from here:
http://www.freebsd.org/cgi/cvsweb.cgi/src/usr.sbin/jail/jail.8
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey
xp $
.\"
.Dd January 17, 2010
.Dt JAIL 8
.Os
.Sh NAME
.Nm jail
.Nd "create or modify a system jail"
.Sh SYNOPSIS
.Nm
[...etc...]
No blank lines there. Don't confuse this with the preprocessed version
in /usr/share/man/*cat8*/jail.8.gz
Cheers
to compress it after installation.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
your self-written man page into place.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
If
your interface has a dynamic address, simple enclose the i/f name in
brackets, like so: ($ext_if) This causes PF to update the mapping as
the IP number changes. It's less efficient, which is why it isn't
usually done for a machine with fixed addresses, but that won't cause
you any p
IMAPv4 -- it's not a push protocol as
such: the client still has to log into the server rather than vice
versa, but once the client has read all the available e-mail, it can
put itself into an idle state, and the server will wake it up as soon
as any new e-mail comes in.
Cheers,
e f' says 'only regular files, not directories or sym-links'
Note that using grep(1) to work out what a binary links to is
exceedingly bizarre. ldd(1) is the correct tool for that job.
In any case, there are better solutions to this problem: try using the
sysutils/libchk port.
Ch
designed so that the metadata it writes to the drive
*doesn't* interfere with the filesystem. While it is always a good
idea to have backups, I do not believe that destroying and recreating
the filesystem should be necessary.
Cheers,
Matthew
- --
Dr Matthew J S
of servers to manage), chances are using 'overwrite
base' will end in tears, or at least, a horrible mess with the ports and
the base system fighting over the same disk locations.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Prio
pv6_ifconfig_bge0="ifdisabled down"
(rc.conf syntax for IPv6 is different in CURRENT, but I assume you're
not using that.)
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
are
several scripts in the ports for generating SMSes from the command line,
which you should be able to make use of. You'll need to choose
something appropriate for your area.
Otherwise you're looking at proprietary software as used by the likes of
Blackberry.
Cheers,
he ports implies that you like sitting down and beating your brains out
over all these sorts of problems yourself, rather than just using the
solution provided for you by the port maintainer.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil.
ch a replacement of
variables with an ipv6 prefix, to ones with an ipv6 suffix. All the
variables mentioned just detail the local IP addresses and networks, and
let you select which firewall script you want to use. As it says, the
ipv6 configuration exactly parallels the ipv4 configuration now.
ly the
same. The only advantage is that you may have less data to restore when
things do go wrong.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracanino
drives is the minimum for either of the raidz types, and
won't give you the best performance. See zpool(1M) for details.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: ht
t matter)
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
h /home/frozen/.login_conf
> -rw-r--r-- 1 frozen frozen 171 Dec 3 14:34 /home/frozen/.login_conf
>
> BTW: ssh login with user frozen is fine.
Which is a little disconcerting, because ssh is pretty anal about file
permissions itself, but it isn't triggering the problem here.
let you use all of the available
space easily, and give you various other advantages through the
integrated checksumming etc. built into ZFS.
Cheers,
Matthew
[*] bsdlabel(8) has been modified to allow more than 8 partitions --
the bigdisk article is a bit behind the times there --
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 22/03/2010 12:46:06, Aaron Lewis wrote:
> Matthew Seaman wrote:
>> On 22/03/2010 07:11:23, Aaron Lewis wrote:
>>
>>> Hello BSD hackers,
>>>I have a strange problems with user's home directory , if i log
files it highlights in more detail.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
ls -ladh /home/aaron/
> drwxr-xr-x 3 aaron aaron 512B Mar 5 22:36 /home/aaron
>
What are the settings for
ChallengeResponseAuthentication
UsePam
in your /etc/ssh/sshd_config?
What are the contents of /etc/pam.d/login and /etc/pam.d/sshd ?
tunately, yes, ALTQ needs to be compiled into the kernel rather
than being loaded as a .ko. Also, PF cannot distinguish sftp traffic
from other ssh traffic: all you can do is rate limit port 22 stuff.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil.
://www.wonkity.com/~wblock/docs/greylist.pdf
I like spamd from OpenBSD -- this is actually a firewall plugin which
intercepts traffic to port 25. Works with any MTA.
