Re: [gentoo-user] Help with script for iptables
On Thursday 16 November 2006 01:15, Flophouse Joe wrote:
On Wed, 15 Nov 2006, Mick wrote:
On Wednesday 15 November 2006 21:25, Flophouse Joe wrote:
On Wed, 15 Nov 2006, Mick wrote:
UPLINK=eth0 wlan0 ppp0
for x in ${INTERFACES}
do
iptables -A INPUT -i ! ${x} -j ACCEPT
. . . more rules . . .
iptables -A INPUT -p tcp -i ${x} -j DROP
fi
=
type of think. Not sure if the syntax is correct, but the idea is that
we define multiple interfaces, but only write the rules once with the
variable 'x' where the interface is meant to go.
I'm not 100% certain that I understand the goal, so please let me know
if I've gotten it wrong. It sounds like you want to apply identical
firewall rules to each of three interfaces. It's possible that there
are other interfaces, and if traffic arrives on those interfaces, then
it should not be matched by the rules in the for loop.
Yes, it's a laptop so there is no internal/external interface(s) split in
terms of trust; well other than lo.
If this is the case, then yes, the for loop you've suggested should be
perfectly fine. The rules you specify in that loop will only be applied
to traffic which arrives on the interfaces that you loop through.
I think that by partly showing my rule set I have confused the point. I
should have made it clearer, this is my main set of rules right now:
==
UPLINK=eth0
if [ $1 = start ]
then
echo Starting firewall...
iptables -P INPUT DROP
iptables -A INPUT -i ! ${UPLINK} -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#Allow rsync connections from study1 to update portage
iptables -A INPUT -i ${UPLINK} -p tcp -s 192.168.0.2 -m tcp --dport
873 -d 192.168.0.5 -j ACCEPT
#Allow tcp connections from study1 to download distfiles
iptables -A INPUT -i ${UPLINK} -p tcp -s 192.168.0.2 -m tcp --dport
1024 -d 192.168.0.5 -j ACCEPT
iptables -A INPUT -p tcp -i ${UPLINK} -j DROP
iptables -A INPUT -p udp -i ${UPLINK} -j DROP
[snip...]
elif [ $1 = stop ]
then
echo Stopping firewall...
iptables -F INPUT
iptables -P INPUT ACCEPT
#turn off NAT/masquerading, if any
iptables -t nat -F POSTROUTING
fi
==
(The ! ${UPLINK} rule is there to catch any external ifaces who might try to
spoof their address as localhost.)
It's entirely possible that I'm misunderstanding the design of
netfilter, but it seems to me that the solution to complicated rulesets
is to permit boolean logic in rules like so:
iptables -A INPUT \
\(-i eth0 -or -i wlan0) -and \(-p tcp --dport ssh\) \
-j ACCEPT
Is there a legit way of specifying such rules?
Not that I'm aware of, but I'd very much like to be proven wrong. Does
anyone else on the list know of a way to specify boolean conditions in
iptables rules as illustrated above?
For what it's worth, I have found a way to get something that
approximates the ability to use ORs in iptables rules, but it borders on
the criminially insane. I describe it below:
[snip...]
As you can see, this method is pretty complicated, too. It's not really
any substitute for real boolean logic (as described near the top of
this post). If anyone knows of a way to do this, I'd like to know
about it.
me too!
Meanwhile, I've changed it to this:
==
UPLINK=eth0 wlan0 ppp0
if [ $1 = start ]
then
echo Starting firewall...
for x in ${UPLINK}
do
iptables -P INPUT DROP
iptables -A INPUT -i ! ${x} -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#Allow rsync connections from study1 to update portage
iptables -A INPUT -i ${x} -p tcp -s 192.168.0.2 -m tcp --dport 873 -d
192.168.0.5 -j ACCEPT
#Allow tcp connections from study1 to download distfiles
iptables -A INPUT -i ${x} -p tcp -s 192.168.0.2 -m tcp --dport 1024 -d
192.168.0.5 -j ACCEPT
iptables -A INPUT -p tcp -i ${x} -j DROP
iptables -A INPUT -p udp -i ${x} -j DROP
done
==
which seems to do the trick for my simple firewalling needs:
==
# iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- !eth0 any anywhere anywhere
0 0 ACCEPT all -- anyany anywhere anywhere
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth0 any study1
192.168.0.5 tcp dpt:rsync
0 0 ACCEPT tcp -- eth0 any study1
192.168.0.5 tcp dpt:1024
0 0 DROP tcp -- eth0 any
Re: [gentoo-user] How to modify menus in Konqueror
On Wednesday 15 November 2006 15:25, Neil Bothwick wrote: On Wed, 15 Nov 2006 14:49:40 +, Mick wrote: I had modified the right click/drop down menu in Konqueror to add a command that allowed me to email the page link to a recipient, save it, archive it, etc. Problem is that this was back in kde-3.2.2 days and now I have forgotten how to do it. :-( Does this help? http://developer.kde.org/documentation/tutorials/dot/servicemenus.html I believe that's just the ticket! :) I'm off to create my own - thanks for your help. -- Regards, Mick pgpFyVYbVbaRM.pgp Description: PGP signature
Re: [gentoo-user] emerge -uDpvt world kdelibs
On Wed, 15 Nov 2006 14:52:45 -0700 Richard Fish wrote: On 11/15/06, Arnau Bria [EMAIL PROTECTED] wrote: I OP, I only said that I installed beryl, assuming that people who answer will know that it needs an overlay... Actually, beryl is now in the main portage tree. So if that is your only reason for this overlay, you don't need it anymore. Well, I installed xeffects overlay... I think there are many packages needed for beryl there, but not sure... -Richard thanks! -- Arnau Bria http://blog.emergetux.net Wiggum: Dispara a las ruedas Lou. Lou: eee, es un tanque jefe. Wiggum: Me tienes hartito con todas tus excusas. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] emerge -uDpvt world kdelibs
On Thursday 16 November 2006 11:08, Arnau Bria wrote: Actually, beryl is now in the main portage tree. So if that is your only reason for this overlay, you don't need it anymore. Well, I installed xeffects overlay... I think there are many packages needed for beryl there, but not sure... Obviously not since beryl has been removed entirely from the xeffects overlay. It's in the tree now. -- Bo Andresen pgpw9LtoQEWI5.pgp Description: PGP signature
Re: [gentoo-user] offline runlevel
Devon Miller [EMAIL PROTECTED] writes: And, I'll second Richard, emerge ifplugd dcm Thanks Richard Joe Devon, ifplugd is working perfectly for me. Roger -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Install Gentoo on one machine, then move the drive to another
On Thursday 16 November 2006 01:00, Mark M wrote: Hi all, Pentium D is actually an emt64 dual core cpu, so while CFLAGS -march=pentium4 will work, it will be x86-32 instead of x86-64 and of course the compiled apps won't know nothing about the dual core (read almost dual CPU), still it will run, and it will run fast, you may want to recompile the kernel on the data center with vSMP option set, so at least the kernel will know how to manage multithreads between two cores. In that case he should be cross-compiling with a CHOST set for the PentiumD, not so? alan -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: emerge hints log?
May I mention another tool which is IMHO better then the ELOG-feature? Check out enotice - http://www.fmp.com/enotice/ I use the ELOG-feature as well but I get not the information like with enotice ... for sure it's my fault ;-) Greetz Stefan -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Install Gentoo on one machine, then move the drive to another
On 11/16/06, Alan McKinnon [EMAIL PROTECTED] wrote: On Thursday 16 November 2006 01:00, Mark M wrote: Hi all, Pentium D is actually an emt64 dual core cpu, so while CFLAGS -march=pentium4 will work, it will be x86-32 instead of x86-64 and of course the compiled apps won't know nothing about the dual core (read almost dual CPU), still it will run, and it will run fast, you may want to recompile the kernel on the data center with vSMP option set, so at least the kernel will know how to manage multithreads between two cores. In that case he should be cross-compiling with a CHOST set for the PentiumD, not so? alan -- gentoo-user@gentoo.org mailing list Yes, he can do so, but he won't be able to test run his apps. And judging from my experience there isn't much difference between apps compiled for x86-32 or x86-64, however compiling the kernel for right cpu speed up things, especially multithreaded.
