conform to the VESA standard modes it's helpful to be able to tune things by hand. The problem is compounded by the fact that again, in VMware you probably aren't talking to the real hardware. Any modern hardware should just tell the X server what it's Sync and Refresh rates are. One final tip: Check the amount of VideoRam that VMware assigned to the virtual machine. I noticed that it was a little skint at 2Mb or something and I bumped it up to something larger than 8Mbso I could have a 1920x1080x24bpp display. Here's my xorg.conf file which I started on an Acrylic MacBook running Parallels and them moved to and retuned for a unibody 15 MacBook Pro. I'm following up my first post since I revisited this file this afternoon to fix a couple of issues that I had worked around. My box is FreeBSD 8.2-STABLE built from sources on 4/6/2011. I'm running xorg-7.5.1 from ports Section ServerLayout Identifier X.org Configured Screen 0 Screen0 0 0 InputDeviceMouse0 CorePointer InputDeviceKeyboard0 CoreKeyboard EndSection Section Files ModulePath /usr/local/lib/xorg/modules FontPath /usr/local/lib/X11/fonts/misc/ FontPath /usr/local/lib/X11/fonts/TTF/ FontPath /usr/local/lib/X11/fonts/OTF FontPath /usr/local/lib/X11/fonts/Type1/ FontPath /usr/local/lib/X11/fonts/100dpi/ FontPath /usr/local/lib/X11/fonts/75dpi/ EndSection Section Module Load extmod Load record Load dbe Load glx Load dri Load dri2 Load vmmouse EndSection Section InputDevice Identifier Keyboard0 Driver kbd EndSection Section InputDevice Identifier Mouse0 Driver vmmouse Option Protocol auto Option Device /dev/sysmouse Option ZAxisMapping 4 5 6 7 EndSection Section Monitor Identifier Apple MacBook Pro A1286 Display VendorName Apple HorizSync 27.0-86.0 ## These shouldn't matter VertRefresh 50.0-72.0 ## ## 15 MacBook Pro Modeline 1440x900 106.47 1440 1520 1672 1904 900 901 904 932 -HSync +Vsync ## 13 MacBook and possibly 13 MacBook Pro Modeline 1280x800 83.46 1280 1344 1480 1680 800 801 804 828 EndSection Section Device Identifier VMware Legacy Emulated SVGA II Adapter Driver vmwlegacy VendorName VMware BoardName Legacy Emulated SVGA II Adapter BusID PCI:0:15:0 EndSection Section Screen Identifier Screen0 Device VMware Legacy Emulated SVGA II Adapter MonitorApple MacBook Pro A1286 Display ## Purge the display modes that I don't need from here. SubSection Display Viewport0 0 Depth 24 Modes 1440x900 ## 15 MacBook Pro Modes 1280x800 ## 13 MacBook/MacBook Pro EndSubSection EndSection -- Chris -- __o Chris Hilton _`\,_e: chris /at/ vindaloo /dot/ com __(*)/_(*) All I was doing was trying to get home from work. -Rosa Parks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Changing the MAC address on a LAN adapter
On Sun, Jan 23, 2011 at 3:47 PM, John R. Levine jo...@iecc.com wrote: Is this a known problem? As far as I know, it's supposed to work. How you change MAC address? With ether command? # ifconfig em0 ether 01:17:a4:8f:04:5d Well, if it does not work it can be driver bug. In iwn case try to set MAC address of iwn before creating wlan or you will need to set same MAC on wlanX and iwn. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Changing the MAC address on a LAN adapter
On 01/25/11 01:14, Paul B Mahol wrote: On Sun, Jan 23, 2011 at 3:47 PM, John R. Levinejo...@iecc.com wrote: Is this a known problem? As far as I know, it's supposed to work. How you change MAC address? With ether command? # ifconfig em0 ether 01:17:a4:8f:04:5d Well, if it does not work it can be driver bug. In iwn case try to set MAC address of iwn before creating wlan or you will need to set same MAC on wlanX and iwn. Actually I can confirm that. I use lagg for failover, and I remember now you have to set the 'real' interface to the MAC of the other lagg member, not a 'psuedo-device' or it won't work. Same principle applies here. HTH ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Changing the MAC address on a LAN adapter
Is this a known problem? As far as I know, it's supposed to work. Well, if it does not work it can be driver bug. Well, yes, that's what I'm asking. Is it a known driver bug? In iwn case try to set MAC address of iwn before creating wlan or you will need to set same MAC on wlanX and iwn. Done that, doesn't help. Regards, John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies, Please consider the environment before reading this e-mail. http://jl.ly___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Changing the MAC address on a LAN adapter
Da Rock wrote: On 01/25/11 01:14, Paul B Mahol wrote: On Sun, Jan 23, 2011 at 3:47 PM, John R. Levinejo...@iecc.com wrote: Is this a known problem? As far as I know, it's supposed to work. How you change MAC address? With ether command? # ifconfig em0 ether 01:17:a4:8f:04:5d Well, if it does not work it can be driver bug. In iwn case try to set MAC address of iwn before creating wlan or you will need to set same MAC on wlanX and iwn. Actually I can confirm that. I use lagg for failover, and I remember now you have to set the 'real' interface to the MAC of the other lagg member, not a 'psuedo-device' or it won't work. Same principle applies here. HTH ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Ethernet MAC addresses are assigned by the manufacturer of the equipment. Each unit gets a unique address which generally can't be changed and shouldn't be changed. The manufacturer buys a block of addresses from the IEEE. Best regards, Fred ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Changing the MAC address on a LAN adapter
On Jan 24, 2011, at 10:44 AM, Fred wrote: Ethernet MAC addresses are assigned by the manufacturer of the equipment. Each unit gets a unique address which generally can't be changed and shouldn't be changed. The manufacturer buys a block of addresses from the IEEE. Yes, although folks can set the locally administered bit in the 6-byte MAC address instead of using globally administered addresses vendor-assigned blocks from IEEE OUI... Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Changing the MAC address on a LAN adapter
On 01/25/11 04:44, Fred wrote: Da Rock wrote: On 01/25/11 01:14, Paul B Mahol wrote: On Sun, Jan 23, 2011 at 3:47 PM, John R. Levinejo...@iecc.com wrote: Is this a known problem? As far as I know, it's supposed to work. How you change MAC address? With ether command? # ifconfig em0 ether 01:17:a4:8f:04:5d Well, if it does not work it can be driver bug. In iwn case try to set MAC address of iwn before creating wlan or you will need to set same MAC on wlanX and iwn. Actually I can confirm that. I use lagg for failover, and I remember now you have to set the 'real' interface to the MAC of the other lagg member, not a 'psuedo-device' or it won't work. Same principle applies here. HTH ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Ethernet MAC addresses are assigned by the manufacturer of the equipment. Each unit gets a unique address which generally can't be changed and shouldn't be changed. The manufacturer buys a block of addresses from the IEEE. Best regards, Fred Yes, but for lagg to work both adapters need the same MAC- otherwise routing wouldn't work properly (long story short). BTW, my wifi is iwn and I have had no trouble. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Changing the MAC address on a LAN adapter