Not just greylisting, but greytrapping and teergrube. Every time you
run obspamd, you make a spammer cry.
Chee
etc/hosts, although that's not a bad idea.
An alternative might be to run everything using DHCP and get the DHCP
server to generate names and dish them out to the clients.
Of course, it would be good to add the new hostname to some sort of
networked database, like the DNS or NIS or LDAP so t
g causes it to operate on a
snapshot of the source filesystem, which avoids the sort of problems you
can get dealing with live filesystems.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Fl
re supposed to be able to handle arrays larger than 2TB.
Is it perhaps not a limitation in the 3ware controller, but rather the
2TB limit for a single slice imposed by the traditional DOS mbr? In
which case, simply switching to using gpart(8) should solve the problem
and let you have much larger f
r, which
saves you all that mucking around with partitions.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpke
On Thu, March 18, 2010 8:37 am, Andy Wodfer wrote:
> Hi,
> We're setting up two backup servers where each server will have about 4TB
> of
> harddrives (for now) connected (4x1TB and 8x500GB drives). Last night we
> ran
> into trouble with the 3ware controllers we have (9650SE-8LPML) because we
> c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 18/03/2010 08:32:31, Matthew Seaman wrote:
> On 17/03/2010 22:06:30, Peter Steele wrote:
>> Is there any facility in FreeBSD for generating a random hostname? We
>> have a template with a fixed hostname that has to be changed after
hostname
> generated randomly.
perl -le '@a=(a..z,0..9); print map {$a[rand @a]} (1..8)'
That gives you 2,821,109,907,456 different possibilities so you should
be able to use it for a while without too much fear of duplicates.
Cheers,
Matthew
- --
Dr Matth
t be affecting you. It might be the case that the same
sort of work arounds help in your case though.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninoph
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 16/03/2010 22:34:47, Alejandro Imass wrote:
> Thanks Matthew for such a prompt and detailed answer and to give me
> the confidence I was in the right track! I think my main mistake was
> to jump from such an old version to the latest
ormats it and then begins to build a
> FreeBSD system on it. The script could intelligently ask for the
> 64-bit or 32-bit trees if it could determine whether it was
> running on the i86 or 64-bit system.
uname -m
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil.
D
level you had implemented using gvinum. Or else go the whole hog and
build the system using ZFS. Either of those should give you good future
proofing against this sort of thing happening to you again.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil.
gt; like /boot/kernel.generic ?
Yes. Just mv /boot/kernel.old /boot/kernel.generic
If you want to update your copy of the GENERIC kernel:
# cd /usr/src
# make buildkernel KERNCONF=GENERIC
# make installkernel KERNCONF=GENERIC KODIR=/boot/kernel.generic
Cheers,
Matthew
- --
with the clock being stepped after the rest of the system is up
and causing mayhem for other programs, nor have I needed to run
ntpdate(8) -- it even seems to work for virtual machines that can end up
missing many hours when the lappy goes to sleep.
Cheers,
Matthew
- --
D
clock over time to run
more accurately and consequently can gradually decrease the frequency
with which the upstream time sources are polled. Give it a day or so,
and it should max out at polling each source only once every 1024
seconds.
Cheers,
Matthew
- --
Dr Matthew J
See login.conf(5) and
cap_mkdb(1) for one way of setting such variables in the environment
automatically when you login.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
e. Or putty for
those that prefer a CLI environment
(http://www.chiark.greenend.org.uk/~sgtatham/putty/)
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infrac
l nature of such
learning means that it can be hard to assess competence simply from a CV
or job application. Hence there has been a move to providing BSD
Certification in recent years (not just Free- but Open-, Net- etc): see
http://www.bsdcertification.org/
Cheers,
Matthew
- --
Dr Mat
You can just access ftp.freebsd.org by HTTP
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/
Mike,
I use a Draytek Vigor 120 (I'm in the UK, but it most certainly will work
for you aswell). This is a self-contained ADSL modem that presents a
PPPoE interface to your PC or server via a conventional RJ45 connector.
