Karmic Alpha (now 5) decided to REALLY misbehave today. Sigh.
Some auto-updates broke x bigtime. Updates that repair the situation are in the pipeline now and there's pages and pages of screaming going on in ubuntuforums.org. So I wrote an unborking guide with some humor thrown in: http://ubuntuforums.org/showthread.php?t=1267657 To the tune of American Pie: --- A long, long time ago Just last night in fact, How my compiz desktop made me smile And I knew if I had my way That I could make Steve Balmer pray And, maybe, he'd go FOSS, for just a while. But today's update made me freak As X would die with a horrid shriek Bad news on the desktop; My computer was a doorstop I couldn't figure out what died Or why my graphics card felt fried, As if the update process lied, The day Ubntu died. So bye, bye to my work for the day, Tried some hashes and some thrashes but the boot was just nay And ubuntuforum was all choked up and gray singing this has gotta be the day Karmic died --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Scanning for Stream Control Transmission Protocol
http://www.youtube.com/watch?v=USZEFyc3j4A http://en.wikipedia.org/wiki/Stream_Control_Transmission_Protocol http://www.sureshotsoftware.com/tcptunnel/index.html As discussed at the last Linux Security Lab Meeting at Foundation for Blind Children, not all protocols are easily seen via Wireshark/Ethereal. Right Paul? -- (623)239-3392 (503)754-4452 www.obnosis.com http://www.obnosis.com/motivatebytruth/gnu-people.jpg --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Karmic Alpha (now 5) decided to REALLY misbehave today. Sigh.
On 9/16/09, Jim March 1.jim.ma...@gmail.com wrote: Some auto-updates broke x bigtime. Updates that repair the situation are in the pipeline now and there's pages and pages of screaming going on in ubuntuforums.org. So I wrote an unborking guide with some humor thrown in: http://ubuntuforums.org/showthread.php?t=1267657 Ah, thanks Jim! Happened to me also! To the tune of American Pie: --- A long, long time ago Just last night in fact, How my compiz desktop made me smile And I knew if I had my way That I could make Steve Balmer pray And, maybe, he'd go FOSS, for just a while. But today's update made me freak As X would die with a horrid shriek Bad news on the desktop; My computer was a doorstop I couldn't figure out what died Or why my graphics card felt fried, As if the update process lied, The day Ubntu died. So bye, bye to my work for the day, Tried some hashes and some thrashes but the boot was just nay And ubuntuforum was all choked up and gray singing this has gotta be the day Karmic died --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- (623)239-3392 (503)754-4452 www.obnosis.com http://www.obnosis.com/motivatebytruth/gnu-people.jpg --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Scanning for Stream Control Transmission Protocol
On 9/16/09, Lisa Kachold lisakach...@obnosis.com wrote: http://www.youtube.com/watch?v=USZEFyc3j4A http://en.wikipedia.org/wiki/Stream_Control_Transmission_Protocol http://www.sureshotsoftware.com/tcptunnel/index.html Win http://www.vakuumverpackt.de/tcptunnel/ Bsd/Solaris/Linux As discussed at the last Linux Security Lab Meeting at Foundation for Blind Children, not all protocols are easily seen via Wireshark/Ethereal. Right Paul? -- (623)239-3392 (503)754-4452 www.obnosis.com http://www.obnosis.com/motivatebytruth/gnu-people.jpg -- (623)239-3392 (503)754-4452 www.obnosis.com http://www.obnosis.com/motivatebytruth/gnu-people.jpg --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
RE: A nice blog on why to use OSS
Sun Fedral (not sure what the company does, but seems to be geared towards government stuff) President COO Sun Microsystems Federal, Inc. Sun makes computers, they run the Solaris operating system, and they can also run linux. Didn't the picture of him standing next to the Sun computer give it away. :-) _ From: plug-discuss-boun...@lists.plug.phoenix.az.us [mailto:plug-discuss-boun...@lists.plug.phoenix.az.us] On Behalf Of Shawn Badger Sent: Wednesday, September 16, 2009 10:22 AM To: Main PLUG discussion list Subject: A nice blog on why to use OSS I found a great little blog entry from the president of Sun Fedral (not sure what the company does, but seems to be geared towards government stuff). The article is broken up into 6 parts and starts out with security. http://blogs.sun.com/BVass/entry/the_no_1_reason_to http://blogs.sun.com/BVass/entry/the_no_2_reason http://blogs.sun.com/BVass/entry/the_no_3_reason_to http://blogs.sun.com/BVass/entry/the_no_4_reason_to http://blogs.sun.com/BVass/entry/reason_no_5_to_move http://blogs.sun.com/BVass/entry/reason_no_6_to_move or the original page http://blogs.sun.com/BVass/ --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: A nice blog on why to use OSS