On Sun, Jan 23, 2011 at 3:38 AM, John Levine jo...@iecc.com wrote: My Lenovo laptop running 8.1 has two ordinary Intel network adapters, a wired PRO/1000 with the em driver and a WiFi PRO/Wireless 5300 with the iwn driver. They work fine, but for either one if I use ifconfig to change the MAC address, the adapter won't actually work until I change the address back to the native one. Typical symptoms are endless DHCP queries with no response. Is this a known problem? As far as I know, it's supposed to work. How you change MAC address? With ether command? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Changing the MAC address on a LAN adapter
Is this a known problem? As far as I know, it's supposed to work. How you change MAC address? With ether command? # ifconfig em0 ether 01:17:a4:8f:04:5d Regards, John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies, Please consider the environment before reading this e-mail. http://jl.ly___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Changing the MAC address on a LAN adapter
My Lenovo laptop running 8.1 has two ordinary Intel network adapters, a wired PRO/1000 with the em driver and a WiFi PRO/Wireless 5300 with the iwn driver. They work fine, but for either one if I use ifconfig to change the MAC address, the adapter won't actually work until I change the address back to the native one. Typical symptoms are endless DHCP queries with no response. Is this a known problem? As far as I know, it's supposed to work. R's, John PS: If you were wondering, obnoxious airport wifi that cuts you off after an hour and won't let you back on until the next day, keyed by MAC address. em0: Intel(R) PRO/1000 Network Connection 7.0.5 port 0x1840-0x185f mem 0xf260-0xf261,0xf2625000-0xf2625fff irq 20 at device 25.0 on pci0 em0: Using MSI interrupt iwn0: Intel(R) PRO/Wireless 5300 mem 0xf250-0xf2501fff irq 17 at device 0.0 on pci3 iwn0: MIMO 3T3R, MoW, address 00:21:6a:b5:18:48 iwn0: [ITHREAD] iwn0: 11a rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps iwn0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps iwn0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Corrupted MAC on input. Disconnecting: Packet corrupt
Hello, I'm facing a very strange problem on a machine: When I unzip a file (I'm 100% sure the file is not corrupted) and I get the following: jci...@frodon ~ % ssh 10.0.0.225 Password: jci...@dev ~ % unzip elgg-1.7.6.zip Archive: elgg-1.7.6.zip creating: elgg-1.7.6/ creating: elgg-1.7.6/engine/ inflating: elgg-1.7.6/engine/settings.example.php creating: elgg-1.7.6/engine/handlers/ creating: elgg-1.7.6/mod/tinymce/tinymce/jscripts/tiny_mce/plugins/emotions/langs/ inflating: elgg-1.7.6/mod/tinymce/tinymce/jscripts/tiny_mce/plugins/emotions/langs/en_dlg.js inflating: elgg-1.7.6/mod/tinymce/tinymce/jscripts/tiny_mce/plugins/emotions/editor_plugin.js inflating: elgg-1.7.6/mod/tinymce/tinymce/jscripts/tiny_mce/plugins/emotions/emotions.htm Corrupted MAC on input. Disconnecting: Packet corrupt jci...@frodon ~ % The system is running 8.2-RC1 (amd64). I had the same problem under 8.1-RELEASE (I thought it was a bug in the Ethernet driver, so I upgraded to 8.2-RC1) The card is: a...@pci0:2:0:0:class=0x02 card=0x82261043 chip=0x10481969 rev=0xb0 hdr=0x00 vendor = 'Attansic (Now owned by Atheros)' device = 'Gigabit Ethernet 10/100/1000 Base-T Controller (Atheros L1)' class = network subclass = ethernet Any idea what could be the problem ? Thanks, Julien -- No trees were killed in the creation of this message. However, many electrons were terribly inconvenienced. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Corrupted MAC on input. Disconnecting: Packet corrupt
On 01/11/2011 10:43, Julien Cigar wrote: Hello, I'm facing a very strange problem on a machine: When I unzip a file (I'm 100% sure the file is not corrupted) and I get the following: jci...@frodon ~ % ssh 10.0.0.225 Password: jci...@dev ~ % unzip elgg-1.7.6.zip Archive: elgg-1.7.6.zip creating: elgg-1.7.6/ creating: elgg-1.7.6/engine/ inflating: elgg-1.7.6/engine/settings.example.php creating: elgg-1.7.6/engine/handlers/ creating: elgg-1.7.6/mod/tinymce/tinymce/jscripts/tiny_mce/plugins/emotions/langs/ inflating: elgg-1.7.6/mod/tinymce/tinymce/jscripts/tiny_mce/plugins/emotions/langs/en_dlg.js inflating: elgg-1.7.6/mod/tinymce/tinymce/jscripts/tiny_mce/plugins/emotions/editor_plugin.js inflating: elgg-1.7.6/mod/tinymce/tinymce/jscripts/tiny_mce/plugins/emotions/emotions.htm Corrupted MAC on input. Disconnecting: Packet corrupt jci...@frodon ~ % The system is running 8.2-RC1 (amd64). I had the same problem under 8.1-RELEASE (I thought it was a bug in the Ethernet driver, so I upgraded to 8.2-RC1) The card is: a...@pci0:2:0:0: class=0x02 card=0x82261043 chip=0x10481969 rev=0xb0 hdr=0x00 vendor = 'Attansic (Now owned by Atheros)' device = 'Gigabit Ethernet 10/100/1000 Base-T Controller (Atheros L1)' class = network subclass = ethernet Any idea what could be the problem ? Thanks, Julien OK, I dug a bit and found the problem ... I have 4 memory slots on the motherboard : D C B A When I put a memory stick in A _or_ C it works When I put memory sticks in A _and_ C it works too However, when I put memory sticks in A _and_ B or A _and_ B _and_ C it fails ... (dual channel) Could it be a bug... or a broken Bios ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- No trees were killed in the creation of this message. However, many electrons were terribly inconvenienced. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Corrupted MAC on input. Disconnecting: Packet corrupt
On Tue, Jan 11, 2011 at 9:11 AM, Julien Cigar jci...@ulb.ac.be wrote: On 01/11/2011 10:43, Julien Cigar wrote: Hello, I'm facing a very strange problem on a machine: When I unzip a file (I'm 100% sure the file is not corrupted) and I get the following: jci...@frodon ~ % ssh 10.0.0.225 Password: jci...@dev ~ % unzip elgg-1.7.6.zip Archive: elgg-1.7.6.zip creating: elgg-1.7.6/ creating: elgg-1.7.6/engine/ inflating: elgg-1.7.6/engine/settings.example.php creating: elgg-1.7.6/engine/handlers/ creating: elgg-1.7.6/mod/tinymce/tinymce/jscripts/tiny_mce/plugins/emotions/langs/ inflating: elgg-1.7.6/mod/tinymce/tinymce/jscripts/tiny_mce/plugins/emotions/langs/en_dlg.js inflating: elgg-1.7.6/mod/tinymce/tinymce/jscripts/tiny_mce/plugins/emotions/editor_plugin.js inflating: elgg-1.7.6/mod/tinymce/tinymce/jscripts/tiny_mce/plugins/emotions/emotions.htm Corrupted MAC on input. Disconnecting: Packet corrupt jci...@frodon ~ % The system is running 8.2-RC1 (amd64). I had the same problem under 8.1-RELEASE (I thought it was a bug in the Ethernet driver, so I upgraded to 8.2-RC1) The card is: a...