It is painless and past firmware hiccups accepted, performs very well
indee
+1 for psSense and if you need a quick to setup home NAS box, you could do
worse than FreeNAS, which is also derived from FreeBSD -although I don't
think it supports ZFS currently. When it does it will be even better.
Best,
Matt
On Thu, March 11, 2010 7:59 am, Alexandre L. wrote:
> You can use
ore
>> it goes online.
>
> Yep, that should work. Don't forget to update /etc/groups too.
>
And try running 'mergemaster -p' which should let you merge in any new
system accounts (ignore all the other bits it looks at).
Cheers,
Matthew
- --
Dr Ma
he
characteristics of the incoming current and switch to battery power if
it is out of specification, which is not really failsafe.
Also, didn't your UPS sound the alarm? They are normally too loud to
ignore easily.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil.
LITIES=yes -o
databases/mysql55-scripts -f mysql-scripts-5.0.90
Once you've got mysql-5.5.2 installed, any other ports you install
which depend on MySQL will automatically link against that version.
Well, with the possibility there might be a few ports known not to work
with that specific versio
iles are generally ignored by csup(1),
but portsnap(1) will blow them away. You could get creative using
unionfs (see mount_unionfs(8)) or you could go for the option of
maintaining a local CVS repository with your mods on a separate branch.
Cheers,
Matthew
- --
ly
deleted.
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-BEGIN PGP SIGNATURE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/03/2010 06:33:53, Ian Smith wrote:
> In freebsd-questions Digest, Vol 300, Issue 10, Message: 6
> On Fri, 05 Mar 2010 16:07:29 + Matthew Seaman
> wrote:
> > On 05/03/2010 15:51:52, Randal L. Schwartz wrote:
> > >
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/03/2010 16:54:50, Matthias Fechner wrote:
> Hi,
>
> Am 05.03.10 17:01, schrieb Matthew Seaman:
>> table persist
>> [...near the top of the rules section...]
>> block drop in log quick on $ext_if from
>>
listed as spam sources. Last I checked it only worked on
IPv4 though.
It's a fairly light-weight means of eliminating quite a lot of spam, but
it should be used in conjunction with other MTA mediated anti-spam
techniques, for example SpamAssassin
Cheers,
Matthew
- --
Dr Mat
ed port: once the bits have hit the disk platter it doesn't
matter whether they came from a local compilation or were downloaded as
a package tarball.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/03/2010 16:12:11, Randal L. Schwartz wrote:
>>>>>> "Matthew" == Matthew Seaman writes:
>
> Matthew> On 05/03/2010 15:51:52, Randal L. Schwartz wrote:
>>> The spamtrap is a shiny object for spam,
y high-mx seems to terminally confuse most spambots...
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey
connect from them (more than 3 within 30 seconds in this
case) and so blocks all further access.
You need to run a cron job to clear out old entries from the
ssh-bruteforce table or it will grow continually over time:
*/12 * * * */sbin/pfctl -t ssh-bruteforce -T expire 86400 >/dev/null 2>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/03/2010 15:22:05, Lowell Gilbert wrote:
> Matthew Seaman writes:
>
>> You got bitten by an ill-considered change introduced after the UPDATING
>> instructions were written. To work around it, you need to set
>>
\.*
Please feel free to complain volubly about this: it's hand-holding for
newbies which annoys and incoveniences the vastly larger number of
non-newbies (ie. anyone who has been using the ports for more than a few
weeks.)
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil
force these to be somewhere in
> /usr/ports/vindaloo-port-options so that setting options on one
> machine would carry through to others sharing my build environment?
$PORT_DBDIR
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard, Flat 3
On Thu, March 4, 2010 3:44 pm, Randal L. Schwartz wrote:
>>>>>> "Matthew" == Matthew Law writes:
>
> Matthew> I am following this wiki page to move to zfs root:
> Matthew> http://wiki.freebsd.org/ZFSOnRoot
>
> If you're running RELEASE-8 or
I am following this wiki page to move to zfs root:
http://wiki.freebsd.org/ZFSOnRoot
I got to this section:
"Create bootdir directory where the boot file system will be mounted:
# mkdir /tank/bootdir
# ln -s bootdir/boot /tank/boot"
I am confused about the symlink line - what is 'bootdir' ?