I just did a big Asterisk based phone system for an Army base in Louisiana. If the company that brought me in hadn't had tremendous pull and the deadline so short it wouldn't have gotten in at all. What we built was total overkill for what they're using it for..it was a high availability cluster, 400+ available extensions of which about 50 are currently used and 320 turned on, punched down to T1 channel banks with FXO ports that eventually are terminated miles away, and integrated with a private cell phone network. The PBX system was CentOS 5.2 based and even though Redhat Enterprise Linux 5.2 is an accepted platform (they're virtually the same thing) they about came unglued because it wasn't on the accepted list. There is no reason that CentOS couldn't be on their accepted OS list except that the 'manufacturer' pays for the very expensive certification process which unless a bunch of interested users chip in will never happen with CentOS. Redhat is the only linux distro on that list as far as I know. I'm already planning on a system based on RHEL instead in the event that they want other phone systems - even if I never get an order for one. JD -- JD Austin Twin Geckos Technology Services LLC j...@twingeckos.com 480.288.8195x201 http://www.twingeckos.com Stephen Leacockhttp://www.brainyquote.com/quotes/authors/s/stephen_leacock.html - I detest life-insurance agents: they always argue that I shall some day die, which is not so. On Wed, Sep 16, 2009 at 10:21 AM, Shawn Badger badger.sh...@gmail.comwrote: I found a great little blog entry from the president of Sun Fedral (not sure what the company does, but seems to be geared towards government stuff). The article is broken up into 6 parts and starts out with security. http://blogs.sun.com/BVass/entry/the_no_1_reason_to http://blogs.sun.com/BVass/entry/the_no_2_reason http://blogs.sun.com/BVass/entry/the_no_3_reason_to http://blogs.sun.com/BVass/entry/the_no_4_reason_to http://blogs.sun.com/BVass/entry/reason_no_5_to_move http://blogs.sun.com/BVass/entry/reason_no_6_to_move or the original page http://blogs.sun.com/BVass/ --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: A nice blog on why to use OSS
I know who Sun Microsystems is, but I didn't put 2 and 2 together. The way he was talking about the security I got it stuck in my head that he was some type of banker for some reason. On Wed, Sep 16, 2009 at 12:25 PM, Bob Elzer bob.el...@gmail.com wrote: Sun Fedral (not sure what the company does, but seems to be geared towards government stuff) President COO Sun Microsystems Federal, Inc. Sun makes computers, they run the Solaris operating system, and they can also run linux. Didn't the picture of him standing next to the Sun computer give it away. :-) -- *From:* plug-discuss-boun...@lists.plug.phoenix.az.us [mailto: plug-discuss-boun...@lists.plug.phoenix.az.us] *On Behalf Of *Shawn Badger *Sent:* Wednesday, September 16, 2009 10:22 AM *To:* Main PLUG discussion list *Subject:* A nice blog on why to use OSS I found a great little blog entry from the president of Sun Fedral (not sure what the company does, but seems to be geared towards government stuff). The article is broken up into 6 parts and starts out with security. http://blogs.sun.com/BVass/entry/the_no_1_reason_to http://blogs.sun.com/BVass/entry/the_no_2_reason http://blogs.sun.com/BVass/entry/the_no_3_reason_to http://blogs.sun.com/BVass/entry/the_no_4_reason_to http://blogs.sun.com/BVass/entry/reason_no_5_to_move http://blogs.sun.com/BVass/entry/reason_no_6_to_move or the original page http://blogs.sun.com/BVass/ --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
RE: A nice blog on why to use OSS
LOL, and the open software he is really pushing is OpenSolaris One of those, If you can't beat em, join em, guys if you ask me. _ From: plug-discuss-boun...@lists.plug.phoenix.az.us [mailto:plug-discuss-boun...@lists.plug.phoenix.az.us] On Behalf Of Shawn Badger Sent: Wednesday, September 16, 2009 2:44 PM To: Main PLUG discussion list Subject: Re: A nice blog on why to use OSS I know who Sun Microsystems is, but I didn't put 2 and 2 together. The way he was talking about the security I got it stuck in my head that he was some type of banker for some reason. On Wed, Sep 16, 2009 at 12:25 PM, Bob Elzer bob.el...@gmail.com wrote: Sun Fedral (not sure what the company does, but seems to be geared towards government stuff) President COO Sun Microsystems Federal, Inc. Sun makes computers, they run the Solaris operating system, and they can also run linux. Didn't the picture of him standing next to the Sun computer give it away. :-) _ From: plug-discuss-boun...@lists.plug.phoenix.az.us [mailto:plug-discuss-boun...@lists.plug.phoenix.az.us] On Behalf Of Shawn Badger Sent: Wednesday, September 16, 2009 10:22 AM To: Main PLUG discussion list Subject: A nice blog on why to use OSS I found a great little blog entry from the president of Sun Fedral (not sure what the company does, but seems to be geared towards government stuff). The article is broken up into 6 parts and starts out with security. http://blogs.sun.com/BVass/entry/the_no_1_reason_to http://blogs.sun.com/BVass/entry/the_no_2_reason http://blogs.sun.com/BVass/entry/the_no_3_reason_to http://blogs.sun.com/BVass/entry/the_no_4_reason_to http://blogs.sun.com/BVass/entry/reason_no_5_to_move http://blogs.sun.com/BVass/entry/reason_no_6_to_move or the original page http://blogs.sun.com/BVass/ --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
