Re: [Soekris] freebsd jails vs linux vservers on net5501
when I do pkg_add -r somepackage the program gets the package from ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.3-release/Latest/; so it just works. however when I do pkg_upgrade -a I get fetch: ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-release/INDEX: File unavailable (e.g., file not found, no access) how do I fix this? [annoyed] why doesn't this just work?; surely it's a bug when it doesn't. This is on a freshly installed 8.3 machine. I have done man pkg_upgrade and man uma and it refers to PACKAGESITE but doesn't actually tell you how to fix the thing. [/annoyed] thanks, Philip On 09/05/2012 07:43, Uffe Jakobsen wrote: On 2012-04-30 12:20, Philip wrote: The problem is that the freebsd install isn't well patched because I just can't get along with the package management as well as debian apt. Can you be more specific as to what problems you have with FreeBSD package management - maybe we could help you ? an example would be fine. I agree that the current FreeBSD package management lacks features and/or works differently than you'd expect when used to the linux ones. But until the pkgng package management is ready I've found a simple workaround that in my opinion makes the current FreeBSD package management usable. 0) become root 1) Add the the bsdadminscripts package to your insstallation: pkg_add -r bsdadminscripts 2) make sure that you have a /usr/ports directory: mkdir -p /usr/ports 3) run pkg_upgrade -a to refresh all you currrently installed packages to the latest versions. 4) run pkg_upgrade some_pkg_name to refresh just the one package and its dependencies. HINT: -n option is a dry-run flag - shows what would have been done if command was issued without the -n option HINT: -v option is a verbose flag - shows more detailed output. Hope that helps. /Uffe ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] freebsd jails vs linux vservers on net5501
Hi Philip, On 2012-05-20 13:20, Philip wrote: okay, figured it out adding setenv PACKAGESITE ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.3-release/Latest/; to the end of /root/.cshrc then log out and in again seems to fix the issue. HINT#1: Your own solution above does work - but is it easier to just set and export the BRANCH variable to either: BRANCH=8.3-release; export BRANCH; OR BRANCH=8-stable; export BRANCH; Remember that 8.3-release is a frozen snapshot of packages at the time of 8.3 release - and it will never receive any updates - while 8-stable branch will... HINT#2: I'm not a big fan of the PACKAGESITE env var it is easier and shorter to use PACKAGEROOT to point to your nearest mirror ftp/http server like this: PACKAGEROOT=http://ftp2.de.freebsd.org/; export PACKAGEROOT; See list of FreeBSD ftp/http mirrors here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mirrors-ftp.html If PACKAGESITE is unset and PACKAGEROOT and/or BRANCH is set pkg_upgrade will construct the correct path. About one year ago or more I reported these things to Dominic Fandrey the creator of bsdadminscripts - and I believe that he has incoroprated the fixes in the release of bsdadminscripts that he was working on - but the release never came. /Uffe should it be Latest or All ? On 20/05/2012 11:41, Philip wrote: when I do pkg_add -r somepackage the program gets the package from ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.3-release/Latest/; so it just works. however when I do pkg_upgrade -a I get fetch: ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-release/INDEX: File unavailable (e.g., file not found, no access) how do I fix this? [annoyed] why doesn't this just work?; surely it's a bug when it doesn't. This is on a freshly installed 8.3 machine. I have done man pkg_upgrade and man uma and it refers to PACKAGESITE but doesn't actually tell you how to fix the thing. [/annoyed] thanks, Philip On 09/05/2012 07:43, Uffe Jakobsen wrote: On 2012-04-30 12:20, Philip wrote: The problem is that the freebsd install isn't well patched because I just can't get along with the package management as well as debian apt. Can you be more specific as to what problems you have with FreeBSD package management - maybe we could help you ? an example would be fine. I agree that the current FreeBSD package management lacks features and/or works differently than you'd expect when used to the linux ones. But until the pkgng package management is ready I've found a simple workaround that in my opinion makes the current FreeBSD package management usable. 0) become root 1) Add the the bsdadminscripts package to your insstallation: pkg_add -r bsdadminscripts 2) make sure that you have a /usr/ports directory: mkdir -p /usr/ports 3) run pkg_upgrade -a to refresh all you currrently installed packages to the latest versions. 4) run pkg_upgrade some_pkg_name to refresh just the one package and its dependencies. HINT: -n option is a dry-run flag - shows what would have been done if command was issued without the -n option HINT: -v option is a verbose flag - shows more detailed output. Hope that helps. /Uffe ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] freebsd jails vs linux vservers on net5501