Re: [gentoo-user] Install Gentoo on one machine, then move the drive to another
Mark M wrote: On 11/16/06, *Alan McKinnon* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: On Thursday 16 November 2006 01:00, Mark M wrote: Hi all, Pentium D is actually an emt64 dual core cpu, so while CFLAGS -march=pentium4 will work, it will be x86-32 instead of x86-64 and of course the compiled apps won't know nothing about the dual core (read almost dual CPU), still it will run, and it will run fast, you may want to recompile the kernel on the data center with vSMP option set, so at least the kernel will know how to manage multithreads between two cores. In that case he should be cross-compiling with a CHOST set for the PentiumD, not so? alan -- gentoo-user@gentoo.org mailto:gentoo-user@gentoo.org mailing list Yes, he can do so, but he won't be able to test run his apps. And judging from my experience there isn't much difference between apps compiled for x86-32 or x86-64, however compiling the kernel for right cpu speed up things, especially multithreaded. Hi Mark, I actually wasn't planning on using 64bit anyway I'm wondering if I should set my CFLAGS to -march=x86-32 or leave it as -march=pentium4? Are they essentially the same? I already took your previous suggestion and enabled vSMP support, though I haven't moved the drive to it's new home as of yet. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Install Gentoo on one machine, then move the drive to another
Did your actual system install on your Pentium D is in 64 bits ? Le Thu, 16 Nov 2006 15:45:02 +0100, Jon M [EMAIL PROTECTED] a écrit: Mark M wrote: On 11/16/06, *Alan McKinnon* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: On Thursday 16 November 2006 01:00, Mark M wrote: Hi all, Pentium D is actually an emt64 dual core cpu, so while CFLAGS -march=pentium4 will work, it will be x86-32 instead of x86-64 and of course the compiled apps won't know nothing about the dual core (read almost dual CPU), still it will run, and it will run fast, you may want to recompile the kernel on the data center with vSMP option set, so at least the kernel will know how to manage multithreads between two cores. In that case he should be cross-compiling with a CHOST set for the PentiumD, not so? alan -- gentoo-user@gentoo.org mailto:gentoo-user@gentoo.org mailing list Yes, he can do so, but he won't be able to test run his apps. And judging from my experience there isn't much difference between apps compiled for x86-32 or x86-64, however compiling the kernel for right cpu speed up things, especially multithreaded. Hi Mark, I actually wasn't planning on using 64bit anyway I'm wondering if I should set my CFLAGS to -march=x86-32 or leave it as -march=pentium4? Are they essentially the same? I already took your previous suggestion and enabled vSMP support, though I haven't moved the drive to it's new home as of yet. ___ Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses http://fr.answers.yahoo.com -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Install Gentoo on one machine, then move the drive to another
Geistteufel wrote: Hi Mark, I actually wasn't planning on using 64bit anyway I'm wondering if I should set my CFLAGS to -march=x86-32 or leave it as -march=pentium4? Are they essentially the same? I already took your previous suggestion and enabled vSMP support, though I haven't moved the drive to it's new home as of yet. Did your actual system install on your Pentium D is in 64 bits ? The OS is installed on a regular Pentium 4 (32bit), but will be installed on a Pentium D that can run 64bit, but will be sticking with 32bit. Is that what you wanted to know? -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Install Gentoo on one machine, then move the drive to another
Hi Mark, I actually wasn't planning on using 64bit anyway I'm wondering if I should set my CFLAGS to -march=x86-32 or leave it as -march=pentium4? Are they essentially the same? I already took your previous suggestion and enabled vSMP support, though I haven't moved the drive to it's new home as of yet. -- gentoo-user@gentoo.org mailing list x86-32 will be the lowest common settings for all 32bit cpus. so pentium4 is the setting I believe you should use. I can tell you from my experience, since I use PentiumD cpu, that recompiling with -march=prescott gave me better performance then -marh=x86-32, especially in disk intensive and multimedia applications, such as video encoding and large database access.
Re: [gentoo-user] Install Gentoo on one machine, then move the drive to another
Mark M wrote: Hi Mark, I actually wasn't planning on using 64bit anyway I'm wondering if I should set my CFLAGS to -march=x86-32 or leave it as -march=pentium4? Are they essentially the same? I already took your previous suggestion and enabled vSMP support, though I haven't moved the drive to it's new home as of yet. -- gentoo-user@gentoo.org mailto:gentoo-user@gentoo.org mailing list x86-32 will be the lowest common settings for all 32bit cpus. so pentium4 is the setting I believe you should use. I can tell you from my experience, since I use PentiumD cpu, that recompiling with -march=prescott gave me better performance then -marh=x86-32, especially in disk intensive and multimedia applications, such as video encoding and large database access. Hi Mark, Thanks for the tip! I'll be sure to switch my CFLAGS to that. I might as well make the system run as fast as it possibly can. What did you set your MAKEOPTS to? I was thinking -j3 because of the two cores plus one. Did you do the same? -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Help with script for iptables
# I think that a set of rules that looks something like this would be easier
to maintain
# there are 500 little tricks that I could add if I was home and had my
notes
iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
#this will take care of all interfaces by default
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# maybe you should just use one interface for portage to connect through
such as eth0
# might also be a good plan to use the mac address instead of the ip it is a
little harder to spoof
#Allow rsync connections from study1 to update portage
iptables -A INPUT -i eth0 -p tcp -s 192.168.0.2 -m tcp --dport 873 -d
192.168.0.5 -j ACCEPT
#Allow tcp connections from study1 to download distfiles
iptables -A INPUT -i eth0 -p tcp -s 192.168.0.2 -m tcp --dport 1024 -d
192.168.0.5 -j ACCEPT
# these rules are kinda taken car of by: iptables -P INPUT DROP
# iptables -A INPUT -p tcp -i ${x} -j DROP
#iptables -A INPUT -p udp -i ${x} -j DROP
Re: [gentoo-user] Install Gentoo on one machine, then move the drive to another
The system you would replace, is on the Pentium D ? I don't remember the distro name, but not the gentoo one. So if Pentium D contain 64 bits distro you would replace by gentoo ... they is a solution to compile it directly on this computer in 64 bits, so after just replace the main system with a rescue If not ... you can copy the system on your pentium 4 ... replace your prod for a moment, take the pentium D and install a 64 bits gentoo version ... so replace your prod with 64 bits version ... a sort of double switch you see ? Le Thu, 16 Nov 2006 16:04:20 +0100, Jon M [EMAIL PROTECTED] a écrit: Geistteufel wrote: Hi Mark, I actually wasn't planning on using 64bit anyway I'm wondering if I should set my CFLAGS to -march=x86-32 or leave it as -march=pentium4? Are they essentially the same? I already took your previous suggestion and enabled vSMP support, though I haven't moved the drive to it's new home as of yet. Did your actual system install on your Pentium D is in 64 bits ? The OS is installed on a regular Pentium 4 (32bit), but will be installed on a Pentium D that can run 64bit, but will be sticking with 32bit. Is that what you wanted to know? ___ Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses http://fr.answers.yahoo.com -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Install Gentoo on one machine, then move the drive to another
On 11/16/06, Jon M [EMAIL PROTECTED] wrote: Mark M wrote: Hi Mark, I actually wasn't planning on using 64bit anyway I'm wondering if I should set my CFLAGS to -march=x86-32 or leave it as -march=pentium4? Are they essentially the same? I already took your previous suggestion and enabled vSMP support, though I haven't moved the drive to it's new home as of yet. -- gentoo-user@gentoo.org mailto:gentoo-user@gentoo.org mailing list x86-32 will be the lowest common settings for all 32bit cpus. so pentium4 is the setting I believe you should use. I can tell you from my experience, since I use PentiumD cpu, that recompiling with -march=prescott gave me better performance then -marh=x86-32, especially in disk intensive and multimedia applications, such as video encoding and large database access. Hi Mark, Thanks for the tip! I'll be sure to switch my CFLAGS to that. I might as well make the system run as fast as it possibly can. What did you set your MAKEOPTS to? I was thinking -j3 because of the two cores plus one. Did you do the same? -- gentoo-user@gentoo.org mailing list yes my MAKEOPTS are -j3 indeed :)
[gentoo-user] Accidentally deleted contents of /sbin
List Members - I was trying to delete some files from my /sbin directory and with an unfortunate use of a wildcard accidentally deleted the entire contents on the /sbin directory. I have recovered the contents of the /sbin directory from a stage 3 tarball. I was thinking about doing an emerge world, just to make sure that everything is consistent. Do you all think that this is necessary? Thanks, James -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Accidentally deleted contents of /sbin
Oh, it's not really usefull to rebuild all just rebuild this: equery b /sbin so. .. it will give you all package which install something in /sbin just rebuild it Le Thu, 16 Nov 2006 17:23:17 +0100, James Colby [EMAIL PROTECTED] a écrit: List Members - I was trying to delete some files from my /sbin directory and with an unfortunate use of a wildcard accidentally deleted the entire contents on the /sbin directory. I have recovered the contents of the /sbin directory from a stage 3 tarball. I was thinking about doing an emerge world, just to make sure that everything is consistent. Do you all think that this is necessary? Thanks, James ___ Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et son interface révolutionnaire. http://fr.mail.yahoo.com -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Accidentally deleted contents of /sbin
On Thursday 16 November 2006 17:23, James Colby wrote:
I was trying to delete some files from my /sbin directory and with an
unfortunate use of a wildcard accidentally deleted the entire contents
on the /sbin directory. I have recovered the contents of the /sbin
directory from a stage 3 tarball. I was thinking about doing an
emerge world, just to make sure that everything is consistent. Do you
all think that this is necessary?