On-topic gag. A good one.
http://imaletyoufinish.com/kanye-will-let-computers-finish/ --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
RC Service Order
Hello all, Does anyone know how to change the order in which services are started using the rc script? My particular system is FreeBSD, but Linux is similar (right?)? Eric -- Eric Cope http://cope-et-al.com --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Off-topic-ized Re: On-topic gag. A good one.
Jim March wrote: http://imaletyoufinish.com/kanye-will-let-computers-finish/ http://twitpic.com/hza49 -- Ryan Rix (623)-826-0051 Please refrain from mailing me directly in replies, I am subsribing via GMane NNTP. Thank you. Fortune: A gift of a flower will soon be made to you. http://hackersramblings.wordpress.com | http://identi.ca/phrkonaleash XMPP: phrkonale...@gmail.com | MSN: phrkonale...@yahoo.com AIM: phrkonaleash| Yahoo: phrkonaleash IRC: phrkon...@irc.freenode.net/#srcedit,#teensonlinux,#plugaz and countless other FOSS channels. --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: RC Service Order
Eric Cope wrote: Hello all, Does anyone know how to change the order in which services are started using the rc script? My particular system is FreeBSD, but Linux is similar (right?)? Eric I will assume it is similar to slackware where a single script is used to load the system. I would suggest making several backup copies of the original, then use your favorite text editor and move things around in the script until you get your desired order... Obviously if one thing depends on another you might be up a creek, so keep a knoppix disc handy... If you can be more specific we can too... nathan --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: RC Service Order
From my understanding changing the number in /etc/rc.d/rc*.d/K* or /etc/rc.d/rc*.d/S* changes the order. If two have the same number they go alphabetically. -- JD Austin Twin Geckos Technology Services LLC j...@twingeckos.com 480.288.8195x201 http://www.twingeckos.com Jonathan Swifthttp://www.brainyquote.com/quotes/authors/j/jonathan_swift.html - May you live every day of your life. On Wed, Sep 16, 2009 at 6:21 PM, Eric Cope eric.c...@gmail.com wrote: Hello all, Does anyone know how to change the order in which services are started using the rc script? My particular system is FreeBSD, but Linux is similar (right?)? Eric -- Eric Cope http://cope-et-al.com --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: RC Service Order
I need openvpn, then samba, and finally pf (packet filter). Its currently the reverse order. I know where the conf file is, where is the script? Eric On Wed, Sep 16, 2009 at 6:33 PM, Nathan England nat...@paysonlinux.orgwrote: Eric Cope wrote: Hello all, Does anyone know how to change the order in which services are started using the rc script? My particular system is FreeBSD, but Linux is similar (right?)? Eric I will assume it is similar to slackware where a single script is used to load the system. I would suggest making several backup copies of the original, then use your favorite text editor and move things around in the script until you get your desired order... Obviously if one thing depends on another you might be up a creek, so keep a knoppix disc handy... If you can be more specific we can too... nathan --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- Eric Cope http://cope-et-al.com --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: RC Service Order
Eric Cope wrote: I need openvpn, then samba, and finally pf (packet filter). Its currently the reverse order. I know where the conf file is, where is the script? Eric usually it would be /etc/rc.sysinit /etc/rc.multi look at your /etc/inittab file and it will tell you what script runs for what run level and maybe you can figure it out. Once you know, just re arrange the order of those services in the script. nathan --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: RC Service Order