@pci0:2:0:0: class=0x02 card=0x82261043 chip=0x10481969 rev=0xb0 hdr=0x00 vendor = 'Attansic (Now owned by Atheros)' device = 'Gigabit Ethernet 10/100/1000 Base-T Controller (Atheros L1)' class = network subclass = ethernet Any idea what could be the problem ? Thanks, Julien OK, I dug a bit and found the problem ... I have 4 memory slots on the motherboard : D C B A When I put a memory stick in A _or_ C it works When I put memory sticks in A _and_ C it works too However, when I put memory sticks in A _and_ B or A _and_ B _and_ C it fails ... (dual channel) Could it be a bug... or a broken Bios ? In main boards , memory channels mainly are colored pair-wise , for example Red-Blue , Red-Blue . One of the colors is Zero channel , the other 1 channel . For Intel 1366 pin sockets , there are 3 pairs : for example , Red-Blue , Red-Blue , Red-Blue . When memory chips are installed , first zero channels should be filled , then one channels , as in increasing order . Placing memory chips arbitrarily will get a non-working main board , which is NOT a bug , but production principle . Another principle is when more than one chip is installed , they should be the SAME in pair-wise , for example Red channels having the same size , Blue channels having the same size as Mega or Giga bytes , and they should have same Mega-Hertz speed . The more complete and correct information may be obtained from your main board manual . Another point is ´Supported memory´ chips list . When you want to use memory chips , it is necessary to study main board supported chips list and select among them . It seems that your memory chips are correctly selected , but please insert them as instructed by the main board manual . In other combinations , working is accidental and I do not know there may be other problems associated incorrect placement . Personally I never insert chips in a way other than defined in manual . Some main boards may check correctness of insertions and it my give failure indicator beeps , but some main boards may not check , but will not work as you expected : Everything is working as single ones , but they are not working in combination . Thank you very much . Mehmet Erol Sanliturk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
[fbsd_questions] mac and windoze formats
howdy, folks --- this may be a stupid question, but, i figure that it is better to ask than to assume. premise: i was looking at a retail site that is offering a dvd_archive of every issue of a particular magazine back to its beginning, many decades ago [ these have become popular, lately ]. usually, i put these things on my windoze_box, until it was no longer new enough. then, i looked for linux [ aka, elf ] compatability, which also works. well, it has finally happened. something i want is only available for windoze and os_x. research: now, freebsd handles all sorts of elf; but, mac is not elf, it is derived from mach [ a long_unused word from my youth ]. so, this question is about emulation. i found the section in the faq and in the handbook on elf, but, there is no mention of mac, osx, mach or anything else that is not elf, not even wine. i found a recent _questions post that suggested that there is no current ability to run a mach-o binary. because no one challenged this assertion, i take it as true. q:where do things stand regarding the future ability to run either a windoze or mac binary [ as these are the general_public's notion of a computer ] ? q:would the present situation be described as closer to real_soon_now ! , to are you kidding ? or to somewhere between these two endpoints ? happy everything, to everybody, all of the time, even to those who don't celebrate anything, at any time. rob ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [fbsd_questions] mac and windoze formats
On Dec 8, 2010, at 12:12 PM, spellberg_robert wrote: premise: i was looking at a retail site that is offering a dvd_archive of every issue of a particular magazine back to its beginning, many decades ago [ these have become popular, lately ]. If the archive contains this magazine in a common format like PDF, you can view such under nearly any platform (including FreeBSD). usually, i put these things on my windoze_box, until it was no longer new enough. then, i looked for linux [ aka, elf ] compatability, which also works. ELF is a binary file format. It's used by Linux, FreeBSD, Solaris, and other platforms. research: now, freebsd handles all sorts of elf; but, mac is not elf, it is derived from mach [ a long_unused word from my youth ]. Yes, MacOS X uses the Mach kernel from CMU, also used by NEXTSTEP. The binary file format for the Mac is called MachO. so, this question is about emulation. i found the section in the faq and in the handbook on elf, but, there is no mention of mac, osx, mach or anything else that is not elf, not even wine. i found a recent _questions post that suggested that there is no current ability to run a mach-o binary. because no one challenged this assertion, i take it as true. It is. q:where do things stand regarding the future ability to run either a windoze or mac binary [ as these are the general_public's notion of a computer ] ? You can use emulation software like VMWare 3 to run a Windows environment under FreeBSD; however, that won't let you run MacOS X or Mac programs. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [fbsd_questions] mac and windoze formats - a
chuck --- thank you. your clarity is warmly appreciated. fyi, would that these --were-- pdfs. regrettably, these are not computer people; they are print_the_magazine_on_paper_and_sell_the_paper people. the usual approach is to install a binary on the box that, at the least, requires the presence of the optical_disc in the drive to operate. well, that's what happens when one charges money for something that is easily duplicated. their loss; i didn't include this item in today's order for some single_issues. ciao. rob Chuck Swiger wrote: On Dec 8, 2010, at 12:12 PM, spellberg_robert wrote: premise: i was looking at a retail site that is offering a dvd_archive of every issue of a particular magazine back to its beginning, many decades ago [ these have become popular, lately ]. If the archive contains this magazine in a common format like PDF, you can view such under nearly any platform (including FreeBSD). usually, i put these things on my windoze_box, until it was no longer new enough. then, i looked for linux [ aka, elf ] compatability, which also works. ELF is a binary file format. It's used by Linux, FreeBSD, Solaris, and other platforms. research: now, freebsd handles all sorts of elf; but, mac is not elf, it is derived from mach [ a long_unused word from my youth ]. Yes, MacOS X uses the Mach kernel from CMU, also used by NEXTSTEP. The binary file format for the Mac is called MachO. so, this question is about emulation. i found the section in the faq and in the handbook on elf, but, there is no mention of mac, osx, mach or anything else that is not elf, not even wine. i found a recent _questions post that suggested that there is no current ability to run a mach-o binary. because no one challenged this assertion, i take it as true. It is. q:where do things stand regarding the future ability to run either a windoze or mac binary [ as these are the general_public's notion of a computer ] ? You can use emulation software like VMWare 3 to run a Windows environment under FreeBSD; however, that won't let you run MacOS X or Mac programs. Regards, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Does MAC version of iTunes work on FreeBSD?