I suppose that remerging packages that install anything in /sbin would be in
order:
# cd /var/db/pkg emerge -va1 $(for pkg in */*; do
cut -d' ' -f2 ${pkg}/CONTENTS | grep -q '^/sbin/' echo =${pkg}
done)
--
Bo Andresen
pgpn6yhOdpqfm.pgp
Description: PGP signature
Re: [gentoo-user] Accidentally deleted contents of /sbin
On Thu, 16 Nov 2006, James Colby wrote: I was trying to delete some files from my /sbin directory and with an unfortunate use of a wildcard accidentally deleted the entire contents on the /sbin directory. I have recovered the contents of the /sbin directory from a stage 3 tarball. I was thinking about doing an emerge world, just to make sure that everything is consistent. Do you all think that this is necessary? Yes, I think an emerge --deep --emptytree world would be in order. If you had a recent backup of your system-- new enough that no new packages had been emerged since the backup was taken-- then restoring the backup would be the easiest option. In this case, though, it seems like a reasonable tradeoff to wait for all your packages to recompile in order to be more confident that your system won't blow up on you. Joe -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Accidentally deleted contents of /sbin
On Thu, 16 Nov 2006, Flophouse Joe wrote: Yes, I think an emerge --deep --emptytree world would be in order. Wow. The other posters are right. Re-emerging everything is a waste of time. It'd be much easier to re-emerge only the packages that had placed files into /sbin . Thanks, Geistteufel and Bo Andresen for reminding me of this! Joe -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Accidentally deleted contents of /sbin
On Thursday 16 November 2006 17:40, Flophouse Joe wrote: Yes, I think an emerge --deep --emptytree world would be in order. Why? And what exactly do you expect --deep to do with --emptytree? -- Bo Andresen pgpUMZ2pehxcd.pgp Description: PGP signature
Re: [gentoo-user] Re: emerge hints log?
ok thanks, I check that out later. is it working together with elog now? because there´s an hint in the handbook that it doesn´t work with portage 2.0.* I´m using 2.1.1 so I think its fixed now. thanks jakommo On 11/16/06, Stefan Wimmer [EMAIL PROTECTED] wrote: May I mention another tool which is IMHO better then the ELOG-feature? Check out enotice - http://www.fmp.com/enotice/ I use the ELOG-feature as well but I get not the information like with enotice ... for sure it's my fault ;-) Greetz Stefan -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Accidentally deleted contents of /sbin
On Thu, 16 Nov 2006, Bo ?rsted Andresen wrote: On Thursday 16 November 2006 17:40, Flophouse Joe wrote: Yes, I think an emerge --deep --emptytree world would be in order. Why? And what exactly do you expect --deep to do with --emptytree? Using --deep is a force of habit for upgrades, so I'm inclined to type it all the time. But you raise a good point: it has no effect on --emptytree world . Joe
Re: [gentoo-user] Re: emerge hints log?
Reordered for readability. On Thursday 16 November 2006 17:54, jakommo wrote: May I mention another tool which is IMHO better then the ELOG-feature? Check out enotice - http://www.fmp.com/enotice/ I use the ELOG-feature as well but I get not the information like with enotice ... for sure it's my fault ;-) ok thanks, I check that out later. is it working together with elog now? because there´s an hint in the handbook that it doesn´t work with portage 2.0.* I´m using 2.1.1 so I think its fixed now. No there is a hint that if you used enotice with 2.0.* then you need to remove it entirely before the elog system in portage 2.1.* will work. The elog system is entirely incompatible with enotice. There was no elog system in 2.0.* hence the existance of enotice. I'm not sure why anyone would want to use enotice with 2.1.1 which does have quite a flexible elog system... PS: Please don't top post. -- Bo Andresen pgpwWkTy9bD7J.pgp Description: PGP signature
[gentoo-user] Resize /
Hi Listmembers, I have a problem the / Partition on my system is to smal, is there a save way to resize it? I know mounting other partitions to e.g. /usr will help but the / is only 4,6G so it will help only temporarily. thanks jakommo
Re: [gentoo-user] Resize /
you can emerge gparted and use a gui program that well allow you to resize your partitions, plus add and remove partitions. On 11/16/06, jakommo [EMAIL PROTECTED] wrote: Hi Listmembers, I have a problem the / Partition on my system is to smal, is there a save way to resize it? I know mounting other partitions to e.g. /usr will help but the / is only 4,6G so it will help only temporarily. thanks jakommo -- Ryan Crisman
Re: [gentoo-user] Install Gentoo on one machine, then move the drive to another
On 11/16/06, Jon M [EMAIL PROTECTED] wrote: What did you set your MAKEOPTS to? I was thinking -j3 because of the two cores plus one. Did you do the same? I suggest MAKEOPTS=-j3 if you have at least 2G of RAM in the box. If only 1G, MAKEOPTS=-j2. If less, -j1. You can also change this after you move the drive over. -Richard -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Resize /
On Thu, 16 Nov 2006 18:55:00 +0100, jakommo wrote: I have a problem the / Partition on my system is to smal, is there a save way to resize it? I know mounting other partitions to e.g. /usr will help but the / is only 4,6G so it will help only temporarily. /usr often account for more than half of the contents of /, so mounting it on a different filesystem will indeed help. Before you do anything else, have you cleaned out /var/tmp and /usr/portage/distfiles. Moving $POARTAGE_TMPDIR and $DISTDIR to a separate partition is a good way of preventing portage filling up your root partition. -- Neil Bothwick Bother, said Pooh, as someone flamed him for no reason. signature.asc Description: PGP signature
[gentoo-user] OT - ipkungfu perhaps not doing its job
Can anyone tell me why I have about a hundred of these Nov 16 08:00:03 bullet ftp(pam_unix)[2045]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=222.135.146.45 Nov 16 08:00:06 bullet ftp(pam_unix)[2045]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=222.135.146.45 Nov 16 08:00:09 bullet ftp(pam_unix)[2045]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=222.135.146.45 Nov 16 08:00:12 bullet ftp(pam_unix)[2045]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=222.135.146.45 when that IP address is in /etc/ipkungfu/deny_hosts.conf? Here's my rules; I don't understand them: bullet ~ # ipkungfu -l Chain INPUT (policy DROP 2 packets, 144 bytes) pkts bytes target prot opt in out source destination 45662 6103K ACCEPT all -- anyany anywhere anywherestate RELATED,ESTABLISHED 0 0 LOGall -- lo any 0.0.0.1 anywhereLOG level warning prefix `IPKF IPKungFu (--init)' 0 0 DROP all -- eth0 any 210.188.206.107 anywhere 0 0 DROP all -- eth0 any 222.90.206.62 anywhere 0 0 DROP all -- eth0 any 61.178.185.124 anywhere 0 0 DROP all -- eth0 any 65.98.76.197 anywhere 0 0 DROP all -- eth0 any 211.234.99.230 anywhere 0 0 DROP all -- eth0 any 60.191.34.155 anywhere 0 0 DROP all -- eth0 any sd-2742.dedibox.fr anywhere 140 DROP all -- eth0 any nameservices.net anywhere 155 DROP all -- eth0 any 222.135.146.45 anywhere 28 1598 ACCEPT all -- anyany camille.espersunited.com anywhere 7 351 ACCEPT all -- anyany catherine.espersunited.com anywhere 0 0 DROP all -- anyany anywhere anywhererecent: CHECK seconds: 120 name: badguy side: source 0 0 LOGtcp -- eth0 any anywhere anywheretcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG limit: avg 3/sec burst 5 LOG level warning prefix `IPKF flags ALL: ' 0 0 LOGtcp -- eth0 any anywhere anywheretcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE limit: avg 3/sec burst 5 LOG level warning prefix `IPKF flags NONE: ' 0 0 LOGtcp -- eth0 any anywhere anywheretcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG limit: avg 3/sec burst 5 LOG level warning prefix `IPKF PORTSCAN (nmap XMAS): ' 0 0 LOGtcp -- eth0 any anywhere anywheretcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN limit: avg 3/sec burst 5 LOG level warning prefix `IPKF PORTSCAN (nmap FIN): ' 0 0 LOGtcp -- eth0 any anywhere anywheretcp flags:FIN,SYN/FIN,SYN limit: avg 3/sec