On 2012-04-30 12:20, Philip wrote: The problem is that the freebsd install isn't well patched because I just can't get along with the package management as well as debian apt. Can you be more specific as to what problems you have with FreeBSD package management - maybe we could help you ? an example would be fine. I agree that the current FreeBSD package management lacks features and/or works differently than you'd expect when used to the linux ones. But until the pkgng package management is ready I've found a simple workaround that in my opinion makes the current FreeBSD package management usable. 0) become root 1) Add the the bsdadminscripts package to your insstallation: pkg_add -r bsdadminscripts 2) make sure that you have a /usr/ports directory: mkdir -p /usr/ports 3) run pkg_upgrade -a to refresh all you currrently installed packages to the latest versions. 4) run pkg_upgrade some_pkg_name to refresh just the one package and its dependencies. HINT: -n option is a dry-run flag - shows what would have been done if command was issued without the -n option HINT: -v option is a verbose flag - shows more detailed output. Hope that helps. /Uffe ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] freebsd jails vs linux vservers on net5501
I suppose that pkg_upgrade -a is equivalent to apt-get update then apt-get upgrade, which isn't so hard. hmm Oh and current isn't stable :S and whenever I try to post anything on the forum I get pulled to pieces about the quality of my grammer and formating of posts. Maybe I should try again and have a second attempt with a bit more knowledge. thanks, Philip On 09/05/12 07:43, Uffe Jakobsen wrote: On 2012-04-30 12:20, Philip wrote: The problem is that the freebsd install isn't well patched because I just can't get along with the package management as well as debian apt. Can you be more specific as to what problems you have with FreeBSD package management - maybe we could help you ? an example would be fine. I agree that the current FreeBSD package management lacks features and/or works differently than you'd expect when used to the linux ones. But until the pkgng package management is ready I've found a simple workaround that in my opinion makes the current FreeBSD package management usable. 0) become root 1) Add the the bsdadminscripts package to your insstallation: pkg_add -r bsdadminscripts 2) make sure that you have a /usr/ports directory: mkdir -p /usr/ports 3) run pkg_upgrade -a to refresh all you currrently installed packages to the latest versions. 4) run pkg_upgrade some_pkg_name to refresh just the one package and its dependencies. HINT: -n option is a dry-run flag - shows what would have been done if command was issued without the -n option HINT: -v option is a verbose flag - shows more detailed output. Hope that helps. /Uffe ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] freebsd jails vs linux vservers on net5501
It's about power consumption and availability. The soekris consumes only 5W or something and will run off of an old car battery for a day or more. There's no point in having a security box that's running but the web/email server is out. thanks, Philip On 09/05/12 03:24, Izaac wrote: On Mon, Apr 30, 2012 at 11:20:07AM +0100, Philip wrote: I have a net5501 with a 40G HD in it which I used as a home firewall, web server and mail server. thanks for any thoughts, Philip How about not trying to have your security device be anything but be a security device? You can buy perfectly good PCs for about $100 to serve all your mail and file serving needs. ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] freebsd jails vs linux vservers on net5501
On Wed, May 09, 2012 at 03:11:19PM +0100, Philip wrote: It's about power consumption and availability. Yep. Security regularly winds up being a trade off. The soekris consumes only 5W or something and will run off of an old car battery for a day or more. There's no point in having a security box that's running but the web/email server is out. Uhh huh. And how's your data service doing in this disaster scenario? Fine. Go back to NetBSD. Just run Apache and Postfix chrooted and call it a day. Of if you're feeling particularly vigorous, you can probably tickle pfSense into doing what you want pretty easily. -- . ___ ___ . . ___ . \/ |\ |\ \ . _\_ /__ |-\ |-\ \__ ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] freebsd jails vs linux vservers on net5501