On Tue, 16 Nov 2010 14:26:21 -0500 Nathan Vidican nat...@vidican.com wrote: No. The Mac version of iTunes depends on the Cocoa application framework, which is a set of Objective C objects that, as far as I am aware of, has no compatible framework under FreeBSD. The only vaguely compatible framework is GNUstep, which has at least partial support for the Cocoa APIs. Apparently it would be best to start with GNUstep and move an application to OS X though since there are so many features from MacOS that aren't implemented. Note that this is completely separate from binary compatibility: as far as I know nobody's working on Mach-O compatbility on FreeBSD so applications would need to be recompiled. http://wiki.gnustep.org/index.php/Cocoa -- Bruce Cran ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Does MAC version of iTunes work on FreeBSD?
On Wed, Nov 17, 2010 at 03:10:24PM +, Bruce Cran wrote: On Tue, 16 Nov 2010 14:26:21 -0500 Nathan Vidican nat...@vidican.com wrote: No. The Mac version of iTunes depends on the Cocoa application framework, which is a set of Objective C objects that, as far as I am aware of, has no compatible framework under FreeBSD. The only vaguely compatible framework is GNUstep, which has at least partial support for the Cocoa APIs. Apparently it would be best to start with GNUstep and move an application to OS X though since there are so many features from MacOS that aren't implemented. Note that this is completely separate from binary compatibility: as far as I know nobody's working on Mach-O compatbility on FreeBSD so applications would need to be recompiled. http://wiki.gnustep.org/index.php/Cocoa There's also Cocotron: http://www.cocotron.org/ I've never used it, though, so I have no idea what level of compatibility it offers, and it appears to be mostly focused on MS Windows platforms right now. -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] pgpVDxcjzv1YT.pgp Description: PGP signature
Does MAC version of iTunes work on FreeBSD?
-- System Name: laptop2.StevenFriedrich.org Hardware: 2.80GHz Intel Pentium 4 (HTT) with 2 GB memory OS version:FreeBSD 8.1-RELEASE-p1 i386 (6.4 MB kernel) manager(s):kde4-4.5.3 X windows: xorg-7.5X.Org X Server 1.7.5 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Does MAC version of iTunes work on FreeBSD?
On Tue, Nov 16, 2010 at 2:09 PM, Steven Friedrich free...@insightbb.com wrote: -- System Name: laptop2.StevenFriedrich.org Hardware: 2.80GHz Intel Pentium 4 (HTT) with 2 GB memory OS version: FreeBSD 8.1-RELEASE-p1 i386 (6.4 MB kernel) manager(s): kde4-4.5.3 X windows: xorg-7.5 X.Org X Server 1.7.5 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org No. The Mac version of iTunes depends on the Cocoa application framework, which is a set of Objective C objects that, as far as I am aware of, has no compatible framework under FreeBSD. -- Nathan Vidican nat...@vidican.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Does MAC version of iTunes work on FreeBSD?
On 16 November 2010 19:26, Nathan Vidican nat...@vidican.com wrote: On Tue, Nov 16, 2010 at 2:09 PM, Steven Friedrich free...@insightbb.com wrote: -- System Name: laptop2.StevenFriedrich.org Hardware: 2.80GHz Intel Pentium 4 (HTT) with 2 GB memory OS version: FreeBSD 8.1-RELEASE-p1 i386 (6.4 MB kernel) manager(s): kde4-4.5.3 X windows: xorg-7.5 X.Org X Server 1.7.5 No. The Mac version of iTunes depends on the Cocoa application framework, which is a set of Objective C objects that, as far as I am aware of, has no compatible framework under FreeBSD. -- Nathan Vidican nat...@vidican.com Neither does the Windows version. http://appdb.winehq.org/objectManager.php?sClass=applicationiId=1347 You could however try gtkpod, rhythmbox or Amarok if your goal is to sync your iPod. Also, please don't write X windows, its name is the X Window System [1]. Chris [1] http://en.wikipedia.org/wiki/X_Window_System#Nomenclature ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
change MAC address for PPPoE connection
Hello I'm using PPPoE link to connect to the INTERNET. my problem is that I have to change my MAC address for my night time link. I do that using ifconfig command before connecting the night link: *killall ppp ifconfig cdce0 ether 2a:00:00:00:00:00 ppp -ddial adslnight* cdce0 is the interface connected to the ADSL modem. command will change the MAC address on the interface but PPP still uses the old MAC (I can see it over tcpdump). I think it's some cache or something that keeps the old MAC. please help me, I couldn't find anything related on-line. my ppp.conf: *adsl: set log Phase tun command set redial 99 3 set device PPPoE:cdce0 set authname UserName set authkey Password set dial set login add default HISADDR adslnight: set log Phase tun command set redial 99 3 set device PPPoE:cdce0 set authname NightUserName set authkey NightPassword set dial set login add default HISADDR* ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Problems mounting nfs from freebsd to Mac.