burst 5 LOG level warning prefix `IPKF flags SYN,FIN: ' 0 0 LOGtcp -- eth0 any anywhere anywheretcp flags:SYN,RST/SYN,RST limit: avg 3/sec burst 5 LOG level warning prefix `IPKF flags SYN,RST: ' 0 0 LOGtcp -- eth0 any anywhere anywheretcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG limit: avg 3/sec burst 5 LOG level warning prefix `IPKF SYN,RST,ACK,FIN,URG: ' 0 0 LOGtcp -- eth0 any anywhere anywheretcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE limit: avg 3/sec burst 5 LOG level warning prefix `IPKF PORTSCAN (nmap NULL): ' 0 0 DROP tcp -- eth0 any anywhere anywheretcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG 0 0 DROP tcp -- eth0 any anywhere anywheretcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE 0 0 DROP tcp -- eth0 any anywhere anywheretcp flags:FIN,SYN/FIN,SYN 0 0 DROP tcp -- eth0 any anywhere anywheretcp flags:SYN,RST/SYN,RST 0 0 DROP tcp -- eth0 any anywhere anywheretcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG 0 0 DROP tcp -- eth0 any anywhere anywheretcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG 0 0 DROP tcp -- eth0 any anywhere anywheretcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN 0 0 DROP tcp -- eth0 any anywhere anywheretcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE 3 276 ACCEPT icmp -- anyany anywhere anywhereicmp echo-request 85 3400 LOGall -- anyany anywhere anywherestate INVALID limit: avg 3/sec burst 5 LOG level warning prefix `IPKF Invalid TCP flag: ' 85 3400 DROP all -- anyany anywhere anywherestate INVALID 0 0 LOGall -f eth0 any anywhere anywherelimit: avg 3/sec burst 5 LOG level warning prefix `IPKF Fragmented Packet: ' 0 0 DROP all -f eth0 any anywhere anywhere 0
Re: [gentoo-user] Resize /
On Thursday 16 November 2006 19:55, jakommo wrote: Hi Listmembers, I have a problem the / Partition on my system is to smal, is there a save way to resize it? I know mounting other partitions to e.g. /usr will help but the / is only 4,6G so it will help only temporarily. You have a tricky problem. Any partition hosting an ext2/3 or reiserfs filesystame can be reduced, but it has to be unmounted first. The partition in question is /, which cannot be unmounted in a running system. So, you have to boot off a LiveCD. teh gentoo installer gives you such an environment, so does knoppix or ubuntu, or even (god forbid!) red hat. You need to use the filesystem resizing tool, it's e2online (or maybe ext2online) or resize_reiserfs to reduce the filesystem to an appropriate value, then use fdisk to resize the partition to the same size as the filesystem. This will free up the unused space after the partition in quetion so you can do something else with it. Just remember that this will usually renumber partitions between the new one and the end of the disk and you have to account for that in /etc/fstab. So if you reduce /dev/hda5 and create a new partition in the free space, then whatever you used to call /dev/hda6 is now probably called /dev/hda7 There are graphical tools around to make this simpler - I believe partition magic has some ext2/3 support and gparted can do cool things. I can't tell you if they are good or bad as I don't use them (I'm a command line junkie :-) alan -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Resize /
Hello What the size of your / ? Mine is 1 Go, and I use only 300 mo, just conf and lib sbin bin If you have opt in your / I suggest to move it and doing a symlink like cd /; mv opt usr; ln -s usr/opt . so ... jakommo a écrit : Hi Listmembers, I have a problem the / Partition on my system is to smal, is there a save way to resize it? I know mounting other partitions to e.g. /usr will help but the / is only 4,6G so it will help only temporarily. thanks jakommo ___ Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses http://fr.answers.yahoo.com -- gentoo-user@gentoo.org mailing list
[gentoo-user] 7800 GTX: opensource driver stable?
Hello, I'm looking at this NVIDIA GeForce 7800 GTX for a gentoo based gaming system. Anyone have any experience with this card (or a similar card) and any of the open source drivers? Maybe just use the nvidia drivers? I've googled my fingers off, but, I'm more confused about which card to purchase than before. I'm not very experienced with Graphics Accellerations issue under Linux/X so any help or comments are most appreciated. I did find this excellent resource for bencharks and stabiltiy of all sorts of video cards: http://freestone-group.com/video-card-stability-test/benchmark-results.html http://freestone-group.com/video-card-stability-test/ I'm not looking for the latest video card, just one with good performance and open source drivers. James -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: pet peeve: sending normal output to stderr (env-update)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Richard Fish wrote: env-update.sh outputs this message with a simple echo, so no output to stdout here. However portage writes most messages to stderr. Well and good, but this is not an abnormal message, and there's no reason for it to go to stderr. stderr is for errors, else it's just unbuffered stdout, which isn't terribly helpful. File descriptor gymnastics and text munging should not be required in order to separate expected output from abnormal conditions. I expect that from Microsoft. ;-) You can either file a bug report on bugs.gentoo.org to try and get the behavior changed, Thank you, I'll look into that. Obviously, I was merely venting here. Cheers -d - -- David Talkington PGP key: http://www.prairienet.org/~dtalk/004B8F8B.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFXLLA5FKhdwBLj4sRAr9eAJkBO7D7empiwxkA7+MriXL4tkx5sQCfaZXV 8rPuON/F03fbU5SCuxFrucQ= =3WNZ -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT - ipkungfu perhaps not doing its job
On Thursday 16 November 2006 20:29, Michael Sullivan wrote: Can anyone tell me why I have about a hundred of these Nov 16 08:00:03 bullet ftp(pam_unix)[2045]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=222.135.146.45 Nov 16 08:00:06 bullet ftp(pam_unix)[2045]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=222.135.146.45 Nov 16 08:00:09 bullet ftp(pam_unix)[2045]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=222.135.146.45 Nov 16 08:00:12 bullet ftp(pam_unix)[2045]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=222.135.146.45 when that IP address is in /etc/ipkungfu/deny_hosts.conf? Here's my rules; I don't understand them: [snip] 1 55 DROP all -- eth0 any 222.135.146.45 anywhere Some scipt kiddie is trying a brute force attack on your ftp port trying random combinations of user name and pasword every three seconds. 'dig 45.146.135.222.in-addr.arpa PTR' tells me that the address belongs to some maschine on network sdjnptt.net.cn and that turns out to be what looks like some chinese isp. So, a chinese person is trying to exploit your machine. Hey, it happens. And will happen for about the rest of your life. The solution is to drop them at the firewall, and the above rule is doing exactly that. This specific attack from this specific person at that specific address si no longer something you need to worry about :-) alan -- gentoo-user@gentoo.org mailing list
[gentoo-user] Nscd dies without reason
Hi, my system is configured to have a ldap based authentication. I put bind_policy soft on /etc/ldap.conf file, so I need nscd running, but after about 5 seconds that I start nscd, it dies. Why? I check log files but I can't see any additional information. I prefer to use bind_policy hard, but at the boot time the system hangs. Any suggestion? Thank you, Leandro. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Help with script for iptables
On Thursday 16 November 2006 15:19, Nangus Garba wrote:
# I think that a set of rules that looks something like this would be
easier to maintain
# there are 500 little tricks that I could add if I was home and had my
notes
Hey! Thanks for your help - please send some more when you get home. :)
iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
The ! $iface is meant to catch incoming packets on an external iface which
have their IP address spoofed to 127.0.0.1 type of thing. Will lo achieve
the same thing?