On Wed, 2009-09-16 at 18:38 -0700, Eric Cope wrote: I need openvpn, then samba, and finally pf (packet filter). Its currently the reverse order. I know where the conf file is, where is the script? I don't know enough about BSD but in general, you want the packet filter scripts to run early, even before network devices are up and running because if you have a system hang in between starting the network devices and the packet filtering, you have a very exposed system. I would suspect that the reason you are wanting to fiddle with what is probably an already well considered sequence is to try to get around a problem that should probably be solved elsewhere. It seems to me that having pf, samba and openvpn load in this order is the logical way. Whatever problems you are experiencing are probably best solved without tinkering with this. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: RC Service Order
JD Austin wrote: From my understanding changing the number in /etc/rc.d/rc*.d/K* or /etc/rc.d/rc*.d/S* changes the order. If two have the same number they go alphabetically. THis is correct. -- JD Austin Twin Geckos Technology Services LLC j...@twingeckos.com 480.288.8195x201 http://www.twingeckos.com Jonathan Swifthttp://www.brainyquote.com/quotes/authors/j/jonathan_swift.html - May you live every day of your life. On Wed, Sep 16, 2009 at 6:21 PM, Eric Cope eric.c...@gmail.com wrote: Hello all, Does anyone know how to change the order in which services are started using the rc script? My particular system is FreeBSD, but Linux is similar (right?)? Eric -- Eric Cope http://cope-et-al.com --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- Ryan Rix (623)-826-0051 Please refrain from mailing me directly in replies, I am subsribing via GMane NNTP. Thank you. Fortune: Sic transit discus mundi -- From the System Administrator's Guide, by Lars Wirzenius http://hackersramblings.wordpress.com | http://identi.ca/phrkonaleash XMPP: phrkonale...@gmail.com | MSN: phrkonale...@yahoo.com AIM: phrkonaleash| Yahoo: phrkonaleash IRC: phrkon...@irc.freenode.net/#srcedit,#teensonlinux,#plugaz and countless other FOSS channels. --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: RC Service Order
Ryan Rix wrote: JD Austin wrote: From my understanding changing the number in /etc/rc.d/rc*.d/K* or /etc/rc.d/rc*.d/S* changes the order. If two have the same number they go alphabetically. THis is correct. Yes, except in BSD they do not use SysV init scripts like you are expecting in rpm or deb based systems. BSD is based on a couple of scripts used to start all the services. You can add SysV init support, but by default... nathan --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: RC Service Order
Why must all rc systems be different? bleh. Here's the link to freebsd's stuff. The dependency stuff at the bottom is what you're looking for. http://www.freebsd.org/doc/en/books/handbook/configtuning-rcd.html On Wed, Sep 16, 2009 at 8:01 PM, Nathan England nat...@paysonlinux.orgwrote: Ryan Rix wrote: JD Austin wrote: From my understanding changing the number in /etc/rc.d/rc*.d/K* or /etc/rc.d/rc*.d/S* changes the order. If two have the same number they go alphabetically. THis is correct. Yes, except in BSD they do not use SysV init scripts like you are expecting in rpm or deb based systems. BSD is based on a couple of scripts used to start all the services. You can add SysV init support, but by default... nathan --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- James McPhee jmc...@gmail.com --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: RC Service Order
That was my concern. However, PF fails to start properly because the VPN TUN interface isn't established yet. Have you had issues like this on other systems? Eric On Wed, Sep 16, 2009 at 6:59 PM, Craig White craigwh...@azapple.com wrote: On Wed, 2009-09-16 at 18:38 -0700, Eric Cope wrote: I need openvpn, then samba, and finally pf (packet filter). Its currently the reverse order. I know where the conf file is, where is the script? I don't know enough about BSD but in general, you want the packet filter scripts to run early, even before network devices are up and running because if you have a system hang in between starting the network devices and the packet filtering, you have a very exposed system. I would suspect that the reason you are wanting to fiddle with what is probably an already well considered sequence is to try to get around a problem that should probably be solved elsewhere. It seems to me that having pf, samba and openvpn load in this order is the logical way. Whatever problems you are experiencing are probably best solved without tinkering with this. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- Eric Cope http://cope-et-al.com --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: RC Service Order