On Sat, 25 Sep 2010 14:58:21 -0500 (CDT) Robert Bonomi bon...@mail.r-bonomi.com wrote: From owner-freebsd-questi...@freebsd.org Sat Sep 25 03:29:33 2010 Date: Sat, 25 Sep 2010 04:01:18 -0400 From: Mike Meyer mike.w.me...@gmail.com To: questi...@freebsd.org Cc: Subject: Problems mounting nfs from freebsd to Mac. I've got an nfs server that's refusing to mount one client - via one route - and it's driving me crazy. First question, are you _SURE_ that it's a server-side problem? I under- stand that things are failing in one situation and not others, but there are about -five- possible causations, only one of which is a server-side NFS configuration. No, I'm not sure. The question is more what server tools can I use figure out what's wrong than how do I fix the server. That the FreeBSD community is the most helpful one involved might have some bearing on which question I chose to ask here. As far as I know, there are only three reasons for an NFS server to refuse a mount request: 1) The exports file is borked somehow, 2) The server insists that the client use a privileged port, or 3) The IP address the request is coming from is disallowed. There _are_ others, depending on how access controls are specified in the exports file. Those are pretty much what I meant by the exports file is borked somehow. The file systems are all zfs, all exported by zfs, and mostly all inherited from the parent file system. For the record, that's: /export -maproot 0 -network 192.xx.yy.0/25 #1 isn't it - the file systems mount fine on other boxes. And they mount fine on the problem box via Wifi. #2 shouldn't be it - I'm running the server with -n turned on, and the mount works via wifi. #3 seems logical, but I only have one network enabled, and it's a *.0/25. The working addresses include .96, and .106, while the failing address is .105. So I'm not sure what's going on here. Running mountd with a -d flag generates no output at all when the request is denied. This makes me think I'm not looking in the right place. First thing, what does 'showmount -a', run on the misbehaving client show? And are there differences, depending on being on the wired vs wireless link? Just All mounts on localhost: and then an empty list, whether they are mounted or not. Check how the client resolves the server hostname on both the wireless and wired links. It's the same. That's expected - the WRT610N is providing both dns dhcp services, and they both resolve through it. make sure the _server_ name (in the form used in the nfs mount) is resolving in the same way -- to the same address -- when the client is on thee wireless and wired links. (an 'unqualified' hostname, and a lack of a default domain in the wired setup _could_ cause what you are seeing. Yup, both connections resolve to the same address. Yes, I use an unqualified hostname, but the dhcp server provides a default domain. Check to make sure you've got network connectivity both ways on both the wired and wireless links. Does traceroute work in both directions on both links? does it show the _same_names_? Yes, and yes. You've say you've got a WRT610N in the middle of things. Is it actually playing _router_ on all ports, or switch/hub on the lan side with routing on the external interface. The latter, and it's bridging the wireless network into the LAN side as well. If it's actually -routing- on all ports, check _both_ the client and server routing tables to make sure they're pointing in the right plac, when the client is connected on both paths. Also double-check the router itself for any access-control and/or filtering rules. Those all look right to me. In particular, the client routing tables are identical (module different interface names ip addresses) when it's on the wireless and wired connection. If nothing has shown up so far, an obvious next step is to look at the data 'on the wire' between the machines. e.g., tcpdump/etherfind/netshark etc. I was hoping for something a little bit higher level than that, but I guess that's what's next. Thanks, mike -- Mike Meyer m...@mired.org http://www.mired.org/consulting.html Independent Network/Unix/Perforce consultant, email for more information. O ascii ribbon campaign - stop html mail - www.asciiribbon.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Problems mounting nfs from freebsd to Mac.
I've got an nfs server that's refusing to mount one client - via one route - and it's driving me crazy. The server is running 8.1-RELEASE, exporting a collection of zfs file systems. All the file systems are exported with the exact same flags. The clients are either FreeBSD or OSX boxes. Most of them work fine. One OSX box - updated to the latest snow leopard while trying to fix this - gets permission denied when it tries to mount the interesting fie systems. But only when using it's wired connection. If it connects via wifi to the same router (a cisco WRT610N running dd-wrt) everything works fine. As far as I know, there are only three reasons for an NFS server to refuse a mount request: 1) The exports file is borked somehow, 2) The server insists that the client use a privileged port, or 3) The IP address the request is coming from is disallowed. #1 isn't it - the file systems mount fine on other boxes. And they mount fine on the problem box via Wifi. #2 shouldn't be it - I'm running the server with -n turned on, and the mount works via wifi. #3 seems logical, but I only have one network enabled, and it's a *.0/25. The working addresses include .96, and .106, while the failing address is .105. So I'm not sure what's going on here. Running mountd with a -d flag generates no output at all when the request is denied. This makes me think I'm not looking in the right place. Relevant entries from rc.conf (nothing really fancy): nfs_server_enable=yes nfs_server_flags=-u -t -n 4 -h $MY_IP mountd_enable=yes mountd_flags=-r -n -h $MY_IP rpcbind_enable=YES rpcbind_flags=-h $MY_IP rpc_lockd_enable=YES rpc_lockd_flags=-h $MY_IP rpc_statd_enable=YES rpc_statd_flags=-h $MY_IP So, questions: if mountd isn't the issue (though it's issuing the denied messages), what is? Is there some reason I've overlooked for the permissions to be denied? Anything I can do to get more information out of mountd (or whatever is causing the problem)? Any other things I might try? Thanks, mike -- Mike Meyer m...@mired.org http://www.mired.org/consulting.html Independent Network/Unix/Perforce consultant, email for more information. O ascii ribbon campaign - stop html mail - www.asciiribbon.org -- Mike Meyer m...@mired.org http://www.mired.org/consulting.html Independent Network/Unix/Perforce consultant, email for more information. O ascii ribbon campaign - stop html mail - www.asciiribbon.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Problems mounting nfs from freebsd to Mac.