#this will take care of all interfaces by default
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# maybe you should just use one interface for portage to connect through
such as eth0
Good point.
# might also be a good plan to use the mac address instead of the ip it is
a little harder to spoof
Could I use both in a single rule?
#Allow rsync connections from study1 to update portage
iptables -A INPUT -i eth0 -p tcp -s 192.168.0.2 -m tcp --dport 873 -d
192.168.0.5 -j ACCEPT
#Allow tcp connections from study1 to download distfiles
iptables -A INPUT -i eth0 -p tcp -s 192.168.0.2 -m tcp --dport 1024 -d
192.168.0.5 -j ACCEPT
# these rules are kinda taken car of by: iptables -P INPUT DROP
Yes, in their current format they are, but I had previously set them up to
REJECT with different messages
# iptables -A INPUT -p tcp -i ${x} -j DROP
#iptables -A INPUT -p udp -i ${x} -j DROP
Keep 'em coming! :)
--
Regards,
Mick
pgpj0yIdRThq7.pgp
Description: PGP signature
[gentoo-user] Gcc complains about TLS and errno; I baffled
I'm trying to compile a program that works on Solaris with gcc, but won't complile under Linux (either FC5 or Gentoo). It seems to be because writing int errno; works under Solaris gcc-3.4.3 (well, it passes the compiler anyway), but under Linux gcc-3.4.6 or -4.1.0 one has to #include errno.h which makes more sense. I would just make the change, but I'm baffled by the error message Linux gcc gives to the first declaration. It reads: /usr/lib/gcc/i686-pc-linux-gnu/3.4.6/../../../../i686-pc-linux-gnu/bin/ld: errno: TLS definition in /lib/libc.so.6 section .tbss mismatches non-TLS reference in /tmp/cc6urgct.o /lib/libc.so.6: could not read symbols: Bad value But when I try to look up TLS, all I get is a bunch of stuff about a server-to-server email security protocol. What is it talking about here, and where can I find out about it? ++ kevin -- Kevin O'Gorman, PhD -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Gcc complains about TLS and errno; I baffled
On Thursday 16 November 2006 22:03, Kevin O'Gorman wrote: I'm trying to compile a program that works on Solaris with gcc, but won't complile under Linux (either FC5 or Gentoo). It seems to be because writing int errno; works under Solaris gcc-3.4.3 (well, it passes the compiler anyway), but under Linux gcc-3.4.6 or -4.1.0 one has to #include errno.h which makes more sense. I would just make the change, but I'm baffled by the error message Linux gcc gives to the first declaration. It reads: /usr/lib/gcc/i686-pc-linux-gnu/3.4.6/../../../../i686-pc-linux-gnu/bi n/ld: errno: TLS definition in /lib/libc.so.6 section .tbss mismatches non-TLS reference in /tmp/cc6urgct.o /lib/libc.so.6: could not read symbols: Bad value But when I try to look up TLS, all I get is a bunch of stuff about a server-to-server email security protocol. What is it talking about here, and where can I find out about it? It would appear to be a an issue between linuxthreads and nptl. How are your nptl and nptlonly USE flasg set? This post that I find on google may start to give you more answers. It's for a completely different package but the problem and solution seesmto be the same as yours: http://www.rockbox.org/mail/archive/rockbox-dev-archive-2006-01/0020.shtml alan -- gentoo-user@gentoo.org mailing list
[gentoo-user] Samba and Hebrew File Names
Hi, I never could make Linux box use MS-XP files (NTFS) over samba when the file names are Hebrew. open attempts of such file names results in failure (-1) and errno set to NOENT (standard message: No such file or directory). My last attempt is with: http://www.iglu.org.il/faq/index.cgi?_recurse=1file=74#file_77 Unfortunately the command make_unicodemap is missing from the package (samba 3.0.20b is what I currently have) I tried the mount with options codepage=cp862,iocharset=iso8859-8 and I have kernel configurations 2.6.17 with: NLS_CODEPAGE_437 NLS_CODEPAGE_862 NLS_ISO8859_8 NLS_ISO8859_1 (only God knows why I keep this one) NLS_UTF8 I don't know what more I can do (I'm loosing it). -- Regards. David Harel, == Home office +972 77 4422234 Fax:+972 77 4422234 Cellular: +972 54 4534502 Snail Mail: Amuka D.N Merom Hagalil 13802 Israel Email: [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Resize /
On 11/16/06, geistteufel [EMAIL PROTECTED] wrote: Hello What the size of your / ? Mine is 1 Go, and I use only 300 mo, just conf and lib sbin bin If you have opt in your / I suggest to move it and doing a symlink like cd /; mv opt usr; ln -s usr/opt . so ... jakommo a écrit : Hi Listmembers, I have a problem the / Partition on my system is to smal, is there a save way to resize it? I know mounting other partitions to e.g. /usr will help but the / is only 4,6G so it will help only temporarily. thanks jakommo ___ Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses http://fr.answers.yahoo.com -- gentoo-user@gentoo.org mailing list thanks for your replys. everything but boot is ext3 and its a RAID5. For now I think maybe its better to make some new partitions and copy the stuff to them by using a live cd and then adjust fstab and/or make symlinks. the problem is the maschine is a server and I dont want it to be down for a long time, its only used for cups at the moment, but I think its more secure to quit the idea of resizing and do it the mount and symlink way. another benefit of this way is I can prepare everything so I only need to reboot with a live cd to copy the files and thats it. thanks again for your solutions jakommo
Re: [gentoo-user] Re: pet peeve: sending normal output to stderr (env-update)
On 11/16/06, David Talkington [EMAIL PROTECTED] wrote: Well and good, but this is not an abnormal message, and there's no reason for it to go to stderr. stderr is for errors, else it's just unbuffered stdout, which isn't terribly helpful. Actually lots of programs use stderr for more than just abnormal output. It is common practice in programs that generate a lot of output to send the verbose messages to stdout and the status messages to stderr. But also, you might be interested in this: http://forums.gentoo.org/viewtopic-t-511285.html I actually like this idea so much, I may try my hand at hacking portage this weekend to make a proof-of-concept! -Richard -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT - ipkungfu perhaps not doing its job
On Thu, 2006-11-16 at 21:09 +0200, Alan McKinnon wrote: On Thursday 16 November 2006 20:29, Michael Sullivan wrote: Can anyone tell me why I have about a hundred of these Nov 16 08:00:03 bullet ftp(pam_unix)[2045]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=222.135.146.45 Nov 16 08:00:06 bullet ftp(pam_unix)[2045]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=222.135.146.45 Nov 16 08:00:09 bullet ftp(pam_unix)[2045]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=222.135.146.45 Nov 16 08:00:12 bullet ftp(pam_unix)[2045]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=222.135.146.45 when that IP address is in /etc/ipkungfu/deny_hosts.conf? Here's my rules; I don't understand them: [snip] 155 DROP all -- eth0 any 222.135.146.45 anywhere Some scipt kiddie is trying a brute force attack on your ftp port trying random combinations of user name and pasword every three seconds. 'dig 45.146.135.222.in-addr.arpa PTR' tells me that the address belongs to some maschine on network sdjnptt.net.cn and that turns out to be what looks like some chinese isp. So, a chinese person is trying to exploit your machine. Hey, it happens. And will happen for about the rest of your life. The solution is to drop them at the firewall, and the above rule is doing exactly that. This specific attack from this specific person at that specific address si no longer something you need to worry about :-) alan So why do I get the hourly log reports (from logcheck) saying that this IP is trying to access my FTP? How does vsftpd know about this if they're being dropped at the firewall? -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] 7800 GTX: opensource driver stable?