T
I would be grateful if anyone could recommend any tests, scripts, ports or
packages which would stress test a new FreeBSD box? - both CPU and disk
I/O. I would particularly like to get the processors nice and warm! :-)
We already use bonnie++, unixbench, etc. but I was wondering if there is a
pr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/03/2010 18:19:36, Matthew Seaman wrote:
> On second thoughts, writing a small wrapper around pkg_add(1) that greps
> through the @pkgdep lines in the +CONTENTS file from the package tarball
> and bails if it finds the wrong version of p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/03/2010 17:21:48, Randal L. Schwartz wrote:
>>>>>> "Matthew" == Matthew Seaman writes:
>
> Matthew> For best results, install from ports rather than packages. If it's
> Matthew> pure-perl co
4;r2=1.15
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-BEGIN P
his should be hardly more onerous than installing
a compiled package. XS code however will chew up some CPU cycles.
Check out portmaster(8) or portupgrade(8) as the moral equivalents of
the cpan(1) program to make dealing with ports more convenient.
Cheers,
s long as needed.
Uh -- so what? Until the download site disappears, there's no problem.
If it does disappear, then /obviously/ you have to make alternative
arrangements. But that is a bridge that doesn't need to be crossed
until you've reached it.
Cheers,
Matthew
-
erstand how to
make the CD eject? Something along the lines of
camcontrol/atacontrol/cdcontrol? Perhaps hald/dbus -- not that there's
any reason to run those on a dedicated DB server?
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil.
in
disclaimers: anyone believing the advice they get from a bunch of
semi-anonymous people they only know from a mailing list deserves
everything they get[*]. Whatever happened to caveat emptor?
Cheers,
Matthew
[*] Generally that would be a better result than
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 27/02/2010 18:47:05, Jon Radel wrote:
> On 2/27/10 1:31 PM, Programmer In Training wrote:
>> On 02/27/10 12:22, Jon Radel wrote:
>>> On 2/27/10 2:58 AM, Matthew Seaman wrote:
>>>>
>>>> -BEGIN PGP SIGNED
standard .iso images from the FreeBSD web
sites, you can just point to the ways of getting the sources in the
Handbook.
Whether reselling for profit something that anyone can get for free
is a viable business proposition I'll leave up to your better judgement.
Cheers,
Matthew
a dirty filesystem, but it's certainly going to have
unintended consequences if the filesystem is actually damaged rather
than just dirty.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
edit
'size' is given here in units of 512byte sectors -- so the 'a' partiton
is 32.2GiB.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infra
s, snapshot space usage will go up over
time. However, the amount used will generally be a fairly small
percentage of the total space on the device, and all the extra space is
recovered when the snapshot is released.
Cheers,
Matthew
- --
mum
>> 2TB filesystem size, but I suspect this will not cause you any
>> practical
>>
>> difficulties.)
>
> UFS2 has a maximum volume size of 1YiB (2^80 bytes).
Yes. Brainfart: it's MBR that has the 2TB limit, and that can be
avoided nowadays by using gpart(8
ing to resolve any symlinks and open
anything on the hard-drive.
Like this:
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Order allow,deny
Allow from all
Order deny,allow
Den
Hi,
hopefully I'm not too far out posting this question here. It takes in a
lot of areas so I was unsure where to post it. If it belongs on another
ML please advise and I will re-post it there.
I am researching options for a two node failover storage cluster. This is
primarily to provide shared
SH is that it is the local
terminal type on the system you're logging in from that gets used.
Again, this should be handled automatically, and so long as /etc/termcap
has a suitable entry, things will just work.
Cheers,
Matthew
- --
Dr
1 and my OS disk
> dies. How do I go about importing the ZFS external disk into another
> FreeBSD installation?
You plug the drive in and then run 'zpool import' with appropriate
flags to tell the system to investigate the new disk and discover any
ZFS related metadata on it. See zp
FreeBSD is /bin/sh.
Shouldn't cause the observed problem.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard, Flat 3
Black Earth Consulting Ramsgate
Kent, CT11 9PW
Free and Open Source S
one port with another now, you'll likely need to tell it to
ignore CONFLICTS settings:
# portupgrade -m DISABLE_CONFLICTS=yes -o lang/perl5.10 \
-f perl-5.8.9_3
Then reinstall every port that depends on perl -- you can't use
perl_after_upgrade for this update: the delta in version
es under /etc -- you might be able to create a /var/etc and
replace the real files in /etc with symlinks to copies in /var/etc.