I don't recall ever creating firewall rules for the tun or tap interfaces. Craig On Wed, 2009-09-16 at 20:18 -0700, Eric Cope wrote: That was my concern. However, PF fails to start properly because the VPN TUN interface isn't established yet. Have you had issues like this on other systems? Eric On Wed, Sep 16, 2009 at 6:59 PM, Craig White craigwh...@azapple.com wrote: On Wed, 2009-09-16 at 18:38 -0700, Eric Cope wrote: I need openvpn, then samba, and finally pf (packet filter). Its currently the reverse order. I know where the conf file is, where is the script? I don't know enough about BSD but in general, you want the packet filter scripts to run early, even before network devices are up and running because if you have a system hang in between starting the network devices and the packet filtering, you have a very exposed system. I would suspect that the reason you are wanting to fiddle with what is probably an already well considered sequence is to try to get around a problem that should probably be solved elsewhere. It seems to me that having pf, samba and openvpn load in this order is the logical way. Whatever problems you are experiencing are probably best solved without tinkering with this. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: RC Service Order
is this because you can rely on the VPN to properly protect access to it through the vpn mechanisms? Eric On Wed, Sep 16, 2009 at 8:23 PM, Craig White craigwh...@azapple.com wrote: I don't recall ever creating firewall rules for the tun or tap interfaces. Craig On Wed, 2009-09-16 at 20:18 -0700, Eric Cope wrote: That was my concern. However, PF fails to start properly because the VPN TUN interface isn't established yet. Have you had issues like this on other systems? Eric On Wed, Sep 16, 2009 at 6:59 PM, Craig White craigwh...@azapple.com wrote: On Wed, 2009-09-16 at 18:38 -0700, Eric Cope wrote: I need openvpn, then samba, and finally pf (packet filter). Its currently the reverse order. I know where the conf file is, where is the script? I don't know enough about BSD but in general, you want the packet filter scripts to run early, even before network devices are up and running because if you have a system hang in between starting the network devices and the packet filtering, you have a very exposed system. I would suspect that the reason you are wanting to fiddle with what is probably an already well considered sequence is to try to get around a problem that should probably be solved elsewhere. It seems to me that having pf, samba and openvpn load in this order is the logical way. Whatever problems you are experiencing are probably best solved without tinkering with this. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- Eric Cope http://cope-et-al.com --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: RC Service Order
Craig White wrote: I don't recall ever creating firewall rules for the tun or tap interfaces. Craig On Wed, 2009-09-16 at 20:18 -0700, Eric Cope wrote: That was my concern. However, PF fails to start properly because the VPN TUN interface isn't established yet. Have you had issues like this on other systems? Eric In my head, it seems that the network interfaces in general may not be up yet but the PF rules are loading okay. That means the device is found, though it has not been given instruction. Is it possible the modules for the tun and tap devices have not been loaded yet so the PF is failing because the devices do not exist yet? Rather than moving anything around, can you add a line to your rc conf file to load the modules before the PF starts??? modprobe tun Is there a module for tap? I don't recall off the top of my head. nathan --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: RC Service Order
modprobe must be a linux thing. Its not found. Eric On Wed, Sep 16, 2009 at 8:30 PM, Nathan England nat...@paysonlinux.orgwrote: Craig White wrote: I don't recall ever creating firewall rules for the tun or tap interfaces. Craig On Wed, 2009-09-16 at 20:18 -0700, Eric Cope wrote: That was my concern. However, PF fails to start properly because the VPN TUN interface isn't established yet. Have you had issues like this on other systems? Eric In my head, it seems that the network interfaces in general may not be up yet but the PF rules are loading okay. That means the device is found, though it has not been given instruction. Is it possible the modules for the tun and tap devices have not been loaded yet so the PF is failing because the devices do not exist yet? Rather than moving anything around, can you add a line to your rc conf file to load the modules before the PF starts??? modprobe tun Is there a module for tap? I don't recall off the top of my head. nathan --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- Eric Cope http://cope-et-al.com --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