On 11/16/06, James [EMAIL PROTECTED] wrote: I'm not looking for the latest video card, just one with good performance and open source drivers. You won't get hardware 3D with nvidia and open source drivers. So you'll either have to accept the proprietary drivers (which are pretty good IMO) if you want hardware 3D, or prefer an ATI card supported by the radeon driver. But I have no current experience with ATI, so others will have to comment about that side of the world. -Richard -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Resize /
jakommo writes: On 11/16/06, geistteufel [EMAIL PROTECTED] wrote: If you have opt in your / I suggest to move it and doing a symlink like cd /; mv opt usr; ln -s usr/opt . For now I think maybe its better to make some new partitions and copy the stuff to them by using a live cd and then adjust fstab and/or make symlinks. the problem is the maschine is a server and I dont want it to be down for a long time, its only used for cups at the moment, but I think its more secure to quit the idea of resizing and do it the mount and symlink way. another benefit of this way is I can prepare everything so I only need to reboot with a live cd to copy the files and thats it. I don't think there is a neeed to boot from CD for that. Just copy /usr (or whatever directory you like) to its new destination, rename /usr and create the symlink instantly after that: cp -pr /usr /newdrive/ mv /usr /usr.old /usr.old/bin/ln -s /newdrive/usr / This makes /usr unavailable for a fraction of seconds only. Programs currently using files in /usr should not be affected, when the files are still open it should not matter if they are renamed as long as they stay on the same partition. Alex -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Resize /
On 11/16/06, Alex Schuster [EMAIL PROTECTED] wrote: jakommo writes: On 11/16/06, geistteufel [EMAIL PROTECTED] wrote: If you have opt in your / I suggest to move it and doing a symlink like cd /; mv opt usr; ln -s usr/opt . For now I think maybe its better to make some new partitions and copy the stuff to them by using a live cd and then adjust fstab and/or make symlinks. the problem is the maschine is a server and I dont want it to be down for a long time, its only used for cups at the moment, but I think its more secure to quit the idea of resizing and do it the mount and symlink way. another benefit of this way is I can prepare everything so I only need to reboot with a live cd to copy the files and thats it. I don't think there is a neeed to boot from CD for that. Just copy /usr (or whatever directory you like) to its new destination, rename /usr and create the symlink instantly after that: cp -pr /usr /newdrive/ mv /usr /usr.old /usr.old/bin/ln -s /newdrive/usr / This makes /usr unavailable for a fraction of seconds only. Programs currently using files in /usr should not be affected, when the files are still open it should not matter if they are renamed as long as they stay on the same partition. Alex -- gentoo-user@gentoo.org mailing list thanks Alex, I think I try that, but I wait for a moment where it doesn't metter if something goes wrong. jakommo
Re: [gentoo-user] Accidentally deleted contents of /sbin
# cd /var/db/pkg emerge -va1 $(for pkg in */*; do
cut -d' ' -f2 ${pkg}/CONTENTS | grep -q '^/sbin/' echo =${pkg}
done)
--
Thanks for the advice everybody. I ran this command and it just
finished successfully. I had one file in /etc that needed updating,
and when I tried to run etc-update it was missing. Should I try to
emerge world?
Thanks,
James
--
gentoo-user@gentoo.org mailing list
[gentoo-user] NTFS vs ext3
hey, i was wondering what would be the best solution for a shared data partition, it's a 100GB partition, and FAT is not an option, so should i use ext2 (or ext3) with one of the tools on windows? and which tool would you recommend I'm currently using ext2fsd to read my ext2 backup harddrive i think it has ext3 write support.. Or should i go the other way around and put my data on an NTFS partition, and if i do that is the NTFS write support stable by now.. it's been a long time since i dual booted so back then NTFS support was not really a good idea.. thank you in advance -- Ghaith Hachem TristMoon Staff TristMoon.com
Re: [gentoo-user] NTFS vs ext3
In ( what seems like ) similar situatoins, I've just let the partition that I want to share b/w OSes just be a NTFS partition if say, I were dual-booting my machine ( Linux Windows ). IMHO, Linux support for NTFS is fine, meaning that I've not experienced any trouble related to doing that. Shawn On 11/16/06, Ghaith Hachem [EMAIL PROTECTED] wrote: hey, i was wondering what would be the best solution for a shared data partition, it's a 100GB partition, and FAT is not an option, so should i use ext2 (or ext3) with one of the tools on windows? and which tool would you recommend I'm currently using ext2fsd to read my ext2 backup harddrive i think it has ext3 write support.. Or should i go the other way around and put my data on an NTFS partition, and if i do that is the NTFS write support stable by now.. it's been a long time since i dual booted so back then NTFS support was not really a good idea.. thank you in advance -- Ghaith Hachem TristMoon Staff TristMoon.com -- ...the return which is executed immediately after the call to aretu actually returns from the last routine which did the savu. You are not expected to understand this. Unix Sixth Edition
Re: [gentoo-user] Accidentally deleted contents of /sbin
On Thu, 16 Nov 2006, James Colby wrote: I had one file in /etc that needed updating, and when I tried to run etc-update it was missing. I'm not clear on what's happened. Is it etc-update that's missing or is it something else? Joe -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Samba and Hebrew File Names
Am Donnerstag 16 November 2006 21:34 schrieb David Harel: Hi, I never could make Linux box use MS-XP files (NTFS) over samba when the file names are Hebrew. Heya, I just tested this out really quick and encountered the same problem. However I was able to mount everything without any problems using cifs instead of smbfs. If you have that in your kernel then you can try it. mount -t cifs -o user=username if required //system/mount /mount here With WinXP on the otherside (or any newer samba also) you should not need to specify anything other than that above, however to get a better idea of what you can do with this you can check out the man page for mount.cifs. (man:/mount.cifs under konqueror or man mount.cifs from the commandline.) Hope that helps you out in your quest. Justin T -- gentoo-user@gentoo.org mailing list
[gentoo-user] Using LINGUAS on a per package basis like with USE
(key: /etc/portage/package.linguas - for google ;) Hi everyone, I use LINGUAS=es en on my system, but what I really want to have is something like /etc/portage/package.use but for LINGUAS. Is there some way to specify this? Or are there any plans to support such behaviour? -- Fernando Canizo - http://muriandre.homelinux.org/~conan/ -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Using LINGUAS on a per package basis like with USE
On Friday 17 November 2006 00:06, Fernando Canizo wrote: I use LINGUAS=es en on my system, but what I really want to have is something like /etc/portage/package.use but for LINGUAS. Is there some way to specify this? Or are there any plans to support such behaviour? LINGUAS are USE_EXPAND'ed use flags. LINGUAS=es en expands into IUSE as linguas_es linguas_en so those you can add to package.use like any other use flag... http://devmanual.gentoo.org/general-concepts/use-flags/index.html#use_expand-and-arch-use-flags -- Bo Andresen pgpcgyLscRwgY.pgp Description: PGP signature
[gentoo-user] kmail doesn't download mail
Hi! I migrate from monolitic kde to split ebuilds. But now kmail doesn't works... And now it's failed at starting pop3 and pop3s processes. Any ideas?
[gentoo-user] Lag de défilement : mise à jour de libpng ou erreur de config ?