Possibly. Or you could just have /var/etc nullfs mounted on top of /etc.
I've read reports from people setting up such things -- a while back
now, but as far as
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/02/2010 15:39, RW wrote:
> On Thu, 11 Feb 2010 15:12:22 +
> Matthew Seaman wrote:
>> On 11/02/2010 14:53, Pierre-Luc Drouin wrote:
>>
>>> I would like to know if there is a mount command that allows to
>>&
o.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-BEGIN PGP SIGN
is that it's not a broken or loose ethernet cable. This
can cause all sorts of similar weirdness, but it's a lot easier and
cheaper to fix. I've seen the like sort of problems just from people
pulling cable ties too tight.
Cheers,
Matthew
--
Dr Matthew J Seaman MA,
. Best not to do either of those things. Just let the arp
table be populated automatically. Unless marked as permanent,
addresses in the arp cache will time out and be refreshed once they
reach the maximum age:
% sysctl net.link.ether.inet.max_age
net.link.ether.inet.max_age: 1200
which
ed MAC survives
a system reboot, then it's almost certainly hardware going kaput.
Even if the MAC does recover on reboot, it still might be flakey
hardware.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard, Flat 3
Black Earth Consulting
d user will cause
you much wailing and gnashing of teeth. It doesn't really buy you much
in terms of improved security in any case. Far better to concentrate
on making it impossible for the existing root account to be compromised.
Cheers,
Matthew
--
Dr Matthew J Seaman MA,
ne is connected
to into monitor mode. Wireless networks don't have this restriction.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophi
*don't* need to compile ipfw into the
kernel for ipfw+NAT nowadays.
I think that last part is out of date for recent releases where 'kernel
nat' is supported, but I'd ask again on freebsd-ipfw@ or freebsd-net@ to
be certain.
Cheers,
Matthew
- --
Dr Matthew J S
Linux runs pretty much exactly the same
Xorg code as FreeBSD, then yes, Linux *does* have this problem. In
fact the whole hal and dbus concept came from Linux. It's also the
case that the Xorg developers recognise they screwed up: we're just
waiting to see what they come up with as thei
s on resource usage in the jail,
and you can use cpuset(1) to tie jailed processes to specific CPU
cores. Quotas tend not to work very well in jails: to control
filesystem usage, it's best to create a separate filesystem of the
appropriate size specifically for the jail. This is a very
ke
freebsd-update in a jail, just make the fairly obvious config file
tweak that tells it to ignore kernel updates.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http
ample (needs compat7x). nvidia-driver-173 needs
compat5x on my machine. However, such binary blobs are the exception
rather than the rule.
Rebuilding all your ports is difficult and time-consuming, but it pays
off in easier future maintenance, improved performance and better stabi
s NAT without needing natd or
> those kernel options.
Heartily seconded. pf and ipfw fulfil the same sort of function, but
to my mind, pf wins hands down simply by having a much more usable
control interface and configuration syntax. Not to mention the
advanced pf features like ftp-proxy, H
y out the disks in a way that makes sense
to you, and carry on with your life...
Cheers,
Matthew
[*] But this still pops up in sysinstall, at the cost of much
bewilderment for the uninitiated.
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory
to provide secure user-level
access to the privileged sm-mta process without having to make the
sendmail binary run setuid-root.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
stions.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT
range used on your WLAN. You will also need
to check and possible amend your firewall on Server A so that
it will NAT for the address range used on your WLAN as well as
the range on your wired net.
Does that make sense to you? If not I a
ld result in mysterious failures. You can avoid this, by configuring
proxy servers on your FreeBSD machine -- this is a classic firewall
design, by the way -- but that is quite a lot of work, and you have to
set up proxies for all of the services your WLAN hosts need to access
on the Internet.
ts the window title to 'u...@hostname:/current/directory'. Porting
this escape sequence to other shells left as an exercise for the student.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard, Flat 3
Black Earth Consulting
901 - 1000 of 4462 matches
Mail list logo