From owner-freebsd-questi...@freebsd.org Sat Sep 25 03:29:33 2010 Date: Sat, 25 Sep 2010 04:01:18 -0400 From: Mike Meyer mike.w.me...@gmail.com To: questi...@freebsd.org Cc: Subject: Problems mounting nfs from freebsd to Mac. I've got an nfs server that's refusing to mount one client - via one route - and it's driving me crazy. First question, are you _SURE_ that it's a server-side problem? I under- stand that things are failing in one situation and not others, but there are about -five- possible causations, only one of which is a server-side NFS configuration. The server is running 8.1-RELEASE, exporting a collection of zfs file systems. All the file systems are exported with the exact same flags. The clients are either FreeBSD or OSX boxes. Most of them work fine. One OSX box - updated to the latest snow leopard while trying to fix this - gets permission denied when it tries to mount the interesting fie systems. But only when using it's wired connection. If it connects via wifi to the same router (a cisco WRT610N running dd-wrt) everything works fine. That elimintes NFS on the client, and -most- of the NFS config on the server. As far as I know, there are only three reasons for an NFS server to refuse a mount request: 1) The exports file is borked somehow, 2) The server insists that the client use a privileged port, or 3) The IP address the request is coming from is disallowed. There _are_ others, depending on how access controls are specified in the exports file. #1 isn't it - the file systems mount fine on other boxes. And they mount fine on the problem box via Wifi. #2 shouldn't be it - I'm running the server with -n turned on, and the mount works via wifi. #3 seems logical, but I only have one network enabled, and it's a *.0/25. The working addresses include .96, and .106, while the failing address is .105. So I'm not sure what's going on here. Running mountd with a -d flag generates no output at all when the request is denied. This makes me think I'm not looking in the right place. First thing, what does 'showmount -a', run on the misbehaving client show? And are there differences, depending on being on the wired vs wireless link? Check how the client resolves the server hostname on both the wireless and wired links. make sure the _server_ name (in the form used in the nfs mount) is resolving in the same way -- to the same address -- when the client is on thee wireless and wired links. (an 'unqualified' hostname, and a lack of a default domain in the wired setup _could_ cause what you are seeing. Check to make sure you've got network connectivity both ways on both the wired and wireless links. Does traceroute work in both directions on both links? does it show the _same_names_? You've say you've got a WRT610N in the middle of things. Is it actually playing _router_ on all ports, or switch/hub on the lan side with routing on the external interface. If it's actually -routing- on all ports, check _both_ the client and server routing tables to make sure they're pointing in the right plac, when the client is connected on both paths. Also double-check the router itself for any access-control and/or filtering rules. If nothing has shown up so far, an obvious next step is to look at the data 'on the wire' between the machines. e.g., tcpdump/etherfind/netshark etc. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPFW with MAC address configuration
In freebsd-questions Digest, Vol 321, Issue 12, Message: 31 On Fri, 30 Jul 2010 07:18:40 -0400 Carmel carmel...@hotmail.com wrote: I am trying to set up a rule using IPFW that utilizes a MAC address rather than an IP one. ipfw -q allow log tcp from MAC 00-14-A4-43-8E-BA to me 137 in via nfe0 setup keep-state Would that work, assuming the machine I want to allow access has that MAC address? It's not quite that simple. If you need to examine MAC addresses or anything else at layer 2 you first have to set net.link.ether.ipfw=1 Controls whether layer-2 packets are passed to ipfw. Default is no. Then you'll see all packets from ether_demux and ether_output_frame as well as the usual layer 3 packets (ie after layer2 headers are removed) from ip_input and ip_output. Read the PACKET FLOW section in ipfw(8) for what you need to do to first separate layer2 and layer3 packets, as testing for layer2 options like MAC obviously fails on layer3 packets. Even after separating out the layer2 flows I'm not sure whether you can use keep-state with such rules. And anyway, port 137 (netbios-ns) is a UDP service, not TCP. Is this to do with Samba, or what? Please cc me on any reply; I'm subscribed to questions as a -digest which can take half a day, and the threading gets mangled. cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
IPFW with MAC address configuration
I am trying to set up a rule using IPFW that utilizes a MAC address rather than an IP one. ipfw -q allow log tcp from MAC 00-14-A4-43-8E-BA to me 137 in via nfe0 setup keep-state Would that work, assuming the machine I want to allow access has that MAC address? -- Carmel ✌ carmel...@hotmail.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPFW with MAC address configuration
On 07/30/2010 01:18 PM, Carmel wrote: I am trying to set up a rule using IPFW that utilizes a MAC address rather than an IP one. ipfw -q allow log tcp from MAC 00-14-A4-43-8E-BA to me 137 in via nfe0 setup keep-state Would that work, assuming the machine I want to allow access has that MAC address? According to the manual (man ipfw) I guess the rule would something like: ipfw add 1000 allow log tcp MAC any 00:14:A4:43:8E:BA/33 to me 137 in via nfe0 setup keep-state From the manual: { MAC | mac } dst-mac src-mac Match packets with a given dst-mac and src-mac addresses, speci- fied as the any keyword (matching any MAC address), or six groups of hex digits separated by colons, and optionally followed by a mask indicating the significant bits. The mask may be specified using either of the following methods: 1. A slash (/) followed by the number of significant bits. For example, an address with 33 significant bits could be specified as: MAC 10:20:30:40:50:60/33 any 2. An ampersand () followed by a bitmask specified as six groups of hex digits separated by colons. For example, an address in which the last 16 bits are significant could be specified as: MAC 10:20:30:40:50:6000:00:00:00:ff:ff any Note that the ampersand character has a special meaning in many shells and should generally be escaped. Note that the order of MAC addresses (destination first, source second) is the same as on the wire, but the opposite of the one used for IP addresses. DISCLAIMER: This e-mail is for the intended recipient(s) only. Access, disclosure, copying, distribution or reliance on any of it by anyone else is prohibited. If you have received it by mistake please let us know by reply and then delete it from your system. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPFW with MAC address configuration
On 07/30/2010 01:18 PM, Carmel wrote: I am trying to set up a rule using IPFW that utilizes a MAC address rather than an IP one. ipfw -q allow log tcp from MAC 00-14-A4-43-8E-BA to me 137 in via nfe0 setup keep-state Would that work, assuming the machine I want to allow access has that MAC address? According to the manual (man ipfw) I guess the rule would something like: ipfw add 1000 allow log tcp MAC any 00:14:A4:43:8E:BA/33 to me 137 in via nfe0 setup keep-state To match this mac address exactly it should have MAC any 00:14:A4:43:8E:BA/48 I'm not sure about this DISCLAIMER: This e-mail is for the intended recipient(s) only. Access, disclosure, copying, distribution or reliance on any of it by anyone else is prohibited. If you have received it by mistake please let us know by reply and then delete it from your system. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
2009 Intel Mac mini
I am very interested in getting FreeBSD 8.1 with ZFS running on a 2009 Intel Mac mini. I have no trouble getting it to run on all the previous Intel models but the 2009 versions hang on boot. I believe it is related to the issue mentioned on this page http://wiki.freebsd.org/AppleMacbook regarding r189055. Has anyone had success with this? Thank you. Bryan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
PXE + sysinstall(8) install.cfg: DHCP Attribute to map install config/policy to system MAC?