Salut la liste, Je m'arrache les cheveux à essayer de me dépatouiller d'un problème de défilement *ultra* saccadé des pages dans les applis du genre Quanta, Konsole, Konqueror, enfin des programmes de KDE (je suis sous KDE 3.5.5) depuis hier. Il ne s'est passé que 2 choses depuis que tout allait bien : - mise à jour de la libpng - j'ai décliqué puis recliqué sur Lisser les polices d'écran dans le centre de configuration de KDE, partie Apparences Polices. Les clics sur Lisser..., sur le coup, ça a rien changé, mais j'ai redémarrer la machine depuis et c'est là que ce problème est survenu. Si je décoche l'option lisser... ça ne change pas grande, mais ça saccade un poil moins. De toute façon, ça ne saccadait pas jusque là, et là c'est digne d'un windows sans pilotes graphiques :) Je suis sur un XP3000+ (32bits) + 6600GT, la 3d fonctionne nickel, je soupçonne KDE de tenter de faire un travail arrassant sur les polices dans 'ses' logiciels, car ça ne saccade pas dans tous les programmes qui ne proviennent pas de KDE. Dois je vous fournir mes fichiers xorg.conf / fonts.conf / local.font ?
[gentoo-user] Testing a chroot
Is there any way to test this? I'm trying to chroot my apache server, and I'm curious how I could test that it's actually using. Also, does anyone have experience with using chroot via mod_security? Thanks! -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Accidentally deleted contents of /sbin
James Colby wrote:
# cd /var/db/pkg emerge -va1 $(for pkg in */*; do
cut -d' ' -f2 ${pkg}/CONTENTS | grep -q '^/sbin/' echo
=${pkg}
done)
--
Thanks for the advice everybody. I ran this command and it just
finished successfully. I had one file in /etc that needed updating,
and when I tried to run etc-update it was missing. Should I try to
emerge world?
Thanks,
James
May want to emerge portage. That is where that command comes from.
[EMAIL PROTECTED] / # equery belongs etc-update
[ Searching for file(s) etc-update in *... ]
sys-apps/portage-2.1.1-r1 (/usr/sbin/etc-update -
../lib/portage/bin/etc-update)
sys-apps/portage-2.1.1-r1 (/usr/lib/portage/bin/etc-update)
[EMAIL PROTECTED] / #
If it were me, I would still do a emerge -e world, just to be sure.
Dale
:-) :-)
--
gentoo-user@gentoo.org mailing list
[gentoo-user] Multi-user pop3 mail delivery
Hi Guys. I am trying to replace a server setup at one of our client's offices. They have a domain name, and an email account - both hosted by a 3rd party. This third party gives them a single pop3 account where all email is stored (for all users@domain.com), downloadable by a single user login. Now the old setup (which I had nothing to do with) uses fetchmail to poll the server every 10 minutes, and then forwards the mail to the smtp on the localhost. I have tried to replicate this, but am hitting several disadvantages, one being that all spam messages sent to non-existing users are forwarded to the local postmaster account. I keep thinking that there must be a much more logical way to do this. When I try it without setting the postmaster messages are not bounced. How is this setup normally done? The local server has postfix running, but is *not* accessable from outside directly (firewalled). Mail will have to be polled I guess. I am using the following fetchmail conf: set postmaster postmaster set bouncemail set properties set syslog set invisible set daemon 600 poll pop3.server.com protocol POP3 checkalias timeout 30 envelope Received: localdomains mydomain.com user accountuser pass accountpass to * here smtphost localhost smtpaddress mydomain.com fetchall; Any advice? Thanks in advance, Ralph -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Accidentally deleted contents of /sbin
On Thu, 16 Nov 2006 18:11:29 -0600, Dale wrote:
If it were me, I would still do a emerge -e world, just to be sure.
You can check all packages for missing or corrupt files with
equery -C list kdebase | awk '/\// {print $((NF - 1))}' | sed 's;^;=;' | xargs
--max-lines=1 equery check
--
Neil Bothwick
I have seen the truth, and it makes no sense.
signature.asc
Description: PGP signature
Re: [gentoo-user] Accidentally deleted contents of /sbin
If it were me, I would still do a emerge -e world, just to be sure. Dale Does emerge -e world add anything to the world file? Do I need to add the --oneshot option to this to keep my world file clean Thanks, James -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Accidentally deleted contents of /sbin
James Colby wrote: If it were me, I would still do a emerge -e world, just to be sure. Dale Does emerge -e world add anything to the world file? Do I need to add the --oneshot option to this to keep my world file clean Thanks, James From what I understand, it takes the packages listed in the world file and then pretends there is nothing emerged and builds a list. This will emerge everything in world plus their dependacies. It should not change your world file at all. I have done this several times when something goes weird on my system or upgrading gcc. You have a good plan to keep your world file clean though. Seems we are both learning to do that. O_O Basically, this rebuilds everything on your system from the ground up. That is why it takes so long. It's akin to rebuilding the whole house when you have a small leak in your roof. Of course, you have a new house this way. ;-) Also keep in mind emerge --resume and emerge --resume --skipfirst. The first is in case you have to stop to reboot or something. The second is in case something fails to emerge and you want to rebuild it later. Make a note of what packages fail and the error. You may need that info later. Hope that helps. Dale :-) :-) -- gentoo-user@gentoo.org mailing list
[gentoo-user] ymessenger is going??
Hi, I did my sync tonight and when I checked for updates I got this: !!! Ebuilds for the following packages are either all !!! masked or don't exist: net-im/ymessenger Is there not going to be a Yahoo messenger anymore? I cranked up Kopete but I sort of like Yahoo better. If it is going, anybody know why? I checked the change log and even searched a bit for a bug report. I didn't see anything. Thanks Dale :-) -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Lag de défilement : mise à jour de libpng ou erreur de config ?
On 11/16/06, Nico [EMAIL PROTECTED] wrote: Salut la liste, Je m'arrache les cheveux à essayer de me dépatouiller d'un problème de défilement *ultra* saccadé des pages dans les applis du genre Quanta, Konsole, Konqueror, enfin des programmes de KDE (je suis sous KDE 3.5.5) depuis hier. Il ne s'est passé que 2 choses depuis que tout allait bien : - mise à jour de la libpng - j'ai décliqué puis recliqué sur Lisser les polices d'écran dans le centre de configuration de KDE, partie Apparences Polices. Les clics sur Lisser..., sur le coup, ça a rien changé, mais j'ai redémarrer la machine depuis et c'est là que ce problème est survenu. Si je décoche l'option lisser... ça ne change pas grande, mais ça saccade un poil moins. De toute façon, ça ne saccadait pas jusque là, et là c'est digne d'un windows sans pilotes graphiques :) Je suis sur un XP3000+ (32bits) + 6600GT, la 3d fonctionne nickel, je soupçonne KDE de tenter de faire un travail arrassant sur les polices dans 'ses' logiciels, car ça ne saccade pas dans tous les programmes qui ne proviennent pas de KDE. Dois je vous fournir mes fichiers xorg.conf / fonts.conf / local.font ? Les e-mails vont à gentoo-users-fr pour les haut-parleurs français (babel fish to the rescue?) -- - Mark Shields
[gentoo-user] How come my 'esearch' isn't updated when I emerge something until the next 'esync'?!
I always found this annoying... How come when I emerge something, my 'esearch' isn't updated until the next time I do an 'esync'? * www-apps/trac Latest version available: 0.9.6 Latest version installed: [ Not Installed ] Size of downloaded files: 995 kB Homepage:http://trac.edgewall.com/ Description: Trac is a minimalistic web-based project management, wiki and bug/issue tracking system. License: trac But I *DO* have it installed daevid ~ # emerge -av trac [ebuild R ] www-apps/trac-0.9.6 USE=cgi sqlite -enscript -fastcgi -postgres -silvercity -vhosts 331 kB Then if I do an 'esync' it shows (and in some kind of ironic slap in my face, THEN it shows me there is an update, so I have to re-emerge it to be current): * www-apps/trac Latest version available: 0.10.1 Latest version installed: 0.9.6 Size of downloaded files: 1,288 kB Homepage:http://trac.edgewall.com/ Description: Trac is a minimalistic web-based project management, wiki and bug/issue tracking system. License: trac Why can't portage just be smart enough (and smart is a very generous term for the code neede to update this) to update whatever record/file/log/whatever it is that shows what I have installed?! This seems so silly and like a 0.0.3 kind of feature to put in to portage. I've added this as a bug since I didn't see one in there already: http://bugs.gentoo.org/show_bug.cgi?id=155452 -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] How come my 'esearch' isn't updated when I emerge something until the next 'esync'?!