Nothing on my debian file server needs to be 24/7. It's things like photos, music, ISO images. However I do want it segregated from the Internet. Actually I might have to have attempt 2 at nanobsd as that appears to be targeted at what I am trying to do. I tried to compile it on a freebsd virtualbox machine and failed. Must try again. thanks, Philip On 09/05/12 17:12, Izaac wrote: On Wed, May 09, 2012 at 03:11:19PM +0100, Philip wrote: It's about power consumption and availability. Yep. Security regularly winds up being a trade off. The soekris consumes only 5W or something and will run off of an old car battery for a day or more. There's no point in having a security box that's running but the web/email server is out. Uhh huh. And how's your data service doing in this disaster scenario? Fine. Go back to NetBSD. Just run Apache and Postfix chrooted and call it a day. Of if you're feeling particularly vigorous, you can probably tickle pfSense into doing what you want pretty easily. ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] freebsd jails vs linux vservers on net5501
Hi Philip and list, I want to suggest you to run on the net5501 only a security solution likes OpenBSD + PF, or something like pfSense, mOnOwall, or any firewall distro you like and trust. If this is not in the range of your budget (because you wasn't telling something about) and you don´t want to change your setup, not popular to tell you this on the list here but an easier, faster and cheaper way is to try out the Netgear FVS318N firewall or something you are familiar with. Here in Germany for something round about 150 - 160 € 1 GB WAN Port + 8 GB LAN Ports and a real DMZ port, integrated WLAN, VLAN option SMA Antenna plug easy to change against new ones with 5,7,9 or 12 dBi. Easy to administrate and not the pain of update procedures if this is sorting you needs. One VPN license is also integrated. So you can quick and easy connect the Soekris net5501 on the DMZ port and let them run a plain OS of your choice with your server and services. Only if money, time are very rare and you don´t love update procedures. Quick and short a keep it simple way. As an example: net5501 + vpn1411 (if needed) + 4 GB CFCard with an installed OS of your choice as the gatekeeper, and for your emailserver and the webserver you should buy a second Soekris net5501 or perhaps a net6501 or quite and quick another device with your installed 40 GB HDD inside. The Google way I don´t trust, sorry. If you are BSD experienced I really think OpenBSD + PF on the first machine and on the second machine NetBSD with apache and postfix like Izaac was suggesting you is your way ;) These are plain and very outdated primitive tips, but in my opinion the security related services should be even separated from all other in your network and I mean a jail is not really separated. Only a way if you want to set up honey pots based on BSD (honeyd) to separate them from each other a jail is a good choice. I hope that helps you out or lets you keeping an eye on the situation with a different view. __ Best regards Frank - No virus found in this message. Checked by AVG - www.avg.com Version: 2012.0.2171 / Virus Database: 2425/4987 - Release Date: 05/09/12 ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] freebsd jails vs linux vservers on net5501
On 2012-05-09 01:08:20 +0200 (+0200), JF Straeten wrote:
[...]
One more choice : Debian + LXC (Linux Containers).
[...]
Semi-recent discussions on the oss-sec list suggest LXC doesn't yet
provide good separation from a security perspective... for example,
this rather longish thread:
http://seclists.org/oss-sec/2011/q4/155
Things may have changed in recent months, but whether that's
reflected in the kernel in Debian/testing yet (or even will be
before the Wheezy freeze) is another matter still.
--
{ IRL(Jeremy_Stanley); WWW(http://fungi.yuggoth.org/); PGP(43495829);
WHOIS(STANL3-ARIN); SMTP(fu...@yuggoth.org); FINGER(fu...@yuggoth.org);
MUD(kin...@katarsis.mudpy.org:6669); IRC(fu...@irc.yuggoth.org#ccl); }
___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] freebsd jails vs linux vservers on net5501
On Mon, Apr 30, 2012 at 11:20:07AM +0100, Philip wrote: |The problem is that the freebsd install isn't well patched because I |just can't get along with the package management as well as debian |apt. I used to get along with netbsd package management okay but that |doesn't have jails. Now it has developed some other issues which I |can't easily debug, and which I would have debugged easily in debian. |Frankly it's just annoying me. There is another option - pkgsrc is designed to work on may other OSes not just NetBSD and works fine on FreeBSD, so you can at least give that a shot ... don't use it myself in this combination, but it should work OK |Has anyone here tried vserver on a soekris? how does it compare with |freebsd jail for resources? I also have a net5501 but wouldn't consider doing any VM stuff on them as they just don't have the grunt ... jails in this case would be the best solution since it has the least management overhead ... Regards, Malcolm -- Malcolm HerbertThis brain intentionally m...@mjch.netleft blank pgpWKiWdzOhoI.pgp Description: PGP signature ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