All: The install.cfg mechanism is pretty wicked. Unfortunately, there doesn't seem to be a really efficient way to provide new clients (or class of clients) an install.cfg without rebuilding an MFSROOT image. At least with pxeboot(8), in TFTP-only-mode, using dhcpd.conf(5) client{} entries, there isn't a way to differentiate policies. It's just going to go looking for /boot/loader.rc and /boot/loader.conf from wherever DHCP told PXE to fetch pxeboot(8) from. From there, you need to custom compile a 5 meg mfsroot image for each [class of] client. With an NFS stage-2 boot, I suppose you could set: option root-path /export/${client}Root etc., but then your 5 meg mfsroot is just extracted 1-per-client. Still seems a bit ugly. It seems like we could teach sysinstall(8) to fetch install.cfg by some standard mechanism. Possibly a TFTP or NFS URL passed from the DHCP server - boot loader - kernel sysctl - sysinstall(8). For example, the Sun SPARC4s would TFTP fetch their stage 1 boot loader via TFTP with a filename req of their MAC address in HEX format, so one could just put symlinks in place. Thoughts or other ideas? ~BAS PS: our in-tree tftpd(8) is an unending source of sorrow and misery and clinical despair. ports/net/freebsd-tftp is a lifesaver (it actually has debugging) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: PXE + sysinstall(8) install.cfg: DHCP Attribute to map install config/policy to system MAC?
On 21/04/10 21:59, Brian A. Seklecki (CFI NOC) wrote: All: The install.cfg mechanism is pretty wicked. Unfortunately, there doesn't seem to be a really efficient way to provide new clients (or class of clients) an install.cfg without rebuilding an MFSROOT image. Possibly a TFTP or NFS URL passed from the DHCP server - boot loader - kernel sysctl - sysinstall(8). Thoughts or other ideas? You can configure sysinstall in your install.cfg to execute shell commands, including any fetch-like command. Some scripting should be possible to do what you require. I wrote about it here: http://www.locolomo.org/howto/pxeboot/automatic-installation.html However, I never really went on and tested this, let me know if this works. BR, Erik -- Erik Nørgaard Ph: +34.666334818/+34.915211157 http://www.locolomo.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Can freebsd be installed on a new mac pro 8 core machine ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/04/2010 05:24:41, Wayne Burkart wrote: I have a new Mac Pro 8 core desktop machine. I want to install an os that will let me install Cpanel and whm so I can use it as a server. Will FreeBsd install on the new intell based pro macs ? Pleasea advise. That's a clear maybe -- FreeBSD works on some Macs, but not all: for instance it has trouble with the latest Mac pro laptops. Whether this applies to the desktops as well I don't know. I suggest downloading either the USB installer image, the livefs CD or the DVD image; cutting the appropriate media and seeing if you can get your machine to boot and run from that media. If so, then you should be pretty safe installing FreeBSD onto the hard drive. I'd try 8.0-RELEASE first, and failing that, one of the 9.x snapshots (although I doubt you'll get cPanel to support running under 9.x) Note that you can partition the hard drive using Bootcamp without wiping out an existing MacOS X installation. You can then install FreeBSD instead of Windows -- this apparently works quite well, although you'll have to put up with MacOS always referring to the other partition as containing Windows. Or you can install FreeBSD as a guest under VirtualBox, although that's going to needa bit of finessing to make the VirtualBox guest visible from the external network. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAku8MH4ACgkQ8Mjk52CukIwN4QCeLiggPRMAasFnURvwEss8KJZy 02AAnRHu7omXDxeg3iJU6V3bMvlPDdDa =YbyP -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Can freebsd be installed on a new mac pro 8 core machine ?
Hello, I have a new Mac Pro 8 core desktop machine. I want to install an os that will let me install Cpanel and whm so I can use it as a server. Will FreeBsd install on the new intell based pro macs ? Pleasea advise. Thank you for your time, Wayne ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
popd to send Mail to a Mac; I Really Appreciate this list.
It looks like imap is more suitable for what I am trying to do than pop. There may be a slight issue in the fact that I use .forward to trigger procmail which has the effect of instantly snatching up every piece of incoming mail and putting it in to a nmh folder that resides in /home/%user/Mail/%folder which means /var/mail is always empty. I just created another user which won't have any .forward or procmail attention. Forwarding messages to this user will make them hang in /var/mail/%user and those should be available to imap. On the Mac, I will be reading that user's mail via imap to retrieve the messages. Martin McCormick ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: popd to send Mail to a Mac; I Really Appreciate this list.