On 2006-11-17 07:30:11 +0100 Daevid Vincent [EMAIL PROTECTED] wrote: How come when I emerge something, my 'esearch' isn't updated until the next time I do an 'esync'? Because esearch uses a database to speed up searches, and that database isn't regenerated until you run esync or eupdatedb. I'd recommend using eix instead of esearch - not only is it faster, but it also knows changes in installed packages without needing to update its database. Then if I do an 'esync' it shows (and in some kind of ironic slap in my face, THEN it shows me there is an update, so I have to re-emerge it to be current): You should probably be doing eupdatedb instead of esync. esync does an emerge --sync, and you don't want to get banned from a mirror for rsync abuse. This seems so silly and like a 0.0.3 kind of feature to put in to portage. It's not a part of portage. esearch is a separate package, developed specifically to combat the slowness of emerge --search. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] How come my 'esearch' isn't updated when I emerge something until the next 'esync'?!
Dnia piątek, 17 listopada 2006 07:27, Daevid Vincent napisał: I always found this annoying... How come when I emerge something, my 'esearch' isn't updated until the next time I do an 'esync'? Because it is the way it is designed. Well, it is a high time to switch from esearch to eix. Then you update portage with eix-sync (instead of emerge --sync) and it shows you a very detailed report of what has been updated (or downgraded) and which of these updates apply to your system. -- Pawel Kraszewski www.kraszewscy.net -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] How come my 'esearch' isn't updated when I emerge something until the next 'esync'?!
On Thu, 2006-11-16 at 22:27 -0800, Daevid Vincent wrote: I always found this annoying... How come when I emerge something, my 'esearch' isn't updated until the next time I do an 'esync'? because esearch trawls through /usr/portage only when you tell it to, and stores it's info in a database somewhere. * www-apps/trac Latest version available: 0.9.6 Latest version installed: [ Not Installed ] [snip] But I *DO* have it installed daevid ~ # emerge -av trac [ebuild R ] www-apps/trac-0.9.6 USE=cgi sqlite -enscript -fastcgi -postgres -silvercity -vhosts 331 kB Then if I do an 'esync' esync is the esearch tool to emerge --sync, and then eupdatedb afterwards. eupdatedb is the tool to update the esearch database I mentioned earlier. it shows (and in some kind of ironic slap in my face, THEN it shows me there is an update, so I have to re-emerge it to be current): you shouldn't have to re-emerge it. portage knows about the most recent version all the time, regardless of what esearch shows you. * www-apps/trac Latest version available: 0.10.1 Latest version installed: 0.9.6 [snip] this doesn't mean that you will have to re-install. (someone can correct me here, but) I think this means that 0.10.1 is available, but not installed on your system probably because of masking. Why can't portage just be smart enough (and smart is a very generous term for the code neede to update this) to update whatever record/file/log/whatever it is that shows what I have installed?! aahhh, the penny drops. esearch is not part of portage, it's a tool written by David Peter (?) to help you search the portage filesystem easier. There are other tools that don't require the database update, but I'll leave that flame war for someone else to start ;) I've added this as a bug since I didn't see one in there already: http://bugs.gentoo.org/show_bug.cgi?id=155452 it will probably be marked wontfix or something like that. You could make it practise to run eupdatedb everytime you run emerge --sync, but that's up to you. cya, -- Iain Buchanan iaindb at netspace dot net dot au What color is a chameleon on a mirror? -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Lag de défilement : mise à jour de libpng ou erreur de config ?
Nico wrote: Salut la liste, Je m'arrache les cheveux à essayer de me dépatouiller d'un problème de défilement *ultra* saccadé des pages dans les applis du genre Quanta, Konsole, Konqueror, enfin des programmes de KDE (je suis sous KDE 3.5.5) depuis hier. Il ne s'est passé que 2 choses depuis que tout allait bien : - mise à jour de la libpng - j'ai décliqué puis recliqué sur Lisser les polices d'écran dans le centre de configuration de KDE, partie Apparences Polices. Les clics sur Lisser..., sur le coup, ça a rien changé, mais j'ai redémarrer la machine depuis et c'est là que ce problème est survenu. Si je décoche l'option lisser... ça ne change pas grande, mais ça saccade un poil moins. De toute façon, ça ne saccadait pas jusque là, et là c'est digne d'un windows sans pilotes graphiques :) Je suis sur un XP3000+ (32bits) + 6600GT, la 3d fonctionne nickel, je soupçonne KDE de tenter de faire un travail arrassant sur les polices dans 'ses' logiciels, car ça ne saccade pas dans tous les programmes qui ne proviennent pas de KDE. Dois je vous fournir mes fichiers xorg.conf / fonts.conf / local.font ? Salut, Je n'utilise pas KDE, mais puisque tu as mis à jour la libpng, tu devrais peut-être essayer un 'revdep-rebuild' pour avoir une garantie qu'aucune lib n'est cassée. Puisque ta problème a affaire avec l'écran c'est entièrement possible. Aussi je n'ai pas pu comprendre 'saccader' (ne pas ayant le français comme langue première, tu comprends ;)) - pourrais-tu m'aider? La prochaine fois je te conseillerai d'envoyer de telles lettres à la liste gentoo-user-fr, ou trouver quelqu'un qui peut t'aider à les traduire. ;) English-speaking folks: There's a few key bits in the OP that I don't quite get, but the gist of it is: the OP is experiencing significant lag in (something) that he suspects to be caused by KDE because non-KDE programs aren't lagging. The only changes he recently made are the libpng upgrade and deselecting and then reselecting again the Smooth (something to do with the screen - window edges perhaps?) option in kcontrol's Appearance settings. The problem didn't start happening right away when he changed the option - only after a reboot, which makes me suspect the libpng upgrade (i.e. the next time libpng was loaded). HSCHBTIC (hope someone can help better than I can ;)), Ryan -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] ymessenger is going??
On 11/16/06, Dale [EMAIL PROTECTED] wrote: Hi, I did my sync tonight and when I checked for updates I got this: !!! Ebuilds for the following packages are either all !!! masked or don't exist: net-im/ymessenger Is there not going to be a Yahoo messenger anymore? I cranked up Kopete but I sort of like Yahoo better. If it is going, anybody know why? That's correct. It is masked pending removal along with all other gnome 1.x packages: /home/rjf emerge --oneshot -v ymessenger Calculating dependencies !!! All ebuilds that could satisfy ymessenger have been masked. !!! One of the following masked packages is required to complete your request: - net-im/ymessenger-1.0.4.1 (masked by: package.mask, missing keyword) # Saleem Abdulrasool [EMAIL PROTECTED] (16 Nov 2006) # GNOME 1.x Removal Mask (15 Dec 2006) - net-im/ymessenger-1.0.4.1-r1 (masked by: package.mask, missing keyword) - net-im/ymessenger-1.0.6.1 (masked by: package.mask) For more information, see MASKED PACKAGES section in the emerge man page or refer to the Gentoo Handbook. I checked the change log and even searched a bit for a bug report. I didn't see anything. The reasons for p.masked stuff is listed as comments above the masking in /usr/portage/profiles/package.mask. -Richard -- gentoo-user@gentoo.org mailing list
[gentoo-user] drupal masked
Hi folks, all drupal ebuilds have been package masked it seems on the 9th of September. The emerge output refers to bug #98524. I looked it up and it seems to be a very old bug from last year. Curious about yet another possible CMS vulnerability, I searched the gentoo forums and google for it. All I could reveal are old issues from last year. So, anybody in the know as to why all versions of drupal were masked? Uwe -- Mark Twain: I rather decline two drinks than a German adjective. http://www.SysEx.com.na -- gentoo-user@gentoo.org mailing list