On Mar 26, 2010, at 11:11 AM, Martin McCormick wrote: It looks like imap is more suitable for what I am trying to do than pop. There may be a slight issue in the fact that I use .forward to trigger procmail which has the effect of instantly snatching up every piece of incoming mail and putting it in to a nmh folder that resides in /home/%user/Mail/%folder which means /var/mail is always empty. I just created another user which won't have any .forward or procmail attention. Forwarding messages to this user will make them hang in /var/mail/%user and those should be available to imap. On the Mac, I will be reading that user's mail via imap to retrieve the messages. Martin McCormick You should be able to subscribe to the folder in question directly under IMAP for the specific account. I used to do this all the time. It really depend on how you roll out your IMAP service, and which one you go with. Either way procmail can filter can sort the message into IMAP folders so that you can just pick them up via an IMAP client. Cheers, Mikel King CEO, Olivent Technologies Senior Editor, BSD News Network Columnist, BSD Magazine 6 Alpine Court, Medford, NY 11763 o: 631.627.3055 c: 631.796.1499 skype:mikel.king http://olivent.com http://www.linkedin.com/in/mikelking http://twitter.com/mikelking ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
popd to send Mail to a Mac
I like to receive mail on a FreeBSD system and want to continue to do so but occasionally, I have a message that needs to be forwarded to a Macintosh in my office. It turns out that Mac's do not do normal smtp mail like sendmail but one of the options is pop. I installed popd on the FreeBSD server and want to be able to feed messages meant for the Mac to popd at which point, I should be able to retrieve them on that mac. The normal scenario is: Mail comes in and I read it. One message has a 20-mile-long url to a javascrypt-infested web site that lynx can't handle. I should forward this message to the Mac and there, I can use safari to handle that message. Those are the only messages that will need to go through popd so I need a simple way to feed them in so the Mac can get them out. Thanks. Martin McCormick WB5AGZ Stillwater, OK Systems Engineer OSU Information Technology Department Telecommunications Services Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: popd to send Mail to a Mac
On Mar 25, 2010, at 4:52 PM, Martin McCormick wrote: I like to receive mail on a FreeBSD system and want to continue to do so but occasionally, I have a message that needs to be forwarded to a Macintosh in my office. It turns out that Mac's do not do normal smtp mail like sendmail but one of the options is pop. I installed popd on the FreeBSD server and want to be able to feed messages meant for the Mac to popd at which point, I should be able to retrieve them on that mac. The normal scenario is: Mail comes in and I read it. One message has a 20-mile-long url to a javascrypt-infested web site that lynx can't handle. I should forward this message to the Mac and there, I can use safari to handle that message. Those are the only messages that will need to go through popd so I need a simple way to feed them in so the Mac can get them out. Thanks. Martin McCormick WB5AGZ Stillwater, OK Systems Engineer OSU Information Technology Department Telecommunications Services Group Why not just roll out IMAP and then it won't matter? Actually if you wanted to use fancy postfix server side filtering I'd recommend you go IMAP anyway. Filter the 'bad' messages into their own folder. Honestly that seems more trouble than it's worth. Regards, Mikel King CEO, Olivent Technologies Senior Editor, BSD News Network Columnist, BSD Magazine 6 Alpine Court, Medford, NY 11763 o: 631.627.3055 c: 631.796.1499 skype:mikel.king http://olivent.com http://www.linkedin.com/in/mikelking http://twitter.com/mikelking ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: popd to send Mail to a Mac
Hi, Mail comes in and I read it. One message has a 20-mile-long url to a javascrypt-infested web site that lynx can't handle. I should forward this message to the Mac and there, I can use safari to handle that message. You do not forward anything via pop. Instead you filter and save the message to a mailbox. You have popd on your FreeBSD machine set-up to serve this mailbox. On your Mac you use a mail client, that read the mailbox with pop. Pop is a pull service: the client is requesting to read the new messages. You should be able to configure your mail client to search for new messages every now and then, but that will still be initiates by the client. Bests, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
The MAC portacl Module
Hi! I'd like to set security.mac.portacl.rules but my kernel doesn't include it --$ sysctl security.mac.portacl.rules sysctl: unknown oid 'security.mac.portacl.rules' What options i need to add to kernel config file before i recompile kernel to add support for this mac portacle ? Regards, Jurif ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
The MAC portacl Module
Hi! I'd like to set security.mac.portacl.rules but my kernel doesn't include it --$ sysctl security.mac.portacl.rules sysctl: unknown oid 'security.mac.portacl.rules' What options i need to add to kernel config file before i recompile kernel to add support for this mac portacle ? Regards, Jurif ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: yikes! MAC address changed ??
Sorry for replying to myself (AND top-posting!) twice in a row, but this is become a huge concern. My first thought is that my provider changed routers or router Ethernet ports, hence the MAC address change. They deny this, plus I find the two MAC addresses: 00:17:e0:4f:b9:c0 to 00:13:e0:4f:b9:c0 too close to each other for comfort. My obvious concern here is that the recent php compromises somehow allowed an attacker to alter the ARP table entry of the default gateway. Specific questions are as follows: 1) If this were done via a perl or php script, presumably executing an 'arp -s' command, would it show up in the log like that? I've never changed an ARP entry (except to delete it using 'arp -d'), so I've only seen log entries like that due to external changes, like somebody changing IPs on the LAN from one Ether to another. 2) Could an Ethernet card defect or re0 driver problem cause anything like this? Other bug? 3) If this was an attacker using a local script, how the hell does he get a php or perl script owned by UID 80 (or worst case, a user), to do this? Thanks again for any insight...appreciate a reply to both list and directly. On Wed, 10 Feb 2010, James Smallacombe wrote: Please disregard this...sleep deprication...the IP in questions (which I should have disfuised anyway) was not my server's IP, but that of the default gateway...the problem was external. On Wed, 10 Feb 2010, James Smallacombe wrote: This freaked me out a bit, so I'm just running it past the list to make sure this is just a hardware issue...I've never seen it before. My dedicated server provider replaced my defective server that had been up for 6 months after it had apparent failures of a NIC and hard drives. It had also recently been the victim of the Zen Cart exploits (I posted about this not long ago). Tonight I lost connectivity to it, got in via KVM/IP and saw this in the syslog: Feb 10 20:42:51 mail kernel: arp: 209.17.170.1 moved from 00:17:e0:4f:b9:c0 to 00:13:e0:4f:b9:c0 on re0 My first reaction was that somebody else on the LAN had used my IP address, which would have explained the connectivity issues. However, the IP couldn't be pinged and I also noticed that only one number in the address had changed...the odds of somebody else having it were long. ifconfig showed the I/F down, no carrier. I rebooted and then it came up with yet a third MAC address, 00:14:d1:3c:1e:31 Not really even close. Still no carrier. Provider swaps out the Realtek NIC for a new one and it's working (for now). Questions that come to mind: could their be a DoS perhaps from a bot or c99shell I didn't find? Even if their was, would it be possible for the www user, with no priveleges to even cause this kind of problem? I had disabled suhosin after customers patched their Zen Carts, because it interfered with it. Or...could this be a bug in the re0 driver? It's just weird. James Smallacombe PlantageNet, Inc. CEO and Janitor u...@3.am http://3.am = James Smallacombe PlantageNet, Inc. CEO and Janitor u...@3.am http://3.am = James Smallacombe PlantageNet, Inc. CEO and Janitor u...@3.am http://3.am = ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org